@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/README.md +43 -36
  2. package/dist/bin.js +5765 -4880
  3. package/dist/browser/index.d.ts +30 -0
  4. package/dist/browser/index.js +93 -0
  5. package/dist/browser/locks.js +11 -0
  6. package/dist/browser/navigation.js +14 -0
  7. package/dist/{factors → browser}/passkey.js +23 -32
  8. package/dist/browser/runtime.js +92 -0
  9. package/dist/client/core/types.d.ts +452 -5
  10. package/dist/client/core/types.js +17 -0
  11. package/dist/client/errors.js +19 -0
  12. package/dist/client/factors/device.js +94 -0
  13. package/dist/{factors → client/factors}/totp.js +12 -4
  14. package/dist/client/index.d.ts +47 -1
  15. package/dist/client/index.js +269 -232
  16. package/dist/client/runtime/mutex.js +24 -0
  17. package/dist/client/runtime/proxy.js +30 -0
  18. package/dist/client/runtime/storage.js +45 -0
  19. package/dist/client/services/adapters.js +7 -0
  20. package/dist/client/services/http.js +6 -0
  21. package/dist/client/services/resolve.js +13 -0
  22. package/dist/client/services/runtime.js +6 -0
  23. package/dist/component/_generated/component.d.ts +1355 -1399
  24. package/dist/component/convex.config.d.ts +2 -2
  25. package/dist/component/index.d.ts +4 -26
  26. package/dist/component/index.js +1 -1
  27. package/dist/component/model.d.ts +26 -112
  28. package/dist/component/model.js +76 -54
  29. package/dist/component/modules.js +38 -0
  30. package/dist/component/public/factors/devices.js +1 -1
  31. package/dist/component/public/factors/passkeys.js +1 -1
  32. package/dist/component/public/factors/totp.js +1 -1
  33. package/dist/component/public/groups/core.js +2 -2
  34. package/dist/component/public/groups/invites.js +1 -1
  35. package/dist/component/public/groups/members.js +1 -1
  36. package/dist/component/public/identity/accounts.js +1 -1
  37. package/dist/component/public/identity/codes.js +1 -1
  38. package/dist/component/public/identity/sessions.js +39 -2
  39. package/dist/component/public/identity/tokens.js +82 -4
  40. package/dist/component/public/identity/users.js +1 -1
  41. package/dist/component/public/identity/verifiers.js +10 -4
  42. package/dist/component/public/security/keys.js +1 -1
  43. package/dist/component/public/security/limits.js +1 -1
  44. package/dist/component/public/{enterprise → sso}/audit.js +26 -26
  45. package/dist/component/public/sso/core.js +263 -0
  46. package/dist/component/public/sso/domains.js +280 -0
  47. package/dist/component/public/{enterprise → sso}/scim.js +87 -87
  48. package/dist/component/public/sso/secrets.js +125 -0
  49. package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
  50. package/dist/component/public.js +9 -9
  51. package/dist/component/schema.d.ts +472 -393
  52. package/dist/component/schema.js +36 -35
  53. package/dist/core/index.d.ts +380 -0
  54. package/dist/core/index.js +83 -0
  55. package/dist/otel.d.ts +69 -0
  56. package/dist/otel.js +82 -0
  57. package/dist/providers/anonymous.d.ts +15 -34
  58. package/dist/providers/anonymous.js +27 -35
  59. package/dist/providers/apple.d.ts +59 -0
  60. package/dist/providers/apple.js +58 -0
  61. package/dist/providers/credentials.d.ts +18 -34
  62. package/dist/providers/credentials.js +16 -27
  63. package/dist/providers/custom.d.ts +94 -0
  64. package/dist/providers/custom.js +119 -0
  65. package/dist/providers/device.d.ts +15 -49
  66. package/dist/providers/device.js +17 -34
  67. package/dist/providers/email.d.ts +21 -38
  68. package/dist/providers/email.js +36 -55
  69. package/dist/providers/github.d.ts +54 -0
  70. package/dist/providers/github.js +75 -0
  71. package/dist/providers/google.d.ts +54 -0
  72. package/dist/providers/google.js +61 -0
  73. package/dist/providers/index.d.ts +16 -12
  74. package/dist/providers/index.js +15 -11
  75. package/dist/providers/microsoft.d.ts +57 -0
  76. package/dist/providers/microsoft.js +101 -0
  77. package/dist/providers/passkey.d.ts +19 -35
  78. package/dist/providers/passkey.js +20 -30
  79. package/dist/providers/password.d.ts +17 -18
  80. package/dist/providers/password.js +121 -143
  81. package/dist/providers/phone.d.ts +13 -28
  82. package/dist/providers/phone.js +21 -46
  83. package/dist/providers/sso.d.ts +16 -36
  84. package/dist/providers/sso.js +21 -22
  85. package/dist/providers/totp.d.ts +13 -29
  86. package/dist/providers/totp.js +17 -27
  87. package/dist/server/auth-context.d.ts +204 -0
  88. package/dist/server/auth-context.js +76 -0
  89. package/dist/server/auth.d.ts +99 -244
  90. package/dist/server/auth.js +56 -152
  91. package/dist/server/componentContext.d.ts +12 -0
  92. package/dist/server/componentContext.js +1 -0
  93. package/dist/server/config.js +6 -67
  94. package/dist/server/constants.js +6 -0
  95. package/dist/server/contract.d.ts +105 -0
  96. package/dist/server/contract.js +43 -0
  97. package/dist/server/cookies.js +3 -2
  98. package/dist/server/core.js +31 -36
  99. package/dist/server/crypto.js +34 -44
  100. package/dist/server/db.js +6 -1
  101. package/dist/server/device.js +96 -130
  102. package/dist/server/env.js +48 -0
  103. package/dist/server/errors.js +20 -0
  104. package/dist/server/http.d.ts +15 -59
  105. package/dist/server/http.js +136 -120
  106. package/dist/server/identity.js +2 -2
  107. package/dist/server/index.d.ts +5 -4
  108. package/dist/server/index.js +3 -3
  109. package/dist/server/keys.js +10 -1
  110. package/dist/server/limits.js +26 -26
  111. package/dist/server/log.js +28 -0
  112. package/dist/server/mounts.d.ts +1107 -296
  113. package/dist/server/mounts.js +315 -196
  114. package/dist/server/mutations/account.js +11 -14
  115. package/dist/server/mutations/code.js +6 -5
  116. package/dist/server/mutations/invalidate.js +9 -11
  117. package/dist/server/mutations/oauth.js +112 -73
  118. package/dist/server/mutations/refresh.js +47 -97
  119. package/dist/server/mutations/register.js +37 -35
  120. package/dist/server/mutations/retrieve.js +16 -16
  121. package/dist/server/mutations/signature.js +15 -18
  122. package/dist/server/mutations/signin.js +10 -5
  123. package/dist/server/mutations/signout.js +11 -14
  124. package/dist/server/mutations/store.js +25 -18
  125. package/dist/server/mutations/verifier.js +11 -8
  126. package/dist/server/mutations/verify.js +53 -41
  127. package/dist/server/oauth/factory.js +44 -0
  128. package/dist/server/oauth/index.js +12 -0
  129. package/dist/server/oauth/runtime.js +248 -0
  130. package/dist/server/passkey.js +331 -365
  131. package/dist/server/payloads.d.ts +16 -0
  132. package/dist/server/payloads.js +30 -0
  133. package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
  134. package/dist/server/prefetch.js +635 -0
  135. package/dist/server/random.js +19 -0
  136. package/dist/server/redirects.js +10 -5
  137. package/dist/server/refresh.js +14 -86
  138. package/dist/server/runtime.d.ts +531 -31
  139. package/dist/server/runtime.js +106 -267
  140. package/dist/server/secret.js +44 -0
  141. package/dist/server/services/config.js +10 -0
  142. package/dist/server/services/group.js +211 -0
  143. package/dist/server/services/logger.js +8 -0
  144. package/dist/server/services/providers.js +22 -0
  145. package/dist/server/services/refresh.js +8 -0
  146. package/dist/server/services/resolve.js +27 -0
  147. package/dist/server/services/signin.js +8 -0
  148. package/dist/server/sessions.js +35 -34
  149. package/dist/server/signin.js +229 -140
  150. package/dist/server/{enterprise → sso}/config.js +10 -3
  151. package/dist/server/sso/domain.d.ts +614 -0
  152. package/dist/server/sso/domain.js +1175 -0
  153. package/dist/server/sso/http.js +1060 -0
  154. package/dist/server/sso/oidc.js +324 -0
  155. package/dist/server/sso/policies.js +59 -0
  156. package/dist/server/sso/policy.js +139 -0
  157. package/dist/server/sso/profile.js +22 -0
  158. package/dist/server/sso/provision.js +179 -0
  159. package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
  160. package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
  161. package/dist/server/sso/shared.js +74 -0
  162. package/dist/server/sso/validators.js +88 -0
  163. package/dist/server/sso/webhook.js +94 -0
  164. package/dist/server/tokens.js +16 -4
  165. package/dist/server/totp.js +155 -164
  166. package/dist/server/types.d.ts +306 -296
  167. package/dist/server/types.js +1 -30
  168. package/dist/server/url.js +32 -0
  169. package/dist/server/users.js +74 -40
  170. package/dist/server/utils/cache.js +51 -0
  171. package/dist/server/utils/dispatch.js +36 -0
  172. package/dist/server/utils/retry.js +24 -0
  173. package/dist/server/utils/span.js +32 -0
  174. package/dist/shared/errors.js +19 -0
  175. package/dist/shared/log.js +45 -0
  176. package/{src/test.ts → dist/test.d.ts} +21 -22
  177. package/dist/test.js +51 -0
  178. package/package.json +70 -42
  179. package/dist/authorization/index.d.ts.map +0 -1
  180. package/dist/authorization/index.js.map +0 -1
  181. package/dist/client/core/types.d.ts.map +0 -1
  182. package/dist/client/index.d.ts.map +0 -1
  183. package/dist/client/index.js.map +0 -1
  184. package/dist/component/_generated/api.d.ts +0 -75
  185. package/dist/component/_generated/api.d.ts.map +0 -1
  186. package/dist/component/_generated/api.js.map +0 -1
  187. package/dist/component/_generated/component.d.ts.map +0 -1
  188. package/dist/component/_generated/dataModel.d.ts +0 -42
  189. package/dist/component/_generated/dataModel.d.ts.map +0 -1
  190. package/dist/component/_generated/server.d.ts +0 -117
  191. package/dist/component/_generated/server.d.ts.map +0 -1
  192. package/dist/component/_generated/server.js.map +0 -1
  193. package/dist/component/_virtual/rolldown_runtime.js +0 -18
  194. package/dist/component/client/core/types.d.ts +0 -2
  195. package/dist/component/client/index.d.ts +0 -1
  196. package/dist/component/convex.config.d.ts.map +0 -1
  197. package/dist/component/convex.config.js.map +0 -1
  198. package/dist/component/functions.d.ts +0 -25
  199. package/dist/component/functions.d.ts.map +0 -1
  200. package/dist/component/functions.js.map +0 -1
  201. package/dist/component/index.d.ts.map +0 -1
  202. package/dist/component/model.d.ts.map +0 -1
  203. package/dist/component/model.js.map +0 -1
  204. package/dist/component/providers/anonymous.d.ts +0 -54
  205. package/dist/component/providers/anonymous.d.ts.map +0 -1
  206. package/dist/component/providers/credentials.d.ts +0 -38
  207. package/dist/component/providers/credentials.d.ts.map +0 -1
  208. package/dist/component/providers/device.d.ts +0 -67
  209. package/dist/component/providers/device.d.ts.map +0 -1
  210. package/dist/component/providers/email.d.ts +0 -62
  211. package/dist/component/providers/email.d.ts.map +0 -1
  212. package/dist/component/providers/oauth.d.ts +0 -25
  213. package/dist/component/providers/oauth.d.ts.map +0 -1
  214. package/dist/component/providers/oauth.js +0 -13
  215. package/dist/component/providers/oauth.js.map +0 -1
  216. package/dist/component/providers/passkey.d.ts +0 -57
  217. package/dist/component/providers/passkey.d.ts.map +0 -1
  218. package/dist/component/providers/password.d.ts +0 -88
  219. package/dist/component/providers/password.d.ts.map +0 -1
  220. package/dist/component/providers/phone.d.ts +0 -48
  221. package/dist/component/providers/phone.d.ts.map +0 -1
  222. package/dist/component/providers/sso.d.ts +0 -50
  223. package/dist/component/providers/sso.d.ts.map +0 -1
  224. package/dist/component/providers/totp.d.ts +0 -45
  225. package/dist/component/providers/totp.d.ts.map +0 -1
  226. package/dist/component/public/enterprise/audit.d.ts +0 -73
  227. package/dist/component/public/enterprise/audit.d.ts.map +0 -1
  228. package/dist/component/public/enterprise/audit.js.map +0 -1
  229. package/dist/component/public/enterprise/core.d.ts +0 -176
  230. package/dist/component/public/enterprise/core.d.ts.map +0 -1
  231. package/dist/component/public/enterprise/core.js +0 -292
  232. package/dist/component/public/enterprise/core.js.map +0 -1
  233. package/dist/component/public/enterprise/domains.d.ts +0 -174
  234. package/dist/component/public/enterprise/domains.d.ts.map +0 -1
  235. package/dist/component/public/enterprise/domains.js +0 -271
  236. package/dist/component/public/enterprise/domains.js.map +0 -1
  237. package/dist/component/public/enterprise/scim.d.ts +0 -245
  238. package/dist/component/public/enterprise/scim.d.ts.map +0 -1
  239. package/dist/component/public/enterprise/scim.js.map +0 -1
  240. package/dist/component/public/enterprise/secrets.d.ts +0 -78
  241. package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
  242. package/dist/component/public/enterprise/secrets.js +0 -118
  243. package/dist/component/public/enterprise/secrets.js.map +0 -1
  244. package/dist/component/public/enterprise/webhooks.d.ts +0 -211
  245. package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
  246. package/dist/component/public/enterprise/webhooks.js.map +0 -1
  247. package/dist/component/public/factors/devices.d.ts +0 -157
  248. package/dist/component/public/factors/devices.d.ts.map +0 -1
  249. package/dist/component/public/factors/devices.js.map +0 -1
  250. package/dist/component/public/factors/passkeys.d.ts +0 -175
  251. package/dist/component/public/factors/passkeys.d.ts.map +0 -1
  252. package/dist/component/public/factors/passkeys.js.map +0 -1
  253. package/dist/component/public/factors/totp.d.ts +0 -189
  254. package/dist/component/public/factors/totp.d.ts.map +0 -1
  255. package/dist/component/public/factors/totp.js.map +0 -1
  256. package/dist/component/public/groups/core.d.ts +0 -137
  257. package/dist/component/public/groups/core.d.ts.map +0 -1
  258. package/dist/component/public/groups/core.js.map +0 -1
  259. package/dist/component/public/groups/invites.d.ts +0 -217
  260. package/dist/component/public/groups/invites.d.ts.map +0 -1
  261. package/dist/component/public/groups/invites.js.map +0 -1
  262. package/dist/component/public/groups/members.d.ts +0 -204
  263. package/dist/component/public/groups/members.d.ts.map +0 -1
  264. package/dist/component/public/groups/members.js.map +0 -1
  265. package/dist/component/public/identity/accounts.d.ts +0 -147
  266. package/dist/component/public/identity/accounts.d.ts.map +0 -1
  267. package/dist/component/public/identity/accounts.js.map +0 -1
  268. package/dist/component/public/identity/codes.d.ts +0 -104
  269. package/dist/component/public/identity/codes.d.ts.map +0 -1
  270. package/dist/component/public/identity/codes.js.map +0 -1
  271. package/dist/component/public/identity/sessions.d.ts +0 -128
  272. package/dist/component/public/identity/sessions.d.ts.map +0 -1
  273. package/dist/component/public/identity/sessions.js.map +0 -1
  274. package/dist/component/public/identity/tokens.d.ts +0 -169
  275. package/dist/component/public/identity/tokens.d.ts.map +0 -1
  276. package/dist/component/public/identity/tokens.js.map +0 -1
  277. package/dist/component/public/identity/users.d.ts +0 -212
  278. package/dist/component/public/identity/users.d.ts.map +0 -1
  279. package/dist/component/public/identity/users.js.map +0 -1
  280. package/dist/component/public/identity/verifiers.d.ts +0 -116
  281. package/dist/component/public/identity/verifiers.d.ts.map +0 -1
  282. package/dist/component/public/identity/verifiers.js.map +0 -1
  283. package/dist/component/public/security/keys.d.ts +0 -209
  284. package/dist/component/public/security/keys.d.ts.map +0 -1
  285. package/dist/component/public/security/keys.js.map +0 -1
  286. package/dist/component/public/security/limits.d.ts +0 -114
  287. package/dist/component/public/security/limits.d.ts.map +0 -1
  288. package/dist/component/public/security/limits.js.map +0 -1
  289. package/dist/component/public.d.ts +0 -28
  290. package/dist/component/public.d.ts.map +0 -1
  291. package/dist/component/schema.d.ts.map +0 -1
  292. package/dist/component/schema.js.map +0 -1
  293. package/dist/component/server/auth.d.ts +0 -447
  294. package/dist/component/server/auth.d.ts.map +0 -1
  295. package/dist/component/server/auth.js +0 -254
  296. package/dist/component/server/auth.js.map +0 -1
  297. package/dist/component/server/config.js +0 -121
  298. package/dist/component/server/config.js.map +0 -1
  299. package/dist/component/server/context.js +0 -53
  300. package/dist/component/server/context.js.map +0 -1
  301. package/dist/component/server/cookies.js +0 -47
  302. package/dist/component/server/cookies.js.map +0 -1
  303. package/dist/component/server/core.js +0 -576
  304. package/dist/component/server/core.js.map +0 -1
  305. package/dist/component/server/crypto.js +0 -56
  306. package/dist/component/server/crypto.js.map +0 -1
  307. package/dist/component/server/db.js +0 -87
  308. package/dist/component/server/db.js.map +0 -1
  309. package/dist/component/server/device.js +0 -152
  310. package/dist/component/server/device.js.map +0 -1
  311. package/dist/component/server/enterprise/config.js +0 -46
  312. package/dist/component/server/enterprise/config.js.map +0 -1
  313. package/dist/component/server/enterprise/domain.js +0 -974
  314. package/dist/component/server/enterprise/domain.js.map +0 -1
  315. package/dist/component/server/enterprise/http.js +0 -787
  316. package/dist/component/server/enterprise/http.js.map +0 -1
  317. package/dist/component/server/enterprise/oidc.js +0 -248
  318. package/dist/component/server/enterprise/oidc.js.map +0 -1
  319. package/dist/component/server/enterprise/policy.js +0 -85
  320. package/dist/component/server/enterprise/policy.js.map +0 -1
  321. package/dist/component/server/enterprise/saml.js.map +0 -1
  322. package/dist/component/server/enterprise/scim.js.map +0 -1
  323. package/dist/component/server/enterprise/shared.js +0 -51
  324. package/dist/component/server/enterprise/shared.js.map +0 -1
  325. package/dist/component/server/http.d.ts +0 -85
  326. package/dist/component/server/http.d.ts.map +0 -1
  327. package/dist/component/server/http.js +0 -351
  328. package/dist/component/server/http.js.map +0 -1
  329. package/dist/component/server/identity.js +0 -16
  330. package/dist/component/server/identity.js.map +0 -1
  331. package/dist/component/server/keys.js +0 -96
  332. package/dist/component/server/keys.js.map +0 -1
  333. package/dist/component/server/limits.js +0 -52
  334. package/dist/component/server/limits.js.map +0 -1
  335. package/dist/component/server/mutations/account.js +0 -46
  336. package/dist/component/server/mutations/account.js.map +0 -1
  337. package/dist/component/server/mutations/code.js +0 -68
  338. package/dist/component/server/mutations/code.js.map +0 -1
  339. package/dist/component/server/mutations/invalidate.js +0 -32
  340. package/dist/component/server/mutations/invalidate.js.map +0 -1
  341. package/dist/component/server/mutations/oauth.js +0 -116
  342. package/dist/component/server/mutations/oauth.js.map +0 -1
  343. package/dist/component/server/mutations/refresh.js +0 -119
  344. package/dist/component/server/mutations/refresh.js.map +0 -1
  345. package/dist/component/server/mutations/register.js +0 -87
  346. package/dist/component/server/mutations/register.js.map +0 -1
  347. package/dist/component/server/mutations/retrieve.js +0 -61
  348. package/dist/component/server/mutations/retrieve.js.map +0 -1
  349. package/dist/component/server/mutations/signature.js +0 -38
  350. package/dist/component/server/mutations/signature.js.map +0 -1
  351. package/dist/component/server/mutations/signin.js +0 -27
  352. package/dist/component/server/mutations/signin.js.map +0 -1
  353. package/dist/component/server/mutations/signout.js +0 -27
  354. package/dist/component/server/mutations/signout.js.map +0 -1
  355. package/dist/component/server/mutations/store/refs.js +0 -15
  356. package/dist/component/server/mutations/store/refs.js.map +0 -1
  357. package/dist/component/server/mutations/store.js +0 -70
  358. package/dist/component/server/mutations/store.js.map +0 -1
  359. package/dist/component/server/mutations/verifier.js +0 -18
  360. package/dist/component/server/mutations/verifier.js.map +0 -1
  361. package/dist/component/server/mutations/verify.js +0 -98
  362. package/dist/component/server/mutations/verify.js.map +0 -1
  363. package/dist/component/server/oauth.js +0 -242
  364. package/dist/component/server/oauth.js.map +0 -1
  365. package/dist/component/server/passkey.js +0 -415
  366. package/dist/component/server/passkey.js.map +0 -1
  367. package/dist/component/server/redirects.js +0 -40
  368. package/dist/component/server/redirects.js.map +0 -1
  369. package/dist/component/server/refresh.js +0 -99
  370. package/dist/component/server/refresh.js.map +0 -1
  371. package/dist/component/server/runtime.d.ts +0 -136
  372. package/dist/component/server/runtime.d.ts.map +0 -1
  373. package/dist/component/server/runtime.js +0 -456
  374. package/dist/component/server/runtime.js.map +0 -1
  375. package/dist/component/server/sessions.js +0 -71
  376. package/dist/component/server/sessions.js.map +0 -1
  377. package/dist/component/server/signin.js +0 -225
  378. package/dist/component/server/signin.js.map +0 -1
  379. package/dist/component/server/tokens.js +0 -17
  380. package/dist/component/server/tokens.js.map +0 -1
  381. package/dist/component/server/totp.js +0 -208
  382. package/dist/component/server/totp.js.map +0 -1
  383. package/dist/component/server/types.d.ts +0 -949
  384. package/dist/component/server/types.d.ts.map +0 -1
  385. package/dist/component/server/types.js +0 -79
  386. package/dist/component/server/types.js.map +0 -1
  387. package/dist/component/server/users.js +0 -123
  388. package/dist/component/server/users.js.map +0 -1
  389. package/dist/component/server/utils.js +0 -140
  390. package/dist/component/server/utils.js.map +0 -1
  391. package/dist/core/types.d.ts +0 -361
  392. package/dist/core/types.d.ts.map +0 -1
  393. package/dist/factors/device.js +0 -104
  394. package/dist/factors/device.js.map +0 -1
  395. package/dist/factors/passkey.js.map +0 -1
  396. package/dist/factors/totp.js.map +0 -1
  397. package/dist/providers/anonymous.d.ts.map +0 -1
  398. package/dist/providers/anonymous.js.map +0 -1
  399. package/dist/providers/credentials.d.ts.map +0 -1
  400. package/dist/providers/credentials.js.map +0 -1
  401. package/dist/providers/device.d.ts.map +0 -1
  402. package/dist/providers/device.js.map +0 -1
  403. package/dist/providers/email.d.ts.map +0 -1
  404. package/dist/providers/email.js.map +0 -1
  405. package/dist/providers/oauth.d.ts +0 -69
  406. package/dist/providers/oauth.d.ts.map +0 -1
  407. package/dist/providers/oauth.js +0 -43
  408. package/dist/providers/oauth.js.map +0 -1
  409. package/dist/providers/passkey.d.ts.map +0 -1
  410. package/dist/providers/passkey.js.map +0 -1
  411. package/dist/providers/password.d.ts.map +0 -1
  412. package/dist/providers/password.js.map +0 -1
  413. package/dist/providers/phone.d.ts.map +0 -1
  414. package/dist/providers/phone.js.map +0 -1
  415. package/dist/providers/sso.d.ts.map +0 -1
  416. package/dist/providers/sso.js.map +0 -1
  417. package/dist/providers/totp.d.ts.map +0 -1
  418. package/dist/providers/totp.js.map +0 -1
  419. package/dist/runtime/browser.js +0 -68
  420. package/dist/runtime/browser.js.map +0 -1
  421. package/dist/runtime/invite.js.map +0 -1
  422. package/dist/runtime/proxy.js +0 -70
  423. package/dist/runtime/proxy.js.map +0 -1
  424. package/dist/runtime/storage.js +0 -37
  425. package/dist/runtime/storage.js.map +0 -1
  426. package/dist/server/auth.d.ts.map +0 -1
  427. package/dist/server/auth.js.map +0 -1
  428. package/dist/server/config.d.ts +0 -1
  429. package/dist/server/config.js.map +0 -1
  430. package/dist/server/context.d.ts +0 -1
  431. package/dist/server/context.js.map +0 -1
  432. package/dist/server/cookies.d.ts +0 -1
  433. package/dist/server/cookies.js.map +0 -1
  434. package/dist/server/core.d.ts +0 -1315
  435. package/dist/server/core.d.ts.map +0 -1
  436. package/dist/server/core.js.map +0 -1
  437. package/dist/server/crypto.d.ts +0 -8
  438. package/dist/server/crypto.d.ts.map +0 -1
  439. package/dist/server/crypto.js.map +0 -1
  440. package/dist/server/db.d.ts +0 -1
  441. package/dist/server/db.js.map +0 -1
  442. package/dist/server/device.d.ts +0 -1
  443. package/dist/server/device.js.map +0 -1
  444. package/dist/server/enterprise/config.d.ts +0 -1
  445. package/dist/server/enterprise/config.js.map +0 -1
  446. package/dist/server/enterprise/domain.d.ts +0 -401
  447. package/dist/server/enterprise/domain.d.ts.map +0 -1
  448. package/dist/server/enterprise/domain.js +0 -974
  449. package/dist/server/enterprise/domain.js.map +0 -1
  450. package/dist/server/enterprise/http.d.ts +0 -26
  451. package/dist/server/enterprise/http.d.ts.map +0 -1
  452. package/dist/server/enterprise/http.js +0 -787
  453. package/dist/server/enterprise/http.js.map +0 -1
  454. package/dist/server/enterprise/oidc.d.ts +0 -1
  455. package/dist/server/enterprise/oidc.js +0 -248
  456. package/dist/server/enterprise/oidc.js.map +0 -1
  457. package/dist/server/enterprise/policy.d.ts +0 -1
  458. package/dist/server/enterprise/policy.js +0 -85
  459. package/dist/server/enterprise/policy.js.map +0 -1
  460. package/dist/server/enterprise/saml.d.ts +0 -1
  461. package/dist/server/enterprise/saml.js +0 -338
  462. package/dist/server/enterprise/saml.js.map +0 -1
  463. package/dist/server/enterprise/scim.d.ts +0 -1
  464. package/dist/server/enterprise/scim.js +0 -97
  465. package/dist/server/enterprise/scim.js.map +0 -1
  466. package/dist/server/enterprise/shared.d.ts +0 -5
  467. package/dist/server/enterprise/shared.d.ts.map +0 -1
  468. package/dist/server/enterprise/shared.js +0 -51
  469. package/dist/server/enterprise/shared.js.map +0 -1
  470. package/dist/server/enterprise/validators.d.ts +0 -1
  471. package/dist/server/enterprise/validators.js +0 -60
  472. package/dist/server/enterprise/validators.js.map +0 -1
  473. package/dist/server/http.d.ts.map +0 -1
  474. package/dist/server/http.js.map +0 -1
  475. package/dist/server/identity.d.ts +0 -1
  476. package/dist/server/identity.js.map +0 -1
  477. package/dist/server/keys.d.ts +0 -1
  478. package/dist/server/keys.js.map +0 -1
  479. package/dist/server/limits.d.ts +0 -1
  480. package/dist/server/limits.js.map +0 -1
  481. package/dist/server/mounts.d.ts.map +0 -1
  482. package/dist/server/mounts.js.map +0 -1
  483. package/dist/server/mutations/account.d.ts +0 -29
  484. package/dist/server/mutations/account.d.ts.map +0 -1
  485. package/dist/server/mutations/account.js.map +0 -1
  486. package/dist/server/mutations/code.d.ts +0 -30
  487. package/dist/server/mutations/code.d.ts.map +0 -1
  488. package/dist/server/mutations/code.js.map +0 -1
  489. package/dist/server/mutations/index.d.ts +0 -14
  490. package/dist/server/mutations/invalidate.d.ts +0 -20
  491. package/dist/server/mutations/invalidate.d.ts.map +0 -1
  492. package/dist/server/mutations/invalidate.js.map +0 -1
  493. package/dist/server/mutations/oauth.d.ts +0 -30
  494. package/dist/server/mutations/oauth.d.ts.map +0 -1
  495. package/dist/server/mutations/oauth.js.map +0 -1
  496. package/dist/server/mutations/refresh.d.ts +0 -21
  497. package/dist/server/mutations/refresh.d.ts.map +0 -1
  498. package/dist/server/mutations/refresh.js.map +0 -1
  499. package/dist/server/mutations/register.d.ts +0 -38
  500. package/dist/server/mutations/register.d.ts.map +0 -1
  501. package/dist/server/mutations/register.js.map +0 -1
  502. package/dist/server/mutations/retrieve.d.ts +0 -33
  503. package/dist/server/mutations/retrieve.d.ts.map +0 -1
  504. package/dist/server/mutations/retrieve.js.map +0 -1
  505. package/dist/server/mutations/signature.d.ts +0 -21
  506. package/dist/server/mutations/signature.d.ts.map +0 -1
  507. package/dist/server/mutations/signature.js.map +0 -1
  508. package/dist/server/mutations/signin.d.ts +0 -22
  509. package/dist/server/mutations/signin.d.ts.map +0 -1
  510. package/dist/server/mutations/signin.js.map +0 -1
  511. package/dist/server/mutations/signout.d.ts +0 -16
  512. package/dist/server/mutations/signout.d.ts.map +0 -1
  513. package/dist/server/mutations/signout.js.map +0 -1
  514. package/dist/server/mutations/store/refs.d.ts +0 -12
  515. package/dist/server/mutations/store/refs.d.ts.map +0 -1
  516. package/dist/server/mutations/store/refs.js.map +0 -1
  517. package/dist/server/mutations/store.d.ts +0 -306
  518. package/dist/server/mutations/store.d.ts.map +0 -1
  519. package/dist/server/mutations/store.js.map +0 -1
  520. package/dist/server/mutations/verifier.d.ts +0 -13
  521. package/dist/server/mutations/verifier.d.ts.map +0 -1
  522. package/dist/server/mutations/verifier.js.map +0 -1
  523. package/dist/server/mutations/verify.d.ts +0 -26
  524. package/dist/server/mutations/verify.d.ts.map +0 -1
  525. package/dist/server/mutations/verify.js.map +0 -1
  526. package/dist/server/oauth.d.ts +0 -1
  527. package/dist/server/oauth.js +0 -242
  528. package/dist/server/oauth.js.map +0 -1
  529. package/dist/server/passkey.d.ts +0 -27
  530. package/dist/server/passkey.d.ts.map +0 -1
  531. package/dist/server/passkey.js.map +0 -1
  532. package/dist/server/redirects.d.ts +0 -1
  533. package/dist/server/redirects.js.map +0 -1
  534. package/dist/server/refresh.d.ts +0 -1
  535. package/dist/server/refresh.js.map +0 -1
  536. package/dist/server/runtime.d.ts.map +0 -1
  537. package/dist/server/runtime.js.map +0 -1
  538. package/dist/server/sessions.d.ts +0 -1
  539. package/dist/server/sessions.js.map +0 -1
  540. package/dist/server/signin.d.ts +0 -1
  541. package/dist/server/signin.js.map +0 -1
  542. package/dist/server/ssr.d.ts.map +0 -1
  543. package/dist/server/ssr.js +0 -777
  544. package/dist/server/ssr.js.map +0 -1
  545. package/dist/server/templates.d.ts +0 -1
  546. package/dist/server/templates.js.map +0 -1
  547. package/dist/server/tokens.d.ts +0 -1
  548. package/dist/server/tokens.js.map +0 -1
  549. package/dist/server/totp.d.ts +0 -1
  550. package/dist/server/totp.js.map +0 -1
  551. package/dist/server/types.d.ts.map +0 -1
  552. package/dist/server/types.js.map +0 -1
  553. package/dist/server/users.d.ts +0 -1
  554. package/dist/server/users.js.map +0 -1
  555. package/dist/server/utils.d.ts +0 -1
  556. package/dist/server/utils.js +0 -140
  557. package/dist/server/utils.js.map +0 -1
  558. package/src/authorization/index.ts +0 -83
  559. package/src/cli/bin.ts +0 -5
  560. package/src/cli/command.ts +0 -70
  561. package/src/cli/index.ts +0 -1112
  562. package/src/cli/keys.ts +0 -23
  563. package/src/client/core/types.ts +0 -437
  564. package/src/client/factors/device.ts +0 -158
  565. package/src/client/factors/passkey.ts +0 -279
  566. package/src/client/factors/totp.ts +0 -150
  567. package/src/client/index.ts +0 -1124
  568. package/src/client/runtime/browser.ts +0 -112
  569. package/src/client/runtime/invite.ts +0 -63
  570. package/src/client/runtime/proxy.ts +0 -111
  571. package/src/client/runtime/storage.ts +0 -79
  572. package/src/component/_generated/api.ts +0 -96
  573. package/src/component/_generated/component.ts +0 -3774
  574. package/src/component/_generated/dataModel.ts +0 -60
  575. package/src/component/_generated/server.ts +0 -156
  576. package/src/component/convex.config.ts +0 -5
  577. package/src/component/functions.ts +0 -104
  578. package/src/component/index.ts +0 -42
  579. package/src/component/model.ts +0 -449
  580. package/src/component/public/enterprise/audit.ts +0 -125
  581. package/src/component/public/enterprise/core.ts +0 -355
  582. package/src/component/public/enterprise/domains.ts +0 -327
  583. package/src/component/public/enterprise/scim.ts +0 -397
  584. package/src/component/public/enterprise/secrets.ts +0 -133
  585. package/src/component/public/enterprise/webhooks.ts +0 -307
  586. package/src/component/public/factors/devices.ts +0 -224
  587. package/src/component/public/factors/passkeys.ts +0 -243
  588. package/src/component/public/factors/totp.ts +0 -259
  589. package/src/component/public/groups/core.ts +0 -481
  590. package/src/component/public/groups/invites.ts +0 -608
  591. package/src/component/public/groups/members.ts +0 -410
  592. package/src/component/public/identity/accounts.ts +0 -207
  593. package/src/component/public/identity/codes.ts +0 -149
  594. package/src/component/public/identity/sessions.ts +0 -210
  595. package/src/component/public/identity/tokens.ts +0 -251
  596. package/src/component/public/identity/users.ts +0 -355
  597. package/src/component/public/identity/verifiers.ts +0 -158
  598. package/src/component/public/security/keys.ts +0 -366
  599. package/src/component/public/security/limits.ts +0 -174
  600. package/src/component/public.ts +0 -27
  601. package/src/component/schema.ts +0 -505
  602. package/src/providers/anonymous.ts +0 -99
  603. package/src/providers/credentials.ts +0 -102
  604. package/src/providers/device.ts +0 -87
  605. package/src/providers/email.ts +0 -99
  606. package/src/providers/index.ts +0 -31
  607. package/src/providers/oauth.ts +0 -117
  608. package/src/providers/passkey.ts +0 -77
  609. package/src/providers/password.ts +0 -441
  610. package/src/providers/phone.ts +0 -93
  611. package/src/providers/sso.ts +0 -54
  612. package/src/providers/totp.ts +0 -62
  613. package/src/samlify.d.ts +0 -53
  614. package/src/server/auth.ts +0 -949
  615. package/src/server/config.ts +0 -200
  616. package/src/server/context.ts +0 -90
  617. package/src/server/cookies.ts +0 -49
  618. package/src/server/core.ts +0 -2004
  619. package/src/server/crypto.ts +0 -90
  620. package/src/server/db.ts +0 -203
  621. package/src/server/device.ts +0 -254
  622. package/src/server/enterprise/config.ts +0 -51
  623. package/src/server/enterprise/domain.ts +0 -1739
  624. package/src/server/enterprise/http.ts +0 -1331
  625. package/src/server/enterprise/oidc.ts +0 -500
  626. package/src/server/enterprise/policy.ts +0 -128
  627. package/src/server/enterprise/saml.ts +0 -578
  628. package/src/server/enterprise/scim.ts +0 -135
  629. package/src/server/enterprise/shared.ts +0 -134
  630. package/src/server/enterprise/validators.ts +0 -93
  631. package/src/server/http.ts +0 -790
  632. package/src/server/identity.ts +0 -18
  633. package/src/server/index.ts +0 -40
  634. package/src/server/keys.ts +0 -158
  635. package/src/server/limits.ts +0 -107
  636. package/src/server/mounts.ts +0 -924
  637. package/src/server/mutations/account.ts +0 -62
  638. package/src/server/mutations/code.ts +0 -119
  639. package/src/server/mutations/index.ts +0 -13
  640. package/src/server/mutations/invalidate.ts +0 -50
  641. package/src/server/mutations/oauth.ts +0 -243
  642. package/src/server/mutations/refresh.ts +0 -299
  643. package/src/server/mutations/register.ts +0 -155
  644. package/src/server/mutations/retrieve.ts +0 -109
  645. package/src/server/mutations/signature.ts +0 -57
  646. package/src/server/mutations/signin.ts +0 -54
  647. package/src/server/mutations/signout.ts +0 -43
  648. package/src/server/mutations/store/refs.ts +0 -10
  649. package/src/server/mutations/store.ts +0 -123
  650. package/src/server/mutations/verifier.ts +0 -34
  651. package/src/server/mutations/verify.ts +0 -200
  652. package/src/server/oauth.ts +0 -418
  653. package/src/server/passkey.ts +0 -838
  654. package/src/server/redirects.ts +0 -59
  655. package/src/server/refresh.ts +0 -218
  656. package/src/server/runtime.ts +0 -918
  657. package/src/server/sessions.ts +0 -132
  658. package/src/server/signin.ts +0 -445
  659. package/src/server/ssr.ts +0 -1747
  660. package/src/server/templates.ts +0 -82
  661. package/src/server/tokens.ts +0 -35
  662. package/src/server/totp.ts +0 -399
  663. package/src/server/types.ts +0 -1942
  664. package/src/server/users.ts +0 -291
  665. package/src/server/utils.ts +0 -220
  666. /package/dist/{runtime → client/runtime}/invite.js +0 -0
@@ -1 +0,0 @@
1
- {"version":3,"file":"refresh.js","names":[],"sources":["../../../src/server/refresh.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Cv } from \"@robelest/fx/convex\";\nimport { ConvexError, GenericId } from \"convex/values\";\n\nimport { authDb } from \"./db\";\nimport { Doc, MutationCtx } from \"./types\";\nimport { ConvexAuthConfig } from \"./types\";\nimport {\n LOG_LEVELS,\n REFRESH_TOKEN_DIVIDER,\n logWithLevel,\n maybeRedact,\n} from \"./utils\";\n\nconst DEFAULT_SESSION_INACTIVE_DURATION_MS = 1000 * 60 * 60 * 24 * 30; // 30 days\n/** @internal */\nexport const REFRESH_TOKEN_REUSE_WINDOW_MS = 10 * 1000; // 10 seconds\n\n// ---------------------------------------------------------------------------\n// Refresh token CRUD\n// ---------------------------------------------------------------------------\n\n/**\n * Create a new refresh token for the given session.\n */\n/** @internal */\nexport async function createRefreshToken(\n ctx: MutationCtx,\n config: ConvexAuthConfig,\n sessionId: GenericId<\"Session\">,\n parentRefreshTokenId: GenericId<\"RefreshToken\"> | null,\n): Promise<GenericId<\"RefreshToken\">> {\n const expirationTime =\n Date.now() +\n (config.session?.inactiveDurationMs ??\n (process.env.AUTH_SESSION_INACTIVE_DURATION_MS !== undefined\n ? Number(process.env.AUTH_SESSION_INACTIVE_DURATION_MS)\n : undefined) ??\n DEFAULT_SESSION_INACTIVE_DURATION_MS);\n\n return authDb(ctx, config).refreshTokens.create({\n sessionId,\n expirationTime,\n parentRefreshTokenId: parentRefreshTokenId ?? undefined,\n }) as Promise<GenericId<\"RefreshToken\">>;\n}\n\n/**\n * Parse a compound refresh token string into its constituent IDs.\n */\n/** @internal */\nexport const parseRefreshToken = (\n refreshToken: string,\n): Fx<\n {\n refreshTokenId: GenericId<\"RefreshToken\">;\n sessionId: GenericId<\"Session\">;\n },\n ConvexError<any>\n> => {\n const [refreshTokenId, sessionId] = refreshToken.split(REFRESH_TOKEN_DIVIDER);\n const msg = `Can't parse refresh token: ${maybeRedact(refreshToken)}`;\n const refreshTokenIdFx: Fx<string, ConvexError<any>> = refreshTokenId != null\n ? Fx.succeed(refreshTokenId)\n : Cv.fail({ code: \"INVALID_REFRESH_TOKEN\", message: msg });\n\n return refreshTokenIdFx.pipe(\n Fx.chain((rtId) => {\n const sessionIdFx: Fx<string, ConvexError<any>> = sessionId != null\n ? Fx.succeed(sessionId)\n : Cv.fail({ code: \"INVALID_REFRESH_TOKEN\", message: msg });\n return sessionIdFx.pipe(\n Fx.map((sId) => ({\n refreshTokenId: rtId as GenericId<\"RefreshToken\">,\n sessionId: sId as GenericId<\"Session\">,\n })),\n );\n }),\n );\n};\n\n/**\n * Mark all refresh tokens descending from the given refresh token as invalid\n * immediately. Used when we detect token reuse — revoke the entire tree.\n */\n/** @internal */\nexport async function invalidateRefreshTokensInSubtree(\n ctx: MutationCtx,\n refreshToken: Doc<\"RefreshToken\">,\n config: ConvexAuthConfig,\n) {\n const db = authDb(ctx, config);\n const tokensToInvalidate = [refreshToken];\n const visited = new Set<GenericId<\"RefreshToken\">>([refreshToken._id]);\n let frontier: GenericId<\"RefreshToken\">[] = [refreshToken._id];\n while (frontier.length > 0) {\n const nextFrontier: GenericId<\"RefreshToken\">[] = [];\n for (const currentTokenId of frontier) {\n const children = (await db.refreshTokens.getChildren(\n refreshToken.sessionId,\n currentTokenId,\n )) as Doc<\"RefreshToken\">[];\n for (const child of children) {\n if (visited.has(child._id)) continue;\n visited.add(child._id);\n tokensToInvalidate.push(child);\n nextFrontier.push(child._id);\n }\n }\n frontier = nextFrontier;\n }\n await Fx.run(\n Fx.each(tokensToInvalidate, (token) =>\n token.firstUsedTime === undefined ||\n token.firstUsedTime > Date.now() - REFRESH_TOKEN_REUSE_WINDOW_MS\n ? Fx.promise(() =>\n db.refreshTokens.patch(token._id, {\n firstUsedTime: Date.now() - REFRESH_TOKEN_REUSE_WINDOW_MS,\n }),\n )\n : Fx.unit,\n ),\n );\n return tokensToInvalidate;\n}\n\n// ---------------------------------------------------------------------------\n// Validation pipeline — the core of refresh token handling\n// ---------------------------------------------------------------------------\n\n/**\n * Validate a refresh token and its associated session.\n *\n * Returns `null` on any validation failure (matching original semantics).\n * Each validation step is a small composable function chained with `Fx.chain`.\n * On failure, the error message is logged and the pipeline folds to `null`.\n */\n/** @internal */\nexport const refreshTokenIfValid = (\n ctx: MutationCtx,\n refreshTokenId: string,\n tokenSessionId: string,\n config: ConvexAuthConfig,\n): Fx<\n { session: Doc<\"Session\">; refreshTokenDoc: Doc<\"RefreshToken\"> } | null,\n never\n> => {\n const db = authDb(ctx, config);\n\n const fetchDoc = <T>(\n promise: () => Promise<T | null>,\n failMsg: string,\n ): Fx<T | null, never> =>\n Fx.from({ ok: promise, err: () => failMsg }).pipe(\n Fx.recover((msg) => {\n logWithLevel(LOG_LEVELS.ERROR, msg);\n return Fx.succeed(null as T | null);\n }),\n );\n\n // The entire validation is a single pipeline:\n // fetch token → not null → not expired → session matches → fetch session → not null → not expired → combine\n return fetchDoc(\n () =>\n db.refreshTokens.getById(\n refreshTokenId as GenericId<\"RefreshToken\">,\n ) as Promise<Doc<\"RefreshToken\"> | null>,\n \"Invalid refresh token format\",\n )\n .pipe(\n Fx.chain((doc) =>\n doc !== null ? Fx.succeed(doc) : Fx.fail(\"Invalid refresh token\"),\n ),\n Fx.chain((doc) =>\n doc.expirationTime >= Date.now()\n ? Fx.succeed(doc)\n : Fx.fail(\"Expired refresh token\"),\n ),\n Fx.chain((doc) =>\n doc.sessionId === tokenSessionId\n ? Fx.succeed(doc)\n : Fx.fail(\"Invalid refresh token session ID\"),\n ),\n )\n .pipe(\n Fx.chain((doc: Doc<\"RefreshToken\">) =>\n fetchDoc(\n () =>\n db.sessions.getById(\n doc.sessionId,\n ) as Promise<Doc<\"Session\"> | null>,\n \"Invalid refresh token session format\",\n ).pipe(\n Fx.chain((session) =>\n session !== null\n ? Fx.succeed(session)\n : Fx.fail(\"Invalid refresh token session\"),\n ),\n Fx.chain((session) =>\n session.expirationTime >= Date.now()\n ? Fx.succeed(session)\n : Fx.fail(\"Expired refresh token session\"),\n ),\n Fx.map((session) => ({\n session,\n refreshTokenDoc: doc,\n })),\n ),\n ),\n Fx.fold({\n ok: (result) => result,\n err: (msg) => {\n logWithLevel(LOG_LEVELS.ERROR, msg);\n return null;\n },\n }),\n );\n};\n"],"mappings":";;;;;;AAcA,MAAM,uCAAuC,MAAO,KAAK,KAAK,KAAK;;AAEnE,MAAa,gCAAgC,KAAK;;;;;AAUlD,eAAsB,mBACpB,KACA,QACA,WACA,sBACoC;CACpC,MAAM,iBACJ,KAAK,KAAK,IACT,OAAO,SAAS,uBACd,QAAQ,IAAI,sCAAsC,SAC/C,OAAO,QAAQ,IAAI,kCAAkC,GACrD,WACJ;AAEJ,QAAO,OAAO,KAAK,OAAO,CAAC,cAAc,OAAO;EAC9C;EACA;EACA,sBAAsB,wBAAwB;EAC/C,CAAC;;;;;;AAOJ,MAAa,qBACX,iBAOG;CACH,MAAM,CAAC,gBAAgB,aAAa,aAAa,MAAM,sBAAsB;CAC7E,MAAM,MAAM,8BAA8B,YAAY,aAAa;AAKnE,SAJuD,kBAAkB,OACrE,GAAG,QAAQ,eAAe,GAC1B,GAAG,KAAK;EAAE,MAAM;EAAyB,SAAS;EAAK,CAAC,EAEpC,KACtB,GAAG,OAAO,SAAS;AAIjB,UAHkD,aAAa,OAC3D,GAAG,QAAQ,UAAU,GACrB,GAAG,KAAK;GAAE,MAAM;GAAyB,SAAS;GAAK,CAAC,EACzC,KACjB,GAAG,KAAK,SAAS;GACf,gBAAgB;GAChB,WAAW;GACZ,EAAE,CACJ;GACD,CACH;;;;;;;AAQH,eAAsB,iCACpB,KACA,cACA,QACA;CACA,MAAM,KAAK,OAAO,KAAK,OAAO;CAC9B,MAAM,qBAAqB,CAAC,aAAa;CACzC,MAAM,UAAU,IAAI,IAA+B,CAAC,aAAa,IAAI,CAAC;CACtE,IAAI,WAAwC,CAAC,aAAa,IAAI;AAC9D,QAAO,SAAS,SAAS,GAAG;EAC1B,MAAM,eAA4C,EAAE;AACpD,OAAK,MAAM,kBAAkB,UAAU;GACrC,MAAM,WAAY,MAAM,GAAG,cAAc,YACvC,aAAa,WACb,eACD;AACD,QAAK,MAAM,SAAS,UAAU;AAC5B,QAAI,QAAQ,IAAI,MAAM,IAAI,CAAE;AAC5B,YAAQ,IAAI,MAAM,IAAI;AACtB,uBAAmB,KAAK,MAAM;AAC9B,iBAAa,KAAK,MAAM,IAAI;;;AAGhC,aAAW;;AAEb,OAAM,GAAG,IACP,GAAG,KAAK,qBAAqB,UAC3B,MAAM,kBAAkB,UACxB,MAAM,gBAAgB,KAAK,KAAK,GAAG,gCAC/B,GAAG,cACD,GAAG,cAAc,MAAM,MAAM,KAAK,EAChC,eAAe,KAAK,KAAK,GAAG,+BAC7B,CAAC,CACH,GACD,GAAG,KACR,CACF;AACD,QAAO;;;;;;;;;;AAeT,MAAa,uBACX,KACA,gBACA,gBACA,WAIG;CACH,MAAM,KAAK,OAAO,KAAK,OAAO;CAE9B,MAAM,YACJ,SACA,YAEA,GAAG,KAAK;EAAE,IAAI;EAAS,WAAW;EAAS,CAAC,CAAC,KAC3C,GAAG,SAAS,QAAQ;AAClB,eAAa,WAAW,OAAO,IAAI;AACnC,SAAO,GAAG,QAAQ,KAAiB;GACnC,CACH;AAIH,QAAO,eAEH,GAAG,cAAc,QACf,eACD,EACH,+BACD,CACE,KACC,GAAG,OAAO,QACR,QAAQ,OAAO,GAAG,QAAQ,IAAI,GAAG,GAAG,KAAK,wBAAwB,CAClE,EACD,GAAG,OAAO,QACR,IAAI,kBAAkB,KAAK,KAAK,GAC5B,GAAG,QAAQ,IAAI,GACf,GAAG,KAAK,wBAAwB,CACrC,EACD,GAAG,OAAO,QACR,IAAI,cAAc,iBACd,GAAG,QAAQ,IAAI,GACf,GAAG,KAAK,mCAAmC,CAChD,CACF,CACA,KACC,GAAG,OAAO,QACR,eAEI,GAAG,SAAS,QACV,IAAI,UACL,EACH,uCACD,CAAC,KACA,GAAG,OAAO,YACR,YAAY,OACR,GAAG,QAAQ,QAAQ,GACnB,GAAG,KAAK,gCAAgC,CAC7C,EACD,GAAG,OAAO,YACR,QAAQ,kBAAkB,KAAK,KAAK,GAChC,GAAG,QAAQ,QAAQ,GACnB,GAAG,KAAK,gCAAgC,CAC7C,EACD,GAAG,KAAK,aAAa;EACnB;EACA,iBAAiB;EAClB,EAAE,CACJ,CACF,EACD,GAAG,KAAK;EACN,KAAK,WAAW;EAChB,MAAM,QAAQ;AACZ,gBAAa,WAAW,OAAO,IAAI;AACnC,UAAO;;EAEV,CAAC,CACH"}
@@ -1,136 +0,0 @@
1
- import { ConvexAuthConfig, Doc, SessionInfo } from "./types.js";
2
- import * as convex_server26 from "convex/server";
3
- import * as convex_values926 from "convex/values";
4
-
5
- //#region src/server/runtime.d.ts
6
- /**
7
- * Configure the Convex Auth library. Returns an object with
8
- * functions and `auth` helper. You must export the functions
9
- * from `convex/auth.ts` to make them callable:
10
- *
11
- * ```ts filename="convex/auth.ts"
12
- * import { createAuth } from "@robelest/convex-auth/component";
13
- * import { components } from "./_generated/api";
14
- *
15
- * export const auth = createAuth(components.auth, {
16
- * providers: [],
17
- * });
18
- * export const { signIn, signOut, store } = auth;
19
- * ```
20
- *
21
- * @returns An object with fields you should reexport from your
22
- * `convex/auth.ts` file.
23
- */
24
- declare function Auth(config_: ConvexAuthConfig): {
25
- /**
26
- * Helper for configuring HTTP actions.
27
- */
28
- auth: any;
29
- /**
30
- * Action called by the client to sign the user in.
31
- *
32
- * Also used for refreshing the session.
33
- */
34
- signIn: convex_server26.RegisteredAction<"public", {
35
- provider?: string | undefined;
36
- verifier?: string | undefined;
37
- params?: any;
38
- refreshToken?: string | undefined;
39
- calledBy?: string | undefined;
40
- }, Promise<SignInActionResult>>;
41
- /**
42
- * Action called by the client to invalidate the current session.
43
- */
44
- signOut: convex_server26.RegisteredAction<"public", {}, Promise<void>>;
45
- /**
46
- * Internal mutation used by the library to read and write
47
- * to the database during signin and signout.
48
- */
49
- store: convex_server26.RegisteredMutation<"internal", {
50
- args: {
51
- sessionId?: string | undefined;
52
- type: "signIn";
53
- userId: string;
54
- generateTokens: boolean;
55
- } | {
56
- type: "signOut";
57
- } | {
58
- type: "refreshSession";
59
- refreshToken: string;
60
- } | {
61
- provider?: string | undefined;
62
- verifier?: string | undefined;
63
- type: "verifyCodeAndSignIn";
64
- params: any;
65
- generateTokens: boolean;
66
- allowExtraProviders: boolean;
67
- } | {
68
- type: "verifier";
69
- } | {
70
- type: "verifierSignature";
71
- signature: string;
72
- verifier: string;
73
- } | {
74
- accountExtend?: any;
75
- type: "userOAuth";
76
- provider: string;
77
- providerAccountId: string;
78
- signature: string;
79
- profile: any;
80
- } | {
81
- email?: string | undefined;
82
- phone?: string | undefined;
83
- accountId?: string | undefined;
84
- type: "createVerificationCode";
85
- expirationTime: number;
86
- provider: string;
87
- code: string;
88
- allowExtraProviders: boolean;
89
- } | {
90
- shouldLinkViaEmail?: boolean | undefined;
91
- shouldLinkViaPhone?: boolean | undefined;
92
- type: "createAccountFromCredentials";
93
- provider: string;
94
- profile: any;
95
- account: {
96
- secret?: string | undefined;
97
- id: string;
98
- };
99
- } | {
100
- type: "retrieveAccountWithCredentials";
101
- provider: string;
102
- account: {
103
- secret?: string | undefined;
104
- id: string;
105
- };
106
- } | {
107
- type: "modifyAccount";
108
- provider: string;
109
- account: {
110
- id: string;
111
- secret: string;
112
- };
113
- } | {
114
- except?: string[] | undefined;
115
- type: "invalidateSessions";
116
- userId: string;
117
- };
118
- }, Promise<string | void | {
119
- userId: convex_values926.GenericId<"User">;
120
- sessionId: convex_values926.GenericId<"Session">;
121
- } | (string & {
122
- __tableName: "AuthVerifier";
123
- }) | SessionInfo | {
124
- token: string;
125
- refreshToken: string;
126
- } | {
127
- account: Doc<"Account">;
128
- user: Doc<"User">;
129
- } | {
130
- account: Doc<"Account">;
131
- user: Doc<"User">;
132
- } | null>>;
133
- };
134
- //#endregion
135
- export { Auth };
136
- //# sourceMappingURL=runtime.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"runtime.d.ts","names":[],"sources":["../../../src/server/runtime.ts"],"mappings":";;;;;;;;;AAqJA;;;;;;;;;;;;;;iBAAgB,IAAA,CAAK,OAAA,EAAS,gBAAA"}
@@ -1,456 +0,0 @@
1
- import { configDefaults, listAvailableProviders } from "./config.js";
2
- import { LOG_LEVELS, decryptSecret, encryptSecret, generateRandomString, logError, logWithLevel, requireEnv, sha256 } from "./utils.js";
3
- import { redirectToParamCookie, useRedirectToParam } from "./cookies.js";
4
- import { callModifyAccount } from "./mutations/account.js";
5
- import { callInvalidateSessions } from "./mutations/invalidate.js";
6
- import { enterpriseOidcProviderId, getEnterpriseOidcUrls, isEnterpriseSamlSourceActive, normalizeDomain } from "./enterprise/shared.js";
7
- import { normalizeEnterprisePolicy, patchEnterprisePolicy } from "./enterprise/policy.js";
8
- import { callUserOAuth } from "./mutations/oauth.js";
9
- import { callCreateAccountFromCredentials } from "./mutations/register.js";
10
- import { callRetrieveAccountWithCredentials } from "./mutations/retrieve.js";
11
- import { callVerifierSignature } from "./mutations/signature.js";
12
- import { callSignOut } from "./mutations/signout.js";
13
- import { storeArgs, storeImpl } from "./mutations/store.js";
14
- import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
15
- import { signInImpl } from "./signin.js";
16
- import { createCoreDomains } from "./core.js";
17
- import { getOidcConfig, getPublicOidcConfig, getSamlConfig, upsertProtocolConfig, withOidcSecretState } from "./enterprise/config.js";
18
- import { createEnterpriseDomain } from "./enterprise/domain.js";
19
- import { addAuthRoutes, addOpenIdRoutes, convertErrorsToResponse, createHttpAction, createHttpContext, createHttpRoute, getCookies } from "./http.js";
20
- import { createOAuthAuthorizationURL, handleOAuthCallback } from "./oauth.js";
21
- import { createServiceProviderMetadata, getSamlServiceProviderOptions, parseSamlIdpMetadata } from "./enterprise/saml.js";
22
- import { parseScimPath } from "./enterprise/scim.js";
23
- import { addEnterpriseHttpRuntime } from "./enterprise/http.js";
24
- import { actionGeneric, internalMutationGeneric } from "convex/server";
25
- import { Cv } from "@robelest/fx/convex";
26
- import { Fx } from "@robelest/fx";
27
- import { v } from "convex/values";
28
- import { serialize } from "cookie";
29
-
30
- //#region src/server/runtime.ts
31
- const ENTERPRISE_OIDC_CLIENT_SECRET_KIND = "oidc_client_secret";
32
- /**
33
- * Configure the Convex Auth library. Returns an object with
34
- * functions and `auth` helper. You must export the functions
35
- * from `convex/auth.ts` to make them callable:
36
- *
37
- * ```ts filename="convex/auth.ts"
38
- * import { createAuth } from "@robelest/convex-auth/component";
39
- * import { components } from "./_generated/api";
40
- *
41
- * export const auth = createAuth(components.auth, {
42
- * providers: [],
43
- * });
44
- * export const { signIn, signOut, store } = auth;
45
- * ```
46
- *
47
- * @returns An object with fields you should reexport from your
48
- * `convex/auth.ts` file.
49
- */
50
- function Auth(config_) {
51
- const config = configDefaults(config_);
52
- const hasOAuth = config.providers.some((provider) => provider.type === "oauth");
53
- const hasSSO = config.providers.some((provider) => provider.type === "sso");
54
- const getProviderOrThrow = (id, allowExtraProviders = false) => {
55
- const provider = config.providers.find((configuredProvider) => configuredProvider.id === id) ?? (allowExtraProviders ? config.extraProviders.find((configuredProvider) => configuredProvider.id === id) : void 0);
56
- if (provider === void 0) {
57
- const detail = `Provider \`${id}\` is not configured, available providers are ${listAvailableProviders(config, allowExtraProviders)}.`;
58
- logWithLevel(LOG_LEVELS.ERROR, detail);
59
- throw Cv.error({
60
- code: "PROVIDER_NOT_CONFIGURED",
61
- message: detail,
62
- provider: id
63
- });
64
- }
65
- return provider;
66
- };
67
- const getEnterpriseSecret = async (ctx, enterpriseId, kind) => {
68
- return await ctx.runQuery(config.component.public.enterpriseSecretGet, {
69
- enterpriseId,
70
- kind
71
- });
72
- };
73
- const getEnterpriseOidcConfigWithSecret = async (ctx, enterprise) => {
74
- const oidc = getOidcConfig(enterprise.config);
75
- const secret = await getEnterpriseSecret(ctx, enterprise._id, ENTERPRISE_OIDC_CLIENT_SECRET_KIND);
76
- return {
77
- ...oidc,
78
- ...secret ? { clientSecret: await decryptSecret(secret.ciphertext) } : {}
79
- };
80
- };
81
- const INVITE_TOKEN_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
82
- const INVITE_TOKEN_LENGTH = 48;
83
- const enterpriseNotFoundError = "Enterprise not found.";
84
- const ENTERPRISE_CONTROL_ROUTE_BASE = "/api/auth/sso";
85
- const getPolicyFromEnterprise = (enterprise) => normalizeEnterprisePolicy(enterprise.policy);
86
- const loadEnterpriseOrThrow = async (ctx, enterpriseId) => {
87
- const enterprise = await ctx.runQuery(config.component.public.enterpriseGet, { enterpriseId });
88
- if (!enterprise) throw Cv.error({
89
- code: "INVALID_PARAMETERS",
90
- message: enterpriseNotFoundError
91
- });
92
- return enterprise;
93
- };
94
- const loadActiveEnterpriseOrThrow = async (ctx, enterpriseId) => {
95
- const enterprise = await loadEnterpriseOrThrow(ctx, enterpriseId);
96
- if (enterprise.status !== "active") throw Cv.error({
97
- code: "INVALID_PARAMETERS",
98
- message: "Enterprise connection is not active."
99
- });
100
- return enterprise;
101
- };
102
- const loadActiveEnterpriseSamlOrThrow = async (ctx, enterpriseId) => {
103
- const enterprise = await loadEnterpriseOrThrow(ctx, enterpriseId);
104
- const loaded = {
105
- source: {
106
- kind: "enterprise",
107
- id: enterpriseId
108
- },
109
- config: enterprise.config,
110
- status: enterprise.status,
111
- enterprise
112
- };
113
- if (!isEnterpriseSamlSourceActive(loaded)) throw Cv.error({
114
- code: "INVALID_PARAMETERS",
115
- message: "Enterprise connection is not active."
116
- });
117
- const saml = getSamlConfig(loaded.config);
118
- if (!saml.idp?.metadataXml) throw Cv.error({
119
- code: "PROVIDER_NOT_CONFIGURED",
120
- message: "SAML is not configured for this enterprise."
121
- });
122
- return {
123
- loaded,
124
- enterprise,
125
- saml
126
- };
127
- };
128
- const loadEnterpriseOidcOrThrow = async (ctx, enterpriseId) => {
129
- const enterprise = await loadActiveEnterpriseOrThrow(ctx, enterpriseId);
130
- const oidc = await getEnterpriseOidcConfigWithSecret(ctx, enterprise);
131
- if (oidc.enabled !== true) throw Cv.error({
132
- code: "PROVIDER_NOT_CONFIGURED",
133
- message: "OIDC is not configured for this enterprise."
134
- });
135
- return {
136
- enterprise,
137
- oidc
138
- };
139
- };
140
- const validateEnterprisePolicy = (policy) => {
141
- const checks = [];
142
- checks.push({
143
- name: "policy_version",
144
- ok: policy.version === 1
145
- });
146
- checks.push({
147
- name: "jit_default_role_ids_present",
148
- ok: policy.provisioning.jit.mode !== "createUserAndMembership" || policy.provisioning.jit.defaultRoleIds.length > 0,
149
- message: policy.provisioning.jit.mode === "createUserAndMembership" && policy.provisioning.jit.defaultRoleIds.length === 0 ? "At least one default roleId is required when JIT membership provisioning is enabled." : void 0
150
- });
151
- checks.push({
152
- name: "jit_default_role_ids_known",
153
- ok: policy.provisioning.jit.defaultRoleIds.every((roleId) => config.authorization.roles[roleId] !== void 0),
154
- message: policy.provisioning.jit.defaultRoleIds.every((roleId) => config.authorization.roles[roleId] !== void 0) ? void 0 : "JIT defaultRoleIds contains unknown roleIds."
155
- });
156
- checks.push({
157
- name: "scim_reuse_supported",
158
- ok: policy.provisioning.scimReuse.user === "externalId" || policy.provisioning.scimReuse.user === "none"
159
- });
160
- return checks;
161
- };
162
- const recordEnterpriseAuditEvent = async (ctx, data) => {
163
- const { ok, ...rest } = data;
164
- return await ctx.runMutation(config.component.public.enterpriseAuditEventCreate, {
165
- ...rest,
166
- status: ok ? "success" : "failure",
167
- occurredAt: Date.now()
168
- });
169
- };
170
- const emitEnterpriseWebhookDeliveries = async (ctx, data) => {
171
- const endpoints = await ctx.runQuery(config.component.public.enterpriseWebhookEndpointList, { enterpriseId: data.enterpriseId });
172
- for (const endpoint of endpoints) {
173
- if (endpoint.status !== "active" || !endpoint.subscriptions.includes(data.eventType)) continue;
174
- await ctx.runMutation(config.component.public.enterpriseWebhookDeliveryEnqueue, {
175
- enterpriseId: data.enterpriseId,
176
- endpointId: endpoint._id,
177
- auditEventId: data.auditEventId,
178
- eventType: data.eventType,
179
- payload: data.payload,
180
- nextAttemptAt: Date.now()
181
- });
182
- }
183
- };
184
- const getEnterpriseScimContext = async (ctx, request) => {
185
- const authHeader = request.headers.get("Authorization");
186
- if (!authHeader?.startsWith("Bearer ")) throw Cv.error({
187
- code: "MISSING_BEARER_TOKEN",
188
- message: "Missing or malformed Authorization: Bearer header."
189
- });
190
- const token = authHeader.slice(7);
191
- const scimConfig = await ctx.runQuery(config.component.public.enterpriseScimConfigGetByTokenHash, { tokenHash: await sha256(token) });
192
- if (!scimConfig || scimConfig.status !== "active") throw Cv.error({
193
- code: "INVALID_API_KEY",
194
- message: "Invalid SCIM token."
195
- });
196
- const parsedPath = parseScimPath(new URL(request.url).pathname);
197
- if (parsedPath.enterpriseId !== scimConfig.enterpriseId) throw Cv.error({
198
- code: "INVALID_API_KEY",
199
- message: "SCIM token/tenant mismatch."
200
- });
201
- const enterprise = await ctx.runQuery(config.component.public.enterpriseGet, { enterpriseId: scimConfig.enterpriseId });
202
- if (enterprise === null) throw Cv.error({
203
- code: "INVALID_PARAMETERS",
204
- message: "Enterprise not found."
205
- });
206
- return {
207
- scimConfig,
208
- enterprise,
209
- parsedPath
210
- };
211
- };
212
- let auth;
213
- auth = {
214
- ...createCoreDomains({
215
- config,
216
- getAuth: () => auth,
217
- callInvalidateSessions,
218
- callCreateAccountFromCredentials,
219
- callRetrieveAccountWithCredentials,
220
- callModifyAccount,
221
- getEnrichCtx: () => enrichCtx,
222
- inviteTokenAlphabet: INVITE_TOKEN_ALPHABET,
223
- inviteTokenLength: INVITE_TOKEN_LENGTH
224
- }),
225
- sso: createEnterpriseDomain({
226
- config,
227
- getAuth: () => auth,
228
- normalizeEnterprisePolicy,
229
- normalizeDomain,
230
- getEnterpriseSecret,
231
- loadEnterpriseOrThrow,
232
- validateEnterprisePolicy,
233
- recordEnterpriseAuditEvent,
234
- emitEnterpriseWebhookDeliveries,
235
- enterpriseNotFoundError,
236
- ENTERPRISE_OIDC_CLIENT_SECRET_KIND,
237
- requireEnv,
238
- generateRandomString,
239
- INVITE_TOKEN_ALPHABET,
240
- sha256,
241
- encryptSecret,
242
- upsertProtocolConfig,
243
- parseSamlIdpMetadata,
244
- createServiceProviderMetadata,
245
- getSamlServiceProviderOptions,
246
- getPublicOidcConfig,
247
- withOidcSecretState,
248
- getOidcConfig,
249
- getEnterpriseOidcUrls,
250
- enterpriseOidcProviderId,
251
- getPolicyFromEnterprise,
252
- patchEnterprisePolicy
253
- })
254
- };
255
- auth.http = {
256
- add: (http) => {
257
- addOpenIdRoutes(http, {
258
- getIssuer: () => requireEnv("CONVEX_SITE_URL"),
259
- getJwks: () => requireEnv("JWKS")
260
- });
261
- addEnterpriseHttpRuntime({
262
- http,
263
- hasSSO,
264
- auth,
265
- config,
266
- routeBase: ENTERPRISE_CONTROL_ROUTE_BASE,
267
- requireEnv,
268
- loadActiveEnterpriseSamlOrThrow,
269
- loadEnterpriseOidcOrThrow,
270
- getEnterpriseScimContext,
271
- getPolicyFromEnterprise,
272
- normalizeEnterprisePolicy,
273
- recordEnterpriseAuditEvent,
274
- emitEnterpriseWebhookDeliveries,
275
- generateRandomString,
276
- inviteTokenAlphabet: INVITE_TOKEN_ALPHABET,
277
- callUserOAuth,
278
- callVerifierSignature
279
- });
280
- if (hasOAuth) addAuthRoutes(http, {
281
- handleSignIn: convertErrorsToResponse(400, async (ctx, request) => {
282
- const url = new URL(request.url);
283
- const pathParts = url.pathname.split("/");
284
- const providerId = pathParts[pathParts.length - 1];
285
- if (providerId === null) throw Cv.error({
286
- code: "OAUTH_MISSING_PROVIDER",
287
- message: "Missing OAuth provider ID."
288
- });
289
- const verifier = url.searchParams.get("code");
290
- if (verifier === null) throw Cv.error({
291
- code: "OAUTH_MISSING_VERIFIER",
292
- message: "Missing sign-in verifier."
293
- });
294
- const oauthConfig = getProviderOrThrow(providerId);
295
- const { redirect, cookies, signature } = await createOAuthAuthorizationURL(providerId, oauthConfig.provider, oauthConfig);
296
- await callVerifierSignature(ctx, {
297
- verifier,
298
- signature
299
- });
300
- const redirectTo = url.searchParams.get("redirectTo");
301
- if (redirectTo !== null) cookies.push(redirectToParamCookie(providerId, redirectTo));
302
- const headers = new Headers({ Location: redirect });
303
- for (const { name, value, options } of cookies) headers.append("Set-Cookie", serialize(name, value, options));
304
- return new Response(null, {
305
- status: 302,
306
- headers
307
- });
308
- }),
309
- handleCallback: async (ctx, request) => {
310
- const url = new URL(request.url);
311
- const callbackPathParts = new URL(request.url).pathname.split("/");
312
- const providerId = callbackPathParts[callbackPathParts.length - 1];
313
- if (!providerId) throw Cv.error({
314
- code: "OAUTH_MISSING_PROVIDER",
315
- message: "Missing OAuth provider ID."
316
- });
317
- logWithLevel(LOG_LEVELS.DEBUG, "Handling OAuth callback for provider:", providerId);
318
- const provider = getProviderOrThrow(providerId);
319
- const cookies = getCookies(request);
320
- const maybeRedirectTo = useRedirectToParam(provider.id, cookies);
321
- const destinationUrl = await redirectAbsoluteUrl(config, { redirectTo: maybeRedirectTo?.redirectTo });
322
- const params = url.searchParams;
323
- if (request.headers.get("Content-Type") === "application/x-www-form-urlencoded") (await request.formData()).forEach((value, key) => {
324
- if (typeof value === "string") params.append(key, value);
325
- });
326
- return Fx.run(Fx.from({
327
- ok: async () => {
328
- const oauthConfig = provider;
329
- const result = await Fx.run(handleOAuthCallback(providerId, oauthConfig.provider, oauthConfig, Object.fromEntries(params.entries()), cookies));
330
- const oauthCookies = result.cookies;
331
- const { id: profileId, ...profileData } = result.profile;
332
- const { signature } = result;
333
- const redirUrl = setURLSearchParam(destinationUrl, "code", await callUserOAuth(ctx, {
334
- provider: providerId,
335
- providerAccountId: profileId,
336
- profile: profileData,
337
- signature
338
- }));
339
- const redirHeaders = new Headers({ Location: redirUrl });
340
- redirHeaders.set("Cache-Control", "must-revalidate");
341
- for (const { name, value, options } of [...oauthCookies, ...maybeRedirectTo !== null ? [maybeRedirectTo.updatedCookie] : []]) redirHeaders.append("Set-Cookie", serialize(name, value, options));
342
- return new Response(null, {
343
- status: 302,
344
- headers: redirHeaders
345
- });
346
- },
347
- err: (error) => error
348
- }).pipe(Fx.recover((error) => {
349
- logError(error);
350
- const respHeaders = new Headers({ Location: destinationUrl });
351
- for (const { name, value, options } of maybeRedirectTo !== null ? [maybeRedirectTo.updatedCookie] : []) respHeaders.append("Set-Cookie", serialize(name, value, options));
352
- return Fx.succeed(new Response(null, {
353
- status: 302,
354
- headers: respHeaders
355
- }));
356
- })));
357
- }
358
- });
359
- },
360
- context: createHttpContext(auth),
361
- action: createHttpAction(auth),
362
- route: createHttpRoute(createHttpAction(auth))
363
- };
364
- const enrichCtx = (ctx) => ({
365
- ...ctx,
366
- auth: {
367
- ...ctx.auth,
368
- config,
369
- account: auth.account,
370
- session: auth.session,
371
- member: auth.member,
372
- provider: auth.provider
373
- }
374
- });
375
- return {
376
- auth,
377
- signIn: actionGeneric({
378
- args: {
379
- provider: v.optional(v.string()),
380
- params: v.optional(v.any()),
381
- verifier: v.optional(v.string()),
382
- refreshToken: v.optional(v.string()),
383
- calledBy: v.optional(v.string())
384
- },
385
- handler: async (ctx, args) => {
386
- if (args.calledBy !== void 0) logWithLevel("INFO", `\`auth:signIn\` called by ${args.calledBy}`);
387
- const provider = args.provider !== void 0 ? getProviderOrThrow(args.provider) : null;
388
- const result = await signInImpl(enrichCtx(ctx), provider, args, {
389
- generateTokens: true,
390
- allowExtraProviders: false
391
- });
392
- return Fx.run(Fx.match(result, result.kind, {
393
- redirect: (r) => Fx.succeed({
394
- kind: "redirect",
395
- redirect: r.redirect,
396
- verifier: r.verifier
397
- }),
398
- signedIn: (r) => Fx.succeed({
399
- kind: "signedIn",
400
- tokens: r.signedIn?.tokens ?? null
401
- }),
402
- refreshTokens: (r) => Fx.succeed({
403
- kind: "signedIn",
404
- tokens: r.signedIn?.tokens ?? null
405
- }),
406
- started: () => Fx.succeed({ kind: "started" }),
407
- passkeyOptions: (r) => Fx.succeed({
408
- kind: "passkeyOptions",
409
- options: r.options,
410
- verifier: r.verifier
411
- }),
412
- totpRequired: (r) => Fx.succeed({
413
- kind: "totpRequired",
414
- verifier: r.verifier
415
- }),
416
- totpSetup: (r) => Fx.succeed({
417
- kind: "totpSetup",
418
- totpSetup: {
419
- uri: r.uri,
420
- secret: r.secret,
421
- totpId: r.totpId
422
- },
423
- verifier: r.verifier
424
- }),
425
- deviceCode: (r) => Fx.succeed({
426
- kind: "deviceCode",
427
- deviceCode: {
428
- deviceCode: r.deviceCode,
429
- userCode: r.userCode,
430
- verificationUri: r.verificationUri,
431
- verificationUriComplete: r.verificationUriComplete,
432
- expiresIn: r.expiresIn,
433
- interval: r.interval
434
- }
435
- })
436
- }));
437
- }
438
- }),
439
- signOut: actionGeneric({
440
- args: {},
441
- handler: async (ctx) => {
442
- await callSignOut(ctx);
443
- }
444
- }),
445
- store: internalMutationGeneric({
446
- args: storeArgs,
447
- handler: async (ctx, args) => {
448
- return storeImpl(ctx, args, getProviderOrThrow, config);
449
- }
450
- })
451
- };
452
- }
453
-
454
- //#endregion
455
- export { Auth };
456
- //# sourceMappingURL=runtime.js.map