@robelest/convex-auth 0.0.4-preview.21 → 0.0.4-preview.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization/index.d.ts +1 -1
- package/dist/authorization/index.js +1 -1
- package/dist/authorization/index.js.map +1 -1
- package/dist/client/index.d.ts +1 -2
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +36 -39
- package/dist/client/index.js.map +1 -1
- package/dist/component/client/index.d.ts +1 -2
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/convex.config.d.ts.map +1 -1
- package/dist/component/model.d.ts +5 -5
- package/dist/component/model.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.js.map +1 -1
- package/dist/component/public/enterprise/core.d.ts.map +1 -1
- package/dist/component/public/enterprise/core.js.map +1 -1
- package/dist/component/public/enterprise/domains.d.ts.map +1 -1
- package/dist/component/public/enterprise/domains.js.map +1 -1
- package/dist/component/public/enterprise/scim.d.ts.map +1 -1
- package/dist/component/public/enterprise/scim.js.map +1 -1
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
- package/dist/component/public/enterprise/secrets.js.map +1 -1
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
- package/dist/component/public/enterprise/webhooks.js.map +1 -1
- package/dist/component/public/factors/devices.d.ts.map +1 -1
- package/dist/component/public/factors/devices.js.map +1 -1
- package/dist/component/public/factors/passkeys.d.ts.map +1 -1
- package/dist/component/public/factors/passkeys.js.map +1 -1
- package/dist/component/public/factors/totp.d.ts.map +1 -1
- package/dist/component/public/factors/totp.js.map +1 -1
- package/dist/component/public/groups/core.js.map +1 -1
- package/dist/component/public/groups/invites.d.ts.map +1 -1
- package/dist/component/public/groups/invites.js.map +1 -1
- package/dist/component/public/groups/members.d.ts.map +1 -1
- package/dist/component/public/groups/members.js.map +1 -1
- package/dist/component/public/identity/accounts.d.ts.map +1 -1
- package/dist/component/public/identity/accounts.js.map +1 -1
- package/dist/component/public/identity/codes.d.ts.map +1 -1
- package/dist/component/public/identity/codes.js.map +1 -1
- package/dist/component/public/identity/sessions.d.ts.map +1 -1
- package/dist/component/public/identity/sessions.js.map +1 -1
- package/dist/component/public/identity/tokens.d.ts.map +1 -1
- package/dist/component/public/identity/tokens.js.map +1 -1
- package/dist/component/public/identity/users.d.ts.map +1 -1
- package/dist/component/public/identity/users.js.map +1 -1
- package/dist/component/public/identity/verifiers.d.ts.map +1 -1
- package/dist/component/public/identity/verifiers.js.map +1 -1
- package/dist/component/public/security/keys.d.ts.map +1 -1
- package/dist/component/public/security/keys.js.map +1 -1
- package/dist/component/public/security/limits.d.ts.map +1 -1
- package/dist/component/public/security/limits.js.map +1 -1
- package/dist/component/schema.d.ts +39 -39
- package/dist/component/server/auth.d.ts +95 -52
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +63 -43
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/core.js +116 -235
- package/dist/component/server/core.js.map +1 -1
- package/dist/component/server/crypto.js +25 -7
- package/dist/component/server/crypto.js.map +1 -1
- package/dist/component/server/device.js +58 -15
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/enterprise/domain.js +148 -59
- package/dist/component/server/enterprise/domain.js.map +1 -1
- package/dist/component/server/enterprise/http.js +36 -15
- package/dist/component/server/enterprise/http.js.map +1 -1
- package/dist/component/server/enterprise/oidc.js +1 -1
- package/dist/component/server/http.js +26 -21
- package/dist/component/server/http.js.map +1 -1
- package/dist/component/server/identity.js +5 -2
- package/dist/component/server/identity.js.map +1 -1
- package/dist/component/server/limits.js +21 -30
- package/dist/component/server/limits.js.map +1 -1
- package/dist/component/server/mutations/account.js +12 -10
- package/dist/component/server/mutations/account.js.map +1 -1
- package/dist/component/server/mutations/code.js +5 -2
- package/dist/component/server/mutations/code.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/invalidate.js.map +1 -1
- package/dist/component/server/mutations/oauth.js +10 -4
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +2 -2
- package/dist/component/server/mutations/refresh.js.map +1 -1
- package/dist/component/server/mutations/register.js +46 -42
- package/dist/component/server/mutations/register.js.map +1 -1
- package/dist/component/server/mutations/retrieve.js +21 -25
- package/dist/component/server/mutations/retrieve.js.map +1 -1
- package/dist/component/server/mutations/signature.js +10 -4
- package/dist/component/server/mutations/signature.js.map +1 -1
- package/dist/component/server/mutations/signout.js.map +1 -1
- package/dist/component/server/mutations/store.js +9 -24
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verifier.js.map +1 -1
- package/dist/component/server/mutations/verify.js +1 -1
- package/dist/component/server/mutations/verify.js.map +1 -1
- package/dist/component/server/oauth.js +53 -16
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +115 -31
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/redirects.js +9 -3
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +10 -7
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/runtime.d.ts +3 -3
- package/dist/component/server/runtime.d.ts.map +1 -1
- package/dist/component/server/runtime.js +62 -20
- package/dist/component/server/runtime.js.map +1 -1
- package/dist/component/server/signin.js +34 -10
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/totp.js +79 -19
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +12 -20
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +6 -3
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +10 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +14 -22
- package/dist/core/types.d.ts.map +1 -1
- package/dist/factors/device.js +8 -9
- package/dist/factors/device.js.map +1 -1
- package/dist/factors/passkey.js +18 -21
- package/dist/factors/passkey.js.map +1 -1
- package/dist/providers/password.js +66 -81
- package/dist/providers/password.js.map +1 -1
- package/dist/runtime/invite.js +2 -8
- package/dist/runtime/invite.js.map +1 -1
- package/dist/server/auth.d.ts +95 -52
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +63 -43
- package/dist/server/auth.js.map +1 -1
- package/dist/server/core.d.ts +71 -159
- package/dist/server/core.d.ts.map +1 -1
- package/dist/server/core.js +116 -235
- package/dist/server/core.js.map +1 -1
- package/dist/server/crypto.d.ts.map +1 -1
- package/dist/server/crypto.js +25 -7
- package/dist/server/crypto.js.map +1 -1
- package/dist/server/device.js +58 -15
- package/dist/server/device.js.map +1 -1
- package/dist/server/enterprise/domain.d.ts +0 -8
- package/dist/server/enterprise/domain.d.ts.map +1 -1
- package/dist/server/enterprise/domain.js +148 -59
- package/dist/server/enterprise/domain.js.map +1 -1
- package/dist/server/enterprise/http.d.ts.map +1 -1
- package/dist/server/enterprise/http.js +35 -14
- package/dist/server/enterprise/http.js.map +1 -1
- package/dist/server/http.d.ts +2 -2
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/http.js +25 -20
- package/dist/server/http.js.map +1 -1
- package/dist/server/identity.js +5 -2
- package/dist/server/identity.js.map +1 -1
- package/dist/server/index.d.ts +2 -2
- package/dist/server/limits.js +21 -30
- package/dist/server/limits.js.map +1 -1
- package/dist/server/mounts.d.ts +26 -64
- package/dist/server/mounts.d.ts.map +1 -1
- package/dist/server/mounts.js +45 -106
- package/dist/server/mounts.js.map +1 -1
- package/dist/server/mutations/account.d.ts +8 -9
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/account.js +11 -9
- package/dist/server/mutations/account.js.map +1 -1
- package/dist/server/mutations/code.d.ts +13 -13
- package/dist/server/mutations/code.d.ts.map +1 -1
- package/dist/server/mutations/code.js +5 -2
- package/dist/server/mutations/code.js.map +1 -1
- package/dist/server/mutations/invalidate.d.ts +4 -4
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/invalidate.js.map +1 -1
- package/dist/server/mutations/oauth.d.ts +12 -10
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +9 -3
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +3 -3
- package/dist/server/mutations/refresh.d.ts.map +1 -1
- package/dist/server/mutations/refresh.js +1 -1
- package/dist/server/mutations/refresh.js.map +1 -1
- package/dist/server/mutations/register.d.ts +11 -11
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/register.js +45 -41
- package/dist/server/mutations/register.js.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +6 -6
- package/dist/server/mutations/retrieve.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.js +20 -24
- package/dist/server/mutations/retrieve.js.map +1 -1
- package/dist/server/mutations/signature.d.ts +6 -7
- package/dist/server/mutations/signature.d.ts.map +1 -1
- package/dist/server/mutations/signature.js +9 -3
- package/dist/server/mutations/signature.js.map +1 -1
- package/dist/server/mutations/signin.d.ts +5 -5
- package/dist/server/mutations/signin.d.ts.map +1 -1
- package/dist/server/mutations/signout.js.map +1 -1
- package/dist/server/mutations/store.d.ts +97 -97
- package/dist/server/mutations/store.d.ts.map +1 -1
- package/dist/server/mutations/store.js +8 -23
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.js.map +1 -1
- package/dist/server/mutations/verify.d.ts +10 -10
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/mutations/verify.js.map +1 -1
- package/dist/server/oauth.js +53 -16
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +2 -2
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +114 -30
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/redirects.js +9 -3
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.js +10 -7
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/runtime.d.ts +14 -14
- package/dist/server/runtime.d.ts.map +1 -1
- package/dist/server/runtime.js +61 -19
- package/dist/server/runtime.js.map +1 -1
- package/dist/server/signin.js +34 -10
- package/dist/server/signin.js.map +1 -1
- package/dist/server/ssr.d.ts.map +1 -1
- package/dist/server/ssr.js +175 -184
- package/dist/server/ssr.js.map +1 -1
- package/dist/server/totp.js +78 -18
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +13 -21
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.js +6 -3
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.js +10 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +2 -6
- package/src/authorization/index.ts +1 -1
- package/src/cli/index.ts +1 -1
- package/src/client/core/types.ts +14 -14
- package/src/client/factors/device.ts +10 -12
- package/src/client/factors/passkey.ts +23 -26
- package/src/client/index.ts +54 -64
- package/src/client/runtime/invite.ts +5 -7
- package/src/component/index.ts +1 -0
- package/src/component/public/enterprise/audit.ts +6 -1
- package/src/component/public/enterprise/core.ts +1 -0
- package/src/component/public/enterprise/domains.ts +5 -1
- package/src/component/public/enterprise/scim.ts +1 -0
- package/src/component/public/enterprise/secrets.ts +1 -0
- package/src/component/public/enterprise/webhooks.ts +1 -0
- package/src/component/public/factors/devices.ts +1 -0
- package/src/component/public/factors/passkeys.ts +1 -0
- package/src/component/public/factors/totp.ts +1 -0
- package/src/component/public/groups/core.ts +1 -1
- package/src/component/public/groups/invites.ts +7 -1
- package/src/component/public/groups/members.ts +1 -0
- package/src/component/public/identity/accounts.ts +1 -0
- package/src/component/public/identity/codes.ts +1 -0
- package/src/component/public/identity/sessions.ts +1 -0
- package/src/component/public/identity/tokens.ts +1 -0
- package/src/component/public/identity/users.ts +1 -0
- package/src/component/public/identity/verifiers.ts +1 -0
- package/src/component/public/security/keys.ts +1 -0
- package/src/component/public/security/limits.ts +1 -0
- package/src/providers/password.ts +89 -110
- package/src/server/auth.ts +177 -111
- package/src/server/core.ts +197 -233
- package/src/server/crypto.ts +31 -29
- package/src/server/device.ts +65 -32
- package/src/server/enterprise/domain.ts +158 -170
- package/src/server/enterprise/http.ts +46 -39
- package/src/server/http.ts +36 -30
- package/src/server/identity.ts +5 -5
- package/src/server/index.ts +2 -0
- package/src/server/limits.ts +53 -80
- package/src/server/mounts.ts +47 -74
- package/src/server/mutations/account.ts +22 -36
- package/src/server/mutations/code.ts +6 -6
- package/src/server/mutations/invalidate.ts +1 -1
- package/src/server/mutations/oauth.ts +14 -8
- package/src/server/mutations/refresh.ts +5 -4
- package/src/server/mutations/register.ts +87 -132
- package/src/server/mutations/retrieve.ts +44 -44
- package/src/server/mutations/signature.ts +13 -6
- package/src/server/mutations/signout.ts +1 -1
- package/src/server/mutations/store.ts +16 -31
- package/src/server/mutations/verifier.ts +1 -1
- package/src/server/mutations/verify.ts +3 -5
- package/src/server/oauth.ts +60 -69
- package/src/server/passkey.ts +567 -517
- package/src/server/redirects.ts +10 -6
- package/src/server/refresh.ts +14 -18
- package/src/server/runtime.ts +70 -55
- package/src/server/signin.ts +44 -37
- package/src/server/ssr.ts +390 -407
- package/src/server/totp.ts +85 -35
- package/src/server/types.ts +19 -22
- package/src/server/users.ts +7 -6
- package/src/server/utils.ts +10 -12
- package/dist/component/server/authError.js +0 -34
- package/dist/component/server/authError.js.map +0 -1
- package/dist/component/server/errors.d.ts +0 -1
- package/dist/component/server/errors.js +0 -137
- package/dist/component/server/errors.js.map +0 -1
- package/dist/server/authError.d.ts +0 -46
- package/dist/server/authError.d.ts.map +0 -1
- package/dist/server/authError.js +0 -34
- package/dist/server/authError.js.map +0 -1
- package/dist/server/errors.d.ts +0 -177
- package/dist/server/errors.d.ts.map +0 -1
- package/dist/server/errors.js +0 -212
- package/dist/server/errors.js.map +0 -1
- package/src/server/authError.ts +0 -44
- package/src/server/errors.ts +0 -290
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { Fx } from "@robelest/fx";
|
|
2
|
+
import { Cv } from "@robelest/fx/convex";
|
|
2
3
|
import type { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
3
4
|
import { Infer, v } from "convex/values";
|
|
4
5
|
|
|
5
|
-
import { authDb } from "../db";
|
|
6
|
-
import { AuthError } from "../authError";
|
|
7
6
|
import * as Provider from "../crypto";
|
|
7
|
+
import { authDb } from "../db";
|
|
8
8
|
import { getAuthSessionId } from "../sessions";
|
|
9
9
|
import { Doc, MutationCtx } from "../types";
|
|
10
10
|
import { ConvexCredentialsConfig } from "../types";
|
|
@@ -47,141 +47,96 @@ export async function createAccountFromCredentialsImpl(
|
|
|
47
47
|
const provider = getProviderOrThrow(providerId) as ConvexCredentialsConfig;
|
|
48
48
|
|
|
49
49
|
return Fx.run(
|
|
50
|
-
Fx.
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
Fx.chain((existingAccount) => {
|
|
59
|
-
if (existingAccount !== null) {
|
|
60
|
-
const verifyExistingAccountFx =
|
|
61
|
-
account.secret !== undefined
|
|
62
|
-
? Provider.verify(
|
|
63
|
-
provider,
|
|
64
|
-
account.secret,
|
|
65
|
-
existingAccount.secret ?? "",
|
|
66
|
-
).pipe(
|
|
67
|
-
Fx.chain((valid) =>
|
|
68
|
-
valid
|
|
69
|
-
? Fx.succeed(undefined)
|
|
70
|
-
: Fx.fail(
|
|
71
|
-
new AuthError(
|
|
72
|
-
"ACCOUNT_ALREADY_EXISTS",
|
|
73
|
-
`Account ${account.id} already exists`,
|
|
74
|
-
),
|
|
75
|
-
),
|
|
76
|
-
),
|
|
77
|
-
)
|
|
78
|
-
: Fx.succeed(undefined);
|
|
50
|
+
Fx.gen(function* () {
|
|
51
|
+
const existingAccount = yield* Fx.promise(
|
|
52
|
+
() =>
|
|
53
|
+
db.accounts.get(
|
|
54
|
+
provider.id,
|
|
55
|
+
account.id,
|
|
56
|
+
) as Promise<Doc<"Account"> | null>,
|
|
57
|
+
);
|
|
79
58
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
) as Promise<Doc<"User"> | null>,
|
|
87
|
-
err: () =>
|
|
88
|
-
new AuthError(
|
|
89
|
-
"ACCOUNT_NOT_FOUND",
|
|
90
|
-
`Linked user for account ${account.id} was not found.`,
|
|
91
|
-
),
|
|
92
|
-
}).pipe(
|
|
93
|
-
Fx.chain((doc) =>
|
|
94
|
-
doc === null
|
|
95
|
-
? Fx.fail(
|
|
96
|
-
new AuthError(
|
|
97
|
-
"ACCOUNT_NOT_FOUND",
|
|
98
|
-
`Linked user for account ${account.id} was not found.`,
|
|
99
|
-
),
|
|
100
|
-
)
|
|
101
|
-
: Fx.succeed(doc),
|
|
102
|
-
),
|
|
103
|
-
),
|
|
104
|
-
),
|
|
105
|
-
Fx.map((user) => ({
|
|
106
|
-
account: existingAccount,
|
|
107
|
-
user,
|
|
108
|
-
})),
|
|
59
|
+
if (existingAccount !== null) {
|
|
60
|
+
if (account.secret !== undefined) {
|
|
61
|
+
const valid = yield* Provider.verify(
|
|
62
|
+
provider,
|
|
63
|
+
account.secret,
|
|
64
|
+
existingAccount.secret ?? "",
|
|
109
65
|
);
|
|
66
|
+
if (!valid) {
|
|
67
|
+
return yield* Cv.fail({
|
|
68
|
+
code: "ACCOUNT_ALREADY_EXISTS",
|
|
69
|
+
message: `Account ${account.id} already exists`,
|
|
70
|
+
});
|
|
71
|
+
}
|
|
110
72
|
}
|
|
111
73
|
|
|
112
|
-
const
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
return secretFx.pipe(
|
|
118
|
-
Fx.chain((secret) =>
|
|
119
|
-
Fx.from({
|
|
120
|
-
ok: async () =>
|
|
121
|
-
upsertUserAndAccount(
|
|
122
|
-
ctx,
|
|
123
|
-
await getAuthSessionId(ctx),
|
|
124
|
-
{ providerAccountId: account.id, secret },
|
|
125
|
-
{
|
|
126
|
-
type: "credentials",
|
|
127
|
-
provider,
|
|
128
|
-
profile,
|
|
129
|
-
shouldLinkViaEmail,
|
|
130
|
-
shouldLinkViaPhone,
|
|
131
|
-
},
|
|
132
|
-
config,
|
|
133
|
-
),
|
|
134
|
-
err: () => new AuthError("INTERNAL_ERROR"),
|
|
135
|
-
}),
|
|
136
|
-
),
|
|
137
|
-
Fx.chain((result) => {
|
|
138
|
-
const { userId, accountId } = result as {
|
|
139
|
-
userId: string;
|
|
140
|
-
accountId: string;
|
|
141
|
-
};
|
|
142
|
-
return Fx.zip(
|
|
143
|
-
Fx.from({
|
|
144
|
-
ok: () =>
|
|
145
|
-
db.accounts.getById(
|
|
146
|
-
accountId,
|
|
147
|
-
) as Promise<Doc<"Account"> | null>,
|
|
148
|
-
err: () => new AuthError("INTERNAL_ERROR"),
|
|
149
|
-
}),
|
|
150
|
-
Fx.from({
|
|
151
|
-
ok: () =>
|
|
152
|
-
db.users.getById(userId) as Promise<Doc<"User"> | null>,
|
|
153
|
-
err: () => new AuthError("INTERNAL_ERROR"),
|
|
154
|
-
}),
|
|
155
|
-
);
|
|
156
|
-
}),
|
|
157
|
-
Fx.chain((pair) => {
|
|
158
|
-
const [createdAccount, createdUser] = pair as [
|
|
159
|
-
Doc<"Account"> | null,
|
|
160
|
-
Doc<"User"> | null,
|
|
161
|
-
];
|
|
162
|
-
return createdAccount === null
|
|
163
|
-
? Fx.fail(
|
|
164
|
-
new AuthError(
|
|
165
|
-
"ACCOUNT_NOT_FOUND",
|
|
166
|
-
`Created account was not found.`,
|
|
167
|
-
),
|
|
168
|
-
)
|
|
169
|
-
: createdUser === null
|
|
170
|
-
? Fx.fail(
|
|
171
|
-
new AuthError(
|
|
172
|
-
"USER_UPDATE_FAILED",
|
|
173
|
-
`Created user was not found.`,
|
|
174
|
-
),
|
|
175
|
-
)
|
|
176
|
-
: Fx.succeed({
|
|
177
|
-
account: createdAccount,
|
|
178
|
-
user: createdUser,
|
|
179
|
-
});
|
|
180
|
-
}),
|
|
74
|
+
const user = yield* Fx.promise(
|
|
75
|
+
() =>
|
|
76
|
+
db.users.getById(
|
|
77
|
+
existingAccount.userId,
|
|
78
|
+
) as Promise<Doc<"User"> | null>,
|
|
181
79
|
);
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
80
|
+
if (user === null) {
|
|
81
|
+
return yield* Cv.fail({
|
|
82
|
+
code: "ACCOUNT_NOT_FOUND",
|
|
83
|
+
message: `Linked user for account ${account.id} was not found.`,
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
return { account: existingAccount, user };
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
const secret =
|
|
91
|
+
account.secret !== undefined
|
|
92
|
+
? yield* Provider.hash(provider, account.secret)
|
|
93
|
+
: undefined;
|
|
94
|
+
|
|
95
|
+
const result = yield* Fx.promise(async () =>
|
|
96
|
+
upsertUserAndAccount(
|
|
97
|
+
ctx,
|
|
98
|
+
await getAuthSessionId(ctx),
|
|
99
|
+
{ providerAccountId: account.id, secret },
|
|
100
|
+
{
|
|
101
|
+
type: "credentials",
|
|
102
|
+
provider,
|
|
103
|
+
profile,
|
|
104
|
+
shouldLinkViaEmail,
|
|
105
|
+
shouldLinkViaPhone,
|
|
106
|
+
},
|
|
107
|
+
config,
|
|
108
|
+
),
|
|
109
|
+
);
|
|
110
|
+
|
|
111
|
+
const { userId, accountId } = result as {
|
|
112
|
+
userId: string;
|
|
113
|
+
accountId: string;
|
|
114
|
+
};
|
|
115
|
+
const [createdAccount, createdUser] = yield* Fx.zip(
|
|
116
|
+
Fx.promise(
|
|
117
|
+
() =>
|
|
118
|
+
db.accounts.getById(accountId) as Promise<Doc<"Account"> | null>,
|
|
119
|
+
),
|
|
120
|
+
Fx.promise(
|
|
121
|
+
() => db.users.getById(userId) as Promise<Doc<"User"> | null>,
|
|
122
|
+
),
|
|
123
|
+
);
|
|
124
|
+
|
|
125
|
+
if (createdAccount === null) {
|
|
126
|
+
return yield* Cv.fail({
|
|
127
|
+
code: "ACCOUNT_NOT_FOUND",
|
|
128
|
+
message: `Created account was not found.`,
|
|
129
|
+
});
|
|
130
|
+
}
|
|
131
|
+
if (createdUser === null) {
|
|
132
|
+
return yield* Cv.fail({
|
|
133
|
+
code: "USER_UPDATE_FAILED",
|
|
134
|
+
message: `Created user was not found.`,
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
return { account: createdAccount, user: createdUser };
|
|
139
|
+
}),
|
|
185
140
|
) as Promise<ReturnType>;
|
|
186
141
|
}
|
|
187
142
|
|
|
@@ -2,9 +2,8 @@ import { Fx } from "@robelest/fx";
|
|
|
2
2
|
import type { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
3
3
|
import { Infer, v } from "convex/values";
|
|
4
4
|
|
|
5
|
-
import { authDb } from "../db";
|
|
6
|
-
import { AuthError } from "../authError";
|
|
7
5
|
import * as Provider from "../crypto";
|
|
6
|
+
import { authDb } from "../db";
|
|
8
7
|
import {
|
|
9
8
|
isSignInRateLimited,
|
|
10
9
|
recordFailedSignIn,
|
|
@@ -39,53 +38,54 @@ export function retrieveAccountWithCredentialsImpl(
|
|
|
39
38
|
account: { id: account.id, secret: maybeRedact(account.secret ?? "") },
|
|
40
39
|
});
|
|
41
40
|
|
|
42
|
-
return Fx.
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
const limited = await Fx.run(
|
|
54
|
-
isSignInRateLimited(ctx, existingAccount._id, config),
|
|
55
|
-
);
|
|
56
|
-
if (limited) {
|
|
57
|
-
return "TooManyFailedAttempts" as const;
|
|
58
|
-
}
|
|
41
|
+
return Fx.gen(function* () {
|
|
42
|
+
const existingAccount = yield* Fx.promise(
|
|
43
|
+
() =>
|
|
44
|
+
db.accounts.get(
|
|
45
|
+
providerId,
|
|
46
|
+
account.id,
|
|
47
|
+
) as Promise<Doc<"Account"> | null>,
|
|
48
|
+
);
|
|
49
|
+
if (existingAccount === null) {
|
|
50
|
+
return "InvalidAccountId" as const;
|
|
51
|
+
}
|
|
59
52
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
await Fx.run(recordFailedSignIn(ctx, existingAccount._id, config));
|
|
69
|
-
return "InvalidSecret" as const;
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
await Fx.run(resetSignInRateLimit(ctx, existingAccount._id, config));
|
|
53
|
+
if (account.secret !== undefined) {
|
|
54
|
+
const limited = yield* isSignInRateLimited(
|
|
55
|
+
ctx,
|
|
56
|
+
existingAccount._id,
|
|
57
|
+
config,
|
|
58
|
+
);
|
|
59
|
+
if (limited) {
|
|
60
|
+
return "TooManyFailedAttempts" as const;
|
|
73
61
|
}
|
|
74
62
|
|
|
75
|
-
const
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
return "InvalidAccountId" as const;
|
|
63
|
+
const valid = yield* Provider.verify(
|
|
64
|
+
getProviderOrThrow(providerId),
|
|
65
|
+
account.secret,
|
|
66
|
+
existingAccount.secret ?? "",
|
|
67
|
+
);
|
|
68
|
+
if (!valid) {
|
|
69
|
+
yield* recordFailedSignIn(ctx, existingAccount._id, config);
|
|
70
|
+
return "InvalidSecret" as const;
|
|
84
71
|
}
|
|
85
72
|
|
|
86
|
-
|
|
87
|
-
}
|
|
88
|
-
|
|
73
|
+
yield* resetSignInRateLimit(ctx, existingAccount._id, config);
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
const user = yield* Fx.promise(
|
|
77
|
+
() =>
|
|
78
|
+
db.users.getById(existingAccount.userId) as Promise<Doc<"User"> | null>,
|
|
79
|
+
);
|
|
80
|
+
if (user === null) {
|
|
81
|
+
logWithLevel(
|
|
82
|
+
LOG_LEVELS.ERROR,
|
|
83
|
+
`Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`,
|
|
84
|
+
);
|
|
85
|
+
return "InvalidAccountId" as const;
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
return { account: existingAccount, user } as ReturnType;
|
|
89
89
|
}).pipe(
|
|
90
90
|
Fx.fold({
|
|
91
91
|
ok: (v) => v as ReturnType,
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { Fx } from "@robelest/fx";
|
|
2
|
+
import { Cv } from "@robelest/fx/convex";
|
|
2
3
|
import type { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
3
|
-
import { GenericId, Infer, v } from "convex/values";
|
|
4
|
+
import { ConvexError, GenericId, Infer, v } from "convex/values";
|
|
4
5
|
|
|
5
|
-
import { authDb } from "../db";
|
|
6
|
-
import { AuthError } from "../authError";
|
|
7
6
|
import * as Provider from "../crypto";
|
|
7
|
+
import { authDb } from "../db";
|
|
8
8
|
import { MutationCtx } from "../types";
|
|
9
9
|
import { AUTH_STORE_REF } from "./store/refs";
|
|
10
10
|
|
|
@@ -19,17 +19,24 @@ export function verifierSignatureImpl(
|
|
|
19
19
|
ctx: MutationCtx,
|
|
20
20
|
args: Infer<typeof verifierSignatureArgs>,
|
|
21
21
|
config: Provider.Config,
|
|
22
|
-
): Fx<ReturnType,
|
|
22
|
+
): Fx<ReturnType, ConvexError<any>> {
|
|
23
23
|
return Fx.gen(function* () {
|
|
24
24
|
const { verifier, signature } = args;
|
|
25
25
|
const db = authDb(ctx, config);
|
|
26
26
|
const verifierDoc = yield* Fx.from({
|
|
27
27
|
ok: () => db.verifiers.getById(verifier as GenericId<"AuthVerifier">),
|
|
28
|
-
err: () =>
|
|
28
|
+
err: () =>
|
|
29
|
+
Cv.error({
|
|
30
|
+
code: "INVALID_VERIFIER",
|
|
31
|
+
message: "Invalid or expired verifier.",
|
|
32
|
+
}),
|
|
29
33
|
}).pipe(
|
|
30
34
|
Fx.chain((doc) =>
|
|
31
35
|
doc === null
|
|
32
|
-
?
|
|
36
|
+
? Cv.fail({
|
|
37
|
+
code: "INVALID_VERIFIER",
|
|
38
|
+
message: "Invalid or expired verifier.",
|
|
39
|
+
})
|
|
33
40
|
: Fx.succeed(doc),
|
|
34
41
|
),
|
|
35
42
|
);
|
|
@@ -2,8 +2,8 @@ import { Fx } from "@robelest/fx";
|
|
|
2
2
|
import type { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
3
3
|
import { GenericId } from "convex/values";
|
|
4
4
|
|
|
5
|
-
import { authDb } from "../db";
|
|
6
5
|
import * as Provider from "../crypto";
|
|
6
|
+
import { authDb } from "../db";
|
|
7
7
|
import { deleteSession, getAuthSessionId } from "../sessions";
|
|
8
8
|
import { MutationCtx } from "../types";
|
|
9
9
|
import { AUTH_STORE_REF } from "./store/refs";
|
|
@@ -84,53 +84,38 @@ export const storeImpl = async (
|
|
|
84
84
|
logWithLevel(LOG_LEVELS.INFO, `\`auth:store\` type: ${args.type}`);
|
|
85
85
|
return Fx.run(
|
|
86
86
|
Fx.match(args, args.type, {
|
|
87
|
-
signIn: (a) =>
|
|
88
|
-
Fx.from({
|
|
89
|
-
ok: () => signInImpl(ctx, a, config),
|
|
90
|
-
err: (e) => e as never,
|
|
91
|
-
}),
|
|
87
|
+
signIn: (a) => Fx.promise(() => signInImpl(ctx, a, config)),
|
|
92
88
|
signOut: () => signOutImpl(ctx, config),
|
|
93
89
|
refreshSession: (a) =>
|
|
94
|
-
Fx.
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
}),
|
|
90
|
+
Fx.promise(() =>
|
|
91
|
+
refreshSessionImpl(ctx, a, getProviderOrThrow, config),
|
|
92
|
+
),
|
|
98
93
|
verifyCodeAndSignIn: (a) =>
|
|
99
|
-
Fx.
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
}),
|
|
94
|
+
Fx.promise(() =>
|
|
95
|
+
verifyCodeAndSignInImpl(ctx, a, getProviderOrThrow, config),
|
|
96
|
+
),
|
|
103
97
|
verifier: () => verifierImpl(ctx, config),
|
|
104
98
|
verifierSignature: (a) =>
|
|
105
99
|
verifierSignatureImpl(ctx, a, config).pipe(
|
|
106
|
-
Fx.recover((e) => Fx.fatal(e
|
|
100
|
+
Fx.recover((e) => Fx.fatal(e)),
|
|
107
101
|
),
|
|
108
102
|
userOAuth: (a) =>
|
|
109
103
|
userOAuthImpl(ctx, a, getProviderOrThrow, config).pipe(
|
|
110
|
-
Fx.recover((e) => Fx.fatal(e
|
|
104
|
+
Fx.recover((e) => Fx.fatal(e)),
|
|
111
105
|
),
|
|
112
106
|
createVerificationCode: (a) =>
|
|
113
|
-
Fx.
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
err: (e) => e as never,
|
|
117
|
-
}),
|
|
107
|
+
Fx.promise(() =>
|
|
108
|
+
createVerificationCodeImpl(ctx, a, getProviderOrThrow, config),
|
|
109
|
+
),
|
|
118
110
|
createAccountFromCredentials: (a) =>
|
|
119
|
-
Fx.
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
ctx,
|
|
123
|
-
a,
|
|
124
|
-
getProviderOrThrow,
|
|
125
|
-
config,
|
|
126
|
-
),
|
|
127
|
-
err: (e) => e as never,
|
|
128
|
-
}),
|
|
111
|
+
Fx.promise(() =>
|
|
112
|
+
createAccountFromCredentialsImpl(ctx, a, getProviderOrThrow, config),
|
|
113
|
+
),
|
|
129
114
|
retrieveAccountWithCredentials: (a) =>
|
|
130
115
|
retrieveAccountWithCredentialsImpl(ctx, a, getProviderOrThrow, config),
|
|
131
116
|
modifyAccount: (a) =>
|
|
132
117
|
modifyAccountImpl(ctx, a, getProviderOrThrow, config).pipe(
|
|
133
|
-
Fx.recover((e) => Fx.fatal(e
|
|
118
|
+
Fx.recover((e) => Fx.fatal(e)),
|
|
134
119
|
),
|
|
135
120
|
invalidateSessions: (a) => invalidateSessionsImpl(ctx, a, config),
|
|
136
121
|
}),
|
|
@@ -2,8 +2,8 @@ import { Fx } from "@robelest/fx";
|
|
|
2
2
|
import type { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
3
3
|
import { GenericId } from "convex/values";
|
|
4
4
|
|
|
5
|
-
import { authDb } from "../db";
|
|
6
5
|
import * as Provider from "../crypto";
|
|
6
|
+
import { authDb } from "../db";
|
|
7
7
|
import { getAuthSessionId } from "../sessions";
|
|
8
8
|
import { MutationCtx } from "../types";
|
|
9
9
|
import { AUTH_STORE_REF } from "./store/refs";
|
|
@@ -2,8 +2,10 @@ import { Fx } from "@robelest/fx";
|
|
|
2
2
|
import type { GenericActionCtx, GenericDataModel } from "convex/server";
|
|
3
3
|
import { Infer, v } from "convex/values";
|
|
4
4
|
|
|
5
|
-
import { authDb } from "../db";
|
|
6
5
|
import * as Provider from "../crypto";
|
|
6
|
+
import { authDb } from "../db";
|
|
7
|
+
import { createSyntheticOAuthMaterializedConfig } from "../enterprise/oidc";
|
|
8
|
+
import { isEnterpriseProviderId } from "../enterprise/shared";
|
|
7
9
|
import {
|
|
8
10
|
isSignInRateLimited,
|
|
9
11
|
recordFailedSignIn,
|
|
@@ -14,10 +16,6 @@ import {
|
|
|
14
16
|
getAuthSessionId,
|
|
15
17
|
maybeGenerateTokensForSession,
|
|
16
18
|
} from "../sessions";
|
|
17
|
-
import {
|
|
18
|
-
createSyntheticOAuthMaterializedConfig,
|
|
19
|
-
} from "../enterprise/oidc";
|
|
20
|
-
import { isEnterpriseProviderId } from "../enterprise/shared";
|
|
21
19
|
import { MutationCtx, SessionInfo } from "../types";
|
|
22
20
|
import { upsertUserAndAccount } from "../users";
|
|
23
21
|
import { LOG_LEVELS, logWithLevel, sha256 } from "../utils";
|