@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,9 +1,16 @@
1
- import { CorsConfig, HttpKeyContext } from "./types.js";
2
- import { AuthContext, OptionalAuthContext, UserDoc } from "./auth.js";
3
- import * as convex_server65 from "convex/server";
4
- import { GenericActionCtx, GenericDataModel, HttpRouter } from "convex/server";
1
+ import { ComponentReadCtx } from "./componentContext.js";
2
+ import { HttpKeyContext } from "./types.js";
3
+ import { AuthContext, OptionalAuthContext, UserDoc } from "./auth-context.js";
4
+ import "./auth.js";
5
+ import { GenericActionCtx, GenericDataModel, HttpRouter, UserIdentity } from "convex/server";
5
6
 
6
7
  //#region src/server/http.d.ts
8
+ type HttpIdentityCtx = {
9
+ auth: {
10
+ getUserIdentity: () => Promise<UserIdentity | null>;
11
+ };
12
+ };
13
+ type HttpContextCtx = HttpIdentityCtx & ComponentReadCtx;
7
14
  /**
8
15
  * Auth context returned by `auth.http.context(ctx, request)`.
9
16
  *
@@ -60,7 +67,7 @@ type OptionalHttpAuthContext = (OptionalAuthContext & {
60
67
  * });
61
68
  * ```
62
69
  */
63
- type HttpAuthContextConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
70
+ type HttpAuthContextConfig<TResolve extends Record<string, unknown> = Record<string, never>, TCtx extends HttpContextCtx = HttpContextCtx> = {
64
71
  /**
65
72
  * Allow unauthenticated callers and return a null-shaped auth object instead
66
73
  * of throwing `NOT_SIGNED_IN`.
@@ -71,7 +78,7 @@ type HttpAuthContextConfig<TResolve extends Record<string, unknown> = Record<str
71
78
  *
72
79
  * This callback runs only when authentication succeeds.
73
80
  */
74
- resolve?: (ctx: GenericActionCtx<any>, user: UserDoc, auth: HttpAuthContext) => Promise<TResolve> | TResolve;
81
+ resolve?: (ctx: TCtx, user: UserDoc, auth: HttpAuthContext) => Promise<TResolve> | TResolve;
75
82
  /**
76
83
  * Override or wrap HTTP auth resolution.
77
84
  *
@@ -79,59 +86,8 @@ type HttpAuthContextConfig<TResolve extends Record<string, unknown> = Record<str
79
86
  * an explicit unauthenticated state, or a fully resolved
80
87
  * {@link HttpAuthContext}.
81
88
  */
82
- authResolve?: (ctx: GenericActionCtx<any>, fallback: () => Promise<HttpAuthContext | null>) => Promise<HttpAuthContext | null | undefined> | HttpAuthContext | null | undefined;
83
- };
84
- declare function createHttpAction(auth: {
85
- key: {
86
- verify: (ctx: GenericActionCtx<any>, rawKey: string) => Promise<any>;
87
- };
88
- }): (handler: (ctx: GenericActionCtx<GenericDataModel> & HttpKeyContext, request: Request) => Promise<Response | Record<string, unknown>>, options?: {
89
- scope?: {
90
- resource: string;
91
- action: string;
92
- };
93
- cors?: CorsConfig;
94
- }) => convex_server65.PublicHttpAction;
95
- declare function createHttpRoute(wrapAction: ReturnType<typeof createHttpAction>): (http: {
96
- route: (config: any) => void;
97
- }, routeConfig: {
98
- path: string;
99
- method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
100
- handler: (ctx: GenericActionCtx<GenericDataModel> & HttpKeyContext, request: Request) => Promise<Response | Record<string, unknown>>;
101
- scope?: {
102
- resource: string;
103
- action: string;
104
- };
105
- cors?: CorsConfig;
106
- }) => void;
107
- declare function convertErrorsToResponse(errorStatusCode: number, action: (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>): (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>;
108
- declare function getCookies(request: Request): Record<string, string | undefined>;
109
- type SSORuntimeRoute = {
110
- pathname?: string;
111
- enterpriseId: string;
112
- protocol: "oidc" | "saml" | "scim";
113
- rest: string[];
89
+ authResolve?: (ctx: TCtx, fallback: () => Promise<HttpAuthContext | null>) => Promise<HttpAuthContext | null | undefined> | HttpAuthContext | null | undefined;
114
90
  };
115
- declare function addOpenIdRoutes(http: HttpRouter, deps: {
116
- getIssuer: () => string;
117
- getJwks: () => string;
118
- }): void;
119
- declare function addAuthRoutes(http: HttpRouter, deps: {
120
- handleSignIn: (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>;
121
- handleCallback: (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>;
122
- }): void;
123
- declare function addSSORoutes(http: HttpRouter, deps: {
124
- routeBase: string;
125
- convertErrorsToResponse: typeof convertErrorsToResponse;
126
- handleSamlMetadata: (ctx: GenericActionCtx<any>, request: Request, route: SSORuntimeRoute) => Promise<Response>;
127
- handleSamlSignIn: (ctx: GenericActionCtx<any>, request: Request, route: SSORuntimeRoute) => Promise<Response>;
128
- handleOidcSignIn: (ctx: GenericActionCtx<any>, request: Request, route: SSORuntimeRoute) => Promise<Response>;
129
- handleOidcCallback: (ctx: GenericActionCtx<any>, request: Request, route: SSORuntimeRoute) => Promise<Response>;
130
- handleSamlAcs: (ctx: GenericActionCtx<any>, request: Request, route: SSORuntimeRoute) => Promise<Response>;
131
- handleSamlSlo: (ctx: GenericActionCtx<any>, request: Request, route: SSORuntimeRoute) => Promise<Response>;
132
- handleScimRequest: (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>;
133
- scimError: (status: number, scimType: string, detail: string) => Response;
134
- }): void;
135
91
  //#endregion
136
- export { HttpAuthContext, HttpAuthContextConfig, OptionalHttpAuthContext, SSORuntimeRoute, addAuthRoutes, addOpenIdRoutes, addSSORoutes, convertErrorsToResponse, createHttpAction, createHttpRoute, getCookies };
92
+ export { HttpAuthContext, HttpAuthContextConfig, OptionalHttpAuthContext };
137
93
  //# sourceMappingURL=http.d.ts.map
@@ -1,18 +1,30 @@
1
1
  import { createUnauthenticatedAuthContext, getAuthContextForUser, getSessionUserId } from "./context.js";
2
- import { logError } from "./utils.js";
3
- import { Fx } from "@robelest/fx";
4
- import { Cv } from "@robelest/fx/convex";
5
- import { httpActionGeneric } from "convex/server";
2
+ import { logError } from "./log.js";
6
3
  import { ConvexError } from "convex/values";
4
+ import { httpActionGeneric } from "convex/server";
7
5
  import { parse } from "cookie";
8
6
 
9
7
  //#region src/server/http.ts
10
8
  function createNotSignedInError() {
11
- return Cv.error({
9
+ return new ConvexError({
12
10
  code: "NOT_SIGNED_IN",
13
11
  message: "Authentication required."
14
12
  });
15
13
  }
14
+ /**
15
+ * Build CORS headers by matching the request's Origin against allowed origins.
16
+ * Defaults to `defaultOrigins` (site URLs) when no per-route config is given.
17
+ */
18
+ function buildCorsHeaders(request, corsConfig, defaultOrigins) {
19
+ const origins = corsConfig?.origins ?? (typeof defaultOrigins === "function" ? defaultOrigins() : defaultOrigins);
20
+ const requestOrigin = request.headers.get("Origin");
21
+ const matchedOrigin = origins.includes("*") ? "*" : requestOrigin && origins.includes(requestOrigin) ? requestOrigin : null;
22
+ return {
23
+ ...matchedOrigin ? { "Access-Control-Allow-Origin": matchedOrigin } : {},
24
+ "Access-Control-Allow-Methods": corsConfig?.methods ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS",
25
+ "Access-Control-Allow-Headers": corsConfig?.headers ?? "Content-Type,Authorization"
26
+ };
27
+ }
16
28
  async function getHttpKeyContext(auth, ctx, request) {
17
29
  const authHeader = request.headers.get("Authorization");
18
30
  if (!authHeader?.startsWith("Bearer sk_")) return null;
@@ -64,88 +76,84 @@ function createHttpContext(auth) {
64
76
  };
65
77
  });
66
78
  }
67
- function createHttpAction(auth) {
79
+ function createHttpAction(auth, defaultOrigins) {
68
80
  return (handler, options) => {
69
- const corsConfig = options?.cors ?? {};
70
- const corsHeaders = {
71
- "Access-Control-Allow-Origin": corsConfig.origin ?? "*",
72
- "Access-Control-Allow-Methods": corsConfig.methods ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS",
73
- "Access-Control-Allow-Headers": corsConfig.headers ?? "Content-Type,Authorization"
74
- };
75
81
  return httpActionGeneric(async (genericCtx, request) => {
76
- return Fx.run(Fx.from({
77
- ok: async () => {
78
- const authHeader = request.headers.get("Authorization");
79
- if (!authHeader?.startsWith("Bearer ")) return new Response(JSON.stringify({
80
- error: "Missing or malformed Authorization: Bearer header.",
81
- code: "MISSING_BEARER_TOKEN"
82
- }), {
83
- status: 401,
84
- headers: {
85
- ...corsHeaders,
86
- "Content-Type": "application/json"
87
- }
88
- });
89
- const rawKey = authHeader.slice(7);
90
- const keyResult = await Fx.run(Fx.attempt(() => auth.key.verify(genericCtx, rawKey), (result$1) => ({
82
+ const corsHeaders = buildCorsHeaders(request, options?.cors, defaultOrigins);
83
+ try {
84
+ const authHeader = request.headers.get("Authorization");
85
+ if (!authHeader?.startsWith("Bearer ")) return new Response(JSON.stringify({
86
+ error: "Missing or malformed Authorization: Bearer header.",
87
+ code: "MISSING_BEARER_TOKEN"
88
+ }), {
89
+ status: 401,
90
+ headers: {
91
+ ...corsHeaders,
92
+ "Content-Type": "application/json"
93
+ }
94
+ });
95
+ const rawKey = authHeader.slice(7);
96
+ let keyResult;
97
+ try {
98
+ keyResult = {
91
99
  ok: true,
92
- value: result$1
93
- }), (error) => ({
100
+ value: await auth.key.verify(genericCtx, rawKey)
101
+ };
102
+ } catch (error) {
103
+ keyResult = {
94
104
  ok: false,
95
105
  error
96
- })));
97
- if (!keyResult.ok) {
98
- if (keyResult.error instanceof ConvexError && typeof keyResult.error.data === "object" && keyResult.error.data !== null && "code" in keyResult.error.data && "message" in keyResult.error.data) {
99
- const { code, message } = keyResult.error.data;
100
- return new Response(JSON.stringify({
101
- error: message,
102
- code
103
- }), {
104
- status: 403,
105
- headers: {
106
- ...corsHeaders,
107
- "Content-Type": "application/json"
108
- }
109
- });
110
- }
111
- throw keyResult.error;
112
- }
113
- if (options?.scope && !keyResult.value.scopes.can(options.scope.resource, options.scope.action)) return new Response(JSON.stringify({
114
- error: "This API key does not have the required permissions.",
115
- code: "SCOPE_CHECK_FAILED"
116
- }), {
117
- status: 403,
118
- headers: {
119
- ...corsHeaders,
120
- "Content-Type": "application/json"
121
- }
122
- });
123
- const result = await handler(Object.assign(genericCtx, { key: {
124
- userId: keyResult.value.userId,
125
- keyId: keyResult.value.keyId,
126
- scopes: keyResult.value.scopes
127
- } }), request);
128
- if (result instanceof Response) {
129
- const headers = new Headers(result.headers);
130
- for (const [k, val] of Object.entries(corsHeaders)) if (!headers.has(k)) headers.set(k, val);
131
- return new Response(result.body, {
132
- status: result.status,
133
- statusText: result.statusText,
134
- headers
106
+ };
107
+ }
108
+ if (!keyResult.ok) {
109
+ if (keyResult.error instanceof ConvexError && typeof keyResult.error.data === "object" && keyResult.error.data !== null && "code" in keyResult.error.data && "message" in keyResult.error.data) {
110
+ const { code, message } = keyResult.error.data;
111
+ return new Response(JSON.stringify({
112
+ error: message,
113
+ code
114
+ }), {
115
+ status: 403,
116
+ headers: {
117
+ ...corsHeaders,
118
+ "Content-Type": "application/json"
119
+ }
135
120
  });
136
121
  }
137
- return new Response(JSON.stringify(result), {
138
- status: 200,
139
- headers: {
140
- ...corsHeaders,
141
- "Content-Type": "application/json"
142
- }
122
+ throw keyResult.error;
123
+ }
124
+ if (options?.scope && !keyResult.value.scopes.can(options.scope.resource, options.scope.action)) return new Response(JSON.stringify({
125
+ error: "This API key does not have the required permissions.",
126
+ code: "SCOPE_CHECK_FAILED"
127
+ }), {
128
+ status: 403,
129
+ headers: {
130
+ ...corsHeaders,
131
+ "Content-Type": "application/json"
132
+ }
133
+ });
134
+ const result = await handler(Object.assign(genericCtx, { key: {
135
+ userId: keyResult.value.userId,
136
+ keyId: keyResult.value.keyId,
137
+ scopes: keyResult.value.scopes
138
+ } }), request);
139
+ return result instanceof Response ? (() => {
140
+ const headers = new Headers(result.headers);
141
+ for (const [k, val] of Object.entries(corsHeaders)) if (!headers.has(k)) headers.set(k, val);
142
+ return new Response(result.body, {
143
+ status: result.status,
144
+ statusText: result.statusText,
145
+ headers
143
146
  });
144
- },
145
- err: (error) => error
146
- }).pipe(Fx.recover((error) => {
147
+ })() : new Response(JSON.stringify(result), {
148
+ status: 200,
149
+ headers: {
150
+ ...corsHeaders,
151
+ "Content-Type": "application/json"
152
+ }
153
+ });
154
+ } catch (error) {
147
155
  logError(error);
148
- return Fx.succeed(new Response(JSON.stringify({
156
+ return new Response(JSON.stringify({
149
157
  error: "An unexpected error occurred.",
150
158
  code: "INTERNAL_ERROR"
151
159
  }), {
@@ -154,23 +162,18 @@ function createHttpAction(auth) {
154
162
  ...corsHeaders,
155
163
  "Content-Type": "application/json"
156
164
  }
157
- }));
158
- })));
165
+ });
166
+ }
159
167
  });
160
168
  };
161
169
  }
162
- function createHttpRoute(wrapAction) {
170
+ function createHttpRoute(wrapAction, defaultOrigins) {
163
171
  return (http, routeConfig) => {
164
- const corsConfig = routeConfig.cors ?? {};
165
- const corsHeaders = {
166
- "Access-Control-Allow-Origin": corsConfig.origin ?? "*",
167
- "Access-Control-Allow-Methods": corsConfig.methods ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS",
168
- "Access-Control-Allow-Headers": corsConfig.headers ?? "Content-Type,Authorization"
169
- };
170
172
  http.route({
171
173
  path: routeConfig.path,
172
174
  method: "OPTIONS",
173
- handler: httpActionGeneric(async () => {
175
+ handler: httpActionGeneric(async (_ctx, request) => {
176
+ const corsHeaders = buildCorsHeaders(request, routeConfig.cors, defaultOrigins);
174
177
  return new Response(null, {
175
178
  status: 204,
176
179
  headers: corsHeaders
@@ -189,41 +192,38 @@ function createHttpRoute(wrapAction) {
189
192
  }
190
193
  function convertErrorsToResponse(errorStatusCode, action) {
191
194
  return async (ctx, request) => {
192
- return Fx.run(Fx.from({
193
- ok: () => action(ctx, request),
194
- err: (error) => error
195
- }).pipe(Fx.recover((error) => {
196
- if (error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data && "message" in error.data) return Fx.succeed(new Response(JSON.stringify({
195
+ try {
196
+ return await action(ctx, request);
197
+ } catch (error) {
198
+ if (error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data && "message" in error.data) return new Response(JSON.stringify({
197
199
  code: error.data.code,
198
200
  message: error.data.message
199
201
  }), {
200
202
  status: errorStatusCode,
201
203
  headers: { "Content-Type": "application/json" }
202
- }));
203
- else if (error instanceof ConvexError) return Fx.succeed(new Response(null, {
204
+ });
205
+ if (error instanceof ConvexError) return new Response(null, {
204
206
  status: errorStatusCode,
205
207
  statusText: typeof error.data === "string" ? error.data : "Error"
206
- }));
207
- else {
208
- logError(error);
209
- return Fx.succeed(new Response(null, {
210
- status: 500,
211
- statusText: "Internal Server Error"
212
- }));
213
- }
214
- })));
208
+ });
209
+ logError(error);
210
+ return new Response(null, {
211
+ status: 500,
212
+ statusText: "Internal Server Error"
213
+ });
214
+ }
215
215
  };
216
216
  }
217
217
  function getCookies(request) {
218
218
  return parse(request.headers.get("Cookie") ?? "");
219
219
  }
220
- function parseEnterpriseRuntimeRoute(pathname, routeBase) {
220
+ function parseConnectionRuntimeRoute(pathname, routeBase) {
221
221
  const runtimePrefix = `${routeBase}/`;
222
- const [runtimeEnterpriseId, protocol, ...rest] = pathname.startsWith(runtimePrefix) ? pathname.slice(runtimePrefix.length).split("/").filter(Boolean) : [];
223
- if (runtimeEnterpriseId === void 0 || protocol !== "oidc" && protocol !== "saml" && protocol !== "scim" || rest.length === 0) return null;
222
+ const [runtimeConnectionId, protocol, ...rest] = pathname.startsWith(runtimePrefix) ? pathname.slice(runtimePrefix.length).split("/").filter(Boolean) : [];
223
+ if (runtimeConnectionId === void 0 || protocol !== "oidc" && protocol !== "saml" && protocol !== "scim" || rest.length === 0) return null;
224
224
  return {
225
225
  pathname,
226
- enterpriseId: runtimeEnterpriseId,
226
+ connectionId: runtimeConnectionId,
227
227
  protocol,
228
228
  rest
229
229
  };
@@ -281,14 +281,30 @@ function addAuthRoutes(http, deps) {
281
281
  }
282
282
  function addSSORoutes(http, deps) {
283
283
  const routePrefix = `${deps.routeBase}/`;
284
+ const sharedOidcCallbackPath = deps.sharedOidcCallbackPath ? (() => {
285
+ if (/^https?:\/\//.test(deps.sharedOidcCallbackPath)) return new URL(deps.sharedOidcCallbackPath).pathname;
286
+ return deps.sharedOidcCallbackPath.startsWith("/") ? deps.sharedOidcCallbackPath : `/${deps.sharedOidcCallbackPath}`;
287
+ })() : void 0;
288
+ if (sharedOidcCallbackPath) {
289
+ http.route({
290
+ path: sharedOidcCallbackPath,
291
+ method: "GET",
292
+ handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => deps.handleOidcSharedCallback(ctx, request)))
293
+ });
294
+ http.route({
295
+ path: sharedOidcCallbackPath,
296
+ method: "POST",
297
+ handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => deps.handleOidcSharedCallback(ctx, request)))
298
+ });
299
+ }
284
300
  http.route({
285
301
  pathPrefix: routePrefix,
286
302
  method: "GET",
287
303
  handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => {
288
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
289
- if (!route) throw Cv.error({
304
+ const route = parseConnectionRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
305
+ if (!route) throw new ConvexError({
290
306
  code: "INVALID_PARAMETERS",
291
- message: "Invalid enterprise runtime path."
307
+ message: "Invalid connection runtime path."
292
308
  });
293
309
  if (route.protocol === "saml" && route.rest.length === 1) {
294
310
  if (route.rest[0] === "metadata") return await deps.handleSamlMetadata(ctx, request, route);
@@ -301,9 +317,9 @@ function addSSORoutes(http, deps) {
301
317
  if (route.rest[0] === "callback") return await deps.handleOidcCallback(ctx, request, route);
302
318
  }
303
319
  if (route.protocol === "scim" && route.rest[0] === "v2") return await deps.handleScimRequest(ctx, request);
304
- throw Cv.error({
320
+ throw new ConvexError({
305
321
  code: "INVALID_PARAMETERS",
306
- message: "Invalid enterprise runtime path."
322
+ message: "Invalid connection runtime path."
307
323
  });
308
324
  }))
309
325
  });
@@ -311,15 +327,15 @@ function addSSORoutes(http, deps) {
311
327
  pathPrefix: routePrefix,
312
328
  method: "POST",
313
329
  handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => {
314
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
330
+ const route = parseConnectionRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
315
331
  if (route?.protocol === "saml" && route.rest.length === 1) {
316
332
  if (route.rest[0] === "acs") return await deps.handleSamlAcs(ctx, request, route);
317
333
  if (route.rest[0] === "slo") return await deps.handleSamlSlo(ctx, request, route);
318
334
  }
319
335
  if (route?.protocol === "scim" && route.rest[0] === "v2") return await deps.handleScimRequest(ctx, request);
320
- throw Cv.error({
336
+ throw new ConvexError({
321
337
  code: "INVALID_PARAMETERS",
322
- message: "Invalid enterprise runtime path."
338
+ message: "Invalid connection runtime path."
323
339
  });
324
340
  }))
325
341
  });
@@ -327,11 +343,11 @@ function addSSORoutes(http, deps) {
327
343
  pathPrefix: routePrefix,
328
344
  method: "PUT",
329
345
  handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => {
330
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
346
+ const route = parseConnectionRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
331
347
  if (route?.protocol === "scim" && route.rest[0] === "v2") return await deps.handleScimRequest(ctx, request);
332
- throw Cv.error({
348
+ throw new ConvexError({
333
349
  code: "INVALID_PARAMETERS",
334
- message: "Invalid enterprise runtime path."
350
+ message: "Invalid connection runtime path."
335
351
  });
336
352
  }))
337
353
  });
@@ -339,7 +355,7 @@ function addSSORoutes(http, deps) {
339
355
  pathPrefix: routePrefix,
340
356
  method,
341
357
  handler: httpActionGeneric(async (ctx, request) => {
342
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
358
+ const route = parseConnectionRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
343
359
  if (!route || route.protocol !== "scim" || route.rest[0] !== "v2") return deps.scimError(404, "notFound", "SCIM resource not found.");
344
360
  return await deps.handleScimRequest(ctx, request);
345
361
  })
@@ -1,10 +1,10 @@
1
- import { Cv } from "@robelest/fx/convex";
1
+ import { ConvexError } from "convex/values";
2
2
 
3
3
  //#region src/server/identity.ts
4
4
  /** @internal */
5
5
  function userIdFromIdentitySubject(subject) {
6
6
  const [userId, ...rest] = subject.split("|");
7
- if (typeof userId !== "string" || userId.length === 0 || rest.length === 0 || rest.some((segment) => segment.length === 0)) throw Cv.error({
7
+ if (typeof userId !== "string" || userId.length === 0 || rest.length === 0 || rest.some((segment) => segment.length === 0)) throw new ConvexError({
8
8
  code: "INTERNAL_ERROR",
9
9
  message: "Authenticated identity subject is malformed."
10
10
  });
@@ -1,5 +1,6 @@
1
- import { AuthApi, AuthApiBase, AuthConfig, AuthContext, AuthContextConfig, ConvexAuthResult, InferAuth, InferClientApi, OptionalAuthContext, UserDoc, createAuth } from "./auth.js";
1
+ import { AuthConfig, AuthContext, AuthContextConfig, InferAuth, OptionalAuthContext, UserDoc } from "./auth-context.js";
2
2
  import { HttpAuthContext, HttpAuthContextConfig, OptionalHttpAuthContext } from "./http.js";
3
- import { EnterpriseAdminAuthorizationInput, EnterpriseAdminPermission, EnterpriseAuthorizer, EnterpriseMountOptions, enterprise, scim, sso } from "./mounts.js";
4
- import { AuthCookie, AuthCookieConfig, AuthCookies, RefreshResult, ServerOptions, authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./ssr.js";
5
- export { type AuthApi, type AuthApiBase, type AuthConfig, type AuthContext, type AuthContextConfig, type AuthCookie, type AuthCookieConfig, type AuthCookies, type ConvexAuthResult, type EnterpriseAdminAuthorizationInput, type EnterpriseAdminPermission, type EnterpriseAuthorizer, type EnterpriseMountOptions, type HttpAuthContext, type HttpAuthContextConfig, type InferAuth, type InferClientApi, type OptionalAuthContext, type OptionalHttpAuthContext, type RefreshResult, type ServerOptions, type UserDoc, authCookieNames, createAuth, enterprise, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };
3
+ import { AuthApi, AuthApiBase, ConvexAuthResult, InferClientApi, createAuth } from "./auth.js";
4
+ import { CreateAuthGroupSsoOptions, GroupSsoAccessHandler, GroupSsoAccessInput, GroupSsoAccessPermissions, GroupSsoPermission, GroupSsoResolvedAccessHandler, createAuthGroupSso, scim, sso } from "./mounts.js";
5
+ import { AuthCookie, AuthCookieConfig, AuthCookies, RefreshResult, ServerOptions, authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./prefetch.js";
6
+ export { type AuthApi, type AuthApiBase, type AuthConfig, type AuthContext, type AuthContextConfig, type AuthCookie, type AuthCookieConfig, type AuthCookies, type ConvexAuthResult, type CreateAuthGroupSsoOptions, type GroupSsoAccessHandler, type GroupSsoAccessInput, type GroupSsoAccessPermissions, type GroupSsoPermission, type GroupSsoResolvedAccessHandler, type HttpAuthContext, type HttpAuthContextConfig, type InferAuth, type InferClientApi, type OptionalAuthContext, type OptionalHttpAuthContext, type RefreshResult, type ServerOptions, type UserDoc, authCookieNames, createAuth, createAuthGroupSso, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };
@@ -1,5 +1,5 @@
1
1
  import { createAuth } from "./auth.js";
2
- import { enterprise, scim, sso } from "./mounts.js";
3
- import { authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./ssr.js";
2
+ import { createAuthGroupSso, scim, sso } from "./mounts.js";
3
+ import { authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./prefetch.js";
4
4
 
5
- export { authCookieNames, createAuth, enterprise, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };
5
+ export { authCookieNames, createAuth, createAuthGroupSso, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };
@@ -1,6 +1,15 @@
1
- import { generateRandomString, sha256 } from "./utils.js";
1
+ import { generateRandomString, sha256 } from "./random.js";
2
2
 
3
3
  //#region src/server/keys.ts
4
+ /**
5
+ * API Key crypto utilities.
6
+ *
7
+ * Uses `@oslojs/crypto` primitives for key generation and hashing:
8
+ * - SHA-256 for hashing keys (API keys have high entropy, no need for bcrypt)
9
+ * - Cryptographically secure random generation for key material
10
+ *
11
+ * @module
12
+ */
4
13
  const DEFAULT_KEY_PREFIX = "sk_";
5
14
  const KEY_RANDOM_LENGTH = 32;
6
15
  const KEY_RANDOM_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
@@ -1,51 +1,51 @@
1
1
  import { authDb } from "./db.js";
2
- import { Fx } from "@robelest/fx";
3
2
 
4
3
  //#region src/server/limits.ts
5
4
  const DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR = 10;
6
5
  /**
7
6
  * Check whether the given identifier is currently rate-limited.
7
+ * @internal
8
8
  */
9
- /** @internal */
10
- const isSignInRateLimited = (ctx, identifier, config) => getRateLimitState(ctx, identifier, config).pipe(Fx.map((state) => state !== null && state.attemptsLeft < 1));
9
+ async function isSignInRateLimited(ctx, identifier, config) {
10
+ const state = await getRateLimitState(ctx, identifier, config);
11
+ return state !== null && state.attemptsLeft < 1;
12
+ }
11
13
  /**
12
14
  * Record a failed sign-in attempt for the given identifier.
13
- *
14
- * If a record exists, decrement; otherwise create.
15
+ * @internal
15
16
  */
16
- /** @internal */
17
- const recordFailedSignIn = (ctx, identifier, config) => Fx.gen(function* () {
18
- const state = yield* getRateLimitState(ctx, identifier, config);
19
- if (state !== null) yield* Fx.promise(() => authDb(ctx, config).rateLimits.patch(state.limit._id, {
17
+ async function recordFailedSignIn(ctx, identifier, config) {
18
+ const state = await getRateLimitState(ctx, identifier, config);
19
+ if (state !== null) await authDb(ctx, config).rateLimits.patch(state.limit._id, {
20
20
  attemptsLeft: state.attemptsLeft - 1,
21
21
  lastAttemptTime: Date.now()
22
- }));
23
- else yield* Fx.promise(() => authDb(ctx, config).rateLimits.create({
22
+ });
23
+ else await authDb(ctx, config).rateLimits.create({
24
24
  identifier,
25
25
  attemptsLeft: (config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR) - 1,
26
26
  lastAttemptTime: Date.now()
27
- }));
28
- });
27
+ });
28
+ }
29
29
  /**
30
- * Reset the rate limit for the given identifier (e.g. after successful sign-in).
30
+ * Reset the rate limit for the given identifier.
31
+ * @internal
31
32
  */
32
- /** @internal */
33
- const resetSignInRateLimit = (ctx, identifier, config) => Fx.gen(function* () {
34
- const state = yield* getRateLimitState(ctx, identifier, config);
35
- if (state !== null) yield* Fx.promise(() => authDb(ctx, config).rateLimits.delete(state.limit._id));
36
- });
37
- const getRateLimitState = (ctx, identifier, config) => Fx.gen(function* () {
33
+ async function resetSignInRateLimit(ctx, identifier, config) {
34
+ const state = await getRateLimitState(ctx, identifier, config);
35
+ if (state !== null) await authDb(ctx, config).rateLimits.delete(state.limit._id);
36
+ }
37
+ async function getRateLimitState(ctx, identifier, config) {
38
+ const typedLimit = await authDb(ctx, config).rateLimits.get(identifier);
39
+ if (typedLimit === null) return null;
38
40
  const now = Date.now();
39
41
  const maxAttemptsPerHour = config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR;
40
- const limit = yield* Fx.promise(() => authDb(ctx, config).rateLimits.get(identifier));
41
- if (limit === null) return null;
42
- const elapsed = now - limit.lastAttemptTime;
42
+ const elapsed = now - typedLimit.lastAttemptTime;
43
43
  const maxAttemptsPerMs = maxAttemptsPerHour / (3600 * 1e3);
44
44
  return {
45
- limit,
46
- attemptsLeft: Math.min(maxAttemptsPerHour, limit.attemptsLeft + elapsed * maxAttemptsPerMs)
45
+ limit: typedLimit,
46
+ attemptsLeft: Math.min(maxAttemptsPerHour, typedLimit.attemptsLeft + elapsed * maxAttemptsPerMs)
47
47
  };
48
- });
48
+ }
49
49
 
50
50
  //#endregion
51
51
  export { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit };
@@ -0,0 +1,28 @@
1
+ import { LOG_LEVELS, logMessage } from "../shared/log.js";
2
+ import { envBoolean, envOptionalString, readConfigSync } from "./env.js";
3
+
4
+ //#region src/server/log.ts
5
+ const configuredLogLevel = LOG_LEVELS[readConfigSync(envOptionalString("AUTH_LOG_LEVEL")) ?? "INFO"] ?? "INFO";
6
+ const shouldRedactSecrets = !readConfigSync(envBoolean("AUTH_LOG_SECRETS") ?? false);
7
+ /** @internal */
8
+ function log(level, ...args) {
9
+ return logMessage("convex-auth", level, args, configuredLogLevel);
10
+ }
11
+ /** @internal */
12
+ function logError(error) {
13
+ return log(LOG_LEVELS.ERROR, error instanceof Error ? error.message + "\n" + error.stack?.replace("\\n", "\n") : error);
14
+ }
15
+ const UNREDACTED_LENGTH = 5;
16
+ /** @internal */
17
+ function maybeRedact(value) {
18
+ if (value === "") return "";
19
+ if (shouldRedactSecrets) {
20
+ if (value.length < UNREDACTED_LENGTH * 2) return "<redacted>";
21
+ return value.substring(0, UNREDACTED_LENGTH) + "<redacted>" + value.substring(value.length - UNREDACTED_LENGTH);
22
+ }
23
+ return value;
24
+ }
25
+
26
+ //#endregion
27
+ export { log, logError, maybeRedact };
28
+ //# sourceMappingURL=log.js.map