@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -1,441 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Configure {@link Password} provider for email/password authentication.
|
|
3
|
-
*
|
|
4
|
-
* The `Password` provider supports the following flows, determined
|
|
5
|
-
* by the `flow` parameter:
|
|
6
|
-
*
|
|
7
|
-
* - `"signUp"`: Create a new account with a password.
|
|
8
|
-
* - `"signIn"`: Sign in with an existing account and password.
|
|
9
|
-
* - `"reset"`: Request a password reset.
|
|
10
|
-
* - `"reset-verification"`: Verify a password reset code and change password.
|
|
11
|
-
* - `"email-verification"`: If email verification is enabled and `code` is
|
|
12
|
-
* included in params, verify an OTP.
|
|
13
|
-
*
|
|
14
|
-
* ```ts
|
|
15
|
-
* import { Password } from "@robelest/convex-auth/providers";
|
|
16
|
-
*
|
|
17
|
-
* new Password()
|
|
18
|
-
* ```
|
|
19
|
-
*
|
|
20
|
-
* @module
|
|
21
|
-
*/
|
|
22
|
-
|
|
23
|
-
import { scryptAsync } from "@noble/hashes/scrypt.js";
|
|
24
|
-
import { bytesToHex } from "@noble/hashes/utils.js";
|
|
25
|
-
import { Fx } from "@robelest/fx";
|
|
26
|
-
import {
|
|
27
|
-
DocumentByName,
|
|
28
|
-
GenericDataModel,
|
|
29
|
-
WithoutSystemFields,
|
|
30
|
-
} from "convex/server";
|
|
31
|
-
import { Value } from "convex/values";
|
|
32
|
-
|
|
33
|
-
import type {
|
|
34
|
-
EmailConfig,
|
|
35
|
-
GenericActionCtxWithAuthConfig,
|
|
36
|
-
GenericDoc,
|
|
37
|
-
AuthProviderConfig,
|
|
38
|
-
ConvexCredentialsConfig,
|
|
39
|
-
} from "../server/types";
|
|
40
|
-
import { Credentials, type CredentialsConfig } from "./credentials";
|
|
41
|
-
|
|
42
|
-
/**
|
|
43
|
-
* The available options to a {@link Password} provider for Convex Auth.
|
|
44
|
-
*/
|
|
45
|
-
export interface PasswordConfig<DataModel extends GenericDataModel> {
|
|
46
|
-
/**
|
|
47
|
-
* Uniquely identifies the provider, allowing to use
|
|
48
|
-
* multiple different {@link Password} providers.
|
|
49
|
-
*/
|
|
50
|
-
id?: string;
|
|
51
|
-
/**
|
|
52
|
-
* Perform checks on provided params and customize the user
|
|
53
|
-
* information stored after sign up, including email normalization.
|
|
54
|
-
*
|
|
55
|
-
* Called for every flow ("signUp", "signIn", "reset",
|
|
56
|
-
* "reset-verification" and "email-verification").
|
|
57
|
-
*/
|
|
58
|
-
profile?: (
|
|
59
|
-
/**
|
|
60
|
-
* The values passed to the `signIn` function.
|
|
61
|
-
*/
|
|
62
|
-
params: Record<string, Value | undefined>,
|
|
63
|
-
/**
|
|
64
|
-
* Convex ActionCtx in case you want to read from or write to
|
|
65
|
-
* the database.
|
|
66
|
-
*/
|
|
67
|
-
ctx: GenericActionCtxWithAuthConfig<DataModel>,
|
|
68
|
-
) => WithoutSystemFields<DocumentByName<DataModel, "User">> & {
|
|
69
|
-
email: string;
|
|
70
|
-
};
|
|
71
|
-
/**
|
|
72
|
-
* Performs custom validation on password provided during sign up or reset.
|
|
73
|
-
*
|
|
74
|
-
* Otherwise the default validation is used (password is not empty and
|
|
75
|
-
* at least 8 characters in length).
|
|
76
|
-
*
|
|
77
|
-
* If the provided password is invalid, implementations must throw an Error.
|
|
78
|
-
*
|
|
79
|
-
* @param password the password supplied during "signUp" or
|
|
80
|
-
* "reset-verification" flows.
|
|
81
|
-
*/
|
|
82
|
-
validatePasswordRequirements?: (password: string) => void;
|
|
83
|
-
/**
|
|
84
|
-
* Provide hashing and verification functions if you want to control
|
|
85
|
-
* how passwords are hashed.
|
|
86
|
-
*/
|
|
87
|
-
crypto?: CredentialsConfig["crypto"];
|
|
88
|
-
/**
|
|
89
|
-
* An email provider used to require verification
|
|
90
|
-
* before password reset.
|
|
91
|
-
*/
|
|
92
|
-
reset?: EmailConfig | ((...args: any) => EmailConfig);
|
|
93
|
-
/**
|
|
94
|
-
* An email provider used to require verification
|
|
95
|
-
* before sign up / sign in.
|
|
96
|
-
*/
|
|
97
|
-
verify?: EmailConfig | ((...args: any) => EmailConfig);
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
type PasswordFlowDispatch =
|
|
101
|
-
| { tag: "signUp" }
|
|
102
|
-
| { tag: "signIn" }
|
|
103
|
-
| { tag: "reset" }
|
|
104
|
-
| { tag: "resetVerification" }
|
|
105
|
-
| { tag: "emailVerification" }
|
|
106
|
-
| { tag: "invalid"; flow: unknown };
|
|
107
|
-
|
|
108
|
-
const PASSWORD_FLOW_TAG = {
|
|
109
|
-
signUp: "signUp",
|
|
110
|
-
signIn: "signIn",
|
|
111
|
-
reset: "reset",
|
|
112
|
-
"reset-verification": "resetVerification",
|
|
113
|
-
"email-verification": "emailVerification",
|
|
114
|
-
} as const;
|
|
115
|
-
|
|
116
|
-
type PasswordFlowInput = keyof typeof PASSWORD_FLOW_TAG;
|
|
117
|
-
|
|
118
|
-
function decodePasswordFlow(flow: unknown): PasswordFlowDispatch {
|
|
119
|
-
if (typeof flow !== "string") {
|
|
120
|
-
return { tag: "invalid", flow };
|
|
121
|
-
}
|
|
122
|
-
|
|
123
|
-
const tag = PASSWORD_FLOW_TAG[flow as PasswordFlowInput];
|
|
124
|
-
return tag === undefined ? { tag: "invalid", flow } : { tag };
|
|
125
|
-
}
|
|
126
|
-
|
|
127
|
-
/**
|
|
128
|
-
* Email and password authentication provider.
|
|
129
|
-
*
|
|
130
|
-
* Passwords are by default hashed using scrypt.
|
|
131
|
-
* You can customize the hashing via the `crypto` option.
|
|
132
|
-
*
|
|
133
|
-
* Email verification is not required unless you pass
|
|
134
|
-
* an email provider to the `verify` option.
|
|
135
|
-
*
|
|
136
|
-
* @example
|
|
137
|
-
* ```ts
|
|
138
|
-
* import { Password } from "@robelest/convex-auth/providers";
|
|
139
|
-
*
|
|
140
|
-
* new Password()
|
|
141
|
-
* new Password({ verify: myEmailProvider })
|
|
142
|
-
* ```
|
|
143
|
-
*/
|
|
144
|
-
export class Password<DataModel extends GenericDataModel = GenericDataModel> {
|
|
145
|
-
readonly id: string;
|
|
146
|
-
readonly type = "credentials" as const;
|
|
147
|
-
readonly config: PasswordConfig<DataModel>;
|
|
148
|
-
|
|
149
|
-
constructor(
|
|
150
|
-
config: PasswordConfig<DataModel> = {} as PasswordConfig<DataModel>,
|
|
151
|
-
) {
|
|
152
|
-
this.id = config.id ?? "password";
|
|
153
|
-
this.config = config;
|
|
154
|
-
}
|
|
155
|
-
|
|
156
|
-
/** @internal Convert to the internal materialized config shape. */
|
|
157
|
-
_toMaterialized(): ConvexCredentialsConfig {
|
|
158
|
-
const config = this.config;
|
|
159
|
-
const provider = this.id;
|
|
160
|
-
|
|
161
|
-
return new Credentials<DataModel>({
|
|
162
|
-
id: "password",
|
|
163
|
-
authorize: async (params, ctx) => {
|
|
164
|
-
const flowDispatch = decodePasswordFlow(params.flow);
|
|
165
|
-
|
|
166
|
-
const validatePasswordRequirements = (password: string) => {
|
|
167
|
-
if (config.validatePasswordRequirements !== undefined) {
|
|
168
|
-
config.validatePasswordRequirements(password);
|
|
169
|
-
return;
|
|
170
|
-
}
|
|
171
|
-
validateDefaultPasswordRequirements(password);
|
|
172
|
-
};
|
|
173
|
-
|
|
174
|
-
await Fx.run(
|
|
175
|
-
Fx.match(flowDispatch, flowDispatch.tag, {
|
|
176
|
-
signUp: () =>
|
|
177
|
-
Fx.sync(() => {
|
|
178
|
-
validatePasswordRequirements(params.password as string);
|
|
179
|
-
}),
|
|
180
|
-
resetVerification: () =>
|
|
181
|
-
Fx.sync(() => {
|
|
182
|
-
validatePasswordRequirements(params.newPassword as string);
|
|
183
|
-
}),
|
|
184
|
-
signIn: () => Fx.succeed(undefined),
|
|
185
|
-
reset: () => Fx.succeed(undefined),
|
|
186
|
-
emailVerification: () => Fx.succeed(undefined),
|
|
187
|
-
invalid: () => Fx.succeed(undefined),
|
|
188
|
-
}),
|
|
189
|
-
);
|
|
190
|
-
|
|
191
|
-
const profile = config.profile?.(params, ctx) ?? defaultProfile(params);
|
|
192
|
-
const { email } = profile;
|
|
193
|
-
const requirePasswordParam = (
|
|
194
|
-
value: unknown,
|
|
195
|
-
flow: "signUp" | "signIn",
|
|
196
|
-
) => {
|
|
197
|
-
if (typeof value !== "string" || value.length === 0) {
|
|
198
|
-
throw new Error(`Missing \`password\` param for \`${flow}\` flow`);
|
|
199
|
-
}
|
|
200
|
-
return value;
|
|
201
|
-
};
|
|
202
|
-
|
|
203
|
-
const finalizeCredentialsResult = async (
|
|
204
|
-
account: GenericDoc<DataModel, "Account">,
|
|
205
|
-
user: GenericDoc<DataModel, "User">,
|
|
206
|
-
) => {
|
|
207
|
-
if (config.verify && !account.emailVerified) {
|
|
208
|
-
return await ctx.auth.provider.signIn(
|
|
209
|
-
ctx,
|
|
210
|
-
config.verify as AuthProviderConfig,
|
|
211
|
-
{
|
|
212
|
-
accountId: account._id,
|
|
213
|
-
params,
|
|
214
|
-
},
|
|
215
|
-
);
|
|
216
|
-
}
|
|
217
|
-
return { userId: user._id };
|
|
218
|
-
};
|
|
219
|
-
|
|
220
|
-
return await Fx.run(
|
|
221
|
-
Fx.match(flowDispatch, flowDispatch.tag, {
|
|
222
|
-
signUp: () =>
|
|
223
|
-
Fx.promise(async () => {
|
|
224
|
-
const secret = requirePasswordParam(params.password, "signUp");
|
|
225
|
-
const created = await ctx.auth.account.create(ctx, {
|
|
226
|
-
provider,
|
|
227
|
-
account: { id: email, secret },
|
|
228
|
-
profile: profile as any,
|
|
229
|
-
shouldLinkViaEmail: config.verify !== undefined,
|
|
230
|
-
shouldLinkViaPhone: false,
|
|
231
|
-
});
|
|
232
|
-
return await finalizeCredentialsResult(
|
|
233
|
-
created.account,
|
|
234
|
-
created.user,
|
|
235
|
-
);
|
|
236
|
-
}),
|
|
237
|
-
signIn: () =>
|
|
238
|
-
Fx.promise(async () => {
|
|
239
|
-
const secret = requirePasswordParam(params.password, "signIn");
|
|
240
|
-
const retrieved = await ctx.auth.account.get(ctx, {
|
|
241
|
-
provider,
|
|
242
|
-
account: { id: email, secret },
|
|
243
|
-
});
|
|
244
|
-
if (retrieved === null) {
|
|
245
|
-
throw new Error("Invalid credentials");
|
|
246
|
-
}
|
|
247
|
-
return await finalizeCredentialsResult(
|
|
248
|
-
retrieved.account,
|
|
249
|
-
retrieved.user,
|
|
250
|
-
);
|
|
251
|
-
}),
|
|
252
|
-
reset: () =>
|
|
253
|
-
Fx.promise(async () => {
|
|
254
|
-
if (!config.reset) {
|
|
255
|
-
throw new Error(
|
|
256
|
-
`Password reset is not enabled for ${provider}`,
|
|
257
|
-
);
|
|
258
|
-
}
|
|
259
|
-
const { account } = await ctx.auth.account.get(ctx, {
|
|
260
|
-
provider,
|
|
261
|
-
account: { id: email },
|
|
262
|
-
});
|
|
263
|
-
return await ctx.auth.provider.signIn(
|
|
264
|
-
ctx,
|
|
265
|
-
config.reset as AuthProviderConfig,
|
|
266
|
-
{
|
|
267
|
-
accountId: account._id,
|
|
268
|
-
params,
|
|
269
|
-
},
|
|
270
|
-
);
|
|
271
|
-
}),
|
|
272
|
-
resetVerification: () =>
|
|
273
|
-
Fx.promise(async () => {
|
|
274
|
-
if (!config.reset) {
|
|
275
|
-
throw new Error(
|
|
276
|
-
`Password reset is not enabled for ${provider}`,
|
|
277
|
-
);
|
|
278
|
-
}
|
|
279
|
-
if (params.newPassword === undefined) {
|
|
280
|
-
throw new Error(
|
|
281
|
-
"Missing `newPassword` param for `reset-verification` flow",
|
|
282
|
-
);
|
|
283
|
-
}
|
|
284
|
-
const result = await ctx.auth.provider.signIn(
|
|
285
|
-
ctx,
|
|
286
|
-
config.reset as AuthProviderConfig,
|
|
287
|
-
{ params },
|
|
288
|
-
);
|
|
289
|
-
if (result === null) {
|
|
290
|
-
throw new Error("Invalid code");
|
|
291
|
-
}
|
|
292
|
-
const { userId, sessionId } = result;
|
|
293
|
-
const secret = params.newPassword as string;
|
|
294
|
-
await ctx.auth.account.update(ctx, {
|
|
295
|
-
provider,
|
|
296
|
-
account: { id: email, secret },
|
|
297
|
-
});
|
|
298
|
-
await ctx.auth.session.invalidate(ctx, {
|
|
299
|
-
userId,
|
|
300
|
-
except: [sessionId],
|
|
301
|
-
});
|
|
302
|
-
return { userId, sessionId };
|
|
303
|
-
}),
|
|
304
|
-
emailVerification: () =>
|
|
305
|
-
Fx.promise(async () => {
|
|
306
|
-
if (!config.verify) {
|
|
307
|
-
throw new Error(
|
|
308
|
-
`Email verification is not enabled for ${provider}`,
|
|
309
|
-
);
|
|
310
|
-
}
|
|
311
|
-
const { account } = await ctx.auth.account.get(ctx, {
|
|
312
|
-
provider,
|
|
313
|
-
account: { id: email },
|
|
314
|
-
});
|
|
315
|
-
return await ctx.auth.provider.signIn(
|
|
316
|
-
ctx,
|
|
317
|
-
config.verify as AuthProviderConfig,
|
|
318
|
-
{
|
|
319
|
-
accountId: account._id,
|
|
320
|
-
params,
|
|
321
|
-
},
|
|
322
|
-
);
|
|
323
|
-
}),
|
|
324
|
-
invalid: () =>
|
|
325
|
-
Fx.fatal(
|
|
326
|
-
new Error(
|
|
327
|
-
"Missing `flow` param, it must be one of " +
|
|
328
|
-
'"signUp", "signIn", "reset", "reset-verification" or ' +
|
|
329
|
-
'"email-verification"!',
|
|
330
|
-
),
|
|
331
|
-
),
|
|
332
|
-
}),
|
|
333
|
-
);
|
|
334
|
-
},
|
|
335
|
-
crypto: config.crypto ?? {
|
|
336
|
-
async hashSecret(password: string) {
|
|
337
|
-
return await hashPassword(password);
|
|
338
|
-
},
|
|
339
|
-
async verifySecret(password: string, hash: string) {
|
|
340
|
-
return await verifyPassword(password, hash);
|
|
341
|
-
},
|
|
342
|
-
},
|
|
343
|
-
extraProviders: [
|
|
344
|
-
config.reset as AuthProviderConfig | undefined,
|
|
345
|
-
config.verify as AuthProviderConfig | undefined,
|
|
346
|
-
],
|
|
347
|
-
...config,
|
|
348
|
-
})._toMaterialized();
|
|
349
|
-
}
|
|
350
|
-
}
|
|
351
|
-
|
|
352
|
-
// ============================================================================
|
|
353
|
-
// Helpers
|
|
354
|
-
// ============================================================================
|
|
355
|
-
|
|
356
|
-
function validateDefaultPasswordRequirements(password: string) {
|
|
357
|
-
if (!password || password.length < 8) {
|
|
358
|
-
throw new Error("Invalid password");
|
|
359
|
-
}
|
|
360
|
-
}
|
|
361
|
-
|
|
362
|
-
function defaultProfile(params: Record<string, unknown>) {
|
|
363
|
-
const email = params.email;
|
|
364
|
-
if (typeof email !== "string" || email.trim().length === 0) {
|
|
365
|
-
throw new Error("Missing `email` param");
|
|
366
|
-
}
|
|
367
|
-
return {
|
|
368
|
-
email,
|
|
369
|
-
};
|
|
370
|
-
}
|
|
371
|
-
|
|
372
|
-
const PASSWORD_HASH_PARAMS = {
|
|
373
|
-
N: 16384,
|
|
374
|
-
r: 16,
|
|
375
|
-
p: 1,
|
|
376
|
-
dkLen: 64,
|
|
377
|
-
} as const;
|
|
378
|
-
|
|
379
|
-
const PASSWORD_HASH_PREFIX = `scrypt:N=${PASSWORD_HASH_PARAMS.N},r=${PASSWORD_HASH_PARAMS.r},p=${PASSWORD_HASH_PARAMS.p},dkLen=${PASSWORD_HASH_PARAMS.dkLen}`;
|
|
380
|
-
|
|
381
|
-
async function hashPassword(password: string) {
|
|
382
|
-
const salt = crypto.getRandomValues(new Uint8Array(32));
|
|
383
|
-
const hash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);
|
|
384
|
-
return `${PASSWORD_HASH_PREFIX}$${bytesToHex(salt)}$${bytesToHex(hash)}`;
|
|
385
|
-
}
|
|
386
|
-
|
|
387
|
-
async function verifyPassword(password: string, storedHash: string) {
|
|
388
|
-
const [prefix, saltHex, hashHex] = storedHash.split("$");
|
|
389
|
-
if (
|
|
390
|
-
prefix !== PASSWORD_HASH_PREFIX ||
|
|
391
|
-
saltHex === undefined ||
|
|
392
|
-
hashHex === undefined
|
|
393
|
-
) {
|
|
394
|
-
return false;
|
|
395
|
-
}
|
|
396
|
-
|
|
397
|
-
let salt: Uint8Array;
|
|
398
|
-
let expectedHash: Uint8Array;
|
|
399
|
-
try {
|
|
400
|
-
salt = hexToBytes(saltHex);
|
|
401
|
-
expectedHash = hexToBytes(hashHex);
|
|
402
|
-
} catch {
|
|
403
|
-
return false;
|
|
404
|
-
}
|
|
405
|
-
if (
|
|
406
|
-
salt.length !== 32 ||
|
|
407
|
-
expectedHash.length !== PASSWORD_HASH_PARAMS.dkLen
|
|
408
|
-
) {
|
|
409
|
-
return false;
|
|
410
|
-
}
|
|
411
|
-
|
|
412
|
-
const actualHash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);
|
|
413
|
-
return constantTimeEqual(actualHash, expectedHash);
|
|
414
|
-
}
|
|
415
|
-
|
|
416
|
-
function hexToBytes(hex: string) {
|
|
417
|
-
if (hex.length % 2 !== 0) {
|
|
418
|
-
throw new Error("Invalid password hash");
|
|
419
|
-
}
|
|
420
|
-
const bytes = new Uint8Array(hex.length / 2);
|
|
421
|
-
for (let i = 0; i < bytes.length; i++) {
|
|
422
|
-
const start = i * 2;
|
|
423
|
-
const value = Number.parseInt(hex.slice(start, start + 2), 16);
|
|
424
|
-
if (Number.isNaN(value)) {
|
|
425
|
-
throw new Error("Invalid password hash");
|
|
426
|
-
}
|
|
427
|
-
bytes[i] = value;
|
|
428
|
-
}
|
|
429
|
-
return bytes;
|
|
430
|
-
}
|
|
431
|
-
|
|
432
|
-
function constantTimeEqual(left: Uint8Array, right: Uint8Array) {
|
|
433
|
-
if (left.length !== right.length) {
|
|
434
|
-
return false;
|
|
435
|
-
}
|
|
436
|
-
let diff = 0;
|
|
437
|
-
for (let i = 0; i < left.length; i++) {
|
|
438
|
-
diff |= left[i] ^ right[i];
|
|
439
|
-
}
|
|
440
|
-
return diff === 0;
|
|
441
|
-
}
|
package/src/providers/phone.ts
DELETED
|
@@ -1,93 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Phone / SMS authentication provider.
|
|
3
|
-
*
|
|
4
|
-
* @module
|
|
5
|
-
*/
|
|
6
|
-
|
|
7
|
-
import { Fx } from "@robelest/fx";
|
|
8
|
-
|
|
9
|
-
import type { PhoneConfig } from "../server/types";
|
|
10
|
-
|
|
11
|
-
/**
|
|
12
|
-
* User-facing configuration for the {@link Phone} provider.
|
|
13
|
-
*
|
|
14
|
-
* Use this to send SMS or other phone-based verification messages during
|
|
15
|
-
* sign-in.
|
|
16
|
-
*/
|
|
17
|
-
export interface PhoneProviderConfig {
|
|
18
|
-
/** Send the verification code to the user's phone. */
|
|
19
|
-
send: PhoneConfig["sendVerificationRequest"];
|
|
20
|
-
/** Provider ID override. Defaults to "phone". */
|
|
21
|
-
id?: string;
|
|
22
|
-
/** Token expiration in seconds. Defaults to 1200 (20 minutes). */
|
|
23
|
-
maxAge?: number;
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
/**
|
|
27
|
-
* Phone provider for SMS or phone-number verification flows.
|
|
28
|
-
*
|
|
29
|
-
* Wraps your `send()` implementation and materializes the runtime behavior
|
|
30
|
-
* Convex Auth needs for short-code or magic-link-style phone verification.
|
|
31
|
-
*
|
|
32
|
-
* @example
|
|
33
|
-
* ```ts
|
|
34
|
-
* import { Phone } from "@robelest/convex-auth/providers";
|
|
35
|
-
*
|
|
36
|
-
* const phone = new Phone({
|
|
37
|
-
* send: async ({ identifier, token }) => {
|
|
38
|
-
* await sms.send({ to: identifier, body: `Your sign-in code is ${token}` });
|
|
39
|
-
* },
|
|
40
|
-
* });
|
|
41
|
-
* ```
|
|
42
|
-
*/
|
|
43
|
-
export class Phone {
|
|
44
|
-
readonly id: string;
|
|
45
|
-
readonly type = "phone" as const;
|
|
46
|
-
|
|
47
|
-
/**
|
|
48
|
-
* Create a phone provider instance.
|
|
49
|
-
*
|
|
50
|
-
* @param config - Phone delivery and provider settings.
|
|
51
|
-
*/
|
|
52
|
-
constructor(public readonly config: PhoneProviderConfig) {
|
|
53
|
-
this.id = config.id ?? "phone";
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
/** @internal */
|
|
57
|
-
_toMaterialized(): PhoneConfig {
|
|
58
|
-
return {
|
|
59
|
-
id: this.id,
|
|
60
|
-
type: "phone",
|
|
61
|
-
maxAge: this.config.maxAge ?? 60 * 20,
|
|
62
|
-
authorize: async (params, account) => {
|
|
63
|
-
const dispatch =
|
|
64
|
-
typeof params.phone !== "string"
|
|
65
|
-
? ({ tag: "missingPhone" } as const)
|
|
66
|
-
: account.providerAccountId !== params.phone
|
|
67
|
-
? ({ tag: "mismatch" } as const)
|
|
68
|
-
: ({ tag: "ok" } as const);
|
|
69
|
-
|
|
70
|
-
return await Fx.run(
|
|
71
|
-
Fx.match(dispatch, dispatch.tag, {
|
|
72
|
-
missingPhone: () =>
|
|
73
|
-
Fx.fatal(
|
|
74
|
-
new Error(
|
|
75
|
-
"Token verification requires a `phone` in params of `signIn`.",
|
|
76
|
-
),
|
|
77
|
-
),
|
|
78
|
-
mismatch: () =>
|
|
79
|
-
Fx.fatal(
|
|
80
|
-
new Error(
|
|
81
|
-
"Short verification code requires a matching `phone` " +
|
|
82
|
-
"in params of `signIn`.",
|
|
83
|
-
),
|
|
84
|
-
),
|
|
85
|
-
ok: () => Fx.succeed(undefined),
|
|
86
|
-
}),
|
|
87
|
-
);
|
|
88
|
-
},
|
|
89
|
-
sendVerificationRequest: this.config.send,
|
|
90
|
-
options: {} as any,
|
|
91
|
-
};
|
|
92
|
-
}
|
|
93
|
-
}
|
package/src/providers/sso.ts
DELETED
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Enterprise SSO provider (OIDC + SAML + SCIM).
|
|
3
|
-
*
|
|
4
|
-
* Adding `new SSO()` to your providers list enables enterprise SSO
|
|
5
|
-
* sign-in flows and registers the OIDC, SAML, and SCIM runtime HTTP
|
|
6
|
-
* routes. It also makes `auth.sso.*` available on the auth
|
|
7
|
-
* object returned by `createAuth`.
|
|
8
|
-
*
|
|
9
|
-
* ```ts
|
|
10
|
-
* import { SSO } from "@robelest/convex-auth/providers";
|
|
11
|
-
*
|
|
12
|
-
* const auth = createAuth(components.auth, {
|
|
13
|
-
* providers: [new SSO(), new Password()],
|
|
14
|
-
* });
|
|
15
|
-
*
|
|
16
|
-
* // auth.sso is now available
|
|
17
|
-
* await auth.sso.admin.oidc.configure(ctx, { enterpriseId, clientId, ... });
|
|
18
|
-
* ```
|
|
19
|
-
*
|
|
20
|
-
* Without `new SSO()` in the providers list, `auth.sso` is not
|
|
21
|
-
* present on the returned object and accessing it is a TypeScript error.
|
|
22
|
-
*
|
|
23
|
-
* @module
|
|
24
|
-
*/
|
|
25
|
-
|
|
26
|
-
import type { SSOProviderConfig } from "../server/types";
|
|
27
|
-
|
|
28
|
-
/**
|
|
29
|
-
* Enterprise SSO provider.
|
|
30
|
-
*
|
|
31
|
-
* Zero-configuration — sensible defaults are applied for all enterprise
|
|
32
|
-
* protocols (OIDC, SAML, SCIM). Per-tenant configuration is done at
|
|
33
|
-
* runtime via `auth.sso.*` helpers.
|
|
34
|
-
*
|
|
35
|
-
* @example
|
|
36
|
-
* ```ts
|
|
37
|
-
* import { createAuth } from "@robelest/convex-auth/component";
|
|
38
|
-
* import { SSO, Password } from "@robelest/convex-auth/providers";
|
|
39
|
-
* import { components } from "./_generated/api";
|
|
40
|
-
*
|
|
41
|
-
* export const auth = createAuth(components.auth, {
|
|
42
|
-
* providers: [new SSO(), new Password()],
|
|
43
|
-
* });
|
|
44
|
-
* ```
|
|
45
|
-
*/
|
|
46
|
-
export class SSO {
|
|
47
|
-
readonly id = "enterprise-sso";
|
|
48
|
-
readonly type = "sso" as const;
|
|
49
|
-
|
|
50
|
-
/** @internal Convert to the internal materialized config shape. */
|
|
51
|
-
_toMaterialized(): SSOProviderConfig {
|
|
52
|
-
return { id: this.id, type: "sso" };
|
|
53
|
-
}
|
|
54
|
-
}
|
package/src/providers/totp.ts
DELETED
|
@@ -1,62 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TOTP (Time-based One-Time Password) two-factor authentication provider.
|
|
3
|
-
*
|
|
4
|
-
* ```ts
|
|
5
|
-
* import { Totp } from "@robelest/convex-auth/providers";
|
|
6
|
-
*
|
|
7
|
-
* new Totp({ issuer: "My App" })
|
|
8
|
-
* ```
|
|
9
|
-
*
|
|
10
|
-
* @module
|
|
11
|
-
*/
|
|
12
|
-
|
|
13
|
-
import type { TotpProviderConfig } from "../server/types";
|
|
14
|
-
|
|
15
|
-
/**
|
|
16
|
-
* Configuration for the TOTP provider.
|
|
17
|
-
*/
|
|
18
|
-
export interface TotpConfig {
|
|
19
|
-
/** Issuer name shown in authenticator apps (e.g. "My App"). */
|
|
20
|
-
issuer?: string;
|
|
21
|
-
/** Number of digits in each code (default: 6). */
|
|
22
|
-
digits?: number;
|
|
23
|
-
/** Time period in seconds for code rotation (default: 30). */
|
|
24
|
-
period?: number;
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
/**
|
|
28
|
-
* TOTP (Time-based One-Time Password) two-factor authentication provider.
|
|
29
|
-
*
|
|
30
|
-
* Generates time-based one-time passwords compatible with authenticator
|
|
31
|
-
* apps like Google Authenticator and Authy.
|
|
32
|
-
*
|
|
33
|
-
* @example
|
|
34
|
-
* ```ts
|
|
35
|
-
* import { Totp } from "@robelest/convex-auth/providers";
|
|
36
|
-
*
|
|
37
|
-
* new Totp({ issuer: "My App" })
|
|
38
|
-
* ```
|
|
39
|
-
*/
|
|
40
|
-
export class Totp {
|
|
41
|
-
readonly id: string;
|
|
42
|
-
readonly type = "totp" as const;
|
|
43
|
-
readonly config: TotpConfig;
|
|
44
|
-
|
|
45
|
-
constructor(config: TotpConfig = {}) {
|
|
46
|
-
this.id = "totp";
|
|
47
|
-
this.config = config;
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
/** @internal Convert to the internal materialized config shape. */
|
|
51
|
-
_toMaterialized(): TotpProviderConfig {
|
|
52
|
-
return {
|
|
53
|
-
id: this.id,
|
|
54
|
-
type: "totp",
|
|
55
|
-
options: {
|
|
56
|
-
issuer: this.config.issuer ?? "ConvexAuth",
|
|
57
|
-
digits: this.config.digits ?? 6,
|
|
58
|
-
period: this.config.period ?? 30,
|
|
59
|
-
},
|
|
60
|
-
};
|
|
61
|
-
}
|
|
62
|
-
}
|
package/src/samlify.d.ts
DELETED
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
declare module "@robelest/samlify" {
|
|
2
|
-
export const Constants: {
|
|
3
|
-
namespace: {
|
|
4
|
-
binding: {
|
|
5
|
-
redirect: string;
|
|
6
|
-
post: string;
|
|
7
|
-
};
|
|
8
|
-
};
|
|
9
|
-
};
|
|
10
|
-
|
|
11
|
-
export function setSchemaValidator(validator: {
|
|
12
|
-
validate: (xml: string) => Promise<string>;
|
|
13
|
-
}): void;
|
|
14
|
-
|
|
15
|
-
export function IdentityProvider(options: { metadata: string }): {
|
|
16
|
-
entityMeta: {
|
|
17
|
-
getEntityID(): string;
|
|
18
|
-
getSingleSignOnService(binding: string): string | undefined;
|
|
19
|
-
getSingleLogoutService(binding: string): string | undefined;
|
|
20
|
-
getX509Certificate(use: string): string | string[] | null;
|
|
21
|
-
getNameIDFormat(): string[] | string | undefined;
|
|
22
|
-
isWantAuthnRequestsSigned(): boolean;
|
|
23
|
-
};
|
|
24
|
-
};
|
|
25
|
-
|
|
26
|
-
export function ServiceProvider(options: Record<string, unknown>): {
|
|
27
|
-
getMetadata(): string;
|
|
28
|
-
createLoginRequest(
|
|
29
|
-
idp: unknown,
|
|
30
|
-
binding: unknown,
|
|
31
|
-
):
|
|
32
|
-
| Promise<{
|
|
33
|
-
id: string;
|
|
34
|
-
context: string;
|
|
35
|
-
entityEndpoint?: string;
|
|
36
|
-
}>
|
|
37
|
-
| {
|
|
38
|
-
id: string;
|
|
39
|
-
context: string;
|
|
40
|
-
entityEndpoint?: string;
|
|
41
|
-
};
|
|
42
|
-
parseLoginResponse(
|
|
43
|
-
idp: unknown,
|
|
44
|
-
binding: unknown,
|
|
45
|
-
request: { query: Record<string, string>; body: Record<string, string> },
|
|
46
|
-
): Promise<unknown>;
|
|
47
|
-
parseLogoutRequest(
|
|
48
|
-
idp: unknown,
|
|
49
|
-
binding: unknown,
|
|
50
|
-
request: { query: Record<string, string>; body: Record<string, string> },
|
|
51
|
-
): Promise<unknown>;
|
|
52
|
-
};
|
|
53
|
-
}
|