@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -1,175 +0,0 @@
|
|
|
1
|
-
declare namespace passkeys_d_exports {
|
|
2
|
-
export { passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Store a new WebAuthn passkey credential for a user.
|
|
6
|
-
*
|
|
7
|
-
* Persists the public key material and metadata returned by the browser's
|
|
8
|
-
* `navigator.credentials.create()` call after a successful registration
|
|
9
|
-
* ceremony. Each passkey is tied to a single user.
|
|
10
|
-
*
|
|
11
|
-
* @param userId - The `_id` of the `User` who owns this passkey.
|
|
12
|
-
* @param credentialId - Base64url-encoded credential identifier assigned
|
|
13
|
-
* by the authenticator; used to look up the key during authentication.
|
|
14
|
-
* @param publicKey - Raw public key bytes (COSE format) for signature
|
|
15
|
-
* verification.
|
|
16
|
-
* @param algorithm - COSE algorithm identifier (e.g. `-7` for ES256,
|
|
17
|
-
* `-257` for RS256).
|
|
18
|
-
* @param counter - Signature counter reported by the authenticator at
|
|
19
|
-
* registration time; used to detect cloned credentials.
|
|
20
|
-
* @param transports - Optional list of transport hints (e.g.
|
|
21
|
-
* `["usb", "ble", "nfc", "internal"]`) to help the browser select
|
|
22
|
-
* the correct authenticator.
|
|
23
|
-
* @param deviceType - Authenticator attachment type (e.g.
|
|
24
|
-
* `"singleDevice"` or `"multiDevice"`).
|
|
25
|
-
* @param backedUp - Whether the credential is backed up (synced) by the
|
|
26
|
-
* authenticator platform.
|
|
27
|
-
* @param name - Optional human-readable label for the passkey
|
|
28
|
-
* (e.g. `"MacBook Pro Touch ID"`).
|
|
29
|
-
* @param createdAt - Unix timestamp (in milliseconds) when the passkey
|
|
30
|
-
* was registered.
|
|
31
|
-
* @returns The `_id` of the newly created `Passkey` document.
|
|
32
|
-
*
|
|
33
|
-
* @example
|
|
34
|
-
* ```ts
|
|
35
|
-
* const passkeyId = await ctx.runMutation(
|
|
36
|
-
* components.auth.factors.passkeys.passkeyInsert,
|
|
37
|
-
* {
|
|
38
|
-
* userId: user._id,
|
|
39
|
-
* credentialId: "dGVzdC1jcmVkZW50aWFs",
|
|
40
|
-
* publicKey: publicKeyBytes,
|
|
41
|
-
* algorithm: -7,
|
|
42
|
-
* counter: 0,
|
|
43
|
-
* transports: ["internal"],
|
|
44
|
-
* deviceType: "multiDevice",
|
|
45
|
-
* backedUp: true,
|
|
46
|
-
* name: "MacBook Pro Touch ID",
|
|
47
|
-
* createdAt: Date.now(),
|
|
48
|
-
* },
|
|
49
|
-
* );
|
|
50
|
-
* ```
|
|
51
|
-
*/
|
|
52
|
-
declare const passkeyInsert: any;
|
|
53
|
-
/**
|
|
54
|
-
* Look up a passkey by its credential ID.
|
|
55
|
-
*
|
|
56
|
-
* Queries the `Passkey` table using the `credential_id` unique index.
|
|
57
|
-
* This is the primary lookup during a WebAuthn authentication ceremony:
|
|
58
|
-
* the authenticator provides a credential ID, and this function retrieves
|
|
59
|
-
* the corresponding public key and counter for signature verification.
|
|
60
|
-
*
|
|
61
|
-
* @param credentialId - Base64url-encoded credential identifier to search for.
|
|
62
|
-
* @returns The matching `Passkey` document, or `null` if no passkey exists
|
|
63
|
-
* with the given credential ID.
|
|
64
|
-
*
|
|
65
|
-
* @example
|
|
66
|
-
* ```ts
|
|
67
|
-
* const passkey = await ctx.runQuery(
|
|
68
|
-
* components.auth.factors.passkeys.passkeyGetByCredentialId,
|
|
69
|
-
* { credentialId: "dGVzdC1jcmVkZW50aWFs" },
|
|
70
|
-
* );
|
|
71
|
-
* if (passkey === null) {
|
|
72
|
-
* throw new Error("Unknown credential");
|
|
73
|
-
* }
|
|
74
|
-
* ```
|
|
75
|
-
*/
|
|
76
|
-
declare const passkeyGetByCredentialId: any;
|
|
77
|
-
/**
|
|
78
|
-
* List all passkeys registered to a user.
|
|
79
|
-
*
|
|
80
|
-
* Retrieves every `Passkey` document associated with the given user via
|
|
81
|
-
* the `user_id` index. Useful for displaying a user's registered
|
|
82
|
-
* authenticators in a settings page, or for building the
|
|
83
|
-
* `allowCredentials` list during a WebAuthn authentication ceremony.
|
|
84
|
-
*
|
|
85
|
-
* @param userId - The `_id` of the `User` whose passkeys to retrieve.
|
|
86
|
-
* @returns An array of `Passkey` documents. Returns an empty array if the
|
|
87
|
-
* user has no registered passkeys.
|
|
88
|
-
*
|
|
89
|
-
* @example
|
|
90
|
-
* ```ts
|
|
91
|
-
* const passkeys = await ctx.runQuery(
|
|
92
|
-
* components.auth.factors.passkeys.passkeyListByUserId,
|
|
93
|
-
* { userId: user._id },
|
|
94
|
-
* );
|
|
95
|
-
* // Display each passkey's name and creation date
|
|
96
|
-
* for (const pk of passkeys) {
|
|
97
|
-
* console.log(pk.name, new Date(pk.createdAt));
|
|
98
|
-
* }
|
|
99
|
-
* ```
|
|
100
|
-
*/
|
|
101
|
-
declare const passkeyListByUserId: any;
|
|
102
|
-
/**
|
|
103
|
-
* Update a passkey's signature counter and last-used timestamp after
|
|
104
|
-
* a successful authentication.
|
|
105
|
-
*
|
|
106
|
-
* After verifying a WebAuthn assertion, the relying party must persist
|
|
107
|
-
* the new counter value reported by the authenticator. A counter that
|
|
108
|
-
* does not increase may indicate a cloned credential.
|
|
109
|
-
*
|
|
110
|
-
* @param passkeyId - The `_id` of the `Passkey` document to update.
|
|
111
|
-
* @param counter - The new signature counter value returned by the
|
|
112
|
-
* authenticator in the assertion response.
|
|
113
|
-
* @param lastUsedAt - Unix timestamp (in milliseconds) recording when
|
|
114
|
-
* this passkey was most recently used to authenticate.
|
|
115
|
-
* @returns `null` on success.
|
|
116
|
-
*
|
|
117
|
-
* @example
|
|
118
|
-
* ```ts
|
|
119
|
-
* await ctx.runMutation(
|
|
120
|
-
* components.auth.factors.passkeys.passkeyUpdateCounter,
|
|
121
|
-
* {
|
|
122
|
-
* passkeyId: passkey._id,
|
|
123
|
-
* counter: assertionResponse.counter,
|
|
124
|
-
* lastUsedAt: Date.now(),
|
|
125
|
-
* },
|
|
126
|
-
* );
|
|
127
|
-
* ```
|
|
128
|
-
*/
|
|
129
|
-
declare const passkeyUpdateCounter: any;
|
|
130
|
-
/**
|
|
131
|
-
* Update a passkey's metadata fields.
|
|
132
|
-
*
|
|
133
|
-
* Performs a partial patch on the `Passkey` document. Typically used to
|
|
134
|
-
* rename a passkey (e.g. from `"Security Key"` to `"YubiKey 5C"`), but
|
|
135
|
-
* can update any mutable fields via the `data` argument.
|
|
136
|
-
*
|
|
137
|
-
* @param passkeyId - The `_id` of the `Passkey` document to update.
|
|
138
|
-
* @param data - An object containing the fields to patch. Commonly
|
|
139
|
-
* includes `{ name: "New Label" }`, but accepts any valid passkey fields.
|
|
140
|
-
* @returns `null` on success.
|
|
141
|
-
*
|
|
142
|
-
* @example
|
|
143
|
-
* ```ts
|
|
144
|
-
* await ctx.runMutation(
|
|
145
|
-
* components.auth.factors.passkeys.passkeyUpdateMeta,
|
|
146
|
-
* {
|
|
147
|
-
* passkeyId: passkey._id,
|
|
148
|
-
* data: { name: "YubiKey 5C NFC" },
|
|
149
|
-
* },
|
|
150
|
-
* );
|
|
151
|
-
* ```
|
|
152
|
-
*/
|
|
153
|
-
declare const passkeyUpdateMeta: any;
|
|
154
|
-
/**
|
|
155
|
-
* Delete a passkey credential from the `Passkey` table.
|
|
156
|
-
*
|
|
157
|
-
* Permanently removes the passkey record. After deletion the credential
|
|
158
|
-
* can no longer be used for authentication. Typically called from a
|
|
159
|
-
* user's security settings when they want to unregister an authenticator.
|
|
160
|
-
*
|
|
161
|
-
* @param passkeyId - The `_id` of the `Passkey` document to delete.
|
|
162
|
-
* @returns `null` on success.
|
|
163
|
-
*
|
|
164
|
-
* @example
|
|
165
|
-
* ```ts
|
|
166
|
-
* await ctx.runMutation(
|
|
167
|
-
* components.auth.factors.passkeys.passkeyDelete,
|
|
168
|
-
* { passkeyId: passkey._id },
|
|
169
|
-
* );
|
|
170
|
-
* ```
|
|
171
|
-
*/
|
|
172
|
-
declare const passkeyDelete: any;
|
|
173
|
-
//#endregion
|
|
174
|
-
export { passkeyDelete, passkeyGetByCredentialId, passkeyInsert, passkeyListByUserId, passkeyUpdateCounter, passkeyUpdateMeta, passkeys_d_exports };
|
|
175
|
-
//# sourceMappingURL=passkeys.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"passkeys.d.ts","names":[],"sources":["../../../../src/component/public/factors/passkeys.ts"],"mappings":";;;;;;;;;;;;;;AAqDA;;;;;AA0CA;;;;;AAmCA;;;;;AAsCA;;;;;AAoCA;;;;;AA2BA;;;;;;;;;;;;cAlLa,aAAA;;;;;;;;;;;;;;;;;;;;;;;;cA0CA,wBAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,mBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAsCA,oBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAoCA,iBAAA;;;;;;;;;;;;;;;;;;;cA2BA,aAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"passkeys.js","names":[],"sources":["../../../../src/component/public/factors/passkeys.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPasskeyDoc } from \"../../model\";\n\n/**\n * Store a new WebAuthn passkey credential for a user.\n *\n * Persists the public key material and metadata returned by the browser's\n * `navigator.credentials.create()` call after a successful registration\n * ceremony. Each passkey is tied to a single user.\n *\n * @param userId - The `_id` of the `User` who owns this passkey.\n * @param credentialId - Base64url-encoded credential identifier assigned\n * by the authenticator; used to look up the key during authentication.\n * @param publicKey - Raw public key bytes (COSE format) for signature\n * verification.\n * @param algorithm - COSE algorithm identifier (e.g. `-7` for ES256,\n * `-257` for RS256).\n * @param counter - Signature counter reported by the authenticator at\n * registration time; used to detect cloned credentials.\n * @param transports - Optional list of transport hints (e.g.\n * `[\"usb\", \"ble\", \"nfc\", \"internal\"]`) to help the browser select\n * the correct authenticator.\n * @param deviceType - Authenticator attachment type (e.g.\n * `\"singleDevice\"` or `\"multiDevice\"`).\n * @param backedUp - Whether the credential is backed up (synced) by the\n * authenticator platform.\n * @param name - Optional human-readable label for the passkey\n * (e.g. `\"MacBook Pro Touch ID\"`).\n * @param createdAt - Unix timestamp (in milliseconds) when the passkey\n * was registered.\n * @returns The `_id` of the newly created `Passkey` document.\n *\n * @example\n * ```ts\n * const passkeyId = await ctx.runMutation(\n * components.auth.factors.passkeys.passkeyInsert,\n * {\n * userId: user._id,\n * credentialId: \"dGVzdC1jcmVkZW50aWFs\",\n * publicKey: publicKeyBytes,\n * algorithm: -7,\n * counter: 0,\n * transports: [\"internal\"],\n * deviceType: \"multiDevice\",\n * backedUp: true,\n * name: \"MacBook Pro Touch ID\",\n * createdAt: Date.now(),\n * },\n * );\n * ```\n */\nexport const passkeyInsert = mutation({\n args: {\n userId: v.id(\"User\"),\n credentialId: v.string(),\n publicKey: v.bytes(),\n algorithm: v.number(),\n counter: v.number(),\n transports: v.optional(v.array(v.string())),\n deviceType: v.string(),\n backedUp: v.boolean(),\n name: v.optional(v.string()),\n createdAt: v.number(),\n },\n returns: v.id(\"Passkey\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"Passkey\", args);\n },\n});\n\n/**\n * Look up a passkey by its credential ID.\n *\n * Queries the `Passkey` table using the `credential_id` unique index.\n * This is the primary lookup during a WebAuthn authentication ceremony:\n * the authenticator provides a credential ID, and this function retrieves\n * the corresponding public key and counter for signature verification.\n *\n * @param credentialId - Base64url-encoded credential identifier to search for.\n * @returns The matching `Passkey` document, or `null` if no passkey exists\n * with the given credential ID.\n *\n * @example\n * ```ts\n * const passkey = await ctx.runQuery(\n * components.auth.factors.passkeys.passkeyGetByCredentialId,\n * { credentialId: \"dGVzdC1jcmVkZW50aWFs\" },\n * );\n * if (passkey === null) {\n * throw new Error(\"Unknown credential\");\n * }\n * ```\n */\nexport const passkeyGetByCredentialId = query({\n args: { credentialId: v.string() },\n returns: v.union(vPasskeyDoc, v.null()),\n handler: async (ctx, { credentialId }) => {\n return await ctx.db\n .query(\"Passkey\")\n .withIndex(\"credential_id\", (q) => q.eq(\"credentialId\", credentialId))\n .unique();\n },\n});\n\n/**\n * List all passkeys registered to a user.\n *\n * Retrieves every `Passkey` document associated with the given user via\n * the `user_id` index. Useful for displaying a user's registered\n * authenticators in a settings page, or for building the\n * `allowCredentials` list during a WebAuthn authentication ceremony.\n *\n * @param userId - The `_id` of the `User` whose passkeys to retrieve.\n * @returns An array of `Passkey` documents. Returns an empty array if the\n * user has no registered passkeys.\n *\n * @example\n * ```ts\n * const passkeys = await ctx.runQuery(\n * components.auth.factors.passkeys.passkeyListByUserId,\n * { userId: user._id },\n * );\n * // Display each passkey's name and creation date\n * for (const pk of passkeys) {\n * console.log(pk.name, new Date(pk.createdAt));\n * }\n * ```\n */\nexport const passkeyListByUserId = query({\n args: { userId: v.id(\"User\") },\n returns: v.array(vPasskeyDoc),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"Passkey\")\n .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n .collect();\n },\n});\n\n/**\n * Update a passkey's signature counter and last-used timestamp after\n * a successful authentication.\n *\n * After verifying a WebAuthn assertion, the relying party must persist\n * the new counter value reported by the authenticator. A counter that\n * does not increase may indicate a cloned credential.\n *\n * @param passkeyId - The `_id` of the `Passkey` document to update.\n * @param counter - The new signature counter value returned by the\n * authenticator in the assertion response.\n * @param lastUsedAt - Unix timestamp (in milliseconds) recording when\n * this passkey was most recently used to authenticate.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * components.auth.factors.passkeys.passkeyUpdateCounter,\n * {\n * passkeyId: passkey._id,\n * counter: assertionResponse.counter,\n * lastUsedAt: Date.now(),\n * },\n * );\n * ```\n */\nexport const passkeyUpdateCounter = mutation({\n args: {\n passkeyId: v.id(\"Passkey\"),\n counter: v.number(),\n lastUsedAt: v.number(),\n },\n returns: v.null(),\n handler: async (ctx, { passkeyId, counter, lastUsedAt }) => {\n await ctx.db.patch(\"Passkey\", passkeyId, { counter, lastUsedAt });\n return null;\n },\n});\n\n/**\n * Update a passkey's metadata fields.\n *\n * Performs a partial patch on the `Passkey` document. Typically used to\n * rename a passkey (e.g. from `\"Security Key\"` to `\"YubiKey 5C\"`), but\n * can update any mutable fields via the `data` argument.\n *\n * @param passkeyId - The `_id` of the `Passkey` document to update.\n * @param data - An object containing the fields to patch. Commonly\n * includes `{ name: \"New Label\" }`, but accepts any valid passkey fields.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * components.auth.factors.passkeys.passkeyUpdateMeta,\n * {\n * passkeyId: passkey._id,\n * data: { name: \"YubiKey 5C NFC\" },\n * },\n * );\n * ```\n */\nexport const passkeyUpdateMeta = mutation({\n args: { passkeyId: v.id(\"Passkey\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { passkeyId, data }) => {\n await ctx.db.patch(\"Passkey\", passkeyId, data);\n return null;\n },\n});\n\n/**\n * Delete a passkey credential from the `Passkey` table.\n *\n * Permanently removes the passkey record. After deletion the credential\n * can no longer be used for authentication. Typically called from a\n * user's security settings when they want to unregister an authenticator.\n *\n * @param passkeyId - The `_id` of the `Passkey` document to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * components.auth.factors.passkeys.passkeyDelete,\n * { passkeyId: passkey._id },\n * );\n * ```\n */\nexport const passkeyDelete = mutation({\n args: { passkeyId: v.id(\"Passkey\") },\n returns: v.null(),\n handler: async (ctx, { passkeyId }) => {\n await ctx.db.delete(\"Passkey\", passkeyId);\n return null;\n },\n});\n\n// ============================================================================\n// TOTP Two-Factor Authentication\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqDA,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,cAAc,EAAE,QAAQ;EACxB,WAAW,EAAE,OAAO;EACpB,WAAW,EAAE,QAAQ;EACrB,SAAS,EAAE,QAAQ;EACnB,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;EAC3C,YAAY,EAAE,QAAQ;EACtB,UAAU,EAAE,SAAS;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAK;;CAE9C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,2BAA2B,MAAM;CAC5C,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE;CAClC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,mBAAmB;AACxC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,kBAAkB,MAAM,EAAE,GAAG,gBAAgB,aAAa,CAAC,CACrE,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,uBAAuB,SAAS;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,SAAS,EAAE,QAAQ;EACnB,YAAY,EAAE,QAAQ;EACvB;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,SAAS,iBAAiB;AAC1D,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW;GAAE;GAAS;GAAY,CAAC;AACjE,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;AAoBF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC"}
|
|
@@ -1,189 +0,0 @@
|
|
|
1
|
-
declare namespace totp_d_exports {
|
|
2
|
-
export { totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Store a new TOTP (Time-based One-Time Password) enrollment for a user.
|
|
6
|
-
*
|
|
7
|
-
* Creates a `TotpFactor` record containing the shared secret and OTP
|
|
8
|
-
* parameters. The enrollment starts in an unverified state until the
|
|
9
|
-
* user confirms it by submitting a valid code generated from the secret.
|
|
10
|
-
*
|
|
11
|
-
* @param userId - The `_id` of the `User` enrolling in TOTP-based 2FA.
|
|
12
|
-
* @param secret - The shared secret key as raw bytes, typically 20 bytes
|
|
13
|
-
* of cryptographically random data.
|
|
14
|
-
* @param digits - Number of digits in the generated OTP code (usually `6`).
|
|
15
|
-
* @param period - Time step in seconds for code generation (usually `30`).
|
|
16
|
-
* @param verified - Whether the enrollment has been verified. Set to
|
|
17
|
-
* `false` during initial setup; set to `true` after the user submits
|
|
18
|
-
* a valid code.
|
|
19
|
-
* @param name - Optional human-readable label for the TOTP factor
|
|
20
|
-
* (e.g. `"Google Authenticator"`).
|
|
21
|
-
* @param createdAt - Unix timestamp (in milliseconds) when the enrollment
|
|
22
|
-
* was created.
|
|
23
|
-
* @returns The `_id` of the newly created `TotpFactor` document.
|
|
24
|
-
*
|
|
25
|
-
* @example
|
|
26
|
-
* ```ts
|
|
27
|
-
* const totpId = await ctx.runMutation(
|
|
28
|
-
* components.auth.factors.totp.totpInsert,
|
|
29
|
-
* {
|
|
30
|
-
* userId: user._id,
|
|
31
|
-
* secret: crypto.getRandomValues(new Uint8Array(20)),
|
|
32
|
-
* digits: 6,
|
|
33
|
-
* period: 30,
|
|
34
|
-
* verified: false,
|
|
35
|
-
* name: "Authenticator App",
|
|
36
|
-
* createdAt: Date.now(),
|
|
37
|
-
* },
|
|
38
|
-
* );
|
|
39
|
-
* ```
|
|
40
|
-
*/
|
|
41
|
-
declare const totpInsert: any;
|
|
42
|
-
/**
|
|
43
|
-
* Get a verified TOTP enrollment for a user.
|
|
44
|
-
*
|
|
45
|
-
* Queries the `TotpFactor` table using the `user_id_verified` compound
|
|
46
|
-
* index to find the first enrollment that has been successfully verified.
|
|
47
|
-
* This is the primary lookup during a TOTP authentication challenge --
|
|
48
|
-
* only verified enrollments should be used to validate codes.
|
|
49
|
-
*
|
|
50
|
-
* @param userId - The `_id` of the `User` whose verified TOTP enrollment
|
|
51
|
-
* to retrieve.
|
|
52
|
-
* @returns The first verified `TotpFactor` document for the user, or
|
|
53
|
-
* `null` if the user has no verified TOTP enrollment.
|
|
54
|
-
*
|
|
55
|
-
* @example
|
|
56
|
-
* ```ts
|
|
57
|
-
* const totp = await ctx.runQuery(
|
|
58
|
-
* components.auth.factors.totp.totpGetVerifiedByUserId,
|
|
59
|
-
* { userId: user._id },
|
|
60
|
-
* );
|
|
61
|
-
* if (totp === null) {
|
|
62
|
-
* // User does not have TOTP 2FA enabled
|
|
63
|
-
* }
|
|
64
|
-
* ```
|
|
65
|
-
*/
|
|
66
|
-
declare const totpGetVerifiedByUserId: any;
|
|
67
|
-
/**
|
|
68
|
-
* List all TOTP enrollments for a user, both verified and unverified.
|
|
69
|
-
*
|
|
70
|
-
* Retrieves every `TotpFactor` document associated with the given user
|
|
71
|
-
* via the `user_id` index. Useful for displaying enrolled authenticator
|
|
72
|
-
* apps in a security settings page, including pending (unverified)
|
|
73
|
-
* enrollments that the user has not yet confirmed.
|
|
74
|
-
*
|
|
75
|
-
* @param userId - The `_id` of the `User` whose TOTP enrollments to
|
|
76
|
-
* retrieve.
|
|
77
|
-
* @returns An array of `TotpFactor` documents. Returns an empty array if
|
|
78
|
-
* the user has no TOTP enrollments.
|
|
79
|
-
*
|
|
80
|
-
* @example
|
|
81
|
-
* ```ts
|
|
82
|
-
* const factors = await ctx.runQuery(
|
|
83
|
-
* components.auth.factors.totp.totpListByUserId,
|
|
84
|
-
* { userId: user._id },
|
|
85
|
-
* );
|
|
86
|
-
* const verified = factors.filter((f) => f.verified);
|
|
87
|
-
* const pending = factors.filter((f) => !f.verified);
|
|
88
|
-
* ```
|
|
89
|
-
*/
|
|
90
|
-
declare const totpListByUserId: any;
|
|
91
|
-
/**
|
|
92
|
-
* Get a single TOTP enrollment by its document ID.
|
|
93
|
-
*
|
|
94
|
-
* Performs a direct document lookup on the `TotpFactor` table. This is
|
|
95
|
-
* used when you already have the enrollment's `_id` (e.g. from a
|
|
96
|
-
* previous list query) and need to fetch its full details, including
|
|
97
|
-
* the secret and verification status.
|
|
98
|
-
*
|
|
99
|
-
* @param totpId - The `_id` of the `TotpFactor` document to retrieve.
|
|
100
|
-
* @returns The `TotpFactor` document, or `null` if no enrollment exists
|
|
101
|
-
* with the given ID.
|
|
102
|
-
*
|
|
103
|
-
* @example
|
|
104
|
-
* ```ts
|
|
105
|
-
* const totp = await ctx.runQuery(
|
|
106
|
-
* components.auth.factors.totp.totpGetById,
|
|
107
|
-
* { totpId: enrollmentId },
|
|
108
|
-
* );
|
|
109
|
-
* if (totp !== null && !totp.verified) {
|
|
110
|
-
* // Enrollment is still pending confirmation
|
|
111
|
-
* }
|
|
112
|
-
* ```
|
|
113
|
-
*/
|
|
114
|
-
declare const totpGetById: any;
|
|
115
|
-
/**
|
|
116
|
-
* Mark a TOTP enrollment as verified, completing the setup process.
|
|
117
|
-
*
|
|
118
|
-
* Called after the user successfully submits a valid TOTP code during
|
|
119
|
-
* enrollment. This transitions the factor from a pending state to an
|
|
120
|
-
* active, verified state, enabling it for future authentication
|
|
121
|
-
* challenges.
|
|
122
|
-
*
|
|
123
|
-
* @param totpId - The `_id` of the `TotpFactor` document to mark as
|
|
124
|
-
* verified.
|
|
125
|
-
* @param lastUsedAt - Unix timestamp (in milliseconds) recording when
|
|
126
|
-
* the verification code was successfully validated.
|
|
127
|
-
* @returns `null` on success.
|
|
128
|
-
*
|
|
129
|
-
* @example
|
|
130
|
-
* ```ts
|
|
131
|
-
* // After validating the user's TOTP code during setup
|
|
132
|
-
* await ctx.runMutation(
|
|
133
|
-
* components.auth.factors.totp.totpMarkVerified,
|
|
134
|
-
* {
|
|
135
|
-
* totpId: enrollment._id,
|
|
136
|
-
* lastUsedAt: Date.now(),
|
|
137
|
-
* },
|
|
138
|
-
* );
|
|
139
|
-
* ```
|
|
140
|
-
*/
|
|
141
|
-
declare const totpMarkVerified: any;
|
|
142
|
-
/**
|
|
143
|
-
* Update a TOTP enrollment's last-used timestamp.
|
|
144
|
-
*
|
|
145
|
-
* Called after each successful TOTP code validation during sign-in.
|
|
146
|
-
* Tracking the last-used time helps detect stale enrollments and can
|
|
147
|
-
* be surfaced in security settings for user awareness.
|
|
148
|
-
*
|
|
149
|
-
* @param totpId - The `_id` of the `TotpFactor` document to update.
|
|
150
|
-
* @param lastUsedAt - Unix timestamp (in milliseconds) recording when
|
|
151
|
-
* the TOTP code was most recently validated.
|
|
152
|
-
* @returns `null` on success.
|
|
153
|
-
*
|
|
154
|
-
* @example
|
|
155
|
-
* ```ts
|
|
156
|
-
* await ctx.runMutation(
|
|
157
|
-
* components.auth.factors.totp.totpUpdateLastUsed,
|
|
158
|
-
* {
|
|
159
|
-
* totpId: totp._id,
|
|
160
|
-
* lastUsedAt: Date.now(),
|
|
161
|
-
* },
|
|
162
|
-
* );
|
|
163
|
-
* ```
|
|
164
|
-
*/
|
|
165
|
-
declare const totpUpdateLastUsed: any;
|
|
166
|
-
/**
|
|
167
|
-
* Delete a TOTP enrollment from the `TotpFactor` table.
|
|
168
|
-
*
|
|
169
|
-
* Permanently removes the TOTP factor record, including its shared
|
|
170
|
-
* secret. After deletion the user can no longer use this factor for
|
|
171
|
-
* two-factor authentication. Typically called when a user disables
|
|
172
|
-
* TOTP 2FA or wants to re-enroll with a new secret.
|
|
173
|
-
*
|
|
174
|
-
* @param totpId - The `_id` of the `TotpFactor` document to delete.
|
|
175
|
-
* @returns `null` on success.
|
|
176
|
-
*
|
|
177
|
-
* @example
|
|
178
|
-
* ```ts
|
|
179
|
-
* // User disables TOTP 2FA
|
|
180
|
-
* await ctx.runMutation(
|
|
181
|
-
* components.auth.factors.totp.totpDelete,
|
|
182
|
-
* { totpId: totp._id },
|
|
183
|
-
* );
|
|
184
|
-
* ```
|
|
185
|
-
*/
|
|
186
|
-
declare const totpDelete: any;
|
|
187
|
-
//#endregion
|
|
188
|
-
export { totpDelete, totpGetById, totpGetVerifiedByUserId, totpInsert, totpListByUserId, totpMarkVerified, totpUpdateLastUsed, totp_d_exports };
|
|
189
|
-
//# sourceMappingURL=totp.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"totp.d.ts","names":[],"sources":["../../../../src/component/public/factors/totp.ts"],"mappings":";;;;;;;;;;;;;;;AA0CA;;;;;AAwCA;;;;;AAoCA;;;;;AAkCA;;;;;AAkCA;;;;;cAhJa,UAAA;;;;;AA6Mb;;;;;;;;;;;;;;;;;;;;cArKa,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAoCA,gBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAkCA,WAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;cAkCA,gBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAgCA,kBAAA;;;;;;;;;;;;;;;;;;;;;cA6BA,UAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"totp.js","names":[],"sources":["../../../../src/component/public/factors/totp.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vTotpFactorDoc } from \"../../model\";\n\n/**\n * Store a new TOTP (Time-based One-Time Password) enrollment for a user.\n *\n * Creates a `TotpFactor` record containing the shared secret and OTP\n * parameters. The enrollment starts in an unverified state until the\n * user confirms it by submitting a valid code generated from the secret.\n *\n * @param userId - The `_id` of the `User` enrolling in TOTP-based 2FA.\n * @param secret - The shared secret key as raw bytes, typically 20 bytes\n * of cryptographically random data.\n * @param digits - Number of digits in the generated OTP code (usually `6`).\n * @param period - Time step in seconds for code generation (usually `30`).\n * @param verified - Whether the enrollment has been verified. Set to\n * `false` during initial setup; set to `true` after the user submits\n * a valid code.\n * @param name - Optional human-readable label for the TOTP factor\n * (e.g. `\"Google Authenticator\"`).\n * @param createdAt - Unix timestamp (in milliseconds) when the enrollment\n * was created.\n * @returns The `_id` of the newly created `TotpFactor` document.\n *\n * @example\n * ```ts\n * const totpId = await ctx.runMutation(\n * components.auth.factors.totp.totpInsert,\n * {\n * userId: user._id,\n * secret: crypto.getRandomValues(new Uint8Array(20)),\n * digits: 6,\n * period: 30,\n * verified: false,\n * name: \"Authenticator App\",\n * createdAt: Date.now(),\n * },\n * );\n * ```\n */\nexport const totpInsert = mutation({\n args: {\n userId: v.id(\"User\"),\n secret: v.bytes(),\n digits: v.number(),\n period: v.number(),\n verified: v.boolean(),\n name: v.optional(v.string()),\n createdAt: v.number(),\n },\n returns: v.id(\"TotpFactor\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"TotpFactor\", args);\n },\n});\n\n/**\n * Get a verified TOTP enrollment for a user.\n *\n * Queries the `TotpFactor` table using the `user_id_verified` compound\n * index to find the first enrollment that has been successfully verified.\n * This is the primary lookup during a TOTP authentication challenge --\n * only verified enrollments should be used to validate codes.\n *\n * @param userId - The `_id` of the `User` whose verified TOTP enrollment\n * to retrieve.\n * @returns The first verified `TotpFactor` document for the user, or\n * `null` if the user has no verified TOTP enrollment.\n *\n * @example\n * ```ts\n * const totp = await ctx.runQuery(\n * components.auth.factors.totp.totpGetVerifiedByUserId,\n * { userId: user._id },\n * );\n * if (totp === null) {\n * // User does not have TOTP 2FA enabled\n * }\n * ```\n */\nexport const totpGetVerifiedByUserId = query({\n args: { userId: v.id(\"User\") },\n returns: v.union(vTotpFactorDoc, v.null()),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"TotpFactor\")\n .withIndex(\"user_id_verified\", (q) =>\n q.eq(\"userId\", userId).eq(\"verified\", true),\n )\n .first();\n },\n});\n\n/**\n * List all TOTP enrollments for a user, both verified and unverified.\n *\n * Retrieves every `TotpFactor` document associated with the given user\n * via the `user_id` index. Useful for displaying enrolled authenticator\n * apps in a security settings page, including pending (unverified)\n * enrollments that the user has not yet confirmed.\n *\n * @param userId - The `_id` of the `User` whose TOTP enrollments to\n * retrieve.\n * @returns An array of `TotpFactor` documents. Returns an empty array if\n * the user has no TOTP enrollments.\n *\n * @example\n * ```ts\n * const factors = await ctx.runQuery(\n * components.auth.factors.totp.totpListByUserId,\n * { userId: user._id },\n * );\n * const verified = factors.filter((f) => f.verified);\n * const pending = factors.filter((f) => !f.verified);\n * ```\n */\nexport const totpListByUserId = query({\n args: { userId: v.id(\"User\") },\n returns: v.array(vTotpFactorDoc),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"TotpFactor\")\n .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId))\n .collect();\n },\n});\n\n/**\n * Get a single TOTP enrollment by its document ID.\n *\n * Performs a direct document lookup on the `TotpFactor` table. This is\n * used when you already have the enrollment's `_id` (e.g. from a\n * previous list query) and need to fetch its full details, including\n * the secret and verification status.\n *\n * @param totpId - The `_id` of the `TotpFactor` document to retrieve.\n * @returns The `TotpFactor` document, or `null` if no enrollment exists\n * with the given ID.\n *\n * @example\n * ```ts\n * const totp = await ctx.runQuery(\n * components.auth.factors.totp.totpGetById,\n * { totpId: enrollmentId },\n * );\n * if (totp !== null && !totp.verified) {\n * // Enrollment is still pending confirmation\n * }\n * ```\n */\nexport const totpGetById = query({\n args: { totpId: v.id(\"TotpFactor\") },\n returns: v.union(vTotpFactorDoc, v.null()),\n handler: async (ctx, { totpId }) => {\n return await ctx.db.get(\"TotpFactor\", totpId);\n },\n});\n\n/**\n * Mark a TOTP enrollment as verified, completing the setup process.\n *\n * Called after the user successfully submits a valid TOTP code during\n * enrollment. This transitions the factor from a pending state to an\n * active, verified state, enabling it for future authentication\n * challenges.\n *\n * @param totpId - The `_id` of the `TotpFactor` document to mark as\n * verified.\n * @param lastUsedAt - Unix timestamp (in milliseconds) recording when\n * the verification code was successfully validated.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // After validating the user's TOTP code during setup\n * await ctx.runMutation(\n * components.auth.factors.totp.totpMarkVerified,\n * {\n * totpId: enrollment._id,\n * lastUsedAt: Date.now(),\n * },\n * );\n * ```\n */\nexport const totpMarkVerified = mutation({\n args: { totpId: v.id(\"TotpFactor\"), lastUsedAt: v.number() },\n returns: v.null(),\n handler: async (ctx, { totpId, lastUsedAt }) => {\n await ctx.db.patch(\"TotpFactor\", totpId, { verified: true, lastUsedAt });\n return null;\n },\n});\n\n/**\n * Update a TOTP enrollment's last-used timestamp.\n *\n * Called after each successful TOTP code validation during sign-in.\n * Tracking the last-used time helps detect stale enrollments and can\n * be surfaced in security settings for user awareness.\n *\n * @param totpId - The `_id` of the `TotpFactor` document to update.\n * @param lastUsedAt - Unix timestamp (in milliseconds) recording when\n * the TOTP code was most recently validated.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * components.auth.factors.totp.totpUpdateLastUsed,\n * {\n * totpId: totp._id,\n * lastUsedAt: Date.now(),\n * },\n * );\n * ```\n */\nexport const totpUpdateLastUsed = mutation({\n args: { totpId: v.id(\"TotpFactor\"), lastUsedAt: v.number() },\n returns: v.null(),\n handler: async (ctx, { totpId, lastUsedAt }) => {\n await ctx.db.patch(\"TotpFactor\", totpId, { lastUsedAt });\n return null;\n },\n});\n\n/**\n * Delete a TOTP enrollment from the `TotpFactor` table.\n *\n * Permanently removes the TOTP factor record, including its shared\n * secret. After deletion the user can no longer use this factor for\n * two-factor authentication. Typically called when a user disables\n * TOTP 2FA or wants to re-enroll with a new secret.\n *\n * @param totpId - The `_id` of the `TotpFactor` document to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // User disables TOTP 2FA\n * await ctx.runMutation(\n * components.auth.factors.totp.totpDelete,\n * { totpId: totp._id },\n * );\n * ```\n */\nexport const totpDelete = mutation({\n args: { totpId: v.id(\"TotpFactor\") },\n returns: v.null(),\n handler: async (ctx, { totpId }) => {\n await ctx.db.delete(\"TotpFactor\", totpId);\n return null;\n },\n});\n\n// ============================================================================\n// Rate Limits\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0CA,MAAa,aAAa,SAAS;CACjC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,QAAQ,EAAE,OAAO;EACjB,QAAQ,EAAE,QAAQ;EAClB,QAAQ,EAAE,QAAQ;EAClB,UAAU,EAAE,SAAS;EACrB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,WAAW,EAAE,QAAQ;EACtB;CACD,SAAS,EAAE,GAAG,aAAa;CAC3B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,cAAc,KAAK;;CAEjD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,qBAAqB,MAC9B,EAAE,GAAG,UAAU,OAAO,CAAC,GAAG,YAAY,KAAK,CAC5C,CACA,OAAO;;CAEb,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,mBAAmB,MAAM;CACpC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,eAAe;CAChC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,aAAa,CACnB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAO,CAAC,CACnD,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE;CACpC,SAAS,EAAE,MAAM,gBAAgB,EAAE,MAAM,CAAC;CAC1C,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,cAAc,OAAO;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BF,MAAa,mBAAmB,SAAS;CACvC,MAAM;EAAE,QAAQ,EAAE,GAAG,aAAa;EAAE,YAAY,EAAE,QAAQ;EAAE;CAC5D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,iBAAiB;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,QAAQ;GAAE,UAAU;GAAM;GAAY,CAAC;AACxE,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,qBAAqB,SAAS;CACzC,MAAM;EAAE,QAAQ,EAAE,GAAG,aAAa;EAAE,YAAY,EAAE,QAAQ;EAAE;CAC5D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,iBAAiB;AAC9C,QAAM,IAAI,GAAG,MAAM,cAAc,QAAQ,EAAE,YAAY,CAAC;AACxD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,QAAM,IAAI,GAAG,OAAO,cAAc,OAAO;AACzC,SAAO;;CAEV,CAAC"}
|
|
@@ -1,137 +0,0 @@
|
|
|
1
|
-
declare namespace core_d_exports {
|
|
2
|
-
export { groupCreate, groupDelete, groupGet, groupList, groupUpdate };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Create a new group. Groups are hierarchical — set `parentGroupId` to nest
|
|
6
|
-
* under an existing group, or omit it to create a root-level group.
|
|
7
|
-
*
|
|
8
|
-
* Root groups self-reference their own ID as `rootGroupId`. Child groups
|
|
9
|
-
* inherit `rootGroupId` from their parent chain. Tags are normalized
|
|
10
|
-
* (trimmed and lowercased) and deduplicated before storage, and companion
|
|
11
|
-
* `GroupTag` rows are created for indexed lookups.
|
|
12
|
-
*
|
|
13
|
-
* @param args.name - The display name for the group.
|
|
14
|
-
* @param args.slug - An optional URL-friendly identifier for the group (e.g. `"engineering"`).
|
|
15
|
-
* @param args.type - An optional application-defined group type (e.g. `"organization"`, `"team"`).
|
|
16
|
-
* @param args.parentGroupId - The ID of an existing group to nest under. Omit to create a root-level group.
|
|
17
|
-
* @param args.tags - An optional array of `{ key, value }` tag pairs to attach to the group for filtering.
|
|
18
|
-
* @param args.extend - An optional arbitrary payload for application-specific metadata.
|
|
19
|
-
* @returns The `Id<"Group">` of the newly created group document.
|
|
20
|
-
*
|
|
21
|
-
* @example
|
|
22
|
-
* ```ts
|
|
23
|
-
* const groupId = await ctx.runMutation(components.auth.groups.groupCreate, {
|
|
24
|
-
* name: "Acme Corp",
|
|
25
|
-
* slug: "acme-corp",
|
|
26
|
-
* type: "organization",
|
|
27
|
-
* tags: [{ key: "plan", value: "enterprise" }],
|
|
28
|
-
* });
|
|
29
|
-
* ```
|
|
30
|
-
*/
|
|
31
|
-
declare const groupCreate: any;
|
|
32
|
-
/**
|
|
33
|
-
* Retrieve a group by its document ID.
|
|
34
|
-
*
|
|
35
|
-
* Performs a direct lookup in the `Group` table and returns the full group
|
|
36
|
-
* document, or `null` if no group exists with the given ID.
|
|
37
|
-
*
|
|
38
|
-
* @param args.groupId - The `Id<"Group">` of the group to retrieve.
|
|
39
|
-
* @returns The group document (including `name`, `slug`, `type`, `tags`, hierarchy fields, etc.) or `null` if not found.
|
|
40
|
-
*
|
|
41
|
-
* @example
|
|
42
|
-
* ```ts
|
|
43
|
-
* const group = await ctx.runQuery(components.auth.groups.groupGet, {
|
|
44
|
-
* groupId: existingGroupId,
|
|
45
|
-
* });
|
|
46
|
-
* if (group !== null) {
|
|
47
|
-
* console.log(group.name, group.slug);
|
|
48
|
-
* }
|
|
49
|
-
* ```
|
|
50
|
-
*/
|
|
51
|
-
declare const groupGet: any;
|
|
52
|
-
/**
|
|
53
|
-
* List groups with optional filtering, sorting, and pagination.
|
|
54
|
-
*
|
|
55
|
-
* Returns `{ items, nextCursor }`. Empty `where` returns **all** groups.
|
|
56
|
-
* The query engine selects the best database index based on the combination
|
|
57
|
-
* of filter fields provided. Tag filters (`tagsAll`, `tagsAny`) are resolved
|
|
58
|
-
* via the `GroupTag` companion table and intersected/unioned with index results.
|
|
59
|
-
*
|
|
60
|
-
* @param args.where - Optional filter criteria for narrowing results.
|
|
61
|
-
* @param args.where.slug - Match groups with this exact slug.
|
|
62
|
-
* @param args.where.type - Match groups with this exact type.
|
|
63
|
-
* @param args.where.parentGroupId - Match groups that are direct children of the specified parent group.
|
|
64
|
-
* @param args.where.name - Match groups with this exact name.
|
|
65
|
-
* @param args.where.isRoot - When `true`, return only root-level groups; when `false`, only child groups.
|
|
66
|
-
* @param args.where.tagsAll - An array of `{ key, value }` pairs; only groups that have **all** of these tags are returned.
|
|
67
|
-
* @param args.where.tagsAny - An array of `{ key, value }` pairs; groups that have **at least one** of these tags are returned.
|
|
68
|
-
* @param args.limit - Maximum number of items per page (clamped to 1..100, defaults to 50).
|
|
69
|
-
* @param args.cursor - An opaque cursor string from a previous response's `nextCursor` to fetch the next page, or `null` to start from the beginning.
|
|
70
|
-
* @param args.orderBy - The field to sort by: `"_creationTime"`, `"name"`, `"slug"`, or `"type"`.
|
|
71
|
-
* @param args.order - Sort direction: `"asc"` or `"desc"` (defaults to `"desc"`).
|
|
72
|
-
* @returns An object `{ items, nextCursor }` where `items` is an array of group documents and `nextCursor` is `null` when there are no more pages.
|
|
73
|
-
*
|
|
74
|
-
* @example
|
|
75
|
-
* ```ts
|
|
76
|
-
* const { items, nextCursor } = await ctx.runQuery(
|
|
77
|
-
* components.auth.groups.groupList,
|
|
78
|
-
* {
|
|
79
|
-
* where: { type: "team", isRoot: false },
|
|
80
|
-
* limit: 20,
|
|
81
|
-
* order: "asc",
|
|
82
|
-
* },
|
|
83
|
-
* );
|
|
84
|
-
* ```
|
|
85
|
-
*/
|
|
86
|
-
declare const groupList: any;
|
|
87
|
-
/**
|
|
88
|
-
* Update a group's mutable fields such as `name`, `slug`, `tags`, `extend`,
|
|
89
|
-
* and `parentGroupId`.
|
|
90
|
-
*
|
|
91
|
-
* When `parentGroupId` is changed the mutation automatically recomputes
|
|
92
|
-
* `isRoot` and `rootGroupId` for the target group **and** cascades the new
|
|
93
|
-
* `rootGroupId` to all descendant groups. When `tags` are provided they are
|
|
94
|
-
* normalized, deduplicated, and the companion `GroupTag` rows are fully
|
|
95
|
-
* replaced (delete-then-insert).
|
|
96
|
-
*
|
|
97
|
-
* @param args.groupId - The `Id<"Group">` of the group to update.
|
|
98
|
-
* @param args.data - A partial object of fields to patch. Supported keys include `name`, `slug`, `type`, `parentGroupId`, `tags`, and `extend`.
|
|
99
|
-
* @returns `null` on success.
|
|
100
|
-
*
|
|
101
|
-
* @example
|
|
102
|
-
* ```ts
|
|
103
|
-
* await ctx.runMutation(components.auth.groups.groupUpdate, {
|
|
104
|
-
* groupId: existingGroupId,
|
|
105
|
-
* data: {
|
|
106
|
-
* name: "Acme Corp (renamed)",
|
|
107
|
-
* tags: [{ key: "plan", value: "pro" }],
|
|
108
|
-
* },
|
|
109
|
-
* });
|
|
110
|
-
* ```
|
|
111
|
-
*/
|
|
112
|
-
declare const groupUpdate: any;
|
|
113
|
-
/**
|
|
114
|
-
* Delete a group and all of its descendants. This cascades to:
|
|
115
|
-
* - All child groups (recursively)
|
|
116
|
-
* - All members of this group and its descendants
|
|
117
|
-
* - All invites for this group and its descendants
|
|
118
|
-
* - All companion `GroupTag` rows for this group and its descendants
|
|
119
|
-
*
|
|
120
|
-
* The deletion walks the group tree depth-first, removing leaves before
|
|
121
|
-
* parents, so referential integrity is maintained throughout.
|
|
122
|
-
*
|
|
123
|
-
* @param args.groupId - The `Id<"Group">` of the group to delete. All children are deleted recursively.
|
|
124
|
-
* @returns `null` on success.
|
|
125
|
-
*
|
|
126
|
-
* @example
|
|
127
|
-
* ```ts
|
|
128
|
-
* // Delete an organization and everything nested under it
|
|
129
|
-
* await ctx.runMutation(components.auth.groups.groupDelete, {
|
|
130
|
-
* groupId: organizationGroupId,
|
|
131
|
-
* });
|
|
132
|
-
* ```
|
|
133
|
-
*/
|
|
134
|
-
declare const groupDelete: any;
|
|
135
|
-
//#endregion
|
|
136
|
-
export { core_d_exports, groupCreate, groupDelete, groupGet, groupList, groupUpdate };
|
|
137
|
-
//# sourceMappingURL=core.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"core.d.ts","names":[],"sources":["../../../../src/component/public/groups/core.ts"],"mappings":";;;;;;;;;;;;;AAuDA;;;;;AA+DA;;;;;AA0CA;;;;;AAsLA;;cA/Ra,WAAA;;;AAyXb;;;;;;;;;;;;;;;;;cA1Ta,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA0CA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAsLA,WAAA;;;;;;;;;;;;;;;;;;;;;;cA0FA,WAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"core.js","names":[],"sources":["../../../../src/component/public/groups/core.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport type { Id } from \"../../_generated/dataModel\";\nimport { mutation, query } from \"../../functions\";\nimport { vGroupDoc, vPaginated, vTag } from \"../../model\";\n\ntype TagPair = { key: string; value: string };\n\nfunction normalizeTag(tag: TagPair): TagPair {\n return {\n key: tag.key.trim().toLowerCase(),\n value: tag.value.trim().toLowerCase(),\n };\n}\n\nfunction normalizeTags(tags: TagPair[]): TagPair[] {\n const seen = new Set<string>();\n const result: TagPair[] = [];\n for (const raw of tags) {\n const t = normalizeTag(raw);\n const composite = `${t.key}\\0${t.value}`;\n if (!seen.has(composite)) {\n seen.add(composite);\n result.push(t);\n }\n }\n return result;\n}\n/**\n * Create a new group. Groups are hierarchical — set `parentGroupId` to nest\n * under an existing group, or omit it to create a root-level group.\n *\n * Root groups self-reference their own ID as `rootGroupId`. Child groups\n * inherit `rootGroupId` from their parent chain. Tags are normalized\n * (trimmed and lowercased) and deduplicated before storage, and companion\n * `GroupTag` rows are created for indexed lookups.\n *\n * @param args.name - The display name for the group.\n * @param args.slug - An optional URL-friendly identifier for the group (e.g. `\"engineering\"`).\n * @param args.type - An optional application-defined group type (e.g. `\"organization\"`, `\"team\"`).\n * @param args.parentGroupId - The ID of an existing group to nest under. Omit to create a root-level group.\n * @param args.tags - An optional array of `{ key, value }` tag pairs to attach to the group for filtering.\n * @param args.extend - An optional arbitrary payload for application-specific metadata.\n * @returns The `Id<\"Group\">` of the newly created group document.\n *\n * @example\n * ```ts\n * const groupId = await ctx.runMutation(components.auth.groups.groupCreate, {\n * name: \"Acme Corp\",\n * slug: \"acme-corp\",\n * type: \"organization\",\n * tags: [{ key: \"plan\", value: \"enterprise\" }],\n * });\n * ```\n */\nexport const groupCreate = mutation({\n args: {\n name: v.string(),\n slug: v.optional(v.string()),\n type: v.optional(v.string()),\n parentGroupId: v.optional(v.id(\"Group\")),\n tags: v.optional(v.array(vTag)),\n extend: v.optional(v.any()),\n },\n returns: v.id(\"Group\"),\n handler: async (ctx, args) => {\n const { tags: rawTags, ...rest } = args;\n const normalizedTags = rawTags ? normalizeTags(rawTags) : undefined;\n const isRoot = !args.parentGroupId;\n // Compute rootGroupId: root groups self-reference, children inherit from parent\n let rootGroupId: Id<\"Group\"> | undefined;\n if (!isRoot && args.parentGroupId) {\n const parent = await ctx.db.get(args.parentGroupId);\n rootGroupId = parent?.rootGroupId ?? args.parentGroupId;\n }\n const groupId = await ctx.db.insert(\"Group\", {\n ...rest,\n tags: normalizedTags,\n isRoot,\n rootGroupId: isRoot ? undefined : rootGroupId,\n });\n // Self-reference for root groups (need the ID after insert)\n if (isRoot) {\n await ctx.db.patch(groupId, { rootGroupId: groupId });\n }\n // Sync companion group_tag rows\n if (normalizedTags) {\n for (const tag of normalizedTags) {\n await ctx.db.insert(\"GroupTag\", {\n group_id: groupId,\n key: tag.key,\n value: tag.value,\n });\n }\n }\n return groupId;\n },\n});\n\n/**\n * Retrieve a group by its document ID.\n *\n * Performs a direct lookup in the `Group` table and returns the full group\n * document, or `null` if no group exists with the given ID.\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to retrieve.\n * @returns The group document (including `name`, `slug`, `type`, `tags`, hierarchy fields, etc.) or `null` if not found.\n *\n * @example\n * ```ts\n * const group = await ctx.runQuery(components.auth.groups.groupGet, {\n * groupId: existingGroupId,\n * });\n * if (group !== null) {\n * console.log(group.name, group.slug);\n * }\n * ```\n */\nexport const groupGet = query({\n args: { groupId: v.id(\"Group\") },\n returns: v.union(vGroupDoc, v.null()),\n handler: async (ctx, { groupId }) => {\n return await ctx.db.get(\"Group\", groupId);\n },\n});\n\n/**\n * List groups with optional filtering, sorting, and pagination.\n *\n * Returns `{ items, nextCursor }`. Empty `where` returns **all** groups.\n * The query engine selects the best database index based on the combination\n * of filter fields provided. Tag filters (`tagsAll`, `tagsAny`) are resolved\n * via the `GroupTag` companion table and intersected/unioned with index results.\n *\n * @param args.where - Optional filter criteria for narrowing results.\n * @param args.where.slug - Match groups with this exact slug.\n * @param args.where.type - Match groups with this exact type.\n * @param args.where.parentGroupId - Match groups that are direct children of the specified parent group.\n * @param args.where.name - Match groups with this exact name.\n * @param args.where.isRoot - When `true`, return only root-level groups; when `false`, only child groups.\n * @param args.where.tagsAll - An array of `{ key, value }` pairs; only groups that have **all** of these tags are returned.\n * @param args.where.tagsAny - An array of `{ key, value }` pairs; groups that have **at least one** of these tags are returned.\n * @param args.limit - Maximum number of items per page (clamped to 1..100, defaults to 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor` to fetch the next page, or `null` to start from the beginning.\n * @param args.orderBy - The field to sort by: `\"_creationTime\"`, `\"name\"`, `\"slug\"`, or `\"type\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (defaults to `\"desc\"`).\n * @returns An object `{ items, nextCursor }` where `items` is an array of group documents and `nextCursor` is `null` when there are no more pages.\n *\n * @example\n * ```ts\n * const { items, nextCursor } = await ctx.runQuery(\n * components.auth.groups.groupList,\n * {\n * where: { type: \"team\", isRoot: false },\n * limit: 20,\n * order: \"asc\",\n * },\n * );\n * ```\n */\nexport const groupList = query({\n args: {\n where: v.optional(\n v.object({\n slug: v.optional(v.string()),\n type: v.optional(v.string()),\n parentGroupId: v.optional(v.id(\"Group\")),\n name: v.optional(v.string()),\n isRoot: v.optional(v.boolean()),\n tagsAll: v.optional(v.array(vTag)),\n tagsAny: v.optional(v.array(vTag)),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(\n v.union(\n v.literal(\"_creationTime\"),\n v.literal(\"name\"),\n v.literal(\"slug\"),\n v.literal(\"type\"),\n ),\n ),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vGroupDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n // ---- Resolve tag filters into a Set<Id<\"Group\">> ----\n let tagFilteredIds: Set<string> | null = null;\n\n if (where.tagsAll && where.tagsAll.length > 0) {\n // Intersect: group must have ALL specified tags\n let allSet: Set<string> | null = null;\n for (const rawTag of where.tagsAll) {\n const t = normalizeTag(rawTag);\n const rows = await ctx.db\n .query(\"GroupTag\")\n .withIndex(\"by_key_value\", (idx) =>\n idx.eq(\"key\", t.key).eq(\"value\", t.value),\n )\n .collect();\n const ids = new Set(rows.map((r) => r.group_id as string));\n if (allSet === null) {\n allSet = ids;\n } else {\n // Intersect\n for (const id of allSet) {\n if (!ids.has(id)) allSet.delete(id);\n }\n }\n // Short-circuit: empty intersection\n if (allSet.size === 0) break;\n }\n tagFilteredIds = allSet ?? new Set();\n }\n\n if (where.tagsAny && where.tagsAny.length > 0) {\n // Union: group must have at least one of the specified tags\n const anySet = new Set<string>();\n for (const rawTag of where.tagsAny) {\n const t = normalizeTag(rawTag);\n const rows = await ctx.db\n .query(\"GroupTag\")\n .withIndex(\"by_key_value\", (idx) =>\n idx.eq(\"key\", t.key).eq(\"value\", t.value),\n )\n .collect();\n for (const r of rows) {\n anySet.add(r.group_id as string);\n }\n }\n if (tagFilteredIds !== null) {\n // AND with tagsAll result\n for (const id of tagFilteredIds) {\n if (!anySet.has(id)) tagFilteredIds.delete(id);\n }\n } else {\n tagFilteredIds = anySet;\n }\n }\n\n // ---- Pick best index based on non-tag where fields ----\n let q;\n if (where.type !== undefined && where.parentGroupId !== undefined) {\n q = ctx.db\n .query(\"Group\")\n .withIndex(\"type_parent_group_id\", (idx) =>\n idx.eq(\"type\", where.type!).eq(\"parentGroupId\", where.parentGroupId!),\n );\n } else if (where.slug !== undefined) {\n q = ctx.db\n .query(\"Group\")\n .withIndex(\"slug\", (idx) => idx.eq(\"slug\", where.slug!));\n } else if (where.type !== undefined) {\n q = ctx.db\n .query(\"Group\")\n .withIndex(\"type\", (idx) => idx.eq(\"type\", where.type!));\n } else if (where.parentGroupId !== undefined) {\n q = ctx.db\n .query(\"Group\")\n .withIndex(\"parent_group_id\", (idx) =>\n idx.eq(\"parentGroupId\", where.parentGroupId!),\n );\n } else if (where.isRoot !== undefined) {\n q = ctx.db\n .query(\"Group\")\n .withIndex(\"is_root\", (idx) => idx.eq(\"isRoot\", where.isRoot!));\n } else {\n q = ctx.db.query(\"Group\");\n }\n\n // Apply remaining non-tag filters not covered by index\n if (where.name !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n }\n // isRoot filter when not already used as primary index\n if (\n where.isRoot !== undefined &&\n where.parentGroupId === undefined &&\n (where.type !== undefined || where.slug !== undefined)\n ) {\n q = q.filter((f) => f.eq(f.field(\"isRoot\"), where.isRoot!));\n }\n // slug filter when not used as index\n if (where.slug !== undefined && where.type !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"slug\"), where.slug!));\n }\n\n q = q.order(order);\n\n let all = await q.collect();\n\n // Apply tag filter (intersect with resolved groupIds)\n if (tagFilteredIds !== null) {\n all = all.filter((doc) => tagFilteredIds!.has(doc._id as string));\n }\n\n // Cursor-based pagination\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Update a group's mutable fields such as `name`, `slug`, `tags`, `extend`,\n * and `parentGroupId`.\n *\n * When `parentGroupId` is changed the mutation automatically recomputes\n * `isRoot` and `rootGroupId` for the target group **and** cascades the new\n * `rootGroupId` to all descendant groups. When `tags` are provided they are\n * normalized, deduplicated, and the companion `GroupTag` rows are fully\n * replaced (delete-then-insert).\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to update.\n * @param args.data - A partial object of fields to patch. Supported keys include `name`, `slug`, `type`, `parentGroupId`, `tags`, and `extend`.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(components.auth.groups.groupUpdate, {\n * groupId: existingGroupId,\n * data: {\n * name: \"Acme Corp (renamed)\",\n * tags: [{ key: \"plan\", value: \"pro\" }],\n * },\n * });\n * ```\n */\nexport const groupUpdate = mutation({\n args: { groupId: v.id(\"Group\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { groupId, data }) => {\n // If parentGroupId is changing, recompute rootGroupId + isRoot for this group and descendants\n if (data.parentGroupId !== undefined) {\n const oldGroup = await ctx.db.get(\"Group\", groupId);\n const oldRootGroupId = oldGroup?.rootGroupId;\n const newParentGroupId = data.parentGroupId as Id<\"Group\"> | undefined;\n const newIsRoot = !newParentGroupId;\n let newRootGroupId: Id<\"Group\">;\n if (newIsRoot) {\n newRootGroupId = groupId;\n } else {\n const parent = await ctx.db.get(\"Group\", newParentGroupId!);\n newRootGroupId = parent?.rootGroupId ?? newParentGroupId!;\n }\n data.isRoot = newIsRoot;\n data.rootGroupId = newRootGroupId;\n // Cascade to descendants if rootGroupId changed\n if (oldRootGroupId && oldRootGroupId !== newRootGroupId) {\n const descendants = await ctx.db\n .query(\"Group\")\n .withIndex(\"root_group_id\", (q) =>\n q.eq(\"rootGroupId\", oldRootGroupId),\n )\n .collect();\n for (const desc of descendants) {\n if (desc._id !== groupId) {\n await ctx.db.patch(\"Group\", desc._id, {\n rootGroupId: newRootGroupId,\n });\n }\n }\n }\n }\n // If tags are being updated, normalize and replace the full tag set\n if (data.tags !== undefined) {\n const normalizedTags: TagPair[] = Array.isArray(data.tags)\n ? normalizeTags(data.tags as TagPair[])\n : [];\n // Delete existing group_tag rows for this group\n const existingTags = await ctx.db\n .query(\"GroupTag\")\n .withIndex(\"by_group\", (idx) => idx.eq(\"group_id\", groupId))\n .collect();\n for (const existing of existingTags) {\n await ctx.db.delete(\"GroupTag\", existing._id);\n }\n // Insert new normalized group_tag rows\n for (const tag of normalizedTags) {\n await ctx.db.insert(\"GroupTag\", {\n group_id: groupId,\n key: tag.key,\n value: tag.value,\n });\n }\n // Patch group with normalized tags (empty array = clear all)\n await ctx.db.patch(\"Group\", groupId, {\n ...data,\n tags: normalizedTags.length > 0 ? normalizedTags : undefined,\n });\n } else {\n await ctx.db.patch(\"Group\", groupId, data);\n }\n return null;\n },\n});\n\n/**\n * Delete a group and all of its descendants. This cascades to:\n * - All child groups (recursively)\n * - All members of this group and its descendants\n * - All invites for this group and its descendants\n * - All companion `GroupTag` rows for this group and its descendants\n *\n * The deletion walks the group tree depth-first, removing leaves before\n * parents, so referential integrity is maintained throughout.\n *\n * @param args.groupId - The `Id<\"Group\">` of the group to delete. All children are deleted recursively.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Delete an organization and everything nested under it\n * await ctx.runMutation(components.auth.groups.groupDelete, {\n * groupId: organizationGroupId,\n * });\n * ```\n */\nexport const groupDelete = mutation({\n args: { groupId: v.id(\"Group\") },\n returns: v.null(),\n handler: async (ctx, { groupId }) => {\n const deleteGroup = async (id: typeof groupId) => {\n const children = await ctx.db\n .query(\"Group\")\n .withIndex(\"parent_group_id\", (q) => q.eq(\"parentGroupId\", id))\n .collect();\n for (const child of children) {\n await deleteGroup(child._id);\n }\n\n const members = await ctx.db\n .query(\"GroupMember\")\n .withIndex(\"group_id\", (q) => q.eq(\"groupId\", id))\n .collect();\n for (const member of members) {\n await ctx.db.delete(\"GroupMember\", member._id);\n }\n\n const invites = await ctx.db\n .query(\"GroupInvite\")\n .withIndex(\"group_id\", (q) => q.eq(\"groupId\", id))\n .collect();\n for (const invite of invites) {\n await ctx.db.delete(\"GroupInvite\", invite._id);\n }\n\n // Delete companion group_tag rows\n const tags = await ctx.db\n .query(\"GroupTag\")\n .withIndex(\"by_group\", (q) => q.eq(\"group_id\", id))\n .collect();\n for (const tag of tags) {\n await ctx.db.delete(\"GroupTag\", tag._id);\n }\n\n await ctx.db.delete(\"Group\", id);\n };\n\n await deleteGroup(groupId);\n return null;\n },\n});\n\n// ============================================================================\n// Members\n// ============================================================================\n"],"mappings":";;;;;AAQA,SAAS,aAAa,KAAuB;AAC3C,QAAO;EACL,KAAK,IAAI,IAAI,MAAM,CAAC,aAAa;EACjC,OAAO,IAAI,MAAM,MAAM,CAAC,aAAa;EACtC;;AAGH,SAAS,cAAc,MAA4B;CACjD,MAAM,uBAAO,IAAI,KAAa;CAC9B,MAAM,SAAoB,EAAE;AAC5B,MAAK,MAAM,OAAO,MAAM;EACtB,MAAM,IAAI,aAAa,IAAI;EAC3B,MAAM,YAAY,GAAG,EAAE,IAAI,IAAI,EAAE;AACjC,MAAI,CAAC,KAAK,IAAI,UAAU,EAAE;AACxB,QAAK,IAAI,UAAU;AACnB,UAAO,KAAK,EAAE;;;AAGlB,QAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BT,MAAa,cAAc,SAAS;CAClC,MAAM;EACJ,MAAM,EAAE,QAAQ;EAChB,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC5B,eAAe,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;EACxC,MAAM,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;EAC/B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,QAAQ;CACtB,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,EAAE,MAAM,SAAS,GAAG,SAAS;EACnC,MAAM,iBAAiB,UAAU,cAAc,QAAQ,GAAG;EAC1D,MAAM,SAAS,CAAC,KAAK;EAErB,IAAI;AACJ,MAAI,CAAC,UAAU,KAAK,cAElB,gBADe,MAAM,IAAI,GAAG,IAAI,KAAK,cAAc,GAC7B,eAAe,KAAK;EAE5C,MAAM,UAAU,MAAM,IAAI,GAAG,OAAO,SAAS;GAC3C,GAAG;GACH,MAAM;GACN;GACA,aAAa,SAAS,SAAY;GACnC,CAAC;AAEF,MAAI,OACF,OAAM,IAAI,GAAG,MAAM,SAAS,EAAE,aAAa,SAAS,CAAC;AAGvD,MAAI,eACF,MAAK,MAAM,OAAO,eAChB,OAAM,IAAI,GAAG,OAAO,YAAY;GAC9B,UAAU;GACV,KAAK,IAAI;GACT,OAAO,IAAI;GACZ,CAAC;AAGN,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,WAAW,MAAM;CAC5B,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;CAChC,SAAS,EAAE,MAAM,WAAW,EAAE,MAAM,CAAC;CACrC,SAAS,OAAO,KAAK,EAAE,cAAc;AACnC,SAAO,MAAM,IAAI,GAAG,IAAI,SAAS,QAAQ;;CAE5C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCF,MAAa,YAAY,MAAM;CAC7B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,eAAe,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;GACxC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC;GAC/B,SAAS,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;GAClC,SAAS,EAAE,SAAS,EAAE,MAAM,KAAK,CAAC;GACnC,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,OAAO,CAClB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,UAAU;CAC9B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI,iBAAqC;AAEzC,MAAI,MAAM,WAAW,MAAM,QAAQ,SAAS,GAAG;GAE7C,IAAI,SAA6B;AACjC,QAAK,MAAM,UAAU,MAAM,SAAS;IAClC,MAAM,IAAI,aAAa,OAAO;IAC9B,MAAM,OAAO,MAAM,IAAI,GACpB,MAAM,WAAW,CACjB,UAAU,iBAAiB,QAC1B,IAAI,GAAG,OAAO,EAAE,IAAI,CAAC,GAAG,SAAS,EAAE,MAAM,CAC1C,CACA,SAAS;IACZ,MAAM,MAAM,IAAI,IAAI,KAAK,KAAK,MAAM,EAAE,SAAmB,CAAC;AAC1D,QAAI,WAAW,KACb,UAAS;QAGT,MAAK,MAAM,MAAM,OACf,KAAI,CAAC,IAAI,IAAI,GAAG,CAAE,QAAO,OAAO,GAAG;AAIvC,QAAI,OAAO,SAAS,EAAG;;AAEzB,oBAAiB,0BAAU,IAAI,KAAK;;AAGtC,MAAI,MAAM,WAAW,MAAM,QAAQ,SAAS,GAAG;GAE7C,MAAM,yBAAS,IAAI,KAAa;AAChC,QAAK,MAAM,UAAU,MAAM,SAAS;IAClC,MAAM,IAAI,aAAa,OAAO;IAC9B,MAAM,OAAO,MAAM,IAAI,GACpB,MAAM,WAAW,CACjB,UAAU,iBAAiB,QAC1B,IAAI,GAAG,OAAO,EAAE,IAAI,CAAC,GAAG,SAAS,EAAE,MAAM,CAC1C,CACA,SAAS;AACZ,SAAK,MAAM,KAAK,KACd,QAAO,IAAI,EAAE,SAAmB;;AAGpC,OAAI,mBAAmB,MAErB;SAAK,MAAM,MAAM,eACf,KAAI,CAAC,OAAO,IAAI,GAAG,CAAE,gBAAe,OAAO,GAAG;SAGhD,kBAAiB;;EAKrB,IAAI;AACJ,MAAI,MAAM,SAAS,UAAa,MAAM,kBAAkB,OACtD,KAAI,IAAI,GACL,MAAM,QAAQ,CACd,UAAU,yBAAyB,QAClC,IAAI,GAAG,QAAQ,MAAM,KAAM,CAAC,GAAG,iBAAiB,MAAM,cAAe,CACtE;WACM,MAAM,SAAS,OACxB,KAAI,IAAI,GACL,MAAM,QAAQ,CACd,UAAU,SAAS,QAAQ,IAAI,GAAG,QAAQ,MAAM,KAAM,CAAC;WACjD,MAAM,SAAS,OACxB,KAAI,IAAI,GACL,MAAM,QAAQ,CACd,UAAU,SAAS,QAAQ,IAAI,GAAG,QAAQ,MAAM,KAAM,CAAC;WACjD,MAAM,kBAAkB,OACjC,KAAI,IAAI,GACL,MAAM,QAAQ,CACd,UAAU,oBAAoB,QAC7B,IAAI,GAAG,iBAAiB,MAAM,cAAe,CAC9C;WACM,MAAM,WAAW,OAC1B,KAAI,IAAI,GACL,MAAM,QAAQ,CACd,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,QAAQ;AAI3B,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAGzD,MACE,MAAM,WAAW,UACjB,MAAM,kBAAkB,WACvB,MAAM,SAAS,UAAa,MAAM,SAAS,QAE5C,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;AAG7D,MAAI,MAAM,SAAS,UAAa,MAAM,SAAS,OAC7C,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAGzD,MAAI,EAAE,MAAM,MAAM;EAElB,IAAI,MAAM,MAAM,EAAE,SAAS;AAG3B,MAAI,mBAAmB,KACrB,OAAM,IAAI,QAAQ,QAAQ,eAAgB,IAAI,IAAI,IAAc,CAAC;EAInE,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,cAAc,SAAS;CAClC,MAAM;EAAE,SAAS,EAAE,GAAG,QAAQ;EAAE,MAAM,EAAE,KAAK;EAAE;CAC/C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,SAAS,WAAW;AAEzC,MAAI,KAAK,kBAAkB,QAAW;GAEpC,MAAM,kBADW,MAAM,IAAI,GAAG,IAAI,SAAS,QAAQ,GAClB;GACjC,MAAM,mBAAmB,KAAK;GAC9B,MAAM,YAAY,CAAC;GACnB,IAAI;AACJ,OAAI,UACF,kBAAiB;OAGjB,mBADe,MAAM,IAAI,GAAG,IAAI,SAAS,iBAAkB,GAClC,eAAe;AAE1C,QAAK,SAAS;AACd,QAAK,cAAc;AAEnB,OAAI,kBAAkB,mBAAmB,gBAAgB;IACvD,MAAM,cAAc,MAAM,IAAI,GAC3B,MAAM,QAAQ,CACd,UAAU,kBAAkB,MAC3B,EAAE,GAAG,eAAe,eAAe,CACpC,CACA,SAAS;AACZ,SAAK,MAAM,QAAQ,YACjB,KAAI,KAAK,QAAQ,QACf,OAAM,IAAI,GAAG,MAAM,SAAS,KAAK,KAAK,EACpC,aAAa,gBACd,CAAC;;;AAMV,MAAI,KAAK,SAAS,QAAW;GAC3B,MAAM,iBAA4B,MAAM,QAAQ,KAAK,KAAK,GACtD,cAAc,KAAK,KAAkB,GACrC,EAAE;GAEN,MAAM,eAAe,MAAM,IAAI,GAC5B,MAAM,WAAW,CACjB,UAAU,aAAa,QAAQ,IAAI,GAAG,YAAY,QAAQ,CAAC,CAC3D,SAAS;AACZ,QAAK,MAAM,YAAY,aACrB,OAAM,IAAI,GAAG,OAAO,YAAY,SAAS,IAAI;AAG/C,QAAK,MAAM,OAAO,eAChB,OAAM,IAAI,GAAG,OAAO,YAAY;IAC9B,UAAU;IACV,KAAK,IAAI;IACT,OAAO,IAAI;IACZ,CAAC;AAGJ,SAAM,IAAI,GAAG,MAAM,SAAS,SAAS;IACnC,GAAG;IACH,MAAM,eAAe,SAAS,IAAI,iBAAiB;IACpD,CAAC;QAEF,OAAM,IAAI,GAAG,MAAM,SAAS,SAAS,KAAK;AAE5C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,cAAc,SAAS;CAClC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;CAChC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,cAAc;EACnC,MAAM,cAAc,OAAO,OAAuB;GAChD,MAAM,WAAW,MAAM,IAAI,GACxB,MAAM,QAAQ,CACd,UAAU,oBAAoB,MAAM,EAAE,GAAG,iBAAiB,GAAG,CAAC,CAC9D,SAAS;AACZ,QAAK,MAAM,SAAS,SAClB,OAAM,YAAY,MAAM,IAAI;GAG9B,MAAM,UAAU,MAAM,IAAI,GACvB,MAAM,cAAc,CACpB,UAAU,aAAa,MAAM,EAAE,GAAG,WAAW,GAAG,CAAC,CACjD,SAAS;AACZ,QAAK,MAAM,UAAU,QACnB,OAAM,IAAI,GAAG,OAAO,eAAe,OAAO,IAAI;GAGhD,MAAM,UAAU,MAAM,IAAI,GACvB,MAAM,cAAc,CACpB,UAAU,aAAa,MAAM,EAAE,GAAG,WAAW,GAAG,CAAC,CACjD,SAAS;AACZ,QAAK,MAAM,UAAU,QACnB,OAAM,IAAI,GAAG,OAAO,eAAe,OAAO,IAAI;GAIhD,MAAM,OAAO,MAAM,IAAI,GACpB,MAAM,WAAW,CACjB,UAAU,aAAa,MAAM,EAAE,GAAG,YAAY,GAAG,CAAC,CAClD,SAAS;AACZ,QAAK,MAAM,OAAO,KAChB,OAAM,IAAI,GAAG,OAAO,YAAY,IAAI,IAAI;AAG1C,SAAM,IAAI,GAAG,OAAO,SAAS,GAAG;;AAGlC,QAAM,YAAY,QAAQ;AAC1B,SAAO;;CAEV,CAAC"}
|