@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,243 +0,0 @@
1
- import { v } from "convex/values";
2
-
3
- import { mutation, query } from "../../functions";
4
- import { vPasskeyDoc } from "../../model";
5
-
6
- /**
7
- * Store a new WebAuthn passkey credential for a user.
8
- *
9
- * Persists the public key material and metadata returned by the browser's
10
- * `navigator.credentials.create()` call after a successful registration
11
- * ceremony. Each passkey is tied to a single user.
12
- *
13
- * @param userId - The `_id` of the `User` who owns this passkey.
14
- * @param credentialId - Base64url-encoded credential identifier assigned
15
- * by the authenticator; used to look up the key during authentication.
16
- * @param publicKey - Raw public key bytes (COSE format) for signature
17
- * verification.
18
- * @param algorithm - COSE algorithm identifier (e.g. `-7` for ES256,
19
- * `-257` for RS256).
20
- * @param counter - Signature counter reported by the authenticator at
21
- * registration time; used to detect cloned credentials.
22
- * @param transports - Optional list of transport hints (e.g.
23
- * `["usb", "ble", "nfc", "internal"]`) to help the browser select
24
- * the correct authenticator.
25
- * @param deviceType - Authenticator attachment type (e.g.
26
- * `"singleDevice"` or `"multiDevice"`).
27
- * @param backedUp - Whether the credential is backed up (synced) by the
28
- * authenticator platform.
29
- * @param name - Optional human-readable label for the passkey
30
- * (e.g. `"MacBook Pro Touch ID"`).
31
- * @param createdAt - Unix timestamp (in milliseconds) when the passkey
32
- * was registered.
33
- * @returns The `_id` of the newly created `Passkey` document.
34
- *
35
- * @example
36
- * ```ts
37
- * const passkeyId = await ctx.runMutation(
38
- * components.auth.factors.passkeys.passkeyInsert,
39
- * {
40
- * userId: user._id,
41
- * credentialId: "dGVzdC1jcmVkZW50aWFs",
42
- * publicKey: publicKeyBytes,
43
- * algorithm: -7,
44
- * counter: 0,
45
- * transports: ["internal"],
46
- * deviceType: "multiDevice",
47
- * backedUp: true,
48
- * name: "MacBook Pro Touch ID",
49
- * createdAt: Date.now(),
50
- * },
51
- * );
52
- * ```
53
- */
54
- export const passkeyInsert = mutation({
55
- args: {
56
- userId: v.id("User"),
57
- credentialId: v.string(),
58
- publicKey: v.bytes(),
59
- algorithm: v.number(),
60
- counter: v.number(),
61
- transports: v.optional(v.array(v.string())),
62
- deviceType: v.string(),
63
- backedUp: v.boolean(),
64
- name: v.optional(v.string()),
65
- createdAt: v.number(),
66
- },
67
- returns: v.id("Passkey"),
68
- handler: async (ctx, args) => {
69
- return await ctx.db.insert("Passkey", args);
70
- },
71
- });
72
-
73
- /**
74
- * Look up a passkey by its credential ID.
75
- *
76
- * Queries the `Passkey` table using the `credential_id` unique index.
77
- * This is the primary lookup during a WebAuthn authentication ceremony:
78
- * the authenticator provides a credential ID, and this function retrieves
79
- * the corresponding public key and counter for signature verification.
80
- *
81
- * @param credentialId - Base64url-encoded credential identifier to search for.
82
- * @returns The matching `Passkey` document, or `null` if no passkey exists
83
- * with the given credential ID.
84
- *
85
- * @example
86
- * ```ts
87
- * const passkey = await ctx.runQuery(
88
- * components.auth.factors.passkeys.passkeyGetByCredentialId,
89
- * { credentialId: "dGVzdC1jcmVkZW50aWFs" },
90
- * );
91
- * if (passkey === null) {
92
- * throw new Error("Unknown credential");
93
- * }
94
- * ```
95
- */
96
- export const passkeyGetByCredentialId = query({
97
- args: { credentialId: v.string() },
98
- returns: v.union(vPasskeyDoc, v.null()),
99
- handler: async (ctx, { credentialId }) => {
100
- return await ctx.db
101
- .query("Passkey")
102
- .withIndex("credential_id", (q) => q.eq("credentialId", credentialId))
103
- .unique();
104
- },
105
- });
106
-
107
- /**
108
- * List all passkeys registered to a user.
109
- *
110
- * Retrieves every `Passkey` document associated with the given user via
111
- * the `user_id` index. Useful for displaying a user's registered
112
- * authenticators in a settings page, or for building the
113
- * `allowCredentials` list during a WebAuthn authentication ceremony.
114
- *
115
- * @param userId - The `_id` of the `User` whose passkeys to retrieve.
116
- * @returns An array of `Passkey` documents. Returns an empty array if the
117
- * user has no registered passkeys.
118
- *
119
- * @example
120
- * ```ts
121
- * const passkeys = await ctx.runQuery(
122
- * components.auth.factors.passkeys.passkeyListByUserId,
123
- * { userId: user._id },
124
- * );
125
- * // Display each passkey's name and creation date
126
- * for (const pk of passkeys) {
127
- * console.log(pk.name, new Date(pk.createdAt));
128
- * }
129
- * ```
130
- */
131
- export const passkeyListByUserId = query({
132
- args: { userId: v.id("User") },
133
- returns: v.array(vPasskeyDoc),
134
- handler: async (ctx, { userId }) => {
135
- return await ctx.db
136
- .query("Passkey")
137
- .withIndex("user_id", (q) => q.eq("userId", userId))
138
- .collect();
139
- },
140
- });
141
-
142
- /**
143
- * Update a passkey's signature counter and last-used timestamp after
144
- * a successful authentication.
145
- *
146
- * After verifying a WebAuthn assertion, the relying party must persist
147
- * the new counter value reported by the authenticator. A counter that
148
- * does not increase may indicate a cloned credential.
149
- *
150
- * @param passkeyId - The `_id` of the `Passkey` document to update.
151
- * @param counter - The new signature counter value returned by the
152
- * authenticator in the assertion response.
153
- * @param lastUsedAt - Unix timestamp (in milliseconds) recording when
154
- * this passkey was most recently used to authenticate.
155
- * @returns `null` on success.
156
- *
157
- * @example
158
- * ```ts
159
- * await ctx.runMutation(
160
- * components.auth.factors.passkeys.passkeyUpdateCounter,
161
- * {
162
- * passkeyId: passkey._id,
163
- * counter: assertionResponse.counter,
164
- * lastUsedAt: Date.now(),
165
- * },
166
- * );
167
- * ```
168
- */
169
- export const passkeyUpdateCounter = mutation({
170
- args: {
171
- passkeyId: v.id("Passkey"),
172
- counter: v.number(),
173
- lastUsedAt: v.number(),
174
- },
175
- returns: v.null(),
176
- handler: async (ctx, { passkeyId, counter, lastUsedAt }) => {
177
- await ctx.db.patch("Passkey", passkeyId, { counter, lastUsedAt });
178
- return null;
179
- },
180
- });
181
-
182
- /**
183
- * Update a passkey's metadata fields.
184
- *
185
- * Performs a partial patch on the `Passkey` document. Typically used to
186
- * rename a passkey (e.g. from `"Security Key"` to `"YubiKey 5C"`), but
187
- * can update any mutable fields via the `data` argument.
188
- *
189
- * @param passkeyId - The `_id` of the `Passkey` document to update.
190
- * @param data - An object containing the fields to patch. Commonly
191
- * includes `{ name: "New Label" }`, but accepts any valid passkey fields.
192
- * @returns `null` on success.
193
- *
194
- * @example
195
- * ```ts
196
- * await ctx.runMutation(
197
- * components.auth.factors.passkeys.passkeyUpdateMeta,
198
- * {
199
- * passkeyId: passkey._id,
200
- * data: { name: "YubiKey 5C NFC" },
201
- * },
202
- * );
203
- * ```
204
- */
205
- export const passkeyUpdateMeta = mutation({
206
- args: { passkeyId: v.id("Passkey"), data: v.any() },
207
- returns: v.null(),
208
- handler: async (ctx, { passkeyId, data }) => {
209
- await ctx.db.patch("Passkey", passkeyId, data);
210
- return null;
211
- },
212
- });
213
-
214
- /**
215
- * Delete a passkey credential from the `Passkey` table.
216
- *
217
- * Permanently removes the passkey record. After deletion the credential
218
- * can no longer be used for authentication. Typically called from a
219
- * user's security settings when they want to unregister an authenticator.
220
- *
221
- * @param passkeyId - The `_id` of the `Passkey` document to delete.
222
- * @returns `null` on success.
223
- *
224
- * @example
225
- * ```ts
226
- * await ctx.runMutation(
227
- * components.auth.factors.passkeys.passkeyDelete,
228
- * { passkeyId: passkey._id },
229
- * );
230
- * ```
231
- */
232
- export const passkeyDelete = mutation({
233
- args: { passkeyId: v.id("Passkey") },
234
- returns: v.null(),
235
- handler: async (ctx, { passkeyId }) => {
236
- await ctx.db.delete("Passkey", passkeyId);
237
- return null;
238
- },
239
- });
240
-
241
- // ============================================================================
242
- // TOTP Two-Factor Authentication
243
- // ============================================================================
@@ -1,259 +0,0 @@
1
- import { v } from "convex/values";
2
-
3
- import { mutation, query } from "../../functions";
4
- import { vTotpFactorDoc } from "../../model";
5
-
6
- /**
7
- * Store a new TOTP (Time-based One-Time Password) enrollment for a user.
8
- *
9
- * Creates a `TotpFactor` record containing the shared secret and OTP
10
- * parameters. The enrollment starts in an unverified state until the
11
- * user confirms it by submitting a valid code generated from the secret.
12
- *
13
- * @param userId - The `_id` of the `User` enrolling in TOTP-based 2FA.
14
- * @param secret - The shared secret key as raw bytes, typically 20 bytes
15
- * of cryptographically random data.
16
- * @param digits - Number of digits in the generated OTP code (usually `6`).
17
- * @param period - Time step in seconds for code generation (usually `30`).
18
- * @param verified - Whether the enrollment has been verified. Set to
19
- * `false` during initial setup; set to `true` after the user submits
20
- * a valid code.
21
- * @param name - Optional human-readable label for the TOTP factor
22
- * (e.g. `"Google Authenticator"`).
23
- * @param createdAt - Unix timestamp (in milliseconds) when the enrollment
24
- * was created.
25
- * @returns The `_id` of the newly created `TotpFactor` document.
26
- *
27
- * @example
28
- * ```ts
29
- * const totpId = await ctx.runMutation(
30
- * components.auth.factors.totp.totpInsert,
31
- * {
32
- * userId: user._id,
33
- * secret: crypto.getRandomValues(new Uint8Array(20)),
34
- * digits: 6,
35
- * period: 30,
36
- * verified: false,
37
- * name: "Authenticator App",
38
- * createdAt: Date.now(),
39
- * },
40
- * );
41
- * ```
42
- */
43
- export const totpInsert = mutation({
44
- args: {
45
- userId: v.id("User"),
46
- secret: v.bytes(),
47
- digits: v.number(),
48
- period: v.number(),
49
- verified: v.boolean(),
50
- name: v.optional(v.string()),
51
- createdAt: v.number(),
52
- },
53
- returns: v.id("TotpFactor"),
54
- handler: async (ctx, args) => {
55
- return await ctx.db.insert("TotpFactor", args);
56
- },
57
- });
58
-
59
- /**
60
- * Get a verified TOTP enrollment for a user.
61
- *
62
- * Queries the `TotpFactor` table using the `user_id_verified` compound
63
- * index to find the first enrollment that has been successfully verified.
64
- * This is the primary lookup during a TOTP authentication challenge --
65
- * only verified enrollments should be used to validate codes.
66
- *
67
- * @param userId - The `_id` of the `User` whose verified TOTP enrollment
68
- * to retrieve.
69
- * @returns The first verified `TotpFactor` document for the user, or
70
- * `null` if the user has no verified TOTP enrollment.
71
- *
72
- * @example
73
- * ```ts
74
- * const totp = await ctx.runQuery(
75
- * components.auth.factors.totp.totpGetVerifiedByUserId,
76
- * { userId: user._id },
77
- * );
78
- * if (totp === null) {
79
- * // User does not have TOTP 2FA enabled
80
- * }
81
- * ```
82
- */
83
- export const totpGetVerifiedByUserId = query({
84
- args: { userId: v.id("User") },
85
- returns: v.union(vTotpFactorDoc, v.null()),
86
- handler: async (ctx, { userId }) => {
87
- return await ctx.db
88
- .query("TotpFactor")
89
- .withIndex("user_id_verified", (q) =>
90
- q.eq("userId", userId).eq("verified", true),
91
- )
92
- .first();
93
- },
94
- });
95
-
96
- /**
97
- * List all TOTP enrollments for a user, both verified and unverified.
98
- *
99
- * Retrieves every `TotpFactor` document associated with the given user
100
- * via the `user_id` index. Useful for displaying enrolled authenticator
101
- * apps in a security settings page, including pending (unverified)
102
- * enrollments that the user has not yet confirmed.
103
- *
104
- * @param userId - The `_id` of the `User` whose TOTP enrollments to
105
- * retrieve.
106
- * @returns An array of `TotpFactor` documents. Returns an empty array if
107
- * the user has no TOTP enrollments.
108
- *
109
- * @example
110
- * ```ts
111
- * const factors = await ctx.runQuery(
112
- * components.auth.factors.totp.totpListByUserId,
113
- * { userId: user._id },
114
- * );
115
- * const verified = factors.filter((f) => f.verified);
116
- * const pending = factors.filter((f) => !f.verified);
117
- * ```
118
- */
119
- export const totpListByUserId = query({
120
- args: { userId: v.id("User") },
121
- returns: v.array(vTotpFactorDoc),
122
- handler: async (ctx, { userId }) => {
123
- return await ctx.db
124
- .query("TotpFactor")
125
- .withIndex("user_id", (q) => q.eq("userId", userId))
126
- .collect();
127
- },
128
- });
129
-
130
- /**
131
- * Get a single TOTP enrollment by its document ID.
132
- *
133
- * Performs a direct document lookup on the `TotpFactor` table. This is
134
- * used when you already have the enrollment's `_id` (e.g. from a
135
- * previous list query) and need to fetch its full details, including
136
- * the secret and verification status.
137
- *
138
- * @param totpId - The `_id` of the `TotpFactor` document to retrieve.
139
- * @returns The `TotpFactor` document, or `null` if no enrollment exists
140
- * with the given ID.
141
- *
142
- * @example
143
- * ```ts
144
- * const totp = await ctx.runQuery(
145
- * components.auth.factors.totp.totpGetById,
146
- * { totpId: enrollmentId },
147
- * );
148
- * if (totp !== null && !totp.verified) {
149
- * // Enrollment is still pending confirmation
150
- * }
151
- * ```
152
- */
153
- export const totpGetById = query({
154
- args: { totpId: v.id("TotpFactor") },
155
- returns: v.union(vTotpFactorDoc, v.null()),
156
- handler: async (ctx, { totpId }) => {
157
- return await ctx.db.get("TotpFactor", totpId);
158
- },
159
- });
160
-
161
- /**
162
- * Mark a TOTP enrollment as verified, completing the setup process.
163
- *
164
- * Called after the user successfully submits a valid TOTP code during
165
- * enrollment. This transitions the factor from a pending state to an
166
- * active, verified state, enabling it for future authentication
167
- * challenges.
168
- *
169
- * @param totpId - The `_id` of the `TotpFactor` document to mark as
170
- * verified.
171
- * @param lastUsedAt - Unix timestamp (in milliseconds) recording when
172
- * the verification code was successfully validated.
173
- * @returns `null` on success.
174
- *
175
- * @example
176
- * ```ts
177
- * // After validating the user's TOTP code during setup
178
- * await ctx.runMutation(
179
- * components.auth.factors.totp.totpMarkVerified,
180
- * {
181
- * totpId: enrollment._id,
182
- * lastUsedAt: Date.now(),
183
- * },
184
- * );
185
- * ```
186
- */
187
- export const totpMarkVerified = mutation({
188
- args: { totpId: v.id("TotpFactor"), lastUsedAt: v.number() },
189
- returns: v.null(),
190
- handler: async (ctx, { totpId, lastUsedAt }) => {
191
- await ctx.db.patch("TotpFactor", totpId, { verified: true, lastUsedAt });
192
- return null;
193
- },
194
- });
195
-
196
- /**
197
- * Update a TOTP enrollment's last-used timestamp.
198
- *
199
- * Called after each successful TOTP code validation during sign-in.
200
- * Tracking the last-used time helps detect stale enrollments and can
201
- * be surfaced in security settings for user awareness.
202
- *
203
- * @param totpId - The `_id` of the `TotpFactor` document to update.
204
- * @param lastUsedAt - Unix timestamp (in milliseconds) recording when
205
- * the TOTP code was most recently validated.
206
- * @returns `null` on success.
207
- *
208
- * @example
209
- * ```ts
210
- * await ctx.runMutation(
211
- * components.auth.factors.totp.totpUpdateLastUsed,
212
- * {
213
- * totpId: totp._id,
214
- * lastUsedAt: Date.now(),
215
- * },
216
- * );
217
- * ```
218
- */
219
- export const totpUpdateLastUsed = mutation({
220
- args: { totpId: v.id("TotpFactor"), lastUsedAt: v.number() },
221
- returns: v.null(),
222
- handler: async (ctx, { totpId, lastUsedAt }) => {
223
- await ctx.db.patch("TotpFactor", totpId, { lastUsedAt });
224
- return null;
225
- },
226
- });
227
-
228
- /**
229
- * Delete a TOTP enrollment from the `TotpFactor` table.
230
- *
231
- * Permanently removes the TOTP factor record, including its shared
232
- * secret. After deletion the user can no longer use this factor for
233
- * two-factor authentication. Typically called when a user disables
234
- * TOTP 2FA or wants to re-enroll with a new secret.
235
- *
236
- * @param totpId - The `_id` of the `TotpFactor` document to delete.
237
- * @returns `null` on success.
238
- *
239
- * @example
240
- * ```ts
241
- * // User disables TOTP 2FA
242
- * await ctx.runMutation(
243
- * components.auth.factors.totp.totpDelete,
244
- * { totpId: totp._id },
245
- * );
246
- * ```
247
- */
248
- export const totpDelete = mutation({
249
- args: { totpId: v.id("TotpFactor") },
250
- returns: v.null(),
251
- handler: async (ctx, { totpId }) => {
252
- await ctx.db.delete("TotpFactor", totpId);
253
- return null;
254
- },
255
- });
256
-
257
- // ============================================================================
258
- // Rate Limits
259
- // ============================================================================