@robelest/convex-auth 0.0.4-preview.13 → 0.0.4-preview.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +140 -9
- package/dist/bin.cjs +5957 -5478
- package/dist/client/index.d.ts +3 -7
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +27 -26
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +14 -0
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/api.js.map +1 -1
- package/dist/component/_generated/component.d.ts +1672 -24
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/convex.config.d.ts.map +1 -1
- package/dist/component/index.d.ts +1 -1
- package/dist/component/index.js +2 -2
- package/dist/component/model.d.ts +153 -0
- package/dist/component/model.d.ts.map +1 -0
- package/dist/component/model.js +343 -0
- package/dist/component/model.js.map +1 -0
- package/dist/component/providers/sso.d.ts +1 -1
- package/dist/component/public/enterprise.d.ts +54 -0
- package/dist/component/public/enterprise.d.ts.map +1 -0
- package/dist/component/public/enterprise.js +515 -0
- package/dist/component/public/enterprise.js.map +1 -0
- package/dist/component/public/factors.d.ts +52 -0
- package/dist/component/public/factors.d.ts.map +1 -0
- package/dist/component/public/factors.js +285 -0
- package/dist/component/public/factors.js.map +1 -0
- package/dist/component/public/groups.d.ts +116 -0
- package/dist/component/public/groups.d.ts.map +1 -0
- package/dist/component/public/groups.js +596 -0
- package/dist/component/public/groups.js.map +1 -0
- package/dist/component/public/identity.d.ts +93 -0
- package/dist/component/public/identity.d.ts.map +1 -0
- package/dist/component/public/identity.js +426 -0
- package/dist/component/public/identity.js.map +1 -0
- package/dist/component/public/keys.d.ts +41 -0
- package/dist/component/public/keys.d.ts.map +1 -0
- package/dist/component/public/keys.js +157 -0
- package/dist/component/public/keys.js.map +1 -0
- package/dist/component/public/shared.d.ts +26 -0
- package/dist/component/public/shared.d.ts.map +1 -0
- package/dist/component/public/shared.js +32 -0
- package/dist/component/public/shared.js.map +1 -0
- package/dist/component/public.d.ts +9 -321
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +6 -2145
- package/dist/component/schema.d.ts +406 -260
- package/dist/component/schema.js +37 -32
- package/dist/component/schema.js.map +1 -1
- package/dist/component/server/auth.d.ts +161 -15
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +100 -7
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/cookies.js +3 -0
- package/dist/component/server/cookies.js.map +1 -1
- package/dist/component/server/db.js +1 -0
- package/dist/component/server/db.js.map +1 -1
- package/dist/component/server/device.js +3 -1
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/domains/core.js +629 -0
- package/dist/component/server/domains/core.js.map +1 -0
- package/dist/component/server/domains/sso.js +884 -0
- package/dist/component/server/domains/sso.js.map +1 -0
- package/dist/component/server/factory.d.ts +136 -0
- package/dist/component/server/factory.d.ts.map +1 -0
- package/dist/component/server/factory.js +1134 -0
- package/dist/component/server/factory.js.map +1 -0
- package/dist/component/server/fx.js +2 -1
- package/dist/component/server/fx.js.map +1 -1
- package/dist/component/server/http.js +287 -0
- package/dist/component/server/http.js.map +1 -0
- package/dist/component/server/identity.js +13 -0
- package/dist/component/server/identity.js.map +1 -0
- package/dist/component/server/keys.js +4 -0
- package/dist/component/server/keys.js.map +1 -1
- package/dist/component/server/mutations/account.js +1 -1
- package/dist/component/server/mutations/index.js +2 -2
- package/dist/component/server/mutations/index.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/oauth.js +10 -7
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +1 -1
- package/dist/component/server/mutations/register.js +1 -1
- package/dist/component/server/mutations/retrieve.js +1 -1
- package/dist/component/server/mutations/signature.js +1 -1
- package/dist/component/server/mutations/store.js +6 -3
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verify.js +1 -1
- package/dist/component/server/oauth.js +3 -0
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +3 -2
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/provider.js +2 -0
- package/dist/component/server/provider.js.map +1 -1
- package/dist/component/server/providers.js +10 -0
- package/dist/component/server/providers.js.map +1 -1
- package/dist/component/server/ratelimit.js +3 -0
- package/dist/component/server/ratelimit.js.map +1 -1
- package/dist/component/server/redirects.js +2 -0
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +5 -0
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/sessions.js +5 -0
- package/dist/component/server/sessions.js.map +1 -1
- package/dist/component/server/signin.js +2 -1
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/sso.js +166 -19
- package/dist/component/server/sso.js.map +1 -1
- package/dist/component/server/tokens.js +1 -0
- package/dist/component/server/tokens.js.map +1 -1
- package/dist/component/server/totp.js +4 -2
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +106 -38
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +1 -0
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +44 -2
- package/dist/component/server/utils.js.map +1 -1
- package/dist/providers/anonymous.d.ts +1 -1
- package/dist/providers/credentials.d.ts +1 -1
- package/dist/providers/password.d.ts +1 -1
- package/dist/providers/sso.d.ts +1 -1
- package/dist/providers/sso.js.map +1 -1
- package/dist/server/auth.d.ts +163 -17
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +100 -7
- package/dist/server/auth.js.map +1 -1
- package/dist/server/cookies.d.ts +1 -38
- package/dist/server/cookies.js +3 -0
- package/dist/server/cookies.js.map +1 -1
- package/dist/server/db.d.ts +1 -125
- package/dist/server/db.js +1 -0
- package/dist/server/db.js.map +1 -1
- package/dist/server/device.d.ts +1 -24
- package/dist/server/device.js +3 -1
- package/dist/server/device.js.map +1 -1
- package/dist/server/domains/core.d.ts +434 -0
- package/dist/server/domains/core.d.ts.map +1 -0
- package/dist/server/domains/core.js +629 -0
- package/dist/server/domains/core.js.map +1 -0
- package/dist/server/domains/sso.d.ts +409 -0
- package/dist/server/domains/sso.d.ts.map +1 -0
- package/dist/server/domains/sso.js +884 -0
- package/dist/server/domains/sso.js.map +1 -0
- package/dist/server/enterpriseValidators.d.ts +1 -0
- package/dist/server/enterpriseValidators.js +60 -0
- package/dist/server/enterpriseValidators.js.map +1 -0
- package/dist/server/factory.d.ts +136 -0
- package/dist/server/factory.d.ts.map +1 -0
- package/dist/server/factory.js +1134 -0
- package/dist/server/factory.js.map +1 -0
- package/dist/server/fx.d.ts +1 -16
- package/dist/server/fx.d.ts.map +1 -1
- package/dist/server/fx.js +1 -0
- package/dist/server/fx.js.map +1 -1
- package/dist/server/http.d.ts +59 -0
- package/dist/server/http.d.ts.map +1 -0
- package/dist/server/http.js +287 -0
- package/dist/server/http.js.map +1 -0
- package/dist/server/identity.d.ts +1 -0
- package/dist/server/identity.js +13 -0
- package/dist/server/identity.js.map +1 -0
- package/dist/server/index.d.ts +468 -1
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +530 -36
- package/dist/server/index.js.map +1 -1
- package/dist/server/keys.d.ts +1 -57
- package/dist/server/keys.js +4 -0
- package/dist/server/keys.js.map +1 -1
- package/dist/server/mutations/account.d.ts +7 -7
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/code.d.ts +13 -13
- package/dist/server/mutations/code.d.ts.map +1 -1
- package/dist/server/mutations/index.d.ts +107 -107
- package/dist/server/mutations/index.d.ts.map +1 -1
- package/dist/server/mutations/index.js +1 -1
- package/dist/server/mutations/index.js.map +1 -1
- package/dist/server/mutations/invalidate.d.ts +5 -5
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/oauth.d.ts +10 -10
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +9 -6
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +4 -4
- package/dist/server/mutations/register.d.ts +12 -12
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +7 -7
- package/dist/server/mutations/signature.d.ts +5 -5
- package/dist/server/mutations/signin.d.ts +6 -6
- package/dist/server/mutations/signin.d.ts.map +1 -1
- package/dist/server/mutations/signout.d.ts +1 -1
- package/dist/server/mutations/store.d.ts +3 -2
- package/dist/server/mutations/store.d.ts.map +1 -1
- package/dist/server/mutations/store.js +6 -3
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.d.ts +1 -1
- package/dist/server/mutations/verify.d.ts +11 -11
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/oauth.d.ts +1 -59
- package/dist/server/oauth.js +3 -0
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +3 -2
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/provider.d.ts +1 -14
- package/dist/server/provider.d.ts.map +1 -1
- package/dist/server/provider.js +2 -0
- package/dist/server/provider.js.map +1 -1
- package/dist/server/providers.js +10 -0
- package/dist/server/providers.js.map +1 -1
- package/dist/server/ratelimit.d.ts +1 -22
- package/dist/server/ratelimit.js +3 -0
- package/dist/server/ratelimit.js.map +1 -1
- package/dist/server/redirects.d.ts +1 -10
- package/dist/server/redirects.js +2 -0
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.d.ts +1 -37
- package/dist/server/refresh.js +5 -0
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/sessions.d.ts +1 -28
- package/dist/server/sessions.js +5 -0
- package/dist/server/sessions.js.map +1 -1
- package/dist/server/signin.d.ts +1 -55
- package/dist/server/signin.js +2 -1
- package/dist/server/signin.js.map +1 -1
- package/dist/server/sso.d.ts +1 -348
- package/dist/server/sso.js +165 -18
- package/dist/server/sso.js.map +1 -1
- package/dist/server/templates.d.ts +1 -21
- package/dist/server/templates.js +1 -0
- package/dist/server/templates.js.map +1 -1
- package/dist/server/tokens.d.ts +1 -11
- package/dist/server/tokens.js +1 -0
- package/dist/server/tokens.js.map +1 -1
- package/dist/server/totp.d.ts +1 -23
- package/dist/server/totp.js +4 -2
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +114 -77
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.d.ts +1 -31
- package/dist/server/users.js +1 -0
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.d.ts +1 -27
- package/dist/server/utils.js +44 -2
- package/dist/server/utils.js.map +1 -1
- package/dist/server/version.d.ts +1 -1
- package/dist/server/version.js +1 -1
- package/dist/server/version.js.map +1 -1
- package/package.json +4 -5
- package/src/cli/bin.ts +5 -0
- package/src/cli/index.ts +22 -9
- package/src/cli/keys.ts +3 -0
- package/src/client/index.ts +36 -37
- package/src/component/_generated/api.ts +14 -0
- package/src/component/_generated/component.ts +2106 -9
- package/src/component/index.ts +3 -1
- package/src/component/model.ts +441 -0
- package/src/component/public/enterprise.ts +753 -0
- package/src/component/public/factors.ts +332 -0
- package/src/component/public/groups.ts +932 -0
- package/src/component/public/identity.ts +566 -0
- package/src/component/public/keys.ts +209 -0
- package/src/component/public/shared.ts +119 -0
- package/src/component/public.ts +5 -2965
- package/src/component/schema.ts +68 -63
- package/src/providers/sso.ts +1 -1
- package/src/server/auth.ts +413 -18
- package/src/server/cookies.ts +3 -0
- package/src/server/db.ts +3 -0
- package/src/server/device.ts +3 -1
- package/src/server/domains/core.ts +1071 -0
- package/src/server/domains/sso.ts +1749 -0
- package/src/server/enterpriseValidators.ts +93 -0
- package/src/server/factory.ts +2181 -0
- package/src/server/fx.ts +1 -0
- package/src/server/http.ts +529 -0
- package/src/server/identity.ts +18 -0
- package/src/server/index.ts +806 -40
- package/src/server/keys.ts +4 -0
- package/src/server/mutations/index.ts +1 -1
- package/src/server/mutations/oauth.ts +36 -8
- package/src/server/mutations/store.ts +6 -3
- package/src/server/oauth.ts +6 -0
- package/src/server/passkey.ts +3 -2
- package/src/server/provider.ts +2 -0
- package/src/server/providers.ts +20 -0
- package/src/server/ratelimit.ts +3 -0
- package/src/server/redirects.ts +2 -0
- package/src/server/refresh.ts +5 -0
- package/src/server/sessions.ts +5 -0
- package/src/server/signin.ts +1 -0
- package/src/server/sso.ts +259 -17
- package/src/server/templates.ts +1 -0
- package/src/server/tokens.ts +1 -0
- package/src/server/totp.ts +4 -2
- package/src/server/types.ts +178 -83
- package/src/server/users.ts +1 -0
- package/src/server/utils.ts +71 -1
- package/src/server/version.ts +1 -1
- package/dist/component/public.js.map +0 -1
- package/dist/component/server/implementation.d.ts +0 -1264
- package/dist/component/server/implementation.d.ts.map +0 -1
- package/dist/component/server/implementation.js +0 -2365
- package/dist/component/server/implementation.js.map +0 -1
- package/dist/server/cookies.d.ts.map +0 -1
- package/dist/server/db.d.ts.map +0 -1
- package/dist/server/device.d.ts.map +0 -1
- package/dist/server/implementation.d.ts +0 -1264
- package/dist/server/implementation.d.ts.map +0 -1
- package/dist/server/implementation.js +0 -2365
- package/dist/server/implementation.js.map +0 -1
- package/dist/server/keys.d.ts.map +0 -1
- package/dist/server/oauth.d.ts.map +0 -1
- package/dist/server/ratelimit.d.ts.map +0 -1
- package/dist/server/redirects.d.ts.map +0 -1
- package/dist/server/refresh.d.ts.map +0 -1
- package/dist/server/sessions.d.ts.map +0 -1
- package/dist/server/signin.d.ts.map +0 -1
- package/dist/server/sso.d.ts.map +0 -1
- package/dist/server/templates.d.ts.map +0 -1
- package/dist/server/tokens.d.ts.map +0 -1
- package/dist/server/totp.d.ts.map +0 -1
- package/dist/server/users.d.ts.map +0 -1
- package/dist/server/utils.d.ts.map +0 -1
- package/src/server/implementation.ts +0 -5336
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
import {
|
|
2
|
+
ConvexError,
|
|
3
|
+
mutation,
|
|
4
|
+
query,
|
|
5
|
+
v,
|
|
6
|
+
vApiKeyDoc,
|
|
7
|
+
vApiKeyRateLimit,
|
|
8
|
+
vApiKeyRateLimitState,
|
|
9
|
+
vApiKeyScope,
|
|
10
|
+
vPaginated,
|
|
11
|
+
} from "./shared";
|
|
12
|
+
|
|
13
|
+
// ============================================================================
|
|
14
|
+
// API Keys
|
|
15
|
+
// ============================================================================
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* Insert a new API key record.
|
|
19
|
+
*
|
|
20
|
+
* The caller is responsible for hashing the raw key before passing it here —
|
|
21
|
+
* this function only stores the hash and metadata.
|
|
22
|
+
*/
|
|
23
|
+
export const keyInsert = mutation({
|
|
24
|
+
args: {
|
|
25
|
+
userId: v.id("User"),
|
|
26
|
+
prefix: v.string(),
|
|
27
|
+
hashedKey: v.string(),
|
|
28
|
+
name: v.string(),
|
|
29
|
+
scopes: v.array(
|
|
30
|
+
v.object({
|
|
31
|
+
resource: v.string(),
|
|
32
|
+
actions: v.array(v.string()),
|
|
33
|
+
}),
|
|
34
|
+
),
|
|
35
|
+
rateLimit: v.optional(vApiKeyRateLimit),
|
|
36
|
+
expiresAt: v.optional(v.number()),
|
|
37
|
+
metadata: v.optional(v.any()),
|
|
38
|
+
},
|
|
39
|
+
returns: v.id("ApiKey"),
|
|
40
|
+
handler: async (ctx, args) => {
|
|
41
|
+
return await ctx.db.insert("ApiKey", {
|
|
42
|
+
...args,
|
|
43
|
+
createdAt: Date.now(),
|
|
44
|
+
revoked: false,
|
|
45
|
+
});
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
|
|
49
|
+
/**
|
|
50
|
+
* Look up an API key by its SHA-256 hash.
|
|
51
|
+
*
|
|
52
|
+
* Used during Bearer token verification. Returns the full key record
|
|
53
|
+
* (including rate limit state) or `null` if not found.
|
|
54
|
+
*/
|
|
55
|
+
export const keyGetByHashedKey = query({
|
|
56
|
+
args: { hashedKey: v.string() },
|
|
57
|
+
returns: v.union(vApiKeyDoc, v.null()),
|
|
58
|
+
handler: async (ctx, { hashedKey }) => {
|
|
59
|
+
return await ctx.db
|
|
60
|
+
.query("ApiKey")
|
|
61
|
+
.withIndex("hashed_key", (q) => q.eq("hashedKey", hashedKey))
|
|
62
|
+
.first();
|
|
63
|
+
},
|
|
64
|
+
});
|
|
65
|
+
|
|
66
|
+
/**
|
|
67
|
+
* @deprecated Use `keyList` with `where: { userId }` instead.
|
|
68
|
+
* Kept for backward compatibility with generated component types.
|
|
69
|
+
*/
|
|
70
|
+
export const keyListByUserId = query({
|
|
71
|
+
args: { userId: v.id("User") },
|
|
72
|
+
returns: v.array(vApiKeyDoc),
|
|
73
|
+
handler: async (ctx, { userId }) => {
|
|
74
|
+
return await ctx.db
|
|
75
|
+
.query("ApiKey")
|
|
76
|
+
.withIndex("user_id", (q) => q.eq("userId", userId))
|
|
77
|
+
.collect();
|
|
78
|
+
},
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
/**
|
|
82
|
+
* List API keys with optional filtering, sorting, and pagination.
|
|
83
|
+
*
|
|
84
|
+
* Returns `{ items, nextCursor }`. Supports filtering by `userId`,
|
|
85
|
+
* `revoked`, `name`, and `prefix`.
|
|
86
|
+
*/
|
|
87
|
+
export const keyList = query({
|
|
88
|
+
args: {
|
|
89
|
+
where: v.optional(
|
|
90
|
+
v.object({
|
|
91
|
+
userId: v.optional(v.id("User")),
|
|
92
|
+
revoked: v.optional(v.boolean()),
|
|
93
|
+
name: v.optional(v.string()),
|
|
94
|
+
prefix: v.optional(v.string()),
|
|
95
|
+
}),
|
|
96
|
+
),
|
|
97
|
+
limit: v.optional(v.number()),
|
|
98
|
+
cursor: v.optional(v.union(v.string(), v.null())),
|
|
99
|
+
orderBy: v.optional(
|
|
100
|
+
v.union(
|
|
101
|
+
v.literal("_creationTime"),
|
|
102
|
+
v.literal("name"),
|
|
103
|
+
v.literal("lastUsedAt"),
|
|
104
|
+
v.literal("expiresAt"),
|
|
105
|
+
v.literal("revoked"),
|
|
106
|
+
),
|
|
107
|
+
),
|
|
108
|
+
order: v.optional(v.union(v.literal("asc"), v.literal("desc"))),
|
|
109
|
+
},
|
|
110
|
+
returns: vPaginated(vApiKeyDoc),
|
|
111
|
+
handler: async (ctx, args) => {
|
|
112
|
+
const where = args.where ?? {};
|
|
113
|
+
const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
|
|
114
|
+
const order = args.order ?? "desc";
|
|
115
|
+
|
|
116
|
+
let q;
|
|
117
|
+
if (where.userId !== undefined) {
|
|
118
|
+
q = ctx.db
|
|
119
|
+
.query("ApiKey")
|
|
120
|
+
.withIndex("user_id", (idx) => idx.eq("userId", where.userId!));
|
|
121
|
+
} else {
|
|
122
|
+
q = ctx.db.query("ApiKey");
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
if (where.revoked !== undefined) {
|
|
126
|
+
q = q.filter((f) => f.eq(f.field("revoked"), where.revoked!));
|
|
127
|
+
}
|
|
128
|
+
if (where.name !== undefined) {
|
|
129
|
+
q = q.filter((f) => f.eq(f.field("name"), where.name!));
|
|
130
|
+
}
|
|
131
|
+
if (where.prefix !== undefined) {
|
|
132
|
+
q = q.filter((f) => f.eq(f.field("prefix"), where.prefix!));
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
q = q.order(order);
|
|
136
|
+
|
|
137
|
+
const all = await q.collect();
|
|
138
|
+
let startIdx = 0;
|
|
139
|
+
if (args.cursor) {
|
|
140
|
+
const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
|
|
141
|
+
if (cursorIdx !== -1) {
|
|
142
|
+
startIdx = cursorIdx + 1;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
const page = all.slice(startIdx, startIdx + limit + 1);
|
|
146
|
+
const hasMore = page.length > limit;
|
|
147
|
+
const items = hasMore ? page.slice(0, limit) : page;
|
|
148
|
+
const nextCursor = hasMore ? items[items.length - 1]._id : null;
|
|
149
|
+
return { items, nextCursor };
|
|
150
|
+
},
|
|
151
|
+
});
|
|
152
|
+
|
|
153
|
+
/** Get a single API key by document ID. */
|
|
154
|
+
export const keyGetById = query({
|
|
155
|
+
args: { keyId: v.id("ApiKey") },
|
|
156
|
+
returns: v.union(vApiKeyDoc, v.null()),
|
|
157
|
+
handler: async (ctx, { keyId }) => {
|
|
158
|
+
return await ctx.db.get("ApiKey", keyId);
|
|
159
|
+
},
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
/**
|
|
163
|
+
* Patch an API key record. Used for updating name, scopes, rate limit config,
|
|
164
|
+
* revocation, and lastUsedAt / rate limit state tracking.
|
|
165
|
+
*/
|
|
166
|
+
export const keyPatch = mutation({
|
|
167
|
+
args: {
|
|
168
|
+
keyId: v.id("ApiKey"),
|
|
169
|
+
data: v.object({
|
|
170
|
+
name: v.optional(v.string()),
|
|
171
|
+
scopes: v.optional(v.array(vApiKeyScope)),
|
|
172
|
+
rateLimit: v.optional(vApiKeyRateLimit),
|
|
173
|
+
rateLimitState: v.optional(vApiKeyRateLimitState),
|
|
174
|
+
revoked: v.optional(v.boolean()),
|
|
175
|
+
lastUsedAt: v.optional(v.number()),
|
|
176
|
+
}),
|
|
177
|
+
},
|
|
178
|
+
returns: v.null(),
|
|
179
|
+
handler: async (ctx, { keyId, data }) => {
|
|
180
|
+
const key = await ctx.db.get("ApiKey", keyId);
|
|
181
|
+
if (key === null) {
|
|
182
|
+
throw new ConvexError({
|
|
183
|
+
code: "KEY_NOT_FOUND",
|
|
184
|
+
message: "API key not found",
|
|
185
|
+
keyId,
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
await ctx.db.patch("ApiKey", keyId, data);
|
|
189
|
+
return null;
|
|
190
|
+
},
|
|
191
|
+
});
|
|
192
|
+
|
|
193
|
+
/** Hard delete an API key record. */
|
|
194
|
+
export const keyDelete = mutation({
|
|
195
|
+
args: { keyId: v.id("ApiKey") },
|
|
196
|
+
returns: v.null(),
|
|
197
|
+
handler: async (ctx, { keyId }) => {
|
|
198
|
+
const key = await ctx.db.get("ApiKey", keyId);
|
|
199
|
+
if (key === null) {
|
|
200
|
+
throw new ConvexError({
|
|
201
|
+
code: "KEY_NOT_FOUND",
|
|
202
|
+
message: "API key not found",
|
|
203
|
+
keyId,
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
await ctx.db.delete("ApiKey", keyId);
|
|
207
|
+
return null;
|
|
208
|
+
},
|
|
209
|
+
});
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
import { ConvexError, v } from "convex/values";
|
|
2
|
+
|
|
3
|
+
import type { Id } from "../_generated/dataModel";
|
|
4
|
+
import { mutation, query } from "../functions";
|
|
5
|
+
import {
|
|
6
|
+
vAccountDoc,
|
|
7
|
+
vApiKeyDoc,
|
|
8
|
+
vApiKeyRateLimit,
|
|
9
|
+
vApiKeyRateLimitState,
|
|
10
|
+
vApiKeyScope,
|
|
11
|
+
vAuditActorType,
|
|
12
|
+
vAuditStatus,
|
|
13
|
+
vAuthVerifierDoc,
|
|
14
|
+
vDeviceCodeDoc,
|
|
15
|
+
vDeviceStatus,
|
|
16
|
+
vEnterpriseAuditEventDoc,
|
|
17
|
+
vEnterpriseDoc,
|
|
18
|
+
vEnterpriseDomainDoc,
|
|
19
|
+
vEnterpriseDomainVerificationDoc,
|
|
20
|
+
vEnterprisePolicy,
|
|
21
|
+
vEnterpriseScimConfigDoc,
|
|
22
|
+
vEnterpriseScimIdentityDoc,
|
|
23
|
+
vEnterpriseSecretDoc,
|
|
24
|
+
vEnterpriseSecretKind,
|
|
25
|
+
vEnterpriseStatus,
|
|
26
|
+
vEnterpriseWebhookDeliveryDoc,
|
|
27
|
+
vEnterpriseWebhookEndpointDoc,
|
|
28
|
+
vGroupDoc,
|
|
29
|
+
vGroupInviteDoc,
|
|
30
|
+
vGroupMemberDoc,
|
|
31
|
+
vInviteAcceptByTokenResult,
|
|
32
|
+
vInviteStatus,
|
|
33
|
+
vPasskeyDoc,
|
|
34
|
+
vRateLimitResult,
|
|
35
|
+
vRefreshTokenDoc,
|
|
36
|
+
vScimResourceType,
|
|
37
|
+
vScimStatus,
|
|
38
|
+
vSessionDoc,
|
|
39
|
+
vTag,
|
|
40
|
+
vTotpFactorDoc,
|
|
41
|
+
vUserDoc,
|
|
42
|
+
vVerificationCodeDoc,
|
|
43
|
+
vWebhookEndpointStatus,
|
|
44
|
+
} from "../model";
|
|
45
|
+
|
|
46
|
+
export {
|
|
47
|
+
ConvexError,
|
|
48
|
+
mutation,
|
|
49
|
+
query,
|
|
50
|
+
v,
|
|
51
|
+
vAccountDoc,
|
|
52
|
+
vApiKeyDoc,
|
|
53
|
+
vApiKeyRateLimit,
|
|
54
|
+
vApiKeyRateLimitState,
|
|
55
|
+
vApiKeyScope,
|
|
56
|
+
vAuditActorType,
|
|
57
|
+
vAuditStatus,
|
|
58
|
+
vAuthVerifierDoc,
|
|
59
|
+
vDeviceCodeDoc,
|
|
60
|
+
vDeviceStatus,
|
|
61
|
+
vEnterpriseAuditEventDoc,
|
|
62
|
+
vEnterpriseDoc,
|
|
63
|
+
vEnterpriseDomainDoc,
|
|
64
|
+
vEnterpriseDomainVerificationDoc,
|
|
65
|
+
vEnterprisePolicy,
|
|
66
|
+
vEnterpriseScimConfigDoc,
|
|
67
|
+
vEnterpriseScimIdentityDoc,
|
|
68
|
+
vEnterpriseSecretDoc,
|
|
69
|
+
vEnterpriseSecretKind,
|
|
70
|
+
vEnterpriseStatus,
|
|
71
|
+
vEnterpriseWebhookDeliveryDoc,
|
|
72
|
+
vEnterpriseWebhookEndpointDoc,
|
|
73
|
+
vGroupDoc,
|
|
74
|
+
vGroupInviteDoc,
|
|
75
|
+
vGroupMemberDoc,
|
|
76
|
+
vInviteAcceptByTokenResult,
|
|
77
|
+
vInviteStatus,
|
|
78
|
+
vPasskeyDoc,
|
|
79
|
+
vRateLimitResult,
|
|
80
|
+
vRefreshTokenDoc,
|
|
81
|
+
vScimResourceType,
|
|
82
|
+
vScimStatus,
|
|
83
|
+
vSessionDoc,
|
|
84
|
+
vTag,
|
|
85
|
+
vTotpFactorDoc,
|
|
86
|
+
vUserDoc,
|
|
87
|
+
vVerificationCodeDoc,
|
|
88
|
+
vWebhookEndpointStatus,
|
|
89
|
+
};
|
|
90
|
+
export type { Id };
|
|
91
|
+
|
|
92
|
+
export const vPaginated = (item: any) =>
|
|
93
|
+
v.object({
|
|
94
|
+
items: v.array(item),
|
|
95
|
+
nextCursor: v.union(v.string(), v.null()),
|
|
96
|
+
});
|
|
97
|
+
|
|
98
|
+
export type TagPair = { key: string; value: string };
|
|
99
|
+
|
|
100
|
+
export function normalizeTag(tag: TagPair): TagPair {
|
|
101
|
+
return {
|
|
102
|
+
key: tag.key.trim().toLowerCase(),
|
|
103
|
+
value: tag.value.trim().toLowerCase(),
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
export function normalizeTags(tags: TagPair[]): TagPair[] {
|
|
108
|
+
const seen = new Set<string>();
|
|
109
|
+
const result: TagPair[] = [];
|
|
110
|
+
for (const raw of tags) {
|
|
111
|
+
const t = normalizeTag(raw);
|
|
112
|
+
const composite = `${t.key}\0${t.value}`;
|
|
113
|
+
if (!seen.has(composite)) {
|
|
114
|
+
seen.add(composite);
|
|
115
|
+
result.push(t);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
return result;
|
|
119
|
+
}
|