@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { mutation, query } from "../../functions.js";
|
|
2
1
|
import { vRefreshTokenDoc } from "../../model.js";
|
|
2
|
+
import { mutation, query } from "../../functions.js";
|
|
3
3
|
import { v } from "convex/values";
|
|
4
4
|
|
|
5
5
|
//#region src/component/public/identity/tokens.ts
|
|
@@ -159,7 +159,7 @@ const refreshTokenListBySession = query({
|
|
|
159
159
|
args: { sessionId: v.id("Session") },
|
|
160
160
|
returns: v.array(vRefreshTokenDoc),
|
|
161
161
|
handler: async (ctx, { sessionId }) => {
|
|
162
|
-
return await ctx.db.query("RefreshToken").withIndex("
|
|
162
|
+
return await ctx.db.query("RefreshToken").withIndex("session_id", (q) => q.eq("sessionId", sessionId)).collect();
|
|
163
163
|
}
|
|
164
164
|
});
|
|
165
165
|
/**
|
|
@@ -186,11 +186,89 @@ const refreshTokenDeleteAll = mutation({
|
|
|
186
186
|
args: { sessionId: v.id("Session") },
|
|
187
187
|
returns: v.null(),
|
|
188
188
|
handler: async (ctx, { sessionId }) => {
|
|
189
|
-
const tokens = await ctx.db.query("RefreshToken").withIndex("
|
|
189
|
+
const tokens = await ctx.db.query("RefreshToken").withIndex("session_id", (q) => q.eq("sessionId", sessionId)).collect();
|
|
190
190
|
await Promise.all(tokens.map((token) => ctx.db.delete("RefreshToken", token._id)));
|
|
191
191
|
return null;
|
|
192
192
|
}
|
|
193
193
|
});
|
|
194
|
+
const refreshSessionExchangeResult = v.union(v.object({
|
|
195
|
+
userId: v.id("User"),
|
|
196
|
+
sessionId: v.id("Session"),
|
|
197
|
+
refreshTokenId: v.id("RefreshToken")
|
|
198
|
+
}), v.null());
|
|
199
|
+
const refreshTokenExchange = mutation({
|
|
200
|
+
args: {
|
|
201
|
+
refreshTokenId: v.id("RefreshToken"),
|
|
202
|
+
sessionId: v.id("Session"),
|
|
203
|
+
now: v.number(),
|
|
204
|
+
refreshTokenExpirationTime: v.number(),
|
|
205
|
+
reuseWindowMs: v.number()
|
|
206
|
+
},
|
|
207
|
+
returns: refreshSessionExchangeResult,
|
|
208
|
+
handler: async (ctx, args) => {
|
|
209
|
+
const cleanupSessionArtifacts = async () => {
|
|
210
|
+
if (await ctx.db.get("Session", args.sessionId) !== null) await ctx.db.delete("Session", args.sessionId);
|
|
211
|
+
const tokens = await ctx.db.query("RefreshToken").withIndex("session_id", (q) => q.eq("sessionId", args.sessionId)).collect();
|
|
212
|
+
await Promise.all(tokens.map((token) => ctx.db.delete("RefreshToken", token._id)));
|
|
213
|
+
};
|
|
214
|
+
const refreshTokenDoc = await ctx.db.get("RefreshToken", args.refreshTokenId);
|
|
215
|
+
if (refreshTokenDoc === null || refreshTokenDoc.expirationTime < args.now || refreshTokenDoc.sessionId !== args.sessionId) {
|
|
216
|
+
await cleanupSessionArtifacts();
|
|
217
|
+
return null;
|
|
218
|
+
}
|
|
219
|
+
const session = await ctx.db.get("Session", args.sessionId);
|
|
220
|
+
if (session === null || session.expirationTime < args.now) {
|
|
221
|
+
await cleanupSessionArtifacts();
|
|
222
|
+
return null;
|
|
223
|
+
}
|
|
224
|
+
const issueRefreshToken = () => ctx.db.insert("RefreshToken", {
|
|
225
|
+
sessionId: args.sessionId,
|
|
226
|
+
expirationTime: args.refreshTokenExpirationTime,
|
|
227
|
+
parentRefreshTokenId: args.refreshTokenId
|
|
228
|
+
});
|
|
229
|
+
if (refreshTokenDoc.firstUsedTime === void 0) {
|
|
230
|
+
await ctx.db.patch("RefreshToken", args.refreshTokenId, { firstUsedTime: args.now });
|
|
231
|
+
const refreshTokenId = await issueRefreshToken();
|
|
232
|
+
return {
|
|
233
|
+
userId: session.userId,
|
|
234
|
+
sessionId: args.sessionId,
|
|
235
|
+
refreshTokenId
|
|
236
|
+
};
|
|
237
|
+
}
|
|
238
|
+
const activeRefreshToken = await ctx.db.query("RefreshToken").withIndex("session_id_first_used", (q) => q.eq("sessionId", args.sessionId).eq("firstUsedTime", void 0)).order("desc").first();
|
|
239
|
+
if (activeRefreshToken !== null && activeRefreshToken.parentRefreshTokenId === args.refreshTokenId) return {
|
|
240
|
+
userId: session.userId,
|
|
241
|
+
sessionId: args.sessionId,
|
|
242
|
+
refreshTokenId: activeRefreshToken._id
|
|
243
|
+
};
|
|
244
|
+
if (refreshTokenDoc.firstUsedTime + args.reuseWindowMs > args.now) {
|
|
245
|
+
const refreshTokenId = await issueRefreshToken();
|
|
246
|
+
return {
|
|
247
|
+
userId: session.userId,
|
|
248
|
+
sessionId: args.sessionId,
|
|
249
|
+
refreshTokenId
|
|
250
|
+
};
|
|
251
|
+
}
|
|
252
|
+
const tokensToInvalidate = [refreshTokenDoc];
|
|
253
|
+
const visited = new Set([refreshTokenDoc._id]);
|
|
254
|
+
let frontier = [refreshTokenDoc._id];
|
|
255
|
+
while (frontier.length > 0) {
|
|
256
|
+
const nextFrontier = [];
|
|
257
|
+
for (const parentRefreshTokenId of frontier) {
|
|
258
|
+
const children = await ctx.db.query("RefreshToken").withIndex("session_id_parent_refresh_token_id", (q) => q.eq("sessionId", args.sessionId).eq("parentRefreshTokenId", parentRefreshTokenId)).collect();
|
|
259
|
+
for (const child of children) {
|
|
260
|
+
if (visited.has(child._id)) continue;
|
|
261
|
+
visited.add(child._id);
|
|
262
|
+
tokensToInvalidate.push(child);
|
|
263
|
+
nextFrontier.push(child._id);
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
frontier = nextFrontier;
|
|
267
|
+
}
|
|
268
|
+
await Promise.all(tokensToInvalidate.filter((token) => token.firstUsedTime === void 0 || token.firstUsedTime > args.now - args.reuseWindowMs).map((token) => ctx.db.patch("RefreshToken", token._id, { firstUsedTime: args.now - args.reuseWindowMs })));
|
|
269
|
+
return null;
|
|
270
|
+
}
|
|
271
|
+
});
|
|
194
272
|
/**
|
|
195
273
|
* Get the active (unused) refresh token for a session.
|
|
196
274
|
*
|
|
@@ -223,5 +301,5 @@ const refreshTokenGetActive = query({
|
|
|
223
301
|
});
|
|
224
302
|
|
|
225
303
|
//#endregion
|
|
226
|
-
export { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch };
|
|
304
|
+
export { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenExchange, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch };
|
|
227
305
|
//# sourceMappingURL=tokens.js.map
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { mutation, query } from "../../functions.js";
|
|
2
1
|
import { vAuthVerifierDoc } from "../../model.js";
|
|
2
|
+
import { mutation, query } from "../../functions.js";
|
|
3
3
|
import { v } from "convex/values";
|
|
4
4
|
|
|
5
5
|
//#region src/component/public/identity/verifiers.ts
|
|
@@ -24,10 +24,16 @@ import { v } from "convex/values";
|
|
|
24
24
|
* ```
|
|
25
25
|
*/
|
|
26
26
|
const verifierCreate = mutation({
|
|
27
|
-
args: {
|
|
27
|
+
args: {
|
|
28
|
+
sessionId: v.optional(v.id("Session")),
|
|
29
|
+
signature: v.optional(v.string())
|
|
30
|
+
},
|
|
28
31
|
returns: v.id("AuthVerifier"),
|
|
29
|
-
handler: async (ctx, { sessionId }) => {
|
|
30
|
-
return await ctx.db.insert("AuthVerifier", {
|
|
32
|
+
handler: async (ctx, { sessionId, signature }) => {
|
|
33
|
+
return await ctx.db.insert("AuthVerifier", {
|
|
34
|
+
sessionId,
|
|
35
|
+
signature
|
|
36
|
+
});
|
|
31
37
|
}
|
|
32
38
|
});
|
|
33
39
|
/**
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { mutation, query } from "../../functions.js";
|
|
2
1
|
import { vApiKeyDoc, vApiKeyRateLimit, vApiKeyRateLimitState, vApiKeyScope, vPaginated } from "../../model.js";
|
|
2
|
+
import { mutation, query } from "../../functions.js";
|
|
3
3
|
import { ConvexError, v } from "convex/values";
|
|
4
4
|
|
|
5
5
|
//#region src/component/public/security/keys.ts
|
|
@@ -1,17 +1,17 @@
|
|
|
1
|
+
import { vAuditActorType, vAuditStatus, vGroupAuditEventDoc } from "../../model.js";
|
|
1
2
|
import { mutation, query } from "../../functions.js";
|
|
2
|
-
import { vAuditActorType, vAuditStatus, vEnterpriseAuditEventDoc } from "../../model.js";
|
|
3
3
|
import { v } from "convex/values";
|
|
4
4
|
|
|
5
|
-
//#region src/component/public/
|
|
5
|
+
//#region src/component/public/sso/audit.ts
|
|
6
6
|
/**
|
|
7
|
-
* Record a new audit event for an
|
|
7
|
+
* Record a new audit event for an group.sso.
|
|
8
8
|
*
|
|
9
9
|
* Inserts an immutable audit log entry capturing who performed what action,
|
|
10
10
|
* on which subject, and whether it succeeded or failed. Use this to maintain
|
|
11
11
|
* a tamper-evident trail of security-relevant events.
|
|
12
12
|
*
|
|
13
|
-
* @param args.
|
|
14
|
-
* @param args.groupId - The ID of the root group that owns the
|
|
13
|
+
* @param args.connectionId - Optional connection ID when the event belongs to a specific group connection.
|
|
14
|
+
* @param args.groupId - The ID of the root group that owns the group.sso.
|
|
15
15
|
* @param args.eventType - A string identifying the type of event (e.g. `"user.login"`, `"scim.provision"`).
|
|
16
16
|
* @param args.actorType - The kind of actor: `"user"`, `"system"`, `"scim"`, `"api_key"`, or `"webhook"`.
|
|
17
17
|
* @param args.actorId - An optional identifier for the actor (e.g. a user ID or API key ID).
|
|
@@ -22,14 +22,14 @@ import { v } from "convex/values";
|
|
|
22
22
|
* @param args.requestId - An optional correlation ID tying this event to a specific request.
|
|
23
23
|
* @param args.ip - An optional IP address of the actor.
|
|
24
24
|
* @param args.metadata - An optional arbitrary object with additional event details.
|
|
25
|
-
* @returns The ID of the newly created `
|
|
25
|
+
* @returns The ID of the newly created `GroupAuditEvent` document.
|
|
26
26
|
*
|
|
27
27
|
* @example
|
|
28
28
|
* ```ts
|
|
29
29
|
* const eventId = await ctx.runMutation(
|
|
30
|
-
* components.auth.
|
|
30
|
+
* components.auth.group.sso.groupAuditEventCreate,
|
|
31
31
|
* {
|
|
32
|
-
*
|
|
32
|
+
* connectionId,
|
|
33
33
|
* groupId: orgGroupId,
|
|
34
34
|
* eventType: "user.login",
|
|
35
35
|
* actorType: "user",
|
|
@@ -43,9 +43,9 @@ import { v } from "convex/values";
|
|
|
43
43
|
* );
|
|
44
44
|
* ```
|
|
45
45
|
*/
|
|
46
|
-
const
|
|
46
|
+
const groupAuditEventCreate = mutation({
|
|
47
47
|
args: {
|
|
48
|
-
|
|
48
|
+
connectionId: v.optional(v.id("GroupConnection")),
|
|
49
49
|
groupId: v.id("Group"),
|
|
50
50
|
eventType: v.string(),
|
|
51
51
|
actorType: vAuditActorType,
|
|
@@ -58,21 +58,21 @@ const enterpriseAuditEventCreate = mutation({
|
|
|
58
58
|
ip: v.optional(v.string()),
|
|
59
59
|
metadata: v.optional(v.any())
|
|
60
60
|
},
|
|
61
|
-
returns: v.id("
|
|
61
|
+
returns: v.id("GroupAuditEvent"),
|
|
62
62
|
handler: async (ctx, args) => {
|
|
63
|
-
return await ctx.db.insert("
|
|
63
|
+
return await ctx.db.insert("GroupAuditEvent", args);
|
|
64
64
|
}
|
|
65
65
|
});
|
|
66
66
|
/**
|
|
67
|
-
* List audit events, optionally filtered by
|
|
67
|
+
* List audit events, optionally filtered by group connection or group.
|
|
68
68
|
*
|
|
69
|
-
* Returns audit events in reverse chronological order. When `
|
|
70
|
-
* provided, events are filtered using the `
|
|
69
|
+
* Returns audit events in reverse chronological order. When `connectionId` is
|
|
70
|
+
* provided, events are filtered using the `group_connection_id_occurred_at` index.
|
|
71
71
|
* When only `groupId` is provided, the `group_id_occurred_at` index is used.
|
|
72
|
-
* If neither filter is given, the most recent events across all
|
|
72
|
+
* If neither filter is given, the most recent events across all group connections
|
|
73
73
|
* are returned.
|
|
74
74
|
*
|
|
75
|
-
* @param args.
|
|
75
|
+
* @param args.connectionId - An optional group connection ID to scope events to a single group.sso.
|
|
76
76
|
* @param args.groupId - An optional group ID to scope events to a single group.
|
|
77
77
|
* @param args.limit - Maximum number of events to return (clamped between 1 and 100, defaults to 50).
|
|
78
78
|
* @returns An array of audit event documents, most recent first.
|
|
@@ -80,29 +80,29 @@ const enterpriseAuditEventCreate = mutation({
|
|
|
80
80
|
* @example
|
|
81
81
|
* ```ts
|
|
82
82
|
* const events = await ctx.runQuery(
|
|
83
|
-
* components.auth.
|
|
84
|
-
* {
|
|
83
|
+
* components.auth.group.sso.groupAuditEventList,
|
|
84
|
+
* { connectionId, limit: 20 },
|
|
85
85
|
* );
|
|
86
86
|
* for (const event of events) {
|
|
87
87
|
* console.log(event.eventType, event.actorType, event.status);
|
|
88
88
|
* }
|
|
89
89
|
* ```
|
|
90
90
|
*/
|
|
91
|
-
const
|
|
91
|
+
const groupAuditEventList = query({
|
|
92
92
|
args: {
|
|
93
|
-
|
|
93
|
+
connectionId: v.optional(v.id("GroupConnection")),
|
|
94
94
|
groupId: v.optional(v.id("Group")),
|
|
95
95
|
limit: v.optional(v.number())
|
|
96
96
|
},
|
|
97
|
-
returns: v.array(
|
|
97
|
+
returns: v.array(vGroupAuditEventDoc),
|
|
98
98
|
handler: async (ctx, args) => {
|
|
99
99
|
const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
|
|
100
|
-
if (args.
|
|
101
|
-
if (args.groupId !== void 0) return await ctx.db.query("
|
|
102
|
-
return await ctx.db.query("
|
|
100
|
+
if (args.connectionId !== void 0) return await ctx.db.query("GroupAuditEvent").withIndex("group_connection_id_occurred_at", (idx) => idx.eq("connectionId", args.connectionId)).order("desc").take(limit);
|
|
101
|
+
if (args.groupId !== void 0) return await ctx.db.query("GroupAuditEvent").withIndex("group_id_occurred_at", (idx) => idx.eq("groupId", args.groupId)).order("desc").take(limit);
|
|
102
|
+
return await ctx.db.query("GroupAuditEvent").order("desc").take(limit);
|
|
103
103
|
}
|
|
104
104
|
});
|
|
105
105
|
|
|
106
106
|
//#endregion
|
|
107
|
-
export {
|
|
107
|
+
export { groupAuditEventCreate, groupAuditEventList };
|
|
108
108
|
//# sourceMappingURL=audit.js.map
|
|
@@ -0,0 +1,263 @@
|
|
|
1
|
+
import { vGroupConnectionDoc, vGroupConnectionDomainDoc, vGroupConnectionProtocol, vGroupConnectionStatus, vPaginated } from "../../model.js";
|
|
2
|
+
import { mutation, query } from "../../functions.js";
|
|
3
|
+
import { v } from "convex/values";
|
|
4
|
+
|
|
5
|
+
//#region src/component/public/sso/core.ts
|
|
6
|
+
/**
|
|
7
|
+
* Create a new group connection record attached to a root group.
|
|
8
|
+
*
|
|
9
|
+
* Creates a new group SSO connection attached to a root group.
|
|
10
|
+
* The group connection status defaults to `"draft"` when not explicitly provided.
|
|
11
|
+
*
|
|
12
|
+
* @param args.groupId - The ID of the root group that owns this group.sso.
|
|
13
|
+
* @param args.slug - An optional URL-friendly identifier for the group.sso.
|
|
14
|
+
* @param args.name - An optional human-readable display name for the group.sso.
|
|
15
|
+
* @param args.protocol - The protocol for this group connection (`"oidc"` or `"saml"`).
|
|
16
|
+
* @param args.status - The lifecycle status (`"draft"`, `"active"`, or `"disabled"`). Defaults to `"draft"`.
|
|
17
|
+
* @param args.config - An optional arbitrary configuration blob for group connection-specific settings.
|
|
18
|
+
* @param args.extend - An optional arbitrary extension object for custom fields.
|
|
19
|
+
* @returns The ID of the newly created `Group Connection` document.
|
|
20
|
+
*
|
|
21
|
+
* @example
|
|
22
|
+
* ```ts
|
|
23
|
+
* const connectionId = await ctx.runMutation(
|
|
24
|
+
* components.auth.group.sso.groupConnectionCreate,
|
|
25
|
+
* {
|
|
26
|
+
* groupId: orgGroupId,
|
|
27
|
+
* slug: "acme-corp",
|
|
28
|
+
* name: "Acme Corporation",
|
|
29
|
+
* status: "active",
|
|
30
|
+
* },
|
|
31
|
+
* );
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
const groupConnectionCreate = mutation({
|
|
35
|
+
args: {
|
|
36
|
+
groupId: v.id("Group"),
|
|
37
|
+
slug: v.optional(v.string()),
|
|
38
|
+
name: v.optional(v.string()),
|
|
39
|
+
protocol: vGroupConnectionProtocol,
|
|
40
|
+
status: v.optional(vGroupConnectionStatus),
|
|
41
|
+
config: v.optional(v.any()),
|
|
42
|
+
extend: v.optional(v.any())
|
|
43
|
+
},
|
|
44
|
+
returns: v.id("GroupConnection"),
|
|
45
|
+
handler: async (ctx, args) => {
|
|
46
|
+
return await ctx.db.insert("GroupConnection", {
|
|
47
|
+
...args,
|
|
48
|
+
status: args.status ?? "draft"
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
});
|
|
52
|
+
/**
|
|
53
|
+
* Retrieve a single group connection record by its document ID.
|
|
54
|
+
*
|
|
55
|
+
* Returns the full group connection document if it exists, or `null` if no
|
|
56
|
+
* group connection is found with the given ID.
|
|
57
|
+
*
|
|
58
|
+
* @param args.connectionId - The document ID of the group connection to retrieve.
|
|
59
|
+
* @returns The group connection document, or `null` if not found.
|
|
60
|
+
*
|
|
61
|
+
* @example
|
|
62
|
+
* ```ts
|
|
63
|
+
* const connection = await ctx.runQuery(
|
|
64
|
+
* components.auth.group.sso.groupConnectionGet,
|
|
65
|
+
* { connectionId },
|
|
66
|
+
* );
|
|
67
|
+
* if (connection) {
|
|
68
|
+
* console.log(group.sso.name, group.sso.status);
|
|
69
|
+
* }
|
|
70
|
+
* ```
|
|
71
|
+
*/
|
|
72
|
+
const groupConnectionGet = query({
|
|
73
|
+
args: { connectionId: v.id("GroupConnection") },
|
|
74
|
+
returns: v.union(vGroupConnectionDoc, v.null()),
|
|
75
|
+
handler: async (ctx, { connectionId }) => {
|
|
76
|
+
return await ctx.db.get("GroupConnection", connectionId);
|
|
77
|
+
}
|
|
78
|
+
});
|
|
79
|
+
/**
|
|
80
|
+
* Retrieve an group connection record by one of its linked domain names.
|
|
81
|
+
*
|
|
82
|
+
* Looks up a `GroupConnectionDomain` row matching the given domain string, then
|
|
83
|
+
* resolves the parent group.sso. Returns both the group connection and the matched
|
|
84
|
+
* domain document, or `null` if the domain is not registered or its group connection
|
|
85
|
+
* no longer exists.
|
|
86
|
+
*
|
|
87
|
+
* @param args.domain - The domain name to search for (e.g. `"acme.com"`).
|
|
88
|
+
* @returns An object containing the `group connection` and `domain` documents, or `null` if not found.
|
|
89
|
+
*
|
|
90
|
+
* @example
|
|
91
|
+
* ```ts
|
|
92
|
+
* const result = await ctx.runQuery(
|
|
93
|
+
* components.auth.group.sso.groupConnectionGetByDomain,
|
|
94
|
+
* { domain: "acme.com" },
|
|
95
|
+
* );
|
|
96
|
+
* if (result) {
|
|
97
|
+
* console.log(result.connection.name, result.domain.verifiedAt);
|
|
98
|
+
* }
|
|
99
|
+
* ```
|
|
100
|
+
*/
|
|
101
|
+
const groupConnectionGetByDomain = query({
|
|
102
|
+
args: { domain: v.string() },
|
|
103
|
+
returns: v.union(v.object({
|
|
104
|
+
connection: vGroupConnectionDoc,
|
|
105
|
+
domain: vGroupConnectionDomainDoc
|
|
106
|
+
}), v.null()),
|
|
107
|
+
handler: async (ctx, { domain }) => {
|
|
108
|
+
const domainRow = await ctx.db.query("GroupConnectionDomain").withIndex("domain", (idx) => idx.eq("domain", domain)).first();
|
|
109
|
+
if (!domainRow) return null;
|
|
110
|
+
const connection = await ctx.db.get("GroupConnection", domainRow.connectionId);
|
|
111
|
+
if (!connection) return null;
|
|
112
|
+
return {
|
|
113
|
+
connection,
|
|
114
|
+
domain: domainRow
|
|
115
|
+
};
|
|
116
|
+
}
|
|
117
|
+
});
|
|
118
|
+
/**
|
|
119
|
+
* List group connection records with optional filtering and cursor-based pagination.
|
|
120
|
+
*
|
|
121
|
+
* Supports filtering by `groupId`, `slug`, and/or `status`. The query selects
|
|
122
|
+
* the most specific index available for the primary filter, then applies
|
|
123
|
+
* remaining predicates as post-filters. Results are ordered by creation time
|
|
124
|
+
* (or the specified field) and paginated using an opaque cursor.
|
|
125
|
+
*
|
|
126
|
+
* @param args.where - Optional filter criteria: `groupId`, `slug`, and/or `status`.
|
|
127
|
+
* @param args.limit - Maximum number of items per page (clamped between 1 and 100, defaults to 50).
|
|
128
|
+
* @param args.cursor - An opaque cursor string returned from a previous call to fetch the next page, or `null` / omitted for the first page.
|
|
129
|
+
* @param args.orderBy - The field to sort results by: `"_creationTime"`, `"name"`, `"slug"`, or `"status"`.
|
|
130
|
+
* @param args.order - Sort direction: `"asc"` or `"desc"` (defaults to `"desc"`).
|
|
131
|
+
* @returns A paginated result containing `items` (array of group connection documents) and `nextCursor` (`string | null`).
|
|
132
|
+
*
|
|
133
|
+
* @example
|
|
134
|
+
* ```ts
|
|
135
|
+
* const page = await ctx.runQuery(
|
|
136
|
+
* components.auth.group.sso.groupConnectionList,
|
|
137
|
+
* {
|
|
138
|
+
* where: { status: "active" },
|
|
139
|
+
* limit: 25,
|
|
140
|
+
* order: "asc",
|
|
141
|
+
* },
|
|
142
|
+
* );
|
|
143
|
+
* for (const ent of page.items) {
|
|
144
|
+
* console.log(ent.name);
|
|
145
|
+
* }
|
|
146
|
+
* // Fetch next page:
|
|
147
|
+
* const nextPage = await ctx.runQuery(
|
|
148
|
+
* components.auth.group.sso.groupConnectionList,
|
|
149
|
+
* { where: { status: "active" }, cursor: page.nextCursor },
|
|
150
|
+
* );
|
|
151
|
+
* ```
|
|
152
|
+
*/
|
|
153
|
+
const groupConnectionList = query({
|
|
154
|
+
args: {
|
|
155
|
+
where: v.optional(v.object({
|
|
156
|
+
groupId: v.optional(v.id("Group")),
|
|
157
|
+
slug: v.optional(v.string()),
|
|
158
|
+
status: v.optional(vGroupConnectionStatus)
|
|
159
|
+
})),
|
|
160
|
+
limit: v.optional(v.number()),
|
|
161
|
+
cursor: v.optional(v.union(v.string(), v.null())),
|
|
162
|
+
orderBy: v.optional(v.union(v.literal("_creationTime"), v.literal("name"), v.literal("slug"), v.literal("status"))),
|
|
163
|
+
order: v.optional(v.union(v.literal("asc"), v.literal("desc")))
|
|
164
|
+
},
|
|
165
|
+
returns: vPaginated(vGroupConnectionDoc),
|
|
166
|
+
handler: async (ctx, args) => {
|
|
167
|
+
const where = args.where ?? {};
|
|
168
|
+
const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);
|
|
169
|
+
const order = args.order ?? "desc";
|
|
170
|
+
let q;
|
|
171
|
+
if (where.groupId !== void 0) q = ctx.db.query("GroupConnection").withIndex("group_id", (idx) => idx.eq("groupId", where.groupId));
|
|
172
|
+
else if (where.slug !== void 0) q = ctx.db.query("GroupConnection").withIndex("slug", (idx) => idx.eq("slug", where.slug));
|
|
173
|
+
else if (where.status !== void 0) q = ctx.db.query("GroupConnection").withIndex("status", (idx) => idx.eq("status", where.status));
|
|
174
|
+
else q = ctx.db.query("GroupConnection");
|
|
175
|
+
if (where.groupId !== void 0 && where.slug !== void 0) q = q.filter((f) => f.eq(f.field("slug"), where.slug));
|
|
176
|
+
if (where.status !== void 0 && where.groupId === void 0) {} else if (where.status !== void 0) q = q.filter((f) => f.eq(f.field("status"), where.status));
|
|
177
|
+
q = q.order(order);
|
|
178
|
+
const all = await q.collect();
|
|
179
|
+
let startIdx = 0;
|
|
180
|
+
if (args.cursor) {
|
|
181
|
+
const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);
|
|
182
|
+
if (cursorIdx !== -1) startIdx = cursorIdx + 1;
|
|
183
|
+
}
|
|
184
|
+
const page = all.slice(startIdx, startIdx + limit + 1);
|
|
185
|
+
const hasMore = page.length > limit;
|
|
186
|
+
const items = hasMore ? page.slice(0, limit) : page;
|
|
187
|
+
return {
|
|
188
|
+
items,
|
|
189
|
+
nextCursor: hasMore ? items[items.length - 1]._id : null
|
|
190
|
+
};
|
|
191
|
+
}
|
|
192
|
+
});
|
|
193
|
+
/**
|
|
194
|
+
* Partially update (patch) an existing group connection record.
|
|
195
|
+
*
|
|
196
|
+
* Merges the provided `data` fields into the existing group connection document.
|
|
197
|
+
* Only the fields present in `data` are changed; all other fields are preserved.
|
|
198
|
+
*
|
|
199
|
+
* @param args.connectionId - The document ID of the group connection to update.
|
|
200
|
+
* @param args.data - An object containing the fields to update (e.g. `{ name, status, policy }`).
|
|
201
|
+
* @returns `null` on success.
|
|
202
|
+
*
|
|
203
|
+
* @example
|
|
204
|
+
* ```ts
|
|
205
|
+
* await ctx.runMutation(
|
|
206
|
+
* components.auth.group.sso.groupConnectionUpdate,
|
|
207
|
+
* {
|
|
208
|
+
* connectionId,
|
|
209
|
+
* data: { status: "active", name: "Acme Corp (Renamed)" },
|
|
210
|
+
* },
|
|
211
|
+
* );
|
|
212
|
+
* ```
|
|
213
|
+
*/
|
|
214
|
+
const groupConnectionUpdate = mutation({
|
|
215
|
+
args: {
|
|
216
|
+
connectionId: v.id("GroupConnection"),
|
|
217
|
+
data: v.any()
|
|
218
|
+
},
|
|
219
|
+
returns: v.null(),
|
|
220
|
+
handler: async (ctx, { connectionId, data }) => {
|
|
221
|
+
await ctx.db.patch(connectionId, data);
|
|
222
|
+
return null;
|
|
223
|
+
}
|
|
224
|
+
});
|
|
225
|
+
/**
|
|
226
|
+
* Delete an group connection record and all of its associated child data.
|
|
227
|
+
*
|
|
228
|
+
* This cascading delete removes the group connection document along with all linked
|
|
229
|
+
* domain records, domain verification records, and group connection secrets. Callers
|
|
230
|
+
* should ensure that higher-level cleanup (e.g. SCIM identities, webhook
|
|
231
|
+
* endpoints) is handled separately if needed.
|
|
232
|
+
*
|
|
233
|
+
* @param args.connectionId - The document ID of the group connection to delete.
|
|
234
|
+
* @returns `null` on success.
|
|
235
|
+
*
|
|
236
|
+
* @example
|
|
237
|
+
* ```ts
|
|
238
|
+
* await ctx.runMutation(
|
|
239
|
+
* components.auth.group.sso.groupConnectionDelete,
|
|
240
|
+
* { connectionId },
|
|
241
|
+
* );
|
|
242
|
+
* ```
|
|
243
|
+
*/
|
|
244
|
+
const groupConnectionDelete = mutation({
|
|
245
|
+
args: { connectionId: v.id("GroupConnection") },
|
|
246
|
+
returns: v.null(),
|
|
247
|
+
handler: async (ctx, { connectionId }) => {
|
|
248
|
+
const domains = await ctx.db.query("GroupConnectionDomain").withIndex("connection_id", (idx) => idx.eq("connectionId", connectionId)).collect();
|
|
249
|
+
for (const domain of domains) {
|
|
250
|
+
const verification = await ctx.db.query("GroupConnectionDomainVerification").withIndex("domain_id", (idx) => idx.eq("domainId", domain._id)).first();
|
|
251
|
+
if (verification) await ctx.db.delete(verification._id);
|
|
252
|
+
await ctx.db.delete(domain._id);
|
|
253
|
+
}
|
|
254
|
+
const secrets = await ctx.db.query("GroupConnectionSecret").withIndex("connection_id", (idx) => idx.eq("connectionId", connectionId)).collect();
|
|
255
|
+
for (const secret of secrets) await ctx.db.delete(secret._id);
|
|
256
|
+
await ctx.db.delete(connectionId);
|
|
257
|
+
return null;
|
|
258
|
+
}
|
|
259
|
+
});
|
|
260
|
+
|
|
261
|
+
//#endregion
|
|
262
|
+
export { groupConnectionCreate, groupConnectionDelete, groupConnectionGet, groupConnectionGetByDomain, groupConnectionList, groupConnectionUpdate };
|
|
263
|
+
//# sourceMappingURL=core.js.map
|