@robelest/convex-auth 0.0.4-preview.22 → 0.0.4-preview.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization/index.d.ts +1 -1
- package/dist/authorization/index.js +1 -1
- package/dist/authorization/index.js.map +1 -1
- package/dist/client/index.d.ts +1 -2
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +36 -39
- package/dist/client/index.js.map +1 -1
- package/dist/component/client/index.d.ts +1 -2
- package/dist/component/model.d.ts +9 -9
- package/dist/component/model.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.d.ts.map +1 -1
- package/dist/component/public/enterprise/audit.js.map +1 -1
- package/dist/component/public/enterprise/core.d.ts.map +1 -1
- package/dist/component/public/enterprise/core.js.map +1 -1
- package/dist/component/public/enterprise/domains.d.ts.map +1 -1
- package/dist/component/public/enterprise/domains.js.map +1 -1
- package/dist/component/public/enterprise/scim.d.ts.map +1 -1
- package/dist/component/public/enterprise/scim.js.map +1 -1
- package/dist/component/public/enterprise/secrets.d.ts.map +1 -1
- package/dist/component/public/enterprise/secrets.js.map +1 -1
- package/dist/component/public/enterprise/webhooks.d.ts.map +1 -1
- package/dist/component/public/enterprise/webhooks.js.map +1 -1
- package/dist/component/public/factors/devices.d.ts.map +1 -1
- package/dist/component/public/factors/devices.js.map +1 -1
- package/dist/component/public/factors/passkeys.d.ts.map +1 -1
- package/dist/component/public/factors/passkeys.js.map +1 -1
- package/dist/component/public/factors/totp.d.ts.map +1 -1
- package/dist/component/public/factors/totp.js.map +1 -1
- package/dist/component/public/groups/core.js.map +1 -1
- package/dist/component/public/groups/invites.d.ts.map +1 -1
- package/dist/component/public/groups/invites.js.map +1 -1
- package/dist/component/public/groups/members.d.ts.map +1 -1
- package/dist/component/public/groups/members.js.map +1 -1
- package/dist/component/public/identity/accounts.d.ts.map +1 -1
- package/dist/component/public/identity/accounts.js.map +1 -1
- package/dist/component/public/identity/codes.d.ts.map +1 -1
- package/dist/component/public/identity/codes.js.map +1 -1
- package/dist/component/public/identity/sessions.d.ts.map +1 -1
- package/dist/component/public/identity/sessions.js.map +1 -1
- package/dist/component/public/identity/tokens.d.ts.map +1 -1
- package/dist/component/public/identity/tokens.js.map +1 -1
- package/dist/component/public/identity/users.d.ts.map +1 -1
- package/dist/component/public/identity/users.js.map +1 -1
- package/dist/component/public/identity/verifiers.d.ts.map +1 -1
- package/dist/component/public/identity/verifiers.js.map +1 -1
- package/dist/component/public/security/keys.d.ts.map +1 -1
- package/dist/component/public/security/keys.js.map +1 -1
- package/dist/component/public/security/limits.d.ts.map +1 -1
- package/dist/component/public/security/limits.js.map +1 -1
- package/dist/component/schema.d.ts +42 -42
- package/dist/component/server/auth.d.ts +37 -40
- package/dist/component/server/auth.d.ts.map +1 -1
- package/dist/component/server/auth.js +57 -23
- package/dist/component/server/auth.js.map +1 -1
- package/dist/component/server/core.js +116 -235
- package/dist/component/server/core.js.map +1 -1
- package/dist/component/server/crypto.js +25 -7
- package/dist/component/server/crypto.js.map +1 -1
- package/dist/component/server/device.js +58 -15
- package/dist/component/server/device.js.map +1 -1
- package/dist/component/server/enterprise/domain.js +148 -59
- package/dist/component/server/enterprise/domain.js.map +1 -1
- package/dist/component/server/enterprise/http.js +36 -15
- package/dist/component/server/enterprise/http.js.map +1 -1
- package/dist/component/server/enterprise/oidc.js +1 -1
- package/dist/component/server/http.js +26 -21
- package/dist/component/server/http.js.map +1 -1
- package/dist/component/server/identity.js +5 -2
- package/dist/component/server/identity.js.map +1 -1
- package/dist/component/server/limits.js +21 -30
- package/dist/component/server/limits.js.map +1 -1
- package/dist/component/server/mutations/account.js +12 -10
- package/dist/component/server/mutations/account.js.map +1 -1
- package/dist/component/server/mutations/code.js +5 -2
- package/dist/component/server/mutations/code.js.map +1 -1
- package/dist/component/server/mutations/invalidate.js +1 -1
- package/dist/component/server/mutations/invalidate.js.map +1 -1
- package/dist/component/server/mutations/oauth.js +10 -4
- package/dist/component/server/mutations/oauth.js.map +1 -1
- package/dist/component/server/mutations/refresh.js +2 -2
- package/dist/component/server/mutations/refresh.js.map +1 -1
- package/dist/component/server/mutations/register.js +46 -42
- package/dist/component/server/mutations/register.js.map +1 -1
- package/dist/component/server/mutations/retrieve.js +21 -25
- package/dist/component/server/mutations/retrieve.js.map +1 -1
- package/dist/component/server/mutations/signature.js +10 -4
- package/dist/component/server/mutations/signature.js.map +1 -1
- package/dist/component/server/mutations/signout.js.map +1 -1
- package/dist/component/server/mutations/store.js +9 -24
- package/dist/component/server/mutations/store.js.map +1 -1
- package/dist/component/server/mutations/verifier.js.map +1 -1
- package/dist/component/server/mutations/verify.js +1 -1
- package/dist/component/server/mutations/verify.js.map +1 -1
- package/dist/component/server/oauth.js +53 -16
- package/dist/component/server/oauth.js.map +1 -1
- package/dist/component/server/passkey.js +115 -31
- package/dist/component/server/passkey.js.map +1 -1
- package/dist/component/server/redirects.js +9 -3
- package/dist/component/server/redirects.js.map +1 -1
- package/dist/component/server/refresh.js +10 -7
- package/dist/component/server/refresh.js.map +1 -1
- package/dist/component/server/runtime.d.ts +1 -1
- package/dist/component/server/runtime.d.ts.map +1 -1
- package/dist/component/server/runtime.js +62 -20
- package/dist/component/server/runtime.js.map +1 -1
- package/dist/component/server/signin.js +34 -10
- package/dist/component/server/signin.js.map +1 -1
- package/dist/component/server/totp.js +79 -19
- package/dist/component/server/totp.js.map +1 -1
- package/dist/component/server/types.d.ts +12 -20
- package/dist/component/server/types.d.ts.map +1 -1
- package/dist/component/server/types.js.map +1 -1
- package/dist/component/server/users.js +6 -3
- package/dist/component/server/users.js.map +1 -1
- package/dist/component/server/utils.js +10 -4
- package/dist/component/server/utils.js.map +1 -1
- package/dist/core/types.d.ts +14 -22
- package/dist/core/types.d.ts.map +1 -1
- package/dist/factors/device.js +8 -9
- package/dist/factors/device.js.map +1 -1
- package/dist/factors/passkey.js +18 -21
- package/dist/factors/passkey.js.map +1 -1
- package/dist/providers/password.js +66 -81
- package/dist/providers/password.js.map +1 -1
- package/dist/runtime/invite.js +2 -8
- package/dist/runtime/invite.js.map +1 -1
- package/dist/server/auth.d.ts +37 -40
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +57 -23
- package/dist/server/auth.js.map +1 -1
- package/dist/server/core.d.ts +71 -159
- package/dist/server/core.d.ts.map +1 -1
- package/dist/server/core.js +116 -235
- package/dist/server/core.js.map +1 -1
- package/dist/server/crypto.d.ts.map +1 -1
- package/dist/server/crypto.js +25 -7
- package/dist/server/crypto.js.map +1 -1
- package/dist/server/device.js +58 -15
- package/dist/server/device.js.map +1 -1
- package/dist/server/enterprise/domain.d.ts +0 -8
- package/dist/server/enterprise/domain.d.ts.map +1 -1
- package/dist/server/enterprise/domain.js +148 -59
- package/dist/server/enterprise/domain.js.map +1 -1
- package/dist/server/enterprise/http.d.ts.map +1 -1
- package/dist/server/enterprise/http.js +35 -14
- package/dist/server/enterprise/http.js.map +1 -1
- package/dist/server/http.d.ts +2 -2
- package/dist/server/http.d.ts.map +1 -1
- package/dist/server/http.js +25 -20
- package/dist/server/http.js.map +1 -1
- package/dist/server/identity.js +5 -2
- package/dist/server/identity.js.map +1 -1
- package/dist/server/index.d.ts +2 -2
- package/dist/server/limits.js +21 -30
- package/dist/server/limits.js.map +1 -1
- package/dist/server/mounts.d.ts +24 -62
- package/dist/server/mounts.d.ts.map +1 -1
- package/dist/server/mounts.js +45 -106
- package/dist/server/mounts.js.map +1 -1
- package/dist/server/mutations/account.d.ts +8 -9
- package/dist/server/mutations/account.d.ts.map +1 -1
- package/dist/server/mutations/account.js +11 -9
- package/dist/server/mutations/account.js.map +1 -1
- package/dist/server/mutations/code.d.ts +12 -12
- package/dist/server/mutations/code.d.ts.map +1 -1
- package/dist/server/mutations/code.js +5 -2
- package/dist/server/mutations/code.js.map +1 -1
- package/dist/server/mutations/invalidate.d.ts +4 -4
- package/dist/server/mutations/invalidate.d.ts.map +1 -1
- package/dist/server/mutations/invalidate.js.map +1 -1
- package/dist/server/mutations/oauth.d.ts +14 -12
- package/dist/server/mutations/oauth.d.ts.map +1 -1
- package/dist/server/mutations/oauth.js +9 -3
- package/dist/server/mutations/oauth.js.map +1 -1
- package/dist/server/mutations/refresh.d.ts +3 -3
- package/dist/server/mutations/refresh.d.ts.map +1 -1
- package/dist/server/mutations/refresh.js +1 -1
- package/dist/server/mutations/refresh.js.map +1 -1
- package/dist/server/mutations/register.d.ts +11 -11
- package/dist/server/mutations/register.d.ts.map +1 -1
- package/dist/server/mutations/register.js +45 -41
- package/dist/server/mutations/register.js.map +1 -1
- package/dist/server/mutations/retrieve.d.ts +6 -6
- package/dist/server/mutations/retrieve.d.ts.map +1 -1
- package/dist/server/mutations/retrieve.js +20 -24
- package/dist/server/mutations/retrieve.js.map +1 -1
- package/dist/server/mutations/signature.d.ts +6 -7
- package/dist/server/mutations/signature.d.ts.map +1 -1
- package/dist/server/mutations/signature.js +9 -3
- package/dist/server/mutations/signature.js.map +1 -1
- package/dist/server/mutations/signin.d.ts +5 -5
- package/dist/server/mutations/signin.d.ts.map +1 -1
- package/dist/server/mutations/signout.js.map +1 -1
- package/dist/server/mutations/store.d.ts +83 -83
- package/dist/server/mutations/store.js +8 -23
- package/dist/server/mutations/store.js.map +1 -1
- package/dist/server/mutations/verifier.js.map +1 -1
- package/dist/server/mutations/verify.d.ts +7 -7
- package/dist/server/mutations/verify.d.ts.map +1 -1
- package/dist/server/mutations/verify.js.map +1 -1
- package/dist/server/oauth.js +53 -16
- package/dist/server/oauth.js.map +1 -1
- package/dist/server/passkey.d.ts +2 -2
- package/dist/server/passkey.d.ts.map +1 -1
- package/dist/server/passkey.js +114 -30
- package/dist/server/passkey.js.map +1 -1
- package/dist/server/redirects.js +9 -3
- package/dist/server/redirects.js.map +1 -1
- package/dist/server/refresh.js +10 -7
- package/dist/server/refresh.js.map +1 -1
- package/dist/server/runtime.d.ts +7 -7
- package/dist/server/runtime.d.ts.map +1 -1
- package/dist/server/runtime.js +61 -19
- package/dist/server/runtime.js.map +1 -1
- package/dist/server/signin.js +34 -10
- package/dist/server/signin.js.map +1 -1
- package/dist/server/ssr.d.ts.map +1 -1
- package/dist/server/ssr.js +175 -184
- package/dist/server/ssr.js.map +1 -1
- package/dist/server/totp.js +78 -18
- package/dist/server/totp.js.map +1 -1
- package/dist/server/types.d.ts +13 -21
- package/dist/server/types.d.ts.map +1 -1
- package/dist/server/types.js.map +1 -1
- package/dist/server/users.js +6 -3
- package/dist/server/users.js.map +1 -1
- package/dist/server/utils.js +10 -4
- package/dist/server/utils.js.map +1 -1
- package/package.json +1 -5
- package/src/authorization/index.ts +1 -1
- package/src/client/core/types.ts +14 -14
- package/src/client/factors/device.ts +10 -12
- package/src/client/factors/passkey.ts +23 -26
- package/src/client/index.ts +54 -64
- package/src/client/runtime/invite.ts +5 -7
- package/src/component/index.ts +1 -1
- package/src/component/public/enterprise/audit.ts +6 -1
- package/src/component/public/enterprise/core.ts +1 -0
- package/src/component/public/enterprise/domains.ts +5 -1
- package/src/component/public/enterprise/scim.ts +1 -0
- package/src/component/public/enterprise/secrets.ts +1 -0
- package/src/component/public/enterprise/webhooks.ts +1 -0
- package/src/component/public/factors/devices.ts +1 -0
- package/src/component/public/factors/passkeys.ts +1 -0
- package/src/component/public/factors/totp.ts +1 -0
- package/src/component/public/groups/core.ts +1 -1
- package/src/component/public/groups/invites.ts +7 -1
- package/src/component/public/groups/members.ts +1 -0
- package/src/component/public/identity/accounts.ts +1 -0
- package/src/component/public/identity/codes.ts +1 -0
- package/src/component/public/identity/sessions.ts +1 -0
- package/src/component/public/identity/tokens.ts +1 -0
- package/src/component/public/identity/users.ts +1 -0
- package/src/component/public/identity/verifiers.ts +1 -0
- package/src/component/public/security/keys.ts +1 -0
- package/src/component/public/security/limits.ts +1 -0
- package/src/providers/password.ts +89 -110
- package/src/server/auth.ts +92 -70
- package/src/server/core.ts +197 -233
- package/src/server/crypto.ts +31 -29
- package/src/server/device.ts +65 -32
- package/src/server/enterprise/domain.ts +158 -170
- package/src/server/enterprise/http.ts +46 -39
- package/src/server/http.ts +36 -30
- package/src/server/identity.ts +5 -5
- package/src/server/index.ts +1 -1
- package/src/server/limits.ts +53 -80
- package/src/server/mounts.ts +47 -74
- package/src/server/mutations/account.ts +22 -36
- package/src/server/mutations/code.ts +6 -6
- package/src/server/mutations/invalidate.ts +1 -1
- package/src/server/mutations/oauth.ts +14 -8
- package/src/server/mutations/refresh.ts +5 -4
- package/src/server/mutations/register.ts +87 -132
- package/src/server/mutations/retrieve.ts +44 -44
- package/src/server/mutations/signature.ts +13 -6
- package/src/server/mutations/signout.ts +1 -1
- package/src/server/mutations/store.ts +16 -31
- package/src/server/mutations/verifier.ts +1 -1
- package/src/server/mutations/verify.ts +3 -5
- package/src/server/oauth.ts +60 -69
- package/src/server/passkey.ts +567 -517
- package/src/server/redirects.ts +10 -6
- package/src/server/refresh.ts +14 -18
- package/src/server/runtime.ts +70 -55
- package/src/server/signin.ts +44 -37
- package/src/server/ssr.ts +390 -407
- package/src/server/totp.ts +85 -35
- package/src/server/types.ts +19 -22
- package/src/server/users.ts +7 -6
- package/src/server/utils.ts +10 -12
- package/dist/component/server/authError.js +0 -34
- package/dist/component/server/authError.js.map +0 -1
- package/dist/component/server/errors.d.ts +0 -1
- package/dist/component/server/errors.js +0 -137
- package/dist/component/server/errors.js.map +0 -1
- package/dist/server/authError.d.ts +0 -46
- package/dist/server/authError.d.ts.map +0 -1
- package/dist/server/authError.js +0 -34
- package/dist/server/authError.js.map +0 -1
- package/dist/server/errors.d.ts +0 -177
- package/dist/server/errors.d.ts.map +0 -1
- package/dist/server/errors.js +0 -212
- package/dist/server/errors.js.map +0 -1
- package/src/server/authError.ts +0 -44
- package/src/server/errors.ts +0 -290
|
@@ -16,9 +16,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
16
16
|
*/
|
|
17
17
|
User: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
18
18
|
phone?: string | undefined;
|
|
19
|
-
email?: string | undefined;
|
|
20
|
-
name?: string | undefined;
|
|
21
19
|
extend?: any;
|
|
20
|
+
name?: string | undefined;
|
|
21
|
+
email?: string | undefined;
|
|
22
22
|
image?: string | undefined;
|
|
23
23
|
emailVerificationTime?: number | undefined;
|
|
24
24
|
phoneVerificationTime?: number | undefined;
|
|
@@ -32,7 +32,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
32
32
|
phoneVerificationTime: convex_values121.VFloat64<number | undefined, "optional">;
|
|
33
33
|
isAnonymous: convex_values121.VBoolean<boolean | undefined, "optional">;
|
|
34
34
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
35
|
-
}, "required", "phone" | "
|
|
35
|
+
}, "required", "phone" | "extend" | "name" | "email" | "image" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | `extend.${string}`>, {
|
|
36
36
|
email: ["email", "_creationTime"];
|
|
37
37
|
email_verified: ["email", "emailVerificationTime", "_creationTime"];
|
|
38
38
|
phone: ["phone", "_creationTime"];
|
|
@@ -107,9 +107,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
107
107
|
verifier?: string | undefined;
|
|
108
108
|
emailVerified?: string | undefined;
|
|
109
109
|
phoneVerified?: string | undefined;
|
|
110
|
-
code: string;
|
|
111
110
|
provider: string;
|
|
112
111
|
accountId: convex_values121.GenericId<"Account">;
|
|
112
|
+
code: string;
|
|
113
113
|
expirationTime: number;
|
|
114
114
|
}, {
|
|
115
115
|
accountId: convex_values121.VId<convex_values121.GenericId<"Account">, "required">;
|
|
@@ -119,7 +119,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
119
119
|
verifier: convex_values121.VString<string | undefined, "optional">;
|
|
120
120
|
emailVerified: convex_values121.VString<string | undefined, "optional">;
|
|
121
121
|
phoneVerified: convex_values121.VString<string | undefined, "optional">;
|
|
122
|
-
}, "required", "
|
|
122
|
+
}, "required", "provider" | "verifier" | "accountId" | "code" | "expirationTime" | "emailVerified" | "phoneVerified">, {
|
|
123
123
|
account_id: ["accountId", "_creationTime"];
|
|
124
124
|
code: ["code", "_creationTime"];
|
|
125
125
|
}, {}, {}>;
|
|
@@ -247,9 +247,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
247
247
|
* organizations, teams, departments, or any tree structure.
|
|
248
248
|
*/
|
|
249
249
|
Group: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
250
|
-
slug?: string | undefined;
|
|
251
250
|
type?: string | undefined;
|
|
252
251
|
extend?: any;
|
|
252
|
+
slug?: string | undefined;
|
|
253
253
|
parentGroupId?: convex_values121.GenericId<"Group"> | undefined;
|
|
254
254
|
rootGroupId?: convex_values121.GenericId<"Group"> | undefined;
|
|
255
255
|
isRoot?: boolean | undefined;
|
|
@@ -276,7 +276,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
276
276
|
value: convex_values121.VString<string, "required">;
|
|
277
277
|
}, "required", "value" | "key">, "optional">;
|
|
278
278
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
279
|
-
}, "required", "
|
|
279
|
+
}, "required", "type" | "extend" | "name" | "slug" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags">, {
|
|
280
280
|
slug: ["slug", "_creationTime"];
|
|
281
281
|
parent_group_id: ["parentGroupId", "_creationTime"];
|
|
282
282
|
root_group_id: ["rootGroupId", "_creationTime"];
|
|
@@ -308,8 +308,8 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
308
308
|
* member of multiple groups with different roles in each.
|
|
309
309
|
*/
|
|
310
310
|
GroupMember: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
311
|
-
status?: string | undefined;
|
|
312
311
|
extend?: any;
|
|
312
|
+
status?: string | undefined;
|
|
313
313
|
role?: string | undefined;
|
|
314
314
|
roleIds?: string[] | undefined;
|
|
315
315
|
groupId: convex_values121.GenericId<"Group">;
|
|
@@ -321,7 +321,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
321
321
|
roleIds: convex_values121.VArray<string[] | undefined, convex_values121.VString<string, "required">, "optional">;
|
|
322
322
|
status: convex_values121.VString<string | undefined, "optional">;
|
|
323
323
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
324
|
-
}, "required", "
|
|
324
|
+
}, "required", "groupId" | "extend" | "status" | "userId" | `extend.${string}` | "role" | "roleIds">, {
|
|
325
325
|
group_id: ["groupId", "_creationTime"];
|
|
326
326
|
group_id_user_id: ["groupId", "userId", "_creationTime"];
|
|
327
327
|
group_id_status: ["groupId", "status", "_creationTime"];
|
|
@@ -336,9 +336,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
336
336
|
* invite links where neither is known upfront.
|
|
337
337
|
*/
|
|
338
338
|
GroupInvite: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
339
|
-
email?: string | undefined;
|
|
340
339
|
groupId?: convex_values121.GenericId<"Group"> | undefined;
|
|
341
340
|
extend?: any;
|
|
341
|
+
email?: string | undefined;
|
|
342
342
|
role?: string | undefined;
|
|
343
343
|
roleIds?: string[] | undefined;
|
|
344
344
|
invitedByUserId?: convex_values121.GenericId<"User"> | undefined;
|
|
@@ -359,7 +359,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
359
359
|
acceptedByUserId: convex_values121.VId<convex_values121.GenericId<"User"> | undefined, "optional">;
|
|
360
360
|
acceptedTime: convex_values121.VFloat64<number | undefined, "optional">;
|
|
361
361
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
362
|
-
}, "required", "
|
|
362
|
+
}, "required", "groupId" | "extend" | "status" | "email" | `extend.${string}` | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "expiresTime" | "acceptedByUserId" | "acceptedTime">, {
|
|
363
363
|
token_hash: ["tokenHash", "_creationTime"];
|
|
364
364
|
status: ["status", "_creationTime"];
|
|
365
365
|
email_status: ["email", "status", "_creationTime"];
|
|
@@ -375,6 +375,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
375
375
|
* field addition.
|
|
376
376
|
*/
|
|
377
377
|
Enterprise: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
378
|
+
extend?: any;
|
|
378
379
|
name?: string | undefined;
|
|
379
380
|
slug?: string | undefined;
|
|
380
381
|
policy?: {
|
|
@@ -382,8 +383,8 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
382
383
|
version: 1;
|
|
383
384
|
identity: {
|
|
384
385
|
accountLinking: {
|
|
385
|
-
saml: "verifiedEmail" | "none";
|
|
386
386
|
oidc: "verifiedEmail" | "none";
|
|
387
|
+
saml: "verifiedEmail" | "none";
|
|
387
388
|
};
|
|
388
389
|
};
|
|
389
390
|
provisioning: {
|
|
@@ -400,10 +401,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
400
401
|
};
|
|
401
402
|
};
|
|
402
403
|
} | undefined;
|
|
403
|
-
extend?: any;
|
|
404
404
|
config?: any;
|
|
405
|
-
status: "draft" | "active" | "disabled";
|
|
406
405
|
groupId: convex_values121.GenericId<"Group">;
|
|
406
|
+
status: "draft" | "active" | "disabled";
|
|
407
407
|
}, {
|
|
408
408
|
groupId: convex_values121.VId<convex_values121.GenericId<"Group">, "required">;
|
|
409
409
|
slug: convex_values121.VString<string | undefined, "optional">;
|
|
@@ -414,8 +414,8 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
414
414
|
version: 1;
|
|
415
415
|
identity: {
|
|
416
416
|
accountLinking: {
|
|
417
|
-
saml: "verifiedEmail" | "none";
|
|
418
417
|
oidc: "verifiedEmail" | "none";
|
|
418
|
+
saml: "verifiedEmail" | "none";
|
|
419
419
|
};
|
|
420
420
|
};
|
|
421
421
|
provisioning: {
|
|
@@ -435,18 +435,18 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
435
435
|
version: convex_values121.VLiteral<1, "required">;
|
|
436
436
|
identity: convex_values121.VObject<{
|
|
437
437
|
accountLinking: {
|
|
438
|
-
saml: "verifiedEmail" | "none";
|
|
439
438
|
oidc: "verifiedEmail" | "none";
|
|
439
|
+
saml: "verifiedEmail" | "none";
|
|
440
440
|
};
|
|
441
441
|
}, {
|
|
442
442
|
accountLinking: convex_values121.VObject<{
|
|
443
|
-
saml: "verifiedEmail" | "none";
|
|
444
443
|
oidc: "verifiedEmail" | "none";
|
|
444
|
+
saml: "verifiedEmail" | "none";
|
|
445
445
|
}, {
|
|
446
446
|
oidc: convex_values121.VUnion<"verifiedEmail" | "none", [convex_values121.VLiteral<"verifiedEmail", "required">, convex_values121.VLiteral<"none", "required">], "required", never>;
|
|
447
447
|
saml: convex_values121.VUnion<"verifiedEmail" | "none", [convex_values121.VLiteral<"verifiedEmail", "required">, convex_values121.VLiteral<"none", "required">], "required", never>;
|
|
448
|
-
}, "required", "
|
|
449
|
-
}, "required", "accountLinking" | "accountLinking.
|
|
448
|
+
}, "required", "oidc" | "saml">;
|
|
449
|
+
}, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
|
|
450
450
|
provisioning: convex_values121.VObject<{
|
|
451
451
|
scimReuse: {
|
|
452
452
|
user: "none" | "externalId";
|
|
@@ -481,10 +481,10 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
481
481
|
}, "required", "mode">;
|
|
482
482
|
}, "required", "scimReuse" | "jit" | "deprovision" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode">;
|
|
483
483
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
484
|
-
}, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.
|
|
484
|
+
}, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode">;
|
|
485
485
|
config: convex_values121.VAny<any, "optional", string>;
|
|
486
486
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
487
|
-
}, "required", "
|
|
487
|
+
}, "required", "groupId" | "extend" | "name" | "slug" | "status" | `extend.${string}` | "policy" | "config" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | `config.${string}`>, {
|
|
488
488
|
group_id: ["groupId", "_creationTime"];
|
|
489
489
|
slug: ["slug", "_creationTime"];
|
|
490
490
|
status: ["status", "_creationTime"];
|
|
@@ -494,9 +494,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
494
494
|
*/
|
|
495
495
|
EnterpriseDomain: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
496
496
|
verifiedAt?: number | undefined;
|
|
497
|
-
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
498
497
|
groupId: convex_values121.GenericId<"Group">;
|
|
499
498
|
domain: string;
|
|
499
|
+
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
500
500
|
isPrimary: boolean;
|
|
501
501
|
}, {
|
|
502
502
|
enterpriseId: convex_values121.VId<convex_values121.GenericId<"Enterprise">, "required">;
|
|
@@ -504,7 +504,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
504
504
|
domain: convex_values121.VString<string, "required">;
|
|
505
505
|
isPrimary: convex_values121.VBoolean<boolean, "required">;
|
|
506
506
|
verifiedAt: convex_values121.VFloat64<number | undefined, "optional">;
|
|
507
|
-
}, "required", "
|
|
507
|
+
}, "required", "groupId" | "domain" | "enterpriseId" | "isPrimary" | "verifiedAt">, {
|
|
508
508
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
509
509
|
group_id: ["groupId", "_creationTime"];
|
|
510
510
|
domain: ["domain", "_creationTime"];
|
|
@@ -513,11 +513,11 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
513
513
|
* Pending DNS TXT verification challenges for enterprise domains.
|
|
514
514
|
*/
|
|
515
515
|
EnterpriseDomainVerification: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
516
|
-
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
517
516
|
groupId: convex_values121.GenericId<"Group">;
|
|
518
517
|
domain: string;
|
|
519
|
-
tokenHash: string;
|
|
520
518
|
expiresAt: number;
|
|
519
|
+
tokenHash: string;
|
|
520
|
+
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
521
521
|
domainId: convex_values121.GenericId<"EnterpriseDomain">;
|
|
522
522
|
recordName: string;
|
|
523
523
|
token: string;
|
|
@@ -532,7 +532,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
532
532
|
tokenHash: convex_values121.VString<string, "required">;
|
|
533
533
|
requestedAt: convex_values121.VFloat64<number, "required">;
|
|
534
534
|
expiresAt: convex_values121.VFloat64<number, "required">;
|
|
535
|
-
}, "required", "
|
|
535
|
+
}, "required", "groupId" | "domain" | "expiresAt" | "tokenHash" | "enterpriseId" | "domainId" | "recordName" | "token" | "requestedAt">, {
|
|
536
536
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
537
537
|
domain_id: ["domainId", "_creationTime"];
|
|
538
538
|
token_hash: ["tokenHash", "_creationTime"];
|
|
@@ -541,9 +541,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
541
541
|
* Encrypted enterprise secrets stored separately from protocol config.
|
|
542
542
|
*/
|
|
543
543
|
EnterpriseSecret: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
544
|
-
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
545
544
|
groupId: convex_values121.GenericId<"Group">;
|
|
546
545
|
kind: "oidc_client_secret";
|
|
546
|
+
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
547
547
|
ciphertext: string;
|
|
548
548
|
updatedAt: number;
|
|
549
549
|
}, {
|
|
@@ -552,7 +552,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
552
552
|
kind: convex_values121.VUnion<"oidc_client_secret", [convex_values121.VLiteral<"oidc_client_secret", "required">], "required", never>;
|
|
553
553
|
ciphertext: convex_values121.VString<string, "required">;
|
|
554
554
|
updatedAt: convex_values121.VFloat64<number, "required">;
|
|
555
|
-
}, "required", "
|
|
555
|
+
}, "required", "groupId" | "kind" | "enterpriseId" | "ciphertext" | "updatedAt">, {
|
|
556
556
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
557
557
|
enterprise_id_kind: ["enterpriseId", "kind", "_creationTime"];
|
|
558
558
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -563,10 +563,10 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
563
563
|
EnterpriseScimConfig: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
564
564
|
extend?: any;
|
|
565
565
|
lastRotatedAt?: number | undefined;
|
|
566
|
-
status: "draft" | "active" | "disabled";
|
|
567
|
-
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
568
566
|
groupId: convex_values121.GenericId<"Group">;
|
|
567
|
+
status: "draft" | "active" | "disabled";
|
|
569
568
|
tokenHash: string;
|
|
569
|
+
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
570
570
|
basePath: string;
|
|
571
571
|
}, {
|
|
572
572
|
enterpriseId: convex_values121.VId<convex_values121.GenericId<"Enterprise">, "required">;
|
|
@@ -576,7 +576,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
576
576
|
tokenHash: convex_values121.VString<string, "required">;
|
|
577
577
|
lastRotatedAt: convex_values121.VFloat64<number | undefined, "optional">;
|
|
578
578
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
579
|
-
}, "required", "
|
|
579
|
+
}, "required", "groupId" | "extend" | "status" | `extend.${string}` | "tokenHash" | "enterpriseId" | "basePath" | "lastRotatedAt">, {
|
|
580
580
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
581
581
|
group_id: ["groupId", "_creationTime"];
|
|
582
582
|
token_hash: ["tokenHash", "_creationTime"];
|
|
@@ -587,25 +587,25 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
587
587
|
*/
|
|
588
588
|
EnterpriseScimIdentity: convex_server66.TableDefinition<convex_values121.VObject<{
|
|
589
589
|
active?: boolean | undefined;
|
|
590
|
-
lastProvisionedAt?: number | undefined;
|
|
591
590
|
userId?: convex_values121.GenericId<"User"> | undefined;
|
|
592
591
|
mappedGroupId?: convex_values121.GenericId<"Group"> | undefined;
|
|
592
|
+
lastProvisionedAt?: number | undefined;
|
|
593
593
|
raw?: any;
|
|
594
|
-
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
595
594
|
groupId: convex_values121.GenericId<"Group">;
|
|
596
595
|
externalId: string;
|
|
597
|
-
|
|
596
|
+
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
597
|
+
resourceType: "group" | "user";
|
|
598
598
|
}, {
|
|
599
599
|
enterpriseId: convex_values121.VId<convex_values121.GenericId<"Enterprise">, "required">;
|
|
600
600
|
groupId: convex_values121.VId<convex_values121.GenericId<"Group">, "required">;
|
|
601
|
-
resourceType: convex_values121.VUnion<"
|
|
601
|
+
resourceType: convex_values121.VUnion<"group" | "user", [convex_values121.VLiteral<"user", "required">, convex_values121.VLiteral<"group", "required">], "required", never>;
|
|
602
602
|
externalId: convex_values121.VString<string, "required">;
|
|
603
603
|
userId: convex_values121.VId<convex_values121.GenericId<"User"> | undefined, "optional">;
|
|
604
604
|
mappedGroupId: convex_values121.VId<convex_values121.GenericId<"Group"> | undefined, "optional">;
|
|
605
605
|
lastProvisionedAt: convex_values121.VFloat64<number | undefined, "optional">;
|
|
606
606
|
active: convex_values121.VBoolean<boolean | undefined, "optional">;
|
|
607
607
|
raw: convex_values121.VAny<any, "optional", string>;
|
|
608
|
-
}, "required", "
|
|
608
|
+
}, "required", "groupId" | "active" | "userId" | "externalId" | "enterpriseId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
|
|
609
609
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
610
610
|
group_id: ["groupId", "_creationTime"];
|
|
611
611
|
enterprise_id_resource_type_external_id: ["enterpriseId", "resourceType", "externalId", "_creationTime"];
|
|
@@ -622,9 +622,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
622
622
|
requestId?: string | undefined;
|
|
623
623
|
ip?: string | undefined;
|
|
624
624
|
metadata?: any;
|
|
625
|
+
groupId: convex_values121.GenericId<"Group">;
|
|
625
626
|
status: "success" | "failure";
|
|
626
627
|
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
627
|
-
groupId: convex_values121.GenericId<"Group">;
|
|
628
628
|
actorType: "user" | "system" | "scim" | "api_key" | "webhook";
|
|
629
629
|
eventType: string;
|
|
630
630
|
subjectType: string;
|
|
@@ -642,7 +642,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
642
642
|
requestId: convex_values121.VString<string | undefined, "optional">;
|
|
643
643
|
ip: convex_values121.VString<string | undefined, "optional">;
|
|
644
644
|
metadata: convex_values121.VAny<any, "optional", string>;
|
|
645
|
-
}, "required", "
|
|
645
|
+
}, "required", "groupId" | "status" | "enterpriseId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip" | "metadata" | `metadata.${string}`>, {
|
|
646
646
|
enterprise_id_occurred_at: ["enterpriseId", "occurredAt", "_creationTime"];
|
|
647
647
|
group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
|
|
648
648
|
event_type_occurred_at: ["eventType", "occurredAt", "_creationTime"];
|
|
@@ -655,9 +655,9 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
655
655
|
createdByUserId?: convex_values121.GenericId<"User"> | undefined;
|
|
656
656
|
lastSuccessAt?: number | undefined;
|
|
657
657
|
lastFailureAt?: number | undefined;
|
|
658
|
+
groupId: convex_values121.GenericId<"Group">;
|
|
658
659
|
status: "active" | "disabled";
|
|
659
660
|
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
660
|
-
groupId: convex_values121.GenericId<"Group">;
|
|
661
661
|
url: string;
|
|
662
662
|
secretHash: string;
|
|
663
663
|
subscriptions: string[];
|
|
@@ -674,7 +674,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
674
674
|
lastFailureAt: convex_values121.VFloat64<number | undefined, "optional">;
|
|
675
675
|
failureCount: convex_values121.VFloat64<number, "required">;
|
|
676
676
|
extend: convex_values121.VAny<any, "optional", string>;
|
|
677
|
-
}, "required", "
|
|
677
|
+
}, "required", "groupId" | "extend" | "status" | `extend.${string}` | "enterpriseId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
|
|
678
678
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
679
679
|
group_id: ["groupId", "_creationTime"];
|
|
680
680
|
status: ["status", "_creationTime"];
|
|
@@ -689,8 +689,8 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
689
689
|
lastError?: string | undefined;
|
|
690
690
|
status: "pending" | "processing" | "delivered" | "failed";
|
|
691
691
|
enterpriseId: convex_values121.GenericId<"Enterprise">;
|
|
692
|
-
endpointId: convex_values121.GenericId<"EnterpriseWebhookEndpoint">;
|
|
693
692
|
eventType: string;
|
|
693
|
+
endpointId: convex_values121.GenericId<"EnterpriseWebhookEndpoint">;
|
|
694
694
|
attemptCount: number;
|
|
695
695
|
nextAttemptAt: number;
|
|
696
696
|
payload: any;
|
|
@@ -706,7 +706,7 @@ declare const _default: convex_server66.SchemaDefinition<{
|
|
|
706
706
|
lastResponseStatus: convex_values121.VFloat64<number | undefined, "optional">;
|
|
707
707
|
lastError: convex_values121.VString<string | undefined, "optional">;
|
|
708
708
|
payload: convex_values121.VAny<any, "required", string>;
|
|
709
|
-
}, "required", "status" | "enterpriseId" | "
|
|
709
|
+
}, "required", "status" | "enterpriseId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
|
|
710
710
|
enterprise_id: ["enterpriseId", "_creationTime"];
|
|
711
711
|
status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
|
|
712
712
|
endpoint_id_status: ["endpointId", "status", "_creationTime"];
|
|
@@ -12,7 +12,7 @@ import { GenericId } from "convex/values";
|
|
|
12
12
|
type AuthConfig = Omit<ConvexAuthConfig, "component">;
|
|
13
13
|
/** Canonical user document type exposed by Convex Auth. */
|
|
14
14
|
type UserDoc = Doc<"User">;
|
|
15
|
-
type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth>["auth"]["member"], "create" | "list" | "update" | "
|
|
15
|
+
type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig | undefined> = Omit<ReturnType<typeof Auth>["auth"]["member"], "create" | "list" | "update" | "inspect" | "require"> & {
|
|
16
16
|
create: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["create"]>[0], data: {
|
|
17
17
|
groupId: string;
|
|
18
18
|
userId: string;
|
|
@@ -20,7 +20,6 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
|
|
|
20
20
|
status?: string;
|
|
21
21
|
extend?: Record<string, unknown>;
|
|
22
22
|
}) => Promise<{
|
|
23
|
-
ok: true;
|
|
24
23
|
memberId: string;
|
|
25
24
|
}>;
|
|
26
25
|
list: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["list"]>[0], opts?: {
|
|
@@ -38,17 +37,22 @@ type MemberApiWithAuthorization<TAuthorization extends AuthAuthorizationConfig |
|
|
|
38
37
|
update: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["update"]>[0], memberId: string, data: Record<string, unknown> & {
|
|
39
38
|
roleIds?: AuthRoleId<TAuthorization>[];
|
|
40
39
|
}) => Promise<{
|
|
41
|
-
ok: true;
|
|
42
40
|
memberId: string;
|
|
43
41
|
}>;
|
|
44
|
-
|
|
42
|
+
inspect: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["inspect"]>[0], opts: {
|
|
43
|
+
userId: string;
|
|
44
|
+
groupId: string;
|
|
45
|
+
ancestry?: boolean;
|
|
46
|
+
maxDepth?: number;
|
|
47
|
+
}) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["inspect"]>;
|
|
48
|
+
require: (ctx: Parameters<ReturnType<typeof Auth>["auth"]["member"]["require"]>[0], opts: {
|
|
45
49
|
userId: string;
|
|
46
50
|
groupId: string;
|
|
47
51
|
ancestry?: boolean;
|
|
48
52
|
roleIds?: AuthRoleId<TAuthorization>[];
|
|
49
53
|
grants?: AuthGrant<TAuthorization>[];
|
|
50
54
|
maxDepth?: number;
|
|
51
|
-
}) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["
|
|
55
|
+
}) => ReturnType<ReturnType<typeof Auth>["auth"]["member"]["require"]>;
|
|
52
56
|
};
|
|
53
57
|
/**
|
|
54
58
|
* The base auth API surface returned by {@link createAuth}.
|
|
@@ -79,30 +83,29 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
79
83
|
key: ReturnType<typeof Auth>["auth"]["key"];
|
|
80
84
|
http: ReturnType<typeof Auth>["auth"]["http"];
|
|
81
85
|
/**
|
|
82
|
-
* Resolve the current
|
|
86
|
+
* Resolve the current request's auth context. Framework-agnostic — use
|
|
83
87
|
* this in fluent-convex middleware, custom wrappers, or anywhere you
|
|
84
|
-
* need the
|
|
88
|
+
* need the current `{ userId, user, groupId, role, grants }` object.
|
|
85
89
|
*
|
|
86
|
-
*
|
|
90
|
+
* Throws a structured `ConvexError` when unauthenticated.
|
|
87
91
|
*
|
|
88
92
|
* @param ctx - Convex query, mutation, or action context.
|
|
89
|
-
* @returns The
|
|
93
|
+
* @returns The current auth context.
|
|
90
94
|
*
|
|
91
95
|
* @example fluent-convex middleware
|
|
92
96
|
* ```ts
|
|
93
97
|
* const withAuth = convex.createMiddleware(async (ctx, next) => {
|
|
94
|
-
* return next({ ...ctx, auth: await auth.
|
|
98
|
+
* return next({ ...ctx, auth: await auth.context(ctx) });
|
|
95
99
|
* });
|
|
96
100
|
* ```
|
|
97
101
|
*
|
|
98
102
|
* @example Direct usage in a handler
|
|
99
103
|
* ```ts
|
|
100
|
-
* const
|
|
101
|
-
*
|
|
102
|
-
* const { userId, grants } = resolved;
|
|
104
|
+
* const authContext = await auth.context(ctx);
|
|
105
|
+
* const { userId, grants } = authContext;
|
|
103
106
|
* ```
|
|
104
107
|
*/
|
|
105
|
-
|
|
108
|
+
context: (ctx: any) => Promise<AuthContext>;
|
|
106
109
|
/**
|
|
107
110
|
* Context enrichment for convex-helpers `customQuery` / `customMutation` /
|
|
108
111
|
* `customAction`.
|
|
@@ -111,9 +114,9 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
111
114
|
* and grants, then attaches them to `ctx.auth`. Returns a `Customization`
|
|
112
115
|
* object compatible with convex-helpers' custom function builders.
|
|
113
116
|
*
|
|
114
|
-
* `ctx.auth` is
|
|
115
|
-
*
|
|
116
|
-
*
|
|
117
|
+
* `ctx.auth` is the current request auth context.
|
|
118
|
+
* By default this throws when unauthenticated so handlers can assume
|
|
119
|
+
* `ctx.auth.userId` and `ctx.auth.user` exist.
|
|
117
120
|
*
|
|
118
121
|
* @returns A convex-helpers `Customization` object.
|
|
119
122
|
*
|
|
@@ -135,7 +138,6 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
135
138
|
* export const list = authQuery({
|
|
136
139
|
* args: { workspaceId: v.string() },
|
|
137
140
|
* handler: async (ctx, args) => {
|
|
138
|
-
* if (!ctx.auth) return [];
|
|
139
141
|
* const { userId, groupId, grants } = ctx.auth;
|
|
140
142
|
* // business logic
|
|
141
143
|
* },
|
|
@@ -146,26 +148,27 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
146
148
|
args: Record<string, never>;
|
|
147
149
|
input: (ctx: any) => Promise<{
|
|
148
150
|
ctx: {
|
|
149
|
-
auth:
|
|
151
|
+
auth: AuthContext;
|
|
150
152
|
};
|
|
151
153
|
args: Record<string, never>;
|
|
152
154
|
}>;
|
|
153
155
|
};
|
|
154
156
|
};
|
|
155
157
|
/**
|
|
156
|
-
*
|
|
157
|
-
* {@link AuthCtx}.
|
|
158
|
-
* {@link
|
|
158
|
+
* Current request auth context injected into `ctx.auth` by `auth.ctx()` and
|
|
159
|
+
* {@link AuthCtx}. This is the authenticated auth shape returned by
|
|
160
|
+
* {@link createAuth().context}. Optional context builders may still surface
|
|
161
|
+
* nullable fields when `optional: true` is used.
|
|
159
162
|
*
|
|
160
|
-
* - `null` when unauthenticated.
|
|
161
163
|
* - `groupId` is `null` when the user has no active group set.
|
|
162
|
-
* - `role`
|
|
164
|
+
* - `role` is `null` when no active group or no membership is resolved.
|
|
165
|
+
* - `grants` is `[]` when no active group or no membership is resolved.
|
|
163
166
|
*
|
|
164
167
|
* @example
|
|
165
168
|
* ```ts
|
|
166
|
-
* import type {
|
|
169
|
+
* import type { AuthContext } from "@robelest/convex-auth/server";
|
|
167
170
|
*
|
|
168
|
-
* const mockAuth:
|
|
171
|
+
* const mockAuth: AuthContext = {
|
|
169
172
|
* userId: "user123" as Id<"User">,
|
|
170
173
|
* user: { _id: "user123", email: "test@example.com" },
|
|
171
174
|
* groupId: "group456",
|
|
@@ -174,7 +177,7 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
|
|
|
174
177
|
* };
|
|
175
178
|
* ```
|
|
176
179
|
*/
|
|
177
|
-
type
|
|
180
|
+
type AuthContext = {
|
|
178
181
|
/** The authenticated user's document ID. */userId: GenericId<"User">; /** The authenticated user's full document. */
|
|
179
182
|
user: UserDoc; /** The user's active group ID, or `null` if none set. */
|
|
180
183
|
groupId: string | null; /** The user's primary role in the active group, or `null`. */
|
|
@@ -184,7 +187,7 @@ type AuthResolvedContext = {
|
|
|
184
187
|
type AuthCtxBase = {
|
|
185
188
|
getUserIdentity: () => Promise<UserIdentity | null>;
|
|
186
189
|
};
|
|
187
|
-
type RequiredAuthCtxState = AuthCtxBase &
|
|
190
|
+
type RequiredAuthCtxState = AuthCtxBase & AuthContext;
|
|
188
191
|
type OptionalAuthCtxState = AuthCtxBase & {
|
|
189
192
|
userId: GenericId<"User"> | null;
|
|
190
193
|
user: UserDoc | null;
|
|
@@ -202,7 +205,6 @@ type PublicSsoAdminApi = {
|
|
|
202
205
|
domain: string;
|
|
203
206
|
isPrimary?: boolean;
|
|
204
207
|
}>) => Promise<{
|
|
205
|
-
ok: true;
|
|
206
208
|
enterpriseId: string;
|
|
207
209
|
domains: Array<{
|
|
208
210
|
domainId: string;
|
|
@@ -217,7 +219,6 @@ type PublicSsoAdminApi = {
|
|
|
217
219
|
enterpriseId: string;
|
|
218
220
|
domain: string;
|
|
219
221
|
}) => Promise<{
|
|
220
|
-
ok: true;
|
|
221
222
|
enterpriseId: string;
|
|
222
223
|
domain: string;
|
|
223
224
|
requestedAt: number;
|
|
@@ -232,7 +233,6 @@ type PublicSsoAdminApi = {
|
|
|
232
233
|
enterpriseId: string;
|
|
233
234
|
domain: string;
|
|
234
235
|
}) => Promise<{
|
|
235
|
-
ok: boolean;
|
|
236
236
|
enterpriseId: string;
|
|
237
237
|
domain: string;
|
|
238
238
|
verifiedAt?: number;
|
|
@@ -320,13 +320,13 @@ type AuthCtxConfig<TResolve extends Record<string, unknown> = Record<string, nev
|
|
|
320
320
|
* Attach additional derived fields to the auth context after the base auth
|
|
321
321
|
* context is resolved.
|
|
322
322
|
*/
|
|
323
|
-
resolve?: (ctx: any, user: UserDoc, auth:
|
|
323
|
+
resolve?: (ctx: any, user: UserDoc, auth: AuthContext) => Promise<TResolve> | TResolve;
|
|
324
324
|
/**
|
|
325
325
|
* Override or wrap the base auth resolution used by {@link AuthCtx}.
|
|
326
326
|
*
|
|
327
327
|
* Return `undefined` to fall back to the built-in resolver,
|
|
328
328
|
* `null` for an explicit unauthenticated state, or an
|
|
329
|
-
* {@link
|
|
329
|
+
* {@link AuthContext} object to provide a pre-resolved auth state.
|
|
330
330
|
* This is useful for tests, proxy auth, impersonation flows, or any
|
|
331
331
|
* environment that needs to inject auth without depending on the standard
|
|
332
332
|
* Convex auth tables.
|
|
@@ -345,7 +345,7 @@ type AuthCtxConfig<TResolve extends Record<string, unknown> = Record<string, nev
|
|
|
345
345
|
* });
|
|
346
346
|
* ```
|
|
347
347
|
*/
|
|
348
|
-
authResolve?: (ctx: any, fallback: () => Promise<
|
|
348
|
+
authResolve?: (ctx: any, fallback: () => Promise<AuthContext | null>) => Promise<AuthContext | null | undefined> | AuthContext | null | undefined;
|
|
349
349
|
};
|
|
350
350
|
/**
|
|
351
351
|
* Create a context enrichment for `customQuery` / `customMutation` — optional auth.
|
|
@@ -384,11 +384,8 @@ declare function AuthCtx<TResolve extends Record<string, unknown> = Record<strin
|
|
|
384
384
|
/**
|
|
385
385
|
* Create a context enrichment for `customQuery` / `customMutation` — required auth (default).
|
|
386
386
|
*
|
|
387
|
-
* When `optional` is omitted or `false`,
|
|
388
|
-
*
|
|
389
|
-
* no user is signed in the returned `ctx.auth.userId` / `ctx.auth.user` are
|
|
390
|
-
* `null`, `ctx.auth.groupId` / `ctx.auth.role` are `null`, and
|
|
391
|
-
* `ctx.auth.grants` is `[]`.
|
|
387
|
+
* When `optional` is omitted or `false`, unauthenticated requests throw a
|
|
388
|
+
* structured `ConvexError` before your handler runs.
|
|
392
389
|
*
|
|
393
390
|
* @param auth - The auth API object returned by {@link createAuth}.
|
|
394
391
|
* @param config - Optional configuration with a `resolve` callback
|
|
@@ -446,5 +443,5 @@ type InferAuth<T extends {
|
|
|
446
443
|
}>;
|
|
447
444
|
}> = Awaited<ReturnType<T["input"]>>["ctx"]["auth"];
|
|
448
445
|
//#endregion
|
|
449
|
-
export { AuthApi, AuthConfig, AuthCtx, AuthCtxConfig,
|
|
446
|
+
export { AuthApi, AuthConfig, AuthContext, AuthCtx, AuthCtxConfig, InferAuth, UserDoc, createAuth };
|
|
450
447
|
//# sourceMappingURL=auth.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","names":[],"sources":["../../../src/server/auth.ts"],"mappings":";;;;;;;;AAqCA;;;KAHY,UAAA,GAAa,IAAA,CAAK,gBAAA;;KAGlB,OAAA,GAAU,GAAA;AAAA,KAEjB,0BAAA,wBACoB,uBAAA,gBACrB,IAAA,CACF,UAAA,QAAkB,IAAA;EAGlB,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,IAAA;IACE,OAAA;IACA,MAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA;IACA,MAAA,GAAS,MAAA;EAAA,MAER,OAAA;IAAU,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","names":[],"sources":["../../../src/server/auth.ts"],"mappings":";;;;;;;;AAqCA;;;KAHY,UAAA,GAAa,IAAA,CAAK,gBAAA;;KAGlB,OAAA,GAAU,GAAA;AAAA,KAEjB,0BAAA,wBACoB,uBAAA,gBACrB,IAAA,CACF,UAAA,QAAkB,IAAA;EAGlB,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,IAAA;IACE,OAAA;IACA,MAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA;IACA,MAAA,GAAS,MAAA;EAAA,MAER,OAAA;IAAU,QAAA;EAAA;EACf,IAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,iCAEpB,IAAA;IACE,KAAA;MACE,OAAA;MACA,MAAA;MACA,MAAA,GAAS,UAAA,CAAW,cAAA;MACpB,MAAA;IAAA;IAEF,KAAA;IACA,MAAA;IACA,OAAA;IACA,KAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;EAClC,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,mCAEpB,QAAA,UACA,IAAA,EAAM,MAAA;IAA4B,OAAA,GAAU,UAAA,CAAW,cAAA;EAAA,MACpD,OAAA;IAAU,QAAA;EAAA;EACf,OAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,oCAEpB,IAAA;IACE,MAAA;IACA,OAAA;IACA,QAAA;IACA,QAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;EAClC,OAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,IAAA,oCAEpB,IAAA;IACE,MAAA;IACA,OAAA;IACA,QAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA,GAAS,SAAA,CAAU,cAAA;IACnB,QAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,IAAA;AAAA;;;;;;;;;;;;;;;;KAkBxB,WAAA,wBACa,uBAAA;EAEvB,MAAA,EAAQ,UAAA,QAAkB,IAAA;EAC1B,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,IAAA;EACzB,IAAA,EAAM,UAAA,QAAkB,IAAA;EACxB,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,QAAA,EAAU,UAAA,QAAkB,IAAA;EAC5B,OAAA,EAAS,UAAA,QAAkB,IAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,IAAA;EACzB,MAAA,EAAQ,0BAAA,CAA2B,cAAA;EACnC,MAAA,EAAQ,UAAA,QAAkB,IAAA;EAC1B,GAAA,EAAK,UAAA,QAAkB,IAAA;EACvB,IAAA,EAAM,UAAA,QAAkB,IAAA;EA7EF;;;;;;;;;;;;;;;;;;;;;;;EAqGtB,OAAA,GAAU,GAAA,UAAa,OAAA,CAAQ,WAAA;EAjFK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwHpC,GAAA;IACE,IAAA,EAAM,MAAA;IACN,KAAA,GAAQ,GAAA,UAAa,OAAA;MACnB,GAAA;QAAO,IAAA,EAAM,WAAA;MAAA;MACb,IAAA,EAAM,MAAA;IAAA;EAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;KA4BA,WAAA;EA5BA,4CA8BV,MAAA,EAAQ,SAAA,UAhCsB;EAkC9B,IAAA,EAAM,OAAA,EAhHN;EAkHA,OAAA,iBAhHA;EAkHA,IAAA,iBAlH0B;EAoH1B,MAAA;AAAA;AAAA,KAGG,WAAA;EACH,eAAA,QAAuB,OAAA,CAAQ,YAAA;AAAA;AAAA,KAG5B,oBAAA,GAAuB,WAAA,GAAc,WAAA;AAAA,KAErC,oBAAA,GAAuB,WAAA;EAC1B,MAAA,EAAQ,SAAA;EACR,IAAA,EAAM,OAAA;EACN,OAAA;EACA,IAAA;EACA,MAAA;AAAA;AAAA,KAGG,cAAA,GAAiB,UAAA,QAAkB,IAAA;AAAA,KAEnC,iBAAA;EACH,UAAA,EAAY,cAAA;IACV,MAAA;MACE,IAAA,EAAM,cAAA;MACN,QAAA,EAAU,cAAA;MACV,GAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,YAAA,UACA,OAAA,EAAS,KAAA;QACP,MAAA;QACA,SAAA;MAAA,OAEC,OAAA;QACH,YAAA;QACA,OAAA,EAAS,KAAA;UACP,QAAA;UACA,MAAA;UACA,SAAA;UACA,QAAA;UACA,UAAA;QAAA;MAAA;MAGJ,YAAA;QACE,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,YAAA;UACA,MAAA;UACA,WAAA;UACA,SAAA;UACA,SAAA;YACE,UAAA;YACA,UAAA;YACA,WAAA;UAAA;QAAA;QAGJ,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,YAAA;UACA,MAAA;UACA,UAAA;UACA,MAAA,EAAQ,KAAA;YAAQ,IAAA;YAAc,EAAA;YAAa,OAAA;UAAA;QAAA;MAAA;IAAA;EAAA;EAKnD,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,MAAA,EAAQ,cAAA;EACR,KAAA;IACE,IAAA,EAAM,cAAA;EAAA;EAER,OAAA;IACE,QAAA,EAAU,cAAA;IACV,QAAA;MACE,IAAA,EAAM,cAAA;IAAA;EAAA;AAAA;AAAA,KAKP,kBAAA;EACH,MAAA,EAAQ,cAAA;EACR,QAAA,EAAU,cAAA;AAAA;AAAA,KAGP,YAAA;EACH,KAAA,EAAO,iBAAA;EACP,MAAA,EAAQ,kBAAA;AAAA;AAAA,KAGL,aAAA;EACH,KAAA,EAAO,IAAA,CAAK,cAAA;AAAA;;;;;;;;;AA/EN;;;;;AAG2C;;KA8FvC,OAAA,wBACa,uBAAA,4BACrB,WAAA,CAAY,cAAA;EACd,GAAA,EAAK,YAAA;EACL,IAAA,EAAM,aAAA;AAAA;;;;;;;;;;;;;;;;KAkBI,gBAAA,WACA,kBAAA,2BACa,uBAAA,4BAEvB,MAAA,CAAO,CAAA,iBACH,OAAA,CAAQ,cAAA,IACR,WAAA,CAAY,cAAA;AAAA,iBAgGF,UAAA,WACJ,kBAAA,2BACa,uBAAA,yBAAA,CAEvB,SAAA,EAAW,gBAAA,eACX,MAAA,EAAQ,IAAA,CAAK,UAAA;EACX,SAAA,EAAW,CAAA;EACX,aAAA,GAAgB,cAAA;AAAA,IAEjB,gBAAA,CAAiB,CAAA,EAAG,cAAA;;;;;;;KA8NX,aAAA,kBACO,MAAA,oBAA0B,MAAA;EA9anC,8EAibR,QAAA;EA7aI;;;;EAkbJ,OAAA,IACE,GAAA,OACA,IAAA,EAAM,OAAA,EACN,IAAA,EAAM,WAAA,KACH,OAAA,CAAQ,QAAA,IAAY,QAAA;EAnbT;;;;;;;;;;;;;;;;;;;;;;;;EA4chB,WAAA,IACE,GAAA,OACA,QAAA,QAAgB,OAAA,CAAQ,WAAA,aACrB,OAAA,CAAQ,WAAA,uBAAkC,WAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;AA9avB;;iBAwcV,OAAA,kBACG,MAAA,oBAA0B,MAAA,gBAAA,CAE3C,IAAA,EAAM,QAAA,EACN,MAAA,EAAQ,aAAA,CAAc,QAAA;EAAc,QAAA;AAAA;EAEpC,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA,EAAM,oBAAA,GAAuB,QAAA;IAAA;IAE/B,IAAA;EAAA;AAAA;;;;;;;;AA3cwB;;;;;;;;;AAsB5B;;;;;iBA6cgB,OAAA,kBACG,MAAA,oBAA0B,MAAA,gBAAA,CAE3C,IAAA,EAAM,QAAA,EACN,MAAA,GAAS,aAAA,CAAc,QAAA;EAEvB,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA,EAAM,oBAAA,GAAuB,QAAA;IAAA;IAE/B,IAAA;EAAA;AAAA;;;;;;;AAtcJ;;;;;;;;;;;;;;;;;;KAwhBY,SAAA;EACE,KAAA,MAAW,IAAA,YAAgB,OAAA;IAAU,GAAA;MAAO,IAAA;IAAA;EAAA;AAAA,KACtD,OAAA,CAAQ,UAAA,CAAW,CAAA"}
|