@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1,212 +0,0 @@
1
- declare namespace users_d_exports {
2
- export { userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert };
3
- }
4
- /**
5
- * List users with optional filtering, sorting, and cursor-based pagination.
6
- *
7
- * Supports filtering by `email`, `phone`, `isAnonymous`, and `name`. When an
8
- * `email` or `phone` filter is provided, the corresponding database index is
9
- * used for efficient lookup; other filters are applied in-memory. Results are
10
- * returned as a paginated response `{ items, nextCursor }` -- pass `nextCursor`
11
- * back as `cursor` to fetch the next page, or receive `null` when all results
12
- * have been exhausted.
13
- *
14
- * @param args.where - Optional filter object. Fields: `email` (exact match),
15
- * `phone` (exact match), `isAnonymous` (boolean), `name` (exact match).
16
- * @param args.limit - Maximum number of users to return per page (1--100, default 50).
17
- * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`
18
- * to continue pagination, or `null` / omitted to start from the beginning.
19
- * @param args.orderBy - The field to sort results by. One of `"_creationTime"`,
20
- * `"name"`, `"email"`, or `"phone"`. Defaults to `"_creationTime"`.
21
- * @param args.order - Sort direction: `"asc"` or `"desc"` (default `"desc"`).
22
- * @returns An object with `items` (array of user documents) and `nextCursor`
23
- * (`string | null`) for fetching subsequent pages.
24
- *
25
- * @example
26
- * ```ts
27
- * // Fetch the first page of non-anonymous users
28
- * const page1 = await ctx.runQuery(
29
- * component.identity.users.userList,
30
- * { where: { isAnonymous: false }, limit: 20 },
31
- * );
32
- * console.log(page1.items);
33
- *
34
- * // Fetch the next page
35
- * if (page1.nextCursor !== null) {
36
- * const page2 = await ctx.runQuery(
37
- * component.identity.users.userList,
38
- * { where: { isAnonymous: false }, limit: 20, cursor: page1.nextCursor },
39
- * );
40
- * }
41
- * ```
42
- */
43
- declare const userList: any;
44
- /**
45
- * Retrieve a single user by their Convex document ID.
46
- *
47
- * Performs a direct point lookup on the `User` table. Returns `null` if the
48
- * user has been deleted or never existed.
49
- *
50
- * @param args.userId - The Convex document ID (`Id<"User">`) of the user to retrieve.
51
- * @returns The user document if it exists, or `null` otherwise.
52
- *
53
- * @example
54
- * ```ts
55
- * const user = await ctx.runQuery(
56
- * component.identity.users.userGetById,
57
- * { userId: session.userId },
58
- * );
59
- * if (user !== null) {
60
- * console.log(`Name: ${user.name}, Email: ${user.email}`);
61
- * }
62
- * ```
63
- */
64
- declare const userGetById: any;
65
- /**
66
- * Find a user by their verified email address.
67
- *
68
- * Queries the `User` table using the `email_verified` index to locate users
69
- * whose `email` matches and whose `emailVerificationTime` is set. If exactly
70
- * one user is found, that document is returned. Returns `null` if no user has
71
- * this email verified or if multiple users share the same verified email
72
- * (an ambiguous state that should not occur in normal operation).
73
- *
74
- * @param args.email - The verified email address to search for (case-sensitive, exact match).
75
- * @returns The matching user document if exactly one verified user is found, or `null` otherwise.
76
- *
77
- * @example
78
- * ```ts
79
- * const user = await ctx.runQuery(
80
- * component.identity.users.userFindByVerifiedEmail,
81
- * { email: "alice@example.com" },
82
- * );
83
- * if (user !== null) {
84
- * console.log(`Found verified user: ${user._id}`);
85
- * }
86
- * ```
87
- */
88
- declare const userFindByVerifiedEmail: any;
89
- /**
90
- * Find a user by their verified phone number.
91
- *
92
- * Queries the `User` table using the `phone_verified` index to locate users
93
- * whose `phone` matches and whose `phoneVerificationTime` is set. If exactly
94
- * one user is found, that document is returned. Returns `null` if no user has
95
- * this phone verified or if multiple users share the same verified phone
96
- * (an ambiguous state that should not occur in normal operation).
97
- *
98
- * @param args.phone - The verified phone number to search for (exact match, e.g. `"+15551234567"`).
99
- * @returns The matching user document if exactly one verified user is found, or `null` otherwise.
100
- *
101
- * @example
102
- * ```ts
103
- * const user = await ctx.runQuery(
104
- * component.identity.users.userFindByVerifiedPhone,
105
- * { phone: "+15551234567" },
106
- * );
107
- * if (user !== null) {
108
- * console.log(`Found verified user: ${user._id}`);
109
- * }
110
- * ```
111
- */
112
- declare const userFindByVerifiedPhone: any;
113
- /**
114
- * Insert a new user document into the `User` table.
115
- *
116
- * Creates a brand-new user record. The `data` argument should conform to the
117
- * User table schema (e.g. `name`, `email`, `phone`, `isAnonymous`, `image`,
118
- * `extend`), but is typed as `any` to allow flexible extension.
119
- *
120
- * @param args.data - The user document fields to insert. Typically includes `name`,
121
- * `email`, `isAnonymous`, and any custom fields under `extend`.
122
- * @returns The document ID of the newly created user.
123
- *
124
- * @example
125
- * ```ts
126
- * const userId = await ctx.runMutation(
127
- * component.identity.users.userInsert,
128
- * {
129
- * data: {
130
- * name: "Alice",
131
- * email: "alice@example.com",
132
- * isAnonymous: false,
133
- * },
134
- * },
135
- * );
136
- * ```
137
- */
138
- declare const userInsert: any;
139
- /**
140
- * Insert a new user or update an existing one (upsert).
141
- *
142
- * When `userId` is provided and refers to an existing user, the document is
143
- * patched with the supplied `data` and the same `userId` is returned. When
144
- * `userId` is omitted or `undefined`, a new user document is inserted and its
145
- * generated ID is returned. This is the primary mechanism used during sign-in
146
- * flows to either create or refresh user profile data.
147
- *
148
- * @param args.userId - The document ID of an existing user to update. If `undefined`,
149
- * a new user is created instead.
150
- * @param args.data - The user document fields to insert or merge. Accepts the same
151
- * shape as the User table schema.
152
- * @returns The document ID of the created or updated user.
153
- *
154
- * @example
155
- * ```ts
156
- * // Create a new user if none exists, or update the existing one
157
- * const userId = await ctx.runMutation(
158
- * component.identity.users.userUpsert,
159
- * {
160
- * userId: existingUserId ?? undefined,
161
- * data: { name: "Alice", email: "alice@example.com" },
162
- * },
163
- * );
164
- * ```
165
- */
166
- declare const userUpsert: any;
167
- /**
168
- * Patch an existing user document with partial data.
169
- *
170
- * Merges the provided fields into the existing user document. Fields not
171
- * included in `data` are left unchanged. Useful for updating profile
172
- * information such as `name`, `email`, or custom `extend` fields without
173
- * overwriting the entire document.
174
- *
175
- * @param args.userId - The document ID of the user to update.
176
- * @param args.data - A partial object containing the fields to merge into the user document.
177
- * @returns `null` on success.
178
- *
179
- * @example
180
- * ```ts
181
- * await ctx.runMutation(
182
- * component.identity.users.userPatch,
183
- * {
184
- * userId: user._id,
185
- * data: { name: "Alice Smith", image: "https://example.com/avatar.png" },
186
- * },
187
- * );
188
- * ```
189
- */
190
- declare const userPatch: any;
191
- /**
192
- * Delete a user document by ID.
193
- *
194
- * Removes the user from the `User` table. This is a no-op if the user does not
195
- * exist (i.e. was already deleted). Callers should ensure that related resources
196
- * such as accounts, sessions, and refresh tokens are cleaned up separately.
197
- *
198
- * @param args.userId - The document ID of the user to delete.
199
- * @returns `null` on success (including when the user was already absent).
200
- *
201
- * @example
202
- * ```ts
203
- * await ctx.runMutation(
204
- * component.identity.users.userDelete,
205
- * { userId: user._id },
206
- * );
207
- * ```
208
- */
209
- declare const userDelete: any;
210
- //#endregion
211
- export { userDelete, userFindByVerifiedEmail, userFindByVerifiedPhone, userGetById, userInsert, userList, userPatch, userUpsert, users_d_exports };
212
- //# sourceMappingURL=users.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"users.d.ts","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"mappings":";;;;;;;;;;;;;;;;AA4CA;;;;;AA6FA;;;;;AA+BA;;;;;AAqCA;;;;;AAuCA;;;;;AAmCA;cA3Oa,QAAA;;;;AA8Qb;;;;;AA2BA;;;;;;;;;;;;cA5Ma,WAAA;;;;;;;;;;;;;;;;;;;;;;;;cA+BA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;cAqCA,uBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAuCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,SAAA;;;;;;;;;;;;;;;;;;;cA2BA,UAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"users.js","names":[],"sources":["../../../../src/component/public/identity/users.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vPaginated, vUserDoc } from \"../../model\";\n\n/**\n * List users with optional filtering, sorting, and cursor-based pagination.\n *\n * Supports filtering by `email`, `phone`, `isAnonymous`, and `name`. When an\n * `email` or `phone` filter is provided, the corresponding database index is\n * used for efficient lookup; other filters are applied in-memory. Results are\n * returned as a paginated response `{ items, nextCursor }` -- pass `nextCursor`\n * back as `cursor` to fetch the next page, or receive `null` when all results\n * have been exhausted.\n *\n * @param args.where - Optional filter object. Fields: `email` (exact match),\n * `phone` (exact match), `isAnonymous` (boolean), `name` (exact match).\n * @param args.limit - Maximum number of users to return per page (1--100, default 50).\n * @param args.cursor - An opaque cursor string from a previous response's `nextCursor`\n * to continue pagination, or `null` / omitted to start from the beginning.\n * @param args.orderBy - The field to sort results by. One of `\"_creationTime\"`,\n * `\"name\"`, `\"email\"`, or `\"phone\"`. Defaults to `\"_creationTime\"`.\n * @param args.order - Sort direction: `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of user documents) and `nextCursor`\n * (`string | null`) for fetching subsequent pages.\n *\n * @example\n * ```ts\n * // Fetch the first page of non-anonymous users\n * const page1 = await ctx.runQuery(\n * component.identity.users.userList,\n * { where: { isAnonymous: false }, limit: 20 },\n * );\n * console.log(page1.items);\n *\n * // Fetch the next page\n * if (page1.nextCursor !== null) {\n * const page2 = await ctx.runQuery(\n * component.identity.users.userList,\n * { where: { isAnonymous: false }, limit: 20, cursor: page1.nextCursor },\n * );\n * }\n * ```\n */\nexport const userList = query({\n args: {\n where: v.optional(\n v.object({\n email: v.optional(v.string()),\n phone: v.optional(v.string()),\n isAnonymous: v.optional(v.boolean()),\n name: v.optional(v.string()),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(\n v.union(\n v.literal(\"_creationTime\"),\n v.literal(\"name\"),\n v.literal(\"email\"),\n v.literal(\"phone\"),\n ),\n ),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vUserDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n // Pick index based on where fields\n let q;\n if (where.email !== undefined) {\n q = ctx.db\n .query(\"User\")\n .withIndex(\"email\", (idx) => idx.eq(\"email\", where.email!));\n } else if (where.phone !== undefined) {\n q = ctx.db\n .query(\"User\")\n .withIndex(\"phone\", (idx) => idx.eq(\"phone\", where.phone!));\n } else {\n q = ctx.db.query(\"User\");\n }\n\n // Apply remaining filters\n if (where.isAnonymous !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"isAnonymous\"), where.isAnonymous!));\n }\n if (where.name !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n }\n // email/phone filters when not used as index\n if (where.email !== undefined && where.phone !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"phone\"), where.phone!));\n }\n\n q = q.order(order);\n\n // Cursor-based pagination: skip past the cursor ID\n const all = await q.collect();\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Retrieve a single user by their Convex document ID.\n *\n * Performs a direct point lookup on the `User` table. Returns `null` if the\n * user has been deleted or never existed.\n *\n * @param args.userId - The Convex document ID (`Id<\"User\">`) of the user to retrieve.\n * @returns The user document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n * component.identity.users.userGetById,\n * { userId: session.userId },\n * );\n * if (user !== null) {\n * console.log(`Name: ${user.name}, Email: ${user.email}`);\n * }\n * ```\n */\nexport const userGetById = query({\n args: { userId: v.id(\"User\") },\n returns: v.union(vUserDoc, v.null()),\n handler: async (ctx, { userId }) => {\n return await ctx.db.get(\"User\", userId);\n },\n});\n\n/**\n * Find a user by their verified email address.\n *\n * Queries the `User` table using the `email_verified` index to locate users\n * whose `email` matches and whose `emailVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this email verified or if multiple users share the same verified email\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.email - The verified email address to search for (case-sensitive, exact match).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n * component.identity.users.userFindByVerifiedEmail,\n * { email: \"alice@example.com\" },\n * );\n * if (user !== null) {\n * console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedEmail = query({\n args: { email: v.string() },\n returns: v.union(vUserDoc, v.null()),\n handler: async (ctx, { email }) => {\n const users = await ctx.db\n .query(\"User\")\n .withIndex(\"email_verified\", (q) =>\n q.eq(\"email\", email).gt(\"emailVerificationTime\", undefined),\n )\n .take(2);\n return users.length === 1 ? users[0] : null;\n },\n});\n\n/**\n * Find a user by their verified phone number.\n *\n * Queries the `User` table using the `phone_verified` index to locate users\n * whose `phone` matches and whose `phoneVerificationTime` is set. If exactly\n * one user is found, that document is returned. Returns `null` if no user has\n * this phone verified or if multiple users share the same verified phone\n * (an ambiguous state that should not occur in normal operation).\n *\n * @param args.phone - The verified phone number to search for (exact match, e.g. `\"+15551234567\"`).\n * @returns The matching user document if exactly one verified user is found, or `null` otherwise.\n *\n * @example\n * ```ts\n * const user = await ctx.runQuery(\n * component.identity.users.userFindByVerifiedPhone,\n * { phone: \"+15551234567\" },\n * );\n * if (user !== null) {\n * console.log(`Found verified user: ${user._id}`);\n * }\n * ```\n */\nexport const userFindByVerifiedPhone = query({\n args: { phone: v.string() },\n returns: v.union(vUserDoc, v.null()),\n handler: async (ctx, { phone }) => {\n const users = await ctx.db\n .query(\"User\")\n .withIndex(\"phone_verified\", (q) =>\n q.eq(\"phone\", phone).gt(\"phoneVerificationTime\", undefined),\n )\n .take(2);\n return users.length === 1 ? users[0] : null;\n },\n});\n\n/**\n * Insert a new user document into the `User` table.\n *\n * Creates a brand-new user record. The `data` argument should conform to the\n * User table schema (e.g. `name`, `email`, `phone`, `isAnonymous`, `image`,\n * `extend`), but is typed as `any` to allow flexible extension.\n *\n * @param args.data - The user document fields to insert. Typically includes `name`,\n * `email`, `isAnonymous`, and any custom fields under `extend`.\n * @returns The document ID of the newly created user.\n *\n * @example\n * ```ts\n * const userId = await ctx.runMutation(\n * component.identity.users.userInsert,\n * {\n * data: {\n * name: \"Alice\",\n * email: \"alice@example.com\",\n * isAnonymous: false,\n * },\n * },\n * );\n * ```\n */\nexport const userInsert = mutation({\n args: { data: v.any() },\n returns: v.id(\"User\"),\n handler: async (ctx, { data }) => {\n return await ctx.db.insert(\"User\", data);\n },\n});\n\n/**\n * Insert a new user or update an existing one (upsert).\n *\n * When `userId` is provided and refers to an existing user, the document is\n * patched with the supplied `data` and the same `userId` is returned. When\n * `userId` is omitted or `undefined`, a new user document is inserted and its\n * generated ID is returned. This is the primary mechanism used during sign-in\n * flows to either create or refresh user profile data.\n *\n * @param args.userId - The document ID of an existing user to update. If `undefined`,\n * a new user is created instead.\n * @param args.data - The user document fields to insert or merge. Accepts the same\n * shape as the User table schema.\n * @returns The document ID of the created or updated user.\n *\n * @example\n * ```ts\n * // Create a new user if none exists, or update the existing one\n * const userId = await ctx.runMutation(\n * component.identity.users.userUpsert,\n * {\n * userId: existingUserId ?? undefined,\n * data: { name: \"Alice\", email: \"alice@example.com\" },\n * },\n * );\n * ```\n */\nexport const userUpsert = mutation({\n args: { userId: v.optional(v.id(\"User\")), data: v.any() },\n returns: v.id(\"User\"),\n handler: async (ctx, { userId, data }) => {\n if (userId !== undefined) {\n await ctx.db.patch(\"User\", userId, data);\n return userId;\n }\n return await ctx.db.insert(\"User\", data);\n },\n});\n\n/**\n * Patch an existing user document with partial data.\n *\n * Merges the provided fields into the existing user document. Fields not\n * included in `data` are left unchanged. Useful for updating profile\n * information such as `name`, `email`, or custom `extend` fields without\n * overwriting the entire document.\n *\n * @param args.userId - The document ID of the user to update.\n * @param args.data - A partial object containing the fields to merge into the user document.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.users.userPatch,\n * {\n * userId: user._id,\n * data: { name: \"Alice Smith\", image: \"https://example.com/avatar.png\" },\n * },\n * );\n * ```\n */\nexport const userPatch = mutation({\n args: { userId: v.id(\"User\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { userId, data }) => {\n await ctx.db.patch(\"User\", userId, data);\n return null;\n },\n});\n\n/**\n * Delete a user document by ID.\n *\n * Removes the user from the `User` table. This is a no-op if the user does not\n * exist (i.e. was already deleted). Callers should ensure that related resources\n * such as accounts, sessions, and refresh tokens are cleaned up separately.\n *\n * @param args.userId - The document ID of the user to delete.\n * @returns `null` on success (including when the user was already absent).\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * component.identity.users.userDelete,\n * { userId: user._id },\n * );\n * ```\n */\nexport const userDelete = mutation({\n args: { userId: v.id(\"User\") },\n returns: v.null(),\n handler: async (ctx, { userId }) => {\n if ((await ctx.db.get(\"User\", userId)) !== null) {\n await ctx.db.delete(\"User\", userId);\n }\n return null;\n },\n});\n\n// ============================================================================\n// Accounts\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4CA,MAAa,WAAW,MAAM;CAC5B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC;GACpC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC7B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,QAAQ,EAClB,EAAE,QAAQ,QAAQ,CACnB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,SAAS;CAC7B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAG5B,IAAI;AACJ,MAAI,MAAM,UAAU,OAClB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;WACpD,MAAM,UAAU,OACzB,KAAI,IAAI,GACL,MAAM,OAAO,CACb,UAAU,UAAU,QAAQ,IAAI,GAAG,SAAS,MAAM,MAAO,CAAC;MAE7D,KAAI,IAAI,GAAG,MAAM,OAAO;AAI1B,MAAI,MAAM,gBAAgB,OACxB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,EAAE,MAAM,YAAa,CAAC;AAEvE,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAGzD,MAAI,MAAM,UAAU,UAAa,MAAM,UAAU,OAC/C,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,QAAQ,EAAE,MAAM,MAAO,CAAC;AAG3D,MAAI,EAAE,MAAM,MAAM;EAGlB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,cAAc,MAAM;CAC/B,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,SAAO,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,0BAA0B,MAAM;CAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;CAC3B,SAAS,EAAE,MAAM,UAAU,EAAE,MAAM,CAAC;CACpC,SAAS,OAAO,KAAK,EAAE,YAAY;EACjC,MAAM,QAAQ,MAAM,IAAI,GACrB,MAAM,OAAO,CACb,UAAU,mBAAmB,MAC5B,EAAE,GAAG,SAAS,MAAM,CAAC,GAAG,yBAAyB,OAAU,CAC5D,CACA,KAAK,EAAE;AACV,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAE1C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;CACvB,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,WAAW;AAChC,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BF,MAAa,aAAa,SAAS;CACjC,MAAM;EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,GAAG,OAAO;CACrB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,MAAI,WAAW,QAAW;AACxB,SAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,UAAO;;AAET,SAAO,MAAM,IAAI,GAAG,OAAO,QAAQ,KAAK;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;AAyBF,MAAa,YAAY,SAAS;CAChC,MAAM;EAAE,QAAQ,EAAE,GAAG,OAAO;EAAE,MAAM,EAAE,KAAK;EAAE;CAC7C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,QAAQ,WAAW;AACxC,QAAM,IAAI,GAAG,MAAM,QAAQ,QAAQ,KAAK;AACxC,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;AAoBF,MAAa,aAAa,SAAS;CACjC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE;CAC9B,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,aAAa;AAClC,MAAK,MAAM,IAAI,GAAG,IAAI,QAAQ,OAAO,KAAM,KACzC,OAAM,IAAI,GAAG,OAAO,QAAQ,OAAO;AAErC,SAAO;;CAEV,CAAC"}
@@ -1,116 +0,0 @@
1
- declare namespace verifiers_d_exports {
2
- export { verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch };
3
- }
4
- /**
5
- * Create a new PKCE verifier, optionally linked to a session.
6
- *
7
- * Inserts a document into the `AuthVerifier` table. Verifiers are used during
8
- * OAuth/OIDC flows to implement the PKCE (Proof Key for Code Exchange) pattern,
9
- * preventing authorization code interception attacks. The verifier can optionally
10
- * be linked to an existing session for session-aware flows.
11
- *
12
- * @param args.sessionId - An optional session document ID to associate with the verifier.
13
- * When provided, the verifier is scoped to the given session.
14
- * @returns The document ID of the newly created verifier.
15
- *
16
- * @example
17
- * ```ts
18
- * const verifierId = await ctx.runMutation(
19
- * component.identity.verifiers.verifierCreate,
20
- * { sessionId: session._id },
21
- * );
22
- * ```
23
- */
24
- declare const verifierCreate: any;
25
- /**
26
- * Retrieve a single verifier by its Convex document ID.
27
- *
28
- * Performs a direct point lookup on the `AuthVerifier` table. Returns `null` if
29
- * the verifier has been deleted or never existed.
30
- *
31
- * @param args.verifierId - The Convex document ID (`Id<"AuthVerifier">`) of the verifier to retrieve.
32
- * @returns The verifier document if it exists, or `null` otherwise.
33
- *
34
- * @example
35
- * ```ts
36
- * const verifier = await ctx.runQuery(
37
- * component.identity.verifiers.verifierGetById,
38
- * { verifierId: storedVerifierId },
39
- * );
40
- * if (verifier !== null) {
41
- * console.log(`Verifier signature: ${verifier.signature}`);
42
- * }
43
- * ```
44
- */
45
- declare const verifierGetById: any;
46
- /**
47
- * Look up a verifier by its cryptographic signature.
48
- *
49
- * Queries the `AuthVerifier` table using the `signature` index to find the
50
- * unique verifier matching the given signature string. This is the primary
51
- * lookup used during the OAuth callback phase to correlate the incoming
52
- * authorization response with the original PKCE challenge.
53
- *
54
- * @param args.signature - The cryptographic signature string to search for (exact match).
55
- * @returns The matching verifier document, or `null` if no verifier has the given signature.
56
- *
57
- * @example
58
- * ```ts
59
- * const verifier = await ctx.runQuery(
60
- * component.identity.verifiers.verifierGetBySignature,
61
- * { signature: incomingStateParam },
62
- * );
63
- * if (verifier === null) {
64
- * throw new Error("Invalid or expired OAuth state");
65
- * }
66
- * ```
67
- */
68
- declare const verifierGetBySignature: any;
69
- /**
70
- * Patch a verifier document with partial data.
71
- *
72
- * Merges the provided fields into the existing verifier document. This is
73
- * typically used to set the `signature` field after the verifier is initially
74
- * created, or to associate a `sessionId` with an existing verifier.
75
- *
76
- * @param args.verifierId - The document ID of the verifier to update.
77
- * @param args.data - A partial object containing the fields to merge into the verifier document
78
- * (e.g. `{ signature: string }` or `{ sessionId: Id<"Session"> }`).
79
- * @returns `null` on success.
80
- *
81
- * @example
82
- * ```ts
83
- * // Set the PKCE signature on the verifier
84
- * await ctx.runMutation(
85
- * component.identity.verifiers.verifierPatch,
86
- * {
87
- * verifierId: verifier._id,
88
- * data: { signature: generatedSignature },
89
- * },
90
- * );
91
- * ```
92
- */
93
- declare const verifierPatch: any;
94
- /**
95
- * Delete a verifier document permanently.
96
- *
97
- * Removes the verifier from the `AuthVerifier` table. This is typically called
98
- * after a successful OAuth callback to clean up the consumed PKCE state, or
99
- * to expire stale verifiers that were never completed.
100
- *
101
- * @param args.verifierId - The document ID of the verifier to delete.
102
- * @returns `null` on success.
103
- *
104
- * @example
105
- * ```ts
106
- * // Clean up the verifier after a successful OAuth exchange
107
- * await ctx.runMutation(
108
- * component.identity.verifiers.verifierDelete,
109
- * { verifierId: verifier._id },
110
- * );
111
- * ```
112
- */
113
- declare const verifierDelete: any;
114
- //#endregion
115
- export { verifierCreate, verifierDelete, verifierGetById, verifierGetBySignature, verifierPatch, verifiers_d_exports };
116
- //# sourceMappingURL=verifiers.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"verifiers.d.ts","names":[],"sources":["../../../../src/component/public/identity/verifiers.ts"],"mappings":";;;;;;;;;;;;;AAyBA;;;;;AA4BA;;;;;cA5Ba,cAAA;;;;;AA6Fb;;;;;AA4BA;;;;;;;;;;;cA7Fa,eAAA;;;;;;;;;;;;;;;;;;;;;;;cA8BA,sBAAA;;;;;;;;;;;;;;;;;;;;;;;;;cAmCA,aAAA;;;;;;;;;;;;;;;;;;;;cA4BA,cAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"verifiers.js","names":[],"sources":["../../../../src/component/public/identity/verifiers.ts"],"sourcesContent":["import { v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport { vAuthVerifierDoc } from \"../../model\";\n\n/**\n * Create a new PKCE verifier, optionally linked to a session.\n *\n * Inserts a document into the `AuthVerifier` table. Verifiers are used during\n * OAuth/OIDC flows to implement the PKCE (Proof Key for Code Exchange) pattern,\n * preventing authorization code interception attacks. The verifier can optionally\n * be linked to an existing session for session-aware flows.\n *\n * @param args.sessionId - An optional session document ID to associate with the verifier.\n * When provided, the verifier is scoped to the given session.\n * @returns The document ID of the newly created verifier.\n *\n * @example\n * ```ts\n * const verifierId = await ctx.runMutation(\n * component.identity.verifiers.verifierCreate,\n * { sessionId: session._id },\n * );\n * ```\n */\nexport const verifierCreate = mutation({\n args: { sessionId: v.optional(v.id(\"Session\")) },\n returns: v.id(\"AuthVerifier\"),\n handler: async (ctx, { sessionId }) => {\n return await ctx.db.insert(\"AuthVerifier\", { sessionId: sessionId as any });\n },\n});\n\n/**\n * Retrieve a single verifier by its Convex document ID.\n *\n * Performs a direct point lookup on the `AuthVerifier` table. Returns `null` if\n * the verifier has been deleted or never existed.\n *\n * @param args.verifierId - The Convex document ID (`Id<\"AuthVerifier\">`) of the verifier to retrieve.\n * @returns The verifier document if it exists, or `null` otherwise.\n *\n * @example\n * ```ts\n * const verifier = await ctx.runQuery(\n * component.identity.verifiers.verifierGetById,\n * { verifierId: storedVerifierId },\n * );\n * if (verifier !== null) {\n * console.log(`Verifier signature: ${verifier.signature}`);\n * }\n * ```\n */\nexport const verifierGetById = query({\n args: { verifierId: v.id(\"AuthVerifier\") },\n returns: v.union(vAuthVerifierDoc, v.null()),\n handler: async (ctx, { verifierId }) => {\n return await ctx.db.get(\"AuthVerifier\", verifierId);\n },\n});\n\n/**\n * Look up a verifier by its cryptographic signature.\n *\n * Queries the `AuthVerifier` table using the `signature` index to find the\n * unique verifier matching the given signature string. This is the primary\n * lookup used during the OAuth callback phase to correlate the incoming\n * authorization response with the original PKCE challenge.\n *\n * @param args.signature - The cryptographic signature string to search for (exact match).\n * @returns The matching verifier document, or `null` if no verifier has the given signature.\n *\n * @example\n * ```ts\n * const verifier = await ctx.runQuery(\n * component.identity.verifiers.verifierGetBySignature,\n * { signature: incomingStateParam },\n * );\n * if (verifier === null) {\n * throw new Error(\"Invalid or expired OAuth state\");\n * }\n * ```\n */\nexport const verifierGetBySignature = query({\n args: { signature: v.string() },\n returns: v.union(vAuthVerifierDoc, v.null()),\n handler: async (ctx, { signature }) => {\n return await ctx.db\n .query(\"AuthVerifier\")\n .withIndex(\"signature\", (q) => q.eq(\"signature\", signature))\n .unique();\n },\n});\n\n/**\n * Patch a verifier document with partial data.\n *\n * Merges the provided fields into the existing verifier document. This is\n * typically used to set the `signature` field after the verifier is initially\n * created, or to associate a `sessionId` with an existing verifier.\n *\n * @param args.verifierId - The document ID of the verifier to update.\n * @param args.data - A partial object containing the fields to merge into the verifier document\n * (e.g. `{ signature: string }` or `{ sessionId: Id<\"Session\"> }`).\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Set the PKCE signature on the verifier\n * await ctx.runMutation(\n * component.identity.verifiers.verifierPatch,\n * {\n * verifierId: verifier._id,\n * data: { signature: generatedSignature },\n * },\n * );\n * ```\n */\nexport const verifierPatch = mutation({\n args: { verifierId: v.id(\"AuthVerifier\"), data: v.any() },\n returns: v.null(),\n handler: async (ctx, { verifierId, data }) => {\n await ctx.db.patch(\"AuthVerifier\", verifierId, data);\n return null;\n },\n});\n\n/**\n * Delete a verifier document permanently.\n *\n * Removes the verifier from the `AuthVerifier` table. This is typically called\n * after a successful OAuth callback to clean up the consumed PKCE state, or\n * to expire stale verifiers that were never completed.\n *\n * @param args.verifierId - The document ID of the verifier to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Clean up the verifier after a successful OAuth exchange\n * await ctx.runMutation(\n * component.identity.verifiers.verifierDelete,\n * { verifierId: verifier._id },\n * );\n * ```\n */\nexport const verifierDelete = mutation({\n args: { verifierId: v.id(\"AuthVerifier\") },\n returns: v.null(),\n handler: async (ctx, { verifierId }) => {\n await ctx.db.delete(\"AuthVerifier\", verifierId);\n return null;\n },\n});\n\n// ============================================================================\n// Verification Codes\n// ============================================================================\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,MAAa,iBAAiB,SAAS;CACrC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,EAAE;CAChD,SAAS,EAAE,GAAG,eAAe;CAC7B,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GAAG,OAAO,gBAAgB,EAAa,WAAkB,CAAC;;CAE9E,CAAC;;;;;;;;;;;;;;;;;;;;;AAsBF,MAAa,kBAAkB,MAAM;CACnC,MAAM,EAAE,YAAY,EAAE,GAAG,eAAe,EAAE;CAC1C,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,iBAAiB;AACtC,SAAO,MAAM,IAAI,GAAG,IAAI,gBAAgB,WAAW;;CAEtD,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,yBAAyB,MAAM;CAC1C,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,kBAAkB,EAAE,MAAM,CAAC;CAC5C,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,eAAe,CACrB,UAAU,cAAc,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC3D,QAAQ;;CAEd,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;AA0BF,MAAa,gBAAgB,SAAS;CACpC,MAAM;EAAE,YAAY,EAAE,GAAG,eAAe;EAAE,MAAM,EAAE,KAAK;EAAE;CACzD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,YAAY,WAAW;AAC5C,QAAM,IAAI,GAAG,MAAM,gBAAgB,YAAY,KAAK;AACpD,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,iBAAiB,SAAS;CACrC,MAAM,EAAE,YAAY,EAAE,GAAG,eAAe,EAAE;CAC1C,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,iBAAiB;AACtC,QAAM,IAAI,GAAG,OAAO,gBAAgB,WAAW;AAC/C,SAAO;;CAEV,CAAC"}
@@ -1,209 +0,0 @@
1
- declare namespace keys_d_exports {
2
- export { keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch };
3
- }
4
- /**
5
- * Insert a new API key record into the `ApiKey` table.
6
- *
7
- * Creates an API key entry with the given metadata and scopes. The caller
8
- * is responsible for generating and hashing the raw key before passing it
9
- * here -- this function only stores the hash, never the plaintext key.
10
- * The `createdAt` timestamp and `revoked: false` flag are set automatically.
11
- *
12
- * @param userId - The `_id` of the `User` who owns this API key.
13
- * @param prefix - A short, visible prefix for the key (e.g. `"sk_live_"`)
14
- * that helps users identify which key was used without exposing the secret.
15
- * @param hashedKey - SHA-256 hash of the full API key string. Used for
16
- * constant-time lookup during Bearer token verification.
17
- * @param name - Human-readable name for the key (e.g. `"Production Backend"`).
18
- * @param scopes - Array of permission scopes, each containing a `resource`
19
- * name and an array of allowed `actions` (e.g.
20
- * `[{ resource: "messages", actions: ["read", "write"] }]`).
21
- * @param rateLimit - Optional rate limit configuration to apply per-key
22
- * (e.g. max requests per window).
23
- * @param expiresAt - Optional Unix timestamp (in milliseconds) after which
24
- * the key is no longer valid. Omit for non-expiring keys.
25
- * @param metadata - Optional arbitrary metadata to attach to the key record.
26
- * @returns The `_id` of the newly created `ApiKey` document.
27
- *
28
- * @example
29
- * ```ts
30
- * const keyId = await ctx.runMutation(
31
- * components.auth.security.keys.keyInsert,
32
- * {
33
- * userId: user._id,
34
- * prefix: "sk_live_",
35
- * hashedKey: await sha256(rawKey),
36
- * name: "Production Backend",
37
- * scopes: [{ resource: "messages", actions: ["read", "write"] }],
38
- * expiresAt: Date.now() + 90 * 24 * 60 * 60 * 1000,
39
- * },
40
- * );
41
- * ```
42
- */
43
- declare const keyInsert: any;
44
- /**
45
- * Look up an API key by its SHA-256 hash.
46
- *
47
- * Queries the `ApiKey` table using the `hashed_key` index. This is the
48
- * primary lookup path during Bearer token verification: the incoming
49
- * token is hashed and matched against stored hashes in constant time.
50
- * Returns the full key record including scopes, rate limit state, and
51
- * revocation status so the caller can perform authorization checks.
52
- *
53
- * @param hashedKey - SHA-256 hash of the API key string extracted from
54
- * the `Authorization: Bearer <token>` header.
55
- * @returns The matching `ApiKey` document (including rate limit state),
56
- * or `null` if no key matches the given hash.
57
- *
58
- * @example
59
- * ```ts
60
- * const apiKey = await ctx.runQuery(
61
- * components.auth.security.keys.keyGetByHashedKey,
62
- * { hashedKey: await sha256(bearerToken) },
63
- * );
64
- * if (apiKey === null || apiKey.revoked) {
65
- * throw new Error("Invalid or revoked API key");
66
- * }
67
- * ```
68
- */
69
- declare const keyGetByHashedKey: any;
70
- /**
71
- * List API keys with optional filtering, sorting, and cursor-based pagination.
72
- *
73
- * Returns a paginated result `{ items, nextCursor }` from the `ApiKey`
74
- * table. Supports filtering by `userId`, `revoked` status, `name`, and
75
- * `prefix`. The page size is clamped between 1 and 100 (default 50).
76
- * Pass the returned `nextCursor` as `cursor` in a subsequent call to
77
- * fetch the next page.
78
- *
79
- * @param where - Optional filter object. All specified fields are
80
- * combined with AND logic:
81
- * - `userId` -- restrict to keys owned by this user.
82
- * - `revoked` -- `true` for revoked keys, `false` for active keys.
83
- * - `name` -- exact match on the key's human-readable name.
84
- * - `prefix` -- exact match on the key prefix string.
85
- * @param limit - Maximum number of items to return per page (1--100,
86
- * default `50`).
87
- * @param cursor - Opaque cursor string (an `ApiKey` document `_id`)
88
- * returned from a previous call. Pass `null` or omit for the first page.
89
- * @param orderBy - Field to sort by. One of `"_creationTime"`, `"name"`,
90
- * `"lastUsedAt"`, `"expiresAt"`, or `"revoked"`. Defaults to
91
- * `"_creationTime"`.
92
- * @param order - Sort direction, `"asc"` or `"desc"` (default `"desc"`).
93
- * @returns An object with `items` (array of `ApiKey` documents) and
94
- * `nextCursor` (string ID of the last item, or `null` if no more pages).
95
- *
96
- * @example
97
- * ```ts
98
- * // Fetch the first page of active keys for a user
99
- * const page = await ctx.runQuery(
100
- * components.auth.security.keys.keyList,
101
- * {
102
- * where: { userId: user._id, revoked: false },
103
- * limit: 20,
104
- * order: "desc",
105
- * },
106
- * );
107
- * // Fetch the next page
108
- * if (page.nextCursor) {
109
- * const page2 = await ctx.runQuery(
110
- * components.auth.security.keys.keyList,
111
- * { where: { userId: user._id, revoked: false }, cursor: page.nextCursor },
112
- * );
113
- * }
114
- * ```
115
- */
116
- declare const keyList: any;
117
- /**
118
- * Get a single API key by its document ID.
119
- *
120
- * Performs a direct document lookup on the `ApiKey` table. Useful when
121
- * you already have the key's `_id` (e.g. from a list query or a stored
122
- * reference) and need to retrieve its full details.
123
- *
124
- * @param keyId - The `_id` of the `ApiKey` document to retrieve.
125
- * @returns The `ApiKey` document, or `null` if no key exists with the
126
- * given ID.
127
- *
128
- * @example
129
- * ```ts
130
- * const apiKey = await ctx.runQuery(
131
- * components.auth.security.keys.keyGetById,
132
- * { keyId: storedKeyId },
133
- * );
134
- * if (apiKey !== null) {
135
- * console.log(apiKey.name, apiKey.scopes);
136
- * }
137
- * ```
138
- */
139
- declare const keyGetById: any;
140
- /**
141
- * Patch an API key record with partial updates.
142
- *
143
- * Performs a partial update on the `ApiKey` document. Supports modifying
144
- * the key's name, scopes, rate limit configuration, rate limit state,
145
- * revocation flag, and last-used timestamp. Throws a `ConvexError` with
146
- * code `"KEY_NOT_FOUND"` if the key does not exist.
147
- *
148
- * @param keyId - The `_id` of the `ApiKey` document to update.
149
- * @param data - An object containing the fields to patch. All fields are
150
- * optional:
151
- * - `name` -- Updated human-readable name.
152
- * - `scopes` -- Replacement array of permission scopes.
153
- * - `rateLimit` -- Updated rate limit configuration.
154
- * - `rateLimitState` -- Updated rate limit tracking state (token
155
- * count, last refill time).
156
- * - `revoked` -- Set to `true` to revoke the key, `false` to
157
- * reinstate it.
158
- * - `lastUsedAt` -- Unix timestamp (in milliseconds) of the most
159
- * recent API call using this key.
160
- * @returns `null` on success.
161
- *
162
- * @example
163
- * ```ts
164
- * // Revoke an API key
165
- * await ctx.runMutation(
166
- * components.auth.security.keys.keyPatch,
167
- * {
168
- * keyId: apiKey._id,
169
- * data: { revoked: true },
170
- * },
171
- * );
172
- *
173
- * // Rename and update scopes
174
- * await ctx.runMutation(
175
- * components.auth.security.keys.keyPatch,
176
- * {
177
- * keyId: apiKey._id,
178
- * data: {
179
- * name: "Read-Only Key",
180
- * scopes: [{ resource: "messages", actions: ["read"] }],
181
- * },
182
- * },
183
- * );
184
- * ```
185
- */
186
- declare const keyPatch: any;
187
- /**
188
- * Hard-delete an API key record from the `ApiKey` table.
189
- *
190
- * Permanently removes the API key document. Unlike revocation (which
191
- * keeps the record for audit purposes), this is an irreversible
192
- * deletion. Throws a `ConvexError` with code `"KEY_NOT_FOUND"` if the
193
- * key does not exist.
194
- *
195
- * @param keyId - The `_id` of the `ApiKey` document to delete.
196
- * @returns `null` on success.
197
- *
198
- * @example
199
- * ```ts
200
- * await ctx.runMutation(
201
- * components.auth.security.keys.keyDelete,
202
- * { keyId: apiKey._id },
203
- * );
204
- * ```
205
- */
206
- declare const keyDelete: any;
207
- //#endregion
208
- export { keyDelete, keyGetByHashedKey, keyGetById, keyInsert, keyList, keyPatch, keys_d_exports };
209
- //# sourceMappingURL=keys.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"keys.d.ts","names":[],"sources":["../../../../src/component/public/security/keys.ts"],"mappings":";;;;;;;;;;;;;;AAsDA;;;;;AAmDA;;;;;AAyDA;;;;;AAwFA;;;;;AAsDA;;;;;AA8CA;;;cAxSa,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;cAmDA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAyDA,OAAA;;;;;;;;;;;;;;;;;;;;;;;cAwFA,UAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAsDA,QAAA;;;;;;;;;;;;;;;;;;;;cA8CA,SAAA"}
@@ -1 +0,0 @@
1
- {"version":3,"file":"keys.js","names":[],"sources":["../../../../src/component/public/security/keys.ts"],"sourcesContent":["import { ConvexError, v } from \"convex/values\";\n\nimport { mutation, query } from \"../../functions\";\nimport {\n vApiKeyDoc,\n vApiKeyRateLimit,\n vApiKeyRateLimitState,\n vApiKeyScope,\n vPaginated,\n} from \"../../model\";\n\n// ============================================================================\n// API Keys\n// ============================================================================\n\n/**\n * Insert a new API key record into the `ApiKey` table.\n *\n * Creates an API key entry with the given metadata and scopes. The caller\n * is responsible for generating and hashing the raw key before passing it\n * here -- this function only stores the hash, never the plaintext key.\n * The `createdAt` timestamp and `revoked: false` flag are set automatically.\n *\n * @param userId - The `_id` of the `User` who owns this API key.\n * @param prefix - A short, visible prefix for the key (e.g. `\"sk_live_\"`)\n * that helps users identify which key was used without exposing the secret.\n * @param hashedKey - SHA-256 hash of the full API key string. Used for\n * constant-time lookup during Bearer token verification.\n * @param name - Human-readable name for the key (e.g. `\"Production Backend\"`).\n * @param scopes - Array of permission scopes, each containing a `resource`\n * name and an array of allowed `actions` (e.g.\n * `[{ resource: \"messages\", actions: [\"read\", \"write\"] }]`).\n * @param rateLimit - Optional rate limit configuration to apply per-key\n * (e.g. max requests per window).\n * @param expiresAt - Optional Unix timestamp (in milliseconds) after which\n * the key is no longer valid. Omit for non-expiring keys.\n * @param metadata - Optional arbitrary metadata to attach to the key record.\n * @returns The `_id` of the newly created `ApiKey` document.\n *\n * @example\n * ```ts\n * const keyId = await ctx.runMutation(\n * components.auth.security.keys.keyInsert,\n * {\n * userId: user._id,\n * prefix: \"sk_live_\",\n * hashedKey: await sha256(rawKey),\n * name: \"Production Backend\",\n * scopes: [{ resource: \"messages\", actions: [\"read\", \"write\"] }],\n * expiresAt: Date.now() + 90 * 24 * 60 * 60 * 1000,\n * },\n * );\n * ```\n */\nexport const keyInsert = mutation({\n args: {\n userId: v.id(\"User\"),\n prefix: v.string(),\n hashedKey: v.string(),\n name: v.string(),\n scopes: v.array(\n v.object({\n resource: v.string(),\n actions: v.array(v.string()),\n }),\n ),\n rateLimit: v.optional(vApiKeyRateLimit),\n expiresAt: v.optional(v.number()),\n metadata: v.optional(v.any()),\n },\n returns: v.id(\"ApiKey\"),\n handler: async (ctx, args) => {\n return await ctx.db.insert(\"ApiKey\", {\n ...args,\n createdAt: Date.now(),\n revoked: false,\n });\n },\n});\n\n/**\n * Look up an API key by its SHA-256 hash.\n *\n * Queries the `ApiKey` table using the `hashed_key` index. This is the\n * primary lookup path during Bearer token verification: the incoming\n * token is hashed and matched against stored hashes in constant time.\n * Returns the full key record including scopes, rate limit state, and\n * revocation status so the caller can perform authorization checks.\n *\n * @param hashedKey - SHA-256 hash of the API key string extracted from\n * the `Authorization: Bearer <token>` header.\n * @returns The matching `ApiKey` document (including rate limit state),\n * or `null` if no key matches the given hash.\n *\n * @example\n * ```ts\n * const apiKey = await ctx.runQuery(\n * components.auth.security.keys.keyGetByHashedKey,\n * { hashedKey: await sha256(bearerToken) },\n * );\n * if (apiKey === null || apiKey.revoked) {\n * throw new Error(\"Invalid or revoked API key\");\n * }\n * ```\n */\nexport const keyGetByHashedKey = query({\n args: { hashedKey: v.string() },\n returns: v.union(vApiKeyDoc, v.null()),\n handler: async (ctx, { hashedKey }) => {\n return await ctx.db\n .query(\"ApiKey\")\n .withIndex(\"hashed_key\", (q) => q.eq(\"hashedKey\", hashedKey))\n .first();\n },\n});\n\n/**\n * List API keys with optional filtering, sorting, and cursor-based pagination.\n *\n * Returns a paginated result `{ items, nextCursor }` from the `ApiKey`\n * table. Supports filtering by `userId`, `revoked` status, `name`, and\n * `prefix`. The page size is clamped between 1 and 100 (default 50).\n * Pass the returned `nextCursor` as `cursor` in a subsequent call to\n * fetch the next page.\n *\n * @param where - Optional filter object. All specified fields are\n * combined with AND logic:\n * - `userId` -- restrict to keys owned by this user.\n * - `revoked` -- `true` for revoked keys, `false` for active keys.\n * - `name` -- exact match on the key's human-readable name.\n * - `prefix` -- exact match on the key prefix string.\n * @param limit - Maximum number of items to return per page (1--100,\n * default `50`).\n * @param cursor - Opaque cursor string (an `ApiKey` document `_id`)\n * returned from a previous call. Pass `null` or omit for the first page.\n * @param orderBy - Field to sort by. One of `\"_creationTime\"`, `\"name\"`,\n * `\"lastUsedAt\"`, `\"expiresAt\"`, or `\"revoked\"`. Defaults to\n * `\"_creationTime\"`.\n * @param order - Sort direction, `\"asc\"` or `\"desc\"` (default `\"desc\"`).\n * @returns An object with `items` (array of `ApiKey` documents) and\n * `nextCursor` (string ID of the last item, or `null` if no more pages).\n *\n * @example\n * ```ts\n * // Fetch the first page of active keys for a user\n * const page = await ctx.runQuery(\n * components.auth.security.keys.keyList,\n * {\n * where: { userId: user._id, revoked: false },\n * limit: 20,\n * order: \"desc\",\n * },\n * );\n * // Fetch the next page\n * if (page.nextCursor) {\n * const page2 = await ctx.runQuery(\n * components.auth.security.keys.keyList,\n * { where: { userId: user._id, revoked: false }, cursor: page.nextCursor },\n * );\n * }\n * ```\n */\nexport const keyList = query({\n args: {\n where: v.optional(\n v.object({\n userId: v.optional(v.id(\"User\")),\n revoked: v.optional(v.boolean()),\n name: v.optional(v.string()),\n prefix: v.optional(v.string()),\n }),\n ),\n limit: v.optional(v.number()),\n cursor: v.optional(v.union(v.string(), v.null())),\n orderBy: v.optional(\n v.union(\n v.literal(\"_creationTime\"),\n v.literal(\"name\"),\n v.literal(\"lastUsedAt\"),\n v.literal(\"expiresAt\"),\n v.literal(\"revoked\"),\n ),\n ),\n order: v.optional(v.union(v.literal(\"asc\"), v.literal(\"desc\"))),\n },\n returns: vPaginated(vApiKeyDoc),\n handler: async (ctx, args) => {\n const where = args.where ?? {};\n const limit = Math.min(Math.max(args.limit ?? 50, 1), 100);\n const order = args.order ?? \"desc\";\n\n let q;\n if (where.userId !== undefined) {\n q = ctx.db\n .query(\"ApiKey\")\n .withIndex(\"user_id\", (idx) => idx.eq(\"userId\", where.userId!));\n } else {\n q = ctx.db.query(\"ApiKey\");\n }\n\n if (where.revoked !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"revoked\"), where.revoked!));\n }\n if (where.name !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"name\"), where.name!));\n }\n if (where.prefix !== undefined) {\n q = q.filter((f) => f.eq(f.field(\"prefix\"), where.prefix!));\n }\n\n q = q.order(order);\n\n const all = await q.collect();\n let startIdx = 0;\n if (args.cursor) {\n const cursorIdx = all.findIndex((doc) => doc._id === args.cursor);\n if (cursorIdx !== -1) {\n startIdx = cursorIdx + 1;\n }\n }\n const page = all.slice(startIdx, startIdx + limit + 1);\n const hasMore = page.length > limit;\n const items = hasMore ? page.slice(0, limit) : page;\n const nextCursor = hasMore ? items[items.length - 1]._id : null;\n return { items, nextCursor };\n },\n});\n\n/**\n * Get a single API key by its document ID.\n *\n * Performs a direct document lookup on the `ApiKey` table. Useful when\n * you already have the key's `_id` (e.g. from a list query or a stored\n * reference) and need to retrieve its full details.\n *\n * @param keyId - The `_id` of the `ApiKey` document to retrieve.\n * @returns The `ApiKey` document, or `null` if no key exists with the\n * given ID.\n *\n * @example\n * ```ts\n * const apiKey = await ctx.runQuery(\n * components.auth.security.keys.keyGetById,\n * { keyId: storedKeyId },\n * );\n * if (apiKey !== null) {\n * console.log(apiKey.name, apiKey.scopes);\n * }\n * ```\n */\nexport const keyGetById = query({\n args: { keyId: v.id(\"ApiKey\") },\n returns: v.union(vApiKeyDoc, v.null()),\n handler: async (ctx, { keyId }) => {\n return await ctx.db.get(\"ApiKey\", keyId);\n },\n});\n\n/**\n * Patch an API key record with partial updates.\n *\n * Performs a partial update on the `ApiKey` document. Supports modifying\n * the key's name, scopes, rate limit configuration, rate limit state,\n * revocation flag, and last-used timestamp. Throws a `ConvexError` with\n * code `\"KEY_NOT_FOUND\"` if the key does not exist.\n *\n * @param keyId - The `_id` of the `ApiKey` document to update.\n * @param data - An object containing the fields to patch. All fields are\n * optional:\n * - `name` -- Updated human-readable name.\n * - `scopes` -- Replacement array of permission scopes.\n * - `rateLimit` -- Updated rate limit configuration.\n * - `rateLimitState` -- Updated rate limit tracking state (token\n * count, last refill time).\n * - `revoked` -- Set to `true` to revoke the key, `false` to\n * reinstate it.\n * - `lastUsedAt` -- Unix timestamp (in milliseconds) of the most\n * recent API call using this key.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * // Revoke an API key\n * await ctx.runMutation(\n * components.auth.security.keys.keyPatch,\n * {\n * keyId: apiKey._id,\n * data: { revoked: true },\n * },\n * );\n *\n * // Rename and update scopes\n * await ctx.runMutation(\n * components.auth.security.keys.keyPatch,\n * {\n * keyId: apiKey._id,\n * data: {\n * name: \"Read-Only Key\",\n * scopes: [{ resource: \"messages\", actions: [\"read\"] }],\n * },\n * },\n * );\n * ```\n */\nexport const keyPatch = mutation({\n args: {\n keyId: v.id(\"ApiKey\"),\n data: v.object({\n name: v.optional(v.string()),\n scopes: v.optional(v.array(vApiKeyScope)),\n rateLimit: v.optional(vApiKeyRateLimit),\n rateLimitState: v.optional(vApiKeyRateLimitState),\n revoked: v.optional(v.boolean()),\n lastUsedAt: v.optional(v.number()),\n }),\n },\n returns: v.null(),\n handler: async (ctx, { keyId, data }) => {\n const key = await ctx.db.get(\"ApiKey\", keyId);\n if (key === null) {\n throw new ConvexError({\n code: \"KEY_NOT_FOUND\",\n message: \"API key not found\",\n keyId,\n });\n }\n await ctx.db.patch(\"ApiKey\", keyId, data);\n return null;\n },\n});\n\n/**\n * Hard-delete an API key record from the `ApiKey` table.\n *\n * Permanently removes the API key document. Unlike revocation (which\n * keeps the record for audit purposes), this is an irreversible\n * deletion. Throws a `ConvexError` with code `\"KEY_NOT_FOUND\"` if the\n * key does not exist.\n *\n * @param keyId - The `_id` of the `ApiKey` document to delete.\n * @returns `null` on success.\n *\n * @example\n * ```ts\n * await ctx.runMutation(\n * components.auth.security.keys.keyDelete,\n * { keyId: apiKey._id },\n * );\n * ```\n */\nexport const keyDelete = mutation({\n args: { keyId: v.id(\"ApiKey\") },\n returns: v.null(),\n handler: async (ctx, { keyId }) => {\n const key = await ctx.db.get(\"ApiKey\", keyId);\n if (key === null) {\n throw new ConvexError({\n code: \"KEY_NOT_FOUND\",\n message: \"API key not found\",\n keyId,\n });\n }\n await ctx.db.delete(\"ApiKey\", keyId);\n return null;\n },\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsDA,MAAa,YAAY,SAAS;CAChC,MAAM;EACJ,QAAQ,EAAE,GAAG,OAAO;EACpB,QAAQ,EAAE,QAAQ;EAClB,WAAW,EAAE,QAAQ;EACrB,MAAM,EAAE,QAAQ;EAChB,QAAQ,EAAE,MACR,EAAE,OAAO;GACP,UAAU,EAAE,QAAQ;GACpB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;GAC7B,CAAC,CACH;EACD,WAAW,EAAE,SAAS,iBAAiB;EACvC,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;EAC9B;CACD,SAAS,EAAE,GAAG,SAAS;CACvB,SAAS,OAAO,KAAK,SAAS;AAC5B,SAAO,MAAM,IAAI,GAAG,OAAO,UAAU;GACnC,GAAG;GACH,WAAW,KAAK,KAAK;GACrB,SAAS;GACV,CAAC;;CAEL,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BF,MAAa,oBAAoB,MAAM;CACrC,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE;CAC/B,SAAS,EAAE,MAAM,YAAY,EAAE,MAAM,CAAC;CACtC,SAAS,OAAO,KAAK,EAAE,gBAAgB;AACrC,SAAO,MAAM,IAAI,GACd,MAAM,SAAS,CACf,UAAU,eAAe,MAAM,EAAE,GAAG,aAAa,UAAU,CAAC,CAC5D,OAAO;;CAEb,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDF,MAAa,UAAU,MAAM;CAC3B,MAAM;EACJ,OAAO,EAAE,SACP,EAAE,OAAO;GACP,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;GAChC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;GAChC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC/B,CAAC,CACH;EACD,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC;EAC7B,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;EACjD,SAAS,EAAE,SACT,EAAE,MACA,EAAE,QAAQ,gBAAgB,EAC1B,EAAE,QAAQ,OAAO,EACjB,EAAE,QAAQ,aAAa,EACvB,EAAE,QAAQ,YAAY,EACtB,EAAE,QAAQ,UAAU,CACrB,CACF;EACD,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,MAAM,EAAE,EAAE,QAAQ,OAAO,CAAC,CAAC;EAChE;CACD,SAAS,WAAW,WAAW;CAC/B,SAAS,OAAO,KAAK,SAAS;EAC5B,MAAM,QAAQ,KAAK,SAAS,EAAE;EAC9B,MAAM,QAAQ,KAAK,IAAI,KAAK,IAAI,KAAK,SAAS,IAAI,EAAE,EAAE,IAAI;EAC1D,MAAM,QAAQ,KAAK,SAAS;EAE5B,IAAI;AACJ,MAAI,MAAM,WAAW,OACnB,KAAI,IAAI,GACL,MAAM,SAAS,CACf,UAAU,YAAY,QAAQ,IAAI,GAAG,UAAU,MAAM,OAAQ,CAAC;MAEjE,KAAI,IAAI,GAAG,MAAM,SAAS;AAG5B,MAAI,MAAM,YAAY,OACpB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,UAAU,EAAE,MAAM,QAAS,CAAC;AAE/D,MAAI,MAAM,SAAS,OACjB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,OAAO,EAAE,MAAM,KAAM,CAAC;AAEzD,MAAI,MAAM,WAAW,OACnB,KAAI,EAAE,QAAQ,MAAM,EAAE,GAAG,EAAE,MAAM,SAAS,EAAE,MAAM,OAAQ,CAAC;AAG7D,MAAI,EAAE,MAAM,MAAM;EAElB,MAAM,MAAM,MAAM,EAAE,SAAS;EAC7B,IAAI,WAAW;AACf,MAAI,KAAK,QAAQ;GACf,MAAM,YAAY,IAAI,WAAW,QAAQ,IAAI,QAAQ,KAAK,OAAO;AACjE,OAAI,cAAc,GAChB,YAAW,YAAY;;EAG3B,MAAM,OAAO,IAAI,MAAM,UAAU,WAAW,QAAQ,EAAE;EACtD,MAAM,UAAU,KAAK,SAAS;EAC9B,MAAM,QAAQ,UAAU,KAAK,MAAM,GAAG,MAAM,GAAG;AAE/C,SAAO;GAAE;GAAO,YADG,UAAU,MAAM,MAAM,SAAS,GAAG,MAAM;GAC/B;;CAE/B,CAAC;;;;;;;;;;;;;;;;;;;;;;;AAwBF,MAAa,aAAa,MAAM;CAC9B,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,EAAE;CAC/B,SAAS,EAAE,MAAM,YAAY,EAAE,MAAM,CAAC;CACtC,SAAS,OAAO,KAAK,EAAE,YAAY;AACjC,SAAO,MAAM,IAAI,GAAG,IAAI,UAAU,MAAM;;CAE3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDF,MAAa,WAAW,SAAS;CAC/B,MAAM;EACJ,OAAO,EAAE,GAAG,SAAS;EACrB,MAAM,EAAE,OAAO;GACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;GAC5B,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;GACzC,WAAW,EAAE,SAAS,iBAAiB;GACvC,gBAAgB,EAAE,SAAS,sBAAsB;GACjD,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;GAChC,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC;GACnC,CAAC;EACH;CACD,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,OAAO,WAAW;AAEvC,MADY,MAAM,IAAI,GAAG,IAAI,UAAU,MAAM,KACjC,KACV,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,QAAM,IAAI,GAAG,MAAM,UAAU,OAAO,KAAK;AACzC,SAAO;;CAEV,CAAC;;;;;;;;;;;;;;;;;;;;AAqBF,MAAa,YAAY,SAAS;CAChC,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,EAAE;CAC/B,SAAS,EAAE,MAAM;CACjB,SAAS,OAAO,KAAK,EAAE,YAAY;AAEjC,MADY,MAAM,IAAI,GAAG,IAAI,UAAU,MAAM,KACjC,KACV,OAAM,IAAI,YAAY;GACpB,MAAM;GACN,SAAS;GACT;GACD,CAAC;AAEJ,QAAM,IAAI,GAAG,OAAO,UAAU,MAAM;AACpC,SAAO;;CAEV,CAAC"}