@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (310) hide show
  1. package/dist/authorization/index.d.ts +1 -1
  2. package/dist/authorization/index.js +1 -1
  3. package/dist/authorization/index.js.map +1 -1
  4. package/dist/client/index.d.ts +1 -2
  5. package/dist/client/index.d.ts.map +1 -1
  6. package/dist/client/index.js +36 -39
  7. package/dist/client/index.js.map +1 -1
  8. package/dist/component/client/index.d.ts +1 -2
  9. package/dist/component/convex.config.d.ts +2 -2
  10. package/dist/component/convex.config.d.ts.map +1 -1
  11. package/dist/component/model.d.ts +5 -5
  12. package/dist/component/model.d.ts.map +1 -1
  13. package/dist/component/public/enterprise/audit.d.ts.map +1 -1
  14. package/dist/component/public/enterprise/audit.js.map +1 -1
  15. package/dist/component/public/enterprise/core.d.ts.map +1 -1
  16. package/dist/component/public/enterprise/core.js.map +1 -1
  17. package/dist/component/public/enterprise/domains.d.ts.map +1 -1
  18. package/dist/component/public/enterprise/domains.js.map +1 -1
  19. package/dist/component/public/enterprise/scim.d.ts.map +1 -1
  20. package/dist/component/public/enterprise/scim.js.map +1 -1
  21. package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
  22. package/dist/component/public/enterprise/secrets.js.map +1 -1
  23. package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
  24. package/dist/component/public/enterprise/webhooks.js.map +1 -1
  25. package/dist/component/public/factors/devices.d.ts.map +1 -1
  26. package/dist/component/public/factors/devices.js.map +1 -1
  27. package/dist/component/public/factors/passkeys.d.ts.map +1 -1
  28. package/dist/component/public/factors/passkeys.js.map +1 -1
  29. package/dist/component/public/factors/totp.d.ts.map +1 -1
  30. package/dist/component/public/factors/totp.js.map +1 -1
  31. package/dist/component/public/groups/core.js.map +1 -1
  32. package/dist/component/public/groups/invites.d.ts.map +1 -1
  33. package/dist/component/public/groups/invites.js.map +1 -1
  34. package/dist/component/public/groups/members.d.ts.map +1 -1
  35. package/dist/component/public/groups/members.js.map +1 -1
  36. package/dist/component/public/identity/accounts.d.ts.map +1 -1
  37. package/dist/component/public/identity/accounts.js.map +1 -1
  38. package/dist/component/public/identity/codes.d.ts.map +1 -1
  39. package/dist/component/public/identity/codes.js.map +1 -1
  40. package/dist/component/public/identity/sessions.d.ts.map +1 -1
  41. package/dist/component/public/identity/sessions.js.map +1 -1
  42. package/dist/component/public/identity/tokens.d.ts.map +1 -1
  43. package/dist/component/public/identity/tokens.js.map +1 -1
  44. package/dist/component/public/identity/users.d.ts.map +1 -1
  45. package/dist/component/public/identity/users.js.map +1 -1
  46. package/dist/component/public/identity/verifiers.d.ts.map +1 -1
  47. package/dist/component/public/identity/verifiers.js.map +1 -1
  48. package/dist/component/public/security/keys.d.ts.map +1 -1
  49. package/dist/component/public/security/keys.js.map +1 -1
  50. package/dist/component/public/security/limits.d.ts.map +1 -1
  51. package/dist/component/public/security/limits.js.map +1 -1
  52. package/dist/component/schema.d.ts +39 -39
  53. package/dist/component/server/auth.d.ts +95 -52
  54. package/dist/component/server/auth.d.ts.map +1 -1
  55. package/dist/component/server/auth.js +63 -43
  56. package/dist/component/server/auth.js.map +1 -1
  57. package/dist/component/server/core.js +116 -235
  58. package/dist/component/server/core.js.map +1 -1
  59. package/dist/component/server/crypto.js +25 -7
  60. package/dist/component/server/crypto.js.map +1 -1
  61. package/dist/component/server/device.js +58 -15
  62. package/dist/component/server/device.js.map +1 -1
  63. package/dist/component/server/enterprise/domain.js +148 -59
  64. package/dist/component/server/enterprise/domain.js.map +1 -1
  65. package/dist/component/server/enterprise/http.js +36 -15
  66. package/dist/component/server/enterprise/http.js.map +1 -1
  67. package/dist/component/server/enterprise/oidc.js +1 -1
  68. package/dist/component/server/http.js +26 -21
  69. package/dist/component/server/http.js.map +1 -1
  70. package/dist/component/server/identity.js +5 -2
  71. package/dist/component/server/identity.js.map +1 -1
  72. package/dist/component/server/limits.js +21 -30
  73. package/dist/component/server/limits.js.map +1 -1
  74. package/dist/component/server/mutations/account.js +12 -10
  75. package/dist/component/server/mutations/account.js.map +1 -1
  76. package/dist/component/server/mutations/code.js +5 -2
  77. package/dist/component/server/mutations/code.js.map +1 -1
  78. package/dist/component/server/mutations/invalidate.js +1 -1
  79. package/dist/component/server/mutations/invalidate.js.map +1 -1
  80. package/dist/component/server/mutations/oauth.js +10 -4
  81. package/dist/component/server/mutations/oauth.js.map +1 -1
  82. package/dist/component/server/mutations/refresh.js +2 -2
  83. package/dist/component/server/mutations/refresh.js.map +1 -1
  84. package/dist/component/server/mutations/register.js +46 -42
  85. package/dist/component/server/mutations/register.js.map +1 -1
  86. package/dist/component/server/mutations/retrieve.js +21 -25
  87. package/dist/component/server/mutations/retrieve.js.map +1 -1
  88. package/dist/component/server/mutations/signature.js +10 -4
  89. package/dist/component/server/mutations/signature.js.map +1 -1
  90. package/dist/component/server/mutations/signout.js.map +1 -1
  91. package/dist/component/server/mutations/store.js +9 -24
  92. package/dist/component/server/mutations/store.js.map +1 -1
  93. package/dist/component/server/mutations/verifier.js.map +1 -1
  94. package/dist/component/server/mutations/verify.js +1 -1
  95. package/dist/component/server/mutations/verify.js.map +1 -1
  96. package/dist/component/server/oauth.js +53 -16
  97. package/dist/component/server/oauth.js.map +1 -1
  98. package/dist/component/server/passkey.js +115 -31
  99. package/dist/component/server/passkey.js.map +1 -1
  100. package/dist/component/server/redirects.js +9 -3
  101. package/dist/component/server/redirects.js.map +1 -1
  102. package/dist/component/server/refresh.js +10 -7
  103. package/dist/component/server/refresh.js.map +1 -1
  104. package/dist/component/server/runtime.d.ts +3 -3
  105. package/dist/component/server/runtime.d.ts.map +1 -1
  106. package/dist/component/server/runtime.js +62 -20
  107. package/dist/component/server/runtime.js.map +1 -1
  108. package/dist/component/server/signin.js +34 -10
  109. package/dist/component/server/signin.js.map +1 -1
  110. package/dist/component/server/totp.js +79 -19
  111. package/dist/component/server/totp.js.map +1 -1
  112. package/dist/component/server/types.d.ts +12 -20
  113. package/dist/component/server/types.d.ts.map +1 -1
  114. package/dist/component/server/types.js.map +1 -1
  115. package/dist/component/server/users.js +6 -3
  116. package/dist/component/server/users.js.map +1 -1
  117. package/dist/component/server/utils.js +10 -4
  118. package/dist/component/server/utils.js.map +1 -1
  119. package/dist/core/types.d.ts +14 -22
  120. package/dist/core/types.d.ts.map +1 -1
  121. package/dist/factors/device.js +8 -9
  122. package/dist/factors/device.js.map +1 -1
  123. package/dist/factors/passkey.js +18 -21
  124. package/dist/factors/passkey.js.map +1 -1
  125. package/dist/providers/password.js +66 -81
  126. package/dist/providers/password.js.map +1 -1
  127. package/dist/runtime/invite.js +2 -8
  128. package/dist/runtime/invite.js.map +1 -1
  129. package/dist/server/auth.d.ts +95 -52
  130. package/dist/server/auth.d.ts.map +1 -1
  131. package/dist/server/auth.js +63 -43
  132. package/dist/server/auth.js.map +1 -1
  133. package/dist/server/core.d.ts +71 -159
  134. package/dist/server/core.d.ts.map +1 -1
  135. package/dist/server/core.js +116 -235
  136. package/dist/server/core.js.map +1 -1
  137. package/dist/server/crypto.d.ts.map +1 -1
  138. package/dist/server/crypto.js +25 -7
  139. package/dist/server/crypto.js.map +1 -1
  140. package/dist/server/device.js +58 -15
  141. package/dist/server/device.js.map +1 -1
  142. package/dist/server/enterprise/domain.d.ts +0 -8
  143. package/dist/server/enterprise/domain.d.ts.map +1 -1
  144. package/dist/server/enterprise/domain.js +148 -59
  145. package/dist/server/enterprise/domain.js.map +1 -1
  146. package/dist/server/enterprise/http.d.ts.map +1 -1
  147. package/dist/server/enterprise/http.js +35 -14
  148. package/dist/server/enterprise/http.js.map +1 -1
  149. package/dist/server/http.d.ts +2 -2
  150. package/dist/server/http.d.ts.map +1 -1
  151. package/dist/server/http.js +25 -20
  152. package/dist/server/http.js.map +1 -1
  153. package/dist/server/identity.js +5 -2
  154. package/dist/server/identity.js.map +1 -1
  155. package/dist/server/index.d.ts +2 -2
  156. package/dist/server/limits.js +21 -30
  157. package/dist/server/limits.js.map +1 -1
  158. package/dist/server/mounts.d.ts +26 -64
  159. package/dist/server/mounts.d.ts.map +1 -1
  160. package/dist/server/mounts.js +45 -106
  161. package/dist/server/mounts.js.map +1 -1
  162. package/dist/server/mutations/account.d.ts +8 -9
  163. package/dist/server/mutations/account.d.ts.map +1 -1
  164. package/dist/server/mutations/account.js +11 -9
  165. package/dist/server/mutations/account.js.map +1 -1
  166. package/dist/server/mutations/code.d.ts +13 -13
  167. package/dist/server/mutations/code.d.ts.map +1 -1
  168. package/dist/server/mutations/code.js +5 -2
  169. package/dist/server/mutations/code.js.map +1 -1
  170. package/dist/server/mutations/invalidate.d.ts +4 -4
  171. package/dist/server/mutations/invalidate.d.ts.map +1 -1
  172. package/dist/server/mutations/invalidate.js.map +1 -1
  173. package/dist/server/mutations/oauth.d.ts +12 -10
  174. package/dist/server/mutations/oauth.d.ts.map +1 -1
  175. package/dist/server/mutations/oauth.js +9 -3
  176. package/dist/server/mutations/oauth.js.map +1 -1
  177. package/dist/server/mutations/refresh.d.ts +3 -3
  178. package/dist/server/mutations/refresh.d.ts.map +1 -1
  179. package/dist/server/mutations/refresh.js +1 -1
  180. package/dist/server/mutations/refresh.js.map +1 -1
  181. package/dist/server/mutations/register.d.ts +11 -11
  182. package/dist/server/mutations/register.d.ts.map +1 -1
  183. package/dist/server/mutations/register.js +45 -41
  184. package/dist/server/mutations/register.js.map +1 -1
  185. package/dist/server/mutations/retrieve.d.ts +6 -6
  186. package/dist/server/mutations/retrieve.d.ts.map +1 -1
  187. package/dist/server/mutations/retrieve.js +20 -24
  188. package/dist/server/mutations/retrieve.js.map +1 -1
  189. package/dist/server/mutations/signature.d.ts +6 -7
  190. package/dist/server/mutations/signature.d.ts.map +1 -1
  191. package/dist/server/mutations/signature.js +9 -3
  192. package/dist/server/mutations/signature.js.map +1 -1
  193. package/dist/server/mutations/signin.d.ts +5 -5
  194. package/dist/server/mutations/signin.d.ts.map +1 -1
  195. package/dist/server/mutations/signout.js.map +1 -1
  196. package/dist/server/mutations/store.d.ts +97 -97
  197. package/dist/server/mutations/store.d.ts.map +1 -1
  198. package/dist/server/mutations/store.js +8 -23
  199. package/dist/server/mutations/store.js.map +1 -1
  200. package/dist/server/mutations/verifier.js.map +1 -1
  201. package/dist/server/mutations/verify.d.ts +10 -10
  202. package/dist/server/mutations/verify.d.ts.map +1 -1
  203. package/dist/server/mutations/verify.js.map +1 -1
  204. package/dist/server/oauth.js +53 -16
  205. package/dist/server/oauth.js.map +1 -1
  206. package/dist/server/passkey.d.ts +2 -2
  207. package/dist/server/passkey.d.ts.map +1 -1
  208. package/dist/server/passkey.js +114 -30
  209. package/dist/server/passkey.js.map +1 -1
  210. package/dist/server/redirects.js +9 -3
  211. package/dist/server/redirects.js.map +1 -1
  212. package/dist/server/refresh.js +10 -7
  213. package/dist/server/refresh.js.map +1 -1
  214. package/dist/server/runtime.d.ts +14 -14
  215. package/dist/server/runtime.d.ts.map +1 -1
  216. package/dist/server/runtime.js +61 -19
  217. package/dist/server/runtime.js.map +1 -1
  218. package/dist/server/signin.js +34 -10
  219. package/dist/server/signin.js.map +1 -1
  220. package/dist/server/ssr.d.ts.map +1 -1
  221. package/dist/server/ssr.js +175 -184
  222. package/dist/server/ssr.js.map +1 -1
  223. package/dist/server/totp.js +78 -18
  224. package/dist/server/totp.js.map +1 -1
  225. package/dist/server/types.d.ts +13 -21
  226. package/dist/server/types.d.ts.map +1 -1
  227. package/dist/server/types.js.map +1 -1
  228. package/dist/server/users.js +6 -3
  229. package/dist/server/users.js.map +1 -1
  230. package/dist/server/utils.js +10 -4
  231. package/dist/server/utils.js.map +1 -1
  232. package/package.json +2 -6
  233. package/src/authorization/index.ts +1 -1
  234. package/src/cli/index.ts +1 -1
  235. package/src/client/core/types.ts +14 -14
  236. package/src/client/factors/device.ts +10 -12
  237. package/src/client/factors/passkey.ts +23 -26
  238. package/src/client/index.ts +54 -64
  239. package/src/client/runtime/invite.ts +5 -7
  240. package/src/component/index.ts +1 -0
  241. package/src/component/public/enterprise/audit.ts +6 -1
  242. package/src/component/public/enterprise/core.ts +1 -0
  243. package/src/component/public/enterprise/domains.ts +5 -1
  244. package/src/component/public/enterprise/scim.ts +1 -0
  245. package/src/component/public/enterprise/secrets.ts +1 -0
  246. package/src/component/public/enterprise/webhooks.ts +1 -0
  247. package/src/component/public/factors/devices.ts +1 -0
  248. package/src/component/public/factors/passkeys.ts +1 -0
  249. package/src/component/public/factors/totp.ts +1 -0
  250. package/src/component/public/groups/core.ts +1 -1
  251. package/src/component/public/groups/invites.ts +7 -1
  252. package/src/component/public/groups/members.ts +1 -0
  253. package/src/component/public/identity/accounts.ts +1 -0
  254. package/src/component/public/identity/codes.ts +1 -0
  255. package/src/component/public/identity/sessions.ts +1 -0
  256. package/src/component/public/identity/tokens.ts +1 -0
  257. package/src/component/public/identity/users.ts +1 -0
  258. package/src/component/public/identity/verifiers.ts +1 -0
  259. package/src/component/public/security/keys.ts +1 -0
  260. package/src/component/public/security/limits.ts +1 -0
  261. package/src/providers/password.ts +89 -110
  262. package/src/server/auth.ts +177 -111
  263. package/src/server/core.ts +197 -233
  264. package/src/server/crypto.ts +31 -29
  265. package/src/server/device.ts +65 -32
  266. package/src/server/enterprise/domain.ts +158 -170
  267. package/src/server/enterprise/http.ts +46 -39
  268. package/src/server/http.ts +36 -30
  269. package/src/server/identity.ts +5 -5
  270. package/src/server/index.ts +2 -0
  271. package/src/server/limits.ts +53 -80
  272. package/src/server/mounts.ts +47 -74
  273. package/src/server/mutations/account.ts +22 -36
  274. package/src/server/mutations/code.ts +6 -6
  275. package/src/server/mutations/invalidate.ts +1 -1
  276. package/src/server/mutations/oauth.ts +14 -8
  277. package/src/server/mutations/refresh.ts +5 -4
  278. package/src/server/mutations/register.ts +87 -132
  279. package/src/server/mutations/retrieve.ts +44 -44
  280. package/src/server/mutations/signature.ts +13 -6
  281. package/src/server/mutations/signout.ts +1 -1
  282. package/src/server/mutations/store.ts +16 -31
  283. package/src/server/mutations/verifier.ts +1 -1
  284. package/src/server/mutations/verify.ts +3 -5
  285. package/src/server/oauth.ts +60 -69
  286. package/src/server/passkey.ts +567 -517
  287. package/src/server/redirects.ts +10 -6
  288. package/src/server/refresh.ts +14 -18
  289. package/src/server/runtime.ts +70 -55
  290. package/src/server/signin.ts +44 -37
  291. package/src/server/ssr.ts +390 -407
  292. package/src/server/totp.ts +85 -35
  293. package/src/server/types.ts +19 -22
  294. package/src/server/users.ts +7 -6
  295. package/src/server/utils.ts +10 -12
  296. package/dist/component/server/authError.js +0 -34
  297. package/dist/component/server/authError.js.map +0 -1
  298. package/dist/component/server/errors.d.ts +0 -1
  299. package/dist/component/server/errors.js +0 -137
  300. package/dist/component/server/errors.js.map +0 -1
  301. package/dist/server/authError.d.ts +0 -46
  302. package/dist/server/authError.d.ts.map +0 -1
  303. package/dist/server/authError.js +0 -34
  304. package/dist/server/authError.js.map +0 -1
  305. package/dist/server/errors.d.ts +0 -177
  306. package/dist/server/errors.d.ts.map +0 -1
  307. package/dist/server/errors.js +0 -212
  308. package/dist/server/errors.js.map +0 -1
  309. package/src/server/authError.ts +0 -44
  310. package/src/server/errors.ts +0 -290
package/dist/server/mounts.js CHANGED
@@ -1,4 +1,5 @@
1
1
  import { enterpriseConnectionWhereValidator, enterpriseDomainInputValidator, enterpriseDomainVerificationInputValidator, enterprisePolicyPatchValidator, enterpriseSamlAttributeMappingValidator, enterpriseSamlSpValidator, enterpriseStatusValidator } from "./enterprise/validators.js";
2
+ import { Cv } from "@robelest/fx/convex";
2
3
  import { actionGeneric, mutationGeneric, queryGeneric } from "convex/server";
3
4
  import { ConvexError, v } from "convex/values";
4
5
 
@@ -51,28 +52,23 @@ function createMountedAdminAuthorizer(auth, options) {
51
52
  const requireUserId = requireSignedInUser(auth);
52
53
  return async (ctx, permission, target = {}) => {
53
54
  const userId = await requireUserId(ctx);
54
- if (userId === null) return {
55
- ok: false,
56
- code: "NOT_SIGNED_IN"
57
- };
58
- if (!options?.admin?.authorized) return {
59
- ok: false,
60
- code: "FORBIDDEN"
61
- };
55
+ if (userId === null) throw Cv.error({
56
+ code: "NOT_SIGNED_IN",
57
+ message: "You must be signed in to perform this action."
58
+ });
59
+ if (!options?.admin?.authorized) throw Cv.error({
60
+ code: "FORBIDDEN",
61
+ message: "Access denied."
62
+ });
62
63
  const resolved = await resolveMountedEnterpriseTarget(auth, ctx, target);
63
- const authResult = await options.admin.authorized(ctx, {
64
+ await options.admin.authorized(ctx, {
64
65
  userId,
65
66
  permission,
66
67
  enterpriseId: resolved.enterpriseId,
67
68
  groupId: resolved.groupId,
68
69
  resolvedGroupId: resolved.resolvedGroupId
69
70
  });
70
- if (authResult && !authResult.ok) return {
71
- ok: false,
72
- code: "FORBIDDEN"
73
- };
74
71
  return {
75
- ok: true,
76
72
  userId,
77
73
  ...resolved
78
74
  };
@@ -126,12 +122,7 @@ function sso(auth, options) {
126
122
  domain: v.optional(v.string())
127
123
  },
128
124
  handler: async (ctx, args) => {
129
- const authResult = await authorize(ctx, "sso.connection.create", { groupId: args.groupId });
130
- if (!authResult.ok) return {
131
- ok: false,
132
- code: authResult.code
133
- };
134
- const { userId } = authResult;
125
+ const { userId } = await authorize(ctx, "sso.connection.create", { groupId: args.groupId });
135
126
  const createsGroup = args.groupId === void 0;
136
127
  const groupId = args.groupId ?? (await auth.group.create(ctx, {
137
128
  name: args.name?.trim() || args.slug?.trim() || "Enterprise",
@@ -163,21 +154,21 @@ function sso(auth, options) {
163
154
  get: queryGeneric({
164
155
  args: { enterpriseId: v.string() },
165
156
  handler: async (ctx, args) => {
166
- if (!(await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId })).ok) return null;
157
+ await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId });
167
158
  return await auth.sso.admin.connection.get(ctx, args.enterpriseId);
168
159
  }
169
160
  }),
170
161
  getByGroup: queryGeneric({
171
162
  args: { groupId: v.string() },
172
163
  handler: async (ctx, args) => {
173
- if (!(await authorize(ctx, "sso.connection.read", { groupId: args.groupId })).ok) return null;
164
+ await authorize(ctx, "sso.connection.read", { groupId: args.groupId });
174
165
  return await auth.sso.admin.connection.getByGroup(ctx, args.groupId);
175
166
  }
176
167
  }),
177
168
  getByDomain: queryGeneric({
178
169
  args: { domain: v.string() },
179
170
  handler: async (ctx, args) => {
180
- if (!(await authorize(ctx, "sso.connection.read", { domain: args.domain })).ok) return null;
171
+ await authorize(ctx, "sso.connection.read", { domain: args.domain });
181
172
  return await auth.sso.admin.connection.getByDomain(ctx, args.domain);
182
173
  }
183
174
  }),
@@ -190,7 +181,7 @@ function sso(auth, options) {
190
181
  order: v.optional(v.union(v.literal("asc"), v.literal("desc")))
191
182
  },
192
183
  handler: async (ctx, args) => {
193
- if (!(await authorize(ctx, "sso.connection.read", { groupId: args.where?.groupId })).ok) return null;
184
+ await authorize(ctx, "sso.connection.read", { groupId: args.where?.groupId });
194
185
  return await auth.sso.admin.connection.list(ctx, args);
195
186
  }
196
187
  }),
@@ -204,33 +195,22 @@ function sso(auth, options) {
204
195
  })
205
196
  },
206
197
  handler: async (ctx, args) => {
207
- const _auth = await authorize(ctx, "sso.connection.manage", { enterpriseId: args.enterpriseId });
208
- if (!_auth.ok) return {
209
- ok: false,
210
- code: _auth.code
211
- };
198
+ await authorize(ctx, "sso.connection.manage", { enterpriseId: args.enterpriseId });
212
199
  await auth.sso.admin.connection.update(ctx, args.enterpriseId, args.data);
213
- return {
214
- ok: true,
215
- enterpriseId: args.enterpriseId
216
- };
200
+ return { enterpriseId: args.enterpriseId };
217
201
  }
218
202
  }),
219
203
  delete: mutationGeneric({
220
204
  args: { enterpriseId: v.string() },
221
205
  handler: async (ctx, args) => {
222
- const _auth = await authorize(ctx, "sso.connection.manage", { enterpriseId: args.enterpriseId });
223
- if (!_auth.ok) return {
224
- ok: false,
225
- code: _auth.code
226
- };
206
+ await authorize(ctx, "sso.connection.manage", { enterpriseId: args.enterpriseId });
227
207
  return await auth.sso.admin.connection.delete(ctx, args.enterpriseId);
228
208
  }
229
209
  }),
230
210
  status: queryGeneric({
231
211
  args: { enterpriseId: v.string() },
232
212
  handler: async (ctx, args) => {
233
- if (!(await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId })).ok) return null;
213
+ await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId });
234
214
  return await auth.sso.admin.connection.status(ctx, args.enterpriseId);
235
215
  }
236
216
  }),
@@ -238,14 +218,14 @@ function sso(auth, options) {
238
218
  list: queryGeneric({
239
219
  args: { enterpriseId: v.string() },
240
220
  handler: async (ctx, args) => {
241
- if (!(await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId })).ok) return null;
221
+ await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId });
242
222
  return await auth.sso.admin.connection.domain.list(ctx, args.enterpriseId);
243
223
  }
244
224
  }),
245
225
  validate: queryGeneric({
246
226
  args: { enterpriseId: v.string() },
247
227
  handler: async (ctx, args) => {
248
- if (!(await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId })).ok) return null;
228
+ await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
249
229
  return await auth.sso.admin.connection.domain.validate(ctx, args.enterpriseId);
250
230
  }
251
231
  }),
@@ -255,11 +235,7 @@ function sso(auth, options) {
255
235
  domains: v.array(enterpriseDomainInputValidator)
256
236
  },
257
237
  handler: async (ctx, args) => {
258
- const _auth = await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
259
- if (!_auth.ok) return {
260
- ok: false,
261
- code: _auth.code
262
- };
238
+ await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
263
239
  return await auth.sso.admin.connection.domain.set(ctx, args.enterpriseId, args.domains);
264
240
  }
265
241
  }),
@@ -267,22 +243,14 @@ function sso(auth, options) {
267
243
  request: mutationGeneric({
268
244
  args: enterpriseDomainVerificationInputValidator,
269
245
  handler: async (ctx, args) => {
270
- const _auth = await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
271
- if (!_auth.ok) return {
272
- ok: false,
273
- code: _auth.code
274
- };
246
+ await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
275
247
  return await auth.sso.admin.connection.domain.verification.request(ctx, args);
276
248
  }
277
249
  }),
278
250
  confirm: actionGeneric({
279
251
  args: enterpriseDomainVerificationInputValidator,
280
252
  handler: async (ctx, args) => {
281
- const _auth = await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
282
- if (!_auth.ok) return {
283
- ok: false,
284
- code: _auth.code
285
- };
253
+ await authorize(ctx, "sso.domain.manage", { enterpriseId: args.enterpriseId });
286
254
  return await auth.sso.admin.connection.domain.verification.confirm(ctx, args);
287
255
  }
288
256
  })
@@ -304,29 +272,21 @@ function sso(auth, options) {
304
272
  extraFields: v.optional(v.record(v.string(), v.string()))
305
273
  },
306
274
  handler: async (ctx, args) => {
307
- const _auth = await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
308
- if (!_auth.ok) return {
309
- ok: false,
310
- code: _auth.code
311
- };
275
+ await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
312
276
  return await auth.sso.admin.oidc.configure(ctx, args);
313
277
  }
314
278
  }),
315
279
  get: queryGeneric({
316
280
  args: { enterpriseId: v.string() },
317
281
  handler: async (ctx, args) => {
318
- if (!(await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId })).ok) return null;
282
+ await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId });
319
283
  return await auth.sso.admin.oidc.get(ctx, args.enterpriseId);
320
284
  }
321
285
  }),
322
286
  validate: actionGeneric({
323
287
  args: { enterpriseId: v.string() },
324
288
  handler: async (ctx, args) => {
325
- const _auth = await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
326
- if (!_auth.ok) return {
327
- ok: false,
328
- code: _auth.code
329
- };
289
+ await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
330
290
  return await auth.sso.admin.oidc.validate(ctx, args.enterpriseId);
331
291
  }
332
292
  })
@@ -343,18 +303,14 @@ function sso(auth, options) {
343
303
  sp: v.optional(enterpriseSamlSpValidator)
344
304
  },
345
305
  handler: async (ctx, args) => {
346
- const _auth = await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
347
- if (!_auth.ok) return {
348
- ok: false,
349
- code: _auth.code
350
- };
306
+ await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
351
307
  return await auth.sso.admin.saml.configure(ctx, args);
352
308
  }
353
309
  }),
354
310
  validate: queryGeneric({
355
311
  args: { enterpriseId: v.string() },
356
312
  handler: async (ctx, args) => {
357
- if (!(await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId })).ok) return null;
313
+ await authorize(ctx, "sso.protocol.manage", { enterpriseId: args.enterpriseId });
358
314
  return await auth.sso.admin.saml.validate(ctx, args.enterpriseId);
359
315
  }
360
316
  })
@@ -363,7 +319,7 @@ function sso(auth, options) {
363
319
  get: queryGeneric({
364
320
  args: { enterpriseId: v.string() },
365
321
  handler: async (ctx, args) => {
366
- if (!(await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId })).ok) return null;
322
+ await authorize(ctx, "sso.connection.read", { enterpriseId: args.enterpriseId });
367
323
  return await auth.sso.admin.policy.get(ctx, args.enterpriseId);
368
324
  }
369
325
  }),
@@ -373,18 +329,14 @@ function sso(auth, options) {
373
329
  patch: enterprisePolicyPatchValidator
374
330
  },
375
331
  handler: async (ctx, args) => {
376
- const _auth = await authorize(ctx, "sso.policy.manage", { enterpriseId: args.enterpriseId });
377
- if (!_auth.ok) return {
378
- ok: false,
379
- code: _auth.code
380
- };
332
+ await authorize(ctx, "sso.policy.manage", { enterpriseId: args.enterpriseId });
381
333
  return await auth.sso.admin.policy.update(ctx, args.enterpriseId, args.patch);
382
334
  }
383
335
  }),
384
336
  validate: queryGeneric({
385
337
  args: { enterpriseId: v.string() },
386
338
  handler: async (ctx, args) => {
387
- if (!(await authorize(ctx, "sso.policy.manage", { enterpriseId: args.enterpriseId })).ok) return null;
339
+ await authorize(ctx, "sso.policy.manage", { enterpriseId: args.enterpriseId });
388
340
  return await auth.sso.admin.policy.validate(ctx, args.enterpriseId);
389
341
  }
390
342
  })
@@ -396,10 +348,10 @@ function sso(auth, options) {
396
348
  limit: v.optional(v.number())
397
349
  },
398
350
  handler: async (ctx, args) => {
399
- if (!(await authorize(ctx, "sso.audit.read", {
351
+ await authorize(ctx, "sso.audit.read", {
400
352
  enterpriseId: args.enterpriseId,
401
353
  groupId: args.groupId
402
- })).ok) return null;
354
+ });
403
355
  return await auth.sso.admin.audit.list(ctx, args);
404
356
  }
405
357
  }) },
@@ -410,7 +362,7 @@ function sso(auth, options) {
410
362
  limit: v.optional(v.number())
411
363
  },
412
364
  handler: async (ctx, args) => {
413
- if (!(await authorize(ctx, "sso.webhook.manage", { enterpriseId: args.enterpriseId })).ok) return null;
365
+ await authorize(ctx, "sso.webhook.manage", { enterpriseId: args.enterpriseId });
414
366
  return await auth.sso.admin.webhook.delivery.list(ctx, args);
415
367
  }
416
368
  }) },
@@ -424,12 +376,7 @@ function sso(auth, options) {
424
376
  createdByUserId: v.optional(v.string())
425
377
  },
426
378
  handler: async (ctx, args) => {
427
- const authResult = await authorize(ctx, "sso.webhook.manage", { enterpriseId: args.enterpriseId });
428
- if (!authResult.ok) return {
429
- ok: false,
430
- code: authResult.code
431
- };
432
- const { userId } = authResult;
379
+ const { userId } = await authorize(ctx, "sso.webhook.manage", { enterpriseId: args.enterpriseId });
433
380
  return {
434
381
  _id: (await auth.sso.admin.webhook.endpoint.create(ctx, {
435
382
  ...args,
@@ -447,7 +394,7 @@ function sso(auth, options) {
447
394
  list: queryGeneric({
448
395
  args: { enterpriseId: v.string() },
449
396
  handler: async (ctx, args) => {
450
- if (!(await authorize(ctx, "sso.webhook.manage", { enterpriseId: args.enterpriseId })).ok) return null;
397
+ await authorize(ctx, "sso.webhook.manage", { enterpriseId: args.enterpriseId });
451
398
  return (await auth.sso.admin.webhook.endpoint.list(ctx, args.enterpriseId)).map((endpoint) => {
452
399
  const { secretHash: _secretHash, ...rest } = endpoint;
453
400
  return rest;
@@ -458,18 +405,14 @@ function sso(auth, options) {
458
405
  args: { endpointId: v.string() },
459
406
  handler: async (ctx, args) => {
460
407
  const endpoint = await auth.sso.admin.webhook.endpoint.get(ctx, args.endpointId);
461
- if (!endpoint) return {
462
- ok: false,
463
- code: "INVALID_PARAMETERS"
464
- };
465
- const _auth = await authorize(ctx, "sso.webhook.manage", {
408
+ if (!endpoint) throw Cv.error({
409
+ code: "INVALID_PARAMETERS",
410
+ message: "Webhook endpoint not found."
411
+ });
412
+ await authorize(ctx, "sso.webhook.manage", {
466
413
  enterpriseId: endpoint.enterpriseId,
467
414
  groupId: endpoint.groupId
468
415
  });
469
- if (!_auth.ok) return {
470
- ok: false,
471
- code: _auth.code
472
- };
473
416
  return await auth.sso.admin.webhook.endpoint.disable(ctx, args.endpointId);
474
417
  }
475
418
  })
@@ -541,25 +484,21 @@ function scim(auth, options) {
541
484
  status: v.optional(enterpriseStatusValidator)
542
485
  },
543
486
  handler: async (ctx, args) => {
544
- const _auth = await authorize(ctx, "scim.manage", { enterpriseId: args.enterpriseId });
545
- if (!_auth.ok) return {
546
- ok: false,
547
- code: _auth.code
548
- };
487
+ await authorize(ctx, "scim.manage", { enterpriseId: args.enterpriseId });
549
488
  return await auth.scim.admin.configure(ctx, args);
550
489
  }
551
490
  }),
552
491
  get: queryGeneric({
553
492
  args: { enterpriseId: v.string() },
554
493
  handler: async (ctx, args) => {
555
- if (!(await authorize(ctx, "scim.manage", { enterpriseId: args.enterpriseId })).ok) return null;
494
+ await authorize(ctx, "scim.manage", { enterpriseId: args.enterpriseId });
556
495
  return await auth.scim.admin.get(ctx, args.enterpriseId);
557
496
  }
558
497
  }),
559
498
  validate: queryGeneric({
560
499
  args: { enterpriseId: v.string() },
561
500
  handler: async (ctx, args) => {
562
- if (!(await authorize(ctx, "scim.manage", { enterpriseId: args.enterpriseId })).ok) return null;
501
+ await authorize(ctx, "scim.manage", { enterpriseId: args.enterpriseId });
563
502
  return await auth.scim.admin.validate(ctx, args.enterpriseId);
564
503
  }
565
504
  })
package/dist/server/mounts.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"mounts.js","names":[],"sources":["../../src/server/mounts.ts"],"sourcesContent":["import { actionGeneric, mutationGeneric, queryGeneric } from \"convex/server\";\nimport { ConvexError, v } from \"convex/values\";\n\nimport type { AuthApi } from \"./auth\";\nimport {\n enterpriseConnectionWhereValidator,\n enterpriseDomainInputValidator,\n enterpriseDomainVerificationInputValidator,\n enterprisePolicyPatchValidator,\n enterpriseSamlAttributeMappingValidator,\n enterpriseSamlSpValidator,\n enterpriseStatusValidator,\n} from \"./enterprise/validators\";\nimport type { AuthAuthorizationConfig, AuthRoleId } from \"./types\";\n\n/**\n * Permission identifiers used by mounted enterprise admin APIs.\n *\n * These permission strings are passed to your {@link EnterpriseAuthorizer}\n * callback so app code can decide whether the current user may perform a\n * specific SSO or SCIM management operation.\n *\n * @example\n * ```ts\n * const authorized: EnterpriseAuthorizer = async (ctx, input) => {\n * if (input.permission === \"sso.connection.create\") {\n * // Only org admins may create SSO connections\n * }\n * };\n * ```\n */\nexport type EnterpriseAdminPermission =\n | \"sso.connection.create\"\n | \"sso.connection.read\"\n | \"sso.connection.manage\"\n | \"sso.domain.manage\"\n | \"sso.protocol.manage\"\n | \"sso.policy.manage\"\n | \"sso.audit.read\"\n | \"sso.webhook.manage\"\n | \"scim.manage\";\n\n/**\n * Input passed to an {@link EnterpriseAuthorizer}.\n *\n * Contains the acting user, the requested permission, and the resolved\n * enterprise/group scope for the operation being authorized.\n */\nexport type EnterpriseAdminAuthorizationInput = {\n /** The signed-in user's ID performing the admin action. */\n userId: string;\n /** The {@link EnterpriseAdminPermission} being requested. */\n permission: EnterpriseAdminPermission;\n /** Enterprise document ID, if the operation targets a specific enterprise. */\n enterpriseId?: string;\n /** Group document ID, if explicitly provided by the caller. */\n groupId?: string;\n /** Resolved group ID from the enterprise record, or `null` when no enterprise context. */\n resolvedGroupId: string | null;\n};\n\n/**\n * App-defined authorization hook for mounted enterprise admin APIs.\n *\n * Return `void` (or resolve) to allow the operation, or `{ ok: false }` to deny it.\n *\n * @param ctx - Convex context with `ctx.auth` for identity checks.\n * @param input - The {@link EnterpriseAdminAuthorizationInput} describing who is doing what.\n * @returns `void` to allow, `{ ok: false }` to deny.\n *\n * @example\n * ```ts\n * import { EnterpriseAuthorizer } from \"@robelest/convex-auth/server\";\n *\n * const authorized: EnterpriseAuthorizer = async (ctx, input) => {\n * const identity = await ctx.auth.getUserIdentity();\n * if (!identity) return { ok: false };\n * // Allow all admin ops for the org owner\n * };\n * ```\n */\nexport type EnterpriseAuthorizer = (\n ctx: { auth: import(\"convex/server\").Auth },\n input: EnterpriseAdminAuthorizationInput,\n) => Promise<void | { ok: false }>;\n\ntype RoleRef<TRoleId extends string> = { id: TRoleId };\n\ntype MountedEnterpriseOptions<TRoleId extends string = string> = {\n admin?: {\n authorized?: EnterpriseAuthorizer;\n roles?: Array<TRoleId | RoleRef<TRoleId>>;\n };\n};\n\n/**\n * Configuration for {@link enterprise}, {@link sso}, and {@link scim}\n * mounted admin APIs.\n *\n * @typeParam TRoleId - Role IDs that may be assigned to enterprise creators.\n *\n * @example\n * ```ts\n * import { enterprise, EnterpriseMountOptions } from \"@robelest/convex-auth/server\";\n *\n * const options: EnterpriseMountOptions = {\n * admin: {\n * authorized: async (ctx, input) => {\n * // Verify the user has permission for `input.permission`\n * },\n * roles: [\"admin\", \"owner\"],\n * },\n * };\n * ```\n */\nexport type EnterpriseMountOptions<TRoleId extends string = string> = {\n admin: {\n authorized: EnterpriseAuthorizer;\n roles?: Array<TRoleId | RoleRef<TRoleId>>;\n };\n};\n\ntype MountedEnterpriseTarget = {\n enterpriseId?: string;\n groupId?: string;\n domain?: string;\n};\n\nfunction requireSignedInUser(auth: Pick<AuthApi, \"user\">) {\n return async (ctx: {\n auth: import(\"convex/server\").Auth;\n }): Promise<string | null> => {\n return await auth.user.id(ctx as never);\n };\n}\n\nfunction normalizeCreatorRoleIds<TRoleId extends string>(\n roles?: Array<TRoleId | RoleRef<TRoleId>>,\n) {\n return roles?.map((role) => (typeof role === \"string\" ? role : role.id));\n}\n\nasync function resolveMountedEnterpriseTarget(\n auth: Pick<AuthApi, \"sso\">,\n ctx: { auth: import(\"convex/server\").Auth },\n target: MountedEnterpriseTarget,\n) {\n if (target.groupId !== undefined) {\n return {\n enterpriseId: target.enterpriseId,\n groupId: target.groupId,\n resolvedGroupId: target.groupId,\n };\n }\n\n if (target.enterpriseId !== undefined) {\n const enterprise = await auth.sso.admin.connection.get(\n ctx as never,\n target.enterpriseId,\n );\n if (enterprise === null) {\n throw new ConvexError({\n code: \"INVALID_PARAMETERS\",\n message: \"Enterprise not found.\",\n });\n }\n return {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n resolvedGroupId: enterprise.groupId,\n };\n }\n\n if (target.domain !== undefined) {\n const resolved = await auth.sso.admin.connection.getByDomain(\n ctx as never,\n target.domain,\n );\n if (resolved?.enterprise === undefined) {\n throw new ConvexError({\n code: \"INVALID_PARAMETERS\",\n message: \"Enterprise not found.\",\n });\n }\n return {\n enterpriseId: resolved.enterprise._id,\n groupId: resolved.enterprise.groupId,\n resolvedGroupId: resolved.enterprise.groupId,\n };\n }\n\n return {\n enterpriseId: undefined,\n groupId: undefined,\n resolvedGroupId: null,\n };\n}\n\nfunction createMountedAdminAuthorizer(\n auth: Pick<AuthApi, \"sso\" | \"user\">,\n options?: MountedEnterpriseOptions,\n) {\n const requireUserId = requireSignedInUser(auth);\n\n return async (\n ctx: { auth: import(\"convex/server\").Auth },\n permission: EnterpriseAdminPermission,\n target: MountedEnterpriseTarget = {},\n ) => {\n const userId = await requireUserId(ctx);\n if (userId === null) {\n return { ok: false as const, code: \"NOT_SIGNED_IN\" as const };\n }\n if (!options?.admin?.authorized) {\n return { ok: false as const, code: \"FORBIDDEN\" as const };\n }\n const resolved = await resolveMountedEnterpriseTarget(auth, ctx, target);\n const authResult = await options.admin.authorized(ctx, {\n userId,\n permission,\n enterpriseId: resolved.enterpriseId,\n groupId: resolved.groupId,\n resolvedGroupId: resolved.resolvedGroupId,\n });\n if (authResult && !authResult.ok) {\n return { ok: false as const, code: \"FORBIDDEN\" as const };\n }\n return { ok: true as const, userId, ...resolved };\n };\n}\n\n/**\n * Build optional public SSO management actions that apps can mount under\n * `convex/auth/sso/**` when they want client-callable enterprise APIs.\n *\n * `admin` is for tenant-admin control-plane operations and should be mounted\n * with an explicit authorization policy. `client` is for end-user sign-in\n * helpers and does not require tenant-admin authorization.\n *\n * @param auth - Auth API subset providing `group`, `member`, `sso`, and `user` namespaces.\n * @param options - Optional admin authorization config. See {@link EnterpriseMountOptions}.\n * @typeParam TAuthorization - Optional authorization config for typed role IDs.\n * @returns An object with `admin` (connection CRUD, OIDC/SAML protocol config, policy,\n * audit, webhooks, domain management) and `client` (signIn, metadata) namespaces.\n *\n * @example\n * ```ts\n * // convex/auth/sso.ts\n * import { sso } from \"@robelest/convex-auth/server\";\n * import { auth } from \"../auth\";\n *\n * const mounted = sso(auth, {\n * admin: {\n * authorized: async (ctx, input) => { /* check permissions *\\/ },\n * },\n * });\n *\n * export const createConnection = mounted.admin.connection.create;\n * export const signIn = mounted.client.signIn;\n * ```\n *\n * @see {@link scim}\n * @see {@link enterprise}\n */\nexport function sso<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n auth: Pick<AuthApi<TAuthorization>, \"group\" | \"member\" | \"sso\" | \"user\">,\n options?: MountedEnterpriseOptions<AuthRoleId<TAuthorization>>,\n) {\n const authorize = createMountedAdminAuthorizer(auth, options);\n const adminRoleIds = normalizeCreatorRoleIds(options?.admin?.roles);\n\n return {\n admin: {\n connection: {\n create: mutationGeneric({\n args: {\n groupId: v.optional(v.string()),\n name: v.optional(v.string()),\n slug: v.optional(v.string()),\n status: v.optional(enterpriseStatusValidator),\n domain: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n const authResult = await authorize(ctx, \"sso.connection.create\", {\n groupId: args.groupId,\n });\n if (!authResult.ok)\n return { ok: false as const, code: authResult.code };\n const { userId } = authResult;\n const createsGroup = args.groupId === undefined;\n const groupId =\n args.groupId ??\n (\n await auth.group.create(ctx as never, {\n name: args.name?.trim() || args.slug?.trim() || \"Enterprise\",\n slug: args.slug,\n type: \"enterprise\",\n })\n ).groupId;\n if (createsGroup) {\n await auth.member.create(ctx as never, {\n groupId,\n userId,\n roleIds: adminRoleIds,\n });\n }\n const created = await auth.sso.admin.connection.create(\n ctx as never,\n {\n groupId,\n name: args.name,\n slug: args.slug,\n status: args.status,\n },\n );\n if (args.domain) {\n await auth.sso.admin.connection.domain.set(\n ctx as never,\n created.enterpriseId,\n [{ domain: args.domain, isPrimary: true }],\n );\n }\n return {\n ...created,\n groupId,\n createdGroup: createsGroup,\n };\n },\n }),\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.get(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n getByGroup: queryGeneric({\n args: { groupId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n groupId: args.groupId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.getByGroup(\n ctx as never,\n args.groupId,\n );\n },\n }),\n getByDomain: queryGeneric({\n args: { domain: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n domain: args.domain,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.getByDomain(\n ctx as never,\n args.domain,\n );\n },\n }),\n list: queryGeneric({\n args: {\n where: v.optional(enterpriseConnectionWhereValidator),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(v.string()),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n groupId: args.where?.groupId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.list(\n ctx as never,\n args as never,\n );\n },\n }),\n update: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n data: v.object({\n name: v.optional(v.string()),\n slug: v.optional(v.string()),\n status: v.optional(enterpriseStatusValidator),\n }),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n await auth.sso.admin.connection.update(\n ctx as never,\n args.enterpriseId,\n args.data,\n );\n return { ok: true as const, enterpriseId: args.enterpriseId };\n },\n }),\n delete: mutationGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.connection.delete(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n status: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.status(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n domain: {\n list: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.domain.list(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.connection.domain.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n set: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n domains: v.array(enterpriseDomainInputValidator),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.connection.domain.set(\n ctx as never,\n args.enterpriseId,\n args.domains,\n );\n },\n }),\n verification: {\n request: mutationGeneric({\n args: enterpriseDomainVerificationInputValidator,\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.connection.domain.verification.request(\n ctx as never,\n args,\n );\n },\n }),\n confirm: actionGeneric({\n args: enterpriseDomainVerificationInputValidator,\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.connection.domain.verification.confirm(\n ctx as never,\n args,\n );\n },\n }),\n },\n },\n },\n oidc: {\n configure: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n issuer: v.optional(v.string()),\n discoveryUrl: v.optional(v.string()),\n clientId: v.string(),\n clientSecret: v.optional(v.string()),\n scopes: v.optional(v.array(v.string())),\n authorizationParams: v.optional(v.record(v.string(), v.string())),\n clockToleranceSeconds: v.optional(v.number()),\n strictIssuer: v.optional(v.boolean()),\n extraFields: v.optional(v.record(v.string(), v.string())),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.oidc.configure(ctx as never, args);\n },\n }),\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.oidc.get(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n validate: actionGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.oidc.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n saml: {\n configure: actionGeneric({\n args: {\n enterpriseId: v.string(),\n metadataXml: v.optional(v.string()),\n metadataUrl: v.optional(v.string()),\n domains: v.optional(v.array(v.string())),\n signAuthnRequests: v.optional(v.boolean()),\n attributeMapping: v.optional(\n enterpriseSamlAttributeMappingValidator,\n ),\n sp: v.optional(enterpriseSamlSpValidator),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.saml.configure(ctx as never, args);\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.saml.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n policy: {\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.policy.get(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n update: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n patch: enterprisePolicyPatchValidator,\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.policy.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.policy.update(\n ctx as never,\n args.enterpriseId,\n args.patch,\n );\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.policy.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.policy.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n audit: {\n list: queryGeneric({\n args: {\n enterpriseId: v.optional(v.string()),\n groupId: v.optional(v.string()),\n limit: v.optional(v.number()),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.audit.read\", {\n enterpriseId: args.enterpriseId,\n groupId: args.groupId,\n });\n if (!_auth.ok) return null;\n return await auth.sso.admin.audit.list(ctx as never, args);\n },\n }),\n },\n webhook: {\n delivery: {\n list: queryGeneric({\n args: {\n enterpriseId: v.string(),\n limit: v.optional(v.number()),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await (auth.sso.admin.webhook as any).delivery.list(\n ctx as never,\n args,\n );\n },\n }),\n },\n endpoint: {\n create: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n url: v.string(),\n secret: v.string(),\n subscriptions: v.array(v.string()),\n createdByUserId: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n const authResult = await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!authResult.ok)\n return { ok: false as const, code: authResult.code };\n const { userId } = authResult;\n const result = await auth.sso.admin.webhook.endpoint.create(\n ctx as never,\n {\n ...args,\n createdByUserId: args.createdByUserId ?? userId,\n },\n );\n return {\n _id: result.endpointId,\n enterpriseId: args.enterpriseId,\n url: args.url,\n subscriptions: args.subscriptions,\n createdByUserId: args.createdByUserId ?? userId,\n status: \"active\",\n failureCount: 0,\n };\n },\n }),\n list: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n const endpoints = await auth.sso.admin.webhook.endpoint.list(\n ctx as never,\n args.enterpriseId,\n );\n return endpoints.map((endpoint: Record<string, unknown>) => {\n const { secretHash: _secretHash, ...rest } = endpoint;\n return rest;\n });\n },\n }),\n disable: mutationGeneric({\n args: { endpointId: v.string() },\n handler: async (ctx, args) => {\n const endpoint = await auth.sso.admin.webhook.endpoint.get(\n ctx as never,\n args.endpointId,\n );\n if (!endpoint) {\n return {\n ok: false as const,\n code: \"INVALID_PARAMETERS\" as const,\n };\n }\n const _auth = await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: endpoint.enterpriseId,\n groupId: endpoint.groupId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.sso.admin.webhook.endpoint.disable(\n ctx as never,\n args.endpointId,\n );\n },\n }),\n },\n },\n },\n client: {\n signIn: queryGeneric({\n args: {\n enterpriseId: v.optional(v.string()),\n email: v.optional(v.string()),\n domain: v.optional(v.string()),\n redirectTo: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n return await auth.sso.client.signIn(ctx as never, args);\n },\n }),\n metadata: queryGeneric({\n args: {\n enterpriseId: v.string(),\n entityId: v.optional(v.string()),\n acsUrl: v.optional(v.string()),\n sloUrl: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n return await auth.sso.client.metadata(ctx as never, args);\n },\n }),\n },\n };\n}\n\n/**\n * Build optional public SCIM management actions that apps can mount under\n * `convex/auth/scim/**` when they want client-callable enterprise admin APIs.\n *\n * @param auth - Auth API subset providing `scim`, `sso`, and `user` namespaces.\n * @param options - Optional admin authorization config. See {@link EnterpriseMountOptions}.\n * @typeParam TAuthorization - Optional authorization config for typed role IDs.\n * @returns An object with `admin.configure`, `admin.get`, and `admin.validate` actions.\n *\n * @example\n * ```ts\n * // convex/auth/scim.ts\n * import { scim } from \"@robelest/convex-auth/server\";\n * import { auth } from \"../auth\";\n *\n * const mounted = scim(auth, {\n * admin: {\n * authorized: async (ctx, input) => { /* check permissions *\\/ },\n * },\n * });\n *\n * export const configure = mounted.admin.configure;\n * export const get = mounted.admin.get;\n * export const validate = mounted.admin.validate;\n * ```\n *\n * @see {@link sso}\n * @see {@link enterprise}\n */\nexport function scim<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n auth: Pick<AuthApi<TAuthorization>, \"scim\" | \"sso\" | \"user\">,\n options?: MountedEnterpriseOptions<AuthRoleId<TAuthorization>>,\n) {\n const authorize = createMountedAdminAuthorizer(auth, options);\n\n return {\n admin: {\n configure: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n basePath: v.optional(v.string()),\n status: v.optional(enterpriseStatusValidator),\n },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"scim.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return { ok: false as const, code: _auth.code };\n return await auth.scim.admin.configure(ctx as never, args);\n },\n }),\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"scim.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.scim.admin.get(ctx as never, args.enterpriseId);\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n const _auth = await authorize(ctx, \"scim.manage\", {\n enterpriseId: args.enterpriseId,\n });\n if (!_auth.ok) return null;\n return await auth.scim.admin.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n };\n}\n\n/**\n * Build a flat mounted enterprise API surface for app-owned Convex exports.\n *\n * Combines {@link sso} and {@link scim} into a single flat object with\n * all SSO connection, protocol, policy, audit, webhook, and SCIM\n * management functions plus end-user sign-in helpers. The `authorized`\n * callback is required for all admin operations.\n *\n * @param auth - Auth API subset providing `group`, `member`, `scim`, `sso`, and `user` namespaces.\n * @param options - Required {@link EnterpriseMountOptions} with an `admin.authorized` callback.\n * @typeParam TAuthorization - Optional authorization config for typed role IDs.\n * @returns A flat object with all enterprise management functions (e.g. `createConnection`,\n * `configureOidc`, `configureScim`, `signIn`, etc.).\n *\n * @example\n * ```ts\n * // convex/auth/enterprise.ts\n * import { enterprise } from \"@robelest/convex-auth/server\";\n * import { auth } from \"../auth\";\n *\n * const api = enterprise(auth, {\n * admin: {\n * authorized: async (ctx, input) => { /* check permissions *\\/ },\n * roles: [\"admin\"],\n * },\n * });\n *\n * export const createConnection = api.createConnection;\n * export const configureOidc = api.configureOidc;\n * export const signIn = api.signIn;\n * ```\n *\n * @see {@link sso}\n * @see {@link scim}\n */\nexport function enterprise<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n auth: Pick<\n AuthApi<TAuthorization>,\n \"group\" | \"member\" | \"scim\" | \"sso\" | \"user\"\n >,\n options: EnterpriseMountOptions<AuthRoleId<TAuthorization>>,\n) {\n const mountedSso = sso(auth, {\n admin: options.admin,\n });\n const mountedScim = scim(auth, {\n admin: { authorized: options.admin.authorized },\n });\n\n return {\n createConnection: mountedSso.admin.connection.create,\n getConnection: mountedSso.admin.connection.get,\n getConnectionByGroup: mountedSso.admin.connection.getByGroup,\n getConnectionByDomain: mountedSso.admin.connection.getByDomain,\n listConnections: mountedSso.admin.connection.list,\n updateConnection: mountedSso.admin.connection.update,\n deleteConnection: mountedSso.admin.connection.delete,\n getConnectionStatus: mountedSso.admin.connection.status,\n listDomains: mountedSso.admin.connection.domain.list,\n validateDomains: mountedSso.admin.connection.domain.validate,\n setDomains: mountedSso.admin.connection.domain.set,\n requestDomainVerification:\n mountedSso.admin.connection.domain.verification.request,\n confirmDomainVerification:\n mountedSso.admin.connection.domain.verification.confirm,\n configureOidc: mountedSso.admin.oidc.configure,\n getOidc: mountedSso.admin.oidc.get,\n validateOidc: mountedSso.admin.oidc.validate,\n configureSaml: mountedSso.admin.saml.configure,\n validateSaml: mountedSso.admin.saml.validate,\n getPolicy: mountedSso.admin.policy.get,\n updatePolicy: mountedSso.admin.policy.update,\n validatePolicy: mountedSso.admin.policy.validate,\n listAudit: mountedSso.admin.audit.list,\n createWebhookEndpoint: mountedSso.admin.webhook.endpoint.create,\n listWebhookEndpoints: mountedSso.admin.webhook.endpoint.list,\n listWebhookDeliveries: mountedSso.admin.webhook.delivery.list,\n disableWebhookEndpoint: mountedSso.admin.webhook.endpoint.disable,\n configureScim: mountedScim.admin.configure,\n getScim: mountedScim.admin.get,\n validateScim: mountedScim.admin.validate,\n signIn: mountedSso.client.signIn,\n metadata: mountedSso.client.metadata,\n };\n}\n"],"mappings":";;;;;AAgIA,SAAS,oBAAoB,MAA6B;AACxD,QAAO,OAAO,QAEgB;AAC5B,SAAO,MAAM,KAAK,KAAK,GAAG,IAAa;;;AAI3C,SAAS,wBACP,OACA;AACA,QAAO,OAAO,KAAK,SAAU,OAAO,SAAS,WAAW,OAAO,KAAK,GAAI;;AAG1E,eAAe,+BACb,MACA,KACA,QACA;AACA,KAAI,OAAO,YAAY,OACrB,QAAO;EACL,cAAc,OAAO;EACrB,SAAS,OAAO;EAChB,iBAAiB,OAAO;EACzB;AAGH,KAAI,OAAO,iBAAiB,QAAW;EACrC,MAAM,aAAa,MAAM,KAAK,IAAI,MAAM,WAAW,IACjD,KACA,OAAO,aACR;AACD,MAAI,eAAe,KACjB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,SAAO;GACL,cAAc,WAAW;GACzB,SAAS,WAAW;GACpB,iBAAiB,WAAW;GAC7B;;AAGH,KAAI,OAAO,WAAW,QAAW;EAC/B,MAAM,WAAW,MAAM,KAAK,IAAI,MAAM,WAAW,YAC/C,KACA,OAAO,OACR;AACD,MAAI,UAAU,eAAe,OAC3B,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,SAAO;GACL,cAAc,SAAS,WAAW;GAClC,SAAS,SAAS,WAAW;GAC7B,iBAAiB,SAAS,WAAW;GACtC;;AAGH,QAAO;EACL,cAAc;EACd,SAAS;EACT,iBAAiB;EAClB;;AAGH,SAAS,6BACP,MACA,SACA;CACA,MAAM,gBAAgB,oBAAoB,KAAK;AAE/C,QAAO,OACL,KACA,YACA,SAAkC,EAAE,KACjC;EACH,MAAM,SAAS,MAAM,cAAc,IAAI;AACvC,MAAI,WAAW,KACb,QAAO;GAAE,IAAI;GAAgB,MAAM;GAA0B;AAE/D,MAAI,CAAC,SAAS,OAAO,WACnB,QAAO;GAAE,IAAI;GAAgB,MAAM;GAAsB;EAE3D,MAAM,WAAW,MAAM,+BAA+B,MAAM,KAAK,OAAO;EACxE,MAAM,aAAa,MAAM,QAAQ,MAAM,WAAW,KAAK;GACrD;GACA;GACA,cAAc,SAAS;GACvB,SAAS,SAAS;GAClB,iBAAiB,SAAS;GAC3B,CAAC;AACF,MAAI,cAAc,CAAC,WAAW,GAC5B,QAAO;GAAE,IAAI;GAAgB,MAAM;GAAsB;AAE3D,SAAO;GAAE,IAAI;GAAe;GAAQ,GAAG;GAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCrD,SAAgB,IAGd,MACA,SACA;CACA,MAAM,YAAY,6BAA6B,MAAM,QAAQ;CAC7D,MAAM,eAAe,wBAAwB,SAAS,OAAO,MAAM;AAEnE,QAAO;EACL,OAAO;GACL,YAAY;IACV,QAAQ,gBAAgB;KACtB,MAAM;MACJ,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC/B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC5B,QAAQ,EAAE,SAAS,0BAA0B;MAC7C,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC/B;KACD,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,aAAa,MAAM,UAAU,KAAK,yBAAyB,EAC/D,SAAS,KAAK,SACf,CAAC;AACF,UAAI,CAAC,WAAW,GACd,QAAO;OAAE,IAAI;OAAgB,MAAM,WAAW;OAAM;MACtD,MAAM,EAAE,WAAW;MACnB,MAAM,eAAe,KAAK,YAAY;MACtC,MAAM,UACJ,KAAK,YAEH,MAAM,KAAK,MAAM,OAAO,KAAc;OACpC,MAAM,KAAK,MAAM,MAAM,IAAI,KAAK,MAAM,MAAM,IAAI;OAChD,MAAM,KAAK;OACX,MAAM;OACP,CAAC,EACF;AACJ,UAAI,aACF,OAAM,KAAK,OAAO,OAAO,KAAc;OACrC;OACA;OACA,SAAS;OACV,CAAC;MAEJ,MAAM,UAAU,MAAM,KAAK,IAAI,MAAM,WAAW,OAC9C,KACA;OACE;OACA,MAAM,KAAK;OACX,MAAM,KAAK;OACX,QAAQ,KAAK;OACd,CACF;AACD,UAAI,KAAK,OACP,OAAM,KAAK,IAAI,MAAM,WAAW,OAAO,IACrC,KACA,QAAQ,cACR,CAAC;OAAE,QAAQ,KAAK;OAAQ,WAAW;OAAM,CAAC,CAC3C;AAEH,aAAO;OACL,GAAG;OACH;OACA,cAAc;OACf;;KAEJ,CAAC;IACF,KAAK,aAAa;KAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,IACrC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,YAAY,aAAa;KACvB,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;KAC7B,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,SAAS,KAAK,SACf,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,WACrC,KACA,KAAK,QACN;;KAEJ,CAAC;IACF,aAAa,aAAa;KACxB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE;KAC5B,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,QAAQ,KAAK,QACd,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,YACrC,KACA,KAAK,OACN;;KAEJ,CAAC;IACF,MAAM,aAAa;KACjB,MAAM;MACJ,OAAO,EAAE,SAAS,mCAAmC;MACrD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;MACjD,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;MAChE;KACD,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,SAAS,KAAK,OAAO,SACtB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,KACrC,KACA,KACD;;KAEJ,CAAC;IACF,QAAQ,gBAAgB;KACtB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,MAAM,EAAE,OAAO;OACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;OAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;OAC5B,QAAQ,EAAE,SAAS,0BAA0B;OAC9C,CAAC;MACH;KACD,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,yBAAyB,EAC1D,cAAc,KAAK,cACpB,CAAC;AACF,UAAI,CAAC,MAAM,GAAI,QAAO;OAAE,IAAI;OAAgB,MAAM,MAAM;OAAM;AAC9D,YAAM,KAAK,IAAI,MAAM,WAAW,OAC9B,KACA,KAAK,cACL,KAAK,KACN;AACD,aAAO;OAAE,IAAI;OAAe,cAAc,KAAK;OAAc;;KAEhE,CAAC;IACF,QAAQ,gBAAgB;KACtB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,yBAAyB,EAC1D,cAAc,KAAK,cACpB,CAAC;AACF,UAAI,CAAC,MAAM,GAAI,QAAO;OAAE,IAAI;OAAgB,MAAM,MAAM;OAAM;AAC9D,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OACrC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,QAAQ,aAAa;KACnB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OACrC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,QAAQ;KACN,MAAM,aAAa;MACjB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;MAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,WAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,cAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,KAC5C,KACA,KAAK,aACN;;MAEJ,CAAC;KACF,UAAU,aAAa;MACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;MAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,WAAI,EAHU,MAAM,UAAU,KAAK,qBAAqB,EACtD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,cAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,SAC5C,KACA,KAAK,aACN;;MAEJ,CAAC;KACF,KAAK,gBAAgB;MACnB,MAAM;OACJ,cAAc,EAAE,QAAQ;OACxB,SAAS,EAAE,MAAM,+BAA+B;OACjD;MACD,SAAS,OAAO,KAAK,SAAS;OAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,qBAAqB,EACtD,cAAc,KAAK,cACpB,CAAC;AACF,WAAI,CAAC,MAAM,GAAI,QAAO;QAAE,IAAI;QAAgB,MAAM,MAAM;QAAM;AAC9D,cAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,IAC5C,KACA,KAAK,cACL,KAAK,QACN;;MAEJ,CAAC;KACF,cAAc;MACZ,SAAS,gBAAgB;OACvB,MAAM;OACN,SAAS,OAAO,KAAK,SAAS;QAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,qBAAqB,EACtD,cAAc,KAAK,cACpB,CAAC;AACF,YAAI,CAAC,MAAM,GAAI,QAAO;SAAE,IAAI;SAAgB,MAAM,MAAM;SAAM;AAC9D,eAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,aAAa,QACzD,KACA,KACD;;OAEJ,CAAC;MACF,SAAS,cAAc;OACrB,MAAM;OACN,SAAS,OAAO,KAAK,SAAS;QAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,qBAAqB,EACtD,cAAc,KAAK,cACpB,CAAC;AACF,YAAI,CAAC,MAAM,GAAI,QAAO;SAAE,IAAI;SAAgB,MAAM,MAAM;SAAM;AAC9D,eAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,aAAa,QACzD,KACA,KACD;;OAEJ,CAAC;MACH;KACF;IACF;GACD,MAAM;IACJ,WAAW,gBAAgB;KACzB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC9B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;MACpC,UAAU,EAAE,QAAQ;MACpB,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;MACpC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;MACvC,qBAAqB,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;MACjE,uBAAuB,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC7C,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC;MACrC,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;MAC1D;KACD,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC;AACF,UAAI,CAAC,MAAM,GAAI,QAAO;OAAE,IAAI;OAAgB,MAAM,MAAM;OAAM;AAC9D,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,UAAU,KAAc,KAAK;;KAEjE,CAAC;IACF,KAAK,aAAa;KAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,IAC/B,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,UAAU,cAAc;KACtB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC;AACF,UAAI,CAAC,MAAM,GAAI,QAAO;OAAE,IAAI;OAAgB,MAAM,MAAM;OAAM;AAC9D,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KACA,KAAK,aACN;;KAEJ,CAAC;IACH;GACD,MAAM;IACJ,WAAW,cAAc;KACvB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;MACnC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;MACnC,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;MACxC,mBAAmB,EAAE,SAAS,EAAE,SAAS,CAAC;MAC1C,kBAAkB,EAAE,SAClB,wCACD;MACD,IAAI,EAAE,SAAS,0BAA0B;MAC1C;KACD,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC;AACF,UAAI,CAAC,MAAM,GAAI,QAAO;OAAE,IAAI;OAAgB,MAAM,MAAM;OAAM;AAC9D,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,UAAU,KAAc,KAAK;;KAEjE,CAAC;IACF,UAAU,aAAa;KACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KACA,KAAK,aACN;;KAEJ,CAAC;IACH;GACD,QAAQ;IACN,KAAK,aAAa;KAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,uBAAuB,EACxD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,OAAO,IACjC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,QAAQ,gBAAgB;KACtB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,OAAO;MACR;KACD,SAAS,OAAO,KAAK,SAAS;MAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,qBAAqB,EACtD,cAAc,KAAK,cACpB,CAAC;AACF,UAAI,CAAC,MAAM,GAAI,QAAO;OAAE,IAAI;OAAgB,MAAM,MAAM;OAAM;AAC9D,aAAO,MAAM,KAAK,IAAI,MAAM,OAAO,OACjC,KACA,KAAK,cACL,KAAK,MACN;;KAEJ,CAAC;IACF,UAAU,aAAa;KACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,qBAAqB,EACtD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAM,KAAK,IAAI,MAAM,OAAO,SACjC,KACA,KAAK,aACN;;KAEJ,CAAC;IACH;GACD,OAAO,EACL,MAAM,aAAa;IACjB,MAAM;KACJ,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;KACpC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC/B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC9B;IACD,SAAS,OAAO,KAAK,SAAS;AAK5B,SAAI,EAJU,MAAM,UAAU,KAAK,kBAAkB;MACnD,cAAc,KAAK;MACnB,SAAS,KAAK;MACf,CAAC,EACS,GAAI,QAAO;AACtB,YAAO,MAAM,KAAK,IAAI,MAAM,MAAM,KAAK,KAAc,KAAK;;IAE7D,CAAC,EACH;GACD,SAAS;IACP,UAAU,EACR,MAAM,aAAa;KACjB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC9B;KACD,SAAS,OAAO,KAAK,SAAS;AAI5B,UAAI,EAHU,MAAM,UAAU,KAAK,sBAAsB,EACvD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,aAAO,MAAO,KAAK,IAAI,MAAM,QAAgB,SAAS,KACpD,KACA,KACD;;KAEJ,CAAC,EACH;IACD,UAAU;KACR,QAAQ,gBAAgB;MACtB,MAAM;OACJ,cAAc,EAAE,QAAQ;OACxB,KAAK,EAAE,QAAQ;OACf,QAAQ,EAAE,QAAQ;OAClB,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC;OAClC,iBAAiB,EAAE,SAAS,EAAE,QAAQ,CAAC;OACxC;MACD,SAAS,OAAO,KAAK,SAAS;OAC5B,MAAM,aAAa,MAAM,UAAU,KAAK,sBAAsB,EAC5D,cAAc,KAAK,cACpB,CAAC;AACF,WAAI,CAAC,WAAW,GACd,QAAO;QAAE,IAAI;QAAgB,MAAM,WAAW;QAAM;OACtD,MAAM,EAAE,WAAW;AAQnB,cAAO;QACL,MARa,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,OACnD,KACA;SACE,GAAG;SACH,iBAAiB,KAAK,mBAAmB;SAC1C,CACF,EAEa;QACZ,cAAc,KAAK;QACnB,KAAK,KAAK;QACV,eAAe,KAAK;QACpB,iBAAiB,KAAK,mBAAmB;QACzC,QAAQ;QACR,cAAc;QACf;;MAEJ,CAAC;KACF,MAAM,aAAa;MACjB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;MAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,WAAI,EAHU,MAAM,UAAU,KAAK,sBAAsB,EACvD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AAKtB,eAJkB,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,KACtD,KACA,KAAK,aACN,EACgB,KAAK,aAAsC;QAC1D,MAAM,EAAE,YAAY,aAAa,GAAG,SAAS;AAC7C,eAAO;SACP;;MAEL,CAAC;KACF,SAAS,gBAAgB;MACvB,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE;MAChC,SAAS,OAAO,KAAK,SAAS;OAC5B,MAAM,WAAW,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,IACrD,KACA,KAAK,WACN;AACD,WAAI,CAAC,SACH,QAAO;QACL,IAAI;QACJ,MAAM;QACP;OAEH,MAAM,QAAQ,MAAM,UAAU,KAAK,sBAAsB;QACvD,cAAc,SAAS;QACvB,SAAS,SAAS;QACnB,CAAC;AACF,WAAI,CAAC,MAAM,GAAI,QAAO;QAAE,IAAI;QAAgB,MAAM,MAAM;QAAM;AAC9D,cAAO,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,QAC3C,KACA,KAAK,WACN;;MAEJ,CAAC;KACH;IACF;GACF;EACD,QAAQ;GACN,QAAQ,aAAa;IACnB,MAAM;KACJ,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;KACpC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC9B,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;KACnC;IACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAO,MAAM,KAAK,IAAI,OAAO,OAAO,KAAc,KAAK;;IAE1D,CAAC;GACF,UAAU,aAAa;IACrB,MAAM;KACJ,cAAc,EAAE,QAAQ;KACxB,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;KAChC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC9B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC/B;IACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAO,MAAM,KAAK,IAAI,OAAO,SAAS,KAAc,KAAK;;IAE5D,CAAC;GACH;EACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCH,SAAgB,KAGd,MACA,SACA;CACA,MAAM,YAAY,6BAA6B,MAAM,QAAQ;AAE7D,QAAO,EACL,OAAO;EACL,WAAW,gBAAgB;GACzB,MAAM;IACJ,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;IAChC,QAAQ,EAAE,SAAS,0BAA0B;IAC9C;GACD,SAAS,OAAO,KAAK,SAAS;IAC5B,MAAM,QAAQ,MAAM,UAAU,KAAK,eAAe,EAChD,cAAc,KAAK,cACpB,CAAC;AACF,QAAI,CAAC,MAAM,GAAI,QAAO;KAAE,IAAI;KAAgB,MAAM,MAAM;KAAM;AAC9D,WAAO,MAAM,KAAK,KAAK,MAAM,UAAU,KAAc,KAAK;;GAE7D,CAAC;EACF,KAAK,aAAa;GAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;GAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,QAAI,EAHU,MAAM,UAAU,KAAK,eAAe,EAChD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,WAAO,MAAM,KAAK,KAAK,MAAM,IAAI,KAAc,KAAK,aAAa;;GAEpE,CAAC;EACF,UAAU,aAAa;GACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;GAClC,SAAS,OAAO,KAAK,SAAS;AAI5B,QAAI,EAHU,MAAM,UAAU,KAAK,eAAe,EAChD,cAAc,KAAK,cACpB,CAAC,EACS,GAAI,QAAO;AACtB,WAAO,MAAM,KAAK,KAAK,MAAM,SAC3B,KACA,KAAK,aACN;;GAEJ,CAAC;EACH,EACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,SAAgB,WAGd,MAIA,SACA;CACA,MAAM,aAAa,IAAI,MAAM,EAC3B,OAAO,QAAQ,OAChB,CAAC;CACF,MAAM,cAAc,KAAK,MAAM,EAC7B,OAAO,EAAE,YAAY,QAAQ,MAAM,YAAY,EAChD,CAAC;AAEF,QAAO;EACL,kBAAkB,WAAW,MAAM,WAAW;EAC9C,eAAe,WAAW,MAAM,WAAW;EAC3C,sBAAsB,WAAW,MAAM,WAAW;EAClD,uBAAuB,WAAW,MAAM,WAAW;EACnD,iBAAiB,WAAW,MAAM,WAAW;EAC7C,kBAAkB,WAAW,MAAM,WAAW;EAC9C,kBAAkB,WAAW,MAAM,WAAW;EAC9C,qBAAqB,WAAW,MAAM,WAAW;EACjD,aAAa,WAAW,MAAM,WAAW,OAAO;EAChD,iBAAiB,WAAW,MAAM,WAAW,OAAO;EACpD,YAAY,WAAW,MAAM,WAAW,OAAO;EAC/C,2BACE,WAAW,MAAM,WAAW,OAAO,aAAa;EAClD,2BACE,WAAW,MAAM,WAAW,OAAO,aAAa;EAClD,eAAe,WAAW,MAAM,KAAK;EACrC,SAAS,WAAW,MAAM,KAAK;EAC/B,cAAc,WAAW,MAAM,KAAK;EACpC,eAAe,WAAW,MAAM,KAAK;EACrC,cAAc,WAAW,MAAM,KAAK;EACpC,WAAW,WAAW,MAAM,OAAO;EACnC,cAAc,WAAW,MAAM,OAAO;EACtC,gBAAgB,WAAW,MAAM,OAAO;EACxC,WAAW,WAAW,MAAM,MAAM;EAClC,uBAAuB,WAAW,MAAM,QAAQ,SAAS;EACzD,sBAAsB,WAAW,MAAM,QAAQ,SAAS;EACxD,uBAAuB,WAAW,MAAM,QAAQ,SAAS;EACzD,wBAAwB,WAAW,MAAM,QAAQ,SAAS;EAC1D,eAAe,YAAY,MAAM;EACjC,SAAS,YAAY,MAAM;EAC3B,cAAc,YAAY,MAAM;EAChC,QAAQ,WAAW,OAAO;EAC1B,UAAU,WAAW,OAAO;EAC7B"}
1
+ {"version":3,"file":"mounts.js","names":[],"sources":["../../src/server/mounts.ts"],"sourcesContent":["import { Cv } from \"@robelest/fx/convex\";\nimport { actionGeneric, mutationGeneric, queryGeneric } from \"convex/server\";\nimport { ConvexError, v } from \"convex/values\";\n\nimport type { AuthApi } from \"./auth\";\nimport {\n enterpriseConnectionWhereValidator,\n enterpriseDomainInputValidator,\n enterpriseDomainVerificationInputValidator,\n enterprisePolicyPatchValidator,\n enterpriseSamlAttributeMappingValidator,\n enterpriseSamlSpValidator,\n enterpriseStatusValidator,\n} from \"./enterprise/validators\";\nimport type { AuthAuthorizationConfig, AuthRoleId } from \"./types\";\n\n/**\n * Permission identifiers used by mounted enterprise admin APIs.\n *\n * These permission strings are passed to your {@link EnterpriseAuthorizer}\n * callback so app code can decide whether the current user may perform a\n * specific SSO or SCIM management operation.\n *\n * @example\n * ```ts\n * const authorized: EnterpriseAuthorizer = async (ctx, input) => {\n * if (input.permission === \"sso.connection.create\") {\n * // Only org admins may create SSO connections\n * }\n * };\n * ```\n */\nexport type EnterpriseAdminPermission =\n | \"sso.connection.create\"\n | \"sso.connection.read\"\n | \"sso.connection.manage\"\n | \"sso.domain.manage\"\n | \"sso.protocol.manage\"\n | \"sso.policy.manage\"\n | \"sso.audit.read\"\n | \"sso.webhook.manage\"\n | \"scim.manage\";\n\n/**\n * Input passed to an {@link EnterpriseAuthorizer}.\n *\n * Contains the acting user, the requested permission, and the resolved\n * enterprise/group scope for the operation being authorized.\n */\nexport type EnterpriseAdminAuthorizationInput = {\n /** The signed-in user's ID performing the admin action. */\n userId: string;\n /** The {@link EnterpriseAdminPermission} being requested. */\n permission: EnterpriseAdminPermission;\n /** Enterprise document ID, if the operation targets a specific enterprise. */\n enterpriseId?: string;\n /** Group document ID, if explicitly provided by the caller. */\n groupId?: string;\n /** Resolved group ID from the enterprise record, or `null` when no enterprise context. */\n resolvedGroupId: string | null;\n};\n\n/**\n * App-defined authorization hook for mounted enterprise admin APIs.\n *\n * Return `void` (or resolve) to allow the operation, or throw to deny it.\n *\n * @param ctx - Convex context with `ctx.auth` for identity checks.\n * @param input - The {@link EnterpriseAdminAuthorizationInput} describing who is doing what.\n * @returns `void` to allow; throw to deny.\n *\n * @example\n * ```ts\n * import { EnterpriseAuthorizer } from \"@robelest/convex-auth/server\";\n *\n * const authorized: EnterpriseAuthorizer = async (ctx, input) => {\n * const identity = await ctx.auth.getUserIdentity();\n * if (!identity) throw new Error(\"Forbidden\");\n * // Allow all admin ops for the org owner\n * };\n * ```\n */\nexport type EnterpriseAuthorizer = (\n ctx: { auth: import(\"convex/server\").Auth },\n input: EnterpriseAdminAuthorizationInput,\n) => Promise<void>;\n\ntype RoleRef<TRoleId extends string> = { id: TRoleId };\n\ntype MountedEnterpriseOptions<TRoleId extends string = string> = {\n admin?: {\n authorized?: EnterpriseAuthorizer;\n roles?: Array<TRoleId | RoleRef<TRoleId>>;\n };\n};\n\n/**\n * Configuration for {@link enterprise}, {@link sso}, and {@link scim}\n * mounted admin APIs.\n *\n * @typeParam TRoleId - Role IDs that may be assigned to enterprise creators.\n *\n * @example\n * ```ts\n * import { enterprise, EnterpriseMountOptions } from \"@robelest/convex-auth/server\";\n *\n * const options: EnterpriseMountOptions = {\n * admin: {\n * authorized: async (ctx, input) => {\n * // Verify the user has permission for `input.permission`\n * },\n * roles: [\"admin\", \"owner\"],\n * },\n * };\n * ```\n */\nexport type EnterpriseMountOptions<TRoleId extends string = string> = {\n admin: {\n authorized: EnterpriseAuthorizer;\n roles?: Array<TRoleId | RoleRef<TRoleId>>;\n };\n};\n\ntype MountedEnterpriseTarget = {\n enterpriseId?: string;\n groupId?: string;\n domain?: string;\n};\n\nfunction requireSignedInUser(auth: Pick<AuthApi, \"user\">) {\n return async (ctx: {\n auth: import(\"convex/server\").Auth;\n }): Promise<string | null> => {\n return await auth.user.id(ctx as never);\n };\n}\n\nfunction normalizeCreatorRoleIds<TRoleId extends string>(\n roles?: Array<TRoleId | RoleRef<TRoleId>>,\n) {\n return roles?.map((role) => (typeof role === \"string\" ? role : role.id));\n}\n\nasync function resolveMountedEnterpriseTarget(\n auth: Pick<AuthApi, \"sso\">,\n ctx: { auth: import(\"convex/server\").Auth },\n target: MountedEnterpriseTarget,\n) {\n if (target.groupId !== undefined) {\n return {\n enterpriseId: target.enterpriseId,\n groupId: target.groupId,\n resolvedGroupId: target.groupId,\n };\n }\n\n if (target.enterpriseId !== undefined) {\n const enterprise = await auth.sso.admin.connection.get(\n ctx as never,\n target.enterpriseId,\n );\n if (enterprise === null) {\n throw new ConvexError({\n code: \"INVALID_PARAMETERS\",\n message: \"Enterprise not found.\",\n });\n }\n return {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n resolvedGroupId: enterprise.groupId,\n };\n }\n\n if (target.domain !== undefined) {\n const resolved = await auth.sso.admin.connection.getByDomain(\n ctx as never,\n target.domain,\n );\n if (resolved?.enterprise === undefined) {\n throw new ConvexError({\n code: \"INVALID_PARAMETERS\",\n message: \"Enterprise not found.\",\n });\n }\n return {\n enterpriseId: resolved.enterprise._id,\n groupId: resolved.enterprise.groupId,\n resolvedGroupId: resolved.enterprise.groupId,\n };\n }\n\n return {\n enterpriseId: undefined,\n groupId: undefined,\n resolvedGroupId: null,\n };\n}\n\nfunction createMountedAdminAuthorizer(\n auth: Pick<AuthApi, \"sso\" | \"user\">,\n options?: MountedEnterpriseOptions,\n) {\n const requireUserId = requireSignedInUser(auth);\n\n return async (\n ctx: { auth: import(\"convex/server\").Auth },\n permission: EnterpriseAdminPermission,\n target: MountedEnterpriseTarget = {},\n ) => {\n const userId = await requireUserId(ctx);\n if (userId === null) {\n throw Cv.error({\n code: \"NOT_SIGNED_IN\",\n message: \"You must be signed in to perform this action.\",\n });\n }\n if (!options?.admin?.authorized) {\n throw Cv.error({\n code: \"FORBIDDEN\",\n message: \"Access denied.\",\n });\n }\n const resolved = await resolveMountedEnterpriseTarget(auth, ctx, target);\n await options.admin.authorized(ctx, {\n userId,\n permission,\n enterpriseId: resolved.enterpriseId,\n groupId: resolved.groupId,\n resolvedGroupId: resolved.resolvedGroupId,\n });\n return { userId, ...resolved };\n };\n}\n\n/**\n * Build optional public SSO management actions that apps can mount under\n * `convex/auth/sso/**` when they want client-callable enterprise APIs.\n *\n * `admin` is for tenant-admin control-plane operations and should be mounted\n * with an explicit authorization policy. `client` is for end-user sign-in\n * helpers and does not require tenant-admin authorization.\n *\n * @param auth - Auth API subset providing `group`, `member`, `sso`, and `user` namespaces.\n * @param options - Optional admin authorization config. See {@link EnterpriseMountOptions}.\n * @typeParam TAuthorization - Optional authorization config for typed role IDs.\n * @returns An object with `admin` (connection CRUD, OIDC/SAML protocol config, policy,\n * audit, webhooks, domain management) and `client` (signIn, metadata) namespaces.\n *\n * @example\n * ```ts\n * // convex/auth/sso.ts\n * import { sso } from \"@robelest/convex-auth/server\";\n * import { auth } from \"../auth\";\n *\n * const mounted = sso(auth, {\n * admin: {\n * authorized: async (ctx, input) => { /* check permissions *\\/ },\n * },\n * });\n *\n * export const createConnection = mounted.admin.connection.create;\n * export const signIn = mounted.client.signIn;\n * ```\n *\n * @see {@link scim}\n * @see {@link enterprise}\n */\nexport function sso<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n auth: Pick<AuthApi<TAuthorization>, \"group\" | \"member\" | \"sso\" | \"user\">,\n options?: MountedEnterpriseOptions<AuthRoleId<TAuthorization>>,\n) {\n const authorize = createMountedAdminAuthorizer(auth, options);\n const adminRoleIds = normalizeCreatorRoleIds(options?.admin?.roles);\n\n return {\n admin: {\n connection: {\n create: mutationGeneric({\n args: {\n groupId: v.optional(v.string()),\n name: v.optional(v.string()),\n slug: v.optional(v.string()),\n status: v.optional(enterpriseStatusValidator),\n domain: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n const authResult = await authorize(ctx, \"sso.connection.create\", {\n groupId: args.groupId,\n });\n const { userId } = authResult;\n const createsGroup = args.groupId === undefined;\n const groupId =\n args.groupId ??\n (\n await auth.group.create(ctx as never, {\n name: args.name?.trim() || args.slug?.trim() || \"Enterprise\",\n slug: args.slug,\n type: \"enterprise\",\n })\n ).groupId;\n if (createsGroup) {\n await auth.member.create(ctx as never, {\n groupId,\n userId,\n roleIds: adminRoleIds,\n });\n }\n const created = await auth.sso.admin.connection.create(\n ctx as never,\n {\n groupId,\n name: args.name,\n slug: args.slug,\n status: args.status,\n },\n );\n if (args.domain) {\n await auth.sso.admin.connection.domain.set(\n ctx as never,\n created.enterpriseId,\n [{ domain: args.domain, isPrimary: true }],\n );\n }\n return {\n ...created,\n groupId,\n createdGroup: createsGroup,\n };\n },\n }),\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.get(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n getByGroup: queryGeneric({\n args: { groupId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n groupId: args.groupId,\n });\n return await auth.sso.admin.connection.getByGroup(\n ctx as never,\n args.groupId,\n );\n },\n }),\n getByDomain: queryGeneric({\n args: { domain: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n domain: args.domain,\n });\n return await auth.sso.admin.connection.getByDomain(\n ctx as never,\n args.domain,\n );\n },\n }),\n list: queryGeneric({\n args: {\n where: v.optional(enterpriseConnectionWhereValidator),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(v.string()),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n groupId: args.where?.groupId,\n });\n return await auth.sso.admin.connection.list(\n ctx as never,\n args as never,\n );\n },\n }),\n update: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n data: v.object({\n name: v.optional(v.string()),\n slug: v.optional(v.string()),\n status: v.optional(enterpriseStatusValidator),\n }),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.manage\", {\n enterpriseId: args.enterpriseId,\n });\n await auth.sso.admin.connection.update(\n ctx as never,\n args.enterpriseId,\n args.data,\n );\n return { enterpriseId: args.enterpriseId };\n },\n }),\n delete: mutationGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.delete(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n status: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.status(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n domain: {\n list: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.domain.list(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.domain.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n set: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n domains: v.array(enterpriseDomainInputValidator),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.domain.set(\n ctx as never,\n args.enterpriseId,\n args.domains,\n );\n },\n }),\n verification: {\n request: mutationGeneric({\n args: enterpriseDomainVerificationInputValidator,\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.domain.verification.request(\n ctx as never,\n args,\n );\n },\n }),\n confirm: actionGeneric({\n args: enterpriseDomainVerificationInputValidator,\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.domain.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.connection.domain.verification.confirm(\n ctx as never,\n args,\n );\n },\n }),\n },\n },\n },\n oidc: {\n configure: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n issuer: v.optional(v.string()),\n discoveryUrl: v.optional(v.string()),\n clientId: v.string(),\n clientSecret: v.optional(v.string()),\n scopes: v.optional(v.array(v.string())),\n authorizationParams: v.optional(v.record(v.string(), v.string())),\n clockToleranceSeconds: v.optional(v.number()),\n strictIssuer: v.optional(v.boolean()),\n extraFields: v.optional(v.record(v.string(), v.string())),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.oidc.configure(ctx as never, args);\n },\n }),\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.oidc.get(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n validate: actionGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.oidc.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n saml: {\n configure: actionGeneric({\n args: {\n enterpriseId: v.string(),\n metadataXml: v.optional(v.string()),\n metadataUrl: v.optional(v.string()),\n domains: v.optional(v.array(v.string())),\n signAuthnRequests: v.optional(v.boolean()),\n attributeMapping: v.optional(\n enterpriseSamlAttributeMappingValidator,\n ),\n sp: v.optional(enterpriseSamlSpValidator),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.saml.configure(ctx as never, args);\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.protocol.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.saml.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n policy: {\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.connection.read\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.policy.get(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n update: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n patch: enterprisePolicyPatchValidator,\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.policy.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.policy.update(\n ctx as never,\n args.enterpriseId,\n args.patch,\n );\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.policy.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.sso.admin.policy.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n audit: {\n list: queryGeneric({\n args: {\n enterpriseId: v.optional(v.string()),\n groupId: v.optional(v.string()),\n limit: v.optional(v.number()),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.audit.read\", {\n enterpriseId: args.enterpriseId,\n groupId: args.groupId,\n });\n return await auth.sso.admin.audit.list(ctx as never, args);\n },\n }),\n },\n webhook: {\n delivery: {\n list: queryGeneric({\n args: {\n enterpriseId: v.string(),\n limit: v.optional(v.number()),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await (auth.sso.admin.webhook as any).delivery.list(\n ctx as never,\n args,\n );\n },\n }),\n },\n endpoint: {\n create: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n url: v.string(),\n secret: v.string(),\n subscriptions: v.array(v.string()),\n createdByUserId: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n const authResult = await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: args.enterpriseId,\n });\n const { userId } = authResult;\n const result = await auth.sso.admin.webhook.endpoint.create(\n ctx as never,\n {\n ...args,\n createdByUserId: args.createdByUserId ?? userId,\n },\n );\n return {\n _id: result.endpointId,\n enterpriseId: args.enterpriseId,\n url: args.url,\n subscriptions: args.subscriptions,\n createdByUserId: args.createdByUserId ?? userId,\n status: \"active\",\n failureCount: 0,\n };\n },\n }),\n list: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: args.enterpriseId,\n });\n const endpoints = await auth.sso.admin.webhook.endpoint.list(\n ctx as never,\n args.enterpriseId,\n );\n return endpoints.map((endpoint: Record<string, unknown>) => {\n const { secretHash: _secretHash, ...rest } = endpoint;\n return rest;\n });\n },\n }),\n disable: mutationGeneric({\n args: { endpointId: v.string() },\n handler: async (ctx, args) => {\n const endpoint = await auth.sso.admin.webhook.endpoint.get(\n ctx as never,\n args.endpointId,\n );\n if (!endpoint) {\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Webhook endpoint not found.\",\n });\n }\n await authorize(ctx, \"sso.webhook.manage\", {\n enterpriseId: endpoint.enterpriseId,\n groupId: endpoint.groupId,\n });\n return await auth.sso.admin.webhook.endpoint.disable(\n ctx as never,\n args.endpointId,\n );\n },\n }),\n },\n },\n },\n client: {\n signIn: queryGeneric({\n args: {\n enterpriseId: v.optional(v.string()),\n email: v.optional(v.string()),\n domain: v.optional(v.string()),\n redirectTo: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n return await auth.sso.client.signIn(ctx as never, args);\n },\n }),\n metadata: queryGeneric({\n args: {\n enterpriseId: v.string(),\n entityId: v.optional(v.string()),\n acsUrl: v.optional(v.string()),\n sloUrl: v.optional(v.string()),\n },\n handler: async (ctx, args) => {\n return await auth.sso.client.metadata(ctx as never, args);\n },\n }),\n },\n };\n}\n\n/**\n * Build optional public SCIM management actions that apps can mount under\n * `convex/auth/scim/**` when they want client-callable enterprise admin APIs.\n *\n * @param auth - Auth API subset providing `scim`, `sso`, and `user` namespaces.\n * @param options - Optional admin authorization config. See {@link EnterpriseMountOptions}.\n * @typeParam TAuthorization - Optional authorization config for typed role IDs.\n * @returns An object with `admin.configure`, `admin.get`, and `admin.validate` actions.\n *\n * @example\n * ```ts\n * // convex/auth/scim.ts\n * import { scim } from \"@robelest/convex-auth/server\";\n * import { auth } from \"../auth\";\n *\n * const mounted = scim(auth, {\n * admin: {\n * authorized: async (ctx, input) => { /* check permissions *\\/ },\n * },\n * });\n *\n * export const configure = mounted.admin.configure;\n * export const get = mounted.admin.get;\n * export const validate = mounted.admin.validate;\n * ```\n *\n * @see {@link sso}\n * @see {@link enterprise}\n */\nexport function scim<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n auth: Pick<AuthApi<TAuthorization>, \"scim\" | \"sso\" | \"user\">,\n options?: MountedEnterpriseOptions<AuthRoleId<TAuthorization>>,\n) {\n const authorize = createMountedAdminAuthorizer(auth, options);\n\n return {\n admin: {\n configure: mutationGeneric({\n args: {\n enterpriseId: v.string(),\n basePath: v.optional(v.string()),\n status: v.optional(enterpriseStatusValidator),\n },\n handler: async (ctx, args) => {\n await authorize(ctx, \"scim.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.scim.admin.configure(ctx as never, args);\n },\n }),\n get: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"scim.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.scim.admin.get(ctx as never, args.enterpriseId);\n },\n }),\n validate: queryGeneric({\n args: { enterpriseId: v.string() },\n handler: async (ctx, args) => {\n await authorize(ctx, \"scim.manage\", {\n enterpriseId: args.enterpriseId,\n });\n return await auth.scim.admin.validate(\n ctx as never,\n args.enterpriseId,\n );\n },\n }),\n },\n };\n}\n\n/**\n * Build a flat mounted enterprise API surface for app-owned Convex exports.\n *\n * Combines {@link sso} and {@link scim} into a single flat object with\n * all SSO connection, protocol, policy, audit, webhook, and SCIM\n * management functions plus end-user sign-in helpers. The `authorized`\n * callback is required for all admin operations.\n *\n * @param auth - Auth API subset providing `group`, `member`, `scim`, `sso`, and `user` namespaces.\n * @param options - Required {@link EnterpriseMountOptions} with an `admin.authorized` callback.\n * @typeParam TAuthorization - Optional authorization config for typed role IDs.\n * @returns A flat object with all enterprise management functions (e.g. `createConnection`,\n * `configureOidc`, `configureScim`, `signIn`, etc.).\n *\n * @example\n * ```ts\n * // convex/auth/enterprise.ts\n * import { enterprise } from \"@robelest/convex-auth/server\";\n * import { auth } from \"../auth\";\n *\n * const api = enterprise(auth, {\n * admin: {\n * authorized: async (ctx, input) => { /* check permissions *\\/ },\n * roles: [\"admin\"],\n * },\n * });\n *\n * export const createConnection = api.createConnection;\n * export const configureOidc = api.configureOidc;\n * export const signIn = api.signIn;\n * ```\n *\n * @see {@link sso}\n * @see {@link scim}\n */\nexport function enterprise<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n auth: Pick<\n AuthApi<TAuthorization>,\n \"group\" | \"member\" | \"scim\" | \"sso\" | \"user\"\n >,\n options: EnterpriseMountOptions<AuthRoleId<TAuthorization>>,\n) {\n const mountedSso = sso(auth, {\n admin: options.admin,\n });\n const mountedScim = scim(auth, {\n admin: { authorized: options.admin.authorized },\n });\n\n return {\n createConnection: mountedSso.admin.connection.create,\n getConnection: mountedSso.admin.connection.get,\n getConnectionByGroup: mountedSso.admin.connection.getByGroup,\n getConnectionByDomain: mountedSso.admin.connection.getByDomain,\n listConnections: mountedSso.admin.connection.list,\n updateConnection: mountedSso.admin.connection.update,\n deleteConnection: mountedSso.admin.connection.delete,\n getConnectionStatus: mountedSso.admin.connection.status,\n listDomains: mountedSso.admin.connection.domain.list,\n validateDomains: mountedSso.admin.connection.domain.validate,\n setDomains: mountedSso.admin.connection.domain.set,\n requestDomainVerification:\n mountedSso.admin.connection.domain.verification.request,\n confirmDomainVerification:\n mountedSso.admin.connection.domain.verification.confirm,\n configureOidc: mountedSso.admin.oidc.configure,\n getOidc: mountedSso.admin.oidc.get,\n validateOidc: mountedSso.admin.oidc.validate,\n configureSaml: mountedSso.admin.saml.configure,\n validateSaml: mountedSso.admin.saml.validate,\n getPolicy: mountedSso.admin.policy.get,\n updatePolicy: mountedSso.admin.policy.update,\n validatePolicy: mountedSso.admin.policy.validate,\n listAudit: mountedSso.admin.audit.list,\n createWebhookEndpoint: mountedSso.admin.webhook.endpoint.create,\n listWebhookEndpoints: mountedSso.admin.webhook.endpoint.list,\n listWebhookDeliveries: mountedSso.admin.webhook.delivery.list,\n disableWebhookEndpoint: mountedSso.admin.webhook.endpoint.disable,\n configureScim: mountedScim.admin.configure,\n getScim: mountedScim.admin.get,\n validateScim: mountedScim.admin.validate,\n signIn: mountedSso.client.signIn,\n metadata: mountedSso.client.metadata,\n };\n}\n"],"mappings":";;;;;;AAiIA,SAAS,oBAAoB,MAA6B;AACxD,QAAO,OAAO,QAEgB;AAC5B,SAAO,MAAM,KAAK,KAAK,GAAG,IAAa;;;AAI3C,SAAS,wBACP,OACA;AACA,QAAO,OAAO,KAAK,SAAU,OAAO,SAAS,WAAW,OAAO,KAAK,GAAI;;AAG1E,eAAe,+BACb,MACA,KACA,QACA;AACA,KAAI,OAAO,YAAY,OACrB,QAAO;EACL,cAAc,OAAO;EACrB,SAAS,OAAO;EAChB,iBAAiB,OAAO;EACzB;AAGH,KAAI,OAAO,iBAAiB,QAAW;EACrC,MAAM,aAAa,MAAM,KAAK,IAAI,MAAM,WAAW,IACjD,KACA,OAAO,aACR;AACD,MAAI,eAAe,KACjB,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,SAAO;GACL,cAAc,WAAW;GACzB,SAAS,WAAW;GACpB,iBAAiB,WAAW;GAC7B;;AAGH,KAAI,OAAO,WAAW,QAAW;EAC/B,MAAM,WAAW,MAAM,KAAK,IAAI,MAAM,WAAW,YAC/C,KACA,OAAO,OACR;AACD,MAAI,UAAU,eAAe,OAC3B,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,SAAO;GACL,cAAc,SAAS,WAAW;GAClC,SAAS,SAAS,WAAW;GAC7B,iBAAiB,SAAS,WAAW;GACtC;;AAGH,QAAO;EACL,cAAc;EACd,SAAS;EACT,iBAAiB;EAClB;;AAGH,SAAS,6BACP,MACA,SACA;CACA,MAAM,gBAAgB,oBAAoB,KAAK;AAE/C,QAAO,OACL,KACA,YACA,SAAkC,EAAE,KACjC;EACH,MAAM,SAAS,MAAM,cAAc,IAAI;AACvC,MAAI,WAAW,KACb,OAAM,GAAG,MAAM;GACb,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,MAAI,CAAC,SAAS,OAAO,WACnB,OAAM,GAAG,MAAM;GACb,MAAM;GACN,SAAS;GACV,CAAC;EAEJ,MAAM,WAAW,MAAM,+BAA+B,MAAM,KAAK,OAAO;AACxE,QAAM,QAAQ,MAAM,WAAW,KAAK;GAClC;GACA;GACA,cAAc,SAAS;GACvB,SAAS,SAAS;GAClB,iBAAiB,SAAS;GAC3B,CAAC;AACF,SAAO;GAAE;GAAQ,GAAG;GAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqClC,SAAgB,IAGd,MACA,SACA;CACA,MAAM,YAAY,6BAA6B,MAAM,QAAQ;CAC7D,MAAM,eAAe,wBAAwB,SAAS,OAAO,MAAM;AAEnE,QAAO;EACL,OAAO;GACL,YAAY;IACV,QAAQ,gBAAgB;KACtB,MAAM;MACJ,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC/B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC5B,QAAQ,EAAE,SAAS,0BAA0B;MAC7C,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC/B;KACD,SAAS,OAAO,KAAK,SAAS;MAI5B,MAAM,EAAE,WAHW,MAAM,UAAU,KAAK,yBAAyB,EAC/D,SAAS,KAAK,SACf,CAAC;MAEF,MAAM,eAAe,KAAK,YAAY;MACtC,MAAM,UACJ,KAAK,YAEH,MAAM,KAAK,MAAM,OAAO,KAAc;OACpC,MAAM,KAAK,MAAM,MAAM,IAAI,KAAK,MAAM,MAAM,IAAI;OAChD,MAAM,KAAK;OACX,MAAM;OACP,CAAC,EACF;AACJ,UAAI,aACF,OAAM,KAAK,OAAO,OAAO,KAAc;OACrC;OACA;OACA,SAAS;OACV,CAAC;MAEJ,MAAM,UAAU,MAAM,KAAK,IAAI,MAAM,WAAW,OAC9C,KACA;OACE;OACA,MAAM,KAAK;OACX,MAAM,KAAK;OACX,QAAQ,KAAK;OACd,CACF;AACD,UAAI,KAAK,OACP,OAAM,KAAK,IAAI,MAAM,WAAW,OAAO,IACrC,KACA,QAAQ,cACR,CAAC;OAAE,QAAQ,KAAK;OAAQ,WAAW;OAAM,CAAC,CAC3C;AAEH,aAAO;OACL,GAAG;OACH;OACA,cAAc;OACf;;KAEJ,CAAC;IACF,KAAK,aAAa;KAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,IACrC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,YAAY,aAAa;KACvB,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;KAC7B,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,SAAS,KAAK,SACf,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,WACrC,KACA,KAAK,QACN;;KAEJ,CAAC;IACF,aAAa,aAAa;KACxB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE;KAC5B,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,QAAQ,KAAK,QACd,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,YACrC,KACA,KAAK,OACN;;KAEJ,CAAC;IACF,MAAM,aAAa;KACjB,MAAM;MACJ,OAAO,EAAE,SAAS,mCAAmC;MACrD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;MACjD,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;MAChE;KACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,SAAS,KAAK,OAAO,SACtB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,KACrC,KACA,KACD;;KAEJ,CAAC;IACF,QAAQ,gBAAgB;KACtB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,MAAM,EAAE,OAAO;OACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;OAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;OAC5B,QAAQ,EAAE,SAAS,0BAA0B;OAC9C,CAAC;MACH;KACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,yBAAyB,EAC5C,cAAc,KAAK,cACpB,CAAC;AACF,YAAM,KAAK,IAAI,MAAM,WAAW,OAC9B,KACA,KAAK,cACL,KAAK,KACN;AACD,aAAO,EAAE,cAAc,KAAK,cAAc;;KAE7C,CAAC;IACF,QAAQ,gBAAgB;KACtB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,yBAAyB,EAC5C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OACrC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,QAAQ,aAAa;KACnB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OACrC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,QAAQ;KACN,MAAM,aAAa;MACjB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;MAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,aAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,cAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,KAC5C,KACA,KAAK,aACN;;MAEJ,CAAC;KACF,UAAU,aAAa;MACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;MAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,aAAM,UAAU,KAAK,qBAAqB,EACxC,cAAc,KAAK,cACpB,CAAC;AACF,cAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,SAC5C,KACA,KAAK,aACN;;MAEJ,CAAC;KACF,KAAK,gBAAgB;MACnB,MAAM;OACJ,cAAc,EAAE,QAAQ;OACxB,SAAS,EAAE,MAAM,+BAA+B;OACjD;MACD,SAAS,OAAO,KAAK,SAAS;AAC5B,aAAM,UAAU,KAAK,qBAAqB,EACxC,cAAc,KAAK,cACpB,CAAC;AACF,cAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,IAC5C,KACA,KAAK,cACL,KAAK,QACN;;MAEJ,CAAC;KACF,cAAc;MACZ,SAAS,gBAAgB;OACvB,MAAM;OACN,SAAS,OAAO,KAAK,SAAS;AAC5B,cAAM,UAAU,KAAK,qBAAqB,EACxC,cAAc,KAAK,cACpB,CAAC;AACF,eAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,aAAa,QACzD,KACA,KACD;;OAEJ,CAAC;MACF,SAAS,cAAc;OACrB,MAAM;OACN,SAAS,OAAO,KAAK,SAAS;AAC5B,cAAM,UAAU,KAAK,qBAAqB,EACxC,cAAc,KAAK,cACpB,CAAC;AACF,eAAO,MAAM,KAAK,IAAI,MAAM,WAAW,OAAO,aAAa,QACzD,KACA,KACD;;OAEJ,CAAC;MACH;KACF;IACF;GACD,MAAM;IACJ,WAAW,gBAAgB;KACzB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC9B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;MACpC,UAAU,EAAE,QAAQ;MACpB,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;MACpC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;MACvC,qBAAqB,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;MACjE,uBAAuB,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC7C,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC;MACrC,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;MAC1D;KACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,UAAU,KAAc,KAAK;;KAEjE,CAAC;IACF,KAAK,aAAa;KAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,IAC/B,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,UAAU,cAAc;KACtB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KACA,KAAK,aACN;;KAEJ,CAAC;IACH;GACD,MAAM;IACJ,WAAW,cAAc;KACvB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;MACnC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;MACnC,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;MACxC,mBAAmB,EAAE,SAAS,EAAE,SAAS,CAAC;MAC1C,kBAAkB,EAAE,SAClB,wCACD;MACD,IAAI,EAAE,SAAS,0BAA0B;MAC1C;KACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,UAAU,KAAc,KAAK;;KAEjE,CAAC;IACF,UAAU,aAAa;KACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,KAAK,SAC/B,KACA,KAAK,aACN;;KAEJ,CAAC;IACH;GACD,QAAQ;IACN,KAAK,aAAa;KAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,uBAAuB,EAC1C,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,OAAO,IACjC,KACA,KAAK,aACN;;KAEJ,CAAC;IACF,QAAQ,gBAAgB;KACtB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,OAAO;MACR;KACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,qBAAqB,EACxC,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,OAAO,OACjC,KACA,KAAK,cACL,KAAK,MACN;;KAEJ,CAAC;IACF,UAAU,aAAa;KACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;KAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,qBAAqB,EACxC,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAM,KAAK,IAAI,MAAM,OAAO,SACjC,KACA,KAAK,aACN;;KAEJ,CAAC;IACH;GACD,OAAO,EACL,MAAM,aAAa;IACjB,MAAM;KACJ,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;KACpC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC/B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC9B;IACD,SAAS,OAAO,KAAK,SAAS;AAC5B,WAAM,UAAU,KAAK,kBAAkB;MACrC,cAAc,KAAK;MACnB,SAAS,KAAK;MACf,CAAC;AACF,YAAO,MAAM,KAAK,IAAI,MAAM,MAAM,KAAK,KAAc,KAAK;;IAE7D,CAAC,EACH;GACD,SAAS;IACP,UAAU,EACR,MAAM,aAAa;KACjB,MAAM;MACJ,cAAc,EAAE,QAAQ;MACxB,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;MAC9B;KACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAM,UAAU,KAAK,sBAAsB,EACzC,cAAc,KAAK,cACpB,CAAC;AACF,aAAO,MAAO,KAAK,IAAI,MAAM,QAAgB,SAAS,KACpD,KACA,KACD;;KAEJ,CAAC,EACH;IACD,UAAU;KACR,QAAQ,gBAAgB;MACtB,MAAM;OACJ,cAAc,EAAE,QAAQ;OACxB,KAAK,EAAE,QAAQ;OACf,QAAQ,EAAE,QAAQ;OAClB,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC;OAClC,iBAAiB,EAAE,SAAS,EAAE,QAAQ,CAAC;OACxC;MACD,SAAS,OAAO,KAAK,SAAS;OAI5B,MAAM,EAAE,WAHW,MAAM,UAAU,KAAK,sBAAsB,EAC5D,cAAc,KAAK,cACpB,CAAC;AASF,cAAO;QACL,MARa,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,OACnD,KACA;SACE,GAAG;SACH,iBAAiB,KAAK,mBAAmB;SAC1C,CACF,EAEa;QACZ,cAAc,KAAK;QACnB,KAAK,KAAK;QACV,eAAe,KAAK;QACpB,iBAAiB,KAAK,mBAAmB;QACzC,QAAQ;QACR,cAAc;QACf;;MAEJ,CAAC;KACF,MAAM,aAAa;MACjB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;MAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,aAAM,UAAU,KAAK,sBAAsB,EACzC,cAAc,KAAK,cACpB,CAAC;AAKF,eAJkB,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,KACtD,KACA,KAAK,aACN,EACgB,KAAK,aAAsC;QAC1D,MAAM,EAAE,YAAY,aAAa,GAAG,SAAS;AAC7C,eAAO;SACP;;MAEL,CAAC;KACF,SAAS,gBAAgB;MACvB,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE;MAChC,SAAS,OAAO,KAAK,SAAS;OAC5B,MAAM,WAAW,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,IACrD,KACA,KAAK,WACN;AACD,WAAI,CAAC,SACH,OAAM,GAAG,MAAM;QACb,MAAM;QACN,SAAS;QACV,CAAC;AAEJ,aAAM,UAAU,KAAK,sBAAsB;QACzC,cAAc,SAAS;QACvB,SAAS,SAAS;QACnB,CAAC;AACF,cAAO,MAAM,KAAK,IAAI,MAAM,QAAQ,SAAS,QAC3C,KACA,KAAK,WACN;;MAEJ,CAAC;KACH;IACF;GACF;EACD,QAAQ;GACN,QAAQ,aAAa;IACnB,MAAM;KACJ,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;KACpC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC9B,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;KACnC;IACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAO,MAAM,KAAK,IAAI,OAAO,OAAO,KAAc,KAAK;;IAE1D,CAAC;GACF,UAAU,aAAa;IACrB,MAAM;KACJ,cAAc,EAAE,QAAQ;KACxB,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;KAChC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC9B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;KAC/B;IACD,SAAS,OAAO,KAAK,SAAS;AAC5B,YAAO,MAAM,KAAK,IAAI,OAAO,SAAS,KAAc,KAAK;;IAE5D,CAAC;GACH;EACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCH,SAAgB,KAGd,MACA,SACA;CACA,MAAM,YAAY,6BAA6B,MAAM,QAAQ;AAE7D,QAAO,EACL,OAAO;EACL,WAAW,gBAAgB;GACzB,MAAM;IACJ,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;IAChC,QAAQ,EAAE,SAAS,0BAA0B;IAC9C;GACD,SAAS,OAAO,KAAK,SAAS;AAC5B,UAAM,UAAU,KAAK,eAAe,EAClC,cAAc,KAAK,cACpB,CAAC;AACF,WAAO,MAAM,KAAK,KAAK,MAAM,UAAU,KAAc,KAAK;;GAE7D,CAAC;EACF,KAAK,aAAa;GAChB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;GAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,UAAM,UAAU,KAAK,eAAe,EAClC,cAAc,KAAK,cACpB,CAAC;AACF,WAAO,MAAM,KAAK,KAAK,MAAM,IAAI,KAAc,KAAK,aAAa;;GAEpE,CAAC;EACF,UAAU,aAAa;GACrB,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;GAClC,SAAS,OAAO,KAAK,SAAS;AAC5B,UAAM,UAAU,KAAK,eAAe,EAClC,cAAc,KAAK,cACpB,CAAC;AACF,WAAO,MAAM,KAAK,KAAK,MAAM,SAC3B,KACA,KAAK,aACN;;GAEJ,CAAC;EACH,EACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,SAAgB,WAGd,MAIA,SACA;CACA,MAAM,aAAa,IAAI,MAAM,EAC3B,OAAO,QAAQ,OAChB,CAAC;CACF,MAAM,cAAc,KAAK,MAAM,EAC7B,OAAO,EAAE,YAAY,QAAQ,MAAM,YAAY,EAChD,CAAC;AAEF,QAAO;EACL,kBAAkB,WAAW,MAAM,WAAW;EAC9C,eAAe,WAAW,MAAM,WAAW;EAC3C,sBAAsB,WAAW,MAAM,WAAW;EAClD,uBAAuB,WAAW,MAAM,WAAW;EACnD,iBAAiB,WAAW,MAAM,WAAW;EAC7C,kBAAkB,WAAW,MAAM,WAAW;EAC9C,kBAAkB,WAAW,MAAM,WAAW;EAC9C,qBAAqB,WAAW,MAAM,WAAW;EACjD,aAAa,WAAW,MAAM,WAAW,OAAO;EAChD,iBAAiB,WAAW,MAAM,WAAW,OAAO;EACpD,YAAY,WAAW,MAAM,WAAW,OAAO;EAC/C,2BACE,WAAW,MAAM,WAAW,OAAO,aAAa;EAClD,2BACE,WAAW,MAAM,WAAW,OAAO,aAAa;EAClD,eAAe,WAAW,MAAM,KAAK;EACrC,SAAS,WAAW,MAAM,KAAK;EAC/B,cAAc,WAAW,MAAM,KAAK;EACpC,eAAe,WAAW,MAAM,KAAK;EACrC,cAAc,WAAW,MAAM,KAAK;EACpC,WAAW,WAAW,MAAM,OAAO;EACnC,cAAc,WAAW,MAAM,OAAO;EACtC,gBAAgB,WAAW,MAAM,OAAO;EACxC,WAAW,WAAW,MAAM,MAAM;EAClC,uBAAuB,WAAW,MAAM,QAAQ,SAAS;EACzD,sBAAsB,WAAW,MAAM,QAAQ,SAAS;EACxD,uBAAuB,WAAW,MAAM,QAAQ,SAAS;EACzD,wBAAwB,WAAW,MAAM,QAAQ,SAAS;EAC1D,eAAe,YAAY,MAAM;EACjC,SAAS,YAAY,MAAM;EAC3B,cAAc,YAAY,MAAM;EAChC,QAAQ,WAAW,OAAO;EAC1B,UAAU,WAAW,OAAO;EAC7B"}
package/dist/server/mutations/account.d.ts CHANGED
@@ -1,29 +1,28 @@
1
1
  import { MutationCtx } from "../types.js";
2
- import { AuthError } from "../authError.js";
3
2
  import { Config, GetProviderOrThrowFunc } from "../crypto.js";
4
3
  import { Fx } from "@robelest/fx";
5
4
  import { GenericActionCtx, GenericDataModel } from "convex/server";
6
- import * as convex_values3 from "convex/values";
7
- import { Infer } from "convex/values";
5
+ import * as convex_values92 from "convex/values";
6
+ import { ConvexError, Infer } from "convex/values";
8
7
 
9
8
  //#region src/server/mutations/account.d.ts
10
- declare const modifyAccountArgs: convex_values3.VObject<{
9
+ declare const modifyAccountArgs: convex_values92.VObject<{
11
10
  provider: string;
12
11
  account: {
13
12
  id: string;
14
13
  secret: string;
15
14
  };
16
15
  }, {
17
- provider: convex_values3.VString<string, "required">;
18
- account: convex_values3.VObject<{
16
+ provider: convex_values92.VString<string, "required">;
17
+ account: convex_values92.VObject<{
19
18
  id: string;
20
19
  secret: string;
21
20
  }, {
22
- id: convex_values3.VString<string, "required">;
23
- secret: convex_values3.VString<string, "required">;
21
+ id: convex_values92.VString<string, "required">;
22
+ secret: convex_values92.VString<string, "required">;
24
23
  }, "required", "id" | "secret">;
25
24
  }, "required", "provider" | "account" | "account.id" | "account.secret">;
26
- declare function modifyAccountImpl(ctx: MutationCtx, args: Infer<typeof modifyAccountArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config): Fx<void, AuthError>;
25
+ declare function modifyAccountImpl(ctx: MutationCtx, args: Infer<typeof modifyAccountArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config): Fx<void, ConvexError<any>>;
27
26
  declare const callModifyAccount: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, args: Infer<typeof modifyAccountArgs>) => Promise<void>;
28
27
  //#endregion
29
28
  export { callModifyAccount, modifyAccountArgs, modifyAccountImpl };
package/dist/server/mutations/account.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.d.ts","names":[],"sources":["../../../src/server/mutations/account.ts"],"mappings":";;;;;;;;;cAYa,iBAAA,iBAAiB,OAAA;;;;;;;YAG5B,cAAA,CAAA,OAAA;;;;;;;;;iBAEc,iBAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,iBAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,EAAA,OAAS,SAAA;AAAA,cA2CC,iBAAA,qBAA6C,gBAAA,EACxD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,iBAAA,MAClB,OAAA"}
1
+ {"version":3,"file":"account.d.ts","names":[],"sources":["../../../src/server/mutations/account.ts"],"mappings":";;;;;;;;cAYa,iBAAA,kBAAiB,OAAA;;;;;;;YAG5B,eAAA,CAAA,OAAA;;;;;;;;;iBAEc,iBAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,iBAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,EAAA,OAAS,WAAA;AAAA,cA6BC,iBAAA,qBAA6C,gBAAA,EACxD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,iBAAA,MAClB,OAAA"}