@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

package/dist/component/server/implementation/totp.js

@@ -1,142 +0,0 @@
-import { throwAuthError } from "../errors.js";
-import { callSignIn } from "./mutations/signin.js";
-import { callVerifierSignature } from "./mutations/signature.js";
-import { callVerifier } from "./mutations/verifier.js";
-import { mutateTotpInsert, mutateTotpMarkVerified, mutateTotpUpdateLastUsed, mutateVerifierDelete, queryTotpById, queryTotpVerifiedByUserId, queryUserById, queryVerifierById } from "./types.js";
-import { encodeBase32LowerCaseNoPadding } from "@oslojs/encoding";
-import { createTOTPKeyURI, verifyTOTPWithGracePeriod } from "@oslojs/otp";
-
-//#region src/server/implementation/totp.ts
-/**
-* Server-side TOTP ceremony logic for two-factor authentication.
-*
-* Handles the three phases of the TOTP flow:
-* 1. setup   — generate a TOTP secret and `otpauth://` URI for enrollment
-* 2. confirm — verify the first code from the authenticator app and mark
-*              the enrollment as verified
-* 3. verify  — verify a TOTP code during sign-in (2FA challenge)
-*
-* Uses `@oslojs/otp` for TOTP generation / verification and
-* `@oslojs/encoding` for base-32 secret encoding.
-*/
-/**
-* Phase 1: Generate a TOTP secret and enrollment URI.
-*
-* Requires an authenticated user — TOTP enrollment always adds a second
-* factor to an existing account.  The userId is taken from the current
-* session identity.
-*/
-async function handleSetup(ctx, provider, params) {
-	const identity = await ctx.auth.getUserIdentity();
-	if (identity === null) throwAuthError("TOTP_AUTH_REQUIRED");
-	const [userId] = identity.subject.split("|");
-	const secret = new Uint8Array(20);
-	crypto.getRandomValues(secret);
-	let accountName = params.accountName;
-	if (!accountName) accountName = (await queryUserById(ctx, userId))?.email ?? "user";
-	const uri = createTOTPKeyURI(provider.options.issuer, accountName, secret, provider.options.period, provider.options.digits);
-	const base32Secret = encodeBase32LowerCaseNoPadding(secret);
-	const verifier = await callVerifier(ctx);
-	await callVerifierSignature(ctx, {
-		verifier,
-		signature: JSON.stringify({
-			secret: Array.from(secret),
-			userId,
-			digits: provider.options.digits,
-			period: provider.options.period
-		})
-	});
-	return {
-		kind: "totpSetup",
-		uri,
-		secret: base32Secret,
-		verifier,
-		totpId: await mutateTotpInsert(ctx, {
-			userId,
-			secret: secret.buffer.slice(secret.byteOffset, secret.byteOffset + secret.byteLength),
-			digits: provider.options.digits,
-			period: provider.options.period,
-			verified: false,
-			name: params.name,
-			createdAt: Date.now()
-		})
-	};
-}
-/**
-* Phase 2: Verify the first code from the authenticator app.
-*
-* Requires an authenticated user.  Marks the TOTP enrollment as verified
-* after confirming the code is correct.
-*/
-async function handleConfirm(ctx, provider, params, verifierValue) {
-	const identity = await ctx.auth.getUserIdentity();
-	if (identity === null) throwAuthError("TOTP_AUTH_REQUIRED");
-	const [userId] = identity.subject.split("|");
-	if (!verifierValue) throwAuthError("TOTP_MISSING_VERIFIER");
-	if (!params.code) throwAuthError("TOTP_MISSING_CODE");
-	if (!params.totpId) throwAuthError("TOTP_MISSING_ID");
-	const totpDoc = await queryTotpById(ctx, params.totpId);
-	if (!totpDoc) throwAuthError("TOTP_NOT_FOUND");
-	if (totpDoc.verified) throwAuthError("TOTP_ALREADY_VERIFIED");
-	if (!verifyTOTPWithGracePeriod(new Uint8Array(totpDoc.secret), provider.options.period, provider.options.digits, params.code, 30)) throwAuthError("TOTP_INVALID_CODE");
-	await mutateTotpMarkVerified(ctx, params.totpId, Date.now());
-	await mutateVerifierDelete(ctx, verifierValue);
-	return {
-		kind: "signedIn",
-		signedIn: await callSignIn(ctx, {
-			userId,
-			generateTokens: true
-		})
-	};
-}
-/**
-* Phase 3: Verify a TOTP code during sign-in.
-*
-* Does NOT require an authenticated user — this runs mid-sign-in as a
-* second-factor challenge.  The userId is retrieved from the stored verifier.
-*/
-async function handleVerify(ctx, provider, params, verifierValue) {
-	if (!verifierValue) throwAuthError("TOTP_MISSING_VERIFIER");
-	if (!params.code) throwAuthError("TOTP_MISSING_CODE");
-	const verifierDoc = await queryVerifierById(ctx, verifierValue);
-	if (!verifierDoc) throwAuthError("TOTP_INVALID_VERIFIER");
-	const userId = JSON.parse(verifierDoc.signature).userId;
-	const totpDoc = await queryTotpVerifiedByUserId(ctx, userId);
-	if (!totpDoc) throwAuthError("TOTP_NO_ENROLLMENT");
-	if (!verifyTOTPWithGracePeriod(new Uint8Array(totpDoc.secret), totpDoc.period, totpDoc.digits, params.code, 30)) throwAuthError("TOTP_INVALID_CODE");
-	await mutateTotpUpdateLastUsed(ctx, totpDoc._id, Date.now());
-	await mutateVerifierDelete(ctx, verifierValue);
-	return {
-		kind: "signedIn",
-		signedIn: await callSignIn(ctx, {
-			userId,
-			generateTokens: true
-		})
-	};
-}
-/**
-* Main TOTP handler dispatched from signIn.ts.
-*
-* Routes to the appropriate phase based on `params.flow`.
-*/
-async function handleTotp(ctx, provider, args) {
-	const flow = args.params?.flow;
-	if (!flow) throwAuthError("TOTP_MISSING_FLOW", "Missing `flow` parameter. Expected one of: setup, confirm, verify");
-	switch (flow) {
-		case "setup": return handleSetup(ctx, provider, args.params ?? {});
-		case "confirm": return handleConfirm(ctx, provider, args.params ?? {}, args.verifier);
-		case "verify": return handleVerify(ctx, provider, args.params ?? {}, args.verifier);
-		default: throwAuthError("TOTP_UNKNOWN_FLOW", `Unknown TOTP flow: ${flow}. Expected one of: setup, confirm, verify`);
-	}
-}
-/**
-* Check if a user has a verified TOTP enrollment.
-* Called after credentials sign-in to determine if 2FA is needed.
-*/
-async function checkTotpRequired(ctx, userId) {
-	return await queryTotpVerifiedByUserId(ctx, userId) !== null;
-}
-
-//#endregion
-export { checkTotpRequired, handleTotp };
-//# sourceMappingURL=totp.js.map

package/dist/component/server/implementation/totp.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"totp.js","names":[],"sources":["../../../../src/server/implementation/totp.ts"],"sourcesContent":["/**\n * Server-side TOTP ceremony logic for two-factor authentication.\n *\n * Handles the three phases of the TOTP flow:\n * 1. setup   — generate a TOTP secret and `otpauth://` URI for enrollment\n * 2. confirm — verify the first code from the authenticator app and mark\n *              the enrollment as verified\n * 3. verify  — verify a TOTP code during sign-in (2FA challenge)\n *\n * Uses `@oslojs/otp` for TOTP generation / verification and\n * `@oslojs/encoding` for base-32 secret encoding.\n */\n\nimport {\n  verifyTOTPWithGracePeriod,\n  createTOTPKeyURI,\n} from \"@oslojs/otp\";\nimport { encodeBase32LowerCaseNoPadding } from \"@oslojs/encoding\";\nimport {\n  TotpProviderConfig,\n  GenericActionCtxWithAuthConfig,\n} from \"../types\";\nimport {\n  AuthDataModel,\n  SessionInfo,\n  queryUserById,\n  queryTotpById,\n  queryTotpVerifiedByUserId,\n  queryVerifierById,\n  mutateTotpInsert,\n  mutateTotpMarkVerified,\n  mutateTotpUpdateLastUsed,\n  mutateVerifierDelete,\n} from \"./types\";\nimport { callSignIn, callVerifier } from \"./mutations/index\";\nimport { callVerifierSignature } from \"./mutations/signature\";\nimport { throwAuthError } from \"../errors\";\n\ntype EnrichedActionCtx = GenericActionCtxWithAuthConfig<AuthDataModel>;\n\n// ============================================================================\n// Setup flow\n// ============================================================================\n\n/**\n * Phase 1: Generate a TOTP secret and enrollment URI.\n *\n * Requires an authenticated user — TOTP enrollment always adds a second\n * factor to an existing account.  The userId is taken from the current\n * session identity.\n */\nasync function handleSetup(\n  ctx: EnrichedActionCtx,\n  provider: TotpProviderConfig,\n  params: Record<string, any>,\n): Promise<{\n  kind: \"totpSetup\";\n  uri: string;\n  secret: string;\n  verifier: string;\n  totpId: string;\n}> {\n  // TOTP enrollment requires an authenticated user\n  const identity = await ctx.auth.getUserIdentity();\n  if (identity === null) {\n    throwAuthError(\"TOTP_AUTH_REQUIRED\");\n  }\n  const [userId] = identity.subject.split(\"|\");\n\n  // Generate a 20-byte random secret (160 bits, per RFC 4226 recommendation)\n  const secret = new Uint8Array(20);\n  crypto.getRandomValues(secret);\n\n  // Resolve the account name for the otpauth:// URI\n  let accountName: string = params.accountName as string;\n  if (!accountName) {\n    const user = await queryUserById(ctx, userId!);\n    accountName = user?.email ?? \"user\";\n  }\n\n  // Build the otpauth:// URI for QR code scanning\n  const uri = createTOTPKeyURI(\n    provider.options.issuer,\n    accountName,\n    secret,\n    provider.options.period,\n    provider.options.digits,\n  );\n\n  // Encode the secret as base-32 for manual entry\n  const base32Secret = encodeBase32LowerCaseNoPadding(secret);\n\n  // Store enrolment metadata in a verifier so we can correlate the confirm step\n  const verifier = await callVerifier(ctx);\n  await callVerifierSignature(ctx, {\n    verifier,\n    signature: JSON.stringify({\n      secret: Array.from(secret),\n      userId,\n      digits: provider.options.digits,\n      period: provider.options.period,\n    }),\n  });\n\n  // Insert an UNVERIFIED TOTP record in the DB\n  const totpId = await mutateTotpInsert(ctx, {\n    userId: userId!,\n    secret: secret.buffer.slice(\n      secret.byteOffset,\n      secret.byteOffset + secret.byteLength,\n    ),\n    digits: provider.options.digits,\n    period: provider.options.period,\n    verified: false,\n    name: params.name,\n    createdAt: Date.now(),\n  });\n\n  return {\n    kind: \"totpSetup\" as const,\n    uri,\n    secret: base32Secret,\n    verifier,\n    totpId,\n  };\n}\n\n// ============================================================================\n// Confirm flow\n// ============================================================================\n\n/**\n * Phase 2: Verify the first code from the authenticator app.\n *\n * Requires an authenticated user.  Marks the TOTP enrollment as verified\n * after confirming the code is correct.\n */\nasync function handleConfirm(\n  ctx: EnrichedActionCtx,\n  provider: TotpProviderConfig,\n  params: Record<string, any>,\n  verifierValue: string | undefined,\n): Promise<{ kind: \"signedIn\"; signedIn: SessionInfo | null }> {\n  // TOTP confirmation requires an authenticated user\n  const identity = await ctx.auth.getUserIdentity();\n  if (identity === null) {\n    throwAuthError(\"TOTP_AUTH_REQUIRED\");\n  }\n  const [userId] = identity.subject.split(\"|\");\n\n  if (!verifierValue) {\n    throwAuthError(\"TOTP_MISSING_VERIFIER\");\n  }\n  if (!params.code) {\n    throwAuthError(\"TOTP_MISSING_CODE\");\n  }\n  if (!params.totpId) {\n    throwAuthError(\"TOTP_MISSING_ID\");\n  }\n\n  // Look up the TOTP record\n  const totpDoc = await queryTotpById(ctx, params.totpId);\n  if (!totpDoc) {\n    throwAuthError(\"TOTP_NOT_FOUND\");\n  }\n  if (totpDoc.verified) {\n    throwAuthError(\"TOTP_ALREADY_VERIFIED\");\n  }\n\n  // Extract the secret from the TOTP record\n  const secret = new Uint8Array(totpDoc.secret);\n\n  // Verify the code with a 30-second grace period\n  const valid = verifyTOTPWithGracePeriod(\n    secret,\n    provider.options.period,\n    provider.options.digits,\n    params.code,\n    30,\n  );\n  if (!valid) {\n    throwAuthError(\"TOTP_INVALID_CODE\");\n  }\n\n  // Mark the enrollment as verified\n  await mutateTotpMarkVerified(ctx, params.totpId, Date.now());\n\n  // Clean up the verifier\n  await mutateVerifierDelete(ctx, verifierValue);\n\n  // Return tokens for the existing session\n  const signInResult = await callSignIn(ctx, {\n    userId: userId!,\n    generateTokens: true,\n  });\n\n  return { kind: \"signedIn\", signedIn: signInResult };\n}\n\n// ============================================================================\n// Verify flow (2FA during sign-in)\n// ============================================================================\n\n/**\n * Phase 3: Verify a TOTP code during sign-in.\n *\n * Does NOT require an authenticated user — this runs mid-sign-in as a\n * second-factor challenge.  The userId is retrieved from the stored verifier.\n */\nasync function handleVerify(\n  ctx: EnrichedActionCtx,\n  provider: TotpProviderConfig,\n  params: Record<string, any>,\n  verifierValue: string | undefined,\n): Promise<{ kind: \"signedIn\"; signedIn: SessionInfo | null }> {\n  if (!verifierValue) {\n    throwAuthError(\"TOTP_MISSING_VERIFIER\");\n  }\n  if (!params.code) {\n    throwAuthError(\"TOTP_MISSING_CODE\");\n  }\n\n  // Look up the verifier to retrieve the stored userId\n  const verifierDoc = await queryVerifierById(ctx, verifierValue);\n  if (!verifierDoc) {\n    throwAuthError(\"TOTP_INVALID_VERIFIER\");\n  }\n\n  // Parse the signature to extract userId\n  const signatureData = JSON.parse(verifierDoc.signature!);\n  const userId = signatureData.userId as string;\n\n  // Look up the user's verified TOTP enrollment\n  const totpDoc = await queryTotpVerifiedByUserId(ctx, userId);\n  if (!totpDoc) {\n    throwAuthError(\"TOTP_NO_ENROLLMENT\");\n  }\n\n  // Extract the secret from the TOTP record\n  const secret = new Uint8Array(totpDoc.secret);\n\n  // Verify the code with a 30-second grace period\n  const valid = verifyTOTPWithGracePeriod(\n    secret,\n    totpDoc.period,\n    totpDoc.digits,\n    params.code,\n    30,\n  );\n  if (!valid) {\n    throwAuthError(\"TOTP_INVALID_CODE\");\n  }\n\n  // Update last used timestamp\n  await mutateTotpUpdateLastUsed(ctx, totpDoc._id, Date.now());\n\n  // Clean up the verifier\n  await mutateVerifierDelete(ctx, verifierValue);\n\n  // Sign in the user with tokens\n  const signInResult = await callSignIn(ctx, {\n    userId,\n    generateTokens: true,\n  });\n\n  return { kind: \"signedIn\", signedIn: signInResult };\n}\n\n// ============================================================================\n// Main dispatch\n// ============================================================================\n\n/**\n * Main TOTP handler dispatched from signIn.ts.\n *\n * Routes to the appropriate phase based on `params.flow`.\n */\nexport async function handleTotp(\n  ctx: EnrichedActionCtx,\n  provider: TotpProviderConfig,\n  args: {\n    params?: Record<string, any>;\n    verifier?: string;\n  },\n): Promise<\n  | { kind: \"signedIn\"; signedIn: SessionInfo | null }\n  | {\n      kind: \"totpSetup\";\n      uri: string;\n      secret: string;\n      verifier: string;\n      totpId: string;\n    }\n> {\n  const flow = args.params?.flow;\n  if (!flow) {\n    throwAuthError(\n      \"TOTP_MISSING_FLOW\",\n      \"Missing `flow` parameter. Expected one of: setup, confirm, verify\",\n    );\n  }\n\n  switch (flow) {\n    case \"setup\":\n      return handleSetup(ctx, provider, args.params ?? {});\n    case \"confirm\":\n      return handleConfirm(\n        ctx,\n        provider,\n        args.params ?? {},\n        args.verifier,\n      );\n    case \"verify\":\n      return handleVerify(\n        ctx,\n        provider,\n        args.params ?? {},\n        args.verifier,\n      );\n    default:\n      throwAuthError(\n        \"TOTP_UNKNOWN_FLOW\",\n        `Unknown TOTP flow: ${flow}. Expected one of: setup, confirm, verify`,\n      );\n  }\n}\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\n/**\n * Check if a user has a verified TOTP enrollment.\n * Called after credentials sign-in to determine if 2FA is needed.\n */\nexport async function checkTotpRequired(\n  ctx: EnrichedActionCtx,\n  userId: string,\n): Promise<boolean> {\n  const totpDoc = await queryTotpVerifiedByUserId(ctx, userId);\n  return totpDoc !== null;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmDA,eAAe,YACb,KACA,UACA,QAOC;CAED,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,KAAI,aAAa,KACf,gBAAe,qBAAqB;CAEtC,MAAM,CAAC,UAAU,SAAS,QAAQ,MAAM,IAAI;CAG5C,MAAM,SAAS,IAAI,WAAW,GAAG;AACjC,QAAO,gBAAgB,OAAO;CAG9B,IAAI,cAAsB,OAAO;AACjC,KAAI,CAAC,YAEH,gBADa,MAAM,cAAc,KAAK,OAAQ,GAC1B,SAAS;CAI/B,MAAM,MAAM,iBACV,SAAS,QAAQ,QACjB,aACA,QACA,SAAS,QAAQ,QACjB,SAAS,QAAQ,OAClB;CAGD,MAAM,eAAe,+BAA+B,OAAO;CAG3D,MAAM,WAAW,MAAM,aAAa,IAAI;AACxC,OAAM,sBAAsB,KAAK;EAC/B;EACA,WAAW,KAAK,UAAU;GACxB,QAAQ,MAAM,KAAK,OAAO;GAC1B;GACA,QAAQ,SAAS,QAAQ;GACzB,QAAQ,SAAS,QAAQ;GAC1B,CAAC;EACH,CAAC;AAgBF,QAAO;EACL,MAAM;EACN;EACA,QAAQ;EACR;EACA,QAlBa,MAAM,iBAAiB,KAAK;GACjC;GACR,QAAQ,OAAO,OAAO,MACpB,OAAO,YACP,OAAO,aAAa,OAAO,WAC5B;GACD,QAAQ,SAAS,QAAQ;GACzB,QAAQ,SAAS,QAAQ;GACzB,UAAU;GACV,MAAM,OAAO;GACb,WAAW,KAAK,KAAK;GACtB,CAAC;EAQD;;;;;;;;AAaH,eAAe,cACb,KACA,UACA,QACA,eAC6D;CAE7D,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,KAAI,aAAa,KACf,gBAAe,qBAAqB;CAEtC,MAAM,CAAC,UAAU,SAAS,QAAQ,MAAM,IAAI;AAE5C,KAAI,CAAC,cACH,gBAAe,wBAAwB;AAEzC,KAAI,CAAC,OAAO,KACV,gBAAe,oBAAoB;AAErC,KAAI,CAAC,OAAO,OACV,gBAAe,kBAAkB;CAInC,MAAM,UAAU,MAAM,cAAc,KAAK,OAAO,OAAO;AACvD,KAAI,CAAC,QACH,gBAAe,iBAAiB;AAElC,KAAI,QAAQ,SACV,gBAAe,wBAAwB;AAczC,KAAI,CAPU,0BAHC,IAAI,WAAW,QAAQ,OAAO,EAK3C,SAAS,QAAQ,QACjB,SAAS,QAAQ,QACjB,OAAO,MACP,GACD,CAEC,gBAAe,oBAAoB;AAIrC,OAAM,uBAAuB,KAAK,OAAO,QAAQ,KAAK,KAAK,CAAC;AAG5D,OAAM,qBAAqB,KAAK,cAAc;AAQ9C,QAAO;EAAE,MAAM;EAAY,UALN,MAAM,WAAW,KAAK;GACjC;GACR,gBAAgB;GACjB,CAAC;EAEiD;;;;;;;;AAarD,eAAe,aACb,KACA,UACA,QACA,eAC6D;AAC7D,KAAI,CAAC,cACH,gBAAe,wBAAwB;AAEzC,KAAI,CAAC,OAAO,KACV,gBAAe,oBAAoB;CAIrC,MAAM,cAAc,MAAM,kBAAkB,KAAK,cAAc;AAC/D,KAAI,CAAC,YACH,gBAAe,wBAAwB;CAKzC,MAAM,SADgB,KAAK,MAAM,YAAY,UAAW,CAC3B;CAG7B,MAAM,UAAU,MAAM,0BAA0B,KAAK,OAAO;AAC5D,KAAI,CAAC,QACH,gBAAe,qBAAqB;AActC,KAAI,CAPU,0BAHC,IAAI,WAAW,QAAQ,OAAO,EAK3C,QAAQ,QACR,QAAQ,QACR,OAAO,MACP,GACD,CAEC,gBAAe,oBAAoB;AAIrC,OAAM,yBAAyB,KAAK,QAAQ,KAAK,KAAK,KAAK,CAAC;AAG5D,OAAM,qBAAqB,KAAK,cAAc;AAQ9C,QAAO;EAAE,MAAM;EAAY,UALN,MAAM,WAAW,KAAK;GACzC;GACA,gBAAgB;GACjB,CAAC;EAEiD;;;;;;;AAYrD,eAAsB,WACpB,KACA,UACA,MAaA;CACA,MAAM,OAAO,KAAK,QAAQ;AAC1B,KAAI,CAAC,KACH,gBACE,qBACA,oEACD;AAGH,SAAQ,MAAR;EACE,KAAK,QACH,QAAO,YAAY,KAAK,UAAU,KAAK,UAAU,EAAE,CAAC;EACtD,KAAK,UACH,QAAO,cACL,KACA,UACA,KAAK,UAAU,EAAE,EACjB,KAAK,SACN;EACH,KAAK,SACH,QAAO,aACL,KACA,UACA,KAAK,UAAU,EAAE,EACjB,KAAK,SACN;EACH,QACE,gBACE,qBACA,sBAAsB,KAAK,2CAC5B;;;;;;;AAYP,eAAsB,kBACpB,KACA,QACkB;AAElB,QADgB,MAAM,0BAA0B,KAAK,OAAO,KACzC"}

package/dist/component/server/implementation/types.d.ts

@@ -1,42 +0,0 @@
-import _default from "../../schema.js";
-import { GenericDoc } from "../types.js";
-import { DataModelFromSchemaDefinition, GenericActionCtx, GenericMutationCtx, GenericQueryCtx, TableNamesInDataModel } from "convex/server";
-import { GenericId } from "convex/values";
-
-//#region src/server/implementation/types.d.ts
-/** Data model derived from the component schema. */
-type AuthDataModel = DataModelFromSchemaDefinition<typeof _default>;
-/** A document from any table in the auth component schema. */
-type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<AuthDataModel, T>;
-/** A pair of JWT access token and refresh token. */
-type Tokens = {
-  token: string;
-  refreshToken: string;
-};
-interface KeyDoc {
-  _id: string;
-  _creationTime: number;
-  userId: string;
-  prefix: string;
-  hashedKey: string;
-  name: string;
-  scopes: Array<{
-    resource: string;
-    actions: string[];
-  }>;
-  rateLimit?: {
-    maxRequests: number;
-    windowMs: number;
-  };
-  rateLimitState?: {
-    attemptsLeft: number;
-    lastAttemptTime: number;
-  };
-  expiresAt?: number;
-  lastUsedAt?: number;
-  createdAt: number;
-  revoked: boolean;
-}
-//#endregion
-export { Doc, KeyDoc, Tokens };
-//# sourceMappingURL=types.d.ts.map

package/dist/component/server/implementation/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","names":[],"sources":["../../../../src/server/implementation/types.ts"],"mappings":";;;;;;;KAaY,aAAA,GAAgB,6BAAA,QAAqC,QAAA;;KAYrD,GAAA,WAAc,qBAAA,CAAsB,aAAA,KAAkB,UAAA,CAChE,aAAA,EACA,CAAA;;KAIU,MAAA;EAAW,KAAA;EAAe,YAAA;AAAA;AAAA,UAuErB,MAAA;EACf,GAAA;EACA,aAAA;EACA,MAAA;EACA,MAAA;EACA,SAAA;EACA,IAAA;EACA,MAAA,EAAQ,KAAA;IAAQ,QAAA;IAAkB,OAAA;EAAA;EAClC,SAAA;IAAc,WAAA;IAAqB,QAAA;EAAA;EACnC,cAAA;IAAmB,YAAA;IAAsB,eAAA;EAAA;EACzC,SAAA;EACA,UAAA;EACA,SAAA;EACA,OAAA;AAAA"}

package/dist/component/server/implementation/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","names":[],"sources":["../../../../src/server/implementation/types.ts"],"sourcesContent":["import {\n  DataModelFromSchemaDefinition,\n  GenericActionCtx,\n  GenericMutationCtx,\n  GenericQueryCtx,\n  TableNamesInDataModel,\n} from \"convex/server\";\nimport { GenericId } from \"convex/values\";\nimport { GenericDoc } from \"../types\";\nimport schema from \"../../component/schema\";\nimport { AuthComponentApi } from \"../types\";\n\n/** Data model derived from the component schema. */\nexport type AuthDataModel = DataModelFromSchemaDefinition<typeof schema>;\n\n/** Action context typed to the auth component's data model. */\nexport type ActionCtx = GenericActionCtx<AuthDataModel>;\n\n/** Mutation context typed to the auth component's data model. */\nexport type MutationCtx = GenericMutationCtx<AuthDataModel>;\n\n/** Query context typed to the auth component's data model. */\nexport type QueryCtx = GenericQueryCtx<AuthDataModel>;\n\n/** A document from any table in the auth component schema. */\nexport type Doc<T extends TableNamesInDataModel<AuthDataModel>> = GenericDoc<\n  AuthDataModel,\n  T\n>;\n\n/** A pair of JWT access token and refresh token. */\nexport type Tokens = { token: string; refreshToken: string };\n\n/** Session information returned after authentication. */\nexport type SessionInfo = {\n  userId: GenericId<\"user\">;\n  sessionId: GenericId<\"session\">;\n  tokens: Tokens | null;\n};\n\n/** Session information with guaranteed non-null tokens. */\nexport type SessionInfoWithTokens = {\n  userId: GenericId<\"user\">;\n  sessionId: GenericId<\"session\">;\n  tokens: Tokens;\n};\n\n// ---------------------------------------------------------------------------\n// Cross-component document shapes\n// ---------------------------------------------------------------------------\n// These mirror the component schema tables. They exist so that server-side\n// code can work with typed results from cross-component queries/mutations\n// instead of casting to `any` at every field access.\n\nexport interface TotpDoc {\n  _id: string;\n  _creationTime: number;\n  userId: string;\n  secret: ArrayBuffer;\n  digits: number;\n  period: number;\n  verified: boolean;\n  name?: string;\n  createdAt: number;\n  lastUsedAt?: number;\n}\n\nexport interface PasskeyDoc {\n  _id: string;\n  _creationTime: number;\n  userId: string;\n  credentialId: string;\n  publicKey: ArrayBuffer;\n  algorithm: number;\n  counter: number;\n  transports?: string[];\n  deviceType: string;\n  backedUp: boolean;\n  name?: string;\n  createdAt: number;\n  lastUsedAt?: number;\n}\n\nexport interface VerifierDoc {\n  _id: string;\n  _creationTime: number;\n  signature?: string;\n  sessionId?: string;\n}\n\nexport interface UserDoc {\n  _id: string;\n  _creationTime: number;\n  email?: string;\n  emailVerificationTime?: number;\n  phone?: string;\n  phoneVerificationTime?: number;\n  name?: string;\n  image?: string;\n  isAnonymous?: boolean;\n}\n\nexport interface KeyDoc {\n  _id: string;\n  _creationTime: number;\n  userId: string;\n  prefix: string;\n  hashedKey: string;\n  name: string;\n  scopes: Array<{ resource: string; actions: string[] }>;\n  rateLimit?: { maxRequests: number; windowMs: number };\n  rateLimitState?: { attemptsLeft: number; lastAttemptTime: number };\n  expiresAt?: number;\n  lastUsedAt?: number;\n  createdAt: number;\n  revoked: boolean;\n}\n\n// ---------------------------------------------------------------------------\n// Cross-component wrapper context\n// ---------------------------------------------------------------------------\n// Structural type accepted by all wrappers below.  Works for both action and\n// mutation contexts — the only capabilities we need are runQuery / runMutation\n// and access to the component API via `auth.config.component`.\n\n/** @internal */\nexport type ComponentCallCtx = {\n  runQuery: GenericActionCtx<AuthDataModel>[\"runQuery\"];\n  runMutation: GenericActionCtx<AuthDataModel>[\"runMutation\"];\n  auth: { config: { component: AuthComponentApi } };\n};\n\n// ---------------------------------------------------------------------------\n// Typed wrappers for cross-component calls\n// ---------------------------------------------------------------------------\n// Each wrapper encapsulates the single `as any` cast at the component\n// boundary so that callers get full type safety on both args and return\n// values.\n\n// -- User queries --\n\nexport async function queryUserById(\n  ctx: ComponentCallCtx,\n  userId: string,\n): Promise<UserDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.userGetById,\n    { userId },\n  )) as UserDoc | null;\n}\n\nexport async function queryUserByVerifiedEmail(\n  ctx: ComponentCallCtx,\n  email: string,\n): Promise<UserDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.userFindByVerifiedEmail,\n    { email },\n  )) as UserDoc | null;\n}\n\n// -- Verifier queries / mutations --\n\nexport async function queryVerifierById(\n  ctx: ComponentCallCtx,\n  verifierId: string,\n): Promise<VerifierDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.verifierGetById,\n    { verifierId },\n  )) as VerifierDoc | null;\n}\n\nexport async function mutateVerifierDelete(\n  ctx: ComponentCallCtx,\n  verifierId: string,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.verifierDelete,\n    { verifierId },\n  );\n}\n\n// -- TOTP queries / mutations --\n\nexport async function queryTotpById(\n  ctx: ComponentCallCtx,\n  totpId: string,\n): Promise<TotpDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.totpGetById,\n    { totpId },\n  )) as TotpDoc | null;\n}\n\nexport async function queryTotpVerifiedByUserId(\n  ctx: ComponentCallCtx,\n  userId: string,\n): Promise<TotpDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.totpGetVerifiedByUserId,\n    { userId },\n  )) as TotpDoc | null;\n}\n\nexport async function mutateTotpInsert(\n  ctx: ComponentCallCtx,\n  args: {\n    userId: string;\n    secret: ArrayBuffer;\n    digits: number;\n    period: number;\n    verified: boolean;\n    name?: string;\n    createdAt: number;\n  },\n): Promise<string> {\n  return (await ctx.runMutation(\n    ctx.auth.config.component.public.totpInsert,\n    args,\n  )) as string;\n}\n\nexport async function mutateTotpMarkVerified(\n  ctx: ComponentCallCtx,\n  totpId: string,\n  lastUsedAt: number,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.totpMarkVerified,\n    { totpId, lastUsedAt },\n  );\n}\n\nexport async function mutateTotpUpdateLastUsed(\n  ctx: ComponentCallCtx,\n  totpId: string,\n  lastUsedAt: number,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.totpUpdateLastUsed,\n    { totpId, lastUsedAt },\n  );\n}\n\n// -- Passkey queries / mutations --\n\nexport async function queryPasskeysByUserId(\n  ctx: ComponentCallCtx,\n  userId: string,\n): Promise<PasskeyDoc[]> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.passkeyListByUserId,\n    { userId },\n  )) as PasskeyDoc[];\n}\n\nexport async function queryPasskeyByCredentialId(\n  ctx: ComponentCallCtx,\n  credentialId: string,\n): Promise<PasskeyDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.passkeyGetByCredentialId,\n    { credentialId },\n  )) as PasskeyDoc | null;\n}\n\nexport async function mutatePasskeyInsert(\n  ctx: ComponentCallCtx,\n  args: {\n    userId: string;\n    credentialId: string;\n    publicKey: ArrayBuffer | ArrayBufferLike;\n    algorithm: number;\n    counter: number;\n    transports?: string[];\n    deviceType: string;\n    backedUp: boolean;\n    name?: string;\n    createdAt: number;\n  },\n): Promise<string> {\n  return (await ctx.runMutation(\n    ctx.auth.config.component.public.passkeyInsert,\n    args,\n  )) as string;\n}\n\nexport async function mutatePasskeyUpdateCounter(\n  ctx: ComponentCallCtx,\n  passkeyId: string,\n  counter: number,\n  lastUsedAt: number,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.passkeyUpdateCounter,\n    { passkeyId, counter, lastUsedAt },\n  );\n}\n\n// -- Key queries / mutations --\n\nexport async function mutateKeyInsert(\n  ctx: ComponentCallCtx,\n  args: {\n    userId: string;\n    prefix: string;\n    hashedKey: string;\n    name: string;\n    scopes: Array<{ resource: string; actions: string[] }>;\n    rateLimit?: { maxRequests: number; windowMs: number };\n    expiresAt?: number;\n  },\n): Promise<string> {\n  return (await ctx.runMutation(\n    ctx.auth.config.component.public.keyInsert,\n    args,\n  )) as string;\n}\n\nexport async function queryKeysByUserId(\n  ctx: ComponentCallCtx,\n  userId: string,\n): Promise<KeyDoc[]> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.keyListByUserId,\n    { userId },\n  )) as KeyDoc[];\n}\n\nexport async function queryKeyById(\n  ctx: ComponentCallCtx,\n  keyId: string,\n): Promise<KeyDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.keyGetById,\n    { keyId },\n  )) as KeyDoc | null;\n}\n\nexport async function mutateKeyPatch(\n  ctx: ComponentCallCtx,\n  keyId: string,\n  data: Record<string, unknown>,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.keyPatch,\n    { keyId, data },\n  );\n}\n\nexport async function mutateKeyDelete(\n  ctx: ComponentCallCtx,\n  keyId: string,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.keyDelete,\n    { keyId },\n  );\n}\n\n// -- Device authorization queries / mutations --\n\nexport interface DeviceDoc {\n  _id: string;\n  _creationTime: number;\n  deviceCodeHash: string;\n  userCode: string;\n  expiresAt: number;\n  interval: number;\n  status: \"pending\" | \"authorized\" | \"denied\";\n  userId?: string;\n  sessionId?: string;\n  lastPolledAt?: number;\n}\n\nexport async function mutateDeviceInsert(\n  ctx: ComponentCallCtx,\n  args: {\n    deviceCodeHash: string;\n    userCode: string;\n    expiresAt: number;\n    interval: number;\n    status: \"pending\" | \"authorized\" | \"denied\";\n  },\n): Promise<string> {\n  return (await ctx.runMutation(\n    ctx.auth.config.component.public.deviceInsert,\n    args,\n  )) as string;\n}\n\nexport async function queryDeviceByCodeHash(\n  ctx: ComponentCallCtx,\n  deviceCodeHash: string,\n): Promise<DeviceDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.deviceGetByCodeHash,\n    { deviceCodeHash },\n  )) as DeviceDoc | null;\n}\n\nexport async function queryDeviceByUserCode(\n  ctx: ComponentCallCtx,\n  userCode: string,\n): Promise<DeviceDoc | null> {\n  return (await ctx.runQuery(\n    ctx.auth.config.component.public.deviceGetByUserCode,\n    { userCode },\n  )) as DeviceDoc | null;\n}\n\nexport async function mutateDeviceAuthorize(\n  ctx: ComponentCallCtx,\n  deviceId: string,\n  userId: string,\n  sessionId: string,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.deviceAuthorize,\n    { deviceId, userId, sessionId },\n  );\n}\n\nexport async function mutateDeviceUpdateLastPolled(\n  ctx: ComponentCallCtx,\n  deviceId: string,\n  lastPolledAt: number,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.deviceUpdateLastPolled,\n    { deviceId, lastPolledAt },\n  );\n}\n\nexport async function mutateDeviceDelete(\n  ctx: ComponentCallCtx,\n  deviceId: string,\n): Promise<void> {\n  await ctx.runMutation(\n    ctx.auth.config.component.public.deviceDelete,\n    { deviceId },\n  );\n}\n"],"mappings":";AA6IA,eAAsB,cACpB,KACA,QACyB;AACzB,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,aACjC,EAAE,QAAQ,CACX;;AAGH,eAAsB,yBACpB,KACA,OACyB;AACzB,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,yBACjC,EAAE,OAAO,CACV;;AAKH,eAAsB,kBACpB,KACA,YAC6B;AAC7B,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,iBACjC,EAAE,YAAY,CACf;;AAGH,eAAsB,qBACpB,KACA,YACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,gBACjC,EAAE,YAAY,CACf;;AAKH,eAAsB,cACpB,KACA,QACyB;AACzB,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,aACjC,EAAE,QAAQ,CACX;;AAGH,eAAsB,0BACpB,KACA,QACyB;AACzB,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,yBACjC,EAAE,QAAQ,CACX;;AAGH,eAAsB,iBACpB,KACA,MASiB;AACjB,QAAQ,MAAM,IAAI,YAChB,IAAI,KAAK,OAAO,UAAU,OAAO,YACjC,KACD;;AAGH,eAAsB,uBACpB,KACA,QACA,YACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,kBACjC;EAAE;EAAQ;EAAY,CACvB;;AAGH,eAAsB,yBACpB,KACA,QACA,YACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,oBACjC;EAAE;EAAQ;EAAY,CACvB;;AAKH,eAAsB,sBACpB,KACA,QACuB;AACvB,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,qBACjC,EAAE,QAAQ,CACX;;AAGH,eAAsB,2BACpB,KACA,cAC4B;AAC5B,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,0BACjC,EAAE,cAAc,CACjB;;AAGH,eAAsB,oBACpB,KACA,MAYiB;AACjB,QAAQ,MAAM,IAAI,YAChB,IAAI,KAAK,OAAO,UAAU,OAAO,eACjC,KACD;;AAGH,eAAsB,2BACpB,KACA,WACA,SACA,YACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,sBACjC;EAAE;EAAW;EAAS;EAAY,CACnC;;AA+EH,eAAsB,mBACpB,KACA,MAOiB;AACjB,QAAQ,MAAM,IAAI,YAChB,IAAI,KAAK,OAAO,UAAU,OAAO,cACjC,KACD;;AAGH,eAAsB,sBACpB,KACA,gBAC2B;AAC3B,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,qBACjC,EAAE,gBAAgB,CACnB;;AAGH,eAAsB,sBACpB,KACA,UAC2B;AAC3B,QAAQ,MAAM,IAAI,SAChB,IAAI,KAAK,OAAO,UAAU,OAAO,qBACjC,EAAE,UAAU,CACb;;AAGH,eAAsB,sBACpB,KACA,UACA,QACA,WACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,iBACjC;EAAE;EAAU;EAAQ;EAAW,CAChC;;AAGH,eAAsB,6BACpB,KACA,UACA,cACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,wBACjC;EAAE;EAAU;EAAc,CAC3B;;AAGH,eAAsB,mBACpB,KACA,UACe;AACf,OAAM,IAAI,YACR,IAAI,KAAK,OAAO,UAAU,OAAO,cACjC,EAAE,UAAU,CACb"}

package/dist/component/server/implementation/users.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"users.js","names":[],"sources":["../../../../src/server/implementation/users.ts"],"sourcesContent":["import { GenericId } from \"convex/values\";\nimport { Doc, MutationCtx } from \"./types\";\nimport { AuthProviderMaterializedConfig, ConvexAuthConfig } from \"../types\";\nimport { LOG_LEVELS, logWithLevel } from \"./utils\";\nimport { authDb } from \"./db\";\nimport { throwAuthError } from \"../errors\";\n\ntype CreateOrUpdateUserArgs = {\n  type: \"oauth\" | \"credentials\" | \"email\" | \"phone\" | \"verification\";\n  provider: AuthProviderMaterializedConfig;\n  profile: Record<string, unknown> & {\n    email?: string;\n    phone?: string;\n    emailVerified?: boolean;\n    phoneVerified?: boolean;\n  };\n  shouldLinkViaEmail?: boolean;\n  shouldLinkViaPhone?: boolean;\n};\n\nexport async function upsertUserAndAccount(\n  ctx: MutationCtx,\n  sessionId: GenericId<\"session\"> | null,\n  account:\n    | { existingAccount: Doc<\"account\"> }\n    | {\n        providerAccountId: string;\n        secret?: string;\n      },\n  args: CreateOrUpdateUserArgs,\n  config: ConvexAuthConfig,\n): Promise<{\n  userId: GenericId<\"user\">;\n  accountId: GenericId<\"account\">;\n}> {\n  const userId = await defaultCreateOrUpdateUser(\n    ctx,\n    sessionId,\n    \"existingAccount\" in account ? account.existingAccount : null,\n    args,\n    config,\n  );\n  const accountId = await createOrUpdateAccount(ctx, userId, account, args, config);\n  return { userId, accountId };\n}\n\nasync function defaultCreateOrUpdateUser(\n  ctx: MutationCtx,\n  existingSessionId: GenericId<\"session\"> | null,\n  existingAccount: Doc<\"account\"> | null,\n  args: CreateOrUpdateUserArgs,\n  config: ConvexAuthConfig,\n) {\n  logWithLevel(LOG_LEVELS.DEBUG, \"defaultCreateOrUpdateUser args:\", {\n    existingAccountId: existingAccount?._id,\n    existingSessionId,\n    args,\n  });\n  const existingUserId = existingAccount?.userId ?? null;\n  const db = authDb(ctx, config);\n  if (config.callbacks?.createOrUpdateUser !== undefined) {\n    logWithLevel(LOG_LEVELS.DEBUG, \"Using custom createOrUpdateUser callback\");\n    return await config.callbacks.createOrUpdateUser(ctx, {\n      existingUserId,\n      ...args,\n    });\n  }\n\n  const {\n    provider,\n    profile: {\n      emailVerified: profileEmailVerified,\n      phoneVerified: profilePhoneVerified,\n      ...profile\n    },\n  } = args;\n  const emailVerified =\n    profileEmailVerified ??\n    (provider.type === \"oauth\" &&\n      provider.allowDangerousEmailAccountLinking !== false);\n  const phoneVerified = profilePhoneVerified ?? false;\n  const shouldLinkViaEmail =\n    args.shouldLinkViaEmail || emailVerified || provider.type === \"email\";\n  const shouldLinkViaPhone =\n    args.shouldLinkViaPhone || phoneVerified || provider.type === \"phone\";\n\n  let userId = existingUserId;\n  if (existingUserId === null) {\n    const existingUserWithVerifiedEmailId =\n      typeof profile.email === \"string\" && shouldLinkViaEmail\n        ? (await uniqueUserWithVerifiedEmail(ctx, profile.email, config))?._id ??\n          null\n        : null;\n\n    const existingUserWithVerifiedPhoneId =\n      typeof profile.phone === \"string\" && shouldLinkViaPhone\n        ? (await uniqueUserWithVerifiedPhone(ctx, profile.phone, config))?._id ??\n          null\n        : null;\n    // If there is both email and phone verified user\n    // already we can't link.\n    if (\n      existingUserWithVerifiedEmailId !== null &&\n      existingUserWithVerifiedPhoneId !== null\n    ) {\n      logWithLevel(\n        LOG_LEVELS.DEBUG,\n        `Found existing email and phone verified users, so not linking: email: ${existingUserWithVerifiedEmailId}, phone: ${existingUserWithVerifiedPhoneId}`,\n      );\n      userId = null;\n    } else if (existingUserWithVerifiedEmailId !== null) {\n      logWithLevel(\n        LOG_LEVELS.DEBUG,\n        `Found existing email verified user, linking: ${existingUserWithVerifiedEmailId}`,\n      );\n      userId = existingUserWithVerifiedEmailId;\n    } else if (existingUserWithVerifiedPhoneId !== null) {\n      logWithLevel(\n        LOG_LEVELS.DEBUG,\n        `Found existing phone verified user, linking: ${existingUserWithVerifiedPhoneId}`,\n      );\n      userId = existingUserWithVerifiedPhoneId;\n    } else {\n      logWithLevel(\n        LOG_LEVELS.DEBUG,\n        \"No existing verified users found, creating new user\",\n      );\n      userId = null;\n    }\n  }\n  const userData = {\n    ...(emailVerified ? { emailVerificationTime: Date.now() } : null),\n    ...(phoneVerified ? { phoneVerificationTime: Date.now() } : null),\n    ...profile,\n  };\n  const existingOrLinkedUserId = userId;\n  if (userId !== null) {\n    try {\n      await db.users.patch(userId, userData);\n    } catch (error) {\n      throwAuthError(\"USER_UPDATE_FAILED\", `Could not update user document with ID \\`${userId}\\`, ` +\n          `either the user has been deleted but their account has not, ` +\n          `or the profile data doesn't match the \\`users\\` table schema: ` +\n          `${(error as Error).message}`);\n    }\n  } else {\n    userId = (await db.users.insert(userData)) as GenericId<\"user\">;\n  }\n  const afterUserCreatedOrUpdated = config.callbacks?.afterUserCreatedOrUpdated;\n  if (afterUserCreatedOrUpdated !== undefined) {\n    logWithLevel(\n      LOG_LEVELS.DEBUG,\n      \"Calling custom afterUserCreatedOrUpdated callback\",\n    );\n    await afterUserCreatedOrUpdated(ctx, {\n      userId,\n      existingUserId: existingOrLinkedUserId,\n      ...args,\n    });\n  } else {\n    logWithLevel(\n      LOG_LEVELS.DEBUG,\n      \"No custom afterUserCreatedOrUpdated callback, skipping\",\n    );\n  }\n  return userId;\n}\n\nasync function uniqueUserWithVerifiedEmail(\n  ctx: MutationCtx,\n  email: string,\n  config: ConvexAuthConfig,\n) {\n  const db = authDb(ctx, config);\n  return (await db.users.findByVerifiedEmail(email)) as Doc<\"user\"> | null;\n}\n\nasync function uniqueUserWithVerifiedPhone(\n  ctx: MutationCtx,\n  phone: string,\n  config: ConvexAuthConfig,\n) {\n  const db = authDb(ctx, config);\n  return (await db.users.findByVerifiedPhone(phone)) as Doc<\"user\"> | null;\n}\n\nasync function createOrUpdateAccount(\n  ctx: MutationCtx,\n  userId: GenericId<\"user\">,\n  account:\n    | { existingAccount: Doc<\"account\"> }\n    | {\n        providerAccountId: string;\n        secret?: string;\n      },\n  args: CreateOrUpdateUserArgs,\n  config: ConvexAuthConfig,\n) {\n  const db = authDb(ctx, config);\n  const accountId =\n    \"existingAccount\" in account\n      ? account.existingAccount._id\n      : ((await db.accounts.create({\n          userId,\n          provider: args.provider.id,\n          providerAccountId: account.providerAccountId,\n          secret: account.secret,\n        })) as GenericId<\"account\">);\n  // This is never used with the default `createOrUpdateUser` implementation,\n  // but it is used for manual linking via custom `createOrUpdateUser`:\n  if (\n    \"existingAccount\" in account &&\n    account.existingAccount.userId !== userId\n  ) {\n    await db.accounts.patch(accountId, { userId });\n  }\n  if (args.profile.emailVerified) {\n    await db.accounts.patch(accountId, { emailVerified: args.profile.email });\n  }\n  if (args.profile.phoneVerified) {\n    await db.accounts.patch(accountId, { phoneVerified: args.profile.phone });\n  }\n  return accountId;\n}\n\nexport async function getAccountOrThrow(\n  ctx: MutationCtx,\n  existingAccountId: GenericId<\"account\">,\n  config: ConvexAuthConfig,\n) {\n  const existingAccount = await authDb(ctx, config).accounts.getById(existingAccountId);\n  if (existingAccount === null) {\n    throwAuthError(\"ACCOUNT_NOT_FOUND\", `Expected an account to exist for ID \"${existingAccountId}\"`);\n  }\n  return existingAccount;\n}\n"],"mappings":";;;;;AAoBA,eAAsB,qBACpB,KACA,WACA,SAMA,MACA,QAIC;CACD,MAAM,SAAS,MAAM,0BACnB,KACA,WACA,qBAAqB,UAAU,QAAQ,kBAAkB,MACzD,MACA,OACD;AAED,QAAO;EAAE;EAAQ,WADC,MAAM,sBAAsB,KAAK,QAAQ,SAAS,MAAM,OAAO;EACrD;;AAG9B,eAAe,0BACb,KACA,mBACA,iBACA,MACA,QACA;AACA,cAAa,WAAW,OAAO,mCAAmC;EAChE,mBAAmB,iBAAiB;EACpC;EACA;EACD,CAAC;CACF,MAAM,iBAAiB,iBAAiB,UAAU;CAClD,MAAM,KAAK,OAAO,KAAK,OAAO;AAC9B,KAAI,OAAO,WAAW,uBAAuB,QAAW;AACtD,eAAa,WAAW,OAAO,2CAA2C;AAC1E,SAAO,MAAM,OAAO,UAAU,mBAAmB,KAAK;GACpD;GACA,GAAG;GACJ,CAAC;;CAGJ,MAAM,EACJ,UACA,SAAS,EACP,eAAe,sBACf,eAAe,sBACf,GAAG,cAEH;CACJ,MAAM,gBACJ,yBACC,SAAS,SAAS,WACjB,SAAS,sCAAsC;CACnD,MAAM,gBAAgB,wBAAwB;CAC9C,MAAM,qBACJ,KAAK,sBAAsB,iBAAiB,SAAS,SAAS;CAChE,MAAM,qBACJ,KAAK,sBAAsB,iBAAiB,SAAS,SAAS;CAEhE,IAAI,SAAS;AACb,KAAI,mBAAmB,MAAM;EAC3B,MAAM,kCACJ,OAAO,QAAQ,UAAU,YAAY,sBAChC,MAAM,4BAA4B,KAAK,QAAQ,OAAO,OAAO,GAAG,OACjE,OACA;EAEN,MAAM,kCACJ,OAAO,QAAQ,UAAU,YAAY,sBAChC,MAAM,4BAA4B,KAAK,QAAQ,OAAO,OAAO,GAAG,OACjE,OACA;AAGN,MACE,oCAAoC,QACpC,oCAAoC,MACpC;AACA,gBACE,WAAW,OACX,yEAAyE,gCAAgC,WAAW,kCACrH;AACD,YAAS;aACA,oCAAoC,MAAM;AACnD,gBACE,WAAW,OACX,gDAAgD,kCACjD;AACD,YAAS;aACA,oCAAoC,MAAM;AACnD,gBACE,WAAW,OACX,gDAAgD,kCACjD;AACD,YAAS;SACJ;AACL,gBACE,WAAW,OACX,sDACD;AACD,YAAS;;;CAGb,MAAM,WAAW;EACf,GAAI,gBAAgB,EAAE,uBAAuB,KAAK,KAAK,EAAE,GAAG;EAC5D,GAAI,gBAAgB,EAAE,uBAAuB,KAAK,KAAK,EAAE,GAAG;EAC5D,GAAG;EACJ;CACD,MAAM,yBAAyB;AAC/B,KAAI,WAAW,KACb,KAAI;AACF,QAAM,GAAG,MAAM,MAAM,QAAQ,SAAS;UAC/B,OAAO;AACd,iBAAe,sBAAsB,4CAA4C,OAAO,gIAGhF,MAAgB,UAAU;;KAGpC,UAAU,MAAM,GAAG,MAAM,OAAO,SAAS;CAE3C,MAAM,4BAA4B,OAAO,WAAW;AACpD,KAAI,8BAA8B,QAAW;AAC3C,eACE,WAAW,OACX,oDACD;AACD,QAAM,0BAA0B,KAAK;GACnC;GACA,gBAAgB;GAChB,GAAG;GACJ,CAAC;OAEF,cACE,WAAW,OACX,yDACD;AAEH,QAAO;;AAGT,eAAe,4BACb,KACA,OACA,QACA;AAEA,QAAQ,MADG,OAAO,KAAK,OAAO,CACb,MAAM,oBAAoB,MAAM;;AAGnD,eAAe,4BACb,KACA,OACA,QACA;AAEA,QAAQ,MADG,OAAO,KAAK,OAAO,CACb,MAAM,oBAAoB,MAAM;;AAGnD,eAAe,sBACb,KACA,QACA,SAMA,MACA,QACA;CACA,MAAM,KAAK,OAAO,KAAK,OAAO;CAC9B,MAAM,YACJ,qBAAqB,UACjB,QAAQ,gBAAgB,MACtB,MAAM,GAAG,SAAS,OAAO;EACzB;EACA,UAAU,KAAK,SAAS;EACxB,mBAAmB,QAAQ;EAC3B,QAAQ,QAAQ;EACjB,CAAC;AAGR,KACE,qBAAqB,WACrB,QAAQ,gBAAgB,WAAW,OAEnC,OAAM,GAAG,SAAS,MAAM,WAAW,EAAE,QAAQ,CAAC;AAEhD,KAAI,KAAK,QAAQ,cACf,OAAM,GAAG,SAAS,MAAM,WAAW,EAAE,eAAe,KAAK,QAAQ,OAAO,CAAC;AAE3E,KAAI,KAAK,QAAQ,cACf,OAAM,GAAG,SAAS,MAAM,WAAW,EAAE,eAAe,KAAK,QAAQ,OAAO,CAAC;AAE3E,QAAO;;AAGT,eAAsB,kBACpB,KACA,mBACA,QACA;CACA,MAAM,kBAAkB,MAAM,OAAO,KAAK,OAAO,CAAC,SAAS,QAAQ,kBAAkB;AACrF,KAAI,oBAAoB,KACtB,gBAAe,qBAAqB,wCAAwC,kBAAkB,GAAG;AAEnG,QAAO"}

package/dist/component/server/implementation/utils.js

@@ -1,56 +0,0 @@
-import { sha256 } from "@oslojs/crypto/sha2";
-import { encodeHexLowerCase } from "@oslojs/encoding";
-import { generateRandomString } from "@oslojs/crypto/random";
-
-//#region src/server/implementation/utils.ts
-const TOKEN_SUB_CLAIM_DIVIDER = "|";
-const REFRESH_TOKEN_DIVIDER = "|";
-function stringToNumber(value) {
-	return value !== void 0 ? Number(value) : void 0;
-}
-async function sha256$1(input) {
-	return encodeHexLowerCase(sha256(new TextEncoder().encode(input)));
-}
-function generateRandomString$1(length, alphabet) {
-	return generateRandomString({ read(bytes) {
-		crypto.getRandomValues(bytes);
-	} }, alphabet, length);
-}
-function logError(error) {
-	logWithLevel(LOG_LEVELS.ERROR, error instanceof Error ? error.message + "\n" + error.stack?.replace("\\n", "\n") : error);
-}
-const LOG_LEVELS = {
-	ERROR: "ERROR",
-	WARN: "WARN",
-	INFO: "INFO",
-	DEBUG: "DEBUG"
-};
-function logWithLevel(level, ...args) {
-	const configuredLogLevel = LOG_LEVELS[process.env.AUTH_LOG_LEVEL ?? "INFO"] ?? "INFO";
-	switch (level) {
-		case "ERROR":
-			console.error(...args);
-			break;
-		case "WARN":
-			if (configuredLogLevel !== "ERROR") console.warn(...args);
-			break;
-		case "INFO":
-			if (configuredLogLevel === "INFO" || configuredLogLevel === "DEBUG") console.info(...args);
-			break;
-		case "DEBUG":
-			if (configuredLogLevel === "DEBUG") console.debug(...args);
-			break;
-	}
-}
-const UNREDACTED_LENGTH = 5;
-function maybeRedact(value) {
-	if (value === "") return "";
-	if (process.env.AUTH_LOG_SECRETS !== "true") {
-		if (value.length < UNREDACTED_LENGTH * 2) return "<redacted>";
-		return value.substring(0, UNREDACTED_LENGTH) + "<redacted>" + value.substring(value.length - UNREDACTED_LENGTH);
-	} else return value;
-}
-
-//#endregion
-export { LOG_LEVELS, REFRESH_TOKEN_DIVIDER, TOKEN_SUB_CLAIM_DIVIDER, generateRandomString$1 as generateRandomString, logError, logWithLevel, maybeRedact, sha256$1 as sha256, stringToNumber };
-//# sourceMappingURL=utils.js.map

package/dist/component/server/implementation/utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"utils.js","names":["sha256","rawSha256","generateRandomString","osloGenerateRandomString"],"sources":["../../../../src/server/implementation/utils.ts"],"sourcesContent":["import { sha256 as rawSha256 } from \"@oslojs/crypto/sha2\";\nimport { encodeHexLowerCase } from \"@oslojs/encoding\";\nimport {\n  RandomReader,\n  generateRandomString as osloGenerateRandomString,\n} from \"@oslojs/crypto/random\";\n\nexport const TOKEN_SUB_CLAIM_DIVIDER = \"|\";\nexport const REFRESH_TOKEN_DIVIDER = \"|\";\n\nexport function stringToNumber(value: string | undefined) {\n  return value !== undefined ? Number(value) : undefined;\n}\n\nexport async function sha256(input: string) {\n  return encodeHexLowerCase(rawSha256(new TextEncoder().encode(input)));\n}\n\nexport function generateRandomString(length: number, alphabet: string) {\n  const random: RandomReader = {\n    read(bytes) {\n      crypto.getRandomValues(bytes);\n    },\n  };\n\n  return osloGenerateRandomString(random, alphabet, length);\n}\n\nexport function logError(error: unknown) {\n  logWithLevel(\n    LOG_LEVELS.ERROR,\n    error instanceof Error\n      ? error.message + \"\\n\" + error.stack?.replace(\"\\\\n\", \"\\n\")\n      : error,\n  );\n}\n\nexport const LOG_LEVELS = {\n  ERROR: \"ERROR\",\n  WARN: \"WARN\",\n  INFO: \"INFO\",\n  DEBUG: \"DEBUG\",\n} as const;\ntype LogLevel = keyof typeof LOG_LEVELS;\n\nexport function logWithLevel(level: LogLevel, ...args: unknown[]) {\n  const configuredLogLevel =\n    LOG_LEVELS[\n      (process.env.AUTH_LOG_LEVEL as LogLevel | undefined) ?? \"INFO\"\n    ] ?? \"INFO\";\n  switch (level) {\n    case \"ERROR\":\n      console.error(...args);\n      break;\n    case \"WARN\":\n      if (configuredLogLevel !== \"ERROR\") {\n        console.warn(...args);\n      }\n      break;\n    case \"INFO\":\n      if (configuredLogLevel === \"INFO\" || configuredLogLevel === \"DEBUG\") {\n        console.info(...args);\n      }\n      break;\n    case \"DEBUG\":\n      if (configuredLogLevel === \"DEBUG\") {\n        console.debug(...args);\n      }\n      break;\n  }\n}\n\nconst UNREDACTED_LENGTH = 5;\nexport function maybeRedact(value: string) {\n  if (value === \"\") {\n    return \"\";\n  }\n  const shouldRedact = process.env.AUTH_LOG_SECRETS !== \"true\";\n  if (shouldRedact) {\n    if (value.length < UNREDACTED_LENGTH * 2) {\n      return \"<redacted>\";\n    }\n    return (\n      value.substring(0, UNREDACTED_LENGTH) +\n      \"<redacted>\" +\n      value.substring(value.length - UNREDACTED_LENGTH)\n    );\n  } else {\n    return value;\n  }\n}\n"],"mappings":";;;;;AAOA,MAAa,0BAA0B;AACvC,MAAa,wBAAwB;AAErC,SAAgB,eAAe,OAA2B;AACxD,QAAO,UAAU,SAAY,OAAO,MAAM,GAAG;;AAG/C,eAAsBA,SAAO,OAAe;AAC1C,QAAO,mBAAmBC,OAAU,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;;AAGvE,SAAgBC,uBAAqB,QAAgB,UAAkB;AAOrE,QAAOC,qBANsB,EAC3B,KAAK,OAAO;AACV,SAAO,gBAAgB,MAAM;IAEhC,EAEuC,UAAU,OAAO;;AAG3D,SAAgB,SAAS,OAAgB;AACvC,cACE,WAAW,OACX,iBAAiB,QACb,MAAM,UAAU,OAAO,MAAM,OAAO,QAAQ,OAAO,KAAK,GACxD,MACL;;AAGH,MAAa,aAAa;CACxB,OAAO;CACP,MAAM;CACN,MAAM;CACN,OAAO;CACR;AAGD,SAAgB,aAAa,OAAiB,GAAG,MAAiB;CAChE,MAAM,qBACJ,WACG,QAAQ,IAAI,kBAA2C,WACrD;AACP,SAAQ,OAAR;EACE,KAAK;AACH,WAAQ,MAAM,GAAG,KAAK;AACtB;EACF,KAAK;AACH,OAAI,uBAAuB,QACzB,SAAQ,KAAK,GAAG,KAAK;AAEvB;EACF,KAAK;AACH,OAAI,uBAAuB,UAAU,uBAAuB,QAC1D,SAAQ,KAAK,GAAG,KAAK;AAEvB;EACF,KAAK;AACH,OAAI,uBAAuB,QACzB,SAAQ,MAAM,GAAG,KAAK;AAExB;;;AAIN,MAAM,oBAAoB;AAC1B,SAAgB,YAAY,OAAe;AACzC,KAAI,UAAU,GACZ,QAAO;AAGT,KADqB,QAAQ,IAAI,qBAAqB,QACpC;AAChB,MAAI,MAAM,SAAS,oBAAoB,EACrC,QAAO;AAET,SACE,MAAM,UAAU,GAAG,kBAAkB,GACrC,eACA,MAAM,UAAU,MAAM,SAAS,kBAAkB;OAGnD,QAAO"}

package/dist/component/server/providers.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"providers.js","names":[],"sources":["../../../src/server/providers.ts"],"sourcesContent":["import {\n  AuthProviderConfig,\n  AuthProviderMaterializedConfig,\n  ConvexAuthConfig,\n  OAuthMaterializedConfig,\n} from \"./types\";\nimport { isOAuthProvider, type OAuthProviderInstance } from \"../providers/oauth\";\n\n// ============================================================================\n// Provider class detection\n// ============================================================================\n\n/** Check if something is a new-style class provider with `_toMaterialized()`. */\nfunction isClassProvider(\n  provider: any,\n): provider is { _toMaterialized(): AuthProviderMaterializedConfig } {\n  return (\n    typeof provider === \"object\" &&\n    provider !== null &&\n    typeof provider._toMaterialized === \"function\"\n  );\n}\n\n// ============================================================================\n// Public API\n// ============================================================================\n\n/**\n * Resolve raw provider configs into materialized form and apply defaults.\n *\n * @internal\n */\nexport function configDefaults(config_: ConvexAuthConfig) {\n  const config = materializeAndDefaultProviders(config_);\n  // Collect extra providers from credentials providers\n  const extraProviders = config.providers\n    .filter((p) => p.type === \"credentials\")\n    .map((p) => p.extraProviders)\n    .flat()\n    .filter((p) => p !== undefined);\n  return {\n    ...config,\n    extraProviders: materializeProviders(extraProviders),\n  };\n}\n\n/**\n * Materialize a single provider config into its runtime form.\n *\n * @internal\n */\nexport function materializeProvider(provider: AuthProviderConfig) {\n  const config = { providers: [provider], component: {} as any };\n  materializeAndDefaultProviders(config);\n  return config.providers[0] as AuthProviderMaterializedConfig;\n}\n\n/**\n * List available provider IDs for error messages.\n *\n * @internal\n */\nexport function listAvailableProviders(\n  config: ReturnType<typeof configDefaults>,\n  allowExtraProviders: boolean,\n) {\n  const availableProviders = config.providers\n    .concat(allowExtraProviders ? config.extraProviders : [])\n    .map((provider) => `\\`${provider.id}\\``);\n  return availableProviders.length > 0\n    ? availableProviders.join(\", \")\n    : \"no providers have been configured\";\n}\n\n// ============================================================================\n// Internal helpers\n// ============================================================================\n\nfunction materializeProviders(providers: AuthProviderConfig[]) {\n  const config = { providers, component: {} as any };\n  materializeAndDefaultProviders(config);\n  return config.providers as AuthProviderMaterializedConfig[];\n}\n\nfunction materializeAndDefaultProviders(config_: ConvexAuthConfig) {\n  const allProviders: AuthProviderMaterializedConfig[] = [];\n\n  for (const raw of config_.providers) {\n    if (isOAuthProvider(raw)) {\n      allProviders.push(materializeOAuthProvider(raw));\n    } else if (isClassProvider(raw)) {\n      allProviders.push(raw._toMaterialized());\n    } else {\n      // Factory function or plain config object\n      const resolved = typeof raw === \"function\" ? raw() : (raw as any);\n      // Merge `options` into the provider (backward compat with factory-style\n      // providers that store user overrides in an `options` field).\n      const merged = resolved.options\n        ? { ...resolved, ...resolved.options }\n        : resolved;\n      allProviders.push(merged as AuthProviderMaterializedConfig);\n    }\n  }\n\n  const config = { ...config_, providers: allProviders };\n\n  // Set phone provider API key from env\n  config.providers.forEach((provider) => {\n    if (provider.type === \"phone\") {\n      const ID = provider.id.toUpperCase().replace(/-/g, \"_\");\n      provider.apiKey ??= process.env[`AUTH_${ID}_KEY`];\n    }\n  });\n\n  return config;\n}\n\n/**\n * Materialize an Arctic-based `OAuthProviderInstance` into the runtime config.\n */\nfunction materializeOAuthProvider(\n  instance: OAuthProviderInstance,\n): OAuthMaterializedConfig {\n  return {\n    id: instance.id,\n    type: \"oauth\",\n    provider: instance.provider,\n    scopes: instance.scopes,\n    profile: instance.profile,\n  };\n}\n"],"mappings":";;;;AAaA,SAAS,gBACP,UACmE;AACnE,QACE,OAAO,aAAa,YACpB,aAAa,QACb,OAAO,SAAS,oBAAoB;;;;;;;AAaxC,SAAgB,eAAe,SAA2B;CACxD,MAAM,SAAS,+BAA+B,QAAQ;CAEtD,MAAM,iBAAiB,OAAO,UAC3B,QAAQ,MAAM,EAAE,SAAS,cAAc,CACvC,KAAK,MAAM,EAAE,eAAe,CAC5B,MAAM,CACN,QAAQ,MAAM,MAAM,OAAU;AACjC,QAAO;EACL,GAAG;EACH,gBAAgB,qBAAqB,eAAe;EACrD;;;;;;;AAQH,SAAgB,oBAAoB,UAA8B;CAChE,MAAM,SAAS;EAAE,WAAW,CAAC,SAAS;EAAE,WAAW,EAAE;EAAS;AAC9D,gCAA+B,OAAO;AACtC,QAAO,OAAO,UAAU;;;;;;;AAQ1B,SAAgB,uBACd,QACA,qBACA;CACA,MAAM,qBAAqB,OAAO,UAC/B,OAAO,sBAAsB,OAAO,iBAAiB,EAAE,CAAC,CACxD,KAAK,aAAa,KAAK,SAAS,GAAG,IAAI;AAC1C,QAAO,mBAAmB,SAAS,IAC/B,mBAAmB,KAAK,KAAK,GAC7B;;AAON,SAAS,qBAAqB,WAAiC;CAC7D,MAAM,SAAS;EAAE;EAAW,WAAW,EAAE;EAAS;AAClD,gCAA+B,OAAO;AACtC,QAAO,OAAO;;AAGhB,SAAS,+BAA+B,SAA2B;CACjE,MAAM,eAAiD,EAAE;AAEzD,MAAK,MAAM,OAAO,QAAQ,UACxB,KAAI,gBAAgB,IAAI,CACtB,cAAa,KAAK,yBAAyB,IAAI,CAAC;UACvC,gBAAgB,IAAI,CAC7B,cAAa,KAAK,IAAI,iBAAiB,CAAC;MACnC;EAEL,MAAM,WAAW,OAAO,QAAQ,aAAa,KAAK,GAAI;EAGtD,MAAM,SAAS,SAAS,UACpB;GAAE,GAAG;GAAU,GAAG,SAAS;GAAS,GACpC;AACJ,eAAa,KAAK,OAAyC;;CAI/D,MAAM,SAAS;EAAE,GAAG;EAAS,WAAW;EAAc;AAGtD,QAAO,UAAU,SAAS,aAAa;AACrC,MAAI,SAAS,SAAS,SAAS;GAC7B,MAAM,KAAK,SAAS,GAAG,aAAa,CAAC,QAAQ,MAAM,IAAI;AACvD,YAAS,WAAW,QAAQ,IAAI,QAAQ,GAAG;;GAE7C;AAEF,QAAO;;;;;AAMT,SAAS,yBACP,UACyB;AACzB,QAAO;EACL,IAAI,SAAS;EACb,MAAM;EACN,UAAU,SAAS;EACnB,QAAQ,SAAS;EACjB,SAAS,SAAS;EACnB"}

package/dist/component/server/templates.js

@@ -1,84 +0,0 @@
-//#region src/server/templates.ts
-/**
-* Default email templates generated by the Auth library.
-*
-* These are used when the library sends emails on behalf of the developer
-* (for example magic links). The developer provides the transport via
-* `email.send`; the library provides the content.
-*
-* @module
-*/
-/**
-* Default magic link email template.
-*
-* Clean, minimal design that works across email clients.
-* Used by the auto-registered `email` provider when `email` is
-* configured in the Auth constructor.
-*/
-function defaultMagicLinkEmail(url, host) {
-	const escapedHost = host.replace(/[&<>"']/g, (c) => ({
-		"&": "&amp;",
-		"<": "&lt;",
-		">": "&gt;",
-		"\"": "&quot;",
-		"'": "&#39;"
-	})[c]);
-	return `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Sign in to ${escapedHost}</title>
-</head>
-<body style="margin:0;padding:0;background-color:#f9fafb;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',Arial,sans-serif;">
-  <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background-color:#f9fafb;padding:40px 16px;">
-    <tr>
-      <td align="center">
-        <table role="presentation" width="480" cellpadding="0" cellspacing="0" style="background-color:#ffffff;border:1px solid #e5e7eb;border-radius:8px;overflow:hidden;">
-          <tr>
-            <td style="padding:32px 32px 0 32px;text-align:center;">
-              <h1 style="margin:0 0 8px 0;font-size:20px;font-weight:600;color:#111827;line-height:1.3;">
-                Sign in to ${escapedHost}
-              </h1>
-            </td>
-          </tr>
-          <tr>
-            <td style="padding:24px 32px;">
-              <p style="margin:0 0 24px 0;font-size:15px;line-height:1.6;color:#4b5563;text-align:center;">
-                Click the button below to sign in. This link will expire shortly.
-              </p>
-              <table role="presentation" width="100%" cellpadding="0" cellspacing="0">
-                <tr>
-                  <td align="center" style="padding:0 0 24px 0;">
-                    <a href="${url}" target="_blank" style="display:inline-block;background-color:#111827;color:#ffffff;font-size:15px;font-weight:600;text-decoration:none;padding:12px 32px;border-radius:6px;line-height:1;">
-                      Sign in
-                    </a>
-                  </td>
-                </tr>
-              </table>
-              <p style="margin:0 0 12px 0;font-size:13px;line-height:1.6;color:#9ca3af;">
-                If the button doesn't work, copy and paste this URL into your browser:
-              </p>
-              <p style="margin:0;font-size:13px;line-height:1.5;color:#6b7280;word-break:break-all;">
-                ${url}
-              </p>
-            </td>
-          </tr>
-          <tr>
-            <td style="padding:20px 32px;border-top:1px solid #e5e7eb;">
-              <p style="margin:0;font-size:12px;line-height:1.5;color:#9ca3af;text-align:center;">
-                If you didn't request this email, you can safely ignore it.
-              </p>
-            </td>
-          </tr>
-        </table>
-      </td>
-    </tr>
-  </table>
-</body>
-</html>`;
-}
-
-//#endregion
-export { defaultMagicLinkEmail };
-//# sourceMappingURL=templates.js.map

package/dist/component/server/templates.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"templates.js","names":[],"sources":["../../../src/server/templates.ts"],"sourcesContent":["/**\n * Default email templates generated by the Auth library.\n *\n * These are used when the library sends emails on behalf of the developer\n * (for example magic links). The developer provides the transport via\n * `email.send`; the library provides the content.\n *\n * @module\n */\n\n/**\n * Default magic link email template.\n *\n * Clean, minimal design that works across email clients.\n * Used by the auto-registered `email` provider when `email` is\n * configured in the Auth constructor.\n */\nexport function defaultMagicLinkEmail(url: string, host: string): string {\n  const escapedHost = host.replace(/[&<>\"']/g, (c) =>\n    ({ \"&\": \"&amp;\", \"<\": \"&lt;\", \">\": \"&gt;\", '\"': \"&quot;\", \"'\": \"&#39;\" })[c]!,\n  );\n\n  return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n  <meta charset=\"utf-8\" />\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n  <title>Sign in to ${escapedHost}</title>\n</head>\n<body style=\"margin:0;padding:0;background-color:#f9fafb;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',Arial,sans-serif;\">\n  <table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" style=\"background-color:#f9fafb;padding:40px 16px;\">\n    <tr>\n      <td align=\"center\">\n        <table role=\"presentation\" width=\"480\" cellpadding=\"0\" cellspacing=\"0\" style=\"background-color:#ffffff;border:1px solid #e5e7eb;border-radius:8px;overflow:hidden;\">\n          <tr>\n            <td style=\"padding:32px 32px 0 32px;text-align:center;\">\n              <h1 style=\"margin:0 0 8px 0;font-size:20px;font-weight:600;color:#111827;line-height:1.3;\">\n                Sign in to ${escapedHost}\n              </h1>\n            </td>\n          </tr>\n          <tr>\n            <td style=\"padding:24px 32px;\">\n              <p style=\"margin:0 0 24px 0;font-size:15px;line-height:1.6;color:#4b5563;text-align:center;\">\n                Click the button below to sign in. This link will expire shortly.\n              </p>\n              <table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\">\n                <tr>\n                  <td align=\"center\" style=\"padding:0 0 24px 0;\">\n                    <a href=\"${url}\" target=\"_blank\" style=\"display:inline-block;background-color:#111827;color:#ffffff;font-size:15px;font-weight:600;text-decoration:none;padding:12px 32px;border-radius:6px;line-height:1;\">\n                      Sign in\n                    </a>\n                  </td>\n                </tr>\n              </table>\n              <p style=\"margin:0 0 12px 0;font-size:13px;line-height:1.6;color:#9ca3af;\">\n                If the button doesn't work, copy and paste this URL into your browser:\n              </p>\n              <p style=\"margin:0;font-size:13px;line-height:1.5;color:#6b7280;word-break:break-all;\">\n                ${url}\n              </p>\n            </td>\n          </tr>\n          <tr>\n            <td style=\"padding:20px 32px;border-top:1px solid #e5e7eb;\">\n              <p style=\"margin:0;font-size:12px;line-height:1.5;color:#9ca3af;text-align:center;\">\n                If you didn't request this email, you can safely ignore it.\n              </p>\n            </td>\n          </tr>\n        </table>\n      </td>\n    </tr>\n  </table>\n</body>\n</html>`;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAiBA,SAAgB,sBAAsB,KAAa,MAAsB;CACvE,MAAM,cAAc,KAAK,QAAQ,aAAa,OAC3C;EAAE,KAAK;EAAS,KAAK;EAAQ,KAAK;EAAQ,MAAK;EAAU,KAAK;EAAS,EAAE,GAC3E;AAED,QAAO;;;;;sBAKa,YAAY;;;;;;;;;;6BAUL,YAAY;;;;;;;;;;;;+BAYV,IAAI;;;;;;;;;;kBAUjB,IAAI"}

package/dist/server/cookies.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookies.d.ts","names":[],"sources":["../../src/server/cookies.ts"],"mappings":";cAEa,qBAAA;;;;;;;iBASG,qBAAA,CAAsB,UAAA,UAAoB,UAAA;;;;;;;;;;;;iBAQ1C,kBAAA,CACd,UAAA,UACA,OAAA,EAAS,MAAA"}

package/dist/server/implementation/db.d.ts

@@ -1,86 +0,0 @@
-import { AuthComponentApi } from "../types.js";
-import { GenericActionCtx, GenericDataModel, GenericMutationCtx } from "convex/server";
-
-//#region src/server/implementation/db.d.ts
-type MutationCtxLike = Pick<GenericMutationCtx<GenericDataModel>, "runQuery" | "runMutation">;
-type ActionCtxLike = Pick<GenericActionCtx<GenericDataModel>, "runQuery" | "runMutation" | "runAction">;
-type CtxLike = MutationCtxLike | ActionCtxLike;
-type AuthDbConfig = {
-  component: AuthComponentApi;
-};
-type AuthDb = ReturnType<typeof authDb>;
-declare function authDb(ctx: CtxLike, config: AuthDbConfig): {
-  users: {
-    getById: (userId: string) => Promise<any>;
-    findByVerifiedEmail: (email: string) => Promise<any>;
-    findByVerifiedPhone: (phone: string) => Promise<any>;
-    insert: (data: Record<string, unknown>) => Promise<string>;
-    patch: (userId: string, data: Record<string, unknown>) => Promise<any>;
-    upsert: (userId: string | undefined, data: Record<string, unknown>) => Promise<string>;
-  };
-  accounts: {
-    get: (provider: string, providerAccountId: string) => Promise<any>;
-    getById: (accountId: string) => Promise<any>;
-    create: (args: {
-      userId: string;
-      provider: string;
-      providerAccountId: string;
-      secret?: string;
-    }) => Promise<string>;
-    patch: (accountId: string, data: Record<string, unknown>) => Promise<any>;
-    delete: (accountId: string) => Promise<any>;
-  };
-  sessions: {
-    create: (userId: string, expirationTime: number) => Promise<string>;
-    getById: (sessionId: string) => Promise<any>;
-    delete: (sessionId: string) => Promise<any>;
-    listByUser: (userId: string) => Promise<any>;
-  };
-  verifiers: {
-    create: (sessionId?: string) => Promise<string>;
-    getById: (verifierId: string) => Promise<any>;
-    getBySignature: (signature: string) => Promise<any>;
-    patch: (verifierId: string, data: Record<string, unknown>) => Promise<any>;
-    delete: (verifierId: string) => Promise<any>;
-  };
-  verificationCodes: {
-    getByAccountId: (accountId: string) => Promise<any>;
-    getByCode: (code: string) => Promise<any>;
-    create: (args: {
-      accountId: string;
-      provider: string;
-      code: string;
-      expirationTime: number;
-      verifier?: string;
-      emailVerified?: string;
-      phoneVerified?: string;
-    }) => Promise<any>;
-    delete: (verificationCodeId: string) => Promise<any>;
-  };
-  refreshTokens: {
-    create: (args: {
-      sessionId: string;
-      expirationTime: number;
-      parentRefreshTokenId?: string;
-    }) => Promise<string>;
-    getById: (refreshTokenId: string) => Promise<any>;
-    patch: (refreshTokenId: string, data: Record<string, unknown>) => Promise<any>;
-    getChildren: (sessionId: string, parentRefreshTokenId: string) => Promise<any>;
-    listBySession: (sessionId: string) => Promise<any>;
-    deleteAll: (sessionId: string) => Promise<any>;
-    getActive: (sessionId: string) => Promise<any>;
-  };
-  rateLimits: {
-    get: (identifier: string) => Promise<any>;
-    create: (args: {
-      identifier: string;
-      attemptsLeft: number;
-      lastAttemptTime: number;
-    }) => Promise<any>;
-    patch: (rateLimitId: string, data: Record<string, unknown>) => Promise<any>;
-    delete: (rateLimitId: string) => Promise<any>;
-  };
-};
-//#endregion
-export { AuthDb, AuthDbConfig, authDb };
-//# sourceMappingURL=db.d.ts.map

package/dist/server/implementation/db.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"db.d.ts","names":[],"sources":["../../../src/server/implementation/db.ts"],"mappings":";;;;KAGK,eAAA,GAAkB,IAAA,CAAK,kBAAA,CAAmB,gBAAA;AAAA,KAC1C,aAAA,GAAgB,IAAA,CACnB,gBAAA,CAAiB,gBAAA;AAAA,KAId,OAAA,GAAU,eAAA,GAAkB,aAAA;AAAA,KAErB,YAAA;EAAiB,SAAA,EAAW,gBAAA;AAAA;AAAA,KAE5B,MAAA,GAAS,UAAA,QAAkB,MAAA;AAAA,iBAEvB,MAAA,CAAO,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,YAAA;;iCAIf,OAAA;4CAEW,OAAA;4CAEA,OAAA;mBAEpB,MAAA,sBAC6C,OAAA;4BACtC,IAAA,EAAQ,MAAA,sBAAuB,OAAA;yCAElB,IAAA,EAAQ,MAAA,sBACyB,OAAA;EAAA;;4BAG9C,iBAAA,aAA2B,OAAA;oCAEtB,OAAA;;MAGzB,MAAA;MACA,QAAA;MACA,iBAAA;MACA,MAAA;IAAA,MAC6D,OAAA;+BACtC,IAAA,EAAQ,MAAA,sBAAuB,OAAA;mCAE9B,OAAA;EAAA;;6BAIH,cAAA,aAC0D,OAAA;oCACtD,OAAA;mCAED,OAAA;oCAEC,OAAA;EAAA;;oCAK0C,OAAA;qCACzC,OAAA;2CAEM,OAAA;gCAER,IAAA,EAAQ,MAAA,sBAAuB,OAAA;oCAE9B,OAAA;EAAA;;2CAIO,OAAA;iCAEV,OAAA;;MAGtB,SAAA;MACA,QAAA;MACA,IAAA;MACA,cAAA;MACA,QAAA;MACA,aAAA;MACA,aAAA;IAAA,MACD,OAAA;4CAEkC,OAAA;EAAA;;;MAOjC,SAAA;MACA,cAAA;MACA,oBAAA;IAAA,MAE8D,OAAA;yCAChC,OAAA;oCAEF,IAAA,EAAQ,MAAA,sBAAuB,OAAA;qCAE9B,oBAAA,aAA8B,OAAA;0CAK5B,OAAA;sCAEJ,OAAA;sCAEA,OAAA;EAAA;;iCAIL,OAAA;;MAGtB,UAAA;MACA,YAAA;MACA,eAAA;IAAA,MACD,OAAA;iCAC0B,IAAA,EAAQ,MAAA,sBAAuB,OAAA;qCAE9B,OAAA;EAAA;AAAA"}

package/dist/server/implementation/db.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"db.js","names":[],"sources":["../../../src/server/implementation/db.ts"],"sourcesContent":["import { GenericActionCtx, GenericDataModel, GenericMutationCtx } from \"convex/server\";\nimport { AuthComponentApi } from \"../types\";\n\ntype MutationCtxLike = Pick<GenericMutationCtx<GenericDataModel>, \"runQuery\" | \"runMutation\">;\ntype ActionCtxLike = Pick<\n  GenericActionCtx<GenericDataModel>,\n  \"runQuery\" | \"runMutation\" | \"runAction\"\n>;\n\ntype CtxLike = MutationCtxLike | ActionCtxLike;\n\nexport type AuthDbConfig = { component: AuthComponentApi };\n\nexport type AuthDb = ReturnType<typeof authDb>;\n\nexport function authDb(ctx: CtxLike, config: AuthDbConfig) {\n  const component = config.component;\n  return {\n    users: {\n      getById: (userId: string) =>\n        ctx.runQuery(component.public.userGetById, { userId }),\n      findByVerifiedEmail: (email: string) =>\n        ctx.runQuery(component.public.userFindByVerifiedEmail, { email }),\n      findByVerifiedPhone: (phone: string) =>\n        ctx.runQuery(component.public.userFindByVerifiedPhone, { phone }),\n      insert: (data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.userInsert, { data }) as Promise<string>,\n      patch: (userId: string, data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.userPatch, { userId, data }),\n      upsert: (userId: string | undefined, data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.userUpsert, { userId, data }) as Promise<string>,\n    },\n    accounts: {\n      get: (provider: string, providerAccountId: string) =>\n        ctx.runQuery(component.public.accountGet, { provider, providerAccountId }),\n      getById: (accountId: string) =>\n        ctx.runQuery(component.public.accountGetById, { accountId }),\n      create: (args: {\n        userId: string;\n        provider: string;\n        providerAccountId: string;\n        secret?: string;\n      }) => ctx.runMutation(component.public.accountInsert, args) as Promise<string>,\n      patch: (accountId: string, data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.accountPatch, { accountId, data }),\n      delete: (accountId: string) =>\n        ctx.runMutation(component.public.accountDelete, { accountId }),\n    },\n    sessions: {\n      create: (userId: string, expirationTime: number) =>\n        ctx.runMutation(component.public.sessionCreate, { userId, expirationTime }) as Promise<string>,\n      getById: (sessionId: string) =>\n        ctx.runQuery(component.public.sessionGetById, { sessionId }),\n      delete: (sessionId: string) =>\n        ctx.runMutation(component.public.sessionDelete, { sessionId }),\n      listByUser: (userId: string) =>\n        ctx.runQuery(component.public.sessionListByUser, { userId }),\n    },\n    verifiers: {\n      create: (sessionId?: string) =>\n        ctx.runMutation(component.public.verifierCreate, { sessionId }) as Promise<string>,\n      getById: (verifierId: string) =>\n        ctx.runQuery(component.public.verifierGetById, { verifierId }),\n      getBySignature: (signature: string) =>\n        ctx.runQuery(component.public.verifierGetBySignature, { signature }),\n      patch: (verifierId: string, data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.verifierPatch, { verifierId, data }),\n      delete: (verifierId: string) =>\n        ctx.runMutation(component.public.verifierDelete, { verifierId }),\n    },\n    verificationCodes: {\n      getByAccountId: (accountId: string) =>\n        ctx.runQuery(component.public.verificationCodeGetByAccountId, { accountId }),\n      getByCode: (code: string) =>\n        ctx.runQuery(component.public.verificationCodeGetByCode, { code }),\n      create: (args: {\n        accountId: string;\n        provider: string;\n        code: string;\n        expirationTime: number;\n        verifier?: string;\n        emailVerified?: string;\n        phoneVerified?: string;\n      }) =>\n        ctx.runMutation(component.public.verificationCodeCreate, args),\n      delete: (verificationCodeId: string) =>\n        ctx.runMutation(component.public.verificationCodeDelete, {\n          verificationCodeId,\n        }),\n    },\n    refreshTokens: {\n      create: (args: {\n        sessionId: string;\n        expirationTime: number;\n        parentRefreshTokenId?: string;\n      }) =>\n        ctx.runMutation(component.public.refreshTokenCreate, args) as Promise<string>,\n      getById: (refreshTokenId: string) =>\n        ctx.runQuery(component.public.refreshTokenGetById, { refreshTokenId }),\n      patch: (refreshTokenId: string, data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.refreshTokenPatch, { refreshTokenId, data }),\n      getChildren: (sessionId: string, parentRefreshTokenId: string) =>\n        ctx.runQuery(component.public.refreshTokenGetChildren, {\n          sessionId,\n          parentRefreshTokenId,\n        }),\n      listBySession: (sessionId: string) =>\n        ctx.runQuery(component.public.refreshTokenListBySession, { sessionId }),\n      deleteAll: (sessionId: string) =>\n        ctx.runMutation(component.public.refreshTokenDeleteAll, { sessionId }),\n      getActive: (sessionId: string) =>\n        ctx.runQuery(component.public.refreshTokenGetActive, { sessionId }),\n    },\n    rateLimits: {\n      get: (identifier: string) =>\n        ctx.runQuery(component.public.rateLimitGet, { identifier }),\n      create: (args: {\n        identifier: string;\n        attemptsLeft: number;\n        lastAttemptTime: number;\n      }) => ctx.runMutation(component.public.rateLimitCreate, args),\n      patch: (rateLimitId: string, data: Record<string, unknown>) =>\n        ctx.runMutation(component.public.rateLimitPatch, { rateLimitId, data }),\n      delete: (rateLimitId: string) =>\n        ctx.runMutation(component.public.rateLimitDelete, { rateLimitId }),\n    },\n  };\n}\n"],"mappings":";AAeA,SAAgB,OAAO,KAAc,QAAsB;CACzD,MAAM,YAAY,OAAO;AACzB,QAAO;EACL,OAAO;GACL,UAAU,WACR,IAAI,SAAS,UAAU,OAAO,aAAa,EAAE,QAAQ,CAAC;GACxD,sBAAsB,UACpB,IAAI,SAAS,UAAU,OAAO,yBAAyB,EAAE,OAAO,CAAC;GACnE,sBAAsB,UACpB,IAAI,SAAS,UAAU,OAAO,yBAAyB,EAAE,OAAO,CAAC;GACnE,SAAS,SACP,IAAI,YAAY,UAAU,OAAO,YAAY,EAAE,MAAM,CAAC;GACxD,QAAQ,QAAgB,SACtB,IAAI,YAAY,UAAU,OAAO,WAAW;IAAE;IAAQ;IAAM,CAAC;GAC/D,SAAS,QAA4B,SACnC,IAAI,YAAY,UAAU,OAAO,YAAY;IAAE;IAAQ;IAAM,CAAC;GACjE;EACD,UAAU;GACR,MAAM,UAAkB,sBACtB,IAAI,SAAS,UAAU,OAAO,YAAY;IAAE;IAAU;IAAmB,CAAC;GAC5E,UAAU,cACR,IAAI,SAAS,UAAU,OAAO,gBAAgB,EAAE,WAAW,CAAC;GAC9D,SAAS,SAKH,IAAI,YAAY,UAAU,OAAO,eAAe,KAAK;GAC3D,QAAQ,WAAmB,SACzB,IAAI,YAAY,UAAU,OAAO,cAAc;IAAE;IAAW;IAAM,CAAC;GACrE,SAAS,cACP,IAAI,YAAY,UAAU,OAAO,eAAe,EAAE,WAAW,CAAC;GACjE;EACD,UAAU;GACR,SAAS,QAAgB,mBACvB,IAAI,YAAY,UAAU,OAAO,eAAe;IAAE;IAAQ;IAAgB,CAAC;GAC7E,UAAU,cACR,IAAI,SAAS,UAAU,OAAO,gBAAgB,EAAE,WAAW,CAAC;GAC9D,SAAS,cACP,IAAI,YAAY,UAAU,OAAO,eAAe,EAAE,WAAW,CAAC;GAChE,aAAa,WACX,IAAI,SAAS,UAAU,OAAO,mBAAmB,EAAE,QAAQ,CAAC;GAC/D;EACD,WAAW;GACT,SAAS,cACP,IAAI,YAAY,UAAU,OAAO,gBAAgB,EAAE,WAAW,CAAC;GACjE,UAAU,eACR,IAAI,SAAS,UAAU,OAAO,iBAAiB,EAAE,YAAY,CAAC;GAChE,iBAAiB,cACf,IAAI,SAAS,UAAU,OAAO,wBAAwB,EAAE,WAAW,CAAC;GACtE,QAAQ,YAAoB,SAC1B,IAAI,YAAY,UAAU,OAAO,eAAe;IAAE;IAAY;IAAM,CAAC;GACvE,SAAS,eACP,IAAI,YAAY,UAAU,OAAO,gBAAgB,EAAE,YAAY,CAAC;GACnE;EACD,mBAAmB;GACjB,iBAAiB,cACf,IAAI,SAAS,UAAU,OAAO,gCAAgC,EAAE,WAAW,CAAC;GAC9E,YAAY,SACV,IAAI,SAAS,UAAU,OAAO,2BAA2B,EAAE,MAAM,CAAC;GACpE,SAAS,SASP,IAAI,YAAY,UAAU,OAAO,wBAAwB,KAAK;GAChE,SAAS,uBACP,IAAI,YAAY,UAAU,OAAO,wBAAwB,EACvD,oBACD,CAAC;GACL;EACD,eAAe;GACb,SAAS,SAKP,IAAI,YAAY,UAAU,OAAO,oBAAoB,KAAK;GAC5D,UAAU,mBACR,IAAI,SAAS,UAAU,OAAO,qBAAqB,EAAE,gBAAgB,CAAC;GACxE,QAAQ,gBAAwB,SAC9B,IAAI,YAAY,UAAU,OAAO,mBAAmB;IAAE;IAAgB;IAAM,CAAC;GAC/E,cAAc,WAAmB,yBAC/B,IAAI,SAAS,UAAU,OAAO,yBAAyB;IACrD;IACA;IACD,CAAC;GACJ,gBAAgB,cACd,IAAI,SAAS,UAAU,OAAO,2BAA2B,EAAE,WAAW,CAAC;GACzE,YAAY,cACV,IAAI,YAAY,UAAU,OAAO,uBAAuB,EAAE,WAAW,CAAC;GACxE,YAAY,cACV,IAAI,SAAS,UAAU,OAAO,uBAAuB,EAAE,WAAW,CAAC;GACtE;EACD,YAAY;GACV,MAAM,eACJ,IAAI,SAAS,UAAU,OAAO,cAAc,EAAE,YAAY,CAAC;GAC7D,SAAS,SAIH,IAAI,YAAY,UAAU,OAAO,iBAAiB,KAAK;GAC7D,QAAQ,aAAqB,SAC3B,IAAI,YAAY,UAAU,OAAO,gBAAgB;IAAE;IAAa;IAAM,CAAC;GACzE,SAAS,gBACP,IAAI,YAAY,UAAU,OAAO,iBAAiB,EAAE,aAAa,CAAC;GACrE;EACF"}

package/dist/server/implementation/device.d.ts

@@ -1,30 +0,0 @@
-import { AuthDataModel, SessionInfo } from "./types.js";
-import { DeviceProviderConfig, GenericActionCtxWithAuthConfig } from "../types.js";
-
-//#region src/server/implementation/device.d.ts
-type EnrichedActionCtx = GenericActionCtxWithAuthConfig<AuthDataModel>;
-/**
- * Main device authorization handler dispatched from signIn.ts.
- *
- * Routes to the appropriate phase based on `params.flow`:
- * - (no flow / default) → create device + user codes
- * - "poll" → check authorization status
- * - "verify" → user authorizes a device code
- */
-declare function handleDevice(ctx: EnrichedActionCtx, provider: DeviceProviderConfig, args: {
-  params?: Record<string, any>;
-}): Promise<{
-  kind: "deviceCode";
-  deviceCode: string;
-  userCode: string;
-  verificationUri: string;
-  verificationUriComplete: string;
-  expiresIn: number;
-  interval: number;
-} | {
-  kind: "signedIn";
-  signedIn: SessionInfo | null;
-}>;
-//#endregion
-export { handleDevice };
-//# sourceMappingURL=device.d.ts.map

package/dist/server/implementation/device.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"device.d.ts","names":[],"sources":["../../../src/server/implementation/device.ts"],"mappings":";;;;KA+BK,iBAAA,GAAoB,8BAAA,CAA+B,aAAA;;;;;;;;;iBA+OlC,YAAA,CACpB,GAAA,EAAK,iBAAA,EACL,QAAA,EAAU,oBAAA,EACV,IAAA;EACE,MAAA,GAAS,MAAA;AAAA,IAEV,OAAA;EAEG,IAAA;EACA,UAAA;EACA,QAAA;EACA,eAAA;EACA,uBAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEA,IAAA;EAAkB,QAAA,EAAU,WAAA;AAAA"}