@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,9 +1,8 @@
1
1
  import { getSessionUserId } from "./context.js";
2
- import { materializeProvider } from "./config.js";
3
- import { TOKEN_SUB_CLAIM_DIVIDER, generateRandomString, sha256 } from "./utils.js";
2
+ import { generateRandomString, sha256 } from "./random.js";
4
3
  import { buildScopeChecker, checkKeyRateLimit, generateApiKey, hashApiKey } from "./keys.js";
5
- import { signInImpl } from "./signin.js";
6
- import { Cv } from "@robelest/fx/convex";
4
+ import { TOKEN_SUB_CLAIM_DIVIDER } from "./constants.js";
5
+ import { ConvexError } from "convex/values";
7
6
 
8
7
  //#region src/server/core.ts
9
8
  /**
@@ -20,7 +19,7 @@ import { Cv } from "@robelest/fx/convex";
20
19
  * @returns The core domain namespaces consumed by the auth factory.
21
20
  */
22
21
  function createCoreDomains(deps) {
23
- const { config, getAuth, callInvalidateSessions, callCreateAccountFromCredentials, callRetrieveAccountWithCredentials, callModifyAccount, getEnrichCtx, inviteTokenAlphabet, inviteTokenLength } = deps;
22
+ const { config, callInvalidateSessions, callCreateAccountFromCredentials, callRetrieveAccountWithCredentials, callModifyAccount, inviteTokenAlphabet, inviteTokenLength } = deps;
24
23
  const roleDefinitions = config.authorization.roles;
25
24
  const getRoleDefinition = (roleId) => {
26
25
  return roleDefinitions[roleId] ?? null;
@@ -28,7 +27,7 @@ function createCoreDomains(deps) {
28
27
  const normalizeRoleIds = (roleIds) => {
29
28
  const normalized = Array.from(new Set(roleIds ?? []));
30
29
  const invalid = normalized.filter((id) => getRoleDefinition(id) === null);
31
- if (invalid.length > 0) throw Cv.error({
30
+ if (invalid.length > 0) throw new ConvexError({
32
31
  code: "INVALID_ROLE_IDS",
33
32
  message: "One or more role IDs are invalid.",
34
33
  invalidRoleIds: invalid
@@ -74,11 +73,12 @@ function createCoreDomains(deps) {
74
73
  };
75
74
  const AUTH_CACHE = Symbol("__convexAuthCache");
76
75
  function cache(ctx) {
77
- if (!ctx[AUTH_CACHE]) ctx[AUTH_CACHE] = {
76
+ const cachedCtx = ctx;
77
+ if (!cachedCtx[AUTH_CACHE]) cachedCtx[AUTH_CACHE] = {
78
78
  users: /* @__PURE__ */ new Map(),
79
79
  groups: /* @__PURE__ */ new Map()
80
80
  };
81
- return ctx[AUTH_CACHE];
81
+ return cachedCtx[AUTH_CACHE];
82
82
  }
83
83
  const user = {
84
84
  get: async (ctx, userId) => {
@@ -142,7 +142,7 @@ function createCoreDomains(deps) {
142
142
  ctx.runQuery(config.component.public.totpListByUserId, { userId })
143
143
  ]);
144
144
  const totalLinked = sessions.length + accounts.length + keys.length + members.length + passkeys.length + totps.length;
145
- if (!cascade && totalLinked > 0) throw Cv.error({
145
+ if (!cascade && totalLinked > 0) throw new ConvexError({
146
146
  code: "INVALID_PARAMETERS",
147
147
  message: "The provided parameters are invalid."
148
148
  });
@@ -194,11 +194,11 @@ function createCoreDomains(deps) {
194
194
  },
195
195
  delete: async (ctx, accountId) => {
196
196
  const doc = await ctx.runQuery(config.component.public.accountGetById, { accountId });
197
- if (doc === null) throw Cv.error({
197
+ if (doc === null) throw new ConvexError({
198
198
  code: "ACCOUNT_NOT_FOUND",
199
199
  message: "Account not found."
200
200
  });
201
- if ((await ctx.runQuery(config.component.public.accountListByUser, { userId: doc.userId })).length <= 1) throw Cv.error({
201
+ if ((await ctx.runQuery(config.component.public.accountListByUser, { userId: doc.userId })).length <= 1) throw new ConvexError({
202
202
  code: "INVALID_PARAMETERS",
203
203
  message: "The provided parameters are invalid."
204
204
  });
@@ -227,16 +227,9 @@ function createCoreDomains(deps) {
227
227
  return { totpId };
228
228
  }
229
229
  };
230
- const provider = { signIn: async (ctx, providerConfig, args) => {
231
- const result = await signInImpl(getEnrichCtx()(ctx), materializeProvider(providerConfig), args, {
232
- generateTokens: false,
233
- allowExtraProviders: true
234
- });
235
- return result.kind === "signedIn" ? result.signedIn !== null ? {
236
- userId: result.signedIn.userId,
237
- sessionId: result.signedIn.sessionId
238
- } : null : null;
239
- } };
230
+ const provider = { signIn: deps.signInForProvider ? async (ctx, providerConfig, args) => {
231
+ return deps.signInForProvider(ctx, providerConfig, args);
232
+ } : void 0 };
240
233
  const group = {
241
234
  create: async (ctx, data) => {
242
235
  return { groupId: await ctx.runMutation(config.component.public.groupCreate, data) };
@@ -345,7 +338,8 @@ function createCoreDomains(deps) {
345
338
  let membership = null;
346
339
  if (useAncestry) {
347
340
  const maxDepth = Math.max(0, Math.floor(opts.maxDepth ?? 32));
348
- membership = (await ctx.runQuery(config.component.public.memberResolve, {
341
+ const memberResolveRef = config.component.public["memberResolve"];
342
+ membership = (await ctx.runQuery(memberResolveRef, {
349
343
  userId: opts.userId,
350
344
  groupId: opts.groupId,
351
345
  maxDepth,
@@ -378,18 +372,18 @@ function createCoreDomains(deps) {
378
372
  ancestry: opts.ancestry,
379
373
  maxDepth: opts.maxDepth
380
374
  });
381
- if (result.membership === null) throw Cv.error({
375
+ if (result.membership === null) throw new ConvexError({
382
376
  code: "NOT_A_MEMBER",
383
377
  message: "User is not a member of this group.",
384
378
  groupId: opts.groupId
385
379
  });
386
- if (roleFilter !== null && !result.roleIds.some((roleId) => roleFilter.has(roleId))) throw Cv.error({
380
+ if (roleFilter !== null && !result.roleIds.some((roleId) => roleFilter.has(roleId))) throw new ConvexError({
387
381
  code: "NOT_A_MEMBER",
388
382
  message: "User is not a member of this group.",
389
383
  groupId: opts.groupId
390
384
  });
391
385
  const missingGrants = requiredGrants.filter((grant) => !result.grants.includes(grant));
392
- if (missingGrants.length > 0) throw Cv.error({
386
+ if (missingGrants.length > 0) throw new ConvexError({
393
387
  code: "MISSING_GRANTS",
394
388
  message: "User is missing required grants.",
395
389
  groupId: opts.groupId,
@@ -473,23 +467,23 @@ function createCoreDomains(deps) {
473
467
  verify: async (ctx, rawKey) => {
474
468
  const hashedKey = await hashApiKey(rawKey);
475
469
  const doc = await ctx.runQuery(config.component.public.keyGetByHashedKey, { hashedKey });
476
- if (!doc) throw Cv.error({
470
+ if (!doc) throw new ConvexError({
477
471
  code: "INVALID_API_KEY",
478
472
  message: "Invalid API key."
479
473
  });
480
474
  const k = doc;
481
- if (k.revoked) throw Cv.error({
475
+ if (k.revoked) throw new ConvexError({
482
476
  code: "API_KEY_REVOKED",
483
477
  message: "This API key has been revoked."
484
478
  });
485
- if (k.expiresAt && k.expiresAt < Date.now()) throw Cv.error({
479
+ if (k.expiresAt && k.expiresAt < Date.now()) throw new ConvexError({
486
480
  code: "API_KEY_EXPIRED",
487
481
  message: "This API key has expired."
488
482
  });
489
483
  const patchData = { lastUsedAt: Date.now() };
490
484
  if (k.rateLimit) {
491
485
  const { limited, newState } = checkKeyRateLimit(k.rateLimit, k.rateLimitState ?? void 0);
492
- if (limited) throw Cv.error({
486
+ if (limited) throw new ConvexError({
493
487
  code: "API_KEY_RATE_LIMITED",
494
488
  message: "API key rate limit exceeded. Please try again later."
495
489
  });
@@ -537,11 +531,12 @@ function createCoreDomains(deps) {
537
531
  },
538
532
  rotate: async (ctx, keyId, opts) => {
539
533
  const existing = await ctx.runQuery(config.component.public.keyGetById, { keyId });
540
- if (!existing) throw Cv.error({
534
+ if (!existing) throw new ConvexError({
541
535
  code: "INVALID_PARAMETERS",
542
536
  message: "The provided parameters are invalid."
543
537
  });
544
- if (existing.revoked === true) throw Cv.error({
538
+ const typedExisting = existing;
539
+ if (typedExisting.revoked === true) throw new ConvexError({
545
540
  code: "API_KEY_REVOKED",
546
541
  message: "This API key has been revoked."
547
542
  });
@@ -550,12 +545,12 @@ function createCoreDomains(deps) {
550
545
  data: { revoked: true }
551
546
  });
552
547
  return await key.create(ctx, {
553
- userId: existing.userId,
554
- name: opts?.name ?? existing.name,
555
- scopes: existing.scopes ?? [],
556
- rateLimit: existing.rateLimit,
548
+ userId: typedExisting.userId,
549
+ name: opts?.name ?? typedExisting.name ?? keyId,
550
+ scopes: typedExisting.scopes ?? [],
551
+ rateLimit: typedExisting.rateLimit,
557
552
  expiresAt: opts?.expiresAt,
558
- metadata: existing.metadata
553
+ metadata: typedExisting.metadata
559
554
  });
560
555
  }
561
556
  };
@@ -1,55 +1,45 @@
1
- import { errorMessage } from "./utils.js";
2
- import { Fx } from "@robelest/fx";
3
- import { Cv } from "@robelest/fx/convex";
1
+ import { ConvexError } from "convex/values";
4
2
 
5
3
  //#region src/server/crypto.ts
4
+ function errorMessage(error) {
5
+ return error instanceof Error ? error.message : String(error);
6
+ }
7
+ const credentialsError = (code, message) => new ConvexError({
8
+ code,
9
+ message
10
+ });
11
+ function asCredentialsProvider(provider) {
12
+ if (provider.type !== "credentials") throw credentialsError("INVALID_CREDENTIALS_PROVIDER", `Provider ${provider.id} is not a credentials provider`);
13
+ return provider;
14
+ }
6
15
  /**
7
16
  * Hash a secret using the provider's `crypto.hashSecret` function.
8
- *
9
- * Validates that the provider is a credentials provider and has the
10
- * required crypto function, returning typed errors through the Fx channel.
17
+ * @internal
11
18
  */
12
- /** @internal */
13
- const hash = (provider, secret) => Fx.gen(function* () {
14
- if (provider.type !== "credentials") return yield* Cv.fail({
15
- code: "INVALID_CREDENTIALS_PROVIDER",
16
- message: `Provider ${provider.id} is not a credentials provider`
17
- });
18
- const hashSecretFn = provider.crypto?.hashSecret;
19
- if (!hashSecretFn) return yield* Cv.fail({
20
- code: "MISSING_CRYPTO_FUNCTION",
21
- message: `Provider ${provider.id} does not have a \`crypto.hashSecret\` function`
22
- });
23
- return yield* Fx.from({
24
- ok: () => hashSecretFn(secret),
25
- err: (e) => Cv.error({
26
- code: "INTERNAL_ERROR",
27
- message: `Hash failed: ${errorMessage(e)}`
28
- })
29
- });
30
- });
19
+ async function hash(provider, secret) {
20
+ const credProvider = asCredentialsProvider(provider);
21
+ const hashSecret = credProvider.crypto?.hashSecret;
22
+ if (!hashSecret) throw credentialsError("MISSING_CRYPTO_FUNCTION", `Provider ${credProvider.id} does not have a \`crypto.hashSecret\` function`);
23
+ try {
24
+ return await hashSecret(secret);
25
+ } catch (error) {
26
+ throw credentialsError("INTERNAL_ERROR", `Hash failed: ${errorMessage(error)}`);
27
+ }
28
+ }
31
29
  /**
32
30
  * Verify a secret against a hash using the provider's `crypto.verifySecret` function.
31
+ * @internal
33
32
  */
34
- /** @internal */
35
- const verify = (provider, secret, hashValue) => Fx.gen(function* () {
36
- if (provider.type !== "credentials") return yield* Cv.fail({
37
- code: "INVALID_CREDENTIALS_PROVIDER",
38
- message: `Provider ${provider.id} is not a credentials provider`
39
- });
40
- const verifySecretFn = provider.crypto?.verifySecret;
41
- if (!verifySecretFn) return yield* Cv.fail({
42
- code: "MISSING_CRYPTO_FUNCTION",
43
- message: `Provider ${provider.id} does not have a \`crypto.verifySecret\` function`
44
- });
45
- return yield* Fx.from({
46
- ok: () => verifySecretFn(secret, hashValue),
47
- err: (e) => Cv.error({
48
- code: "INTERNAL_ERROR",
49
- message: `Verify failed: ${errorMessage(e)}`
50
- })
51
- });
52
- });
33
+ async function verify(provider, secret, hashValue) {
34
+ const credProvider = asCredentialsProvider(provider);
35
+ const verifySecret = credProvider.crypto?.verifySecret;
36
+ if (!verifySecret) throw credentialsError("MISSING_CRYPTO_FUNCTION", `Provider ${credProvider.id} does not have a \`crypto.verifySecret\` function`);
37
+ try {
38
+ return await verifySecret(secret, hashValue);
39
+ } catch (error) {
40
+ throw credentialsError("INTERNAL_ERROR", `Verify failed: ${errorMessage(error)}`);
41
+ }
42
+ }
53
43
 
54
44
  //#endregion
55
45
  export { hash, verify };
package/dist/server/db.js CHANGED
@@ -35,12 +35,16 @@ function authDb(ctx, config) {
35
35
  userId,
36
36
  expirationTime
37
37
  }),
38
+ issue: (args) => ctx.runMutation(component.public.sessionIssue, args),
38
39
  getById: (sessionId) => ctx.runQuery(component.public.sessionGetById, { sessionId }),
39
40
  delete: (sessionId) => ctx.runMutation(component.public.sessionDelete, { sessionId }),
40
41
  listByUser: (userId) => ctx.runQuery(component.public.sessionListByUser, { userId })
41
42
  },
42
43
  verifiers: {
43
- create: (sessionId) => ctx.runMutation(component.public.verifierCreate, { sessionId }),
44
+ create: (sessionId, signature) => ctx.runMutation(component.public.verifierCreate, {
45
+ sessionId,
46
+ signature
47
+ }),
44
48
  getById: (verifierId) => ctx.runQuery(component.public.verifierGetById, { verifierId }),
45
49
  getBySignature: (signature) => ctx.runQuery(component.public.verifierGetBySignature, { signature }),
46
50
  patch: (verifierId, data) => ctx.runMutation(component.public.verifierPatch, {
@@ -57,6 +61,7 @@ function authDb(ctx, config) {
57
61
  },
58
62
  refreshTokens: {
59
63
  create: (args) => ctx.runMutation(component.public.refreshTokenCreate, args),
64
+ exchange: (args) => ctx.runMutation(component.public.refreshTokenExchange, args),
60
65
  getById: (refreshTokenId) => ctx.runQuery(component.public.refreshTokenGetById, { refreshTokenId }),
61
66
  patch: (refreshTokenId, data) => ctx.runMutation(component.public.refreshTokenPatch, {
62
67
  refreshTokenId,
@@ -1,22 +1,15 @@
1
1
  import { userIdFromIdentitySubject } from "./identity.js";
2
- import { generateRandomString, requireEnv, sha256 } from "./utils.js";
2
+ import { generateRandomString, sha256 } from "./random.js";
3
+ import { requireEnv } from "./env.js";
3
4
  import { callSignIn } from "./mutations/signin.js";
5
+ import { AuthFlowError, authFlowError } from "../shared/errors.js";
6
+ import { toConvexError } from "./errors.js";
4
7
  import { mutateDeviceAuthorize, mutateDeviceDelete, mutateDeviceInsert, mutateDeviceUpdateLastPolled, queryDeviceByCodeHash, queryDeviceByUserCode } from "./types.js";
5
- import { Fx } from "@robelest/fx";
6
- import { Cv } from "@robelest/fx/convex";
7
8
  import { ConvexError } from "convex/values";
8
9
 
9
10
  //#region src/server/device.ts
10
11
  /**
11
12
  * Server-side device authorization flow logic (RFC 8628).
12
- *
13
- * Handles the three phases of the device flow:
14
- * 1. (default) — Generate a device code + user code pair
15
- * 2. poll — Device checks whether the user has authorized yet
16
- * 3. verify — Authenticated user links a user code to their session
17
- *
18
- * Uses `@oslojs/crypto/random` for code generation and
19
- * `@oslojs/crypto/sha2` for hashing device codes before storage.
20
13
  */
21
14
  const DEVICE_CODE_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
22
15
  const DEVICE_CODE_LENGTH = 40;
@@ -25,127 +18,100 @@ const DEVICE_FLOWS = [
25
18
  "poll",
26
19
  "verify"
27
20
  ];
21
+ const deviceError = authFlowError;
22
+ const assertFlow = (flow) => {
23
+ if (DEVICE_FLOWS.includes(flow)) return flow;
24
+ throw deviceError("DEVICE_MISSING_FLOW", "Missing `flow` parameter. Expected one of: create, poll, verify");
25
+ };
26
+ async function handleCreate(ctx, provider) {
27
+ const deviceCode = generateRandomString(DEVICE_CODE_LENGTH, DEVICE_CODE_ALPHABET);
28
+ const deviceCodeHash = await sha256(deviceCode);
29
+ const rawUserCode = generateRandomString(provider.userCodeLength, provider.charset);
30
+ const mid = Math.floor(rawUserCode.length / 2);
31
+ const userCode = rawUserCode.slice(0, mid) + "-" + rawUserCode.slice(mid);
32
+ await mutateDeviceInsert(ctx, {
33
+ deviceCodeHash,
34
+ userCode,
35
+ expiresAt: Date.now() + provider.expiresIn * 1e3,
36
+ interval: provider.interval,
37
+ status: "pending"
38
+ });
39
+ const verificationUri = provider.verificationUri ?? `${process.env.SITE_URL ?? requireEnv("SITE_URL")}/device`;
40
+ return {
41
+ kind: "deviceCode",
42
+ deviceCode,
43
+ userCode,
44
+ verificationUri,
45
+ verificationUriComplete: `${verificationUri}?code=${encodeURIComponent(userCode)}`,
46
+ expiresIn: provider.expiresIn,
47
+ interval: provider.interval
48
+ };
49
+ }
50
+ async function handlePoll(ctx, params) {
51
+ if (typeof params.deviceCode !== "string") throw deviceError("DEVICE_MISSING_FLOW", "Missing `deviceCode` parameter for poll flow.");
52
+ const doc = await queryDeviceByCodeHash(ctx, await sha256(params.deviceCode));
53
+ if (doc === null) throw deviceError("DEVICE_CODE_EXPIRED", "The device code has expired. Please start a new authorization request.");
54
+ if (Date.now() > doc.expiresAt) {
55
+ await mutateDeviceDelete(ctx, doc._id);
56
+ throw deviceError("DEVICE_CODE_EXPIRED", "The device code has expired. Please start a new authorization request.");
57
+ }
58
+ if (doc.lastPolledAt !== void 0 && (Date.now() - doc.lastPolledAt) / 1e3 < doc.interval) throw deviceError("DEVICE_SLOW_DOWN", "Polling too frequently. Increase the interval between requests.");
59
+ await mutateDeviceUpdateLastPolled(ctx, doc._id, Date.now());
60
+ if (doc.status === "pending") throw deviceError("DEVICE_AUTHORIZATION_PENDING", "The user has not yet authorized this device.");
61
+ if (doc.status === "denied") {
62
+ await mutateDeviceDelete(ctx, doc._id);
63
+ throw deviceError("DEVICE_CODE_DENIED", "The authorization request was denied.");
64
+ }
65
+ if (!doc.userId || !doc.sessionId) throw deviceError("INTERNAL_ERROR", "Authorized device code missing userId or sessionId");
66
+ await mutateDeviceDelete(ctx, doc._id);
67
+ return {
68
+ kind: "signedIn",
69
+ signedIn: await callSignIn(ctx, {
70
+ userId: doc.userId,
71
+ sessionId: doc.sessionId,
72
+ generateTokens: true
73
+ })
74
+ };
75
+ }
76
+ async function handleDeviceVerify(ctx, params) {
77
+ if (typeof params.userCode !== "string") throw deviceError("DEVICE_INVALID_USER_CODE", "Missing `userCode` parameter for verify flow.");
78
+ const identity = await ctx.auth.getUserIdentity();
79
+ if (identity === null) throw deviceError("NOT_SIGNED_IN", "You must be signed in to authorize a device.");
80
+ const userId = userIdFromIdentitySubject(identity.subject);
81
+ const doc = await queryDeviceByUserCode(ctx, params.userCode);
82
+ if (doc === null) throw deviceError("DEVICE_INVALID_USER_CODE", "Invalid or expired user code.");
83
+ if (Date.now() > doc.expiresAt) {
84
+ await mutateDeviceDelete(ctx, doc._id);
85
+ throw deviceError("DEVICE_CODE_EXPIRED", "The device code has expired. Please start a new authorization request.");
86
+ }
87
+ if (doc.status !== "pending") throw deviceError("DEVICE_ALREADY_AUTHORIZED", "This device code has already been authorized.");
88
+ const signInResult = await callSignIn(ctx, {
89
+ userId,
90
+ generateTokens: false
91
+ });
92
+ await mutateDeviceAuthorize(ctx, doc._id, signInResult.userId, signInResult.sessionId);
93
+ return {
94
+ kind: "signedIn",
95
+ signedIn: null
96
+ };
97
+ }
28
98
  /** @internal */
29
- const handleDevice = (ctx, provider, args) => Fx.from({
30
- ok: async () => {
99
+ const handleDevice = async (ctx, provider, args) => {
100
+ try {
31
101
  const params = args.params ?? {};
32
- const flow = typeof params.flow === "string" ? params.flow : "create";
33
- if (!DEVICE_FLOWS.some((candidate) => candidate === flow)) throw Cv.error({
34
- code: "DEVICE_MISSING_FLOW",
35
- message: "Missing `flow` parameter. Expected one of: create, poll, verify"
36
- });
37
- if (flow === "create") {
38
- const deviceCode = generateRandomString(DEVICE_CODE_LENGTH, DEVICE_CODE_ALPHABET);
39
- const deviceCodeHash = await sha256(deviceCode);
40
- const rawUserCode = generateRandomString(provider.userCodeLength, provider.charset);
41
- const mid = Math.floor(rawUserCode.length / 2);
42
- const userCode = rawUserCode.slice(0, mid) + "-" + rawUserCode.slice(mid);
43
- await mutateDeviceInsert(ctx, {
44
- deviceCodeHash,
45
- userCode,
46
- expiresAt: Date.now() + provider.expiresIn * 1e3,
47
- interval: provider.interval,
48
- status: "pending"
49
- });
50
- const verificationUri = provider.verificationUri ?? `${process.env.SITE_URL ?? requireEnv("SITE_URL")}/device`;
51
- return {
52
- kind: "deviceCode",
53
- deviceCode,
54
- userCode,
55
- verificationUri,
56
- verificationUriComplete: `${verificationUri}?user_code=${encodeURIComponent(userCode)}`,
57
- expiresIn: provider.expiresIn,
58
- interval: provider.interval
59
- };
60
- }
61
- if (flow === "poll") {
62
- if (typeof params.deviceCode !== "string") throw Cv.error({
63
- code: "DEVICE_MISSING_FLOW",
64
- message: "Missing `deviceCode` parameter for poll flow."
65
- });
66
- const doc$1 = await queryDeviceByCodeHash(ctx, await sha256(params.deviceCode));
67
- if (doc$1 === null) throw Cv.error({
68
- code: "DEVICE_CODE_EXPIRED",
69
- message: "The device code has expired. Please start a new authorization request."
70
- });
71
- if (Date.now() > doc$1.expiresAt) {
72
- await mutateDeviceDelete(ctx, doc$1._id);
73
- throw Cv.error({
74
- code: "DEVICE_CODE_EXPIRED",
75
- message: "The device code has expired. Please start a new authorization request."
76
- });
77
- }
78
- if (doc$1.lastPolledAt !== void 0 && (Date.now() - doc$1.lastPolledAt) / 1e3 < doc$1.interval) throw Cv.error({
79
- code: "DEVICE_SLOW_DOWN",
80
- message: "Polling too frequently. Increase the interval between requests."
81
- });
82
- await mutateDeviceUpdateLastPolled(ctx, doc$1._id, Date.now());
83
- if (doc$1.status === "pending") throw Cv.error({
84
- code: "DEVICE_AUTHORIZATION_PENDING",
85
- message: "The user has not yet authorized this device."
86
- });
87
- if (doc$1.status === "denied") {
88
- await mutateDeviceDelete(ctx, doc$1._id);
89
- throw Cv.error({
90
- code: "DEVICE_CODE_DENIED",
91
- message: "The authorization request was denied."
92
- });
93
- }
94
- if (!doc$1.userId || !doc$1.sessionId) throw Cv.error({
95
- code: "INTERNAL_ERROR",
96
- message: "Authorized device code missing userId or sessionId"
97
- });
98
- await mutateDeviceDelete(ctx, doc$1._id);
99
- return {
100
- kind: "signedIn",
101
- signedIn: await callSignIn(ctx, {
102
- userId: doc$1.userId,
103
- sessionId: doc$1.sessionId,
104
- generateTokens: true
105
- })
106
- };
107
- }
108
- if (typeof params.userCode !== "string") throw Cv.error({
109
- code: "DEVICE_INVALID_USER_CODE",
110
- message: "Missing `userCode` parameter for verify flow."
111
- });
112
- const identity = await ctx.auth.getUserIdentity();
113
- if (identity === null) throw Cv.error({
114
- code: "NOT_SIGNED_IN",
115
- message: "You must be signed in to authorize a device."
116
- });
117
- const userId = userIdFromIdentitySubject(identity.subject);
118
- const doc = await queryDeviceByUserCode(ctx, params.userCode);
119
- if (doc === null) throw Cv.error({
120
- code: "DEVICE_INVALID_USER_CODE",
121
- message: "Invalid or expired user code."
122
- });
123
- if (Date.now() > doc.expiresAt) {
124
- await mutateDeviceDelete(ctx, doc._id);
125
- throw Cv.error({
126
- code: "DEVICE_CODE_EXPIRED",
127
- message: "The device code has expired. Please start a new authorization request."
128
- });
129
- }
130
- if (doc.status !== "pending") throw Cv.error({
131
- code: "DEVICE_ALREADY_AUTHORIZED",
132
- message: "This device code has already been authorized."
133
- });
134
- const signInResult = await callSignIn(ctx, {
135
- userId,
136
- generateTokens: false
137
- });
138
- await mutateDeviceAuthorize(ctx, doc._id, signInResult.userId, signInResult.sessionId);
139
- return {
140
- kind: "signedIn",
141
- signedIn: null
142
- };
143
- },
144
- err: (e) => e instanceof ConvexError ? e : Cv.error({
145
- code: "INTERNAL_ERROR",
146
- message: `Device flow failed: ${String(e)}`
147
- })
148
- });
102
+ const flow = assertFlow(typeof params.flow === "string" ? params.flow : "create");
103
+ return await new Map([
104
+ ["create", () => handleCreate(ctx, provider)],
105
+ ["poll", () => handlePoll(ctx, params)],
106
+ ["verify", () => handleDeviceVerify(ctx, params)]
107
+ ]).get(flow)();
108
+ } catch (error) {
109
+ if (error instanceof ConvexError) throw error;
110
+ if (error instanceof AuthFlowError) throw toConvexError(error);
111
+ if (error instanceof Error) throw toConvexError(authFlowError("INTERNAL_ERROR", `Device flow failed: ${error.message}`));
112
+ throw toConvexError(error);
113
+ }
114
+ };
149
115
 
150
116
  //#endregion
151
117
  export { handleDevice };
@@ -0,0 +1,48 @@
1
+ import { ConvexError } from "convex/values";
2
+
3
+ //#region src/server/env.ts
4
+ function readEnv(name) {
5
+ const value = typeof process === "undefined" ? void 0 : process.env?.[name];
6
+ return typeof value === "string" && value.length > 0 ? value : void 0;
7
+ }
8
+ /** @internal */
9
+ const readConfigSync = (value) => value;
10
+ /** @internal */
11
+ const envString = (name) => {
12
+ const value = readEnv(name);
13
+ if (value === void 0) throw new Error(`Missing environment variable \`${name}\``);
14
+ return value;
15
+ };
16
+ /** @internal */
17
+ const envOptionalString = (name) => readEnv(name);
18
+ /** @internal */
19
+ const envOptionalNumber = (name) => {
20
+ const value = readEnv(name);
21
+ if (value === void 0) return;
22
+ const parsed = Number(value);
23
+ if (!Number.isFinite(parsed)) throw new Error(`Invalid numeric environment variable \`${name}\``);
24
+ return parsed;
25
+ };
26
+ /** @internal */
27
+ const envBoolean = (name) => {
28
+ const value = readEnv(name);
29
+ if (value === void 0) return;
30
+ if (value === "true") return true;
31
+ if (value === "false") return false;
32
+ throw new Error(`Invalid boolean environment variable \`${name}\``);
33
+ };
34
+ /** @internal */
35
+ function requireEnv(name) {
36
+ try {
37
+ return readConfigSync(envString(name));
38
+ } catch {
39
+ throw new ConvexError({
40
+ code: "MISSING_ENV_VAR",
41
+ message: `Missing environment variable \`${name}\``
42
+ });
43
+ }
44
+ }
45
+
46
+ //#endregion
47
+ export { envBoolean, envOptionalNumber, envOptionalString, readConfigSync, requireEnv };
48
+ //# sourceMappingURL=env.js.map
@@ -0,0 +1,20 @@
1
+ import { AuthFlowError } from "../shared/errors.js";
2
+ import { ConvexError } from "convex/values";
3
+
4
+ //#region src/server/errors.ts
5
+ /** @internal */
6
+ const toConvexError = (error) => {
7
+ if (error instanceof ConvexError) return error;
8
+ if (error instanceof AuthFlowError) return new ConvexError({
9
+ code: error.code,
10
+ message: error.message
11
+ });
12
+ return new ConvexError({
13
+ code: "INTERNAL_ERROR",
14
+ message: error instanceof Error ? error.message : String(error)
15
+ });
16
+ };
17
+
18
+ //#endregion
19
+ export { toConvexError };
20
+ //# sourceMappingURL=errors.js.map