@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -26
- package/dist/authorization/index.d.ts +63 -0
- package/dist/authorization/index.d.ts.map +1 -0
- package/dist/authorization/index.js +63 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/bin.js +6185 -0
- package/dist/client/core/types.d.ts +20 -0
- package/dist/client/core/types.d.ts.map +1 -0
- package/dist/client/index.d.ts +2 -299
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +407 -534
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +42 -0
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/api.js.map +1 -1
- package/dist/component/_generated/component.d.ts +2546 -90
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/client/core/types.d.ts +2 -0
- package/dist/component/client/index.d.ts +2 -0
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/functions.d.ts +11 -9
- package/dist/component/functions.d.ts.map +1 -1
- package/dist/component/functions.js.map +1 -1
- package/dist/component/index.d.ts +7 -11
- package/dist/component/index.js +2 -3
- package/dist/component/model.d.ts +153 -0
- package/dist/component/model.d.ts.map +1 -0
- package/dist/component/model.js +349 -0
- package/dist/component/model.js.map +1 -0
- package/dist/component/providers/anonymous.d.ts +54 -0
- package/dist/component/providers/anonymous.d.ts.map +1 -0
- package/dist/component/providers/credentials.d.ts +5 -5
- package/dist/component/providers/credentials.d.ts.map +1 -1
- package/dist/component/providers/device.d.ts +67 -0
- package/dist/component/providers/device.d.ts.map +1 -0
- package/dist/component/providers/email.d.ts +62 -0
- package/dist/component/providers/email.d.ts.map +1 -0
- package/dist/component/providers/oauth.d.ts.map +1 -1
- package/dist/component/providers/oauth.js.map +1 -1
- package/dist/component/providers/passkey.d.ts +57 -0
- package/dist/component/providers/passkey.d.ts.map +1 -0
- package/dist/component/providers/password.d.ts +88 -0
- package/dist/component/providers/password.d.ts.map +1 -0
- package/dist/component/providers/phone.d.ts +48 -0
- package/dist/component/providers/phone.d.ts.map +1 -0
- package/dist/component/providers/sso.d.ts +50 -0
- package/dist/component/providers/sso.d.ts.map +1 -0
- package/dist/component/providers/totp.d.ts +45 -0
- package/dist/component/providers/totp.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.d.ts +73 -0
- package/dist/component/public/enterprise/audit.d.ts.map +1 -0
- package/dist/component/public/enterprise/audit.js +108 -0
- package/dist/component/public/enterprise/audit.js.map +1 -0
- package/dist/component/public/enterprise/core.d.ts +176 -0
- package/dist/component/public/enterprise/core.d.ts.map +1 -0
- package/dist/component/public/enterprise/core.js +292 -0
- package/dist/component/public/enterprise/core.js.map +1 -0
- package/dist/component/public/enterprise/domains.d.ts +174 -0
- package/dist/component/public/enterprise/domains.d.ts.map +1 -0
- package/dist/component/public/enterprise/domains.js +271 -0
- package/dist/component/public/enterprise/domains.js.map +1 -0
- package/dist/component/public/enterprise/scim.d.ts +245 -0
- package/dist/component/public/enterprise/scim.d.ts.map +1 -0
- package/dist/component/public/enterprise/scim.js +344 -0
- package/dist/component/public/enterprise/scim.js.map +1 -0
- package/dist/component/public/enterprise/secrets.d.ts +78 -0
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -0
- package/dist/component/public/enterprise/secrets.js +118 -0
- package/dist/component/public/enterprise/secrets.js.map +1 -0
- package/dist/component/public/enterprise/webhooks.d.ts +211 -0
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -0
- package/dist/component/public/enterprise/webhooks.js +300 -0
- package/dist/component/public/enterprise/webhooks.js.map +1 -0
- package/dist/component/public/factors/devices.d.ts +157 -0
- package/dist/component/public/factors/devices.d.ts.map +1 -0
- package/dist/component/public/factors/devices.js +216 -0
- package/dist/component/public/factors/devices.js.map +1 -0
- package/dist/component/public/factors/passkeys.d.ts +175 -0
- package/dist/component/public/factors/passkeys.d.ts.map +1 -0
- package/dist/component/public/factors/passkeys.js +238 -0
- package/dist/component/public/factors/passkeys.js.map +1 -0
- package/dist/component/public/factors/totp.d.ts +189 -0
- package/dist/component/public/factors/totp.d.ts.map +1 -0
- package/dist/component/public/factors/totp.js +254 -0
- package/dist/component/public/factors/totp.js.map +1 -0
- package/dist/component/public/groups/core.d.ts +137 -0
- package/dist/component/public/groups/core.d.ts.map +1 -0
- package/dist/component/public/groups/core.js +321 -0
- package/dist/component/public/groups/core.js.map +1 -0
- package/dist/component/public/groups/invites.d.ts +217 -0
- package/dist/component/public/groups/invites.d.ts.map +1 -0
- package/dist/component/public/groups/invites.js +457 -0
- package/dist/component/public/groups/invites.js.map +1 -0
- package/dist/component/public/groups/members.d.ts +204 -0
- package/dist/component/public/groups/members.d.ts.map +1 -0
- package/dist/component/public/groups/members.js +355 -0
- package/dist/component/public/groups/members.js.map +1 -0
- package/dist/component/public/identity/accounts.d.ts +147 -0
- package/dist/component/public/identity/accounts.d.ts.map +1 -0
- package/dist/component/public/identity/accounts.js +200 -0
- package/dist/component/public/identity/accounts.js.map +1 -0
- package/dist/component/public/identity/codes.d.ts +104 -0
- package/dist/component/public/identity/codes.d.ts.map +1 -0
- package/dist/component/public/identity/codes.js +140 -0
- package/dist/component/public/identity/codes.js.map +1 -0
- package/dist/component/public/identity/sessions.d.ts +128 -0
- package/dist/component/public/identity/sessions.d.ts.map +1 -0
- package/dist/component/public/identity/sessions.js +192 -0
- package/dist/component/public/identity/sessions.js.map +1 -0
- package/dist/component/public/identity/tokens.d.ts +169 -0
- package/dist/component/public/identity/tokens.d.ts.map +1 -0
- package/dist/component/public/identity/tokens.js +227 -0
- package/dist/component/public/identity/tokens.js.map +1 -0
- package/dist/component/public/identity/users.d.ts +212 -0
- package/dist/component/public/identity/users.d.ts.map +1 -0
- package/dist/component/public/identity/users.js +311 -0
- package/dist/component/public/identity/users.js.map +1 -0
- package/dist/component/public/identity/verifiers.d.ts +116 -0
- package/dist/component/public/identity/verifiers.d.ts.map +1 -0
- package/dist/component/public/identity/verifiers.js +154 -0
- package/dist/component/public/identity/verifiers.js.map +1 -0
- package/dist/component/public/security/keys.d.ts +209 -0
- package/dist/component/public/security/keys.d.ts.map +1 -0
- package/dist/component/public/security/keys.js +319 -0
- package/dist/component/public/security/keys.js.map +1 -0
- package/dist/component/public/security/limits.d.ts +114 -0
- package/dist/component/public/security/limits.d.ts.map +1 -0
- package/dist/component/public/security/limits.js +169 -0
- package/dist/component/public/security/limits.js.map +1 -0
- package/dist/component/public.d.ts +24 -271
- package/dist/component/public.d.ts.map +1 -1
- package/dist/component/public.js +21 -1229
- package/dist/component/schema.d.ts +473 -110
- package/dist/component/schema.js +162 -73
- package/dist/component/schema.js.map +1 -1
- package/dist/component/server/auth.d.ts +318 -373
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +204 -123
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/authError.js +34 -0
- package/dist/component/server/authError.js.map +1 -0
- package/dist/component/server/{providers.js → config.js} +43 -12
- package/dist/component/server/config.js.map +1 -0
- package/dist/component/server/cookies.js +3 -0
- package/dist/component/server/cookies.js.map +1 -1
- package/dist/component/server/core.js +713 -0
- package/dist/component/server/core.js.map +1 -0
- package/dist/component/server/crypto.js +38 -0
- package/dist/component/server/crypto.js.map +1 -0
- package/dist/component/server/{implementation/db.js → db.js} +2 -1
- package/dist/component/server/db.js.map +1 -0
- package/dist/component/server/device.js +109 -0
- package/dist/component/server/device.js.map +1 -0
- package/dist/component/server/enterprise/config.js +46 -0
- package/dist/component/server/enterprise/config.js.map +1 -0
- package/dist/component/server/enterprise/domain.js +885 -0
- package/dist/component/server/enterprise/domain.js.map +1 -0
- package/dist/component/server/enterprise/http.js +766 -0
- package/dist/component/server/enterprise/http.js.map +1 -0
- package/dist/component/server/enterprise/oidc.js +248 -0
- package/dist/component/server/enterprise/oidc.js.map +1 -0
- package/dist/component/server/enterprise/policy.js +85 -0
- package/dist/component/server/enterprise/policy.js.map +1 -0
- package/dist/component/server/enterprise/saml.js +338 -0
- package/dist/component/server/enterprise/saml.js.map +1 -0
- package/dist/component/server/enterprise/scim.js +97 -0
- package/dist/component/server/enterprise/scim.js.map +1 -0
- package/dist/component/server/enterprise/shared.js +51 -0
- package/dist/component/server/enterprise/shared.js.map +1 -0
- package/dist/component/server/errors.d.ts +1 -0
- package/dist/component/server/errors.js +24 -16
- package/dist/component/server/errors.js.map +1 -1
- package/dist/component/server/http.js +288 -0
- package/dist/component/server/http.js.map +1 -0
- package/dist/component/server/identity.js +13 -0
- package/dist/component/server/identity.js.map +1 -0
- package/dist/{server/implementation → component/server}/keys.js +9 -31
- package/dist/component/server/keys.js.map +1 -0
- package/dist/component/server/limits.js +61 -0
- package/dist/component/server/limits.js.map +1 -0
- package/dist/component/server/mutations/account.js +44 -0
- package/dist/component/server/mutations/account.js.map +1 -0
- package/dist/component/server/{implementation/mutations → mutations}/code.js +7 -4
- package/dist/component/server/mutations/code.js.map +1 -0
- package/dist/component/server/mutations/invalidate.js +32 -0
- package/dist/component/server/mutations/invalidate.js.map +1 -0
- package/dist/component/server/mutations/oauth.js +110 -0
- package/dist/component/server/mutations/oauth.js.map +1 -0
- package/dist/component/server/mutations/refresh.js +119 -0
- package/dist/component/server/mutations/refresh.js.map +1 -0
- package/dist/component/server/mutations/register.js +83 -0
- package/dist/component/server/mutations/register.js.map +1 -0
- package/dist/component/server/mutations/retrieve.js +65 -0
- package/dist/component/server/mutations/retrieve.js.map +1 -0
- package/dist/component/server/mutations/signature.js +32 -0
- package/dist/component/server/mutations/signature.js.map +1 -0
- package/dist/component/server/{implementation/mutations → mutations}/signin.js +2 -2
- package/dist/component/server/mutations/signin.js.map +1 -0
- package/dist/component/server/mutations/signout.js +27 -0
- package/dist/component/server/mutations/signout.js.map +1 -0
- package/dist/component/server/mutations/store/refs.js +15 -0
- package/dist/component/server/mutations/store/refs.js.map +1 -0
- package/dist/component/server/mutations/store.js +85 -0
- package/dist/component/server/mutations/store.js.map +1 -0
- package/dist/component/server/mutations/verifier.js +18 -0
- package/dist/component/server/mutations/verifier.js.map +1 -0
- package/dist/component/server/mutations/verify.js +98 -0
- package/dist/component/server/mutations/verify.js.map +1 -0
- package/dist/component/server/oauth.js +106 -60
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +328 -0
- package/dist/component/server/passkey.js.map +1 -0
- package/dist/{server/implementation → component/server}/redirects.js +13 -11
- package/dist/component/server/redirects.js.map +1 -0
- package/dist/component/server/refresh.js +96 -0
- package/dist/component/server/refresh.js.map +1 -0
- package/dist/component/server/runtime.d.ts +136 -0
- package/dist/component/server/runtime.d.ts.map +1 -0
- package/dist/component/server/runtime.js +413 -0
- package/dist/component/server/runtime.js.map +1 -0
- package/dist/{server/implementation → component/server}/sessions.js +14 -8
- package/dist/component/server/sessions.js.map +1 -0
- package/dist/component/server/signin.js +201 -0
- package/dist/component/server/signin.js.map +1 -0
- package/dist/component/server/tokens.js +17 -0
- package/dist/component/server/tokens.js.map +1 -0
- package/dist/component/server/totp.js +148 -0
- package/dist/component/server/totp.js.map +1 -0
- package/dist/component/server/types.d.ts +387 -298
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/{implementation/types.js → types.js} +1 -1
- package/dist/component/server/types.js.map +1 -0
- package/dist/component/server/{implementation/users.js → users.js} +54 -35
- package/dist/component/server/users.js.map +1 -0
- package/dist/component/server/utils.js +110 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +369 -0
- package/dist/core/types.d.ts.map +1 -0
- package/dist/factors/device.js +105 -0
- package/dist/factors/device.js.map +1 -0
- package/dist/factors/passkey.js +181 -0
- package/dist/factors/passkey.js.map +1 -0
- package/dist/factors/totp.js +122 -0
- package/dist/factors/totp.js.map +1 -0
- package/dist/providers/anonymous.d.ts +3 -9
- package/dist/providers/anonymous.d.ts.map +1 -1
- package/dist/providers/anonymous.js +1 -18
- package/dist/providers/anonymous.js.map +1 -1
- package/dist/providers/credentials.d.ts +8 -10
- package/dist/providers/credentials.d.ts.map +1 -1
- package/dist/providers/credentials.js +3 -5
- package/dist/providers/credentials.js.map +1 -1
- package/dist/providers/device.d.ts +18 -10
- package/dist/providers/device.d.ts.map +1 -1
- package/dist/providers/device.js +4 -8
- package/dist/providers/device.js.map +1 -1
- package/dist/providers/email.d.ts +50 -23
- package/dist/providers/email.d.ts.map +1 -1
- package/dist/providers/email.js +58 -34
- package/dist/providers/email.js.map +1 -1
- package/dist/providers/index.d.ts +7 -3
- package/dist/providers/index.js +4 -1
- package/dist/providers/oauth.d.ts.map +1 -1
- package/dist/providers/oauth.js.map +1 -1
- package/dist/providers/passkey.d.ts +12 -9
- package/dist/providers/passkey.d.ts.map +1 -1
- package/dist/providers/passkey.js +1 -7
- package/dist/providers/passkey.js.map +1 -1
- package/dist/providers/password.d.ts +6 -12
- package/dist/providers/password.d.ts.map +1 -1
- package/dist/providers/password.js +189 -89
- package/dist/providers/password.js.map +1 -1
- package/dist/providers/phone.d.ts +40 -11
- package/dist/providers/phone.d.ts.map +1 -1
- package/dist/providers/phone.js +52 -21
- package/dist/providers/phone.js.map +1 -1
- package/dist/providers/sso.d.ts +50 -0
- package/dist/providers/sso.d.ts.map +1 -0
- package/dist/providers/sso.js +34 -0
- package/dist/providers/sso.js.map +1 -0
- package/dist/providers/totp.d.ts +12 -9
- package/dist/providers/totp.d.ts.map +1 -1
- package/dist/providers/totp.js +1 -7
- package/dist/providers/totp.js.map +1 -1
- package/dist/runtime/browser.js +68 -0
- package/dist/runtime/browser.js.map +1 -0
- package/dist/runtime/invite.js +51 -0
- package/dist/runtime/invite.js.map +1 -0
- package/dist/runtime/proxy.js +70 -0
- package/dist/runtime/proxy.js.map +1 -0
- package/dist/runtime/storage.js +37 -0
- package/dist/runtime/storage.js.map +1 -0
- package/dist/server/auth.d.ts +335 -370
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +204 -123
- package/dist/server/auth.js.map +1 -1
- package/dist/server/authError.d.ts +46 -0
- package/dist/server/authError.d.ts.map +1 -0
- package/dist/server/authError.js +34 -0
- package/dist/server/authError.js.map +1 -0
- package/dist/server/config.d.ts +1 -0
- package/dist/server/{providers.js → config.js} +43 -12
- package/dist/server/config.js.map +1 -0
- package/dist/server/cookies.d.ts +1 -38
- package/dist/server/cookies.js +3 -0
- package/dist/server/cookies.js.map +1 -1
- package/dist/server/core.d.ts +1436 -0
- package/dist/server/core.d.ts.map +1 -0
- package/dist/server/core.js +713 -0
- package/dist/server/core.js.map +1 -0
- package/dist/server/crypto.d.ts +8 -0
- package/dist/server/crypto.d.ts.map +1 -0
- package/dist/server/crypto.js +38 -0
- package/dist/server/crypto.js.map +1 -0
- package/dist/server/db.d.ts +1 -0
- package/dist/server/{implementation/db.js → db.js} +2 -1
- package/dist/server/db.js.map +1 -0
- package/dist/server/device.d.ts +1 -0
- package/dist/server/device.js +109 -0
- package/dist/server/device.js.map +1 -0
- package/dist/server/enterprise/config.d.ts +1 -0
- package/dist/server/enterprise/config.js +46 -0
- package/dist/server/enterprise/config.js.map +1 -0
- package/dist/server/enterprise/domain.d.ts +409 -0
- package/dist/server/enterprise/domain.d.ts.map +1 -0
- package/dist/server/enterprise/domain.js +885 -0
- package/dist/server/enterprise/domain.js.map +1 -0
- package/dist/server/enterprise/http.d.ts +26 -0
- package/dist/server/enterprise/http.d.ts.map +1 -0
- package/dist/server/enterprise/http.js +766 -0
- package/dist/server/enterprise/http.js.map +1 -0
- package/dist/server/enterprise/oidc.d.ts +1 -0
- package/dist/server/enterprise/oidc.js +248 -0
- package/dist/server/enterprise/oidc.js.map +1 -0
- package/dist/server/enterprise/policy.d.ts +1 -0
- package/dist/server/enterprise/policy.js +85 -0
- package/dist/server/enterprise/policy.js.map +1 -0
- package/dist/server/enterprise/saml.d.ts +1 -0
- package/dist/server/enterprise/saml.js +338 -0
- package/dist/server/enterprise/saml.js.map +1 -0
- package/dist/server/enterprise/scim.d.ts +1 -0
- package/dist/server/enterprise/scim.js +97 -0
- package/dist/server/enterprise/scim.js.map +1 -0
- package/dist/server/enterprise/shared.d.ts +5 -0
- package/dist/server/enterprise/shared.d.ts.map +1 -0
- package/dist/server/enterprise/shared.js +51 -0
- package/dist/server/enterprise/shared.js.map +1 -0
- package/dist/server/enterprise/validators.d.ts +1 -0
- package/dist/server/enterprise/validators.js +60 -0
- package/dist/server/enterprise/validators.js.map +1 -0
- package/dist/server/errors.d.ts +33 -1
- package/dist/server/errors.d.ts.map +1 -1
- package/dist/server/errors.js +44 -1
- package/dist/server/errors.js.map +1 -1
- package/dist/server/http.d.ts +59 -0
- package/dist/server/http.d.ts.map +1 -0
- package/dist/server/http.js +288 -0
- package/dist/server/http.js.map +1 -0
- package/dist/server/identity.d.ts +1 -0
- package/dist/server/identity.js +13 -0
- package/dist/server/identity.js.map +1 -0
- package/dist/server/index.d.ts +4 -182
- package/dist/server/index.js +4 -376
- package/dist/server/keys.d.ts +1 -0
- package/dist/{component/server/implementation → server}/keys.js +9 -31
- package/dist/server/keys.js.map +1 -0
- package/dist/server/limits.d.ts +1 -0
- package/dist/server/limits.js +61 -0
- package/dist/server/limits.js.map +1 -0
- package/dist/server/mounts.d.ts +647 -0
- package/dist/server/mounts.d.ts.map +1 -0
- package/dist/server/mounts.js +643 -0
- package/dist/server/mounts.js.map +1 -0
- package/dist/server/mutations/account.d.ts +30 -0
- package/dist/server/mutations/account.d.ts.map +1 -0
- package/dist/server/mutations/account.js +44 -0
- package/dist/server/mutations/account.js.map +1 -0
- package/dist/server/mutations/code.d.ts +30 -0
- package/dist/server/mutations/code.d.ts.map +1 -0
- package/dist/server/{implementation/mutations → mutations}/code.js +7 -4
- package/dist/server/mutations/code.js.map +1 -0
- package/dist/server/mutations/index.d.ts +14 -0
- package/dist/server/mutations/index.js +15 -0
- package/dist/server/mutations/invalidate.d.ts +20 -0
- package/dist/server/mutations/invalidate.d.ts.map +1 -0
- package/dist/server/mutations/invalidate.js +32 -0
- package/dist/server/mutations/invalidate.js.map +1 -0
- package/dist/server/mutations/oauth.d.ts +28 -0
- package/dist/server/mutations/oauth.d.ts.map +1 -0
- package/dist/server/mutations/oauth.js +110 -0
- package/dist/server/mutations/oauth.js.map +1 -0
- package/dist/server/mutations/refresh.d.ts +21 -0
- package/dist/server/mutations/refresh.d.ts.map +1 -0
- package/dist/server/mutations/refresh.js +119 -0
- package/dist/server/mutations/refresh.js.map +1 -0
- package/dist/server/mutations/register.d.ts +38 -0
- package/dist/server/mutations/register.d.ts.map +1 -0
- package/dist/server/mutations/register.js +83 -0
- package/dist/server/mutations/register.js.map +1 -0
- package/dist/server/mutations/retrieve.d.ts +33 -0
- package/dist/server/mutations/retrieve.d.ts.map +1 -0
- package/dist/server/mutations/retrieve.js +65 -0
- package/dist/server/mutations/retrieve.js.map +1 -0
- package/dist/server/mutations/signature.d.ts +22 -0
- package/dist/server/mutations/signature.d.ts.map +1 -0
- package/dist/server/mutations/signature.js +32 -0
- package/dist/server/mutations/signature.js.map +1 -0
- package/dist/server/mutations/signin.d.ts +22 -0
- package/dist/server/mutations/signin.d.ts.map +1 -0
- package/dist/server/{implementation/mutations → mutations}/signin.js +2 -2
- package/dist/server/mutations/signin.js.map +1 -0
- package/dist/server/mutations/signout.d.ts +16 -0
- package/dist/server/mutations/signout.d.ts.map +1 -0
- package/dist/server/mutations/signout.js +27 -0
- package/dist/server/mutations/signout.js.map +1 -0
- package/dist/server/mutations/store/refs.d.ts +12 -0
- package/dist/server/mutations/store/refs.d.ts.map +1 -0
- package/dist/server/mutations/store/refs.js +15 -0
- package/dist/server/mutations/store/refs.js.map +1 -0
- package/dist/server/mutations/store.d.ts +306 -0
- package/dist/server/mutations/store.d.ts.map +1 -0
- package/dist/server/mutations/store.js +85 -0
- package/dist/server/mutations/store.js.map +1 -0
- package/dist/server/mutations/verifier.d.ts +13 -0
- package/dist/server/mutations/verifier.d.ts.map +1 -0
- package/dist/server/mutations/verifier.js +18 -0
- package/dist/server/mutations/verifier.js.map +1 -0
- package/dist/server/mutations/verify.d.ts +26 -0
- package/dist/server/mutations/verify.d.ts.map +1 -0
- package/dist/server/mutations/verify.js +98 -0
- package/dist/server/mutations/verify.js.map +1 -0
- package/dist/server/oauth.d.ts +1 -48
- package/dist/server/oauth.js +107 -64
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +27 -0
- package/dist/server/passkey.d.ts.map +1 -0
- package/dist/server/passkey.js +328 -0
- package/dist/server/passkey.js.map +1 -0
- package/dist/server/redirects.d.ts +1 -0
- package/dist/{component/server/implementation → server}/redirects.js +13 -11
- package/dist/server/redirects.js.map +1 -0
- package/dist/server/refresh.d.ts +1 -0
- package/dist/server/refresh.js +96 -0
- package/dist/server/refresh.js.map +1 -0
- package/dist/server/runtime.d.ts +136 -0
- package/dist/server/runtime.d.ts.map +1 -0
- package/dist/server/runtime.js +413 -0
- package/dist/server/runtime.js.map +1 -0
- package/dist/server/sessions.d.ts +1 -0
- package/dist/{component/server/implementation → server}/sessions.js +14 -8
- package/dist/server/sessions.js.map +1 -0
- package/dist/server/signin.d.ts +1 -0
- package/dist/server/signin.js +201 -0
- package/dist/server/signin.js.map +1 -0
- package/dist/server/ssr.d.ts +226 -0
- package/dist/server/ssr.d.ts.map +1 -0
- package/dist/server/ssr.js +786 -0
- package/dist/server/ssr.js.map +1 -0
- package/dist/server/templates.d.ts +1 -21
- package/dist/server/templates.js +2 -1
- package/dist/server/templates.js.map +1 -1
- package/dist/server/tokens.d.ts +1 -0
- package/dist/server/tokens.js +17 -0
- package/dist/server/tokens.js.map +1 -0
- package/dist/server/totp.d.ts +1 -0
- package/dist/server/totp.js +148 -0
- package/dist/server/totp.js.map +1 -0
- package/dist/server/types.d.ts +498 -306
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js +108 -1
- package/dist/server/types.js.map +1 -0
- package/dist/server/users.d.ts +1 -0
- package/dist/server/{implementation/users.js → users.js} +54 -35
- package/dist/server/users.js.map +1 -0
- package/dist/server/utils.d.ts +1 -6
- package/dist/server/utils.js +110 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +49 -46
- package/src/authorization/index.ts +83 -0
- package/src/cli/bin.ts +5 -0
- package/src/cli/command.ts +6 -5
- package/src/cli/index.ts +456 -248
- package/src/cli/keys.ts +3 -0
- package/src/client/core/types.ts +437 -0
- package/src/client/factors/device.ts +160 -0
- package/src/client/factors/passkey.ts +282 -0
- package/src/client/factors/totp.ts +150 -0
- package/src/client/index.ts +745 -989
- package/src/client/runtime/browser.ts +112 -0
- package/src/client/runtime/invite.ts +65 -0
- package/src/client/runtime/proxy.ts +111 -0
- package/src/client/runtime/storage.ts +79 -0
- package/src/component/_generated/api.ts +42 -0
- package/src/component/_generated/component.ts +3123 -102
- package/src/component/functions.ts +38 -22
- package/src/component/index.ts +10 -20
- package/src/component/model.ts +449 -0
- package/src/component/public/enterprise/audit.ts +120 -0
- package/src/component/public/enterprise/core.ts +354 -0
- package/src/component/public/enterprise/domains.ts +323 -0
- package/src/component/public/enterprise/scim.ts +396 -0
- package/src/component/public/enterprise/secrets.ts +132 -0
- package/src/component/public/enterprise/webhooks.ts +306 -0
- package/src/component/public/factors/devices.ts +223 -0
- package/src/component/public/factors/passkeys.ts +242 -0
- package/src/component/public/factors/totp.ts +258 -0
- package/src/component/public/groups/core.ts +481 -0
- package/src/component/public/groups/invites.ts +602 -0
- package/src/component/public/groups/members.ts +409 -0
- package/src/component/public/identity/accounts.ts +206 -0
- package/src/component/public/identity/codes.ts +148 -0
- package/src/component/public/identity/sessions.ts +209 -0
- package/src/component/public/identity/tokens.ts +250 -0
- package/src/component/public/identity/users.ts +354 -0
- package/src/component/public/identity/verifiers.ts +157 -0
- package/src/component/public/security/keys.ts +365 -0
- package/src/component/public/security/limits.ts +173 -0
- package/src/component/public.ts +26 -1766
- package/src/component/schema.ts +273 -100
- package/src/providers/anonymous.ts +10 -20
- package/src/providers/credentials.ts +14 -22
- package/src/providers/device.ts +3 -14
- package/src/providers/email.ts +83 -47
- package/src/providers/index.ts +7 -0
- package/src/providers/oauth.ts +5 -3
- package/src/providers/passkey.ts +0 -13
- package/src/providers/password.ts +307 -130
- package/src/providers/phone.ts +81 -37
- package/src/providers/sso.ts +54 -0
- package/src/providers/totp.ts +0 -13
- package/src/samlify.d.ts +53 -0
- package/src/server/auth.ts +701 -247
- package/src/server/authError.ts +44 -0
- package/src/server/{providers.ts → config.ts} +84 -15
- package/src/server/cookies.ts +8 -1
- package/src/server/core.ts +2095 -0
- package/src/server/crypto.ts +88 -0
- package/src/server/{implementation/db.ts → db.ts} +90 -15
- package/src/server/device.ts +221 -0
- package/src/server/enterprise/config.ts +51 -0
- package/src/server/enterprise/domain.ts +1751 -0
- package/src/server/enterprise/http.ts +1324 -0
- package/src/server/enterprise/oidc.ts +500 -0
- package/src/server/enterprise/policy.ts +128 -0
- package/src/server/enterprise/saml.ts +578 -0
- package/src/server/enterprise/scim.ts +135 -0
- package/src/server/enterprise/shared.ts +134 -0
- package/src/server/enterprise/validators.ts +93 -0
- package/src/server/errors.ts +130 -119
- package/src/server/http.ts +531 -0
- package/src/server/identity.ts +18 -0
- package/src/server/index.ts +32 -650
- package/src/server/{implementation/keys.ts → keys.ts} +16 -44
- package/src/server/limits.ts +134 -0
- package/src/server/mounts.ts +948 -0
- package/src/server/mutations/account.ts +76 -0
- package/src/server/{implementation/mutations → mutations}/code.ts +22 -11
- package/src/server/mutations/index.ts +13 -0
- package/src/server/mutations/invalidate.ts +50 -0
- package/src/server/mutations/oauth.ts +237 -0
- package/src/server/mutations/refresh.ts +298 -0
- package/src/server/mutations/register.ts +200 -0
- package/src/server/mutations/retrieve.ts +109 -0
- package/src/server/mutations/signature.ts +50 -0
- package/src/server/{implementation/mutations → mutations}/signin.ts +9 -7
- package/src/server/mutations/signout.ts +43 -0
- package/src/server/mutations/store/refs.ts +10 -0
- package/src/server/mutations/store.ts +138 -0
- package/src/server/mutations/verifier.ts +34 -0
- package/src/server/mutations/verify.ts +202 -0
- package/src/server/oauth.ts +243 -131
- package/src/server/passkey.ts +784 -0
- package/src/server/{implementation/redirects.ts → redirects.ts} +21 -16
- package/src/server/refresh.ts +222 -0
- package/src/server/runtime.ts +880 -0
- package/src/server/{implementation/sessions.ts → sessions.ts} +33 -25
- package/src/server/signin.ts +438 -0
- package/src/server/ssr.ts +1764 -0
- package/src/server/templates.ts +8 -3
- package/src/server/{implementation/tokens.ts → tokens.ts} +11 -5
- package/src/server/totp.ts +349 -0
- package/src/server/types.ts +972 -207
- package/src/server/{implementation/users.ts → users.ts} +129 -75
- package/src/server/utils.ts +192 -5
- package/src/test.ts +28 -4
- package/dist/bin.cjs +0 -27757
- package/dist/component/providers/email.js +0 -47
- package/dist/component/providers/email.js.map +0 -1
- package/dist/component/public.js.map +0 -1
- package/dist/component/server/implementation/db.js.map +0 -1
- package/dist/component/server/implementation/device.js +0 -135
- package/dist/component/server/implementation/device.js.map +0 -1
- package/dist/component/server/implementation/index.d.ts +0 -870
- package/dist/component/server/implementation/index.d.ts.map +0 -1
- package/dist/component/server/implementation/index.js +0 -610
- package/dist/component/server/implementation/index.js.map +0 -1
- package/dist/component/server/implementation/keys.js.map +0 -1
- package/dist/component/server/implementation/mutations/account.js +0 -39
- package/dist/component/server/implementation/mutations/account.js.map +0 -1
- package/dist/component/server/implementation/mutations/code.js.map +0 -1
- package/dist/component/server/implementation/mutations/index.js +0 -70
- package/dist/component/server/implementation/mutations/index.js.map +0 -1
- package/dist/component/server/implementation/mutations/invalidate.js +0 -29
- package/dist/component/server/implementation/mutations/invalidate.js.map +0 -1
- package/dist/component/server/implementation/mutations/oauth.js +0 -51
- package/dist/component/server/implementation/mutations/oauth.js.map +0 -1
- package/dist/component/server/implementation/mutations/refresh.js +0 -85
- package/dist/component/server/implementation/mutations/refresh.js.map +0 -1
- package/dist/component/server/implementation/mutations/register.js +0 -65
- package/dist/component/server/implementation/mutations/register.js.map +0 -1
- package/dist/component/server/implementation/mutations/retrieve.js +0 -50
- package/dist/component/server/implementation/mutations/retrieve.js.map +0 -1
- package/dist/component/server/implementation/mutations/signature.js +0 -27
- package/dist/component/server/implementation/mutations/signature.js.map +0 -1
- package/dist/component/server/implementation/mutations/signin.js.map +0 -1
- package/dist/component/server/implementation/mutations/signout.js +0 -27
- package/dist/component/server/implementation/mutations/signout.js.map +0 -1
- package/dist/component/server/implementation/mutations/store.js +0 -12
- package/dist/component/server/implementation/mutations/store.js.map +0 -1
- package/dist/component/server/implementation/mutations/verifier.js +0 -16
- package/dist/component/server/implementation/mutations/verifier.js.map +0 -1
- package/dist/component/server/implementation/mutations/verify.js +0 -105
- package/dist/component/server/implementation/mutations/verify.js.map +0 -1
- package/dist/component/server/implementation/passkey.js +0 -307
- package/dist/component/server/implementation/passkey.js.map +0 -1
- package/dist/component/server/implementation/provider.js +0 -19
- package/dist/component/server/implementation/provider.js.map +0 -1
- package/dist/component/server/implementation/ratelimit.js +0 -48
- package/dist/component/server/implementation/ratelimit.js.map +0 -1
- package/dist/component/server/implementation/redirects.js.map +0 -1
- package/dist/component/server/implementation/refresh.js +0 -109
- package/dist/component/server/implementation/refresh.js.map +0 -1
- package/dist/component/server/implementation/sessions.js.map +0 -1
- package/dist/component/server/implementation/signin.js +0 -148
- package/dist/component/server/implementation/signin.js.map +0 -1
- package/dist/component/server/implementation/tokens.js +0 -15
- package/dist/component/server/implementation/tokens.js.map +0 -1
- package/dist/component/server/implementation/totp.js +0 -142
- package/dist/component/server/implementation/totp.js.map +0 -1
- package/dist/component/server/implementation/types.d.ts +0 -42
- package/dist/component/server/implementation/types.d.ts.map +0 -1
- package/dist/component/server/implementation/types.js.map +0 -1
- package/dist/component/server/implementation/users.js.map +0 -1
- package/dist/component/server/implementation/utils.js +0 -56
- package/dist/component/server/implementation/utils.js.map +0 -1
- package/dist/component/server/providers.js.map +0 -1
- package/dist/component/server/templates.js +0 -84
- package/dist/component/server/templates.js.map +0 -1
- package/dist/server/cookies.d.ts.map +0 -1
- package/dist/server/implementation/db.d.ts +0 -86
- package/dist/server/implementation/db.d.ts.map +0 -1
- package/dist/server/implementation/db.js.map +0 -1
- package/dist/server/implementation/device.d.ts +0 -30
- package/dist/server/implementation/device.d.ts.map +0 -1
- package/dist/server/implementation/device.js +0 -135
- package/dist/server/implementation/device.js.map +0 -1
- package/dist/server/implementation/index.d.ts +0 -870
- package/dist/server/implementation/index.d.ts.map +0 -1
- package/dist/server/implementation/index.js +0 -610
- package/dist/server/implementation/index.js.map +0 -1
- package/dist/server/implementation/keys.d.ts +0 -66
- package/dist/server/implementation/keys.d.ts.map +0 -1
- package/dist/server/implementation/keys.js.map +0 -1
- package/dist/server/implementation/mutations/account.d.ts +0 -27
- package/dist/server/implementation/mutations/account.d.ts.map +0 -1
- package/dist/server/implementation/mutations/account.js +0 -39
- package/dist/server/implementation/mutations/account.js.map +0 -1
- package/dist/server/implementation/mutations/code.d.ts +0 -29
- package/dist/server/implementation/mutations/code.d.ts.map +0 -1
- package/dist/server/implementation/mutations/code.js.map +0 -1
- package/dist/server/implementation/mutations/index.d.ts +0 -310
- package/dist/server/implementation/mutations/index.d.ts.map +0 -1
- package/dist/server/implementation/mutations/index.js +0 -70
- package/dist/server/implementation/mutations/index.js.map +0 -1
- package/dist/server/implementation/mutations/invalidate.d.ts +0 -18
- package/dist/server/implementation/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/implementation/mutations/invalidate.js +0 -29
- package/dist/server/implementation/mutations/invalidate.js.map +0 -1
- package/dist/server/implementation/mutations/oauth.d.ts +0 -23
- package/dist/server/implementation/mutations/oauth.d.ts.map +0 -1
- package/dist/server/implementation/mutations/oauth.js +0 -51
- package/dist/server/implementation/mutations/oauth.js.map +0 -1
- package/dist/server/implementation/mutations/refresh.d.ts +0 -20
- package/dist/server/implementation/mutations/refresh.d.ts.map +0 -1
- package/dist/server/implementation/mutations/refresh.js +0 -85
- package/dist/server/implementation/mutations/refresh.js.map +0 -1
- package/dist/server/implementation/mutations/register.d.ts +0 -37
- package/dist/server/implementation/mutations/register.d.ts.map +0 -1
- package/dist/server/implementation/mutations/register.js +0 -65
- package/dist/server/implementation/mutations/register.js.map +0 -1
- package/dist/server/implementation/mutations/retrieve.d.ts +0 -31
- package/dist/server/implementation/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/implementation/mutations/retrieve.js +0 -50
- package/dist/server/implementation/mutations/retrieve.js.map +0 -1
- package/dist/server/implementation/mutations/signature.d.ts +0 -19
- package/dist/server/implementation/mutations/signature.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signature.js +0 -27
- package/dist/server/implementation/mutations/signature.js.map +0 -1
- package/dist/server/implementation/mutations/signin.d.ts +0 -21
- package/dist/server/implementation/mutations/signin.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signin.js.map +0 -1
- package/dist/server/implementation/mutations/signout.d.ts +0 -14
- package/dist/server/implementation/mutations/signout.d.ts.map +0 -1
- package/dist/server/implementation/mutations/signout.js +0 -27
- package/dist/server/implementation/mutations/signout.js.map +0 -1
- package/dist/server/implementation/mutations/store.d.ts +0 -11
- package/dist/server/implementation/mutations/store.d.ts.map +0 -1
- package/dist/server/implementation/mutations/store.js +0 -12
- package/dist/server/implementation/mutations/store.js.map +0 -1
- package/dist/server/implementation/mutations/verifier.d.ts +0 -11
- package/dist/server/implementation/mutations/verifier.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verifier.js +0 -16
- package/dist/server/implementation/mutations/verifier.js.map +0 -1
- package/dist/server/implementation/mutations/verify.d.ts +0 -25
- package/dist/server/implementation/mutations/verify.d.ts.map +0 -1
- package/dist/server/implementation/mutations/verify.js +0 -105
- package/dist/server/implementation/mutations/verify.js.map +0 -1
- package/dist/server/implementation/passkey.d.ts +0 -24
- package/dist/server/implementation/passkey.d.ts.map +0 -1
- package/dist/server/implementation/passkey.js +0 -307
- package/dist/server/implementation/passkey.js.map +0 -1
- package/dist/server/implementation/provider.d.ts +0 -10
- package/dist/server/implementation/provider.d.ts.map +0 -1
- package/dist/server/implementation/provider.js +0 -19
- package/dist/server/implementation/provider.js.map +0 -1
- package/dist/server/implementation/ratelimit.d.ts +0 -10
- package/dist/server/implementation/ratelimit.d.ts.map +0 -1
- package/dist/server/implementation/ratelimit.js +0 -48
- package/dist/server/implementation/ratelimit.js.map +0 -1
- package/dist/server/implementation/redirects.d.ts +0 -10
- package/dist/server/implementation/redirects.d.ts.map +0 -1
- package/dist/server/implementation/redirects.js.map +0 -1
- package/dist/server/implementation/refresh.d.ts +0 -37
- package/dist/server/implementation/refresh.d.ts.map +0 -1
- package/dist/server/implementation/refresh.js +0 -109
- package/dist/server/implementation/refresh.js.map +0 -1
- package/dist/server/implementation/sessions.d.ts +0 -29
- package/dist/server/implementation/sessions.d.ts.map +0 -1
- package/dist/server/implementation/sessions.js.map +0 -1
- package/dist/server/implementation/signin.d.ts +0 -55
- package/dist/server/implementation/signin.d.ts.map +0 -1
- package/dist/server/implementation/signin.js +0 -148
- package/dist/server/implementation/signin.js.map +0 -1
- package/dist/server/implementation/tokens.d.ts +0 -11
- package/dist/server/implementation/tokens.d.ts.map +0 -1
- package/dist/server/implementation/tokens.js +0 -15
- package/dist/server/implementation/tokens.js.map +0 -1
- package/dist/server/implementation/totp.d.ts +0 -31
- package/dist/server/implementation/totp.d.ts.map +0 -1
- package/dist/server/implementation/totp.js +0 -142
- package/dist/server/implementation/totp.js.map +0 -1
- package/dist/server/implementation/types.d.ts +0 -189
- package/dist/server/implementation/types.d.ts.map +0 -1
- package/dist/server/implementation/types.js +0 -97
- package/dist/server/implementation/types.js.map +0 -1
- package/dist/server/implementation/users.d.ts +0 -30
- package/dist/server/implementation/users.d.ts.map +0 -1
- package/dist/server/implementation/users.js.map +0 -1
- package/dist/server/implementation/utils.d.ts +0 -19
- package/dist/server/implementation/utils.d.ts.map +0 -1
- package/dist/server/implementation/utils.js +0 -56
- package/dist/server/implementation/utils.js.map +0 -1
- package/dist/server/index.d.ts.map +0 -1
- package/dist/server/index.js.map +0 -1
- package/dist/server/oauth.d.ts.map +0 -1
- package/dist/server/providers.d.ts +0 -72
- package/dist/server/providers.d.ts.map +0 -1
- package/dist/server/providers.js.map +0 -1
- package/dist/server/templates.d.ts.map +0 -1
- package/dist/server/utils.d.ts.map +0 -1
- package/dist/server/version.d.ts +0 -5
- package/dist/server/version.d.ts.map +0 -1
- package/dist/server/version.js +0 -6
- package/dist/server/version.js.map +0 -1
- package/src/cli/utils.ts +0 -248
- package/src/server/implementation/device.ts +0 -307
- package/src/server/implementation/index.ts +0 -1583
- package/src/server/implementation/mutations/account.ts +0 -50
- package/src/server/implementation/mutations/index.ts +0 -157
- package/src/server/implementation/mutations/invalidate.ts +0 -42
- package/src/server/implementation/mutations/oauth.ts +0 -73
- package/src/server/implementation/mutations/refresh.ts +0 -175
- package/src/server/implementation/mutations/register.ts +0 -100
- package/src/server/implementation/mutations/retrieve.ts +0 -79
- package/src/server/implementation/mutations/signature.ts +0 -39
- package/src/server/implementation/mutations/signout.ts +0 -35
- package/src/server/implementation/mutations/store.ts +0 -7
- package/src/server/implementation/mutations/verifier.ts +0 -24
- package/src/server/implementation/mutations/verify.ts +0 -194
- package/src/server/implementation/passkey.ts +0 -620
- package/src/server/implementation/provider.ts +0 -36
- package/src/server/implementation/ratelimit.ts +0 -79
- package/src/server/implementation/refresh.ts +0 -172
- package/src/server/implementation/signin.ts +0 -296
- package/src/server/implementation/totp.ts +0 -342
- package/src/server/implementation/types.ts +0 -444
- package/src/server/implementation/utils.ts +0 -91
- package/src/server/version.ts +0 -2
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { Credentials } from "./credentials.js";
|
|
2
|
-
import {
|
|
2
|
+
import { scryptAsync } from "@noble/hashes/scrypt.js";
|
|
3
|
+
import { bytesToHex } from "@noble/hashes/utils.js";
|
|
4
|
+
import { Fx } from "@robelest/fx";
|
|
3
5
|
|
|
4
6
|
//#region src/providers/password.ts
|
|
5
7
|
/**
|
|
@@ -23,10 +25,28 @@ import { Scrypt } from "lucia";
|
|
|
23
25
|
*
|
|
24
26
|
* @module
|
|
25
27
|
*/
|
|
28
|
+
const PASSWORD_FLOW_TAG = {
|
|
29
|
+
signUp: "signUp",
|
|
30
|
+
signIn: "signIn",
|
|
31
|
+
reset: "reset",
|
|
32
|
+
"reset-verification": "resetVerification",
|
|
33
|
+
"email-verification": "emailVerification"
|
|
34
|
+
};
|
|
35
|
+
function decodePasswordFlow(flow) {
|
|
36
|
+
if (typeof flow !== "string") return {
|
|
37
|
+
tag: "invalid",
|
|
38
|
+
flow
|
|
39
|
+
};
|
|
40
|
+
const tag = PASSWORD_FLOW_TAG[flow];
|
|
41
|
+
return tag === void 0 ? {
|
|
42
|
+
tag: "invalid",
|
|
43
|
+
flow
|
|
44
|
+
} : { tag };
|
|
45
|
+
}
|
|
26
46
|
/**
|
|
27
47
|
* Email and password authentication provider.
|
|
28
48
|
*
|
|
29
|
-
* Passwords are by default hashed using
|
|
49
|
+
* Passwords are by default hashed using scrypt.
|
|
30
50
|
* You can customize the hashing via the `crypto` option.
|
|
31
51
|
*
|
|
32
52
|
* Email verification is not required unless you pass
|
|
@@ -55,94 +75,135 @@ var Password = class {
|
|
|
55
75
|
return new Credentials({
|
|
56
76
|
id: "password",
|
|
57
77
|
authorize: async (params, ctx) => {
|
|
58
|
-
const
|
|
59
|
-
const
|
|
60
|
-
|
|
61
|
-
|
|
78
|
+
const flowDispatch = decodePasswordFlow(params.flow);
|
|
79
|
+
const validatePasswordRequirements = (password) => {
|
|
80
|
+
if (config.validatePasswordRequirements !== void 0) {
|
|
81
|
+
config.validatePasswordRequirements(password);
|
|
82
|
+
return;
|
|
83
|
+
}
|
|
84
|
+
validateDefaultPasswordRequirements(password);
|
|
85
|
+
};
|
|
86
|
+
await Fx.run(Fx.match(flowDispatch, flowDispatch.tag, {
|
|
87
|
+
signUp: () => Fx.sync(() => {
|
|
88
|
+
validatePasswordRequirements(params.password);
|
|
89
|
+
}),
|
|
90
|
+
resetVerification: () => Fx.sync(() => {
|
|
91
|
+
validatePasswordRequirements(params.newPassword);
|
|
92
|
+
}),
|
|
93
|
+
signIn: () => Fx.succeed(void 0),
|
|
94
|
+
reset: () => Fx.succeed(void 0),
|
|
95
|
+
emailVerification: () => Fx.succeed(void 0),
|
|
96
|
+
invalid: () => Fx.succeed(void 0)
|
|
97
|
+
}));
|
|
62
98
|
const profile = config.profile?.(params, ctx) ?? defaultProfile(params);
|
|
63
99
|
const { email } = profile;
|
|
64
|
-
const
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
account: {
|
|
72
|
-
id: email,
|
|
73
|
-
secret
|
|
74
|
-
},
|
|
75
|
-
profile,
|
|
76
|
-
shouldLinkViaEmail: config.verify !== void 0,
|
|
77
|
-
shouldLinkViaPhone: false
|
|
78
|
-
});
|
|
79
|
-
({account, user} = created);
|
|
80
|
-
} else if (flow === "signIn") {
|
|
81
|
-
if (secret === void 0) throw new Error("Missing `password` param for `signIn` flow");
|
|
82
|
-
const retrieved = await ctx.auth.account.get(ctx, {
|
|
83
|
-
provider,
|
|
84
|
-
account: {
|
|
85
|
-
id: email,
|
|
86
|
-
secret
|
|
87
|
-
}
|
|
88
|
-
});
|
|
89
|
-
if (retrieved === null) throw new Error("Invalid credentials");
|
|
90
|
-
({account, user} = retrieved);
|
|
91
|
-
} else if (flow === "reset") {
|
|
92
|
-
if (!config.reset) throw new Error(`Password reset is not enabled for ${provider}`);
|
|
93
|
-
const { account: account$1 } = await ctx.auth.account.get(ctx, {
|
|
94
|
-
provider,
|
|
95
|
-
account: { id: email }
|
|
96
|
-
});
|
|
97
|
-
return await ctx.auth.provider.signIn(ctx, config.reset, {
|
|
98
|
-
accountId: account$1._id,
|
|
100
|
+
const requirePasswordParam = (value, flow) => {
|
|
101
|
+
if (typeof value !== "string" || value.length === 0) throw new Error(`Missing \`password\` param for \`${flow}\` flow`);
|
|
102
|
+
return value;
|
|
103
|
+
};
|
|
104
|
+
const finalizeCredentialsResult = async (account, user) => {
|
|
105
|
+
if (config.verify && !account.emailVerified) return await ctx.auth.provider.signIn(ctx, config.verify, {
|
|
106
|
+
accountId: account._id,
|
|
99
107
|
params
|
|
100
108
|
});
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
109
|
+
return { userId: user._id };
|
|
110
|
+
};
|
|
111
|
+
return await Fx.run(Fx.match(flowDispatch, flowDispatch.tag, {
|
|
112
|
+
signUp: () => Fx.from({
|
|
113
|
+
ok: async () => {
|
|
114
|
+
const secret = requirePasswordParam(params.password, "signUp");
|
|
115
|
+
const created = await ctx.auth.account.create(ctx, {
|
|
116
|
+
provider,
|
|
117
|
+
account: {
|
|
118
|
+
id: email,
|
|
119
|
+
secret
|
|
120
|
+
},
|
|
121
|
+
profile,
|
|
122
|
+
shouldLinkViaEmail: config.verify !== void 0,
|
|
123
|
+
shouldLinkViaPhone: false
|
|
124
|
+
});
|
|
125
|
+
return await finalizeCredentialsResult(created.account, created.user);
|
|
126
|
+
},
|
|
127
|
+
err: (e) => e
|
|
128
|
+
}),
|
|
129
|
+
signIn: () => Fx.from({
|
|
130
|
+
ok: async () => {
|
|
131
|
+
const secret = requirePasswordParam(params.password, "signIn");
|
|
132
|
+
const retrieved = await ctx.auth.account.get(ctx, {
|
|
133
|
+
provider,
|
|
134
|
+
account: {
|
|
135
|
+
id: email,
|
|
136
|
+
secret
|
|
137
|
+
}
|
|
138
|
+
});
|
|
139
|
+
if (retrieved === null) throw new Error("Invalid credentials");
|
|
140
|
+
return await finalizeCredentialsResult(retrieved.account, retrieved.user);
|
|
141
|
+
},
|
|
142
|
+
err: (e) => e
|
|
143
|
+
}),
|
|
144
|
+
reset: () => Fx.from({
|
|
145
|
+
ok: async () => {
|
|
146
|
+
if (!config.reset) throw new Error(`Password reset is not enabled for ${provider}`);
|
|
147
|
+
const { account } = await ctx.auth.account.get(ctx, {
|
|
148
|
+
provider,
|
|
149
|
+
account: { id: email }
|
|
150
|
+
});
|
|
151
|
+
return await ctx.auth.provider.signIn(ctx, config.reset, {
|
|
152
|
+
accountId: account._id,
|
|
153
|
+
params
|
|
154
|
+
});
|
|
155
|
+
},
|
|
156
|
+
err: (e) => e
|
|
157
|
+
}),
|
|
158
|
+
resetVerification: () => Fx.from({
|
|
159
|
+
ok: async () => {
|
|
160
|
+
if (!config.reset) throw new Error(`Password reset is not enabled for ${provider}`);
|
|
161
|
+
if (params.newPassword === void 0) throw new Error("Missing `newPassword` param for `reset-verification` flow");
|
|
162
|
+
const result = await ctx.auth.provider.signIn(ctx, config.reset, { params });
|
|
163
|
+
if (result === null) throw new Error("Invalid code");
|
|
164
|
+
const { userId, sessionId } = result;
|
|
165
|
+
const secret = params.newPassword;
|
|
166
|
+
await ctx.auth.account.update(ctx, {
|
|
167
|
+
provider,
|
|
168
|
+
account: {
|
|
169
|
+
id: email,
|
|
170
|
+
secret
|
|
171
|
+
}
|
|
172
|
+
});
|
|
173
|
+
await ctx.auth.session.invalidate(ctx, {
|
|
174
|
+
userId,
|
|
175
|
+
except: [sessionId]
|
|
176
|
+
});
|
|
177
|
+
return {
|
|
178
|
+
userId,
|
|
179
|
+
sessionId
|
|
180
|
+
};
|
|
181
|
+
},
|
|
182
|
+
err: (e) => e
|
|
183
|
+
}),
|
|
184
|
+
emailVerification: () => Fx.from({
|
|
185
|
+
ok: async () => {
|
|
186
|
+
if (!config.verify) throw new Error(`Email verification is not enabled for ${provider}`);
|
|
187
|
+
const { account } = await ctx.auth.account.get(ctx, {
|
|
188
|
+
provider,
|
|
189
|
+
account: { id: email }
|
|
190
|
+
});
|
|
191
|
+
return await ctx.auth.provider.signIn(ctx, config.verify, {
|
|
192
|
+
accountId: account._id,
|
|
193
|
+
params
|
|
194
|
+
});
|
|
195
|
+
},
|
|
196
|
+
err: (e) => e
|
|
197
|
+
}),
|
|
198
|
+
invalid: () => Fx.fatal(/* @__PURE__ */ new Error("Missing `flow` param, it must be one of \"signUp\", \"signIn\", \"reset\", \"reset-verification\" or \"email-verification\"!"))
|
|
199
|
+
}));
|
|
139
200
|
},
|
|
140
201
|
crypto: config.crypto ?? {
|
|
141
202
|
async hashSecret(password) {
|
|
142
|
-
return await
|
|
203
|
+
return await hashPassword(password);
|
|
143
204
|
},
|
|
144
205
|
async verifySecret(password, hash) {
|
|
145
|
-
return await
|
|
206
|
+
return await verifyPassword(password, hash);
|
|
146
207
|
}
|
|
147
208
|
},
|
|
148
209
|
extraProviders: [config.reset, config.verify],
|
|
@@ -150,19 +211,58 @@ var Password = class {
|
|
|
150
211
|
})._toMaterialized();
|
|
151
212
|
}
|
|
152
213
|
};
|
|
153
|
-
/**
|
|
154
|
-
* @deprecated Use `new Password(config)` instead.
|
|
155
|
-
*/
|
|
156
|
-
function password(config = {}) {
|
|
157
|
-
return new Password(config)._toMaterialized();
|
|
158
|
-
}
|
|
159
214
|
function validateDefaultPasswordRequirements(password) {
|
|
160
215
|
if (!password || password.length < 8) throw new Error("Invalid password");
|
|
161
216
|
}
|
|
162
217
|
function defaultProfile(params) {
|
|
163
|
-
|
|
218
|
+
const email = params.email;
|
|
219
|
+
if (typeof email !== "string" || email.trim().length === 0) throw new Error("Missing `email` param");
|
|
220
|
+
return { email };
|
|
221
|
+
}
|
|
222
|
+
const PASSWORD_HASH_PARAMS = {
|
|
223
|
+
N: 16384,
|
|
224
|
+
r: 16,
|
|
225
|
+
p: 1,
|
|
226
|
+
dkLen: 64
|
|
227
|
+
};
|
|
228
|
+
const PASSWORD_HASH_PREFIX = `scrypt:N=${PASSWORD_HASH_PARAMS.N},r=${PASSWORD_HASH_PARAMS.r},p=${PASSWORD_HASH_PARAMS.p},dkLen=${PASSWORD_HASH_PARAMS.dkLen}`;
|
|
229
|
+
async function hashPassword(password) {
|
|
230
|
+
const salt = crypto.getRandomValues(new Uint8Array(32));
|
|
231
|
+
const hash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);
|
|
232
|
+
return `${PASSWORD_HASH_PREFIX}$${bytesToHex(salt)}$${bytesToHex(hash)}`;
|
|
233
|
+
}
|
|
234
|
+
async function verifyPassword(password, storedHash) {
|
|
235
|
+
const [prefix, saltHex, hashHex] = storedHash.split("$");
|
|
236
|
+
if (prefix !== PASSWORD_HASH_PREFIX || saltHex === void 0 || hashHex === void 0) return false;
|
|
237
|
+
let salt;
|
|
238
|
+
let expectedHash;
|
|
239
|
+
try {
|
|
240
|
+
salt = hexToBytes(saltHex);
|
|
241
|
+
expectedHash = hexToBytes(hashHex);
|
|
242
|
+
} catch {
|
|
243
|
+
return false;
|
|
244
|
+
}
|
|
245
|
+
if (salt.length !== 32 || expectedHash.length !== PASSWORD_HASH_PARAMS.dkLen) return false;
|
|
246
|
+
return constantTimeEqual(await scryptAsync(password, salt, PASSWORD_HASH_PARAMS), expectedHash);
|
|
247
|
+
}
|
|
248
|
+
function hexToBytes(hex) {
|
|
249
|
+
if (hex.length % 2 !== 0) throw new Error("Invalid password hash");
|
|
250
|
+
const bytes = new Uint8Array(hex.length / 2);
|
|
251
|
+
for (let i = 0; i < bytes.length; i++) {
|
|
252
|
+
const start = i * 2;
|
|
253
|
+
const value = Number.parseInt(hex.slice(start, start + 2), 16);
|
|
254
|
+
if (Number.isNaN(value)) throw new Error("Invalid password hash");
|
|
255
|
+
bytes[i] = value;
|
|
256
|
+
}
|
|
257
|
+
return bytes;
|
|
258
|
+
}
|
|
259
|
+
function constantTimeEqual(left, right) {
|
|
260
|
+
if (left.length !== right.length) return false;
|
|
261
|
+
let diff = 0;
|
|
262
|
+
for (let i = 0; i < left.length; i++) diff |= left[i] ^ right[i];
|
|
263
|
+
return diff === 0;
|
|
164
264
|
}
|
|
165
265
|
|
|
166
266
|
//#endregion
|
|
167
|
-
export { Password
|
|
267
|
+
export { Password };
|
|
168
268
|
//# sourceMappingURL=password.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password.js","names":["account","secret"],"sources":["../../src/providers/password.ts"],"sourcesContent":["/**\n * Configure {@link Password} provider for email/password authentication.\n *\n * The `Password` provider supports the following flows, determined\n * by the `flow` parameter:\n *\n * - `\"signUp\"`: Create a new account with a password.\n * - `\"signIn\"`: Sign in with an existing account and password.\n * - `\"reset\"`: Request a password reset.\n * - `\"reset-verification\"`: Verify a password reset code and change password.\n * - `\"email-verification\"`: If email verification is enabled and `code` is\n * included in params, verify an OTP.\n *\n * ```ts\n * import { Password } from \"@robelest/convex-auth/providers\";\n *\n * new Password()\n * ```\n *\n * @module\n */\n\nimport { Credentials, type CredentialsConfig } from \"./credentials\";\nimport type {\n EmailConfig,\n GenericActionCtxWithAuthConfig,\n GenericDoc,\n AuthProviderConfig,\n ConvexCredentialsConfig,\n} from \"../server/types\";\nimport {\n DocumentByName,\n GenericDataModel,\n WithoutSystemFields,\n} from \"convex/server\";\nimport { Value } from \"convex/values\";\nimport { Scrypt } from \"lucia\";\n\n/**\n * The available options to a {@link Password} provider for Convex Auth.\n */\nexport interface PasswordConfig<DataModel extends GenericDataModel> {\n /**\n * Uniquely identifies the provider, allowing to use\n * multiple different {@link Password} providers.\n */\n id?: string;\n /**\n * Perform checks on provided params and customize the user\n * information stored after sign up, including email normalization.\n *\n * Called for every flow (\"signUp\", \"signIn\", \"reset\",\n * \"reset-verification\" and \"email-verification\").\n */\n profile?: (\n /**\n * The values passed to the `signIn` function.\n */\n params: Record<string, Value | undefined>,\n /**\n * Convex ActionCtx in case you want to read from or write to\n * the database.\n */\n ctx: GenericActionCtxWithAuthConfig<DataModel>,\n ) => WithoutSystemFields<DocumentByName<DataModel, \"user\">> & {\n email: string;\n };\n /**\n * Performs custom validation on password provided during sign up or reset.\n *\n * Otherwise the default validation is used (password is not empty and\n * at least 8 characters in length).\n *\n * If the provided password is invalid, implementations must throw an Error.\n *\n * @param password the password supplied during \"signUp\" or\n * \"reset-verification\" flows.\n */\n validatePasswordRequirements?: (password: string) => void;\n /**\n * Provide hashing and verification functions if you want to control\n * how passwords are hashed.\n */\n crypto?: CredentialsConfig[\"crypto\"];\n /**\n * An Auth.js email provider used to require verification\n * before password reset.\n */\n reset?: EmailConfig | ((...args: any) => EmailConfig);\n /**\n * An Auth.js email provider used to require verification\n * before sign up / sign in.\n */\n verify?: EmailConfig | ((...args: any) => EmailConfig);\n}\n\n/**\n * Email and password authentication provider.\n *\n * Passwords are by default hashed using Scrypt from Lucia.\n * You can customize the hashing via the `crypto` option.\n *\n * Email verification is not required unless you pass\n * an email provider to the `verify` option.\n *\n * @example\n * ```ts\n * import { Password } from \"@robelest/convex-auth/providers\";\n *\n * new Password()\n * new Password({ verify: myEmailProvider })\n * ```\n */\nexport class Password<DataModel extends GenericDataModel = GenericDataModel> {\n readonly id: string;\n readonly type = \"credentials\" as const;\n readonly config: PasswordConfig<DataModel>;\n\n constructor(config: PasswordConfig<DataModel> = {} as PasswordConfig<DataModel>) {\n this.id = config.id ?? \"password\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): ConvexCredentialsConfig {\n const config = this.config;\n const provider = this.id;\n\n return new Credentials<DataModel>({\n id: \"password\",\n authorize: async (params, ctx) => {\n const flow = params.flow as string;\n const passwordToValidate =\n flow === \"signUp\"\n ? (params.password as string)\n : flow === \"reset-verification\"\n ? (params.newPassword as string)\n : null;\n if (passwordToValidate !== null) {\n if (config.validatePasswordRequirements !== undefined) {\n config.validatePasswordRequirements(passwordToValidate);\n } else {\n validateDefaultPasswordRequirements(passwordToValidate);\n }\n }\n const profile = config.profile?.(params, ctx) ?? defaultProfile(params);\n const { email } = profile;\n const secret = params.password as string;\n let account: GenericDoc<DataModel, \"account\">;\n let user: GenericDoc<DataModel, \"user\">;\n if (flow === \"signUp\") {\n if (secret === undefined) {\n throw new Error(\"Missing `password` param for `signUp` flow\");\n }\n const created = await ctx.auth.account.create(ctx, {\n provider,\n account: { id: email, secret },\n profile: profile as any,\n shouldLinkViaEmail: config.verify !== undefined,\n shouldLinkViaPhone: false,\n });\n ({ account, user } = created);\n } else if (flow === \"signIn\") {\n if (secret === undefined) {\n throw new Error(\"Missing `password` param for `signIn` flow\");\n }\n const retrieved = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email, secret },\n });\n if (retrieved === null) {\n throw new Error(\"Invalid credentials\");\n }\n ({ account, user } = retrieved);\n } else if (flow === \"reset\") {\n if (!config.reset) {\n throw new Error(`Password reset is not enabled for ${provider}`);\n }\n const { account } = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email },\n });\n return await ctx.auth.provider.signIn(ctx, config.reset as AuthProviderConfig, {\n accountId: account._id,\n params,\n });\n } else if (flow === \"reset-verification\") {\n if (!config.reset) {\n throw new Error(`Password reset is not enabled for ${provider}`);\n }\n if (params.newPassword === undefined) {\n throw new Error(\n \"Missing `newPassword` param for `reset-verification` flow\",\n );\n }\n const result = await ctx.auth.provider.signIn(\n ctx,\n config.reset as AuthProviderConfig,\n { params },\n );\n if (result === null) {\n throw new Error(\"Invalid code\");\n }\n const { userId, sessionId } = result;\n const secret = params.newPassword as string;\n await ctx.auth.account.update(ctx, {\n provider,\n account: { id: email, secret },\n });\n await ctx.auth.session.invalidate(ctx, { userId, except: [sessionId] });\n return { userId, sessionId };\n } else if (flow === \"email-verification\") {\n if (!config.verify) {\n throw new Error(\n `Email verification is not enabled for ${provider}`,\n );\n }\n const { account } = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email },\n });\n return await ctx.auth.provider.signIn(ctx, config.verify as AuthProviderConfig, {\n accountId: account._id,\n params,\n });\n } else {\n throw new Error(\n \"Missing `flow` param, it must be one of \" +\n '\"signUp\", \"signIn\", \"reset\", \"reset-verification\" or ' +\n '\"email-verification\"!',\n );\n }\n if (config.verify && !account.emailVerified) {\n return await ctx.auth.provider.signIn(ctx, config.verify as AuthProviderConfig, {\n accountId: account._id,\n params,\n });\n }\n return { userId: user._id };\n },\n crypto: config.crypto ?? {\n async hashSecret(password: string) {\n return await new Scrypt().hash(password);\n },\n async verifySecret(password: string, hash: string) {\n return await new Scrypt().verify(hash, password);\n },\n },\n extraProviders: [\n config.reset as AuthProviderConfig | undefined,\n config.verify as AuthProviderConfig | undefined,\n ],\n ...config,\n })._toMaterialized();\n }\n}\n\n// ============================================================================\n// Backward-compatible default export\n// ============================================================================\n\n/**\n * @deprecated Use `new Password(config)` instead.\n */\nexport default function password<DataModel extends GenericDataModel>(\n config: PasswordConfig<DataModel> = {} as PasswordConfig<DataModel>,\n): ConvexCredentialsConfig {\n return new Password(config)._toMaterialized();\n}\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\nfunction validateDefaultPasswordRequirements(password: string) {\n if (!password || password.length < 8) {\n throw new Error(\"Invalid password\");\n }\n}\n\nfunction defaultProfile(params: Record<string, unknown>) {\n return {\n email: params.email as string,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiHA,IAAa,WAAb,MAA6E;CAC3E,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,SAAoC,EAAE,EAA+B;AAC/E,OAAK,KAAK,OAAO,MAAM;AACvB,OAAK,SAAS;;;CAIhB,kBAA2C;EACzC,MAAM,SAAS,KAAK;EACpB,MAAM,WAAW,KAAK;AAEtB,SAAO,IAAI,YAAuB;GAChC,IAAI;GACJ,WAAW,OAAO,QAAQ,QAAQ;IAChC,MAAM,OAAO,OAAO;IACpB,MAAM,qBACJ,SAAS,WACJ,OAAO,WACR,SAAS,uBACN,OAAO,cACR;AACR,QAAI,uBAAuB,KACzB,KAAI,OAAO,iCAAiC,OAC1C,QAAO,6BAA6B,mBAAmB;QAEvD,qCAAoC,mBAAmB;IAG3D,MAAM,UAAU,OAAO,UAAU,QAAQ,IAAI,IAAI,eAAe,OAAO;IACvE,MAAM,EAAE,UAAU;IAClB,MAAM,SAAS,OAAO;IACtB,IAAI;IACJ,IAAI;AACJ,QAAI,SAAS,UAAU;AACrB,SAAI,WAAW,OACb,OAAM,IAAI,MAAM,6CAA6C;KAE/D,MAAM,UAAU,MAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;MACjD;MACA,SAAS;OAAE,IAAI;OAAO;OAAQ;MACrB;MACT,oBAAoB,OAAO,WAAW;MACtC,oBAAoB;MACrB,CAAC;AACF,MAAC,CAAE,SAAS,QAAS;eACZ,SAAS,UAAU;AAC5B,SAAI,WAAW,OACb,OAAM,IAAI,MAAM,6CAA6C;KAE/D,MAAM,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;MAChD;MACA,SAAS;OAAE,IAAI;OAAO;OAAQ;MAC/B,CAAC;AACF,SAAI,cAAc,KAChB,OAAM,IAAI,MAAM,sBAAsB;AAExC,MAAC,CAAE,SAAS,QAAS;eACZ,SAAS,SAAS;AAC3B,SAAI,CAAC,OAAO,MACV,OAAM,IAAI,MAAM,qCAAqC,WAAW;KAElE,MAAM,EAAE,uBAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;MAClD;MACA,SAAS,EAAE,IAAI,OAAO;MACvB,CAAC;AACF,YAAO,MAAM,IAAI,KAAK,SAAS,OAAO,KAAK,OAAO,OAA6B;MAC7E,WAAWA,UAAQ;MACnB;MACD,CAAC;eACO,SAAS,sBAAsB;AACxC,SAAI,CAAC,OAAO,MACV,OAAM,IAAI,MAAM,qCAAqC,WAAW;AAElE,SAAI,OAAO,gBAAgB,OACzB,OAAM,IAAI,MACR,4DACD;KAEH,MAAM,SAAS,MAAM,IAAI,KAAK,SAAS,OACrC,KACA,OAAO,OACP,EAAE,QAAQ,CACX;AACD,SAAI,WAAW,KACb,OAAM,IAAI,MAAM,eAAe;KAEjC,MAAM,EAAE,QAAQ,cAAc;KAC9B,MAAMC,WAAS,OAAO;AACtB,WAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;MACjC;MACA,SAAS;OAAE,IAAI;OAAO;OAAQ;MAC/B,CAAC;AACF,WAAM,IAAI,KAAK,QAAQ,WAAW,KAAK;MAAE;MAAQ,QAAQ,CAAC,UAAU;MAAE,CAAC;AACvE,YAAO;MAAE;MAAQ;MAAW;eACnB,SAAS,sBAAsB;AACxC,SAAI,CAAC,OAAO,OACV,OAAM,IAAI,MACR,yCAAyC,WAC1C;KAEH,MAAM,EAAE,uBAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;MAClD;MACA,SAAS,EAAE,IAAI,OAAO;MACvB,CAAC;AACF,YAAO,MAAM,IAAI,KAAK,SAAS,OAAO,KAAK,OAAO,QAA8B;MAC9E,WAAWD,UAAQ;MACnB;MACD,CAAC;UAEF,OAAM,IAAI,MACR,+HAGD;AAEH,QAAI,OAAO,UAAU,CAAC,QAAQ,cAC5B,QAAO,MAAM,IAAI,KAAK,SAAS,OAAO,KAAK,OAAO,QAA8B;KAC9E,WAAW,QAAQ;KACnB;KACD,CAAC;AAEJ,WAAO,EAAE,QAAQ,KAAK,KAAK;;GAE7B,QAAQ,OAAO,UAAU;IACvB,MAAM,WAAW,UAAkB;AACjC,YAAO,MAAM,IAAI,QAAQ,CAAC,KAAK,SAAS;;IAE1C,MAAM,aAAa,UAAkB,MAAc;AACjD,YAAO,MAAM,IAAI,QAAQ,CAAC,OAAO,MAAM,SAAS;;IAEnD;GACD,gBAAgB,CACd,OAAO,OACP,OAAO,OACR;GACD,GAAG;GACJ,CAAC,CAAC,iBAAiB;;;;;;AAWxB,SAAwB,SACtB,SAAoC,EAAE,EACb;AACzB,QAAO,IAAI,SAAS,OAAO,CAAC,iBAAiB;;AAO/C,SAAS,oCAAoC,UAAkB;AAC7D,KAAI,CAAC,YAAY,SAAS,SAAS,EACjC,OAAM,IAAI,MAAM,mBAAmB;;AAIvC,SAAS,eAAe,QAAiC;AACvD,QAAO,EACL,OAAO,OAAO,OACf"}
|
|
1
|
+
{"version":3,"file":"password.js","names":[],"sources":["../../src/providers/password.ts"],"sourcesContent":["/**\n * Configure {@link Password} provider for email/password authentication.\n *\n * The `Password` provider supports the following flows, determined\n * by the `flow` parameter:\n *\n * - `\"signUp\"`: Create a new account with a password.\n * - `\"signIn\"`: Sign in with an existing account and password.\n * - `\"reset\"`: Request a password reset.\n * - `\"reset-verification\"`: Verify a password reset code and change password.\n * - `\"email-verification\"`: If email verification is enabled and `code` is\n * included in params, verify an OTP.\n *\n * ```ts\n * import { Password } from \"@robelest/convex-auth/providers\";\n *\n * new Password()\n * ```\n *\n * @module\n */\n\nimport { scryptAsync } from \"@noble/hashes/scrypt.js\";\nimport { bytesToHex } from \"@noble/hashes/utils.js\";\nimport { Fx } from \"@robelest/fx\";\nimport {\n DocumentByName,\n GenericDataModel,\n WithoutSystemFields,\n} from \"convex/server\";\nimport { Value } from \"convex/values\";\n\nimport type {\n EmailConfig,\n GenericActionCtxWithAuthConfig,\n GenericDoc,\n AuthProviderConfig,\n ConvexCredentialsConfig,\n} from \"../server/types\";\nimport { Credentials, type CredentialsConfig } from \"./credentials\";\n\n/**\n * The available options to a {@link Password} provider for Convex Auth.\n */\nexport interface PasswordConfig<DataModel extends GenericDataModel> {\n /**\n * Uniquely identifies the provider, allowing to use\n * multiple different {@link Password} providers.\n */\n id?: string;\n /**\n * Perform checks on provided params and customize the user\n * information stored after sign up, including email normalization.\n *\n * Called for every flow (\"signUp\", \"signIn\", \"reset\",\n * \"reset-verification\" and \"email-verification\").\n */\n profile?: (\n /**\n * The values passed to the `signIn` function.\n */\n params: Record<string, Value | undefined>,\n /**\n * Convex ActionCtx in case you want to read from or write to\n * the database.\n */\n ctx: GenericActionCtxWithAuthConfig<DataModel>,\n ) => WithoutSystemFields<DocumentByName<DataModel, \"User\">> & {\n email: string;\n };\n /**\n * Performs custom validation on password provided during sign up or reset.\n *\n * Otherwise the default validation is used (password is not empty and\n * at least 8 characters in length).\n *\n * If the provided password is invalid, implementations must throw an Error.\n *\n * @param password the password supplied during \"signUp\" or\n * \"reset-verification\" flows.\n */\n validatePasswordRequirements?: (password: string) => void;\n /**\n * Provide hashing and verification functions if you want to control\n * how passwords are hashed.\n */\n crypto?: CredentialsConfig[\"crypto\"];\n /**\n * An email provider used to require verification\n * before password reset.\n */\n reset?: EmailConfig | ((...args: any) => EmailConfig);\n /**\n * An email provider used to require verification\n * before sign up / sign in.\n */\n verify?: EmailConfig | ((...args: any) => EmailConfig);\n}\n\ntype PasswordFlowDispatch =\n | { tag: \"signUp\" }\n | { tag: \"signIn\" }\n | { tag: \"reset\" }\n | { tag: \"resetVerification\" }\n | { tag: \"emailVerification\" }\n | { tag: \"invalid\"; flow: unknown };\n\nconst PASSWORD_FLOW_TAG = {\n signUp: \"signUp\",\n signIn: \"signIn\",\n reset: \"reset\",\n \"reset-verification\": \"resetVerification\",\n \"email-verification\": \"emailVerification\",\n} as const;\n\ntype PasswordFlowInput = keyof typeof PASSWORD_FLOW_TAG;\n\nfunction decodePasswordFlow(flow: unknown): PasswordFlowDispatch {\n if (typeof flow !== \"string\") {\n return { tag: \"invalid\", flow };\n }\n\n const tag = PASSWORD_FLOW_TAG[flow as PasswordFlowInput];\n return tag === undefined ? { tag: \"invalid\", flow } : { tag };\n}\n\n/**\n * Email and password authentication provider.\n *\n * Passwords are by default hashed using scrypt.\n * You can customize the hashing via the `crypto` option.\n *\n * Email verification is not required unless you pass\n * an email provider to the `verify` option.\n *\n * @example\n * ```ts\n * import { Password } from \"@robelest/convex-auth/providers\";\n *\n * new Password()\n * new Password({ verify: myEmailProvider })\n * ```\n */\nexport class Password<DataModel extends GenericDataModel = GenericDataModel> {\n readonly id: string;\n readonly type = \"credentials\" as const;\n readonly config: PasswordConfig<DataModel>;\n\n constructor(\n config: PasswordConfig<DataModel> = {} as PasswordConfig<DataModel>,\n ) {\n this.id = config.id ?? \"password\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): ConvexCredentialsConfig {\n const config = this.config;\n const provider = this.id;\n\n return new Credentials<DataModel>({\n id: \"password\",\n authorize: async (params, ctx) => {\n const flowDispatch = decodePasswordFlow(params.flow);\n\n const validatePasswordRequirements = (password: string) => {\n if (config.validatePasswordRequirements !== undefined) {\n config.validatePasswordRequirements(password);\n return;\n }\n validateDefaultPasswordRequirements(password);\n };\n\n await Fx.run(\n Fx.match(flowDispatch, flowDispatch.tag, {\n signUp: () =>\n Fx.sync(() => {\n validatePasswordRequirements(params.password as string);\n }),\n resetVerification: () =>\n Fx.sync(() => {\n validatePasswordRequirements(params.newPassword as string);\n }),\n signIn: () => Fx.succeed(undefined),\n reset: () => Fx.succeed(undefined),\n emailVerification: () => Fx.succeed(undefined),\n invalid: () => Fx.succeed(undefined),\n }),\n );\n\n const profile = config.profile?.(params, ctx) ?? defaultProfile(params);\n const { email } = profile;\n const requirePasswordParam = (\n value: unknown,\n flow: \"signUp\" | \"signIn\",\n ) => {\n if (typeof value !== \"string\" || value.length === 0) {\n throw new Error(`Missing \\`password\\` param for \\`${flow}\\` flow`);\n }\n return value;\n };\n\n const finalizeCredentialsResult = async (\n account: GenericDoc<DataModel, \"Account\">,\n user: GenericDoc<DataModel, \"User\">,\n ) => {\n if (config.verify && !account.emailVerified) {\n return await ctx.auth.provider.signIn(\n ctx,\n config.verify as AuthProviderConfig,\n {\n accountId: account._id,\n params,\n },\n );\n }\n return { userId: user._id };\n };\n\n return await Fx.run(\n Fx.match(flowDispatch, flowDispatch.tag, {\n signUp: () =>\n Fx.from({\n ok: async () => {\n const secret = requirePasswordParam(\n params.password,\n \"signUp\",\n );\n const created = await ctx.auth.account.create(ctx, {\n provider,\n account: { id: email, secret },\n profile: profile as any,\n shouldLinkViaEmail: config.verify !== undefined,\n shouldLinkViaPhone: false,\n });\n return await finalizeCredentialsResult(\n created.account,\n created.user,\n );\n },\n err: (e) => e as never,\n }),\n signIn: () =>\n Fx.from({\n ok: async () => {\n const secret = requirePasswordParam(\n params.password,\n \"signIn\",\n );\n const retrieved = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email, secret },\n });\n if (retrieved === null) {\n throw new Error(\"Invalid credentials\");\n }\n return await finalizeCredentialsResult(\n retrieved.account,\n retrieved.user,\n );\n },\n err: (e) => e as never,\n }),\n reset: () =>\n Fx.from({\n ok: async () => {\n if (!config.reset) {\n throw new Error(\n `Password reset is not enabled for ${provider}`,\n );\n }\n const { account } = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email },\n });\n return await ctx.auth.provider.signIn(\n ctx,\n config.reset as AuthProviderConfig,\n {\n accountId: account._id,\n params,\n },\n );\n },\n err: (e) => e as never,\n }),\n resetVerification: () =>\n Fx.from({\n ok: async () => {\n if (!config.reset) {\n throw new Error(\n `Password reset is not enabled for ${provider}`,\n );\n }\n if (params.newPassword === undefined) {\n throw new Error(\n \"Missing `newPassword` param for `reset-verification` flow\",\n );\n }\n const result = await ctx.auth.provider.signIn(\n ctx,\n config.reset as AuthProviderConfig,\n { params },\n );\n if (result === null) {\n throw new Error(\"Invalid code\");\n }\n const { userId, sessionId } = result;\n const secret = params.newPassword as string;\n await ctx.auth.account.update(ctx, {\n provider,\n account: { id: email, secret },\n });\n await ctx.auth.session.invalidate(ctx, {\n userId,\n except: [sessionId],\n });\n return { userId, sessionId };\n },\n err: (e) => e as never,\n }),\n emailVerification: () =>\n Fx.from({\n ok: async () => {\n if (!config.verify) {\n throw new Error(\n `Email verification is not enabled for ${provider}`,\n );\n }\n const { account } = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email },\n });\n return await ctx.auth.provider.signIn(\n ctx,\n config.verify as AuthProviderConfig,\n {\n accountId: account._id,\n params,\n },\n );\n },\n err: (e) => e as never,\n }),\n invalid: () =>\n Fx.fatal(\n new Error(\n \"Missing `flow` param, it must be one of \" +\n '\"signUp\", \"signIn\", \"reset\", \"reset-verification\" or ' +\n '\"email-verification\"!',\n ),\n ),\n }),\n );\n },\n crypto: config.crypto ?? {\n async hashSecret(password: string) {\n return await hashPassword(password);\n },\n async verifySecret(password: string, hash: string) {\n return await verifyPassword(password, hash);\n },\n },\n extraProviders: [\n config.reset as AuthProviderConfig | undefined,\n config.verify as AuthProviderConfig | undefined,\n ],\n ...config,\n })._toMaterialized();\n }\n}\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\nfunction validateDefaultPasswordRequirements(password: string) {\n if (!password || password.length < 8) {\n throw new Error(\"Invalid password\");\n }\n}\n\nfunction defaultProfile(params: Record<string, unknown>) {\n const email = params.email;\n if (typeof email !== \"string\" || email.trim().length === 0) {\n throw new Error(\"Missing `email` param\");\n }\n return {\n email,\n };\n}\n\nconst PASSWORD_HASH_PARAMS = {\n N: 16384,\n r: 16,\n p: 1,\n dkLen: 64,\n} as const;\n\nconst PASSWORD_HASH_PREFIX = `scrypt:N=${PASSWORD_HASH_PARAMS.N},r=${PASSWORD_HASH_PARAMS.r},p=${PASSWORD_HASH_PARAMS.p},dkLen=${PASSWORD_HASH_PARAMS.dkLen}`;\n\nasync function hashPassword(password: string) {\n const salt = crypto.getRandomValues(new Uint8Array(32));\n const hash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);\n return `${PASSWORD_HASH_PREFIX}$${bytesToHex(salt)}$${bytesToHex(hash)}`;\n}\n\nasync function verifyPassword(password: string, storedHash: string) {\n const [prefix, saltHex, hashHex] = storedHash.split(\"$\");\n if (\n prefix !== PASSWORD_HASH_PREFIX ||\n saltHex === undefined ||\n hashHex === undefined\n ) {\n return false;\n }\n\n let salt: Uint8Array;\n let expectedHash: Uint8Array;\n try {\n salt = hexToBytes(saltHex);\n expectedHash = hexToBytes(hashHex);\n } catch {\n return false;\n }\n if (\n salt.length !== 32 ||\n expectedHash.length !== PASSWORD_HASH_PARAMS.dkLen\n ) {\n return false;\n }\n\n const actualHash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);\n return constantTimeEqual(actualHash, expectedHash);\n}\n\nfunction hexToBytes(hex: string) {\n if (hex.length % 2 !== 0) {\n throw new Error(\"Invalid password hash\");\n }\n const bytes = new Uint8Array(hex.length / 2);\n for (let i = 0; i < bytes.length; i++) {\n const start = i * 2;\n const value = Number.parseInt(hex.slice(start, start + 2), 16);\n if (Number.isNaN(value)) {\n throw new Error(\"Invalid password hash\");\n }\n bytes[i] = value;\n }\n return bytes;\n}\n\nfunction constantTimeEqual(left: Uint8Array, right: Uint8Array) {\n if (left.length !== right.length) {\n return false;\n }\n let diff = 0;\n for (let i = 0; i < left.length; i++) {\n diff |= left[i] ^ right[i];\n }\n return diff === 0;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA2GA,MAAM,oBAAoB;CACxB,QAAQ;CACR,QAAQ;CACR,OAAO;CACP,sBAAsB;CACtB,sBAAsB;CACvB;AAID,SAAS,mBAAmB,MAAqC;AAC/D,KAAI,OAAO,SAAS,SAClB,QAAO;EAAE,KAAK;EAAW;EAAM;CAGjC,MAAM,MAAM,kBAAkB;AAC9B,QAAO,QAAQ,SAAY;EAAE,KAAK;EAAW;EAAM,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;;AAoB/D,IAAa,WAAb,MAA6E;CAC3E,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YACE,SAAoC,EAAE,EACtC;AACA,OAAK,KAAK,OAAO,MAAM;AACvB,OAAK,SAAS;;;CAIhB,kBAA2C;EACzC,MAAM,SAAS,KAAK;EACpB,MAAM,WAAW,KAAK;AAEtB,SAAO,IAAI,YAAuB;GAChC,IAAI;GACJ,WAAW,OAAO,QAAQ,QAAQ;IAChC,MAAM,eAAe,mBAAmB,OAAO,KAAK;IAEpD,MAAM,gCAAgC,aAAqB;AACzD,SAAI,OAAO,iCAAiC,QAAW;AACrD,aAAO,6BAA6B,SAAS;AAC7C;;AAEF,yCAAoC,SAAS;;AAG/C,UAAM,GAAG,IACP,GAAG,MAAM,cAAc,aAAa,KAAK;KACvC,cACE,GAAG,WAAW;AACZ,mCAA6B,OAAO,SAAmB;OACvD;KACJ,yBACE,GAAG,WAAW;AACZ,mCAA6B,OAAO,YAAsB;OAC1D;KACJ,cAAc,GAAG,QAAQ,OAAU;KACnC,aAAa,GAAG,QAAQ,OAAU;KAClC,yBAAyB,GAAG,QAAQ,OAAU;KAC9C,eAAe,GAAG,QAAQ,OAAU;KACrC,CAAC,CACH;IAED,MAAM,UAAU,OAAO,UAAU,QAAQ,IAAI,IAAI,eAAe,OAAO;IACvE,MAAM,EAAE,UAAU;IAClB,MAAM,wBACJ,OACA,SACG;AACH,SAAI,OAAO,UAAU,YAAY,MAAM,WAAW,EAChD,OAAM,IAAI,MAAM,oCAAoC,KAAK,SAAS;AAEpE,YAAO;;IAGT,MAAM,4BAA4B,OAChC,SACA,SACG;AACH,SAAI,OAAO,UAAU,CAAC,QAAQ,cAC5B,QAAO,MAAM,IAAI,KAAK,SAAS,OAC7B,KACA,OAAO,QACP;MACE,WAAW,QAAQ;MACnB;MACD,CACF;AAEH,YAAO,EAAE,QAAQ,KAAK,KAAK;;AAG7B,WAAO,MAAM,GAAG,IACd,GAAG,MAAM,cAAc,aAAa,KAAK;KACvC,cACE,GAAG,KAAK;MACN,IAAI,YAAY;OACd,MAAM,SAAS,qBACb,OAAO,UACP,SACD;OACD,MAAM,UAAU,MAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;QACjD;QACA,SAAS;SAAE,IAAI;SAAO;SAAQ;QACrB;QACT,oBAAoB,OAAO,WAAW;QACtC,oBAAoB;QACrB,CAAC;AACF,cAAO,MAAM,0BACX,QAAQ,SACR,QAAQ,KACT;;MAEH,MAAM,MAAM;MACb,CAAC;KACJ,cACE,GAAG,KAAK;MACN,IAAI,YAAY;OACd,MAAM,SAAS,qBACb,OAAO,UACP,SACD;OACD,MAAM,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;QAChD;QACA,SAAS;SAAE,IAAI;SAAO;SAAQ;QAC/B,CAAC;AACF,WAAI,cAAc,KAChB,OAAM,IAAI,MAAM,sBAAsB;AAExC,cAAO,MAAM,0BACX,UAAU,SACV,UAAU,KACX;;MAEH,MAAM,MAAM;MACb,CAAC;KACJ,aACE,GAAG,KAAK;MACN,IAAI,YAAY;AACd,WAAI,CAAC,OAAO,MACV,OAAM,IAAI,MACR,qCAAqC,WACtC;OAEH,MAAM,EAAE,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;QAClD;QACA,SAAS,EAAE,IAAI,OAAO;QACvB,CAAC;AACF,cAAO,MAAM,IAAI,KAAK,SAAS,OAC7B,KACA,OAAO,OACP;QACE,WAAW,QAAQ;QACnB;QACD,CACF;;MAEH,MAAM,MAAM;MACb,CAAC;KACJ,yBACE,GAAG,KAAK;MACN,IAAI,YAAY;AACd,WAAI,CAAC,OAAO,MACV,OAAM,IAAI,MACR,qCAAqC,WACtC;AAEH,WAAI,OAAO,gBAAgB,OACzB,OAAM,IAAI,MACR,4DACD;OAEH,MAAM,SAAS,MAAM,IAAI,KAAK,SAAS,OACrC,KACA,OAAO,OACP,EAAE,QAAQ,CACX;AACD,WAAI,WAAW,KACb,OAAM,IAAI,MAAM,eAAe;OAEjC,MAAM,EAAE,QAAQ,cAAc;OAC9B,MAAM,SAAS,OAAO;AACtB,aAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;QACjC;QACA,SAAS;SAAE,IAAI;SAAO;SAAQ;QAC/B,CAAC;AACF,aAAM,IAAI,KAAK,QAAQ,WAAW,KAAK;QACrC;QACA,QAAQ,CAAC,UAAU;QACpB,CAAC;AACF,cAAO;QAAE;QAAQ;QAAW;;MAE9B,MAAM,MAAM;MACb,CAAC;KACJ,yBACE,GAAG,KAAK;MACN,IAAI,YAAY;AACd,WAAI,CAAC,OAAO,OACV,OAAM,IAAI,MACR,yCAAyC,WAC1C;OAEH,MAAM,EAAE,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;QAClD;QACA,SAAS,EAAE,IAAI,OAAO;QACvB,CAAC;AACF,cAAO,MAAM,IAAI,KAAK,SAAS,OAC7B,KACA,OAAO,QACP;QACE,WAAW,QAAQ;QACnB;QACD,CACF;;MAEH,MAAM,MAAM;MACb,CAAC;KACJ,eACE,GAAG,sBACD,IAAI,MACF,+HAGD,CACF;KACJ,CAAC,CACH;;GAEH,QAAQ,OAAO,UAAU;IACvB,MAAM,WAAW,UAAkB;AACjC,YAAO,MAAM,aAAa,SAAS;;IAErC,MAAM,aAAa,UAAkB,MAAc;AACjD,YAAO,MAAM,eAAe,UAAU,KAAK;;IAE9C;GACD,gBAAgB,CACd,OAAO,OACP,OAAO,OACR;GACD,GAAG;GACJ,CAAC,CAAC,iBAAiB;;;AAQxB,SAAS,oCAAoC,UAAkB;AAC7D,KAAI,CAAC,YAAY,SAAS,SAAS,EACjC,OAAM,IAAI,MAAM,mBAAmB;;AAIvC,SAAS,eAAe,QAAiC;CACvD,MAAM,QAAQ,OAAO;AACrB,KAAI,OAAO,UAAU,YAAY,MAAM,MAAM,CAAC,WAAW,EACvD,OAAM,IAAI,MAAM,wBAAwB;AAE1C,QAAO,EACL,OACD;;AAGH,MAAM,uBAAuB;CAC3B,GAAG;CACH,GAAG;CACH,GAAG;CACH,OAAO;CACR;AAED,MAAM,uBAAuB,YAAY,qBAAqB,EAAE,KAAK,qBAAqB,EAAE,KAAK,qBAAqB,EAAE,SAAS,qBAAqB;AAEtJ,eAAe,aAAa,UAAkB;CAC5C,MAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC;CACvD,MAAM,OAAO,MAAM,YAAY,UAAU,MAAM,qBAAqB;AACpE,QAAO,GAAG,qBAAqB,GAAG,WAAW,KAAK,CAAC,GAAG,WAAW,KAAK;;AAGxE,eAAe,eAAe,UAAkB,YAAoB;CAClE,MAAM,CAAC,QAAQ,SAAS,WAAW,WAAW,MAAM,IAAI;AACxD,KACE,WAAW,wBACX,YAAY,UACZ,YAAY,OAEZ,QAAO;CAGT,IAAI;CACJ,IAAI;AACJ,KAAI;AACF,SAAO,WAAW,QAAQ;AAC1B,iBAAe,WAAW,QAAQ;SAC5B;AACN,SAAO;;AAET,KACE,KAAK,WAAW,MAChB,aAAa,WAAW,qBAAqB,MAE7C,QAAO;AAIT,QAAO,kBADY,MAAM,YAAY,UAAU,MAAM,qBAAqB,EACrC,aAAa;;AAGpD,SAAS,WAAW,KAAa;AAC/B,KAAI,IAAI,SAAS,MAAM,EACrB,OAAM,IAAI,MAAM,wBAAwB;CAE1C,MAAM,QAAQ,IAAI,WAAW,IAAI,SAAS,EAAE;AAC5C,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,QAAQ,IAAI;EAClB,MAAM,QAAQ,OAAO,SAAS,IAAI,MAAM,OAAO,QAAQ,EAAE,EAAE,GAAG;AAC9D,MAAI,OAAO,MAAM,MAAM,CACrB,OAAM,IAAI,MAAM,wBAAwB;AAE1C,QAAM,KAAK;;AAEb,QAAO;;AAGT,SAAS,kBAAkB,MAAkB,OAAmB;AAC9D,KAAI,KAAK,WAAW,MAAM,OACxB,QAAO;CAET,IAAI,OAAO;AACX,MAAK,IAAI,IAAI,GAAG,IAAI,KAAK,QAAQ,IAC/B,SAAQ,KAAK,KAAK,MAAM;AAE1B,QAAO,SAAS"}
|
|
@@ -1,19 +1,48 @@
|
|
|
1
|
-
import { PhoneConfig
|
|
2
|
-
import { GenericDataModel } from "convex/server";
|
|
1
|
+
import { PhoneConfig } from "../server/types.js";
|
|
3
2
|
|
|
4
3
|
//#region src/providers/phone.d.ts
|
|
5
4
|
/**
|
|
6
|
-
*
|
|
7
|
-
* for sign-in.
|
|
5
|
+
* User-facing configuration for the {@link Phone} provider.
|
|
8
6
|
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
11
|
-
|
|
7
|
+
* Use this to send SMS or other phone-based verification messages during
|
|
8
|
+
* sign-in.
|
|
9
|
+
*/
|
|
10
|
+
interface PhoneProviderConfig {
|
|
11
|
+
/** Send the verification code to the user's phone. */
|
|
12
|
+
send: PhoneConfig["sendVerificationRequest"];
|
|
13
|
+
/** Provider ID override. Defaults to "phone". */
|
|
14
|
+
id?: string;
|
|
15
|
+
/** Token expiration in seconds. Defaults to 1200 (20 minutes). */
|
|
16
|
+
maxAge?: number;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Phone provider for SMS or phone-number verification flows.
|
|
20
|
+
*
|
|
21
|
+
* Wraps your `send()` implementation and materializes the runtime behavior
|
|
22
|
+
* Convex Auth needs for short-code or magic-link-style phone verification.
|
|
23
|
+
*
|
|
24
|
+
* @example
|
|
25
|
+
* ```ts
|
|
26
|
+
* import { Phone } from "@robelest/convex-auth/providers";
|
|
12
27
|
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
28
|
+
* const phone = new Phone({
|
|
29
|
+
* send: async ({ identifier, token }) => {
|
|
30
|
+
* await sms.send({ to: identifier, body: `Your sign-in code is ${token}` });
|
|
31
|
+
* },
|
|
32
|
+
* });
|
|
33
|
+
* ```
|
|
15
34
|
*/
|
|
16
|
-
declare
|
|
35
|
+
declare class Phone {
|
|
36
|
+
readonly config: PhoneProviderConfig;
|
|
37
|
+
readonly id: string;
|
|
38
|
+
readonly type: "phone";
|
|
39
|
+
/**
|
|
40
|
+
* Create a phone provider instance.
|
|
41
|
+
*
|
|
42
|
+
* @param config - Phone delivery and provider settings.
|
|
43
|
+
*/
|
|
44
|
+
constructor(config: PhoneProviderConfig);
|
|
45
|
+
}
|
|
17
46
|
//#endregion
|
|
18
|
-
export {
|
|
47
|
+
export { Phone, PhoneProviderConfig };
|
|
19
48
|
//# sourceMappingURL=phone.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"phone.d.ts","names":[],"sources":["../../src/providers/phone.ts"],"mappings":"
|
|
1
|
+
{"version":3,"file":"phone.d.ts","names":[],"sources":["../../src/providers/phone.ts"],"mappings":";;;;;;;;;UAgBiB,mBAAA;EA0BJ;EAxBX,IAAA,EAAM,WAAA;;EAEN,EAAA;EA+B4B;EA7B5B,MAAA;AAAA;;;;;;;;;;;;;;;;;;cAoBW,KAAA;EAAA,SASiB,MAAA,EAAQ,mBAAA;EAAA,SAR3B,EAAA;EAAA,SACA,IAAA;;;;;;cAOmB,MAAA,EAAQ,mBAAA;AAAA"}
|
package/dist/providers/phone.js
CHANGED
|
@@ -1,29 +1,60 @@
|
|
|
1
|
+
import { Fx } from "@robelest/fx";
|
|
2
|
+
|
|
1
3
|
//#region src/providers/phone.ts
|
|
2
4
|
/**
|
|
3
|
-
* Phone
|
|
4
|
-
*
|
|
5
|
+
* Phone / SMS authentication provider.
|
|
6
|
+
*
|
|
7
|
+
* @module
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Phone provider for SMS or phone-number verification flows.
|
|
11
|
+
*
|
|
12
|
+
* Wraps your `send()` implementation and materializes the runtime behavior
|
|
13
|
+
* Convex Auth needs for short-code or magic-link-style phone verification.
|
|
5
14
|
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
15
|
+
* @example
|
|
16
|
+
* ```ts
|
|
17
|
+
* import { Phone } from "@robelest/convex-auth/providers";
|
|
9
18
|
*
|
|
10
|
-
*
|
|
11
|
-
*
|
|
19
|
+
* const phone = new Phone({
|
|
20
|
+
* send: async ({ identifier, token }) => {
|
|
21
|
+
* await sms.send({ to: identifier, body: `Your sign-in code is ${token}` });
|
|
22
|
+
* },
|
|
23
|
+
* });
|
|
24
|
+
* ```
|
|
12
25
|
*/
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
+
var Phone = class {
|
|
27
|
+
id;
|
|
28
|
+
type = "phone";
|
|
29
|
+
/**
|
|
30
|
+
* Create a phone provider instance.
|
|
31
|
+
*
|
|
32
|
+
* @param config - Phone delivery and provider settings.
|
|
33
|
+
*/
|
|
34
|
+
constructor(config) {
|
|
35
|
+
this.config = config;
|
|
36
|
+
this.id = config.id ?? "phone";
|
|
37
|
+
}
|
|
38
|
+
/** @internal */
|
|
39
|
+
_toMaterialized() {
|
|
40
|
+
return {
|
|
41
|
+
id: this.id,
|
|
42
|
+
type: "phone",
|
|
43
|
+
maxAge: this.config.maxAge ?? 1200,
|
|
44
|
+
authorize: async (params, account) => {
|
|
45
|
+
const dispatch = typeof params.phone !== "string" ? { tag: "missingPhone" } : account.providerAccountId !== params.phone ? { tag: "mismatch" } : { tag: "ok" };
|
|
46
|
+
return await Fx.run(Fx.match(dispatch, dispatch.tag, {
|
|
47
|
+
missingPhone: () => Fx.fatal(/* @__PURE__ */ new Error("Token verification requires a `phone` in params of `signIn`.")),
|
|
48
|
+
mismatch: () => Fx.fatal(/* @__PURE__ */ new Error("Short verification code requires a matching `phone` in params of `signIn`.")),
|
|
49
|
+
ok: () => Fx.succeed(void 0)
|
|
50
|
+
}));
|
|
51
|
+
},
|
|
52
|
+
sendVerificationRequest: this.config.send,
|
|
53
|
+
options: {}
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
};
|
|
26
57
|
|
|
27
58
|
//#endregion
|
|
28
|
-
export {
|
|
59
|
+
export { Phone };
|
|
29
60
|
//# sourceMappingURL=phone.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"phone.js","names":[],"sources":["../../src/providers/phone.ts"],"sourcesContent":["/**\n *
|
|
1
|
+
{"version":3,"file":"phone.js","names":[],"sources":["../../src/providers/phone.ts"],"sourcesContent":["/**\n * Phone / SMS authentication provider.\n *\n * @module\n */\n\nimport { Fx } from \"@robelest/fx\";\n\nimport type { PhoneConfig } from \"../server/types\";\n\n/**\n * User-facing configuration for the {@link Phone} provider.\n *\n * Use this to send SMS or other phone-based verification messages during\n * sign-in.\n */\nexport interface PhoneProviderConfig {\n /** Send the verification code to the user's phone. */\n send: PhoneConfig[\"sendVerificationRequest\"];\n /** Provider ID override. Defaults to \"phone\". */\n id?: string;\n /** Token expiration in seconds. Defaults to 1200 (20 minutes). */\n maxAge?: number;\n}\n\n/**\n * Phone provider for SMS or phone-number verification flows.\n *\n * Wraps your `send()` implementation and materializes the runtime behavior\n * Convex Auth needs for short-code or magic-link-style phone verification.\n *\n * @example\n * ```ts\n * import { Phone } from \"@robelest/convex-auth/providers\";\n *\n * const phone = new Phone({\n * send: async ({ identifier, token }) => {\n * await sms.send({ to: identifier, body: `Your sign-in code is ${token}` });\n * },\n * });\n * ```\n */\nexport class Phone {\n readonly id: string;\n readonly type = \"phone\" as const;\n\n /**\n * Create a phone provider instance.\n *\n * @param config - Phone delivery and provider settings.\n */\n constructor(public readonly config: PhoneProviderConfig) {\n this.id = config.id ?? \"phone\";\n }\n\n /** @internal */\n _toMaterialized(): PhoneConfig {\n return {\n id: this.id,\n type: \"phone\",\n maxAge: this.config.maxAge ?? 60 * 20,\n authorize: async (params, account) => {\n const dispatch =\n typeof params.phone !== \"string\"\n ? ({ tag: \"missingPhone\" } as const)\n : account.providerAccountId !== params.phone\n ? ({ tag: \"mismatch\" } as const)\n : ({ tag: \"ok\" } as const);\n\n return await Fx.run(\n Fx.match(dispatch, dispatch.tag, {\n missingPhone: () =>\n Fx.fatal(\n new Error(\n \"Token verification requires a `phone` in params of `signIn`.\",\n ),\n ),\n mismatch: () =>\n Fx.fatal(\n new Error(\n \"Short verification code requires a matching `phone` \" +\n \"in params of `signIn`.\",\n ),\n ),\n ok: () => Fx.succeed(undefined),\n }),\n );\n },\n sendVerificationRequest: this.config.send,\n options: {} as any,\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA0CA,IAAa,QAAb,MAAmB;CACjB,AAAS;CACT,AAAS,OAAO;;;;;;CAOhB,YAAY,AAAgB,QAA6B;EAA7B;AAC1B,OAAK,KAAK,OAAO,MAAM;;;CAIzB,kBAA+B;AAC7B,SAAO;GACL,IAAI,KAAK;GACT,MAAM;GACN,QAAQ,KAAK,OAAO,UAAU;GAC9B,WAAW,OAAO,QAAQ,YAAY;IACpC,MAAM,WACJ,OAAO,OAAO,UAAU,WACnB,EAAE,KAAK,gBAAgB,GACxB,QAAQ,sBAAsB,OAAO,QAClC,EAAE,KAAK,YAAY,GACnB,EAAE,KAAK,MAAM;AAEtB,WAAO,MAAM,GAAG,IACd,GAAG,MAAM,UAAU,SAAS,KAAK;KAC/B,oBACE,GAAG,sBACD,IAAI,MACF,+DACD,CACF;KACH,gBACE,GAAG,sBACD,IAAI,MACF,6EAED,CACF;KACH,UAAU,GAAG,QAAQ,OAAU;KAChC,CAAC,CACH;;GAEH,yBAAyB,KAAK,OAAO;GACrC,SAAS,EAAE;GACZ"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
//#region src/providers/sso.d.ts
|
|
2
|
+
/**
|
|
3
|
+
* Enterprise SSO provider (OIDC + SAML + SCIM).
|
|
4
|
+
*
|
|
5
|
+
* Adding `new SSO()` to your providers list enables enterprise SSO
|
|
6
|
+
* sign-in flows and registers the OIDC, SAML, and SCIM runtime HTTP
|
|
7
|
+
* routes. It also makes `auth.sso.*` available on the auth
|
|
8
|
+
* object returned by `createAuth`.
|
|
9
|
+
*
|
|
10
|
+
* ```ts
|
|
11
|
+
* import { SSO } from "@robelest/convex-auth/providers";
|
|
12
|
+
*
|
|
13
|
+
* const auth = createAuth(components.auth, {
|
|
14
|
+
* providers: [new SSO(), new Password()],
|
|
15
|
+
* });
|
|
16
|
+
*
|
|
17
|
+
* // auth.sso is now available
|
|
18
|
+
* await auth.sso.admin.oidc.configure(ctx, { enterpriseId, clientId, ... });
|
|
19
|
+
* ```
|
|
20
|
+
*
|
|
21
|
+
* Without `new SSO()` in the providers list, `auth.sso` is not
|
|
22
|
+
* present on the returned object and accessing it is a TypeScript error.
|
|
23
|
+
*
|
|
24
|
+
* @module
|
|
25
|
+
*/
|
|
26
|
+
/**
|
|
27
|
+
* Enterprise SSO provider.
|
|
28
|
+
*
|
|
29
|
+
* Zero-configuration — sensible defaults are applied for all enterprise
|
|
30
|
+
* protocols (OIDC, SAML, SCIM). Per-tenant configuration is done at
|
|
31
|
+
* runtime via `auth.sso.*` helpers.
|
|
32
|
+
*
|
|
33
|
+
* @example
|
|
34
|
+
* ```ts
|
|
35
|
+
* import { createAuth } from "@robelest/convex-auth/component";
|
|
36
|
+
* import { SSO, Password } from "@robelest/convex-auth/providers";
|
|
37
|
+
* import { components } from "./_generated/api";
|
|
38
|
+
*
|
|
39
|
+
* export const auth = createAuth(components.auth, {
|
|
40
|
+
* providers: [new SSO(), new Password()],
|
|
41
|
+
* });
|
|
42
|
+
* ```
|
|
43
|
+
*/
|
|
44
|
+
declare class SSO {
|
|
45
|
+
readonly id = "enterprise-sso";
|
|
46
|
+
readonly type: "sso";
|
|
47
|
+
}
|
|
48
|
+
//#endregion
|
|
49
|
+
export { SSO };
|
|
50
|
+
//# sourceMappingURL=sso.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sso.d.ts","names":[],"sources":["../../src/providers/sso.ts"],"mappings":";;AA6CA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAAa,GAAA;EAAA,SACF,EAAA;EAAA,SACA,IAAA;AAAA"}
|