@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

package/dist/component/server/totp.js

@@ -1,11 +1,11 @@
-import { AuthError } from "./authError.js";
 import { userIdFromIdentitySubject } from "./identity.js";
 import { callVerifierSignature } from "./mutations/signature.js";
 import { callSignIn } from "./mutations/signin.js";
 import { callVerifier } from "./mutations/verifier.js";
 import { mutateTotpInsert, mutateTotpMarkVerified, mutateTotpUpdateLastUsed, mutateVerifierDelete, queryTotpById, queryTotpVerifiedByUserId, queryUserById, queryVerifierById } from "./types.js";
-import { encodeBase32LowerCaseNoPadding } from "@oslojs/encoding";
+import { Cv } from "@robelest/fx/convex";
 import { Fx } from "@robelest/fx";
+import { encodeBase32LowerCaseNoPadding } from "@oslojs/encoding";
 import { createTOTPKeyURI, verifyTOTPWithGracePeriod } from "@oslojs/otp";
 
 //#region src/server/totp.ts
@@ -24,11 +24,23 @@ const TOTP_FLOWS = [
 ];
 const resolveTotpFlowFx = (params) => {
 	const flow = params.flow;
-	return typeof flow === "string" && TOTP_FLOWS.includes(flow) ? Fx.succeed(flow) : Fx.fail(new AuthError("TOTP_MISSING_FLOW", "Missing `flow` parameter. Expected one of: setup, confirm, verify"));
+	return typeof flow === "string" && TOTP_FLOWS.includes(flow) ? Fx.succeed(flow) : Cv.fail({
+		code: "TOTP_MISSING_FLOW",
+		message: "Missing `flow` parameter. Expected one of: setup, confirm, verify"
+	});
 };
-const requireTotpVerifierFx = (verifier) => verifier != null ? Fx.succeed(verifier) : Fx.fail(new AuthError("TOTP_MISSING_VERIFIER"));
-const requireTotpCodeFx = (params) => typeof params.code === "string" ? Fx.succeed(params.code) : Fx.fail(new AuthError("TOTP_MISSING_CODE"));
-const requireTotpIdFx = (params) => typeof params.totpId === "string" ? Fx.succeed(params.totpId) : Fx.fail(new AuthError("TOTP_MISSING_ID"));
+const requireTotpVerifierFx = (verifier) => verifier != null ? Fx.succeed(verifier) : Cv.fail({
+	code: "TOTP_MISSING_VERIFIER",
+	message: "Missing verifier for TOTP operation."
+});
+const requireTotpCodeFx = (params) => typeof params.code === "string" ? Fx.succeed(params.code) : Cv.fail({
+	code: "TOTP_MISSING_CODE",
+	message: "Missing TOTP code."
+});
+const requireTotpIdFx = (params) => typeof params.totpId === "string" ? Fx.succeed(params.totpId) : Cv.fail({
+	code: "TOTP_MISSING_ID",
+	message: "Missing TOTP enrollment ID."
+});
 const resolveTotpDispatchFx = (params, verifier) => resolveTotpFlowFx(params).pipe(Fx.chain((flow) => Fx.match({ flow }).on("flow", {
 	setup: () => Fx.succeed({
 		flow: "setup",
@@ -57,8 +69,14 @@ const handleTotp = (ctx, provider, args) => {
 	return resolveTotpDispatchFx(args.params ?? {}, args.verifier).pipe(Fx.chain((dispatch) => Fx.match(dispatch).on("flow", {
 		setup: ({ params }) => Fx.from({
 			ok: () => ctx.auth.getUserIdentity(),
-			err: (e) => new AuthError("INTERNAL_ERROR", String(e))
-		}).pipe(Fx.chain((identity) => identity === null ? Fx.fail(new AuthError("TOTP_AUTH_REQUIRED")) : Fx.succeed(userIdFromIdentitySubject(identity.subject))), Fx.chain((userId) => Fx.from({
+			err: (e) => Cv.error({
+				code: "INTERNAL_ERROR",
+				message: String(e)
+			})
+		}).pipe(Fx.chain((identity) => identity === null ? Cv.fail({
+			code: "TOTP_AUTH_REQUIRED",
+			message: "Sign in first, then set up two-factor authentication."
+		}) : Fx.succeed(userIdFromIdentitySubject(identity.subject))), Fx.chain((userId) => Fx.from({
 			ok: async () => {
 				const secret = new Uint8Array(20);
 				crypto.getRandomValues(secret);
@@ -92,15 +110,36 @@ const handleTotp = (ctx, provider, args) => {
 					})
 				};
 			},
-			err: (e) => new AuthError("INTERNAL_ERROR", `TOTP setup failed: ${String(e)}`)
+			err: (e) => Cv.error({
+				code: "INTERNAL_ERROR",
+				message: `TOTP setup failed: ${String(e)}`
+			})
 		}))),
 		confirm: ({ code, totpId, verifier }) => Fx.from({
 			ok: () => ctx.auth.getUserIdentity(),
-			err: (e) => new AuthError("INTERNAL_ERROR", String(e))
-		}).pipe(Fx.chain((identity) => identity === null ? Fx.fail(new AuthError("TOTP_AUTH_REQUIRED")) : Fx.succeed(userIdFromIdentitySubject(identity.subject))), Fx.chain((userId) => Fx.from({
+			err: (e) => Cv.error({
+				code: "INTERNAL_ERROR",
+				message: String(e)
+			})
+		}).pipe(Fx.chain((identity) => identity === null ? Cv.fail({
+			code: "TOTP_AUTH_REQUIRED",
+			message: "Sign in first, then set up two-factor authentication."
+		}) : Fx.succeed(userIdFromIdentitySubject(identity.subject))), Fx.chain((userId) => Fx.from({
 			ok: () => queryTotpById(ctx, totpId),
-			err: () => new AuthError("TOTP_NOT_FOUND")
-		}).pipe(Fx.chain((doc) => doc === null ? Fx.fail(new AuthError("TOTP_NOT_FOUND")) : Fx.succeed(doc)), Fx.chain((totpDoc) => totpDoc.verified ? Fx.fail(new AuthError("TOTP_ALREADY_VERIFIED")) : Fx.succeed(totpDoc))).pipe(Fx.chain((totpDoc) => verifyTOTPWithGracePeriod(new Uint8Array(totpDoc.secret), provider.options.period, provider.options.digits, code, 30) ? Fx.succeed(totpDoc) : Fx.fail(new AuthError("TOTP_INVALID_CODE")))).pipe(Fx.chain((_totpDoc) => Fx.from({
+			err: () => Cv.error({
+				code: "TOTP_NOT_FOUND",
+				message: "TOTP enrollment not found."
+			})
+		}).pipe(Fx.chain((doc) => doc === null ? Cv.fail({
+			code: "TOTP_NOT_FOUND",
+			message: "TOTP enrollment not found."
+		}) : Fx.succeed(doc)), Fx.chain((totpDoc) => totpDoc.verified ? Cv.fail({
+			code: "TOTP_ALREADY_VERIFIED",
+			message: "TOTP enrollment is already verified."
+		}) : Fx.succeed(totpDoc))).pipe(Fx.chain((totpDoc) => verifyTOTPWithGracePeriod(new Uint8Array(totpDoc.secret), provider.options.period, provider.options.digits, code, 30) ? Fx.succeed(totpDoc) : Cv.fail({
+			code: "TOTP_INVALID_CODE",
+			message: "Invalid TOTP code."
+		}))).pipe(Fx.chain((_totpDoc) => Fx.from({
 			ok: async () => {
 				await mutateTotpMarkVerified(ctx, totpId, Date.now());
 				await mutateVerifierDelete(ctx, verifier);
@@ -109,15 +148,24 @@ const handleTotp = (ctx, provider, args) => {
 					generateTokens: true
 				});
 			},
-			err: (e) => new AuthError("INTERNAL_ERROR", String(e))
+			err: (e) => Cv.error({
+				code: "INTERNAL_ERROR",
+				message: String(e)
+			})
 		}))).pipe(Fx.map((signInResult) => ({
 			kind: "signedIn",
 			signedIn: signInResult
 		}))))),
 		verify: ({ code, verifier }) => Fx.from({
 			ok: () => queryVerifierById(ctx, verifier),
-			err: () => new AuthError("TOTP_INVALID_VERIFIER")
-		}).pipe(Fx.chain((doc) => doc === null ? Fx.fail(new AuthError("TOTP_INVALID_VERIFIER")) : Fx.succeed(doc)), Fx.map((doc) => {
+			err: () => Cv.error({
+				code: "TOTP_INVALID_VERIFIER",
+				message: "Invalid or expired TOTP verifier."
+			})
+		}).pipe(Fx.chain((doc) => doc === null ? Cv.fail({
+			code: "TOTP_INVALID_VERIFIER",
+			message: "Invalid or expired TOTP verifier."
+		}) : Fx.succeed(doc)), Fx.map((doc) => {
 			return {
 				userId: JSON.parse(doc.signature).userId,
 				code,
@@ -125,8 +173,17 @@ const handleTotp = (ctx, provider, args) => {
 			};
 		}), Fx.chain(({ userId, code: code$1, verifier: verifier$1 }) => Fx.from({
 			ok: () => queryTotpVerifiedByUserId(ctx, userId),
-			err: () => new AuthError("TOTP_NO_ENROLLMENT")
-		}).pipe(Fx.chain((totpDoc) => totpDoc === null ? Fx.fail(new AuthError("TOTP_NO_ENROLLMENT")) : Fx.succeed(totpDoc)), Fx.chain((totpDoc) => verifyTOTPWithGracePeriod(new Uint8Array(totpDoc.secret), totpDoc.period, totpDoc.digits, code$1, 30) ? Fx.succeed(totpDoc) : Fx.fail(new AuthError("TOTP_INVALID_CODE"))), Fx.chain((totpDoc) => Fx.from({
+			err: () => Cv.error({
+				code: "TOTP_NO_ENROLLMENT",
+				message: "No verified TOTP enrollment found."
+			})
+		}).pipe(Fx.chain((totpDoc) => totpDoc === null ? Cv.fail({
+			code: "TOTP_NO_ENROLLMENT",
+			message: "No verified TOTP enrollment found."
+		}) : Fx.succeed(totpDoc)), Fx.chain((totpDoc) => verifyTOTPWithGracePeriod(new Uint8Array(totpDoc.secret), totpDoc.period, totpDoc.digits, code$1, 30) ? Fx.succeed(totpDoc) : Cv.fail({
+			code: "TOTP_INVALID_CODE",
+			message: "Invalid TOTP code."
+		})), Fx.chain((totpDoc) => Fx.from({
 			ok: async () => {
 				await mutateTotpUpdateLastUsed(ctx, totpDoc._id, Date.now());
 				await mutateVerifierDelete(ctx, verifier$1);
@@ -135,7 +192,10 @@ const handleTotp = (ctx, provider, args) => {
 					generateTokens: true
 				});
 			},
-			err: (e) => new AuthError("INTERNAL_ERROR", String(e))
+			err: (e) => Cv.error({
+				code: "INTERNAL_ERROR",
+				message: String(e)
+			})
 		})), Fx.map((signInResult) => ({
 			kind: "signedIn",
 			signedIn: signInResult

package/dist/component/server/totp.js.map

@@ -1 +1 @@
-{"version":3,"file":"totp.js","names":["code","verifier"],"sources":["../../../src/server/totp.ts"],"sourcesContent":["/**\n * Server-side TOTP ceremony logic for two-factor authentication.\n *\n * Handles the three phases of the TOTP flow:\n * 1. setup   — generate a TOTP secret and `otpauth://` URI for enrollment\n * 2. confirm — verify the first code from the authenticator app\n * 3. verify  — verify a TOTP code during sign-in (2FA challenge)\n */\n\nimport { encodeBase32LowerCaseNoPadding } from \"@oslojs/encoding\";\nimport { verifyTOTPWithGracePeriod, createTOTPKeyURI } from \"@oslojs/otp\";\nimport type { Fx as FxType } from \"@robelest/fx\";\n\nimport { Fx } from \"@robelest/fx\";\n\nimport { AuthError } from \"./authError\";\nimport { userIdFromIdentitySubject } from \"./identity\";\nimport { callSignIn, callVerifier } from \"./mutations/index\";\nimport { callVerifierSignature } from \"./mutations/signature\";\nimport { TotpProviderConfig, GenericActionCtxWithAuthConfig } from \"./types\";\nimport {\n  AuthDataModel,\n  SessionInfo,\n  queryUserById,\n  queryTotpById,\n  queryTotpVerifiedByUserId,\n  queryVerifierById,\n  mutateTotpInsert,\n  mutateTotpMarkVerified,\n  mutateTotpUpdateLastUsed,\n  mutateVerifierDelete,\n} from \"./types\";\n\ntype EnrichedActionCtx = GenericActionCtxWithAuthConfig<AuthDataModel>;\n\n// ============================================================================\n// Setup flow\n// ============================================================================\n\n// ============================================================================\n// Confirm flow\n// ============================================================================\n\n// ============================================================================\n// Verify flow (2FA during sign-in)\n// ============================================================================\n\n// ============================================================================\n// Main dispatch\n// ============================================================================\n\ntype TotpResult =\n  | { kind: \"signedIn\"; signedIn: SessionInfo | null }\n  | {\n      kind: \"totpSetup\";\n      uri: string;\n      secret: string;\n      verifier: string;\n      totpId: string;\n    };\n\nconst TOTP_FLOWS = [\"setup\", \"confirm\", \"verify\"] as const;\n\ntype TotpFlow = (typeof TOTP_FLOWS)[number];\n\ntype TotpDispatch =\n  | { flow: \"setup\"; params: Record<string, unknown> }\n  | { flow: \"confirm\"; code: string; totpId: string; verifier: string }\n  | { flow: \"verify\"; code: string; verifier: string };\n\nconst resolveTotpFlowFx = (\n  params: Record<string, unknown>,\n): FxType<TotpFlow, AuthError> => {\n  const flow = params.flow;\n  return typeof flow === \"string\" && TOTP_FLOWS.includes(flow as never)\n    ? Fx.succeed(flow as TotpFlow)\n    : Fx.fail(\n        new AuthError(\n          \"TOTP_MISSING_FLOW\",\n          \"Missing `flow` parameter. Expected one of: setup, confirm, verify\",\n        ),\n      );\n};\n\nconst requireTotpVerifierFx = (\n  verifier: string | undefined,\n): FxType<string, AuthError> =>\n  verifier != null\n    ? Fx.succeed(verifier)\n    : Fx.fail(new AuthError(\"TOTP_MISSING_VERIFIER\"));\n\nconst requireTotpCodeFx = (\n  params: Record<string, unknown>,\n): FxType<string, AuthError> =>\n  typeof params.code === \"string\"\n    ? Fx.succeed(params.code)\n    : Fx.fail(new AuthError(\"TOTP_MISSING_CODE\"));\n\nconst requireTotpIdFx = (\n  params: Record<string, unknown>,\n): FxType<string, AuthError> =>\n  typeof params.totpId === \"string\"\n    ? Fx.succeed(params.totpId)\n    : Fx.fail(new AuthError(\"TOTP_MISSING_ID\"));\n\nconst resolveTotpDispatchFx = (\n  params: Record<string, unknown>,\n  verifier: string | undefined,\n): FxType<TotpDispatch, AuthError> =>\n  resolveTotpFlowFx(params).pipe(\n    Fx.chain((flow) =>\n      Fx.match({ flow }).on(\"flow\", {\n        setup: () => Fx.succeed({ flow: \"setup\" as const, params }),\n        confirm: () =>\n          Fx.gen(function* () {\n            const resolvedVerifier = yield* requireTotpVerifierFx(verifier);\n            const code = yield* requireTotpCodeFx(params);\n            const totpId = yield* requireTotpIdFx(params);\n            return {\n              flow: \"confirm\" as const,\n              code,\n              totpId,\n              verifier: resolvedVerifier,\n            };\n          }),\n        verify: () =>\n          Fx.gen(function* () {\n            const resolvedVerifier = yield* requireTotpVerifierFx(verifier);\n            const code = yield* requireTotpCodeFx(params);\n            return {\n              flow: \"verify\" as const,\n              code,\n              verifier: resolvedVerifier,\n            };\n          }),\n      }),\n    ),\n  );\n\n/** @internal */\nexport const handleTotp = (\n  ctx: EnrichedActionCtx,\n  provider: TotpProviderConfig,\n  args: { params?: Record<string, any>; verifier?: string },\n): FxType<TotpResult, AuthError> => {\n  const params = (args.params ?? {}) as Record<string, unknown>;\n\n  return resolveTotpDispatchFx(params, args.verifier).pipe(\n    Fx.chain((dispatch) =>\n      Fx.match(dispatch).on(\"flow\", {\n        setup: ({ params }) =>\n          Fx.from({\n            ok: () => ctx.auth.getUserIdentity(),\n            err: (e) => new AuthError(\"INTERNAL_ERROR\", String(e)),\n          }).pipe(\n            Fx.chain((identity) =>\n              identity === null\n                ? Fx.fail(new AuthError(\"TOTP_AUTH_REQUIRED\"))\n                : Fx.succeed(userIdFromIdentitySubject(identity.subject)),\n            ),\n            Fx.chain((userId) =>\n              Fx.from({\n                ok: async () => {\n                  const secret = new Uint8Array(20);\n                  crypto.getRandomValues(secret);\n\n                  let accountName: string = params.accountName as string;\n                  if (!accountName) {\n                    const user = await queryUserById(ctx, userId);\n                    accountName = user?.email ?? \"user\";\n                  }\n\n                  const uri = createTOTPKeyURI(\n                    provider.options.issuer,\n                    accountName,\n                    secret,\n                    provider.options.period,\n                    provider.options.digits,\n                  );\n                  const base32Secret = encodeBase32LowerCaseNoPadding(secret);\n\n                  const verifier = await callVerifier(ctx);\n                  await callVerifierSignature(ctx, {\n                    verifier,\n                    signature: JSON.stringify({\n                      secret: Array.from(secret),\n                      userId,\n                      digits: provider.options.digits,\n                      period: provider.options.period,\n                    }),\n                  });\n\n                  const totpId = await mutateTotpInsert(ctx, {\n                    userId,\n                    secret: secret.buffer.slice(\n                      secret.byteOffset,\n                      secret.byteOffset + secret.byteLength,\n                    ),\n                    digits: provider.options.digits,\n                    period: provider.options.period,\n                    verified: false,\n                    name:\n                      typeof params.name === \"string\" ? params.name : undefined,\n                    createdAt: Date.now(),\n                  });\n\n                  return {\n                    kind: \"totpSetup\" as const,\n                    uri,\n                    secret: base32Secret,\n                    verifier,\n                    totpId,\n                  };\n                },\n                err: (e) =>\n                  new AuthError(\n                    \"INTERNAL_ERROR\",\n                    `TOTP setup failed: ${String(e)}`,\n                  ),\n              }),\n            ),\n          ),\n        confirm: ({ code, totpId, verifier }) =>\n          Fx.from({\n            ok: () => ctx.auth.getUserIdentity(),\n            err: (e) => new AuthError(\"INTERNAL_ERROR\", String(e)),\n          }).pipe(\n            Fx.chain((identity) =>\n              identity === null\n                ? Fx.fail(new AuthError(\"TOTP_AUTH_REQUIRED\"))\n                : Fx.succeed(userIdFromIdentitySubject(identity.subject)),\n            ),\n            Fx.chain((userId) =>\n              Fx.from({\n                ok: () => queryTotpById(ctx, totpId),\n                err: () => new AuthError(\"TOTP_NOT_FOUND\"),\n              })\n                .pipe(\n                  Fx.chain((doc) =>\n                    doc === null\n                      ? Fx.fail(new AuthError(\"TOTP_NOT_FOUND\"))\n                      : Fx.succeed(doc),\n                  ),\n                  Fx.chain((totpDoc) =>\n                    totpDoc.verified\n                      ? Fx.fail(new AuthError(\"TOTP_ALREADY_VERIFIED\"))\n                      : Fx.succeed(totpDoc),\n                  ),\n                )\n                .pipe(\n                  Fx.chain((totpDoc) =>\n                    verifyTOTPWithGracePeriod(\n                      new Uint8Array(totpDoc.secret),\n                      provider.options.period,\n                      provider.options.digits,\n                      code,\n                      30,\n                    )\n                      ? Fx.succeed(totpDoc)\n                      : Fx.fail(new AuthError(\"TOTP_INVALID_CODE\")),\n                  ),\n                )\n                .pipe(\n                  Fx.chain((_totpDoc) =>\n                    Fx.from({\n                      ok: async () => {\n                        await mutateTotpMarkVerified(ctx, totpId, Date.now());\n                        await mutateVerifierDelete(ctx, verifier);\n                        return callSignIn(ctx, {\n                          userId,\n                          generateTokens: true,\n                        });\n                      },\n                      err: (e) => new AuthError(\"INTERNAL_ERROR\", String(e)),\n                    }),\n                  ),\n                )\n                .pipe(\n                  Fx.map((signInResult) => ({\n                    kind: \"signedIn\" as const,\n                    signedIn: signInResult,\n                  })),\n                ),\n            ),\n          ),\n        verify: ({ code, verifier }) =>\n          Fx.from({\n            ok: () => queryVerifierById(ctx, verifier),\n            err: () => new AuthError(\"TOTP_INVALID_VERIFIER\"),\n          }).pipe(\n            Fx.chain((doc) =>\n              doc === null\n                ? Fx.fail(new AuthError(\"TOTP_INVALID_VERIFIER\"))\n                : Fx.succeed(doc),\n            ),\n            Fx.map((doc) => {\n              const data = JSON.parse(doc.signature!);\n              return { userId: data.userId as string, code, verifier };\n            }),\n            Fx.chain(({ userId, code, verifier }) =>\n              Fx.from({\n                ok: () => queryTotpVerifiedByUserId(ctx, userId),\n                err: () => new AuthError(\"TOTP_NO_ENROLLMENT\"),\n              }).pipe(\n                Fx.chain((totpDoc) =>\n                  totpDoc === null\n                    ? Fx.fail(new AuthError(\"TOTP_NO_ENROLLMENT\"))\n                    : Fx.succeed(totpDoc),\n                ),\n                Fx.chain((totpDoc) =>\n                  verifyTOTPWithGracePeriod(\n                    new Uint8Array(totpDoc.secret),\n                    totpDoc.period,\n                    totpDoc.digits,\n                    code,\n                    30,\n                  )\n                    ? Fx.succeed(totpDoc)\n                    : Fx.fail(new AuthError(\"TOTP_INVALID_CODE\")),\n                ),\n                Fx.chain((totpDoc) =>\n                  Fx.from({\n                    ok: async () => {\n                      await mutateTotpUpdateLastUsed(\n                        ctx,\n                        totpDoc._id,\n                        Date.now(),\n                      );\n                      await mutateVerifierDelete(ctx, verifier);\n                      return callSignIn(ctx, { userId, generateTokens: true });\n                    },\n                    err: (e) => new AuthError(\"INTERNAL_ERROR\", String(e)),\n                  }),\n                ),\n                Fx.map((signInResult) => ({\n                  kind: \"signedIn\" as const,\n                  signedIn: signInResult,\n                })),\n              ),\n            ),\n          ),\n      }),\n    ),\n  );\n};\n\n// ============================================================================\n// Helpers\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;AA6DA,MAAM,aAAa;CAAC;CAAS;CAAW;CAAS;AASjD,MAAM,qBACJ,WACgC;CAChC,MAAM,OAAO,OAAO;AACpB,QAAO,OAAO,SAAS,YAAY,WAAW,SAAS,KAAc,GACjE,GAAG,QAAQ,KAAiB,GAC5B,GAAG,KACD,IAAI,UACF,qBACA,oEACD,CACF;;AAGP,MAAM,yBACJ,aAEA,YAAY,OACR,GAAG,QAAQ,SAAS,GACpB,GAAG,KAAK,IAAI,UAAU,wBAAwB,CAAC;AAErD,MAAM,qBACJ,WAEA,OAAO,OAAO,SAAS,WACnB,GAAG,QAAQ,OAAO,KAAK,GACvB,GAAG,KAAK,IAAI,UAAU,oBAAoB,CAAC;AAEjD,MAAM,mBACJ,WAEA,OAAO,OAAO,WAAW,WACrB,GAAG,QAAQ,OAAO,OAAO,GACzB,GAAG,KAAK,IAAI,UAAU,kBAAkB,CAAC;AAE/C,MAAM,yBACJ,QACA,aAEA,kBAAkB,OAAO,CAAC,KACxB,GAAG,OAAO,SACR,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,QAAQ;CAC5B,aAAa,GAAG,QAAQ;EAAE,MAAM;EAAkB;EAAQ,CAAC;CAC3D,eACE,GAAG,IAAI,aAAa;EAClB,MAAM,mBAAmB,OAAO,sBAAsB,SAAS;AAG/D,SAAO;GACL,MAAM;GACN,MAJW,OAAO,kBAAkB,OAAO;GAK3C,QAJa,OAAO,gBAAgB,OAAO;GAK3C,UAAU;GACX;GACD;CACJ,cACE,GAAG,IAAI,aAAa;EAClB,MAAM,mBAAmB,OAAO,sBAAsB,SAAS;AAE/D,SAAO;GACL,MAAM;GACN,MAHW,OAAO,kBAAkB,OAAO;GAI3C,UAAU;GACX;GACD;CACL,CAAC,CACH,CACF;;AAGH,MAAa,cACX,KACA,UACA,SACkC;AAGlC,QAAO,sBAFS,KAAK,UAAU,EAAE,EAEI,KAAK,SAAS,CAAC,KAClD,GAAG,OAAO,aACR,GAAG,MAAM,SAAS,CAAC,GAAG,QAAQ;EAC5B,QAAQ,EAAE,aACR,GAAG,KAAK;GACN,UAAU,IAAI,KAAK,iBAAiB;GACpC,MAAM,MAAM,IAAI,UAAU,kBAAkB,OAAO,EAAE,CAAC;GACvD,CAAC,CAAC,KACD,GAAG,OAAO,aACR,aAAa,OACT,GAAG,KAAK,IAAI,UAAU,qBAAqB,CAAC,GAC5C,GAAG,QAAQ,0BAA0B,SAAS,QAAQ,CAAC,CAC5D,EACD,GAAG,OAAO,WACR,GAAG,KAAK;GACN,IAAI,YAAY;IACd,MAAM,SAAS,IAAI,WAAW,GAAG;AACjC,WAAO,gBAAgB,OAAO;IAE9B,IAAI,cAAsB,OAAO;AACjC,QAAI,CAAC,YAEH,gBADa,MAAM,cAAc,KAAK,OAAO,GACzB,SAAS;IAG/B,MAAM,MAAM,iBACV,SAAS,QAAQ,QACjB,aACA,QACA,SAAS,QAAQ,QACjB,SAAS,QAAQ,OAClB;IACD,MAAM,eAAe,+BAA+B,OAAO;IAE3D,MAAM,WAAW,MAAM,aAAa,IAAI;AACxC,UAAM,sBAAsB,KAAK;KAC/B;KACA,WAAW,KAAK,UAAU;MACxB,QAAQ,MAAM,KAAK,OAAO;MAC1B;MACA,QAAQ,SAAS,QAAQ;MACzB,QAAQ,SAAS,QAAQ;MAC1B,CAAC;KACH,CAAC;AAgBF,WAAO;KACL,MAAM;KACN;KACA,QAAQ;KACR;KACA,QAnBa,MAAM,iBAAiB,KAAK;MACzC;MACA,QAAQ,OAAO,OAAO,MACpB,OAAO,YACP,OAAO,aAAa,OAAO,WAC5B;MACD,QAAQ,SAAS,QAAQ;MACzB,QAAQ,SAAS,QAAQ;MACzB,UAAU;MACV,MACE,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO;MAClD,WAAW,KAAK,KAAK;MACtB,CAAC;KAQD;;GAEH,MAAM,MACJ,IAAI,UACF,kBACA,sBAAsB,OAAO,EAAE,GAChC;GACJ,CAAC,CACH,CACF;EACH,UAAU,EAAE,MAAM,QAAQ,eACxB,GAAG,KAAK;GACN,UAAU,IAAI,KAAK,iBAAiB;GACpC,MAAM,MAAM,IAAI,UAAU,kBAAkB,OAAO,EAAE,CAAC;GACvD,CAAC,CAAC,KACD,GAAG,OAAO,aACR,aAAa,OACT,GAAG,KAAK,IAAI,UAAU,qBAAqB,CAAC,GAC5C,GAAG,QAAQ,0BAA0B,SAAS,QAAQ,CAAC,CAC5D,EACD,GAAG,OAAO,WACR,GAAG,KAAK;GACN,UAAU,cAAc,KAAK,OAAO;GACpC,WAAW,IAAI,UAAU,iBAAiB;GAC3C,CAAC,CACC,KACC,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK,IAAI,UAAU,iBAAiB,CAAC,GACxC,GAAG,QAAQ,IAAI,CACpB,EACD,GAAG,OAAO,YACR,QAAQ,WACJ,GAAG,KAAK,IAAI,UAAU,wBAAwB,CAAC,GAC/C,GAAG,QAAQ,QAAQ,CACxB,CACF,CACA,KACC,GAAG,OAAO,YACR,0BACE,IAAI,WAAW,QAAQ,OAAO,EAC9B,SAAS,QAAQ,QACjB,SAAS,QAAQ,QACjB,MACA,GACD,GACG,GAAG,QAAQ,QAAQ,GACnB,GAAG,KAAK,IAAI,UAAU,oBAAoB,CAAC,CAChD,CACF,CACA,KACC,GAAG,OAAO,aACR,GAAG,KAAK;GACN,IAAI,YAAY;AACd,UAAM,uBAAuB,KAAK,QAAQ,KAAK,KAAK,CAAC;AACrD,UAAM,qBAAqB,KAAK,SAAS;AACzC,WAAO,WAAW,KAAK;KACrB;KACA,gBAAgB;KACjB,CAAC;;GAEJ,MAAM,MAAM,IAAI,UAAU,kBAAkB,OAAO,EAAE,CAAC;GACvD,CAAC,CACH,CACF,CACA,KACC,GAAG,KAAK,kBAAkB;GACxB,MAAM;GACN,UAAU;GACX,EAAE,CACJ,CACJ,CACF;EACH,SAAS,EAAE,MAAM,eACf,GAAG,KAAK;GACN,UAAU,kBAAkB,KAAK,SAAS;GAC1C,WAAW,IAAI,UAAU,wBAAwB;GAClD,CAAC,CAAC,KACD,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK,IAAI,UAAU,wBAAwB,CAAC,GAC/C,GAAG,QAAQ,IAAI,CACpB,EACD,GAAG,KAAK,QAAQ;AAEd,UAAO;IAAE,QADI,KAAK,MAAM,IAAI,UAAW,CACjB;IAAkB;IAAM;IAAU;IACxD,EACF,GAAG,OAAO,EAAE,QAAQ,cAAM,2BACxB,GAAG,KAAK;GACN,UAAU,0BAA0B,KAAK,OAAO;GAChD,WAAW,IAAI,UAAU,qBAAqB;GAC/C,CAAC,CAAC,KACD,GAAG,OAAO,YACR,YAAY,OACR,GAAG,KAAK,IAAI,UAAU,qBAAqB,CAAC,GAC5C,GAAG,QAAQ,QAAQ,CACxB,EACD,GAAG,OAAO,YACR,0BACE,IAAI,WAAW,QAAQ,OAAO,EAC9B,QAAQ,QACR,QAAQ,QACRA,QACA,GACD,GACG,GAAG,QAAQ,QAAQ,GACnB,GAAG,KAAK,IAAI,UAAU,oBAAoB,CAAC,CAChD,EACD,GAAG,OAAO,YACR,GAAG,KAAK;GACN,IAAI,YAAY;AACd,UAAM,yBACJ,KACA,QAAQ,KACR,KAAK,KAAK,CACX;AACD,UAAM,qBAAqB,KAAKC,WAAS;AACzC,WAAO,WAAW,KAAK;KAAE;KAAQ,gBAAgB;KAAM,CAAC;;GAE1D,MAAM,MAAM,IAAI,UAAU,kBAAkB,OAAO,EAAE,CAAC;GACvD,CAAC,CACH,EACD,GAAG,KAAK,kBAAkB;GACxB,MAAM;GACN,UAAU;GACX,EAAE,CACJ,CACF,CACF;EACJ,CAAC,CACH,CACF"}
+{"version":3,"file":"totp.js","names":["code","verifier"],"sources":["../../../src/server/totp.ts"],"sourcesContent":["/**\n * Server-side TOTP ceremony logic for two-factor authentication.\n *\n * Handles the three phases of the TOTP flow:\n * 1. setup   — generate a TOTP secret and `otpauth://` URI for enrollment\n * 2. confirm — verify the first code from the authenticator app\n * 3. verify  — verify a TOTP code during sign-in (2FA challenge)\n */\n\nimport { encodeBase32LowerCaseNoPadding } from \"@oslojs/encoding\";\nimport { verifyTOTPWithGracePeriod, createTOTPKeyURI } from \"@oslojs/otp\";\nimport type { Fx as FxType } from \"@robelest/fx\";\nimport { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport type { ConvexError } from \"convex/values\";\n\nimport { userIdFromIdentitySubject } from \"./identity\";\nimport { callSignIn, callVerifier } from \"./mutations/index\";\nimport { callVerifierSignature } from \"./mutations/signature\";\nimport { TotpProviderConfig, GenericActionCtxWithAuthConfig } from \"./types\";\nimport {\n  AuthDataModel,\n  SessionInfo,\n  queryUserById,\n  queryTotpById,\n  queryTotpVerifiedByUserId,\n  queryVerifierById,\n  mutateTotpInsert,\n  mutateTotpMarkVerified,\n  mutateTotpUpdateLastUsed,\n  mutateVerifierDelete,\n} from \"./types\";\n\ntype EnrichedActionCtx = GenericActionCtxWithAuthConfig<AuthDataModel>;\n\n// ============================================================================\n// Setup flow\n// ============================================================================\n\n// ============================================================================\n// Confirm flow\n// ============================================================================\n\n// ============================================================================\n// Verify flow (2FA during sign-in)\n// ============================================================================\n\n// ============================================================================\n// Main dispatch\n// ============================================================================\n\ntype TotpResult =\n  | { kind: \"signedIn\"; signedIn: SessionInfo | null }\n  | {\n      kind: \"totpSetup\";\n      uri: string;\n      secret: string;\n      verifier: string;\n      totpId: string;\n    };\n\nconst TOTP_FLOWS = [\"setup\", \"confirm\", \"verify\"] as const;\n\ntype TotpFlow = (typeof TOTP_FLOWS)[number];\n\ntype TotpDispatch =\n  | { flow: \"setup\"; params: Record<string, unknown> }\n  | { flow: \"confirm\"; code: string; totpId: string; verifier: string }\n  | { flow: \"verify\"; code: string; verifier: string };\n\nconst resolveTotpFlowFx = (\n  params: Record<string, unknown>,\n): FxType<TotpFlow, ConvexError<any>> => {\n  const flow = params.flow;\n  return typeof flow === \"string\" && TOTP_FLOWS.includes(flow as never)\n    ? Fx.succeed(flow as TotpFlow)\n    : Cv.fail({\n        code: \"TOTP_MISSING_FLOW\",\n        message:\n          \"Missing `flow` parameter. Expected one of: setup, confirm, verify\",\n      });\n};\n\nconst requireTotpVerifierFx = (\n  verifier: string | undefined,\n): FxType<string, ConvexError<any>> =>\n  verifier != null\n    ? Fx.succeed(verifier)\n    : Cv.fail({\n        code: \"TOTP_MISSING_VERIFIER\",\n        message: \"Missing verifier for TOTP operation.\",\n      });\n\nconst requireTotpCodeFx = (\n  params: Record<string, unknown>,\n): FxType<string, ConvexError<any>> =>\n  typeof params.code === \"string\"\n    ? Fx.succeed(params.code)\n    : Cv.fail({ code: \"TOTP_MISSING_CODE\", message: \"Missing TOTP code.\" });\n\nconst requireTotpIdFx = (\n  params: Record<string, unknown>,\n): FxType<string, ConvexError<any>> =>\n  typeof params.totpId === \"string\"\n    ? Fx.succeed(params.totpId)\n    : Cv.fail({\n        code: \"TOTP_MISSING_ID\",\n        message: \"Missing TOTP enrollment ID.\",\n      });\n\nconst resolveTotpDispatchFx = (\n  params: Record<string, unknown>,\n  verifier: string | undefined,\n): FxType<TotpDispatch, ConvexError<any>> =>\n  resolveTotpFlowFx(params).pipe(\n    Fx.chain((flow) =>\n      Fx.match({ flow }).on(\"flow\", {\n        setup: () => Fx.succeed({ flow: \"setup\" as const, params }),\n        confirm: () =>\n          Fx.gen(function* () {\n            const resolvedVerifier = yield* requireTotpVerifierFx(verifier);\n            const code = yield* requireTotpCodeFx(params);\n            const totpId = yield* requireTotpIdFx(params);\n            return {\n              flow: \"confirm\" as const,\n              code,\n              totpId,\n              verifier: resolvedVerifier,\n            };\n          }),\n        verify: () =>\n          Fx.gen(function* () {\n            const resolvedVerifier = yield* requireTotpVerifierFx(verifier);\n            const code = yield* requireTotpCodeFx(params);\n            return {\n              flow: \"verify\" as const,\n              code,\n              verifier: resolvedVerifier,\n            };\n          }),\n      }),\n    ),\n  );\n\n/** @internal */\nexport const handleTotp = (\n  ctx: EnrichedActionCtx,\n  provider: TotpProviderConfig,\n  args: { params?: Record<string, any>; verifier?: string },\n): FxType<TotpResult, ConvexError<any>> => {\n  const params = (args.params ?? {}) as Record<string, unknown>;\n\n  return resolveTotpDispatchFx(params, args.verifier).pipe(\n    Fx.chain((dispatch) =>\n      Fx.match(dispatch).on(\"flow\", {\n        setup: ({ params }) =>\n          Fx.from({\n            ok: () => ctx.auth.getUserIdentity(),\n            err: (e) =>\n              Cv.error({ code: \"INTERNAL_ERROR\", message: String(e) }),\n          }).pipe(\n            Fx.chain((identity) =>\n              identity === null\n                ? Cv.fail({\n                    code: \"TOTP_AUTH_REQUIRED\",\n                    message:\n                      \"Sign in first, then set up two-factor authentication.\",\n                  })\n                : Fx.succeed(userIdFromIdentitySubject(identity.subject)),\n            ),\n            Fx.chain((userId) =>\n              Fx.from({\n                ok: async () => {\n                  const secret = new Uint8Array(20);\n                  crypto.getRandomValues(secret);\n\n                  let accountName: string = params.accountName as string;\n                  if (!accountName) {\n                    const user = await queryUserById(ctx, userId);\n                    accountName = user?.email ?? \"user\";\n                  }\n\n                  const uri = createTOTPKeyURI(\n                    provider.options.issuer,\n                    accountName,\n                    secret,\n                    provider.options.period,\n                    provider.options.digits,\n                  );\n                  const base32Secret = encodeBase32LowerCaseNoPadding(secret);\n\n                  const verifier = await callVerifier(ctx);\n                  await callVerifierSignature(ctx, {\n                    verifier,\n                    signature: JSON.stringify({\n                      secret: Array.from(secret),\n                      userId,\n                      digits: provider.options.digits,\n                      period: provider.options.period,\n                    }),\n                  });\n\n                  const totpId = await mutateTotpInsert(ctx, {\n                    userId,\n                    secret: secret.buffer.slice(\n                      secret.byteOffset,\n                      secret.byteOffset + secret.byteLength,\n                    ),\n                    digits: provider.options.digits,\n                    period: provider.options.period,\n                    verified: false,\n                    name:\n                      typeof params.name === \"string\" ? params.name : undefined,\n                    createdAt: Date.now(),\n                  });\n\n                  return {\n                    kind: \"totpSetup\" as const,\n                    uri,\n                    secret: base32Secret,\n                    verifier,\n                    totpId,\n                  };\n                },\n                err: (e) =>\n                  Cv.error({\n                    code: \"INTERNAL_ERROR\",\n                    message: `TOTP setup failed: ${String(e)}`,\n                  }),\n              }),\n            ),\n          ),\n        confirm: ({ code, totpId, verifier }) =>\n          Fx.from({\n            ok: () => ctx.auth.getUserIdentity(),\n            err: (e) =>\n              Cv.error({ code: \"INTERNAL_ERROR\", message: String(e) }),\n          }).pipe(\n            Fx.chain((identity) =>\n              identity === null\n                ? Cv.fail({\n                    code: \"TOTP_AUTH_REQUIRED\",\n                    message:\n                      \"Sign in first, then set up two-factor authentication.\",\n                  })\n                : Fx.succeed(userIdFromIdentitySubject(identity.subject)),\n            ),\n            Fx.chain((userId) =>\n              Fx.from({\n                ok: () => queryTotpById(ctx, totpId),\n                err: () =>\n                  Cv.error({\n                    code: \"TOTP_NOT_FOUND\",\n                    message: \"TOTP enrollment not found.\",\n                  }),\n              })\n                .pipe(\n                  Fx.chain((doc) =>\n                    doc === null\n                      ? Cv.fail({\n                          code: \"TOTP_NOT_FOUND\",\n                          message: \"TOTP enrollment not found.\",\n                        })\n                      : Fx.succeed(doc),\n                  ),\n                  Fx.chain((totpDoc) =>\n                    totpDoc.verified\n                      ? Cv.fail({\n                          code: \"TOTP_ALREADY_VERIFIED\",\n                          message: \"TOTP enrollment is already verified.\",\n                        })\n                      : Fx.succeed(totpDoc),\n                  ),\n                )\n                .pipe(\n                  Fx.chain((totpDoc) =>\n                    verifyTOTPWithGracePeriod(\n                      new Uint8Array(totpDoc.secret),\n                      provider.options.period,\n                      provider.options.digits,\n                      code,\n                      30,\n                    )\n                      ? Fx.succeed(totpDoc)\n                      : Cv.fail({\n                          code: \"TOTP_INVALID_CODE\",\n                          message: \"Invalid TOTP code.\",\n                        }),\n                  ),\n                )\n                .pipe(\n                  Fx.chain((_totpDoc) =>\n                    Fx.from({\n                      ok: async () => {\n                        await mutateTotpMarkVerified(ctx, totpId, Date.now());\n                        await mutateVerifierDelete(ctx, verifier);\n                        return callSignIn(ctx, {\n                          userId,\n                          generateTokens: true,\n                        });\n                      },\n                      err: (e) =>\n                        Cv.error({\n                          code: \"INTERNAL_ERROR\",\n                          message: String(e),\n                        }),\n                    }),\n                  ),\n                )\n                .pipe(\n                  Fx.map((signInResult) => ({\n                    kind: \"signedIn\" as const,\n                    signedIn: signInResult,\n                  })),\n                ),\n            ),\n          ),\n        verify: ({ code, verifier }) =>\n          Fx.from({\n            ok: () => queryVerifierById(ctx, verifier),\n            err: () =>\n              Cv.error({\n                code: \"TOTP_INVALID_VERIFIER\",\n                message: \"Invalid or expired TOTP verifier.\",\n              }),\n          }).pipe(\n            Fx.chain((doc) =>\n              doc === null\n                ? Cv.fail({\n                    code: \"TOTP_INVALID_VERIFIER\",\n                    message: \"Invalid or expired TOTP verifier.\",\n                  })\n                : Fx.succeed(doc),\n            ),\n            Fx.map((doc) => {\n              const data = JSON.parse(doc.signature!);\n              return { userId: data.userId as string, code, verifier };\n            }),\n            Fx.chain(({ userId, code, verifier }) =>\n              Fx.from({\n                ok: () => queryTotpVerifiedByUserId(ctx, userId),\n                err: () =>\n                  Cv.error({\n                    code: \"TOTP_NO_ENROLLMENT\",\n                    message: \"No verified TOTP enrollment found.\",\n                  }),\n              }).pipe(\n                Fx.chain((totpDoc) =>\n                  totpDoc === null\n                    ? Cv.fail({\n                        code: \"TOTP_NO_ENROLLMENT\",\n                        message: \"No verified TOTP enrollment found.\",\n                      })\n                    : Fx.succeed(totpDoc),\n                ),\n                Fx.chain((totpDoc) =>\n                  verifyTOTPWithGracePeriod(\n                    new Uint8Array(totpDoc.secret),\n                    totpDoc.period,\n                    totpDoc.digits,\n                    code,\n                    30,\n                  )\n                    ? Fx.succeed(totpDoc)\n                    : Cv.fail({\n                        code: \"TOTP_INVALID_CODE\",\n                        message: \"Invalid TOTP code.\",\n                      }),\n                ),\n                Fx.chain((totpDoc) =>\n                  Fx.from({\n                    ok: async () => {\n                      await mutateTotpUpdateLastUsed(\n                        ctx,\n                        totpDoc._id,\n                        Date.now(),\n                      );\n                      await mutateVerifierDelete(ctx, verifier);\n                      return callSignIn(ctx, { userId, generateTokens: true });\n                    },\n                    err: (e) =>\n                      Cv.error({ code: \"INTERNAL_ERROR\", message: String(e) }),\n                  }),\n                ),\n                Fx.map((signInResult) => ({\n                  kind: \"signedIn\" as const,\n                  signedIn: signInResult,\n                })),\n              ),\n            ),\n          ),\n      }),\n    ),\n  );\n};\n\n// ============================================================================\n// Helpers\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;AA6DA,MAAM,aAAa;CAAC;CAAS;CAAW;CAAS;AASjD,MAAM,qBACJ,WACuC;CACvC,MAAM,OAAO,OAAO;AACpB,QAAO,OAAO,SAAS,YAAY,WAAW,SAAS,KAAc,GACjE,GAAG,QAAQ,KAAiB,GAC5B,GAAG,KAAK;EACN,MAAM;EACN,SACE;EACH,CAAC;;AAGR,MAAM,yBACJ,aAEA,YAAY,OACR,GAAG,QAAQ,SAAS,GACpB,GAAG,KAAK;CACN,MAAM;CACN,SAAS;CACV,CAAC;AAER,MAAM,qBACJ,WAEA,OAAO,OAAO,SAAS,WACnB,GAAG,QAAQ,OAAO,KAAK,GACvB,GAAG,KAAK;CAAE,MAAM;CAAqB,SAAS;CAAsB,CAAC;AAE3E,MAAM,mBACJ,WAEA,OAAO,OAAO,WAAW,WACrB,GAAG,QAAQ,OAAO,OAAO,GACzB,GAAG,KAAK;CACN,MAAM;CACN,SAAS;CACV,CAAC;AAER,MAAM,yBACJ,QACA,aAEA,kBAAkB,OAAO,CAAC,KACxB,GAAG,OAAO,SACR,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,QAAQ;CAC5B,aAAa,GAAG,QAAQ;EAAE,MAAM;EAAkB;EAAQ,CAAC;CAC3D,eACE,GAAG,IAAI,aAAa;EAClB,MAAM,mBAAmB,OAAO,sBAAsB,SAAS;AAG/D,SAAO;GACL,MAAM;GACN,MAJW,OAAO,kBAAkB,OAAO;GAK3C,QAJa,OAAO,gBAAgB,OAAO;GAK3C,UAAU;GACX;GACD;CACJ,cACE,GAAG,IAAI,aAAa;EAClB,MAAM,mBAAmB,OAAO,sBAAsB,SAAS;AAE/D,SAAO;GACL,MAAM;GACN,MAHW,OAAO,kBAAkB,OAAO;GAI3C,UAAU;GACX;GACD;CACL,CAAC,CACH,CACF;;AAGH,MAAa,cACX,KACA,UACA,SACyC;AAGzC,QAAO,sBAFS,KAAK,UAAU,EAAE,EAEI,KAAK,SAAS,CAAC,KAClD,GAAG,OAAO,aACR,GAAG,MAAM,SAAS,CAAC,GAAG,QAAQ;EAC5B,QAAQ,EAAE,aACR,GAAG,KAAK;GACN,UAAU,IAAI,KAAK,iBAAiB;GACpC,MAAM,MACJ,GAAG,MAAM;IAAE,MAAM;IAAkB,SAAS,OAAO,EAAE;IAAE,CAAC;GAC3D,CAAC,CAAC,KACD,GAAG,OAAO,aACR,aAAa,OACT,GAAG,KAAK;GACN,MAAM;GACN,SACE;GACH,CAAC,GACF,GAAG,QAAQ,0BAA0B,SAAS,QAAQ,CAAC,CAC5D,EACD,GAAG,OAAO,WACR,GAAG,KAAK;GACN,IAAI,YAAY;IACd,MAAM,SAAS,IAAI,WAAW,GAAG;AACjC,WAAO,gBAAgB,OAAO;IAE9B,IAAI,cAAsB,OAAO;AACjC,QAAI,CAAC,YAEH,gBADa,MAAM,cAAc,KAAK,OAAO,GACzB,SAAS;IAG/B,MAAM,MAAM,iBACV,SAAS,QAAQ,QACjB,aACA,QACA,SAAS,QAAQ,QACjB,SAAS,QAAQ,OAClB;IACD,MAAM,eAAe,+BAA+B,OAAO;IAE3D,MAAM,WAAW,MAAM,aAAa,IAAI;AACxC,UAAM,sBAAsB,KAAK;KAC/B;KACA,WAAW,KAAK,UAAU;MACxB,QAAQ,MAAM,KAAK,OAAO;MAC1B;MACA,QAAQ,SAAS,QAAQ;MACzB,QAAQ,SAAS,QAAQ;MAC1B,CAAC;KACH,CAAC;AAgBF,WAAO;KACL,MAAM;KACN;KACA,QAAQ;KACR;KACA,QAnBa,MAAM,iBAAiB,KAAK;MACzC;MACA,QAAQ,OAAO,OAAO,MACpB,OAAO,YACP,OAAO,aAAa,OAAO,WAC5B;MACD,QAAQ,SAAS,QAAQ;MACzB,QAAQ,SAAS,QAAQ;MACzB,UAAU;MACV,MACE,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO;MAClD,WAAW,KAAK,KAAK;MACtB,CAAC;KAQD;;GAEH,MAAM,MACJ,GAAG,MAAM;IACP,MAAM;IACN,SAAS,sBAAsB,OAAO,EAAE;IACzC,CAAC;GACL,CAAC,CACH,CACF;EACH,UAAU,EAAE,MAAM,QAAQ,eACxB,GAAG,KAAK;GACN,UAAU,IAAI,KAAK,iBAAiB;GACpC,MAAM,MACJ,GAAG,MAAM;IAAE,MAAM;IAAkB,SAAS,OAAO,EAAE;IAAE,CAAC;GAC3D,CAAC,CAAC,KACD,GAAG,OAAO,aACR,aAAa,OACT,GAAG,KAAK;GACN,MAAM;GACN,SACE;GACH,CAAC,GACF,GAAG,QAAQ,0BAA0B,SAAS,QAAQ,CAAC,CAC5D,EACD,GAAG,OAAO,WACR,GAAG,KAAK;GACN,UAAU,cAAc,KAAK,OAAO;GACpC,WACE,GAAG,MAAM;IACP,MAAM;IACN,SAAS;IACV,CAAC;GACL,CAAC,CACC,KACC,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,GACF,GAAG,QAAQ,IAAI,CACpB,EACD,GAAG,OAAO,YACR,QAAQ,WACJ,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,GACF,GAAG,QAAQ,QAAQ,CACxB,CACF,CACA,KACC,GAAG,OAAO,YACR,0BACE,IAAI,WAAW,QAAQ,OAAO,EAC9B,SAAS,QAAQ,QACjB,SAAS,QAAQ,QACjB,MACA,GACD,GACG,GAAG,QAAQ,QAAQ,GACnB,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,CACP,CACF,CACA,KACC,GAAG,OAAO,aACR,GAAG,KAAK;GACN,IAAI,YAAY;AACd,UAAM,uBAAuB,KAAK,QAAQ,KAAK,KAAK,CAAC;AACrD,UAAM,qBAAqB,KAAK,SAAS;AACzC,WAAO,WAAW,KAAK;KACrB;KACA,gBAAgB;KACjB,CAAC;;GAEJ,MAAM,MACJ,GAAG,MAAM;IACP,MAAM;IACN,SAAS,OAAO,EAAE;IACnB,CAAC;GACL,CAAC,CACH,CACF,CACA,KACC,GAAG,KAAK,kBAAkB;GACxB,MAAM;GACN,UAAU;GACX,EAAE,CACJ,CACJ,CACF;EACH,SAAS,EAAE,MAAM,eACf,GAAG,KAAK;GACN,UAAU,kBAAkB,KAAK,SAAS;GAC1C,WACE,GAAG,MAAM;IACP,MAAM;IACN,SAAS;IACV,CAAC;GACL,CAAC,CAAC,KACD,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,GACF,GAAG,QAAQ,IAAI,CACpB,EACD,GAAG,KAAK,QAAQ;AAEd,UAAO;IAAE,QADI,KAAK,MAAM,IAAI,UAAW,CACjB;IAAkB;IAAM;IAAU;IACxD,EACF,GAAG,OAAO,EAAE,QAAQ,cAAM,2BACxB,GAAG,KAAK;GACN,UAAU,0BAA0B,KAAK,OAAO;GAChD,WACE,GAAG,MAAM;IACP,MAAM;IACN,SAAS;IACV,CAAC;GACL,CAAC,CAAC,KACD,GAAG,OAAO,YACR,YAAY,OACR,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,GACF,GAAG,QAAQ,QAAQ,CACxB,EACD,GAAG,OAAO,YACR,0BACE,IAAI,WAAW,QAAQ,OAAO,EAC9B,QAAQ,QACR,QAAQ,QACRA,QACA,GACD,GACG,GAAG,QAAQ,QAAQ,GACnB,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,CACP,EACD,GAAG,OAAO,YACR,GAAG,KAAK;GACN,IAAI,YAAY;AACd,UAAM,yBACJ,KACA,QAAQ,KACR,KAAK,KAAK,CACX;AACD,UAAM,qBAAqB,KAAKC,WAAS;AACzC,WAAO,WAAW,KAAK;KAAE;KAAQ,gBAAgB;KAAM,CAAC;;GAE1D,MAAM,MACJ,GAAG,MAAM;IAAE,MAAM;IAAkB,SAAS,OAAO,EAAE;IAAE,CAAC;GAC3D,CAAC,CACH,EACD,GAAG,KAAK,kBAAkB;GACxB,MAAM;GACN,UAAU;GACX,EAAE,CACJ,CACF,CACF;EACJ,CAAC,CACH,CACF"}

package/dist/component/server/types.d.ts

@@ -665,29 +665,23 @@ type AuthProviderSignInResult = {
   userId: GenericId<"User">;
   sessionId: GenericId<"Session">;
 } | null;
-/** Arguments for `auth.member.resolve()`. */
-type AuthMemberResolveArgs = {
+/** Arguments for `auth.member.inspect()`. */
+type AuthMemberInspectArgs = {
   userId: GenericId<"User">;
   groupId: GenericId<"Group">;
   ancestry?: boolean;
-  roleIds?: string[];
-  grants?: string[];
   maxDepth?: number;
 };
-/** Result of `auth.member.resolve()` — membership check with role and grant details. */
-type AuthMemberResolveResult = {
-  ok: boolean;
+/** Result of `auth.member.inspect()` — membership state and derived access details. */
+type AuthMemberInspectResult = {
   membership: GenericDoc<GenericDataModel, "GroupMember"> | null;
-  matchedGroupId: GenericId<"Group"> | null;
   roleIds: string[];
   grants: string[];
-  missingGrants: string[];
-  depth: number | null;
-  isDirect: boolean;
-  isInherited: boolean;
-  traversedGroupIds: GenericId<"Group">[];
-  code?: "INVALID_ROLE_IDS";
-  invalidRoleIds?: string[];
+};
+/** Arguments for `auth.member.require()`. */
+type AuthMemberRequireArgs = AuthMemberInspectArgs & {
+  roleIds?: string[];
+  grants?: string[];
 };
 /**
  * Server-side auth helper methods injected into `ctx.auth` within provider actions.
@@ -710,7 +704,6 @@ type AuthMemberResolveResult = {
 type AuthServerHelpers = {
   /** Account management: create, retrieve, and update provider-linked accounts. */account: {
     create: (ctx: GenericActionCtx<any>, args: AuthCreateAccountArgs) => Promise<{
-      ok: true;
       account: GenericDoc<GenericDataModel, "Account">;
       user: GenericDoc<GenericDataModel, "User">;
     }>;
@@ -719,7 +712,6 @@ type AuthServerHelpers = {
       user: GenericDoc<GenericDataModel, "User">;
     }>;
     update: (ctx: GenericActionCtx<any>, args: AuthUpdateAccountArgs) => Promise<{
-      ok: true;
       accountId: GenericId<"Account">;
     }>;
   };
@@ -728,13 +720,13 @@ type AuthServerHelpers = {
       auth: GenericActionCtx<GenericDataModel>["auth"];
     }) => Promise<GenericId<"Session"> | null>;
     invalidate: (ctx: GenericActionCtx<any>, args: AuthInvalidateSessionsArgs) => Promise<{
-      ok: true;
       userId: GenericId<"User">;
       except: GenericId<"Session">[];
     }>;
   };
   member: {
-    resolve: (ctx: GenericActionCtx<any>, args: AuthMemberResolveArgs) => Promise<AuthMemberResolveResult>;
+    inspect: (ctx: GenericActionCtx<any>, args: AuthMemberInspectArgs) => Promise<AuthMemberInspectResult>;
+    require: (ctx: GenericActionCtx<any>, args: AuthMemberRequireArgs) => Promise<AuthMemberInspectResult>;
   };
   provider: {
     signIn: (ctx: GenericActionCtx<any>, provider: AuthProviderConfig, args: AuthProviderSignInArgs) => Promise<AuthProviderSignInResult>;
@@ -764,7 +756,7 @@ type ConvexAuthMaterializedConfig = {
  * Materialized OAuth provider config (Arctic-based).
  *
  * Carries the Arctic provider instance along with scopes and profile config.
-  * Produced by materializing an `OAuthProviderInstance` during `configDefaults`.
+ * Produced by materializing an `OAuthProviderInstance` during `configDefaults`.
  */
 interface OAuthMaterializedConfig {
   /**

package/dist/component/server/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","names":[],"sources":["../../../src/server/types.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;KAqCY,SAAA,MAAe,CAAA,GAAI,WAAA,CAAY,CAAA;;;;;;AAA3C;;;KAUY,kBAAA;EAV+B,+DAYzC,EAAA,WAZwC;EAcxC,KAAA,WAdoB;EAgBpB,MAAA;AAAA;;;;AANF;;;;;KAiBY,uBAAA;EACV,KAAA,EAAO,MAAA,SAAe,kBAAA;AAAA;;AADxB;;;;;;;;;KAcY,UAAA,wBACa,uBAAA,gBACrB,cAAA;EAAyB,KAAA,uBAA4B,MAAA;AAAA,UAC/C,MAAA;;;;;;;;;;;KAaE,SAAA,wBACa,uBAAA,gBACrB,cAAA;EACF,KAAA,uBAA4B,MAAA;IAAiB,MAAA;EAAA;AAAA,IAE3C,MAAA,OAAa,MAAA;AALjB;;;AAAA,KAWY,gBAAA;EATR;;;;;;EAgBF,SAAA,EAAW,kBAAA;EAjBY;;;;;;EAwBvB,SAAA,EAAW,gBAAA;EApBI;;;EAwBf,OAAA;IAlB0B;;;;;;;IA0BxB,eAAA;IAqHc;;;;;;;IA7Gd,kBAAA;EAAA;EA4Ka;;;EAvKf,GAAA;IAwLe;;;;;;;IAhLb,UAAA;EAAA;EAAA;;;EAKF,MAAA;IAyDE;;;;;;;;;IA/CA,wBAAA;EAAA;EAiFI;;;;;;;EAxEN,SAAA;IAyFM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiFR;;;;;;IApII,QAAA,IAAY,MAAA;MAwIoB;;;MApI9B,UAAA;IAAA,MACI,OAAA;IAyIN;;;;;;;;;;;IA7HA,kBAAA,IACE,GAAA,EAAK,kBAAA,CAAmB,YAAA,GACxB,IAAA;MAuIiB;;;;MAlIf,cAAA,EAAgB,SAAA;MAmIH;;;;MA9Hb,IAAA;MA8Ha;;;;MAzHb,QAAA,EAAU,8BAAA;MA8GT;;;;;;;MAtGD,OAAA,EAAS,MAAA;QACP,KAAA;QACA,KAAA;QACA,aAAA;QACA,aAAA;MAAA;MA0Ga;;;MArGf,UAAA;IAAA,MAEC,OAAA,CAAQ,SAAA;IAsGI;;AAMrB;;;;;AAWA;;;;;AAQA;;IAhHI,yBAAA,IACE,GAAA,EAAK,kBAAA,CAAmB,YAAA,GACxB,IAAA;MA8GmC;;AASzC;MAnHQ,MAAA,EAAQ,SAAA;MAmHyB;;;AAWzC;MAzHQ,cAAA,EAAgB,SAAA;MAyHa;;;AAUrC;MA9HQ,IAAA;MA8HyB;;;;MAzHzB,QAAA,EAAU,8BAAA;MA0IN;;;;;;;MAlIJ,OAAA,EAAS,MAAA;QACP,KAAA;QACA,KAAA;QACA,aAAA;QACA,aAAA;MAAA;MAuHJ;;;MAlHE,UAAA;IAAA,MAEC,OAAA;EAAA;EAsHL;;;EAjHF,aAAA;IACE,KAAA,EAAO,MAAA;MAGH,KAAA;MACA,MAAA;IAAA;EAAA;AAAA;;;;;;;;;KAcI,kBAAA,GAAkB,qBAAA,GACwB,QAAA,GACV,OAAA,GACF,IAAA,GACN,SAAA,GACU,MAAA,GACN,GAAA,GACN,KAAA,GACI,KAAA,GAElC,uBAAA,GACA,uBAAA,QACK,IAAA,UAAc,uBAAA,IACnB,WAAA,QACK,IAAA,UAAc,WAAA,IACnB,WAAA,QACK,IAAA,UAAc,WAAA,IACnB,qBAAA,QACK,IAAA,UAAc,qBAAA,IACnB,kBAAA,QACK,IAAA,UAAc,kBAAA,IACnB,oBAAA,QACK,IAAA,UAAc,oBAAA,IACnB,iBAAA;;;;;UAMa,iBAAA;EACf,EAAA;EACA,IAAA;AAAA;;;;;;;KASU,8BAAA;;;;;;AA8FZ;KAtFY,6BAAA;;;;;;;;KASA,6BAAA;;;;;;;KAWA,yBAAA;;;;;;;;;UAUK,gBAAA;EACf,OAAA;EACA,QAAA;IACE,cAAA;MACE,IAAA,EAAM,8BAAA;MACN,IAAA,EAAM,8BAAA;IAAA;EAAA;EAGV,YAAA;IACE,SAAA;MACE,IAAA,EAAM,6BAAA;IAAA;IAER,GAAA;MACE,IAAA,EAAM,6BAAA;MACN,cAAA;IAAA;IAEF,WAAA;MACE,IAAA,EAAM,yBAAA;IAAA;EAAA;EAGV,MAAA,GAAS,MAAA;AAAA;;;;;;;UASM,qBAAA;EACf,QAAA;IACE,cAAA;MACE,IAAA,GAAO,8BAAA;MACP,IAAA,GAAO,8BAAA;IAAA;EAAA;EAGX,YAAA;IACE,SAAA;MACE,IAAA,GAAO,6BAAA;IAAA;IAET,GAAA;MACE,IAAA,GAAO,6BAAA;MACP,cAAA;IAAA;IAEF,WAAA;MACE,IAAA,GAAO,yBAAA;IAAA;EAAA;EAGX,MAAA,GAAS,MAAA;AAAA;;;;;;UAQM,WAAA,mBACG,gBAAA,GAAmB,gBAAA;EAuED;EApEpC,EAAA;EA4E0B;EA1E1B,IAAA;EA2EkB;EAzElB,IAAA;EAwFa;EAtFb,IAAA;EA0FsC;;;;;EApFtC,MAAA;EAqHsB;;;;;;EA9GtB,uBAAA,GACE,MAAA;IACE,UAAA;IACA,GAAA;IACA,OAAA,EAAS,IAAA;IACT,QAAA,EAAU,WAAA;IACV,KAAA;IACA,OAAA,EAAS,OAAA;EAAA,GAEX,GAAA,GAAM,gBAAA,CAAiB,YAAA,MACpB,SAAA;EA6DD;;;;;EAvDJ,yBAAA,SAAkC,SAAA;EA2D9B;;;;EAtDJ,mBAAA,IAAuB,UAAA;EAyDlB;;;;;;;EAjDL,SAAA;EAgFyB;;;EA5EvB,MAAA,EAAQ,MAAA,SAAe,KAAA,eACvB,OAAA,EAAS,UAAA,CAAW,SAAA,iBACjB,OAAA;EA2EH;EAzEF,OAAA,EAAS,eAAA,CAAgB,SAAA;AAAA;;;;;AAqF3B;;;KA3EY,eAAA,mBACQ,gBAAA,GAAmB,gBAAA,IACnC,IAAA,CAAK,OAAA,CAAQ,WAAA,CAAY,SAAA;;;;;;;UAQZ,WAAA,mBACG,gBAAA,GAAmB,gBAAA;EAErC,EAAA;EACA,IAAA;EA8DqC;;;EA1DrC,MAAA;EA2D2B;;;EAvD3B,uBAAA,GACE,MAAA;IACE,UAAA;IACA,GAAA;IACA,OAAA,EAAS,IAAA;IACT,QAAA,EAAU,WAAA;IACV,KAAA;EAAA,GAEF,GAAA,EAAK,8BAAA,CAA+B,SAAA,MACjC,OAAA;EAqDH;;AAMJ;EAvDE,MAAA;;;;;;;;;EASA,yBAAA,SAAkC,OAAA;EAmEhC;;;;;EA7DF,mBAAA,IAAuB,UAAA;EAiFA;AAOzB;;;;;;EAhFE,SAAA;EAqFE;;;EAjFA,MAAA,EAAQ,MAAA,SAAe,KAAA,eACvB,OAAA,EAAS,UAAA,CAAW,SAAA,iBACjB,OAAA;EACL,OAAA,EAAS,eAAA,CAAgB,SAAA;AAAA;;;;;;;;KAUf,eAAA,mBACQ,gBAAA,GAAmB,gBAAA,IACnC,IAAA,CAAK,OAAA,CAAQ,WAAA,CAAY,SAAA;;;AAoH7B;KA/GY,uBAAA,GAA0B,iBAAA;EACpC,IAAA;EACA,EAAA;AAAA;AAqHF;;;AAAA,UA/GiB,qBAAA;EACf,EAAA;EACA,IAAA;EACA,OAAA;IA+GA,iEA7GE,MAAA,WA8GA;IA5GA,IAAA,WA8GA;IA5GA,MAAA;IA+GF;;;;AAKF;IA9GI,WAAA;IAgHO;;;;;IA1GP,gBAAA;IA0G6B;AAIjC;;;;IAxGI,WAAA,6CA0GF;IAxGE,uBAAA;IA0GA;;;AAKJ;;IAzGI,UAAA;IA2GgB;;;;;IArGhB,qBAAA;EAAA;AAAA;;;;UAOa,kBAAA;EACf,EAAA;EACA,IAAA;EACA,OAAA;IAgGA,+DA9FE,MAAA;IA+FF;;;;;IAzFE,MAAA;IA6FgC;;;;;IAvFhC,MAAA;EAAA;AAAA;;AA6FJ;;;;UAhFiB,YAAA;EACf,EAAA;EACA,IAAA;EACA,KAAA;EACA,KAAA;EAgFA;EAAA,CA9EC,GAAA;AAAA;;KAmBS,sBAAA;EAiEA,iEA/DV,EAAA;EAEA,MAAA;AAAA;;KAIU,qBAAA;EACV,QAAA;EACA,OAAA,EAAS,sBAAA;EACT,OAAA,EAAS,MAAA;IACP,KAAA;IACA,KAAA;IACA,aAAA;IACA,aAAA;EAAA;EAEF,kBAAA;EACA,kBAAA;AAAA;;KAIU,uBAAA;EACV,QAAA;EACA,OAAA,EAAS,sBAAA;AAAA;;KAIC,qBAAA;EACV,QAAA;EACA,OAAA;IACE,EAAA;IACA,MAAA;EAAA;AAAA;;KAKQ,0BAAA;EACV,MAAA,EAAQ,SAAA;EACR,MAAA,GAAS,SAAA;AAAA;;KAIC,sBAAA;EACV,SAAA,GAAY,SAAA;EACZ,MAAA,GAAS,MAAA,SAAe,KAAA;AAAA;;KAId,wBAAA;EACV,MAAA,EAAQ,SAAA;EACR,SAAA,EAAW,SAAA;AAAA;;KAID,qBAAA;EACV,MAAA,EAAQ,SAAA;EACR,OAAA,EAAS,SAAA;EACT,QAAA;EACA,OAAA;EACA,MAAA;EACA,QAAA;AAAA;;KAIU,uBAAA;EACV,EAAA;EACA,UAAA,EAAY,UAAA,CAAW,gBAAA;EACvB,cAAA,EAAgB,SAAA;EAChB,OAAA;EACA,MAAA;EACA,aAAA;EACA,KAAA;EACA,QAAA;EACA,WAAA;EACA,iBAAA,EAAmB,SAAA;EACnB,IAAA;EACA,cAAA;AAAA;;;;;;;;;;;;;;;;;;;KAqBU,iBAAA;EAeG,iFAbb,OAAA;IACE,MAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA;MACH,EAAA;MACA,OAAA,EAAS,UAAA,CAAW,gBAAA;MACpB,IAAA,EAAM,UAAA,CAAW,gBAAA;IAAA;IAEnB,GAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,uBAAA,KACH,OAAA;MACH,OAAA,EAAS,UAAA,CAAW,gBAAA;MACpB,IAAA,EAAM,UAAA,CAAW,gBAAA;IAAA;IAEnB,MAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA;MAAU,EAAA;MAAU,SAAA,EAAW,SAAA;IAAA;EAAA;EAEtC,OAAA;IACE,OAAA,GAAU,GAAA;MACR,IAAA,EAAM,gBAAA,CAAiB,gBAAA;IAAA,MACnB,OAAA,CAAQ,SAAA;IACd,UAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,0BAAA,KACH,OAAA;MACH,EAAA;MACA,MAAA,EAAQ,SAAA;MACR,MAAA,EAAQ,SAAA;IAAA;EAAA;EAGZ,MAAA;IACE,OAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA,CAAQ,uBAAA;EAAA;EAEf,QAAA;IACE,MAAA,GACE,GAAA,EAAK,gBAAA,OACL,QAAA,EAAU,kBAAA,EACV,IAAA,EAAM,sBAAA,KACH,OAAA,CAAQ,wBAAA;EAAA;AAAA;;;;;;;KAUL,8BAAA,mBAAiD,gBAAA,IAC3D,gBAAA,CAAiB,SAAA;EACf,IAAA,EAAM,gBAAA,CAAiB,SAAA;IACrB,MAAA,EAAQ,4BAAA;EAAA,IACN,iBAAA;AAAA;;;;;;;KASI,4BAAA;EACV,SAAA,EAAW,8BAAA;AAAA,IACT,IAAA,CACF,gBAAA;;;;;;;UA6Be,uBAAA;EAhCuB;;;;EAAA,SAqC7B,EAAA;EAnCH;;;;EAAA,SAwCG,IAAA;EAvCT;;;AA6BF;EA7BE,SA4CS,QAAA;;;;;WAKA,MAAA;EAOG;;;;EAAA,SAFH,OAAA,IACP,MAAA,EA1BoC,OAAA,CA0BX,YAAA,KACtB,OAAA,CAAQ,YAAA;EAFJ;;;;EAAA,SAOA,cAAA;AAAA;;;AASX;;;;UAAiB,oBAAA;EACf,EAAA;EACA,IAAA;EAIA;EAFA,OAAA;EAMA;EAJA,cAAA;EAWe;EATf,SAAA;EAeU;EAbV,QAAA;;;;;;;EAOA,eAAA;AAAA;;;;KAMU,8BAAA,GACR,uBAAA,GACA,WAAA,GACA,WAAA,GACA,uBAAA,GACA,qBAAA,GACA,kBAAA,GACA,oBAAA,GACA,iBAAA;;;;;;;KAQQ,MAAA,WAAiB,kBAAA,MAAkB,GAAA,SACN,CAAA;;;;;;;;;UAuBxB,QAAA;EACf,QAAA;EACA,OAAA;AAAA;;AAFF;;;;;AAgBA;;;;;UAAiB,YAAA;EAEO;EAAtB,GAAA,CAAI,QAAA,UAAkB,MAAA;EAEd;EAAR,MAAA,EAAQ,QAAA;AAAA;AAOV;;;;AAAA,UAAiB,SAAA;EAIf;EAFA,GAAA;EAMA;EAJA,MAAA;EAMQ;EAJR,MAAA;EAMc;EAJd,IAAA;EAMA;EAJA,MAAA,EAAQ,QAAA;EAQR;EANA,SAAA;IAAc,WAAA;IAAqB,QAAA;EAAA;EAUlB;EARjB,SAAA;EA6K6B;EA3K7B,UAAA;EAkLsB;EAhLtB,SAAA;EA4KE;EA1KF,OAAA;EA8KE;EA5KF,QAAA,GAAW,MAAA;AAAA;;;;;;;;;;;;;;;;;;UAqKI,cAAA;EACf,GAAA;sDAEE,MAAA;IAEA,KAAA;IAEA,MAAA,EAAQ,YAAA;EAAA;AAAA;;;;UAOK,UAAA;;EAEf,MAAA;;EAEA,OAAA;;EAEA,OAAA;AAAA;;;;KA8OU,UAAA,mBACQ,gBAAA,oBACA,qBAAA,CAAsB,SAAA,KACtC,cAAA,CAAe,SAAA,EAAW,SAAA;EAC5B,GAAA,EAAK,SAAA,CAAU,SAAA;EACf,aAAA;AAAA;;KAwCU,aAAA,GAAgB,6BAAA,QAAqC,QAAA;;KAYrD,GAAA,WAAc,qBAAA,CAAsB,aAAA,KAAkB,UAAA,CAChE,aAAA,EACA,CAAA;;KAIU,MAAA;EAAW,KAAA;EAAe,YAAA;AAAA;;KAG1B,WAAA;EACV,MAAA,EAAQ,SAAA;EACR,SAAA,EAAW,SAAA;EACX,MAAA,EAAQ,MAAA;AAAA"}
+{"version":3,"file":"types.d.ts","names":[],"sources":["../../../src/server/types.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;KAqCY,SAAA,MAAe,CAAA,GAAI,WAAA,CAAY,CAAA;;;;;;AAA3C;;;KAUY,kBAAA;EAV+B,+DAYzC,EAAA,WAZwC;EAcxC,KAAA,WAdoB;EAgBpB,MAAA;AAAA;;;;AANF;;;;;KAiBY,uBAAA;EACV,KAAA,EAAO,MAAA,SAAe,kBAAA;AAAA;;AADxB;;;;;;;;;KAcY,UAAA,wBACa,uBAAA,gBACrB,cAAA;EAAyB,KAAA,uBAA4B,MAAA;AAAA,UAC/C,MAAA;;;;;;;;;;;KAaE,SAAA,wBACa,uBAAA,gBACrB,cAAA;EACF,KAAA,uBAA4B,MAAA;IAAiB,MAAA;EAAA;AAAA,IAE3C,MAAA,OAAa,MAAA;AALjB;;;AAAA,KAWY,gBAAA;EATR;;;;;;EAgBF,SAAA,EAAW,kBAAA;EAjBY;;;;;;EAwBvB,SAAA,EAAW,gBAAA;EApBI;;;EAwBf,OAAA;IAlB0B;;;;;;;IA0BxB,eAAA;IAqHc;;;;;;;IA7Gd,kBAAA;EAAA;EA4Ka;;;EAvKf,GAAA;IAwLe;;;;;;;IAhLb,UAAA;EAAA;EAAA;;;EAKF,MAAA;IAyDE;;;;;;;;;IA/CA,wBAAA;EAAA;EAiFI;;;;;;;EAxEN,SAAA;IAyFM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiFR;;;;;;IApII,QAAA,IAAY,MAAA;MAwIoB;;;MApI9B,UAAA;IAAA,MACI,OAAA;IAyIN;;;;;;;;;;;IA7HA,kBAAA,IACE,GAAA,EAAK,kBAAA,CAAmB,YAAA,GACxB,IAAA;MAuIiB;;;;MAlIf,cAAA,EAAgB,SAAA;MAmIH;;;;MA9Hb,IAAA;MA8Ha;;;;MAzHb,QAAA,EAAU,8BAAA;MA8GT;;;;;;;MAtGD,OAAA,EAAS,MAAA;QACP,KAAA;QACA,KAAA;QACA,aAAA;QACA,aAAA;MAAA;MA0Ga;;;MArGf,UAAA;IAAA,MAEC,OAAA,CAAQ,SAAA;IAsGI;;AAMrB;;;;;AAWA;;;;;AAQA;;IAhHI,yBAAA,IACE,GAAA,EAAK,kBAAA,CAAmB,YAAA,GACxB,IAAA;MA8GmC;;AASzC;MAnHQ,MAAA,EAAQ,SAAA;MAmHyB;;;AAWzC;MAzHQ,cAAA,EAAgB,SAAA;MAyHa;;;AAUrC;MA9HQ,IAAA;MA8HyB;;;;MAzHzB,QAAA,EAAU,8BAAA;MA0IN;;;;;;;MAlIJ,OAAA,EAAS,MAAA;QACP,KAAA;QACA,KAAA;QACA,aAAA;QACA,aAAA;MAAA;MAuHJ;;;MAlHE,UAAA;IAAA,MAEC,OAAA;EAAA;EAsHL;;;EAjHF,aAAA;IACE,KAAA,EAAO,MAAA;MAGH,KAAA;MACA,MAAA;IAAA;EAAA;AAAA;;;;;;;;;KAcI,kBAAA,GAAkB,qBAAA,GACwB,QAAA,GACV,OAAA,GACF,IAAA,GACN,SAAA,GACU,MAAA,GACN,GAAA,GACN,KAAA,GACI,KAAA,GAElC,uBAAA,GACA,uBAAA,QACK,IAAA,UAAc,uBAAA,IACnB,WAAA,QACK,IAAA,UAAc,WAAA,IACnB,WAAA,QACK,IAAA,UAAc,WAAA,IACnB,qBAAA,QACK,IAAA,UAAc,qBAAA,IACnB,kBAAA,QACK,IAAA,UAAc,kBAAA,IACnB,oBAAA,QACK,IAAA,UAAc,oBAAA,IACnB,iBAAA;;;;;UAMa,iBAAA;EACf,EAAA;EACA,IAAA;AAAA;;;;;;;KASU,8BAAA;;;;;;AA8FZ;KAtFY,6BAAA;;;;;;;;KASA,6BAAA;;;;;;;KAWA,yBAAA;;;;;;;;;UAUK,gBAAA;EACf,OAAA;EACA,QAAA;IACE,cAAA;MACE,IAAA,EAAM,8BAAA;MACN,IAAA,EAAM,8BAAA;IAAA;EAAA;EAGV,YAAA;IACE,SAAA;MACE,IAAA,EAAM,6BAAA;IAAA;IAER,GAAA;MACE,IAAA,EAAM,6BAAA;MACN,cAAA;IAAA;IAEF,WAAA;MACE,IAAA,EAAM,yBAAA;IAAA;EAAA;EAGV,MAAA,GAAS,MAAA;AAAA;;;;;;;UASM,qBAAA;EACf,QAAA;IACE,cAAA;MACE,IAAA,GAAO,8BAAA;MACP,IAAA,GAAO,8BAAA;IAAA;EAAA;EAGX,YAAA;IACE,SAAA;MACE,IAAA,GAAO,6BAAA;IAAA;IAET,GAAA;MACE,IAAA,GAAO,6BAAA;MACP,cAAA;IAAA;IAEF,WAAA;MACE,IAAA,GAAO,yBAAA;IAAA;EAAA;EAGX,MAAA,GAAS,MAAA;AAAA;;;;;;UAQM,WAAA,mBACG,gBAAA,GAAmB,gBAAA;EAuED;EApEpC,EAAA;EA4E0B;EA1E1B,IAAA;EA2EkB;EAzElB,IAAA;EAwFa;EAtFb,IAAA;EA0FsC;;;;;EApFtC,MAAA;EAqHsB;;;;;;EA9GtB,uBAAA,GACE,MAAA;IACE,UAAA;IACA,GAAA;IACA,OAAA,EAAS,IAAA;IACT,QAAA,EAAU,WAAA;IACV,KAAA;IACA,OAAA,EAAS,OAAA;EAAA,GAEX,GAAA,GAAM,gBAAA,CAAiB,YAAA,MACpB,SAAA;EA6DD;;;;;EAvDJ,yBAAA,SAAkC,SAAA;EA2D9B;;;;EAtDJ,mBAAA,IAAuB,UAAA;EAyDlB;;;;;;;EAjDL,SAAA;EAgFyB;;;EA5EvB,MAAA,EAAQ,MAAA,SAAe,KAAA,eACvB,OAAA,EAAS,UAAA,CAAW,SAAA,iBACjB,OAAA;EA2EH;EAzEF,OAAA,EAAS,eAAA,CAAgB,SAAA;AAAA;;;;;AAqF3B;;;KA3EY,eAAA,mBACQ,gBAAA,GAAmB,gBAAA,IACnC,IAAA,CAAK,OAAA,CAAQ,WAAA,CAAY,SAAA;;;;;;;UAQZ,WAAA,mBACG,gBAAA,GAAmB,gBAAA;EAErC,EAAA;EACA,IAAA;EA8DqC;;;EA1DrC,MAAA;EA2D2B;;;EAvD3B,uBAAA,GACE,MAAA;IACE,UAAA;IACA,GAAA;IACA,OAAA,EAAS,IAAA;IACT,QAAA,EAAU,WAAA;IACV,KAAA;EAAA,GAEF,GAAA,EAAK,8BAAA,CAA+B,SAAA,MACjC,OAAA;EAqDH;;AAMJ;EAvDE,MAAA;;;;;;;;;EASA,yBAAA,SAAkC,OAAA;EAmEhC;;;;;EA7DF,mBAAA,IAAuB,UAAA;EAiFA;AAOzB;;;;;;EAhFE,SAAA;EAqFE;;;EAjFA,MAAA,EAAQ,MAAA,SAAe,KAAA,eACvB,OAAA,EAAS,UAAA,CAAW,SAAA,iBACjB,OAAA;EACL,OAAA,EAAS,eAAA,CAAgB,SAAA;AAAA;;;;;;;;KAUf,eAAA,mBACQ,gBAAA,GAAmB,gBAAA,IACnC,IAAA,CAAK,OAAA,CAAQ,WAAA,CAAY,SAAA;;;AAoH7B;KA/GY,uBAAA,GAA0B,iBAAA;EACpC,IAAA;EACA,EAAA;AAAA;AAqHF;;;AAAA,UA/GiB,qBAAA;EACf,EAAA;EACA,IAAA;EACA,OAAA;IA+GA,iEA7GE,MAAA,WA8GA;IA5GA,IAAA,WA8GA;IA5GA,MAAA;IA+GF;;;;AAKF;IA9GI,WAAA;IAgHO;;;;;IA1GP,gBAAA;IA0G6B;AAIjC;;;;IAxGI,WAAA,6CA0GF;IAxGE,uBAAA;IA0GA;;;AAKJ;;IAzGI,UAAA;IA2GgB;;;;;IArGhB,qBAAA;EAAA;AAAA;;;;UAOa,kBAAA;EACf,EAAA;EACA,IAAA;EACA,OAAA;IAgGA,+DA9FE,MAAA;IA+FF;;;;;IAzFE,MAAA;IA6FgC;;;;;IAvFhC,MAAA;EAAA;AAAA;;AA6FJ;;;;UAhFiB,YAAA;EACf,EAAA;EACA,IAAA;EACA,KAAA;EACA,KAAA;EAgFA;EAAA,CA9EC,GAAA;AAAA;AAkFH;AAAA,KA/DY,sBAAA;mEAEV,EAAA,UA8DA;EA5DA,MAAA;AAAA;;KAIU,qBAAA;EACV,QAAA;EACA,OAAA,EAAS,sBAAA;EACT,OAAA,EAAS,MAAA;IACP,KAAA;IACA,KAAA;IACA,aAAA;IACA,aAAA;EAAA;EAEF,kBAAA;EACA,kBAAA;AAAA;AA2EF;AAAA,KAvEY,uBAAA;EACV,QAAA;EACA,OAAA,EAAS,sBAAA;AAAA;;KAIC,qBAAA;EACV,QAAA;EACA,OAAA;IACE,EAAA;IACA,MAAA;EAAA;AAAA;;KAKQ,0BAAA;EACV,MAAA,EAAQ,SAAA;EACR,MAAA,GAAS,SAAA;AAAA;;KAIC,sBAAA;EACV,SAAA,GAAY,SAAA;EACZ,MAAA,GAAS,MAAA,SAAe,KAAA;AAAA;;KAId,wBAAA;EACV,MAAA,EAAQ,SAAA;EACR,SAAA,EAAW,SAAA;AAAA;;KAID,qBAAA;EACV,MAAA,EAAQ,SAAA;EACR,OAAA,EAAS,SAAA;EACT,QAAA;EACA,QAAA;AAAA;;KAIU,uBAAA;EACV,UAAA,EAAY,UAAA,CAAW,gBAAA;EACvB,OAAA;EACA,MAAA;AAAA;;KAIU,qBAAA,GAAwB,qBAAA;EAClC,OAAA;EACA,MAAA;AAAA;;;;;;;;;;;;;;;;;;;KAqBU,iBAAA;EAcG,iFAZb,OAAA;IACE,MAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA;MACH,OAAA,EAAS,UAAA,CAAW,gBAAA;MACpB,IAAA,EAAM,UAAA,CAAW,gBAAA;IAAA;IAEnB,GAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,uBAAA,KACH,OAAA;MACH,OAAA,EAAS,UAAA,CAAW,gBAAA;MACpB,IAAA,EAAM,UAAA,CAAW,gBAAA;IAAA;IAEnB,MAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA;MAAU,SAAA,EAAW,SAAA;IAAA;EAAA;EAE5B,OAAA;IACE,OAAA,GAAU,GAAA;MACR,IAAA,EAAM,gBAAA,CAAiB,gBAAA;IAAA,MACnB,OAAA,CAAQ,SAAA;IACd,UAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,0BAAA,KACH,OAAA;MACH,MAAA,EAAQ,SAAA;MACR,MAAA,EAAQ,SAAA;IAAA;EAAA;EAGZ,MAAA;IACE,OAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA,CAAQ,uBAAA;IACb,OAAA,GACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,qBAAA,KACH,OAAA,CAAQ,uBAAA;EAAA;EAEf,QAAA;IACE,MAAA,GACE,GAAA,EAAK,gBAAA,OACL,QAAA,EAAU,kBAAA,EACV,IAAA,EAAM,sBAAA,KACH,OAAA,CAAQ,wBAAA;EAAA;AAAA;;;;;;;KAUL,8BAAA,mBAAiD,gBAAA,IAC3D,gBAAA,CAAiB,SAAA;EACf,IAAA,EAAM,gBAAA,CAAiB,SAAA;IACrB,MAAA,EAAQ,4BAAA;EAAA,IACN,iBAAA;AAAA;;;;;;;KASI,4BAAA;EACV,SAAA,EAAW,8BAAA;AAAA,IACT,IAAA,CACF,gBAAA;;;;;;;UA6Be,uBAAA;EA3CU;;;;EAAA,SAgDhB,EAAA;EA9Cc;AASzB;;;EATyB,SAmDd,IAAA;EAvCT;;;;EAAA,SA4CS,QAAA;EA9CE;;;;EAAA,SAmDF,MAAA;EApBM;;;;EAAA,SAyBN,OAAA,IACP,MAAA,EA1BoC,OAAA,CA0BX,YAAA,KACtB,OAAA,CAAQ,YAAA;EAAR;;;;EAAA,SAKI,cAAA;AAAA;;;;;;;UASM,oBAAA;EACf,EAAA;EACA,IAAA;EAFe;EAIf,OAAA;;EAEA,cAAA;EALA;EAOA,SAAA;EAJA;EAMA,QAAA;EAFA;;;;;AAeF;EANE,eAAA;AAAA;;;;KAMU,8BAAA,GACR,uBAAA,GACA,WAAA,GACA,WAAA,GACA,uBAAA,GACA,qBAAA,GACA,kBAAA,GACA,oBAAA,GACA,iBAAA;;;;;;;KAQQ,MAAA,WAAiB,kBAAA,MAAkB,GAAA,SACN,CAAA;;;;;;;AADzC;;UAwBiB,QAAA;EACf,QAAA;EACA,OAAA;AAAA;;;;;;;;;AAFF;;;UAgBiB,YAAA;EAdR;EAgBP,GAAA,CAAI,QAAA,UAAkB,MAAA;EAFK;EAI3B,MAAA,EAAQ,QAAA;AAAA;;;;;UAOO,SAAA;EAPC;EAShB,GAAA;EAFe;EAIf,MAAA;;EAEA,MAAA;EAJA;EAMA,IAAA;EAFA;EAIA,MAAA,EAAQ,QAAA;EAAR;EAEA,SAAA;IAAc,WAAA;IAAqB,QAAA;EAAA;EAEnC;EAAA,SAAA;EAIA;EAFA,UAAA;EAMA;EAJA,SAAA;EAIiB;EAFjB,OAAA;EAuKe;EArKf,QAAA,GAAW,MAAA;AAAA;;;;;;;;;;;;;;;;;;UAqKI,cAAA;EACf,GAAA;sDAEE,MAAA;IAEA,KAAA;IAEA,MAAA,EAAQ,YAAA;EAAA;AAAA;;;;UAOK,UAAA;;EAEf,MAAA;;EAEA,OAAA;;EAEA,OAAA;AAAA;;;;KA8OU,UAAA,mBACQ,gBAAA,oBACA,qBAAA,CAAsB,SAAA,KACtC,cAAA,CAAe,SAAA,EAAW,SAAA;EAC5B,GAAA,EAAK,SAAA,CAAU,SAAA;EACf,aAAA;AAAA;;KAwCU,aAAA,GAAgB,6BAAA,QAAqC,QAAA;;KAYrD,GAAA,WAAc,qBAAA,CAAsB,aAAA,KAAkB,UAAA,CAChE,aAAA,EACA,CAAA;;KAIU,MAAA;EAAW,KAAA;EAAe,YAAA;AAAA;;KAG1B,WAAA;EACV,MAAA,EAAQ,SAAA;EACR,SAAA,EAAW,SAAA;EACX,MAAA,EAAQ,MAAA;AAAA"}