@robelest/convex-auth 0.0.4-preview.16 → 0.0.4-preview.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/dist/authorization/index.d.ts +17 -0
  2. package/dist/authorization/index.d.ts.map +1 -0
  3. package/dist/authorization/index.js +17 -0
  4. package/dist/authorization/index.js.map +1 -0
  5. package/dist/client/index.js +73 -0
  6. package/dist/client/index.js.map +1 -1
  7. package/dist/component/_generated/component.d.ts +52 -0
  8. package/dist/component/_generated/component.d.ts.map +1 -1
  9. package/dist/component/convex.config.d.ts +2 -2
  10. package/dist/component/convex.config.d.ts.map +1 -1
  11. package/dist/component/index.js +2 -2
  12. package/dist/component/model.d.ts +75 -75
  13. package/dist/component/model.d.ts.map +1 -1
  14. package/dist/component/model.js +2 -0
  15. package/dist/component/model.js.map +1 -1
  16. package/dist/component/public/factors.d.ts.map +1 -1
  17. package/dist/component/public/factors.js +1 -1
  18. package/dist/component/public/factors.js.map +1 -1
  19. package/dist/component/public/groups.d.ts +10 -2
  20. package/dist/component/public/groups.d.ts.map +1 -1
  21. package/dist/component/public/groups.js +92 -8
  22. package/dist/component/public/groups.js.map +1 -1
  23. package/dist/component/public/identity.d.ts.map +1 -1
  24. package/dist/component/public/identity.js +3 -3
  25. package/dist/component/public/identity.js.map +1 -1
  26. package/dist/component/public/shared.d.ts +4 -4
  27. package/dist/component/public/shared.d.ts.map +1 -1
  28. package/dist/component/public.d.ts +3 -3
  29. package/dist/component/public.js +2 -2
  30. package/dist/component/schema.d.ts +13 -2
  31. package/dist/component/schema.js +7 -5
  32. package/dist/component/schema.js.map +1 -1
  33. package/dist/component/server/auth.d.ts +4 -25
  34. package/dist/component/server/auth.d.ts.map +1 -1
  35. package/dist/component/server/auth.js +4 -10
  36. package/dist/component/server/auth.js.map +1 -1
  37. package/dist/component/server/domains/core.js +196 -131
  38. package/dist/component/server/domains/core.js.map +1 -1
  39. package/dist/component/server/factory.d.ts +3 -3
  40. package/dist/component/server/signin.js +20 -1
  41. package/dist/component/server/signin.js.map +1 -1
  42. package/dist/server/auth.d.ts +4 -25
  43. package/dist/server/auth.d.ts.map +1 -1
  44. package/dist/server/auth.js +4 -10
  45. package/dist/server/auth.js.map +1 -1
  46. package/dist/server/domains/core.d.ts +73 -58
  47. package/dist/server/domains/core.d.ts.map +1 -1
  48. package/dist/server/domains/core.js +196 -131
  49. package/dist/server/domains/core.js.map +1 -1
  50. package/dist/server/http.d.ts +2 -2
  51. package/dist/server/http.d.ts.map +1 -1
  52. package/dist/server/index.d.ts +108 -69
  53. package/dist/server/index.d.ts.map +1 -1
  54. package/dist/server/index.js +138 -54
  55. package/dist/server/index.js.map +1 -1
  56. package/dist/server/mutations/code.d.ts +9 -9
  57. package/dist/server/mutations/index.d.ts +69 -69
  58. package/dist/server/mutations/invalidate.d.ts +4 -4
  59. package/dist/server/mutations/invalidate.d.ts.map +1 -1
  60. package/dist/server/mutations/oauth.d.ts +7 -7
  61. package/dist/server/mutations/register.d.ts +9 -9
  62. package/dist/server/mutations/retrieve.d.ts +6 -6
  63. package/dist/server/mutations/retrieve.d.ts.map +1 -1
  64. package/dist/server/mutations/signature.d.ts +4 -4
  65. package/dist/server/mutations/signature.d.ts.map +1 -1
  66. package/dist/server/mutations/signin.d.ts +5 -5
  67. package/dist/server/mutations/signin.d.ts.map +1 -1
  68. package/dist/server/mutations/verify.d.ts +7 -7
  69. package/dist/server/signin.js +20 -1
  70. package/dist/server/signin.js.map +1 -1
  71. package/dist/server/version.d.ts +1 -1
  72. package/dist/server/version.js +1 -1
  73. package/dist/server/version.js.map +1 -1
  74. package/package.json +9 -5
  75. package/src/authorization/index.ts +37 -0
  76. package/src/client/index.ts +122 -0
  77. package/src/component/_generated/component.ts +64 -0
  78. package/src/component/index.ts +1 -1
  79. package/src/component/model.ts +2 -0
  80. package/src/component/public/factors.ts +3 -2
  81. package/src/component/public/groups.ts +142 -8
  82. package/src/component/public/identity.ts +9 -6
  83. package/src/component/schema.ts +14 -2
  84. package/src/server/auth.ts +9 -61
  85. package/src/server/domains/core.ts +235 -210
  86. package/src/server/index.ts +158 -75
  87. package/src/server/signin.ts +52 -0
  88. package/src/server/version.ts +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","names":["AuthFactory"],"sources":["../../src/server/auth.ts"],"sourcesContent":["/**\n * Auth configuration helpers for Convex Auth.\n *\n * @module\n */\n\nimport type { UserIdentity } from \"convex/server\";\nimport type { GenericId } from \"convex/values\";\n\nimport type { AuthApiRefs } from \"../client/index\";\nimport { Auth as AuthFactory } from \"./factory\";\nimport { Fx } from \"./fx\";\nimport { AuthError } from \"./fx\";\nimport type { Doc } from \"./types\";\nimport type {\n AuthAuthorizationConfig,\n AuthGrant,\n AuthProviderConfig,\n AuthRoleDefinition,\n AuthRoleId,\n ConvexAuthConfig,\n HasDeviceProvider,\n HasPasskeyProvider,\n HasSSO,\n HasTotpProvider,\n} from \"./types\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Config for auth setup. Extends the standard auth config\n * minus `component` (which is passed as the first constructor argument).\n */\nexport type AuthConfig = Omit<ConvexAuthConfig, \"component\">;\n\ntype MemberApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = Omit<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"],\n \"create\" | \"list\" | \"update\" | \"inherit\" | \"require\"\n> & {\n create: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"create\"]\n >[0],\n data: {\n groupId: string;\n userId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ) => Promise<{ ok: true; memberId: string }>;\n list: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]\n >[0],\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: AuthRoleId<TAuthorization>;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]>;\n update: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"update\"]\n >[0],\n memberId: string,\n data: Record<string, unknown> & { roleIds?: AuthRoleId<TAuthorization>[] },\n ) => Promise<{ ok: true; memberId: string }>;\n inherit: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"inherit\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n grants?: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"inherit\"]>;\n require: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"require\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n grants?: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"require\"]>;\n};\n\ntype AccessApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = {\n check: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"access\"][\"check\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n grants: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"access\"][\"check\"]>;\n require: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"access\"][\"require\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n grants: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"access\"][\"require\"]>;\n};\n\n/** The base auth API surface, without conditional namespaces. */\nexport type AuthApiBase<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = {\n signIn: ReturnType<typeof AuthFactory>[\"signIn\"];\n signOut: ReturnType<typeof AuthFactory>[\"signOut\"];\n store: ReturnType<typeof AuthFactory>[\"store\"];\n user: ReturnType<typeof AuthFactory>[\"auth\"][\"user\"];\n session: ReturnType<typeof AuthFactory>[\"auth\"][\"session\"];\n provider: ReturnType<typeof AuthFactory>[\"auth\"][\"provider\"];\n account: ReturnType<typeof AuthFactory>[\"auth\"][\"account\"];\n group: ReturnType<typeof AuthFactory>[\"auth\"][\"group\"];\n member: MemberApiWithAuthorization<TAuthorization>;\n access: AccessApiWithAuthorization<TAuthorization>;\n invite: ReturnType<typeof AuthFactory>[\"auth\"][\"invite\"];\n key: ReturnType<typeof AuthFactory>[\"auth\"][\"key\"];\n http: ReturnType<typeof AuthFactory>[\"auth\"][\"http\"];\n};\n\ntype InternalSsoApi = ReturnType<typeof AuthFactory>[\"auth\"][\"sso\"];\n\ntype PublicSsoAdminApi = {\n connection: InternalSsoApi[\"connection\"] & {\n domain: {\n list: InternalSsoApi[\"domain\"][\"list\"];\n validate: InternalSsoApi[\"domain\"][\"validate\"];\n set: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n enterpriseId: string,\n domains: Array<{\n domain: string;\n isPrimary?: boolean;\n }>,\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domains: Array<{\n domainId: string;\n domain: string;\n isPrimary: boolean;\n verified: boolean;\n verifiedAt: number | null;\n }>;\n }>;\n verification: {\n request: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domain: string;\n requestedAt: number;\n expiresAt: number;\n challenge: {\n recordType: \"TXT\";\n recordName: string;\n recordValue: string;\n };\n }>;\n confirm: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: boolean;\n enterpriseId: string;\n domain: string;\n verifiedAt?: number;\n checks: Array<{ name: string; ok: boolean; message?: string }>;\n }>;\n };\n };\n };\n oidc: Omit<InternalSsoApi[\"oidc\"], \"signIn\">;\n saml: Omit<InternalSsoApi[\"saml\"], \"metadata\">;\n policy: InternalSsoApi[\"policy\"];\n audit: {\n list: InternalSsoApi[\"audit\"][\"list\"];\n };\n webhook: {\n endpoint: InternalSsoApi[\"webhook\"][\"endpoint\"];\n delivery: {\n list: InternalSsoApi[\"webhook\"][\"delivery\"][\"list\"];\n };\n };\n};\n\ntype PublicSsoClientApi = {\n signIn: InternalSsoApi[\"oidc\"][\"signIn\"];\n metadata: InternalSsoApi[\"saml\"][\"metadata\"];\n};\n\ntype PublicSsoApi = {\n admin: PublicSsoAdminApi;\n client: PublicSsoClientApi;\n};\n\ntype PublicScimApi = {\n admin: Omit<InternalSsoApi[\"scim\"], \"getConfigByToken\" | \"identity\">;\n};\n\n/** Auth API with enterprise namespaces — present only when `new SSO()` is in providers. */\nexport type AuthApi<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = AuthApiBase<TAuthorization> & {\n sso: PublicSsoApi;\n scim: PublicScimApi;\n};\n\n/**\n * The return type of `createAuth`. Conditional namespaces:\n * - `auth.sso` and `auth.scim` — only when `new SSO()` is in providers\n * - `auth.clientApi` — typed API refs for the client SDK with capabilities\n */\nexport type ConvexAuthResult<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> =\n HasSSO<P> extends true\n ? AuthApi<TAuthorization>\n : AuthApiBase<TAuthorization>;\n\n/**\n * Infer the typed `AuthApiRefs` for the client SDK from a `createAuth` call.\n *\n * Use this as the generic parameter for `client()` on the frontend:\n *\n * ```ts\n * // convex/auth.ts\n * export const auth = createAuth(components.auth, { providers: [...] });\n *\n * // Frontend\n * import type { auth } from \"../convex/auth\";\n * import type { InferClientApi } from \"@robelest/convex-auth/component\";\n * const c = client<InferClientApi<typeof auth>>({ convex, api: api.auth });\n * ```\n */\nexport type InferClientApi<T> =\n T extends ConvexAuthResult<infer P>\n ? AuthApiRefs<\n HasPasskeyProvider<P>,\n HasTotpProvider<P>,\n HasDeviceProvider<P>\n >\n : AuthApiRefs;\n\n/** @internal */\nexport type AuthLike = Pick<AuthApiBase, \"user\">;\n\n// ============================================================================\n// Auth setup APIs\n// ============================================================================\n\n/**\n * Create an auth API object.\n *\n * When `new SSO()` is included in providers, `auth.sso` and `auth.scim`\n * are available on the returned object. Without it, those namespaces are\n * absent and accessing them is a TypeScript compile error.\n */\nexport function createAuth<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n component: ConvexAuthConfig[\"component\"],\n config: Omit<AuthConfig, \"providers\" | \"authorization\"> & {\n providers: P;\n authorization?: TAuthorization;\n },\n): ConvexAuthResult<P, TAuthorization> {\n const authResult = AuthFactory({\n ...config,\n component,\n providers: [...config.providers],\n });\n const {\n domain: domainApi,\n scim: scimApi,\n connection: connectionApi,\n audit: auditApi,\n webhook: webhookApi,\n oidc: oidcApi,\n saml: samlApi,\n ...restSso\n } = authResult.auth.sso as InternalSsoApi;\n\n type SetEnterpriseDomains = PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"];\n type EnterpriseDomainInput = Array<{\n domain: string;\n isPrimary?: boolean;\n }>;\n const setEnterpriseDomains: PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"] =\n async (\n ctx: Parameters<SetEnterpriseDomains>[0],\n enterpriseId: Parameters<SetEnterpriseDomains>[1],\n domains: EnterpriseDomainInput,\n ) => {\n const enterprise = await connectionApi.get(ctx, enterpriseId);\n if (enterprise === null) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Enterprise not found.\",\n ).toConvexError();\n }\n\n const normalized = domains.map((entry: (typeof domains)[number]) => ({\n ...entry,\n domain: entry.domain.trim().toLowerCase(),\n }));\n const deduped = new Map<string, (typeof normalized)[number]>();\n for (const entry of normalized) {\n if (entry.domain.length === 0) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Domain must not be empty.\",\n ).toConvexError();\n }\n if (deduped.has(entry.domain)) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n `Duplicate domain: ${entry.domain}`,\n ).toConvexError();\n }\n deduped.set(entry.domain, entry);\n }\n\n const nextDomains = [...deduped.values()];\n const primaryCount = nextDomains.filter(\n (entry) => entry.isPrimary,\n ).length;\n if (primaryCount > 1) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Only one primary domain may be set.\",\n ).toConvexError();\n }\n if (nextDomains.length > 0 && primaryCount === 0) {\n nextDomains[0] = { ...nextDomains[0], isPrimary: true };\n }\n\n const currentDomains = await domainApi.list(ctx, enterpriseId);\n const currentByDomain = new Map<string, (typeof currentDomains)[number]>(\n currentDomains.map((entry: (typeof currentDomains)[number]) => [\n entry.domain.toLowerCase(),\n entry,\n ]),\n );\n\n for (const existing of currentDomains) {\n if (!deduped.has(existing.domain.toLowerCase())) {\n await domainApi.remove(ctx, existing._id);\n }\n }\n\n for (const nextDomain of nextDomains) {\n const current = currentByDomain.get(nextDomain.domain);\n if (current && current.isPrimary === Boolean(nextDomain.isPrimary)) {\n continue;\n }\n if (current) {\n await domainApi.remove(ctx, current._id);\n }\n const domainId = await domainApi.add(ctx, {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n domain: nextDomain.domain,\n isPrimary: nextDomain.isPrimary,\n });\n if (current?.verifiedAt !== undefined) {\n await (ctx as any).runMutation(\n component.public.enterpriseDomainVerify,\n {\n domainId,\n verifiedAt: current.verifiedAt,\n },\n );\n }\n }\n\n const updatedDomains = await domainApi.list(ctx, enterpriseId);\n return {\n ok: true as const,\n enterpriseId,\n domains: updatedDomains.map(\n (domain: (typeof updatedDomains)[number]) => ({\n domainId: domain._id,\n domain: domain.domain,\n isPrimary: domain.isPrimary,\n verified: domain.verifiedAt !== undefined,\n verifiedAt: domain.verifiedAt ?? null,\n }),\n ),\n };\n };\n\n const publicSso: PublicSsoApi = {\n admin: {\n ...restSso,\n oidc: {\n ...oidcApi,\n },\n saml: {\n ...samlApi,\n },\n connection: {\n ...connectionApi,\n domain: {\n list: domainApi.list,\n validate: domainApi.validate,\n set: setEnterpriseDomains,\n verification: {\n request: domainApi.verification.request,\n confirm: domainApi.verification.confirm,\n },\n },\n },\n policy: restSso.policy,\n audit: {\n list: auditApi.list,\n },\n webhook: {\n endpoint: webhookApi.endpoint,\n delivery: {\n list: webhookApi.delivery.list,\n },\n },\n },\n client: {\n signIn: oidcApi.signIn,\n metadata: samlApi.metadata,\n },\n };\n\n return {\n signIn: authResult.signIn,\n signOut: authResult.signOut,\n store: authResult.store,\n user: authResult.auth.user,\n session: authResult.auth.session,\n provider: authResult.auth.provider,\n account: authResult.auth.account,\n group: authResult.auth.group,\n member: authResult.auth.member,\n access: authResult.auth.access,\n invite: authResult.auth.invite,\n key: authResult.auth.key,\n sso: publicSso,\n scim: {\n admin: {\n configure: scimApi.configure,\n get: scimApi.get,\n validate: scimApi.validate,\n },\n },\n http: authResult.auth.http,\n } as unknown as ConvexAuthResult<P, TAuthorization>;\n}\n\nexport function defineRoles<\n const TRoles extends Record<\n string,\n { label?: string; grants: readonly string[] }\n >,\n>(\n roles: TRoles,\n): {\n [K in keyof TRoles]: {\n id: K & string;\n label?: TRoles[K][\"label\"];\n grants: Array<TRoles[K][\"grants\"][number] & string>;\n };\n} {\n return Object.fromEntries(\n Object.entries(roles).map(([id, role]) => [\n id,\n {\n id,\n ...(role.label ? { label: role.label } : {}),\n grants: [...role.grants],\n },\n ]),\n ) as {\n [K in keyof TRoles]: {\n id: K & string;\n label?: TRoles[K][\"label\"];\n grants: Array<TRoles[K][\"grants\"][number] & string>;\n };\n };\n}\n\n// ============================================================================\n// AuthCtx — ctx enrichment for customQuery / customMutation\n// ============================================================================\n\nexport type UserDoc = Doc<\"User\">;\n\nexport type AuthCtxConfig<\n TResolve extends Record<string, unknown> = Record<string, never>,\n> = {\n optional?: boolean;\n resolve?: (ctx: any, user: UserDoc) => Promise<TResolve> | TResolve;\n};\n\n/** Overload: optional auth */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config: AuthCtxConfig<TResolve> & { optional: true },\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n userId: GenericId<\"User\"> | null;\n user: UserDoc | null;\n } & TResolve;\n };\n args: {};\n }>;\n};\n/** Overload: required auth (default) */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config?: AuthCtxConfig<TResolve>,\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n userId: GenericId<\"User\">;\n user: UserDoc;\n } & TResolve;\n };\n args: {};\n }>;\n};\n// Implementation\nexport function AuthCtx(auth: AuthLike, config?: AuthCtxConfig<any>) {\n return {\n args: {},\n input: async (ctx: any, _args: any, _extra?: any) => {\n const nativeAuth = ctx.auth;\n const modeDispatch =\n config?.optional === true\n ? { mode: \"optional\" as const }\n : { mode: \"required\" as const };\n\n const userContext = await Fx.run(\n Fx.match(modeDispatch, modeDispatch.mode, {\n optional: async () => {\n const userId = await auth.user.current(ctx);\n if (!userId) {\n return null;\n }\n const user = await auth.user.get(ctx, userId);\n return { userId, user };\n },\n required: async () => {\n const userId = await auth.user.require(ctx);\n const user = await auth.user.get(ctx, userId);\n return { userId, user };\n },\n }),\n );\n\n if (userContext === null) {\n return {\n ctx: {\n auth: {\n getUserIdentity: nativeAuth.getUserIdentity.bind(nativeAuth),\n userId: null,\n user: null,\n },\n },\n args: {},\n };\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, userContext.user)\n : {};\n\n return {\n ctx: {\n auth: {\n getUserIdentity: nativeAuth.getUserIdentity.bind(nativeAuth),\n userId: userContext.userId,\n user: userContext.user,\n ...extra,\n },\n },\n args: {},\n };\n },\n };\n}\n\nexport type InferAuth<\n T extends { input: (...args: any[]) => Promise<{ ctx: { auth: any } }> },\n> = Awaited<ReturnType<T[\"input\"]>>[\"ctx\"][\"auth\"];\n"],"mappings":";;;;;;;;;;;AAoSA,SAAgB,WAId,WACA,QAIqC;CACrC,MAAM,aAAaA,KAAY;EAC7B,GAAG;EACH;EACA,WAAW,CAAC,GAAG,OAAO,UAAU;EACjC,CAAC;CACF,MAAM,EACJ,QAAQ,WACR,MAAM,SACN,YAAY,eACZ,OAAO,UACP,SAAS,YACT,MAAM,SACN,MAAM,SACN,GAAG,YACD,WAAW,KAAK;CAOpB,MAAM,uBACJ,OACE,KACA,cACA,YACG;EACH,MAAM,aAAa,MAAM,cAAc,IAAI,KAAK,aAAa;AAC7D,MAAI,eAAe,KACjB,OAAM,IAAI,UACR,sBACA,wBACD,CAAC,eAAe;EAGnB,MAAM,aAAa,QAAQ,KAAK,WAAqC;GACnE,GAAG;GACH,QAAQ,MAAM,OAAO,MAAM,CAAC,aAAa;GAC1C,EAAE;EACH,MAAM,0BAAU,IAAI,KAA0C;AAC9D,OAAK,MAAM,SAAS,YAAY;AAC9B,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,IAAI,UACR,sBACA,4BACD,CAAC,eAAe;AAEnB,OAAI,QAAQ,IAAI,MAAM,OAAO,CAC3B,OAAM,IAAI,UACR,sBACA,qBAAqB,MAAM,SAC5B,CAAC,eAAe;AAEnB,WAAQ,IAAI,MAAM,QAAQ,MAAM;;EAGlC,MAAM,cAAc,CAAC,GAAG,QAAQ,QAAQ,CAAC;EACzC,MAAM,eAAe,YAAY,QAC9B,UAAU,MAAM,UAClB,CAAC;AACF,MAAI,eAAe,EACjB,OAAM,IAAI,UACR,sBACA,sCACD,CAAC,eAAe;AAEnB,MAAI,YAAY,SAAS,KAAK,iBAAiB,EAC7C,aAAY,KAAK;GAAE,GAAG,YAAY;GAAI,WAAW;GAAM;EAGzD,MAAM,iBAAiB,MAAM,UAAU,KAAK,KAAK,aAAa;EAC9D,MAAM,kBAAkB,IAAI,IAC1B,eAAe,KAAK,UAA2C,CAC7D,MAAM,OAAO,aAAa,EAC1B,MACD,CAAC,CACH;AAED,OAAK,MAAM,YAAY,eACrB,KAAI,CAAC,QAAQ,IAAI,SAAS,OAAO,aAAa,CAAC,CAC7C,OAAM,UAAU,OAAO,KAAK,SAAS,IAAI;AAI7C,OAAK,MAAM,cAAc,aAAa;GACpC,MAAM,UAAU,gBAAgB,IAAI,WAAW,OAAO;AACtD,OAAI,WAAW,QAAQ,cAAc,QAAQ,WAAW,UAAU,CAChE;AAEF,OAAI,QACF,OAAM,UAAU,OAAO,KAAK,QAAQ,IAAI;GAE1C,MAAM,WAAW,MAAM,UAAU,IAAI,KAAK;IACxC,cAAc,WAAW;IACzB,SAAS,WAAW;IACpB,QAAQ,WAAW;IACnB,WAAW,WAAW;IACvB,CAAC;AACF,OAAI,SAAS,eAAe,OAC1B,OAAO,IAAY,YACjB,UAAU,OAAO,wBACjB;IACE;IACA,YAAY,QAAQ;IACrB,CACF;;AAKL,SAAO;GACL,IAAI;GACJ;GACA,UAJqB,MAAM,UAAU,KAAK,KAAK,aAAa,EAIpC,KACrB,YAA6C;IAC5C,UAAU,OAAO;IACjB,QAAQ,OAAO;IACf,WAAW,OAAO;IAClB,UAAU,OAAO,eAAe;IAChC,YAAY,OAAO,cAAc;IAClC,EACF;GACF;;CAGL,MAAM,YAA0B;EAC9B,OAAO;GACL,GAAG;GACH,MAAM,EACJ,GAAG,SACJ;GACD,MAAM,EACJ,GAAG,SACJ;GACD,YAAY;IACV,GAAG;IACH,QAAQ;KACN,MAAM,UAAU;KAChB,UAAU,UAAU;KACpB,KAAK;KACL,cAAc;MACZ,SAAS,UAAU,aAAa;MAChC,SAAS,UAAU,aAAa;MACjC;KACF;IACF;GACD,QAAQ,QAAQ;GAChB,OAAO,EACL,MAAM,SAAS,MAChB;GACD,SAAS;IACP,UAAU,WAAW;IACrB,UAAU,EACR,MAAM,WAAW,SAAS,MAC3B;IACF;GACF;EACD,QAAQ;GACN,QAAQ,QAAQ;GAChB,UAAU,QAAQ;GACnB;EACF;AAED,QAAO;EACL,QAAQ,WAAW;EACnB,SAAS,WAAW;EACpB,OAAO,WAAW;EAClB,MAAM,WAAW,KAAK;EACtB,SAAS,WAAW,KAAK;EACzB,UAAU,WAAW,KAAK;EAC1B,SAAS,WAAW,KAAK;EACzB,OAAO,WAAW,KAAK;EACvB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,KAAK,WAAW,KAAK;EACrB,KAAK;EACL,MAAM,EACJ,OAAO;GACL,WAAW,QAAQ;GACnB,KAAK,QAAQ;GACb,UAAU,QAAQ;GACnB,EACF;EACD,MAAM,WAAW,KAAK;EACvB;;AAGH,SAAgB,YAMd,OAOA;AACA,QAAO,OAAO,YACZ,OAAO,QAAQ,MAAM,CAAC,KAAK,CAAC,IAAI,UAAU,CACxC,IACA;EACE;EACA,GAAI,KAAK,QAAQ,EAAE,OAAO,KAAK,OAAO,GAAG,EAAE;EAC3C,QAAQ,CAAC,GAAG,KAAK,OAAO;EACzB,CACF,CAAC,CACH;;AAqEH,SAAgB,QAAQ,MAAgB,QAA6B;AACnE,QAAO;EACL,MAAM,EAAE;EACR,OAAO,OAAO,KAAU,OAAY,WAAiB;GACnD,MAAM,aAAa,IAAI;GACvB,MAAM,eACJ,QAAQ,aAAa,OACjB,EAAE,MAAM,YAAqB,GAC7B,EAAE,MAAM,YAAqB;GAEnC,MAAM,cAAc,MAAM,GAAG,IAC3B,GAAG,MAAM,cAAc,aAAa,MAAM;IACxC,UAAU,YAAY;KACpB,MAAM,SAAS,MAAM,KAAK,KAAK,QAAQ,IAAI;AAC3C,SAAI,CAAC,OACH,QAAO;AAGT,YAAO;MAAE;MAAQ,MADJ,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;MACtB;;IAEzB,UAAU,YAAY;KACpB,MAAM,SAAS,MAAM,KAAK,KAAK,QAAQ,IAAI;AAE3C,YAAO;MAAE;MAAQ,MADJ,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;MACtB;;IAE1B,CAAC,CACH;AAED,OAAI,gBAAgB,KAClB,QAAO;IACL,KAAK,EACH,MAAM;KACJ,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;KAC5D,QAAQ;KACR,MAAM;KACP,EACF;IACD,MAAM,EAAE;IACT;GAGH,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,YAAY,KAAK,GAC3C,EAAE;AAEN,UAAO;IACL,KAAK,EACH,MAAM;KACJ,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;KAC5D,QAAQ,YAAY;KACpB,MAAM,YAAY;KAClB,GAAG;KACJ,EACF;IACD,MAAM,EAAE;IACT;;EAEJ"}
1
+ {"version":3,"file":"auth.js","names":["AuthFactory"],"sources":["../../src/server/auth.ts"],"sourcesContent":["/**\n * Auth configuration helpers for Convex Auth.\n *\n * @module\n */\n\nimport type { UserIdentity } from \"convex/server\";\nimport type { GenericId } from \"convex/values\";\n\nimport type { AuthApiRefs } from \"../client/index\";\nimport { Auth as AuthFactory } from \"./factory\";\nimport { Fx } from \"./fx\";\nimport { AuthError } from \"./fx\";\nimport type { Doc } from \"./types\";\nimport type {\n AuthAuthorizationConfig,\n AuthGrant,\n AuthProviderConfig,\n AuthRoleDefinition,\n AuthRoleId,\n ConvexAuthConfig,\n HasDeviceProvider,\n HasPasskeyProvider,\n HasSSO,\n HasTotpProvider,\n} from \"./types\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Config for auth setup. Extends the standard auth config\n * minus `component` (which is passed as the first constructor argument).\n */\nexport type AuthConfig = Omit<ConvexAuthConfig, \"component\">;\n\ntype MemberApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = Omit<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"],\n \"create\" | \"list\" | \"update\" | \"resolve\"\n> & {\n create: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"create\"]\n >[0],\n data: {\n groupId: string;\n userId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ) => Promise<{ ok: true; memberId: string }>;\n list: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]\n >[0],\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: AuthRoleId<TAuthorization>;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]>;\n update: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"update\"]\n >[0],\n memberId: string,\n data: Record<string, unknown> & { roleIds?: AuthRoleId<TAuthorization>[] },\n ) => Promise<{ ok: true; memberId: string }>;\n resolve: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"resolve\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n grants?: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"resolve\"]>;\n};\n\ntype AccessApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = {\n check: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"access\"][\"check\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n grants: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"access\"][\"check\"]>;\n};\n\n/** The base auth API surface, without conditional namespaces. */\nexport type AuthApiBase<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = {\n signIn: ReturnType<typeof AuthFactory>[\"signIn\"];\n signOut: ReturnType<typeof AuthFactory>[\"signOut\"];\n store: ReturnType<typeof AuthFactory>[\"store\"];\n user: ReturnType<typeof AuthFactory>[\"auth\"][\"user\"];\n session: ReturnType<typeof AuthFactory>[\"auth\"][\"session\"];\n provider: ReturnType<typeof AuthFactory>[\"auth\"][\"provider\"];\n account: ReturnType<typeof AuthFactory>[\"auth\"][\"account\"];\n group: ReturnType<typeof AuthFactory>[\"auth\"][\"group\"];\n member: MemberApiWithAuthorization<TAuthorization>;\n access: AccessApiWithAuthorization<TAuthorization>;\n invite: ReturnType<typeof AuthFactory>[\"auth\"][\"invite\"];\n key: ReturnType<typeof AuthFactory>[\"auth\"][\"key\"];\n http: ReturnType<typeof AuthFactory>[\"auth\"][\"http\"];\n};\n\ntype InternalSsoApi = ReturnType<typeof AuthFactory>[\"auth\"][\"sso\"];\n\ntype PublicSsoAdminApi = {\n connection: InternalSsoApi[\"connection\"] & {\n domain: {\n list: InternalSsoApi[\"domain\"][\"list\"];\n validate: InternalSsoApi[\"domain\"][\"validate\"];\n set: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n enterpriseId: string,\n domains: Array<{\n domain: string;\n isPrimary?: boolean;\n }>,\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domains: Array<{\n domainId: string;\n domain: string;\n isPrimary: boolean;\n verified: boolean;\n verifiedAt: number | null;\n }>;\n }>;\n verification: {\n request: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domain: string;\n requestedAt: number;\n expiresAt: number;\n challenge: {\n recordType: \"TXT\";\n recordName: string;\n recordValue: string;\n };\n }>;\n confirm: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: boolean;\n enterpriseId: string;\n domain: string;\n verifiedAt?: number;\n checks: Array<{ name: string; ok: boolean; message?: string }>;\n }>;\n };\n };\n };\n oidc: Omit<InternalSsoApi[\"oidc\"], \"signIn\">;\n saml: Omit<InternalSsoApi[\"saml\"], \"metadata\">;\n policy: InternalSsoApi[\"policy\"];\n audit: {\n list: InternalSsoApi[\"audit\"][\"list\"];\n };\n webhook: {\n endpoint: InternalSsoApi[\"webhook\"][\"endpoint\"];\n delivery: {\n list: InternalSsoApi[\"webhook\"][\"delivery\"][\"list\"];\n };\n };\n};\n\ntype PublicSsoClientApi = {\n signIn: InternalSsoApi[\"oidc\"][\"signIn\"];\n metadata: InternalSsoApi[\"saml\"][\"metadata\"];\n};\n\ntype PublicSsoApi = {\n admin: PublicSsoAdminApi;\n client: PublicSsoClientApi;\n};\n\ntype PublicScimApi = {\n admin: Omit<InternalSsoApi[\"scim\"], \"getConfigByToken\" | \"identity\">;\n};\n\n/** Auth API with enterprise namespaces — present only when `new SSO()` is in providers. */\nexport type AuthApi<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = AuthApiBase<TAuthorization> & {\n sso: PublicSsoApi;\n scim: PublicScimApi;\n};\n\n/**\n * The return type of `createAuth`. Conditional namespaces:\n * - `auth.sso` and `auth.scim` — only when `new SSO()` is in providers\n * - `auth.clientApi` — typed API refs for the client SDK with capabilities\n */\nexport type ConvexAuthResult<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> =\n HasSSO<P> extends true\n ? AuthApi<TAuthorization>\n : AuthApiBase<TAuthorization>;\n\n/**\n * Infer the typed `AuthApiRefs` for the client SDK from a `createAuth` call.\n *\n * Use this as the generic parameter for `client()` on the frontend:\n *\n * ```ts\n * // convex/auth.ts\n * export const auth = createAuth(components.auth, { providers: [...] });\n *\n * // Frontend\n * import type { auth } from \"../convex/auth\";\n * import type { InferClientApi } from \"@robelest/convex-auth/component\";\n * const c = client<InferClientApi<typeof auth>>({ convex, api: api.auth });\n * ```\n */\nexport type InferClientApi<T> =\n T extends ConvexAuthResult<infer P>\n ? AuthApiRefs<\n HasPasskeyProvider<P>,\n HasTotpProvider<P>,\n HasDeviceProvider<P>\n >\n : AuthApiRefs;\n\n/** @internal */\nexport type AuthLike = Pick<AuthApiBase, \"user\">;\n\n// ============================================================================\n// Auth setup APIs\n// ============================================================================\n\n/**\n * Create an auth API object.\n *\n * When `new SSO()` is included in providers, `auth.sso` and `auth.scim`\n * are available on the returned object. Without it, those namespaces are\n * absent and accessing them is a TypeScript compile error.\n */\nexport function createAuth<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n component: ConvexAuthConfig[\"component\"],\n config: Omit<AuthConfig, \"providers\" | \"authorization\"> & {\n providers: P;\n authorization?: TAuthorization;\n },\n): ConvexAuthResult<P, TAuthorization> {\n const authResult = AuthFactory({\n ...config,\n component,\n providers: [...config.providers],\n });\n const {\n domain: domainApi,\n scim: scimApi,\n connection: connectionApi,\n audit: auditApi,\n webhook: webhookApi,\n oidc: oidcApi,\n saml: samlApi,\n ...restSso\n } = authResult.auth.sso as InternalSsoApi;\n\n type SetEnterpriseDomains = PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"];\n type EnterpriseDomainInput = Array<{\n domain: string;\n isPrimary?: boolean;\n }>;\n const setEnterpriseDomains: PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"] =\n async (\n ctx: Parameters<SetEnterpriseDomains>[0],\n enterpriseId: Parameters<SetEnterpriseDomains>[1],\n domains: EnterpriseDomainInput,\n ) => {\n const enterprise = await connectionApi.get(ctx, enterpriseId);\n if (enterprise === null) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Enterprise not found.\",\n ).toConvexError();\n }\n\n const normalized = domains.map((entry: (typeof domains)[number]) => ({\n ...entry,\n domain: entry.domain.trim().toLowerCase(),\n }));\n const deduped = new Map<string, (typeof normalized)[number]>();\n for (const entry of normalized) {\n if (entry.domain.length === 0) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Domain must not be empty.\",\n ).toConvexError();\n }\n if (deduped.has(entry.domain)) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n `Duplicate domain: ${entry.domain}`,\n ).toConvexError();\n }\n deduped.set(entry.domain, entry);\n }\n\n const nextDomains = [...deduped.values()];\n const primaryCount = nextDomains.filter(\n (entry) => entry.isPrimary,\n ).length;\n if (primaryCount > 1) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Only one primary domain may be set.\",\n ).toConvexError();\n }\n if (nextDomains.length > 0 && primaryCount === 0) {\n nextDomains[0] = { ...nextDomains[0], isPrimary: true };\n }\n\n const currentDomains = await domainApi.list(ctx, enterpriseId);\n const currentByDomain = new Map<string, (typeof currentDomains)[number]>(\n currentDomains.map((entry: (typeof currentDomains)[number]) => [\n entry.domain.toLowerCase(),\n entry,\n ]),\n );\n\n for (const existing of currentDomains) {\n if (!deduped.has(existing.domain.toLowerCase())) {\n await domainApi.remove(ctx, existing._id);\n }\n }\n\n for (const nextDomain of nextDomains) {\n const current = currentByDomain.get(nextDomain.domain);\n if (current && current.isPrimary === Boolean(nextDomain.isPrimary)) {\n continue;\n }\n if (current) {\n await domainApi.remove(ctx, current._id);\n }\n const domainId = await domainApi.add(ctx, {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n domain: nextDomain.domain,\n isPrimary: nextDomain.isPrimary,\n });\n if (current?.verifiedAt !== undefined) {\n await (ctx as any).runMutation(\n component.public.enterpriseDomainVerify,\n {\n domainId,\n verifiedAt: current.verifiedAt,\n },\n );\n }\n }\n\n const updatedDomains = await domainApi.list(ctx, enterpriseId);\n return {\n ok: true as const,\n enterpriseId,\n domains: updatedDomains.map(\n (domain: (typeof updatedDomains)[number]) => ({\n domainId: domain._id,\n domain: domain.domain,\n isPrimary: domain.isPrimary,\n verified: domain.verifiedAt !== undefined,\n verifiedAt: domain.verifiedAt ?? null,\n }),\n ),\n };\n };\n\n const publicSso: PublicSsoApi = {\n admin: {\n ...restSso,\n oidc: {\n ...oidcApi,\n },\n saml: {\n ...samlApi,\n },\n connection: {\n ...connectionApi,\n domain: {\n list: domainApi.list,\n validate: domainApi.validate,\n set: setEnterpriseDomains,\n verification: {\n request: domainApi.verification.request,\n confirm: domainApi.verification.confirm,\n },\n },\n },\n policy: restSso.policy,\n audit: {\n list: auditApi.list,\n },\n webhook: {\n endpoint: webhookApi.endpoint,\n delivery: {\n list: webhookApi.delivery.list,\n },\n },\n },\n client: {\n signIn: oidcApi.signIn,\n metadata: samlApi.metadata,\n },\n };\n\n return {\n signIn: authResult.signIn,\n signOut: authResult.signOut,\n store: authResult.store,\n user: authResult.auth.user,\n session: authResult.auth.session,\n provider: authResult.auth.provider,\n account: authResult.auth.account,\n group: authResult.auth.group,\n member: authResult.auth.member,\n access: authResult.auth.access,\n invite: authResult.auth.invite,\n key: authResult.auth.key,\n sso: publicSso,\n scim: {\n admin: {\n configure: scimApi.configure,\n get: scimApi.get,\n validate: scimApi.validate,\n },\n },\n http: authResult.auth.http,\n } as unknown as ConvexAuthResult<P, TAuthorization>;\n}\n\n// ============================================================================\n// AuthCtx — ctx enrichment for customQuery / customMutation\n// ============================================================================\n\nexport type UserDoc = Doc<\"User\">;\n\nexport type AuthCtxConfig<\n TResolve extends Record<string, unknown> = Record<string, never>,\n> = {\n optional?: boolean;\n resolve?: (ctx: any, user: UserDoc) => Promise<TResolve> | TResolve;\n};\n\n/** Overload: optional auth */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config: AuthCtxConfig<TResolve> & { optional: true },\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n userId: GenericId<\"User\"> | null;\n user: UserDoc | null;\n } & TResolve;\n };\n args: {};\n }>;\n};\n/** Overload: required auth (default) */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config?: AuthCtxConfig<TResolve>,\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n userId: GenericId<\"User\">;\n user: UserDoc;\n } & TResolve;\n };\n args: {};\n }>;\n};\n// Implementation\nexport function AuthCtx(auth: AuthLike, config?: AuthCtxConfig<any>) {\n return {\n args: {},\n input: async (ctx: any, _args: any, _extra?: any) => {\n const nativeAuth = ctx.auth;\n const modeDispatch =\n config?.optional === true\n ? { mode: \"optional\" as const }\n : { mode: \"required\" as const };\n\n const userContext = await Fx.run(\n Fx.match(modeDispatch, modeDispatch.mode, {\n optional: async () => {\n const userId = await auth.user.id(ctx);\n if (!userId) {\n return null;\n }\n const user = await auth.user.get(ctx, userId);\n return { userId, user };\n },\n required: async () => {\n const userId = await auth.user.id(ctx);\n if (!userId) {\n return null;\n }\n const user = await auth.user.get(ctx, userId);\n return { userId, user };\n },\n }),\n );\n\n if (userContext === null) {\n return {\n ctx: {\n auth: {\n getUserIdentity: nativeAuth.getUserIdentity.bind(nativeAuth),\n userId: null,\n user: null,\n },\n },\n args: {},\n };\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, userContext.user)\n : {};\n\n return {\n ctx: {\n auth: {\n getUserIdentity: nativeAuth.getUserIdentity.bind(nativeAuth),\n userId: userContext.userId,\n user: userContext.user,\n ...extra,\n },\n },\n args: {},\n };\n },\n };\n}\n\nexport type InferAuth<\n T extends { input: (...args: any[]) => Promise<{ ctx: { auth: any } }> },\n> = Awaited<ReturnType<T[\"input\"]>>[\"ctx\"][\"auth\"];\n"],"mappings":";;;;;;;;;;;AA6QA,SAAgB,WAId,WACA,QAIqC;CACrC,MAAM,aAAaA,KAAY;EAC7B,GAAG;EACH;EACA,WAAW,CAAC,GAAG,OAAO,UAAU;EACjC,CAAC;CACF,MAAM,EACJ,QAAQ,WACR,MAAM,SACN,YAAY,eACZ,OAAO,UACP,SAAS,YACT,MAAM,SACN,MAAM,SACN,GAAG,YACD,WAAW,KAAK;CAOpB,MAAM,uBACJ,OACE,KACA,cACA,YACG;EACH,MAAM,aAAa,MAAM,cAAc,IAAI,KAAK,aAAa;AAC7D,MAAI,eAAe,KACjB,OAAM,IAAI,UACR,sBACA,wBACD,CAAC,eAAe;EAGnB,MAAM,aAAa,QAAQ,KAAK,WAAqC;GACnE,GAAG;GACH,QAAQ,MAAM,OAAO,MAAM,CAAC,aAAa;GAC1C,EAAE;EACH,MAAM,0BAAU,IAAI,KAA0C;AAC9D,OAAK,MAAM,SAAS,YAAY;AAC9B,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,IAAI,UACR,sBACA,4BACD,CAAC,eAAe;AAEnB,OAAI,QAAQ,IAAI,MAAM,OAAO,CAC3B,OAAM,IAAI,UACR,sBACA,qBAAqB,MAAM,SAC5B,CAAC,eAAe;AAEnB,WAAQ,IAAI,MAAM,QAAQ,MAAM;;EAGlC,MAAM,cAAc,CAAC,GAAG,QAAQ,QAAQ,CAAC;EACzC,MAAM,eAAe,YAAY,QAC9B,UAAU,MAAM,UAClB,CAAC;AACF,MAAI,eAAe,EACjB,OAAM,IAAI,UACR,sBACA,sCACD,CAAC,eAAe;AAEnB,MAAI,YAAY,SAAS,KAAK,iBAAiB,EAC7C,aAAY,KAAK;GAAE,GAAG,YAAY;GAAI,WAAW;GAAM;EAGzD,MAAM,iBAAiB,MAAM,UAAU,KAAK,KAAK,aAAa;EAC9D,MAAM,kBAAkB,IAAI,IAC1B,eAAe,KAAK,UAA2C,CAC7D,MAAM,OAAO,aAAa,EAC1B,MACD,CAAC,CACH;AAED,OAAK,MAAM,YAAY,eACrB,KAAI,CAAC,QAAQ,IAAI,SAAS,OAAO,aAAa,CAAC,CAC7C,OAAM,UAAU,OAAO,KAAK,SAAS,IAAI;AAI7C,OAAK,MAAM,cAAc,aAAa;GACpC,MAAM,UAAU,gBAAgB,IAAI,WAAW,OAAO;AACtD,OAAI,WAAW,QAAQ,cAAc,QAAQ,WAAW,UAAU,CAChE;AAEF,OAAI,QACF,OAAM,UAAU,OAAO,KAAK,QAAQ,IAAI;GAE1C,MAAM,WAAW,MAAM,UAAU,IAAI,KAAK;IACxC,cAAc,WAAW;IACzB,SAAS,WAAW;IACpB,QAAQ,WAAW;IACnB,WAAW,WAAW;IACvB,CAAC;AACF,OAAI,SAAS,eAAe,OAC1B,OAAO,IAAY,YACjB,UAAU,OAAO,wBACjB;IACE;IACA,YAAY,QAAQ;IACrB,CACF;;AAKL,SAAO;GACL,IAAI;GACJ;GACA,UAJqB,MAAM,UAAU,KAAK,KAAK,aAAa,EAIpC,KACrB,YAA6C;IAC5C,UAAU,OAAO;IACjB,QAAQ,OAAO;IACf,WAAW,OAAO;IAClB,UAAU,OAAO,eAAe;IAChC,YAAY,OAAO,cAAc;IAClC,EACF;GACF;;CAGL,MAAM,YAA0B;EAC9B,OAAO;GACL,GAAG;GACH,MAAM,EACJ,GAAG,SACJ;GACD,MAAM,EACJ,GAAG,SACJ;GACD,YAAY;IACV,GAAG;IACH,QAAQ;KACN,MAAM,UAAU;KAChB,UAAU,UAAU;KACpB,KAAK;KACL,cAAc;MACZ,SAAS,UAAU,aAAa;MAChC,SAAS,UAAU,aAAa;MACjC;KACF;IACF;GACD,QAAQ,QAAQ;GAChB,OAAO,EACL,MAAM,SAAS,MAChB;GACD,SAAS;IACP,UAAU,WAAW;IACrB,UAAU,EACR,MAAM,WAAW,SAAS,MAC3B;IACF;GACF;EACD,QAAQ;GACN,QAAQ,QAAQ;GAChB,UAAU,QAAQ;GACnB;EACF;AAED,QAAO;EACL,QAAQ,WAAW;EACnB,SAAS,WAAW;EACpB,OAAO,WAAW;EAClB,MAAM,WAAW,KAAK;EACtB,SAAS,WAAW,KAAK;EACzB,UAAU,WAAW,KAAK;EAC1B,SAAS,WAAW,KAAK;EACzB,OAAO,WAAW,KAAK;EACvB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,KAAK,WAAW,KAAK;EACrB,KAAK;EACL,MAAM,EACJ,OAAO;GACL,WAAW,QAAQ;GACnB,KAAK,QAAQ;GACb,UAAU,QAAQ;GACnB,EACF;EACD,MAAM,WAAW,KAAK;EACvB;;AA+DH,SAAgB,QAAQ,MAAgB,QAA6B;AACnE,QAAO;EACL,MAAM,EAAE;EACR,OAAO,OAAO,KAAU,OAAY,WAAiB;GACnD,MAAM,aAAa,IAAI;GACvB,MAAM,eACJ,QAAQ,aAAa,OACjB,EAAE,MAAM,YAAqB,GAC7B,EAAE,MAAM,YAAqB;GAEnC,MAAM,cAAc,MAAM,GAAG,IAC3B,GAAG,MAAM,cAAc,aAAa,MAAM;IACxC,UAAU,YAAY;KACpB,MAAM,SAAS,MAAM,KAAK,KAAK,GAAG,IAAI;AACtC,SAAI,CAAC,OACH,QAAO;AAGT,YAAO;MAAE;MAAQ,MADJ,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;MACtB;;IAEzB,UAAU,YAAY;KACpB,MAAM,SAAS,MAAM,KAAK,KAAK,GAAG,IAAI;AACtC,SAAI,CAAC,OACH,QAAO;AAGT,YAAO;MAAE;MAAQ,MADJ,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;MACtB;;IAE1B,CAAC,CACH;AAED,OAAI,gBAAgB,KAClB,QAAO;IACL,KAAK,EACH,MAAM;KACJ,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;KAC5D,QAAQ;KACR,MAAM;KACP,EACF;IACD,MAAM,EAAE;IACT;GAGH,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,YAAY,KAAK,GAC3C,EAAE;AAEN,UAAO;IACL,KAAK,EACH,MAAM;KACJ,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;KAC5D,QAAQ,YAAY;KACpB,MAAM,YAAY;KAClB,GAAG;KACJ,EACF;IACD,MAAM,EAAE;IACT;;EAEJ"}
@@ -49,12 +49,9 @@ type CoreDeps = {
49
49
  */
50
50
  declare function createCoreDomains(deps: CoreDeps): {
51
51
  user: {
52
- current: (ctx: {
52
+ id: (ctx: {
53
53
  auth: Auth;
54
54
  } & Partial<ComponentCtx>, request?: Request) => Promise<string | null>;
55
- require: (ctx: {
56
- auth: Auth;
57
- } & Partial<ComponentCtx>, request?: Request) => Promise<string>;
58
55
  get: (ctx: ComponentReadCtx, userId: string) => Promise<any>;
59
56
  list: (ctx: ComponentReadCtx, opts?: {
60
57
  where?: UserWhere;
@@ -86,8 +83,13 @@ declare function createCoreDomains(deps: CoreDeps): {
86
83
  delete: (ctx: ComponentCtx, userId: string, opts?: {
87
84
  cascade?: boolean;
88
85
  }) => Promise<{
86
+ ok: false;
87
+ code: "INVALID_PARAMETERS";
88
+ userId?: undefined;
89
+ } | {
89
90
  ok: true;
90
91
  userId: string;
92
+ code?: undefined;
91
93
  }>;
92
94
  };
93
95
  session: {
@@ -115,8 +117,17 @@ declare function createCoreDomains(deps: CoreDeps): {
115
117
  accountId: string;
116
118
  }>;
117
119
  delete: (ctx: ComponentCtx, accountId: string) => Promise<{
120
+ ok: false;
121
+ code: "ACCOUNT_NOT_FOUND";
122
+ accountId?: undefined;
123
+ } | {
124
+ ok: false;
125
+ code: "INVALID_PARAMETERS";
126
+ accountId?: undefined;
127
+ } | {
118
128
  ok: true;
119
129
  accountId: string;
130
+ code?: undefined;
120
131
  }>;
121
132
  listPasskeys: (ctx: ComponentReadCtx, opts: {
122
133
  userId: string;
@@ -209,8 +220,15 @@ declare function createCoreDomains(deps: CoreDeps): {
209
220
  status?: string;
210
221
  extend?: Record<string, unknown>;
211
222
  }) => Promise<{
223
+ ok: false;
224
+ code: "INVALID_ROLE_IDS";
225
+ invalidRoleIds: string[];
226
+ memberId?: undefined;
227
+ } | {
212
228
  ok: true;
213
229
  memberId: string;
230
+ code?: undefined;
231
+ invalidRoleIds?: undefined;
214
232
  }>;
215
233
  get: (ctx: ComponentReadCtx, memberId: string) => Promise<any>;
216
234
  getByUserAndGroup: (ctx: ComponentReadCtx, opts: {
@@ -234,56 +252,54 @@ declare function createCoreDomains(deps: CoreDeps): {
234
252
  memberId: string;
235
253
  }>;
236
254
  update: (ctx: ComponentCtx, memberId: string, data: Record<string, unknown>) => Promise<{
255
+ ok: false;
256
+ code: "INVALID_ROLE_IDS";
257
+ invalidRoleIds: string[];
258
+ memberId?: undefined;
259
+ } | {
237
260
  ok: true;
238
261
  memberId: string;
262
+ code?: undefined;
263
+ invalidRoleIds?: undefined;
239
264
  }>;
240
- inherit: (ctx: ComponentReadCtx, opts: {
265
+ resolve: (ctx: ComponentReadCtx, opts: {
241
266
  userId: string;
242
267
  groupId: string;
243
268
  roleIds?: string[];
244
269
  grants?: string[];
245
270
  maxDepth?: number;
246
271
  }) => Promise<{
272
+ ok: false;
273
+ code: "INVALID_ROLE_IDS";
274
+ invalidRoleIds: string[];
275
+ requestedGroupId?: undefined;
276
+ matchedGroupId?: undefined;
277
+ membership?: undefined;
278
+ roleIds?: undefined;
279
+ grants?: undefined;
280
+ missingGrants?: undefined;
281
+ depth?: undefined;
282
+ isDirect?: undefined;
283
+ isInherited?: undefined;
284
+ traversedGroupIds?: undefined;
285
+ cycleDetected?: undefined;
286
+ maxDepthReached?: undefined;
287
+ } | {
247
288
  requestedGroupId: string;
248
- matchedGroupId: string;
289
+ matchedGroupId: any;
249
290
  membership: any;
250
291
  roleIds: any;
251
292
  grants: string[];
252
293
  missingGrants: string[];
253
- depth: number;
254
- isDirect: boolean;
255
- isInherited: boolean;
256
- traversedGroupIds: string[];
257
- cycleDetected: boolean;
258
- maxDepthReached: boolean;
259
- } | {
260
- requestedGroupId: string;
261
- matchedGroupId: null;
262
- membership: null;
263
- roleIds: string[];
264
- grants: string[];
265
- missingGrants: string[];
266
- depth: null;
267
- isDirect: boolean;
268
- isInherited: boolean;
269
- traversedGroupIds: string[];
294
+ depth: any;
295
+ isDirect: any;
296
+ isInherited: any;
297
+ traversedGroupIds: any;
270
298
  cycleDetected: boolean;
271
299
  maxDepthReached: boolean;
272
- }>;
273
- require: (ctx: ComponentReadCtx, opts: {
274
- userId: string;
275
- groupId: string;
276
- roleIds?: string[];
277
- grants?: string[];
278
- maxDepth?: number;
279
- }) => Promise<{
280
- membership: any;
281
- matchedGroupId: string | null;
282
- roleIds: any;
283
- grants: string[];
284
- isDirect: boolean;
285
- isInherited: boolean;
286
- depth: number | null;
300
+ ok?: undefined;
301
+ code?: undefined;
302
+ invalidRoleIds?: undefined;
287
303
  }>;
288
304
  };
289
305
  access: {
@@ -295,29 +311,13 @@ declare function createCoreDomains(deps: CoreDeps): {
295
311
  }) => Promise<{
296
312
  ok: boolean;
297
313
  membership: any;
298
- matchedGroupId: string | null;
314
+ matchedGroupId: any;
299
315
  roleIds: any;
300
316
  grants: string[];
301
317
  missingGrants: string[];
302
- isDirect: boolean;
303
- isInherited: boolean;
304
- depth: number | null;
305
- }>;
306
- require: (ctx: ComponentReadCtx, opts: {
307
- userId: string;
308
- groupId: string;
309
- grants: string[];
310
- maxDepth?: number;
311
- }) => Promise<{
312
- ok: boolean;
313
- membership: any;
314
- matchedGroupId: string | null;
315
- roleIds: any;
316
- grants: string[];
317
- missingGrants: string[];
318
- isDirect: boolean;
319
- isInherited: boolean;
320
- depth: number | null;
318
+ isDirect: any;
319
+ isInherited: any;
320
+ depth: any;
321
321
  }>;
322
322
  };
323
323
  invite: {
@@ -329,9 +329,17 @@ declare function createCoreDomains(deps: CoreDeps): {
329
329
  expiresTime?: number;
330
330
  extend?: Record<string, unknown>;
331
331
  }) => Promise<{
332
+ ok: false;
333
+ code: "INVALID_ROLE_IDS";
334
+ invalidRoleIds: string[];
335
+ inviteId?: undefined;
336
+ token?: undefined;
337
+ } | {
332
338
  ok: true;
333
339
  inviteId: string;
334
340
  token: string;
341
+ code?: undefined;
342
+ invalidRoleIds?: undefined;
335
343
  }>;
336
344
  get: (ctx: ComponentReadCtx, inviteId: string) => Promise<any>;
337
345
  token: {
@@ -383,9 +391,13 @@ declare function createCoreDomains(deps: CoreDeps): {
383
391
  secret: string;
384
392
  }>;
385
393
  verify: (ctx: ComponentCtx, rawKey: string) => Promise<{
394
+ ok: true;
386
395
  userId: string;
387
396
  keyId: string;
388
397
  scopes: ScopeChecker;
398
+ } | {
399
+ ok: false;
400
+ code: "INVALID_API_KEY" | "API_KEY_REVOKED" | "API_KEY_EXPIRED" | "API_KEY_RATE_LIMITED";
389
401
  }>;
390
402
  list: (ctx: ComponentReadCtx, opts?: {
391
403
  where?: {
@@ -426,6 +438,9 @@ declare function createCoreDomains(deps: CoreDeps): {
426
438
  ok: true;
427
439
  keyId: string;
428
440
  secret: string;
441
+ } | {
442
+ ok: false;
443
+ code: "INVALID_PARAMETERS" | "API_KEY_REVOKED";
429
444
  }>;
430
445
  };
431
446
  };
@@ -1 +1 @@
1
- {"version":3,"file":"core.d.ts","names":[],"sources":["../../../src/server/domains/core.ts"],"mappings":";;;;;KA0BK,YAAA,GAAe,IAAA,CAClB,gBAAA,CAAiB,gBAAA;AAAA,KAGd,gBAAA,GAAmB,IAAA,CAAK,gBAAA,CAAiB,gBAAA;AAAA,KACzC,oBAAA,GAAuB,gBAAA;EAAqB,IAAA,EAAM,IAAA;AAAA;AAAA,KAClD,kBAAA;EAAuB,EAAA;EAAY,MAAA;AAAA;AAAA,KACnC,iBAAA;EACH,QAAA;EACA,OAAA,EAAS,kBAAA;EACT,OAAA,EAAS,MAAA;EACT,kBAAA;EACA,kBAAA;AAAA;AAAA,KAEG,mBAAA;EAAwB,QAAA;EAAkB,OAAA,EAAS,kBAAA;AAAA;AAAA,KACnD,4BAAA;EACH,QAAA;EACA,OAAA;IAAW,EAAA;IAAY,MAAA;EAAA;AAAA;AAAA,KAGpB,QAAA;EACH,MAAA;EACA,OAAA;EACA,sBAAA,qBAA2C,gBAAA,EACzC,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA;IAAQ,MAAA,EAAQ,SAAA;IAAmB,MAAA,GAAS,SAAA;EAAA,MACzC,OAAA;EACL,gCAAA,qBAAqD,gBAAA,EACnD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,iBAAA,KACH,OAAA;EACL,kCAAA,qBAAuD,gBAAA,EACrD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,mBAAA,KACH,OAAA;EACL,iBAAA,qBAAsC,gBAAA,EACpC,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,4BAAA,KACH,OAAA;EACL,YAAA,2BAAuC,gBAAA,EACrC,GAAA,EAAK,gBAAA,CAAiB,SAAA;EAExB,mBAAA;EACA,iBAAA;AAAA;;AArC4C;;iBA2C9B,iBAAA,CAAkB,IAAA,EAAM,QAAA;;;MAkD3B,IAAA,EAAM,IAAA;IAAA,IAAS,OAAA,CAAQ,YAAA,GAAa,OAAA,GACjC,OAAA,KACT,OAAA;;MAwBM,IAAA,EAAM,IAAA;IAAA,IAAS,OAAA,CAAQ,YAAA,GAAa,OAAA,GACjC,OAAA,KACT,OAAA;eAOc,gBAAA,EAAgB,MAAA,aAAgB,OAAA;gBAM1C,gBAAA,EAAgB,IAAA;MAEnB,KAAA,GAAQ,SAAA;MACR,KAAA;MACA,MAAA;MACA,OAAA,GAAU,WAAA;MACV,KAAA;IAAA,MACD,OAAA;kBAIiB,oBAAA,KAAoB,OAAA;kBAQjC,YAAA,EAAY,MAAA,UACH,IAAA,EACR,MAAA,sBAAuB,OAAA;;;;0BASxB,YAAA,EAAY,IAAA;MACT,MAAA;MAAgB,OAAA;IAAA,MAAwB,OAAA;;;;;;;;;0BAqB3C,gBAAA,EAAgB,IAAA;MACb,MAAA;IAAA,MACP,OAAA;kBAcI,YAAA,EAAY,MAAA,UACH,IAAA;MACL,OAAA;IAAA,MAAmB,OAAA;;;;;;;MA+EP,IAAA,EAAM,IAAA;IAAA,MAAM,OAAA,CAAA,SAAA;mCAME,gBAAA,EAAgB,GAAA,EAC9C,gBAAA,CAAiB,SAAA,GAAU,IAAA;MACxB,MAAA,EAAQ,SAAA;MAAmB,MAAA,GAAS,SAAA;IAAA,MAAwB,OAAA;;;;;eASrD,gBAAA,EAAgB,SAAA,aAAmB,OAAA;gBAKlC,gBAAA,EAAgB,IAAA;MAAU,MAAA;IAAA,MAAgB,OAAA;EAAA;;+BAQ3B,gBAAA,EAAgB,GAAA,EAC1C,gBAAA,CAAiB,SAAA,GAAU,IAAA,EAC1B,iBAAA,KAAiB,OAAA;4BAKK,gBAAA,EAAgB,GAAA,EACvC,gBAAA,CAAiB,SAAA,GAAU,IAAA,EAC1B,mBAAA,KAAmB,OAAA;+BAQM,gBAAA,EAAgB,GAAA,EAC1C,gBAAA,CAAiB,SAAA,GAAU,IAAA,EAC1B,4BAAA,KAA4B,OAAA;;;;kBAKhB,YAAA,EAAY,SAAA,aAAmB,OAAA;;;;wBAyBzB,gBAAA,EAAgB,IAAA;MAAU,MAAA;IAAA,MAAgB,OAAA;yBAO7D,YAAA,EAAY,SAAA,UACA,IAAA,aACL,OAAA;;;;yBAQa,YAAA,EAAY,SAAA,aAAmB,OAAA;;;;qBAMnC,gBAAA,EAAgB,IAAA;MAAU,MAAA;IAAA,MAAgB,OAAA;sBAGzC,YAAA,EAAY,MAAA,aAAgB,OAAA;;;;;;+BAOnB,gBAAA,EAAgB,GAAA,EAC1C,gBAAA,CAAiB,SAAA,GAAU,cAAA,EAChB,kBAAA,EAAkB,IAAA;MAEhC,SAAA,GAAY,SAAA;MACZ,MAAA,GAAS,MAAA;IAAA,MACV,OAAA;;;;;;kBAwBI,YAAA,EAAY,IAAA;MAEf,IAAA;MACA,IAAA;MACA,IAAA;MACA,aAAA;MACA,IAAA,GAAO,KAAA;QAAQ,GAAA;QAAa,KAAA;MAAA;MAC5B,MAAA,GAAS,MAAA;IAAA,MAEV,OAAA;MAAU,EAAA;MAAU,OAAA;IAAA;eAON,gBAAA,EAAgB,OAAA,aAAiB,OAAA;gBAI3C,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,IAAA;QACA,IAAA;QACA,aAAA;QACA,IAAA;QACA,MAAA;QACA,OAAA,GAAU,KAAA;UAAQ,GAAA;UAAa,KAAA;QAAA;QAC/B,OAAA,GAAU,KAAA;UAAQ,GAAA;UAAa,KAAA;QAAA;MAAA;MAEjC,KAAA;MACA,MAAA;MACA,OAAA;MACA,KAAA;IAAA,MACD,OAAA;kBAWI,YAAA,EAAY,OAAA,UACF,IAAA,EACT,MAAA,sBAAuB,OAAA;;;;kBAQX,YAAA,EAAY,OAAA,aAAiB,OAAA;;;;qBAK1C,gBAAA,EAAgB,IAAA;MACb,OAAA;MAAiB,QAAA;MAAmB,WAAA;IAAA,MAAuB,OAAA;;;;;;;kBAuC9D,YAAA,EAAY,IAAA;MAEf,OAAA;MACA,MAAA;MACA,OAAA;MACA,MAAA;MACA,MAAA,GAAS,MAAA;IAAA,MAEV,OAAA;MAAU,EAAA;MAAU,QAAA;IAAA;eAQN,gBAAA,EAAgB,QAAA,aAAkB,OAAA;6BAM5C,gBAAA,EAAgB,IAAA;MACb,MAAA;MAAgB,OAAA;IAAA,MAAiB,OAAA;gBAQpC,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,OAAA;QACA,MAAA;QACA,MAAA;QACA,MAAA;MAAA;MAEF,KAAA;MACA,MAAA;MACA,OAAA;MACA,KAAA;IAAA,MACD,OAAA;kBAUiB,YAAA,EAAY,QAAA,aAAkB,OAAA;;;;kBAK3C,YAAA,EAAY,QAAA,UACD,IAAA,EACV,MAAA,sBAAuB,OAAA;;;;mBAiBxB,gBAAA,EAAgB,IAAA;MAEnB,MAAA;MACA,OAAA;MACA,OAAA;MACA,MAAA;MACA,QAAA;IAAA,MACD,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;mBA0EI,gBAAA,EAAgB,IAAA;MAEnB,MAAA;MACA,OAAA;MACA,OAAA;MACA,MAAA;MACA,QAAA;IAAA,MACD,OAAA;;;;;;;;;;;iBAuBI,gBAAA,EAAgB,IAAA;MAEnB,MAAA;MACA,OAAA;MACA,MAAA;MACA,QAAA;IAAA,MACD,OAAA;;;;;;;;;;;mBAyBI,gBAAA,EAAgB,IAAA;MAEnB,MAAA;MACA,OAAA;MACA,MAAA;MACA,QAAA;IAAA,MACD,OAAA;;;;;;;;;;;;;kBAeI,YAAA,EAAY,IAAA;MAEf,OAAA;MACA,eAAA;MACA,KAAA;MACA,OAAA;MACA,WAAA;MACA,MAAA,GAAS,MAAA;IAAA,MAEV,OAAA;MAAU,EAAA;MAAU,QAAA;MAAkB,KAAA;IAAA;eAaxB,gBAAA,EAAgB,QAAA,aAAkB,OAAA;;iBAMhC,gBAAA,EAAgB,KAAA,aAAe,OAAA;oBAQzC,YAAA,EAAY,IAAA;QACT,KAAA;QAAe,gBAAA;MAAA,MAA0B,OAAA;IAAA;gBAW9C,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,SAAA;QACA,OAAA;QACA,MAAA;QACA,KAAA;QACA,eAAA;QACA,MAAA;QACA,gBAAA;MAAA;MAEF,KAAA;MACA,MAAA;MACA,OAAA;MAMA,KAAA;IAAA,MACD,OAAA;kBAWI,YAAA,EAAY,QAAA,UACD,gBAAA,cACS,OAAA;;;;;kBAYP,YAAA,EAAY,QAAA,aAAkB,OAAA;;;;;;kBAQ3C,YAAA,EAAY,IAAA;MAEf,MAAA;MACA,IAAA;MACA,MAAA,EAAQ,QAAA;MACR,SAAA;QAAc,WAAA;QAAqB,QAAA;MAAA;MACnC,SAAA;MACA,QAAA,GAAW,MAAA;IAAA,MAEZ,OAAA;MAAU,EAAA;MAAU,KAAA;MAAe,MAAA;IAAA;kBAe/B,YAAA,EAAY,MAAA,aAEhB,OAAA;MAAU,MAAA;MAAgB,KAAA;MAAe,MAAA,EAAQ,YAAA;IAAA;gBA0C7C,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,MAAA;QACA,OAAA;QACA,IAAA;QACA,MAAA;MAAA;MAEF,KAAA;MACA,MAAA;MACA,OAAA;MAMA,KAAA;IAAA,MACD,OAAA;eAWI,gBAAA,EAAgB,KAAA,aAEpB,OAAA,CAAQ,MAAA;kBAMJ,YAAA,EAAY,KAAA,UACJ,IAAA;MAEX,IAAA;MACA,MAAA,GAAS,QAAA;MACT,SAAA;QAAc,WAAA;QAAqB,QAAA;MAAA;IAAA,MACpC,OAAA;;;;kBAKiB,YAAA,EAAY,KAAA,aAAe,OAAA;;;;kBAO3B,YAAA,EAAY,KAAA,aAAe,OAAA;;;;kBAKxC,YAAA,EAAY,KAAA,UACJ,IAAA;MACJ,IAAA;MAAe,SAAA;IAAA,MACvB,OAAA;MAAU,EAAA;MAAU,KAAA;MAAe,MAAA;IAAA;EAAA;AAAA"}
1
+ {"version":3,"file":"core.d.ts","names":[],"sources":["../../../src/server/domains/core.ts"],"mappings":";;;;;KAyBK,YAAA,GAAe,IAAA,CAClB,gBAAA,CAAiB,gBAAA;AAAA,KAGd,gBAAA,GAAmB,IAAA,CAAK,gBAAA,CAAiB,gBAAA;AAAA,KACzC,oBAAA,GAAuB,gBAAA;EAAqB,IAAA,EAAM,IAAA;AAAA;AAAA,KAClD,kBAAA;EAAuB,EAAA;EAAY,MAAA;AAAA;AAAA,KACnC,iBAAA;EACH,QAAA;EACA,OAAA,EAAS,kBAAA;EACT,OAAA,EAAS,MAAA;EACT,kBAAA;EACA,kBAAA;AAAA;AAAA,KAEG,mBAAA;EAAwB,QAAA;EAAkB,OAAA,EAAS,kBAAA;AAAA;AAAA,KACnD,4BAAA;EACH,QAAA;EACA,OAAA;IAAW,EAAA;IAAY,MAAA;EAAA;AAAA;AAAA,KAGpB,QAAA;EACH,MAAA;EACA,OAAA;EACA,sBAAA,qBAA2C,gBAAA,EACzC,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA;IAAQ,MAAA,EAAQ,SAAA;IAAmB,MAAA,GAAS,SAAA;EAAA,MACzC,OAAA;EACL,gCAAA,qBAAqD,gBAAA,EACnD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,iBAAA,KACH,OAAA;EACL,kCAAA,qBAAuD,gBAAA,EACrD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,mBAAA,KACH,OAAA;EACL,iBAAA,qBAAsC,gBAAA,EACpC,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,4BAAA,KACH,OAAA;EACL,YAAA,2BAAuC,gBAAA,EACrC,GAAA,EAAK,gBAAA,CAAiB,SAAA;EAExB,mBAAA;EACA,iBAAA;AAAA;;AArC4C;;iBA2C9B,iBAAA,CAAkB,IAAA,EAAM,QAAA;;;MAkE3B,IAAA,EAAM,IAAA;IAAA,IAAS,OAAA,CAAQ,YAAA,GAAa,OAAA,GACjC,OAAA,KACT,OAAA;eAsBc,gBAAA,EAAgB,MAAA,aAAgB,OAAA;gBAU1C,gBAAA,EAAgB,IAAA;MAEnB,KAAA,GAAQ,SAAA;MACR,KAAA;MACA,MAAA;MACA,OAAA,GAAU,WAAA;MACV,KAAA;IAAA,MACD,OAAA;kBAIiB,oBAAA,KAAoB,OAAA;kBAMjC,YAAA,EAAY,MAAA,UACH,IAAA,EACR,MAAA,sBAAuB,OAAA;;;;0BASxB,YAAA,EAAY,IAAA;MACT,MAAA;MAAgB,OAAA;IAAA,MAAwB,OAAA;;;;;;;;;0BAqB3C,gBAAA,EAAgB,IAAA;MACb,MAAA;IAAA,MACP,OAAA;kBAcI,YAAA,EAAY,MAAA,UACH,IAAA;MACL,OAAA;IAAA,MAAmB,OAAA;;;;;;;;;;;;MA4EP,IAAA,EAAM,IAAA;IAAA,MAAM,OAAA,CAAA,SAAA;mCAME,gBAAA,EAAgB,GAAA,EAC9C,gBAAA,CAAiB,SAAA,GAAU,IAAA;MACxB,MAAA,EAAQ,SAAA;MAAmB,MAAA,GAAS,SAAA;IAAA,MAAwB,OAAA;;;;;eASrD,gBAAA,EAAgB,SAAA,aAAmB,OAAA;gBAKlC,gBAAA,EAAgB,IAAA;MAAU,MAAA;IAAA,MAAgB,OAAA;EAAA;;+BAQ3B,gBAAA,EAAgB,GAAA,EAC1C,gBAAA,CAAiB,SAAA,GAAU,IAAA,EAC1B,iBAAA,KAAiB,OAAA;4BAKK,gBAAA,EAAgB,GAAA,EACvC,gBAAA,CAAiB,SAAA,GAAU,IAAA,EAC1B,mBAAA,KAAmB,OAAA;+BAQM,gBAAA,EAAgB,GAAA,EAC1C,gBAAA,CAAiB,SAAA,GAAU,IAAA,EAC1B,4BAAA,KAA4B,OAAA;;;;kBAKhB,YAAA,EAAY,SAAA,aAAmB,OAAA;;;;;;;;;;;;;wBAmBzB,gBAAA,EAAgB,IAAA;MAAU,MAAA;IAAA,MAAgB,OAAA;yBAO7D,YAAA,EAAY,SAAA,UACA,IAAA,aACL,OAAA;;;;yBAQa,YAAA,EAAY,SAAA,aAAmB,OAAA;;;;qBAMnC,gBAAA,EAAgB,IAAA;MAAU,MAAA;IAAA,MAAgB,OAAA;sBAGzC,YAAA,EAAY,MAAA,aAAgB,OAAA;;;;;;+BAOnB,gBAAA,EAAgB,GAAA,EAC1C,gBAAA,CAAiB,SAAA,GAAU,cAAA,EAChB,kBAAA,EAAkB,IAAA;MAEhC,SAAA,GAAY,SAAA;MACZ,MAAA,GAAS,MAAA;IAAA,MACV,OAAA;;;;;;kBAwBI,YAAA,EAAY,IAAA;MAEf,IAAA;MACA,IAAA;MACA,IAAA;MACA,aAAA;MACA,IAAA,GAAO,KAAA;QAAQ,GAAA;QAAa,KAAA;MAAA;MAC5B,MAAA,GAAS,MAAA;IAAA,MAEV,OAAA;MAAU,EAAA;MAAU,OAAA;IAAA;eAON,gBAAA,EAAgB,OAAA,aAAiB,OAAA;gBAU3C,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,IAAA;QACA,IAAA;QACA,aAAA;QACA,IAAA;QACA,MAAA;QACA,OAAA,GAAU,KAAA;UAAQ,GAAA;UAAa,KAAA;QAAA;QAC/B,OAAA,GAAU,KAAA;UAAQ,GAAA;UAAa,KAAA;QAAA;MAAA;MAEjC,KAAA;MACA,MAAA;MACA,OAAA;MACA,KAAA;IAAA,MACD,OAAA;kBAWI,YAAA,EAAY,OAAA,UACF,IAAA,EACT,MAAA,sBAAuB,OAAA;;;;kBAQX,YAAA,EAAY,OAAA,aAAiB,OAAA;;;;qBAK1C,gBAAA,EAAgB,IAAA;MACb,OAAA;MAAiB,QAAA;MAAmB,WAAA;IAAA,MAAuB,OAAA;;;;;;;kBAuC9D,YAAA,EAAY,IAAA;MAEf,OAAA;MACA,MAAA;MACA,OAAA;MACA,MAAA;MACA,MAAA,GAAS,MAAA;IAAA,MACV,OAAA;;;;;;;;;;;eAec,gBAAA,EAAgB,QAAA,aAAkB,OAAA;6BAM5C,gBAAA,EAAgB,IAAA;MACb,MAAA;MAAgB,OAAA;IAAA,MAAiB,OAAA;gBAQpC,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,OAAA;QACA,MAAA;QACA,MAAA;QACA,MAAA;MAAA;MAEF,KAAA;MACA,MAAA;MACA,OAAA;MACA,KAAA;IAAA,MACD,OAAA;kBAUiB,YAAA,EAAY,QAAA,aAAkB,OAAA;;;;kBAK3C,YAAA,EAAY,QAAA,UACD,IAAA,EACV,MAAA,sBAAuB,OAAA;;;;;;;;;;;mBAwBxB,gBAAA,EAAgB,IAAA;MAEnB,MAAA;MACA,OAAA;MACA,OAAA;MACA,MAAA;MACA,QAAA;IAAA,MACD,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA2GI,gBAAA,EAAgB,IAAA;MAEnB,MAAA;MACA,OAAA;MACA,MAAA;MACA,QAAA;IAAA,MACD,OAAA;;;;;;;;;;;;;kBAyCI,YAAA,EAAY,IAAA;MAEf,OAAA;MACA,eAAA;MACA,KAAA;MACA,OAAA;MACA,WAAA;MACA,MAAA,GAAS,MAAA;IAAA,MACV,OAAA;;;;;;;;;;;;;eAoBc,gBAAA,EAAgB,QAAA,aAAkB,OAAA;;iBAMhC,gBAAA,EAAgB,KAAA,aAAe,OAAA;oBAQzC,YAAA,EAAY,IAAA;QACT,KAAA;QAAe,gBAAA;MAAA,MAA0B,OAAA;IAAA;gBAW9C,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,SAAA;QACA,OAAA;QACA,MAAA;QACA,KAAA;QACA,eAAA;QACA,MAAA;QACA,gBAAA;MAAA;MAEF,KAAA;MACA,MAAA;MACA,OAAA;MAMA,KAAA;IAAA,MACD,OAAA;kBAWI,YAAA,EAAY,QAAA,UACD,gBAAA,cACS,OAAA;;;;;kBAYP,YAAA,EAAY,QAAA,aAAkB,OAAA;;;;;;kBAQ3C,YAAA,EAAY,IAAA;MAEf,MAAA;MACA,IAAA;MACA,MAAA,EAAQ,QAAA;MACR,SAAA;QAAc,WAAA;QAAqB,QAAA;MAAA;MACnC,SAAA;MACA,QAAA,GAAW,MAAA;IAAA,MAEZ,OAAA;MAAU,EAAA;MAAU,KAAA;MAAe,MAAA;IAAA;kBAe/B,YAAA,EAAY,MAAA,aAEhB,OAAA;MACG,EAAA;MAAU,MAAA;MAAgB,KAAA;MAAe,MAAA,EAAQ,YAAA;IAAA;MAEjD,EAAA;MACA,IAAA;IAAA;gBA6CC,gBAAA,EAAgB,IAAA;MAEnB,KAAA;QACE,MAAA;QACA,OAAA;QACA,IAAA;QACA,MAAA;MAAA;MAEF,KAAA;MACA,MAAA;MACA,OAAA;MAMA,KAAA;IAAA,MACD,OAAA;eAWI,gBAAA,EAAgB,KAAA,aAEpB,OAAA,CAAQ,MAAA;kBAMJ,YAAA,EAAY,KAAA,UACJ,IAAA;MAEX,IAAA;MACA,MAAA,GAAS,QAAA;MACT,SAAA;QAAc,WAAA;QAAqB,QAAA;MAAA;IAAA,MACpC,OAAA;;;;kBAKiB,YAAA,EAAY,KAAA,aAAe,OAAA;;;;kBAO3B,YAAA,EAAY,KAAA,aAAe,OAAA;;;;kBAKxC,YAAA,EAAY,KAAA,UACJ,IAAA;MACJ,IAAA;MAAe,SAAA;IAAA,MACvB,OAAA;MACG,EAAA;MAAU,KAAA;MAAe,MAAA;IAAA;MACzB,EAAA;MAAW,IAAA;IAAA;EAAA;AAAA"}