@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,147 +0,0 @@
1
- declare namespace accounts_d_exports {
2
- export { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch };
3
- }
4
- /**
5
- * List all accounts linked to a specific user.
6
- *
7
- * Queries the `Account` table using the `user_id_provider` index to efficiently
8
- * retrieve every authentication account (e.g. OAuth, credentials, email) that
9
- * belongs to the given user.
10
- *
11
- * @param args.userId - The document ID of the user whose accounts should be retrieved.
12
- * @returns An array of account documents associated with the user. Each document
13
- * includes fields such as `provider`, `providerAccountId`, `secret`, and `extend`.
14
- *
15
- * @example
16
- * ```ts
17
- * const accounts = await ctx.runQuery(
18
- * component.identity.accounts.accountListByUser,
19
- * { userId: user._id },
20
- * );
21
- * for (const account of accounts) {
22
- * console.log(`Provider: ${account.provider}, ID: ${account.providerAccountId}`);
23
- * }
24
- * ```
25
- */
26
- declare const accountListByUser: any;
27
- /**
28
- * Look up an account by its provider name and provider-specific account ID.
29
- *
30
- * Uses the `provider_account_id` index to find the unique account that matches
31
- * the given provider and external account identifier. This is the primary way
32
- * to resolve an incoming authentication event (e.g. an OAuth callback) to an
33
- * existing account in the system.
34
- *
35
- * @param args.provider - The name of the authentication provider (e.g. `"google"`, `"github"`, `"credentials"`).
36
- * @param args.providerAccountId - The unique identifier assigned to the user by the external provider.
37
- * @returns The matching account document, or `null` if no account exists for the
38
- * given provider and provider account ID combination.
39
- *
40
- * @example
41
- * ```ts
42
- * const account = await ctx.runQuery(
43
- * component.identity.accounts.accountGet,
44
- * { provider: "google", providerAccountId: "1184210396400123" },
45
- * );
46
- * if (account !== null) {
47
- * console.log(`Found account for user: ${account.userId}`);
48
- * }
49
- * ```
50
- */
51
- declare const accountGet: any;
52
- /**
53
- * Retrieve a single account by its Convex document ID.
54
- *
55
- * Performs a direct point lookup on the `Account` table. Returns `null` if the
56
- * document has been deleted or never existed.
57
- *
58
- * @param args.accountId - The Convex document ID (`Id<"Account">`) of the account to retrieve.
59
- * @returns The account document if it exists, or `null` otherwise.
60
- *
61
- * @example
62
- * ```ts
63
- * const account = await ctx.runQuery(
64
- * component.identity.accounts.accountGetById,
65
- * { accountId: existingAccountId },
66
- * );
67
- * if (account !== null) {
68
- * console.log(`Provider: ${account.provider}`);
69
- * }
70
- * ```
71
- */
72
- declare const accountGetById: any;
73
- /**
74
- * Create a new account that links a user to an authentication provider.
75
- *
76
- * Inserts a row into the `Account` table, establishing the relationship between
77
- * a user document and an external authentication provider (OAuth, credentials,
78
- * email/phone OTP, etc.). A single user may have multiple accounts for different
79
- * providers.
80
- *
81
- * @param args.userId - The document ID of the user to link this account to.
82
- * @param args.provider - The name of the authentication provider (e.g. `"google"`, `"credentials"`).
83
- * @param args.providerAccountId - The unique identifier for this user within the external provider.
84
- * @param args.secret - An optional hashed secret (e.g. password hash) stored for credential-based providers.
85
- * @param args.extend - Optional arbitrary data to store alongside the account for application-specific needs.
86
- * @returns The document ID of the newly created account.
87
- *
88
- * @example
89
- * ```ts
90
- * const accountId = await ctx.runMutation(
91
- * component.identity.accounts.accountInsert,
92
- * {
93
- * userId: user._id,
94
- * provider: "credentials",
95
- * providerAccountId: "user@example.com",
96
- * secret: hashedPassword,
97
- * },
98
- * );
99
- * ```
100
- */
101
- declare const accountInsert: any;
102
- /**
103
- * Patch an existing account document with partial data.
104
- *
105
- * Merges the provided fields into the existing account document. Fields not
106
- * included in `data` are left unchanged. This is useful for updating a stored
107
- * secret (e.g. after a password change) or modifying extended metadata.
108
- *
109
- * @param args.accountId - The document ID of the account to update.
110
- * @param args.data - A partial object containing the fields to merge into the account document.
111
- * @returns `null` on success.
112
- *
113
- * @example
114
- * ```ts
115
- * await ctx.runMutation(
116
- * component.identity.accounts.accountPatch,
117
- * {
118
- * accountId: account._id,
119
- * data: { secret: newHashedPassword },
120
- * },
121
- * );
122
- * ```
123
- */
124
- declare const accountPatch: any;
125
- /**
126
- * Delete an account document permanently.
127
- *
128
- * Removes the account from the `Account` table. This effectively unlinks the
129
- * user from the corresponding authentication provider. Callers should ensure
130
- * that related resources (verification codes, sessions, etc.) are cleaned up
131
- * separately if needed.
132
- *
133
- * @param args.accountId - The document ID of the account to delete.
134
- * @returns `null` on success.
135
- *
136
- * @example
137
- * ```ts
138
- * await ctx.runMutation(
139
- * component.identity.accounts.accountDelete,
140
- * { accountId: account._id },
141
- * );
142
- * ```
143
- */
144
- declare const accountDelete: any;
145
- //#endregion
146
- export { accountDelete, accountGet, accountGetById, accountInsert, accountListByUser, accountPatch, accounts_d_exports };
147
- //# sourceMappingURL=accounts.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"accounts.d.ts","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"mappings":";;;;;;;;;;;;;;AA2BA;;;;;AAmCA;;;;;AAiCA;cApEa,iBAAA;;;;AAwGb;;;;;AAoCA;;;;;AA4BA;;;;;;;;;;;cArIa,UAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAoCA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAoCA,YAAA;;;;;;;;;;;;;;;;;;;;cA4BA,aAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"accounts.js","names":[],"sources":["../../../../src/component/public/identity/accounts.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vAccountDoc } from \"../../model\";\n\n/**\n * List all accounts linked to a specific user.\n *\n * Queries the `Account` table using the `user_id_provider` index to efficiently\n * retrieve every authentication account (e.g. OAuth, credentials, email) that\n * belongs to the given user.\n *\n * @param args.userId - The document ID of the user whose accounts should be retrieved.\n * @returns An array of account documents associated with the user. Each document\n * includes fields such as `provider`, `providerAccountId`, `secret`, and `extend`.\n *\n * @example\n * ```ts\n * const accounts = await ctx.runQuery(\n * component.identity.accounts.accountListByUser,\n * { userId: user._id },\n * );\n * for (const account of accounts) {\n * console.log(`Provider: ${account.provider}, ID: ${account.providerAccountId}`);\n * }\n * ```\n */\nexport const accountListByUser = query({\n args: { userId: v.id(\"User\") },\n returns: v.array(vAccountDoc),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"Account\")\n .withIndex(\"user_id_provider\", (q) => q.eq(\"userId\", userId as any))\n .collect();\n },\n});\n\n/**\n * Look up an account by its provider name and provider-specific account ID.\n *\n * Uses the `provider_account_id` index to find the unique account that matches\n * the given provider and external account identifier. This is the primary way\n * to resolve an incoming authentication event (e.g. an OAuth callback) to an\n * existing account in the system.\n *\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"github\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier assigned to the user by the external provider.\n * @returns The matching account document, or `null` if no account exists for the\n * given provider and provider account ID combination.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n * component.identity.accounts.accountGet,\n * { provider: \"google\", providerAccountId: \"1184210396400123\" },\n * );\n * if (account !== null) {\n * console.log(`Found account for user: ${account.userId}`);\n * }\n * ```\n */\nexport const accountGet = query({\n args: { provider: v.string(), providerAccountId: v.string() },\n returns: v.union(vAccountDoc, v.null()),\n handler: async (ctx, { provider, providerAccountId }) => {\n return await ctx.db\n .query(\"Account\")\n .withIndex(\"provider_account_id\", (q) =>\n q.eq(\"provider\", provider).eq(\"providerAccountId\", providerAccountId),\n )\n .unique();\n },\n});\n\n/**\n * Retrieve a single account by its Convex document ID.\n *\n * Performs a direct point lookup on the `Account` table. Returns `null` if the\n * document has been deleted or never existed.\n *\n * @param args.accountId - The Convex document ID (`Id<\"Account\">`) of the account to retrieve.\n * @returns The account document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const account = await ctx.runQuery(\n * component.identity.accounts.accountGetById,\n * { accountId: existingAccountId },\n * );\n * if (account !== null) {\n * console.log(`Provider: ${account.provider}`);\n * }\n * ```\n */\nexport const accountGetById = query({\n args: { accountId: v.id(\"Account\") },\n returns: v.union(vAccountDoc, v.null()),\n handler: async (ctx, { accountId }) => {\n return await ctx.db.get(\"Account\", accountId);\n },\n});\n\n/**\n * Create a new account that links a user to an authentication provider.\n *\n * Inserts a row into the `Account` table, establishing the relationship between\n * a user document and an external authentication provider (OAuth, credentials,\n * email/phone OTP, etc.). A single user may have multiple accounts for different\n * providers.\n *\n * @param args.userId - The document ID of the user to link this account to.\n * @param args.provider - The name of the authentication provider (e.g. `\"google\"`, `\"credentials\"`).\n * @param args.providerAccountId - The unique identifier for this user within the external provider.\n * @param args.secret - An optional hashed secret (e.g. password hash) stored for credential-based providers.\n * @param args.extend - Optional arbitrary data to store alongside the account for application-specific needs.\n * @returns The document ID of the newly created account.\n *\n * @example\n * ```ts\n * const accountId = await ctx.runMutation(\n * component.identity.accounts.accountInsert,\n * {\n * userId: user._id,\n * provider: \"credentials\",\n * providerAccountId: \"user@example.com\",\n * secret: hashedPassword,\n * },\n * );\n * ```\n */\nexport const accountInsert = mutation({\n args: {\n userId: v.id(\"User\"),\n provider: v.string(),\n providerAccountId: v.string(),\n secret: v.optional(v.string()),\n extend: v.optional(v.any()),\n },\n returns: v.id(\"Account\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"Account\", args as any);\n },\n});\n\n/**\n * Patch an existing account document with partial data.\n *\n * Merges the provided fields into the existing account document. Fields not\n * included in `data` are left unchanged. This is useful for updating a stored\n * secret (e.g. after a password change) or modifying extended metadata.\n *\n * @param args.accountId - The document ID of the account to update.\n * @param args.data - A partial object containing the fields to merge into the account document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.accounts.accountPatch,\n * {\n * accountId: account._id,\n * data: { secret: newHashedPassword },\n * },\n * );\n * ```\n */\nexport const accountPatch = mutation({\n args: { accountId: v.id(\"Account\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { accountId, data }) => {\n await ctx.db.patch(\"Account\", accountId, data);\n return null;\n },\n});\n\n/**\n * Delete an account document permanently.\n *\n * Removes the account from the `Account` table. This effectively unlinks the\n * user from the corresponding authentication provider. Callers should ensure\n * that related resources (verification codes, sessions, etc.) are cleaned up\n * separately if needed.\n *\n * @param args.accountId - The document ID of the account to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.accounts.accountDelete,\n * { accountId: account._id },\n * );\n * ```\n */\nexport const accountDelete = mutation({\n args: { accountId: v.id(\"Account\") },\n returns: v.null(),\n handler: async (ctx, { accountId }) => {\n await ctx.db.delete(\"Account\", accountId);\n return null;\n },\n});\n\n// ============================================================================\n// Sessions\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,qBAAqB,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CACnE,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,aAAa,MAAM;CAC9B,MAAM;EAAE,UAAU,EAAE,QAAQ;EAAE,mBAAmB,EAAE,QAAQ;EAAE;CAC7D,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,UAAU,wBAAwB;AACvD,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,wBAAwB,MACjC,EAAE,GAAG,YAAY,SAAS,CAAC,GAAG,qBAAqB,kBAAkB,CACtE,CACA,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,UAAU,EAAE,QAAQ;EACpB,mBAAmB,EAAE,QAAQ;EAC7B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC9B,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC;EAC5B;CACD,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW,KAAY;;CAErD,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,eAAe,SAAS;CACnC,MAAM;EAAE,WAAW,EAAE,GAAG,UAAU;EAAE,MAAM,EAAE,KAAK;EAAE;CACnD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,WAAW,WAAW;AAC3C,QAAM,IAAI,GAAG,MAAM,WAAW,WAAW,KAAK;AAC9C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,QAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AACzC,SAAO;;CAEV,CAAC"}
@@ -1,104 +0,0 @@
1
- declare namespace codes_d_exports {
2
- export { verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode };
3
- }
4
- /**
5
- * Find a verification code by its associated account ID.
6
- *
7
- * Queries the `VerificationCode` table using the `account_id` index to locate
8
- * the unique verification code linked to the given account. Each account has at
9
- * most one active verification code at a time.
10
- *
11
- * @param args.accountId - The document ID of the account whose verification code should be retrieved.
12
- * @returns The verification code document if one exists for the account, or `null` otherwise.
13
- *
14
- * @example
15
- * ```ts
16
- * const code = await ctx.runQuery(
17
- * component.identity.codes.verificationCodeGetByAccountId,
18
- * { accountId: account._id },
19
- * );
20
- * if (code !== null && code.expirationTime > Date.now()) {
21
- * console.log("Active verification code exists");
22
- * }
23
- * ```
24
- */
25
- declare const verificationCodeGetByAccountId: any;
26
- /**
27
- * Find a verification code by its code string value.
28
- *
29
- * Queries the `VerificationCode` table using the `code` index to locate the
30
- * unique verification code document matching the given code string. This is
31
- * the primary lookup used when a user submits an OTP or clicks a magic link.
32
- *
33
- * @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).
34
- * @returns The verification code document if a match is found, or `null` otherwise.
35
- *
36
- * @example
37
- * ```ts
38
- * const codeDoc = await ctx.runQuery(
39
- * component.identity.codes.verificationCodeGetByCode,
40
- * { code: "482910" },
41
- * );
42
- * if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {
43
- * console.log(`Code is valid for account: ${codeDoc.accountId}`);
44
- * }
45
- * ```
46
- */
47
- declare const verificationCodeGetByCode: any;
48
- /**
49
- * Create a new verification code for OTP, magic link, or OAuth flows.
50
- *
51
- * Inserts a document into the `VerificationCode` table that ties a short-lived
52
- * code to a specific account and provider. The code can be used for email OTP,
53
- * phone OTP, magic link, or OAuth state verification depending on the flow.
54
- *
55
- * @param args.accountId - The document ID of the account this verification code is associated with.
56
- * @param args.provider - The name of the authentication provider initiating the verification
57
- * (e.g. `"resend-otp"`, `"twilio-otp"`, `"google"`).
58
- * @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).
59
- * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.
60
- * @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.
61
- * @param args.emailVerified - An optional email address that will be marked as verified upon successful
62
- * code redemption.
63
- * @param args.phoneVerified - An optional phone number that will be marked as verified upon successful
64
- * code redemption.
65
- * @returns The document ID of the newly created verification code.
66
- *
67
- * @example
68
- * ```ts
69
- * const codeId = await ctx.runMutation(
70
- * component.identity.codes.verificationCodeCreate,
71
- * {
72
- * accountId: account._id,
73
- * provider: "resend-otp",
74
- * code: "482910",
75
- * expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes
76
- * emailVerified: "alice@example.com",
77
- * },
78
- * );
79
- * ```
80
- */
81
- declare const verificationCodeCreate: any;
82
- /**
83
- * Delete a verification code document permanently.
84
- *
85
- * Removes the verification code from the `VerificationCode` table. This is
86
- * typically called after the code has been successfully redeemed or when it
87
- * needs to be invalidated (e.g. replaced by a new code).
88
- *
89
- * @param args.verificationCodeId - The document ID of the verification code to delete.
90
- * @returns `null` on success.
91
- *
92
- * @example
93
- * ```ts
94
- * // Delete the code after successful verification
95
- * await ctx.runMutation(
96
- * component.identity.codes.verificationCodeDelete,
97
- * { verificationCodeId: codeDoc._id },
98
- * );
99
- * ```
100
- */
101
- declare const verificationCodeDelete: any;
102
- //#endregion
103
- export { codes_d_exports, verificationCodeCreate, verificationCodeDelete, verificationCodeGetByAccountId, verificationCodeGetByCode };
104
- //# sourceMappingURL=codes.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"codes.d.ts","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"mappings":";;;;;;;;;;;;AA0BA;;;;;AAgCA;;;;;AA4CA;;cA5Ea,8BAAA;;;AA+Gb;;;;;;;;;;;;;;;;;;;cA/Ea,yBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA4CA,sBAAA;;;;;;;;;;;;;;;;;;;;cAmCA,sBAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"codes.js","names":[],"sources":["../../../../src/component/public/identity/codes.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vVerificationCodeDoc } from \"../../model\";\n\n/**\n * Find a verification code by its associated account ID.\n *\n * Queries the `VerificationCode` table using the `account_id` index to locate\n * the unique verification code linked to the given account. Each account has at\n * most one active verification code at a time.\n *\n * @param args.accountId - The document ID of the account whose verification code should be retrieved.\n * @returns The verification code document if one exists for the account, or `null` otherwise.\n *\n * @example\n * ```ts\n * const code = await ctx.runQuery(\n * component.identity.codes.verificationCodeGetByAccountId,\n * { accountId: account._id },\n * );\n * if (code !== null && code.expirationTime > Date.now()) {\n * console.log(\"Active verification code exists\");\n * }\n * ```\n */\nexport const verificationCodeGetByAccountId = query({\n args: { accountId: v.id(\"Account\") },\n returns: v.union(vVerificationCodeDoc, v.null()),\n handler: async (ctx, { accountId }) => {\n return await ctx.db\n .query(\"VerificationCode\")\n .withIndex(\"account_id\", (q) => q.eq(\"accountId\", accountId as any))\n .unique();\n },\n});\n\n/**\n * Find a verification code by its code string value.\n *\n * Queries the `VerificationCode` table using the `code` index to locate the\n * unique verification code document matching the given code string. This is\n * the primary lookup used when a user submits an OTP or clicks a magic link.\n *\n * @param args.code - The verification code string to look up (e.g. a 6-digit OTP or a magic-link token).\n * @returns The verification code document if a match is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const codeDoc = await ctx.runQuery(\n * component.identity.codes.verificationCodeGetByCode,\n * { code: \"482910\" },\n * );\n * if (codeDoc !== null && codeDoc.expirationTime > Date.now()) {\n * console.log(`Code is valid for account: ${codeDoc.accountId}`);\n * }\n * ```\n */\nexport const verificationCodeGetByCode = query({\n args: { code: v.string() },\n returns: v.union(vVerificationCodeDoc, v.null()),\n handler: async (ctx, { code }) => {\n return await ctx.db\n .query(\"VerificationCode\")\n .withIndex(\"code\", (q) => q.eq(\"code\", code))\n .unique();\n },\n});\n\n/**\n * Create a new verification code for OTP, magic link, or OAuth flows.\n *\n * Inserts a document into the `VerificationCode` table that ties a short-lived\n * code to a specific account and provider. The code can be used for email OTP,\n * phone OTP, magic link, or OAuth state verification depending on the flow.\n *\n * @param args.accountId - The document ID of the account this verification code is associated with.\n * @param args.provider - The name of the authentication provider initiating the verification\n * (e.g. `\"resend-otp\"`, `\"twilio-otp\"`, `\"google\"`).\n * @param args.code - The verification code string (e.g. a random OTP or an opaque token for magic links).\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this code expires.\n * @param args.verifier - An optional PKCE verifier string used in OAuth/OIDC flows to prevent CSRF attacks.\n * @param args.emailVerified - An optional email address that will be marked as verified upon successful\n * code redemption.\n * @param args.phoneVerified - An optional phone number that will be marked as verified upon successful\n * code redemption.\n * @returns The document ID of the newly created verification code.\n *\n * @example\n * ```ts\n * const codeId = await ctx.runMutation(\n * component.identity.codes.verificationCodeCreate,\n * {\n * accountId: account._id,\n * provider: \"resend-otp\",\n * code: \"482910\",\n * expirationTime: Date.now() + 10 * 60 * 1000, // 10 minutes\n * emailVerified: \"alice@example.com\",\n * },\n * );\n * ```\n */\nexport const verificationCodeCreate = mutation({\n args: {\n accountId: v.id(\"Account\"),\n provider: v.string(),\n code: v.string(),\n expirationTime: v.number(),\n verifier: v.optional(v.string()),\n emailVerified: v.optional(v.string()),\n phoneVerified: v.optional(v.string()),\n },\n returns: v.id(\"VerificationCode\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"VerificationCode\", args as any);\n },\n});\n\n/**\n * Delete a verification code document permanently.\n *\n * Removes the verification code from the `VerificationCode` table. This is\n * typically called after the code has been successfully redeemed or when it\n * needs to be invalidated (e.g. replaced by a new code).\n *\n * @param args.verificationCodeId - The document ID of the verification code to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Delete the code after successful verification\n * await ctx.runMutation(\n * component.identity.codes.verificationCodeDelete,\n * { verificationCodeId: codeDoc._id },\n * );\n * ```\n */\nexport const verificationCodeDelete = mutation({\n args: { verificationCodeId: v.id(\"VerificationCode\") },\n returns: v.null(),\n handler: async (ctx, { verificationCodeId }) => {\n await ctx.db.delete(\"VerificationCode\", verificationCodeId);\n return null;\n },\n});\n\n// ============================================================================\n// Refresh Tokens\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,MAAa,iCAAiC,MAAM;CAClD,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAiB,CAAC,CACnE,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;AAuBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;CAC1B,SAAS,EAAE,MAAM,sBAAsB,EAAE,MAAM,CAAC;CAChD,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GACd,MAAM,mBAAmB,CACzB,UAAU,SAAS,MAAM,EAAE,GAAG,QAAQ,KAAK,CAAC,CAC5C,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCF,MAAa,yBAAyB,SAAS;CAC7C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,QAAQ;EAChB,gBAAgB,EAAE,QAAQ;EAC1B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EAChC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACrC,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC;EACtC;CACD,SAAS,EAAE,GAAG,mBAAmB;CACjC,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,oBAAoB,KAAY;;CAE9D,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,yBAAyB,SAAS;CAC7C,MAAM,EAAE,oBAAoB,EAAE,GAAG,mBAAmB,EAAE;CACtD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,yBAAyB;AAC9C,QAAM,IAAI,GAAG,OAAO,oBAAoB,mBAAmB;AAC3D,SAAO;;CAEV,CAAC"}
@@ -1,128 +0,0 @@
1
- declare namespace sessions_d_exports {
2
- export { sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser };
3
- }
4
- /**
5
- * List sessions with optional filtering and cursor-based pagination.
6
- *
7
- * Supports filtering by `userId` to retrieve only sessions belonging to a
8
- * specific user. When a `userId` filter is provided, the `user_id` index is
9
- * used for efficient lookup. Results are returned as a paginated response
10
- * `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the
11
- * next page, or receive `null` when all results have been exhausted.
12
- *
13
- * @param args.where - Optional filter object. Currently supports `userId` to
14
- * restrict results to sessions for a specific user.
15
- * @param args.limit - Maximum number of sessions to return per page (1--100, default 50).
16
- * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`
17
- * to continue pagination, or `null` / omitted to start from the beginning.
18
- * @param args.order - Sort direction: `"asc"` or `"desc"` (default `"desc"`).
19
- * @returns An object with `items` (array of session documents) and `nextCursor`
20
- * (`string | null`) for fetching subsequent pages.
21
- *
22
- * @example
23
- * ```ts
24
- * // List the 10 most recent sessions for a user
25
- * const page = await ctx.runQuery(
26
- * component.identity.sessions.sessionList,
27
- * { where: { userId: user._id }, limit: 10, order: "desc" },
28
- * );
29
- * for (const session of page.items) {
30
- * console.log(`Session ${session._id} expires at ${session.expirationTime}`);
31
- * }
32
- * ```
33
- */
34
- declare const sessionList: any;
35
- /**
36
- * Create a new session for a user with a specified expiration time.
37
- *
38
- * Inserts a new document into the `Session` table, linking it to the given user.
39
- * The session represents an active authenticated context and is typically created
40
- * after a successful sign-in or token refresh.
41
- *
42
- * @param args.userId - The document ID of the user this session belongs to.
43
- * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.
44
- * @returns The document ID of the newly created session.
45
- *
46
- * @example
47
- * ```ts
48
- * const sessionId = await ctx.runMutation(
49
- * component.identity.sessions.sessionCreate,
50
- * {
51
- * userId: user._id,
52
- * expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days
53
- * },
54
- * );
55
- * ```
56
- */
57
- declare const sessionCreate: any;
58
- /**
59
- * Retrieve a single session by its Convex document ID.
60
- *
61
- * Performs a direct point lookup on the `Session` table. Returns `null` if the
62
- * session has been deleted or never existed. This does not check whether the
63
- * session has expired -- callers should compare `expirationTime` to the current
64
- * time if needed.
65
- *
66
- * @param args.sessionId - The Convex document ID (`Id<"Session">`) of the session to retrieve.
67
- * @returns The session document if it exists, or `null` otherwise.
68
- *
69
- * @example
70
- * ```ts
71
- * const session = await ctx.runQuery(
72
- * component.identity.sessions.sessionGetById,
73
- * { sessionId: refreshToken.sessionId },
74
- * );
75
- * if (session !== null && session.expirationTime > Date.now()) {
76
- * console.log("Session is still active");
77
- * }
78
- * ```
79
- */
80
- declare const sessionGetById: any;
81
- /**
82
- * Delete a session document.
83
- *
84
- * Removes the session from the `Session` table. This is a no-op if the session
85
- * does not exist (i.e. was already deleted). Callers should also clean up
86
- * related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the
87
- * session.
88
- *
89
- * @param args.sessionId - The document ID of the session to delete.
90
- * @returns `null` on success (including when the session was already absent).
91
- *
92
- * @example
93
- * ```ts
94
- * // Revoke a session and its tokens
95
- * await ctx.runMutation(
96
- * component.identity.sessions.sessionDelete,
97
- * { sessionId: session._id },
98
- * );
99
- * await ctx.runMutation(
100
- * component.identity.tokens.refreshTokenDeleteAll,
101
- * { sessionId: session._id },
102
- * );
103
- * ```
104
- */
105
- declare const sessionDelete: any;
106
- /**
107
- * List all sessions belonging to a specific user.
108
- *
109
- * Queries the `Session` table using the `user_id` index to efficiently retrieve
110
- * every session document for the given user. Unlike `sessionList`, this returns
111
- * all matching sessions without pagination.
112
- *
113
- * @param args.userId - The document ID of the user whose sessions should be retrieved.
114
- * @returns An array of session documents for the specified user.
115
- *
116
- * @example
117
- * ```ts
118
- * const sessions = await ctx.runQuery(
119
- * component.identity.sessions.sessionListByUser,
120
- * { userId: user._id },
121
- * );
122
- * console.log(`User has ${sessions.length} active session(s)`);
123
- * ```
124
- */
125
- declare const sessionListByUser: any;
126
- //#endregion
127
- export { sessionCreate, sessionDelete, sessionGetById, sessionList, sessionListByUser, sessions_d_exports };
128
- //# sourceMappingURL=sessions.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"sessions.d.ts","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"mappings":";;;;;;;;;;;;;AAmCA;;;;;AAkEA;;;;;AAiCA;;;;;AAgCA;;;;;cAnIa,WAAA;;;;;;;;;;;;;;;;;;;;;;;cAkEA,aAAA;;;;;;;;;;;;;;;;;;;;;;;cAiCA,cAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAgCA,aAAA;;;;;;;;;;;;;;;;;;;;cA8BA,iBAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"sessions.js","names":[],"sources":["../../../../src/component/public/identity/sessions.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vSessionDoc } from \"../../model\";\n\n/**\n * List sessions with optional filtering and cursor-based pagination.\n *\n * Supports filtering by `userId` to retrieve only sessions belonging to a\n * specific user. When a `userId` filter is provided, the `user_id` index is\n * used for efficient lookup. Results are returned as a paginated response\n * `{ items, nextCursor }` -- pass `nextCursor` back as `cursor` to fetch the\n * next page, or receive `null` when all results have been exhausted.\n *\n * @param args.where - Optional filter object. Currently supports `userId` to\n * restrict results to sessions for a specific user.\n * @param args.limit - Maximum number of sessions to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n * to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of session documents) and `nextCursor`\n * (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // List the 10 most recent sessions for a user\n * const page = await ctx.runQuery(\n * component.identity.sessions.sessionList,\n * { where: { userId: user._id }, limit: 10, order: \"desc\" },\n * );\n * for (const session of page.items) {\n * console.log(`Session ${session._id} expires at ${session.expirationTime}`);\n * }\n * ```\n */\nexport const sessionList = query({\n args: {\n where: v.optional(\n v.object({\n userId: v.optional(v.id(\"User\")),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vSessionDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n let q;\n if (where.userId !== undefined) {\n q = ctx.db\n .query(\"Session\")\n .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n } else {\n q = ctx.db.query(\"Session\");\n }\n\n q = q.order(order);\n\n const all = await q.collect();\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Create a new session for a user with a specified expiration time.\n *\n * Inserts a new document into the `Session` table, linking it to the given user.\n * The session represents an active authenticated context and is typically created\n * after a successful sign-in or token refresh.\n *\n * @param args.userId - The document ID of the user this session belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this session expires.\n * @returns The document ID of the newly created session.\n *\n * @example\n * ```ts\n * const sessionId = await ctx.runMutation(\n * component.identity.sessions.sessionCreate,\n * {\n * userId: user._id,\n * expirationTime: Date.now() + 30 * 24 * 60 * 60 * 1000, // 30 days\n * },\n * );\n * ```\n */\nexport const sessionCreate = mutation({\n args: { userId: v.id(\"User\"), expirationTime: v.number() },\n returns: v.id(\"Session\"),\n handler: async (ctx, { userId, expirationTime }) => {\n return await ctx.db.insert(\"Session\", {\n userId: userId as any,\n expirationTime,\n });\n },\n});\n\n/**\n * Retrieve a single session by its Convex document ID.\n *\n * Performs a direct point lookup on the `Session` table. Returns `null` if the\n * session has been deleted or never existed. This does not check whether the\n * session has expired -- callers should compare `expirationTime` to the current\n * time if needed.\n *\n * @param args.sessionId - The Convex document ID (`Id<\"Session\">`) of the session to retrieve.\n * @returns The session document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const session = await ctx.runQuery(\n * component.identity.sessions.sessionGetById,\n * { sessionId: refreshToken.sessionId },\n * );\n * if (session !== null && session.expirationTime > Date.now()) {\n * console.log(\"Session is still active\");\n * }\n * ```\n */\nexport const sessionGetById = query({\n args: { sessionId: v.id(\"Session\") },\n returns: v.union(vSessionDoc, v.null()),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db.get(\"Session\", sessionId);\n },\n});\n\n/**\n * Delete a session document.\n *\n * Removes the session from the `Session` table. This is a no-op if the session\n * does not exist (i.e. was already deleted). Callers should also clean up\n * related refresh tokens via `refreshTokenDeleteAll` to fully invalidate the\n * session.\n *\n * @param args.sessionId - The document ID of the session to delete.\n * @returns `null` on success (including when the session was already absent).\n *\n * @example\n * ```ts\n * // Revoke a session and its tokens\n * await ctx.runMutation(\n * component.identity.sessions.sessionDelete,\n * { sessionId: session._id },\n * );\n * await ctx.runMutation(\n * component.identity.tokens.refreshTokenDeleteAll,\n * { sessionId: session._id },\n * );\n * ```\n */\nexport const sessionDelete = mutation({\n args: { sessionId: v.id(\"Session\") },\n returns: v.null(),\n handler: async (ctx, { sessionId }) => {\n if ((await ctx.db.get(\"Session\", sessionId)) !== null) {\n await ctx.db.delete(\"Session\", sessionId);\n }\n return null;\n },\n});\n\n/**\n * List all sessions belonging to a specific user.\n *\n * Queries the `Session` table using the `user_id` index to efficiently retrieve\n * every session document for the given user. Unlike `sessionList`, this returns\n * all matching sessions without pagination.\n *\n * @param args.userId - The document ID of the user whose sessions should be retrieved.\n * @returns An array of session documents for the specified user.\n *\n * @example\n * ```ts\n * const sessions = await ctx.runQuery(\n * component.identity.sessions.sessionListByUser,\n * { userId: user._id },\n * );\n * console.log(`User has ${sessions.length} active session(s)`);\n * ```\n */\nexport const sessionListByUser = query({\n args: { userId: v.id(\"User\") },\n returns: v.array(vSessionDoc),\n handler: async (ctx, { userId }) => {\n return await ctx.db\n .query(\"Session\")\n .withIndex(\"user_id\", (q) => q.eq(\"userId\", userId as any))\n .collect();\n },\n});\n\n// ============================================================================\n// Verifiers\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCA,MAAa,cAAc,MAAM;CAC/B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO,EACP,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,EACjC,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,YAAY;CAChC,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,WAAW,OACnB,KAAI,IAAI,GACL,MAAM,UAAU,CAChB,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,UAAU;AAG7B,MAAI,EAAE,MAAM,MAAM;EAElB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,gBAAgB,EAAE,QAAQ;EAAE;CAC1D,SAAS,EAAE,GAAG,UAAU;CACxB,SAAS,OAAO,KAAK,EAAE,QAAQ,qBAAqB;AAClD,SAAO,MAAM,IAAI,GAAG,OAAO,WAAW;GAC5B;GACR;GACD,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,iBAAiB,MAAM;CAClC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,aAAa,EAAE,MAAM,CAAC;CACvC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU;;CAEhD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,gBAAgB,SAAS;CACpC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,MAAK,MAAM,IAAI,GAAG,IAAI,WAAW,UAAU,KAAM,KAC/C,OAAM,IAAI,GAAG,OAAO,WAAW,UAAU;AAE3C,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,YAAY;CAC7B,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GACd,MAAM,UAAU,CAChB,UAAU,YAAY,MAAM,EAAE,GAAG,UAAU,OAAc,CAAC,CAC1D,SAAS;;CAEf,CAAC"}
@@ -1,169 +0,0 @@
1
- declare namespace tokens_d_exports {
2
- export { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch };
3
- }
4
- /**
5
- * Create a new refresh token for a session.
6
- *
7
- * Inserts a document into the `RefreshToken` table. Refresh tokens are used to
8
- * obtain new access tokens without requiring the user to re-authenticate. When
9
- * a refresh token is rotated, the new token references the old one via
10
- * `parentRefreshTokenId` to form a token chain for replay detection.
11
- *
12
- * @param args.sessionId - The document ID of the session this refresh token belongs to.
13
- * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.
14
- * @param args.parentRefreshTokenId - The document ID of the parent refresh token that was
15
- * exchanged to create this one. Omitted for the initial token in a session.
16
- * @returns The document ID of the newly created refresh token.
17
- *
18
- * @example
19
- * ```ts
20
- * const tokenId = await ctx.runMutation(
21
- * component.identity.tokens.refreshTokenCreate,
22
- * {
23
- * sessionId: session._id,
24
- * expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days
25
- * },
26
- * );
27
- * ```
28
- */
29
- declare const refreshTokenCreate: any;
30
- /**
31
- * Retrieve a single refresh token by its Convex document ID.
32
- *
33
- * Performs a direct point lookup on the `RefreshToken` table. Returns `null` if
34
- * the token has been deleted or never existed.
35
- *
36
- * @param args.refreshTokenId - The Convex document ID (`Id<"RefreshToken">`) of the token to retrieve.
37
- * @returns The refresh token document if it exists, or `null` otherwise.
38
- *
39
- * @example
40
- * ```ts
41
- * const token = await ctx.runQuery(
42
- * component.identity.tokens.refreshTokenGetById,
43
- * { refreshTokenId: storedTokenId },
44
- * );
45
- * if (token !== null && token.expirationTime > Date.now()) {
46
- * console.log("Refresh token is still valid");
47
- * }
48
- * ```
49
- */
50
- declare const refreshTokenGetById: any;
51
- /**
52
- * Patch a refresh token document with partial data.
53
- *
54
- * Merges the provided fields into the existing refresh token document. This is
55
- * primarily used to record `firstUsedTime` when a refresh token is first
56
- * exchanged, marking it as consumed for replay detection.
57
- *
58
- * @param args.refreshTokenId - The document ID of the refresh token to update.
59
- * @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).
60
- * @returns `null` on success.
61
- *
62
- * @example
63
- * ```ts
64
- * // Mark the refresh token as used
65
- * await ctx.runMutation(
66
- * component.identity.tokens.refreshTokenPatch,
67
- * {
68
- * refreshTokenId: token._id,
69
- * data: { firstUsedTime: Date.now() },
70
- * },
71
- * );
72
- * ```
73
- */
74
- declare const refreshTokenPatch: any;
75
- /**
76
- * Get child tokens that were created by exchanging a specific parent token.
77
- *
78
- * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`
79
- * index to find all tokens whose `parentRefreshTokenId` matches the provided
80
- * parent. This is used for replay detection: if a parent token has more than
81
- * one child, it indicates a potential token reuse attack.
82
- *
83
- * @param args.sessionId - The document ID of the session the tokens belong to.
84
- * @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.
85
- * @returns An array of refresh token documents that were derived from the specified parent token.
86
- *
87
- * @example
88
- * ```ts
89
- * const children = await ctx.runQuery(
90
- * component.identity.tokens.refreshTokenGetChildren,
91
- * {
92
- * sessionId: session._id,
93
- * parentRefreshTokenId: parentToken._id,
94
- * },
95
- * );
96
- * if (children.length > 1) {
97
- * console.warn("Possible token reuse detected!");
98
- * }
99
- * ```
100
- */
101
- declare const refreshTokenGetChildren: any;
102
- /**
103
- * List all refresh tokens belonging to a specific session.
104
- *
105
- * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`
106
- * index to efficiently retrieve every refresh token associated with the given
107
- * session, including both active and consumed tokens.
108
- *
109
- * @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.
110
- * @returns An array of all refresh token documents for the specified session.
111
- *
112
- * @example
113
- * ```ts
114
- * const tokens = await ctx.runQuery(
115
- * component.identity.tokens.refreshTokenListBySession,
116
- * { sessionId: session._id },
117
- * );
118
- * console.log(`Session has ${tokens.length} refresh token(s)`);
119
- * ```
120
- */
121
- declare const refreshTokenListBySession: any;
122
- /**
123
- * Delete all refresh tokens for a session.
124
- *
125
- * Queries the `RefreshToken` table for all tokens belonging to the given session
126
- * and deletes them in parallel. This is typically called when a session is
127
- * revoked or when token reuse is detected, effectively invalidating the entire
128
- * token chain for that session.
129
- *
130
- * @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.
131
- * @returns `null` on success.
132
- *
133
- * @example
134
- * ```ts
135
- * // Invalidate all tokens for a compromised session
136
- * await ctx.runMutation(
137
- * component.identity.tokens.refreshTokenDeleteAll,
138
- * { sessionId: session._id },
139
- * );
140
- * ```
141
- */
142
- declare const refreshTokenDeleteAll: any;
143
- /**
144
- * Get the active (unused) refresh token for a session.
145
- *
146
- * Queries the `RefreshToken` table using the `session_id_first_used` index to
147
- * find the most recently created token for the session that has not yet been
148
- * exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current
149
- * valid refresh token the client should be holding.
150
- *
151
- * @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.
152
- * @returns The most recent unused refresh token document, or `null` if no active token exists
153
- * (e.g. all tokens have been consumed or the session has no tokens).
154
- *
155
- * @example
156
- * ```ts
157
- * const activeToken = await ctx.runQuery(
158
- * component.identity.tokens.refreshTokenGetActive,
159
- * { sessionId: session._id },
160
- * );
161
- * if (activeToken !== null) {
162
- * console.log(`Active token expires at: ${activeToken.expirationTime}`);
163
- * }
164
- * ```
165
- */
166
- declare const refreshTokenGetActive: any;
167
- //#endregion
168
- export { refreshTokenCreate, refreshTokenDeleteAll, refreshTokenGetActive, refreshTokenGetById, refreshTokenGetChildren, refreshTokenListBySession, refreshTokenPatch, tokens_d_exports };
169
- //# sourceMappingURL=tokens.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"tokens.d.ts","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"mappings":";;;;;;;;;;;;;;;AA8BA;;;;;AAgCA;;;;;AA+BA;;;cA/Da,kBAAA;;AAkGb;;;;;AAqCA;;;;;AAiCA;;;;;AAwCA;;;;cAhLa,mBAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,uBAAA;;;;;;;;;;;;;;;;;;;;cAqCA,yBAAA;;;;;;;;;;;;;;;;;;;;;cAiCA,qBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAwCA,qBAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"tokens.js","names":[],"sources":["../../../../src/component/public/identity/tokens.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vRefreshTokenDoc } from \"../../model\";\n\n/**\n * Create a new refresh token for a session.\n *\n * Inserts a document into the `RefreshToken` table. Refresh tokens are used to\n * obtain new access tokens without requiring the user to re-authenticate. When\n * a refresh token is rotated, the new token references the old one via\n * `parentRefreshTokenId` to form a token chain for replay detection.\n *\n * @param args.sessionId - The document ID of the session this refresh token belongs to.\n * @param args.expirationTime - The Unix timestamp (in milliseconds) at which this refresh token expires.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token that was\n * exchanged to create this one. Omitted for the initial token in a session.\n * @returns The document ID of the newly created refresh token.\n *\n * @example\n * ```ts\n * const tokenId = await ctx.runMutation(\n * component.identity.tokens.refreshTokenCreate,\n * {\n * sessionId: session._id,\n * expirationTime: Date.now() + 7 * 24 * 60 * 60 * 1000, // 7 days\n * },\n * );\n * ```\n */\nexport const refreshTokenCreate = mutation({\n args: {\n sessionId: v.id(\"Session\"),\n expirationTime: v.number(),\n parentRefreshTokenId: v.optional(v.id(\"RefreshToken\")),\n },\n returns: v.id(\"RefreshToken\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"RefreshToken\", args as any);\n },\n});\n\n/**\n * Retrieve a single refresh token by its Convex document ID.\n *\n * Performs a direct point lookup on the `RefreshToken` table. Returns `null` if\n * the token has been deleted or never existed.\n *\n * @param args.refreshTokenId - The Convex document ID (`Id<\"RefreshToken\">`) of the token to retrieve.\n * @returns The refresh token document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const token = await ctx.runQuery(\n * component.identity.tokens.refreshTokenGetById,\n * { refreshTokenId: storedTokenId },\n * );\n * if (token !== null && token.expirationTime > Date.now()) {\n * console.log(\"Refresh token is still valid\");\n * }\n * ```\n */\nexport const refreshTokenGetById = query({\n args: { refreshTokenId: v.id(\"RefreshToken\") },\n returns: v.union(vRefreshTokenDoc, v.null()),\n handler: async (ctx, { refreshTokenId }) => {\n return await ctx.db.get(\"RefreshToken\", refreshTokenId);\n },\n});\n\n/**\n * Patch a refresh token document with partial data.\n *\n * Merges the provided fields into the existing refresh token document. This is\n * primarily used to record `firstUsedTime` when a refresh token is first\n * exchanged, marking it as consumed for replay detection.\n *\n * @param args.refreshTokenId - The document ID of the refresh token to update.\n * @param args.data - A partial object containing the fields to merge (e.g. `{ firstUsedTime: number }`).\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Mark the refresh token as used\n * await ctx.runMutation(\n * component.identity.tokens.refreshTokenPatch,\n * {\n * refreshTokenId: token._id,\n * data: { firstUsedTime: Date.now() },\n * },\n * );\n * ```\n */\nexport const refreshTokenPatch = mutation({\n args: { refreshTokenId: v.id(\"RefreshToken\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { refreshTokenId, data }) => {\n await ctx.db.patch(\"RefreshToken\", refreshTokenId, data);\n return null;\n },\n});\n\n/**\n * Get child tokens that were created by exchanging a specific parent token.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to find all tokens whose `parentRefreshTokenId` matches the provided\n * parent. This is used for replay detection: if a parent token has more than\n * one child, it indicates a potential token reuse attack.\n *\n * @param args.sessionId - The document ID of the session the tokens belong to.\n * @param args.parentRefreshTokenId - The document ID of the parent refresh token whose children to retrieve.\n * @returns An array of refresh token documents that were derived from the specified parent token.\n *\n * @example\n * ```ts\n * const children = await ctx.runQuery(\n * component.identity.tokens.refreshTokenGetChildren,\n * {\n * sessionId: session._id,\n * parentRefreshTokenId: parentToken._id,\n * },\n * );\n * if (children.length > 1) {\n * console.warn(\"Possible token reuse detected!\");\n * }\n * ```\n */\nexport const refreshTokenGetChildren = query({\n args: {\n sessionId: v.id(\"Session\"),\n parentRefreshTokenId: v.id(\"RefreshToken\"),\n },\n returns: v.array(vRefreshTokenDoc),\n handler: async (ctx, { sessionId, parentRefreshTokenId }) => {\n return await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n q\n .eq(\"sessionId\", sessionId as any)\n .eq(\"parentRefreshTokenId\", parentRefreshTokenId as any),\n )\n .collect();\n },\n});\n\n/**\n * List all refresh tokens belonging to a specific session.\n *\n * Queries the `RefreshToken` table using the `session_id_parent_refresh_token_id`\n * index to efficiently retrieve every refresh token associated with the given\n * session, including both active and consumed tokens.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be retrieved.\n * @returns An array of all refresh token documents for the specified session.\n *\n * @example\n * ```ts\n * const tokens = await ctx.runQuery(\n * component.identity.tokens.refreshTokenListBySession,\n * { sessionId: session._id },\n * );\n * console.log(`Session has ${tokens.length} refresh token(s)`);\n * ```\n */\nexport const refreshTokenListBySession = query({\n args: { sessionId: v.id(\"Session\") },\n returns: v.array(vRefreshTokenDoc),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n q.eq(\"sessionId\", sessionId as any),\n )\n .collect();\n },\n});\n\n/**\n * Delete all refresh tokens for a session.\n *\n * Queries the `RefreshToken` table for all tokens belonging to the given session\n * and deletes them in parallel. This is typically called when a session is\n * revoked or when token reuse is detected, effectively invalidating the entire\n * token chain for that session.\n *\n * @param args.sessionId - The document ID of the session whose refresh tokens should be deleted.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Invalidate all tokens for a compromised session\n * await ctx.runMutation(\n * component.identity.tokens.refreshTokenDeleteAll,\n * { sessionId: session._id },\n * );\n * ```\n */\nexport const refreshTokenDeleteAll = mutation({\n args: { sessionId: v.id(\"Session\") },\n returns: v.null(),\n handler: async (ctx, { sessionId }) => {\n const tokens = await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_parent_refresh_token_id\", (q) =>\n q.eq(\"sessionId\", sessionId as any),\n )\n .collect();\n await Promise.all(\n tokens.map((token) => ctx.db.delete(\"RefreshToken\", token._id)),\n );\n return null;\n },\n});\n\n/**\n * Get the active (unused) refresh token for a session.\n *\n * Queries the `RefreshToken` table using the `session_id_first_used` index to\n * find the most recently created token for the session that has not yet been\n * exchanged (i.e. `firstUsedTime` is `undefined`). This represents the current\n * valid refresh token the client should be holding.\n *\n * @param args.sessionId - The document ID of the session whose active refresh token should be retrieved.\n * @returns The most recent unused refresh token document, or `null` if no active token exists\n * (e.g. all tokens have been consumed or the session has no tokens).\n *\n * @example\n * ```ts\n * const activeToken = await ctx.runQuery(\n * component.identity.tokens.refreshTokenGetActive,\n * { sessionId: session._id },\n * );\n * if (activeToken !== null) {\n * console.log(`Active token expires at: ${activeToken.expirationTime}`);\n * }\n * ```\n */\nexport const refreshTokenGetActive = query({\n args: { sessionId: v.id(\"Session\") },\n returns: v.union(vRefreshTokenDoc, v.null()),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db\n .query(\"RefreshToken\")\n .withIndex(\"session_id_first_used\", (q) =>\n q.eq(\"sessionId\", sessionId as any).eq(\"firstUsedTime\", undefined),\n )\n .order(\"desc\")\n .first();\n },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,MAAa,qBAAqB,SAAS;CACzC,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,gBAAgB,EAAE,QAAQ;EAC1B,sBAAsB,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC;EACvD;CACD,SAAS,EAAE,GAAG,eAAe;CAC7B,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,gBAAgB,KAAY;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,sBAAsB,MAAM;CACvC,MAAM,EAAE,gBAAgB,EAAE,GAAG,eAAe,EAAE;CAC9C,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,qBAAqB;AAC1C,SAAO,MAAM,IAAI,GAAG,IAAI,gBAAgB,eAAe;;CAE1D,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,oBAAoB,SAAS;CACxC,MAAM;EAAE,gBAAgB,EAAE,GAAG,eAAe;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7D,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB,WAAW;AAChD,QAAM,IAAI,GAAG,MAAM,gBAAgB,gBAAgB,KAAK;AACxD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BF,MAAa,0BAA0B,MAAM;CAC3C,MAAM;EACJ,WAAW,EAAE,GAAG,UAAU;EAC1B,sBAAsB,EAAE,GAAG,eAAe;EAC3C;CACD,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,WAAW,2BAA2B;AAC3D,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EACG,GAAG,aAAa,UAAiB,CACjC,GAAG,wBAAwB,qBAA4B,CAC3D,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,4BAA4B,MAAM;CAC7C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,iBAAiB;CAClC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;;CAEf,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,wBAAwB,SAAS;CAC5C,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,gBAAgB;EACrC,MAAM,SAAS,MAAM,IAAI,GACtB,MAAM,eAAe,CACrB,UAAU,uCAAuC,MAChD,EAAE,GAAG,aAAa,UAAiB,CACpC,CACA,SAAS;AACZ,QAAM,QAAQ,IACZ,OAAO,KAAK,UAAU,IAAI,GAAG,OAAO,gBAAgB,MAAM,IAAI,CAAC,CAChE;AACD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,wBAAwB,MAAM;CACzC,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,EAAE;CACpC,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,0BAA0B,MACnC,EAAE,GAAG,aAAa,UAAiB,CAAC,GAAG,iBAAiB,OAAU,CACnE,CACA,MAAM,OAAO,CACb,OAAO;;CAEb,CAAC"}