@robelest/convex-auth 0.0.4-preview.20 → 0.0.4-preview.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{bin.cjs → bin.js} +331 -330
- package/dist/component/model.d.ts +9 -9
- package/dist/component/model.d.ts.map +1 -1
- package/dist/component/schema.d.ts +37 -37
- package/dist/component/server/auth.d.ts +71 -25
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +13 -27
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/runtime.d.ts +1 -1
- package/dist/server/auth.d.ts +70 -24
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +13 -27
- package/dist/server/auth.js.map +1 -1
- package/dist/server/http.d.ts +2 -2
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/index.d.ts +2 -2
- package/dist/server/mounts.d.ts +18 -18
- package/dist/server/mutations/account.d.ts +6 -6
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/code.d.ts +11 -11
- package/dist/server/mutations/invalidate.d.ts +4 -4
- package/dist/server/mutations/oauth.d.ts +9 -9
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/refresh.d.ts +3 -3
- package/dist/server/mutations/refresh.d.ts.map +1 -1
- package/dist/server/mutations/register.d.ts +2 -2
- package/dist/server/mutations/retrieve.d.ts +6 -6
- package/dist/server/mutations/signature.d.ts +4 -4
- package/dist/server/mutations/signature.d.ts.map +1 -1
- package/dist/server/mutations/signin.d.ts +5 -5
- package/dist/server/mutations/store.d.ts +83 -83
- package/dist/server/mutations/verify.d.ts +7 -7
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/runtime.d.ts +7 -7
- package/package.json +4 -4
- package/src/cli/index.ts +1 -1
- package/src/component/index.ts +1 -0
- package/src/server/auth.ts +103 -59
- package/src/server/index.ts +2 -0
package/dist/server/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","names":["AuthFactory"],"sources":["../../src/server/auth.ts"],"sourcesContent":["/**\n * Auth configuration helpers for Convex Auth.\n *\n * @module\n */\n\nimport type { UserIdentity } from \"convex/server\";\nimport type { GenericId } from \"convex/values\";\n\nimport type { AuthApiRefs } from \"../client/index\";\nimport { Auth as AuthFactory } from \"./runtime\";\nimport { Fx } from \"@robelest/fx\";\nimport { AuthError } from \"./authError\";\nimport type { Doc } from \"./types\";\nimport type {\n AuthAuthorizationConfig,\n AuthGrant,\n AuthProviderConfig,\n AuthRoleDefinition,\n AuthRoleId,\n ConvexAuthConfig,\n HasDeviceProvider,\n HasPasskeyProvider,\n HasSSO,\n HasTotpProvider,\n} from \"./types\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Config for auth setup. Extends the standard auth config\n * minus `component` (which is passed as the first constructor argument).\n */\nexport type AuthConfig = Omit<ConvexAuthConfig, \"component\">;\n\ntype MemberApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = Omit<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"],\n \"create\" | \"list\" | \"update\" | \"resolve\"\n> & {\n create: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"create\"]\n >[0],\n data: {\n groupId: string;\n userId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ) => Promise<{ ok: true; memberId: string }>;\n list: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]\n >[0],\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: AuthRoleId<TAuthorization>;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]>;\n update: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"update\"]\n >[0],\n memberId: string,\n data: Record<string, unknown> & { roleIds?: AuthRoleId<TAuthorization>[] },\n ) => Promise<{ ok: true; memberId: string }>;\n resolve: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"resolve\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n ancestry?: boolean;\n roleIds?: AuthRoleId<TAuthorization>[];\n grants?: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"resolve\"]>;\n};\n\n\n/**\n * The base auth API surface returned by {@link createAuth}.\n *\n * Provides core namespaces — `signIn`, `signOut`, `user`, `session`,\n * `member`, `invite`, `group`, `key`, and `http` — that are\n * always available regardless of which providers are configured.\n * Enterprise namespaces (`sso`, `scim`) are added conditionally by\n * {@link AuthApi} when an SSO provider is present.\n *\n * Use this type when you want to describe code that only depends on the\n * standard auth surface and should not assume enterprise features exist.\n *\n * @typeParam TAuthorization - The authorization config, used to narrow\n * role IDs and grant strings on the `member` API.\n */\nexport type AuthApiBase<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = {\n signIn: ReturnType<typeof AuthFactory>[\"signIn\"];\n signOut: ReturnType<typeof AuthFactory>[\"signOut\"];\n store: ReturnType<typeof AuthFactory>[\"store\"];\n user: ReturnType<typeof AuthFactory>[\"auth\"][\"user\"];\n session: ReturnType<typeof AuthFactory>[\"auth\"][\"session\"];\n provider: ReturnType<typeof AuthFactory>[\"auth\"][\"provider\"];\n account: ReturnType<typeof AuthFactory>[\"auth\"][\"account\"];\n group: ReturnType<typeof AuthFactory>[\"auth\"][\"group\"];\n member: MemberApiWithAuthorization<TAuthorization>;\n invite: ReturnType<typeof AuthFactory>[\"auth\"][\"invite\"];\n key: ReturnType<typeof AuthFactory>[\"auth\"][\"key\"];\n http: ReturnType<typeof AuthFactory>[\"auth\"][\"http\"];\n /**\n * Resolve the current user's auth context. Framework-agnostic — use\n * this in fluent-convex middleware, custom wrappers, or anywhere you\n * need the resolved `{ userId, user, groupId, role, grants }` object.\n *\n * Returns `null` when unauthenticated. Does not throw.\n *\n * @param ctx - Convex query, mutation, or action context.\n * @returns The resolved auth context, or `null`.\n *\n * @example fluent-convex middleware\n * ```ts\n * const withAuth = convex.createMiddleware(async (ctx, next) => {\n * return next({ ...ctx, auth: await auth.resolve(ctx) });\n * });\n * ```\n *\n * @example Direct usage in a handler\n * ```ts\n * const resolved = await auth.resolve(ctx);\n * if (!resolved) return { ok: false, code: \"NOT_SIGNED_IN\" };\n * const { userId, grants } = resolved;\n * ```\n */\n resolve: (ctx: any) => Promise<AuthResolvedContext | null>;\n /**\n * Context enrichment for convex-helpers `customQuery` / `customMutation` /\n * `customAction`.\n *\n * Resolves the current user's identity, active group, membership role,\n * and grants, then attaches them to `ctx.auth`. Returns a `Customization`\n * object compatible with convex-helpers' custom function builders.\n *\n * `ctx.auth` is `{ userId, user, groupId, role, grants }` when\n * authenticated, `null` when unauthenticated. No throwing — your\n * handler decides how to respond.\n *\n * @returns A convex-helpers `Customization` object.\n *\n * @example One-time setup in `convex/functions.ts`\n * ```ts\n * import { query, mutation, action } from \"./_generated/server\";\n * import { customQuery, customMutation, customAction } from \"convex-helpers/server/customFunctions\";\n * import { auth } from \"./auth\";\n *\n * export const authQuery = customQuery(query, auth.ctx());\n * export const authMutation = customMutation(mutation, auth.ctx());\n * export const authAction = customAction(action, auth.ctx());\n * ```\n *\n * @example Per-function usage\n * ```ts\n * import { authQuery } from \"./functions\";\n *\n * export const list = authQuery({\n * args: { workspaceId: v.string() },\n * handler: async (ctx, args) => {\n * if (!ctx.auth) return [];\n * const { userId, groupId, grants } = ctx.auth;\n * // business logic\n * },\n * });\n * ```\n */\n ctx: () => {\n args: Record<string, never>;\n input: (ctx: any) => Promise<{\n ctx: { auth: AuthResolvedContext | null };\n args: Record<string, never>;\n }>;\n };\n};\n\n/**\n * Resolved auth context injected into `ctx.auth` by `auth.ctx()`.\n *\n * - `null` when unauthenticated.\n * - `groupId` is `null` when the user has no active group set.\n * - `role` / `grants` are `null` / `[]` when no active group or no membership.\n */\nexport type AuthResolvedContext = {\n /** The authenticated user's document ID. */\n userId: string;\n /** The authenticated user's full document. */\n user: any;\n /** The user's active group ID, or `null` if none set. */\n groupId: string | null;\n /** The user's primary role in the active group, or `null`. */\n role: string | null;\n /** Resolved grant strings from the user's role definitions. */\n grants: string[];\n};\n\ntype InternalSsoApi = ReturnType<typeof AuthFactory>[\"auth\"][\"sso\"];\n\ntype PublicSsoAdminApi = {\n connection: InternalSsoApi[\"connection\"] & {\n domain: {\n list: InternalSsoApi[\"domain\"][\"list\"];\n validate: InternalSsoApi[\"domain\"][\"validate\"];\n set: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n enterpriseId: string,\n domains: Array<{\n domain: string;\n isPrimary?: boolean;\n }>,\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domains: Array<{\n domainId: string;\n domain: string;\n isPrimary: boolean;\n verified: boolean;\n verifiedAt: number | null;\n }>;\n }>;\n verification: {\n request: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domain: string;\n requestedAt: number;\n expiresAt: number;\n challenge: {\n recordType: \"TXT\";\n recordName: string;\n recordValue: string;\n };\n }>;\n confirm: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: boolean;\n enterpriseId: string;\n domain: string;\n verifiedAt?: number;\n checks: Array<{ name: string; ok: boolean; message?: string }>;\n }>;\n };\n };\n };\n oidc: Omit<InternalSsoApi[\"oidc\"], \"signIn\">;\n saml: Omit<InternalSsoApi[\"saml\"], \"metadata\">;\n policy: InternalSsoApi[\"policy\"];\n audit: {\n list: InternalSsoApi[\"audit\"][\"list\"];\n };\n webhook: {\n endpoint: InternalSsoApi[\"webhook\"][\"endpoint\"];\n delivery: {\n list: InternalSsoApi[\"webhook\"][\"delivery\"][\"list\"];\n };\n };\n};\n\ntype PublicSsoClientApi = {\n signIn: InternalSsoApi[\"oidc\"][\"signIn\"];\n metadata: InternalSsoApi[\"saml\"][\"metadata\"];\n};\n\ntype PublicSsoApi = {\n admin: PublicSsoAdminApi;\n client: PublicSsoClientApi;\n};\n\ntype PublicScimApi = {\n admin: Omit<InternalSsoApi[\"scim\"], \"getConfigByToken\" | \"identity\">;\n};\n\n/**\n * Extended auth API that includes enterprise SSO and SCIM namespaces.\n *\n * This type is the union of {@link AuthApiBase} plus `sso` (SSO connection\n * management, OIDC/SAML, domain verification, policies, audit, webhooks)\n * and `scim` (SCIM provisioning configuration). It is returned by\n * {@link createAuth} only when `new SSO()` is included in the providers\n * array; otherwise the narrower {@link AuthApiBase} is returned instead.\n * Attempting to access `auth.sso` or `auth.scim` without an SSO provider\n * produces a compile-time error because the return type narrows back to\n * {@link AuthApiBase}.\n *\n * @typeParam TAuthorization - The authorization config, forwarded to\n * {@link AuthApiBase} for typed role IDs and grant strings.\n */\nexport type AuthApi<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = AuthApiBase<TAuthorization> & {\n sso: PublicSsoApi;\n scim: PublicScimApi;\n};\n\n/**\n * The return type of {@link createAuth}.\n *\n * Resolves to {@link AuthApi} (with `sso` and `scim` namespaces) when\n * `new SSO()` is present in the providers array, or to the narrower\n * {@link AuthApiBase} otherwise. This conditional type ensures that\n * enterprise-only APIs are only accessible when the SSO provider is\n * configured, producing a compile-time error if you try to access\n * `auth.sso` without it.\n * This lets application code keep a single `createAuth()` call while still\n * getting provider-aware typing on the resulting API object.\n *\n * @typeParam P - The tuple of provider configs passed to `createAuth`.\n * @typeParam TAuthorization - Optional authorization config for typed roles/grants.\n */\nexport type ConvexAuthResult<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> =\n HasSSO<P> extends true\n ? AuthApi<TAuthorization>\n : AuthApiBase<TAuthorization>;\n\n/**\n * Infer the typed `AuthApiRefs` for the client SDK from a `createAuth` call.\n *\n * Use this as the generic parameter for `client()` on the frontend:\n *\n * ```ts\n * // convex/auth.ts\n * export const auth = createAuth(components.auth, { providers: [...] });\n *\n * // Frontend\n * import type { auth } from \"../convex/auth\";\n * import type { InferClientApi } from \"@robelest/convex-auth/server\";\n * const c = client<InferClientApi<typeof auth>>({ convex, api: api.auth });\n * ```\n *\n * @typeParam T - A ConvexAuthResult to extract the client API from.\n */\nexport type InferClientApi<T> =\n T extends ConvexAuthResult<infer P>\n ? AuthApiRefs<\n HasPasskeyProvider<P>,\n HasTotpProvider<P>,\n HasDeviceProvider<P>\n >\n : AuthApiRefs;\n\n/** @internal */\nexport type AuthLike = Pick<AuthApiBase, \"user\">;\n\n// ============================================================================\n// Auth setup APIs\n// ============================================================================\n\n/**\n * Create an auth API object.\n *\n * When `new SSO()` is included in providers, `auth.sso` and `auth.scim`\n * are available on the returned object. Without it, those namespaces are\n * absent and accessing them is a TypeScript compile error.\n *\n * @param component - The installed auth component reference from\n * `components.auth` in your Convex app definition.\n * @param config - Auth configuration including `providers` and optional\n * `authorization`. All fields from {@link AuthConfig} are accepted\n * except `component` (passed as the first argument).\n * @returns A {@link ConvexAuthResult} object — either {@link AuthApi}\n * (with `sso`/`scim`) or {@link AuthApiBase}, depending on whether\n * an SSO provider is present.\n *\n * @example\n * ```ts\n * export const auth = createAuth(components.auth, {\n * providers: [password(), google()],\n * authorization: { roles },\n * });\n * ```\n *\n * @see {@link AuthCtx}\n */\n\n// ---------------------------------------------------------------------------\n// Function builders — shared auth resolution logic\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve auth context for the current user. Returns the enriched\n * `ctx.auth` object or `null` when unauthenticated.\n *\n * Resolution flow:\n * 1. `user.id(ctx)` → userId or null (exit early)\n * 2. `user.get(ctx, userId)` → user doc (cached per-execution)\n * 3. `user.getActiveGroup(ctx, { userId })` → groupId or null\n * 4. If groupId → `member.resolve(ctx, { userId, groupId })` → role + grants\n */\nasync function resolveAuthContext(auth: any, ctx: any) {\n const userId = await auth.user.id(ctx);\n if (!userId) return null;\n const user = await auth.user.get(ctx, userId);\n const groupId = await auth.user.getActiveGroup(ctx, { userId });\n let role: string | null = null;\n let grants: string[] = [];\n if (groupId) {\n const resolved = await auth.member.resolve(ctx, { userId, groupId });\n if (resolved.membership) {\n role = resolved.roleIds[0] ?? null;\n grants = resolved.grants;\n }\n }\n return { userId, user, groupId, role, grants };\n}\n\nexport function createAuth<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n component: ConvexAuthConfig[\"component\"],\n config: Omit<AuthConfig, \"providers\" | \"authorization\"> & {\n providers: P;\n authorization?: TAuthorization;\n },\n): ConvexAuthResult<P, TAuthorization> {\n const authResult = AuthFactory({\n ...config,\n component,\n providers: [...config.providers],\n });\n const {\n domain: domainApi,\n scim: scimApi,\n connection: connectionApi,\n audit: auditApi,\n webhook: webhookApi,\n oidc: oidcApi,\n saml: samlApi,\n ...restSso\n } = authResult.auth.sso as InternalSsoApi;\n\n type SetEnterpriseDomains = PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"];\n type EnterpriseDomainInput = Array<{\n domain: string;\n isPrimary?: boolean;\n }>;\n const setEnterpriseDomains: PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"] =\n async (\n ctx: Parameters<SetEnterpriseDomains>[0],\n enterpriseId: Parameters<SetEnterpriseDomains>[1],\n domains: EnterpriseDomainInput,\n ) => {\n const enterprise = await connectionApi.get(ctx, enterpriseId);\n if (enterprise === null) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Enterprise not found.\",\n ).toConvexError();\n }\n\n const normalized = domains.map((entry: (typeof domains)[number]) => ({\n ...entry,\n domain: entry.domain.trim().toLowerCase(),\n }));\n const deduped = new Map<string, (typeof normalized)[number]>();\n for (const entry of normalized) {\n if (entry.domain.length === 0) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Domain must not be empty.\",\n ).toConvexError();\n }\n if (deduped.has(entry.domain)) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n `Duplicate domain: ${entry.domain}`,\n ).toConvexError();\n }\n deduped.set(entry.domain, entry);\n }\n\n const nextDomains = [...deduped.values()];\n const primaryCount = nextDomains.filter(\n (entry) => entry.isPrimary,\n ).length;\n if (primaryCount > 1) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Only one primary domain may be set.\",\n ).toConvexError();\n }\n if (nextDomains.length > 0 && primaryCount === 0) {\n nextDomains[0] = { ...nextDomains[0], isPrimary: true };\n }\n\n const currentDomains = await domainApi.list(ctx, enterpriseId);\n const currentByDomain = new Map<string, (typeof currentDomains)[number]>(\n currentDomains.map((entry: (typeof currentDomains)[number]) => [\n entry.domain.toLowerCase(),\n entry,\n ]),\n );\n\n for (const existing of currentDomains) {\n if (!deduped.has(existing.domain.toLowerCase())) {\n await domainApi.remove(ctx, existing._id);\n }\n }\n\n for (const nextDomain of nextDomains) {\n const current = currentByDomain.get(nextDomain.domain);\n if (current && current.isPrimary === Boolean(nextDomain.isPrimary)) {\n continue;\n }\n if (current) {\n await domainApi.remove(ctx, current._id);\n }\n const domainId = await domainApi.add(ctx, {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n domain: nextDomain.domain,\n isPrimary: nextDomain.isPrimary,\n });\n if (current?.verifiedAt !== undefined) {\n await (ctx as any).runMutation(\n component.public.enterpriseDomainVerify,\n {\n domainId,\n verifiedAt: current.verifiedAt,\n },\n );\n }\n }\n\n const updatedDomains = await domainApi.list(ctx, enterpriseId);\n return {\n ok: true as const,\n enterpriseId,\n domains: updatedDomains.map(\n (domain: (typeof updatedDomains)[number]) => ({\n domainId: domain._id,\n domain: domain.domain,\n isPrimary: domain.isPrimary,\n verified: domain.verifiedAt !== undefined,\n verifiedAt: domain.verifiedAt ?? null,\n }),\n ),\n };\n };\n\n const publicSso: PublicSsoApi = {\n admin: {\n ...restSso,\n oidc: {\n ...oidcApi,\n },\n saml: {\n ...samlApi,\n },\n connection: {\n ...connectionApi,\n domain: {\n list: domainApi.list,\n validate: domainApi.validate,\n set: setEnterpriseDomains,\n verification: {\n request: domainApi.verification.request,\n confirm: domainApi.verification.confirm,\n },\n },\n },\n policy: restSso.policy,\n audit: {\n list: auditApi.list,\n },\n webhook: {\n endpoint: webhookApi.endpoint,\n delivery: {\n list: webhookApi.delivery.list,\n },\n },\n },\n client: {\n signIn: oidcApi.signIn,\n metadata: samlApi.metadata,\n },\n };\n\n return {\n signIn: authResult.signIn,\n signOut: authResult.signOut,\n store: authResult.store,\n user: authResult.auth.user,\n session: authResult.auth.session,\n provider: authResult.auth.provider,\n account: authResult.auth.account,\n group: authResult.auth.group,\n member: authResult.auth.member,\n invite: authResult.auth.invite,\n key: authResult.auth.key,\n sso: publicSso,\n scim: {\n admin: {\n configure: scimApi.configure,\n get: scimApi.get,\n validate: scimApi.validate,\n },\n },\n http: authResult.auth.http,\n\n resolve: (ctx: any) => resolveAuthContext(authResult.auth, ctx),\n\n ctx: () => ({\n args: {},\n input: async (ctx: any) => {\n const authCtx = await resolveAuthContext(authResult.auth, ctx);\n return { ctx: { auth: authCtx }, args: {} };\n },\n }),\n } as unknown as ConvexAuthResult<P, TAuthorization>;\n}\n\n// ============================================================================\n// AuthCtx — ctx enrichment for customQuery / customMutation\n// ============================================================================\n\n/** Canonical user document type exposed by Convex Auth. */\nexport type UserDoc = Doc<\"User\">;\n\n/**\n * Configuration for {@link AuthCtx} context enrichment.\n *\n * @typeParam TResolve - Extra fields returned from `resolve()` and merged into\n * the resulting `ctx.auth` object.\n */\nexport type AuthCtxConfig<\n TResolve extends Record<string, unknown> = Record<string, never>,\n> = {\n /** Allow unauthenticated callers and return `userId: null` / `user: null`. */\n optional?: boolean;\n /**\n * Attach additional derived fields to the auth context after the user is resolved.\n */\n resolve?: (ctx: any, user: UserDoc) => Promise<TResolve> | TResolve;\n};\n\n/**\n * Create a context enrichment for `customQuery` / `customMutation` — optional auth.\n *\n * When `optional: true` is set, unauthenticated requests are allowed.\n * The enriched `ctx.auth` will have `userId: null` and `user: null`\n * for unauthenticated callers.\n *\n * @param auth - The auth API object returned by {@link createAuth}.\n * @param config - Configuration with `optional: true` and an optional\n * `resolve` callback for attaching extra fields to the auth context.\n * @returns An object with `args` and `input` compatible with Convex\n * custom function builders.\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * optional: true,\n * resolve: async (_ctx, user) => ({ plan: user?.extend?.plan ?? null }),\n * });\n * ```\n *\n * @see {@link createAuth}\n */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config: AuthCtxConfig<TResolve> & { optional: true },\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n userId: GenericId<\"User\"> | null;\n user: UserDoc | null;\n } & TResolve;\n };\n args: {};\n }>;\n};\n/**\n * Create a context enrichment for `customQuery` / `customMutation` — required auth (default).\n *\n * When `optional` is omitted or `false`, the inferred type is the authenticated\n * auth shape. At runtime this helper still resolves instead of throwing, so if\n * no user is signed in the returned `ctx.auth.userId` and `ctx.auth.user` are\n * `null`.\n *\n * @param auth - The auth API object returned by {@link createAuth}.\n * @param config - Optional configuration with a `resolve` callback\n * for attaching extra fields to the auth context.\n * @returns An object with `args` and `input` compatible with Convex\n * custom function builders.\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * resolve: async (_ctx, user) => ({ email: user.email }),\n * });\n * ```\n *\n * @see {@link createAuth}\n */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config?: AuthCtxConfig<TResolve>,\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n userId: GenericId<\"User\">;\n user: UserDoc;\n } & TResolve;\n };\n args: {};\n }>;\n};\n// Implementation\nexport function AuthCtx(auth: AuthLike, config?: AuthCtxConfig<any>) {\n return {\n args: {},\n input: async (ctx: any, _args: any, _extra?: any) => {\n const nativeAuth = ctx.auth;\n const modeDispatch =\n config?.optional === true\n ? { mode: \"optional\" as const }\n : { mode: \"required\" as const };\n\n const userContext = await Fx.run(\n Fx.match(modeDispatch, modeDispatch.mode, {\n optional: async () => {\n const userId = await auth.user.id(ctx);\n if (!userId) {\n return null;\n }\n const user = await auth.user.get(ctx, userId);\n return { userId, user };\n },\n required: async () => {\n const userId = await auth.user.id(ctx);\n if (!userId) {\n return null;\n }\n const user = await auth.user.get(ctx, userId);\n return { userId, user };\n },\n }),\n );\n\n if (userContext === null) {\n return {\n ctx: {\n auth: {\n getUserIdentity: nativeAuth.getUserIdentity.bind(nativeAuth),\n userId: null,\n user: null,\n },\n },\n args: {},\n };\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, userContext.user)\n : {};\n\n return {\n ctx: {\n auth: {\n getUserIdentity: nativeAuth.getUserIdentity.bind(nativeAuth),\n userId: userContext.userId,\n user: userContext.user,\n ...extra,\n },\n },\n args: {},\n };\n },\n };\n}\n\n/**\n * Extract the resolved `auth` context type from an {@link AuthCtx} instance.\n *\n * Use this to type function parameters or variables that receive the\n * enriched auth context produced by `AuthCtx`. The inferred type includes\n * `userId`, `user`, `getUserIdentity`, and any additional fields added\n * by the `resolve` callback. This is the generic utility for reusing the\n * enriched auth shape without manually duplicating conditional auth types.\n *\n * @typeParam T - An `AuthCtx` return value (must have an `input` method\n * that returns `{ ctx: { auth: ... } }`).\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * resolve: async (ctx, user) => ({ orgId: user.orgId }),\n * });\n * type Auth = InferAuth<typeof authCtx>;\n * // Auth = { userId: Id<\"User\">; user: UserDoc; getUserIdentity: ...; orgId: string }\n * ```\n *\n * @see {@link createAuth}\n */\nexport type InferAuth<\n T extends { input: (...args: any[]) => Promise<{ ctx: { auth: any } }> },\n> = Awaited<ReturnType<T[\"input\"]>>[\"ctx\"][\"auth\"];\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmaA,eAAe,mBAAmB,MAAW,KAAU;CACrD,MAAM,SAAS,MAAM,KAAK,KAAK,GAAG,IAAI;AACtC,KAAI,CAAC,OAAQ,QAAO;CACpB,MAAM,OAAO,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;CAC7C,MAAM,UAAU,MAAM,KAAK,KAAK,eAAe,KAAK,EAAE,QAAQ,CAAC;CAC/D,IAAI,OAAsB;CAC1B,IAAI,SAAmB,EAAE;AACzB,KAAI,SAAS;EACX,MAAM,WAAW,MAAM,KAAK,OAAO,QAAQ,KAAK;GAAE;GAAQ;GAAS,CAAC;AACpE,MAAI,SAAS,YAAY;AACvB,UAAO,SAAS,QAAQ,MAAM;AAC9B,YAAS,SAAS;;;AAGtB,QAAO;EAAE;EAAQ;EAAM;EAAS;EAAM;EAAQ;;AAGhD,SAAgB,WAId,WACA,QAIqC;CACrC,MAAM,aAAaA,KAAY;EAC7B,GAAG;EACH;EACA,WAAW,CAAC,GAAG,OAAO,UAAU;EACjC,CAAC;CACF,MAAM,EACJ,QAAQ,WACR,MAAM,SACN,YAAY,eACZ,OAAO,UACP,SAAS,YACT,MAAM,SACN,MAAM,SACN,GAAG,YACD,WAAW,KAAK;CAOpB,MAAM,uBACJ,OACE,KACA,cACA,YACG;EACH,MAAM,aAAa,MAAM,cAAc,IAAI,KAAK,aAAa;AAC7D,MAAI,eAAe,KACjB,OAAM,IAAI,UACR,sBACA,wBACD,CAAC,eAAe;EAGnB,MAAM,aAAa,QAAQ,KAAK,WAAqC;GACnE,GAAG;GACH,QAAQ,MAAM,OAAO,MAAM,CAAC,aAAa;GAC1C,EAAE;EACH,MAAM,0BAAU,IAAI,KAA0C;AAC9D,OAAK,MAAM,SAAS,YAAY;AAC9B,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,IAAI,UACR,sBACA,4BACD,CAAC,eAAe;AAEnB,OAAI,QAAQ,IAAI,MAAM,OAAO,CAC3B,OAAM,IAAI,UACR,sBACA,qBAAqB,MAAM,SAC5B,CAAC,eAAe;AAEnB,WAAQ,IAAI,MAAM,QAAQ,MAAM;;EAGlC,MAAM,cAAc,CAAC,GAAG,QAAQ,QAAQ,CAAC;EACzC,MAAM,eAAe,YAAY,QAC9B,UAAU,MAAM,UAClB,CAAC;AACF,MAAI,eAAe,EACjB,OAAM,IAAI,UACR,sBACA,sCACD,CAAC,eAAe;AAEnB,MAAI,YAAY,SAAS,KAAK,iBAAiB,EAC7C,aAAY,KAAK;GAAE,GAAG,YAAY;GAAI,WAAW;GAAM;EAGzD,MAAM,iBAAiB,MAAM,UAAU,KAAK,KAAK,aAAa;EAC9D,MAAM,kBAAkB,IAAI,IAC1B,eAAe,KAAK,UAA2C,CAC7D,MAAM,OAAO,aAAa,EAC1B,MACD,CAAC,CACH;AAED,OAAK,MAAM,YAAY,eACrB,KAAI,CAAC,QAAQ,IAAI,SAAS,OAAO,aAAa,CAAC,CAC7C,OAAM,UAAU,OAAO,KAAK,SAAS,IAAI;AAI7C,OAAK,MAAM,cAAc,aAAa;GACpC,MAAM,UAAU,gBAAgB,IAAI,WAAW,OAAO;AACtD,OAAI,WAAW,QAAQ,cAAc,QAAQ,WAAW,UAAU,CAChE;AAEF,OAAI,QACF,OAAM,UAAU,OAAO,KAAK,QAAQ,IAAI;GAE1C,MAAM,WAAW,MAAM,UAAU,IAAI,KAAK;IACxC,cAAc,WAAW;IACzB,SAAS,WAAW;IACpB,QAAQ,WAAW;IACnB,WAAW,WAAW;IACvB,CAAC;AACF,OAAI,SAAS,eAAe,OAC1B,OAAO,IAAY,YACjB,UAAU,OAAO,wBACjB;IACE;IACA,YAAY,QAAQ;IACrB,CACF;;AAKL,SAAO;GACL,IAAI;GACJ;GACA,UAJqB,MAAM,UAAU,KAAK,KAAK,aAAa,EAIpC,KACrB,YAA6C;IAC5C,UAAU,OAAO;IACjB,QAAQ,OAAO;IACf,WAAW,OAAO;IAClB,UAAU,OAAO,eAAe;IAChC,YAAY,OAAO,cAAc;IAClC,EACF;GACF;;CAGL,MAAM,YAA0B;EAC9B,OAAO;GACL,GAAG;GACH,MAAM,EACJ,GAAG,SACJ;GACD,MAAM,EACJ,GAAG,SACJ;GACD,YAAY;IACV,GAAG;IACH,QAAQ;KACN,MAAM,UAAU;KAChB,UAAU,UAAU;KACpB,KAAK;KACL,cAAc;MACZ,SAAS,UAAU,aAAa;MAChC,SAAS,UAAU,aAAa;MACjC;KACF;IACF;GACD,QAAQ,QAAQ;GAChB,OAAO,EACL,MAAM,SAAS,MAChB;GACD,SAAS;IACP,UAAU,WAAW;IACrB,UAAU,EACR,MAAM,WAAW,SAAS,MAC3B;IACF;GACF;EACD,QAAQ;GACN,QAAQ,QAAQ;GAChB,UAAU,QAAQ;GACnB;EACF;AAED,QAAO;EACL,QAAQ,WAAW;EACnB,SAAS,WAAW;EACpB,OAAO,WAAW;EAClB,MAAM,WAAW,KAAK;EACtB,SAAS,WAAW,KAAK;EACzB,UAAU,WAAW,KAAK;EAC1B,SAAS,WAAW,KAAK;EACzB,OAAO,WAAW,KAAK;EACvB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,KAAK,WAAW,KAAK;EACrB,KAAK;EACL,MAAM,EACJ,OAAO;GACL,WAAW,QAAQ;GACnB,KAAK,QAAQ;GACb,UAAU,QAAQ;GACnB,EACF;EACD,MAAM,WAAW,KAAK;EAEtB,UAAU,QAAa,mBAAmB,WAAW,MAAM,IAAI;EAE/D,YAAY;GACV,MAAM,EAAE;GACR,OAAO,OAAO,QAAa;AAEzB,WAAO;KAAE,KAAK,EAAE,MADA,MAAM,mBAAmB,WAAW,MAAM,IAAI,EAC/B;KAAE,MAAM,EAAE;KAAE;;GAE9C;EACF;;AAsHH,SAAgB,QAAQ,MAAgB,QAA6B;AACnE,QAAO;EACL,MAAM,EAAE;EACR,OAAO,OAAO,KAAU,OAAY,WAAiB;GACnD,MAAM,aAAa,IAAI;GACvB,MAAM,eACJ,QAAQ,aAAa,OACjB,EAAE,MAAM,YAAqB,GAC7B,EAAE,MAAM,YAAqB;GAEnC,MAAM,cAAc,MAAM,GAAG,IAC3B,GAAG,MAAM,cAAc,aAAa,MAAM;IACxC,UAAU,YAAY;KACpB,MAAM,SAAS,MAAM,KAAK,KAAK,GAAG,IAAI;AACtC,SAAI,CAAC,OACH,QAAO;AAGT,YAAO;MAAE;MAAQ,MADJ,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;MACtB;;IAEzB,UAAU,YAAY;KACpB,MAAM,SAAS,MAAM,KAAK,KAAK,GAAG,IAAI;AACtC,SAAI,CAAC,OACH,QAAO;AAGT,YAAO;MAAE;MAAQ,MADJ,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;MACtB;;IAE1B,CAAC,CACH;AAED,OAAI,gBAAgB,KAClB,QAAO;IACL,KAAK,EACH,MAAM;KACJ,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;KAC5D,QAAQ;KACR,MAAM;KACP,EACF;IACD,MAAM,EAAE;IACT;GAGH,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,YAAY,KAAK,GAC3C,EAAE;AAEN,UAAO;IACL,KAAK,EACH,MAAM;KACJ,iBAAiB,WAAW,gBAAgB,KAAK,WAAW;KAC5D,QAAQ,YAAY;KACpB,MAAM,YAAY;KAClB,GAAG;KACJ,EACF;IACD,MAAM,EAAE;IACT;;EAEJ"}
|
|
1
|
+
{"version":3,"file":"auth.js","names":["AuthFactory"],"sources":["../../src/server/auth.ts"],"sourcesContent":["/**\n * Auth configuration helpers for Convex Auth.\n *\n * @module\n */\n\nimport type { UserIdentity } from \"convex/server\";\nimport type { GenericId } from \"convex/values\";\n\nimport type { AuthApiRefs } from \"../client/index\";\nimport { Auth as AuthFactory } from \"./runtime\";\nimport { AuthError } from \"./authError\";\nimport type { Doc } from \"./types\";\nimport type {\n AuthAuthorizationConfig,\n AuthGrant,\n AuthProviderConfig,\n AuthRoleDefinition,\n AuthRoleId,\n ConvexAuthConfig,\n HasDeviceProvider,\n HasPasskeyProvider,\n HasSSO,\n HasTotpProvider,\n} from \"./types\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Config for auth setup. Extends the standard auth config\n * minus `component` (which is passed as the first constructor argument).\n */\nexport type AuthConfig = Omit<ConvexAuthConfig, \"component\">;\n\n/** Canonical user document type exposed by Convex Auth. */\nexport type UserDoc = Doc<\"User\">;\n\ntype MemberApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = Omit<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"],\n \"create\" | \"list\" | \"update\" | \"resolve\"\n> & {\n create: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"create\"]\n >[0],\n data: {\n groupId: string;\n userId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ) => Promise<{ ok: true; memberId: string }>;\n list: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]\n >[0],\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: AuthRoleId<TAuthorization>;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]>;\n update: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"update\"]\n >[0],\n memberId: string,\n data: Record<string, unknown> & { roleIds?: AuthRoleId<TAuthorization>[] },\n ) => Promise<{ ok: true; memberId: string }>;\n resolve: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"resolve\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n ancestry?: boolean;\n roleIds?: AuthRoleId<TAuthorization>[];\n grants?: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"resolve\"]>;\n};\n\n\n/**\n * The base auth API surface returned by {@link createAuth}.\n *\n * Provides core namespaces — `signIn`, `signOut`, `user`, `session`,\n * `member`, `invite`, `group`, `key`, and `http` — that are\n * always available regardless of which providers are configured.\n * Enterprise namespaces (`sso`, `scim`) are added conditionally by\n * {@link AuthApi} when an SSO provider is present.\n *\n * Use this type when you want to describe code that only depends on the\n * standard auth surface and should not assume enterprise features exist.\n *\n * @typeParam TAuthorization - The authorization config, used to narrow\n * role IDs and grant strings on the `member` API.\n */\nexport type AuthApiBase<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = {\n signIn: ReturnType<typeof AuthFactory>[\"signIn\"];\n signOut: ReturnType<typeof AuthFactory>[\"signOut\"];\n store: ReturnType<typeof AuthFactory>[\"store\"];\n user: ReturnType<typeof AuthFactory>[\"auth\"][\"user\"];\n session: ReturnType<typeof AuthFactory>[\"auth\"][\"session\"];\n provider: ReturnType<typeof AuthFactory>[\"auth\"][\"provider\"];\n account: ReturnType<typeof AuthFactory>[\"auth\"][\"account\"];\n group: ReturnType<typeof AuthFactory>[\"auth\"][\"group\"];\n member: MemberApiWithAuthorization<TAuthorization>;\n invite: ReturnType<typeof AuthFactory>[\"auth\"][\"invite\"];\n key: ReturnType<typeof AuthFactory>[\"auth\"][\"key\"];\n http: ReturnType<typeof AuthFactory>[\"auth\"][\"http\"];\n /**\n * Resolve the current user's auth context. Framework-agnostic — use\n * this in fluent-convex middleware, custom wrappers, or anywhere you\n * need the resolved `{ userId, user, groupId, role, grants }` object.\n *\n * Returns `null` when unauthenticated. Does not throw.\n *\n * @param ctx - Convex query, mutation, or action context.\n * @returns The resolved auth context, or `null`.\n *\n * @example fluent-convex middleware\n * ```ts\n * const withAuth = convex.createMiddleware(async (ctx, next) => {\n * return next({ ...ctx, auth: await auth.resolve(ctx) });\n * });\n * ```\n *\n * @example Direct usage in a handler\n * ```ts\n * const resolved = await auth.resolve(ctx);\n * if (!resolved) return { ok: false, code: \"NOT_SIGNED_IN\" };\n * const { userId, grants } = resolved;\n * ```\n */\n resolve: (ctx: any) => Promise<AuthResolvedContext | null>;\n /**\n * Context enrichment for convex-helpers `customQuery` / `customMutation` /\n * `customAction`.\n *\n * Resolves the current user's identity, active group, membership role,\n * and grants, then attaches them to `ctx.auth`. Returns a `Customization`\n * object compatible with convex-helpers' custom function builders.\n *\n * `ctx.auth` is `{ userId, user, groupId, role, grants }` when\n * authenticated, `null` when unauthenticated. No throwing — your\n * handler decides how to respond.\n *\n * @returns A convex-helpers `Customization` object.\n *\n * @example One-time setup in `convex/functions.ts`\n * ```ts\n * import { query, mutation, action } from \"./_generated/server\";\n * import { customQuery, customMutation, customAction } from \"convex-helpers/server/customFunctions\";\n * import { auth } from \"./auth\";\n *\n * export const authQuery = customQuery(query, auth.ctx());\n * export const authMutation = customMutation(mutation, auth.ctx());\n * export const authAction = customAction(action, auth.ctx());\n * ```\n *\n * @example Per-function usage\n * ```ts\n * import { authQuery } from \"./functions\";\n *\n * export const list = authQuery({\n * args: { workspaceId: v.string() },\n * handler: async (ctx, args) => {\n * if (!ctx.auth) return [];\n * const { userId, groupId, grants } = ctx.auth;\n * // business logic\n * },\n * });\n * ```\n */\n ctx: () => {\n args: Record<string, never>;\n input: (ctx: any) => Promise<{\n ctx: { auth: AuthResolvedContext | null };\n args: Record<string, never>;\n }>;\n };\n};\n\n/**\n * Resolved auth context injected into `ctx.auth` by `auth.ctx()` and\n * {@link AuthCtx}. Also the expected return shape for custom\n * {@link AuthCtxConfig.authResolve | authResolve} hooks.\n *\n * - `null` when unauthenticated.\n * - `groupId` is `null` when the user has no active group set.\n * - `role` / `grants` are `null` / `[]` when no active group or no membership.\n *\n * @example\n * ```ts\n * import type { AuthResolvedContext } from \"@robelest/convex-auth/server\";\n *\n * const mockAuth: AuthResolvedContext = {\n * userId: \"user123\" as Id<\"User\">,\n * user: { _id: \"user123\", email: \"test@example.com\" },\n * groupId: \"group456\",\n * role: \"admin\",\n * grants: [\"read\", \"write\"],\n * };\n * ```\n */\nexport type AuthResolvedContext = {\n /** The authenticated user's document ID. */\n userId: GenericId<\"User\">;\n /** The authenticated user's full document. */\n user: UserDoc;\n /** The user's active group ID, or `null` if none set. */\n groupId: string | null;\n /** The user's primary role in the active group, or `null`. */\n role: string | null;\n /** Resolved grant strings from the user's role definitions. */\n grants: string[];\n};\n\ntype AuthCtxBase = {\n getUserIdentity: () => Promise<UserIdentity | null>;\n};\n\ntype RequiredAuthCtxState = AuthCtxBase & AuthResolvedContext;\n\ntype OptionalAuthCtxState = AuthCtxBase & {\n userId: GenericId<\"User\"> | null;\n user: UserDoc | null;\n groupId: string | null;\n role: string | null;\n grants: string[];\n};\n\ntype InternalSsoApi = ReturnType<typeof AuthFactory>[\"auth\"][\"sso\"];\n\ntype PublicSsoAdminApi = {\n connection: InternalSsoApi[\"connection\"] & {\n domain: {\n list: InternalSsoApi[\"domain\"][\"list\"];\n validate: InternalSsoApi[\"domain\"][\"validate\"];\n set: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n enterpriseId: string,\n domains: Array<{\n domain: string;\n isPrimary?: boolean;\n }>,\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domains: Array<{\n domainId: string;\n domain: string;\n isPrimary: boolean;\n verified: boolean;\n verifiedAt: number | null;\n }>;\n }>;\n verification: {\n request: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: true;\n enterpriseId: string;\n domain: string;\n requestedAt: number;\n expiresAt: number;\n challenge: {\n recordType: \"TXT\";\n recordName: string;\n recordValue: string;\n };\n }>;\n confirm: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n ok: boolean;\n enterpriseId: string;\n domain: string;\n verifiedAt?: number;\n checks: Array<{ name: string; ok: boolean; message?: string }>;\n }>;\n };\n };\n };\n oidc: Omit<InternalSsoApi[\"oidc\"], \"signIn\">;\n saml: Omit<InternalSsoApi[\"saml\"], \"metadata\">;\n policy: InternalSsoApi[\"policy\"];\n audit: {\n list: InternalSsoApi[\"audit\"][\"list\"];\n };\n webhook: {\n endpoint: InternalSsoApi[\"webhook\"][\"endpoint\"];\n delivery: {\n list: InternalSsoApi[\"webhook\"][\"delivery\"][\"list\"];\n };\n };\n};\n\ntype PublicSsoClientApi = {\n signIn: InternalSsoApi[\"oidc\"][\"signIn\"];\n metadata: InternalSsoApi[\"saml\"][\"metadata\"];\n};\n\ntype PublicSsoApi = {\n admin: PublicSsoAdminApi;\n client: PublicSsoClientApi;\n};\n\ntype PublicScimApi = {\n admin: Omit<InternalSsoApi[\"scim\"], \"getConfigByToken\" | \"identity\">;\n};\n\n/**\n * Extended auth API that includes enterprise SSO and SCIM namespaces.\n *\n * This type is the union of {@link AuthApiBase} plus `sso` (SSO connection\n * management, OIDC/SAML, domain verification, policies, audit, webhooks)\n * and `scim` (SCIM provisioning configuration). It is returned by\n * {@link createAuth} only when `new SSO()` is included in the providers\n * array; otherwise the narrower {@link AuthApiBase} is returned instead.\n * Attempting to access `auth.sso` or `auth.scim` without an SSO provider\n * produces a compile-time error because the return type narrows back to\n * {@link AuthApiBase}.\n *\n * @typeParam TAuthorization - The authorization config, forwarded to\n * {@link AuthApiBase} for typed role IDs and grant strings.\n */\nexport type AuthApi<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = AuthApiBase<TAuthorization> & {\n sso: PublicSsoApi;\n scim: PublicScimApi;\n};\n\n/**\n * The return type of {@link createAuth}.\n *\n * Resolves to {@link AuthApi} (with `sso` and `scim` namespaces) when\n * `new SSO()` is present in the providers array, or to the narrower\n * {@link AuthApiBase} otherwise. This conditional type ensures that\n * enterprise-only APIs are only accessible when the SSO provider is\n * configured, producing a compile-time error if you try to access\n * `auth.sso` without it.\n * This lets application code keep a single `createAuth()` call while still\n * getting provider-aware typing on the resulting API object.\n *\n * @typeParam P - The tuple of provider configs passed to `createAuth`.\n * @typeParam TAuthorization - Optional authorization config for typed roles/grants.\n */\nexport type ConvexAuthResult<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> =\n HasSSO<P> extends true\n ? AuthApi<TAuthorization>\n : AuthApiBase<TAuthorization>;\n\n/**\n * Infer the typed `AuthApiRefs` for the client SDK from a `createAuth` call.\n *\n * Use this as the generic parameter for `client()` on the frontend:\n *\n * ```ts\n * // convex/auth.ts\n * export const auth = createAuth(components.auth, { providers: [...] });\n *\n * // Frontend\n * import type { auth } from \"../convex/auth\";\n * import type { InferClientApi } from \"@robelest/convex-auth/server\";\n * const c = client<InferClientApi<typeof auth>>({ convex, api: api.auth });\n * ```\n *\n * @typeParam T - A ConvexAuthResult to extract the client API from.\n */\nexport type InferClientApi<T> =\n T extends ConvexAuthResult<infer P>\n ? AuthApiRefs<\n HasPasskeyProvider<P>,\n HasTotpProvider<P>,\n HasDeviceProvider<P>\n >\n : AuthApiRefs;\n\n/** @internal */\nexport type AuthLike = Pick<AuthApiBase, \"user\" | \"member\">;\n\n// ============================================================================\n// Auth setup APIs\n// ============================================================================\n\n/**\n * Create an auth API object.\n *\n * When `new SSO()` is included in providers, `auth.sso` and `auth.scim`\n * are available on the returned object. Without it, those namespaces are\n * absent and accessing them is a TypeScript compile error.\n *\n * @param component - The installed auth component reference from\n * `components.auth` in your Convex app definition.\n * @param config - Auth configuration including `providers` and optional\n * `authorization`. All fields from {@link AuthConfig} are accepted\n * except `component` (passed as the first argument).\n * @returns A {@link ConvexAuthResult} object — either {@link AuthApi}\n * (with `sso`/`scim`) or {@link AuthApiBase}, depending on whether\n * an SSO provider is present.\n *\n * @example\n * ```ts\n * export const auth = createAuth(components.auth, {\n * providers: [password(), google()],\n * authorization: { roles },\n * });\n * ```\n *\n * @see {@link AuthCtx}\n */\n\n// ---------------------------------------------------------------------------\n// Function builders — shared auth resolution logic\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve auth context for the current user. Returns the enriched\n * `ctx.auth` object or `null` when unauthenticated.\n *\n * Resolution flow:\n * 1. `user.id(ctx)` → userId or null (exit early)\n * 2. `user.get(ctx, userId)` → user doc (cached per-execution)\n * 3. `user.getActiveGroup(ctx, { userId })` → groupId or null\n * 4. If groupId → `member.resolve(ctx, { userId, groupId })` → role + grants\n */\nasync function resolveAuthContext(auth: AuthLike, ctx: any) {\n const userId = await auth.user.id(ctx);\n if (!userId) return null;\n const user = await auth.user.get(ctx, userId);\n const groupId = await auth.user.getActiveGroup(ctx, { userId });\n let role: string | null = null;\n let grants: string[] = [];\n if (groupId) {\n const resolved = await auth.member.resolve(ctx, { userId, groupId });\n if (resolved.membership) {\n role = resolved.roleIds[0] ?? null;\n grants = resolved.grants;\n }\n }\n return { userId, user, groupId, role, grants };\n}\n\nexport function createAuth<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n component: ConvexAuthConfig[\"component\"],\n config: Omit<AuthConfig, \"providers\" | \"authorization\"> & {\n providers: P;\n authorization?: TAuthorization;\n },\n): ConvexAuthResult<P, TAuthorization> {\n const authResult = AuthFactory({\n ...config,\n component,\n providers: [...config.providers],\n });\n const {\n domain: domainApi,\n scim: scimApi,\n connection: connectionApi,\n audit: auditApi,\n webhook: webhookApi,\n oidc: oidcApi,\n saml: samlApi,\n ...restSso\n } = authResult.auth.sso as InternalSsoApi;\n\n type SetEnterpriseDomains = PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"];\n type EnterpriseDomainInput = Array<{\n domain: string;\n isPrimary?: boolean;\n }>;\n const setEnterpriseDomains: PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"] =\n async (\n ctx: Parameters<SetEnterpriseDomains>[0],\n enterpriseId: Parameters<SetEnterpriseDomains>[1],\n domains: EnterpriseDomainInput,\n ) => {\n const enterprise = await connectionApi.get(ctx, enterpriseId);\n if (enterprise === null) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Enterprise not found.\",\n ).toConvexError();\n }\n\n const normalized = domains.map((entry: (typeof domains)[number]) => ({\n ...entry,\n domain: entry.domain.trim().toLowerCase(),\n }));\n const deduped = new Map<string, (typeof normalized)[number]>();\n for (const entry of normalized) {\n if (entry.domain.length === 0) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Domain must not be empty.\",\n ).toConvexError();\n }\n if (deduped.has(entry.domain)) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n `Duplicate domain: ${entry.domain}`,\n ).toConvexError();\n }\n deduped.set(entry.domain, entry);\n }\n\n const nextDomains = [...deduped.values()];\n const primaryCount = nextDomains.filter(\n (entry) => entry.isPrimary,\n ).length;\n if (primaryCount > 1) {\n throw new AuthError(\n \"INVALID_PARAMETERS\",\n \"Only one primary domain may be set.\",\n ).toConvexError();\n }\n if (nextDomains.length > 0 && primaryCount === 0) {\n nextDomains[0] = { ...nextDomains[0], isPrimary: true };\n }\n\n const currentDomains = await domainApi.list(ctx, enterpriseId);\n const currentByDomain = new Map<string, (typeof currentDomains)[number]>(\n currentDomains.map((entry: (typeof currentDomains)[number]) => [\n entry.domain.toLowerCase(),\n entry,\n ]),\n );\n\n for (const existing of currentDomains) {\n if (!deduped.has(existing.domain.toLowerCase())) {\n await domainApi.remove(ctx, existing._id);\n }\n }\n\n for (const nextDomain of nextDomains) {\n const current = currentByDomain.get(nextDomain.domain);\n if (current && current.isPrimary === Boolean(nextDomain.isPrimary)) {\n continue;\n }\n if (current) {\n await domainApi.remove(ctx, current._id);\n }\n const domainId = await domainApi.add(ctx, {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n domain: nextDomain.domain,\n isPrimary: nextDomain.isPrimary,\n });\n if (current?.verifiedAt !== undefined) {\n await (ctx as any).runMutation(\n component.public.enterpriseDomainVerify,\n {\n domainId,\n verifiedAt: current.verifiedAt,\n },\n );\n }\n }\n\n const updatedDomains = await domainApi.list(ctx, enterpriseId);\n return {\n ok: true as const,\n enterpriseId,\n domains: updatedDomains.map(\n (domain: (typeof updatedDomains)[number]) => ({\n domainId: domain._id,\n domain: domain.domain,\n isPrimary: domain.isPrimary,\n verified: domain.verifiedAt !== undefined,\n verifiedAt: domain.verifiedAt ?? null,\n }),\n ),\n };\n };\n\n const publicSso: PublicSsoApi = {\n admin: {\n ...restSso,\n oidc: {\n ...oidcApi,\n },\n saml: {\n ...samlApi,\n },\n connection: {\n ...connectionApi,\n domain: {\n list: domainApi.list,\n validate: domainApi.validate,\n set: setEnterpriseDomains,\n verification: {\n request: domainApi.verification.request,\n confirm: domainApi.verification.confirm,\n },\n },\n },\n policy: restSso.policy,\n audit: {\n list: auditApi.list,\n },\n webhook: {\n endpoint: webhookApi.endpoint,\n delivery: {\n list: webhookApi.delivery.list,\n },\n },\n },\n client: {\n signIn: oidcApi.signIn,\n metadata: samlApi.metadata,\n },\n };\n\n return {\n signIn: authResult.signIn,\n signOut: authResult.signOut,\n store: authResult.store,\n user: authResult.auth.user,\n session: authResult.auth.session,\n provider: authResult.auth.provider,\n account: authResult.auth.account,\n group: authResult.auth.group,\n member: authResult.auth.member,\n invite: authResult.auth.invite,\n key: authResult.auth.key,\n sso: publicSso,\n scim: {\n admin: {\n configure: scimApi.configure,\n get: scimApi.get,\n validate: scimApi.validate,\n },\n },\n http: authResult.auth.http,\n\n resolve: (ctx: any) => resolveAuthContext(authResult.auth, ctx),\n\n ctx: () => ({\n args: {},\n input: async (ctx: any) => {\n const authCtx = await resolveAuthContext(authResult.auth, ctx);\n return { ctx: { auth: authCtx }, args: {} };\n },\n }),\n } as unknown as ConvexAuthResult<P, TAuthorization>;\n}\n\n// ============================================================================\n// AuthCtx — ctx enrichment for customQuery / customMutation\n// ============================================================================\n\n/**\n * Configuration for {@link AuthCtx} context enrichment.\n *\n * @typeParam TResolve - Extra fields returned from `resolve()` and merged into\n * the resulting `ctx.auth` object.\n */\nexport type AuthCtxConfig<\n TResolve extends Record<string, unknown> = Record<string, never>,\n> = {\n /** Allow unauthenticated callers and return `userId: null` / `user: null`. */\n optional?: boolean;\n /**\n * Attach additional derived fields to the auth context after the base auth\n * context is resolved.\n */\n resolve?: (\n ctx: any,\n user: UserDoc,\n auth: AuthResolvedContext,\n ) => Promise<TResolve> | TResolve;\n /**\n * Override or wrap the base auth resolution used by {@link AuthCtx}.\n *\n * Return `undefined` to fall back to the built-in resolver,\n * `null` for an explicit unauthenticated state, or an\n * {@link AuthResolvedContext} object to provide a pre-resolved auth state.\n * This is useful for tests, proxy auth, impersonation flows, or any\n * environment that needs to inject auth without depending on the standard\n * Convex auth tables.\n *\n * @param ctx - The Convex function context.\n * @param fallback - The built-in auth resolver used by {@link AuthCtx}.\n * @returns Resolved auth state, `null`, or `undefined` to use the fallback.\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * authResolve: async (ctx, fallback) => {\n * const injected = getInjectedAuth(ctx);\n * return injected ?? (await fallback());\n * },\n * });\n * ```\n */\n authResolve?: (\n ctx: any,\n fallback: () => Promise<AuthResolvedContext | null>,\n ) =>\n | Promise<AuthResolvedContext | null | undefined>\n | AuthResolvedContext\n | null\n | undefined;\n};\n\n/**\n * Create a context enrichment for `customQuery` / `customMutation` — optional auth.\n *\n * When `optional: true` is set, unauthenticated requests are allowed.\n * The enriched `ctx.auth` will have `userId: null`, `user: null`,\n * `groupId: null`, `role: null`, and `grants: []` for unauthenticated callers.\n *\n * @param auth - The auth API object returned by {@link createAuth}.\n * @param config - Configuration with `optional: true` and an optional\n * `resolve` callback for attaching extra fields to the auth context.\n * @returns An object with `args` and `input` compatible with Convex\n * custom function builders.\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * optional: true,\n * resolve: async (_ctx, user) => ({ plan: user?.extend?.plan ?? null }),\n * });\n * ```\n *\n * @see {@link createAuth}\n */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config: AuthCtxConfig<TResolve> & { optional: true },\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: OptionalAuthCtxState & TResolve;\n };\n args: {};\n }>;\n};\n/**\n * Create a context enrichment for `customQuery` / `customMutation` — required auth (default).\n *\n * When `optional` is omitted or `false`, the inferred type is the authenticated\n * auth shape. At runtime this helper still resolves instead of throwing, so if\n * no user is signed in the returned `ctx.auth.userId` / `ctx.auth.user` are\n * `null`, `ctx.auth.groupId` / `ctx.auth.role` are `null`, and\n * `ctx.auth.grants` is `[]`.\n *\n * @param auth - The auth API object returned by {@link createAuth}.\n * @param config - Optional configuration with a `resolve` callback\n * for attaching extra fields to the auth context.\n * @returns An object with `args` and `input` compatible with Convex\n * custom function builders.\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * resolve: async (_ctx, user) => ({ email: user.email }),\n * });\n * ```\n *\n * @see {@link createAuth}\n */\nexport function AuthCtx<\n TResolve extends Record<string, unknown> = Record<string, never>,\n>(\n auth: AuthLike,\n config?: AuthCtxConfig<TResolve>,\n): {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: RequiredAuthCtxState & TResolve;\n };\n args: {};\n }>;\n};\n// Implementation\nexport function AuthCtx(auth: AuthLike, config?: AuthCtxConfig<any>) {\n return {\n args: {},\n input: async (ctx: any, _args: any, _extra?: any) => {\n const nativeAuth = ctx.auth;\n const getUserIdentity = nativeAuth.getUserIdentity.bind(nativeAuth);\n const fallback = () => resolveAuthContext(auth, ctx);\n\n const authOverride = config?.authResolve\n ? await config.authResolve(ctx, fallback)\n : undefined;\n const resolved =\n authOverride === undefined ? await fallback() : authOverride;\n\n if (resolved === null) {\n return {\n ctx: {\n auth: {\n getUserIdentity,\n userId: null,\n user: null,\n groupId: null,\n role: null,\n grants: [],\n },\n },\n args: {},\n };\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, resolved.user, resolved)\n : {};\n\n return {\n ctx: {\n auth: {\n getUserIdentity,\n ...resolved,\n ...extra,\n },\n },\n args: {},\n };\n },\n };\n}\n\n/**\n * Extract the resolved `auth` context type from an {@link AuthCtx} instance.\n *\n * Use this to type function parameters or variables that receive the\n * enriched auth context produced by `AuthCtx`. The inferred type includes\n * `userId`, `user`, `groupId`, `role`, `grants`, `getUserIdentity`, and any\n * additional fields added by the `resolve` callback. This is the generic\n * utility for reusing the enriched auth shape without manually duplicating\n * conditional auth types.\n *\n * @typeParam T - An `AuthCtx` return value (must have an `input` method\n * that returns `{ ctx: { auth: ... } }`).\n *\n * @example\n * ```ts\n * const authCtx = AuthCtx(auth, {\n * resolve: async (ctx, user) => ({ orgId: user.orgId }),\n * });\n * type Auth = InferAuth<typeof authCtx>;\n * // Auth = { userId: Id<\"User\">; user: UserDoc; getUserIdentity: ...; orgId: string }\n * ```\n *\n * @see {@link createAuth}\n */\nexport type InferAuth<\n T extends { input: (...args: any[]) => Promise<{ ctx: { auth: any } }> },\n> = Awaited<ReturnType<T[\"input\"]>>[\"ctx\"][\"auth\"];\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkcA,eAAe,mBAAmB,MAAgB,KAAU;CAC1D,MAAM,SAAS,MAAM,KAAK,KAAK,GAAG,IAAI;AACtC,KAAI,CAAC,OAAQ,QAAO;CACpB,MAAM,OAAO,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;CAC7C,MAAM,UAAU,MAAM,KAAK,KAAK,eAAe,KAAK,EAAE,QAAQ,CAAC;CAC/D,IAAI,OAAsB;CAC1B,IAAI,SAAmB,EAAE;AACzB,KAAI,SAAS;EACX,MAAM,WAAW,MAAM,KAAK,OAAO,QAAQ,KAAK;GAAE;GAAQ;GAAS,CAAC;AACpE,MAAI,SAAS,YAAY;AACvB,UAAO,SAAS,QAAQ,MAAM;AAC9B,YAAS,SAAS;;;AAGtB,QAAO;EAAE;EAAQ;EAAM;EAAS;EAAM;EAAQ;;AAGhD,SAAgB,WAId,WACA,QAIqC;CACrC,MAAM,aAAaA,KAAY;EAC7B,GAAG;EACH;EACA,WAAW,CAAC,GAAG,OAAO,UAAU;EACjC,CAAC;CACF,MAAM,EACJ,QAAQ,WACR,MAAM,SACN,YAAY,eACZ,OAAO,UACP,SAAS,YACT,MAAM,SACN,MAAM,SACN,GAAG,YACD,WAAW,KAAK;CAOpB,MAAM,uBACJ,OACE,KACA,cACA,YACG;EACH,MAAM,aAAa,MAAM,cAAc,IAAI,KAAK,aAAa;AAC7D,MAAI,eAAe,KACjB,OAAM,IAAI,UACR,sBACA,wBACD,CAAC,eAAe;EAGnB,MAAM,aAAa,QAAQ,KAAK,WAAqC;GACnE,GAAG;GACH,QAAQ,MAAM,OAAO,MAAM,CAAC,aAAa;GAC1C,EAAE;EACH,MAAM,0BAAU,IAAI,KAA0C;AAC9D,OAAK,MAAM,SAAS,YAAY;AAC9B,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,IAAI,UACR,sBACA,4BACD,CAAC,eAAe;AAEnB,OAAI,QAAQ,IAAI,MAAM,OAAO,CAC3B,OAAM,IAAI,UACR,sBACA,qBAAqB,MAAM,SAC5B,CAAC,eAAe;AAEnB,WAAQ,IAAI,MAAM,QAAQ,MAAM;;EAGlC,MAAM,cAAc,CAAC,GAAG,QAAQ,QAAQ,CAAC;EACzC,MAAM,eAAe,YAAY,QAC9B,UAAU,MAAM,UAClB,CAAC;AACF,MAAI,eAAe,EACjB,OAAM,IAAI,UACR,sBACA,sCACD,CAAC,eAAe;AAEnB,MAAI,YAAY,SAAS,KAAK,iBAAiB,EAC7C,aAAY,KAAK;GAAE,GAAG,YAAY;GAAI,WAAW;GAAM;EAGzD,MAAM,iBAAiB,MAAM,UAAU,KAAK,KAAK,aAAa;EAC9D,MAAM,kBAAkB,IAAI,IAC1B,eAAe,KAAK,UAA2C,CAC7D,MAAM,OAAO,aAAa,EAC1B,MACD,CAAC,CACH;AAED,OAAK,MAAM,YAAY,eACrB,KAAI,CAAC,QAAQ,IAAI,SAAS,OAAO,aAAa,CAAC,CAC7C,OAAM,UAAU,OAAO,KAAK,SAAS,IAAI;AAI7C,OAAK,MAAM,cAAc,aAAa;GACpC,MAAM,UAAU,gBAAgB,IAAI,WAAW,OAAO;AACtD,OAAI,WAAW,QAAQ,cAAc,QAAQ,WAAW,UAAU,CAChE;AAEF,OAAI,QACF,OAAM,UAAU,OAAO,KAAK,QAAQ,IAAI;GAE1C,MAAM,WAAW,MAAM,UAAU,IAAI,KAAK;IACxC,cAAc,WAAW;IACzB,SAAS,WAAW;IACpB,QAAQ,WAAW;IACnB,WAAW,WAAW;IACvB,CAAC;AACF,OAAI,SAAS,eAAe,OAC1B,OAAO,IAAY,YACjB,UAAU,OAAO,wBACjB;IACE;IACA,YAAY,QAAQ;IACrB,CACF;;AAKL,SAAO;GACL,IAAI;GACJ;GACA,UAJqB,MAAM,UAAU,KAAK,KAAK,aAAa,EAIpC,KACrB,YAA6C;IAC5C,UAAU,OAAO;IACjB,QAAQ,OAAO;IACf,WAAW,OAAO;IAClB,UAAU,OAAO,eAAe;IAChC,YAAY,OAAO,cAAc;IAClC,EACF;GACF;;CAGL,MAAM,YAA0B;EAC9B,OAAO;GACL,GAAG;GACH,MAAM,EACJ,GAAG,SACJ;GACD,MAAM,EACJ,GAAG,SACJ;GACD,YAAY;IACV,GAAG;IACH,QAAQ;KACN,MAAM,UAAU;KAChB,UAAU,UAAU;KACpB,KAAK;KACL,cAAc;MACZ,SAAS,UAAU,aAAa;MAChC,SAAS,UAAU,aAAa;MACjC;KACF;IACF;GACD,QAAQ,QAAQ;GAChB,OAAO,EACL,MAAM,SAAS,MAChB;GACD,SAAS;IACP,UAAU,WAAW;IACrB,UAAU,EACR,MAAM,WAAW,SAAS,MAC3B;IACF;GACF;EACD,QAAQ;GACN,QAAQ,QAAQ;GAChB,UAAU,QAAQ;GACnB;EACF;AAED,QAAO;EACL,QAAQ,WAAW;EACnB,SAAS,WAAW;EACpB,OAAO,WAAW;EAClB,MAAM,WAAW,KAAK;EACtB,SAAS,WAAW,KAAK;EACzB,UAAU,WAAW,KAAK;EAC1B,SAAS,WAAW,KAAK;EACzB,OAAO,WAAW,KAAK;EACvB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,KAAK,WAAW,KAAK;EACrB,KAAK;EACL,MAAM,EACJ,OAAO;GACL,WAAW,QAAQ;GACnB,KAAK,QAAQ;GACb,UAAU,QAAQ;GACnB,EACF;EACD,MAAM,WAAW,KAAK;EAEtB,UAAU,QAAa,mBAAmB,WAAW,MAAM,IAAI;EAE/D,YAAY;GACV,MAAM,EAAE;GACR,OAAO,OAAO,QAAa;AAEzB,WAAO;KAAE,KAAK,EAAE,MADA,MAAM,mBAAmB,WAAW,MAAM,IAAI,EAC/B;KAAE,MAAM,EAAE;KAAE;;GAE9C;EACF;;AAiJH,SAAgB,QAAQ,MAAgB,QAA6B;AACnE,QAAO;EACL,MAAM,EAAE;EACR,OAAO,OAAO,KAAU,OAAY,WAAiB;GACnD,MAAM,aAAa,IAAI;GACvB,MAAM,kBAAkB,WAAW,gBAAgB,KAAK,WAAW;GACnE,MAAM,iBAAiB,mBAAmB,MAAM,IAAI;GAEpD,MAAM,eAAe,QAAQ,cACzB,MAAM,OAAO,YAAY,KAAK,SAAS,GACvC;GACJ,MAAM,WACJ,iBAAiB,SAAY,MAAM,UAAU,GAAG;AAElD,OAAI,aAAa,KACf,QAAO;IACL,KAAK,EACH,MAAM;KACJ;KACA,QAAQ;KACR,MAAM;KACN,SAAS;KACT,MAAM;KACN,QAAQ,EAAE;KACX,EACF;IACD,MAAM,EAAE;IACT;GAGH,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,SAAS,MAAM,SAAS,GAClD,EAAE;AAEN,UAAO;IACL,KAAK,EACH,MAAM;KACJ;KACA,GAAG;KACH,GAAG;KACJ,EACF;IACD,MAAM,EAAE;IACT;;EAEJ"}
|
package/dist/server/http.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { CorsConfig, HttpKeyContext } from "./types.js";
|
|
2
|
-
import * as
|
|
2
|
+
import * as convex_server0 from "convex/server";
|
|
3
3
|
import { GenericActionCtx, GenericDataModel, HttpRouter } from "convex/server";
|
|
4
4
|
|
|
5
5
|
//#region src/server/http.d.ts
|
|
@@ -13,7 +13,7 @@ declare function createHttpAction(auth: {
|
|
|
13
13
|
action: string;
|
|
14
14
|
};
|
|
15
15
|
cors?: CorsConfig;
|
|
16
|
-
}) =>
|
|
16
|
+
}) => convex_server0.PublicHttpAction;
|
|
17
17
|
declare function createHttpRoute(wrapAction: ReturnType<typeof createHttpAction>): (http: {
|
|
18
18
|
route: (config: any) => void;
|
|
19
19
|
}, routeConfig: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.d.ts","names":[],"sources":["../../src/server/http.ts"],"mappings":";;;;;iBAgBgB,gBAAA,CAAiB,IAAA;EAC/B,GAAA;IAAO,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,MAAA,aAAmB,OAAA;EAAA;AAAA,KAG7D,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA,oBACxB,OAAA;EACE,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA,MAAU,
|
|
1
|
+
{"version":3,"file":"http.d.ts","names":[],"sources":["../../src/server/http.ts"],"mappings":";;;;;iBAgBgB,gBAAA,CAAiB,IAAA;EAC/B,GAAA;IAAO,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,MAAA,aAAmB,OAAA;EAAA;AAAA,KAG7D,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA,oBACxB,OAAA;EACE,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA,MAAU,cAAA,CAClB,gBAAA;AAAA,iBA2IW,eAAA,CACd,UAAA,EAAY,UAAA,QAAkB,gBAAA,KAG5B,IAAA;EAAQ,KAAA,GAAQ,MAAA;AAAA,GAChB,WAAA;EACE,IAAA;EACA,MAAA;EACA,OAAA,GACE,GAAA,EAAK,gBAAA,CAAiB,gBAAA,IAAoB,cAAA,EAC1C,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA,GAAW,MAAA;EACxB,KAAA;IAAU,QAAA;IAAkB,MAAA;EAAA;EAC5B,IAAA,GAAO,UAAA;AAAA;AAAA,iBA+BG,uBAAA,CACd,eAAA,UACA,MAAA,GAAS,GAAA,EAAK,gBAAA,OAAuB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,QAAA,KAEpD,GAAA,EAAK,gBAAA,OAAuB,OAAA,EAAS,OAAA,KAAO,OAAA,CAAA,QAAA;AAAA,iBA2C5C,UAAA,CACd,OAAA,EAAS,OAAA,GACR,MAAA;AAAA,KAIS,eAAA;EACV,QAAA;EACA,YAAA;EACA,QAAA;EACA,IAAA;AAAA;AAAA,iBA2Bc,eAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,SAAA;EACA,OAAA;AAAA;AAAA,iBA0CY,aAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,YAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;EACb,cAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;AAAA;AAAA,iBAwBD,YAAA,CACd,IAAA,EAAM,UAAA,EACN,IAAA;EACE,SAAA;EACA,uBAAA,SAAgC,uBAAA;EAChC,kBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,gBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,gBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,kBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,aAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,aAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,EACT,KAAA,EAAO,eAAA,KACJ,OAAA,CAAQ,QAAA;EACb,iBAAA,GACE,GAAA,EAAK,gBAAA,OACL,OAAA,EAAS,OAAA,KACN,OAAA,CAAQ,QAAA;EACb,SAAA,GAAY,MAAA,UAAgB,QAAA,UAAkB,MAAA,aAAmB,QAAA;AAAA"}
|
package/dist/server/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AuthApi, AuthApiBase, AuthConfig, AuthCtx, ConvexAuthResult, InferAuth, InferClientApi, UserDoc, createAuth } from "./auth.js";
|
|
1
|
+
import { AuthApi, AuthApiBase, AuthConfig, AuthCtx, AuthCtxConfig, AuthResolvedContext, ConvexAuthResult, InferAuth, InferClientApi, UserDoc, createAuth } from "./auth.js";
|
|
2
2
|
import { EnterpriseAdminAuthorizationInput, EnterpriseAdminPermission, EnterpriseAuthorizer, EnterpriseMountOptions, enterprise, scim, sso } from "./mounts.js";
|
|
3
3
|
import { AuthCookie, AuthCookieConfig, AuthCookies, RefreshResult, ServerOptions, authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./ssr.js";
|
|
4
|
-
export { type AuthApi, type AuthApiBase, type AuthConfig, type AuthCookie, type AuthCookieConfig, type AuthCookies, AuthCtx, type ConvexAuthResult, type EnterpriseAdminAuthorizationInput, type EnterpriseAdminPermission, type EnterpriseAuthorizer, type EnterpriseMountOptions, type InferAuth, type InferClientApi, type RefreshResult, type ServerOptions, type UserDoc, authCookieNames, createAuth, enterprise, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };
|
|
4
|
+
export { type AuthApi, type AuthApiBase, type AuthConfig, type AuthCookie, type AuthCookieConfig, type AuthCookies, AuthCtx, type AuthCtxConfig, type AuthResolvedContext, type ConvexAuthResult, type EnterpriseAdminAuthorizationInput, type EnterpriseAdminPermission, type EnterpriseAuthorizer, type EnterpriseMountOptions, type InferAuth, type InferClientApi, type RefreshResult, type ServerOptions, type UserDoc, authCookieNames, createAuth, enterprise, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };
|
package/dist/server/mounts.d.ts
CHANGED
|
@@ -130,10 +130,10 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
130
130
|
admin: {
|
|
131
131
|
connection: {
|
|
132
132
|
create: convex_server0.RegisteredMutation<"public", {
|
|
133
|
-
groupId?: string | undefined;
|
|
134
133
|
name?: string | undefined;
|
|
135
134
|
slug?: string | undefined;
|
|
136
135
|
status?: "draft" | "active" | "disabled" | undefined;
|
|
136
|
+
groupId?: string | undefined;
|
|
137
137
|
domain?: string | undefined;
|
|
138
138
|
}, Promise<any>>;
|
|
139
139
|
get: convex_server0.RegisteredQuery<"public", {
|
|
@@ -146,12 +146,12 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
146
146
|
domain: string;
|
|
147
147
|
}, Promise<any>>;
|
|
148
148
|
list: convex_server0.RegisteredQuery<"public", {
|
|
149
|
-
limit?: number | undefined;
|
|
150
149
|
where?: {
|
|
151
|
-
groupId?: string | undefined;
|
|
152
150
|
slug?: string | undefined;
|
|
153
151
|
status?: "draft" | "active" | "disabled" | undefined;
|
|
152
|
+
groupId?: string | undefined;
|
|
154
153
|
} | undefined;
|
|
154
|
+
limit?: number | undefined;
|
|
155
155
|
cursor?: string | null | undefined;
|
|
156
156
|
orderBy?: string | undefined;
|
|
157
157
|
order?: "asc" | "desc" | undefined;
|
|
@@ -194,12 +194,12 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
194
194
|
}, Promise<any>>;
|
|
195
195
|
verification: {
|
|
196
196
|
request: convex_server0.RegisteredMutation<"public", {
|
|
197
|
-
domain: string;
|
|
198
197
|
enterpriseId: string;
|
|
198
|
+
domain: string;
|
|
199
199
|
}, Promise<any>>;
|
|
200
200
|
confirm: convex_server0.RegisteredAction<"public", {
|
|
201
|
-
domain: string;
|
|
202
201
|
enterpriseId: string;
|
|
202
|
+
domain: string;
|
|
203
203
|
}, Promise<any>>;
|
|
204
204
|
};
|
|
205
205
|
};
|
|
@@ -263,8 +263,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
263
263
|
patch: {
|
|
264
264
|
identity?: {
|
|
265
265
|
accountLinking?: {
|
|
266
|
-
oidc?: "verifiedEmail" | "none" | undefined;
|
|
267
266
|
saml?: "verifiedEmail" | "none" | undefined;
|
|
267
|
+
oidc?: "verifiedEmail" | "none" | undefined;
|
|
268
268
|
} | undefined;
|
|
269
269
|
} | undefined;
|
|
270
270
|
provisioning?: {
|
|
@@ -287,9 +287,9 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
287
287
|
};
|
|
288
288
|
audit: {
|
|
289
289
|
list: convex_server0.RegisteredQuery<"public", {
|
|
290
|
+
enterpriseId?: string | undefined;
|
|
290
291
|
groupId?: string | undefined;
|
|
291
292
|
limit?: number | undefined;
|
|
292
|
-
enterpriseId?: string | undefined;
|
|
293
293
|
}, Promise<any>>;
|
|
294
294
|
};
|
|
295
295
|
webhook: {
|
|
@@ -302,8 +302,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
302
302
|
endpoint: {
|
|
303
303
|
create: convex_server0.RegisteredMutation<"public", {
|
|
304
304
|
createdByUserId?: string | undefined;
|
|
305
|
-
secret: string;
|
|
306
305
|
enterpriseId: string;
|
|
306
|
+
secret: string;
|
|
307
307
|
url: string;
|
|
308
308
|
subscriptions: string[];
|
|
309
309
|
}, Promise<{
|
|
@@ -339,8 +339,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
339
339
|
client: {
|
|
340
340
|
signIn: convex_server0.RegisteredQuery<"public", {
|
|
341
341
|
email?: string | undefined;
|
|
342
|
-
domain?: string | undefined;
|
|
343
342
|
enterpriseId?: string | undefined;
|
|
343
|
+
domain?: string | undefined;
|
|
344
344
|
redirectTo?: string | undefined;
|
|
345
345
|
}, Promise<any>>;
|
|
346
346
|
metadata: convex_server0.RegisteredQuery<"public", {
|
|
@@ -432,10 +432,10 @@ declare function scim<TAuthorization extends AuthAuthorizationConfig | undefined
|
|
|
432
432
|
*/
|
|
433
433
|
declare function enterprise<TAuthorization extends AuthAuthorizationConfig | undefined = undefined>(auth: Pick<AuthApi<TAuthorization>, "group" | "member" | "scim" | "sso" | "user">, options: EnterpriseMountOptions<AuthRoleId<TAuthorization>>): {
|
|
434
434
|
createConnection: convex_server0.RegisteredMutation<"public", {
|
|
435
|
-
groupId?: string | undefined;
|
|
436
435
|
name?: string | undefined;
|
|
437
436
|
slug?: string | undefined;
|
|
438
437
|
status?: "draft" | "active" | "disabled" | undefined;
|
|
438
|
+
groupId?: string | undefined;
|
|
439
439
|
domain?: string | undefined;
|
|
440
440
|
}, Promise<any>>;
|
|
441
441
|
getConnection: convex_server0.RegisteredQuery<"public", {
|
|
@@ -448,12 +448,12 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
|
|
|
448
448
|
domain: string;
|
|
449
449
|
}, Promise<any>>;
|
|
450
450
|
listConnections: convex_server0.RegisteredQuery<"public", {
|
|
451
|
-
limit?: number | undefined;
|
|
452
451
|
where?: {
|
|
453
|
-
groupId?: string | undefined;
|
|
454
452
|
slug?: string | undefined;
|
|
455
453
|
status?: "draft" | "active" | "disabled" | undefined;
|
|
454
|
+
groupId?: string | undefined;
|
|
456
455
|
} | undefined;
|
|
456
|
+
limit?: number | undefined;
|
|
457
457
|
cursor?: string | null | undefined;
|
|
458
458
|
orderBy?: string | undefined;
|
|
459
459
|
order?: "asc" | "desc" | undefined;
|
|
@@ -494,12 +494,12 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
|
|
|
494
494
|
}[];
|
|
495
495
|
}, Promise<any>>;
|
|
496
496
|
requestDomainVerification: convex_server0.RegisteredMutation<"public", {
|
|
497
|
-
domain: string;
|
|
498
497
|
enterpriseId: string;
|
|
498
|
+
domain: string;
|
|
499
499
|
}, Promise<any>>;
|
|
500
500
|
confirmDomainVerification: convex_server0.RegisteredAction<"public", {
|
|
501
|
-
domain: string;
|
|
502
501
|
enterpriseId: string;
|
|
502
|
+
domain: string;
|
|
503
503
|
}, Promise<any>>;
|
|
504
504
|
configureOidc: convex_server0.RegisteredMutation<"public", {
|
|
505
505
|
scopes?: string[] | undefined;
|
|
@@ -555,8 +555,8 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
|
|
|
555
555
|
patch: {
|
|
556
556
|
identity?: {
|
|
557
557
|
accountLinking?: {
|
|
558
|
-
oidc?: "verifiedEmail" | "none" | undefined;
|
|
559
558
|
saml?: "verifiedEmail" | "none" | undefined;
|
|
559
|
+
oidc?: "verifiedEmail" | "none" | undefined;
|
|
560
560
|
} | undefined;
|
|
561
561
|
} | undefined;
|
|
562
562
|
provisioning?: {
|
|
@@ -577,14 +577,14 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
|
|
|
577
577
|
enterpriseId: string;
|
|
578
578
|
}, Promise<any>>;
|
|
579
579
|
listAudit: convex_server0.RegisteredQuery<"public", {
|
|
580
|
+
enterpriseId?: string | undefined;
|
|
580
581
|
groupId?: string | undefined;
|
|
581
582
|
limit?: number | undefined;
|
|
582
|
-
enterpriseId?: string | undefined;
|
|
583
583
|
}, Promise<any>>;
|
|
584
584
|
createWebhookEndpoint: convex_server0.RegisteredMutation<"public", {
|
|
585
585
|
createdByUserId?: string | undefined;
|
|
586
|
-
secret: string;
|
|
587
586
|
enterpriseId: string;
|
|
587
|
+
secret: string;
|
|
588
588
|
url: string;
|
|
589
589
|
subscriptions: string[];
|
|
590
590
|
}, Promise<{
|
|
@@ -631,8 +631,8 @@ declare function enterprise<TAuthorization extends AuthAuthorizationConfig | und
|
|
|
631
631
|
}, Promise<any>>;
|
|
632
632
|
signIn: convex_server0.RegisteredQuery<"public", {
|
|
633
633
|
email?: string | undefined;
|
|
634
|
-
domain?: string | undefined;
|
|
635
634
|
enterpriseId?: string | undefined;
|
|
635
|
+
domain?: string | undefined;
|
|
636
636
|
redirectTo?: string | undefined;
|
|
637
637
|
}, Promise<any>>;
|
|
638
638
|
metadata: convex_server0.RegisteredQuery<"public", {
|
|
@@ -3,24 +3,24 @@ import { AuthError } from "../authError.js";
|
|
|
3
3
|
import { Config, GetProviderOrThrowFunc } from "../crypto.js";
|
|
4
4
|
import { Fx } from "@robelest/fx";
|
|
5
5
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
6
|
-
import * as
|
|
6
|
+
import * as convex_values15 from "convex/values";
|
|
7
7
|
import { Infer } from "convex/values";
|
|
8
8
|
|
|
9
9
|
//#region src/server/mutations/account.d.ts
|
|
10
|
-
declare const modifyAccountArgs:
|
|
10
|
+
declare const modifyAccountArgs: convex_values15.VObject<{
|
|
11
11
|
provider: string;
|
|
12
12
|
account: {
|
|
13
13
|
id: string;
|
|
14
14
|
secret: string;
|
|
15
15
|
};
|
|
16
16
|
}, {
|
|
17
|
-
provider:
|
|
18
|
-
account:
|
|
17
|
+
provider: convex_values15.VString<string, "required">;
|
|
18
|
+
account: convex_values15.VObject<{
|
|
19
19
|
id: string;
|
|
20
20
|
secret: string;
|
|
21
21
|
}, {
|
|
22
|
-
id:
|
|
23
|
-
secret:
|
|
22
|
+
id: convex_values15.VString<string, "required">;
|
|
23
|
+
secret: convex_values15.VString<string, "required">;
|
|
24
24
|
}, "required", "id" | "secret">;
|
|
25
25
|
}, "required", "provider" | "account" | "account.id" | "account.secret">;
|
|
26
26
|
declare function modifyAccountImpl(ctx: MutationCtx, args: Infer<typeof modifyAccountArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config): Fx<void, AuthError>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account.d.ts","names":[],"sources":["../../../src/server/mutations/account.ts"],"mappings":";;;;;;;;;cAYa,iBAAA,
|
|
1
|
+
{"version":3,"file":"account.d.ts","names":[],"sources":["../../../src/server/mutations/account.ts"],"mappings":";;;;;;;;;cAYa,iBAAA,kBAAiB,OAAA;;;;;;;YAG5B,eAAA,CAAA,OAAA;;;;;;;;;iBAEc,iBAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,iBAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,EAAA,OAAS,SAAA;AAAA,cA2CC,iBAAA,qBAA6C,gBAAA,EACxD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,iBAAA,MAClB,OAAA"}
|
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
import { MutationCtx } from "../types.js";
|
|
2
2
|
import { Config, GetProviderOrThrowFunc } from "../crypto.js";
|
|
3
3
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
4
|
-
import * as
|
|
4
|
+
import * as convex_values7 from "convex/values";
|
|
5
5
|
import { Infer } from "convex/values";
|
|
6
6
|
|
|
7
7
|
//#region src/server/mutations/code.d.ts
|
|
8
|
-
declare const createVerificationCodeArgs:
|
|
9
|
-
email?: string | undefined;
|
|
8
|
+
declare const createVerificationCodeArgs: convex_values7.VObject<{
|
|
10
9
|
phone?: string | undefined;
|
|
10
|
+
email?: string | undefined;
|
|
11
11
|
accountId?: string | undefined;
|
|
12
12
|
code: string;
|
|
13
13
|
provider: string;
|
|
14
14
|
allowExtraProviders: boolean;
|
|
15
15
|
expirationTime: number;
|
|
16
16
|
}, {
|
|
17
|
-
accountId:
|
|
18
|
-
provider:
|
|
19
|
-
email:
|
|
20
|
-
phone:
|
|
21
|
-
code:
|
|
22
|
-
expirationTime:
|
|
23
|
-
allowExtraProviders:
|
|
24
|
-
}, "required", "
|
|
17
|
+
accountId: convex_values7.VString<string | undefined, "optional">;
|
|
18
|
+
provider: convex_values7.VString<string, "required">;
|
|
19
|
+
email: convex_values7.VString<string | undefined, "optional">;
|
|
20
|
+
phone: convex_values7.VString<string | undefined, "optional">;
|
|
21
|
+
code: convex_values7.VString<string, "required">;
|
|
22
|
+
expirationTime: convex_values7.VFloat64<number, "required">;
|
|
23
|
+
allowExtraProviders: convex_values7.VBoolean<boolean, "required">;
|
|
24
|
+
}, "required", "phone" | "email" | "code" | "provider" | "allowExtraProviders" | "accountId" | "expirationTime">;
|
|
25
25
|
type ReturnType = string;
|
|
26
26
|
declare function createVerificationCodeImpl(ctx: MutationCtx, args: Infer<typeof createVerificationCodeArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config): Promise<ReturnType>;
|
|
27
27
|
declare const callCreateVerificationCode: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, args: Infer<typeof createVerificationCodeArgs>) => Promise<ReturnType>;
|
|
@@ -2,16 +2,16 @@ import { MutationCtx } from "../types.js";
|
|
|
2
2
|
import { Config } from "../crypto.js";
|
|
3
3
|
import { Fx } from "@robelest/fx";
|
|
4
4
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
5
|
-
import * as
|
|
5
|
+
import * as convex_values22 from "convex/values";
|
|
6
6
|
import { Infer } from "convex/values";
|
|
7
7
|
|
|
8
8
|
//#region src/server/mutations/invalidate.d.ts
|
|
9
|
-
declare const invalidateSessionsArgs:
|
|
9
|
+
declare const invalidateSessionsArgs: convex_values22.VObject<{
|
|
10
10
|
except?: string[] | undefined;
|
|
11
11
|
userId: string;
|
|
12
12
|
}, {
|
|
13
|
-
userId:
|
|
14
|
-
except:
|
|
13
|
+
userId: convex_values22.VString<string, "required">;
|
|
14
|
+
except: convex_values22.VArray<string[] | undefined, convex_values22.VString<string, "required">, "optional">;
|
|
15
15
|
}, "required", "userId" | "except">;
|
|
16
16
|
declare const callInvalidateSessions: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, args: Infer<typeof invalidateSessionsArgs>) => Promise<void>;
|
|
17
17
|
declare function invalidateSessionsImpl(ctx: MutationCtx, args: Infer<typeof invalidateSessionsArgs>, config: Config): Fx<void, never>;
|
|
@@ -3,23 +3,23 @@ import { AuthError } from "../authError.js";
|
|
|
3
3
|
import { Config, GetProviderOrThrowFunc } from "../crypto.js";
|
|
4
4
|
import { Fx } from "@robelest/fx";
|
|
5
5
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
6
|
-
import * as
|
|
6
|
+
import * as convex_values1 from "convex/values";
|
|
7
7
|
import { Infer } from "convex/values";
|
|
8
8
|
|
|
9
9
|
//#region src/server/mutations/oauth.d.ts
|
|
10
|
-
declare const userOAuthArgs:
|
|
10
|
+
declare const userOAuthArgs: convex_values1.VObject<{
|
|
11
11
|
accountExtend?: any;
|
|
12
|
+
profile: any;
|
|
12
13
|
provider: string;
|
|
13
14
|
signature: string;
|
|
14
15
|
providerAccountId: string;
|
|
15
|
-
profile: any;
|
|
16
16
|
}, {
|
|
17
|
-
provider:
|
|
18
|
-
providerAccountId:
|
|
19
|
-
profile:
|
|
20
|
-
signature:
|
|
21
|
-
accountExtend:
|
|
22
|
-
}, "required", "
|
|
17
|
+
provider: convex_values1.VString<string, "required">;
|
|
18
|
+
providerAccountId: convex_values1.VString<string, "required">;
|
|
19
|
+
profile: convex_values1.VAny<any, "required", string>;
|
|
20
|
+
signature: convex_values1.VString<string, "required">;
|
|
21
|
+
accountExtend: convex_values1.VAny<any, "optional", string>;
|
|
22
|
+
}, "required", "profile" | "provider" | "signature" | "providerAccountId" | "accountExtend" | `profile.${string}` | `accountExtend.${string}`>;
|
|
23
23
|
type ReturnType = string;
|
|
24
24
|
declare function userOAuthImpl(ctx: MutationCtx, args: Infer<typeof userOAuthArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config): Fx<ReturnType, AuthError>;
|
|
25
25
|
declare const callUserOAuth: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, args: Infer<typeof userOAuthArgs>) => Promise<ReturnType>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.d.ts","names":[],"sources":["../../../src/server/mutations/oauth.ts"],"mappings":";;;;;;;;;cAwBa,aAAA,
|
|
1
|
+
{"version":3,"file":"oauth.d.ts","names":[],"sources":["../../../src/server/mutations/oauth.ts"],"mappings":";;;;;;;;;cAwBa,aAAA,iBAAa,OAAA;;;;;;;YAMxB,cAAA,CAAA,OAAA;;;;;;KA8CG,UAAA;AAAA,iBAEW,aAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,aAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA,EAAY,SAAA;AAAA,cA+IL,aAAA,qBAAyC,gBAAA,EACpD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,aAAA,MAClB,OAAA,CAAQ,UAAA"}
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
import { MutationCtx } from "../types.js";
|
|
2
2
|
import { Config, GetProviderOrThrowFunc } from "../crypto.js";
|
|
3
3
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
4
|
-
import * as
|
|
4
|
+
import * as convex_values0 from "convex/values";
|
|
5
5
|
import { Infer } from "convex/values";
|
|
6
6
|
|
|
7
7
|
//#region src/server/mutations/refresh.d.ts
|
|
8
|
-
declare const refreshSessionArgs:
|
|
8
|
+
declare const refreshSessionArgs: convex_values0.VObject<{
|
|
9
9
|
refreshToken: string;
|
|
10
10
|
}, {
|
|
11
|
-
refreshToken:
|
|
11
|
+
refreshToken: convex_values0.VString<string, "required">;
|
|
12
12
|
}, "required", "refreshToken">;
|
|
13
13
|
type RefreshResult = null | {
|
|
14
14
|
token: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refresh.d.ts","names":[],"sources":["../../../src/server/mutations/refresh.ts"],"mappings":";;;;;;;cAkBa,kBAAA,EAEX,
|
|
1
|
+
{"version":3,"file":"refresh.d.ts","names":[],"sources":["../../../src/server/mutations/refresh.ts"],"mappings":";;;;;;;cAkBa,kBAAA,EAEX,cAAA,CAF6B,OAAA;;;gBAE7B,cAAA,CAAA,OAAA;AAAA;AAAA,KAEG,aAAA;EACH,KAAA;EACA,YAAA;AAAA;AAAA,iBAiBoB,kBAAA,CACpB,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,kBAAA,GACnB,mBAAA,EAAqB,sBAAA,EACrB,MAAA,EAAQ,MAAA,GACP,OAAA,CAAQ,aAAA;AAAA,cAiPE,kBAAA,qBAA8C,gBAAA,EACzD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,kBAAA,MAClB,OAAA,CAAQ,aAAA"}
|
|
@@ -8,8 +8,8 @@ import { Infer } from "convex/values";
|
|
|
8
8
|
declare const createAccountFromCredentialsArgs: convex_values113.VObject<{
|
|
9
9
|
shouldLinkViaEmail?: boolean | undefined;
|
|
10
10
|
shouldLinkViaPhone?: boolean | undefined;
|
|
11
|
-
provider: string;
|
|
12
11
|
profile: any;
|
|
12
|
+
provider: string;
|
|
13
13
|
account: {
|
|
14
14
|
secret?: string | undefined;
|
|
15
15
|
id: string;
|
|
@@ -26,7 +26,7 @@ declare const createAccountFromCredentialsArgs: convex_values113.VObject<{
|
|
|
26
26
|
profile: convex_values113.VAny<any, "required", string>;
|
|
27
27
|
shouldLinkViaEmail: convex_values113.VBoolean<boolean | undefined, "optional">;
|
|
28
28
|
shouldLinkViaPhone: convex_values113.VBoolean<boolean | undefined, "optional">;
|
|
29
|
-
}, "required", "
|
|
29
|
+
}, "required", "profile" | "provider" | `profile.${string}` | "account" | "shouldLinkViaEmail" | "shouldLinkViaPhone" | "account.id" | "account.secret">;
|
|
30
30
|
type ReturnType = {
|
|
31
31
|
account: Doc<"Account">;
|
|
32
32
|
user: Doc<"User">;
|
|
@@ -2,24 +2,24 @@ import { Doc, MutationCtx } from "../types.js";
|
|
|
2
2
|
import { Config, GetProviderOrThrowFunc } from "../crypto.js";
|
|
3
3
|
import { Fx } from "@robelest/fx";
|
|
4
4
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
5
|
-
import * as
|
|
5
|
+
import * as convex_values36 from "convex/values";
|
|
6
6
|
import { Infer } from "convex/values";
|
|
7
7
|
|
|
8
8
|
//#region src/server/mutations/retrieve.d.ts
|
|
9
|
-
declare const retrieveAccountWithCredentialsArgs:
|
|
9
|
+
declare const retrieveAccountWithCredentialsArgs: convex_values36.VObject<{
|
|
10
10
|
provider: string;
|
|
11
11
|
account: {
|
|
12
12
|
secret?: string | undefined;
|
|
13
13
|
id: string;
|
|
14
14
|
};
|
|
15
15
|
}, {
|
|
16
|
-
provider:
|
|
17
|
-
account:
|
|
16
|
+
provider: convex_values36.VString<string, "required">;
|
|
17
|
+
account: convex_values36.VObject<{
|
|
18
18
|
secret?: string | undefined;
|
|
19
19
|
id: string;
|
|
20
20
|
}, {
|
|
21
|
-
id:
|
|
22
|
-
secret:
|
|
21
|
+
id: convex_values36.VString<string, "required">;
|
|
22
|
+
secret: convex_values36.VString<string | undefined, "optional">;
|
|
23
23
|
}, "required", "id" | "secret">;
|
|
24
24
|
}, "required", "provider" | "account" | "account.id" | "account.secret">;
|
|
25
25
|
type ReturnType = "InvalidAccountId" | "TooManyFailedAttempts" | "InvalidSecret" | {
|
|
@@ -3,16 +3,16 @@ import { AuthError } from "../authError.js";
|
|
|
3
3
|
import { Config } from "../crypto.js";
|
|
4
4
|
import { Fx } from "@robelest/fx";
|
|
5
5
|
import { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
6
|
-
import * as
|
|
6
|
+
import * as convex_values110 from "convex/values";
|
|
7
7
|
import { Infer } from "convex/values";
|
|
8
8
|
|
|
9
9
|
//#region src/server/mutations/signature.d.ts
|
|
10
|
-
declare const verifierSignatureArgs:
|
|
10
|
+
declare const verifierSignatureArgs: convex_values110.VObject<{
|
|
11
11
|
verifier: string;
|
|
12
12
|
signature: string;
|
|
13
13
|
}, {
|
|
14
|
-
verifier:
|
|
15
|
-
signature:
|
|
14
|
+
verifier: convex_values110.VString<string, "required">;
|
|
15
|
+
signature: convex_values110.VString<string, "required">;
|
|
16
16
|
}, "required", "verifier" | "signature">;
|
|
17
17
|
type ReturnType = void;
|
|
18
18
|
declare function verifierSignatureImpl(ctx: MutationCtx, args: Infer<typeof verifierSignatureArgs>, config: Config): Fx<ReturnType, AuthError>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signature.d.ts","names":[],"sources":["../../../src/server/mutations/signature.ts"],"mappings":";;;;;;;;;cAUa,qBAAA,
|
|
1
|
+
{"version":3,"file":"signature.d.ts","names":[],"sources":["../../../src/server/mutations/signature.ts"],"mappings":";;;;;;;;;cAUa,qBAAA,mBAAqB,OAAA;;;;YAGhC,gBAAA,CAAA,OAAA;;;KAEG,UAAA;AAAA,iBAEW,qBAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,qBAAA,GACnB,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA,EAAY,SAAA;AAAA,cAkBL,qBAAA,qBAAiD,gBAAA,EAC5D,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,qBAAA,MAClB,OAAA"}
|