@robelest/convex-auth 0.0.4-preview.16 → 0.0.4-preview.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/dist/authorization/index.d.ts +17 -0
  2. package/dist/authorization/index.d.ts.map +1 -0
  3. package/dist/authorization/index.js +17 -0
  4. package/dist/authorization/index.js.map +1 -0
  5. package/dist/client/index.js +73 -0
  6. package/dist/client/index.js.map +1 -1
  7. package/dist/component/_generated/component.d.ts +52 -0
  8. package/dist/component/_generated/component.d.ts.map +1 -1
  9. package/dist/component/convex.config.d.ts +2 -2
  10. package/dist/component/convex.config.d.ts.map +1 -1
  11. package/dist/component/index.js +2 -2
  12. package/dist/component/model.d.ts +75 -75
  13. package/dist/component/model.d.ts.map +1 -1
  14. package/dist/component/model.js +2 -0
  15. package/dist/component/model.js.map +1 -1
  16. package/dist/component/public/factors.d.ts.map +1 -1
  17. package/dist/component/public/factors.js +1 -1
  18. package/dist/component/public/factors.js.map +1 -1
  19. package/dist/component/public/groups.d.ts +10 -2
  20. package/dist/component/public/groups.d.ts.map +1 -1
  21. package/dist/component/public/groups.js +92 -8
  22. package/dist/component/public/groups.js.map +1 -1
  23. package/dist/component/public/identity.d.ts.map +1 -1
  24. package/dist/component/public/identity.js +3 -3
  25. package/dist/component/public/identity.js.map +1 -1
  26. package/dist/component/public/shared.d.ts +4 -4
  27. package/dist/component/public/shared.d.ts.map +1 -1
  28. package/dist/component/public.d.ts +3 -3
  29. package/dist/component/public.js +2 -2
  30. package/dist/component/schema.d.ts +13 -2
  31. package/dist/component/schema.js +7 -5
  32. package/dist/component/schema.js.map +1 -1
  33. package/dist/component/server/auth.d.ts +4 -25
  34. package/dist/component/server/auth.d.ts.map +1 -1
  35. package/dist/component/server/auth.js +4 -10
  36. package/dist/component/server/auth.js.map +1 -1
  37. package/dist/component/server/domains/core.js +196 -131
  38. package/dist/component/server/domains/core.js.map +1 -1
  39. package/dist/component/server/factory.d.ts +3 -3
  40. package/dist/component/server/signin.js +20 -1
  41. package/dist/component/server/signin.js.map +1 -1
  42. package/dist/server/auth.d.ts +4 -25
  43. package/dist/server/auth.d.ts.map +1 -1
  44. package/dist/server/auth.js +4 -10
  45. package/dist/server/auth.js.map +1 -1
  46. package/dist/server/domains/core.d.ts +73 -58
  47. package/dist/server/domains/core.d.ts.map +1 -1
  48. package/dist/server/domains/core.js +196 -131
  49. package/dist/server/domains/core.js.map +1 -1
  50. package/dist/server/http.d.ts +2 -2
  51. package/dist/server/http.d.ts.map +1 -1
  52. package/dist/server/index.d.ts +108 -69
  53. package/dist/server/index.d.ts.map +1 -1
  54. package/dist/server/index.js +138 -54
  55. package/dist/server/index.js.map +1 -1
  56. package/dist/server/mutations/code.d.ts +9 -9
  57. package/dist/server/mutations/index.d.ts +69 -69
  58. package/dist/server/mutations/invalidate.d.ts +4 -4
  59. package/dist/server/mutations/invalidate.d.ts.map +1 -1
  60. package/dist/server/mutations/oauth.d.ts +7 -7
  61. package/dist/server/mutations/register.d.ts +9 -9
  62. package/dist/server/mutations/retrieve.d.ts +6 -6
  63. package/dist/server/mutations/retrieve.d.ts.map +1 -1
  64. package/dist/server/mutations/signature.d.ts +4 -4
  65. package/dist/server/mutations/signature.d.ts.map +1 -1
  66. package/dist/server/mutations/signin.d.ts +5 -5
  67. package/dist/server/mutations/signin.d.ts.map +1 -1
  68. package/dist/server/mutations/verify.d.ts +7 -7
  69. package/dist/server/signin.js +20 -1
  70. package/dist/server/signin.js.map +1 -1
  71. package/dist/server/version.d.ts +1 -1
  72. package/dist/server/version.js +1 -1
  73. package/dist/server/version.js.map +1 -1
  74. package/package.json +9 -5
  75. package/src/authorization/index.ts +37 -0
  76. package/src/client/index.ts +122 -0
  77. package/src/component/_generated/component.ts +64 -0
  78. package/src/component/index.ts +1 -1
  79. package/src/component/model.ts +2 -0
  80. package/src/component/public/factors.ts +3 -2
  81. package/src/component/public/groups.ts +142 -8
  82. package/src/component/public/identity.ts +9 -6
  83. package/src/component/schema.ts +14 -2
  84. package/src/server/auth.ts +9 -61
  85. package/src/server/domains/core.ts +235 -210
  86. package/src/server/index.ts +158 -75
  87. package/src/server/signin.ts +52 -0
  88. package/src/server/version.ts +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"core.js","names":[],"sources":["../../../src/server/domains/core.ts"],"sourcesContent":["import { Auth, GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport { AuthError, Fx } from \"../fx\";\nimport {\n buildScopeChecker,\n checkKeyRateLimit,\n generateApiKey,\n hashApiKey,\n} from \"../keys\";\nimport { materializeProvider } from \"../providers\";\nimport { signInImpl } from \"../signin\";\nimport type {\n AuthProviderConfig,\n KeyDoc,\n KeyScope,\n ScopeChecker,\n UserOrderBy,\n UserWhere,\n} from \"../types\";\nimport {\n generateRandomString,\n sha256,\n TOKEN_SUB_CLAIM_DIVIDER,\n} from \"../utils\";\n\ntype ComponentCtx = Pick<\n GenericActionCtx<GenericDataModel>,\n \"runQuery\" | \"runMutation\"\n>;\ntype ComponentReadCtx = Pick<GenericActionCtx<GenericDataModel>, \"runQuery\">;\ntype ComponentAuthReadCtx = ComponentReadCtx & { auth: Auth };\ntype AccountCredentials = { id: string; secret?: string };\ntype CreateAccountArgs = {\n provider: string;\n account: AccountCredentials;\n profile: Record<string, unknown>;\n shouldLinkViaEmail?: boolean;\n shouldLinkViaPhone?: boolean;\n};\ntype RetrieveAccountArgs = { provider: string; account: AccountCredentials };\ntype UpdateAccountCredentialsArgs = {\n provider: string;\n account: { id: string; secret: string };\n};\n\ntype CoreDeps = {\n config: any;\n getAuth: () => any;\n callInvalidateSessions: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: { userId: GenericId<\"User\">; except?: GenericId<\"Session\">[] },\n ) => Promise<void>;\n callCreateAccountFromCredentials: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: CreateAccountArgs,\n ) => Promise<any>;\n callRetrieveAccountWithCredentials: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: RetrieveAccountArgs,\n ) => Promise<any>;\n callModifyAccount: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: UpdateAccountCredentialsArgs,\n ) => Promise<void>;\n getEnrichCtx: () => <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n ) => any;\n inviteTokenAlphabet: string;\n inviteTokenLength: number;\n};\n\n/**\n * Build the core auth domains that back the canonical app API surface.\n */\nexport function createCoreDomains(deps: CoreDeps) {\n const {\n config,\n getAuth,\n callInvalidateSessions,\n callCreateAccountFromCredentials,\n callRetrieveAccountWithCredentials,\n callModifyAccount,\n getEnrichCtx,\n inviteTokenAlphabet,\n inviteTokenLength,\n } = deps;\n\n const roleDefinitions = config.authorization.roles as Record<\n string,\n { label?: string; grants: string[] }\n >;\n\n const getRoleDefinition = (roleId: string) => {\n const role = roleDefinitions[roleId];\n if (!role) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n `Unknown roleId \"${roleId}\".`,\n ).toConvexError();\n }\n return role;\n };\n\n const normalizeRoleIds = (roleIds?: string[]) => {\n const normalized = Array.from(new Set(roleIds ?? []));\n for (const roleId of normalized) {\n getRoleDefinition(roleId);\n }\n return normalized;\n };\n\n const resolveGrantedPermissions = (roleIds?: string[]) => {\n const grants = new Set<string>();\n for (const roleId of roleIds ?? []) {\n const role = getRoleDefinition(roleId);\n for (const grant of role.grants) {\n grants.add(grant);\n }\n }\n return Array.from(grants).sort();\n };\n\n const user = {\n current: async (\n ctx: { auth: Auth } & Partial<ComponentCtx>,\n request?: Request,\n ): Promise<string | null> => {\n const identity = await ctx.auth.getUserIdentity();\n if (identity !== null) {\n const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);\n return userId;\n }\n if (request !== undefined && \"runMutation\" in ctx && ctx.runMutation) {\n const authHeader = request.headers.get(\"Authorization\");\n if (authHeader?.startsWith(\"Bearer sk_\")) {\n const rawKey = authHeader.slice(7);\n try {\n const result = await getAuth().key.verify(\n ctx as ComponentCtx,\n rawKey,\n );\n return result.userId;\n } catch {\n return null;\n }\n }\n }\n return null;\n },\n require: async (\n ctx: { auth: Auth } & Partial<ComponentCtx>,\n request?: Request,\n ): Promise<string> => {\n const userId = await user.current(ctx, request);\n if (userId === null) {\n throw new AuthError(\"NOT_SIGNED_IN\").toConvexError();\n }\n return userId;\n },\n get: async (ctx: ComponentReadCtx, userId: string) => {\n return await ctx.runQuery(config.component.public.userGetById, {\n userId,\n });\n },\n list: async (\n ctx: ComponentReadCtx,\n opts: {\n where?: UserWhere;\n limit?: number;\n cursor?: string | null;\n orderBy?: UserOrderBy;\n order?: \"asc\" | \"desc\";\n } = {},\n ) => {\n return await ctx.runQuery(config.component.public.userList, opts);\n },\n viewer: async (ctx: ComponentAuthReadCtx) => {\n const userId = await user.current(ctx);\n if (userId === null) return null;\n return await ctx.runQuery(config.component.public.userGetById, {\n userId,\n });\n },\n update: async (\n ctx: ComponentCtx,\n userId: string,\n data: Record<string, unknown>,\n ) => {\n await ctx.runMutation(config.component.public.userPatch, {\n userId,\n data,\n });\n return { ok: true as const, userId };\n },\n setActiveGroup: async (\n ctx: ComponentCtx,\n opts: { userId: string; groupId: string | null },\n ) => {\n const doc = await user.get(ctx, opts.userId);\n const existingExtend =\n doc !== null &&\n doc.extend !== null &&\n typeof doc.extend === \"object\" &&\n !Array.isArray(doc.extend)\n ? { ...(doc.extend as Record<string, unknown>) }\n : {};\n if (opts.groupId === null) {\n const { lastActiveGroup: _omit, ...rest } = existingExtend;\n await user.update(ctx, opts.userId, { extend: rest });\n return { ok: true as const, userId: opts.userId, groupId: null };\n }\n await user.update(ctx, opts.userId, {\n extend: { ...existingExtend, lastActiveGroup: opts.groupId },\n });\n return { ok: true as const, userId: opts.userId, groupId: opts.groupId };\n },\n getActiveGroup: async (\n ctx: ComponentReadCtx,\n opts: { userId: string },\n ): Promise<string | null> => {\n const doc = await user.get(ctx, opts.userId);\n if (\n doc !== null &&\n doc.extend !== null &&\n typeof doc.extend === \"object\" &&\n !Array.isArray(doc.extend)\n ) {\n const val = (doc.extend as Record<string, unknown>).lastActiveGroup;\n if (typeof val === \"string\") return val;\n }\n return null;\n },\n delete: async (\n ctx: ComponentCtx,\n userId: string,\n opts?: { cascade?: boolean },\n ) => {\n const cascade = opts?.cascade !== false;\n const [sessions, accounts, keys, members, passkeys, totps] =\n await Promise.all([\n ctx.runQuery(config.component.public.sessionListByUser, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.accountListByUser, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.keyListByUserId, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.memberListByUser, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.passkeyListByUserId, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.totpListByUserId, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ]);\n const totalLinked =\n sessions.length +\n accounts.length +\n keys.length +\n members.length +\n passkeys.length +\n totps.length;\n if (!cascade && totalLinked > 0) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n `Cannot delete user with ${totalLinked} linked records. Pass { cascade: true } to delete all linked records, or remove them manually first.`,\n ).toConvexError();\n }\n const deletions: Promise<unknown>[] = [];\n for (const s of sessions)\n deletions.push(\n ctx.runMutation(config.component.public.sessionDelete, {\n sessionId: s._id,\n }),\n );\n for (const a of accounts)\n deletions.push(\n ctx.runMutation(config.component.public.accountDelete, {\n accountId: a._id,\n }),\n );\n for (const k of keys)\n deletions.push(\n ctx.runMutation(config.component.public.keyDelete, { keyId: k._id }),\n );\n for (const m of members)\n deletions.push(\n ctx.runMutation(config.component.public.memberRemove, {\n memberId: m._id,\n }),\n );\n for (const p of passkeys)\n deletions.push(\n ctx.runMutation(config.component.public.passkeyDelete, {\n passkeyId: p._id,\n }),\n );\n for (const t of totps)\n deletions.push(\n ctx.runMutation(config.component.public.totpDelete, {\n totpId: t._id,\n }),\n );\n await Promise.all(deletions);\n await ctx.runMutation(config.component.public.userDelete, { userId });\n return { ok: true as const, userId };\n },\n };\n\n const session = {\n current: async (ctx: { auth: Auth }) => {\n const identity = await ctx.auth.getUserIdentity();\n if (identity === null) return null;\n const [, sessionId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);\n return sessionId as GenericId<\"Session\">;\n },\n invalidate: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: { userId: GenericId<\"User\">; except?: GenericId<\"Session\">[] },\n ) => {\n await callInvalidateSessions(ctx, args);\n return {\n ok: true as const,\n userId: args.userId,\n except: args.except ?? [],\n };\n },\n get: async (ctx: ComponentReadCtx, sessionId: string) => {\n return await ctx.runQuery(config.component.public.sessionGetById, {\n sessionId,\n });\n },\n list: async (ctx: ComponentReadCtx, opts: { userId: string }) => {\n return await ctx.runQuery(config.component.public.sessionListByUser, {\n userId: opts.userId,\n });\n },\n };\n\n const account = {\n create: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: CreateAccountArgs,\n ) => {\n const created = await callCreateAccountFromCredentials(ctx, args);\n return { ok: true as const, ...created };\n },\n get: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: RetrieveAccountArgs,\n ) => {\n const result = await callRetrieveAccountWithCredentials(ctx, args);\n if (typeof result === \"string\") {\n throw new AuthError(\"ACCOUNT_NOT_FOUND\", result).toConvexError();\n }\n return result;\n },\n update: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: UpdateAccountCredentialsArgs,\n ) => {\n await callModifyAccount(ctx, args);\n return { ok: true as const, accountId: args.account.id };\n },\n delete: async (ctx: ComponentCtx, accountId: string) => {\n const doc = await ctx.runQuery(config.component.public.accountGetById, {\n accountId,\n });\n if (doc === null) {\n throw new AuthError(\n \"ACCOUNT_NOT_FOUND\",\n \"Account not found.\",\n ).toConvexError();\n }\n const allAccounts = (await ctx.runQuery(\n config.component.public.accountListByUser,\n { userId: (doc as any).userId },\n )) as Array<{ _id: string }>;\n if (allAccounts.length <= 1) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Cannot unlink the user's only account. This would lock them out.\",\n ).toConvexError();\n }\n await ctx.runMutation(config.component.public.accountDelete, {\n accountId,\n });\n return { ok: true as const, accountId };\n },\n listPasskeys: async (ctx: ComponentReadCtx, opts: { userId: string }) => {\n return await ctx.runQuery(\n config.component.public.passkeyListByUserId,\n opts,\n );\n },\n renamePasskey: async (\n ctx: ComponentCtx,\n passkeyId: string,\n name: string,\n ) => {\n await ctx.runMutation(config.component.public.passkeyUpdateMeta, {\n passkeyId,\n data: { name },\n });\n return { ok: true as const, passkeyId };\n },\n deletePasskey: async (ctx: ComponentCtx, passkeyId: string) => {\n await ctx.runMutation(config.component.public.passkeyDelete, {\n passkeyId,\n });\n return { ok: true as const, passkeyId };\n },\n listTotps: async (ctx: ComponentReadCtx, opts: { userId: string }) => {\n return await ctx.runQuery(config.component.public.totpListByUserId, opts);\n },\n deleteTotp: async (ctx: ComponentCtx, totpId: string) => {\n await ctx.runMutation(config.component.public.totpDelete, { totpId });\n return { ok: true as const, totpId };\n },\n };\n\n const provider = {\n signIn: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n providerConfig: AuthProviderConfig,\n args: {\n accountId?: GenericId<\"Account\">;\n params?: Record<string, unknown>;\n },\n ) => {\n const result = await signInImpl(\n getEnrichCtx()(ctx),\n materializeProvider(providerConfig),\n args as {\n accountId?: GenericId<\"Account\">;\n params?: Record<string, any>;\n },\n { generateTokens: false, allowExtraProviders: true },\n );\n return result.kind === \"signedIn\"\n ? result.signedIn !== null\n ? {\n userId: result.signedIn.userId,\n sessionId: result.signedIn.sessionId,\n }\n : null\n : null;\n },\n };\n\n const group = {\n create: async (\n ctx: ComponentCtx,\n data: {\n name: string;\n slug?: string;\n type?: string;\n parentGroupId?: string;\n tags?: Array<{ key: string; value: string }>;\n extend?: Record<string, unknown>;\n },\n ): Promise<{ ok: true; groupId: string }> => {\n const groupId = (await ctx.runMutation(\n config.component.public.groupCreate,\n data,\n )) as string;\n return { ok: true, groupId };\n },\n get: async (ctx: ComponentReadCtx, groupId: string) => {\n return await ctx.runQuery(config.component.public.groupGet, { groupId });\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n slug?: string;\n type?: string;\n parentGroupId?: string;\n name?: string;\n isRoot?: boolean;\n tagsAll?: Array<{ key: string; value: string }>;\n tagsAny?: Array<{ key: string; value: string }>;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"name\" | \"slug\" | \"type\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.groupList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n update: async (\n ctx: ComponentCtx,\n groupId: string,\n data: Record<string, unknown>,\n ) => {\n await ctx.runMutation(config.component.public.groupUpdate, {\n groupId,\n data,\n });\n return { ok: true as const, groupId };\n },\n delete: async (ctx: ComponentCtx, groupId: string) => {\n await ctx.runMutation(config.component.public.groupDelete, { groupId });\n return { ok: true as const, groupId };\n },\n ancestors: async (\n ctx: ComponentReadCtx,\n opts: { groupId: string; maxDepth?: number; includeSelf?: boolean },\n ) => {\n const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));\n const visited = new Set<string>();\n const ancestors: any[] = [];\n let cycleDetected = false;\n let maxDepthReached = false;\n let currentGroupId: string | undefined = opts.groupId;\n let depth = 0;\n let isFirst = true;\n while (currentGroupId !== undefined) {\n if (depth > maxDepth) {\n maxDepthReached = true;\n break;\n }\n if (visited.has(currentGroupId)) {\n cycleDetected = true;\n break;\n }\n visited.add(currentGroupId);\n const doc = await group.get(ctx, currentGroupId);\n if (doc === null) break;\n if (isFirst) {\n isFirst = false;\n if (opts.includeSelf) ancestors.push(doc);\n currentGroupId = doc.parentGroupId;\n depth += 1;\n continue;\n }\n ancestors.push(doc);\n currentGroupId = doc.parentGroupId;\n depth += 1;\n }\n return { ancestors, cycleDetected, maxDepthReached };\n },\n };\n\n const member = {\n create: async (\n ctx: ComponentCtx,\n data: {\n groupId: string;\n userId: string;\n roleIds?: string[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ): Promise<{ ok: true; memberId: string }> => {\n const roleIds = normalizeRoleIds(data.roleIds);\n const memberId = (await ctx.runMutation(\n config.component.public.memberAdd,\n { ...data, roleIds },\n )) as string;\n return { ok: true, memberId };\n },\n get: async (ctx: ComponentReadCtx, memberId: string) => {\n return await ctx.runQuery(config.component.public.memberGet, {\n memberId,\n });\n },\n getByUserAndGroup: async (\n ctx: ComponentReadCtx,\n opts: { userId: string; groupId: string },\n ) => {\n return await ctx.runQuery(\n config.component.public.memberGetByGroupAndUser,\n opts,\n );\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: string;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.memberList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n delete: async (ctx: ComponentCtx, memberId: string) => {\n await ctx.runMutation(config.component.public.memberRemove, { memberId });\n return { ok: true as const, memberId };\n },\n update: async (\n ctx: ComponentCtx,\n memberId: string,\n data: Record<string, unknown>,\n ) => {\n const nextData = { ...data };\n if (\"roleIds\" in nextData) {\n nextData.roleIds = normalizeRoleIds(\n Array.isArray(nextData.roleIds)\n ? (nextData.roleIds as string[])\n : undefined,\n );\n }\n await ctx.runMutation(config.component.public.memberUpdate, {\n memberId,\n data: nextData,\n });\n return { ok: true as const, memberId };\n },\n inherit: async (\n ctx: ComponentReadCtx,\n opts: {\n userId: string;\n groupId: string;\n roleIds?: string[];\n grants?: string[];\n maxDepth?: number;\n },\n ) => {\n const requestedRoleIds = normalizeRoleIds(opts.roleIds);\n const roleFilter =\n requestedRoleIds.length > 0 ? new Set(requestedRoleIds) : null;\n const requiredGrants = Array.from(new Set(opts.grants ?? []));\n const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));\n const visited = new Set<string>();\n const traversedGroupIds: string[] = [];\n let currentGroupId: string | undefined = opts.groupId;\n let depth = 0;\n let cycleDetected = false;\n let maxDepthReached = false;\n while (currentGroupId !== undefined) {\n if (depth > maxDepth) {\n maxDepthReached = true;\n break;\n }\n if (visited.has(currentGroupId)) {\n cycleDetected = true;\n break;\n }\n visited.add(currentGroupId);\n traversedGroupIds.push(currentGroupId);\n const membership = await member.getByUserAndGroup(ctx, {\n userId: opts.userId,\n groupId: currentGroupId,\n });\n const membershipRoleIds = membership?.roleIds ?? [];\n const membershipGrants = resolveGrantedPermissions(membershipRoleIds);\n if (\n membership !== null &&\n (roleFilter === null ||\n membershipRoleIds.some((roleId: string) =>\n roleFilter.has(roleId),\n )) &&\n requiredGrants.every((grant) => membershipGrants.includes(grant))\n ) {\n return {\n requestedGroupId: opts.groupId,\n matchedGroupId: currentGroupId,\n membership,\n roleIds: membershipRoleIds,\n grants: membershipGrants,\n missingGrants: [] as string[],\n depth,\n isDirect: depth === 0,\n isInherited: depth > 0,\n traversedGroupIds,\n cycleDetected: false,\n maxDepthReached: false,\n };\n }\n const doc = await group.get(ctx, currentGroupId);\n if (doc === null || doc.parentGroupId === undefined) break;\n currentGroupId = doc.parentGroupId;\n depth += 1;\n }\n return {\n requestedGroupId: opts.groupId,\n matchedGroupId: null,\n membership: null,\n roleIds: [] as string[],\n grants: [] as string[],\n missingGrants: requiredGrants,\n depth: null,\n isDirect: false,\n isInherited: false,\n traversedGroupIds,\n cycleDetected,\n maxDepthReached,\n };\n },\n require: async (\n ctx: ComponentReadCtx,\n opts: {\n userId: string;\n groupId: string;\n roleIds?: string[];\n grants?: string[];\n maxDepth?: number;\n },\n ) => {\n const result = await member.inherit(ctx, opts);\n if (result.membership === null) {\n throw new AuthError(\n \"FORBIDDEN\",\n `User ${opts.userId} has no membership on group ${opts.groupId} or its ancestors.`,\n ).toConvexError();\n }\n return {\n membership: result.membership,\n matchedGroupId: result.matchedGroupId,\n roleIds: result.roleIds,\n grants: result.grants,\n isDirect: result.isDirect,\n isInherited: result.isInherited,\n depth: result.depth,\n };\n },\n };\n\n const access = {\n check: async (\n ctx: ComponentReadCtx,\n opts: {\n userId: string;\n groupId: string;\n grants: string[];\n maxDepth?: number;\n },\n ) => {\n const requiredGrants = Array.from(new Set(opts.grants));\n const result = await member.inherit(ctx, {\n userId: opts.userId,\n groupId: opts.groupId,\n grants: requiredGrants,\n maxDepth: opts.maxDepth,\n });\n const missingGrants = requiredGrants.filter(\n (grant) => !result.grants.includes(grant),\n );\n return {\n ok: result.membership !== null && missingGrants.length === 0,\n membership: result.membership,\n matchedGroupId: result.matchedGroupId,\n roleIds: result.roleIds,\n grants: result.grants,\n missingGrants,\n isDirect: result.isDirect,\n isInherited: result.isInherited,\n depth: result.depth,\n };\n },\n require: async (\n ctx: ComponentReadCtx,\n opts: {\n userId: string;\n groupId: string;\n grants: string[];\n maxDepth?: number;\n },\n ) => {\n const result = await access.check(ctx, opts);\n if (!result.ok) {\n throw new AuthError(\n \"FORBIDDEN\",\n `User ${opts.userId} is missing required grants on group ${opts.groupId}: ${result.missingGrants.join(\", \")}.`,\n ).toConvexError();\n }\n return result;\n },\n };\n\n const invite = {\n create: async (\n ctx: ComponentCtx,\n data: {\n groupId?: string;\n invitedByUserId?: string;\n email?: string;\n roleIds?: string[];\n expiresTime?: number;\n extend?: Record<string, unknown>;\n },\n ): Promise<{ ok: true; inviteId: string; token: string }> => {\n const roleIds = normalizeRoleIds(data.roleIds);\n const token = generateRandomString(\n inviteTokenLength,\n inviteTokenAlphabet,\n );\n const tokenHash = await sha256(token);\n const inviteId = (await ctx.runMutation(\n config.component.public.inviteCreate,\n { ...data, roleIds, tokenHash, status: \"pending\" },\n )) as string;\n return { ok: true, inviteId, token };\n },\n get: async (ctx: ComponentReadCtx, inviteId: string) => {\n return await ctx.runQuery(config.component.public.inviteGet, {\n inviteId,\n });\n },\n token: {\n get: async (ctx: ComponentReadCtx, token: string) => {\n const tokenHash = await sha256(token);\n return await ctx.runQuery(\n config.component.public.inviteGetByTokenHash,\n { tokenHash },\n );\n },\n accept: async (\n ctx: ComponentCtx,\n args: { token: string; acceptedByUserId: string },\n ) => {\n const tokenHash = await sha256(args.token);\n const result = await ctx.runMutation(\n config.component.public.inviteAcceptByToken,\n { tokenHash, acceptedByUserId: args.acceptedByUserId },\n );\n return { ok: true as const, ...result };\n },\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n tokenHash?: string;\n groupId?: string;\n status?: \"pending\" | \"accepted\" | \"revoked\" | \"expired\";\n email?: string;\n invitedByUserId?: string;\n roleId?: string;\n acceptedByUserId?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?:\n | \"_creationTime\"\n | \"status\"\n | \"email\"\n | \"expiresTime\"\n | \"acceptedTime\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.inviteList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n accept: async (\n ctx: ComponentCtx,\n inviteId: string,\n acceptedByUserId?: string,\n ) => {\n await ctx.runMutation(config.component.public.inviteAccept, {\n inviteId,\n ...(acceptedByUserId ? { acceptedByUserId } : {}),\n });\n return {\n ok: true as const,\n inviteId,\n acceptedByUserId: acceptedByUserId ?? null,\n };\n },\n revoke: async (ctx: ComponentCtx, inviteId: string) => {\n await ctx.runMutation(config.component.public.inviteRevoke, { inviteId });\n return { ok: true as const, inviteId };\n },\n };\n\n const key = {\n create: async (\n ctx: ComponentCtx,\n opts: {\n userId: string;\n name: string;\n scopes: KeyScope[];\n rateLimit?: { maxRequests: number; windowMs: number };\n expiresAt?: number;\n metadata?: Record<string, unknown>;\n },\n ): Promise<{ ok: true; keyId: string; secret: string }> => {\n const { raw, hashedKey, displayPrefix } = await generateApiKey(\"sk_\");\n const keyId = (await ctx.runMutation(config.component.public.keyInsert, {\n userId: opts.userId,\n prefix: displayPrefix,\n hashedKey,\n name: opts.name,\n scopes: opts.scopes,\n rateLimit: opts.rateLimit,\n expiresAt: opts.expiresAt,\n metadata: opts.metadata,\n })) as string;\n return { ok: true, keyId, secret: raw };\n },\n verify: async (\n ctx: ComponentCtx,\n rawKey: string,\n ): Promise<{ userId: string; keyId: string; scopes: ScopeChecker }> => {\n const hashedKey = await hashApiKey(rawKey);\n const doc = (await ctx.runQuery(\n config.component.public.keyGetByHashedKey,\n { hashedKey },\n )) as KeyDoc | null;\n return Fx.run(\n Fx.gen(function* () {\n yield* Fx.guard(!doc, Fx.fail(new AuthError(\"INVALID_API_KEY\")));\n const k = doc!;\n yield* Fx.guard(k.revoked, Fx.fail(new AuthError(\"API_KEY_REVOKED\")));\n yield* Fx.guard(\n !!(k.expiresAt && k.expiresAt < Date.now()),\n Fx.fail(new AuthError(\"API_KEY_EXPIRED\")),\n );\n const patchData: Record<string, unknown> = { lastUsedAt: Date.now() };\n if (k.rateLimit) {\n const { limited, newState } = checkKeyRateLimit(\n k.rateLimit,\n k.rateLimitState ?? undefined,\n );\n yield* Fx.guard(\n limited,\n Fx.fail(new AuthError(\"API_KEY_RATE_LIMITED\")),\n );\n patchData.rateLimitState = newState;\n }\n yield* Fx.promise(() =>\n ctx.runMutation(config.component.public.keyPatch, {\n keyId: k._id,\n data: patchData,\n }),\n );\n return {\n userId: k.userId,\n keyId: k._id,\n scopes: buildScopeChecker(k.scopes),\n };\n }).pipe(Fx.recover((e) => Fx.fatal(e.toConvexError()))),\n );\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n userId?: string;\n revoked?: boolean;\n name?: string;\n prefix?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?:\n | \"_creationTime\"\n | \"name\"\n | \"lastUsedAt\"\n | \"expiresAt\"\n | \"revoked\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.keyList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n get: async (\n ctx: ComponentReadCtx,\n keyId: string,\n ): Promise<KeyDoc | null> => {\n return (await ctx.runQuery(config.component.public.keyGetById, {\n keyId,\n })) as KeyDoc | null;\n },\n update: async (\n ctx: ComponentCtx,\n keyId: string,\n data: {\n name?: string;\n scopes?: KeyScope[];\n rateLimit?: { maxRequests: number; windowMs: number };\n },\n ) => {\n await ctx.runMutation(config.component.public.keyPatch, { keyId, data });\n return { ok: true as const, keyId };\n },\n revoke: async (ctx: ComponentCtx, keyId: string) => {\n await ctx.runMutation(config.component.public.keyPatch, {\n keyId,\n data: { revoked: true },\n });\n return { ok: true as const, keyId };\n },\n delete: async (ctx: ComponentCtx, keyId: string) => {\n await ctx.runMutation(config.component.public.keyDelete, { keyId });\n return { ok: true as const, keyId };\n },\n rotate: async (\n ctx: ComponentCtx,\n keyId: string,\n opts?: { name?: string; expiresAt?: number },\n ): Promise<{ ok: true; keyId: string; secret: string }> => {\n const existing = await ctx.runQuery(config.component.public.keyGetById, {\n keyId,\n });\n if (!existing)\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"API key not found.\",\n ).toConvexError();\n if ((existing as any).revoked === true) {\n throw new AuthError(\n \"API_KEY_REVOKED\",\n \"Cannot rotate a key that is already revoked.\",\n ).toConvexError();\n }\n await ctx.runMutation(config.component.public.keyPatch, {\n keyId,\n data: { revoked: true },\n });\n return await key.create(ctx, {\n userId: (existing as any).userId,\n name: opts?.name ?? (existing as any).name,\n scopes: (existing as any).scopes ?? [],\n rateLimit: (existing as any).rateLimit,\n expiresAt: opts?.expiresAt,\n metadata: (existing as any).metadata,\n });\n },\n };\n\n return {\n user,\n session,\n account,\n provider,\n group,\n member,\n access,\n invite,\n key,\n };\n}\n"],"mappings":";;;;;;;;;;AA2EA,SAAgB,kBAAkB,MAAgB;CAChD,MAAM,EACJ,QACA,SACA,wBACA,kCACA,oCACA,mBACA,cACA,qBACA,sBACE;CAEJ,MAAM,kBAAkB,OAAO,cAAc;CAK7C,MAAM,qBAAqB,WAAmB;EAC5C,MAAM,OAAO,gBAAgB;AAC7B,MAAI,CAAC,KACH,OAAM,IAAI,UACR,sBACA,mBAAmB,OAAO,IAC3B,CAAC,eAAe;AAEnB,SAAO;;CAGT,MAAM,oBAAoB,YAAuB;EAC/C,MAAM,aAAa,MAAM,KAAK,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;AACrD,OAAK,MAAM,UAAU,WACnB,mBAAkB,OAAO;AAE3B,SAAO;;CAGT,MAAM,6BAA6B,YAAuB;EACxD,MAAM,yBAAS,IAAI,KAAa;AAChC,OAAK,MAAM,UAAU,WAAW,EAAE,EAAE;GAClC,MAAM,OAAO,kBAAkB,OAAO;AACtC,QAAK,MAAM,SAAS,KAAK,OACvB,QAAO,IAAI,MAAM;;AAGrB,SAAO,MAAM,KAAK,OAAO,CAAC,MAAM;;CAGlC,MAAM,OAAO;EACX,SAAS,OACP,KACA,YAC2B;GAC3B,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,OAAI,aAAa,MAAM;IACrB,MAAM,CAAC,UAAU,SAAS,QAAQ,MAAM,wBAAwB;AAChE,WAAO;;AAET,OAAI,YAAY,UAAa,iBAAiB,OAAO,IAAI,aAAa;IACpE,MAAM,aAAa,QAAQ,QAAQ,IAAI,gBAAgB;AACvD,QAAI,YAAY,WAAW,aAAa,EAAE;KACxC,MAAM,SAAS,WAAW,MAAM,EAAE;AAClC,SAAI;AAKF,cAJe,MAAM,SAAS,CAAC,IAAI,OACjC,KACA,OACD,EACa;aACR;AACN,aAAO;;;;AAIb,UAAO;;EAET,SAAS,OACP,KACA,YACoB;GACpB,MAAM,SAAS,MAAM,KAAK,QAAQ,KAAK,QAAQ;AAC/C,OAAI,WAAW,KACb,OAAM,IAAI,UAAU,gBAAgB,CAAC,eAAe;AAEtD,UAAO;;EAET,KAAK,OAAO,KAAuB,WAAmB;AACpD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,aAAa,EAC7D,QACD,CAAC;;EAEJ,MAAM,OACJ,KACA,OAMI,EAAE,KACH;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,UAAU,KAAK;;EAEnE,QAAQ,OAAO,QAA8B;GAC3C,MAAM,SAAS,MAAM,KAAK,QAAQ,IAAI;AACtC,OAAI,WAAW,KAAM,QAAO;AAC5B,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,aAAa,EAC7D,QACD,CAAC;;EAEJ,QAAQ,OACN,KACA,QACA,SACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW;IACvD;IACA;IACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAQ;;EAEtC,gBAAgB,OACd,KACA,SACG;GACH,MAAM,MAAM,MAAM,KAAK,IAAI,KAAK,KAAK,OAAO;GAC5C,MAAM,iBACJ,QAAQ,QACR,IAAI,WAAW,QACf,OAAO,IAAI,WAAW,YACtB,CAAC,MAAM,QAAQ,IAAI,OAAO,GACtB,EAAE,GAAI,IAAI,QAAoC,GAC9C,EAAE;AACR,OAAI,KAAK,YAAY,MAAM;IACzB,MAAM,EAAE,iBAAiB,OAAO,GAAG,SAAS;AAC5C,UAAM,KAAK,OAAO,KAAK,KAAK,QAAQ,EAAE,QAAQ,MAAM,CAAC;AACrD,WAAO;KAAE,IAAI;KAAe,QAAQ,KAAK;KAAQ,SAAS;KAAM;;AAElE,SAAM,KAAK,OAAO,KAAK,KAAK,QAAQ,EAClC,QAAQ;IAAE,GAAG;IAAgB,iBAAiB,KAAK;IAAS,EAC7D,CAAC;AACF,UAAO;IAAE,IAAI;IAAe,QAAQ,KAAK;IAAQ,SAAS,KAAK;IAAS;;EAE1E,gBAAgB,OACd,KACA,SAC2B;GAC3B,MAAM,MAAM,MAAM,KAAK,IAAI,KAAK,KAAK,OAAO;AAC5C,OACE,QAAQ,QACR,IAAI,WAAW,QACf,OAAO,IAAI,WAAW,YACtB,CAAC,MAAM,QAAQ,IAAI,OAAO,EAC1B;IACA,MAAM,MAAO,IAAI,OAAmC;AACpD,QAAI,OAAO,QAAQ,SAAU,QAAO;;AAEtC,UAAO;;EAET,QAAQ,OACN,KACA,QACA,SACG;GACH,MAAM,UAAU,MAAM,YAAY;GAClC,MAAM,CAAC,UAAU,UAAU,MAAM,SAAS,UAAU,SAClD,MAAM,QAAQ,IAAI;IAChB,IAAI,SAAS,OAAO,UAAU,OAAO,mBAAmB,EACtD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,mBAAmB,EACtD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,iBAAiB,EACpD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,kBAAkB,EACrD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,qBAAqB,EACxD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,kBAAkB,EACrD,QACD,CAAC;IACH,CAAC;GACJ,MAAM,cACJ,SAAS,SACT,SAAS,SACT,KAAK,SACL,QAAQ,SACR,SAAS,SACT,MAAM;AACR,OAAI,CAAC,WAAW,cAAc,EAC5B,OAAM,IAAI,UACR,sBACA,2BAA2B,YAAY,sGACxC,CAAC,eAAe;GAEnB,MAAM,YAAgC,EAAE;AACxC,QAAK,MAAM,KAAK,SACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EACrD,WAAW,EAAE,KACd,CAAC,CACH;AACH,QAAK,MAAM,KAAK,SACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EACrD,WAAW,EAAE,KACd,CAAC,CACH;AACH,QAAK,MAAM,KAAK,KACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CACrE;AACH,QAAK,MAAM,KAAK,QACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc,EACpD,UAAU,EAAE,KACb,CAAC,CACH;AACH,QAAK,MAAM,KAAK,SACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EACrD,WAAW,EAAE,KACd,CAAC,CACH;AACH,QAAK,MAAM,KAAK,MACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,YAAY,EAClD,QAAQ,EAAE,KACX,CAAC,CACH;AACH,SAAM,QAAQ,IAAI,UAAU;AAC5B,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,YAAY,EAAE,QAAQ,CAAC;AACrE,UAAO;IAAE,IAAI;IAAe;IAAQ;;EAEvC;CAED,MAAM,UAAU;EACd,SAAS,OAAO,QAAwB;GACtC,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,OAAI,aAAa,KAAM,QAAO;GAC9B,MAAM,GAAG,aAAa,SAAS,QAAQ,MAAM,wBAAwB;AACrE,UAAO;;EAET,YAAY,OACV,KACA,SACG;AACH,SAAM,uBAAuB,KAAK,KAAK;AACvC,UAAO;IACL,IAAI;IACJ,QAAQ,KAAK;IACb,QAAQ,KAAK,UAAU,EAAE;IAC1B;;EAEH,KAAK,OAAO,KAAuB,cAAsB;AACvD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,gBAAgB,EAChE,WACD,CAAC;;EAEJ,MAAM,OAAO,KAAuB,SAA6B;AAC/D,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,mBAAmB,EACnE,QAAQ,KAAK,QACd,CAAC;;EAEL;CAED,MAAM,UAAU;EACd,QAAQ,OACN,KACA,SACG;AAEH,UAAO;IAAE,IAAI;IAAe,GADZ,MAAM,iCAAiC,KAAK,KAAK;IACzB;;EAE1C,KAAK,OACH,KACA,SACG;GACH,MAAM,SAAS,MAAM,mCAAmC,KAAK,KAAK;AAClE,OAAI,OAAO,WAAW,SACpB,OAAM,IAAI,UAAU,qBAAqB,OAAO,CAAC,eAAe;AAElE,UAAO;;EAET,QAAQ,OACN,KACA,SACG;AACH,SAAM,kBAAkB,KAAK,KAAK;AAClC,UAAO;IAAE,IAAI;IAAe,WAAW,KAAK,QAAQ;IAAI;;EAE1D,QAAQ,OAAO,KAAmB,cAAsB;GACtD,MAAM,MAAM,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,gBAAgB,EACrE,WACD,CAAC;AACF,OAAI,QAAQ,KACV,OAAM,IAAI,UACR,qBACA,qBACD,CAAC,eAAe;AAMnB,QAJqB,MAAM,IAAI,SAC7B,OAAO,UAAU,OAAO,mBACxB,EAAE,QAAS,IAAY,QAAQ,CAChC,EACe,UAAU,EACxB,OAAM,IAAI,UACR,sBACA,mEACD,CAAC,eAAe;AAEnB,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EAC3D,WACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAW;;EAEzC,cAAc,OAAO,KAAuB,SAA6B;AACvE,UAAO,MAAM,IAAI,SACf,OAAO,UAAU,OAAO,qBACxB,KACD;;EAEH,eAAe,OACb,KACA,WACA,SACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,mBAAmB;IAC/D;IACA,MAAM,EAAE,MAAM;IACf,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAW;;EAEzC,eAAe,OAAO,KAAmB,cAAsB;AAC7D,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EAC3D,WACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAW;;EAEzC,WAAW,OAAO,KAAuB,SAA6B;AACpE,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,kBAAkB,KAAK;;EAE3E,YAAY,OAAO,KAAmB,WAAmB;AACvD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,YAAY,EAAE,QAAQ,CAAC;AACrE,UAAO;IAAE,IAAI;IAAe;IAAQ;;EAEvC;CAED,MAAM,WAAW,EACf,QAAQ,OACN,KACA,gBACA,SAIG;EACH,MAAM,SAAS,MAAM,WACnB,cAAc,CAAC,IAAI,EACnB,oBAAoB,eAAe,EACnC,MAIA;GAAE,gBAAgB;GAAO,qBAAqB;GAAM,CACrD;AACD,SAAO,OAAO,SAAS,aACnB,OAAO,aAAa,OAClB;GACE,QAAQ,OAAO,SAAS;GACxB,WAAW,OAAO,SAAS;GAC5B,GACD,OACF;IAEP;CAED,MAAM,QAAQ;EACZ,QAAQ,OACN,KACA,SAQ2C;AAK3C,UAAO;IAAE,IAAI;IAAM,SAJF,MAAM,IAAI,YACzB,OAAO,UAAU,OAAO,aACxB,KACD;IAC2B;;EAE9B,KAAK,OAAO,KAAuB,YAAoB;AACrD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,UAAU,EAAE,SAAS,CAAC;;EAE1E,MAAM,OACJ,KACA,SAeG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,WAAW;IAC3D,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,QAAQ,OACN,KACA,SACA,SACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,aAAa;IACzD;IACA;IACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAS;;EAEvC,QAAQ,OAAO,KAAmB,YAAoB;AACpD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,aAAa,EAAE,SAAS,CAAC;AACvE,UAAO;IAAE,IAAI;IAAe;IAAS;;EAEvC,WAAW,OACT,KACA,SACG;GACH,MAAM,WAAW,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,GAAG,CAAC;GAC7D,MAAM,0BAAU,IAAI,KAAa;GACjC,MAAM,YAAmB,EAAE;GAC3B,IAAI,gBAAgB;GACpB,IAAI,kBAAkB;GACtB,IAAI,iBAAqC,KAAK;GAC9C,IAAI,QAAQ;GACZ,IAAI,UAAU;AACd,UAAO,mBAAmB,QAAW;AACnC,QAAI,QAAQ,UAAU;AACpB,uBAAkB;AAClB;;AAEF,QAAI,QAAQ,IAAI,eAAe,EAAE;AAC/B,qBAAgB;AAChB;;AAEF,YAAQ,IAAI,eAAe;IAC3B,MAAM,MAAM,MAAM,MAAM,IAAI,KAAK,eAAe;AAChD,QAAI,QAAQ,KAAM;AAClB,QAAI,SAAS;AACX,eAAU;AACV,SAAI,KAAK,YAAa,WAAU,KAAK,IAAI;AACzC,sBAAiB,IAAI;AACrB,cAAS;AACT;;AAEF,cAAU,KAAK,IAAI;AACnB,qBAAiB,IAAI;AACrB,aAAS;;AAEX,UAAO;IAAE;IAAW;IAAe;IAAiB;;EAEvD;CAED,MAAM,SAAS;EACb,QAAQ,OACN,KACA,SAO4C;GAC5C,MAAM,UAAU,iBAAiB,KAAK,QAAQ;AAK9C,UAAO;IAAE,IAAI;IAAM,UAJD,MAAM,IAAI,YAC1B,OAAO,UAAU,OAAO,WACxB;KAAE,GAAG;KAAM;KAAS,CACrB;IAC4B;;EAE/B,KAAK,OAAO,KAAuB,aAAqB;AACtD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,WAAW,EAC3D,UACD,CAAC;;EAEJ,mBAAmB,OACjB,KACA,SACG;AACH,UAAO,MAAM,IAAI,SACf,OAAO,UAAU,OAAO,yBACxB,KACD;;EAEH,MAAM,OACJ,KACA,SAYG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY;IAC5D,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,QAAQ,OAAO,KAAmB,aAAqB;AACrD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc,EAAE,UAAU,CAAC;AACzE,UAAO;IAAE,IAAI;IAAe;IAAU;;EAExC,QAAQ,OACN,KACA,UACA,SACG;GACH,MAAM,WAAW,EAAE,GAAG,MAAM;AAC5B,OAAI,aAAa,SACf,UAAS,UAAU,iBACjB,MAAM,QAAQ,SAAS,QAAQ,GAC1B,SAAS,UACV,OACL;AAEH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc;IAC1D;IACA,MAAM;IACP,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAU;;EAExC,SAAS,OACP,KACA,SAOG;GACH,MAAM,mBAAmB,iBAAiB,KAAK,QAAQ;GACvD,MAAM,aACJ,iBAAiB,SAAS,IAAI,IAAI,IAAI,iBAAiB,GAAG;GAC5D,MAAM,iBAAiB,MAAM,KAAK,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC,CAAC;GAC7D,MAAM,WAAW,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,GAAG,CAAC;GAC7D,MAAM,0BAAU,IAAI,KAAa;GACjC,MAAM,oBAA8B,EAAE;GACtC,IAAI,iBAAqC,KAAK;GAC9C,IAAI,QAAQ;GACZ,IAAI,gBAAgB;GACpB,IAAI,kBAAkB;AACtB,UAAO,mBAAmB,QAAW;AACnC,QAAI,QAAQ,UAAU;AACpB,uBAAkB;AAClB;;AAEF,QAAI,QAAQ,IAAI,eAAe,EAAE;AAC/B,qBAAgB;AAChB;;AAEF,YAAQ,IAAI,eAAe;AAC3B,sBAAkB,KAAK,eAAe;IACtC,MAAM,aAAa,MAAM,OAAO,kBAAkB,KAAK;KACrD,QAAQ,KAAK;KACb,SAAS;KACV,CAAC;IACF,MAAM,oBAAoB,YAAY,WAAW,EAAE;IACnD,MAAM,mBAAmB,0BAA0B,kBAAkB;AACrE,QACE,eAAe,SACd,eAAe,QACd,kBAAkB,MAAM,WACtB,WAAW,IAAI,OAAO,CACvB,KACH,eAAe,OAAO,UAAU,iBAAiB,SAAS,MAAM,CAAC,CAEjE,QAAO;KACL,kBAAkB,KAAK;KACvB,gBAAgB;KAChB;KACA,SAAS;KACT,QAAQ;KACR,eAAe,EAAE;KACjB;KACA,UAAU,UAAU;KACpB,aAAa,QAAQ;KACrB;KACA,eAAe;KACf,iBAAiB;KAClB;IAEH,MAAM,MAAM,MAAM,MAAM,IAAI,KAAK,eAAe;AAChD,QAAI,QAAQ,QAAQ,IAAI,kBAAkB,OAAW;AACrD,qBAAiB,IAAI;AACrB,aAAS;;AAEX,UAAO;IACL,kBAAkB,KAAK;IACvB,gBAAgB;IAChB,YAAY;IACZ,SAAS,EAAE;IACX,QAAQ,EAAE;IACV,eAAe;IACf,OAAO;IACP,UAAU;IACV,aAAa;IACb;IACA;IACA;IACD;;EAEH,SAAS,OACP,KACA,SAOG;GACH,MAAM,SAAS,MAAM,OAAO,QAAQ,KAAK,KAAK;AAC9C,OAAI,OAAO,eAAe,KACxB,OAAM,IAAI,UACR,aACA,QAAQ,KAAK,OAAO,8BAA8B,KAAK,QAAQ,oBAChE,CAAC,eAAe;AAEnB,UAAO;IACL,YAAY,OAAO;IACnB,gBAAgB,OAAO;IACvB,SAAS,OAAO;IAChB,QAAQ,OAAO;IACf,UAAU,OAAO;IACjB,aAAa,OAAO;IACpB,OAAO,OAAO;IACf;;EAEJ;CAED,MAAM,SAAS;EACb,OAAO,OACL,KACA,SAMG;GACH,MAAM,iBAAiB,MAAM,KAAK,IAAI,IAAI,KAAK,OAAO,CAAC;GACvD,MAAM,SAAS,MAAM,OAAO,QAAQ,KAAK;IACvC,QAAQ,KAAK;IACb,SAAS,KAAK;IACd,QAAQ;IACR,UAAU,KAAK;IAChB,CAAC;GACF,MAAM,gBAAgB,eAAe,QAClC,UAAU,CAAC,OAAO,OAAO,SAAS,MAAM,CAC1C;AACD,UAAO;IACL,IAAI,OAAO,eAAe,QAAQ,cAAc,WAAW;IAC3D,YAAY,OAAO;IACnB,gBAAgB,OAAO;IACvB,SAAS,OAAO;IAChB,QAAQ,OAAO;IACf;IACA,UAAU,OAAO;IACjB,aAAa,OAAO;IACpB,OAAO,OAAO;IACf;;EAEH,SAAS,OACP,KACA,SAMG;GACH,MAAM,SAAS,MAAM,OAAO,MAAM,KAAK,KAAK;AAC5C,OAAI,CAAC,OAAO,GACV,OAAM,IAAI,UACR,aACA,QAAQ,KAAK,OAAO,uCAAuC,KAAK,QAAQ,IAAI,OAAO,cAAc,KAAK,KAAK,CAAC,GAC7G,CAAC,eAAe;AAEnB,UAAO;;EAEV;CAED,MAAM,SAAS;EACb,QAAQ,OACN,KACA,SAQ2D;GAC3D,MAAM,UAAU,iBAAiB,KAAK,QAAQ;GAC9C,MAAM,QAAQ,qBACZ,mBACA,oBACD;GACD,MAAM,YAAY,MAAM,OAAO,MAAM;AAKrC,UAAO;IAAE,IAAI;IAAM,UAJD,MAAM,IAAI,YAC1B,OAAO,UAAU,OAAO,cACxB;KAAE,GAAG;KAAM;KAAS;KAAW,QAAQ;KAAW,CACnD;IAC4B;IAAO;;EAEtC,KAAK,OAAO,KAAuB,aAAqB;AACtD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,WAAW,EAC3D,UACD,CAAC;;EAEJ,OAAO;GACL,KAAK,OAAO,KAAuB,UAAkB;IACnD,MAAM,YAAY,MAAM,OAAO,MAAM;AACrC,WAAO,MAAM,IAAI,SACf,OAAO,UAAU,OAAO,sBACxB,EAAE,WAAW,CACd;;GAEH,QAAQ,OACN,KACA,SACG;IACH,MAAM,YAAY,MAAM,OAAO,KAAK,MAAM;AAK1C,WAAO;KAAE,IAAI;KAAe,GAJb,MAAM,IAAI,YACvB,OAAO,UAAU,OAAO,qBACxB;MAAE;MAAW,kBAAkB,KAAK;MAAkB,CACvD;KACsC;;GAE1C;EACD,MAAM,OACJ,KACA,SAoBG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY;IAC5D,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,QAAQ,OACN,KACA,UACA,qBACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc;IAC1D;IACA,GAAI,mBAAmB,EAAE,kBAAkB,GAAG,EAAE;IACjD,CAAC;AACF,UAAO;IACL,IAAI;IACJ;IACA,kBAAkB,oBAAoB;IACvC;;EAEH,QAAQ,OAAO,KAAmB,aAAqB;AACrD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc,EAAE,UAAU,CAAC;AACzE,UAAO;IAAE,IAAI;IAAe;IAAU;;EAEzC;CAED,MAAM,MAAM;EACV,QAAQ,OACN,KACA,SAQyD;GACzD,MAAM,EAAE,KAAK,WAAW,kBAAkB,MAAM,eAAe,MAAM;AAWrE,UAAO;IAAE,IAAI;IAAM,OAVJ,MAAM,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW;KACtE,QAAQ,KAAK;KACb,QAAQ;KACR;KACA,MAAM,KAAK;KACX,QAAQ,KAAK;KACb,WAAW,KAAK;KAChB,WAAW,KAAK;KAChB,UAAU,KAAK;KAChB,CAAC;IACwB,QAAQ;IAAK;;EAEzC,QAAQ,OACN,KACA,WACqE;GACrE,MAAM,YAAY,MAAM,WAAW,OAAO;GAC1C,MAAM,MAAO,MAAM,IAAI,SACrB,OAAO,UAAU,OAAO,mBACxB,EAAE,WAAW,CACd;AACD,UAAO,GAAG,IACR,GAAG,IAAI,aAAa;AAClB,WAAO,GAAG,MAAM,CAAC,KAAK,GAAG,KAAK,IAAI,UAAU,kBAAkB,CAAC,CAAC;IAChE,MAAM,IAAI;AACV,WAAO,GAAG,MAAM,EAAE,SAAS,GAAG,KAAK,IAAI,UAAU,kBAAkB,CAAC,CAAC;AACrE,WAAO,GAAG,MACR,CAAC,EAAE,EAAE,aAAa,EAAE,YAAY,KAAK,KAAK,GAC1C,GAAG,KAAK,IAAI,UAAU,kBAAkB,CAAC,CAC1C;IACD,MAAM,YAAqC,EAAE,YAAY,KAAK,KAAK,EAAE;AACrE,QAAI,EAAE,WAAW;KACf,MAAM,EAAE,SAAS,aAAa,kBAC5B,EAAE,WACF,EAAE,kBAAkB,OACrB;AACD,YAAO,GAAG,MACR,SACA,GAAG,KAAK,IAAI,UAAU,uBAAuB,CAAC,CAC/C;AACD,eAAU,iBAAiB;;AAE7B,WAAO,GAAG,cACR,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;KAChD,OAAO,EAAE;KACT,MAAM;KACP,CAAC,CACH;AACD,WAAO;KACL,QAAQ,EAAE;KACV,OAAO,EAAE;KACT,QAAQ,kBAAkB,EAAE,OAAO;KACpC;KACD,CAAC,KAAK,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CACxD;;EAEH,MAAM,OACJ,KACA,SAiBG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,SAAS;IACzD,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,KAAK,OACH,KACA,UAC2B;AAC3B,UAAQ,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY,EAC7D,OACD,CAAC;;EAEJ,QAAQ,OACN,KACA,OACA,SAKG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IAAE;IAAO;IAAM,CAAC;AACxE,UAAO;IAAE,IAAI;IAAe;IAAO;;EAErC,QAAQ,OAAO,KAAmB,UAAkB;AAClD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IACtD;IACA,MAAM,EAAE,SAAS,MAAM;IACxB,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAO;;EAErC,QAAQ,OAAO,KAAmB,UAAkB;AAClD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW,EAAE,OAAO,CAAC;AACnE,UAAO;IAAE,IAAI;IAAe;IAAO;;EAErC,QAAQ,OACN,KACA,OACA,SACyD;GACzD,MAAM,WAAW,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY,EACtE,OACD,CAAC;AACF,OAAI,CAAC,SACH,OAAM,IAAI,UACR,sBACA,qBACD,CAAC,eAAe;AACnB,OAAK,SAAiB,YAAY,KAChC,OAAM,IAAI,UACR,mBACA,+CACD,CAAC,eAAe;AAEnB,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IACtD;IACA,MAAM,EAAE,SAAS,MAAM;IACxB,CAAC;AACF,UAAO,MAAM,IAAI,OAAO,KAAK;IAC3B,QAAS,SAAiB;IAC1B,MAAM,MAAM,QAAS,SAAiB;IACtC,QAAS,SAAiB,UAAU,EAAE;IACtC,WAAY,SAAiB;IAC7B,WAAW,MAAM;IACjB,UAAW,SAAiB;IAC7B,CAAC;;EAEL;AAED,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD"}
1
+ {"version":3,"file":"core.js","names":[],"sources":["../../../src/server/domains/core.ts"],"sourcesContent":["import { Auth, GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport {\n buildScopeChecker,\n checkKeyRateLimit,\n generateApiKey,\n hashApiKey,\n} from \"../keys\";\nimport { materializeProvider } from \"../providers\";\nimport { signInImpl } from \"../signin\";\nimport type {\n AuthProviderConfig,\n KeyDoc,\n KeyScope,\n ScopeChecker,\n UserOrderBy,\n UserWhere,\n} from \"../types\";\nimport {\n generateRandomString,\n sha256,\n TOKEN_SUB_CLAIM_DIVIDER,\n} from \"../utils\";\n\ntype ComponentCtx = Pick<\n GenericActionCtx<GenericDataModel>,\n \"runQuery\" | \"runMutation\"\n>;\ntype ComponentReadCtx = Pick<GenericActionCtx<GenericDataModel>, \"runQuery\">;\ntype ComponentAuthReadCtx = ComponentReadCtx & { auth: Auth };\ntype AccountCredentials = { id: string; secret?: string };\ntype CreateAccountArgs = {\n provider: string;\n account: AccountCredentials;\n profile: Record<string, unknown>;\n shouldLinkViaEmail?: boolean;\n shouldLinkViaPhone?: boolean;\n};\ntype RetrieveAccountArgs = { provider: string; account: AccountCredentials };\ntype UpdateAccountCredentialsArgs = {\n provider: string;\n account: { id: string; secret: string };\n};\n\ntype CoreDeps = {\n config: any;\n getAuth: () => any;\n callInvalidateSessions: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: { userId: GenericId<\"User\">; except?: GenericId<\"Session\">[] },\n ) => Promise<void>;\n callCreateAccountFromCredentials: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: CreateAccountArgs,\n ) => Promise<any>;\n callRetrieveAccountWithCredentials: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: RetrieveAccountArgs,\n ) => Promise<any>;\n callModifyAccount: <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: UpdateAccountCredentialsArgs,\n ) => Promise<void>;\n getEnrichCtx: () => <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n ) => any;\n inviteTokenAlphabet: string;\n inviteTokenLength: number;\n};\n\n/**\n * Build the core auth domains that back the canonical app API surface.\n */\nexport function createCoreDomains(deps: CoreDeps) {\n const {\n config,\n getAuth,\n callInvalidateSessions,\n callCreateAccountFromCredentials,\n callRetrieveAccountWithCredentials,\n callModifyAccount,\n getEnrichCtx,\n inviteTokenAlphabet,\n inviteTokenLength,\n } = deps;\n\n const roleDefinitions = config.authorization.roles as Record<\n string,\n { label?: string; grants: string[] }\n >;\n\n const getRoleDefinition = (roleId: string) => {\n return roleDefinitions[roleId] ?? null;\n };\n\n const normalizeRoleIds = (\n roleIds?: string[],\n ):\n | { ok: true; roleIds: string[] }\n | { ok: false; invalidRoleIds: string[] } => {\n const normalized = Array.from(new Set(roleIds ?? []));\n const invalid = normalized.filter((id) => getRoleDefinition(id) === null);\n if (invalid.length > 0) {\n return { ok: false, invalidRoleIds: invalid };\n }\n return { ok: true, roleIds: normalized };\n };\n\n const resolveGrantedPermissions = (roleIds?: string[]) => {\n const grants = new Set<string>();\n for (const roleId of roleIds ?? []) {\n const role = getRoleDefinition(roleId);\n if (role === null) continue;\n for (const grant of role.grants) {\n grants.add(grant);\n }\n }\n return Array.from(grants).sort();\n };\n\n // Per-execution cache — attached to ctx so each function invocation has its own.\n // Eliminates redundant cross-component RPCs for the same entity within a handler.\n type CtxCache = {\n users: Map<string, any>;\n groups: Map<string, any>;\n };\n const AUTH_CACHE = Symbol(\"__convexAuthCache\");\n function cache(ctx: any): CtxCache {\n if (!ctx[AUTH_CACHE]) {\n ctx[AUTH_CACHE] = {\n users: new Map(),\n groups: new Map(),\n } satisfies CtxCache;\n }\n return ctx[AUTH_CACHE];\n }\n\n const user = {\n id: async (\n ctx: { auth: Auth } & Partial<ComponentCtx>,\n request?: Request,\n ): Promise<string | null> => {\n const identity = await ctx.auth.getUserIdentity();\n if (identity !== null) {\n const [userId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);\n return userId;\n }\n if (request !== undefined && \"runMutation\" in ctx && ctx.runMutation) {\n const authHeader = request.headers.get(\"Authorization\");\n if (authHeader?.startsWith(\"Bearer sk_\")) {\n const rawKey = authHeader.slice(7);\n const result = await getAuth().key.verify(\n ctx as ComponentCtx,\n rawKey,\n );\n if (result.ok) {\n return result.userId;\n }\n return null;\n }\n }\n return null;\n },\n get: async (ctx: ComponentReadCtx, userId: string) => {\n const c = cache(ctx);\n if (c.users.has(userId)) return c.users.get(userId);\n const result = await ctx.runQuery(config.component.public.userGetById, {\n userId,\n });\n c.users.set(userId, result);\n return result;\n },\n list: async (\n ctx: ComponentReadCtx,\n opts: {\n where?: UserWhere;\n limit?: number;\n cursor?: string | null;\n orderBy?: UserOrderBy;\n order?: \"asc\" | \"desc\";\n } = {},\n ) => {\n return await ctx.runQuery(config.component.public.userList, opts);\n },\n viewer: async (ctx: ComponentAuthReadCtx) => {\n const userId = await user.id(ctx);\n if (userId === null) return null;\n return await user.get(ctx, userId);\n },\n update: async (\n ctx: ComponentCtx,\n userId: string,\n data: Record<string, unknown>,\n ) => {\n await ctx.runMutation(config.component.public.userPatch, {\n userId,\n data,\n });\n return { ok: true as const, userId };\n },\n setActiveGroup: async (\n ctx: ComponentCtx,\n opts: { userId: string; groupId: string | null },\n ) => {\n const doc = await user.get(ctx, opts.userId);\n const existingExtend =\n doc !== null &&\n doc.extend !== null &&\n typeof doc.extend === \"object\" &&\n !Array.isArray(doc.extend)\n ? { ...(doc.extend as Record<string, unknown>) }\n : {};\n if (opts.groupId === null) {\n const { lastActiveGroup: _omit, ...rest } = existingExtend;\n await user.update(ctx, opts.userId, { extend: rest });\n return { ok: true as const, userId: opts.userId, groupId: null };\n }\n await user.update(ctx, opts.userId, {\n extend: { ...existingExtend, lastActiveGroup: opts.groupId },\n });\n return { ok: true as const, userId: opts.userId, groupId: opts.groupId };\n },\n getActiveGroup: async (\n ctx: ComponentReadCtx,\n opts: { userId: string },\n ): Promise<string | null> => {\n const doc = await user.get(ctx, opts.userId);\n if (\n doc !== null &&\n doc.extend !== null &&\n typeof doc.extend === \"object\" &&\n !Array.isArray(doc.extend)\n ) {\n const val = (doc.extend as Record<string, unknown>).lastActiveGroup;\n if (typeof val === \"string\") return val;\n }\n return null;\n },\n delete: async (\n ctx: ComponentCtx,\n userId: string,\n opts?: { cascade?: boolean },\n ) => {\n const cascade = opts?.cascade !== false;\n const [sessions, accounts, keys, members, passkeys, totps] =\n await Promise.all([\n ctx.runQuery(config.component.public.sessionListByUser, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.accountListByUser, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.keyListByUserId, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.memberListByUser, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.passkeyListByUserId, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ctx.runQuery(config.component.public.totpListByUserId, {\n userId,\n }) as Promise<Array<{ _id: string }>>,\n ]);\n const totalLinked =\n sessions.length +\n accounts.length +\n keys.length +\n members.length +\n passkeys.length +\n totps.length;\n if (!cascade && totalLinked > 0) {\n return { ok: false as const, code: \"INVALID_PARAMETERS\" as const };\n }\n const deletions: Promise<unknown>[] = [];\n for (const s of sessions)\n deletions.push(\n ctx.runMutation(config.component.public.sessionDelete, {\n sessionId: s._id,\n }),\n );\n for (const a of accounts)\n deletions.push(\n ctx.runMutation(config.component.public.accountDelete, {\n accountId: a._id,\n }),\n );\n for (const k of keys)\n deletions.push(\n ctx.runMutation(config.component.public.keyDelete, { keyId: k._id }),\n );\n for (const m of members)\n deletions.push(\n ctx.runMutation(config.component.public.memberRemove, {\n memberId: m._id,\n }),\n );\n for (const p of passkeys)\n deletions.push(\n ctx.runMutation(config.component.public.passkeyDelete, {\n passkeyId: p._id,\n }),\n );\n for (const t of totps)\n deletions.push(\n ctx.runMutation(config.component.public.totpDelete, {\n totpId: t._id,\n }),\n );\n await Promise.all(deletions);\n await ctx.runMutation(config.component.public.userDelete, { userId });\n return { ok: true as const, userId };\n },\n };\n\n const session = {\n current: async (ctx: { auth: Auth }) => {\n const identity = await ctx.auth.getUserIdentity();\n if (identity === null) return null;\n const [, sessionId] = identity.subject.split(TOKEN_SUB_CLAIM_DIVIDER);\n return sessionId as GenericId<\"Session\">;\n },\n invalidate: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: { userId: GenericId<\"User\">; except?: GenericId<\"Session\">[] },\n ) => {\n await callInvalidateSessions(ctx, args);\n return {\n ok: true as const,\n userId: args.userId,\n except: args.except ?? [],\n };\n },\n get: async (ctx: ComponentReadCtx, sessionId: string) => {\n return await ctx.runQuery(config.component.public.sessionGetById, {\n sessionId,\n });\n },\n list: async (ctx: ComponentReadCtx, opts: { userId: string }) => {\n return await ctx.runQuery(config.component.public.sessionListByUser, {\n userId: opts.userId,\n });\n },\n };\n\n const account = {\n create: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: CreateAccountArgs,\n ) => {\n const created = await callCreateAccountFromCredentials(ctx, args);\n return { ok: true as const, ...created };\n },\n get: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: RetrieveAccountArgs,\n ) => {\n const result = await callRetrieveAccountWithCredentials(ctx, args);\n if (typeof result === \"string\") {\n return null;\n }\n return result;\n },\n update: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: UpdateAccountCredentialsArgs,\n ) => {\n await callModifyAccount(ctx, args);\n return { ok: true as const, accountId: args.account.id };\n },\n delete: async (ctx: ComponentCtx, accountId: string) => {\n const doc = await ctx.runQuery(config.component.public.accountGetById, {\n accountId,\n });\n if (doc === null) {\n return { ok: false as const, code: \"ACCOUNT_NOT_FOUND\" as const };\n }\n const allAccounts = (await ctx.runQuery(\n config.component.public.accountListByUser,\n { userId: (doc as any).userId },\n )) as Array<{ _id: string }>;\n if (allAccounts.length <= 1) {\n return { ok: false as const, code: \"INVALID_PARAMETERS\" as const };\n }\n await ctx.runMutation(config.component.public.accountDelete, {\n accountId,\n });\n return { ok: true as const, accountId };\n },\n listPasskeys: async (ctx: ComponentReadCtx, opts: { userId: string }) => {\n return await ctx.runQuery(\n config.component.public.passkeyListByUserId,\n opts,\n );\n },\n renamePasskey: async (\n ctx: ComponentCtx,\n passkeyId: string,\n name: string,\n ) => {\n await ctx.runMutation(config.component.public.passkeyUpdateMeta, {\n passkeyId,\n data: { name },\n });\n return { ok: true as const, passkeyId };\n },\n deletePasskey: async (ctx: ComponentCtx, passkeyId: string) => {\n await ctx.runMutation(config.component.public.passkeyDelete, {\n passkeyId,\n });\n return { ok: true as const, passkeyId };\n },\n listTotps: async (ctx: ComponentReadCtx, opts: { userId: string }) => {\n return await ctx.runQuery(config.component.public.totpListByUserId, opts);\n },\n deleteTotp: async (ctx: ComponentCtx, totpId: string) => {\n await ctx.runMutation(config.component.public.totpDelete, { totpId });\n return { ok: true as const, totpId };\n },\n };\n\n const provider = {\n signIn: async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n providerConfig: AuthProviderConfig,\n args: {\n accountId?: GenericId<\"Account\">;\n params?: Record<string, unknown>;\n },\n ) => {\n const result = await signInImpl(\n getEnrichCtx()(ctx),\n materializeProvider(providerConfig),\n args as {\n accountId?: GenericId<\"Account\">;\n params?: Record<string, any>;\n },\n { generateTokens: false, allowExtraProviders: true },\n );\n return result.kind === \"signedIn\"\n ? result.signedIn !== null\n ? {\n userId: result.signedIn.userId,\n sessionId: result.signedIn.sessionId,\n }\n : null\n : null;\n },\n };\n\n const group = {\n create: async (\n ctx: ComponentCtx,\n data: {\n name: string;\n slug?: string;\n type?: string;\n parentGroupId?: string;\n tags?: Array<{ key: string; value: string }>;\n extend?: Record<string, unknown>;\n },\n ): Promise<{ ok: true; groupId: string }> => {\n const groupId = (await ctx.runMutation(\n config.component.public.groupCreate,\n data,\n )) as string;\n return { ok: true, groupId };\n },\n get: async (ctx: ComponentReadCtx, groupId: string) => {\n const c = cache(ctx);\n if (c.groups.has(groupId)) return c.groups.get(groupId);\n const result = await ctx.runQuery(config.component.public.groupGet, {\n groupId,\n });\n c.groups.set(groupId, result);\n return result;\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n slug?: string;\n type?: string;\n parentGroupId?: string;\n name?: string;\n isRoot?: boolean;\n tagsAll?: Array<{ key: string; value: string }>;\n tagsAny?: Array<{ key: string; value: string }>;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"name\" | \"slug\" | \"type\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.groupList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n update: async (\n ctx: ComponentCtx,\n groupId: string,\n data: Record<string, unknown>,\n ) => {\n await ctx.runMutation(config.component.public.groupUpdate, {\n groupId,\n data,\n });\n return { ok: true as const, groupId };\n },\n delete: async (ctx: ComponentCtx, groupId: string) => {\n await ctx.runMutation(config.component.public.groupDelete, { groupId });\n return { ok: true as const, groupId };\n },\n ancestors: async (\n ctx: ComponentReadCtx,\n opts: { groupId: string; maxDepth?: number; includeSelf?: boolean },\n ) => {\n const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));\n const visited = new Set<string>();\n const ancestors: any[] = [];\n let cycleDetected = false;\n let maxDepthReached = false;\n let currentGroupId: string | undefined = opts.groupId;\n let depth = 0;\n let isFirst = true;\n while (currentGroupId !== undefined) {\n if (depth > maxDepth) {\n maxDepthReached = true;\n break;\n }\n if (visited.has(currentGroupId)) {\n cycleDetected = true;\n break;\n }\n visited.add(currentGroupId);\n const doc = await group.get(ctx, currentGroupId);\n if (doc === null) break;\n if (isFirst) {\n isFirst = false;\n if (opts.includeSelf) ancestors.push(doc);\n currentGroupId = doc.parentGroupId;\n depth += 1;\n continue;\n }\n ancestors.push(doc);\n currentGroupId = doc.parentGroupId;\n depth += 1;\n }\n return { ancestors, cycleDetected, maxDepthReached };\n },\n };\n\n const member = {\n create: async (\n ctx: ComponentCtx,\n data: {\n groupId: string;\n userId: string;\n roleIds?: string[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ) => {\n const normalized = normalizeRoleIds(data.roleIds);\n if (!normalized.ok)\n return {\n ok: false as const,\n code: \"INVALID_ROLE_IDS\" as const,\n invalidRoleIds: normalized.invalidRoleIds,\n };\n const memberId = (await ctx.runMutation(\n config.component.public.memberAdd,\n { ...data, roleIds: normalized.roleIds },\n )) as string;\n return { ok: true as const, memberId };\n },\n get: async (ctx: ComponentReadCtx, memberId: string) => {\n return await ctx.runQuery(config.component.public.memberGet, {\n memberId,\n });\n },\n getByUserAndGroup: async (\n ctx: ComponentReadCtx,\n opts: { userId: string; groupId: string },\n ) => {\n return await ctx.runQuery(\n config.component.public.memberGetByGroupAndUser,\n opts,\n );\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: string;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.memberList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n delete: async (ctx: ComponentCtx, memberId: string) => {\n await ctx.runMutation(config.component.public.memberRemove, { memberId });\n return { ok: true as const, memberId };\n },\n update: async (\n ctx: ComponentCtx,\n memberId: string,\n data: Record<string, unknown>,\n ) => {\n const nextData = { ...data };\n if (\"roleIds\" in nextData) {\n const normalized = normalizeRoleIds(\n Array.isArray(nextData.roleIds)\n ? (nextData.roleIds as string[])\n : undefined,\n );\n if (!normalized.ok)\n return {\n ok: false as const,\n code: \"INVALID_ROLE_IDS\" as const,\n invalidRoleIds: normalized.invalidRoleIds,\n };\n nextData.roleIds = normalized.roleIds;\n }\n await ctx.runMutation(config.component.public.memberUpdate, {\n memberId,\n data: nextData,\n });\n return { ok: true as const, memberId };\n },\n resolve: async (\n ctx: ComponentReadCtx,\n opts: {\n userId: string;\n groupId: string;\n roleIds?: string[];\n grants?: string[];\n maxDepth?: number;\n },\n ) => {\n const normalized = normalizeRoleIds(opts.roleIds);\n if (!normalized.ok)\n return {\n ok: false as const,\n code: \"INVALID_ROLE_IDS\" as const,\n invalidRoleIds: normalized.invalidRoleIds,\n };\n const requestedRoleIds = normalized.roleIds;\n const roleFilter =\n requestedRoleIds.length > 0 ? new Set(requestedRoleIds) : null;\n const requiredGrants = Array.from(new Set(opts.grants ?? []));\n const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));\n\n // Single cross-component RPC — hierarchy walk happens inside the component\n const result = await ctx.runQuery(config.component.public.memberResolve, {\n userId: opts.userId,\n groupId: opts.groupId,\n maxDepth,\n ancestry: true,\n });\n\n const traversedGroupIds = result.traversedGroupIds ?? [];\n\n if (result.membership === null) {\n return {\n requestedGroupId: opts.groupId,\n matchedGroupId: null,\n membership: null,\n roleIds: [] as string[],\n grants: [] as string[],\n missingGrants: requiredGrants,\n depth: null,\n isDirect: false,\n isInherited: false,\n traversedGroupIds,\n cycleDetected: false,\n maxDepthReached: false,\n };\n }\n\n // Grant resolution uses app-defined roles — stays server-side\n const membershipRoleIds = (result.membership as any).roleIds ?? [];\n const membershipGrants = resolveGrantedPermissions(membershipRoleIds);\n\n // Check role filter\n if (\n roleFilter !== null &&\n !membershipRoleIds.some((roleId: string) => roleFilter.has(roleId))\n ) {\n return {\n requestedGroupId: opts.groupId,\n matchedGroupId: null,\n membership: null,\n roleIds: [] as string[],\n grants: [] as string[],\n missingGrants: requiredGrants,\n depth: null,\n isDirect: false,\n isInherited: false,\n traversedGroupIds,\n cycleDetected: false,\n maxDepthReached: false,\n };\n }\n\n // Check required grants\n const missingGrants = requiredGrants.filter(\n (grant) => !membershipGrants.includes(grant),\n );\n if (missingGrants.length > 0) {\n return {\n requestedGroupId: opts.groupId,\n matchedGroupId: result.matchedGroupId,\n membership: result.membership,\n roleIds: membershipRoleIds,\n grants: membershipGrants,\n missingGrants,\n depth: result.depth,\n isDirect: result.isDirect,\n isInherited: result.isInherited,\n traversedGroupIds,\n cycleDetected: false,\n maxDepthReached: false,\n };\n }\n\n return {\n requestedGroupId: opts.groupId,\n matchedGroupId: result.matchedGroupId,\n membership: result.membership,\n roleIds: membershipRoleIds,\n grants: membershipGrants,\n missingGrants: [] as string[],\n depth: result.depth,\n isDirect: result.isDirect,\n isInherited: result.isInherited,\n traversedGroupIds,\n cycleDetected: false,\n maxDepthReached: false,\n };\n },\n };\n\n const access = {\n check: async (\n ctx: ComponentReadCtx,\n opts: {\n userId: string;\n groupId: string;\n grants: string[];\n maxDepth?: number;\n },\n ) => {\n const requiredGrants = Array.from(new Set(opts.grants));\n const result = await member.resolve(ctx, {\n userId: opts.userId,\n groupId: opts.groupId,\n grants: requiredGrants,\n maxDepth: opts.maxDepth,\n });\n if (\"code\" in result && result.code === \"INVALID_ROLE_IDS\") {\n return {\n ok: false,\n membership: null,\n matchedGroupId: null,\n roleIds: [] as string[],\n grants: [] as string[],\n missingGrants: requiredGrants,\n isDirect: false,\n isInherited: false,\n depth: null,\n };\n }\n const missingGrants = requiredGrants.filter(\n (grant) => !result.grants.includes(grant),\n );\n return {\n ok: result.membership !== null && missingGrants.length === 0,\n membership: result.membership,\n matchedGroupId: result.matchedGroupId,\n roleIds: result.roleIds,\n grants: result.grants,\n missingGrants,\n isDirect: result.isDirect,\n isInherited: result.isInherited,\n depth: result.depth,\n };\n },\n };\n\n const invite = {\n create: async (\n ctx: ComponentCtx,\n data: {\n groupId?: string;\n invitedByUserId?: string;\n email?: string;\n roleIds?: string[];\n expiresTime?: number;\n extend?: Record<string, unknown>;\n },\n ) => {\n const normalized = normalizeRoleIds(data.roleIds);\n if (!normalized.ok)\n return {\n ok: false as const,\n code: \"INVALID_ROLE_IDS\" as const,\n invalidRoleIds: normalized.invalidRoleIds,\n };\n const token = generateRandomString(\n inviteTokenLength,\n inviteTokenAlphabet,\n );\n const tokenHash = await sha256(token);\n const inviteId = (await ctx.runMutation(\n config.component.public.inviteCreate,\n { ...data, roleIds: normalized.roleIds, tokenHash, status: \"pending\" },\n )) as string;\n return { ok: true as const, inviteId, token };\n },\n get: async (ctx: ComponentReadCtx, inviteId: string) => {\n return await ctx.runQuery(config.component.public.inviteGet, {\n inviteId,\n });\n },\n token: {\n get: async (ctx: ComponentReadCtx, token: string) => {\n const tokenHash = await sha256(token);\n return await ctx.runQuery(\n config.component.public.inviteGetByTokenHash,\n { tokenHash },\n );\n },\n accept: async (\n ctx: ComponentCtx,\n args: { token: string; acceptedByUserId: string },\n ) => {\n const tokenHash = await sha256(args.token);\n const result = await ctx.runMutation(\n config.component.public.inviteAcceptByToken,\n { tokenHash, acceptedByUserId: args.acceptedByUserId },\n );\n return { ok: true as const, ...result };\n },\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n tokenHash?: string;\n groupId?: string;\n status?: \"pending\" | \"accepted\" | \"revoked\" | \"expired\";\n email?: string;\n invitedByUserId?: string;\n roleId?: string;\n acceptedByUserId?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?:\n | \"_creationTime\"\n | \"status\"\n | \"email\"\n | \"expiresTime\"\n | \"acceptedTime\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.inviteList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n accept: async (\n ctx: ComponentCtx,\n inviteId: string,\n acceptedByUserId?: string,\n ) => {\n await ctx.runMutation(config.component.public.inviteAccept, {\n inviteId,\n ...(acceptedByUserId ? { acceptedByUserId } : {}),\n });\n return {\n ok: true as const,\n inviteId,\n acceptedByUserId: acceptedByUserId ?? null,\n };\n },\n revoke: async (ctx: ComponentCtx, inviteId: string) => {\n await ctx.runMutation(config.component.public.inviteRevoke, { inviteId });\n return { ok: true as const, inviteId };\n },\n };\n\n const key = {\n create: async (\n ctx: ComponentCtx,\n opts: {\n userId: string;\n name: string;\n scopes: KeyScope[];\n rateLimit?: { maxRequests: number; windowMs: number };\n expiresAt?: number;\n metadata?: Record<string, unknown>;\n },\n ): Promise<{ ok: true; keyId: string; secret: string }> => {\n const { raw, hashedKey, displayPrefix } = await generateApiKey(\"sk_\");\n const keyId = (await ctx.runMutation(config.component.public.keyInsert, {\n userId: opts.userId,\n prefix: displayPrefix,\n hashedKey,\n name: opts.name,\n scopes: opts.scopes,\n rateLimit: opts.rateLimit,\n expiresAt: opts.expiresAt,\n metadata: opts.metadata,\n })) as string;\n return { ok: true, keyId, secret: raw };\n },\n verify: async (\n ctx: ComponentCtx,\n rawKey: string,\n ): Promise<\n | { ok: true; userId: string; keyId: string; scopes: ScopeChecker }\n | {\n ok: false;\n code:\n | \"INVALID_API_KEY\"\n | \"API_KEY_REVOKED\"\n | \"API_KEY_EXPIRED\"\n | \"API_KEY_RATE_LIMITED\";\n }\n > => {\n const hashedKey = await hashApiKey(rawKey);\n const doc = (await ctx.runQuery(\n config.component.public.keyGetByHashedKey,\n { hashedKey },\n )) as KeyDoc | null;\n if (!doc) {\n return { ok: false as const, code: \"INVALID_API_KEY\" as const };\n }\n const k = doc;\n if (k.revoked) {\n return { ok: false as const, code: \"API_KEY_REVOKED\" as const };\n }\n if (k.expiresAt && k.expiresAt < Date.now()) {\n return { ok: false as const, code: \"API_KEY_EXPIRED\" as const };\n }\n const patchData: Record<string, unknown> = { lastUsedAt: Date.now() };\n if (k.rateLimit) {\n const { limited, newState } = checkKeyRateLimit(\n k.rateLimit,\n k.rateLimitState ?? undefined,\n );\n if (limited) {\n return { ok: false as const, code: \"API_KEY_RATE_LIMITED\" as const };\n }\n patchData.rateLimitState = newState;\n }\n await ctx.runMutation(config.component.public.keyPatch, {\n keyId: k._id,\n data: patchData,\n });\n return {\n ok: true as const,\n userId: k.userId,\n keyId: k._id,\n scopes: buildScopeChecker(k.scopes),\n };\n },\n list: async (\n ctx: ComponentReadCtx,\n opts?: {\n where?: {\n userId?: string;\n revoked?: boolean;\n name?: string;\n prefix?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?:\n | \"_creationTime\"\n | \"name\"\n | \"lastUsedAt\"\n | \"expiresAt\"\n | \"revoked\";\n order?: \"asc\" | \"desc\";\n },\n ) => {\n return await ctx.runQuery(config.component.public.keyList, {\n where: opts?.where,\n limit: opts?.limit,\n cursor: opts?.cursor,\n orderBy: opts?.orderBy,\n order: opts?.order,\n });\n },\n get: async (\n ctx: ComponentReadCtx,\n keyId: string,\n ): Promise<KeyDoc | null> => {\n return (await ctx.runQuery(config.component.public.keyGetById, {\n keyId,\n })) as KeyDoc | null;\n },\n update: async (\n ctx: ComponentCtx,\n keyId: string,\n data: {\n name?: string;\n scopes?: KeyScope[];\n rateLimit?: { maxRequests: number; windowMs: number };\n },\n ) => {\n await ctx.runMutation(config.component.public.keyPatch, { keyId, data });\n return { ok: true as const, keyId };\n },\n revoke: async (ctx: ComponentCtx, keyId: string) => {\n await ctx.runMutation(config.component.public.keyPatch, {\n keyId,\n data: { revoked: true },\n });\n return { ok: true as const, keyId };\n },\n delete: async (ctx: ComponentCtx, keyId: string) => {\n await ctx.runMutation(config.component.public.keyDelete, { keyId });\n return { ok: true as const, keyId };\n },\n rotate: async (\n ctx: ComponentCtx,\n keyId: string,\n opts?: { name?: string; expiresAt?: number },\n ): Promise<\n | { ok: true; keyId: string; secret: string }\n | { ok: false; code: \"INVALID_PARAMETERS\" | \"API_KEY_REVOKED\" }\n > => {\n const existing = await ctx.runQuery(config.component.public.keyGetById, {\n keyId,\n });\n if (!existing) {\n return { ok: false as const, code: \"INVALID_PARAMETERS\" as const };\n }\n if ((existing as any).revoked === true) {\n return { ok: false as const, code: \"API_KEY_REVOKED\" as const };\n }\n await ctx.runMutation(config.component.public.keyPatch, {\n keyId,\n data: { revoked: true },\n });\n return await key.create(ctx, {\n userId: (existing as any).userId,\n name: opts?.name ?? (existing as any).name,\n scopes: (existing as any).scopes ?? [],\n rateLimit: (existing as any).rateLimit,\n expiresAt: opts?.expiresAt,\n metadata: (existing as any).metadata,\n });\n },\n };\n\n return {\n user,\n session,\n account,\n provider,\n group,\n member,\n access,\n invite,\n key,\n };\n}\n"],"mappings":";;;;;;;;;AA0EA,SAAgB,kBAAkB,MAAgB;CAChD,MAAM,EACJ,QACA,SACA,wBACA,kCACA,oCACA,mBACA,cACA,qBACA,sBACE;CAEJ,MAAM,kBAAkB,OAAO,cAAc;CAK7C,MAAM,qBAAqB,WAAmB;AAC5C,SAAO,gBAAgB,WAAW;;CAGpC,MAAM,oBACJ,YAG6C;EAC7C,MAAM,aAAa,MAAM,KAAK,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;EACrD,MAAM,UAAU,WAAW,QAAQ,OAAO,kBAAkB,GAAG,KAAK,KAAK;AACzE,MAAI,QAAQ,SAAS,EACnB,QAAO;GAAE,IAAI;GAAO,gBAAgB;GAAS;AAE/C,SAAO;GAAE,IAAI;GAAM,SAAS;GAAY;;CAG1C,MAAM,6BAA6B,YAAuB;EACxD,MAAM,yBAAS,IAAI,KAAa;AAChC,OAAK,MAAM,UAAU,WAAW,EAAE,EAAE;GAClC,MAAM,OAAO,kBAAkB,OAAO;AACtC,OAAI,SAAS,KAAM;AACnB,QAAK,MAAM,SAAS,KAAK,OACvB,QAAO,IAAI,MAAM;;AAGrB,SAAO,MAAM,KAAK,OAAO,CAAC,MAAM;;CASlC,MAAM,aAAa,OAAO,oBAAoB;CAC9C,SAAS,MAAM,KAAoB;AACjC,MAAI,CAAC,IAAI,YACP,KAAI,cAAc;GAChB,uBAAO,IAAI,KAAK;GAChB,wBAAQ,IAAI,KAAK;GAClB;AAEH,SAAO,IAAI;;CAGb,MAAM,OAAO;EACX,IAAI,OACF,KACA,YAC2B;GAC3B,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,OAAI,aAAa,MAAM;IACrB,MAAM,CAAC,UAAU,SAAS,QAAQ,MAAM,wBAAwB;AAChE,WAAO;;AAET,OAAI,YAAY,UAAa,iBAAiB,OAAO,IAAI,aAAa;IACpE,MAAM,aAAa,QAAQ,QAAQ,IAAI,gBAAgB;AACvD,QAAI,YAAY,WAAW,aAAa,EAAE;KACxC,MAAM,SAAS,WAAW,MAAM,EAAE;KAClC,MAAM,SAAS,MAAM,SAAS,CAAC,IAAI,OACjC,KACA,OACD;AACD,SAAI,OAAO,GACT,QAAO,OAAO;AAEhB,YAAO;;;AAGX,UAAO;;EAET,KAAK,OAAO,KAAuB,WAAmB;GACpD,MAAM,IAAI,MAAM,IAAI;AACpB,OAAI,EAAE,MAAM,IAAI,OAAO,CAAE,QAAO,EAAE,MAAM,IAAI,OAAO;GACnD,MAAM,SAAS,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,aAAa,EACrE,QACD,CAAC;AACF,KAAE,MAAM,IAAI,QAAQ,OAAO;AAC3B,UAAO;;EAET,MAAM,OACJ,KACA,OAMI,EAAE,KACH;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,UAAU,KAAK;;EAEnE,QAAQ,OAAO,QAA8B;GAC3C,MAAM,SAAS,MAAM,KAAK,GAAG,IAAI;AACjC,OAAI,WAAW,KAAM,QAAO;AAC5B,UAAO,MAAM,KAAK,IAAI,KAAK,OAAO;;EAEpC,QAAQ,OACN,KACA,QACA,SACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW;IACvD;IACA;IACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAQ;;EAEtC,gBAAgB,OACd,KACA,SACG;GACH,MAAM,MAAM,MAAM,KAAK,IAAI,KAAK,KAAK,OAAO;GAC5C,MAAM,iBACJ,QAAQ,QACR,IAAI,WAAW,QACf,OAAO,IAAI,WAAW,YACtB,CAAC,MAAM,QAAQ,IAAI,OAAO,GACtB,EAAE,GAAI,IAAI,QAAoC,GAC9C,EAAE;AACR,OAAI,KAAK,YAAY,MAAM;IACzB,MAAM,EAAE,iBAAiB,OAAO,GAAG,SAAS;AAC5C,UAAM,KAAK,OAAO,KAAK,KAAK,QAAQ,EAAE,QAAQ,MAAM,CAAC;AACrD,WAAO;KAAE,IAAI;KAAe,QAAQ,KAAK;KAAQ,SAAS;KAAM;;AAElE,SAAM,KAAK,OAAO,KAAK,KAAK,QAAQ,EAClC,QAAQ;IAAE,GAAG;IAAgB,iBAAiB,KAAK;IAAS,EAC7D,CAAC;AACF,UAAO;IAAE,IAAI;IAAe,QAAQ,KAAK;IAAQ,SAAS,KAAK;IAAS;;EAE1E,gBAAgB,OACd,KACA,SAC2B;GAC3B,MAAM,MAAM,MAAM,KAAK,IAAI,KAAK,KAAK,OAAO;AAC5C,OACE,QAAQ,QACR,IAAI,WAAW,QACf,OAAO,IAAI,WAAW,YACtB,CAAC,MAAM,QAAQ,IAAI,OAAO,EAC1B;IACA,MAAM,MAAO,IAAI,OAAmC;AACpD,QAAI,OAAO,QAAQ,SAAU,QAAO;;AAEtC,UAAO;;EAET,QAAQ,OACN,KACA,QACA,SACG;GACH,MAAM,UAAU,MAAM,YAAY;GAClC,MAAM,CAAC,UAAU,UAAU,MAAM,SAAS,UAAU,SAClD,MAAM,QAAQ,IAAI;IAChB,IAAI,SAAS,OAAO,UAAU,OAAO,mBAAmB,EACtD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,mBAAmB,EACtD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,iBAAiB,EACpD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,kBAAkB,EACrD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,qBAAqB,EACxD,QACD,CAAC;IACF,IAAI,SAAS,OAAO,UAAU,OAAO,kBAAkB,EACrD,QACD,CAAC;IACH,CAAC;GACJ,MAAM,cACJ,SAAS,SACT,SAAS,SACT,KAAK,SACL,QAAQ,SACR,SAAS,SACT,MAAM;AACR,OAAI,CAAC,WAAW,cAAc,EAC5B,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA+B;GAEpE,MAAM,YAAgC,EAAE;AACxC,QAAK,MAAM,KAAK,SACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EACrD,WAAW,EAAE,KACd,CAAC,CACH;AACH,QAAK,MAAM,KAAK,SACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EACrD,WAAW,EAAE,KACd,CAAC,CACH;AACH,QAAK,MAAM,KAAK,KACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CACrE;AACH,QAAK,MAAM,KAAK,QACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc,EACpD,UAAU,EAAE,KACb,CAAC,CACH;AACH,QAAK,MAAM,KAAK,SACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EACrD,WAAW,EAAE,KACd,CAAC,CACH;AACH,QAAK,MAAM,KAAK,MACd,WAAU,KACR,IAAI,YAAY,OAAO,UAAU,OAAO,YAAY,EAClD,QAAQ,EAAE,KACX,CAAC,CACH;AACH,SAAM,QAAQ,IAAI,UAAU;AAC5B,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,YAAY,EAAE,QAAQ,CAAC;AACrE,UAAO;IAAE,IAAI;IAAe;IAAQ;;EAEvC;CAED,MAAM,UAAU;EACd,SAAS,OAAO,QAAwB;GACtC,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,OAAI,aAAa,KAAM,QAAO;GAC9B,MAAM,GAAG,aAAa,SAAS,QAAQ,MAAM,wBAAwB;AACrE,UAAO;;EAET,YAAY,OACV,KACA,SACG;AACH,SAAM,uBAAuB,KAAK,KAAK;AACvC,UAAO;IACL,IAAI;IACJ,QAAQ,KAAK;IACb,QAAQ,KAAK,UAAU,EAAE;IAC1B;;EAEH,KAAK,OAAO,KAAuB,cAAsB;AACvD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,gBAAgB,EAChE,WACD,CAAC;;EAEJ,MAAM,OAAO,KAAuB,SAA6B;AAC/D,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,mBAAmB,EACnE,QAAQ,KAAK,QACd,CAAC;;EAEL;CAED,MAAM,UAAU;EACd,QAAQ,OACN,KACA,SACG;AAEH,UAAO;IAAE,IAAI;IAAe,GADZ,MAAM,iCAAiC,KAAK,KAAK;IACzB;;EAE1C,KAAK,OACH,KACA,SACG;GACH,MAAM,SAAS,MAAM,mCAAmC,KAAK,KAAK;AAClE,OAAI,OAAO,WAAW,SACpB,QAAO;AAET,UAAO;;EAET,QAAQ,OACN,KACA,SACG;AACH,SAAM,kBAAkB,KAAK,KAAK;AAClC,UAAO;IAAE,IAAI;IAAe,WAAW,KAAK,QAAQ;IAAI;;EAE1D,QAAQ,OAAO,KAAmB,cAAsB;GACtD,MAAM,MAAM,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,gBAAgB,EACrE,WACD,CAAC;AACF,OAAI,QAAQ,KACV,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA8B;AAMnE,QAJqB,MAAM,IAAI,SAC7B,OAAO,UAAU,OAAO,mBACxB,EAAE,QAAS,IAAY,QAAQ,CAChC,EACe,UAAU,EACxB,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA+B;AAEpE,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EAC3D,WACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAW;;EAEzC,cAAc,OAAO,KAAuB,SAA6B;AACvE,UAAO,MAAM,IAAI,SACf,OAAO,UAAU,OAAO,qBACxB,KACD;;EAEH,eAAe,OACb,KACA,WACA,SACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,mBAAmB;IAC/D;IACA,MAAM,EAAE,MAAM;IACf,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAW;;EAEzC,eAAe,OAAO,KAAmB,cAAsB;AAC7D,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,eAAe,EAC3D,WACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAW;;EAEzC,WAAW,OAAO,KAAuB,SAA6B;AACpE,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,kBAAkB,KAAK;;EAE3E,YAAY,OAAO,KAAmB,WAAmB;AACvD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,YAAY,EAAE,QAAQ,CAAC;AACrE,UAAO;IAAE,IAAI;IAAe;IAAQ;;EAEvC;CAED,MAAM,WAAW,EACf,QAAQ,OACN,KACA,gBACA,SAIG;EACH,MAAM,SAAS,MAAM,WACnB,cAAc,CAAC,IAAI,EACnB,oBAAoB,eAAe,EACnC,MAIA;GAAE,gBAAgB;GAAO,qBAAqB;GAAM,CACrD;AACD,SAAO,OAAO,SAAS,aACnB,OAAO,aAAa,OAClB;GACE,QAAQ,OAAO,SAAS;GACxB,WAAW,OAAO,SAAS;GAC5B,GACD,OACF;IAEP;CAED,MAAM,QAAQ;EACZ,QAAQ,OACN,KACA,SAQ2C;AAK3C,UAAO;IAAE,IAAI;IAAM,SAJF,MAAM,IAAI,YACzB,OAAO,UAAU,OAAO,aACxB,KACD;IAC2B;;EAE9B,KAAK,OAAO,KAAuB,YAAoB;GACrD,MAAM,IAAI,MAAM,IAAI;AACpB,OAAI,EAAE,OAAO,IAAI,QAAQ,CAAE,QAAO,EAAE,OAAO,IAAI,QAAQ;GACvD,MAAM,SAAS,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,UAAU,EAClE,SACD,CAAC;AACF,KAAE,OAAO,IAAI,SAAS,OAAO;AAC7B,UAAO;;EAET,MAAM,OACJ,KACA,SAeG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,WAAW;IAC3D,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,QAAQ,OACN,KACA,SACA,SACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,aAAa;IACzD;IACA;IACD,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAS;;EAEvC,QAAQ,OAAO,KAAmB,YAAoB;AACpD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,aAAa,EAAE,SAAS,CAAC;AACvE,UAAO;IAAE,IAAI;IAAe;IAAS;;EAEvC,WAAW,OACT,KACA,SACG;GACH,MAAM,WAAW,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,GAAG,CAAC;GAC7D,MAAM,0BAAU,IAAI,KAAa;GACjC,MAAM,YAAmB,EAAE;GAC3B,IAAI,gBAAgB;GACpB,IAAI,kBAAkB;GACtB,IAAI,iBAAqC,KAAK;GAC9C,IAAI,QAAQ;GACZ,IAAI,UAAU;AACd,UAAO,mBAAmB,QAAW;AACnC,QAAI,QAAQ,UAAU;AACpB,uBAAkB;AAClB;;AAEF,QAAI,QAAQ,IAAI,eAAe,EAAE;AAC/B,qBAAgB;AAChB;;AAEF,YAAQ,IAAI,eAAe;IAC3B,MAAM,MAAM,MAAM,MAAM,IAAI,KAAK,eAAe;AAChD,QAAI,QAAQ,KAAM;AAClB,QAAI,SAAS;AACX,eAAU;AACV,SAAI,KAAK,YAAa,WAAU,KAAK,IAAI;AACzC,sBAAiB,IAAI;AACrB,cAAS;AACT;;AAEF,cAAU,KAAK,IAAI;AACnB,qBAAiB,IAAI;AACrB,aAAS;;AAEX,UAAO;IAAE;IAAW;IAAe;IAAiB;;EAEvD;CAED,MAAM,SAAS;EACb,QAAQ,OACN,KACA,SAOG;GACH,MAAM,aAAa,iBAAiB,KAAK,QAAQ;AACjD,OAAI,CAAC,WAAW,GACd,QAAO;IACL,IAAI;IACJ,MAAM;IACN,gBAAgB,WAAW;IAC5B;AAKH,UAAO;IAAE,IAAI;IAAe,UAJV,MAAM,IAAI,YAC1B,OAAO,UAAU,OAAO,WACxB;KAAE,GAAG;KAAM,SAAS,WAAW;KAAS,CACzC;IACqC;;EAExC,KAAK,OAAO,KAAuB,aAAqB;AACtD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,WAAW,EAC3D,UACD,CAAC;;EAEJ,mBAAmB,OACjB,KACA,SACG;AACH,UAAO,MAAM,IAAI,SACf,OAAO,UAAU,OAAO,yBACxB,KACD;;EAEH,MAAM,OACJ,KACA,SAYG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY;IAC5D,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,QAAQ,OAAO,KAAmB,aAAqB;AACrD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc,EAAE,UAAU,CAAC;AACzE,UAAO;IAAE,IAAI;IAAe;IAAU;;EAExC,QAAQ,OACN,KACA,UACA,SACG;GACH,MAAM,WAAW,EAAE,GAAG,MAAM;AAC5B,OAAI,aAAa,UAAU;IACzB,MAAM,aAAa,iBACjB,MAAM,QAAQ,SAAS,QAAQ,GAC1B,SAAS,UACV,OACL;AACD,QAAI,CAAC,WAAW,GACd,QAAO;KACL,IAAI;KACJ,MAAM;KACN,gBAAgB,WAAW;KAC5B;AACH,aAAS,UAAU,WAAW;;AAEhC,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc;IAC1D;IACA,MAAM;IACP,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAU;;EAExC,SAAS,OACP,KACA,SAOG;GACH,MAAM,aAAa,iBAAiB,KAAK,QAAQ;AACjD,OAAI,CAAC,WAAW,GACd,QAAO;IACL,IAAI;IACJ,MAAM;IACN,gBAAgB,WAAW;IAC5B;GACH,MAAM,mBAAmB,WAAW;GACpC,MAAM,aACJ,iBAAiB,SAAS,IAAI,IAAI,IAAI,iBAAiB,GAAG;GAC5D,MAAM,iBAAiB,MAAM,KAAK,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC,CAAC;GAC7D,MAAM,WAAW,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,GAAG,CAAC;GAG7D,MAAM,SAAS,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,eAAe;IACvE,QAAQ,KAAK;IACb,SAAS,KAAK;IACd;IACA,UAAU;IACX,CAAC;GAEF,MAAM,oBAAoB,OAAO,qBAAqB,EAAE;AAExD,OAAI,OAAO,eAAe,KACxB,QAAO;IACL,kBAAkB,KAAK;IACvB,gBAAgB;IAChB,YAAY;IACZ,SAAS,EAAE;IACX,QAAQ,EAAE;IACV,eAAe;IACf,OAAO;IACP,UAAU;IACV,aAAa;IACb;IACA,eAAe;IACf,iBAAiB;IAClB;GAIH,MAAM,oBAAqB,OAAO,WAAmB,WAAW,EAAE;GAClE,MAAM,mBAAmB,0BAA0B,kBAAkB;AAGrE,OACE,eAAe,QACf,CAAC,kBAAkB,MAAM,WAAmB,WAAW,IAAI,OAAO,CAAC,CAEnE,QAAO;IACL,kBAAkB,KAAK;IACvB,gBAAgB;IAChB,YAAY;IACZ,SAAS,EAAE;IACX,QAAQ,EAAE;IACV,eAAe;IACf,OAAO;IACP,UAAU;IACV,aAAa;IACb;IACA,eAAe;IACf,iBAAiB;IAClB;GAIH,MAAM,gBAAgB,eAAe,QAClC,UAAU,CAAC,iBAAiB,SAAS,MAAM,CAC7C;AACD,OAAI,cAAc,SAAS,EACzB,QAAO;IACL,kBAAkB,KAAK;IACvB,gBAAgB,OAAO;IACvB,YAAY,OAAO;IACnB,SAAS;IACT,QAAQ;IACR;IACA,OAAO,OAAO;IACd,UAAU,OAAO;IACjB,aAAa,OAAO;IACpB;IACA,eAAe;IACf,iBAAiB;IAClB;AAGH,UAAO;IACL,kBAAkB,KAAK;IACvB,gBAAgB,OAAO;IACvB,YAAY,OAAO;IACnB,SAAS;IACT,QAAQ;IACR,eAAe,EAAE;IACjB,OAAO,OAAO;IACd,UAAU,OAAO;IACjB,aAAa,OAAO;IACpB;IACA,eAAe;IACf,iBAAiB;IAClB;;EAEJ;CAED,MAAM,SAAS,EACb,OAAO,OACL,KACA,SAMG;EACH,MAAM,iBAAiB,MAAM,KAAK,IAAI,IAAI,KAAK,OAAO,CAAC;EACvD,MAAM,SAAS,MAAM,OAAO,QAAQ,KAAK;GACvC,QAAQ,KAAK;GACb,SAAS,KAAK;GACd,QAAQ;GACR,UAAU,KAAK;GAChB,CAAC;AACF,MAAI,UAAU,UAAU,OAAO,SAAS,mBACtC,QAAO;GACL,IAAI;GACJ,YAAY;GACZ,gBAAgB;GAChB,SAAS,EAAE;GACX,QAAQ,EAAE;GACV,eAAe;GACf,UAAU;GACV,aAAa;GACb,OAAO;GACR;EAEH,MAAM,gBAAgB,eAAe,QAClC,UAAU,CAAC,OAAO,OAAO,SAAS,MAAM,CAC1C;AACD,SAAO;GACL,IAAI,OAAO,eAAe,QAAQ,cAAc,WAAW;GAC3D,YAAY,OAAO;GACnB,gBAAgB,OAAO;GACvB,SAAS,OAAO;GAChB,QAAQ,OAAO;GACf;GACA,UAAU,OAAO;GACjB,aAAa,OAAO;GACpB,OAAO,OAAO;GACf;IAEJ;CAED,MAAM,SAAS;EACb,QAAQ,OACN,KACA,SAQG;GACH,MAAM,aAAa,iBAAiB,KAAK,QAAQ;AACjD,OAAI,CAAC,WAAW,GACd,QAAO;IACL,IAAI;IACJ,MAAM;IACN,gBAAgB,WAAW;IAC5B;GACH,MAAM,QAAQ,qBACZ,mBACA,oBACD;GACD,MAAM,YAAY,MAAM,OAAO,MAAM;AAKrC,UAAO;IAAE,IAAI;IAAe,UAJV,MAAM,IAAI,YAC1B,OAAO,UAAU,OAAO,cACxB;KAAE,GAAG;KAAM,SAAS,WAAW;KAAS;KAAW,QAAQ;KAAW,CACvE;IACqC;IAAO;;EAE/C,KAAK,OAAO,KAAuB,aAAqB;AACtD,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,WAAW,EAC3D,UACD,CAAC;;EAEJ,OAAO;GACL,KAAK,OAAO,KAAuB,UAAkB;IACnD,MAAM,YAAY,MAAM,OAAO,MAAM;AACrC,WAAO,MAAM,IAAI,SACf,OAAO,UAAU,OAAO,sBACxB,EAAE,WAAW,CACd;;GAEH,QAAQ,OACN,KACA,SACG;IACH,MAAM,YAAY,MAAM,OAAO,KAAK,MAAM;AAK1C,WAAO;KAAE,IAAI;KAAe,GAJb,MAAM,IAAI,YACvB,OAAO,UAAU,OAAO,qBACxB;MAAE;MAAW,kBAAkB,KAAK;MAAkB,CACvD;KACsC;;GAE1C;EACD,MAAM,OACJ,KACA,SAoBG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY;IAC5D,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,QAAQ,OACN,KACA,UACA,qBACG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc;IAC1D;IACA,GAAI,mBAAmB,EAAE,kBAAkB,GAAG,EAAE;IACjD,CAAC;AACF,UAAO;IACL,IAAI;IACJ;IACA,kBAAkB,oBAAoB;IACvC;;EAEH,QAAQ,OAAO,KAAmB,aAAqB;AACrD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,cAAc,EAAE,UAAU,CAAC;AACzE,UAAO;IAAE,IAAI;IAAe;IAAU;;EAEzC;CAED,MAAM,MAAM;EACV,QAAQ,OACN,KACA,SAQyD;GACzD,MAAM,EAAE,KAAK,WAAW,kBAAkB,MAAM,eAAe,MAAM;AAWrE,UAAO;IAAE,IAAI;IAAM,OAVJ,MAAM,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW;KACtE,QAAQ,KAAK;KACb,QAAQ;KACR;KACA,MAAM,KAAK;KACX,QAAQ,KAAK;KACb,WAAW,KAAK;KAChB,WAAW,KAAK;KAChB,UAAU,KAAK;KAChB,CAAC;IACwB,QAAQ;IAAK;;EAEzC,QAAQ,OACN,KACA,WAWG;GACH,MAAM,YAAY,MAAM,WAAW,OAAO;GAC1C,MAAM,MAAO,MAAM,IAAI,SACrB,OAAO,UAAU,OAAO,mBACxB,EAAE,WAAW,CACd;AACD,OAAI,CAAC,IACH,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA4B;GAEjE,MAAM,IAAI;AACV,OAAI,EAAE,QACJ,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA4B;AAEjE,OAAI,EAAE,aAAa,EAAE,YAAY,KAAK,KAAK,CACzC,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA4B;GAEjE,MAAM,YAAqC,EAAE,YAAY,KAAK,KAAK,EAAE;AACrE,OAAI,EAAE,WAAW;IACf,MAAM,EAAE,SAAS,aAAa,kBAC5B,EAAE,WACF,EAAE,kBAAkB,OACrB;AACD,QAAI,QACF,QAAO;KAAE,IAAI;KAAgB,MAAM;KAAiC;AAEtE,cAAU,iBAAiB;;AAE7B,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IACtD,OAAO,EAAE;IACT,MAAM;IACP,CAAC;AACF,UAAO;IACL,IAAI;IACJ,QAAQ,EAAE;IACV,OAAO,EAAE;IACT,QAAQ,kBAAkB,EAAE,OAAO;IACpC;;EAEH,MAAM,OACJ,KACA,SAiBG;AACH,UAAO,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,SAAS;IACzD,OAAO,MAAM;IACb,OAAO,MAAM;IACb,QAAQ,MAAM;IACd,SAAS,MAAM;IACf,OAAO,MAAM;IACd,CAAC;;EAEJ,KAAK,OACH,KACA,UAC2B;AAC3B,UAAQ,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY,EAC7D,OACD,CAAC;;EAEJ,QAAQ,OACN,KACA,OACA,SAKG;AACH,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IAAE;IAAO;IAAM,CAAC;AACxE,UAAO;IAAE,IAAI;IAAe;IAAO;;EAErC,QAAQ,OAAO,KAAmB,UAAkB;AAClD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IACtD;IACA,MAAM,EAAE,SAAS,MAAM;IACxB,CAAC;AACF,UAAO;IAAE,IAAI;IAAe;IAAO;;EAErC,QAAQ,OAAO,KAAmB,UAAkB;AAClD,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,WAAW,EAAE,OAAO,CAAC;AACnE,UAAO;IAAE,IAAI;IAAe;IAAO;;EAErC,QAAQ,OACN,KACA,OACA,SAIG;GACH,MAAM,WAAW,MAAM,IAAI,SAAS,OAAO,UAAU,OAAO,YAAY,EACtE,OACD,CAAC;AACF,OAAI,CAAC,SACH,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA+B;AAEpE,OAAK,SAAiB,YAAY,KAChC,QAAO;IAAE,IAAI;IAAgB,MAAM;IAA4B;AAEjE,SAAM,IAAI,YAAY,OAAO,UAAU,OAAO,UAAU;IACtD;IACA,MAAM,EAAE,SAAS,MAAM;IACxB,CAAC;AACF,UAAO,MAAM,IAAI,OAAO,KAAK;IAC3B,QAAS,SAAiB;IAC1B,MAAM,MAAM,QAAS,SAAiB;IACtC,QAAS,SAAiB,UAAU,EAAE;IACtC,WAAY,SAAiB;IAC7B,WAAW,MAAM;IACjB,UAAW,SAAiB;IAC7B,CAAC;;EAEL;AAED,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD"}
@@ -1,5 +1,5 @@
1
1
  import { CorsConfig, HttpKeyContext } from "./types.js";
2
- import * as convex_server65 from "convex/server";
2
+ import * as convex_server2 from "convex/server";
3
3
  import { GenericActionCtx, GenericDataModel, HttpRouter } from "convex/server";
4
4
 
5
5
  //#region src/server/http.d.ts
@@ -13,7 +13,7 @@ declare function createHttpAction(auth: {
13
13
  action: string;
14
14
  };
15
15
  cors?: CorsConfig;
16
- }) => convex_server65.PublicHttpAction;
16
+ }) => convex_server2.PublicHttpAction;
17
17
  declare function createHttpRoute(wrapAction: ReturnType<typeof createHttpAction>): (http: {
18
18
  route: (config: any) => void;
19
19
  }, routeConfig: {
@@ -1 +1 @@
1
- {"version":3,"file":"http.d.ts","names":[],"sources":["../../src/server/http.ts"],"mappings":";;;;;iBAcgB,gBAAA,CAAiB,IAAA;EAC/B,GAAA;IAAO,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,MAAA,aAAmB,OAAA;EAAA;AAAA,KAG7D,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA,oBACxB,OAAA;EACE,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA,MAAU,eAAA,CAClB,gBAAA;AAAA,iBA2IW,eAAA,CACd,UAAA,EAAY,UAAA,QAAkB,gBAAA,KAG5B,IAAA;EAAQ,KAAA,GAAQ,MAAA;AAAA,GAChB,WAAA;EACE,IAAA;EACA,MAAA;EACA,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA;EACxB,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA;AAAA,iBA+BG,uBAAA,CACd,eAAA,UACA,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,QAAA,KAEpD,GAAA,EAAK,gBAAA,OAAuB,OAAA,EAAS,OAAA,KAAO,OAAA,CAAA,QAAA;AAAA,iBA2C5C,UAAA,CACd,OAAA,EAAS,OAAA,GACR,MAAA;AAAA,KAIS,eAAA;EACV,QAAA;EACA,YAAA;EACA,QAAA;EACA,IAAA;AAAA;AAAA,iBA2Bc,eAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,SAAA;EACA,OAAA;AAAA;AAAA,iBA0CY,aAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,YAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;EACb,cAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;AAAA;AAAA,iBAwBD,YAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,SAAA;EACA,uBAAA,SAAgC,uBAAA;EAChC,kBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,gBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,gBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,kBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,aAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,aAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,iBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;EACb,SAAA,GAAY,MAAA,UAAgB,QAAA,UAAkB,MAAA,aAAmB,QAAA;AAAA"}
1
+ {"version":3,"file":"http.d.ts","names":[],"sources":["../../src/server/http.ts"],"mappings":";;;;;iBAcgB,gBAAA,CAAiB,IAAA;EAC/B,GAAA;IAAO,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,MAAA,aAAmB,OAAA;EAAA;AAAA,KAG7D,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA,oBACxB,OAAA;EACE,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA,MAAU,cAAA,CAClB,gBAAA;AAAA,iBA2IW,eAAA,CACd,UAAA,EAAY,UAAA,QAAkB,gBAAA,KAG5B,IAAA;EAAQ,KAAA,GAAQ,MAAA;AAAA,GAChB,WAAA;EACE,IAAA;EACA,MAAA;EACA,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA;EACxB,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA;AAAA,iBA+BG,uBAAA,CACd,eAAA,UACA,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,QAAA,KAEpD,GAAA,EAAK,gBAAA,OAAuB,OAAA,EAAS,OAAA,KAAO,OAAA,CAAA,QAAA;AAAA,iBA2C5C,UAAA,CACd,OAAA,EAAS,OAAA,GACR,MAAA;AAAA,KAIS,eAAA;EACV,QAAA;EACA,YAAA;EACA,QAAA;EACA,IAAA;AAAA;AAAA,iBA2Bc,eAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,SAAA;EACA,OAAA;AAAA;AAAA,iBA0CY,aAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,YAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;EACb,cAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;AAAA;AAAA,iBAwBD,YAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,SAAA;EACA,uBAAA,SAAgC,uBAAA;EAChC,kBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,gBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,gBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,kBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,aAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,aAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,iBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;EACb,SAAA,GAAY,MAAA,UAAgB,QAAA,UAAkB,MAAA,aAAmB,QAAA;AAAA"}