@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -36
- package/dist/bin.js +5765 -4880
- package/dist/browser/index.d.ts +30 -0
- package/dist/browser/index.js +93 -0
- package/dist/browser/locks.js +11 -0
- package/dist/browser/navigation.js +14 -0
- package/dist/{factors → browser}/passkey.js +23 -32
- package/dist/browser/runtime.js +92 -0
- package/dist/client/core/types.d.ts +452 -5
- package/dist/client/core/types.js +17 -0
- package/dist/client/errors.js +19 -0
- package/dist/client/factors/device.js +94 -0
- package/dist/{factors → client/factors}/totp.js +12 -4
- package/dist/client/index.d.ts +47 -1
- package/dist/client/index.js +269 -232
- package/dist/client/runtime/mutex.js +24 -0
- package/dist/client/runtime/proxy.js +30 -0
- package/dist/client/runtime/storage.js +45 -0
- package/dist/client/services/adapters.js +7 -0
- package/dist/client/services/http.js +6 -0
- package/dist/client/services/resolve.js +13 -0
- package/dist/client/services/runtime.js +6 -0
- package/dist/component/_generated/component.d.ts +1355 -1399
- package/dist/component/convex.config.d.ts +2 -2
- package/dist/component/index.d.ts +4 -26
- package/dist/component/index.js +1 -1
- package/dist/component/model.d.ts +26 -112
- package/dist/component/model.js +76 -54
- package/dist/component/modules.js +38 -0
- package/dist/component/public/factors/devices.js +1 -1
- package/dist/component/public/factors/passkeys.js +1 -1
- package/dist/component/public/factors/totp.js +1 -1
- package/dist/component/public/groups/core.js +2 -2
- package/dist/component/public/groups/invites.js +1 -1
- package/dist/component/public/groups/members.js +1 -1
- package/dist/component/public/identity/accounts.js +1 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/sessions.js +39 -2
- package/dist/component/public/identity/tokens.js +82 -4
- package/dist/component/public/identity/users.js +1 -1
- package/dist/component/public/identity/verifiers.js +10 -4
- package/dist/component/public/security/keys.js +1 -1
- package/dist/component/public/security/limits.js +1 -1
- package/dist/component/public/{enterprise → sso}/audit.js +26 -26
- package/dist/component/public/sso/core.js +263 -0
- package/dist/component/public/sso/domains.js +280 -0
- package/dist/component/public/{enterprise → sso}/scim.js +87 -87
- package/dist/component/public/sso/secrets.js +125 -0
- package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
- package/dist/component/public.js +9 -9
- package/dist/component/schema.d.ts +472 -393
- package/dist/component/schema.js +36 -35
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +69 -0
- package/dist/otel.js +82 -0
- package/dist/providers/anonymous.d.ts +15 -34
- package/dist/providers/anonymous.js +27 -35
- package/dist/providers/apple.d.ts +59 -0
- package/dist/providers/apple.js +58 -0
- package/dist/providers/credentials.d.ts +18 -34
- package/dist/providers/credentials.js +16 -27
- package/dist/providers/custom.d.ts +94 -0
- package/dist/providers/custom.js +119 -0
- package/dist/providers/device.d.ts +15 -49
- package/dist/providers/device.js +17 -34
- package/dist/providers/email.d.ts +21 -38
- package/dist/providers/email.js +36 -55
- package/dist/providers/github.d.ts +54 -0
- package/dist/providers/github.js +75 -0
- package/dist/providers/google.d.ts +54 -0
- package/dist/providers/google.js +61 -0
- package/dist/providers/index.d.ts +16 -12
- package/dist/providers/index.js +15 -11
- package/dist/providers/microsoft.d.ts +57 -0
- package/dist/providers/microsoft.js +101 -0
- package/dist/providers/passkey.d.ts +19 -35
- package/dist/providers/passkey.js +20 -30
- package/dist/providers/password.d.ts +17 -18
- package/dist/providers/password.js +121 -143
- package/dist/providers/phone.d.ts +13 -28
- package/dist/providers/phone.js +21 -46
- package/dist/providers/sso.d.ts +16 -36
- package/dist/providers/sso.js +21 -22
- package/dist/providers/totp.d.ts +13 -29
- package/dist/providers/totp.js +17 -27
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +99 -244
- package/dist/server/auth.js +56 -152
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +6 -67
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +105 -0
- package/dist/server/contract.js +43 -0
- package/dist/server/cookies.js +3 -2
- package/dist/server/core.js +31 -36
- package/dist/server/crypto.js +34 -44
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +96 -130
- package/dist/server/env.js +48 -0
- package/dist/server/errors.js +20 -0
- package/dist/server/http.d.ts +15 -59
- package/dist/server/http.js +136 -120
- package/dist/server/identity.js +2 -2
- package/dist/server/index.d.ts +5 -4
- package/dist/server/index.js +3 -3
- package/dist/server/keys.js +10 -1
- package/dist/server/limits.js +26 -26
- package/dist/server/log.js +28 -0
- package/dist/server/mounts.d.ts +1107 -296
- package/dist/server/mounts.js +315 -196
- package/dist/server/mutations/account.js +11 -14
- package/dist/server/mutations/code.js +6 -5
- package/dist/server/mutations/invalidate.js +9 -11
- package/dist/server/mutations/oauth.js +112 -73
- package/dist/server/mutations/refresh.js +47 -97
- package/dist/server/mutations/register.js +37 -35
- package/dist/server/mutations/retrieve.js +16 -16
- package/dist/server/mutations/signature.js +15 -18
- package/dist/server/mutations/signin.js +10 -5
- package/dist/server/mutations/signout.js +11 -14
- package/dist/server/mutations/store.js +25 -18
- package/dist/server/mutations/verifier.js +11 -8
- package/dist/server/mutations/verify.js +53 -41
- package/dist/server/oauth/factory.js +44 -0
- package/dist/server/oauth/index.js +12 -0
- package/dist/server/oauth/runtime.js +248 -0
- package/dist/server/passkey.js +331 -365
- package/dist/server/payloads.d.ts +16 -0
- package/dist/server/payloads.js +30 -0
- package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
- package/dist/server/prefetch.js +635 -0
- package/dist/server/random.js +19 -0
- package/dist/server/redirects.js +10 -5
- package/dist/server/refresh.js +14 -86
- package/dist/server/runtime.d.ts +531 -31
- package/dist/server/runtime.js +106 -267
- package/dist/server/secret.js +44 -0
- package/dist/server/services/config.js +10 -0
- package/dist/server/services/group.js +211 -0
- package/dist/server/services/logger.js +8 -0
- package/dist/server/services/providers.js +22 -0
- package/dist/server/services/refresh.js +8 -0
- package/dist/server/services/resolve.js +27 -0
- package/dist/server/services/signin.js +8 -0
- package/dist/server/sessions.js +35 -34
- package/dist/server/signin.js +229 -140
- package/dist/server/{enterprise → sso}/config.js +10 -3
- package/dist/server/sso/domain.d.ts +614 -0
- package/dist/server/sso/domain.js +1175 -0
- package/dist/server/sso/http.js +1060 -0
- package/dist/server/sso/oidc.js +324 -0
- package/dist/server/sso/policies.js +59 -0
- package/dist/server/sso/policy.js +139 -0
- package/dist/server/sso/profile.js +22 -0
- package/dist/server/sso/provision.js +179 -0
- package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
- package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
- package/dist/server/sso/shared.js +74 -0
- package/dist/server/sso/validators.js +88 -0
- package/dist/server/sso/webhook.js +94 -0
- package/dist/server/tokens.js +16 -4
- package/dist/server/totp.js +155 -164
- package/dist/server/types.d.ts +306 -296
- package/dist/server/types.js +1 -30
- package/dist/server/url.js +32 -0
- package/dist/server/users.js +74 -40
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +19 -0
- package/dist/shared/log.js +45 -0
- package/{src/test.ts → dist/test.d.ts} +21 -22
- package/dist/test.js +51 -0
- package/package.json +70 -42
- package/dist/authorization/index.d.ts.map +0 -1
- package/dist/authorization/index.js.map +0 -1
- package/dist/client/core/types.d.ts.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/client/index.js.map +0 -1
- package/dist/component/_generated/api.d.ts +0 -75
- package/dist/component/_generated/api.d.ts.map +0 -1
- package/dist/component/_generated/api.js.map +0 -1
- package/dist/component/_generated/component.d.ts.map +0 -1
- package/dist/component/_generated/dataModel.d.ts +0 -42
- package/dist/component/_generated/dataModel.d.ts.map +0 -1
- package/dist/component/_generated/server.d.ts +0 -117
- package/dist/component/_generated/server.d.ts.map +0 -1
- package/dist/component/_generated/server.js.map +0 -1
- package/dist/component/_virtual/rolldown_runtime.js +0 -18
- package/dist/component/client/core/types.d.ts +0 -2
- package/dist/component/client/index.d.ts +0 -1
- package/dist/component/convex.config.d.ts.map +0 -1
- package/dist/component/convex.config.js.map +0 -1
- package/dist/component/functions.d.ts +0 -25
- package/dist/component/functions.d.ts.map +0 -1
- package/dist/component/functions.js.map +0 -1
- package/dist/component/index.d.ts.map +0 -1
- package/dist/component/model.d.ts.map +0 -1
- package/dist/component/model.js.map +0 -1
- package/dist/component/providers/anonymous.d.ts +0 -54
- package/dist/component/providers/anonymous.d.ts.map +0 -1
- package/dist/component/providers/credentials.d.ts +0 -38
- package/dist/component/providers/credentials.d.ts.map +0 -1
- package/dist/component/providers/device.d.ts +0 -67
- package/dist/component/providers/device.d.ts.map +0 -1
- package/dist/component/providers/email.d.ts +0 -62
- package/dist/component/providers/email.d.ts.map +0 -1
- package/dist/component/providers/oauth.d.ts +0 -25
- package/dist/component/providers/oauth.d.ts.map +0 -1
- package/dist/component/providers/oauth.js +0 -13
- package/dist/component/providers/oauth.js.map +0 -1
- package/dist/component/providers/passkey.d.ts +0 -57
- package/dist/component/providers/passkey.d.ts.map +0 -1
- package/dist/component/providers/password.d.ts +0 -88
- package/dist/component/providers/password.d.ts.map +0 -1
- package/dist/component/providers/phone.d.ts +0 -48
- package/dist/component/providers/phone.d.ts.map +0 -1
- package/dist/component/providers/sso.d.ts +0 -50
- package/dist/component/providers/sso.d.ts.map +0 -1
- package/dist/component/providers/totp.d.ts +0 -45
- package/dist/component/providers/totp.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.d.ts +0 -73
- package/dist/component/public/enterprise/audit.d.ts.map +0 -1
- package/dist/component/public/enterprise/audit.js.map +0 -1
- package/dist/component/public/enterprise/core.d.ts +0 -176
- package/dist/component/public/enterprise/core.d.ts.map +0 -1
- package/dist/component/public/enterprise/core.js +0 -292
- package/dist/component/public/enterprise/core.js.map +0 -1
- package/dist/component/public/enterprise/domains.d.ts +0 -174
- package/dist/component/public/enterprise/domains.d.ts.map +0 -1
- package/dist/component/public/enterprise/domains.js +0 -271
- package/dist/component/public/enterprise/domains.js.map +0 -1
- package/dist/component/public/enterprise/scim.d.ts +0 -245
- package/dist/component/public/enterprise/scim.d.ts.map +0 -1
- package/dist/component/public/enterprise/scim.js.map +0 -1
- package/dist/component/public/enterprise/secrets.d.ts +0 -78
- package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
- package/dist/component/public/enterprise/secrets.js +0 -118
- package/dist/component/public/enterprise/secrets.js.map +0 -1
- package/dist/component/public/enterprise/webhooks.d.ts +0 -211
- package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
- package/dist/component/public/enterprise/webhooks.js.map +0 -1
- package/dist/component/public/factors/devices.d.ts +0 -157
- package/dist/component/public/factors/devices.d.ts.map +0 -1
- package/dist/component/public/factors/devices.js.map +0 -1
- package/dist/component/public/factors/passkeys.d.ts +0 -175
- package/dist/component/public/factors/passkeys.d.ts.map +0 -1
- package/dist/component/public/factors/passkeys.js.map +0 -1
- package/dist/component/public/factors/totp.d.ts +0 -189
- package/dist/component/public/factors/totp.d.ts.map +0 -1
- package/dist/component/public/factors/totp.js.map +0 -1
- package/dist/component/public/groups/core.d.ts +0 -137
- package/dist/component/public/groups/core.d.ts.map +0 -1
- package/dist/component/public/groups/core.js.map +0 -1
- package/dist/component/public/groups/invites.d.ts +0 -217
- package/dist/component/public/groups/invites.d.ts.map +0 -1
- package/dist/component/public/groups/invites.js.map +0 -1
- package/dist/component/public/groups/members.d.ts +0 -204
- package/dist/component/public/groups/members.d.ts.map +0 -1
- package/dist/component/public/groups/members.js.map +0 -1
- package/dist/component/public/identity/accounts.d.ts +0 -147
- package/dist/component/public/identity/accounts.d.ts.map +0 -1
- package/dist/component/public/identity/accounts.js.map +0 -1
- package/dist/component/public/identity/codes.d.ts +0 -104
- package/dist/component/public/identity/codes.d.ts.map +0 -1
- package/dist/component/public/identity/codes.js.map +0 -1
- package/dist/component/public/identity/sessions.d.ts +0 -128
- package/dist/component/public/identity/sessions.d.ts.map +0 -1
- package/dist/component/public/identity/sessions.js.map +0 -1
- package/dist/component/public/identity/tokens.d.ts +0 -169
- package/dist/component/public/identity/tokens.d.ts.map +0 -1
- package/dist/component/public/identity/tokens.js.map +0 -1
- package/dist/component/public/identity/users.d.ts +0 -212
- package/dist/component/public/identity/users.d.ts.map +0 -1
- package/dist/component/public/identity/users.js.map +0 -1
- package/dist/component/public/identity/verifiers.d.ts +0 -116
- package/dist/component/public/identity/verifiers.d.ts.map +0 -1
- package/dist/component/public/identity/verifiers.js.map +0 -1
- package/dist/component/public/security/keys.d.ts +0 -209
- package/dist/component/public/security/keys.d.ts.map +0 -1
- package/dist/component/public/security/keys.js.map +0 -1
- package/dist/component/public/security/limits.d.ts +0 -114
- package/dist/component/public/security/limits.d.ts.map +0 -1
- package/dist/component/public/security/limits.js.map +0 -1
- package/dist/component/public.d.ts +0 -28
- package/dist/component/public.d.ts.map +0 -1
- package/dist/component/schema.d.ts.map +0 -1
- package/dist/component/schema.js.map +0 -1
- package/dist/component/server/auth.d.ts +0 -447
- package/dist/component/server/auth.d.ts.map +0 -1
- package/dist/component/server/auth.js +0 -254
- package/dist/component/server/auth.js.map +0 -1
- package/dist/component/server/config.js +0 -121
- package/dist/component/server/config.js.map +0 -1
- package/dist/component/server/context.js +0 -53
- package/dist/component/server/context.js.map +0 -1
- package/dist/component/server/cookies.js +0 -47
- package/dist/component/server/cookies.js.map +0 -1
- package/dist/component/server/core.js +0 -576
- package/dist/component/server/core.js.map +0 -1
- package/dist/component/server/crypto.js +0 -56
- package/dist/component/server/crypto.js.map +0 -1
- package/dist/component/server/db.js +0 -87
- package/dist/component/server/db.js.map +0 -1
- package/dist/component/server/device.js +0 -152
- package/dist/component/server/device.js.map +0 -1
- package/dist/component/server/enterprise/config.js +0 -46
- package/dist/component/server/enterprise/config.js.map +0 -1
- package/dist/component/server/enterprise/domain.js +0 -974
- package/dist/component/server/enterprise/domain.js.map +0 -1
- package/dist/component/server/enterprise/http.js +0 -787
- package/dist/component/server/enterprise/http.js.map +0 -1
- package/dist/component/server/enterprise/oidc.js +0 -248
- package/dist/component/server/enterprise/oidc.js.map +0 -1
- package/dist/component/server/enterprise/policy.js +0 -85
- package/dist/component/server/enterprise/policy.js.map +0 -1
- package/dist/component/server/enterprise/saml.js.map +0 -1
- package/dist/component/server/enterprise/scim.js.map +0 -1
- package/dist/component/server/enterprise/shared.js +0 -51
- package/dist/component/server/enterprise/shared.js.map +0 -1
- package/dist/component/server/http.d.ts +0 -85
- package/dist/component/server/http.d.ts.map +0 -1
- package/dist/component/server/http.js +0 -351
- package/dist/component/server/http.js.map +0 -1
- package/dist/component/server/identity.js +0 -16
- package/dist/component/server/identity.js.map +0 -1
- package/dist/component/server/keys.js +0 -96
- package/dist/component/server/keys.js.map +0 -1
- package/dist/component/server/limits.js +0 -52
- package/dist/component/server/limits.js.map +0 -1
- package/dist/component/server/mutations/account.js +0 -46
- package/dist/component/server/mutations/account.js.map +0 -1
- package/dist/component/server/mutations/code.js +0 -68
- package/dist/component/server/mutations/code.js.map +0 -1
- package/dist/component/server/mutations/invalidate.js +0 -32
- package/dist/component/server/mutations/invalidate.js.map +0 -1
- package/dist/component/server/mutations/oauth.js +0 -116
- package/dist/component/server/mutations/oauth.js.map +0 -1
- package/dist/component/server/mutations/refresh.js +0 -119
- package/dist/component/server/mutations/refresh.js.map +0 -1
- package/dist/component/server/mutations/register.js +0 -87
- package/dist/component/server/mutations/register.js.map +0 -1
- package/dist/component/server/mutations/retrieve.js +0 -61
- package/dist/component/server/mutations/retrieve.js.map +0 -1
- package/dist/component/server/mutations/signature.js +0 -38
- package/dist/component/server/mutations/signature.js.map +0 -1
- package/dist/component/server/mutations/signin.js +0 -27
- package/dist/component/server/mutations/signin.js.map +0 -1
- package/dist/component/server/mutations/signout.js +0 -27
- package/dist/component/server/mutations/signout.js.map +0 -1
- package/dist/component/server/mutations/store/refs.js +0 -15
- package/dist/component/server/mutations/store/refs.js.map +0 -1
- package/dist/component/server/mutations/store.js +0 -70
- package/dist/component/server/mutations/store.js.map +0 -1
- package/dist/component/server/mutations/verifier.js +0 -18
- package/dist/component/server/mutations/verifier.js.map +0 -1
- package/dist/component/server/mutations/verify.js +0 -98
- package/dist/component/server/mutations/verify.js.map +0 -1
- package/dist/component/server/oauth.js +0 -242
- package/dist/component/server/oauth.js.map +0 -1
- package/dist/component/server/passkey.js +0 -415
- package/dist/component/server/passkey.js.map +0 -1
- package/dist/component/server/redirects.js +0 -40
- package/dist/component/server/redirects.js.map +0 -1
- package/dist/component/server/refresh.js +0 -99
- package/dist/component/server/refresh.js.map +0 -1
- package/dist/component/server/runtime.d.ts +0 -136
- package/dist/component/server/runtime.d.ts.map +0 -1
- package/dist/component/server/runtime.js +0 -456
- package/dist/component/server/runtime.js.map +0 -1
- package/dist/component/server/sessions.js +0 -71
- package/dist/component/server/sessions.js.map +0 -1
- package/dist/component/server/signin.js +0 -225
- package/dist/component/server/signin.js.map +0 -1
- package/dist/component/server/tokens.js +0 -17
- package/dist/component/server/tokens.js.map +0 -1
- package/dist/component/server/totp.js +0 -208
- package/dist/component/server/totp.js.map +0 -1
- package/dist/component/server/types.d.ts +0 -949
- package/dist/component/server/types.d.ts.map +0 -1
- package/dist/component/server/types.js +0 -79
- package/dist/component/server/types.js.map +0 -1
- package/dist/component/server/users.js +0 -123
- package/dist/component/server/users.js.map +0 -1
- package/dist/component/server/utils.js +0 -140
- package/dist/component/server/utils.js.map +0 -1
- package/dist/core/types.d.ts +0 -361
- package/dist/core/types.d.ts.map +0 -1
- package/dist/factors/device.js +0 -104
- package/dist/factors/device.js.map +0 -1
- package/dist/factors/passkey.js.map +0 -1
- package/dist/factors/totp.js.map +0 -1
- package/dist/providers/anonymous.d.ts.map +0 -1
- package/dist/providers/anonymous.js.map +0 -1
- package/dist/providers/credentials.d.ts.map +0 -1
- package/dist/providers/credentials.js.map +0 -1
- package/dist/providers/device.d.ts.map +0 -1
- package/dist/providers/device.js.map +0 -1
- package/dist/providers/email.d.ts.map +0 -1
- package/dist/providers/email.js.map +0 -1
- package/dist/providers/oauth.d.ts +0 -69
- package/dist/providers/oauth.d.ts.map +0 -1
- package/dist/providers/oauth.js +0 -43
- package/dist/providers/oauth.js.map +0 -1
- package/dist/providers/passkey.d.ts.map +0 -1
- package/dist/providers/passkey.js.map +0 -1
- package/dist/providers/password.d.ts.map +0 -1
- package/dist/providers/password.js.map +0 -1
- package/dist/providers/phone.d.ts.map +0 -1
- package/dist/providers/phone.js.map +0 -1
- package/dist/providers/sso.d.ts.map +0 -1
- package/dist/providers/sso.js.map +0 -1
- package/dist/providers/totp.d.ts.map +0 -1
- package/dist/providers/totp.js.map +0 -1
- package/dist/runtime/browser.js +0 -68
- package/dist/runtime/browser.js.map +0 -1
- package/dist/runtime/invite.js.map +0 -1
- package/dist/runtime/proxy.js +0 -70
- package/dist/runtime/proxy.js.map +0 -1
- package/dist/runtime/storage.js +0 -37
- package/dist/runtime/storage.js.map +0 -1
- package/dist/server/auth.d.ts.map +0 -1
- package/dist/server/auth.js.map +0 -1
- package/dist/server/config.d.ts +0 -1
- package/dist/server/config.js.map +0 -1
- package/dist/server/context.d.ts +0 -1
- package/dist/server/context.js.map +0 -1
- package/dist/server/cookies.d.ts +0 -1
- package/dist/server/cookies.js.map +0 -1
- package/dist/server/core.d.ts +0 -1315
- package/dist/server/core.d.ts.map +0 -1
- package/dist/server/core.js.map +0 -1
- package/dist/server/crypto.d.ts +0 -8
- package/dist/server/crypto.d.ts.map +0 -1
- package/dist/server/crypto.js.map +0 -1
- package/dist/server/db.d.ts +0 -1
- package/dist/server/db.js.map +0 -1
- package/dist/server/device.d.ts +0 -1
- package/dist/server/device.js.map +0 -1
- package/dist/server/enterprise/config.d.ts +0 -1
- package/dist/server/enterprise/config.js.map +0 -1
- package/dist/server/enterprise/domain.d.ts +0 -401
- package/dist/server/enterprise/domain.d.ts.map +0 -1
- package/dist/server/enterprise/domain.js +0 -974
- package/dist/server/enterprise/domain.js.map +0 -1
- package/dist/server/enterprise/http.d.ts +0 -26
- package/dist/server/enterprise/http.d.ts.map +0 -1
- package/dist/server/enterprise/http.js +0 -787
- package/dist/server/enterprise/http.js.map +0 -1
- package/dist/server/enterprise/oidc.d.ts +0 -1
- package/dist/server/enterprise/oidc.js +0 -248
- package/dist/server/enterprise/oidc.js.map +0 -1
- package/dist/server/enterprise/policy.d.ts +0 -1
- package/dist/server/enterprise/policy.js +0 -85
- package/dist/server/enterprise/policy.js.map +0 -1
- package/dist/server/enterprise/saml.d.ts +0 -1
- package/dist/server/enterprise/saml.js +0 -338
- package/dist/server/enterprise/saml.js.map +0 -1
- package/dist/server/enterprise/scim.d.ts +0 -1
- package/dist/server/enterprise/scim.js +0 -97
- package/dist/server/enterprise/scim.js.map +0 -1
- package/dist/server/enterprise/shared.d.ts +0 -5
- package/dist/server/enterprise/shared.d.ts.map +0 -1
- package/dist/server/enterprise/shared.js +0 -51
- package/dist/server/enterprise/shared.js.map +0 -1
- package/dist/server/enterprise/validators.d.ts +0 -1
- package/dist/server/enterprise/validators.js +0 -60
- package/dist/server/enterprise/validators.js.map +0 -1
- package/dist/server/http.d.ts.map +0 -1
- package/dist/server/http.js.map +0 -1
- package/dist/server/identity.d.ts +0 -1
- package/dist/server/identity.js.map +0 -1
- package/dist/server/keys.d.ts +0 -1
- package/dist/server/keys.js.map +0 -1
- package/dist/server/limits.d.ts +0 -1
- package/dist/server/limits.js.map +0 -1
- package/dist/server/mounts.d.ts.map +0 -1
- package/dist/server/mounts.js.map +0 -1
- package/dist/server/mutations/account.d.ts +0 -29
- package/dist/server/mutations/account.d.ts.map +0 -1
- package/dist/server/mutations/account.js.map +0 -1
- package/dist/server/mutations/code.d.ts +0 -30
- package/dist/server/mutations/code.d.ts.map +0 -1
- package/dist/server/mutations/code.js.map +0 -1
- package/dist/server/mutations/index.d.ts +0 -14
- package/dist/server/mutations/invalidate.d.ts +0 -20
- package/dist/server/mutations/invalidate.d.ts.map +0 -1
- package/dist/server/mutations/invalidate.js.map +0 -1
- package/dist/server/mutations/oauth.d.ts +0 -30
- package/dist/server/mutations/oauth.d.ts.map +0 -1
- package/dist/server/mutations/oauth.js.map +0 -1
- package/dist/server/mutations/refresh.d.ts +0 -21
- package/dist/server/mutations/refresh.d.ts.map +0 -1
- package/dist/server/mutations/refresh.js.map +0 -1
- package/dist/server/mutations/register.d.ts +0 -38
- package/dist/server/mutations/register.d.ts.map +0 -1
- package/dist/server/mutations/register.js.map +0 -1
- package/dist/server/mutations/retrieve.d.ts +0 -33
- package/dist/server/mutations/retrieve.d.ts.map +0 -1
- package/dist/server/mutations/retrieve.js.map +0 -1
- package/dist/server/mutations/signature.d.ts +0 -21
- package/dist/server/mutations/signature.d.ts.map +0 -1
- package/dist/server/mutations/signature.js.map +0 -1
- package/dist/server/mutations/signin.d.ts +0 -22
- package/dist/server/mutations/signin.d.ts.map +0 -1
- package/dist/server/mutations/signin.js.map +0 -1
- package/dist/server/mutations/signout.d.ts +0 -16
- package/dist/server/mutations/signout.d.ts.map +0 -1
- package/dist/server/mutations/signout.js.map +0 -1
- package/dist/server/mutations/store/refs.d.ts +0 -12
- package/dist/server/mutations/store/refs.d.ts.map +0 -1
- package/dist/server/mutations/store/refs.js.map +0 -1
- package/dist/server/mutations/store.d.ts +0 -306
- package/dist/server/mutations/store.d.ts.map +0 -1
- package/dist/server/mutations/store.js.map +0 -1
- package/dist/server/mutations/verifier.d.ts +0 -13
- package/dist/server/mutations/verifier.d.ts.map +0 -1
- package/dist/server/mutations/verifier.js.map +0 -1
- package/dist/server/mutations/verify.d.ts +0 -26
- package/dist/server/mutations/verify.d.ts.map +0 -1
- package/dist/server/mutations/verify.js.map +0 -1
- package/dist/server/oauth.d.ts +0 -1
- package/dist/server/oauth.js +0 -242
- package/dist/server/oauth.js.map +0 -1
- package/dist/server/passkey.d.ts +0 -27
- package/dist/server/passkey.d.ts.map +0 -1
- package/dist/server/passkey.js.map +0 -1
- package/dist/server/redirects.d.ts +0 -1
- package/dist/server/redirects.js.map +0 -1
- package/dist/server/refresh.d.ts +0 -1
- package/dist/server/refresh.js.map +0 -1
- package/dist/server/runtime.d.ts.map +0 -1
- package/dist/server/runtime.js.map +0 -1
- package/dist/server/sessions.d.ts +0 -1
- package/dist/server/sessions.js.map +0 -1
- package/dist/server/signin.d.ts +0 -1
- package/dist/server/signin.js.map +0 -1
- package/dist/server/ssr.d.ts.map +0 -1
- package/dist/server/ssr.js +0 -777
- package/dist/server/ssr.js.map +0 -1
- package/dist/server/templates.d.ts +0 -1
- package/dist/server/templates.js.map +0 -1
- package/dist/server/tokens.d.ts +0 -1
- package/dist/server/tokens.js.map +0 -1
- package/dist/server/totp.d.ts +0 -1
- package/dist/server/totp.js.map +0 -1
- package/dist/server/types.d.ts.map +0 -1
- package/dist/server/types.js.map +0 -1
- package/dist/server/users.d.ts +0 -1
- package/dist/server/users.js.map +0 -1
- package/dist/server/utils.d.ts +0 -1
- package/dist/server/utils.js +0 -140
- package/dist/server/utils.js.map +0 -1
- package/src/authorization/index.ts +0 -83
- package/src/cli/bin.ts +0 -5
- package/src/cli/command.ts +0 -70
- package/src/cli/index.ts +0 -1112
- package/src/cli/keys.ts +0 -23
- package/src/client/core/types.ts +0 -437
- package/src/client/factors/device.ts +0 -158
- package/src/client/factors/passkey.ts +0 -279
- package/src/client/factors/totp.ts +0 -150
- package/src/client/index.ts +0 -1124
- package/src/client/runtime/browser.ts +0 -112
- package/src/client/runtime/invite.ts +0 -63
- package/src/client/runtime/proxy.ts +0 -111
- package/src/client/runtime/storage.ts +0 -79
- package/src/component/_generated/api.ts +0 -96
- package/src/component/_generated/component.ts +0 -3774
- package/src/component/_generated/dataModel.ts +0 -60
- package/src/component/_generated/server.ts +0 -156
- package/src/component/convex.config.ts +0 -5
- package/src/component/functions.ts +0 -104
- package/src/component/index.ts +0 -42
- package/src/component/model.ts +0 -449
- package/src/component/public/enterprise/audit.ts +0 -125
- package/src/component/public/enterprise/core.ts +0 -355
- package/src/component/public/enterprise/domains.ts +0 -327
- package/src/component/public/enterprise/scim.ts +0 -397
- package/src/component/public/enterprise/secrets.ts +0 -133
- package/src/component/public/enterprise/webhooks.ts +0 -307
- package/src/component/public/factors/devices.ts +0 -224
- package/src/component/public/factors/passkeys.ts +0 -243
- package/src/component/public/factors/totp.ts +0 -259
- package/src/component/public/groups/core.ts +0 -481
- package/src/component/public/groups/invites.ts +0 -608
- package/src/component/public/groups/members.ts +0 -410
- package/src/component/public/identity/accounts.ts +0 -207
- package/src/component/public/identity/codes.ts +0 -149
- package/src/component/public/identity/sessions.ts +0 -210
- package/src/component/public/identity/tokens.ts +0 -251
- package/src/component/public/identity/users.ts +0 -355
- package/src/component/public/identity/verifiers.ts +0 -158
- package/src/component/public/security/keys.ts +0 -366
- package/src/component/public/security/limits.ts +0 -174
- package/src/component/public.ts +0 -27
- package/src/component/schema.ts +0 -505
- package/src/providers/anonymous.ts +0 -99
- package/src/providers/credentials.ts +0 -102
- package/src/providers/device.ts +0 -87
- package/src/providers/email.ts +0 -99
- package/src/providers/index.ts +0 -31
- package/src/providers/oauth.ts +0 -117
- package/src/providers/passkey.ts +0 -77
- package/src/providers/password.ts +0 -441
- package/src/providers/phone.ts +0 -93
- package/src/providers/sso.ts +0 -54
- package/src/providers/totp.ts +0 -62
- package/src/samlify.d.ts +0 -53
- package/src/server/auth.ts +0 -949
- package/src/server/config.ts +0 -200
- package/src/server/context.ts +0 -90
- package/src/server/cookies.ts +0 -49
- package/src/server/core.ts +0 -2004
- package/src/server/crypto.ts +0 -90
- package/src/server/db.ts +0 -203
- package/src/server/device.ts +0 -254
- package/src/server/enterprise/config.ts +0 -51
- package/src/server/enterprise/domain.ts +0 -1739
- package/src/server/enterprise/http.ts +0 -1331
- package/src/server/enterprise/oidc.ts +0 -500
- package/src/server/enterprise/policy.ts +0 -128
- package/src/server/enterprise/saml.ts +0 -578
- package/src/server/enterprise/scim.ts +0 -135
- package/src/server/enterprise/shared.ts +0 -134
- package/src/server/enterprise/validators.ts +0 -93
- package/src/server/http.ts +0 -790
- package/src/server/identity.ts +0 -18
- package/src/server/index.ts +0 -40
- package/src/server/keys.ts +0 -158
- package/src/server/limits.ts +0 -107
- package/src/server/mounts.ts +0 -924
- package/src/server/mutations/account.ts +0 -62
- package/src/server/mutations/code.ts +0 -119
- package/src/server/mutations/index.ts +0 -13
- package/src/server/mutations/invalidate.ts +0 -50
- package/src/server/mutations/oauth.ts +0 -243
- package/src/server/mutations/refresh.ts +0 -299
- package/src/server/mutations/register.ts +0 -155
- package/src/server/mutations/retrieve.ts +0 -109
- package/src/server/mutations/signature.ts +0 -57
- package/src/server/mutations/signin.ts +0 -54
- package/src/server/mutations/signout.ts +0 -43
- package/src/server/mutations/store/refs.ts +0 -10
- package/src/server/mutations/store.ts +0 -123
- package/src/server/mutations/verifier.ts +0 -34
- package/src/server/mutations/verify.ts +0 -200
- package/src/server/oauth.ts +0 -418
- package/src/server/passkey.ts +0 -838
- package/src/server/redirects.ts +0 -59
- package/src/server/refresh.ts +0 -218
- package/src/server/runtime.ts +0 -918
- package/src/server/sessions.ts +0 -132
- package/src/server/signin.ts +0 -445
- package/src/server/ssr.ts +0 -1747
- package/src/server/templates.ts +0 -82
- package/src/server/tokens.ts +0 -35
- package/src/server/totp.ts +0 -399
- package/src/server/types.ts +0 -1942
- package/src/server/users.ts +0 -291
- package/src/server/utils.ts +0 -220
- /package/dist/{runtime → client/runtime}/invite.js +0 -0
|
@@ -1,212 +0,0 @@
|
|
|
1
|
-
declare namespace users_d_exports {
|
|
2
|
-
export { userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* List users with optional filtering, sorting, and cursor-based pagination.
|
|
6
|
-
*
|
|
7
|
-
* Supports filtering by `email`, `phone`, `isAnonymous`, and `name`. When an
|
|
8
|
-
* `email` or `phone` filter is provided, the corresponding database index is
|
|
9
|
-
* used for efficient lookup; other filters are applied in-memory. Results are
|
|
10
|
-
* returned as a paginated response `{ items, nextCursor }` -- pass `nextCursor`
|
|
11
|
-
* back as `cursor` to fetch the next page, or receive `null` when all results
|
|
12
|
-
* have been exhausted.
|
|
13
|
-
*
|
|
14
|
-
* @param args.where - Optional filter object. Fields: `email` (exact match),
|
|
15
|
-
* `phone` (exact match), `isAnonymous` (boolean), `name` (exact match).
|
|
16
|
-
* @param args.limit - Maximum number of users to return per page (1--100, default 50).
|
|
17
|
-
* @param args.cursor - An opaque cursor string from a previous response's `nextCursor`
|
|
18
|
-
* to continue pagination, or `null` / omitted to start from the beginning.
|
|
19
|
-
* @param args.orderBy - The field to sort results by. One of `"_creationTime"`,
|
|
20
|
-
* `"name"`, `"email"`, or `"phone"`. Defaults to `"_creationTime"`.
|
|
21
|
-
* @param args.order - Sort direction: `"asc"` or `"desc"` (default `"desc"`).
|
|
22
|
-
* @returns An object with `items` (array of user documents) and `nextCursor`
|
|
23
|
-
* (`string | null`) for fetching subsequent pages.
|
|
24
|
-
*
|
|
25
|
-
* @example
|
|
26
|
-
* ```ts
|
|
27
|
-
* // Fetch the first page of non-anonymous users
|
|
28
|
-
* const page1 = await ctx.runQuery(
|
|
29
|
-
* component.identity.users.userList,
|
|
30
|
-
* { where: { isAnonymous: false }, limit: 20 },
|
|
31
|
-
* );
|
|
32
|
-
* console.log(page1.items);
|
|
33
|
-
*
|
|
34
|
-
* // Fetch the next page
|
|
35
|
-
* if (page1.nextCursor !== null) {
|
|
36
|
-
* const page2 = await ctx.runQuery(
|
|
37
|
-
* component.identity.users.userList,
|
|
38
|
-
* { where: { isAnonymous: false }, limit: 20, cursor: page1.nextCursor },
|
|
39
|
-
* );
|
|
40
|
-
* }
|
|
41
|
-
* ```
|
|
42
|
-
*/
|
|
43
|
-
declare const userList: any;
|
|
44
|
-
/**
|
|
45
|
-
* Retrieve a single user by their Convex document ID.
|
|
46
|
-
*
|
|
47
|
-
* Performs a direct point lookup on the `User` table. Returns `null` if the
|
|
48
|
-
* user has been deleted or never existed.
|
|
49
|
-
*
|
|
50
|
-
* @param args.userId - The Convex document ID (`Id<"User">`) of the user to retrieve.
|
|
51
|
-
* @returns The user document if it exists, or `null` otherwise.
|
|
52
|
-
*
|
|
53
|
-
* @example
|
|
54
|
-
* ```ts
|
|
55
|
-
* const user = await ctx.runQuery(
|
|
56
|
-
* component.identity.users.userGetById,
|
|
57
|
-
* { userId: session.userId },
|
|
58
|
-
* );
|
|
59
|
-
* if (user !== null) {
|
|
60
|
-
* console.log(`Name: ${user.name}, Email: ${user.email}`);
|
|
61
|
-
* }
|
|
62
|
-
* ```
|
|
63
|
-
*/
|
|
64
|
-
declare const userGetById: any;
|
|
65
|
-
/**
|
|
66
|
-
* Find a user by their verified email address.
|
|
67
|
-
*
|
|
68
|
-
* Queries the `User` table using the `email_verified` index to locate users
|
|
69
|
-
* whose `email` matches and whose `emailVerificationTime` is set. If exactly
|
|
70
|
-
* one user is found, that document is returned. Returns `null` if no user has
|
|
71
|
-
* this email verified or if multiple users share the same verified email
|
|
72
|
-
* (an ambiguous state that should not occur in normal operation).
|
|
73
|
-
*
|
|
74
|
-
* @param args.email - The verified email address to search for (case-sensitive, exact match).
|
|
75
|
-
* @returns The matching user document if exactly one verified user is found, or `null` otherwise.
|
|
76
|
-
*
|
|
77
|
-
* @example
|
|
78
|
-
* ```ts
|
|
79
|
-
* const user = await ctx.runQuery(
|
|
80
|
-
* component.identity.users.userFindByVerifiedEmail,
|
|
81
|
-
* { email: "alice@example.com" },
|
|
82
|
-
* );
|
|
83
|
-
* if (user !== null) {
|
|
84
|
-
* console.log(`Found verified user: ${user._id}`);
|
|
85
|
-
* }
|
|
86
|
-
* ```
|
|
87
|
-
*/
|
|
88
|
-
declare const userFindByVerifiedEmail: any;
|
|
89
|
-
/**
|
|
90
|
-
* Find a user by their verified phone number.
|
|
91
|
-
*
|
|
92
|
-
* Queries the `User` table using the `phone_verified` index to locate users
|
|
93
|
-
* whose `phone` matches and whose `phoneVerificationTime` is set. If exactly
|
|
94
|
-
* one user is found, that document is returned. Returns `null` if no user has
|
|
95
|
-
* this phone verified or if multiple users share the same verified phone
|
|
96
|
-
* (an ambiguous state that should not occur in normal operation).
|
|
97
|
-
*
|
|
98
|
-
* @param args.phone - The verified phone number to search for (exact match, e.g. `"+15551234567"`).
|
|
99
|
-
* @returns The matching user document if exactly one verified user is found, or `null` otherwise.
|
|
100
|
-
*
|
|
101
|
-
* @example
|
|
102
|
-
* ```ts
|
|
103
|
-
* const user = await ctx.runQuery(
|
|
104
|
-
* component.identity.users.userFindByVerifiedPhone,
|
|
105
|
-
* { phone: "+15551234567" },
|
|
106
|
-
* );
|
|
107
|
-
* if (user !== null) {
|
|
108
|
-
* console.log(`Found verified user: ${user._id}`);
|
|
109
|
-
* }
|
|
110
|
-
* ```
|
|
111
|
-
*/
|
|
112
|
-
declare const userFindByVerifiedPhone: any;
|
|
113
|
-
/**
|
|
114
|
-
* Insert a new user document into the `User` table.
|
|
115
|
-
*
|
|
116
|
-
* Creates a brand-new user record. The `data` argument should conform to the
|
|
117
|
-
* User table schema (e.g. `name`, `email`, `phone`, `isAnonymous`, `image`,
|
|
118
|
-
* `extend`), but is typed as `any` to allow flexible extension.
|
|
119
|
-
*
|
|
120
|
-
* @param args.data - The user document fields to insert. Typically includes `name`,
|
|
121
|
-
* `email`, `isAnonymous`, and any custom fields under `extend`.
|
|
122
|
-
* @returns The document ID of the newly created user.
|
|
123
|
-
*
|
|
124
|
-
* @example
|
|
125
|
-
* ```ts
|
|
126
|
-
* const userId = await ctx.runMutation(
|
|
127
|
-
* component.identity.users.userInsert,
|
|
128
|
-
* {
|
|
129
|
-
* data: {
|
|
130
|
-
* name: "Alice",
|
|
131
|
-
* email: "alice@example.com",
|
|
132
|
-
* isAnonymous: false,
|
|
133
|
-
* },
|
|
134
|
-
* },
|
|
135
|
-
* );
|
|
136
|
-
* ```
|
|
137
|
-
*/
|
|
138
|
-
declare const userInsert: any;
|
|
139
|
-
/**
|
|
140
|
-
* Insert a new user or update an existing one (upsert).
|
|
141
|
-
*
|
|
142
|
-
* When `userId` is provided and refers to an existing user, the document is
|
|
143
|
-
* patched with the supplied `data` and the same `userId` is returned. When
|
|
144
|
-
* `userId` is omitted or `undefined`, a new user document is inserted and its
|
|
145
|
-
* generated ID is returned. This is the primary mechanism used during sign-in
|
|
146
|
-
* flows to either create or refresh user profile data.
|
|
147
|
-
*
|
|
148
|
-
* @param args.userId - The document ID of an existing user to update. If `undefined`,
|
|
149
|
-
* a new user is created instead.
|
|
150
|
-
* @param args.data - The user document fields to insert or merge. Accepts the same
|
|
151
|
-
* shape as the User table schema.
|
|
152
|
-
* @returns The document ID of the created or updated user.
|
|
153
|
-
*
|
|
154
|
-
* @example
|
|
155
|
-
* ```ts
|
|
156
|
-
* // Create a new user if none exists, or update the existing one
|
|
157
|
-
* const userId = await ctx.runMutation(
|
|
158
|
-
* component.identity.users.userUpsert,
|
|
159
|
-
* {
|
|
160
|
-
* userId: existingUserId ?? undefined,
|
|
161
|
-
* data: { name: "Alice", email: "alice@example.com" },
|
|
162
|
-
* },
|
|
163
|
-
* );
|
|
164
|
-
* ```
|
|
165
|
-
*/
|
|
166
|
-
declare const userUpsert: any;
|
|
167
|
-
/**
|
|
168
|
-
* Patch an existing user document with partial data.
|
|
169
|
-
*
|
|
170
|
-
* Merges the provided fields into the existing user document. Fields not
|
|
171
|
-
* included in `data` are left unchanged. Useful for updating profile
|
|
172
|
-
* information such as `name`, `email`, or custom `extend` fields without
|
|
173
|
-
* overwriting the entire document.
|
|
174
|
-
*
|
|
175
|
-
* @param args.userId - The document ID of the user to update.
|
|
176
|
-
* @param args.data - A partial object containing the fields to merge into the user document.
|
|
177
|
-
* @returns `null` on success.
|
|
178
|
-
*
|
|
179
|
-
* @example
|
|
180
|
-
* ```ts
|
|
181
|
-
* await ctx.runMutation(
|
|
182
|
-
* component.identity.users.userPatch,
|
|
183
|
-
* {
|
|
184
|
-
* userId: user._id,
|
|
185
|
-
* data: { name: "Alice Smith", image: "https://example.com/avatar.png" },
|
|
186
|
-
* },
|
|
187
|
-
* );
|
|
188
|
-
* ```
|
|
189
|
-
*/
|
|
190
|
-
declare const userPatch: any;
|
|
191
|
-
/**
|
|
192
|
-
* Delete a user document by ID.
|
|
193
|
-
*
|
|
194
|
-
* Removes the user from the `User` table. This is a no-op if the user does not
|
|
195
|
-
* exist (i.e. was already deleted). Callers should ensure that related resources
|
|
196
|
-
* such as accounts, sessions, and refresh tokens are cleaned up separately.
|
|
197
|
-
*
|
|
198
|
-
* @param args.userId - The document ID of the user to delete.
|
|
199
|
-
* @returns `null` on success (including when the user was already absent).
|
|
200
|
-
*
|
|
201
|
-
* @example
|
|
202
|
-
* ```ts
|
|
203
|
-
* await ctx.runMutation(
|
|
204
|
-
* component.identity.users.userDelete,
|
|
205
|
-
* { userId: user._id },
|
|
206
|
-
* );
|
|
207
|
-
* ```
|
|
208
|
-
*/
|
|
209
|
-
declare const userDelete: any;
|
|
210
|
-
//#endregion
|
|
211
|
-
export { userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert, users_d_exports };
|
|
212
|
-
//# sourceMappingURL=users.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"users.d.ts","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"mappings":";;;;;;;;;;;;;;;;AA4CA;;;;;AA6FA;;;;;AA+BA;;;;;AAqCA;;;;;AAuCA;;;;;AAmCA;cA3Oa,QAAA;;;;AA8Qb;;;;;AA2BA;;;;;;;;;;;;cA5Ma,WAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAqCA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAuCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,SAAA;;;;;;;;;;;;;;;;;;;cA2BA,UAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vUserDoc } from \"../../model\";\n\n/**\n * List users with optional filtering, sorting, and cursor-based pagination.\n *\n * Supports filtering by `email`, `phone`, `isAnonymous`, and `name`. When an\n * `email` or `phone` filter is provided, the corresponding database index is\n * used for efficient lookup; other filters are applied in-memory. Results are\n * returned as a paginated response `{ items, nextCursor }` -- pass `nextCursor`\n * back as `cursor` to fetch the next page, or receive `null` when all results\n * have been exhausted.\n *\n * @param args.where - Optional filter object. Fields: `email` (exact match),\n * `phone` (exact match), `isAnonymous` (boolean), `name` (exact match).\n * @param args.limit - Maximum number of users to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n * to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.orderBy - The field to sort results by. One of `\"_creationTime\"`,\n * `\"name\"`, `\"email\"`, or `\"phone\"`. Defaults to `\"_creationTime\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of user documents) and `nextCursor`\n * (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // Fetch the first page of non-anonymous users\n * const page1 = await ctx.runQuery(\n * component.identity.users.userList,\n * { where: { isAnonymous: false }, limit: 20 },\n * );\n * console.log(page1.items);\n *\n * // Fetch the next page\n * if (page1.nextCursor !== null) {\n * const page2 = await ctx.runQuery(\n * component.identity.users.userList,\n * { where: { isAnonymous: false }, limit: 20, cursor: page1.nextCursor },\n * );\n * }\n * ```\n */\nexport const userList = query({\n args: {\n where: v.optional(\n v.object({\n email: v.optional(v.string()),\n phone: v.optional(v.string()),\n isAnonymous: v.optional(v.boolean()),\n name: v.optional(v.string()),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(\n v.union(\n v.literal(\"_creationTime\"),\n v.literal(\"name\"),\n v.literal(\"email\"),\n v.literal(\"phone\"),\n ),\n ),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vUserDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n // Pick index based on where fields\n let q;\n if (where.email !== undefined) {\n q = ctx.db\n .query(\"User\")\n .withIndex(\"email\", (idx) => idx.eq(\"email\", where.email!));\n } else if (where.phone !== undefined) {\n q = ctx.db\n .query(\"User\")\n .withIndex(\"phone\", (idx) => idx.eq(\"phone\", where.phone!));\n } else {\n q = ctx.db.query(\"User\");\n }\n\n // Apply remaining filters\n if (where.isAnonymous !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"isAnonymous\"), where.isAnonymous!));\n }\n if (where.name !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n }\n // email/phone filters when not used as index\n if (where.email !== undefined && where.phone !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"phone\"), where.phone!));\n }\n\n q = q.order(order);\n\n // Cursor-based pagination: skip past the cursor ID\n const all = await q.collect();\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Retrieve a single user by their Convex document ID.\n *\n * Performs a direct point lookup on the `User` table. Returns `null` if the\n * user has been deleted or never existed.\n *\n * @param args.userId - The Convex document ID (`Id<\"User\">`) of the user to retrieve.\n * @returns The user document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n * component.identity.users.userGetById,\n * { userId: session.userId },\n * );\n * if (user !== null) {\n * console.log(`Name: ${user.name}, Email: ${user.email}`);\n * }\n * ```\n */\nexport const userGetById = query({\n args: { userId: v.id(\"User\") },\n returns: v.union(vUserDoc, v.null()),\n handler: async (ctx, { userId }) => {\n return await ctx.db.get(\"User\", userId);\n },\n});\n\n/**\n * Find a user by their verified email address.\n *\n * Queries the `User` table using the `email_verified` index to locate users\n * whose `email` matches and whose `emailVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this email verified or if multiple users share the same verified email\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.email - The verified email address to search for (case-sensitive, exact match).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n * component.identity.users.userFindByVerifiedEmail,\n * { email: \"alice@example.com\" },\n * );\n * if (user !== null) {\n * console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedEmail = query({\n args: { email: v.string() },\n returns: v.union(vUserDoc, v.null()),\n handler: async (ctx, { email }) => {\n const users = await ctx.db\n .query(\"User\")\n .withIndex(\"email_verified\", (q) =>\n q.eq(\"email\", email).gt(\"emailVerificationTime\", undefined),\n )\n .take(2);\n return users.length === 1 ? users[0] : null;\n },\n});\n\n/**\n * Find a user by their verified phone number.\n *\n * Queries the `User` table using the `phone_verified` index to locate users\n * whose `phone` matches and whose `phoneVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this phone verified or if multiple users share the same verified phone\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.phone - The verified phone number to search for (exact match, e.g. `\"+15551234567\"`).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n * component.identity.users.userFindByVerifiedPhone,\n * { phone: \"+15551234567\" },\n * );\n * if (user !== null) {\n * console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedPhone = query({\n args: { phone: v.string() },\n returns: v.union(vUserDoc, v.null()),\n handler: async (ctx, { phone }) => {\n const users = await ctx.db\n .query(\"User\")\n .withIndex(\"phone_verified\", (q) =>\n q.eq(\"phone\", phone).gt(\"phoneVerificationTime\", undefined),\n )\n .take(2);\n return users.length === 1 ? users[0] : null;\n },\n});\n\n/**\n * Insert a new user document into the `User` table.\n *\n * Creates a brand-new user record. The `data` argument should conform to the\n * User table schema (e.g. `name`, `email`, `phone`, `isAnonymous`, `image`,\n * `extend`), but is typed as `any` to allow flexible extension.\n *\n * @param args.data - The user document fields to insert. Typically includes `name`,\n * `email`, `isAnonymous`, and any custom fields under `extend`.\n * @returns The document ID of the newly created user.\n *\n * @example\n * ```ts\n * const userId = await ctx.runMutation(\n * component.identity.users.userInsert,\n * {\n * data: {\n * name: \"Alice\",\n * email: \"alice@example.com\",\n * isAnonymous: false,\n * },\n * },\n * );\n * ```\n */\nexport const userInsert = mutation({\n args: { data: v.any() },\n returns: v.id(\"User\"),\n handler: async (ctx, { data }) => {\n return await ctx.db.insert(\"User\", data);\n },\n});\n\n/**\n * Insert a new user or update an existing one (upsert).\n *\n * When `userId` is provided and refers to an existing user, the document is\n * patched with the supplied `data` and the same `userId` is returned. When\n * `userId` is omitted or `undefined`, a new user document is inserted and its\n * generated ID is returned. This is the primary mechanism used during sign-in\n * flows to either create or refresh user profile data.\n *\n * @param args.userId - The document ID of an existing user to update. If `undefined`,\n * a new user is created instead.\n * @param args.data - The user document fields to insert or merge. Accepts the same\n * shape as the User table schema.\n * @returns The document ID of the created or updated user.\n *\n * @example\n * ```ts\n * // Create a new user if none exists, or update the existing one\n * const userId = await ctx.runMutation(\n * component.identity.users.userUpsert,\n * {\n * userId: existingUserId ?? undefined,\n * data: { name: \"Alice\", email: \"alice@example.com\" },\n * },\n * );\n * ```\n */\nexport const userUpsert = mutation({\n args: { userId: v.optional(v.id(\"User\")), data: v.any() },\n returns: v.id(\"User\"),\n handler: async (ctx, { userId, data }) => {\n if (userId !== undefined) {\n await ctx.db.patch(\"User\", userId, data);\n return userId;\n }\n return await ctx.db.insert(\"User\", data);\n },\n});\n\n/**\n * Patch an existing user document with partial data.\n *\n * Merges the provided fields into the existing user document. Fields not\n * included in `data` are left unchanged. Useful for updating profile\n * information such as `name`, `email`, or custom `extend` fields without\n * overwriting the entire document.\n *\n * @param args.userId - The document ID of the user to update.\n * @param args.data - A partial object containing the fields to merge into the user document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.users.userPatch,\n * {\n * userId: user._id,\n * data: { name: \"Alice Smith\", image: \"https://example.com/avatar.png\" },\n * },\n * );\n * ```\n */\nexport const userPatch = mutation({\n args: { userId: v.id(\"User\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { userId, data }) => {\n await ctx.db.patch(\"User\", userId, data);\n return null;\n },\n});\n\n/**\n * Delete a user document by ID.\n *\n * Removes the user from the `User` table. This is a no-op if the user does not\n * exist (i.e. was already deleted). Callers should ensure that related resources\n * such as accounts, sessions, and refresh tokens are cleaned up separately.\n *\n * @param args.userId - The document ID of the user to delete.\n * @returns `null` on success (including when the user was already absent).\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.users.userDelete,\n * { userId: user._id },\n * );\n * ```\n */\nexport const userDelete = mutation({\n args: { userId: v.id(\"User\") },\n returns: v.null(),\n handler: async (ctx, { userId }) => {\n if ((await ctx.db.get(\"User\", userId)) !== null) {\n await ctx.db.delete(\"User\", userId);\n }\n return null;\n },\n});\n\n// ============================================================================\n// Accounts\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4CA,MAAa,WAAW,MAAM;CAC5B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;GACpC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,QAAQ,CACnB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,SAAS;CAC7B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI;AACJ,MAAI,MAAM,UAAU,OAClB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;WACpD,MAAM,UAAU,OACzB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;MAE7D,KAAI,IAAI,GAAG,MAAM,OAAO;AAI1B,MAAI,MAAM,gBAAgB,OACxB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,EAAE,MAAM,YAAa,CAAC;AAEvE,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAGzD,MAAI,MAAM,UAAU,UAAa,MAAM,UAAU,OAC/C,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAO,CAAC;AAG3D,MAAI,EAAE,MAAM,MAAM;EAGlB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;CACvB,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,aAAa,SAAS;CACjC,MAAM;EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,MAAI,WAAW,QAAW;AACxB,SAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,UAAO;;AAET,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,YAAY,SAAS;CAChC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,QAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;AAoBF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,MAAK,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO,KAAM,KACzC,OAAM,IAAI,GAAG,OAAO,QAAQ,OAAO;AAErC,SAAO;;CAEV,CAAC"}
|
|
@@ -1,116 +0,0 @@
|
|
|
1
|
-
declare namespace verifiers_d_exports {
|
|
2
|
-
export { verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Create a new PKCE verifier, optionally linked to a session.
|
|
6
|
-
*
|
|
7
|
-
* Inserts a document into the `AuthVerifier` table. Verifiers are used during
|
|
8
|
-
* OAuth/OIDC flows to implement the PKCE (Proof Key for Code Exchange) pattern,
|
|
9
|
-
* preventing authorization code interception attacks. The verifier can optionally
|
|
10
|
-
* be linked to an existing session for session-aware flows.
|
|
11
|
-
*
|
|
12
|
-
* @param args.sessionId - An optional session document ID to associate with the verifier.
|
|
13
|
-
* When provided, the verifier is scoped to the given session.
|
|
14
|
-
* @returns The document ID of the newly created verifier.
|
|
15
|
-
*
|
|
16
|
-
* @example
|
|
17
|
-
* ```ts
|
|
18
|
-
* const verifierId = await ctx.runMutation(
|
|
19
|
-
* component.identity.verifiers.verifierCreate,
|
|
20
|
-
* { sessionId: session._id },
|
|
21
|
-
* );
|
|
22
|
-
* ```
|
|
23
|
-
*/
|
|
24
|
-
declare const verifierCreate: any;
|
|
25
|
-
/**
|
|
26
|
-
* Retrieve a single verifier by its Convex document ID.
|
|
27
|
-
*
|
|
28
|
-
* Performs a direct point lookup on the `AuthVerifier` table. Returns `null` if
|
|
29
|
-
* the verifier has been deleted or never existed.
|
|
30
|
-
*
|
|
31
|
-
* @param args.verifierId - The Convex document ID (`Id<"AuthVerifier">`) of the verifier to retrieve.
|
|
32
|
-
* @returns The verifier document if it exists, or `null` otherwise.
|
|
33
|
-
*
|
|
34
|
-
* @example
|
|
35
|
-
* ```ts
|
|
36
|
-
* const verifier = await ctx.runQuery(
|
|
37
|
-
* component.identity.verifiers.verifierGetById,
|
|
38
|
-
* { verifierId: storedVerifierId },
|
|
39
|
-
* );
|
|
40
|
-
* if (verifier !== null) {
|
|
41
|
-
* console.log(`Verifier signature: ${verifier.signature}`);
|
|
42
|
-
* }
|
|
43
|
-
* ```
|
|
44
|
-
*/
|
|
45
|
-
declare const verifierGetById: any;
|
|
46
|
-
/**
|
|
47
|
-
* Look up a verifier by its cryptographic signature.
|
|
48
|
-
*
|
|
49
|
-
* Queries the `AuthVerifier` table using the `signature` index to find the
|
|
50
|
-
* unique verifier matching the given signature string. This is the primary
|
|
51
|
-
* lookup used during the OAuth callback phase to correlate the incoming
|
|
52
|
-
* authorization response with the original PKCE challenge.
|
|
53
|
-
*
|
|
54
|
-
* @param args.signature - The cryptographic signature string to search for (exact match).
|
|
55
|
-
* @returns The matching verifier document, or `null` if no verifier has the given signature.
|
|
56
|
-
*
|
|
57
|
-
* @example
|
|
58
|
-
* ```ts
|
|
59
|
-
* const verifier = await ctx.runQuery(
|
|
60
|
-
* component.identity.verifiers.verifierGetBySignature,
|
|
61
|
-
* { signature: incomingStateParam },
|
|
62
|
-
* );
|
|
63
|
-
* if (verifier === null) {
|
|
64
|
-
* throw new Error("Invalid or expired OAuth state");
|
|
65
|
-
* }
|
|
66
|
-
* ```
|
|
67
|
-
*/
|
|
68
|
-
declare const verifierGetBySignature: any;
|
|
69
|
-
/**
|
|
70
|
-
* Patch a verifier document with partial data.
|
|
71
|
-
*
|
|
72
|
-
* Merges the provided fields into the existing verifier document. This is
|
|
73
|
-
* typically used to set the `signature` field after the verifier is initially
|
|
74
|
-
* created, or to associate a `sessionId` with an existing verifier.
|
|
75
|
-
*
|
|
76
|
-
* @param args.verifierId - The document ID of the verifier to update.
|
|
77
|
-
* @param args.data - A partial object containing the fields to merge into the verifier document
|
|
78
|
-
* (e.g. `{ signature: string }` or `{ sessionId: Id<"Session"> }`).
|
|
79
|
-
* @returns `null` on success.
|
|
80
|
-
*
|
|
81
|
-
* @example
|
|
82
|
-
* ```ts
|
|
83
|
-
* // Set the PKCE signature on the verifier
|
|
84
|
-
* await ctx.runMutation(
|
|
85
|
-
* component.identity.verifiers.verifierPatch,
|
|
86
|
-
* {
|
|
87
|
-
* verifierId: verifier._id,
|
|
88
|
-
* data: { signature: generatedSignature },
|
|
89
|
-
* },
|
|
90
|
-
* );
|
|
91
|
-
* ```
|
|
92
|
-
*/
|
|
93
|
-
declare const verifierPatch: any;
|
|
94
|
-
/**
|
|
95
|
-
* Delete a verifier document permanently.
|
|
96
|
-
*
|
|
97
|
-
* Removes the verifier from the `AuthVerifier` table. This is typically called
|
|
98
|
-
* after a successful OAuth callback to clean up the consumed PKCE state, or
|
|
99
|
-
* to expire stale verifiers that were never completed.
|
|
100
|
-
*
|
|
101
|
-
* @param args.verifierId - The document ID of the verifier to delete.
|
|
102
|
-
* @returns `null` on success.
|
|
103
|
-
*
|
|
104
|
-
* @example
|
|
105
|
-
* ```ts
|
|
106
|
-
* // Clean up the verifier after a successful OAuth exchange
|
|
107
|
-
* await ctx.runMutation(
|
|
108
|
-
* component.identity.verifiers.verifierDelete,
|
|
109
|
-
* { verifierId: verifier._id },
|
|
110
|
-
* );
|
|
111
|
-
* ```
|
|
112
|
-
*/
|
|
113
|
-
declare const verifierDelete: any;
|
|
114
|
-
//#endregion
|
|
115
|
-
export { verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch, verifiers_d_exports };
|
|
116
|
-
//# sourceMappingURL=verifiers.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"verifiers.d.ts","names":[],"sources":["../../../../src/component/public/identity/verifiers.ts"],"mappings":";;;;;;;;;;;;;AAyBA;;;;;AA4BA;;;;;cA5Ba,cAAA;;;;;AA6Fb;;;;;AA4BA;;;;;;;;;;;cA7Fa,eAAA;;;;;;;;;;;;;;;;;;;;;;;cA8BA,sBAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,aAAA;;;;;;;;;;;;;;;;;;;;cA4BA,cAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"verifiers.js","names":[],"sources":["../../../../src/component/public/identity/verifiers.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vAuthVerifierDoc } from \"../../model\";\n\n/**\n * Create a new PKCE verifier, optionally linked to a session.\n *\n * Inserts a document into the `AuthVerifier` table. Verifiers are used during\n * OAuth/OIDC flows to implement the PKCE (Proof Key for Code Exchange) pattern,\n * preventing authorization code interception attacks. The verifier can optionally\n * be linked to an existing session for session-aware flows.\n *\n * @param args.sessionId - An optional session document ID to associate with the verifier.\n * When provided, the verifier is scoped to the given session.\n * @returns The document ID of the newly created verifier.\n *\n * @example\n * ```ts\n * const verifierId = await ctx.runMutation(\n * component.identity.verifiers.verifierCreate,\n * { sessionId: session._id },\n * );\n * ```\n */\nexport const verifierCreate = mutation({\n args: { sessionId: v.optional(v.id(\"Session\")) },\n returns: v.id(\"AuthVerifier\"),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db.insert(\"AuthVerifier\", { sessionId: sessionId as any });\n },\n});\n\n/**\n * Retrieve a single verifier by its Convex document ID.\n *\n * Performs a direct point lookup on the `AuthVerifier` table. Returns `null` if\n * the verifier has been deleted or never existed.\n *\n * @param args.verifierId - The Convex document ID (`Id<\"AuthVerifier\">`) of the verifier to retrieve.\n * @returns The verifier document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const verifier = await ctx.runQuery(\n * component.identity.verifiers.verifierGetById,\n * { verifierId: storedVerifierId },\n * );\n * if (verifier !== null) {\n * console.log(`Verifier signature: ${verifier.signature}`);\n * }\n * ```\n */\nexport const verifierGetById = query({\n args: { verifierId: v.id(\"AuthVerifier\") },\n returns: v.union(vAuthVerifierDoc, v.null()),\n handler: async (ctx, { verifierId }) => {\n return await ctx.db.get(\"AuthVerifier\", verifierId);\n },\n});\n\n/**\n * Look up a verifier by its cryptographic signature.\n *\n * Queries the `AuthVerifier` table using the `signature` index to find the\n * unique verifier matching the given signature string. This is the primary\n * lookup used during the OAuth callback phase to correlate the incoming\n * authorization response with the original PKCE challenge.\n *\n * @param args.signature - The cryptographic signature string to search for (exact match).\n * @returns The matching verifier document, or `null` if no verifier has the given signature.\n *\n * @example\n * ```ts\n * const verifier = await ctx.runQuery(\n * component.identity.verifiers.verifierGetBySignature,\n * { signature: incomingStateParam },\n * );\n * if (verifier === null) {\n * throw new Error(\"Invalid or expired OAuth state\");\n * }\n * ```\n */\nexport const verifierGetBySignature = query({\n args: { signature: v.string() },\n returns: v.union(vAuthVerifierDoc, v.null()),\n handler: async (ctx, { signature }) => {\n return await ctx.db\n .query(\"AuthVerifier\")\n .withIndex(\"signature\", (q) => q.eq(\"signature\", signature))\n .unique();\n },\n});\n\n/**\n * Patch a verifier document with partial data.\n *\n * Merges the provided fields into the existing verifier document. This is\n * typically used to set the `signature` field after the verifier is initially\n * created, or to associate a `sessionId` with an existing verifier.\n *\n * @param args.verifierId - The document ID of the verifier to update.\n * @param args.data - A partial object containing the fields to merge into the verifier document\n * (e.g. `{ signature: string }` or `{ sessionId: Id<\"Session\"> }`).\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Set the PKCE signature on the verifier\n * await ctx.runMutation(\n * component.identity.verifiers.verifierPatch,\n * {\n * verifierId: verifier._id,\n * data: { signature: generatedSignature },\n * },\n * );\n * ```\n */\nexport const verifierPatch = mutation({\n args: { verifierId: v.id(\"AuthVerifier\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { verifierId, data }) => {\n await ctx.db.patch(\"AuthVerifier\", verifierId, data);\n return null;\n },\n});\n\n/**\n * Delete a verifier document permanently.\n *\n * Removes the verifier from the `AuthVerifier` table. This is typically called\n * after a successful OAuth callback to clean up the consumed PKCE state, or\n * to expire stale verifiers that were never completed.\n *\n * @param args.verifierId - The document ID of the verifier to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Clean up the verifier after a successful OAuth exchange\n * await ctx.runMutation(\n * component.identity.verifiers.verifierDelete,\n * { verifierId: verifier._id },\n * );\n * ```\n */\nexport const verifierDelete = mutation({\n args: { verifierId: v.id(\"AuthVerifier\") },\n returns: v.null(),\n handler: async (ctx, { verifierId }) => {\n await ctx.db.delete(\"AuthVerifier\", verifierId);\n return null;\n },\n});\n\n// ============================================================================\n// Verification Codes\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,MAAa,iBAAiB,SAAS;CACrC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,EAAE;CAChD,SAAS,EAAE,GAAG,eAAe;CAC7B,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,OAAO,gBAAgB,EAAa,WAAkB,CAAC;;CAE9E,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,kBAAkB,MAAM;CACnC,MAAM,EAAE,YAAY,EAAE,GAAG,eAAe,EAAE;CAC1C,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,iBAAiB;AACtC,SAAO,MAAM,IAAI,GAAG,IAAI,gBAAgB,WAAW;;CAEtD,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,yBAAyB,MAAM;CAC1C,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,cAAc,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC3D,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EAAE,YAAY,EAAE,GAAG,eAAe;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,YAAY,WAAW;AAC5C,QAAM,IAAI,GAAG,MAAM,gBAAgB,YAAY,KAAK;AACpD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,iBAAiB,SAAS;CACrC,MAAM,EAAE,YAAY,EAAE,GAAG,eAAe,EAAE;CAC1C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,iBAAiB;AACtC,QAAM,IAAI,GAAG,OAAO,gBAAgB,WAAW;AAC/C,SAAO;;CAEV,CAAC"}
|
|
@@ -1,209 +0,0 @@
|
|
|
1
|
-
declare namespace keys_d_exports {
|
|
2
|
-
export { keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch };
|
|
3
|
-
}
|
|
4
|
-
/**
|
|
5
|
-
* Insert a new API key record into the `ApiKey` table.
|
|
6
|
-
*
|
|
7
|
-
* Creates an API key entry with the given metadata and scopes. The caller
|
|
8
|
-
* is responsible for generating and hashing the raw key before passing it
|
|
9
|
-
* here -- this function only stores the hash, never the plaintext key.
|
|
10
|
-
* The `createdAt` timestamp and `revoked: false` flag are set automatically.
|
|
11
|
-
*
|
|
12
|
-
* @param userId - The `_id` of the `User` who owns this API key.
|
|
13
|
-
* @param prefix - A short, visible prefix for the key (e.g. `"sk_live_"`)
|
|
14
|
-
* that helps users identify which key was used without exposing the secret.
|
|
15
|
-
* @param hashedKey - SHA-256 hash of the full API key string. Used for
|
|
16
|
-
* constant-time lookup during Bearer token verification.
|
|
17
|
-
* @param name - Human-readable name for the key (e.g. `"Production Backend"`).
|
|
18
|
-
* @param scopes - Array of permission scopes, each containing a `resource`
|
|
19
|
-
* name and an array of allowed `actions` (e.g.
|
|
20
|
-
* `[{ resource: "messages", actions: ["read", "write"] }]`).
|
|
21
|
-
* @param rateLimit - Optional rate limit configuration to apply per-key
|
|
22
|
-
* (e.g. max requests per window).
|
|
23
|
-
* @param expiresAt - Optional Unix timestamp (in milliseconds) after which
|
|
24
|
-
* the key is no longer valid. Omit for non-expiring keys.
|
|
25
|
-
* @param metadata - Optional arbitrary metadata to attach to the key record.
|
|
26
|
-
* @returns The `_id` of the newly created `ApiKey` document.
|
|
27
|
-
*
|
|
28
|
-
* @example
|
|
29
|
-
* ```ts
|
|
30
|
-
* const keyId = await ctx.runMutation(
|
|
31
|
-
* components.auth.security.keys.keyInsert,
|
|
32
|
-
* {
|
|
33
|
-
* userId: user._id,
|
|
34
|
-
* prefix: "sk_live_",
|
|
35
|
-
* hashedKey: await sha256(rawKey),
|
|
36
|
-
* name: "Production Backend",
|
|
37
|
-
* scopes: [{ resource: "messages", actions: ["read", "write"] }],
|
|
38
|
-
* expiresAt: Date.now() + 90 * 24 * 60 * 60 * 1000,
|
|
39
|
-
* },
|
|
40
|
-
* );
|
|
41
|
-
* ```
|
|
42
|
-
*/
|
|
43
|
-
declare const keyInsert: any;
|
|
44
|
-
/**
|
|
45
|
-
* Look up an API key by its SHA-256 hash.
|
|
46
|
-
*
|
|
47
|
-
* Queries the `ApiKey` table using the `hashed_key` index. This is the
|
|
48
|
-
* primary lookup path during Bearer token verification: the incoming
|
|
49
|
-
* token is hashed and matched against stored hashes in constant time.
|
|
50
|
-
* Returns the full key record including scopes, rate limit state, and
|
|
51
|
-
* revocation status so the caller can perform authorization checks.
|
|
52
|
-
*
|
|
53
|
-
* @param hashedKey - SHA-256 hash of the API key string extracted from
|
|
54
|
-
* the `Authorization: Bearer <token>` header.
|
|
55
|
-
* @returns The matching `ApiKey` document (including rate limit state),
|
|
56
|
-
* or `null` if no key matches the given hash.
|
|
57
|
-
*
|
|
58
|
-
* @example
|
|
59
|
-
* ```ts
|
|
60
|
-
* const apiKey = await ctx.runQuery(
|
|
61
|
-
* components.auth.security.keys.keyGetByHashedKey,
|
|
62
|
-
* { hashedKey: await sha256(bearerToken) },
|
|
63
|
-
* );
|
|
64
|
-
* if (apiKey === null || apiKey.revoked) {
|
|
65
|
-
* throw new Error("Invalid or revoked API key");
|
|
66
|
-
* }
|
|
67
|
-
* ```
|
|
68
|
-
*/
|
|
69
|
-
declare const keyGetByHashedKey: any;
|
|
70
|
-
/**
|
|
71
|
-
* List API keys with optional filtering, sorting, and cursor-based pagination.
|
|
72
|
-
*
|
|
73
|
-
* Returns a paginated result `{ items, nextCursor }` from the `ApiKey`
|
|
74
|
-
* table. Supports filtering by `userId`, `revoked` status, `name`, and
|
|
75
|
-
* `prefix`. The page size is clamped between 1 and 100 (default 50).
|
|
76
|
-
* Pass the returned `nextCursor` as `cursor` in a subsequent call to
|
|
77
|
-
* fetch the next page.
|
|
78
|
-
*
|
|
79
|
-
* @param where - Optional filter object. All specified fields are
|
|
80
|
-
* combined with AND logic:
|
|
81
|
-
* - `userId` -- restrict to keys owned by this user.
|
|
82
|
-
* - `revoked` -- `true` for revoked keys, `false` for active keys.
|
|
83
|
-
* - `name` -- exact match on the key's human-readable name.
|
|
84
|
-
* - `prefix` -- exact match on the key prefix string.
|
|
85
|
-
* @param limit - Maximum number of items to return per page (1--100,
|
|
86
|
-
* default `50`).
|
|
87
|
-
* @param cursor - Opaque cursor string (an `ApiKey` document `_id`)
|
|
88
|
-
* returned from a previous call. Pass `null` or omit for the first page.
|
|
89
|
-
* @param orderBy - Field to sort by. One of `"_creationTime"`, `"name"`,
|
|
90
|
-
* `"lastUsedAt"`, `"expiresAt"`, or `"revoked"`. Defaults to
|
|
91
|
-
* `"_creationTime"`.
|
|
92
|
-
* @param order - Sort direction, `"asc"` or `"desc"` (default `"desc"`).
|
|
93
|
-
* @returns An object with `items` (array of `ApiKey` documents) and
|
|
94
|
-
* `nextCursor` (string ID of the last item, or `null` if no more pages).
|
|
95
|
-
*
|
|
96
|
-
* @example
|
|
97
|
-
* ```ts
|
|
98
|
-
* // Fetch the first page of active keys for a user
|
|
99
|
-
* const page = await ctx.runQuery(
|
|
100
|
-
* components.auth.security.keys.keyList,
|
|
101
|
-
* {
|
|
102
|
-
* where: { userId: user._id, revoked: false },
|
|
103
|
-
* limit: 20,
|
|
104
|
-
* order: "desc",
|
|
105
|
-
* },
|
|
106
|
-
* );
|
|
107
|
-
* // Fetch the next page
|
|
108
|
-
* if (page.nextCursor) {
|
|
109
|
-
* const page2 = await ctx.runQuery(
|
|
110
|
-
* components.auth.security.keys.keyList,
|
|
111
|
-
* { where: { userId: user._id, revoked: false }, cursor: page.nextCursor },
|
|
112
|
-
* );
|
|
113
|
-
* }
|
|
114
|
-
* ```
|
|
115
|
-
*/
|
|
116
|
-
declare const keyList: any;
|
|
117
|
-
/**
|
|
118
|
-
* Get a single API key by its document ID.
|
|
119
|
-
*
|
|
120
|
-
* Performs a direct document lookup on the `ApiKey` table. Useful when
|
|
121
|
-
* you already have the key's `_id` (e.g. from a list query or a stored
|
|
122
|
-
* reference) and need to retrieve its full details.
|
|
123
|
-
*
|
|
124
|
-
* @param keyId - The `_id` of the `ApiKey` document to retrieve.
|
|
125
|
-
* @returns The `ApiKey` document, or `null` if no key exists with the
|
|
126
|
-
* given ID.
|
|
127
|
-
*
|
|
128
|
-
* @example
|
|
129
|
-
* ```ts
|
|
130
|
-
* const apiKey = await ctx.runQuery(
|
|
131
|
-
* components.auth.security.keys.keyGetById,
|
|
132
|
-
* { keyId: storedKeyId },
|
|
133
|
-
* );
|
|
134
|
-
* if (apiKey !== null) {
|
|
135
|
-
* console.log(apiKey.name, apiKey.scopes);
|
|
136
|
-
* }
|
|
137
|
-
* ```
|
|
138
|
-
*/
|
|
139
|
-
declare const keyGetById: any;
|
|
140
|
-
/**
|
|
141
|
-
* Patch an API key record with partial updates.
|
|
142
|
-
*
|
|
143
|
-
* Performs a partial update on the `ApiKey` document. Supports modifying
|
|
144
|
-
* the key's name, scopes, rate limit configuration, rate limit state,
|
|
145
|
-
* revocation flag, and last-used timestamp. Throws a `ConvexError` with
|
|
146
|
-
* code `"KEY_NOT_FOUND"` if the key does not exist.
|
|
147
|
-
*
|
|
148
|
-
* @param keyId - The `_id` of the `ApiKey` document to update.
|
|
149
|
-
* @param data - An object containing the fields to patch. All fields are
|
|
150
|
-
* optional:
|
|
151
|
-
* - `name` -- Updated human-readable name.
|
|
152
|
-
* - `scopes` -- Replacement array of permission scopes.
|
|
153
|
-
* - `rateLimit` -- Updated rate limit configuration.
|
|
154
|
-
* - `rateLimitState` -- Updated rate limit tracking state (token
|
|
155
|
-
* count, last refill time).
|
|
156
|
-
* - `revoked` -- Set to `true` to revoke the key, `false` to
|
|
157
|
-
* reinstate it.
|
|
158
|
-
* - `lastUsedAt` -- Unix timestamp (in milliseconds) of the most
|
|
159
|
-
* recent API call using this key.
|
|
160
|
-
* @returns `null` on success.
|
|
161
|
-
*
|
|
162
|
-
* @example
|
|
163
|
-
* ```ts
|
|
164
|
-
* // Revoke an API key
|
|
165
|
-
* await ctx.runMutation(
|
|
166
|
-
* components.auth.security.keys.keyPatch,
|
|
167
|
-
* {
|
|
168
|
-
* keyId: apiKey._id,
|
|
169
|
-
* data: { revoked: true },
|
|
170
|
-
* },
|
|
171
|
-
* );
|
|
172
|
-
*
|
|
173
|
-
* // Rename and update scopes
|
|
174
|
-
* await ctx.runMutation(
|
|
175
|
-
* components.auth.security.keys.keyPatch,
|
|
176
|
-
* {
|
|
177
|
-
* keyId: apiKey._id,
|
|
178
|
-
* data: {
|
|
179
|
-
* name: "Read-Only Key",
|
|
180
|
-
* scopes: [{ resource: "messages", actions: ["read"] }],
|
|
181
|
-
* },
|
|
182
|
-
* },
|
|
183
|
-
* );
|
|
184
|
-
* ```
|
|
185
|
-
*/
|
|
186
|
-
declare const keyPatch: any;
|
|
187
|
-
/**
|
|
188
|
-
* Hard-delete an API key record from the `ApiKey` table.
|
|
189
|
-
*
|
|
190
|
-
* Permanently removes the API key document. Unlike revocation (which
|
|
191
|
-
* keeps the record for audit purposes), this is an irreversible
|
|
192
|
-
* deletion. Throws a `ConvexError` with code `"KEY_NOT_FOUND"` if the
|
|
193
|
-
* key does not exist.
|
|
194
|
-
*
|
|
195
|
-
* @param keyId - The `_id` of the `ApiKey` document to delete.
|
|
196
|
-
* @returns `null` on success.
|
|
197
|
-
*
|
|
198
|
-
* @example
|
|
199
|
-
* ```ts
|
|
200
|
-
* await ctx.runMutation(
|
|
201
|
-
* components.auth.security.keys.keyDelete,
|
|
202
|
-
* { keyId: apiKey._id },
|
|
203
|
-
* );
|
|
204
|
-
* ```
|
|
205
|
-
*/
|
|
206
|
-
declare const keyDelete: any;
|
|
207
|
-
//#endregion
|
|
208
|
-
export { keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch, keys_d_exports };
|
|
209
|
-
//# sourceMappingURL=keys.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"keys.d.ts","names":[],"sources":["../../../../src/component/public/security/keys.ts"],"mappings":";;;;;;;;;;;;;;AAsDA;;;;;AAmDA;;;;;AAyDA;;;;;AAwFA;;;;;AAsDA;;;;;AA8CA;;;cAxSa,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAmDA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAyDA,OAAA;;;;;;;;;;;;;;;;;;;;;;;cAwFA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAsDA,QAAA;;;;;;;;;;;;;;;;;;;;cA8CA,SAAA"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"keys.js","names":[],"sources":["../../../../src/component/public/security/keys.ts"],"sourcesContent":["import { ConvexError, v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport {\n vApiKeyDoc,\n vApiKeyRateLimit,\n vApiKeyRateLimitState,\n vApiKeyScope,\n vPaginated,\n} from \"../../model\";\n\n// ============================================================================\n// API Keys\n// ============================================================================\n\n/**\n * Insert a new API key record into the `ApiKey` table.\n *\n * Creates an API key entry with the given metadata and scopes. The caller\n * is responsible for generating and hashing the raw key before passing it\n * here -- this function only stores the hash, never the plaintext key.\n * The `createdAt` timestamp and `revoked: false` flag are set automatically.\n *\n * @param userId - The `_id` of the `User` who owns this API key.\n * @param prefix - A short, visible prefix for the key (e.g. `\"sk_live_\"`)\n * that helps users identify which key was used without exposing the secret.\n * @param hashedKey - SHA-256 hash of the full API key string. Used for\n * constant-time lookup during Bearer token verification.\n * @param name - Human-readable name for the key (e.g. `\"Production Backend\"`).\n * @param scopes - Array of permission scopes, each containing a `resource`\n * name and an array of allowed `actions` (e.g.\n * `[{ resource: \"messages\", actions: [\"read\", \"write\"] }]`).\n * @param rateLimit - Optional rate limit configuration to apply per-key\n * (e.g. max requests per window).\n * @param expiresAt - Optional Unix timestamp (in milliseconds) after which\n * the key is no longer valid. Omit for non-expiring keys.\n * @param metadata - Optional arbitrary metadata to attach to the key record.\n * @returns The `_id` of the newly created `ApiKey` document.\n *\n * @example\n * ```ts\n * const keyId = await ctx.runMutation(\n * components.auth.security.keys.keyInsert,\n * {\n * userId: user._id,\n * prefix: \"sk_live_\",\n * hashedKey: await sha256(rawKey),\n * name: \"Production Backend\",\n * scopes: [{ resource: \"messages\", actions: [\"read\", \"write\"] }],\n * expiresAt: Date.now() + 90 * 24 * 60 * 60 * 1000,\n * },\n * );\n * ```\n */\nexport const keyInsert = mutation({\n args: {\n userId: v.id(\"User\"),\n prefix: v.string(),\n hashedKey: v.string(),\n name: v.string(),\n scopes: v.array(\n v.object({\n resource: v.string(),\n actions: v.array(v.string()),\n }),\n ),\n rateLimit: v.optional(vApiKeyRateLimit),\n expiresAt: v.optional(v.number()),\n metadata: v.optional(v.any()),\n },\n returns: v.id(\"ApiKey\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"ApiKey\", {\n ...args,\n createdAt: Date.now(),\n revoked: false,\n });\n },\n});\n\n/**\n * Look up an API key by its SHA-256 hash.\n *\n * Queries the `ApiKey` table using the `hashed_key` index. This is the\n * primary lookup path during Bearer token verification: the incoming\n * token is hashed and matched against stored hashes in constant time.\n * Returns the full key record including scopes, rate limit state, and\n * revocation status so the caller can perform authorization checks.\n *\n * @param hashedKey - SHA-256 hash of the API key string extracted from\n * the `Authorization: Bearer <token>` header.\n * @returns The matching `ApiKey` document (including rate limit state),\n * or `null` if no key matches the given hash.\n *\n * @example\n * ```ts\n * const apiKey = await ctx.runQuery(\n * components.auth.security.keys.keyGetByHashedKey,\n * { hashedKey: await sha256(bearerToken) },\n * );\n * if (apiKey === null || apiKey.revoked) {\n * throw new Error(\"Invalid or revoked API key\");\n * }\n * ```\n */\nexport const keyGetByHashedKey = query({\n args: { hashedKey: v.string() },\n returns: v.union(vApiKeyDoc, v.null()),\n handler: async (ctx, { hashedKey }) => {\n return await ctx.db\n .query(\"ApiKey\")\n .withIndex(\"hashed_key\", (q) => q.eq(\"hashedKey\", hashedKey))\n .first();\n },\n});\n\n/**\n * List API keys with optional filtering, sorting, and cursor-based pagination.\n *\n * Returns a paginated result `{ items, nextCursor }` from the `ApiKey`\n * table. Supports filtering by `userId`, `revoked` status, `name`, and\n * `prefix`. The page size is clamped between 1 and 100 (default 50).\n * Pass the returned `nextCursor` as `cursor` in a subsequent call to\n * fetch the next page.\n *\n * @param where - Optional filter object. All specified fields are\n * combined with AND logic:\n * - `userId` -- restrict to keys owned by this user.\n * - `revoked` -- `true` for revoked keys, `false` for active keys.\n * - `name` -- exact match on the key's human-readable name.\n * - `prefix` -- exact match on the key prefix string.\n * @param limit - Maximum number of items to return per page (1--100,\n * default `50`).\n * @param cursor - Opaque cursor string (an `ApiKey` document `_id`)\n * returned from a previous call. Pass `null` or omit for the first page.\n * @param orderBy - Field to sort by. One of `\"_creationTime\"`, `\"name\"`,\n * `\"lastUsedAt\"`, `\"expiresAt\"`, or `\"revoked\"`. Defaults to\n * `\"_creationTime\"`.\n * @param order - Sort direction, `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of `ApiKey` documents) and\n * `nextCursor` (string ID of the last item, or `null` if no more pages).\n *\n * @example\n * ```ts\n * // Fetch the first page of active keys for a user\n * const page = await ctx.runQuery(\n * components.auth.security.keys.keyList,\n * {\n * where: { userId: user._id, revoked: false },\n * limit: 20,\n * order: \"desc\",\n * },\n * );\n * // Fetch the next page\n * if (page.nextCursor) {\n * const page2 = await ctx.runQuery(\n * components.auth.security.keys.keyList,\n * { where: { userId: user._id, revoked: false }, cursor: page.nextCursor },\n * );\n * }\n * ```\n */\nexport const keyList = query({\n args: {\n where: v.optional(\n v.object({\n userId: v.optional(v.id(\"User\")),\n revoked: v.optional(v.boolean()),\n name: v.optional(v.string()),\n prefix: v.optional(v.string()),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(\n v.union(\n v.literal(\"_creationTime\"),\n v.literal(\"name\"),\n v.literal(\"lastUsedAt\"),\n v.literal(\"expiresAt\"),\n v.literal(\"revoked\"),\n ),\n ),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vApiKeyDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n let q;\n if (where.userId !== undefined) {\n q = ctx.db\n .query(\"ApiKey\")\n .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n } else {\n q = ctx.db.query(\"ApiKey\");\n }\n\n if (where.revoked !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"revoked\"), where.revoked!));\n }\n if (where.name !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n }\n if (where.prefix !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"prefix\"), where.prefix!));\n }\n\n q = q.order(order);\n\n const all = await q.collect();\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Get a single API key by its document ID.\n *\n * Performs a direct document lookup on the `ApiKey` table. Useful when\n * you already have the key's `_id` (e.g. from a list query or a stored\n * reference) and need to retrieve its full details.\n *\n * @param keyId - The `_id` of the `ApiKey` document to retrieve.\n * @returns The `ApiKey` document, or `null` if no key exists with the\n * given ID.\n *\n * @example\n * ```ts\n * const apiKey = await ctx.runQuery(\n * components.auth.security.keys.keyGetById,\n * { keyId: storedKeyId },\n * );\n * if (apiKey !== null) {\n * console.log(apiKey.name, apiKey.scopes);\n * }\n * ```\n */\nexport const keyGetById = query({\n args: { keyId: v.id(\"ApiKey\") },\n returns: v.union(vApiKeyDoc, v.null()),\n handler: async (ctx, { keyId }) => {\n return await ctx.db.get(\"ApiKey\", keyId);\n },\n});\n\n/**\n * Patch an API key record with partial updates.\n *\n * Performs a partial update on the `ApiKey` document. Supports modifying\n * the key's name, scopes, rate limit configuration, rate limit state,\n * revocation flag, and last-used timestamp. Throws a `ConvexError` with\n * code `\"KEY_NOT_FOUND\"` if the key does not exist.\n *\n * @param keyId - The `_id` of the `ApiKey` document to update.\n * @param data - An object containing the fields to patch. All fields are\n * optional:\n * - `name` -- Updated human-readable name.\n * - `scopes` -- Replacement array of permission scopes.\n * - `rateLimit` -- Updated rate limit configuration.\n * - `rateLimitState` -- Updated rate limit tracking state (token\n * count, last refill time).\n * - `revoked` -- Set to `true` to revoke the key, `false` to\n * reinstate it.\n * - `lastUsedAt` -- Unix timestamp (in milliseconds) of the most\n * recent API call using this key.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Revoke an API key\n * await ctx.runMutation(\n * components.auth.security.keys.keyPatch,\n * {\n * keyId: apiKey._id,\n * data: { revoked: true },\n * },\n * );\n *\n * // Rename and update scopes\n * await ctx.runMutation(\n * components.auth.security.keys.keyPatch,\n * {\n * keyId: apiKey._id,\n * data: {\n * name: \"Read-Only Key\",\n * scopes: [{ resource: \"messages\", actions: [\"read\"] }],\n * },\n * },\n * );\n * ```\n */\nexport const keyPatch = mutation({\n args: {\n keyId: v.id(\"ApiKey\"),\n data: v.object({\n name: v.optional(v.string()),\n scopes: v.optional(v.array(vApiKeyScope)),\n rateLimit: v.optional(vApiKeyRateLimit),\n rateLimitState: v.optional(vApiKeyRateLimitState),\n revoked: v.optional(v.boolean()),\n lastUsedAt: v.optional(v.number()),\n }),\n },\n returns: v.null(),\n handler: async (ctx, { keyId, data }) => {\n const key = await ctx.db.get(\"ApiKey\", keyId);\n if (key === null) {\n throw new ConvexError({\n code: \"KEY_NOT_FOUND\",\n message: \"API key not found\",\n keyId,\n });\n }\n await ctx.db.patch(\"ApiKey\", keyId, data);\n return null;\n },\n});\n\n/**\n * Hard-delete an API key record from the `ApiKey` table.\n *\n * Permanently removes the API key document. Unlike revocation (which\n * keeps the record for audit purposes), this is an irreversible\n * deletion. Throws a `ConvexError` with code `\"KEY_NOT_FOUND\"` if the\n * key does not exist.\n *\n * @param keyId - The `_id` of the `ApiKey` document to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * components.auth.security.keys.keyDelete,\n * { keyId: apiKey._id },\n * );\n * ```\n */\nexport const keyDelete = mutation({\n args: { keyId: v.id(\"ApiKey\") },\n returns: v.null(),\n handler: async (ctx, { keyId }) => {\n const key = await ctx.db.get(\"ApiKey\", keyId);\n if (key === null) {\n throw new ConvexError({\n code: \"KEY_NOT_FOUND\",\n message: \"API key not found\",\n keyId,\n });\n }\n await ctx.db.delete(\"ApiKey\", keyId);\n return null;\n },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsDA,MAAa,YAAY,SAAS;CAChC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,QAAQ,EAAE,QAAQ;EAClB,WAAW,EAAE,QAAQ;EACrB,MAAM,EAAE,QAAQ;EAChB,QAAQ,EAAE,MACR,EAAE,OAAO;GACP,UAAU,EAAE,QAAQ;GACpB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;GAC7B,CAAC,CACH;EACD,WAAW,EAAE,SAAS,iBAAiB;EACvC,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;EAC9B;CACD,SAAS,EAAE,GAAG,SAAS;CACvB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,UAAU;GACnC,GAAG;GACH,WAAW,KAAK,KAAK;GACrB,SAAS;GACV,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,YAAY,EAAE,MAAM,CAAC;CACtC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,SAAS,CACf,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC5D,OAAO;;CAEb,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDF,MAAa,UAAU,MAAM;CAC3B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GAChC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;GAChC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC/B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,aAAa,EACvB,EAAE,QAAQ,YAAY,EACtB,EAAE,QAAQ,UAAU,CACrB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,WAAW;CAC/B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,WAAW,OACnB,KAAI,IAAI,GACL,MAAM,SAAS,CACf,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,SAAS;AAG5B,MAAI,MAAM,YAAY,OACpB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,UAAU,EAAE,MAAM,QAAS,CAAC;AAE/D,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAEzD,MAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;AAG7D,MAAI,EAAE,MAAM,MAAM;EAElB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,aAAa,MAAM;CAC9B,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,EAAE;CAC/B,SAAS,EAAE,MAAM,YAAY,EAAE,MAAM,CAAC;CACtC,SAAS,OAAO,KAAK,EAAE,YAAY;AACjC,SAAO,MAAM,IAAI,GAAG,IAAI,UAAU,MAAM;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDF,MAAa,WAAW,SAAS;CAC/B,MAAM;EACJ,OAAO,EAAE,GAAG,SAAS;EACrB,MAAM,EAAE,OAAO;GACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;GACzC,WAAW,EAAE,SAAS,iBAAiB;GACvC,gBAAgB,EAAE,SAAS,sBAAsB;GACjD,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;GAChC,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;GACnC,CAAC;EACH;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,OAAO,WAAW;AAEvC,MADY,MAAM,IAAI,GAAG,IAAI,UAAU,MAAM,KACjC,KACV,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,QAAM,IAAI,GAAG,MAAM,UAAU,OAAO,KAAK;AACzC,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,YAAY,SAAS;CAChC,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,EAAE;CAC/B,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,YAAY;AAEjC,MADY,MAAM,IAAI,GAAG,IAAI,UAAU,MAAM,KACjC,KACV,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,QAAM,IAAI,GAAG,OAAO,UAAU,MAAM;AACpC,SAAO;;CAEV,CAAC"}
|