@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1 +0,0 @@
1
- {"version":3,"file":"refresh.js","names":[],"sources":["../../../../src/server/mutations/refresh.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { ConvexError, Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport {\n invalidateRefreshTokensInSubtree,\n parseRefreshToken,\n REFRESH_TOKEN_REUSE_WINDOW_MS,\n refreshTokenIfValid,\n} from \"../refresh\";\nimport { generateTokensForSession } from \"../sessions\";\nimport { MutationCtx } from \"../types\";\nimport { logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const refreshSessionArgs = v.object({\n refreshToken: v.string(),\n});\n\ntype RefreshResult = null | {\n token: string;\n refreshToken: string;\n};\n\n// ============================================================================\n// Small helpers for the refresh pipeline\n// ============================================================================\n\n/** A soft refresh failure — logged and collapsed to null at the boundary. */\nclass RefreshFailure {\n readonly _tag = \"RefreshFailure\" as const;\n constructor(readonly reason: string) {}\n}\n\n// ============================================================================\n// Main exported function\n// ============================================================================\n\nexport async function refreshSessionImpl(\n ctx: MutationCtx,\n args: Infer<typeof refreshSessionArgs>,\n _getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n config: Provider.Config,\n): Promise<RefreshResult> {\n const db = authDb(ctx, config);\n const { refreshToken } = args;\n\n return Fx.run(\n parseRefreshToken(refreshToken).pipe(\n Fx.recover((err: ConvexError<any>) =>\n Fx.fail(new RefreshFailure(err.data.message)),\n ),\n Fx.tap(({ refreshTokenId, sessionId: tokenSessionId }) =>\n Fx.sync(() =>\n logWithLevel(\n \"DEBUG\",\n `refreshSessionImpl args: Token ID: ${maybeRedact(refreshTokenId)} Session ID: ${maybeRedact(tokenSessionId)}`,\n ),\n ),\n ),\n Fx.chain(({ refreshTokenId, sessionId: tokenSessionId }) =>\n refreshTokenIfValid(ctx, refreshTokenId, tokenSessionId, config).pipe(\n Fx.chain((validationResult) =>\n validationResult === null\n ? Fx.gen(function* () {\n yield* Fx.from({\n ok: async () => {\n const session = await (db as any).sessions.getById(\n tokenSessionId,\n );\n if (session !== null) {\n await (db as any).sessions.delete(session._id);\n }\n },\n err: () =>\n new RefreshFailure(\n \"Skipping invalid session id during refresh cleanup\",\n ),\n }).pipe(\n Fx.recover((f) => {\n logWithLevel(\"DEBUG\", f.reason);\n return Fx.succeed(undefined as void);\n }),\n );\n\n yield* Fx.from({\n ok: () =>\n authDb(ctx, config).refreshTokens.deleteAll(\n tokenSessionId as any,\n ),\n err: () =>\n new RefreshFailure(\n \"Skipping invalid token session id during refresh token cleanup\",\n ),\n }).pipe(\n Fx.recover((f) => {\n logWithLevel(\"DEBUG\", f.reason);\n return Fx.succeed(undefined as void);\n }),\n );\n\n return null;\n })\n : (() => {\n const { session } = validationResult;\n const sessionId = session._id;\n const userId = session.userId;\n const tokenFirstUsed =\n validationResult.refreshTokenDoc.firstUsedTime;\n return tokenFirstUsed === undefined\n ? Fx.from({\n ok: async () => {\n await (db as any).refreshTokens.patch(\n refreshTokenId,\n {\n firstUsedTime: Date.now(),\n },\n );\n const result = await generateTokensForSession(\n ctx,\n config,\n {\n userId,\n sessionId,\n issuedRefreshTokenId: null,\n parentRefreshTokenId: refreshTokenId as any,\n },\n );\n const { refreshTokenId: newRefreshTokenId } =\n await Fx.run(\n parseRefreshToken(result.refreshToken),\n );\n logWithLevel(\n \"DEBUG\",\n `Exchanged ${maybeRedact(validationResult.refreshTokenDoc._id)} (first use) for new refresh token ${maybeRedact(newRefreshTokenId)}`,\n );\n return result;\n },\n err: () =>\n new RefreshFailure(\n \"Failed during first-use token exchange\",\n ),\n })\n : Fx.from({\n ok: () =>\n authDb(ctx, config).refreshTokens.getActive(\n tokenSessionId as any,\n ),\n err: () =>\n new RefreshFailure(\n \"Failed to load active refresh token\",\n ),\n }).pipe(\n Fx.chain((activeRefreshToken) => {\n logWithLevel(\n \"DEBUG\",\n `Active refresh token: ${maybeRedact(activeRefreshToken?._id ?? \"(none)\")}, parent ${maybeRedact(activeRefreshToken?.parentRefreshTokenId ?? \"(none)\")}`,\n );\n\n const reuseDispatch =\n activeRefreshToken !== null &&\n activeRefreshToken.parentRefreshTokenId ===\n refreshTokenId\n ? ({\n tag: \"parentOfActive\",\n activeRefreshToken,\n } as const)\n : tokenFirstUsed + REFRESH_TOKEN_REUSE_WINDOW_MS >\n Date.now()\n ? ({ tag: \"withinReuseWindow\" } as const)\n : ({ tag: \"outsideReuseWindow\" } as const);\n\n if (reuseDispatch.tag === \"parentOfActive\") {\n return Fx.from({\n ok: () =>\n generateTokensForSession(ctx, config, {\n userId,\n sessionId,\n issuedRefreshTokenId:\n reuseDispatch.activeRefreshToken._id,\n parentRefreshTokenId: refreshTokenId as any,\n }),\n err: () =>\n new RefreshFailure(\n \"Failed to generate tokens for parent reuse\",\n ),\n }).pipe(\n Fx.tap(() =>\n Fx.sync(() =>\n logWithLevel(\n \"DEBUG\",\n `Token ${maybeRedact(validationResult.refreshTokenDoc._id)} is parent of active refresh token ${maybeRedact(reuseDispatch.activeRefreshToken._id)}, so returning that token`,\n ),\n ),\n ),\n );\n }\n\n if (reuseDispatch.tag === \"withinReuseWindow\") {\n return Fx.from({\n ok: async () => {\n const result = await generateTokensForSession(\n ctx,\n config,\n {\n userId,\n sessionId,\n issuedRefreshTokenId: null,\n parentRefreshTokenId: refreshTokenId as any,\n },\n );\n const { refreshTokenId: newRefreshTokenId } =\n await Fx.run(\n parseRefreshToken(result.refreshToken),\n );\n logWithLevel(\n \"DEBUG\",\n `Exchanged ${maybeRedact(validationResult.refreshTokenDoc._id)} (reuse) for new refresh token ${maybeRedact(newRefreshTokenId)}`,\n );\n return result;\n },\n err: () =>\n new RefreshFailure(\n \"Failed to generate tokens for reuse window\",\n ),\n });\n }\n\n logWithLevel(\n \"ERROR\",\n \"Refresh token used outside of reuse window\",\n );\n logWithLevel(\n \"DEBUG\",\n `Token ${maybeRedact(validationResult.refreshTokenDoc._id)} being used outside of reuse window, so invalidating all refresh tokens in subtree`,\n );\n return Fx.from({\n ok: async () => {\n const tokensToInvalidate =\n await invalidateRefreshTokensInSubtree(\n ctx,\n validationResult.refreshTokenDoc,\n config,\n );\n logWithLevel(\n \"DEBUG\",\n `Invalidated ${tokensToInvalidate.length} refresh tokens in subtree: ${tokensToInvalidate\n .map((token) => maybeRedact(token._id))\n .join(\", \")}`,\n );\n return null;\n },\n err: () =>\n new RefreshFailure(\n \"Failed to invalidate refresh tokens in subtree\",\n ),\n });\n }),\n );\n })(),\n ),\n ),\n ),\n Fx.fold({\n ok: (result) => result,\n err: (failure) => {\n logWithLevel(\"DEBUG\", failure.reason);\n return null;\n },\n }),\n ),\n );\n}\n\n// ============================================================================\n// Invalid token path — cleanup session and refresh tokens\n// ============================================================================\n\n// ============================================================================\n// Valid token path — dispatch on first-use / parent / reuse-window / stale\n// ============================================================================\n\n// ============================================================================\n// Action-level caller (unchanged — just forwards to mutation)\n// ============================================================================\n\nexport const callRefreshSession = async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: Infer<typeof refreshSessionArgs>,\n): Promise<RefreshResult> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"refreshSession\",\n ...args,\n },\n });\n};\n"],"mappings":";;;;;;;;;AAiBA,MAAa,qBAAqB,EAAE,OAAO,EACzC,cAAc,EAAE,QAAQ,EACzB,CAAC;;AAYF,IAAM,iBAAN,MAAqB;CACnB,AAAS,OAAO;CAChB,YAAY,AAAS,QAAgB;EAAhB;;;AAOvB,eAAsB,mBACpB,KACA,MACA,qBACA,QACwB;CACxB,MAAM,KAAK,OAAO,KAAK,OAAO;CAC9B,MAAM,EAAE,iBAAiB;AAEzB,QAAO,GAAG,IACR,kBAAkB,aAAa,CAAC,KAC9B,GAAG,SAAS,QACV,GAAG,KAAK,IAAI,eAAe,IAAI,KAAK,QAAQ,CAAC,CAC9C,EACD,GAAG,KAAK,EAAE,gBAAgB,WAAW,qBACnC,GAAG,WACD,aACE,SACA,sCAAsC,YAAY,eAAe,CAAC,eAAe,YAAY,eAAe,GAC7G,CACF,CACF,EACD,GAAG,OAAO,EAAE,gBAAgB,WAAW,qBACrC,oBAAoB,KAAK,gBAAgB,gBAAgB,OAAO,CAAC,KAC/D,GAAG,OAAO,qBACR,qBAAqB,OACjB,GAAG,IAAI,aAAa;AAClB,SAAO,GAAG,KAAK;GACb,IAAI,YAAY;IACd,MAAM,UAAU,MAAO,GAAW,SAAS,QACzC,eACD;AACD,QAAI,YAAY,KACd,OAAO,GAAW,SAAS,OAAO,QAAQ,IAAI;;GAGlD,WACE,IAAI,eACF,qDACD;GACJ,CAAC,CAAC,KACD,GAAG,SAAS,MAAM;AAChB,gBAAa,SAAS,EAAE,OAAO;AAC/B,UAAO,GAAG,QAAQ,OAAkB;IACpC,CACH;AAED,SAAO,GAAG,KAAK;GACb,UACE,OAAO,KAAK,OAAO,CAAC,cAAc,UAChC,eACD;GACH,WACE,IAAI,eACF,iEACD;GACJ,CAAC,CAAC,KACD,GAAG,SAAS,MAAM;AAChB,gBAAa,SAAS,EAAE,OAAO;AAC/B,UAAO,GAAG,QAAQ,OAAkB;IACpC,CACH;AAED,SAAO;GACP,UACK;EACL,MAAM,EAAE,YAAY;EACpB,MAAM,YAAY,QAAQ;EAC1B,MAAM,SAAS,QAAQ;EACvB,MAAM,iBACJ,iBAAiB,gBAAgB;AACnC,SAAO,mBAAmB,SACtB,GAAG,KAAK;GACN,IAAI,YAAY;AACd,UAAO,GAAW,cAAc,MAC9B,gBACA,EACE,eAAe,KAAK,KAAK,EAC1B,CACF;IACD,MAAM,SAAS,MAAM,yBACnB,KACA,QACA;KACE;KACA;KACA,sBAAsB;KACtB,sBAAsB;KACvB,CACF;IACD,MAAM,EAAE,gBAAgB,sBACtB,MAAM,GAAG,IACP,kBAAkB,OAAO,aAAa,CACvC;AACH,iBACE,SACA,aAAa,YAAY,iBAAiB,gBAAgB,IAAI,CAAC,qCAAqC,YAAY,kBAAkB,GACnI;AACD,WAAO;;GAET,WACE,IAAI,eACF,yCACD;GACJ,CAAC,GACF,GAAG,KAAK;GACN,UACE,OAAO,KAAK,OAAO,CAAC,cAAc,UAChC,eACD;GACH,WACE,IAAI,eACF,sCACD;GACJ,CAAC,CAAC,KACD,GAAG,OAAO,uBAAuB;AAC/B,gBACE,SACA,yBAAyB,YAAY,oBAAoB,OAAO,SAAS,CAAC,WAAW,YAAY,oBAAoB,wBAAwB,SAAS,GACvJ;GAED,MAAM,gBACJ,uBAAuB,QACvB,mBAAmB,yBACjB,iBACG;IACC,KAAK;IACL;IACD,GACD,iBAAiB,gCACf,KAAK,KAAK,GACT,EAAE,KAAK,qBAAqB,GAC5B,EAAE,KAAK,sBAAsB;AAEtC,OAAI,cAAc,QAAQ,iBACxB,QAAO,GAAG,KAAK;IACb,UACE,yBAAyB,KAAK,QAAQ;KACpC;KACA;KACA,sBACE,cAAc,mBAAmB;KACnC,sBAAsB;KACvB,CAAC;IACJ,WACE,IAAI,eACF,6CACD;IACJ,CAAC,CAAC,KACD,GAAG,UACD,GAAG,WACD,aACE,SACA,SAAS,YAAY,iBAAiB,gBAAgB,IAAI,CAAC,qCAAqC,YAAY,cAAc,mBAAmB,IAAI,CAAC,2BACnJ,CACF,CACF,CACF;AAGH,OAAI,cAAc,QAAQ,oBACxB,QAAO,GAAG,KAAK;IACb,IAAI,YAAY;KACd,MAAM,SAAS,MAAM,yBACnB,KACA,QACA;MACE;MACA;MACA,sBAAsB;MACtB,sBAAsB;MACvB,CACF;KACD,MAAM,EAAE,gBAAgB,sBACtB,MAAM,GAAG,IACP,kBAAkB,OAAO,aAAa,CACvC;AACH,kBACE,SACA,aAAa,YAAY,iBAAiB,gBAAgB,IAAI,CAAC,iCAAiC,YAAY,kBAAkB,GAC/H;AACD,YAAO;;IAET,WACE,IAAI,eACF,6CACD;IACJ,CAAC;AAGJ,gBACE,SACA,6CACD;AACD,gBACE,SACA,SAAS,YAAY,iBAAiB,gBAAgB,IAAI,CAAC,oFAC5D;AACD,UAAO,GAAG,KAAK;IACb,IAAI,YAAY;KACd,MAAM,qBACJ,MAAM,iCACJ,KACA,iBAAiB,iBACjB,OACD;AACH,kBACE,SACA,eAAe,mBAAmB,OAAO,8BAA8B,mBACpE,KAAK,UAAU,YAAY,MAAM,IAAI,CAAC,CACtC,KAAK,KAAK,GACd;AACD,YAAO;;IAET,WACE,IAAI,eACF,iDACD;IACJ,CAAC;IACF,CACH;KACH,CACT,CACF,CACF,EACD,GAAG,KAAK;EACN,KAAK,WAAW;EAChB,MAAM,YAAY;AAChB,gBAAa,SAAS,QAAQ,OAAO;AACrC,UAAO;;EAEV,CAAC,CACH,CACF;;AAeH,MAAa,qBAAqB,OAChC,KACA,SAC2B;AAC3B,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
@@ -1,87 +0,0 @@
1
- import { LOG_LEVELS, logWithLevel, maybeRedact } from "../utils.js";
2
- import { hash, verify } from "../crypto.js";
3
- import { authDb } from "../db.js";
4
- import { AUTH_STORE_REF } from "./store/refs.js";
5
- import { getAuthSessionId } from "../sessions.js";
6
- import { upsertUserAndAccount } from "../users.js";
7
- import { Cv } from "@robelest/fx/convex";
8
- import { Fx } from "@robelest/fx";
9
- import { v } from "convex/values";
10
-
11
- //#region src/server/mutations/register.ts
12
- const createAccountFromCredentialsArgs = v.object({
13
- provider: v.string(),
14
- account: v.object({
15
- id: v.string(),
16
- secret: v.optional(v.string())
17
- }),
18
- profile: v.any(),
19
- shouldLinkViaEmail: v.optional(v.boolean()),
20
- shouldLinkViaPhone: v.optional(v.boolean())
21
- });
22
- async function createAccountFromCredentialsImpl(ctx, args, getProviderOrThrow, config) {
23
- logWithLevel(LOG_LEVELS.DEBUG, "createAccountFromCredentialsImpl args:", {
24
- provider: args.provider,
25
- account: {
26
- id: args.account.id,
27
- secret: maybeRedact(args.account.secret ?? "")
28
- }
29
- });
30
- const { provider: providerId, account, profile, shouldLinkViaEmail, shouldLinkViaPhone } = args;
31
- const db = authDb(ctx, config);
32
- const provider = getProviderOrThrow(providerId);
33
- return Fx.run(Fx.gen(function* () {
34
- const existingAccount = yield* Fx.promise(() => db.accounts.get(provider.id, account.id));
35
- if (existingAccount !== null) {
36
- if (account.secret !== void 0) {
37
- if (!(yield* verify(provider, account.secret, existingAccount.secret ?? ""))) return yield* Cv.fail({
38
- code: "ACCOUNT_ALREADY_EXISTS",
39
- message: `Account ${account.id} already exists`
40
- });
41
- }
42
- const user = yield* Fx.promise(() => db.users.getById(existingAccount.userId));
43
- if (user === null) return yield* Cv.fail({
44
- code: "ACCOUNT_NOT_FOUND",
45
- message: `Linked user for account ${account.id} was not found.`
46
- });
47
- return {
48
- account: existingAccount,
49
- user
50
- };
51
- }
52
- const secret = account.secret !== void 0 ? yield* hash(provider, account.secret) : void 0;
53
- const { userId, accountId } = yield* Fx.promise(async () => upsertUserAndAccount(ctx, await getAuthSessionId(ctx), {
54
- providerAccountId: account.id,
55
- secret
56
- }, {
57
- type: "credentials",
58
- provider,
59
- profile,
60
- shouldLinkViaEmail,
61
- shouldLinkViaPhone
62
- }, config));
63
- const [createdAccount, createdUser] = yield* Fx.zip(Fx.promise(() => db.accounts.getById(accountId)), Fx.promise(() => db.users.getById(userId)));
64
- if (createdAccount === null) return yield* Cv.fail({
65
- code: "ACCOUNT_NOT_FOUND",
66
- message: `Created account was not found.`
67
- });
68
- if (createdUser === null) return yield* Cv.fail({
69
- code: "USER_UPDATE_FAILED",
70
- message: `Created user was not found.`
71
- });
72
- return {
73
- account: createdAccount,
74
- user: createdUser
75
- };
76
- }));
77
- }
78
- const callCreateAccountFromCredentials = async (ctx, args) => {
79
- return ctx.runMutation(AUTH_STORE_REF, { args: {
80
- type: "createAccountFromCredentials",
81
- ...args
82
- } });
83
- };
84
-
85
- //#endregion
86
- export { callCreateAccountFromCredentials, createAccountFromCredentialsArgs, createAccountFromCredentialsImpl };
87
- //# sourceMappingURL=register.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"register.js","names":["Provider.verify","Provider.hash"],"sources":["../../../../src/server/mutations/register.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { getAuthSessionId } from \"../sessions\";\nimport { Doc, MutationCtx } from \"../types\";\nimport { ConvexCredentialsConfig } from \"../types\";\nimport { upsertUserAndAccount } from \"../users\";\nimport { LOG_LEVELS, logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const createAccountFromCredentialsArgs = v.object({\n provider: v.string(),\n account: v.object({ id: v.string(), secret: v.optional(v.string()) }),\n profile: v.any(),\n shouldLinkViaEmail: v.optional(v.boolean()),\n shouldLinkViaPhone: v.optional(v.boolean()),\n});\n\ntype ReturnType = { account: Doc<\"Account\">; user: Doc<\"User\"> };\n\nexport async function createAccountFromCredentialsImpl(\n ctx: MutationCtx,\n args: Infer<typeof createAccountFromCredentialsArgs>,\n getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n config: Provider.Config,\n): Promise<ReturnType> {\n logWithLevel(LOG_LEVELS.DEBUG, \"createAccountFromCredentialsImpl args:\", {\n provider: args.provider,\n account: {\n id: args.account.id,\n secret: maybeRedact(args.account.secret ?? \"\"),\n },\n });\n\n const {\n provider: providerId,\n account,\n profile,\n shouldLinkViaEmail,\n shouldLinkViaPhone,\n } = args;\n const db = authDb(ctx, config);\n const provider = getProviderOrThrow(providerId) as ConvexCredentialsConfig;\n\n return Fx.run(\n Fx.gen(function* () {\n const existingAccount = yield* Fx.promise(\n () =>\n db.accounts.get(\n provider.id,\n account.id,\n ) as Promise<Doc<\"Account\"> | null>,\n );\n\n if (existingAccount !== null) {\n if (account.secret !== undefined) {\n const valid = yield* Provider.verify(\n provider,\n account.secret,\n existingAccount.secret ?? \"\",\n );\n if (!valid) {\n return yield* Cv.fail({\n code: \"ACCOUNT_ALREADY_EXISTS\",\n message: `Account ${account.id} already exists`,\n });\n }\n }\n\n const user = yield* Fx.promise(\n () =>\n db.users.getById(\n existingAccount.userId,\n ) as Promise<Doc<\"User\"> | null>,\n );\n if (user === null) {\n return yield* Cv.fail({\n code: \"ACCOUNT_NOT_FOUND\",\n message: `Linked user for account ${account.id} was not found.`,\n });\n }\n\n return { account: existingAccount, user };\n }\n\n const secret =\n account.secret !== undefined\n ? yield* Provider.hash(provider, account.secret)\n : undefined;\n\n const result = yield* Fx.promise(async () =>\n upsertUserAndAccount(\n ctx,\n await getAuthSessionId(ctx),\n { providerAccountId: account.id, secret },\n {\n type: \"credentials\",\n provider,\n profile,\n shouldLinkViaEmail,\n shouldLinkViaPhone,\n },\n config,\n ),\n );\n\n const { userId, accountId } = result as {\n userId: string;\n accountId: string;\n };\n const [createdAccount, createdUser] = yield* Fx.zip(\n Fx.promise(\n () =>\n db.accounts.getById(accountId) as Promise<Doc<\"Account\"> | null>,\n ),\n Fx.promise(\n () => db.users.getById(userId) as Promise<Doc<\"User\"> | null>,\n ),\n );\n\n if (createdAccount === null) {\n return yield* Cv.fail({\n code: \"ACCOUNT_NOT_FOUND\",\n message: `Created account was not found.`,\n });\n }\n if (createdUser === null) {\n return yield* Cv.fail({\n code: \"USER_UPDATE_FAILED\",\n message: `Created user was not found.`,\n });\n }\n\n return { account: createdAccount, user: createdUser };\n }),\n ) as Promise<ReturnType>;\n}\n\nexport const callCreateAccountFromCredentials = async <\n DataModel extends GenericDataModel,\n>(\n ctx: GenericActionCtx<DataModel>,\n args: Infer<typeof createAccountFromCredentialsArgs>,\n): Promise<ReturnType> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"createAccountFromCredentials\",\n ...args,\n },\n });\n};\n"],"mappings":";;;;;;;;;;;AAcA,MAAa,mCAAmC,EAAE,OAAO;CACvD,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,OAAO;EAAE,IAAI,EAAE,QAAQ;EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE,CAAC;CACrE,SAAS,EAAE,KAAK;CAChB,oBAAoB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC3C,oBAAoB,EAAE,SAAS,EAAE,SAAS,CAAC;CAC5C,CAAC;AAIF,eAAsB,iCACpB,KACA,MACA,oBACA,QACqB;AACrB,cAAa,WAAW,OAAO,0CAA0C;EACvE,UAAU,KAAK;EACf,SAAS;GACP,IAAI,KAAK,QAAQ;GACjB,QAAQ,YAAY,KAAK,QAAQ,UAAU,GAAG;GAC/C;EACF,CAAC;CAEF,MAAM,EACJ,UAAU,YACV,SACA,SACA,oBACA,uBACE;CACJ,MAAM,KAAK,OAAO,KAAK,OAAO;CAC9B,MAAM,WAAW,mBAAmB,WAAW;AAE/C,QAAO,GAAG,IACR,GAAG,IAAI,aAAa;EAClB,MAAM,kBAAkB,OAAO,GAAG,cAE9B,GAAG,SAAS,IACV,SAAS,IACT,QAAQ,GACT,CACJ;AAED,MAAI,oBAAoB,MAAM;AAC5B,OAAI,QAAQ,WAAW,QAMrB;QAAI,EALU,OAAOA,OACnB,UACA,QAAQ,QACR,gBAAgB,UAAU,GAC3B,EAEC,QAAO,OAAO,GAAG,KAAK;KACpB,MAAM;KACN,SAAS,WAAW,QAAQ,GAAG;KAChC,CAAC;;GAIN,MAAM,OAAO,OAAO,GAAG,cAEnB,GAAG,MAAM,QACP,gBAAgB,OACjB,CACJ;AACD,OAAI,SAAS,KACX,QAAO,OAAO,GAAG,KAAK;IACpB,MAAM;IACN,SAAS,2BAA2B,QAAQ,GAAG;IAChD,CAAC;AAGJ,UAAO;IAAE,SAAS;IAAiB;IAAM;;EAG3C,MAAM,SACJ,QAAQ,WAAW,SACf,OAAOC,KAAc,UAAU,QAAQ,OAAO,GAC9C;EAkBN,MAAM,EAAE,QAAQ,cAhBD,OAAO,GAAG,QAAQ,YAC/B,qBACE,KACA,MAAM,iBAAiB,IAAI,EAC3B;GAAE,mBAAmB,QAAQ;GAAI;GAAQ,EACzC;GACE,MAAM;GACN;GACA;GACA;GACA;GACD,EACD,OACD,CACF;EAMD,MAAM,CAAC,gBAAgB,eAAe,OAAO,GAAG,IAC9C,GAAG,cAEC,GAAG,SAAS,QAAQ,UAAU,CACjC,EACD,GAAG,cACK,GAAG,MAAM,QAAQ,OAAO,CAC/B,CACF;AAED,MAAI,mBAAmB,KACrB,QAAO,OAAO,GAAG,KAAK;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,MAAI,gBAAgB,KAClB,QAAO,OAAO,GAAG,KAAK;GACpB,MAAM;GACN,SAAS;GACV,CAAC;AAGJ,SAAO;GAAE,SAAS;GAAgB,MAAM;GAAa;GACrD,CACH;;AAGH,MAAa,mCAAmC,OAG9C,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
@@ -1,61 +0,0 @@
1
- import { LOG_LEVELS, logWithLevel, maybeRedact } from "../utils.js";
2
- import { verify } from "../crypto.js";
3
- import { authDb } from "../db.js";
4
- import { AUTH_STORE_REF } from "./store/refs.js";
5
- import { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit } from "../limits.js";
6
- import { Fx } from "@robelest/fx";
7
- import { v } from "convex/values";
8
-
9
- //#region src/server/mutations/retrieve.ts
10
- const retrieveAccountWithCredentialsArgs = v.object({
11
- provider: v.string(),
12
- account: v.object({
13
- id: v.string(),
14
- secret: v.optional(v.string())
15
- })
16
- });
17
- function retrieveAccountWithCredentialsImpl(ctx, args, getProviderOrThrow, config) {
18
- const { provider: providerId, account } = args;
19
- const db = authDb(ctx, config);
20
- logWithLevel(LOG_LEVELS.DEBUG, "retrieveAccountWithCredentialsImpl args:", {
21
- provider: providerId,
22
- account: {
23
- id: account.id,
24
- secret: maybeRedact(account.secret ?? "")
25
- }
26
- });
27
- return Fx.gen(function* () {
28
- const existingAccount = yield* Fx.promise(() => db.accounts.get(providerId, account.id));
29
- if (existingAccount === null) return "InvalidAccountId";
30
- if (account.secret !== void 0) {
31
- if (yield* isSignInRateLimited(ctx, existingAccount._id, config)) return "TooManyFailedAttempts";
32
- if (!(yield* verify(getProviderOrThrow(providerId), account.secret, existingAccount.secret ?? ""))) {
33
- yield* recordFailedSignIn(ctx, existingAccount._id, config);
34
- return "InvalidSecret";
35
- }
36
- yield* resetSignInRateLimit(ctx, existingAccount._id, config);
37
- }
38
- const user = yield* Fx.promise(() => db.users.getById(existingAccount.userId));
39
- if (user === null) {
40
- logWithLevel(LOG_LEVELS.ERROR, `Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`);
41
- return "InvalidAccountId";
42
- }
43
- return {
44
- account: existingAccount,
45
- user
46
- };
47
- }).pipe(Fx.fold({
48
- ok: (v$1) => v$1,
49
- err: () => "InvalidAccountId"
50
- }));
51
- }
52
- const callRetrieveAccountWithCredentials = async (ctx, args) => {
53
- return ctx.runMutation(AUTH_STORE_REF, { args: {
54
- type: "retrieveAccountWithCredentials",
55
- ...args
56
- } });
57
- };
58
-
59
- //#endregion
60
- export { callRetrieveAccountWithCredentials, retrieveAccountWithCredentialsArgs, retrieveAccountWithCredentialsImpl };
61
- //# sourceMappingURL=retrieve.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"retrieve.js","names":["Provider.verify","v"],"sources":["../../../../src/server/mutations/retrieve.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport {\n isSignInRateLimited,\n recordFailedSignIn,\n resetSignInRateLimit,\n} from \"../limits\";\nimport { Doc, MutationCtx } from \"../types\";\nimport { LOG_LEVELS, logWithLevel, maybeRedact } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const retrieveAccountWithCredentialsArgs = v.object({\n provider: v.string(),\n account: v.object({ id: v.string(), secret: v.optional(v.string()) }),\n});\n\ntype ReturnType =\n | \"InvalidAccountId\"\n | \"TooManyFailedAttempts\"\n | \"InvalidSecret\"\n | { account: Doc<\"Account\">; user: Doc<\"User\"> };\n\nexport function retrieveAccountWithCredentialsImpl(\n ctx: MutationCtx,\n args: Infer<typeof retrieveAccountWithCredentialsArgs>,\n getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n config: Provider.Config,\n): Fx<ReturnType> {\n const { provider: providerId, account } = args;\n const db = authDb(ctx, config);\n\n logWithLevel(LOG_LEVELS.DEBUG, \"retrieveAccountWithCredentialsImpl args:\", {\n provider: providerId,\n account: { id: account.id, secret: maybeRedact(account.secret ?? \"\") },\n });\n\n return Fx.gen(function* () {\n const existingAccount = yield* Fx.promise(\n () =>\n db.accounts.get(\n providerId,\n account.id,\n ) as Promise<Doc<\"Account\"> | null>,\n );\n if (existingAccount === null) {\n return \"InvalidAccountId\" as const;\n }\n\n if (account.secret !== undefined) {\n const limited = yield* isSignInRateLimited(\n ctx,\n existingAccount._id,\n config,\n );\n if (limited) {\n return \"TooManyFailedAttempts\" as const;\n }\n\n const valid = yield* Provider.verify(\n getProviderOrThrow(providerId),\n account.secret,\n existingAccount.secret ?? \"\",\n );\n if (!valid) {\n yield* recordFailedSignIn(ctx, existingAccount._id, config);\n return \"InvalidSecret\" as const;\n }\n\n yield* resetSignInRateLimit(ctx, existingAccount._id, config);\n }\n\n const user = yield* Fx.promise(\n () =>\n db.users.getById(existingAccount.userId) as Promise<Doc<\"User\"> | null>,\n );\n if (user === null) {\n logWithLevel(\n LOG_LEVELS.ERROR,\n `Account ${existingAccount._id} is linked to missing user ${existingAccount.userId}`,\n );\n return \"InvalidAccountId\" as const;\n }\n\n return { account: existingAccount, user } as ReturnType;\n }).pipe(\n Fx.fold({\n ok: (v) => v as ReturnType,\n err: () => \"InvalidAccountId\" as ReturnType,\n }),\n );\n}\n\nexport const callRetrieveAccountWithCredentials = async <\n DataModel extends GenericDataModel,\n>(\n ctx: GenericActionCtx<DataModel>,\n args: Infer<typeof retrieveAccountWithCredentialsArgs>,\n): Promise<ReturnType> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"retrieveAccountWithCredentials\",\n ...args,\n },\n });\n};\n"],"mappings":";;;;;;;;;AAeA,MAAa,qCAAqC,EAAE,OAAO;CACzD,UAAU,EAAE,QAAQ;CACpB,SAAS,EAAE,OAAO;EAAE,IAAI,EAAE,QAAQ;EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;EAAE,CAAC;CACtE,CAAC;AAQF,SAAgB,mCACd,KACA,MACA,oBACA,QACgB;CAChB,MAAM,EAAE,UAAU,YAAY,YAAY;CAC1C,MAAM,KAAK,OAAO,KAAK,OAAO;AAE9B,cAAa,WAAW,OAAO,4CAA4C;EACzE,UAAU;EACV,SAAS;GAAE,IAAI,QAAQ;GAAI,QAAQ,YAAY,QAAQ,UAAU,GAAG;GAAE;EACvE,CAAC;AAEF,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,kBAAkB,OAAO,GAAG,cAE9B,GAAG,SAAS,IACV,YACA,QAAQ,GACT,CACJ;AACD,MAAI,oBAAoB,KACtB,QAAO;AAGT,MAAI,QAAQ,WAAW,QAAW;AAMhC,OALgB,OAAO,oBACrB,KACA,gBAAgB,KAChB,OACD,CAEC,QAAO;AAQT,OAAI,EALU,OAAOA,OACnB,mBAAmB,WAAW,EAC9B,QAAQ,QACR,gBAAgB,UAAU,GAC3B,GACW;AACV,WAAO,mBAAmB,KAAK,gBAAgB,KAAK,OAAO;AAC3D,WAAO;;AAGT,UAAO,qBAAqB,KAAK,gBAAgB,KAAK,OAAO;;EAG/D,MAAM,OAAO,OAAO,GAAG,cAEnB,GAAG,MAAM,QAAQ,gBAAgB,OAAO,CAC3C;AACD,MAAI,SAAS,MAAM;AACjB,gBACE,WAAW,OACX,WAAW,gBAAgB,IAAI,6BAA6B,gBAAgB,SAC7E;AACD,UAAO;;AAGT,SAAO;GAAE,SAAS;GAAiB;GAAM;GACzC,CAAC,KACD,GAAG,KAAK;EACN,KAAK,QAAMC;EACX,WAAW;EACZ,CAAC,CACH;;AAGH,MAAa,qCAAqC,OAGhD,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
@@ -1,38 +0,0 @@
1
- import { authDb } from "../db.js";
2
- import { AUTH_STORE_REF } from "./store/refs.js";
3
- import { Cv } from "@robelest/fx/convex";
4
- import { Fx } from "@robelest/fx";
5
- import { v } from "convex/values";
6
-
7
- //#region src/server/mutations/signature.ts
8
- const verifierSignatureArgs = v.object({
9
- verifier: v.string(),
10
- signature: v.string()
11
- });
12
- function verifierSignatureImpl(ctx, args, config) {
13
- return Fx.gen(function* () {
14
- const { verifier, signature } = args;
15
- const db = authDb(ctx, config);
16
- const verifierDoc = yield* Fx.from({
17
- ok: () => db.verifiers.getById(verifier),
18
- err: () => Cv.error({
19
- code: "INVALID_VERIFIER",
20
- message: "Invalid or expired verifier."
21
- })
22
- }).pipe(Fx.chain((doc) => doc === null ? Cv.fail({
23
- code: "INVALID_VERIFIER",
24
- message: "Invalid or expired verifier."
25
- }) : Fx.succeed(doc)));
26
- yield* Fx.promise(() => db.verifiers.patch(verifierDoc._id, { signature }));
27
- });
28
- }
29
- const callVerifierSignature = async (ctx, args) => {
30
- return ctx.runMutation(AUTH_STORE_REF, { args: {
31
- type: "verifierSignature",
32
- ...args
33
- } });
34
- };
35
-
36
- //#endregion
37
- export { callVerifierSignature, verifierSignatureArgs, verifierSignatureImpl };
38
- //# sourceMappingURL=signature.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"signature.js","names":[],"sources":["../../../../src/server/mutations/signature.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { ConvexError, GenericId, Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const verifierSignatureArgs = v.object({\n verifier: v.string(),\n signature: v.string(),\n});\n\ntype ReturnType = void;\n\nexport function verifierSignatureImpl(\n ctx: MutationCtx,\n args: Infer<typeof verifierSignatureArgs>,\n config: Provider.Config,\n): Fx<ReturnType, ConvexError<any>> {\n return Fx.gen(function* () {\n const { verifier, signature } = args;\n const db = authDb(ctx, config);\n const verifierDoc = yield* Fx.from({\n ok: () => db.verifiers.getById(verifier as GenericId<\"AuthVerifier\">),\n err: () =>\n Cv.error({\n code: \"INVALID_VERIFIER\",\n message: \"Invalid or expired verifier.\",\n }),\n }).pipe(\n Fx.chain((doc) =>\n doc === null\n ? Cv.fail({\n code: \"INVALID_VERIFIER\",\n message: \"Invalid or expired verifier.\",\n })\n : Fx.succeed(doc),\n ),\n );\n yield* Fx.promise(() => db.verifiers.patch(verifierDoc._id, { signature }));\n });\n}\n\nexport const callVerifierSignature = async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: Infer<typeof verifierSignatureArgs>,\n): Promise<void> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"verifierSignature\",\n ...args,\n },\n });\n};\n"],"mappings":";;;;;;;AAUA,MAAa,wBAAwB,EAAE,OAAO;CAC5C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAIF,SAAgB,sBACd,KACA,MACA,QACkC;AAClC,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,EAAE,UAAU,cAAc;EAChC,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,cAAc,OAAO,GAAG,KAAK;GACjC,UAAU,GAAG,UAAU,QAAQ,SAAsC;GACrE,WACE,GAAG,MAAM;IACP,MAAM;IACN,SAAS;IACV,CAAC;GACL,CAAC,CAAC,KACD,GAAG,OAAO,QACR,QAAQ,OACJ,GAAG,KAAK;GACN,MAAM;GACN,SAAS;GACV,CAAC,GACF,GAAG,QAAQ,IAAI,CACpB,CACF;AACD,SAAO,GAAG,cAAc,GAAG,UAAU,MAAM,YAAY,KAAK,EAAE,WAAW,CAAC,CAAC;GAC3E;;AAGJ,MAAa,wBAAwB,OACnC,KACA,SACkB;AAClB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
@@ -1,27 +0,0 @@
1
- import { LOG_LEVELS, logWithLevel } from "../utils.js";
2
- import { AUTH_STORE_REF } from "./store/refs.js";
3
- import { createNewAndDeleteExistingSession, maybeGenerateTokensForSession } from "../sessions.js";
4
- import { v } from "convex/values";
5
-
6
- //#region src/server/mutations/signin.ts
7
- const signInArgs = v.object({
8
- userId: v.string(),
9
- sessionId: v.optional(v.string()),
10
- generateTokens: v.boolean()
11
- });
12
- async function signInImpl(ctx, args, config) {
13
- logWithLevel(LOG_LEVELS.DEBUG, "signInImpl args:", args);
14
- const { userId, sessionId: existingSessionId, generateTokens } = args;
15
- const typedUserId = userId;
16
- return await maybeGenerateTokensForSession(ctx, config, typedUserId, existingSessionId ?? await createNewAndDeleteExistingSession(ctx, config, typedUserId), generateTokens);
17
- }
18
- const callSignIn = async (ctx, args) => {
19
- return ctx.runMutation(AUTH_STORE_REF, { args: {
20
- type: "signIn",
21
- ...args
22
- } });
23
- };
24
-
25
- //#endregion
26
- export { callSignIn, signInArgs, signInImpl };
27
- //# sourceMappingURL=signin.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"signin.js","names":[],"sources":["../../../../src/server/mutations/signin.ts"],"sourcesContent":["import type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId, Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport {\n createNewAndDeleteExistingSession,\n maybeGenerateTokensForSession,\n} from \"../sessions\";\nimport { MutationCtx, SessionInfo } from \"../types\";\nimport { LOG_LEVELS, logWithLevel } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const signInArgs = v.object({\n userId: v.string(),\n sessionId: v.optional(v.string()),\n generateTokens: v.boolean(),\n});\n\ntype ReturnType = SessionInfo;\n\nexport async function signInImpl(\n ctx: MutationCtx,\n args: Infer<typeof signInArgs>,\n config: Provider.Config,\n): Promise<ReturnType> {\n logWithLevel(LOG_LEVELS.DEBUG, \"signInImpl args:\", args);\n const { userId, sessionId: existingSessionId, generateTokens } = args;\n const typedUserId = userId as GenericId<\"User\">;\n const typedExistingSessionId = existingSessionId as\n | GenericId<\"Session\">\n | undefined;\n const sessionId =\n typedExistingSessionId ??\n (await createNewAndDeleteExistingSession(ctx, config, typedUserId));\n return await maybeGenerateTokensForSession(\n ctx,\n config,\n typedUserId,\n sessionId,\n generateTokens,\n );\n}\n\nexport const callSignIn = async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n args: Infer<typeof signInArgs>,\n): Promise<ReturnType> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"signIn\",\n ...args,\n },\n });\n};\n"],"mappings":";;;;;;AAYA,MAAa,aAAa,EAAE,OAAO;CACjC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;CACjC,gBAAgB,EAAE,SAAS;CAC5B,CAAC;AAIF,eAAsB,WACpB,KACA,MACA,QACqB;AACrB,cAAa,WAAW,OAAO,oBAAoB,KAAK;CACxD,MAAM,EAAE,QAAQ,WAAW,mBAAmB,mBAAmB;CACjE,MAAM,cAAc;AAOpB,QAAO,MAAM,8BACX,KACA,QACA,aAT6B,qBAK5B,MAAM,kCAAkC,KAAK,QAAQ,YAAY,EAMlE,eACD;;AAGH,MAAa,aAAa,OACxB,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}
@@ -1,27 +0,0 @@
1
- import { authDb } from "../db.js";
2
- import { AUTH_STORE_REF } from "./store/refs.js";
3
- import { deleteSession, getAuthSessionId } from "../sessions.js";
4
- import { Fx } from "@robelest/fx";
5
-
6
- //#region src/server/mutations/signout.ts
7
- function signOutImpl(ctx, config) {
8
- return Fx.gen(function* () {
9
- const db = authDb(ctx, config);
10
- const sessionId = yield* Fx.promise(() => getAuthSessionId(ctx));
11
- if (sessionId === null) return null;
12
- const session = yield* Fx.promise(() => db.sessions.getById(sessionId));
13
- if (session === null) return null;
14
- yield* Fx.promise(() => deleteSession(ctx, session, config));
15
- return {
16
- userId: session.userId,
17
- sessionId: session._id
18
- };
19
- });
20
- }
21
- const callSignOut = async (ctx) => {
22
- return ctx.runMutation(AUTH_STORE_REF, { args: { type: "signOut" } });
23
- };
24
-
25
- //#endregion
26
- export { callSignOut, signOutImpl };
27
- //# sourceMappingURL=signout.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"signout.js","names":[],"sources":["../../../../src/server/mutations/signout.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { deleteSession, getAuthSessionId } from \"../sessions\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\ntype ReturnType = {\n userId: GenericId<\"User\">;\n sessionId: GenericId<\"Session\">;\n} | null;\n\nexport function signOutImpl(\n ctx: MutationCtx,\n config: Provider.Config,\n): Fx<ReturnType, never> {\n return Fx.gen(function* () {\n const db = authDb(ctx, config);\n const sessionId = yield* Fx.promise(() => getAuthSessionId(ctx));\n if (sessionId === null) {\n return null;\n }\n const session = yield* Fx.promise(() => db.sessions.getById(sessionId));\n if (session === null) {\n return null;\n }\n yield* Fx.promise(() => deleteSession(ctx, session, config));\n return { userId: session.userId, sessionId: session._id };\n });\n}\n\nexport const callSignOut = async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n): Promise<void> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"signOut\",\n },\n });\n};\n"],"mappings":";;;;;;AAeA,SAAgB,YACd,KACA,QACuB;AACvB,QAAO,GAAG,IAAI,aAAa;EACzB,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,YAAY,OAAO,GAAG,cAAc,iBAAiB,IAAI,CAAC;AAChE,MAAI,cAAc,KAChB,QAAO;EAET,MAAM,UAAU,OAAO,GAAG,cAAc,GAAG,SAAS,QAAQ,UAAU,CAAC;AACvE,MAAI,YAAY,KACd,QAAO;AAET,SAAO,GAAG,cAAc,cAAc,KAAK,SAAS,OAAO,CAAC;AAC5D,SAAO;GAAE,QAAQ,QAAQ;GAAQ,WAAW,QAAQ;GAAK;GACzD;;AAGJ,MAAa,cAAc,OACzB,QACkB;AAClB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM,EACJ,MAAM,WACP,EACF,CAAC"}
@@ -1,15 +0,0 @@
1
- import { makeFunctionReference } from "convex/server";
2
-
3
- //#region src/server/mutations/store/refs.ts
4
- /**
5
- * Internal function reference for the library's store dispatch mutation.
6
- *
7
- * The package cannot import the consumer app's generated `api` module,
8
- * so it uses a canonical function reference name that matches the app-level
9
- * `export const { store } = auth` surface.
10
- */
11
- const AUTH_STORE_REF = makeFunctionReference("auth:store");
12
-
13
- //#endregion
14
- export { AUTH_STORE_REF };
15
- //# sourceMappingURL=refs.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"refs.js","names":[],"sources":["../../../../../src/server/mutations/store/refs.ts"],"sourcesContent":["import { makeFunctionReference } from \"convex/server\";\n\n/**\n * Internal function reference for the library's store dispatch mutation.\n *\n * The package cannot import the consumer app's generated `api` module,\n * so it uses a canonical function reference name that matches the app-level\n * `export const { store } = auth` surface.\n */\nexport const AUTH_STORE_REF = makeFunctionReference(\"auth:store\") as any;\n"],"mappings":";;;;;;;;;;AASA,MAAa,iBAAiB,sBAAsB,aAAa"}
@@ -1,70 +0,0 @@
1
- import { LOG_LEVELS, logWithLevel } from "../utils.js";
2
- import { modifyAccountArgs, modifyAccountImpl } from "./account.js";
3
- import { createVerificationCodeArgs, createVerificationCodeImpl } from "./code.js";
4
- import { invalidateSessionsArgs, invalidateSessionsImpl } from "./invalidate.js";
5
- import { userOAuthArgs, userOAuthImpl } from "./oauth.js";
6
- import { refreshSessionArgs, refreshSessionImpl } from "./refresh.js";
7
- import { createAccountFromCredentialsArgs, createAccountFromCredentialsImpl } from "./register.js";
8
- import { retrieveAccountWithCredentialsArgs, retrieveAccountWithCredentialsImpl } from "./retrieve.js";
9
- import { verifierSignatureArgs, verifierSignatureImpl } from "./signature.js";
10
- import { signInArgs, signInImpl } from "./signin.js";
11
- import { signOutImpl } from "./signout.js";
12
- import { verifierImpl } from "./verifier.js";
13
- import { verifyCodeAndSignInArgs, verifyCodeAndSignInImpl } from "./verify.js";
14
- import { Fx } from "@robelest/fx";
15
- import { v } from "convex/values";
16
-
17
- //#region src/server/mutations/store.ts
18
- const storeArgs = v.object({ args: v.union(v.object({
19
- type: v.literal("signIn"),
20
- ...signInArgs.fields
21
- }), v.object({ type: v.literal("signOut") }), v.object({
22
- type: v.literal("refreshSession"),
23
- ...refreshSessionArgs.fields
24
- }), v.object({
25
- type: v.literal("verifyCodeAndSignIn"),
26
- ...verifyCodeAndSignInArgs.fields
27
- }), v.object({ type: v.literal("verifier") }), v.object({
28
- type: v.literal("verifierSignature"),
29
- ...verifierSignatureArgs.fields
30
- }), v.object({
31
- type: v.literal("userOAuth"),
32
- ...userOAuthArgs.fields
33
- }), v.object({
34
- type: v.literal("createVerificationCode"),
35
- ...createVerificationCodeArgs.fields
36
- }), v.object({
37
- type: v.literal("createAccountFromCredentials"),
38
- ...createAccountFromCredentialsArgs.fields
39
- }), v.object({
40
- type: v.literal("retrieveAccountWithCredentials"),
41
- ...retrieveAccountWithCredentialsArgs.fields
42
- }), v.object({
43
- type: v.literal("modifyAccount"),
44
- ...modifyAccountArgs.fields
45
- }), v.object({
46
- type: v.literal("invalidateSessions"),
47
- ...invalidateSessionsArgs.fields
48
- })) });
49
- const storeImpl = async (ctx, fnArgs, getProviderOrThrow, config) => {
50
- const args = fnArgs.args;
51
- logWithLevel(LOG_LEVELS.INFO, `\`auth:store\` type: ${args.type}`);
52
- return Fx.run(Fx.match(args, args.type, {
53
- signIn: (a) => Fx.promise(() => signInImpl(ctx, a, config)),
54
- signOut: () => signOutImpl(ctx, config),
55
- refreshSession: (a) => Fx.promise(() => refreshSessionImpl(ctx, a, getProviderOrThrow, config)),
56
- verifyCodeAndSignIn: (a) => Fx.promise(() => verifyCodeAndSignInImpl(ctx, a, getProviderOrThrow, config)),
57
- verifier: () => verifierImpl(ctx, config),
58
- verifierSignature: (a) => verifierSignatureImpl(ctx, a, config).pipe(Fx.recover((e) => Fx.fatal(e))),
59
- userOAuth: (a) => userOAuthImpl(ctx, a, getProviderOrThrow, config).pipe(Fx.recover((e) => Fx.fatal(e))),
60
- createVerificationCode: (a) => Fx.promise(() => createVerificationCodeImpl(ctx, a, getProviderOrThrow, config)),
61
- createAccountFromCredentials: (a) => Fx.promise(() => createAccountFromCredentialsImpl(ctx, a, getProviderOrThrow, config)),
62
- retrieveAccountWithCredentials: (a) => retrieveAccountWithCredentialsImpl(ctx, a, getProviderOrThrow, config),
63
- modifyAccount: (a) => modifyAccountImpl(ctx, a, getProviderOrThrow, config).pipe(Fx.recover((e) => Fx.fatal(e))),
64
- invalidateSessions: (a) => invalidateSessionsImpl(ctx, a, config)
65
- }));
66
- };
67
-
68
- //#endregion
69
- export { storeArgs, storeImpl };
70
- //# sourceMappingURL=store.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"store.js","names":[],"sources":["../../../../src/server/mutations/store.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { MutationCtx } from \"../types\";\nimport { LOG_LEVELS, logWithLevel } from \"../utils\";\nimport { modifyAccountArgs, modifyAccountImpl } from \"./account\";\nimport { createVerificationCodeArgs, createVerificationCodeImpl } from \"./code\";\nimport { invalidateSessionsArgs, invalidateSessionsImpl } from \"./invalidate\";\nimport { userOAuthArgs, userOAuthImpl } from \"./oauth\";\nimport { refreshSessionArgs, refreshSessionImpl } from \"./refresh\";\nimport {\n createAccountFromCredentialsArgs,\n createAccountFromCredentialsImpl,\n} from \"./register\";\nimport {\n retrieveAccountWithCredentialsArgs,\n retrieveAccountWithCredentialsImpl,\n} from \"./retrieve\";\nimport { verifierSignatureArgs, verifierSignatureImpl } from \"./signature\";\nimport { signInArgs, signInImpl } from \"./signin\";\nimport { signOutImpl } from \"./signout\";\nimport { verifierImpl } from \"./verifier\";\nimport { verifyCodeAndSignInArgs, verifyCodeAndSignInImpl } from \"./verify\";\n\nexport const storeArgs = v.object({\n args: v.union(\n v.object({\n type: v.literal(\"signIn\"),\n ...signInArgs.fields,\n }),\n v.object({\n type: v.literal(\"signOut\"),\n }),\n v.object({\n type: v.literal(\"refreshSession\"),\n ...refreshSessionArgs.fields,\n }),\n v.object({\n type: v.literal(\"verifyCodeAndSignIn\"),\n ...verifyCodeAndSignInArgs.fields,\n }),\n v.object({\n type: v.literal(\"verifier\"),\n }),\n v.object({\n type: v.literal(\"verifierSignature\"),\n ...verifierSignatureArgs.fields,\n }),\n v.object({\n type: v.literal(\"userOAuth\"),\n ...userOAuthArgs.fields,\n }),\n v.object({\n type: v.literal(\"createVerificationCode\"),\n ...createVerificationCodeArgs.fields,\n }),\n v.object({\n type: v.literal(\"createAccountFromCredentials\"),\n ...createAccountFromCredentialsArgs.fields,\n }),\n v.object({\n type: v.literal(\"retrieveAccountWithCredentials\"),\n ...retrieveAccountWithCredentialsArgs.fields,\n }),\n v.object({\n type: v.literal(\"modifyAccount\"),\n ...modifyAccountArgs.fields,\n }),\n v.object({\n type: v.literal(\"invalidateSessions\"),\n ...invalidateSessionsArgs.fields,\n }),\n ),\n});\n\nexport const storeImpl = async (\n ctx: MutationCtx,\n fnArgs: Infer<typeof storeArgs>,\n getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n config: Provider.Config,\n) => {\n const args = fnArgs.args;\n logWithLevel(LOG_LEVELS.INFO, `\\`auth:store\\` type: ${args.type}`);\n return Fx.run(\n Fx.match(args, args.type, {\n signIn: (a) => Fx.promise(() => signInImpl(ctx, a, config)),\n signOut: () => signOutImpl(ctx, config),\n refreshSession: (a) =>\n Fx.promise(() =>\n refreshSessionImpl(ctx, a, getProviderOrThrow, config),\n ),\n verifyCodeAndSignIn: (a) =>\n Fx.promise(() =>\n verifyCodeAndSignInImpl(ctx, a, getProviderOrThrow, config),\n ),\n verifier: () => verifierImpl(ctx, config),\n verifierSignature: (a) =>\n verifierSignatureImpl(ctx, a, config).pipe(\n Fx.recover((e) => Fx.fatal(e)),\n ),\n userOAuth: (a) =>\n userOAuthImpl(ctx, a, getProviderOrThrow, config).pipe(\n Fx.recover((e) => Fx.fatal(e)),\n ),\n createVerificationCode: (a) =>\n Fx.promise(() =>\n createVerificationCodeImpl(ctx, a, getProviderOrThrow, config),\n ),\n createAccountFromCredentials: (a) =>\n Fx.promise(() =>\n createAccountFromCredentialsImpl(ctx, a, getProviderOrThrow, config),\n ),\n retrieveAccountWithCredentials: (a) =>\n retrieveAccountWithCredentialsImpl(ctx, a, getProviderOrThrow, config),\n modifyAccount: (a) =>\n modifyAccountImpl(ctx, a, getProviderOrThrow, config).pipe(\n Fx.recover((e) => Fx.fatal(e)),\n ),\n invalidateSessions: (a) => invalidateSessionsImpl(ctx, a, config),\n }),\n );\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAyBA,MAAa,YAAY,EAAE,OAAO,EAChC,MAAM,EAAE,MACN,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,SAAS;CACzB,GAAG,WAAW;CACf,CAAC,EACF,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,UAAU,EAC3B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,iBAAiB;CACjC,GAAG,mBAAmB;CACvB,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,sBAAsB;CACtC,GAAG,wBAAwB;CAC5B,CAAC,EACF,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,WAAW,EAC5B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,oBAAoB;CACpC,GAAG,sBAAsB;CAC1B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,YAAY;CAC5B,GAAG,cAAc;CAClB,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,yBAAyB;CACzC,GAAG,2BAA2B;CAC/B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,+BAA+B;CAC/C,GAAG,iCAAiC;CACrC,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,iCAAiC;CACjD,GAAG,mCAAmC;CACvC,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,gBAAgB;CAChC,GAAG,kBAAkB;CACtB,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,qBAAqB;CACrC,GAAG,uBAAuB;CAC3B,CAAC,CACH,EACF,CAAC;AAEF,MAAa,YAAY,OACvB,KACA,QACA,oBACA,WACG;CACH,MAAM,OAAO,OAAO;AACpB,cAAa,WAAW,MAAM,wBAAwB,KAAK,OAAO;AAClE,QAAO,GAAG,IACR,GAAG,MAAM,MAAM,KAAK,MAAM;EACxB,SAAS,MAAM,GAAG,cAAc,WAAW,KAAK,GAAG,OAAO,CAAC;EAC3D,eAAe,YAAY,KAAK,OAAO;EACvC,iBAAiB,MACf,GAAG,cACD,mBAAmB,KAAK,GAAG,oBAAoB,OAAO,CACvD;EACH,sBAAsB,MACpB,GAAG,cACD,wBAAwB,KAAK,GAAG,oBAAoB,OAAO,CAC5D;EACH,gBAAgB,aAAa,KAAK,OAAO;EACzC,oBAAoB,MAClB,sBAAsB,KAAK,GAAG,OAAO,CAAC,KACpC,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,CAC/B;EACH,YAAY,MACV,cAAc,KAAK,GAAG,oBAAoB,OAAO,CAAC,KAChD,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,CAC/B;EACH,yBAAyB,MACvB,GAAG,cACD,2BAA2B,KAAK,GAAG,oBAAoB,OAAO,CAC/D;EACH,+BAA+B,MAC7B,GAAG,cACD,iCAAiC,KAAK,GAAG,oBAAoB,OAAO,CACrE;EACH,iCAAiC,MAC/B,mCAAmC,KAAK,GAAG,oBAAoB,OAAO;EACxE,gBAAgB,MACd,kBAAkB,KAAK,GAAG,oBAAoB,OAAO,CAAC,KACpD,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,CAC/B;EACH,qBAAqB,MAAM,uBAAuB,KAAK,GAAG,OAAO;EAClE,CAAC,CACH"}
@@ -1,18 +0,0 @@
1
- import { authDb } from "../db.js";
2
- import { AUTH_STORE_REF } from "./store/refs.js";
3
- import { getAuthSessionId } from "../sessions.js";
4
- import { Fx } from "@robelest/fx";
5
-
6
- //#region src/server/mutations/verifier.ts
7
- function verifierImpl(ctx, config) {
8
- return Fx.gen(function* () {
9
- return yield* Fx.promise(async () => authDb(ctx, config).verifiers.create(await getAuthSessionId(ctx) ?? void 0));
10
- });
11
- }
12
- const callVerifier = async (ctx) => {
13
- return ctx.runMutation(AUTH_STORE_REF, { args: { type: "verifier" } });
14
- };
15
-
16
- //#endregion
17
- export { callVerifier, verifierImpl };
18
- //# sourceMappingURL=verifier.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"verifier.js","names":[],"sources":["../../../../src/server/mutations/verifier.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { getAuthSessionId } from \"../sessions\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\ntype ReturnType = GenericId<\"AuthVerifier\">;\n\nexport function verifierImpl(\n ctx: MutationCtx,\n config: Provider.Config,\n): Fx<ReturnType, never> {\n return Fx.gen(function* () {\n return (yield* Fx.promise(async () =>\n authDb(ctx, config).verifiers.create(\n (await getAuthSessionId(ctx)) ?? undefined,\n ),\n )) as ReturnType;\n });\n}\n\nexport const callVerifier = async <DataModel extends GenericDataModel>(\n ctx: GenericActionCtx<DataModel>,\n): Promise<ReturnType> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"verifier\",\n },\n });\n};\n"],"mappings":";;;;;;AAYA,SAAgB,aACd,KACA,QACuB;AACvB,QAAO,GAAG,IAAI,aAAa;AACzB,SAAQ,OAAO,GAAG,QAAQ,YACxB,OAAO,KAAK,OAAO,CAAC,UAAU,OAC3B,MAAM,iBAAiB,IAAI,IAAK,OAClC,CACF;GACD;;AAGJ,MAAa,eAAe,OAC1B,QACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM,EACJ,MAAM,YACP,EACF,CAAC"}
@@ -1,98 +0,0 @@
1
- import { LOG_LEVELS, logWithLevel, requireEnv, sha256 } from "../utils.js";
2
- import { authDb } from "../db.js";
3
- import { AUTH_STORE_REF } from "./store/refs.js";
4
- import { createNewAndDeleteExistingSession, getAuthSessionId, maybeGenerateTokensForSession } from "../sessions.js";
5
- import { upsertUserAndAccount } from "../users.js";
6
- import { isEnterpriseProviderId } from "../enterprise/shared.js";
7
- import { createSyntheticOAuthMaterializedConfig } from "../enterprise/oidc.js";
8
- import { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit } from "../limits.js";
9
- import { Fx } from "@robelest/fx";
10
- import { v } from "convex/values";
11
-
12
- //#region src/server/mutations/verify.ts
13
- const verifyCodeAndSignInArgs = v.object({
14
- params: v.any(),
15
- provider: v.optional(v.string()),
16
- verifier: v.optional(v.string()),
17
- generateTokens: v.boolean(),
18
- allowExtraProviders: v.boolean()
19
- });
20
- /** A soft verification failure — logged and collapsed to null at the boundary. */
21
- var VerifyFailure = class {
22
- _tag = "VerifyFailure";
23
- constructor(reason) {
24
- this.reason = reason;
25
- }
26
- };
27
- async function verifyCodeAndSignInImpl(ctx, args, getProviderOrThrow, config) {
28
- logWithLevel(LOG_LEVELS.DEBUG, "verifyCodeAndSignInImpl args:", {
29
- params: {
30
- email: args.params.email,
31
- phone: args.params.phone
32
- },
33
- provider: args.provider,
34
- verifier: args.verifier,
35
- generateTokens: args.generateTokens,
36
- allowExtraProviders: args.allowExtraProviders
37
- });
38
- const { generateTokens, provider, allowExtraProviders } = args;
39
- if (generateTokens) {
40
- requireEnv("JWT_PRIVATE_KEY");
41
- requireEnv("JWKS");
42
- requireEnv("CONVEX_SITE_URL");
43
- }
44
- const identifier = args.params.email ?? args.params.phone;
45
- try {
46
- if (identifier !== void 0) {
47
- if (await Fx.run(isSignInRateLimited(ctx, identifier, config))) throw new VerifyFailure("Too many failed attempts to verify code for this email");
48
- }
49
- const db = authDb(ctx, config);
50
- const { params, verifier } = args;
51
- const hash = await sha256(params.code);
52
- const code = await db.verificationCodes.getByCode(hash);
53
- if (code === null) throw new VerifyFailure("Invalid verification code");
54
- await db.verificationCodes.delete(code._id);
55
- if (code.verifier !== verifier) throw new VerifyFailure("Invalid verifier");
56
- if (code.expirationTime < Date.now()) throw new VerifyFailure("Expired verification code");
57
- if (provider !== void 0 && code.provider !== provider) throw new VerifyFailure(`Invalid provider "${provider}" for given \`code\``);
58
- const account = await db.accounts.getById(code.accountId);
59
- if (account === null) throw new VerifyFailure("Account associated with this email has been deleted");
60
- const codeProvider = isEnterpriseProviderId(code.provider) ? createSyntheticOAuthMaterializedConfig(code.provider) : getProviderOrThrow(code.provider, allowExtraProviders);
61
- if (codeProvider !== null && (codeProvider.type === "email" || codeProvider.type === "phone") && codeProvider.authorize !== void 0) await codeProvider.authorize(args.params, account);
62
- const methodProvider = isEnterpriseProviderId(account.provider) ? createSyntheticOAuthMaterializedConfig(account.provider) : getProviderOrThrow(account.provider);
63
- const userId = methodProvider.type === "oauth" ? account.userId : (await upsertUserAndAccount(ctx, await getAuthSessionId(ctx), { existingAccount: account }, {
64
- type: "verification",
65
- provider: methodProvider,
66
- profile: {
67
- ...code.emailVerified !== void 0 ? {
68
- email: code.emailVerified,
69
- emailVerified: true
70
- } : {},
71
- ...code.phoneVerified !== void 0 ? {
72
- phone: code.phoneVerified,
73
- phoneVerified: true
74
- } : {}
75
- }
76
- }, config)).userId;
77
- if (identifier !== void 0) await Fx.run(resetSignInRateLimit(ctx, identifier, config));
78
- return await maybeGenerateTokensForSession(ctx, config, userId, await createNewAndDeleteExistingSession(ctx, config, userId), generateTokens);
79
- } catch (error) {
80
- if (error instanceof VerifyFailure) {
81
- logWithLevel(LOG_LEVELS.ERROR, error.reason);
82
- if (identifier !== void 0) await Fx.run(recordFailedSignIn(ctx, identifier, config));
83
- return null;
84
- }
85
- logWithLevel(LOG_LEVELS.ERROR, `verifyCodeAndSignInImpl failed: ${String(error)}`);
86
- return null;
87
- }
88
- }
89
- const callVerifyCodeAndSignIn = async (ctx, args) => {
90
- return ctx.runMutation(AUTH_STORE_REF, { args: {
91
- type: "verifyCodeAndSignIn",
92
- ...args
93
- } });
94
- };
95
-
96
- //#endregion
97
- export { callVerifyCodeAndSignIn, verifyCodeAndSignInArgs, verifyCodeAndSignInImpl };
98
- //# sourceMappingURL=verify.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"verify.js","names":[],"sources":["../../../../src/server/mutations/verify.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { authDb } from \"../db\";\nimport { createSyntheticOAuthMaterializedConfig } from \"../enterprise/oidc\";\nimport { isEnterpriseProviderId } from \"../enterprise/shared\";\nimport {\n isSignInRateLimited,\n recordFailedSignIn,\n resetSignInRateLimit,\n} from \"../limits\";\nimport {\n createNewAndDeleteExistingSession,\n getAuthSessionId,\n maybeGenerateTokensForSession,\n} from \"../sessions\";\nimport { MutationCtx, SessionInfo } from \"../types\";\nimport { upsertUserAndAccount } from \"../users\";\nimport { LOG_LEVELS, logWithLevel, sha256 } from \"../utils\";\nimport { requireEnv } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const verifyCodeAndSignInArgs = v.object({\n params: v.any(),\n provider: v.optional(v.string()),\n verifier: v.optional(v.string()),\n generateTokens: v.boolean(),\n allowExtraProviders: v.boolean(),\n});\n\ntype ReturnType = null | SessionInfo;\n\n// ============================================================================\n// Small validators for the verification pipeline\n// ============================================================================\n\n/** A soft verification failure — logged and collapsed to null at the boundary. */\nclass VerifyFailure {\n readonly _tag = \"VerifyFailure\" as const;\n constructor(readonly reason: string) {}\n}\n\n// ============================================================================\n// Main exported function\n// ============================================================================\n\nexport async function verifyCodeAndSignInImpl(\n ctx: MutationCtx,\n args: Infer<typeof verifyCodeAndSignInArgs>,\n getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n config: Provider.Config,\n): Promise<ReturnType> {\n logWithLevel(LOG_LEVELS.DEBUG, \"verifyCodeAndSignInImpl args:\", {\n params: { email: args.params.email, phone: args.params.phone },\n provider: args.provider,\n verifier: args.verifier,\n generateTokens: args.generateTokens,\n allowExtraProviders: args.allowExtraProviders,\n });\n\n const { generateTokens, provider, allowExtraProviders } = args;\n if (generateTokens) {\n requireEnv(\"JWT_PRIVATE_KEY\");\n requireEnv(\"JWKS\");\n requireEnv(\"CONVEX_SITE_URL\");\n }\n const identifier: string | undefined = args.params.email ?? args.params.phone;\n\n try {\n if (identifier !== undefined) {\n const limited = await Fx.run(\n isSignInRateLimited(ctx, identifier, config),\n );\n if (limited) {\n throw new VerifyFailure(\n \"Too many failed attempts to verify code for this email\",\n );\n }\n }\n\n const db = authDb(ctx, config);\n const { params, verifier } = args;\n const hash = await sha256(params.code);\n const code = await db.verificationCodes.getByCode(hash);\n if (code === null) {\n throw new VerifyFailure(\"Invalid verification code\");\n }\n\n await db.verificationCodes.delete(code._id);\n\n if (code.verifier !== verifier) {\n throw new VerifyFailure(\"Invalid verifier\");\n }\n if (code.expirationTime < Date.now()) {\n throw new VerifyFailure(\"Expired verification code\");\n }\n if (provider !== undefined && code.provider !== provider) {\n throw new VerifyFailure(\n `Invalid provider \"${provider}\" for given \\`code\\``,\n );\n }\n\n const account = await db.accounts.getById(code.accountId);\n if (account === null) {\n throw new VerifyFailure(\n \"Account associated with this email has been deleted\",\n );\n }\n\n const codeProvider = isEnterpriseProviderId(code.provider)\n ? createSyntheticOAuthMaterializedConfig(code.provider)\n : getProviderOrThrow(code.provider, allowExtraProviders);\n\n if (\n codeProvider !== null &&\n (codeProvider.type === \"email\" || codeProvider.type === \"phone\") &&\n codeProvider.authorize !== undefined\n ) {\n await codeProvider.authorize(args.params, account);\n }\n\n const methodProvider = isEnterpriseProviderId(account.provider)\n ? createSyntheticOAuthMaterializedConfig(account.provider)\n : getProviderOrThrow(account.provider);\n\n const userId =\n methodProvider.type === \"oauth\"\n ? account.userId\n : (\n await upsertUserAndAccount(\n ctx,\n await getAuthSessionId(ctx),\n { existingAccount: account },\n {\n type: \"verification\",\n provider: methodProvider,\n profile: {\n ...(code.emailVerified !== undefined\n ? { email: code.emailVerified, emailVerified: true }\n : {}),\n ...(code.phoneVerified !== undefined\n ? { phone: code.phoneVerified, phoneVerified: true }\n : {}),\n },\n },\n config,\n )\n ).userId;\n\n if (identifier !== undefined) {\n await Fx.run(resetSignInRateLimit(ctx, identifier, config));\n }\n\n const sessionId = await createNewAndDeleteExistingSession(\n ctx,\n config,\n userId,\n );\n return await maybeGenerateTokensForSession(\n ctx,\n config,\n userId,\n sessionId,\n generateTokens,\n );\n } catch (error) {\n if (error instanceof VerifyFailure) {\n logWithLevel(LOG_LEVELS.ERROR, error.reason);\n if (identifier !== undefined) {\n await Fx.run(recordFailedSignIn(ctx, identifier, config));\n }\n return null;\n }\n logWithLevel(\n LOG_LEVELS.ERROR,\n `verifyCodeAndSignInImpl failed: ${String(error)}`,\n );\n return null;\n }\n}\n\n// ============================================================================\n// Action-level caller (unchanged — just forwards to mutation)\n// ============================================================================\n\nexport const callVerifyCodeAndSignIn = async <\n DataModel extends GenericDataModel,\n>(\n ctx: GenericActionCtx<DataModel>,\n args: Infer<typeof verifyCodeAndSignInArgs>,\n): Promise<ReturnType> => {\n return ctx.runMutation(AUTH_STORE_REF, {\n args: {\n type: \"verifyCodeAndSignIn\",\n ...args,\n },\n });\n};\n"],"mappings":";;;;;;;;;;;;AAwBA,MAAa,0BAA0B,EAAE,OAAO;CAC9C,QAAQ,EAAE,KAAK;CACf,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,gBAAgB,EAAE,SAAS;CAC3B,qBAAqB,EAAE,SAAS;CACjC,CAAC;;AASF,IAAM,gBAAN,MAAoB;CAClB,AAAS,OAAO;CAChB,YAAY,AAAS,QAAgB;EAAhB;;;AAOvB,eAAsB,wBACpB,KACA,MACA,oBACA,QACqB;AACrB,cAAa,WAAW,OAAO,iCAAiC;EAC9D,QAAQ;GAAE,OAAO,KAAK,OAAO;GAAO,OAAO,KAAK,OAAO;GAAO;EAC9D,UAAU,KAAK;EACf,UAAU,KAAK;EACf,gBAAgB,KAAK;EACrB,qBAAqB,KAAK;EAC3B,CAAC;CAEF,MAAM,EAAE,gBAAgB,UAAU,wBAAwB;AAC1D,KAAI,gBAAgB;AAClB,aAAW,kBAAkB;AAC7B,aAAW,OAAO;AAClB,aAAW,kBAAkB;;CAE/B,MAAM,aAAiC,KAAK,OAAO,SAAS,KAAK,OAAO;AAExE,KAAI;AACF,MAAI,eAAe,QAIjB;OAHgB,MAAM,GAAG,IACvB,oBAAoB,KAAK,YAAY,OAAO,CAC7C,CAEC,OAAM,IAAI,cACR,yDACD;;EAIL,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,EAAE,QAAQ,aAAa;EAC7B,MAAM,OAAO,MAAM,OAAO,OAAO,KAAK;EACtC,MAAM,OAAO,MAAM,GAAG,kBAAkB,UAAU,KAAK;AACvD,MAAI,SAAS,KACX,OAAM,IAAI,cAAc,4BAA4B;AAGtD,QAAM,GAAG,kBAAkB,OAAO,KAAK,IAAI;AAE3C,MAAI,KAAK,aAAa,SACpB,OAAM,IAAI,cAAc,mBAAmB;AAE7C,MAAI,KAAK,iBAAiB,KAAK,KAAK,CAClC,OAAM,IAAI,cAAc,4BAA4B;AAEtD,MAAI,aAAa,UAAa,KAAK,aAAa,SAC9C,OAAM,IAAI,cACR,qBAAqB,SAAS,sBAC/B;EAGH,MAAM,UAAU,MAAM,GAAG,SAAS,QAAQ,KAAK,UAAU;AACzD,MAAI,YAAY,KACd,OAAM,IAAI,cACR,sDACD;EAGH,MAAM,eAAe,uBAAuB,KAAK,SAAS,GACtD,uCAAuC,KAAK,SAAS,GACrD,mBAAmB,KAAK,UAAU,oBAAoB;AAE1D,MACE,iBAAiB,SAChB,aAAa,SAAS,WAAW,aAAa,SAAS,YACxD,aAAa,cAAc,OAE3B,OAAM,aAAa,UAAU,KAAK,QAAQ,QAAQ;EAGpD,MAAM,iBAAiB,uBAAuB,QAAQ,SAAS,GAC3D,uCAAuC,QAAQ,SAAS,GACxD,mBAAmB,QAAQ,SAAS;EAExC,MAAM,SACJ,eAAe,SAAS,UACpB,QAAQ,UAEN,MAAM,qBACJ,KACA,MAAM,iBAAiB,IAAI,EAC3B,EAAE,iBAAiB,SAAS,EAC5B;GACE,MAAM;GACN,UAAU;GACV,SAAS;IACP,GAAI,KAAK,kBAAkB,SACvB;KAAE,OAAO,KAAK;KAAe,eAAe;KAAM,GAClD,EAAE;IACN,GAAI,KAAK,kBAAkB,SACvB;KAAE,OAAO,KAAK;KAAe,eAAe;KAAM,GAClD,EAAE;IACP;GACF,EACD,OACD,EACD;AAER,MAAI,eAAe,OACjB,OAAM,GAAG,IAAI,qBAAqB,KAAK,YAAY,OAAO,CAAC;AAQ7D,SAAO,MAAM,8BACX,KACA,QACA,QARgB,MAAM,kCACtB,KACA,QACA,OACD,EAMC,eACD;UACM,OAAO;AACd,MAAI,iBAAiB,eAAe;AAClC,gBAAa,WAAW,OAAO,MAAM,OAAO;AAC5C,OAAI,eAAe,OACjB,OAAM,GAAG,IAAI,mBAAmB,KAAK,YAAY,OAAO,CAAC;AAE3D,UAAO;;AAET,eACE,WAAW,OACX,mCAAmC,OAAO,MAAM,GACjD;AACD,SAAO;;;AAQX,MAAa,0BAA0B,OAGrC,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}