@robelest/convex-auth 0.0.4-preview.22 → 0.0.4-preview.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization/index.d.ts +1 -1
- package/dist/authorization/index.js +1 -1
- package/dist/authorization/index.js.map +1 -1
- package/dist/client/index.d.ts +1 -2
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +36 -39
- package/dist/client/index.js.map +1 -1
- package/dist/component/client/index.d.ts +1 -2
- package/dist/component/model.d.ts +9 -9
- package/dist/component/model.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.js.map +1 -1
- package/dist/component/public/enterprise/core.d.ts.map +1 -1
- package/dist/component/public/enterprise/core.js.map +1 -1
- package/dist/component/public/enterprise/domains.d.ts.map +1 -1
- package/dist/component/public/enterprise/domains.js.map +1 -1
- package/dist/component/public/enterprise/scim.d.ts.map +1 -1
- package/dist/component/public/enterprise/scim.js.map +1 -1
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
- package/dist/component/public/enterprise/secrets.js.map +1 -1
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
- package/dist/component/public/enterprise/webhooks.js.map +1 -1
- package/dist/component/public/factors/devices.d.ts.map +1 -1
- package/dist/component/public/factors/devices.js.map +1 -1
- package/dist/component/public/factors/passkeys.d.ts.map +1 -1
- package/dist/component/public/factors/passkeys.js.map +1 -1
- package/dist/component/public/factors/totp.d.ts.map +1 -1
- package/dist/component/public/factors/totp.js.map +1 -1
- package/dist/component/public/groups/core.js.map +1 -1
- package/dist/component/public/groups/invites.d.ts.map +1 -1
- package/dist/component/public/groups/invites.js.map +1 -1
- package/dist/component/public/groups/members.d.ts.map +1 -1
- package/dist/component/public/groups/members.js.map +1 -1
- package/dist/component/public/identity/accounts.d.ts.map +1 -1
- package/dist/component/public/identity/accounts.js.map +1 -1
- package/dist/component/public/identity/codes.d.ts.map +1 -1
- package/dist/component/public/identity/codes.js.map +1 -1
- package/dist/component/public/identity/sessions.d.ts.map +1 -1
- package/dist/component/public/identity/sessions.js.map +1 -1
- package/dist/component/public/identity/tokens.d.ts.map +1 -1
- package/dist/component/public/identity/tokens.js.map +1 -1
- package/dist/component/public/identity/users.d.ts.map +1 -1
- package/dist/component/public/identity/users.js.map +1 -1
- package/dist/component/public/identity/verifiers.d.ts.map +1 -1
- package/dist/component/public/identity/verifiers.js.map +1 -1
- package/dist/component/public/security/keys.d.ts.map +1 -1
- package/dist/component/public/security/keys.js.map +1 -1
- package/dist/component/public/security/limits.d.ts.map +1 -1
- package/dist/component/public/security/limits.js.map +1 -1
- package/dist/component/schema.d.ts +42 -42
- package/dist/component/server/auth.d.ts +37 -40
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +57 -23
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/core.js +116 -235
- package/dist/component/server/core.js.map +1 -1
- package/dist/component/server/crypto.js +25 -7
- package/dist/component/server/crypto.js.map +1 -1
- package/dist/component/server/device.js +58 -15
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/enterprise/domain.js +148 -59
- package/dist/component/server/enterprise/domain.js.map +1 -1
- package/dist/component/server/enterprise/http.js +36 -15
- package/dist/component/server/enterprise/http.js.map +1 -1
- package/dist/component/server/enterprise/oidc.js +1 -1
- package/dist/component/server/http.js +26 -21
- package/dist/component/server/http.js.map +1 -1
- package/dist/component/server/identity.js +5 -2
- package/dist/component/server/identity.js.map +1 -1
- package/dist/component/server/limits.js +21 -30
- package/dist/component/server/limits.js.map +1 -1
- package/dist/component/server/mutations/account.js +12 -10
- package/dist/component/server/mutations/account.js.map +1 -1
- package/dist/component/server/mutations/code.js +5 -2
- package/dist/component/server/mutations/code.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/invalidate.js.map +1 -1
- package/dist/component/server/mutations/oauth.js +10 -4
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +2 -2
- package/dist/component/server/mutations/refresh.js.map +1 -1
- package/dist/component/server/mutations/register.js +46 -42
- package/dist/component/server/mutations/register.js.map +1 -1
- package/dist/component/server/mutations/retrieve.js +21 -25
- package/dist/component/server/mutations/retrieve.js.map +1 -1
- package/dist/component/server/mutations/signature.js +10 -4
- package/dist/component/server/mutations/signature.js.map +1 -1
- package/dist/component/server/mutations/signout.js.map +1 -1
- package/dist/component/server/mutations/store.js +9 -24
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verifier.js.map +1 -1
- package/dist/component/server/mutations/verify.js +1 -1
- package/dist/component/server/mutations/verify.js.map +1 -1
- package/dist/component/server/oauth.js +53 -16
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +115 -31
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/redirects.js +9 -3
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +10 -7
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/runtime.d.ts +1 -1
- package/dist/component/server/runtime.d.ts.map +1 -1
- package/dist/component/server/runtime.js +62 -20
- package/dist/component/server/runtime.js.map +1 -1
- package/dist/component/server/signin.js +34 -10
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/totp.js +79 -19
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +12 -20
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +6 -3
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +10 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +14 -22
- package/dist/core/types.d.ts.map +1 -1
- package/dist/factors/device.js +8 -9
- package/dist/factors/device.js.map +1 -1
- package/dist/factors/passkey.js +18 -21
- package/dist/factors/passkey.js.map +1 -1
- package/dist/providers/password.js +66 -81
- package/dist/providers/password.js.map +1 -1
- package/dist/runtime/invite.js +2 -8
- package/dist/runtime/invite.js.map +1 -1
- package/dist/server/auth.d.ts +37 -40
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +57 -23
- package/dist/server/auth.js.map +1 -1
- package/dist/server/core.d.ts +71 -159
- package/dist/server/core.d.ts.map +1 -1
- package/dist/server/core.js +116 -235
- package/dist/server/core.js.map +1 -1
- package/dist/server/crypto.d.ts.map +1 -1
- package/dist/server/crypto.js +25 -7
- package/dist/server/crypto.js.map +1 -1
- package/dist/server/device.js +58 -15
- package/dist/server/device.js.map +1 -1
- package/dist/server/enterprise/domain.d.ts +0 -8
- package/dist/server/enterprise/domain.d.ts.map +1 -1
- package/dist/server/enterprise/domain.js +148 -59
- package/dist/server/enterprise/domain.js.map +1 -1
- package/dist/server/enterprise/http.d.ts.map +1 -1
- package/dist/server/enterprise/http.js +35 -14
- package/dist/server/enterprise/http.js.map +1 -1
- package/dist/server/http.d.ts +2 -2
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/http.js +25 -20
- package/dist/server/http.js.map +1 -1
- package/dist/server/identity.js +5 -2
- package/dist/server/identity.js.map +1 -1
- package/dist/server/index.d.ts +2 -2
- package/dist/server/limits.js +21 -30
- package/dist/server/limits.js.map +1 -1
- package/dist/server/mounts.d.ts +24 -62
- package/dist/server/mounts.d.ts.map +1 -1
- package/dist/server/mounts.js +45 -106
- package/dist/server/mounts.js.map +1 -1
- package/dist/server/mutations/account.d.ts +8 -9
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/account.js +11 -9
- package/dist/server/mutations/account.js.map +1 -1
- package/dist/server/mutations/code.d.ts +12 -12
- package/dist/server/mutations/code.d.ts.map +1 -1
- package/dist/server/mutations/code.js +5 -2
- package/dist/server/mutations/code.js.map +1 -1
- package/dist/server/mutations/invalidate.d.ts +4 -4
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/invalidate.js.map +1 -1
- package/dist/server/mutations/oauth.d.ts +14 -12
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +9 -3
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +3 -3
- package/dist/server/mutations/refresh.d.ts.map +1 -1
- package/dist/server/mutations/refresh.js +1 -1
- package/dist/server/mutations/refresh.js.map +1 -1
- package/dist/server/mutations/register.d.ts +11 -11
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/register.js +45 -41
- package/dist/server/mutations/register.js.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +6 -6
- package/dist/server/mutations/retrieve.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.js +20 -24
- package/dist/server/mutations/retrieve.js.map +1 -1
- package/dist/server/mutations/signature.d.ts +6 -7
- package/dist/server/mutations/signature.d.ts.map +1 -1
- package/dist/server/mutations/signature.js +9 -3
- package/dist/server/mutations/signature.js.map +1 -1
- package/dist/server/mutations/signin.d.ts +5 -5
- package/dist/server/mutations/signin.d.ts.map +1 -1
- package/dist/server/mutations/signout.js.map +1 -1
- package/dist/server/mutations/store.d.ts +83 -83
- package/dist/server/mutations/store.js +8 -23
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.js.map +1 -1
- package/dist/server/mutations/verify.d.ts +7 -7
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/mutations/verify.js.map +1 -1
- package/dist/server/oauth.js +53 -16
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +2 -2
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +114 -30
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/redirects.js +9 -3
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.js +10 -7
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/runtime.d.ts +7 -7
- package/dist/server/runtime.d.ts.map +1 -1
- package/dist/server/runtime.js +61 -19
- package/dist/server/runtime.js.map +1 -1
- package/dist/server/signin.js +34 -10
- package/dist/server/signin.js.map +1 -1
- package/dist/server/ssr.d.ts.map +1 -1
- package/dist/server/ssr.js +175 -184
- package/dist/server/ssr.js.map +1 -1
- package/dist/server/totp.js +78 -18
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +13 -21
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.js +6 -3
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.js +10 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +1 -5
- package/src/authorization/index.ts +1 -1
- package/src/client/core/types.ts +14 -14
- package/src/client/factors/device.ts +10 -12
- package/src/client/factors/passkey.ts +23 -26
- package/src/client/index.ts +54 -64
- package/src/client/runtime/invite.ts +5 -7
- package/src/component/index.ts +1 -1
- package/src/component/public/enterprise/audit.ts +6 -1
- package/src/component/public/enterprise/core.ts +1 -0
- package/src/component/public/enterprise/domains.ts +5 -1
- package/src/component/public/enterprise/scim.ts +1 -0
- package/src/component/public/enterprise/secrets.ts +1 -0
- package/src/component/public/enterprise/webhooks.ts +1 -0
- package/src/component/public/factors/devices.ts +1 -0
- package/src/component/public/factors/passkeys.ts +1 -0
- package/src/component/public/factors/totp.ts +1 -0
- package/src/component/public/groups/core.ts +1 -1
- package/src/component/public/groups/invites.ts +7 -1
- package/src/component/public/groups/members.ts +1 -0
- package/src/component/public/identity/accounts.ts +1 -0
- package/src/component/public/identity/codes.ts +1 -0
- package/src/component/public/identity/sessions.ts +1 -0
- package/src/component/public/identity/tokens.ts +1 -0
- package/src/component/public/identity/users.ts +1 -0
- package/src/component/public/identity/verifiers.ts +1 -0
- package/src/component/public/security/keys.ts +1 -0
- package/src/component/public/security/limits.ts +1 -0
- package/src/providers/password.ts +89 -110
- package/src/server/auth.ts +92 -70
- package/src/server/core.ts +197 -233
- package/src/server/crypto.ts +31 -29
- package/src/server/device.ts +65 -32
- package/src/server/enterprise/domain.ts +158 -170
- package/src/server/enterprise/http.ts +46 -39
- package/src/server/http.ts +36 -30
- package/src/server/identity.ts +5 -5
- package/src/server/index.ts +1 -1
- package/src/server/limits.ts +53 -80
- package/src/server/mounts.ts +47 -74
- package/src/server/mutations/account.ts +22 -36
- package/src/server/mutations/code.ts +6 -6
- package/src/server/mutations/invalidate.ts +1 -1
- package/src/server/mutations/oauth.ts +14 -8
- package/src/server/mutations/refresh.ts +5 -4
- package/src/server/mutations/register.ts +87 -132
- package/src/server/mutations/retrieve.ts +44 -44
- package/src/server/mutations/signature.ts +13 -6
- package/src/server/mutations/signout.ts +1 -1
- package/src/server/mutations/store.ts +16 -31
- package/src/server/mutations/verifier.ts +1 -1
- package/src/server/mutations/verify.ts +3 -5
- package/src/server/oauth.ts +60 -69
- package/src/server/passkey.ts +567 -517
- package/src/server/redirects.ts +10 -6
- package/src/server/refresh.ts +14 -18
- package/src/server/runtime.ts +70 -55
- package/src/server/signin.ts +44 -37
- package/src/server/ssr.ts +390 -407
- package/src/server/totp.ts +85 -35
- package/src/server/types.ts +19 -22
- package/src/server/users.ts +7 -6
- package/src/server/utils.ts +10 -12
- package/dist/component/server/authError.js +0 -34
- package/dist/component/server/authError.js.map +0 -1
- package/dist/component/server/errors.d.ts +0 -1
- package/dist/component/server/errors.js +0 -137
- package/dist/component/server/errors.js.map +0 -1
- package/dist/server/authError.d.ts +0 -46
- package/dist/server/authError.d.ts.map +0 -1
- package/dist/server/authError.js +0 -34
- package/dist/server/authError.js.map +0 -1
- package/dist/server/errors.d.ts +0 -177
- package/dist/server/errors.d.ts.map +0 -1
- package/dist/server/errors.js +0 -212
- package/dist/server/errors.js.map +0 -1
- package/src/server/authError.ts +0 -44
- package/src/server/errors.ts +0 -290
package/src/server/crypto.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Fx } from "@robelest/fx";
|
|
2
|
+
import { Cv } from "@robelest/fx/convex";
|
|
3
|
+
import { ConvexError } from "convex/values";
|
|
2
4
|
|
|
3
|
-
import { AuthError } from "./authError";
|
|
4
5
|
import { AuthProviderMaterializedConfig } from "./types";
|
|
5
6
|
import { ConvexAuthMaterializedConfig } from "./types";
|
|
6
7
|
import { errorMessage } from "./utils";
|
|
@@ -12,33 +13,35 @@ import { errorMessage } from "./utils";
|
|
|
12
13
|
* required crypto function, returning typed errors through the Fx channel.
|
|
13
14
|
*/
|
|
14
15
|
/** @internal */
|
|
15
|
-
export const hash = (
|
|
16
|
+
export const hash = (
|
|
17
|
+
provider: any,
|
|
18
|
+
secret: string,
|
|
19
|
+
): Fx<string, ConvexError<any>> =>
|
|
16
20
|
Fx.gen(function* () {
|
|
17
21
|
if (provider.type !== "credentials") {
|
|
18
|
-
return yield*
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
),
|
|
23
|
-
);
|
|
22
|
+
return yield* Cv.fail({
|
|
23
|
+
code: "INVALID_CREDENTIALS_PROVIDER",
|
|
24
|
+
message: `Provider ${provider.id} is not a credentials provider`,
|
|
25
|
+
});
|
|
24
26
|
}
|
|
25
27
|
|
|
26
28
|
const hashSecretFn = provider.crypto?.hashSecret as
|
|
27
29
|
| ((s: string) => Promise<string>)
|
|
28
30
|
| undefined;
|
|
29
31
|
if (!hashSecretFn) {
|
|
30
|
-
return yield*
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
),
|
|
35
|
-
);
|
|
32
|
+
return yield* Cv.fail({
|
|
33
|
+
code: "MISSING_CRYPTO_FUNCTION",
|
|
34
|
+
message: `Provider ${provider.id} does not have a \`crypto.hashSecret\` function`,
|
|
35
|
+
});
|
|
36
36
|
}
|
|
37
37
|
|
|
38
38
|
return yield* Fx.from({
|
|
39
39
|
ok: () => hashSecretFn(secret),
|
|
40
40
|
err: (e) =>
|
|
41
|
-
|
|
41
|
+
Cv.error({
|
|
42
|
+
code: "INTERNAL_ERROR",
|
|
43
|
+
message: `Hash failed: ${errorMessage(e)}`,
|
|
44
|
+
}),
|
|
42
45
|
});
|
|
43
46
|
});
|
|
44
47
|
|
|
@@ -50,33 +53,32 @@ export const verify = (
|
|
|
50
53
|
provider: AuthProviderMaterializedConfig,
|
|
51
54
|
secret: string,
|
|
52
55
|
hashValue: string,
|
|
53
|
-
): Fx<boolean,
|
|
56
|
+
): Fx<boolean, ConvexError<any>> =>
|
|
54
57
|
Fx.gen(function* () {
|
|
55
58
|
if (provider.type !== "credentials") {
|
|
56
|
-
return yield*
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
),
|
|
61
|
-
);
|
|
59
|
+
return yield* Cv.fail({
|
|
60
|
+
code: "INVALID_CREDENTIALS_PROVIDER",
|
|
61
|
+
message: `Provider ${provider.id} is not a credentials provider`,
|
|
62
|
+
});
|
|
62
63
|
}
|
|
63
64
|
|
|
64
65
|
const verifySecretFn = (provider as any).crypto?.verifySecret as
|
|
65
66
|
| ((s: string, h: string) => Promise<boolean>)
|
|
66
67
|
| undefined;
|
|
67
68
|
if (!verifySecretFn) {
|
|
68
|
-
return yield*
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
),
|
|
73
|
-
);
|
|
69
|
+
return yield* Cv.fail({
|
|
70
|
+
code: "MISSING_CRYPTO_FUNCTION",
|
|
71
|
+
message: `Provider ${provider.id} does not have a \`crypto.verifySecret\` function`,
|
|
72
|
+
});
|
|
74
73
|
}
|
|
75
74
|
|
|
76
75
|
return yield* Fx.from({
|
|
77
76
|
ok: () => verifySecretFn(secret, hashValue),
|
|
78
77
|
err: (e) =>
|
|
79
|
-
|
|
78
|
+
Cv.error({
|
|
79
|
+
code: "INTERNAL_ERROR",
|
|
80
|
+
message: `Verify failed: ${errorMessage(e)}`,
|
|
81
|
+
}),
|
|
80
82
|
});
|
|
81
83
|
});
|
|
82
84
|
|
package/src/server/device.ts
CHANGED
|
@@ -11,8 +11,9 @@
|
|
|
11
11
|
*/
|
|
12
12
|
|
|
13
13
|
import { Fx } from "@robelest/fx";
|
|
14
|
+
import { Cv } from "@robelest/fx/convex";
|
|
15
|
+
import { ConvexError } from "convex/values";
|
|
14
16
|
|
|
15
|
-
import { AuthError } from "./authError";
|
|
16
17
|
import { userIdFromIdentitySubject } from "./identity";
|
|
17
18
|
import { callSignIn } from "./mutations/index";
|
|
18
19
|
import { DeviceProviderConfig, GenericActionCtxWithAuthConfig } from "./types";
|
|
@@ -69,7 +70,7 @@ export const handleDevice = (
|
|
|
69
70
|
ctx: EnrichedActionCtx,
|
|
70
71
|
provider: DeviceProviderConfig,
|
|
71
72
|
args: { params?: Record<string, any> },
|
|
72
|
-
): Fx<DeviceResult,
|
|
73
|
+
): Fx<DeviceResult, ConvexError<any>> =>
|
|
73
74
|
Fx.from({
|
|
74
75
|
ok: async () => {
|
|
75
76
|
const params = (args.params ?? {}) as Record<string, unknown>;
|
|
@@ -79,10 +80,11 @@ export const handleDevice = (
|
|
|
79
80
|
| "verify";
|
|
80
81
|
|
|
81
82
|
if (!DEVICE_FLOWS.some((candidate) => candidate === flow)) {
|
|
82
|
-
throw
|
|
83
|
-
"DEVICE_MISSING_FLOW",
|
|
84
|
-
|
|
85
|
-
|
|
83
|
+
throw Cv.error({
|
|
84
|
+
code: "DEVICE_MISSING_FLOW",
|
|
85
|
+
message:
|
|
86
|
+
"Missing `flow` parameter. Expected one of: create, poll, verify",
|
|
87
|
+
});
|
|
86
88
|
}
|
|
87
89
|
|
|
88
90
|
if (flow === "create") {
|
|
@@ -126,43 +128,61 @@ export const handleDevice = (
|
|
|
126
128
|
|
|
127
129
|
if (flow === "poll") {
|
|
128
130
|
if (typeof params.deviceCode !== "string") {
|
|
129
|
-
throw
|
|
130
|
-
"DEVICE_MISSING_FLOW",
|
|
131
|
-
"Missing `deviceCode` parameter for poll flow.",
|
|
132
|
-
);
|
|
131
|
+
throw Cv.error({
|
|
132
|
+
code: "DEVICE_MISSING_FLOW",
|
|
133
|
+
message: "Missing `deviceCode` parameter for poll flow.",
|
|
134
|
+
});
|
|
133
135
|
}
|
|
134
136
|
|
|
135
137
|
const hash = await sha256(params.deviceCode);
|
|
136
138
|
const doc = await queryDeviceByCodeHash(ctx, hash);
|
|
137
139
|
if (doc === null) {
|
|
138
|
-
throw
|
|
140
|
+
throw Cv.error({
|
|
141
|
+
code: "DEVICE_CODE_EXPIRED",
|
|
142
|
+
message:
|
|
143
|
+
"The device code has expired. Please start a new authorization request.",
|
|
144
|
+
});
|
|
139
145
|
}
|
|
140
146
|
if (Date.now() > doc.expiresAt) {
|
|
141
147
|
await mutateDeviceDelete(ctx, doc._id);
|
|
142
|
-
throw
|
|
148
|
+
throw Cv.error({
|
|
149
|
+
code: "DEVICE_CODE_EXPIRED",
|
|
150
|
+
message:
|
|
151
|
+
"The device code has expired. Please start a new authorization request.",
|
|
152
|
+
});
|
|
143
153
|
}
|
|
144
154
|
if (
|
|
145
155
|
doc.lastPolledAt !== undefined &&
|
|
146
156
|
(Date.now() - doc.lastPolledAt) / 1000 < doc.interval
|
|
147
157
|
) {
|
|
148
|
-
throw
|
|
158
|
+
throw Cv.error({
|
|
159
|
+
code: "DEVICE_SLOW_DOWN",
|
|
160
|
+
message:
|
|
161
|
+
"Polling too frequently. Increase the interval between requests.",
|
|
162
|
+
});
|
|
149
163
|
}
|
|
150
164
|
|
|
151
165
|
await mutateDeviceUpdateLastPolled(ctx, doc._id, Date.now());
|
|
152
166
|
|
|
153
167
|
if (doc.status === "pending") {
|
|
154
|
-
throw
|
|
168
|
+
throw Cv.error({
|
|
169
|
+
code: "DEVICE_AUTHORIZATION_PENDING",
|
|
170
|
+
message: "The user has not yet authorized this device.",
|
|
171
|
+
});
|
|
155
172
|
}
|
|
156
173
|
if (doc.status === "denied") {
|
|
157
174
|
await mutateDeviceDelete(ctx, doc._id);
|
|
158
|
-
throw
|
|
175
|
+
throw Cv.error({
|
|
176
|
+
code: "DEVICE_CODE_DENIED",
|
|
177
|
+
message: "The authorization request was denied.",
|
|
178
|
+
});
|
|
159
179
|
}
|
|
160
180
|
|
|
161
181
|
if (!doc.userId || !doc.sessionId) {
|
|
162
|
-
throw
|
|
163
|
-
"INTERNAL_ERROR",
|
|
164
|
-
"Authorized device code missing userId or sessionId",
|
|
165
|
-
);
|
|
182
|
+
throw Cv.error({
|
|
183
|
+
code: "INTERNAL_ERROR",
|
|
184
|
+
message: "Authorized device code missing userId or sessionId",
|
|
185
|
+
});
|
|
166
186
|
}
|
|
167
187
|
|
|
168
188
|
await mutateDeviceDelete(ctx, doc._id);
|
|
@@ -175,31 +195,41 @@ export const handleDevice = (
|
|
|
175
195
|
}
|
|
176
196
|
|
|
177
197
|
if (typeof params.userCode !== "string") {
|
|
178
|
-
throw
|
|
179
|
-
"DEVICE_INVALID_USER_CODE",
|
|
180
|
-
"Missing `userCode` parameter for verify flow.",
|
|
181
|
-
);
|
|
198
|
+
throw Cv.error({
|
|
199
|
+
code: "DEVICE_INVALID_USER_CODE",
|
|
200
|
+
message: "Missing `userCode` parameter for verify flow.",
|
|
201
|
+
});
|
|
182
202
|
}
|
|
183
203
|
|
|
184
204
|
const identity = await ctx.auth.getUserIdentity();
|
|
185
205
|
if (identity === null) {
|
|
186
|
-
throw
|
|
187
|
-
"NOT_SIGNED_IN",
|
|
188
|
-
"You must be signed in to authorize a device.",
|
|
189
|
-
);
|
|
206
|
+
throw Cv.error({
|
|
207
|
+
code: "NOT_SIGNED_IN",
|
|
208
|
+
message: "You must be signed in to authorize a device.",
|
|
209
|
+
});
|
|
190
210
|
}
|
|
191
211
|
|
|
192
212
|
const userId = userIdFromIdentitySubject(identity.subject);
|
|
193
213
|
const doc = await queryDeviceByUserCode(ctx, params.userCode);
|
|
194
214
|
if (doc === null) {
|
|
195
|
-
throw
|
|
215
|
+
throw Cv.error({
|
|
216
|
+
code: "DEVICE_INVALID_USER_CODE",
|
|
217
|
+
message: "Invalid or expired user code.",
|
|
218
|
+
});
|
|
196
219
|
}
|
|
197
220
|
if (Date.now() > doc.expiresAt) {
|
|
198
221
|
await mutateDeviceDelete(ctx, doc._id);
|
|
199
|
-
throw
|
|
222
|
+
throw Cv.error({
|
|
223
|
+
code: "DEVICE_CODE_EXPIRED",
|
|
224
|
+
message:
|
|
225
|
+
"The device code has expired. Please start a new authorization request.",
|
|
226
|
+
});
|
|
200
227
|
}
|
|
201
228
|
if (doc.status !== "pending") {
|
|
202
|
-
throw
|
|
229
|
+
throw Cv.error({
|
|
230
|
+
code: "DEVICE_ALREADY_AUTHORIZED",
|
|
231
|
+
message: "This device code has already been authorized.",
|
|
232
|
+
});
|
|
203
233
|
}
|
|
204
234
|
|
|
205
235
|
const signInResult = await callSignIn(ctx, {
|
|
@@ -215,7 +245,10 @@ export const handleDevice = (
|
|
|
215
245
|
return { kind: "signedIn" as const, signedIn: null };
|
|
216
246
|
},
|
|
217
247
|
err: (e) =>
|
|
218
|
-
e instanceof
|
|
248
|
+
e instanceof ConvexError
|
|
219
249
|
? e
|
|
220
|
-
:
|
|
250
|
+
: Cv.error({
|
|
251
|
+
code: "INTERNAL_ERROR",
|
|
252
|
+
message: `Device flow failed: ${String(e)}`,
|
|
253
|
+
}),
|
|
221
254
|
});
|