@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23

package/dist/server/mutations/register.js

@@ -1,11 +1,11 @@
-import { AuthError } from "../authError.js";
 import { LOG_LEVELS, logWithLevel, maybeRedact } from "../utils.js";
-import { authDb } from "../db.js";
 import { hash, verify } from "../crypto.js";
+import { authDb } from "../db.js";
 import { AUTH_STORE_REF } from "./store/refs.js";
 import { getAuthSessionId } from "../sessions.js";
 import { upsertUserAndAccount } from "../users.js";
 import { Fx } from "@robelest/fx";
+import { Cv } from "@robelest/fx/convex";
 import { v } from "convex/values";
 
 //#region src/server/mutations/register.ts
@@ -30,46 +30,50 @@ async function createAccountFromCredentialsImpl(ctx, args, getProviderOrThrow, c
 	const { provider: providerId, account, profile, shouldLinkViaEmail, shouldLinkViaPhone } = args;
 	const db = authDb(ctx, config);
 	const provider = getProviderOrThrow(providerId);
-	return Fx.run(Fx.from({
-		ok: () => db.accounts.get(provider.id, account.id),
-		err: () => new AuthError("INTERNAL_ERROR", "Failed to look up account")
-	}).pipe(Fx.chain((existingAccount) => {
-		if (existingAccount !== null) return (account.secret !== void 0 ? verify(provider, account.secret, existingAccount.secret ?? "").pipe(Fx.chain((valid) => valid ? Fx.succeed(void 0) : Fx.fail(new AuthError("ACCOUNT_ALREADY_EXISTS", `Account ${account.id} already exists`)))) : Fx.succeed(void 0)).pipe(Fx.chain(() => Fx.from({
-			ok: () => db.users.getById(existingAccount.userId),
-			err: () => new AuthError("ACCOUNT_NOT_FOUND", `Linked user for account ${account.id} was not found.`)
-		}).pipe(Fx.chain((doc) => doc === null ? Fx.fail(new AuthError("ACCOUNT_NOT_FOUND", `Linked user for account ${account.id} was not found.`)) : Fx.succeed(doc)))), Fx.map((user) => ({
-			account: existingAccount,
-			user
-		})));
-		return (account.secret !== void 0 ? hash(provider, account.secret) : Fx.succeed(void 0)).pipe(Fx.chain((secret) => Fx.from({
-			ok: async () => upsertUserAndAccount(ctx, await getAuthSessionId(ctx), {
-				providerAccountId: account.id,
-				secret
-			}, {
-				type: "credentials",
-				provider,
-				profile,
-				shouldLinkViaEmail,
-				shouldLinkViaPhone
-			}, config),
-			err: () => new AuthError("INTERNAL_ERROR")
-		})), Fx.chain((result) => {
-			const { userId, accountId } = result;
-			return Fx.zip(Fx.from({
-				ok: () => db.accounts.getById(accountId),
-				err: () => new AuthError("INTERNAL_ERROR")
-			}), Fx.from({
-				ok: () => db.users.getById(userId),
-				err: () => new AuthError("INTERNAL_ERROR")
-			}));
-		}), Fx.chain((pair) => {
-			const [createdAccount, createdUser] = pair;
-			return createdAccount === null ? Fx.fail(new AuthError("ACCOUNT_NOT_FOUND", `Created account was not found.`)) : createdUser === null ? Fx.fail(new AuthError("USER_UPDATE_FAILED", `Created user was not found.`)) : Fx.succeed({
-				account: createdAccount,
-				user: createdUser
+	return Fx.run(Fx.gen(function* () {
+		const existingAccount = yield* Fx.promise(() => db.accounts.get(provider.id, account.id));
+		if (existingAccount !== null) {
+			if (account.secret !== void 0) {
+				if (!(yield* verify(provider, account.secret, existingAccount.secret ?? ""))) return yield* Cv.fail({
+					code: "ACCOUNT_ALREADY_EXISTS",
+					message: `Account ${account.id} already exists`
+				});
+			}
+			const user = yield* Fx.promise(() => db.users.getById(existingAccount.userId));
+			if (user === null) return yield* Cv.fail({
+				code: "ACCOUNT_NOT_FOUND",
+				message: `Linked user for account ${account.id} was not found.`
 			});
-		}));
-	}), Fx.recover((e) => Fx.fatal(e.toConvexError()))));
+			return {
+				account: existingAccount,
+				user
+			};
+		}
+		const secret = account.secret !== void 0 ? yield* hash(provider, account.secret) : void 0;
+		const { userId, accountId } = yield* Fx.promise(async () => upsertUserAndAccount(ctx, await getAuthSessionId(ctx), {
+			providerAccountId: account.id,
+			secret
+		}, {
+			type: "credentials",
+			provider,
+			profile,
+			shouldLinkViaEmail,
+			shouldLinkViaPhone
+		}, config));
+		const [createdAccount, createdUser] = yield* Fx.zip(Fx.promise(() => db.accounts.getById(accountId)), Fx.promise(() => db.users.getById(userId)));
+		if (createdAccount === null) return yield* Cv.fail({
+			code: "ACCOUNT_NOT_FOUND",
+			message: `Created account was not found.`
+		});
+		if (createdUser === null) return yield* Cv.fail({
+			code: "USER_UPDATE_FAILED",
+			message: `Created user was not found.`
+		});
+		return {
+			account: createdAccount,
+			user: createdUser
+		};
+	}));
 }
 const callCreateAccountFromCredentials = async (ctx, args) => {
 	return ctx.runMutation(AUTH_STORE_REF, { args: {

package/dist/server/mutations/register.js.map

@@ -1 +1 @@
-{"version":3,"file":"register.js","names":["Provider.verify","Provider.hash"],"sources":["../../../src/server/mutations/register.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport { authDb } from \"../db\";\nimport { AuthError } from \"../authError\";\nimport * as Provider from \"../crypto\";\nimport { getAuthSessionId } from \"../sessions\";\nimport { Doc, MutationCtx } from \"../types\";\nimport { ConvexCredentialsConfig } from \"../types\";\nimport { upsertUserAndAccount } from \"../users\";\nimport { LOG_LEVELS, logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const createAccountFromCredentialsArgs = v.object({\n  provider: v.string(),\n  account: v.object({ id: v.string(), secret: v.optional(v.string()) }),\n  profile: v.any(),\n  shouldLinkViaEmail: v.optional(v.boolean()),\n  shouldLinkViaPhone: v.optional(v.boolean()),\n});\n\ntype ReturnType = { account: Doc<\"Account\">; user: Doc<\"User\"> };\n\nexport async function createAccountFromCredentialsImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof createAccountFromCredentialsArgs>,\n  getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n  config: Provider.Config,\n): Promise<ReturnType> {\n  logWithLevel(LOG_LEVELS.DEBUG, \"createAccountFromCredentialsImpl args:\", {\n    provider: args.provider,\n    account: {\n      id: args.account.id,\n      secret: maybeRedact(args.account.secret ?? \"\"),\n    },\n  });\n\n  const {\n    provider: providerId,\n    account,\n    profile,\n    shouldLinkViaEmail,\n    shouldLinkViaPhone,\n  } = args;\n  const db = authDb(ctx, config);\n  const provider = getProviderOrThrow(providerId) as ConvexCredentialsConfig;\n\n  return Fx.run(\n    Fx.from({\n      ok: () =>\n        db.accounts.get(\n          provider.id,\n          account.id,\n        ) as Promise<Doc<\"Account\"> | null>,\n      err: () => new AuthError(\"INTERNAL_ERROR\", \"Failed to look up account\"),\n    }).pipe(\n      Fx.chain((existingAccount) => {\n        if (existingAccount !== null) {\n          const verifyExistingAccountFx =\n            account.secret !== undefined\n              ? Provider.verify(\n                  provider,\n                  account.secret,\n                  existingAccount.secret ?? \"\",\n                ).pipe(\n                  Fx.chain((valid) =>\n                    valid\n                      ? Fx.succeed(undefined)\n                      : Fx.fail(\n                          new AuthError(\n                            \"ACCOUNT_ALREADY_EXISTS\",\n                            `Account ${account.id} already exists`,\n                          ),\n                        ),\n                  ),\n                )\n              : Fx.succeed(undefined);\n\n          return verifyExistingAccountFx.pipe(\n            Fx.chain(() =>\n              Fx.from({\n                ok: () =>\n                  db.users.getById(\n                    existingAccount.userId,\n                  ) as Promise<Doc<\"User\"> | null>,\n                err: () =>\n                  new AuthError(\n                    \"ACCOUNT_NOT_FOUND\",\n                    `Linked user for account ${account.id} was not found.`,\n                  ),\n              }).pipe(\n                Fx.chain((doc) =>\n                  doc === null\n                    ? Fx.fail(\n                        new AuthError(\n                          \"ACCOUNT_NOT_FOUND\",\n                          `Linked user for account ${account.id} was not found.`,\n                        ),\n                      )\n                    : Fx.succeed(doc),\n                ),\n              ),\n            ),\n            Fx.map((user) => ({\n              account: existingAccount,\n              user,\n            })),\n          );\n        }\n\n        const secretFx: Fx<string | undefined, AuthError> =\n          account.secret !== undefined\n            ? Provider.hash(provider, account.secret)\n            : Fx.succeed<string | undefined>(undefined);\n\n        return secretFx.pipe(\n          Fx.chain((secret) =>\n            Fx.from({\n              ok: async () =>\n                upsertUserAndAccount(\n                  ctx,\n                  await getAuthSessionId(ctx),\n                  { providerAccountId: account.id, secret },\n                  {\n                    type: \"credentials\",\n                    provider,\n                    profile,\n                    shouldLinkViaEmail,\n                    shouldLinkViaPhone,\n                  },\n                  config,\n                ),\n              err: () => new AuthError(\"INTERNAL_ERROR\"),\n            }),\n          ),\n          Fx.chain((result) => {\n            const { userId, accountId } = result as {\n              userId: string;\n              accountId: string;\n            };\n            return Fx.zip(\n              Fx.from({\n                ok: () =>\n                  db.accounts.getById(\n                    accountId,\n                  ) as Promise<Doc<\"Account\"> | null>,\n                err: () => new AuthError(\"INTERNAL_ERROR\"),\n              }),\n              Fx.from({\n                ok: () =>\n                  db.users.getById(userId) as Promise<Doc<\"User\"> | null>,\n                err: () => new AuthError(\"INTERNAL_ERROR\"),\n              }),\n            );\n          }),\n          Fx.chain((pair) => {\n            const [createdAccount, createdUser] = pair as [\n              Doc<\"Account\"> | null,\n              Doc<\"User\"> | null,\n            ];\n            return createdAccount === null\n              ? Fx.fail(\n                  new AuthError(\n                    \"ACCOUNT_NOT_FOUND\",\n                    `Created account was not found.`,\n                  ),\n                )\n              : createdUser === null\n                ? Fx.fail(\n                    new AuthError(\n                      \"USER_UPDATE_FAILED\",\n                      `Created user was not found.`,\n                    ),\n                  )\n                : Fx.succeed({\n                    account: createdAccount,\n                    user: createdUser,\n                  });\n          }),\n        );\n      }),\n      Fx.recover((e) => Fx.fatal((e as AuthError).toConvexError())),\n    ),\n  ) as Promise<ReturnType>;\n}\n\nexport const callCreateAccountFromCredentials = async <\n  DataModel extends GenericDataModel,\n>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof createAccountFromCredentialsArgs>,\n): Promise<ReturnType> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"createAccountFromCredentials\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;;;;;AAcA,MAAa,mCAAmC,EAAE,OAAO;CACvD,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,OAAO;EAAE,IAAI,EAAE,QAAQ;EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE,CAAC;CACrE,SAAS,EAAE,KAAK;CAChB,oBAAoB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC3C,oBAAoB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC5C,CAAC;AAIF,eAAsB,iCACpB,KACA,MACA,oBACA,QACqB;AACrB,cAAa,WAAW,OAAO,0CAA0C;EACvE,UAAU,KAAK;EACf,SAAS;GACP,IAAI,KAAK,QAAQ;GACjB,QAAQ,YAAY,KAAK,QAAQ,UAAU,GAAG;GAC/C;EACF,CAAC;CAEF,MAAM,EACJ,UAAU,YACV,SACA,SACA,oBACA,uBACE;CACJ,MAAM,KAAK,OAAO,KAAK,OAAO;CAC9B,MAAM,WAAW,mBAAmB,WAAW;AAE/C,QAAO,GAAG,IACR,GAAG,KAAK;EACN,UACE,GAAG,SAAS,IACV,SAAS,IACT,QAAQ,GACT;EACH,WAAW,IAAI,UAAU,kBAAkB,4BAA4B;EACxE,CAAC,CAAC,KACD,GAAG,OAAO,oBAAoB;AAC5B,MAAI,oBAAoB,KAqBtB,SAnBE,QAAQ,WAAW,SACfA,OACE,UACA,QAAQ,QACR,gBAAgB,UAAU,GAC3B,CAAC,KACA,GAAG,OAAO,UACR,QACI,GAAG,QAAQ,OAAU,GACrB,GAAG,KACD,IAAI,UACF,0BACA,WAAW,QAAQ,GAAG,iBACvB,CACF,CACN,CACF,GACD,GAAG,QAAQ,OAAU,EAEI,KAC7B,GAAG,YACD,GAAG,KAAK;GACN,UACE,GAAG,MAAM,QACP,gBAAgB,OACjB;GACH,WACE,IAAI,UACF,qBACA,2BAA2B,QAAQ,GAAG,iBACvC;GACJ,CAAC,CAAC,KACD,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KACD,IAAI,UACF,qBACA,2BAA2B,QAAQ,GAAG,iBACvC,CACF,GACD,GAAG,QAAQ,IAAI,CACpB,CACF,CACF,EACD,GAAG,KAAK,UAAU;GAChB,SAAS;GACT;GACD,EAAE,CACJ;AAQH,UAJE,QAAQ,WAAW,SACfC,KAAc,UAAU,QAAQ,OAAO,GACvC,GAAG,QAA4B,OAAU,EAE/B,KACd,GAAG,OAAO,WACR,GAAG,KAAK;GACN,IAAI,YACF,qBACE,KACA,MAAM,iBAAiB,IAAI,EAC3B;IAAE,mBAAmB,QAAQ;IAAI;IAAQ,EACzC;IACE,MAAM;IACN;IACA;IACA;IACA;IACD,EACD,OACD;GACH,WAAW,IAAI,UAAU,iBAAiB;GAC3C,CAAC,CACH,EACD,GAAG,OAAO,WAAW;GACnB,MAAM,EAAE,QAAQ,cAAc;AAI9B,UAAO,GAAG,IACR,GAAG,KAAK;IACN,UACE,GAAG,SAAS,QACV,UACD;IACH,WAAW,IAAI,UAAU,iBAAiB;IAC3C,CAAC,EACF,GAAG,KAAK;IACN,UACE,GAAG,MAAM,QAAQ,OAAO;IAC1B,WAAW,IAAI,UAAU,iBAAiB;IAC3C,CAAC,CACH;IACD,EACF,GAAG,OAAO,SAAS;GACjB,MAAM,CAAC,gBAAgB,eAAe;AAItC,UAAO,mBAAmB,OACtB,GAAG,KACD,IAAI,UACF,qBACA,iCACD,CACF,GACD,gBAAgB,OACd,GAAG,KACD,IAAI,UACF,sBACA,8BACD,CACF,GACD,GAAG,QAAQ;IACT,SAAS;IACT,MAAM;IACP,CAAC;IACR,CACH;GACD,EACF,GAAG,SAAS,MAAM,GAAG,MAAO,EAAgB,eAAe,CAAC,CAAC,CAC9D,CACF;;AAGH,MAAa,mCAAmC,OAG9C,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
+{"version":3,"file":"register.js","names":["Provider.verify","Provider.hash"],"sources":["../../../src/server/mutations/register.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { getAuthSessionId } from \"../sessions\";\nimport { Doc, MutationCtx } from \"../types\";\nimport { ConvexCredentialsConfig } from \"../types\";\nimport { upsertUserAndAccount } from \"../users\";\nimport { LOG_LEVELS, logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const createAccountFromCredentialsArgs = v.object({\n  provider: v.string(),\n  account: v.object({ id: v.string(), secret: v.optional(v.string()) }),\n  profile: v.any(),\n  shouldLinkViaEmail: v.optional(v.boolean()),\n  shouldLinkViaPhone: v.optional(v.boolean()),\n});\n\ntype ReturnType = { account: Doc<\"Account\">; user: Doc<\"User\"> };\n\nexport async function createAccountFromCredentialsImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof createAccountFromCredentialsArgs>,\n  getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n  config: Provider.Config,\n): Promise<ReturnType> {\n  logWithLevel(LOG_LEVELS.DEBUG, \"createAccountFromCredentialsImpl args:\", {\n    provider: args.provider,\n    account: {\n      id: args.account.id,\n      secret: maybeRedact(args.account.secret ?? \"\"),\n    },\n  });\n\n  const {\n    provider: providerId,\n    account,\n    profile,\n    shouldLinkViaEmail,\n    shouldLinkViaPhone,\n  } = args;\n  const db = authDb(ctx, config);\n  const provider = getProviderOrThrow(providerId) as ConvexCredentialsConfig;\n\n  return Fx.run(\n    Fx.gen(function* () {\n      const existingAccount = yield* Fx.promise(\n        () =>\n          db.accounts.get(\n            provider.id,\n            account.id,\n          ) as Promise<Doc<\"Account\"> | null>,\n      );\n\n      if (existingAccount !== null) {\n        if (account.secret !== undefined) {\n          const valid = yield* Provider.verify(\n            provider,\n            account.secret,\n            existingAccount.secret ?? \"\",\n          );\n          if (!valid) {\n            return yield* Cv.fail({\n              code: \"ACCOUNT_ALREADY_EXISTS\",\n              message: `Account ${account.id} already exists`,\n            });\n          }\n        }\n\n        const user = yield* Fx.promise(\n          () =>\n            db.users.getById(\n              existingAccount.userId,\n            ) as Promise<Doc<\"User\"> | null>,\n        );\n        if (user === null) {\n          return yield* Cv.fail({\n            code: \"ACCOUNT_NOT_FOUND\",\n            message: `Linked user for account ${account.id} was not found.`,\n          });\n        }\n\n        return { account: existingAccount, user };\n      }\n\n      const secret =\n        account.secret !== undefined\n          ? yield* Provider.hash(provider, account.secret)\n          : undefined;\n\n      const result = yield* Fx.promise(async () =>\n        upsertUserAndAccount(\n          ctx,\n          await getAuthSessionId(ctx),\n          { providerAccountId: account.id, secret },\n          {\n            type: \"credentials\",\n            provider,\n            profile,\n            shouldLinkViaEmail,\n            shouldLinkViaPhone,\n          },\n          config,\n        ),\n      );\n\n      const { userId, accountId } = result as {\n        userId: string;\n        accountId: string;\n      };\n      const [createdAccount, createdUser] = yield* Fx.zip(\n        Fx.promise(\n          () =>\n            db.accounts.getById(accountId) as Promise<Doc<\"Account\"> | null>,\n        ),\n        Fx.promise(\n          () => db.users.getById(userId) as Promise<Doc<\"User\"> | null>,\n        ),\n      );\n\n      if (createdAccount === null) {\n        return yield* Cv.fail({\n          code: \"ACCOUNT_NOT_FOUND\",\n          message: `Created account was not found.`,\n        });\n      }\n      if (createdUser === null) {\n        return yield* Cv.fail({\n          code: \"USER_UPDATE_FAILED\",\n          message: `Created user was not found.`,\n        });\n      }\n\n      return { account: createdAccount, user: createdUser };\n    }),\n  ) as Promise<ReturnType>;\n}\n\nexport const callCreateAccountFromCredentials = async <\n  DataModel extends GenericDataModel,\n>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof createAccountFromCredentialsArgs>,\n): Promise<ReturnType> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"createAccountFromCredentials\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;;;;;AAcA,MAAa,mCAAmC,EAAE,OAAO;CACvD,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,OAAO;EAAE,IAAI,EAAE,QAAQ;EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE,CAAC;CACrE,SAAS,EAAE,KAAK;CAChB,oBAAoB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC3C,oBAAoB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC5C,CAAC;AAIF,eAAsB,iCACpB,KACA,MACA,oBACA,QACqB;AACrB,cAAa,WAAW,OAAO,0CAA0C;EACvE,UAAU,KAAK;EACf,SAAS;GACP,IAAI,KAAK,QAAQ;GACjB,QAAQ,YAAY,KAAK,QAAQ,UAAU,GAAG;GAC/C;EACF,CAAC;CAEF,MAAM,EACJ,UAAU,YACV,SACA,SACA,oBACA,uBACE;CACJ,MAAM,KAAK,OAAO,KAAK,OAAO;CAC9B,MAAM,WAAW,mBAAmB,WAAW;AAE/C,QAAO,GAAG,IACR,GAAG,IAAI,aAAa;EAClB,MAAM,kBAAkB,OAAO,GAAG,cAE9B,GAAG,SAAS,IACV,SAAS,IACT,QAAQ,GACT,CACJ;AAED,MAAI,oBAAoB,MAAM;AAC5B,OAAI,QAAQ,WAAW,QAMrB;QAAI,EALU,OAAOA,OACnB,UACA,QAAQ,QACR,gBAAgB,UAAU,GAC3B,EAEC,QAAO,OAAO,GAAG,KAAK;KACpB,MAAM;KACN,SAAS,WAAW,QAAQ,GAAG;KAChC,CAAC;;GAIN,MAAM,OAAO,OAAO,GAAG,cAEnB,GAAG,MAAM,QACP,gBAAgB,OACjB,CACJ;AACD,OAAI,SAAS,KACX,QAAO,OAAO,GAAG,KAAK;IACpB,MAAM;IACN,SAAS,2BAA2B,QAAQ,GAAG;IAChD,CAAC;AAGJ,UAAO;IAAE,SAAS;IAAiB;IAAM;;EAG3C,MAAM,SACJ,QAAQ,WAAW,SACf,OAAOC,KAAc,UAAU,QAAQ,OAAO,GAC9C;EAkBN,MAAM,EAAE,QAAQ,cAhBD,OAAO,GAAG,QAAQ,YAC/B,qBACE,KACA,MAAM,iBAAiB,IAAI,EAC3B;GAAE,mBAAmB,QAAQ;GAAI;GAAQ,EACzC;GACE,MAAM;GACN;GACA;GACA;GACA;GACD,EACD,OACD,CACF;EAMD,MAAM,CAAC,gBAAgB,eAAe,OAAO,GAAG,IAC9C,GAAG,cAEC,GAAG,SAAS,QAAQ,UAAU,CACjC,EACD,GAAG,cACK,GAAG,MAAM,QAAQ,OAAO,CAC/B,CACF;AAED,MAAI,mBAAmB,KACrB,QAAO,OAAO,GAAG,KAAK;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,MAAI,gBAAgB,KAClB,QAAO,OAAO,GAAG,KAAK;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAGJ,SAAO;GAAE,SAAS;GAAgB,MAAM;GAAa;GACrD,CACH;;AAGH,MAAa,mCAAmC,OAG9C,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}

package/dist/server/mutations/retrieve.d.ts

@@ -2,24 +2,24 @@ import { Doc, MutationCtx } from "../types.js";
 import { Config, GetProviderOrThrowFunc } from "../crypto.js";
 import { Fx } from "@robelest/fx";
 import { GenericActionCtx, GenericDataModel } from "convex/server";
-import * as convex_values116 from "convex/values";
+import * as convex_values108 from "convex/values";
 import { Infer } from "convex/values";
 
 //#region src/server/mutations/retrieve.d.ts
-declare const retrieveAccountWithCredentialsArgs: convex_values116.VObject<{
+declare const retrieveAccountWithCredentialsArgs: convex_values108.VObject<{
   provider: string;
   account: {
     secret?: string | undefined;
     id: string;
   };
 }, {
-  provider: convex_values116.VString<string, "required">;
-  account: convex_values116.VObject<{
+  provider: convex_values108.VString<string, "required">;
+  account: convex_values108.VObject<{
     secret?: string | undefined;
     id: string;
   }, {
-    id: convex_values116.VString<string, "required">;
-    secret: convex_values116.VString<string | undefined, "optional">;
+    id: convex_values108.VString<string, "required">;
+    secret: convex_values108.VString<string | undefined, "optional">;
   }, "required", "id" | "secret">;
 }, "required", "provider" | "account" | "account.id" | "account.secret">;
 type ReturnType = "InvalidAccountId" | "TooManyFailedAttempts" | "InvalidSecret" | {

package/dist/server/mutations/retrieve.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"retrieve.d.ts","names":[],"sources":["../../../src/server/mutations/retrieve.ts"],"mappings":";;;;;;;;cAgBa,kCAAA,mBAAkC,OAAA;;;;;;;YAG7C,gBAAA,CAAA,OAAA;;;;;;;;;KAEG,UAAA;EAIC,OAAA,EAAS,GAAA;EAAgB,IAAA,EAAM,GAAA;AAAA;AAAA,iBAErB,kCAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,kCAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA;AAAA,cAgEO,kCAAA,qBACO,gBAAA,EAElB,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,kCAAA,MAClB,OAAA,CAAQ,UAAA"}
+{"version":3,"file":"retrieve.d.ts","names":[],"sources":["../../../src/server/mutations/retrieve.ts"],"mappings":";;;;;;;;cAea,kCAAA,mBAAkC,OAAA;;;;;;;YAG7C,gBAAA,CAAA,OAAA;;;;;;;;;KAEG,UAAA;EAIC,OAAA,EAAS,GAAA;EAAgB,IAAA,EAAM,GAAA;AAAA;AAAA,iBAErB,kCAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,kCAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA;AAAA,cAiEO,kCAAA,qBACO,gBAAA,EAElB,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,kCAAA,MAClB,OAAA,CAAQ,UAAA"}

package/dist/server/mutations/retrieve.js

@@ -1,7 +1,6 @@
-import { AuthError } from "../authError.js";
 import { LOG_LEVELS, logWithLevel, maybeRedact } from "../utils.js";
-import { authDb } from "../db.js";
 import { verify } from "../crypto.js";
+import { authDb } from "../db.js";
 import { AUTH_STORE_REF } from "./store/refs.js";
 import { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit } from "../limits.js";
 import { Fx } from "@robelest/fx";
@@ -25,29 +24,26 @@ function retrieveAccountWithCredentialsImpl(ctx, args, getProviderOrThrow, confi
 			secret: maybeRedact(account.secret ?? "")
 		}
 	});
-	return Fx.from({
-		ok: async () => {
-			const existingAccount = await db.accounts.get(providerId, account.id);
-			if (existingAccount === null) return "InvalidAccountId";
-			if (account.secret !== void 0) {
-				if (await Fx.run(isSignInRateLimited(ctx, existingAccount._id, config))) return "TooManyFailedAttempts";
-				if (!await Fx.run(verify(getProviderOrThrow(providerId), account.secret, existingAccount.secret ?? ""))) {
-					await Fx.run(recordFailedSignIn(ctx, existingAccount._id, config));
-					return "InvalidSecret";
-				}
-				await Fx.run(resetSignInRateLimit(ctx, existingAccount._id, config));
-			}
-			const user = await db.users.getById(existingAccount.userId);
-			if (user === null) {
-				logWithLevel(LOG_LEVELS.ERROR, `Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`);
-				return "InvalidAccountId";
+	return Fx.gen(function* () {
+		const existingAccount = yield* Fx.promise(() => db.accounts.get(providerId, account.id));
+		if (existingAccount === null) return "InvalidAccountId";
+		if (account.secret !== void 0) {
+			if (yield* isSignInRateLimited(ctx, existingAccount._id, config)) return "TooManyFailedAttempts";
+			if (!(yield* verify(getProviderOrThrow(providerId), account.secret, existingAccount.secret ?? ""))) {
+				yield* recordFailedSignIn(ctx, existingAccount._id, config);
+				return "InvalidSecret";
 			}
-			return {
-				account: existingAccount,
-				user
-			};
-		},
-		err: () => new AuthError("INTERNAL_ERROR", "Failed to look up account")
+			yield* resetSignInRateLimit(ctx, existingAccount._id, config);
+		}
+		const user = yield* Fx.promise(() => db.users.getById(existingAccount.userId));
+		if (user === null) {
+			logWithLevel(LOG_LEVELS.ERROR, `Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`);
+			return "InvalidAccountId";
+		}
+		return {
+			account: existingAccount,
+			user
+		};
 	}).pipe(Fx.fold({
 		ok: (v$1) => v$1,
 		err: () => "InvalidAccountId"

package/dist/server/mutations/retrieve.js.map

@@ -1 +1 @@
-{"version":3,"file":"retrieve.js","names":["Provider.verify","v"],"sources":["../../../src/server/mutations/retrieve.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport { authDb } from \"../db\";\nimport { AuthError } from \"../authError\";\nimport * as Provider from \"../crypto\";\nimport {\n  isSignInRateLimited,\n  recordFailedSignIn,\n  resetSignInRateLimit,\n} from \"../limits\";\nimport { Doc, MutationCtx } from \"../types\";\nimport { LOG_LEVELS, logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const retrieveAccountWithCredentialsArgs = v.object({\n  provider: v.string(),\n  account: v.object({ id: v.string(), secret: v.optional(v.string()) }),\n});\n\ntype ReturnType =\n  | \"InvalidAccountId\"\n  | \"TooManyFailedAttempts\"\n  | \"InvalidSecret\"\n  | { account: Doc<\"Account\">; user: Doc<\"User\"> };\n\nexport function retrieveAccountWithCredentialsImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof retrieveAccountWithCredentialsArgs>,\n  getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n  config: Provider.Config,\n): Fx<ReturnType> {\n  const { provider: providerId, account } = args;\n  const db = authDb(ctx, config);\n\n  logWithLevel(LOG_LEVELS.DEBUG, \"retrieveAccountWithCredentialsImpl args:\", {\n    provider: providerId,\n    account: { id: account.id, secret: maybeRedact(account.secret ?? \"\") },\n  });\n\n  return Fx.from({\n    ok: async () => {\n      const existingAccount = (await db.accounts.get(\n        providerId,\n        account.id,\n      )) as Doc<\"Account\"> | null;\n      if (existingAccount === null) {\n        return \"InvalidAccountId\" as const;\n      }\n\n      if (account.secret !== undefined) {\n        const limited = await Fx.run(\n          isSignInRateLimited(ctx, existingAccount._id, config),\n        );\n        if (limited) {\n          return \"TooManyFailedAttempts\" as const;\n        }\n\n        const valid = await Fx.run(\n          Provider.verify(\n            getProviderOrThrow(providerId),\n            account.secret,\n            existingAccount.secret ?? \"\",\n          ),\n        );\n        if (!valid) {\n          await Fx.run(recordFailedSignIn(ctx, existingAccount._id, config));\n          return \"InvalidSecret\" as const;\n        }\n\n        await Fx.run(resetSignInRateLimit(ctx, existingAccount._id, config));\n      }\n\n      const user = (await db.users.getById(\n        existingAccount.userId,\n      )) as Doc<\"User\"> | null;\n      if (user === null) {\n        logWithLevel(\n          LOG_LEVELS.ERROR,\n          `Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`,\n        );\n        return \"InvalidAccountId\" as const;\n      }\n\n      return { account: existingAccount, user } as const;\n    },\n    err: () => new AuthError(\"INTERNAL_ERROR\", \"Failed to look up account\"),\n  }).pipe(\n    Fx.fold({\n      ok: (v) => v as ReturnType,\n      err: () => \"InvalidAccountId\" as ReturnType,\n    }),\n  );\n}\n\nexport const callRetrieveAccountWithCredentials = async <\n  DataModel extends GenericDataModel,\n>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof retrieveAccountWithCredentialsArgs>,\n): Promise<ReturnType> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"retrieveAccountWithCredentials\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;;;;AAgBA,MAAa,qCAAqC,EAAE,OAAO;CACzD,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,OAAO;EAAE,IAAI,EAAE,QAAQ;EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE,CAAC;CACtE,CAAC;AAQF,SAAgB,mCACd,KACA,MACA,oBACA,QACgB;CAChB,MAAM,EAAE,UAAU,YAAY,YAAY;CAC1C,MAAM,KAAK,OAAO,KAAK,OAAO;AAE9B,cAAa,WAAW,OAAO,4CAA4C;EACzE,UAAU;EACV,SAAS;GAAE,IAAI,QAAQ;GAAI,QAAQ,YAAY,QAAQ,UAAU,GAAG;GAAE;EACvE,CAAC;AAEF,QAAO,GAAG,KAAK;EACb,IAAI,YAAY;GACd,MAAM,kBAAmB,MAAM,GAAG,SAAS,IACzC,YACA,QAAQ,GACT;AACD,OAAI,oBAAoB,KACtB,QAAO;AAGT,OAAI,QAAQ,WAAW,QAAW;AAIhC,QAHgB,MAAM,GAAG,IACvB,oBAAoB,KAAK,gBAAgB,KAAK,OAAO,CACtD,CAEC,QAAO;AAUT,QAAI,CAPU,MAAM,GAAG,IACrBA,OACE,mBAAmB,WAAW,EAC9B,QAAQ,QACR,gBAAgB,UAAU,GAC3B,CACF,EACW;AACV,WAAM,GAAG,IAAI,mBAAmB,KAAK,gBAAgB,KAAK,OAAO,CAAC;AAClE,YAAO;;AAGT,UAAM,GAAG,IAAI,qBAAqB,KAAK,gBAAgB,KAAK,OAAO,CAAC;;GAGtE,MAAM,OAAQ,MAAM,GAAG,MAAM,QAC3B,gBAAgB,OACjB;AACD,OAAI,SAAS,MAAM;AACjB,iBACE,WAAW,OACX,WAAW,gBAAgB,IAAI,6BAA6B,gBAAgB,SAC7E;AACD,WAAO;;AAGT,UAAO;IAAE,SAAS;IAAiB;IAAM;;EAE3C,WAAW,IAAI,UAAU,kBAAkB,4BAA4B;EACxE,CAAC,CAAC,KACD,GAAG,KAAK;EACN,KAAK,QAAMC;EACX,WAAW;EACZ,CAAC,CACH;;AAGH,MAAa,qCAAqC,OAGhD,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
+{"version":3,"file":"retrieve.js","names":["Provider.verify","v"],"sources":["../../../src/server/mutations/retrieve.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport {\n  isSignInRateLimited,\n  recordFailedSignIn,\n  resetSignInRateLimit,\n} from \"../limits\";\nimport { Doc, MutationCtx } from \"../types\";\nimport { LOG_LEVELS, logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const retrieveAccountWithCredentialsArgs = v.object({\n  provider: v.string(),\n  account: v.object({ id: v.string(), secret: v.optional(v.string()) }),\n});\n\ntype ReturnType =\n  | \"InvalidAccountId\"\n  | \"TooManyFailedAttempts\"\n  | \"InvalidSecret\"\n  | { account: Doc<\"Account\">; user: Doc<\"User\"> };\n\nexport function retrieveAccountWithCredentialsImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof retrieveAccountWithCredentialsArgs>,\n  getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n  config: Provider.Config,\n): Fx<ReturnType> {\n  const { provider: providerId, account } = args;\n  const db = authDb(ctx, config);\n\n  logWithLevel(LOG_LEVELS.DEBUG, \"retrieveAccountWithCredentialsImpl args:\", {\n    provider: providerId,\n    account: { id: account.id, secret: maybeRedact(account.secret ?? \"\") },\n  });\n\n  return Fx.gen(function* () {\n    const existingAccount = yield* Fx.promise(\n      () =>\n        db.accounts.get(\n          providerId,\n          account.id,\n        ) as Promise<Doc<\"Account\"> | null>,\n    );\n    if (existingAccount === null) {\n      return \"InvalidAccountId\" as const;\n    }\n\n    if (account.secret !== undefined) {\n      const limited = yield* isSignInRateLimited(\n        ctx,\n        existingAccount._id,\n        config,\n      );\n      if (limited) {\n        return \"TooManyFailedAttempts\" as const;\n      }\n\n      const valid = yield* Provider.verify(\n        getProviderOrThrow(providerId),\n        account.secret,\n        existingAccount.secret ?? \"\",\n      );\n      if (!valid) {\n        yield* recordFailedSignIn(ctx, existingAccount._id, config);\n        return \"InvalidSecret\" as const;\n      }\n\n      yield* resetSignInRateLimit(ctx, existingAccount._id, config);\n    }\n\n    const user = yield* Fx.promise(\n      () =>\n        db.users.getById(existingAccount.userId) as Promise<Doc<\"User\"> | null>,\n    );\n    if (user === null) {\n      logWithLevel(\n        LOG_LEVELS.ERROR,\n        `Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`,\n      );\n      return \"InvalidAccountId\" as const;\n    }\n\n    return { account: existingAccount, user } as ReturnType;\n  }).pipe(\n    Fx.fold({\n      ok: (v) => v as ReturnType,\n      err: () => \"InvalidAccountId\" as ReturnType,\n    }),\n  );\n}\n\nexport const callRetrieveAccountWithCredentials = async <\n  DataModel extends GenericDataModel,\n>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof retrieveAccountWithCredentialsArgs>,\n): Promise<ReturnType> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"retrieveAccountWithCredentials\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;;;AAeA,MAAa,qCAAqC,EAAE,OAAO;CACzD,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,OAAO;EAAE,IAAI,EAAE,QAAQ;EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE,CAAC;CACtE,CAAC;AAQF,SAAgB,mCACd,KACA,MACA,oBACA,QACgB;CAChB,MAAM,EAAE,UAAU,YAAY,YAAY;CAC1C,MAAM,KAAK,OAAO,KAAK,OAAO;AAE9B,cAAa,WAAW,OAAO,4CAA4C;EACzE,UAAU;EACV,SAAS;GAAE,IAAI,QAAQ;GAAI,QAAQ,YAAY,QAAQ,UAAU,GAAG;GAAE;EACvE,CAAC;AAEF,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,kBAAkB,OAAO,GAAG,cAE9B,GAAG,SAAS,IACV,YACA,QAAQ,GACT,CACJ;AACD,MAAI,oBAAoB,KACtB,QAAO;AAGT,MAAI,QAAQ,WAAW,QAAW;AAMhC,OALgB,OAAO,oBACrB,KACA,gBAAgB,KAChB,OACD,CAEC,QAAO;AAQT,OAAI,EALU,OAAOA,OACnB,mBAAmB,WAAW,EAC9B,QAAQ,QACR,gBAAgB,UAAU,GAC3B,GACW;AACV,WAAO,mBAAmB,KAAK,gBAAgB,KAAK,OAAO;AAC3D,WAAO;;AAGT,UAAO,qBAAqB,KAAK,gBAAgB,KAAK,OAAO;;EAG/D,MAAM,OAAO,OAAO,GAAG,cAEnB,GAAG,MAAM,QAAQ,gBAAgB,OAAO,CAC3C;AACD,MAAI,SAAS,MAAM;AACjB,gBACE,WAAW,OACX,WAAW,gBAAgB,IAAI,6BAA6B,gBAAgB,SAC7E;AACD,UAAO;;AAGT,SAAO;GAAE,SAAS;GAAiB;GAAM;GACzC,CAAC,KACD,GAAG,KAAK;EACN,KAAK,QAAMC;EACX,WAAW;EACZ,CAAC,CACH;;AAGH,MAAa,qCAAqC,OAGhD,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}

package/dist/server/mutations/signature.d.ts

@@ -1,21 +1,20 @@
 import { MutationCtx } from "../types.js";
-import { AuthError } from "../authError.js";
 import { Config } from "../crypto.js";
 import { Fx } from "@robelest/fx";
 import { GenericActionCtx, GenericDataModel } from "convex/server";
-import * as convex_values111 from "convex/values";
-import { Infer } from "convex/values";
+import * as convex_values97 from "convex/values";
+import { ConvexError, Infer } from "convex/values";
 
 //#region src/server/mutations/signature.d.ts
-declare const verifierSignatureArgs: convex_values111.VObject<{
+declare const verifierSignatureArgs: convex_values97.VObject<{
   verifier: string;
   signature: string;
 }, {
-  verifier: convex_values111.VString<string, "required">;
-  signature: convex_values111.VString<string, "required">;
+  verifier: convex_values97.VString<string, "required">;
+  signature: convex_values97.VString<string, "required">;
 }, "required", "verifier" | "signature">;
 type ReturnType = void;
-declare function verifierSignatureImpl(ctx: MutationCtx, args: Infer<typeof verifierSignatureArgs>, config: Config): Fx<ReturnType, AuthError>;
+declare function verifierSignatureImpl(ctx: MutationCtx, args: Infer<typeof verifierSignatureArgs>, config: Config): Fx<ReturnType, ConvexError<any>>;
 declare const callVerifierSignature: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, args: Infer<typeof verifierSignatureArgs>) => Promise<void>;
 //#endregion
 export { callVerifierSignature, verifierSignatureArgs, verifierSignatureImpl };

package/dist/server/mutations/signature.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signature.d.ts","names":[],"sources":["../../../src/server/mutations/signature.ts"],"mappings":";;;;;;;;;cAUa,qBAAA,mBAAqB,OAAA;;;;YAGhC,gBAAA,CAAA,OAAA;;;KAEG,UAAA;AAAA,iBAEW,qBAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,qBAAA,GACnB,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA,EAAY,SAAA;AAAA,cAkBL,qBAAA,qBAAiD,gBAAA,EAC5D,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,qBAAA,MAClB,OAAA"}
+{"version":3,"file":"signature.d.ts","names":[],"sources":["../../../src/server/mutations/signature.ts"],"mappings":";;;;;;;;cAUa,qBAAA,kBAAqB,OAAA;;;;YAGhC,eAAA,CAAA,OAAA;;;KAEG,UAAA;AAAA,iBAEW,qBAAA,CACd,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,qBAAA,GACnB,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA,EAAY,WAAA;AAAA,cAyBL,qBAAA,qBAAiD,gBAAA,EAC5D,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,qBAAA,MAClB,OAAA"}

package/dist/server/mutations/signature.js

@@ -1,7 +1,7 @@
-import { AuthError } from "../authError.js";
 import { authDb } from "../db.js";
 import { AUTH_STORE_REF } from "./store/refs.js";
 import { Fx } from "@robelest/fx";
+import { Cv } from "@robelest/fx/convex";
 import { v } from "convex/values";
 
 //#region src/server/mutations/signature.ts
@@ -15,8 +15,14 @@ function verifierSignatureImpl(ctx, args, config) {
 		const db = authDb(ctx, config);
 		const verifierDoc = yield* Fx.from({
 			ok: () => db.verifiers.getById(verifier),
-			err: () => new AuthError("INVALID_VERIFIER")
-		}).pipe(Fx.chain((doc) => doc === null ? Fx.fail(new AuthError("INVALID_VERIFIER")) : Fx.succeed(doc)));
+			err: () => Cv.error({
+				code: "INVALID_VERIFIER",
+				message: "Invalid or expired verifier."
+			})
+		}).pipe(Fx.chain((doc) => doc === null ? Cv.fail({
+			code: "INVALID_VERIFIER",
+			message: "Invalid or expired verifier."
+		}) : Fx.succeed(doc)));
 		yield* Fx.promise(() => db.verifiers.patch(verifierDoc._id, { signature }));
 	});
 }

package/dist/server/mutations/signature.js.map

@@ -1 +1 @@
-{"version":3,"file":"signature.js","names":[],"sources":["../../../src/server/mutations/signature.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId, Infer, v } from \"convex/values\";\n\nimport { authDb } from \"../db\";\nimport { AuthError } from \"../authError\";\nimport * as Provider from \"../crypto\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const verifierSignatureArgs = v.object({\n  verifier: v.string(),\n  signature: v.string(),\n});\n\ntype ReturnType = void;\n\nexport function verifierSignatureImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof verifierSignatureArgs>,\n  config: Provider.Config,\n): Fx<ReturnType, AuthError> {\n  return Fx.gen(function* () {\n    const { verifier, signature } = args;\n    const db = authDb(ctx, config);\n    const verifierDoc = yield* Fx.from({\n      ok: () => db.verifiers.getById(verifier as GenericId<\"AuthVerifier\">),\n      err: () => new AuthError(\"INVALID_VERIFIER\"),\n    }).pipe(\n      Fx.chain((doc) =>\n        doc === null\n          ? Fx.fail(new AuthError(\"INVALID_VERIFIER\"))\n          : Fx.succeed(doc),\n      ),\n    );\n    yield* Fx.promise(() => db.verifiers.patch(verifierDoc._id, { signature }));\n  });\n}\n\nexport const callVerifierSignature = async <DataModel extends GenericDataModel>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof verifierSignatureArgs>,\n): Promise<void> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"verifierSignature\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;AAUA,MAAa,wBAAwB,EAAE,OAAO;CAC5C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAIF,SAAgB,sBACd,KACA,MACA,QAC2B;AAC3B,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,EAAE,UAAU,cAAc;EAChC,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,cAAc,OAAO,GAAG,KAAK;GACjC,UAAU,GAAG,UAAU,QAAQ,SAAsC;GACrE,WAAW,IAAI,UAAU,mBAAmB;GAC7C,CAAC,CAAC,KACD,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK,IAAI,UAAU,mBAAmB,CAAC,GAC1C,GAAG,QAAQ,IAAI,CACpB,CACF;AACD,SAAO,GAAG,cAAc,GAAG,UAAU,MAAM,YAAY,KAAK,EAAE,WAAW,CAAC,CAAC;GAC3E;;AAGJ,MAAa,wBAAwB,OACnC,KACA,SACkB;AAClB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
+{"version":3,"file":"signature.js","names":[],"sources":["../../../src/server/mutations/signature.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { ConvexError, GenericId, Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const verifierSignatureArgs = v.object({\n  verifier: v.string(),\n  signature: v.string(),\n});\n\ntype ReturnType = void;\n\nexport function verifierSignatureImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof verifierSignatureArgs>,\n  config: Provider.Config,\n): Fx<ReturnType, ConvexError<any>> {\n  return Fx.gen(function* () {\n    const { verifier, signature } = args;\n    const db = authDb(ctx, config);\n    const verifierDoc = yield* Fx.from({\n      ok: () => db.verifiers.getById(verifier as GenericId<\"AuthVerifier\">),\n      err: () =>\n        Cv.error({\n          code: \"INVALID_VERIFIER\",\n          message: \"Invalid or expired verifier.\",\n        }),\n    }).pipe(\n      Fx.chain((doc) =>\n        doc === null\n          ? Cv.fail({\n              code: \"INVALID_VERIFIER\",\n              message: \"Invalid or expired verifier.\",\n            })\n          : Fx.succeed(doc),\n      ),\n    );\n    yield* Fx.promise(() => db.verifiers.patch(verifierDoc._id, { signature }));\n  });\n}\n\nexport const callVerifierSignature = async <DataModel extends GenericDataModel>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof verifierSignatureArgs>,\n): Promise<void> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"verifierSignature\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;AAUA,MAAa,wBAAwB,EAAE,OAAO;CAC5C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAIF,SAAgB,sBACd,KACA,MACA,QACkC;AAClC,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,EAAE,UAAU,cAAc;EAChC,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,cAAc,OAAO,GAAG,KAAK;GACjC,UAAU,GAAG,UAAU,QAAQ,SAAsC;GACrE,WACE,GAAG,MAAM;IACP,MAAM;IACN,SAAS;IACV,CAAC;GACL,CAAC,CAAC,KACD,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,GACF,GAAG,QAAQ,IAAI,CACpB,CACF;AACD,SAAO,GAAG,cAAc,GAAG,UAAU,MAAM,YAAY,KAAK,EAAE,WAAW,CAAC,CAAC;GAC3E;;AAGJ,MAAa,wBAAwB,OACnC,KACA,SACkB;AAClB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}

package/dist/server/mutations/signin.d.ts

@@ -1,18 +1,18 @@
 import { MutationCtx, SessionInfo } from "../types.js";
 import { Config } from "../crypto.js";
 import { GenericActionCtx, GenericDataModel } from "convex/server";
-import * as convex_values16 from "convex/values";
+import * as convex_values104 from "convex/values";
 import { Infer } from "convex/values";
 
 //#region src/server/mutations/signin.d.ts
-declare const signInArgs: convex_values16.VObject<{
+declare const signInArgs: convex_values104.VObject<{
   sessionId?: string | undefined;
   userId: string;
   generateTokens: boolean;
 }, {
-  userId: convex_values16.VString<string, "required">;
-  sessionId: convex_values16.VString<string | undefined, "optional">;
-  generateTokens: convex_values16.VBoolean<boolean, "required">;
+  userId: convex_values104.VString<string, "required">;
+  sessionId: convex_values104.VString<string | undefined, "optional">;
+  generateTokens: convex_values104.VBoolean<boolean, "required">;
 }, "required", "userId" | "sessionId" | "generateTokens">;
 type ReturnType = SessionInfo;
 declare function signInImpl(ctx: MutationCtx, args: Infer<typeof signInArgs>, config: Config): Promise<ReturnType>;

package/dist/server/mutations/signin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signin.d.ts","names":[],"sources":["../../../src/server/mutations/signin.ts"],"mappings":";;;;;;;cAYa,UAAA,kBAAU,OAAA;;;;;UAIrB,eAAA,CAAA,OAAA;;;;KAEG,UAAA,GAAa,WAAA;AAAA,iBAEI,UAAA,CACpB,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,UAAA,GACnB,MAAA,EAAQ,MAAA,GACP,OAAA,CAAQ,UAAA;AAAA,cAmBE,UAAA,qBAAsC,gBAAA,EACjD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,UAAA,MAClB,OAAA,CAAQ,UAAA"}
+{"version":3,"file":"signin.d.ts","names":[],"sources":["../../../src/server/mutations/signin.ts"],"mappings":";;;;;;;cAYa,UAAA,mBAAU,OAAA;;;;;UAIrB,gBAAA,CAAA,OAAA;;;;KAEG,UAAA,GAAa,WAAA;AAAA,iBAEI,UAAA,CACpB,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,UAAA,GACnB,MAAA,EAAQ,MAAA,GACP,OAAA,CAAQ,UAAA;AAAA,cAmBE,UAAA,qBAAsC,gBAAA,EACjD,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,UAAA,MAClB,OAAA,CAAQ,UAAA"}

package/dist/server/mutations/signout.js.map

@@ -1 +1 @@
-{"version":3,"file":"signout.js","names":[],"sources":["../../../src/server/mutations/signout.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport { authDb } from \"../db\";\nimport * as Provider from \"../crypto\";\nimport { deleteSession, getAuthSessionId } from \"../sessions\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\ntype ReturnType = {\n  userId: GenericId<\"User\">;\n  sessionId: GenericId<\"Session\">;\n} | null;\n\nexport function signOutImpl(\n  ctx: MutationCtx,\n  config: Provider.Config,\n): Fx<ReturnType, never> {\n  return Fx.gen(function* () {\n    const db = authDb(ctx, config);\n    const sessionId = yield* Fx.promise(() => getAuthSessionId(ctx));\n    if (sessionId === null) {\n      return null;\n    }\n    const session = yield* Fx.promise(() => db.sessions.getById(sessionId));\n    if (session === null) {\n      return null;\n    }\n    yield* Fx.promise(() => deleteSession(ctx, session, config));\n    return { userId: session.userId, sessionId: session._id };\n  });\n}\n\nexport const callSignOut = async <DataModel extends GenericDataModel>(\n  ctx: GenericActionCtx<DataModel>,\n): Promise<void> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"signOut\",\n    },\n  });\n};\n"],"mappings":";;;;;;AAeA,SAAgB,YACd,KACA,QACuB;AACvB,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,YAAY,OAAO,GAAG,cAAc,iBAAiB,IAAI,CAAC;AAChE,MAAI,cAAc,KAChB,QAAO;EAET,MAAM,UAAU,OAAO,GAAG,cAAc,GAAG,SAAS,QAAQ,UAAU,CAAC;AACvE,MAAI,YAAY,KACd,QAAO;AAET,SAAO,GAAG,cAAc,cAAc,KAAK,SAAS,OAAO,CAAC;AAC5D,SAAO;GAAE,QAAQ,QAAQ;GAAQ,WAAW,QAAQ;GAAK;GACzD;;AAGJ,MAAa,cAAc,OACzB,QACkB;AAClB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM,EACJ,MAAM,WACP,EACF,CAAC"}
+{"version":3,"file":"signout.js","names":[],"sources":["../../../src/server/mutations/signout.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { deleteSession, getAuthSessionId } from \"../sessions\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\ntype ReturnType = {\n  userId: GenericId<\"User\">;\n  sessionId: GenericId<\"Session\">;\n} | null;\n\nexport function signOutImpl(\n  ctx: MutationCtx,\n  config: Provider.Config,\n): Fx<ReturnType, never> {\n  return Fx.gen(function* () {\n    const db = authDb(ctx, config);\n    const sessionId = yield* Fx.promise(() => getAuthSessionId(ctx));\n    if (sessionId === null) {\n      return null;\n    }\n    const session = yield* Fx.promise(() => db.sessions.getById(sessionId));\n    if (session === null) {\n      return null;\n    }\n    yield* Fx.promise(() => deleteSession(ctx, session, config));\n    return { userId: session.userId, sessionId: session._id };\n  });\n}\n\nexport const callSignOut = async <DataModel extends GenericDataModel>(\n  ctx: GenericActionCtx<DataModel>,\n): Promise<void> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"signOut\",\n    },\n  });\n};\n"],"mappings":";;;;;;AAeA,SAAgB,YACd,KACA,QACuB;AACvB,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,YAAY,OAAO,GAAG,cAAc,iBAAiB,IAAI,CAAC;AAChE,MAAI,cAAc,KAChB,QAAO;EAET,MAAM,UAAU,OAAO,GAAG,cAAc,GAAG,SAAS,QAAQ,UAAU,CAAC;AACvE,MAAI,YAAY,KACd,QAAO;AAET,SAAO,GAAG,cAAc,cAAc,KAAK,SAAS,OAAO,CAAC;AAC5D,SAAO;GAAE,QAAQ,QAAQ;GAAQ,WAAW,QAAQ;GAAK;GACzD;;AAGJ,MAAa,cAAc,OACzB,QACkB;AAClB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM,EACJ,MAAM,WACP,EACF,CAAC"}