@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -1,147 +0,0 @@
|
|
|
1
|
-
declare namespace accounts_d_exports {
|
|
2
|
-
export { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* List all accounts linked to a specific user.
|
|
6
|
-
*
|
|
7
|
-
* Queries the `Account` table using the `user_id_provider` index to efficiently
|
|
8
|
-
* retrieve every authentication account (e.g. OAuth, credentials, email) that
|
|
9
|
-
* belongs to the given user.
|
|
10
|
-
*
|
|
11
|
-
* @param args.userId - The document ID of the user whose accounts should be retrieved.
|
|
12
|
-
* @returns An array of account documents associated with the user. Each document
|
|
13
|
-
* includes fields such as `provider`, `providerAccountId`, `secret`, and `extend`.
|
|
14
|
-
*
|
|
15
|
-
* @example
|
|
16
|
-
* ```ts
|
|
17
|
-
* const accounts = await ctx.runQuery(
|
|
18
|
-
* component.identity.accounts.accountListByUser,
|
|
19
|
-
* { userId: user._id },
|
|
20
|
-
* );
|
|
21
|
-
* for (const account of accounts) {
|
|
22
|
-
* console.log(`Provider: ${account.provider}, ID: ${account.providerAccountId}`);
|
|
23
|
-
* }
|
|
24
|
-
* ```
|
|
25
|
-
*/
|
|
26
|
-
declare const accountListByUser: any;
|
|
27
|
-
/**
|
|
28
|
-
* Look up an account by its provider name and provider-specific account ID.
|
|
29
|
-
*
|
|
30
|
-
* Uses the `provider_account_id` index to find the unique account that matches
|
|
31
|
-
* the given provider and external account identifier. This is the primary way
|
|
32
|
-
* to resolve an incoming authentication event (e.g. an OAuth callback) to an
|
|
33
|
-
* existing account in the system.
|
|
34
|
-
*
|
|
35
|
-
* @param args.provider - The name of the authentication provider (e.g. `"google"`, `"github"`, `"credentials"`).
|
|
36
|
-
* @param args.providerAccountId - The unique identifier assigned to the user by the external provider.
|
|
37
|
-
* @returns The matching account document, or `null` if no account exists for the
|
|
38
|
-
* given provider and provider account ID combination.
|
|
39
|
-
*
|
|
40
|
-
* @example
|
|
41
|
-
* ```ts
|
|
42
|
-
* const account = await ctx.runQuery(
|
|
43
|
-
* component.identity.accounts.accountGet,
|
|
44
|
-
* { provider: "google", providerAccountId: "1184210396400123" },
|
|
45
|
-
* );
|
|
46
|
-
* if (account !== null) {
|
|
47
|
-
* console.log(`Found account for user: ${account.userId}`);
|
|
48
|
-
* }
|
|
49
|
-
* ```
|
|
50
|
-
*/
|
|
51
|
-
declare const accountGet: any;
|
|
52
|
-
/**
|
|
53
|
-
* Retrieve a single account by its Convex document ID.
|
|
54
|
-
*
|
|
55
|
-
* Performs a direct point lookup on the `Account` table. Returns `null` if the
|
|
56
|
-
* document has been deleted or never existed.
|
|
57
|
-
*
|
|
58
|
-
* @param args.accountId - The Convex document ID (`Id<"Account">`) of the account to retrieve.
|
|
59
|
-
* @returns The account document if it exists, or `null` otherwise.
|
|
60
|
-
*
|
|
61
|
-
* @example
|
|
62
|
-
* ```ts
|
|
63
|
-
* const account = await ctx.runQuery(
|
|
64
|
-
* component.identity.accounts.accountGetById,
|
|
65
|
-
* { accountId: existingAccountId },
|
|
66
|
-
* );
|
|
67
|
-
* if (account !== null) {
|
|
68
|
-
* console.log(`Provider: ${account.provider}`);
|
|
69
|
-
* }
|
|
70
|
-
* ```
|
|
71
|
-
*/
|
|
72
|
-
declare const accountGetById: any;
|
|
73
|
-
/**
|
|
74
|
-
* Create a new account that links a user to an authentication provider.
|
|
75
|
-
*
|
|
76
|
-
* Inserts a row into the `Account` table, establishing the relationship between
|
|
77
|
-
* a user document and an external authentication provider (OAuth, credentials,
|
|
78
|
-
* email/phone OTP, etc.). A single user may have multiple accounts for different
|
|
79
|
-
* providers.
|
|
80
|
-
*
|
|
81
|
-
* @param args.userId - The document ID of the user to link this account to.
|
|
82
|
-
* @param args.provider - The name of the authentication provider (e.g. `"google"`, `"credentials"`).
|
|
83
|
-
* @param args.providerAccountId - The unique identifier for this user within the external provider.
|
|
84
|
-
* @param args.secret - An optional hashed secret (e.g. password hash) stored for credential-based providers.
|
|
85
|
-
* @param args.extend - Optional arbitrary data to store alongside the account for application-specific needs.
|
|
86
|
-
* @returns The document ID of the newly created account.
|
|
87
|
-
*
|
|
88
|
-
* @example
|
|
89
|
-
* ```ts
|
|
90
|
-
* const accountId = await ctx.runMutation(
|
|
91
|
-
* component.identity.accounts.accountInsert,
|
|
92
|
-
* {
|
|
93
|
-
* userId: user._id,
|
|
94
|
-
* provider: "credentials",
|
|
95
|
-
* providerAccountId: "user@example.com",
|
|
96
|
-
* secret: hashedPassword,
|
|
97
|
-
* },
|
|
98
|
-
* );
|
|
99
|
-
* ```
|
|
100
|
-
*/
|
|
101
|
-
declare const accountInsert: any;
|
|
102
|
-
/**
|
|
103
|
-
* Patch an existing account document with partial data.
|
|
104
|
-
*
|
|
105
|
-
* Merges the provided fields into the existing account document. Fields not
|
|
106
|
-
* included in `data` are left unchanged. This is useful for updating a stored
|
|
107
|
-
* secret (e.g. after a password change) or modifying extended metadata.
|
|
108
|
-
*
|
|
109
|
-
* @param args.accountId - The document ID of the account to update.
|
|
110
|
-
* @param args.data - A partial object containing the fields to merge into the account document.
|
|
111
|
-
* @returns `null` on success.
|
|
112
|
-
*
|
|
113
|
-
* @example
|
|
114
|
-
* ```ts
|
|
115
|
-
* await ctx.runMutation(
|
|
116
|
-
* component.identity.accounts.accountPatch,
|
|
117
|
-
* {
|
|
118
|
-
* accountId: account._id,
|
|
119
|
-
* data: { secret: newHashedPassword },
|
|
120
|
-
* },
|
|
121
|
-
* );
|
|
122
|
-
* ```
|
|
123
|
-
*/
|
|
124
|
-
declare const accountPatch: any;
|
|
125
|
-
/**
|
|
126
|
-
* Delete an account document permanently.
|
|
127
|
-
*
|
|
128
|
-
* Removes the account from the `Account` table. This effectively unlinks the
|
|
129
|
-
* user from the corresponding authentication provider. Callers should ensure
|
|
130
|
-
* that related resources (verification codes, sessions, etc.) are cleaned up
|
|
131
|
-
* separately if needed.
|
|
132
|
-
*
|
|
133
|
-
* @param args.accountId - The document ID of the account to delete.
|
|
134
|
-
* @returns `null` on success.
|
|
135
|
-
*
|
|
136
|
-
* @example
|
|
137
|
-
* ```ts
|
|
138
|
-
* await ctx.runMutation(
|
|
139
|
-
* component.identity.accounts.accountDelete,
|
|
140
|
-
* { accountId: account._id },
|
|
141
|
-
* );
|
|
142
|
-
* ```
|
|
143
|
-
*/
|
|
144
|
-
declare const accountDelete: any;
|
|
145
|
-
//#endregion
|
|
146
|
-
export { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch, accounts_d_exports };
|
|
147
|
-
//# sourceMappingURL=accounts.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"accounts.d.ts","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"mappings":";;;;;;;;;;;;;;AA2BA;;;;;AAmCA;;;;;AAiCA;cApEa,iBAAA;;;;AAwGb;;;;;AAoCA;;;;;AA4BA;;;;;;;;;;;cArIa,UAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAoCA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAoCA,YAAA;;;;;;;;;;;;;;;;;;;;cA4BA,aAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"accounts.js","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vAccountDoc } from \"../../model\";\n\n/**\n * List all accounts linked to a specific user.\n *\n * Queries the `Account` table using the `user_id_provider` index to efficiently\n * retrieve every authentication account (e.g. OAuth, credentials, email) that\n * belongs to the given user.\n *\n * @param args.userId - The document ID of the user whose accounts should be retrieved.\n * @returns An array of account documents associated with the user. Each document\n * includes fields such as `provider`, `providerAccountId`, `secret`, and `extend`.\n *\n * @example\n * ```ts\n * const accounts = await ctx.runQuery(\n * component.identity.accounts.accountListByUser,\n * { userId: user._id },\n * );\n * for (const account of accounts) {\n * console.log(`Provider: ${account.provider}, ID: ${account.providerAccountId}`);\n * }\n * ```\n */\nexport const accountListByUser = query({\n args: { userId: v.id(\"User\") },\n returns: v.array(vAccountDoc),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"Account\")\n .withIndex(\"user_id_provider\", (q) => q.eq(\"userId\", userId as any))\n .collect();\n },\n});\n\n/**\n * Look up an account by its provider name and provider-specific account ID.\n *\n * Uses the `provider_account_id` index to find the unique account that matches\n * the given provider and external account identifier. This is the primary way\n * to resolve an incoming authentication event (e.g. an OAuth callback) to an\n * existing account in the system.\n *\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"github\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier assigned to the user by the external provider.\n * @returns The matching account document, or `null` if no account exists for the\n * given provider and provider account ID combination.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n * component.identity.accounts.accountGet,\n * { provider: \"google\", providerAccountId: \"1184210396400123\" },\n * );\n * if (account !== null) {\n * console.log(`Found account for user: ${account.userId}`);\n * }\n * ```\n */\nexport const accountGet = query({\n args: { provider: v.string(), providerAccountId: v.string() },\n returns: v.union(vAccountDoc, v.null()),\n handler: async (ctx, { provider, providerAccountId }) => {\n return await ctx.db\n .query(\"Account\")\n .withIndex(\"provider_account_id\", (q) =>\n q.eq(\"provider\", provider).eq(\"providerAccountId\", providerAccountId),\n )\n .unique();\n },\n});\n\n/**\n * Retrieve a single account by its Convex document ID.\n *\n * Performs a direct point lookup on the `Account` table. Returns `null` if the\n * document has been deleted or never existed.\n *\n * @param args.accountId - The Convex document ID (`Id<\"Account\">`) of the account to retrieve.\n * @returns The account document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n * component.identity.accounts.accountGetById,\n * { accountId: existingAccountId },\n * );\n * if (account !== null) {\n * console.log(`Provider: ${account.provider}`);\n * }\n * ```\n */\nexport const accountGetById = query({\n args: { accountId: v.id(\"Account\") },\n returns: v.union(vAccountDoc, v.null()),\n handler: async (ctx, { accountId }) => {\n return await ctx.db.get(\"Account\", accountId);\n },\n});\n\n/**\n * Create a new account that links a user to an authentication provider.\n *\n * Inserts a row into the `Account` table, establishing the relationship between\n * a user document and an external authentication provider (OAuth, credentials,\n * email/phone OTP, etc.). A single user may have multiple accounts for different\n * providers.\n *\n * @param args.userId - The document ID of the user to link this account to.\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier for this user within the external provider.\n * @param args.secret - An optional hashed secret (e.g. password hash) stored for credential-based providers.\n * @param args.extend - Optional arbitrary data to store alongside the account for application-specific needs.\n * @returns The document ID of the newly created account.\n *\n * @example\n * ```ts\n * const accountId = await ctx.runMutation(\n * component.identity.accounts.accountInsert,\n * {\n * userId: user._id,\n * provider: \"credentials\",\n * providerAccountId: \"user@example.com\",\n * secret: hashedPassword,\n * },\n * );\n * ```\n */\nexport const accountInsert = mutation({\n args: {\n userId: v.id(\"User\"),\n provider: v.string(),\n providerAccountId: v.string(),\n secret: v.optional(v.string()),\n extend: v.optional(v.any()),\n },\n returns: v.id(\"Account\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"Account\", args as any);\n },\n});\n\n/**\n * Patch an existing account document with partial data.\n *\n * Merges the provided fields into the existing account document. Fields not\n * included in `data` are left unchanged. This is useful for updating a stored\n * secret (e.g. after a password change) or modifying extended metadata.\n *\n * @param args.accountId - The document ID of the account to update.\n * @param args.data - A partial object containing the fields to merge into the account document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.accounts.accountPatch,\n * {\n * accountId: account._id,\n * data: { secret: newHashedPassword },\n * },\n * );\n * ```\n */\nexport const accountPatch = mutation({\n args: { accountId: v.id(\"Account\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { accountId, data }) => {\n await ctx.db.patch(\"Account\", accountId, data);\n return null;\n },\n});\n\n/**\n * Delete an account document permanently.\n *\n * Removes the account from the `Account` table. This effectively unlinks the\n * user from the corresponding authentication provider. Callers should ensure\n * that related resources (verification codes, sessions, etc.) are cleaned up\n * separately if needed.\n *\n * @param args.accountId - The document ID of the account to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.accounts.accountDelete,\n * { accountId: account._id },\n * );\n * ```\n */\nexport const accountDelete = mutation({\n args: { accountId: v.id(\"Account\") },\n returns: v.null(),\n handler: async (ctx, { accountId }) => {\n await ctx.db.delete(\"Account\", accountId);\n return null;\n },\n});\n\n// ============================================================================\n// Sessions\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,qBAAqB,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CACnE,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,aAAa,MAAM;CAC9B,MAAM;EAAE,UAAU,EAAE,QAAQ;EAAE,mBAAmB,EAAE,QAAQ;EAAE;CAC7D,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,UAAU,wBAAwB;AACvD,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,wBAAwB,MACjC,EAAE,GAAG,YAAY,SAAS,CAAC,GAAG,qBAAqB,kBAAkB,CACtE,CACA,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,UAAU,EAAE,QAAQ;EACpB,mBAAmB,EAAE,QAAQ;EAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAY;;CAErD,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,eAAe,SAAS;CACnC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC"}
|
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
declare namespace codes_d_exports {
|
|
2
|
-
export { verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Find a verification code by its associated account ID.
|
|
6
|
-
*
|
|
7
|
-
* Queries the `VerificationCode` table using the `account_id` index to locate
|
|
8
|
-
* the unique verification code linked to the given account. Each account has at
|
|
9
|
-
* most one active verification code at a time.
|
|
10
|
-
*
|
|
11
|
-
* @param args.accountId - The document ID of the account whose verification code should be retrieved.
|
|
12
|
-
* @returns The verification code document if one exists for the account, or `null` otherwise.
|
|
13
|
-
*
|
|
14
|
-
* @example
|
|
15
|
-
* ```ts
|
|
16
|
-
* const code = await ctx.runQuery(
|
|
17
|
-
* component.identity.codes.verificationCodeGetByAccountId,
|
|
18
|
-
* { accountId: account._id },
|
|
19
|
-
* );
|
|
20
|
-
* if (code !== null && code.expirationTime > Date.now()) {
|
|
21
|
-
* console.log("Active verification code exists");
|
|
22
|
-
* }
|
|
23
|
-
* ```
|
|
24
|
-
*/
|
|
25
|
-
declare const verificationCodeGetByAccountId: any;
|
|
26
|
-
/**
|
|
27
|
-
* Find a verification code by its code string value.
|
|
28
|
-
*
|
|
29
|
-
* Queries the `VerificationCode` table using the `code` index to locate the
|
|
30
|
-
* unique verification code document matching the given code string. This is
|
|
31
|
-
* the primary lookup used when a user submits an OTP or clicks a magic link.
|
|
32
|
-
*
|
|
33
|
-
* @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).
|
|
34
|
-
* @returns The verification code document if a match is found, or `null` otherwise.
|
|
35
|
-
*
|
|
36
|
-
* @example
|
|
37
|
-
* ```ts
|
|
38
|
-
* const codeDoc = await ctx.runQuery(
|
|
39
|
-
* component.identity.codes.verificationCodeGetByCode,
|
|
40
|
-
* { code: "482910" },
|
|
41
|
-
* );
|
|
42
|
-
* if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {
|
|
43
|
-
* console.log(`Code is valid for account: ${codeDoc.accountId}`);
|
|
44
|
-
* }
|
|
45
|
-
* ```
|
|
46
|
-
*/
|
|
47
|
-
declare const verificationCodeGetByCode: any;
|
|
48
|
-
/**
|
|
49
|
-
* Create a new verification code for OTP, magic link, or OAuth flows.
|
|
50
|
-
*
|
|
51
|
-
* Inserts a document into the `VerificationCode` table that ties a short-lived
|
|
52
|
-
* code to a specific account and provider. The code can be used for email OTP,
|
|
53
|
-
* phone OTP, magic link, or OAuth state verification depending on the flow.
|
|
54
|
-
*
|
|
55
|
-
* @param args.accountId - The document ID of the account this verification code is associated with.
|
|
56
|
-
* @param args.provider - The name of the authentication provider initiating the verification
|
|
57
|
-
* (e.g. `"resend-otp"`, `"twilio-otp"`, `"google"`).
|
|
58
|
-
* @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).
|
|
59
|
-
* @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.
|
|
60
|
-
* @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.
|
|
61
|
-
* @param args.emailVerified - An optional email address that will be marked as verified upon successful
|
|
62
|
-
* code redemption.
|
|
63
|
-
* @param args.phoneVerified - An optional phone number that will be marked as verified upon successful
|
|
64
|
-
* code redemption.
|
|
65
|
-
* @returns The document ID of the newly created verification code.
|
|
66
|
-
*
|
|
67
|
-
* @example
|
|
68
|
-
* ```ts
|
|
69
|
-
* const codeId = await ctx.runMutation(
|
|
70
|
-
* component.identity.codes.verificationCodeCreate,
|
|
71
|
-
* {
|
|
72
|
-
* accountId: account._id,
|
|
73
|
-
* provider: "resend-otp",
|
|
74
|
-
* code: "482910",
|
|
75
|
-
* expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes
|
|
76
|
-
* emailVerified: "alice@example.com",
|
|
77
|
-
* },
|
|
78
|
-
* );
|
|
79
|
-
* ```
|
|
80
|
-
*/
|
|
81
|
-
declare const verificationCodeCreate: any;
|
|
82
|
-
/**
|
|
83
|
-
* Delete a verification code document permanently.
|
|
84
|
-
*
|
|
85
|
-
* Removes the verification code from the `VerificationCode` table. This is
|
|
86
|
-
* typically called after the code has been successfully redeemed or when it
|
|
87
|
-
* needs to be invalidated (e.g. replaced by a new code).
|
|
88
|
-
*
|
|
89
|
-
* @param args.verificationCodeId - The document ID of the verification code to delete.
|
|
90
|
-
* @returns `null` on success.
|
|
91
|
-
*
|
|
92
|
-
* @example
|
|
93
|
-
* ```ts
|
|
94
|
-
* // Delete the code after successful verification
|
|
95
|
-
* await ctx.runMutation(
|
|
96
|
-
* component.identity.codes.verificationCodeDelete,
|
|
97
|
-
* { verificationCodeId: codeDoc._id },
|
|
98
|
-
* );
|
|
99
|
-
* ```
|
|
100
|
-
*/
|
|
101
|
-
declare const verificationCodeDelete: any;
|
|
102
|
-
//#endregion
|
|
103
|
-
export { codes_d_exports, verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode };
|
|
104
|
-
//# sourceMappingURL=codes.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"codes.d.ts","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"mappings":";;;;;;;;;;;;AA0BA;;;;;AAgCA;;;;;AA4CA;;cA5Ea,8BAAA;;;AA+Gb;;;;;;;;;;;;;;;;;;;cA/Ea,yBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA4CA,sBAAA;;;;;;;;;;;;;;;;;;;;cAmCA,sBAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"codes.js","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vVerificationCodeDoc } from \"../../model\";\n\n/**\n * Find a verification code by its associated account ID.\n *\n * Queries the `VerificationCode` table using the `account_id` index to locate\n * the unique verification code linked to the given account. Each account has at\n * most one active verification code at a time.\n *\n * @param args.accountId - The document ID of the account whose verification code should be retrieved.\n * @returns The verification code document if one exists for the account, or `null` otherwise.\n *\n * @example\n * ```ts\n * const code = await ctx.runQuery(\n * component.identity.codes.verificationCodeGetByAccountId,\n * { accountId: account._id },\n * );\n * if (code !== null && code.expirationTime > Date.now()) {\n * console.log(\"Active verification code exists\");\n * }\n * ```\n */\nexport const verificationCodeGetByAccountId = query({\n args: { accountId: v.id(\"Account\") },\n returns: v.union(vVerificationCodeDoc, v.null()),\n handler: async (ctx, { accountId }) => {\n return await ctx.db\n .query(\"VerificationCode\")\n .withIndex(\"account_id\", (q) => q.eq(\"accountId\", accountId as any))\n .unique();\n },\n});\n\n/**\n * Find a verification code by its code string value.\n *\n * Queries the `VerificationCode` table using the `code` index to locate the\n * unique verification code document matching the given code string. This is\n * the primary lookup used when a user submits an OTP or clicks a magic link.\n *\n * @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).\n * @returns The verification code document if a match is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const codeDoc = await ctx.runQuery(\n * component.identity.codes.verificationCodeGetByCode,\n * { code: \"482910\" },\n * );\n * if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {\n * console.log(`Code is valid for account: ${codeDoc.accountId}`);\n * }\n * ```\n */\nexport const verificationCodeGetByCode = query({\n args: { code: v.string() },\n returns: v.union(vVerificationCodeDoc, v.null()),\n handler: async (ctx, { code }) => {\n return await ctx.db\n .query(\"VerificationCode\")\n .withIndex(\"code\", (q) => q.eq(\"code\", code))\n .unique();\n },\n});\n\n/**\n * Create a new verification code for OTP, magic link, or OAuth flows.\n *\n * Inserts a document into the `VerificationCode` table that ties a short-lived\n * code to a specific account and provider. The code can be used for email OTP,\n * phone OTP, magic link, or OAuth state verification depending on the flow.\n *\n * @param args.accountId - The document ID of the account this verification code is associated with.\n * @param args.provider - The name of the authentication provider initiating the verification\n * (e.g. `\"resend-otp\"`, `\"twilio-otp\"`, `\"google\"`).\n * @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.\n * @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.\n * @param args.emailVerified - An optional email address that will be marked as verified upon successful\n * code redemption.\n * @param args.phoneVerified - An optional phone number that will be marked as verified upon successful\n * code redemption.\n * @returns The document ID of the newly created verification code.\n *\n * @example\n * ```ts\n * const codeId = await ctx.runMutation(\n * component.identity.codes.verificationCodeCreate,\n * {\n * accountId: account._id,\n * provider: \"resend-otp\",\n * code: \"482910\",\n * expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes\n * emailVerified: \"alice@example.com\",\n * },\n * );\n * ```\n */\nexport const verificationCodeCreate = mutation({\n args: {\n accountId: v.id(\"Account\"),\n provider: v.string(),\n code: v.string(),\n expirationTime: v.number(),\n verifier: v.optional(v.string()),\n emailVerified: v.optional(v.string()),\n phoneVerified: v.optional(v.string()),\n },\n returns: v.id(\"VerificationCode\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"VerificationCode\", args as any);\n },\n});\n\n/**\n * Delete a verification code document permanently.\n *\n * Removes the verification code from the `VerificationCode` table. This is\n * typically called after the code has been successfully redeemed or when it\n * needs to be invalidated (e.g. replaced by a new code).\n *\n * @param args.verificationCodeId - The document ID of the verification code to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Delete the code after successful verification\n * await ctx.runMutation(\n * component.identity.codes.verificationCodeDelete,\n * { verificationCodeId: codeDoc._id },\n * );\n * ```\n */\nexport const verificationCodeDelete = mutation({\n args: { verificationCodeId: v.id(\"VerificationCode\") },\n returns: v.null(),\n handler: async (ctx, { verificationCodeId }) => {\n await ctx.db.delete(\"VerificationCode\", verificationCodeId);\n return null;\n },\n});\n\n// ============================================================================\n// Refresh Tokens\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,MAAa,iCAAiC,MAAM;CAClD,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAiB,CAAC,CACnE,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;CAC1B,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,SAAS,MAAM,EAAE,GAAG,QAAQ,KAAK,CAAC,CAC5C,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,QAAQ;EAChB,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACtC;CACD,SAAS,EAAE,GAAG,mBAAmB;CACjC,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,oBAAoB,KAAY;;CAE9D,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,yBAAyB,SAAS;CAC7C,MAAM,EAAE,oBAAoB,EAAE,GAAG,mBAAmB,EAAE;CACtD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,yBAAyB;AAC9C,QAAM,IAAI,GAAG,OAAO,oBAAoB,mBAAmB;AAC3D,SAAO;;CAEV,CAAC"}
|
|
@@ -1,128 +0,0 @@
|
|
|
1
|
-
declare namespace sessions_d_exports {
|
|
2
|
-
export { sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* List sessions with optional filtering and cursor-based pagination.
|
|
6
|
-
*
|
|
7
|
-
* Supports filtering by `userId` to retrieve only sessions belonging to a
|
|
8
|
-
* specific user. When a `userId` filter is provided, the `user_id` index is
|
|
9
|
-
* used for efficient lookup. Results are returned as a paginated response
|
|
10
|
-
* `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the
|
|
11
|
-
* next page, or receive `null` when all results have been exhausted.
|
|
12
|
-
*
|
|
13
|
-
* @param args.where - Optional filter object. Currently supports `userId` to
|
|
14
|
-
* restrict results to sessions for a specific user.
|
|
15
|
-
* @param args.limit - Maximum number of sessions to return per page (1--100, default 50).
|
|
16
|
-
* @param args.cursor - An opaque cursor string from a previous response's `nextCursor`
|
|
17
|
-
* to continue pagination, or `null` / omitted to start from the beginning.
|
|
18
|
-
* @param args.order - Sort direction: `"asc"` or `"desc"` (default `"desc"`).
|
|
19
|
-
* @returns An object with `items` (array of session documents) and `nextCursor`
|
|
20
|
-
* (`string | null`) for fetching subsequent pages.
|
|
21
|
-
*
|
|
22
|
-
* @example
|
|
23
|
-
* ```ts
|
|
24
|
-
* // List the 10 most recent sessions for a user
|
|
25
|
-
* const page = await ctx.runQuery(
|
|
26
|
-
* component.identity.sessions.sessionList,
|
|
27
|
-
* { where: { userId: user._id }, limit: 10, order: "desc" },
|
|
28
|
-
* );
|
|
29
|
-
* for (const session of page.items) {
|
|
30
|
-
* console.log(`Session ${session._id} expires at ${session.expirationTime}`);
|
|
31
|
-
* }
|
|
32
|
-
* ```
|
|
33
|
-
*/
|
|
34
|
-
declare const sessionList: any;
|
|
35
|
-
/**
|
|
36
|
-
* Create a new session for a user with a specified expiration time.
|
|
37
|
-
*
|
|
38
|
-
* Inserts a new document into the `Session` table, linking it to the given user.
|
|
39
|
-
* The session represents an active authenticated context and is typically created
|
|
40
|
-
* after a successful sign-in or token refresh.
|
|
41
|
-
*
|
|
42
|
-
* @param args.userId - The document ID of the user this session belongs to.
|
|
43
|
-
* @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.
|
|
44
|
-
* @returns The document ID of the newly created session.
|
|
45
|
-
*
|
|
46
|
-
* @example
|
|
47
|
-
* ```ts
|
|
48
|
-
* const sessionId = await ctx.runMutation(
|
|
49
|
-
* component.identity.sessions.sessionCreate,
|
|
50
|
-
* {
|
|
51
|
-
* userId: user._id,
|
|
52
|
-
* expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days
|
|
53
|
-
* },
|
|
54
|
-
* );
|
|
55
|
-
* ```
|
|
56
|
-
*/
|
|
57
|
-
declare const sessionCreate: any;
|
|
58
|
-
/**
|
|
59
|
-
* Retrieve a single session by its Convex document ID.
|
|
60
|
-
*
|
|
61
|
-
* Performs a direct point lookup on the `Session` table. Returns `null` if the
|
|
62
|
-
* session has been deleted or never existed. This does not check whether the
|
|
63
|
-
* session has expired -- callers should compare `expirationTime` to the current
|
|
64
|
-
* time if needed.
|
|
65
|
-
*
|
|
66
|
-
* @param args.sessionId - The Convex document ID (`Id<"Session">`) of the session to retrieve.
|
|
67
|
-
* @returns The session document if it exists, or `null` otherwise.
|
|
68
|
-
*
|
|
69
|
-
* @example
|
|
70
|
-
* ```ts
|
|
71
|
-
* const session = await ctx.runQuery(
|
|
72
|
-
* component.identity.sessions.sessionGetById,
|
|
73
|
-
* { sessionId: refreshToken.sessionId },
|
|
74
|
-
* );
|
|
75
|
-
* if (session !== null && session.expirationTime > Date.now()) {
|
|
76
|
-
* console.log("Session is still active");
|
|
77
|
-
* }
|
|
78
|
-
* ```
|
|
79
|
-
*/
|
|
80
|
-
declare const sessionGetById: any;
|
|
81
|
-
/**
|
|
82
|
-
* Delete a session document.
|
|
83
|
-
*
|
|
84
|
-
* Removes the session from the `Session` table. This is a no-op if the session
|
|
85
|
-
* does not exist (i.e. was already deleted). Callers should also clean up
|
|
86
|
-
* related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the
|
|
87
|
-
* session.
|
|
88
|
-
*
|
|
89
|
-
* @param args.sessionId - The document ID of the session to delete.
|
|
90
|
-
* @returns `null` on success (including when the session was already absent).
|
|
91
|
-
*
|
|
92
|
-
* @example
|
|
93
|
-
* ```ts
|
|
94
|
-
* // Revoke a session and its tokens
|
|
95
|
-
* await ctx.runMutation(
|
|
96
|
-
* component.identity.sessions.sessionDelete,
|
|
97
|
-
* { sessionId: session._id },
|
|
98
|
-
* );
|
|
99
|
-
* await ctx.runMutation(
|
|
100
|
-
* component.identity.tokens.refreshTokenDeleteAll,
|
|
101
|
-
* { sessionId: session._id },
|
|
102
|
-
* );
|
|
103
|
-
* ```
|
|
104
|
-
*/
|
|
105
|
-
declare const sessionDelete: any;
|
|
106
|
-
/**
|
|
107
|
-
* List all sessions belonging to a specific user.
|
|
108
|
-
*
|
|
109
|
-
* Queries the `Session` table using the `user_id` index to efficiently retrieve
|
|
110
|
-
* every session document for the given user. Unlike `sessionList`, this returns
|
|
111
|
-
* all matching sessions without pagination.
|
|
112
|
-
*
|
|
113
|
-
* @param args.userId - The document ID of the user whose sessions should be retrieved.
|
|
114
|
-
* @returns An array of session documents for the specified user.
|
|
115
|
-
*
|
|
116
|
-
* @example
|
|
117
|
-
* ```ts
|
|
118
|
-
* const sessions = await ctx.runQuery(
|
|
119
|
-
* component.identity.sessions.sessionListByUser,
|
|
120
|
-
* { userId: user._id },
|
|
121
|
-
* );
|
|
122
|
-
* console.log(`User has ${sessions.length} active session(s)`);
|
|
123
|
-
* ```
|
|
124
|
-
*/
|
|
125
|
-
declare const sessionListByUser: any;
|
|
126
|
-
//#endregion
|
|
127
|
-
export { sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser, sessions_d_exports };
|
|
128
|
-
//# sourceMappingURL=sessions.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sessions.d.ts","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"mappings":";;;;;;;;;;;;;AAmCA;;;;;AAkEA;;;;;AAiCA;;;;;AAgCA;;;;;cAnIa,WAAA;;;;;;;;;;;;;;;;;;;;;;;cAkEA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAgCA,aAAA;;;;;;;;;;;;;;;;;;;;cA8BA,iBAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sessions.js","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vSessionDoc } from \"../../model\";\n\n/**\n * List sessions with optional filtering and cursor-based pagination.\n *\n * Supports filtering by `userId` to retrieve only sessions belonging to a\n * specific user. When a `userId` filter is provided, the `user_id` index is\n * used for efficient lookup. Results are returned as a paginated response\n * `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the\n * next page, or receive `null` when all results have been exhausted.\n *\n * @param args.where - Optional filter object. Currently supports `userId` to\n * restrict results to sessions for a specific user.\n * @param args.limit - Maximum number of sessions to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n * to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of session documents) and `nextCursor`\n * (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // List the 10 most recent sessions for a user\n * const page = await ctx.runQuery(\n * component.identity.sessions.sessionList,\n * { where: { userId: user._id }, limit: 10, order: \"desc\" },\n * );\n * for (const session of page.items) {\n * console.log(`Session ${session._id} expires at ${session.expirationTime}`);\n * }\n * ```\n */\nexport const sessionList = query({\n args: {\n where: v.optional(\n v.object({\n userId: v.optional(v.id(\"User\")),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vSessionDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n let q;\n if (where.userId !== undefined) {\n q = ctx.db\n .query(\"Session\")\n .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n } else {\n q = ctx.db.query(\"Session\");\n }\n\n q = q.order(order);\n\n const all = await q.collect();\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Create a new session for a user with a specified expiration time.\n *\n * Inserts a new document into the `Session` table, linking it to the given user.\n * The session represents an active authenticated context and is typically created\n * after a successful sign-in or token refresh.\n *\n * @param args.userId - The document ID of the user this session belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.\n * @returns The document ID of the newly created session.\n *\n * @example\n * ```ts\n * const sessionId = await ctx.runMutation(\n * component.identity.sessions.sessionCreate,\n * {\n * userId: user._id,\n * expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days\n * },\n * );\n * ```\n */\nexport const sessionCreate = mutation({\n args: { userId: v.id(\"User\"), expirationTime: v.number() },\n returns: v.id(\"Session\"),\n handler: async (ctx, { userId, expirationTime }) => {\n return await ctx.db.insert(\"Session\", {\n userId: userId as any,\n expirationTime,\n });\n },\n});\n\n/**\n * Retrieve a single session by its Convex document ID.\n *\n * Performs a direct point lookup on the `Session` table. Returns `null` if the\n * session has been deleted or never existed. This does not check whether the\n * session has expired -- callers should compare `expirationTime` to the current\n * time if needed.\n *\n * @param args.sessionId - The Convex document ID (`Id<\"Session\">`) of the session to retrieve.\n * @returns The session document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const session = await ctx.runQuery(\n * component.identity.sessions.sessionGetById,\n * { sessionId: refreshToken.sessionId },\n * );\n * if (session !== null && session.expirationTime > Date.now()) {\n * console.log(\"Session is still active\");\n * }\n * ```\n */\nexport const sessionGetById = query({\n args: { sessionId: v.id(\"Session\") },\n returns: v.union(vSessionDoc, v.null()),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db.get(\"Session\", sessionId);\n },\n});\n\n/**\n * Delete a session document.\n *\n * Removes the session from the `Session` table. This is a no-op if the session\n * does not exist (i.e. was already deleted). Callers should also clean up\n * related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the\n * session.\n *\n * @param args.sessionId - The document ID of the session to delete.\n * @returns `null` on success (including when the session was already absent).\n *\n * @example\n * ```ts\n * // Revoke a session and its tokens\n * await ctx.runMutation(\n * component.identity.sessions.sessionDelete,\n * { sessionId: session._id },\n * );\n * await ctx.runMutation(\n * component.identity.tokens.refreshTokenDeleteAll,\n * { sessionId: session._id },\n * );\n * ```\n */\nexport const sessionDelete = mutation({\n args: { sessionId: v.id(\"Session\") },\n returns: v.null(),\n handler: async (ctx, { sessionId }) => {\n if ((await ctx.db.get(\"Session\", sessionId)) !== null) {\n await ctx.db.delete(\"Session\", sessionId);\n }\n return null;\n },\n});\n\n/**\n * List all sessions belonging to a specific user.\n *\n * Queries the `Session` table using the `user_id` index to efficiently retrieve\n * every session document for the given user. Unlike `sessionList`, this returns\n * all matching sessions without pagination.\n *\n * @param args.userId - The document ID of the user whose sessions should be retrieved.\n * @returns An array of session documents for the specified user.\n *\n * @example\n * ```ts\n * const sessions = await ctx.runQuery(\n * component.identity.sessions.sessionListByUser,\n * { userId: user._id },\n * );\n * console.log(`User has ${sessions.length} active session(s)`);\n * ```\n */\nexport const sessionListByUser = query({\n args: { userId: v.id(\"User\") },\n returns: v.array(vSessionDoc),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"Session\")\n .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId as any))\n .collect();\n },\n});\n\n// ============================================================================\n// Verifiers\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCA,MAAa,cAAc,MAAM;CAC/B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO,EACP,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,EACjC,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,YAAY;CAChC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,WAAW,OACnB,KAAI,IAAI,GACL,MAAM,UAAU,CAChB,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,UAAU;AAG7B,MAAI,EAAE,MAAM,MAAM;EAElB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,gBAAgB,EAAE,QAAQ;EAAE;CAC1D,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,EAAE,QAAQ,qBAAqB;AAClD,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW;GAC5B;GACR;GACD,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,MAAK,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU,KAAM,KAC/C,OAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AAE3C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CAC1D,SAAS;;CAEf,CAAC"}
|
|
@@ -1,169 +0,0 @@
|
|
|
1
|
-
declare namespace tokens_d_exports {
|
|
2
|
-
export { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Create a new refresh token for a session.
|
|
6
|
-
*
|
|
7
|
-
* Inserts a document into the `RefreshToken` table. Refresh tokens are used to
|
|
8
|
-
* obtain new access tokens without requiring the user to re-authenticate. When
|
|
9
|
-
* a refresh token is rotated, the new token references the old one via
|
|
10
|
-
* `parentRefreshTokenId` to form a token chain for replay detection.
|
|
11
|
-
*
|
|
12
|
-
* @param args.sessionId - The document ID of the session this refresh token belongs to.
|
|
13
|
-
* @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.
|
|
14
|
-
* @param args.parentRefreshTokenId - The document ID of the parent refresh token that was
|
|
15
|
-
* exchanged to create this one. Omitted for the initial token in a session.
|
|
16
|
-
* @returns The document ID of the newly created refresh token.
|
|
17
|
-
*
|
|
18
|
-
* @example
|
|
19
|
-
* ```ts
|
|
20
|
-
* const tokenId = await ctx.runMutation(
|
|
21
|
-
* component.identity.tokens.refreshTokenCreate,
|
|
22
|
-
* {
|
|
23
|
-
* sessionId: session._id,
|
|
24
|
-
* expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days
|
|
25
|
-
* },
|
|
26
|
-
* );
|
|
27
|
-
* ```
|
|
28
|
-
*/
|
|
29
|
-
declare const refreshTokenCreate: any;
|
|
30
|
-
/**
|
|
31
|
-
* Retrieve a single refresh token by its Convex document ID.
|
|
32
|
-
*
|
|
33
|
-
* Performs a direct point lookup on the `RefreshToken` table. Returns `null` if
|
|
34
|
-
* the token has been deleted or never existed.
|
|
35
|
-
*
|
|
36
|
-
* @param args.refreshTokenId - The Convex document ID (`Id<"RefreshToken">`) of the token to retrieve.
|
|
37
|
-
* @returns The refresh token document if it exists, or `null` otherwise.
|
|
38
|
-
*
|
|
39
|
-
* @example
|
|
40
|
-
* ```ts
|
|
41
|
-
* const token = await ctx.runQuery(
|
|
42
|
-
* component.identity.tokens.refreshTokenGetById,
|
|
43
|
-
* { refreshTokenId: storedTokenId },
|
|
44
|
-
* );
|
|
45
|
-
* if (token !== null && token.expirationTime > Date.now()) {
|
|
46
|
-
* console.log("Refresh token is still valid");
|
|
47
|
-
* }
|
|
48
|
-
* ```
|
|
49
|
-
*/
|
|
50
|
-
declare const refreshTokenGetById: any;
|
|
51
|
-
/**
|
|
52
|
-
* Patch a refresh token document with partial data.
|
|
53
|
-
*
|
|
54
|
-
* Merges the provided fields into the existing refresh token document. This is
|
|
55
|
-
* primarily used to record `firstUsedTime` when a refresh token is first
|
|
56
|
-
* exchanged, marking it as consumed for replay detection.
|
|
57
|
-
*
|
|
58
|
-
* @param args.refreshTokenId - The document ID of the refresh token to update.
|
|
59
|
-
* @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).
|
|
60
|
-
* @returns `null` on success.
|
|
61
|
-
*
|
|
62
|
-
* @example
|
|
63
|
-
* ```ts
|
|
64
|
-
* // Mark the refresh token as used
|
|
65
|
-
* await ctx.runMutation(
|
|
66
|
-
* component.identity.tokens.refreshTokenPatch,
|
|
67
|
-
* {
|
|
68
|
-
* refreshTokenId: token._id,
|
|
69
|
-
* data: { firstUsedTime: Date.now() },
|
|
70
|
-
* },
|
|
71
|
-
* );
|
|
72
|
-
* ```
|
|
73
|
-
*/
|
|
74
|
-
declare const refreshTokenPatch: any;
|
|
75
|
-
/**
|
|
76
|
-
* Get child tokens that were created by exchanging a specific parent token.
|
|
77
|
-
*
|
|
78
|
-
* Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`
|
|
79
|
-
* index to find all tokens whose `parentRefreshTokenId` matches the provided
|
|
80
|
-
* parent. This is used for replay detection: if a parent token has more than
|
|
81
|
-
* one child, it indicates a potential token reuse attack.
|
|
82
|
-
*
|
|
83
|
-
* @param args.sessionId - The document ID of the session the tokens belong to.
|
|
84
|
-
* @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.
|
|
85
|
-
* @returns An array of refresh token documents that were derived from the specified parent token.
|
|
86
|
-
*
|
|
87
|
-
* @example
|
|
88
|
-
* ```ts
|
|
89
|
-
* const children = await ctx.runQuery(
|
|
90
|
-
* component.identity.tokens.refreshTokenGetChildren,
|
|
91
|
-
* {
|
|
92
|
-
* sessionId: session._id,
|
|
93
|
-
* parentRefreshTokenId: parentToken._id,
|
|
94
|
-
* },
|
|
95
|
-
* );
|
|
96
|
-
* if (children.length > 1) {
|
|
97
|
-
* console.warn("Possible token reuse detected!");
|
|
98
|
-
* }
|
|
99
|
-
* ```
|
|
100
|
-
*/
|
|
101
|
-
declare const refreshTokenGetChildren: any;
|
|
102
|
-
/**
|
|
103
|
-
* List all refresh tokens belonging to a specific session.
|
|
104
|
-
*
|
|
105
|
-
* Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`
|
|
106
|
-
* index to efficiently retrieve every refresh token associated with the given
|
|
107
|
-
* session, including both active and consumed tokens.
|
|
108
|
-
*
|
|
109
|
-
* @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.
|
|
110
|
-
* @returns An array of all refresh token documents for the specified session.
|
|
111
|
-
*
|
|
112
|
-
* @example
|
|
113
|
-
* ```ts
|
|
114
|
-
* const tokens = await ctx.runQuery(
|
|
115
|
-
* component.identity.tokens.refreshTokenListBySession,
|
|
116
|
-
* { sessionId: session._id },
|
|
117
|
-
* );
|
|
118
|
-
* console.log(`Session has ${tokens.length} refresh token(s)`);
|
|
119
|
-
* ```
|
|
120
|
-
*/
|
|
121
|
-
declare const refreshTokenListBySession: any;
|
|
122
|
-
/**
|
|
123
|
-
* Delete all refresh tokens for a session.
|
|
124
|
-
*
|
|
125
|
-
* Queries the `RefreshToken` table for all tokens belonging to the given session
|
|
126
|
-
* and deletes them in parallel. This is typically called when a session is
|
|
127
|
-
* revoked or when token reuse is detected, effectively invalidating the entire
|
|
128
|
-
* token chain for that session.
|
|
129
|
-
*
|
|
130
|
-
* @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.
|
|
131
|
-
* @returns `null` on success.
|
|
132
|
-
*
|
|
133
|
-
* @example
|
|
134
|
-
* ```ts
|
|
135
|
-
* // Invalidate all tokens for a compromised session
|
|
136
|
-
* await ctx.runMutation(
|
|
137
|
-
* component.identity.tokens.refreshTokenDeleteAll,
|
|
138
|
-
* { sessionId: session._id },
|
|
139
|
-
* );
|
|
140
|
-
* ```
|
|
141
|
-
*/
|
|
142
|
-
declare const refreshTokenDeleteAll: any;
|
|
143
|
-
/**
|
|
144
|
-
* Get the active (unused) refresh token for a session.
|
|
145
|
-
*
|
|
146
|
-
* Queries the `RefreshToken` table using the `session_id_first_used` index to
|
|
147
|
-
* find the most recently created token for the session that has not yet been
|
|
148
|
-
* exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current
|
|
149
|
-
* valid refresh token the client should be holding.
|
|
150
|
-
*
|
|
151
|
-
* @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.
|
|
152
|
-
* @returns The most recent unused refresh token document, or `null` if no active token exists
|
|
153
|
-
* (e.g. all tokens have been consumed or the session has no tokens).
|
|
154
|
-
*
|
|
155
|
-
* @example
|
|
156
|
-
* ```ts
|
|
157
|
-
* const activeToken = await ctx.runQuery(
|
|
158
|
-
* component.identity.tokens.refreshTokenGetActive,
|
|
159
|
-
* { sessionId: session._id },
|
|
160
|
-
* );
|
|
161
|
-
* if (activeToken !== null) {
|
|
162
|
-
* console.log(`Active token expires at: ${activeToken.expirationTime}`);
|
|
163
|
-
* }
|
|
164
|
-
* ```
|
|
165
|
-
*/
|
|
166
|
-
declare const refreshTokenGetActive: any;
|
|
167
|
-
//#endregion
|
|
168
|
-
export { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch, tokens_d_exports };
|
|
169
|
-
//# sourceMappingURL=tokens.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"tokens.d.ts","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"mappings":";;;;;;;;;;;;;;;AA8BA;;;;;AAgCA;;;;;AA+BA;;;cA/Da,kBAAA;;AAkGb;;;;;AAqCA;;;;;AAiCA;;;;;AAwCA;;;;cAhLa,mBAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,uBAAA;;;;;;;;;;;;;;;;;;;;cAqCA,yBAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,qBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAwCA,qBAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"tokens.js","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vRefreshTokenDoc } from \"../../model\";\n\n/**\n * Create a new refresh token for a session.\n *\n * Inserts a document into the `RefreshToken` table. Refresh tokens are used to\n * obtain new access tokens without requiring the user to re-authenticate. When\n * a refresh token is rotated, the new token references the old one via\n * `parentRefreshTokenId` to form a token chain for replay detection.\n *\n * @param args.sessionId - The document ID of the session this refresh token belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token that was\n * exchanged to create this one. Omitted for the initial token in a session.\n * @returns The document ID of the newly created refresh token.\n *\n * @example\n * ```ts\n * const tokenId = await ctx.runMutation(\n * component.identity.tokens.refreshTokenCreate,\n * {\n * sessionId: session._id,\n * expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days\n * },\n * );\n * ```\n */\nexport const refreshTokenCreate = mutation({\n args: {\n sessionId: v.id(\"Session\"),\n expirationTime: v.number(),\n parentRefreshTokenId: v.optional(v.id(\"RefreshToken\")),\n },\n returns: v.id(\"RefreshToken\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"RefreshToken\", args as any);\n },\n});\n\n/**\n * Retrieve a single refresh token by its Convex document ID.\n *\n * Performs a direct point lookup on the `RefreshToken` table. Returns `null` if\n * the token has been deleted or never existed.\n *\n * @param args.refreshTokenId - The Convex document ID (`Id<\"RefreshToken\">`) of the token to retrieve.\n * @returns The refresh token document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const token = await ctx.runQuery(\n * component.identity.tokens.refreshTokenGetById,\n * { refreshTokenId: storedTokenId },\n * );\n * if (token !== null && token.expirationTime > Date.now()) {\n * console.log(\"Refresh token is still valid\");\n * }\n * ```\n */\nexport const refreshTokenGetById = query({\n args: { refreshTokenId: v.id(\"RefreshToken\") },\n returns: v.union(vRefreshTokenDoc, v.null()),\n handler: async (ctx, { refreshTokenId }) => {\n return await ctx.db.get(\"RefreshToken\", refreshTokenId);\n },\n});\n\n/**\n * Patch a refresh token document with partial data.\n *\n * Merges the provided fields into the existing refresh token document. This is\n * primarily used to record `firstUsedTime` when a refresh token is first\n * exchanged, marking it as consumed for replay detection.\n *\n * @param args.refreshTokenId - The document ID of the refresh token to update.\n * @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Mark the refresh token as used\n * await ctx.runMutation(\n * component.identity.tokens.refreshTokenPatch,\n * {\n * refreshTokenId: token._id,\n * data: { firstUsedTime: Date.now() },\n * },\n * );\n * ```\n */\nexport const refreshTokenPatch = mutation({\n args: { refreshTokenId: v.id(\"RefreshToken\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { refreshTokenId, data }) => {\n await ctx.db.patch(\"RefreshToken\", refreshTokenId, data);\n return null;\n },\n});\n\n/**\n * Get child tokens that were created by exchanging a specific parent token.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to find all tokens whose `parentRefreshTokenId` matches the provided\n * parent. This is used for replay detection: if a parent token has more than\n * one child, it indicates a potential token reuse attack.\n *\n * @param args.sessionId - The document ID of the session the tokens belong to.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.\n * @returns An array of refresh token documents that were derived from the specified parent token.\n *\n * @example\n * ```ts\n * const children = await ctx.runQuery(\n * component.identity.tokens.refreshTokenGetChildren,\n * {\n * sessionId: session._id,\n * parentRefreshTokenId: parentToken._id,\n * },\n * );\n * if (children.length > 1) {\n * console.warn(\"Possible token reuse detected!\");\n * }\n * ```\n */\nexport const refreshTokenGetChildren = query({\n args: {\n sessionId: v.id(\"Session\"),\n parentRefreshTokenId: v.id(\"RefreshToken\"),\n },\n returns: v.array(vRefreshTokenDoc),\n handler: async (ctx, { sessionId, parentRefreshTokenId }) => {\n return await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n q\n .eq(\"sessionId\", sessionId as any)\n .eq(\"parentRefreshTokenId\", parentRefreshTokenId as any),\n )\n .collect();\n },\n});\n\n/**\n * List all refresh tokens belonging to a specific session.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to efficiently retrieve every refresh token associated with the given\n * session, including both active and consumed tokens.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.\n * @returns An array of all refresh token documents for the specified session.\n *\n * @example\n * ```ts\n * const tokens = await ctx.runQuery(\n * component.identity.tokens.refreshTokenListBySession,\n * { sessionId: session._id },\n * );\n * console.log(`Session has ${tokens.length} refresh token(s)`);\n * ```\n */\nexport const refreshTokenListBySession = query({\n args: { sessionId: v.id(\"Session\") },\n returns: v.array(vRefreshTokenDoc),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n q.eq(\"sessionId\", sessionId as any),\n )\n .collect();\n },\n});\n\n/**\n * Delete all refresh tokens for a session.\n *\n * Queries the `RefreshToken` table for all tokens belonging to the given session\n * and deletes them in parallel. This is typically called when a session is\n * revoked or when token reuse is detected, effectively invalidating the entire\n * token chain for that session.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Invalidate all tokens for a compromised session\n * await ctx.runMutation(\n * component.identity.tokens.refreshTokenDeleteAll,\n * { sessionId: session._id },\n * );\n * ```\n */\nexport const refreshTokenDeleteAll = mutation({\n args: { sessionId: v.id(\"Session\") },\n returns: v.null(),\n handler: async (ctx, { sessionId }) => {\n const tokens = await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n q.eq(\"sessionId\", sessionId as any),\n )\n .collect();\n await Promise.all(\n tokens.map((token) => ctx.db.delete(\"RefreshToken\", token._id)),\n );\n return null;\n },\n});\n\n/**\n * Get the active (unused) refresh token for a session.\n *\n * Queries the `RefreshToken` table using the `session_id_first_used` index to\n * find the most recently created token for the session that has not yet been\n * exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current\n * valid refresh token the client should be holding.\n *\n * @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.\n * @returns The most recent unused refresh token document, or `null` if no active token exists\n * (e.g. all tokens have been consumed or the session has no tokens).\n *\n * @example\n * ```ts\n * const activeToken = await ctx.runQuery(\n * component.identity.tokens.refreshTokenGetActive,\n * { sessionId: session._id },\n * );\n * if (activeToken !== null) {\n * console.log(`Active token expires at: ${activeToken.expirationTime}`);\n * }\n * ```\n */\nexport const refreshTokenGetActive = query({\n args: { sessionId: v.id(\"Session\") },\n returns: v.union(vRefreshTokenDoc, v.null()),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_first_used\", (q) =>\n q.eq(\"sessionId\", sessionId as any).eq(\"firstUsedTime\", undefined),\n )\n .order(\"desc\")\n .first();\n },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,MAAa,qBAAqB,SAAS;CACzC,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,gBAAgB,EAAE,QAAQ;EAC1B,sBAAsB,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC;EACvD;CACD,SAAS,EAAE,GAAG,eAAe;CAC7B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,gBAAgB,KAAY;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,gBAAgB,EAAE,GAAG,eAAe,EAAE;CAC9C,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,qBAAqB;AAC1C,SAAO,MAAM,IAAI,GAAG,IAAI,gBAAgB,eAAe;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,gBAAgB,EAAE,GAAG,eAAe;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB,WAAW;AAChD,QAAM,IAAI,GAAG,MAAM,gBAAgB,gBAAgB,KAAK;AACxD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BF,MAAa,0BAA0B,MAAM;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,sBAAsB,EAAE,GAAG,eAAe;EAC3C;CACD,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,WAAW,2BAA2B;AAC3D,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EACG,GAAG,aAAa,UAAiB,CACjC,GAAG,wBAAwB,qBAA4B,CAC3D,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,wBAAwB,SAAS;CAC5C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;EACrC,MAAM,SAAS,MAAM,IAAI,GACtB,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;AACZ,QAAM,QAAQ,IACZ,OAAO,KAAK,UAAU,IAAI,GAAG,OAAO,gBAAgB,MAAM,IAAI,CAAC,CAChE;AACD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,wBAAwB,MAAM;CACzC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,0BAA0B,MACnC,EAAE,GAAG,aAAa,UAAiB,CAAC,GAAG,iBAAiB,OAAU,CACnE,CACA,MAAM,OAAO,CACb,OAAO;;CAEb,CAAC"}
|