@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1 +0,0 @@
1
- {"version":3,"file":"scim.js","names":[],"sources":["../../../../src/server/enterprise/scim.ts"],"sourcesContent":["import type { ScimListRequest } from \"./shared\";\nimport { SCIM_GROUP_SCHEMA_ID, SCIM_USER_SCHEMA_ID } from \"./shared\";\n\n/** @internal */\nexport function parseScimPath(pathname: string) {\n const parts = pathname.split(\"/\").filter(Boolean);\n const [api, auth, sso, enterpriseId, protocol, version, ...rest] = parts;\n\n if (\n api !== \"api\" ||\n auth !== \"auth\" ||\n sso !== \"sso\" ||\n !enterpriseId ||\n enterpriseId === \"setup\" ||\n protocol !== \"scim\" ||\n version !== \"v2\"\n ) {\n return {\n enterpriseId: \"\",\n resource: \"\",\n resourceId: undefined,\n };\n }\n\n return {\n enterpriseId,\n resource: rest[0] ?? \"\",\n resourceId: rest[1],\n };\n}\n\n/** @internal */\nexport function parseScimListRequest(url: URL): ScimListRequest {\n const startIndex = Math.max(\n 1,\n Number(url.searchParams.get(\"startIndex\") ?? \"1\"),\n );\n const count = Math.min(\n 100,\n Math.max(1, Number(url.searchParams.get(\"count\") ?? \"100\")),\n );\n const filterParam = url.searchParams.get(\"filter\");\n const filter = filterParam\n ? (() => {\n const match = filterParam.match(/^([A-Za-z0-9_.]+)\\s+eq\\s+\"([^\"]+)\"$/);\n if (!match) {\n throw new Error(\"Unsupported SCIM filter.\");\n }\n return { attribute: match[1]!, value: match[2]! };\n })()\n : undefined;\n return { startIndex, count, filter };\n}\n\n/** @internal */\nexport function scimJson(data: unknown, status = 200, headers?: HeadersInit) {\n const responseHeaders = new Headers({\n \"Content-Type\": \"application/scim+json\",\n });\n if (headers) {\n new Headers(headers).forEach((value, key) => {\n responseHeaders.set(key, value);\n });\n }\n return new Response(JSON.stringify(data), {\n status,\n headers: responseHeaders,\n });\n}\n\n/** @internal */\nexport function scimError(status: number, scimType: string, detail: string) {\n return scimJson(\n {\n schemas: [\"urn:ietf:params:scim:api:messages:2.0:Error\"],\n status: String(status),\n scimType,\n detail,\n },\n status,\n );\n}\n\n/** @internal */\nexport function serializeScimUser(args: {\n id: string;\n user: Record<string, any>;\n externalId?: string;\n active?: boolean;\n location?: string;\n}) {\n return {\n schemas: [SCIM_USER_SCHEMA_ID],\n id: args.id,\n externalId: args.externalId,\n meta: {\n resourceType: \"User\",\n location: args.location,\n },\n userName: args.user.email ?? args.user.phone ?? args.user.name ?? args.id,\n active: args.active ?? true,\n name:\n args.user.name !== undefined ? { formatted: args.user.name } : undefined,\n emails:\n typeof args.user.email === \"string\"\n ? [{ value: args.user.email, primary: true }]\n : undefined,\n phoneNumbers:\n typeof args.user.phone === \"string\"\n ? [{ value: args.user.phone, primary: true }]\n : undefined,\n displayName: args.user.name,\n };\n}\n\n/** @internal */\nexport function serializeScimGroup(args: {\n id: string;\n group: Record<string, any>;\n externalId?: string;\n members?: Array<{ value: string; display?: string }>;\n location?: string;\n}) {\n return {\n schemas: [SCIM_GROUP_SCHEMA_ID],\n id: args.id,\n externalId: args.externalId,\n meta: {\n resourceType: \"Group\",\n location: args.location,\n },\n displayName: args.group.name ?? args.id,\n members: args.members ?? [],\n };\n}\n"],"mappings":";;;;AAIA,SAAgB,cAAc,UAAkB;CAE9C,MAAM,CAAC,KAAK,MAAM,KAAK,cAAc,UAAU,SAAS,GAAG,QAD7C,SAAS,MAAM,IAAI,CAAC,OAAO,QAAQ;AAGjD,KACE,QAAQ,SACR,SAAS,UACT,QAAQ,SACR,CAAC,gBACD,iBAAiB,WACjB,aAAa,UACb,YAAY,KAEZ,QAAO;EACL,cAAc;EACd,UAAU;EACV,YAAY;EACb;AAGH,QAAO;EACL;EACA,UAAU,KAAK,MAAM;EACrB,YAAY,KAAK;EAClB;;;AAIH,SAAgB,qBAAqB,KAA2B;CAC9D,MAAM,aAAa,KAAK,IACtB,GACA,OAAO,IAAI,aAAa,IAAI,aAAa,IAAI,IAAI,CAClD;CACD,MAAM,QAAQ,KAAK,IACjB,KACA,KAAK,IAAI,GAAG,OAAO,IAAI,aAAa,IAAI,QAAQ,IAAI,MAAM,CAAC,CAC5D;CACD,MAAM,cAAc,IAAI,aAAa,IAAI,SAAS;AAUlD,QAAO;EAAE;EAAY;EAAO,QATb,qBACJ;GACL,MAAM,QAAQ,YAAY,MAAM,sCAAsC;AACtE,OAAI,CAAC,MACH,OAAM,IAAI,MAAM,2BAA2B;AAE7C,UAAO;IAAE,WAAW,MAAM;IAAK,OAAO,MAAM;IAAK;MAC/C,GACJ;EACgC;;;AAItC,SAAgB,SAAS,MAAe,SAAS,KAAK,SAAuB;CAC3E,MAAM,kBAAkB,IAAI,QAAQ,EAClC,gBAAgB,yBACjB,CAAC;AACF,KAAI,QACF,KAAI,QAAQ,QAAQ,CAAC,SAAS,OAAO,QAAQ;AAC3C,kBAAgB,IAAI,KAAK,MAAM;GAC/B;AAEJ,QAAO,IAAI,SAAS,KAAK,UAAU,KAAK,EAAE;EACxC;EACA,SAAS;EACV,CAAC;;;AAIJ,SAAgB,UAAU,QAAgB,UAAkB,QAAgB;AAC1E,QAAO,SACL;EACE,SAAS,CAAC,8CAA8C;EACxD,QAAQ,OAAO,OAAO;EACtB;EACA;EACD,EACD,OACD;;;AAIH,SAAgB,kBAAkB,MAM/B;AACD,QAAO;EACL,SAAS,CAAC,oBAAoB;EAC9B,IAAI,KAAK;EACT,YAAY,KAAK;EACjB,MAAM;GACJ,cAAc;GACd,UAAU,KAAK;GAChB;EACD,UAAU,KAAK,KAAK,SAAS,KAAK,KAAK,SAAS,KAAK,KAAK,QAAQ,KAAK;EACvE,QAAQ,KAAK,UAAU;EACvB,MACE,KAAK,KAAK,SAAS,SAAY,EAAE,WAAW,KAAK,KAAK,MAAM,GAAG;EACjE,QACE,OAAO,KAAK,KAAK,UAAU,WACvB,CAAC;GAAE,OAAO,KAAK,KAAK;GAAO,SAAS;GAAM,CAAC,GAC3C;EACN,cACE,OAAO,KAAK,KAAK,UAAU,WACvB,CAAC;GAAE,OAAO,KAAK,KAAK;GAAO,SAAS;GAAM,CAAC,GAC3C;EACN,aAAa,KAAK,KAAK;EACxB;;;AAIH,SAAgB,mBAAmB,MAMhC;AACD,QAAO;EACL,SAAS,CAAC,qBAAqB;EAC/B,IAAI,KAAK;EACT,YAAY,KAAK;EACjB,MAAM;GACJ,cAAc;GACd,UAAU,KAAK;GAChB;EACD,aAAa,KAAK,MAAM,QAAQ,KAAK;EACrC,SAAS,KAAK,WAAW,EAAE;EAC5B"}
@@ -1,51 +0,0 @@
1
- //#region src/server/enterprise/shared.ts
2
- /** @internal */
3
- const SCIM_USER_SCHEMA_ID = "urn:ietf:params:scim:schemas:core:2.0:User";
4
- /** @internal */
5
- const SCIM_GROUP_SCHEMA_ID = "urn:ietf:params:scim:schemas:core:2.0:Group";
6
- /** @internal */
7
- const ENTERPRISE_OIDC_PROVIDER_PREFIX = "enterprise:oidc:";
8
- /** @internal */
9
- const ENTERPRISE_SAML_PROVIDER_PREFIX = "enterprise:saml:";
10
- /** @internal */
11
- function normalizeDomain(domain) {
12
- return domain.trim().toLowerCase().replace(/^@+/, "");
13
- }
14
- /** @internal */
15
- function enterpriseOidcProviderId(enterpriseId) {
16
- return `${ENTERPRISE_OIDC_PROVIDER_PREFIX}${enterpriseId}`;
17
- }
18
- /** @internal */
19
- function enterpriseSamlProviderId(enterpriseId) {
20
- return `${ENTERPRISE_SAML_PROVIDER_PREFIX}${enterpriseId}`;
21
- }
22
- /** @internal */
23
- function getEnterpriseSamlUrls(opts) {
24
- const root = opts.rootUrl.replace(/\/$/, "");
25
- return {
26
- metadataUrl: `${root}/api/auth/sso/${opts.source.id}/saml/metadata`,
27
- acsUrl: `${root}/api/auth/sso/${opts.source.id}/saml/acs`,
28
- sloUrl: `${root}/api/auth/sso/${opts.source.id}/saml/slo`
29
- };
30
- }
31
- /** @internal */
32
- function getEnterpriseOidcUrls(opts) {
33
- const root = opts.rootUrl.replace(/\/$/, "");
34
- return {
35
- signInUrl: `${root}/api/auth/sso/${opts.enterpriseId}/oidc/signin`,
36
- callbackUrl: `${root}/api/auth/sso/${opts.enterpriseId}/oidc/callback`
37
- };
38
- }
39
- /** @internal */
40
- function isEnterpriseSamlSourceActive(source) {
41
- return source.status === "active";
42
- }
43
- /** @internal */
44
- function isEnterpriseProviderId(providerId) {
45
- return providerId.startsWith(ENTERPRISE_OIDC_PROVIDER_PREFIX) || providerId.startsWith(ENTERPRISE_SAML_PROVIDER_PREFIX);
46
- }
47
- const asRecord = (value) => typeof value === "object" && value !== null ? value : null;
48
-
49
- //#endregion
50
- export { ENTERPRISE_OIDC_PROVIDER_PREFIX, ENTERPRISE_SAML_PROVIDER_PREFIX, SCIM_GROUP_SCHEMA_ID, SCIM_USER_SCHEMA_ID, asRecord, enterpriseOidcProviderId, enterpriseSamlProviderId, getEnterpriseOidcUrls, getEnterpriseSamlUrls, isEnterpriseProviderId, isEnterpriseSamlSourceActive, normalizeDomain };
51
- //# sourceMappingURL=shared.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"shared.js","names":[],"sources":["../../../../src/server/enterprise/shared.ts"],"sourcesContent":["/** @internal */\nexport type ParsedSamlMetadata = {\n issuer: string;\n sso: {\n redirect?: string;\n post?: string;\n };\n slo: {\n redirect?: string;\n post?: string;\n };\n signingCert: string | string[] | null;\n encryptionCert: string | string[] | null;\n nameIdFormats: string[];\n wantsSignedAuthnRequests: boolean;\n};\n\n/** @internal */\nexport type EnterpriseSamlSource = { kind: \"enterprise\"; id: string };\n\n/** @internal */\nexport type EnterpriseSamlRelayState = {\n source: EnterpriseSamlSource;\n signature: string;\n requestId: string;\n state: string;\n redirectTo?: string;\n};\n\n/** @internal */\nexport type EnterpriseSamlUrls = {\n metadataUrl: string;\n acsUrl: string;\n sloUrl?: string;\n};\n\n/** @internal */\nexport type EnterpriseSamlLoadedSource = {\n source: EnterpriseSamlSource;\n config: unknown;\n status?: string;\n};\n\n/** @internal */\nexport type EnterpriseSamlHttpRequest = {\n url: URL;\n body: Record<string, string>;\n query: Record<string, string>;\n binding: \"redirect\" | \"post\";\n relayState?: string;\n hasSamlRequest: boolean;\n hasSamlResponse: boolean;\n};\n\n/** @internal */\nexport type ScimListRequest = {\n startIndex: number;\n count: number;\n filter?: { attribute: string; value: string };\n};\n\n/** @internal */\nexport const SCIM_USER_SCHEMA_ID = \"urn:ietf:params:scim:schemas:core:2.0:User\";\n/** @internal */\nexport const SCIM_GROUP_SCHEMA_ID =\n \"urn:ietf:params:scim:schemas:core:2.0:Group\";\n\n/** @internal */\nexport const ENTERPRISE_OIDC_PROVIDER_PREFIX = \"enterprise:oidc:\";\n/** @internal */\nexport const ENTERPRISE_SAML_PROVIDER_PREFIX = \"enterprise:saml:\";\n\n/** @internal */\nexport function normalizeDomain(domain: string): string {\n return domain.trim().toLowerCase().replace(/^@+/, \"\");\n}\n\n/** @internal */\nexport function enterpriseOidcProviderId(enterpriseId: string): string {\n return `${ENTERPRISE_OIDC_PROVIDER_PREFIX}${enterpriseId}`;\n}\n\n/** @internal */\nexport function enterpriseSamlProviderId(enterpriseId: string): string {\n return `${ENTERPRISE_SAML_PROVIDER_PREFIX}${enterpriseId}`;\n}\n\n/** @internal */\nexport function getEnterpriseSamlUrls(opts: {\n rootUrl: string;\n source: EnterpriseSamlSource;\n}): EnterpriseSamlUrls {\n const root = opts.rootUrl.replace(/\\/$/, \"\");\n const metadataBase = `${root}/api/auth/sso/${opts.source.id}/saml/metadata`;\n const acsBase = `${root}/api/auth/sso/${opts.source.id}/saml/acs`;\n const sloBase = `${root}/api/auth/sso/${opts.source.id}/saml/slo`;\n return {\n metadataUrl: metadataBase,\n acsUrl: acsBase,\n sloUrl: sloBase,\n };\n}\n\n/** @internal */\nexport function getEnterpriseOidcUrls(opts: {\n rootUrl: string;\n enterpriseId: string;\n}) {\n const root = opts.rootUrl.replace(/\\/$/, \"\");\n return {\n signInUrl: `${root}/api/auth/sso/${opts.enterpriseId}/oidc/signin`,\n callbackUrl: `${root}/api/auth/sso/${opts.enterpriseId}/oidc/callback`,\n };\n}\n\n/** @internal */\nexport function isEnterpriseSamlSourceActive(\n source: EnterpriseSamlLoadedSource,\n) {\n return source.status === \"active\";\n}\n\n/** @internal */\nexport function isEnterpriseProviderId(providerId: string): boolean {\n return (\n providerId.startsWith(ENTERPRISE_OIDC_PROVIDER_PREFIX) ||\n providerId.startsWith(ENTERPRISE_SAML_PROVIDER_PREFIX)\n );\n}\n\nexport const asRecord = (value: unknown) =>\n typeof value === \"object\" && value !== null\n ? (value as Record<string, any>)\n : null;\n"],"mappings":";;AA8DA,MAAa,sBAAsB;;AAEnC,MAAa,uBACX;;AAGF,MAAa,kCAAkC;;AAE/C,MAAa,kCAAkC;;AAG/C,SAAgB,gBAAgB,QAAwB;AACtD,QAAO,OAAO,MAAM,CAAC,aAAa,CAAC,QAAQ,OAAO,GAAG;;;AAIvD,SAAgB,yBAAyB,cAA8B;AACrE,QAAO,GAAG,kCAAkC;;;AAI9C,SAAgB,yBAAyB,cAA8B;AACrE,QAAO,GAAG,kCAAkC;;;AAI9C,SAAgB,sBAAsB,MAGf;CACrB,MAAM,OAAO,KAAK,QAAQ,QAAQ,OAAO,GAAG;AAI5C,QAAO;EACL,aAJmB,GAAG,KAAK,gBAAgB,KAAK,OAAO,GAAG;EAK1D,QAJc,GAAG,KAAK,gBAAgB,KAAK,OAAO,GAAG;EAKrD,QAJc,GAAG,KAAK,gBAAgB,KAAK,OAAO,GAAG;EAKtD;;;AAIH,SAAgB,sBAAsB,MAGnC;CACD,MAAM,OAAO,KAAK,QAAQ,QAAQ,OAAO,GAAG;AAC5C,QAAO;EACL,WAAW,GAAG,KAAK,gBAAgB,KAAK,aAAa;EACrD,aAAa,GAAG,KAAK,gBAAgB,KAAK,aAAa;EACxD;;;AAIH,SAAgB,6BACd,QACA;AACA,QAAO,OAAO,WAAW;;;AAI3B,SAAgB,uBAAuB,YAA6B;AAClE,QACE,WAAW,WAAW,gCAAgC,IACtD,WAAW,WAAW,gCAAgC;;AAI1D,MAAa,YAAY,UACvB,OAAO,UAAU,YAAY,UAAU,OAClC,QACD"}
@@ -1,85 +0,0 @@
1
- import { HttpKeyContext } from "./types.js";
2
- import { AuthContext, OptionalAuthContext, UserDoc } from "./auth.js";
3
- import { GenericActionCtx, GenericDataModel } from "convex/server";
4
-
5
- //#region src/server/http.d.ts
6
- /**
7
- * Auth context returned by `auth.http.context(ctx, request)`.
8
- *
9
- * This resolves raw HTTP authentication in two steps:
10
- * 1. session auth from `ctx.auth.getUserIdentity()`
11
- * 2. API key auth from `Authorization: Bearer sk_*`
12
- *
13
- * The `source` field tells you which authentication path succeeded.
14
- * When `source === "key"`, the verified API key metadata is available on
15
- * `key`.
16
- *
17
- * @example
18
- * ```ts
19
- * const authContext = await auth.http.context(ctx, request);
20
- * if (authContext.source === "key") {
21
- * console.log(authContext.key.keyId);
22
- * }
23
- * ```
24
- */
25
- type HttpAuthContext = (AuthContext & {
26
- /** The request authenticated through a browser or session token. */source: "session"; /** No API key was used for this request. */
27
- key: null;
28
- }) | (AuthContext & {
29
- /** The request authenticated through an API key. */source: "key"; /** Verified API key metadata for the request. */
30
- key: HttpKeyContext["key"];
31
- });
32
- /**
33
- * Nullable HTTP auth context returned by
34
- * `auth.http.context(ctx, request, { optional: true })`.
35
- *
36
- * This preserves a stable auth-shaped object for raw `httpAction` handlers
37
- * that allow anonymous callers.
38
- */
39
- type OptionalHttpAuthContext = (OptionalAuthContext & {
40
- /** No authentication source was resolved. */source: null; /** No API key metadata is available. */
41
- key: null;
42
- }) | HttpAuthContext;
43
- /**
44
- * Configuration for {@link createAuth().http.context}.
45
- *
46
- * This mirrors {@link AuthContextConfig} for raw HTTP handlers and adds support
47
- * for enriching mixed session/API-key auth results.
48
- *
49
- * @typeParam TResolve - Extra fields returned from `resolve()` and merged into
50
- * the resolved HTTP auth context.
51
- *
52
- * @example
53
- * ```ts
54
- * const authContext = await auth.http.context(ctx, request, {
55
- * resolve: async (_ctx, user, authState) => ({
56
- * email: user.email,
57
- * isMachineRequest: authState.source === "key",
58
- * }),
59
- * });
60
- * ```
61
- */
62
- type HttpAuthContextConfig<TResolve extends Record<string, unknown> = Record<string, never>> = {
63
- /**
64
- * Allow unauthenticated callers and return a null-shaped auth object instead
65
- * of throwing `NOT_SIGNED_IN`.
66
- */
67
- optional?: boolean;
68
- /**
69
- * Attach additional derived fields to the resolved HTTP auth context.
70
- *
71
- * This callback runs only when authentication succeeds.
72
- */
73
- resolve?: (ctx: GenericActionCtx<any>, user: UserDoc, auth: HttpAuthContext) => Promise<TResolve> | TResolve;
74
- /**
75
- * Override or wrap HTTP auth resolution.
76
- *
77
- * Return `undefined` to use the built-in session-or-key resolver, `null` for
78
- * an explicit unauthenticated state, or a fully resolved
79
- * {@link HttpAuthContext}.
80
- */
81
- authResolve?: (ctx: GenericActionCtx<any>, fallback: () => Promise<HttpAuthContext | null>) => Promise<HttpAuthContext | null | undefined> | HttpAuthContext | null | undefined;
82
- };
83
- //#endregion
84
- export { HttpAuthContext, HttpAuthContextConfig, OptionalHttpAuthContext };
85
- //# sourceMappingURL=http.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"http.d.ts","names":[],"sources":["../../../src/server/http.ts"],"mappings":";;;;;;;AAsEA;;;;;;;;;;;;;;;;;KAAY,eAAA,IACP,WAAA;EAoB8B,oEAlB7B,MAAA,aAyBa;EAvBb,GAAA;AAAA,MAED,WAAA;EAmBC,oDAjBA,MAAA,SAmBa;EAjBb,GAAA,EAAK,cAAA;AAAA;;;;;;;;KAUC,uBAAA,IACP,mBAAA;EA4CE,6CA1CD,MAAA,QAmDG;EAjDH,GAAA;AAAA,KAEF,eAAA;;;;;;;;;;;;;;;;;;;;KAqBQ,qBAAA,kBACO,MAAA,oBAA0B,MAAA;EAyBpC;;;;EAnBP,QAAA;EAsBI;;;;;EAhBJ,OAAA,IACE,GAAA,EAAK,gBAAA,OACL,IAAA,EAAM,OAAA,EACN,IAAA,EAAM,eAAA,KACH,OAAA,CAAQ,QAAA,IAAY,QAAA;;;;;;;;EAQzB,WAAA,IACE,GAAA,EAAK,gBAAA,OACL,QAAA,QAAgB,OAAA,CAAQ,eAAA,aAEtB,OAAA,CAAQ,eAAA,uBACR,eAAA;AAAA"}
@@ -1,351 +0,0 @@
1
- import { createUnauthenticatedAuthContext, getAuthContextForUser, getSessionUserId } from "./context.js";
2
- import { logError } from "./utils.js";
3
- import { httpActionGeneric } from "convex/server";
4
- import { Cv } from "@robelest/fx/convex";
5
- import { Fx } from "@robelest/fx";
6
- import { ConvexError } from "convex/values";
7
- import { parse } from "cookie";
8
-
9
- //#region src/server/http.ts
10
- function createNotSignedInError() {
11
- return Cv.error({
12
- code: "NOT_SIGNED_IN",
13
- message: "Authentication required."
14
- });
15
- }
16
- async function getHttpKeyContext(auth, ctx, request) {
17
- const authHeader = request.headers.get("Authorization");
18
- if (!authHeader?.startsWith("Bearer sk_")) return null;
19
- try {
20
- const verified = await auth.key.verify(ctx, authHeader.slice(7));
21
- return {
22
- ...await getAuthContextForUser(auth, ctx, verified.userId),
23
- source: "key",
24
- key: {
25
- userId: verified.userId,
26
- keyId: verified.keyId,
27
- scopes: verified.scopes
28
- }
29
- };
30
- } catch {
31
- return null;
32
- }
33
- }
34
- async function resolveHttpAuthContext(auth, ctx, request) {
35
- const sessionUserId = await getSessionUserId(ctx);
36
- if (sessionUserId !== null) return {
37
- ...await getAuthContextForUser(auth, ctx, sessionUserId),
38
- source: "session",
39
- key: null
40
- };
41
- return await getHttpKeyContext(auth, ctx, request);
42
- }
43
- /**
44
- * @internal
45
- * Create the implementation behind `auth.http.context(...)`.
46
- */
47
- function createHttpContext(auth) {
48
- return (async (ctx, request, config) => {
49
- const fallback = () => resolveHttpAuthContext(auth, ctx, request);
50
- const authOverride = config?.authResolve ? await config.authResolve(ctx, fallback) : void 0;
51
- const resolved = authOverride === void 0 ? await fallback() : authOverride;
52
- if (resolved === null) {
53
- if (config?.optional !== true) throw createNotSignedInError();
54
- return {
55
- ...createUnauthenticatedAuthContext(),
56
- source: null,
57
- key: null
58
- };
59
- }
60
- const extra = config?.resolve ? await config.resolve(ctx, resolved.user, resolved) : {};
61
- return {
62
- ...resolved,
63
- ...extra
64
- };
65
- });
66
- }
67
- function createHttpAction(auth) {
68
- return (handler, options) => {
69
- const corsConfig = options?.cors ?? {};
70
- const corsHeaders = {
71
- "Access-Control-Allow-Origin": corsConfig.origin ?? "*",
72
- "Access-Control-Allow-Methods": corsConfig.methods ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS",
73
- "Access-Control-Allow-Headers": corsConfig.headers ?? "Content-Type,Authorization"
74
- };
75
- return httpActionGeneric(async (genericCtx, request) => {
76
- return Fx.run(Fx.from({
77
- ok: async () => {
78
- const authHeader = request.headers.get("Authorization");
79
- if (!authHeader?.startsWith("Bearer ")) return new Response(JSON.stringify({
80
- error: "Missing or malformed Authorization: Bearer header.",
81
- code: "MISSING_BEARER_TOKEN"
82
- }), {
83
- status: 401,
84
- headers: {
85
- ...corsHeaders,
86
- "Content-Type": "application/json"
87
- }
88
- });
89
- const rawKey = authHeader.slice(7);
90
- const keyResult = await Fx.run(Fx.attempt(() => auth.key.verify(genericCtx, rawKey), (result$1) => ({
91
- ok: true,
92
- value: result$1
93
- }), (error) => ({
94
- ok: false,
95
- error
96
- })));
97
- if (!keyResult.ok) {
98
- if (keyResult.error instanceof ConvexError && typeof keyResult.error.data === "object" && keyResult.error.data !== null && "code" in keyResult.error.data && "message" in keyResult.error.data) {
99
- const { code, message } = keyResult.error.data;
100
- return new Response(JSON.stringify({
101
- error: message,
102
- code
103
- }), {
104
- status: 403,
105
- headers: {
106
- ...corsHeaders,
107
- "Content-Type": "application/json"
108
- }
109
- });
110
- }
111
- throw keyResult.error;
112
- }
113
- if (options?.scope && !keyResult.value.scopes.can(options.scope.resource, options.scope.action)) return new Response(JSON.stringify({
114
- error: "This API key does not have the required permissions.",
115
- code: "SCOPE_CHECK_FAILED"
116
- }), {
117
- status: 403,
118
- headers: {
119
- ...corsHeaders,
120
- "Content-Type": "application/json"
121
- }
122
- });
123
- const result = await handler(Object.assign(genericCtx, { key: {
124
- userId: keyResult.value.userId,
125
- keyId: keyResult.value.keyId,
126
- scopes: keyResult.value.scopes
127
- } }), request);
128
- if (result instanceof Response) {
129
- const headers = new Headers(result.headers);
130
- for (const [k, val] of Object.entries(corsHeaders)) if (!headers.has(k)) headers.set(k, val);
131
- return new Response(result.body, {
132
- status: result.status,
133
- statusText: result.statusText,
134
- headers
135
- });
136
- }
137
- return new Response(JSON.stringify(result), {
138
- status: 200,
139
- headers: {
140
- ...corsHeaders,
141
- "Content-Type": "application/json"
142
- }
143
- });
144
- },
145
- err: (error) => error
146
- }).pipe(Fx.recover((error) => {
147
- logError(error);
148
- return Fx.succeed(new Response(JSON.stringify({
149
- error: "An unexpected error occurred.",
150
- code: "INTERNAL_ERROR"
151
- }), {
152
- status: 500,
153
- headers: {
154
- ...corsHeaders,
155
- "Content-Type": "application/json"
156
- }
157
- }));
158
- })));
159
- });
160
- };
161
- }
162
- function createHttpRoute(wrapAction) {
163
- return (http, routeConfig) => {
164
- const corsConfig = routeConfig.cors ?? {};
165
- const corsHeaders = {
166
- "Access-Control-Allow-Origin": corsConfig.origin ?? "*",
167
- "Access-Control-Allow-Methods": corsConfig.methods ?? "GET,POST,PUT,PATCH,DELETE,OPTIONS",
168
- "Access-Control-Allow-Headers": corsConfig.headers ?? "Content-Type,Authorization"
169
- };
170
- http.route({
171
- path: routeConfig.path,
172
- method: "OPTIONS",
173
- handler: httpActionGeneric(async () => {
174
- return new Response(null, {
175
- status: 204,
176
- headers: corsHeaders
177
- });
178
- })
179
- });
180
- http.route({
181
- path: routeConfig.path,
182
- method: routeConfig.method,
183
- handler: wrapAction(routeConfig.handler, {
184
- scope: routeConfig.scope,
185
- cors: routeConfig.cors
186
- })
187
- });
188
- };
189
- }
190
- function convertErrorsToResponse(errorStatusCode, action) {
191
- return async (ctx, request) => {
192
- return Fx.run(Fx.from({
193
- ok: () => action(ctx, request),
194
- err: (error) => error
195
- }).pipe(Fx.recover((error) => {
196
- if (error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data && "message" in error.data) return Fx.succeed(new Response(JSON.stringify({
197
- code: error.data.code,
198
- message: error.data.message
199
- }), {
200
- status: errorStatusCode,
201
- headers: { "Content-Type": "application/json" }
202
- }));
203
- else if (error instanceof ConvexError) return Fx.succeed(new Response(null, {
204
- status: errorStatusCode,
205
- statusText: typeof error.data === "string" ? error.data : "Error"
206
- }));
207
- else {
208
- logError(error);
209
- return Fx.succeed(new Response(null, {
210
- status: 500,
211
- statusText: "Internal Server Error"
212
- }));
213
- }
214
- })));
215
- };
216
- }
217
- function getCookies(request) {
218
- return parse(request.headers.get("Cookie") ?? "");
219
- }
220
- function parseEnterpriseRuntimeRoute(pathname, routeBase) {
221
- const runtimePrefix = `${routeBase}/`;
222
- const [runtimeEnterpriseId, protocol, ...rest] = pathname.startsWith(runtimePrefix) ? pathname.slice(runtimePrefix.length).split("/").filter(Boolean) : [];
223
- if (runtimeEnterpriseId === void 0 || protocol !== "oidc" && protocol !== "saml" && protocol !== "scim" || rest.length === 0) return null;
224
- return {
225
- pathname,
226
- enterpriseId: runtimeEnterpriseId,
227
- protocol,
228
- rest
229
- };
230
- }
231
- function addOpenIdRoutes(http, deps) {
232
- const cacheControl = "public, max-age=15, stale-while-revalidate=15, stale-if-error=86400";
233
- http.route({
234
- path: "/.well-known/openid-configuration",
235
- method: "GET",
236
- handler: httpActionGeneric(async () => {
237
- const issuer = deps.getIssuer();
238
- return new Response(JSON.stringify({
239
- issuer,
240
- jwks_uri: `${issuer}/.well-known/jwks.json`
241
- }), {
242
- status: 200,
243
- headers: {
244
- "Content-Type": "application/json",
245
- "Cache-Control": cacheControl
246
- }
247
- });
248
- })
249
- });
250
- http.route({
251
- path: "/.well-known/jwks.json",
252
- method: "GET",
253
- handler: httpActionGeneric(async () => {
254
- return new Response(deps.getJwks(), {
255
- status: 200,
256
- headers: {
257
- "Content-Type": "application/json",
258
- "Cache-Control": cacheControl
259
- }
260
- });
261
- })
262
- });
263
- }
264
- function addAuthRoutes(http, deps) {
265
- http.route({
266
- pathPrefix: "/api/auth/signin/",
267
- method: "GET",
268
- handler: httpActionGeneric(deps.handleSignIn)
269
- });
270
- const callbackHandler = httpActionGeneric(deps.handleCallback);
271
- http.route({
272
- pathPrefix: "/api/auth/callback/",
273
- method: "GET",
274
- handler: callbackHandler
275
- });
276
- http.route({
277
- pathPrefix: "/api/auth/callback/",
278
- method: "POST",
279
- handler: callbackHandler
280
- });
281
- }
282
- function addSSORoutes(http, deps) {
283
- const routePrefix = `${deps.routeBase}/`;
284
- http.route({
285
- pathPrefix: routePrefix,
286
- method: "GET",
287
- handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => {
288
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
289
- if (!route) throw Cv.error({
290
- code: "INVALID_PARAMETERS",
291
- message: "Invalid enterprise runtime path."
292
- });
293
- if (route.protocol === "saml" && route.rest.length === 1) {
294
- if (route.rest[0] === "metadata") return await deps.handleSamlMetadata(ctx, request, route);
295
- if (route.rest[0] === "signin") return await deps.handleSamlSignIn(ctx, request, route);
296
- if (route.rest[0] === "acs") return await deps.handleSamlAcs(ctx, request, route);
297
- if (route.rest[0] === "slo") return await deps.handleSamlSlo(ctx, request, route);
298
- }
299
- if (route.protocol === "oidc" && route.rest.length === 1) {
300
- if (route.rest[0] === "signin") return await deps.handleOidcSignIn(ctx, request, route);
301
- if (route.rest[0] === "callback") return await deps.handleOidcCallback(ctx, request, route);
302
- }
303
- if (route.protocol === "scim" && route.rest[0] === "v2") return await deps.handleScimRequest(ctx, request);
304
- throw Cv.error({
305
- code: "INVALID_PARAMETERS",
306
- message: "Invalid enterprise runtime path."
307
- });
308
- }))
309
- });
310
- http.route({
311
- pathPrefix: routePrefix,
312
- method: "POST",
313
- handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => {
314
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
315
- if (route?.protocol === "saml" && route.rest.length === 1) {
316
- if (route.rest[0] === "acs") return await deps.handleSamlAcs(ctx, request, route);
317
- if (route.rest[0] === "slo") return await deps.handleSamlSlo(ctx, request, route);
318
- }
319
- if (route?.protocol === "scim" && route.rest[0] === "v2") return await deps.handleScimRequest(ctx, request);
320
- throw Cv.error({
321
- code: "INVALID_PARAMETERS",
322
- message: "Invalid enterprise runtime path."
323
- });
324
- }))
325
- });
326
- http.route({
327
- pathPrefix: routePrefix,
328
- method: "PUT",
329
- handler: httpActionGeneric(deps.convertErrorsToResponse(400, async (ctx, request) => {
330
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
331
- if (route?.protocol === "scim" && route.rest[0] === "v2") return await deps.handleScimRequest(ctx, request);
332
- throw Cv.error({
333
- code: "INVALID_PARAMETERS",
334
- message: "Invalid enterprise runtime path."
335
- });
336
- }))
337
- });
338
- for (const method of ["PATCH", "DELETE"]) http.route({
339
- pathPrefix: routePrefix,
340
- method,
341
- handler: httpActionGeneric(async (ctx, request) => {
342
- const route = parseEnterpriseRuntimeRoute(new URL(request.url).pathname, deps.routeBase);
343
- if (!route || route.protocol !== "scim" || route.rest[0] !== "v2") return deps.scimError(404, "notFound", "SCIM resource not found.");
344
- return await deps.handleScimRequest(ctx, request);
345
- })
346
- });
347
- }
348
-
349
- //#endregion
350
- export { addAuthRoutes, addOpenIdRoutes, addSSORoutes, convertErrorsToResponse, createHttpAction, createHttpContext, createHttpRoute, getCookies };
351
- //# sourceMappingURL=http.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"http.js","names":["result","parseCookies"],"sources":["../../../src/server/http.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport {\n GenericActionCtx,\n GenericDataModel,\n HttpRouter,\n httpActionGeneric,\n} from \"convex/server\";\nimport { ConvexError } from \"convex/values\";\nimport { parse as parseCookies } from \"cookie\";\n\nimport type {\n AuthContext,\n OptionalAuthContext,\n UserDoc,\n} from \"./auth\";\nimport {\n createUnauthenticatedAuthContext,\n getAuthContextForUser,\n getSessionUserId,\n} from \"./context\";\nimport type { CorsConfig, HttpKeyContext } from \"./types\";\nimport { logError } from \"./utils\";\n\ntype HttpContextAuthLike = {\n user: {\n get: (ctx: any, userId: string) => Promise<UserDoc>;\n getActiveGroup: (\n ctx: any,\n args: { userId: string },\n ) => Promise<string | null>;\n };\n member: {\n inspect: (\n ctx: any,\n args: { userId: string; groupId: string },\n ) => Promise<{\n membership: unknown;\n roleIds: string[];\n grants: string[];\n }>;\n };\n key: {\n verify: (ctx: GenericActionCtx<any>, rawKey: string) => Promise<{\n userId: string;\n keyId: string;\n scopes: HttpKeyContext[\"key\"][\"scopes\"];\n }>;\n };\n};\n\n/**\n * Auth context returned by `auth.http.context(ctx, request)`.\n *\n * This resolves raw HTTP authentication in two steps:\n * 1. session auth from `ctx.auth.getUserIdentity()`\n * 2. API key auth from `Authorization: Bearer sk_*`\n *\n * The `source` field tells you which authentication path succeeded.\n * When `source === \"key\"`, the verified API key metadata is available on\n * `key`.\n *\n * @example\n * ```ts\n * const authContext = await auth.http.context(ctx, request);\n * if (authContext.source === \"key\") {\n * console.log(authContext.key.keyId);\n * }\n * ```\n */\nexport type HttpAuthContext =\n | (AuthContext & {\n /** The request authenticated through a browser or session token. */\n source: \"session\";\n /** No API key was used for this request. */\n key: null;\n })\n | (AuthContext & {\n /** The request authenticated through an API key. */\n source: \"key\";\n /** Verified API key metadata for the request. */\n key: HttpKeyContext[\"key\"];\n });\n\n/**\n * Nullable HTTP auth context returned by\n * `auth.http.context(ctx, request, { optional: true })`.\n *\n * This preserves a stable auth-shaped object for raw `httpAction` handlers\n * that allow anonymous callers.\n */\nexport type OptionalHttpAuthContext =\n | (OptionalAuthContext & {\n /** No authentication source was resolved. */\n source: null;\n /** No API key metadata is available. */\n key: null;\n })\n | HttpAuthContext;\n\n/**\n * Configuration for {@link createAuth().http.context}.\n *\n * This mirrors {@link AuthContextConfig} for raw HTTP handlers and adds support\n * for enriching mixed session/API-key auth results.\n *\n * @typeParam TResolve - Extra fields returned from `resolve()` and merged into\n * the resolved HTTP auth context.\n *\n * @example\n * ```ts\n * const authContext = await auth.http.context(ctx, request, {\n * resolve: async (_ctx, user, authState) => ({\n * email: user.email,\n * isMachineRequest: authState.source === \"key\",\n * }),\n * });\n * ```\n */\nexport type HttpAuthContextConfig<\n TResolve extends Record<string, unknown> = Record<string, never>,\n> = {\n /**\n * Allow unauthenticated callers and return a null-shaped auth object instead\n * of throwing `NOT_SIGNED_IN`.\n */\n optional?: boolean;\n /**\n * Attach additional derived fields to the resolved HTTP auth context.\n *\n * This callback runs only when authentication succeeds.\n */\n resolve?: (\n ctx: GenericActionCtx<any>,\n user: UserDoc,\n auth: HttpAuthContext,\n ) => Promise<TResolve> | TResolve;\n /**\n * Override or wrap HTTP auth resolution.\n *\n * Return `undefined` to use the built-in session-or-key resolver, `null` for\n * an explicit unauthenticated state, or a fully resolved\n * {@link HttpAuthContext}.\n */\n authResolve?: (\n ctx: GenericActionCtx<any>,\n fallback: () => Promise<HttpAuthContext | null>,\n ) =>\n | Promise<HttpAuthContext | null | undefined>\n | HttpAuthContext\n | null\n | undefined;\n};\n\nfunction createNotSignedInError() {\n return Cv.error({\n code: \"NOT_SIGNED_IN\",\n message: \"Authentication required.\",\n });\n}\n\nasync function getHttpKeyContext(\n auth: HttpContextAuthLike,\n ctx: GenericActionCtx<any>,\n request: Request,\n): Promise<HttpAuthContext | null> {\n const authHeader = request.headers.get(\"Authorization\");\n if (!authHeader?.startsWith(\"Bearer sk_\")) {\n return null;\n }\n\n try {\n const verified = await auth.key.verify(ctx, authHeader.slice(7));\n const authContext = await getAuthContextForUser(auth, ctx, verified.userId);\n return {\n ...authContext,\n source: \"key\",\n key: {\n userId: verified.userId,\n keyId: verified.keyId,\n scopes: verified.scopes,\n },\n };\n } catch {\n return null;\n }\n}\n\nasync function resolveHttpAuthContext(\n auth: HttpContextAuthLike,\n ctx: GenericActionCtx<any>,\n request: Request,\n): Promise<HttpAuthContext | null> {\n const sessionUserId = await getSessionUserId(ctx);\n if (sessionUserId !== null) {\n const authContext = await getAuthContextForUser(auth, ctx, sessionUserId);\n return {\n ...authContext,\n source: \"session\",\n key: null,\n };\n }\n\n return await getHttpKeyContext(auth, ctx, request);\n}\n\n/**\n * @internal\n * Create the implementation behind `auth.http.context(...)`.\n */\nexport function createHttpContext(auth: HttpContextAuthLike): {\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n ctx: GenericActionCtx<any>,\n request: Request,\n config: HttpAuthContextConfig<TResolve> & { optional: true },\n ): Promise<OptionalHttpAuthContext & TResolve>;\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n ctx: GenericActionCtx<any>,\n request: Request,\n config?: HttpAuthContextConfig<TResolve>,\n ): Promise<HttpAuthContext & TResolve>;\n} {\n return (async (\n ctx: GenericActionCtx<any>,\n request: Request,\n config?: HttpAuthContextConfig<any>,\n ) => {\n const fallback = () => resolveHttpAuthContext(auth, ctx, request);\n const authOverride = config?.authResolve\n ? await config.authResolve(ctx, fallback)\n : undefined;\n const resolved =\n authOverride === undefined ? await fallback() : authOverride;\n\n if (resolved === null) {\n if (config?.optional !== true) {\n throw createNotSignedInError();\n }\n return {\n ...createUnauthenticatedAuthContext(),\n source: null,\n key: null,\n };\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, resolved.user, resolved)\n : {};\n\n return {\n ...resolved,\n ...extra,\n };\n }) as {\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n ctx: GenericActionCtx<any>,\n request: Request,\n config: HttpAuthContextConfig<TResolve> & { optional: true },\n ): Promise<OptionalHttpAuthContext & TResolve>;\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n ctx: GenericActionCtx<any>,\n request: Request,\n config?: HttpAuthContextConfig<TResolve>,\n ): Promise<HttpAuthContext & TResolve>;\n };\n}\n\nexport function createHttpAction(auth: {\n key: { verify: (ctx: GenericActionCtx<any>, rawKey: string) => Promise<any> };\n}) {\n return (\n handler: (\n ctx: GenericActionCtx<GenericDataModel> & HttpKeyContext,\n request: Request,\n ) => Promise<Response | Record<string, unknown>>,\n options?: {\n scope?: { resource: string; action: string };\n cors?: CorsConfig;\n },\n ) => {\n const corsConfig = options?.cors ?? {};\n const corsHeaders: Record<string, string> = {\n \"Access-Control-Allow-Origin\": corsConfig.origin ?? \"*\",\n \"Access-Control-Allow-Methods\":\n corsConfig.methods ?? \"GET,POST,PUT,PATCH,DELETE,OPTIONS\",\n \"Access-Control-Allow-Headers\":\n corsConfig.headers ?? \"Content-Type,Authorization\",\n };\n\n return httpActionGeneric(async (genericCtx, request) => {\n return Fx.run(\n Fx.from({\n ok: async () => {\n const authHeader = request.headers.get(\"Authorization\");\n if (!authHeader?.startsWith(\"Bearer \")) {\n return new Response(\n JSON.stringify({\n error: \"Missing or malformed Authorization: Bearer header.\",\n code: \"MISSING_BEARER_TOKEN\",\n }),\n {\n status: 401,\n headers: {\n ...corsHeaders,\n \"Content-Type\": \"application/json\",\n },\n },\n );\n }\n const rawKey = authHeader.slice(7);\n\n const keyResult = await Fx.run(\n Fx.attempt(\n () => auth.key.verify(genericCtx, rawKey),\n (result) => ({ ok: true, value: result }) as const,\n (error) => ({ ok: false, error }) as const,\n ),\n );\n\n if (!keyResult.ok) {\n if (\n keyResult.error instanceof ConvexError &&\n typeof keyResult.error.data === \"object\" &&\n keyResult.error.data !== null &&\n \"code\" in keyResult.error.data &&\n \"message\" in keyResult.error.data\n ) {\n const { code, message } = keyResult.error.data as {\n code: string;\n message: string;\n };\n return new Response(JSON.stringify({ error: message, code }), {\n status: 403,\n headers: {\n ...corsHeaders,\n \"Content-Type\": \"application/json\",\n },\n });\n }\n throw keyResult.error;\n }\n\n if (\n options?.scope &&\n !keyResult.value.scopes.can(\n options.scope.resource,\n options.scope.action,\n )\n ) {\n return new Response(\n JSON.stringify({\n error: \"This API key does not have the required permissions.\",\n code: \"SCOPE_CHECK_FAILED\",\n }),\n {\n status: 403,\n headers: {\n ...corsHeaders,\n \"Content-Type\": \"application/json\",\n },\n },\n );\n }\n\n const enrichedCtx = Object.assign(genericCtx, {\n key: {\n userId: keyResult.value.userId,\n keyId: keyResult.value.keyId,\n scopes: keyResult.value.scopes,\n },\n });\n const result = await handler(enrichedCtx, request);\n\n if (result instanceof Response) {\n const headers = new Headers(result.headers);\n for (const [k, val] of Object.entries(corsHeaders)) {\n if (!headers.has(k)) headers.set(k, val);\n }\n return new Response(result.body, {\n status: result.status,\n statusText: result.statusText,\n headers,\n });\n }\n\n return new Response(JSON.stringify(result), {\n status: 200,\n headers: {\n ...corsHeaders,\n \"Content-Type\": \"application/json\",\n },\n });\n },\n err: (error) => error,\n }).pipe(\n Fx.recover((error) => {\n logError(error);\n return Fx.succeed(\n new Response(\n JSON.stringify({\n error: \"An unexpected error occurred.\",\n code: \"INTERNAL_ERROR\",\n }),\n {\n status: 500,\n headers: {\n ...corsHeaders,\n \"Content-Type\": \"application/json\",\n },\n },\n ),\n );\n }),\n ),\n );\n });\n };\n}\n\nexport function createHttpRoute(\n wrapAction: ReturnType<typeof createHttpAction>,\n) {\n return (\n http: { route: (config: any) => void },\n routeConfig: {\n path: string;\n method: \"GET\" | \"POST\" | \"PUT\" | \"PATCH\" | \"DELETE\";\n handler: (\n ctx: GenericActionCtx<GenericDataModel> & HttpKeyContext,\n request: Request,\n ) => Promise<Response | Record<string, unknown>>;\n scope?: { resource: string; action: string };\n cors?: CorsConfig;\n },\n ) => {\n const corsConfig = routeConfig.cors ?? {};\n const corsHeaders: Record<string, string> = {\n \"Access-Control-Allow-Origin\": corsConfig.origin ?? \"*\",\n \"Access-Control-Allow-Methods\":\n corsConfig.methods ?? \"GET,POST,PUT,PATCH,DELETE,OPTIONS\",\n \"Access-Control-Allow-Headers\":\n corsConfig.headers ?? \"Content-Type,Authorization\",\n };\n\n http.route({\n path: routeConfig.path,\n method: \"OPTIONS\",\n handler: httpActionGeneric(async () => {\n return new Response(null, { status: 204, headers: corsHeaders });\n }),\n });\n\n http.route({\n path: routeConfig.path,\n method: routeConfig.method,\n handler: wrapAction(routeConfig.handler, {\n scope: routeConfig.scope,\n cors: routeConfig.cors,\n }),\n });\n };\n}\n\nexport function convertErrorsToResponse(\n errorStatusCode: number,\n action: (ctx: GenericActionCtx<any>, request: Request) => Promise<Response>,\n) {\n return async (ctx: GenericActionCtx<any>, request: Request) => {\n return Fx.run(\n Fx.from({\n ok: () => action(ctx, request),\n err: (error) => error,\n }).pipe(\n Fx.recover((error) => {\n if (\n error instanceof ConvexError &&\n typeof error.data === \"object\" &&\n error.data !== null &&\n \"code\" in error.data &&\n \"message\" in error.data\n ) {\n return Fx.succeed(\n new Response(\n JSON.stringify({\n code: error.data.code,\n message: error.data.message,\n }),\n {\n status: errorStatusCode,\n headers: { \"Content-Type\": \"application/json\" },\n },\n ),\n );\n } else if (error instanceof ConvexError) {\n return Fx.succeed(\n new Response(null, {\n status: errorStatusCode,\n statusText:\n typeof error.data === \"string\" ? error.data : \"Error\",\n }),\n );\n } else {\n logError(error);\n return Fx.succeed(\n new Response(null, {\n status: 500,\n statusText: \"Internal Server Error\",\n }),\n );\n }\n }),\n ),\n );\n };\n}\n\nexport function getCookies(\n request: Request,\n): Record<string, string | undefined> {\n return parseCookies(request.headers.get(\"Cookie\") ?? \"\");\n}\n\nexport type SSORuntimeRoute = {\n pathname?: string;\n enterpriseId: string;\n protocol: \"oidc\" | \"saml\" | \"scim\";\n rest: string[];\n};\n\nfunction parseEnterpriseRuntimeRoute(\n pathname: string,\n routeBase: string,\n): SSORuntimeRoute | null {\n const runtimePrefix = `${routeBase}/`;\n const runtimeParts = pathname.startsWith(runtimePrefix)\n ? pathname.slice(runtimePrefix.length).split(\"/\").filter(Boolean)\n : [];\n const [runtimeEnterpriseId, protocol, ...rest] = runtimeParts;\n if (\n runtimeEnterpriseId === undefined ||\n (protocol !== \"oidc\" && protocol !== \"saml\" && protocol !== \"scim\") ||\n rest.length === 0\n ) {\n return null;\n }\n return {\n pathname,\n enterpriseId: runtimeEnterpriseId,\n protocol,\n rest,\n };\n}\n\nexport function addOpenIdRoutes(\n http: HttpRouter,\n deps: {\n getIssuer: () => string;\n getJwks: () => string;\n },\n) {\n const cacheControl =\n \"public, max-age=15, stale-while-revalidate=15, stale-if-error=86400\";\n\n http.route({\n path: \"/.well-known/openid-configuration\",\n method: \"GET\",\n handler: httpActionGeneric(async () => {\n const issuer = deps.getIssuer();\n return new Response(\n JSON.stringify({\n issuer,\n jwks_uri: `${issuer}/.well-known/jwks.json`,\n }),\n {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": cacheControl,\n },\n },\n );\n }),\n });\n\n http.route({\n path: \"/.well-known/jwks.json\",\n method: \"GET\",\n handler: httpActionGeneric(async () => {\n return new Response(deps.getJwks(), {\n status: 200,\n headers: {\n \"Content-Type\": \"application/json\",\n \"Cache-Control\": cacheControl,\n },\n });\n }),\n });\n}\n\nexport function addAuthRoutes(\n http: HttpRouter,\n deps: {\n handleSignIn: (\n ctx: GenericActionCtx<any>,\n request: Request,\n ) => Promise<Response>;\n handleCallback: (\n ctx: GenericActionCtx<any>,\n request: Request,\n ) => Promise<Response>;\n },\n) {\n http.route({\n pathPrefix: \"/api/auth/signin/\",\n method: \"GET\",\n handler: httpActionGeneric(deps.handleSignIn),\n });\n\n const callbackHandler = httpActionGeneric(deps.handleCallback);\n\n http.route({\n pathPrefix: \"/api/auth/callback/\",\n method: \"GET\",\n handler: callbackHandler,\n });\n\n http.route({\n pathPrefix: \"/api/auth/callback/\",\n method: \"POST\",\n handler: callbackHandler,\n });\n}\n\nexport function addSSORoutes(\n http: HttpRouter,\n deps: {\n routeBase: string;\n convertErrorsToResponse: typeof convertErrorsToResponse;\n handleSamlMetadata: (\n ctx: GenericActionCtx<any>,\n request: Request,\n route: SSORuntimeRoute,\n ) => Promise<Response>;\n handleSamlSignIn: (\n ctx: GenericActionCtx<any>,\n request: Request,\n route: SSORuntimeRoute,\n ) => Promise<Response>;\n handleOidcSignIn: (\n ctx: GenericActionCtx<any>,\n request: Request,\n route: SSORuntimeRoute,\n ) => Promise<Response>;\n handleOidcCallback: (\n ctx: GenericActionCtx<any>,\n request: Request,\n route: SSORuntimeRoute,\n ) => Promise<Response>;\n handleSamlAcs: (\n ctx: GenericActionCtx<any>,\n request: Request,\n route: SSORuntimeRoute,\n ) => Promise<Response>;\n handleSamlSlo: (\n ctx: GenericActionCtx<any>,\n request: Request,\n route: SSORuntimeRoute,\n ) => Promise<Response>;\n handleScimRequest: (\n ctx: GenericActionCtx<any>,\n request: Request,\n ) => Promise<Response>;\n scimError: (status: number, scimType: string, detail: string) => Response;\n },\n) {\n const routePrefix = `${deps.routeBase}/`;\n\n http.route({\n pathPrefix: routePrefix,\n method: \"GET\",\n handler: httpActionGeneric(\n deps.convertErrorsToResponse(400, async (ctx, request) => {\n const route = parseEnterpriseRuntimeRoute(\n new URL(request.url).pathname,\n deps.routeBase,\n );\n if (!route) {\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Invalid enterprise runtime path.\",\n });\n }\n if (route.protocol === \"saml\" && route.rest.length === 1) {\n if (route.rest[0] === \"metadata\") {\n return await deps.handleSamlMetadata(ctx, request, route);\n }\n if (route.rest[0] === \"signin\") {\n return await deps.handleSamlSignIn(ctx, request, route);\n }\n if (route.rest[0] === \"acs\") {\n return await deps.handleSamlAcs(ctx, request, route);\n }\n if (route.rest[0] === \"slo\") {\n return await deps.handleSamlSlo(ctx, request, route);\n }\n }\n if (route.protocol === \"oidc\" && route.rest.length === 1) {\n if (route.rest[0] === \"signin\") {\n return await deps.handleOidcSignIn(ctx, request, route);\n }\n if (route.rest[0] === \"callback\") {\n return await deps.handleOidcCallback(ctx, request, route);\n }\n }\n if (route.protocol === \"scim\" && route.rest[0] === \"v2\") {\n return await deps.handleScimRequest(ctx, request);\n }\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Invalid enterprise runtime path.\",\n });\n }),\n ),\n });\n\n http.route({\n pathPrefix: routePrefix,\n method: \"POST\",\n handler: httpActionGeneric(\n deps.convertErrorsToResponse(400, async (ctx, request) => {\n const route = parseEnterpriseRuntimeRoute(\n new URL(request.url).pathname,\n deps.routeBase,\n );\n if (route?.protocol === \"saml\" && route.rest.length === 1) {\n if (route.rest[0] === \"acs\") {\n return await deps.handleSamlAcs(ctx, request, route);\n }\n if (route.rest[0] === \"slo\") {\n return await deps.handleSamlSlo(ctx, request, route);\n }\n }\n if (route?.protocol === \"scim\" && route.rest[0] === \"v2\") {\n return await deps.handleScimRequest(ctx, request);\n }\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Invalid enterprise runtime path.\",\n });\n }),\n ),\n });\n\n http.route({\n pathPrefix: routePrefix,\n method: \"PUT\",\n handler: httpActionGeneric(\n deps.convertErrorsToResponse(400, async (ctx, request) => {\n const route = parseEnterpriseRuntimeRoute(\n new URL(request.url).pathname,\n deps.routeBase,\n );\n if (route?.protocol === \"scim\" && route.rest[0] === \"v2\") {\n return await deps.handleScimRequest(ctx, request);\n }\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Invalid enterprise runtime path.\",\n });\n }),\n ),\n });\n\n for (const method of [\"PATCH\", \"DELETE\"] as const) {\n http.route({\n pathPrefix: routePrefix,\n method,\n handler: httpActionGeneric(async (ctx, request) => {\n const route = parseEnterpriseRuntimeRoute(\n new URL(request.url).pathname,\n deps.routeBase,\n );\n if (!route || route.protocol !== \"scim\" || route.rest[0] !== \"v2\") {\n return deps.scimError(404, \"notFound\", \"SCIM resource not found.\");\n }\n return await deps.handleScimRequest(ctx, request);\n }),\n });\n }\n}\n"],"mappings":";;;;;;;;;AA0JA,SAAS,yBAAyB;AAChC,QAAO,GAAG,MAAM;EACd,MAAM;EACN,SAAS;EACV,CAAC;;AAGJ,eAAe,kBACb,MACA,KACA,SACiC;CACjC,MAAM,aAAa,QAAQ,QAAQ,IAAI,gBAAgB;AACvD,KAAI,CAAC,YAAY,WAAW,aAAa,CACvC,QAAO;AAGT,KAAI;EACF,MAAM,WAAW,MAAM,KAAK,IAAI,OAAO,KAAK,WAAW,MAAM,EAAE,CAAC;AAEhE,SAAO;GACL,GAFkB,MAAM,sBAAsB,MAAM,KAAK,SAAS,OAAO;GAGzE,QAAQ;GACR,KAAK;IACH,QAAQ,SAAS;IACjB,OAAO,SAAS;IAChB,QAAQ,SAAS;IAClB;GACF;SACK;AACN,SAAO;;;AAIX,eAAe,uBACb,MACA,KACA,SACiC;CACjC,MAAM,gBAAgB,MAAM,iBAAiB,IAAI;AACjD,KAAI,kBAAkB,KAEpB,QAAO;EACL,GAFkB,MAAM,sBAAsB,MAAM,KAAK,cAAc;EAGvE,QAAQ;EACR,KAAK;EACN;AAGH,QAAO,MAAM,kBAAkB,MAAM,KAAK,QAAQ;;;;;;AAOpD,SAAgB,kBAAkB,MAWhC;AACA,SAAQ,OACN,KACA,SACA,WACG;EACH,MAAM,iBAAiB,uBAAuB,MAAM,KAAK,QAAQ;EACjE,MAAM,eAAe,QAAQ,cACzB,MAAM,OAAO,YAAY,KAAK,SAAS,GACvC;EACJ,MAAM,WACJ,iBAAiB,SAAY,MAAM,UAAU,GAAG;AAElD,MAAI,aAAa,MAAM;AACrB,OAAI,QAAQ,aAAa,KACvB,OAAM,wBAAwB;AAEhC,UAAO;IACL,GAAG,kCAAkC;IACrC,QAAQ;IACR,KAAK;IACN;;EAGH,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,SAAS,MAAM,SAAS,GAClD,EAAE;AAEN,SAAO;GACL,GAAG;GACH,GAAG;GACJ;;;AAeL,SAAgB,iBAAiB,MAE9B;AACD,SACE,SAIA,YAIG;EACH,MAAM,aAAa,SAAS,QAAQ,EAAE;EACtC,MAAM,cAAsC;GAC1C,+BAA+B,WAAW,UAAU;GACpD,gCACE,WAAW,WAAW;GACxB,gCACE,WAAW,WAAW;GACzB;AAED,SAAO,kBAAkB,OAAO,YAAY,YAAY;AACtD,UAAO,GAAG,IACR,GAAG,KAAK;IACN,IAAI,YAAY;KACd,MAAM,aAAa,QAAQ,QAAQ,IAAI,gBAAgB;AACvD,SAAI,CAAC,YAAY,WAAW,UAAU,CACpC,QAAO,IAAI,SACT,KAAK,UAAU;MACb,OAAO;MACP,MAAM;MACP,CAAC,EACF;MACE,QAAQ;MACR,SAAS;OACP,GAAG;OACH,gBAAgB;OACjB;MACF,CACF;KAEH,MAAM,SAAS,WAAW,MAAM,EAAE;KAElC,MAAM,YAAY,MAAM,GAAG,IACzB,GAAG,cACK,KAAK,IAAI,OAAO,YAAY,OAAO,GACxC,cAAY;MAAE,IAAI;MAAM,OAAOA;MAAQ,IACvC,WAAW;MAAE,IAAI;MAAO;MAAO,EACjC,CACF;AAED,SAAI,CAAC,UAAU,IAAI;AACjB,UACE,UAAU,iBAAiB,eAC3B,OAAO,UAAU,MAAM,SAAS,YAChC,UAAU,MAAM,SAAS,QACzB,UAAU,UAAU,MAAM,QAC1B,aAAa,UAAU,MAAM,MAC7B;OACA,MAAM,EAAE,MAAM,YAAY,UAAU,MAAM;AAI1C,cAAO,IAAI,SAAS,KAAK,UAAU;QAAE,OAAO;QAAS;QAAM,CAAC,EAAE;QAC5D,QAAQ;QACR,SAAS;SACP,GAAG;SACH,gBAAgB;SACjB;QACF,CAAC;;AAEJ,YAAM,UAAU;;AAGlB,SACE,SAAS,SACT,CAAC,UAAU,MAAM,OAAO,IACtB,QAAQ,MAAM,UACd,QAAQ,MAAM,OACf,CAED,QAAO,IAAI,SACT,KAAK,UAAU;MACb,OAAO;MACP,MAAM;MACP,CAAC,EACF;MACE,QAAQ;MACR,SAAS;OACP,GAAG;OACH,gBAAgB;OACjB;MACF,CACF;KAUH,MAAM,SAAS,MAAM,QAPD,OAAO,OAAO,YAAY,EAC5C,KAAK;MACH,QAAQ,UAAU,MAAM;MACxB,OAAO,UAAU,MAAM;MACvB,QAAQ,UAAU,MAAM;MACzB,EACF,CAAC,EACwC,QAAQ;AAElD,SAAI,kBAAkB,UAAU;MAC9B,MAAM,UAAU,IAAI,QAAQ,OAAO,QAAQ;AAC3C,WAAK,MAAM,CAAC,GAAG,QAAQ,OAAO,QAAQ,YAAY,CAChD,KAAI,CAAC,QAAQ,IAAI,EAAE,CAAE,SAAQ,IAAI,GAAG,IAAI;AAE1C,aAAO,IAAI,SAAS,OAAO,MAAM;OAC/B,QAAQ,OAAO;OACf,YAAY,OAAO;OACnB;OACD,CAAC;;AAGJ,YAAO,IAAI,SAAS,KAAK,UAAU,OAAO,EAAE;MAC1C,QAAQ;MACR,SAAS;OACP,GAAG;OACH,gBAAgB;OACjB;MACF,CAAC;;IAEJ,MAAM,UAAU;IACjB,CAAC,CAAC,KACD,GAAG,SAAS,UAAU;AACpB,aAAS,MAAM;AACf,WAAO,GAAG,QACR,IAAI,SACF,KAAK,UAAU;KACb,OAAO;KACP,MAAM;KACP,CAAC,EACF;KACE,QAAQ;KACR,SAAS;MACP,GAAG;MACH,gBAAgB;MACjB;KACF,CACF,CACF;KACD,CACH,CACF;IACD;;;AAIN,SAAgB,gBACd,YACA;AACA,SACE,MACA,gBAUG;EACH,MAAM,aAAa,YAAY,QAAQ,EAAE;EACzC,MAAM,cAAsC;GAC1C,+BAA+B,WAAW,UAAU;GACpD,gCACE,WAAW,WAAW;GACxB,gCACE,WAAW,WAAW;GACzB;AAED,OAAK,MAAM;GACT,MAAM,YAAY;GAClB,QAAQ;GACR,SAAS,kBAAkB,YAAY;AACrC,WAAO,IAAI,SAAS,MAAM;KAAE,QAAQ;KAAK,SAAS;KAAa,CAAC;KAChE;GACH,CAAC;AAEF,OAAK,MAAM;GACT,MAAM,YAAY;GAClB,QAAQ,YAAY;GACpB,SAAS,WAAW,YAAY,SAAS;IACvC,OAAO,YAAY;IACnB,MAAM,YAAY;IACnB,CAAC;GACH,CAAC;;;AAIN,SAAgB,wBACd,iBACA,QACA;AACA,QAAO,OAAO,KAA4B,YAAqB;AAC7D,SAAO,GAAG,IACR,GAAG,KAAK;GACN,UAAU,OAAO,KAAK,QAAQ;GAC9B,MAAM,UAAU;GACjB,CAAC,CAAC,KACD,GAAG,SAAS,UAAU;AACpB,OACE,iBAAiB,eACjB,OAAO,MAAM,SAAS,YACtB,MAAM,SAAS,QACf,UAAU,MAAM,QAChB,aAAa,MAAM,KAEnB,QAAO,GAAG,QACR,IAAI,SACF,KAAK,UAAU;IACb,MAAM,MAAM,KAAK;IACjB,SAAS,MAAM,KAAK;IACrB,CAAC,EACF;IACE,QAAQ;IACR,SAAS,EAAE,gBAAgB,oBAAoB;IAChD,CACF,CACF;YACQ,iBAAiB,YAC1B,QAAO,GAAG,QACR,IAAI,SAAS,MAAM;IACjB,QAAQ;IACR,YACE,OAAO,MAAM,SAAS,WAAW,MAAM,OAAO;IACjD,CAAC,CACH;QACI;AACL,aAAS,MAAM;AACf,WAAO,GAAG,QACR,IAAI,SAAS,MAAM;KACjB,QAAQ;KACR,YAAY;KACb,CAAC,CACH;;IAEH,CACH,CACF;;;AAIL,SAAgB,WACd,SACoC;AACpC,QAAOC,MAAa,QAAQ,QAAQ,IAAI,SAAS,IAAI,GAAG;;AAU1D,SAAS,4BACP,UACA,WACwB;CACxB,MAAM,gBAAgB,GAAG,UAAU;CAInC,MAAM,CAAC,qBAAqB,UAAU,GAAG,QAHpB,SAAS,WAAW,cAAc,GACnD,SAAS,MAAM,cAAc,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,QAAQ,GAC/D,EAAE;AAEN,KACE,wBAAwB,UACvB,aAAa,UAAU,aAAa,UAAU,aAAa,UAC5D,KAAK,WAAW,EAEhB,QAAO;AAET,QAAO;EACL;EACA,cAAc;EACd;EACA;EACD;;AAGH,SAAgB,gBACd,MACA,MAIA;CACA,MAAM,eACJ;AAEF,MAAK,MAAM;EACT,MAAM;EACN,QAAQ;EACR,SAAS,kBAAkB,YAAY;GACrC,MAAM,SAAS,KAAK,WAAW;AAC/B,UAAO,IAAI,SACT,KAAK,UAAU;IACb;IACA,UAAU,GAAG,OAAO;IACrB,CAAC,EACF;IACE,QAAQ;IACR,SAAS;KACP,gBAAgB;KAChB,iBAAiB;KAClB;IACF,CACF;IACD;EACH,CAAC;AAEF,MAAK,MAAM;EACT,MAAM;EACN,QAAQ;EACR,SAAS,kBAAkB,YAAY;AACrC,UAAO,IAAI,SAAS,KAAK,SAAS,EAAE;IAClC,QAAQ;IACR,SAAS;KACP,gBAAgB;KAChB,iBAAiB;KAClB;IACF,CAAC;IACF;EACH,CAAC;;AAGJ,SAAgB,cACd,MACA,MAUA;AACA,MAAK,MAAM;EACT,YAAY;EACZ,QAAQ;EACR,SAAS,kBAAkB,KAAK,aAAa;EAC9C,CAAC;CAEF,MAAM,kBAAkB,kBAAkB,KAAK,eAAe;AAE9D,MAAK,MAAM;EACT,YAAY;EACZ,QAAQ;EACR,SAAS;EACV,CAAC;AAEF,MAAK,MAAM;EACT,YAAY;EACZ,QAAQ;EACR,SAAS;EACV,CAAC;;AAGJ,SAAgB,aACd,MACA,MAuCA;CACA,MAAM,cAAc,GAAG,KAAK,UAAU;AAEtC,MAAK,MAAM;EACT,YAAY;EACZ,QAAQ;EACR,SAAS,kBACP,KAAK,wBAAwB,KAAK,OAAO,KAAK,YAAY;GACxD,MAAM,QAAQ,4BACZ,IAAI,IAAI,QAAQ,IAAI,CAAC,UACrB,KAAK,UACN;AACD,OAAI,CAAC,MACH,OAAM,GAAG,MAAM;IACb,MAAM;IACN,SAAS;IACV,CAAC;AAEJ,OAAI,MAAM,aAAa,UAAU,MAAM,KAAK,WAAW,GAAG;AACxD,QAAI,MAAM,KAAK,OAAO,WACpB,QAAO,MAAM,KAAK,mBAAmB,KAAK,SAAS,MAAM;AAE3D,QAAI,MAAM,KAAK,OAAO,SACpB,QAAO,MAAM,KAAK,iBAAiB,KAAK,SAAS,MAAM;AAEzD,QAAI,MAAM,KAAK,OAAO,MACpB,QAAO,MAAM,KAAK,cAAc,KAAK,SAAS,MAAM;AAEtD,QAAI,MAAM,KAAK,OAAO,MACpB,QAAO,MAAM,KAAK,cAAc,KAAK,SAAS,MAAM;;AAGxD,OAAI,MAAM,aAAa,UAAU,MAAM,KAAK,WAAW,GAAG;AACxD,QAAI,MAAM,KAAK,OAAO,SACpB,QAAO,MAAM,KAAK,iBAAiB,KAAK,SAAS,MAAM;AAEzD,QAAI,MAAM,KAAK,OAAO,WACpB,QAAO,MAAM,KAAK,mBAAmB,KAAK,SAAS,MAAM;;AAG7D,OAAI,MAAM,aAAa,UAAU,MAAM,KAAK,OAAO,KACjD,QAAO,MAAM,KAAK,kBAAkB,KAAK,QAAQ;AAEnD,SAAM,GAAG,MAAM;IACb,MAAM;IACN,SAAS;IACV,CAAC;IACF,CACH;EACF,CAAC;AAEF,MAAK,MAAM;EACT,YAAY;EACZ,QAAQ;EACR,SAAS,kBACP,KAAK,wBAAwB,KAAK,OAAO,KAAK,YAAY;GACxD,MAAM,QAAQ,4BACZ,IAAI,IAAI,QAAQ,IAAI,CAAC,UACrB,KAAK,UACN;AACD,OAAI,OAAO,aAAa,UAAU,MAAM,KAAK,WAAW,GAAG;AACzD,QAAI,MAAM,KAAK,OAAO,MACpB,QAAO,MAAM,KAAK,cAAc,KAAK,SAAS,MAAM;AAEtD,QAAI,MAAM,KAAK,OAAO,MACpB,QAAO,MAAM,KAAK,cAAc,KAAK,SAAS,MAAM;;AAGxD,OAAI,OAAO,aAAa,UAAU,MAAM,KAAK,OAAO,KAClD,QAAO,MAAM,KAAK,kBAAkB,KAAK,QAAQ;AAEnD,SAAM,GAAG,MAAM;IACb,MAAM;IACN,SAAS;IACV,CAAC;IACF,CACH;EACF,CAAC;AAEF,MAAK,MAAM;EACT,YAAY;EACZ,QAAQ;EACR,SAAS,kBACP,KAAK,wBAAwB,KAAK,OAAO,KAAK,YAAY;GACxD,MAAM,QAAQ,4BACZ,IAAI,IAAI,QAAQ,IAAI,CAAC,UACrB,KAAK,UACN;AACD,OAAI,OAAO,aAAa,UAAU,MAAM,KAAK,OAAO,KAClD,QAAO,MAAM,KAAK,kBAAkB,KAAK,QAAQ;AAEnD,SAAM,GAAG,MAAM;IACb,MAAM;IACN,SAAS;IACV,CAAC;IACF,CACH;EACF,CAAC;AAEF,MAAK,MAAM,UAAU,CAAC,SAAS,SAAS,CACtC,MAAK,MAAM;EACT,YAAY;EACZ;EACA,SAAS,kBAAkB,OAAO,KAAK,YAAY;GACjD,MAAM,QAAQ,4BACZ,IAAI,IAAI,QAAQ,IAAI,CAAC,UACrB,KAAK,UACN;AACD,OAAI,CAAC,SAAS,MAAM,aAAa,UAAU,MAAM,KAAK,OAAO,KAC3D,QAAO,KAAK,UAAU,KAAK,YAAY,2BAA2B;AAEpE,UAAO,MAAM,KAAK,kBAAkB,KAAK,QAAQ;IACjD;EACH,CAAC"}
@@ -1,16 +0,0 @@
1
- import { Cv } from "@robelest/fx/convex";
2
-
3
- //#region src/server/identity.ts
4
- /** @internal */
5
- function userIdFromIdentitySubject(subject) {
6
- const [userId, ...rest] = subject.split("|");
7
- if (typeof userId !== "string" || userId.length === 0 || rest.length === 0 || rest.some((segment) => segment.length === 0)) throw Cv.error({
8
- code: "INTERNAL_ERROR",
9
- message: "Authenticated identity subject is malformed."
10
- });
11
- return userId;
12
- }
13
-
14
- //#endregion
15
- export { userIdFromIdentitySubject };
16
- //# sourceMappingURL=identity.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"identity.js","names":[],"sources":["../../../src/server/identity.ts"],"sourcesContent":["import { Cv } from \"@robelest/fx/convex\";\n\n/** @internal */\nexport function userIdFromIdentitySubject(subject: string): string {\n const [userId, ...rest] = subject.split(\"|\");\n if (\n typeof userId !== \"string\" ||\n userId.length === 0 ||\n rest.length === 0 ||\n rest.some((segment) => segment.length === 0)\n ) {\n throw Cv.error({\n code: \"INTERNAL_ERROR\",\n message: \"Authenticated identity subject is malformed.\",\n });\n }\n return userId;\n}\n"],"mappings":";;;;AAGA,SAAgB,0BAA0B,SAAyB;CACjE,MAAM,CAAC,QAAQ,GAAG,QAAQ,QAAQ,MAAM,IAAI;AAC5C,KACE,OAAO,WAAW,YAClB,OAAO,WAAW,KAClB,KAAK,WAAW,KAChB,KAAK,MAAM,YAAY,QAAQ,WAAW,EAAE,CAE5C,OAAM,GAAG,MAAM;EACb,MAAM;EACN,SAAS;EACV,CAAC;AAEJ,QAAO"}