npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.25 → 0.0.4-preview.28 - Mend

@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/README.md +43 -36
package/dist/bin.js +5765 -4880
package/dist/browser/index.d.ts +30 -0
package/dist/browser/index.js +93 -0
package/dist/browser/locks.js +11 -0
package/dist/browser/navigation.js +14 -0
package/dist/{factors → browser}/passkey.js +23 -32
package/dist/browser/runtime.js +92 -0
package/dist/client/core/types.d.ts +452 -5
package/dist/client/core/types.js +17 -0
package/dist/client/errors.js +19 -0
package/dist/client/factors/device.js +94 -0
package/dist/{factors → client/factors}/totp.js +12 -4
package/dist/client/index.d.ts +47 -1
package/dist/client/index.js +269 -232
package/dist/client/runtime/mutex.js +24 -0
package/dist/client/runtime/proxy.js +30 -0
package/dist/client/runtime/storage.js +45 -0
package/dist/client/services/adapters.js +7 -0
package/dist/client/services/http.js +6 -0
package/dist/client/services/resolve.js +13 -0
package/dist/client/services/runtime.js +6 -0
package/dist/component/_generated/component.d.ts +1355 -1399
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/index.d.ts +4 -26
package/dist/component/index.js +1 -1
package/dist/component/model.d.ts +26 -112
package/dist/component/model.js +76 -54
package/dist/component/modules.js +38 -0
package/dist/component/public/factors/devices.js +1 -1
package/dist/component/public/factors/passkeys.js +1 -1
package/dist/component/public/factors/totp.js +1 -1
package/dist/component/public/groups/core.js +2 -2
package/dist/component/public/groups/invites.js +1 -1
package/dist/component/public/groups/members.js +1 -1
package/dist/component/public/identity/accounts.js +1 -1
package/dist/component/public/identity/codes.js +1 -1
package/dist/component/public/identity/sessions.js +39 -2
package/dist/component/public/identity/tokens.js +82 -4
package/dist/component/public/identity/users.js +1 -1
package/dist/component/public/identity/verifiers.js +10 -4
package/dist/component/public/security/keys.js +1 -1
package/dist/component/public/security/limits.js +1 -1
package/dist/component/public/{enterprise → sso}/audit.js +26 -26
package/dist/component/public/sso/core.js +263 -0
package/dist/component/public/sso/domains.js +280 -0
package/dist/component/public/{enterprise → sso}/scim.js +87 -87
package/dist/component/public/sso/secrets.js +125 -0
package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
package/dist/component/public.js +9 -9
package/dist/component/schema.d.ts +472 -393
package/dist/component/schema.js +36 -35
package/dist/core/index.d.ts +380 -0
package/dist/core/index.js +83 -0
package/dist/otel.d.ts +69 -0
package/dist/otel.js +82 -0
package/dist/providers/anonymous.d.ts +15 -34
package/dist/providers/anonymous.js +27 -35
package/dist/providers/apple.d.ts +59 -0
package/dist/providers/apple.js +58 -0
package/dist/providers/credentials.d.ts +18 -34
package/dist/providers/credentials.js +16 -27
package/dist/providers/custom.d.ts +94 -0
package/dist/providers/custom.js +119 -0
package/dist/providers/device.d.ts +15 -49
package/dist/providers/device.js +17 -34
package/dist/providers/email.d.ts +21 -38
package/dist/providers/email.js +36 -55
package/dist/providers/github.d.ts +54 -0
package/dist/providers/github.js +75 -0
package/dist/providers/google.d.ts +54 -0
package/dist/providers/google.js +61 -0
package/dist/providers/index.d.ts +16 -12
package/dist/providers/index.js +15 -11
package/dist/providers/microsoft.d.ts +57 -0
package/dist/providers/microsoft.js +101 -0
package/dist/providers/passkey.d.ts +19 -35
package/dist/providers/passkey.js +20 -30
package/dist/providers/password.d.ts +17 -18
package/dist/providers/password.js +121 -143
package/dist/providers/phone.d.ts +13 -28
package/dist/providers/phone.js +21 -46
package/dist/providers/sso.d.ts +16 -36
package/dist/providers/sso.js +21 -22
package/dist/providers/totp.d.ts +13 -29
package/dist/providers/totp.js +17 -27
package/dist/server/auth-context.d.ts +204 -0
package/dist/server/auth-context.js +76 -0
package/dist/server/auth.d.ts +99 -244
package/dist/server/auth.js +56 -152
package/dist/server/componentContext.d.ts +12 -0
package/dist/server/componentContext.js +1 -0
package/dist/server/config.js +6 -67
package/dist/server/constants.js +6 -0
package/dist/server/contract.d.ts +105 -0
package/dist/server/contract.js +43 -0
package/dist/server/cookies.js +3 -2
package/dist/server/core.js +31 -36
package/dist/server/crypto.js +34 -44
package/dist/server/db.js +6 -1
package/dist/server/device.js +96 -130
package/dist/server/env.js +48 -0
package/dist/server/errors.js +20 -0
package/dist/server/http.d.ts +15 -59
package/dist/server/http.js +136 -120
package/dist/server/identity.js +2 -2
package/dist/server/index.d.ts +5 -4
package/dist/server/index.js +3 -3
package/dist/server/keys.js +10 -1
package/dist/server/limits.js +26 -26
package/dist/server/log.js +28 -0
package/dist/server/mounts.d.ts +1107 -296
package/dist/server/mounts.js +315 -196
package/dist/server/mutations/account.js +11 -14
package/dist/server/mutations/code.js +6 -5
package/dist/server/mutations/invalidate.js +9 -11
package/dist/server/mutations/oauth.js +112 -73
package/dist/server/mutations/refresh.js +47 -97
package/dist/server/mutations/register.js +37 -35
package/dist/server/mutations/retrieve.js +16 -16
package/dist/server/mutations/signature.js +15 -18
package/dist/server/mutations/signin.js +10 -5
package/dist/server/mutations/signout.js +11 -14
package/dist/server/mutations/store.js +25 -18
package/dist/server/mutations/verifier.js +11 -8
package/dist/server/mutations/verify.js +53 -41
package/dist/server/oauth/factory.js +44 -0
package/dist/server/oauth/index.js +12 -0
package/dist/server/oauth/runtime.js +248 -0
package/dist/server/passkey.js +331 -365
package/dist/server/payloads.d.ts +16 -0
package/dist/server/payloads.js +30 -0
package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
package/dist/server/prefetch.js +635 -0
package/dist/server/random.js +19 -0
package/dist/server/redirects.js +10 -5
package/dist/server/refresh.js +14 -86
package/dist/server/runtime.d.ts +531 -31
package/dist/server/runtime.js +106 -267
package/dist/server/secret.js +44 -0
package/dist/server/services/config.js +10 -0
package/dist/server/services/group.js +211 -0
package/dist/server/services/logger.js +8 -0
package/dist/server/services/providers.js +22 -0
package/dist/server/services/refresh.js +8 -0
package/dist/server/services/resolve.js +27 -0
package/dist/server/services/signin.js +8 -0
package/dist/server/sessions.js +35 -34
package/dist/server/signin.js +229 -140
package/dist/server/{enterprise → sso}/config.js +10 -3
package/dist/server/sso/domain.d.ts +614 -0
package/dist/server/sso/domain.js +1175 -0
package/dist/server/sso/http.js +1060 -0
package/dist/server/sso/oidc.js +324 -0
package/dist/server/sso/policies.js +59 -0
package/dist/server/sso/policy.js +139 -0
package/dist/server/sso/profile.js +22 -0
package/dist/server/sso/provision.js +179 -0
package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
package/dist/server/sso/shared.js +74 -0
package/dist/server/sso/validators.js +88 -0
package/dist/server/sso/webhook.js +94 -0
package/dist/server/tokens.js +16 -4
package/dist/server/totp.js +155 -164
package/dist/server/types.d.ts +306 -296
package/dist/server/types.js +1 -30
package/dist/server/url.js +32 -0
package/dist/server/users.js +74 -40
package/dist/server/utils/cache.js +51 -0
package/dist/server/utils/dispatch.js +36 -0
package/dist/server/utils/retry.js +24 -0
package/dist/server/utils/span.js +32 -0
package/dist/shared/errors.js +19 -0
package/dist/shared/log.js +45 -0
package/{src/test.ts → dist/test.d.ts} +21 -22
package/dist/test.js +51 -0
package/package.json +70 -42
package/dist/authorization/index.d.ts.map +0 -1
package/dist/authorization/index.js.map +0 -1
package/dist/client/core/types.d.ts.map +0 -1
package/dist/client/index.d.ts.map +0 -1
package/dist/client/index.js.map +0 -1
package/dist/component/_generated/api.d.ts +0 -75
package/dist/component/_generated/api.d.ts.map +0 -1
package/dist/component/_generated/api.js.map +0 -1
package/dist/component/_generated/component.d.ts.map +0 -1
package/dist/component/_generated/dataModel.d.ts +0 -42
package/dist/component/_generated/dataModel.d.ts.map +0 -1
package/dist/component/_generated/server.d.ts +0 -117
package/dist/component/_generated/server.d.ts.map +0 -1
package/dist/component/_generated/server.js.map +0 -1
package/dist/component/_virtual/rolldown_runtime.js +0 -18
package/dist/component/client/core/types.d.ts +0 -2
package/dist/component/client/index.d.ts +0 -1
package/dist/component/convex.config.d.ts.map +0 -1
package/dist/component/convex.config.js.map +0 -1
package/dist/component/functions.d.ts +0 -25
package/dist/component/functions.d.ts.map +0 -1
package/dist/component/functions.js.map +0 -1
package/dist/component/index.d.ts.map +0 -1
package/dist/component/model.d.ts.map +0 -1
package/dist/component/model.js.map +0 -1
package/dist/component/providers/anonymous.d.ts +0 -54
package/dist/component/providers/anonymous.d.ts.map +0 -1
package/dist/component/providers/credentials.d.ts +0 -38
package/dist/component/providers/credentials.d.ts.map +0 -1
package/dist/component/providers/device.d.ts +0 -67
package/dist/component/providers/device.d.ts.map +0 -1
package/dist/component/providers/email.d.ts +0 -62
package/dist/component/providers/email.d.ts.map +0 -1
package/dist/component/providers/oauth.d.ts +0 -25
package/dist/component/providers/oauth.d.ts.map +0 -1
package/dist/component/providers/oauth.js +0 -13
package/dist/component/providers/oauth.js.map +0 -1
package/dist/component/providers/passkey.d.ts +0 -57
package/dist/component/providers/passkey.d.ts.map +0 -1
package/dist/component/providers/password.d.ts +0 -88
package/dist/component/providers/password.d.ts.map +0 -1
package/dist/component/providers/phone.d.ts +0 -48
package/dist/component/providers/phone.d.ts.map +0 -1
package/dist/component/providers/sso.d.ts +0 -50
package/dist/component/providers/sso.d.ts.map +0 -1
package/dist/component/providers/totp.d.ts +0 -45
package/dist/component/providers/totp.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.d.ts +0 -73
package/dist/component/public/enterprise/audit.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.js.map +0 -1
package/dist/component/public/enterprise/core.d.ts +0 -176
package/dist/component/public/enterprise/core.d.ts.map +0 -1
package/dist/component/public/enterprise/core.js +0 -292
package/dist/component/public/enterprise/core.js.map +0 -1
package/dist/component/public/enterprise/domains.d.ts +0 -174
package/dist/component/public/enterprise/domains.d.ts.map +0 -1
package/dist/component/public/enterprise/domains.js +0 -271
package/dist/component/public/enterprise/domains.js.map +0 -1
package/dist/component/public/enterprise/scim.d.ts +0 -245
package/dist/component/public/enterprise/scim.d.ts.map +0 -1
package/dist/component/public/enterprise/scim.js.map +0 -1
package/dist/component/public/enterprise/secrets.d.ts +0 -78
package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
package/dist/component/public/enterprise/secrets.js +0 -118
package/dist/component/public/enterprise/secrets.js.map +0 -1
package/dist/component/public/enterprise/webhooks.d.ts +0 -211
package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
package/dist/component/public/enterprise/webhooks.js.map +0 -1
package/dist/component/public/factors/devices.d.ts +0 -157
package/dist/component/public/factors/devices.d.ts.map +0 -1
package/dist/component/public/factors/devices.js.map +0 -1
package/dist/component/public/factors/passkeys.d.ts +0 -175
package/dist/component/public/factors/passkeys.d.ts.map +0 -1
package/dist/component/public/factors/passkeys.js.map +0 -1
package/dist/component/public/factors/totp.d.ts +0 -189
package/dist/component/public/factors/totp.d.ts.map +0 -1
package/dist/component/public/factors/totp.js.map +0 -1
package/dist/component/public/groups/core.d.ts +0 -137
package/dist/component/public/groups/core.d.ts.map +0 -1
package/dist/component/public/groups/core.js.map +0 -1
package/dist/component/public/groups/invites.d.ts +0 -217
package/dist/component/public/groups/invites.d.ts.map +0 -1
package/dist/component/public/groups/invites.js.map +0 -1
package/dist/component/public/groups/members.d.ts +0 -204
package/dist/component/public/groups/members.d.ts.map +0 -1
package/dist/component/public/groups/members.js.map +0 -1
package/dist/component/public/identity/accounts.d.ts +0 -147
package/dist/component/public/identity/accounts.d.ts.map +0 -1
package/dist/component/public/identity/accounts.js.map +0 -1
package/dist/component/public/identity/codes.d.ts +0 -104
package/dist/component/public/identity/codes.d.ts.map +0 -1
package/dist/component/public/identity/codes.js.map +0 -1
package/dist/component/public/identity/sessions.d.ts +0 -128
package/dist/component/public/identity/sessions.d.ts.map +0 -1
package/dist/component/public/identity/sessions.js.map +0 -1
package/dist/component/public/identity/tokens.d.ts +0 -169
package/dist/component/public/identity/tokens.d.ts.map +0 -1
package/dist/component/public/identity/tokens.js.map +0 -1
package/dist/component/public/identity/users.d.ts +0 -212
package/dist/component/public/identity/users.d.ts.map +0 -1
package/dist/component/public/identity/users.js.map +0 -1
package/dist/component/public/identity/verifiers.d.ts +0 -116
package/dist/component/public/identity/verifiers.d.ts.map +0 -1
package/dist/component/public/identity/verifiers.js.map +0 -1
package/dist/component/public/security/keys.d.ts +0 -209
package/dist/component/public/security/keys.d.ts.map +0 -1
package/dist/component/public/security/keys.js.map +0 -1
package/dist/component/public/security/limits.d.ts +0 -114
package/dist/component/public/security/limits.d.ts.map +0 -1
package/dist/component/public/security/limits.js.map +0 -1
package/dist/component/public.d.ts +0 -28
package/dist/component/public.d.ts.map +0 -1
package/dist/component/schema.d.ts.map +0 -1
package/dist/component/schema.js.map +0 -1
package/dist/component/server/auth.d.ts +0 -447
package/dist/component/server/auth.d.ts.map +0 -1
package/dist/component/server/auth.js +0 -254
package/dist/component/server/auth.js.map +0 -1
package/dist/component/server/config.js +0 -121
package/dist/component/server/config.js.map +0 -1
package/dist/component/server/context.js +0 -53
package/dist/component/server/context.js.map +0 -1
package/dist/component/server/cookies.js +0 -47
package/dist/component/server/cookies.js.map +0 -1
package/dist/component/server/core.js +0 -576
package/dist/component/server/core.js.map +0 -1
package/dist/component/server/crypto.js +0 -56
package/dist/component/server/crypto.js.map +0 -1
package/dist/component/server/db.js +0 -87
package/dist/component/server/db.js.map +0 -1
package/dist/component/server/device.js +0 -152
package/dist/component/server/device.js.map +0 -1
package/dist/component/server/enterprise/config.js +0 -46
package/dist/component/server/enterprise/config.js.map +0 -1
package/dist/component/server/enterprise/domain.js +0 -974
package/dist/component/server/enterprise/domain.js.map +0 -1
package/dist/component/server/enterprise/http.js +0 -787
package/dist/component/server/enterprise/http.js.map +0 -1
package/dist/component/server/enterprise/oidc.js +0 -248
package/dist/component/server/enterprise/oidc.js.map +0 -1
package/dist/component/server/enterprise/policy.js +0 -85
package/dist/component/server/enterprise/policy.js.map +0 -1
package/dist/component/server/enterprise/saml.js.map +0 -1
package/dist/component/server/enterprise/scim.js.map +0 -1
package/dist/component/server/enterprise/shared.js +0 -51
package/dist/component/server/enterprise/shared.js.map +0 -1
package/dist/component/server/http.d.ts +0 -85
package/dist/component/server/http.d.ts.map +0 -1
package/dist/component/server/http.js +0 -351
package/dist/component/server/http.js.map +0 -1
package/dist/component/server/identity.js +0 -16
package/dist/component/server/identity.js.map +0 -1
package/dist/component/server/keys.js +0 -96
package/dist/component/server/keys.js.map +0 -1
package/dist/component/server/limits.js +0 -52
package/dist/component/server/limits.js.map +0 -1
package/dist/component/server/mutations/account.js +0 -46
package/dist/component/server/mutations/account.js.map +0 -1
package/dist/component/server/mutations/code.js +0 -68
package/dist/component/server/mutations/code.js.map +0 -1
package/dist/component/server/mutations/invalidate.js +0 -32
package/dist/component/server/mutations/invalidate.js.map +0 -1
package/dist/component/server/mutations/oauth.js +0 -116
package/dist/component/server/mutations/oauth.js.map +0 -1
package/dist/component/server/mutations/refresh.js +0 -119
package/dist/component/server/mutations/refresh.js.map +0 -1
package/dist/component/server/mutations/register.js +0 -87
package/dist/component/server/mutations/register.js.map +0 -1
package/dist/component/server/mutations/retrieve.js +0 -61
package/dist/component/server/mutations/retrieve.js.map +0 -1
package/dist/component/server/mutations/signature.js +0 -38
package/dist/component/server/mutations/signature.js.map +0 -1
package/dist/component/server/mutations/signin.js +0 -27
package/dist/component/server/mutations/signin.js.map +0 -1
package/dist/component/server/mutations/signout.js +0 -27
package/dist/component/server/mutations/signout.js.map +0 -1
package/dist/component/server/mutations/store/refs.js +0 -15
package/dist/component/server/mutations/store/refs.js.map +0 -1
package/dist/component/server/mutations/store.js +0 -70
package/dist/component/server/mutations/store.js.map +0 -1
package/dist/component/server/mutations/verifier.js +0 -18
package/dist/component/server/mutations/verifier.js.map +0 -1
package/dist/component/server/mutations/verify.js +0 -98
package/dist/component/server/mutations/verify.js.map +0 -1
package/dist/component/server/oauth.js +0 -242
package/dist/component/server/oauth.js.map +0 -1
package/dist/component/server/passkey.js +0 -415
package/dist/component/server/passkey.js.map +0 -1
package/dist/component/server/redirects.js +0 -40
package/dist/component/server/redirects.js.map +0 -1
package/dist/component/server/refresh.js +0 -99
package/dist/component/server/refresh.js.map +0 -1
package/dist/component/server/runtime.d.ts +0 -136
package/dist/component/server/runtime.d.ts.map +0 -1
package/dist/component/server/runtime.js +0 -456
package/dist/component/server/runtime.js.map +0 -1
package/dist/component/server/sessions.js +0 -71
package/dist/component/server/sessions.js.map +0 -1
package/dist/component/server/signin.js +0 -225
package/dist/component/server/signin.js.map +0 -1
package/dist/component/server/tokens.js +0 -17
package/dist/component/server/tokens.js.map +0 -1
package/dist/component/server/totp.js +0 -208
package/dist/component/server/totp.js.map +0 -1
package/dist/component/server/types.d.ts +0 -949
package/dist/component/server/types.d.ts.map +0 -1
package/dist/component/server/types.js +0 -79
package/dist/component/server/types.js.map +0 -1
package/dist/component/server/users.js +0 -123
package/dist/component/server/users.js.map +0 -1
package/dist/component/server/utils.js +0 -140
package/dist/component/server/utils.js.map +0 -1
package/dist/core/types.d.ts +0 -361
package/dist/core/types.d.ts.map +0 -1
package/dist/factors/device.js +0 -104
package/dist/factors/device.js.map +0 -1
package/dist/factors/passkey.js.map +0 -1
package/dist/factors/totp.js.map +0 -1
package/dist/providers/anonymous.d.ts.map +0 -1
package/dist/providers/anonymous.js.map +0 -1
package/dist/providers/credentials.d.ts.map +0 -1
package/dist/providers/credentials.js.map +0 -1
package/dist/providers/device.d.ts.map +0 -1
package/dist/providers/device.js.map +0 -1
package/dist/providers/email.d.ts.map +0 -1
package/dist/providers/email.js.map +0 -1
package/dist/providers/oauth.d.ts +0 -69
package/dist/providers/oauth.d.ts.map +0 -1
package/dist/providers/oauth.js +0 -43
package/dist/providers/oauth.js.map +0 -1
package/dist/providers/passkey.d.ts.map +0 -1
package/dist/providers/passkey.js.map +0 -1
package/dist/providers/password.d.ts.map +0 -1
package/dist/providers/password.js.map +0 -1
package/dist/providers/phone.d.ts.map +0 -1
package/dist/providers/phone.js.map +0 -1
package/dist/providers/sso.d.ts.map +0 -1
package/dist/providers/sso.js.map +0 -1
package/dist/providers/totp.d.ts.map +0 -1
package/dist/providers/totp.js.map +0 -1
package/dist/runtime/browser.js +0 -68
package/dist/runtime/browser.js.map +0 -1
package/dist/runtime/invite.js.map +0 -1
package/dist/runtime/proxy.js +0 -70
package/dist/runtime/proxy.js.map +0 -1
package/dist/runtime/storage.js +0 -37
package/dist/runtime/storage.js.map +0 -1
package/dist/server/auth.d.ts.map +0 -1
package/dist/server/auth.js.map +0 -1
package/dist/server/config.d.ts +0 -1
package/dist/server/config.js.map +0 -1
package/dist/server/context.d.ts +0 -1
package/dist/server/context.js.map +0 -1
package/dist/server/cookies.d.ts +0 -1
package/dist/server/cookies.js.map +0 -1
package/dist/server/core.d.ts +0 -1315
package/dist/server/core.d.ts.map +0 -1
package/dist/server/core.js.map +0 -1
package/dist/server/crypto.d.ts +0 -8
package/dist/server/crypto.d.ts.map +0 -1
package/dist/server/crypto.js.map +0 -1
package/dist/server/db.d.ts +0 -1
package/dist/server/db.js.map +0 -1
package/dist/server/device.d.ts +0 -1
package/dist/server/device.js.map +0 -1
package/dist/server/enterprise/config.d.ts +0 -1
package/dist/server/enterprise/config.js.map +0 -1
package/dist/server/enterprise/domain.d.ts +0 -401
package/dist/server/enterprise/domain.d.ts.map +0 -1
package/dist/server/enterprise/domain.js +0 -974
package/dist/server/enterprise/domain.js.map +0 -1
package/dist/server/enterprise/http.d.ts +0 -26
package/dist/server/enterprise/http.d.ts.map +0 -1
package/dist/server/enterprise/http.js +0 -787
package/dist/server/enterprise/http.js.map +0 -1
package/dist/server/enterprise/oidc.d.ts +0 -1
package/dist/server/enterprise/oidc.js +0 -248
package/dist/server/enterprise/oidc.js.map +0 -1
package/dist/server/enterprise/policy.d.ts +0 -1
package/dist/server/enterprise/policy.js +0 -85
package/dist/server/enterprise/policy.js.map +0 -1
package/dist/server/enterprise/saml.d.ts +0 -1
package/dist/server/enterprise/saml.js +0 -338
package/dist/server/enterprise/saml.js.map +0 -1
package/dist/server/enterprise/scim.d.ts +0 -1
package/dist/server/enterprise/scim.js +0 -97
package/dist/server/enterprise/scim.js.map +0 -1
package/dist/server/enterprise/shared.d.ts +0 -5
package/dist/server/enterprise/shared.d.ts.map +0 -1
package/dist/server/enterprise/shared.js +0 -51
package/dist/server/enterprise/shared.js.map +0 -1
package/dist/server/enterprise/validators.d.ts +0 -1
package/dist/server/enterprise/validators.js +0 -60
package/dist/server/enterprise/validators.js.map +0 -1
package/dist/server/http.d.ts.map +0 -1
package/dist/server/http.js.map +0 -1
package/dist/server/identity.d.ts +0 -1
package/dist/server/identity.js.map +0 -1
package/dist/server/keys.d.ts +0 -1
package/dist/server/keys.js.map +0 -1
package/dist/server/limits.d.ts +0 -1
package/dist/server/limits.js.map +0 -1
package/dist/server/mounts.d.ts.map +0 -1
package/dist/server/mounts.js.map +0 -1
package/dist/server/mutations/account.d.ts +0 -29
package/dist/server/mutations/account.d.ts.map +0 -1
package/dist/server/mutations/account.js.map +0 -1
package/dist/server/mutations/code.d.ts +0 -30
package/dist/server/mutations/code.d.ts.map +0 -1
package/dist/server/mutations/code.js.map +0 -1
package/dist/server/mutations/index.d.ts +0 -14
package/dist/server/mutations/invalidate.d.ts +0 -20
package/dist/server/mutations/invalidate.d.ts.map +0 -1
package/dist/server/mutations/invalidate.js.map +0 -1
package/dist/server/mutations/oauth.d.ts +0 -30
package/dist/server/mutations/oauth.d.ts.map +0 -1
package/dist/server/mutations/oauth.js.map +0 -1
package/dist/server/mutations/refresh.d.ts +0 -21
package/dist/server/mutations/refresh.d.ts.map +0 -1
package/dist/server/mutations/refresh.js.map +0 -1
package/dist/server/mutations/register.d.ts +0 -38
package/dist/server/mutations/register.d.ts.map +0 -1
package/dist/server/mutations/register.js.map +0 -1
package/dist/server/mutations/retrieve.d.ts +0 -33
package/dist/server/mutations/retrieve.d.ts.map +0 -1
package/dist/server/mutations/retrieve.js.map +0 -1
package/dist/server/mutations/signature.d.ts +0 -21
package/dist/server/mutations/signature.d.ts.map +0 -1
package/dist/server/mutations/signature.js.map +0 -1
package/dist/server/mutations/signin.d.ts +0 -22
package/dist/server/mutations/signin.d.ts.map +0 -1
package/dist/server/mutations/signin.js.map +0 -1
package/dist/server/mutations/signout.d.ts +0 -16
package/dist/server/mutations/signout.d.ts.map +0 -1
package/dist/server/mutations/signout.js.map +0 -1
package/dist/server/mutations/store/refs.d.ts +0 -12
package/dist/server/mutations/store/refs.d.ts.map +0 -1
package/dist/server/mutations/store/refs.js.map +0 -1
package/dist/server/mutations/store.d.ts +0 -306
package/dist/server/mutations/store.d.ts.map +0 -1
package/dist/server/mutations/store.js.map +0 -1
package/dist/server/mutations/verifier.d.ts +0 -13
package/dist/server/mutations/verifier.d.ts.map +0 -1
package/dist/server/mutations/verifier.js.map +0 -1
package/dist/server/mutations/verify.d.ts +0 -26
package/dist/server/mutations/verify.d.ts.map +0 -1
package/dist/server/mutations/verify.js.map +0 -1
package/dist/server/oauth.d.ts +0 -1
package/dist/server/oauth.js +0 -242
package/dist/server/oauth.js.map +0 -1
package/dist/server/passkey.d.ts +0 -27
package/dist/server/passkey.d.ts.map +0 -1
package/dist/server/passkey.js.map +0 -1
package/dist/server/redirects.d.ts +0 -1
package/dist/server/redirects.js.map +0 -1
package/dist/server/refresh.d.ts +0 -1
package/dist/server/refresh.js.map +0 -1
package/dist/server/runtime.d.ts.map +0 -1
package/dist/server/runtime.js.map +0 -1
package/dist/server/sessions.d.ts +0 -1
package/dist/server/sessions.js.map +0 -1
package/dist/server/signin.d.ts +0 -1
package/dist/server/signin.js.map +0 -1
package/dist/server/ssr.d.ts.map +0 -1
package/dist/server/ssr.js +0 -777
package/dist/server/ssr.js.map +0 -1
package/dist/server/templates.d.ts +0 -1
package/dist/server/templates.js.map +0 -1
package/dist/server/tokens.d.ts +0 -1
package/dist/server/tokens.js.map +0 -1
package/dist/server/totp.d.ts +0 -1
package/dist/server/totp.js.map +0 -1
package/dist/server/types.d.ts.map +0 -1
package/dist/server/types.js.map +0 -1
package/dist/server/users.d.ts +0 -1
package/dist/server/users.js.map +0 -1
package/dist/server/utils.d.ts +0 -1
package/dist/server/utils.js +0 -140
package/dist/server/utils.js.map +0 -1
package/src/authorization/index.ts +0 -83
package/src/cli/bin.ts +0 -5
package/src/cli/command.ts +0 -70
package/src/cli/index.ts +0 -1112
package/src/cli/keys.ts +0 -23
package/src/client/core/types.ts +0 -437
package/src/client/factors/device.ts +0 -158
package/src/client/factors/passkey.ts +0 -279
package/src/client/factors/totp.ts +0 -150
package/src/client/index.ts +0 -1124
package/src/client/runtime/browser.ts +0 -112
package/src/client/runtime/invite.ts +0 -63
package/src/client/runtime/proxy.ts +0 -111
package/src/client/runtime/storage.ts +0 -79
package/src/component/_generated/api.ts +0 -96
package/src/component/_generated/component.ts +0 -3774
package/src/component/_generated/dataModel.ts +0 -60
package/src/component/_generated/server.ts +0 -156
package/src/component/convex.config.ts +0 -5
package/src/component/functions.ts +0 -104
package/src/component/index.ts +0 -42
package/src/component/model.ts +0 -449
package/src/component/public/enterprise/audit.ts +0 -125
package/src/component/public/enterprise/core.ts +0 -355
package/src/component/public/enterprise/domains.ts +0 -327
package/src/component/public/enterprise/scim.ts +0 -397
package/src/component/public/enterprise/secrets.ts +0 -133
package/src/component/public/enterprise/webhooks.ts +0 -307
package/src/component/public/factors/devices.ts +0 -224
package/src/component/public/factors/passkeys.ts +0 -243
package/src/component/public/factors/totp.ts +0 -259
package/src/component/public/groups/core.ts +0 -481
package/src/component/public/groups/invites.ts +0 -608
package/src/component/public/groups/members.ts +0 -410
package/src/component/public/identity/accounts.ts +0 -207
package/src/component/public/identity/codes.ts +0 -149
package/src/component/public/identity/sessions.ts +0 -210
package/src/component/public/identity/tokens.ts +0 -251
package/src/component/public/identity/users.ts +0 -355
package/src/component/public/identity/verifiers.ts +0 -158
package/src/component/public/security/keys.ts +0 -366
package/src/component/public/security/limits.ts +0 -174
package/src/component/public.ts +0 -27
package/src/component/schema.ts +0 -505
package/src/providers/anonymous.ts +0 -99
package/src/providers/credentials.ts +0 -102
package/src/providers/device.ts +0 -87
package/src/providers/email.ts +0 -99
package/src/providers/index.ts +0 -31
package/src/providers/oauth.ts +0 -117
package/src/providers/passkey.ts +0 -77
package/src/providers/password.ts +0 -441
package/src/providers/phone.ts +0 -93
package/src/providers/sso.ts +0 -54
package/src/providers/totp.ts +0 -62
package/src/samlify.d.ts +0 -53
package/src/server/auth.ts +0 -949
package/src/server/config.ts +0 -200
package/src/server/context.ts +0 -90
package/src/server/cookies.ts +0 -49
package/src/server/core.ts +0 -2004
package/src/server/crypto.ts +0 -90
package/src/server/db.ts +0 -203
package/src/server/device.ts +0 -254
package/src/server/enterprise/config.ts +0 -51
package/src/server/enterprise/domain.ts +0 -1739
package/src/server/enterprise/http.ts +0 -1331
package/src/server/enterprise/oidc.ts +0 -500
package/src/server/enterprise/policy.ts +0 -128
package/src/server/enterprise/saml.ts +0 -578
package/src/server/enterprise/scim.ts +0 -135
package/src/server/enterprise/shared.ts +0 -134
package/src/server/enterprise/validators.ts +0 -93
package/src/server/http.ts +0 -790
package/src/server/identity.ts +0 -18
package/src/server/index.ts +0 -40
package/src/server/keys.ts +0 -158
package/src/server/limits.ts +0 -107
package/src/server/mounts.ts +0 -924
package/src/server/mutations/account.ts +0 -62
package/src/server/mutations/code.ts +0 -119
package/src/server/mutations/index.ts +0 -13
package/src/server/mutations/invalidate.ts +0 -50
package/src/server/mutations/oauth.ts +0 -243
package/src/server/mutations/refresh.ts +0 -299
package/src/server/mutations/register.ts +0 -155
package/src/server/mutations/retrieve.ts +0 -109
package/src/server/mutations/signature.ts +0 -57
package/src/server/mutations/signin.ts +0 -54
package/src/server/mutations/signout.ts +0 -43
package/src/server/mutations/store/refs.ts +0 -10
package/src/server/mutations/store.ts +0 -123
package/src/server/mutations/verifier.ts +0 -34
package/src/server/mutations/verify.ts +0 -200
package/src/server/oauth.ts +0 -418
package/src/server/passkey.ts +0 -838
package/src/server/redirects.ts +0 -59
package/src/server/refresh.ts +0 -218
package/src/server/runtime.ts +0 -918
package/src/server/sessions.ts +0 -132
package/src/server/signin.ts +0 -445
package/src/server/ssr.ts +0 -1747
package/src/server/templates.ts +0 -82
package/src/server/tokens.ts +0 -35
package/src/server/totp.ts +0 -399
package/src/server/types.ts +0 -1942
package/src/server/users.ts +0 -291
package/src/server/utils.ts +0 -220
/package/dist/{runtime → client/runtime}/invite.js +0 -0

package/dist/providers/oauth.d.ts DELETED Viewed

@@ -1,69 +0,0 @@
-import { OAuthProfile } from "../server/types.js";
-import { OAuth2Tokens } from "arctic";
-//#region src/providers/oauth.d.ts
-/**
- * Configuration for an OAuth provider.
- */
-interface OAuthConfig {
-  /** OAuth scopes to request during authorization. */
-  scopes?: string[];
-  /**
-   * Extract user profile from tokens.
-   *
-   * Required for non-OIDC providers (e.g. GitHub) that don't return an ID token.
-   * For OIDC providers, defaults to decoding the ID token claims.
-   */
-  profile?: (tokens: OAuth2Tokens) => Promise<OAuthProfile>;
-  /**
-   * Override the provider ID derived from the class name.
-   * Used for route matching (`/api/auth/signin/{id}`).
-   */
-  id?: string;
-}
-/** The internal tag for identifying OAuth provider configs. */
-declare const OAUTH_PROVIDER_TAG: "__convex_oauth";
-/**
- * An OAuth provider instance with config attached.
- *
- * Created by the `OAuth()` factory. The runtime detects these via the `_tag` field.
- */
-interface OAuthProviderInstance {
-  readonly _tag: typeof OAUTH_PROVIDER_TAG;
-  /** The provider ID (e.g. "google", "github"). */
-  readonly id: string;
-  /** The Arctic provider instance. */
-  readonly provider: any;
-  /** OAuth scopes. */
-  readonly scopes: string[];
-  /** Optional profile extraction callback. */
-  readonly profile?: (tokens: OAuth2Tokens) => Promise<OAuthProfile>;
-}
-/**
- * Wrap an Arctic provider instance with scopes and profile config.
- *
- * The provider ID is derived from `provider.constructor.name.toLowerCase()`
- * unless overridden via `config.id`.
- *
- * @param provider - An Arctic provider instance (e.g. `new Google(...)`)
- * @param config - Optional scopes, profile callback, and ID override
- * @returns A tagged OAuth provider config for the `providers` array
- *
- * @example
- * ```ts
- * import { Google } from "arctic";
- * import { OAuth } from "@robelest/convex-auth/providers";
- *
- * OAuth(new Google(clientId, clientSecret, redirectURI), {
- *   scopes: ["openid", "profile", "email"],
- * })
- * ```
- */
-declare function OAuth(provider: any, config?: OAuthConfig): OAuthProviderInstance;
-/**
- * Type guard to check if a provider config is an OAuth provider.
- */
-declare function isOAuthProvider(value: unknown): value is OAuthProviderInstance;
-//#endregion
-export { OAUTH_PROVIDER_TAG, OAuth, OAuthConfig, OAuthProviderInstance, isOAuthProvider };
-//# sourceMappingURL=oauth.d.ts.map

package/dist/providers/oauth.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth.d.ts","names":[],"sources":["../../src/providers/oauth.ts"],"mappings":";;;;;;;UAsBiB,WAAA;EAcb;EAZF,MAAA;EAgByD;;;;AAO3D;;EAhBE,OAAA,IAAW,MAAA,EAAQ,YAAA,KAAiB,OAAA,CAAQ,YAAA;EAiBtB;;;;EAZtB,EAAA;AAAA;;cAIW,kBAAA;;;;;;UAOI,qBAAA;EAAA,SACN,IAAA,SAAa,kBAAA;EAQ+B;EAAA,SAN5C,EAAA;EAMwD;EAAA,SAJxD,QAAA;EA2BU;EAAA,SAzBV,MAAA;EA4Ba;EAAA,SA1Bb,OAAA,IAAW,MAAA,EAAQ,YAAA,KAAiB,OAAA,CAAQ,YAAA;AAAA;;;;;AAmDvD;;;;;;;;;;;;;;;;iBA5BgB,KAAA,CACd,QAAA,OACA,MAAA,GAAS,WAAA,GACR,qBAAA;;;;iBAyBa,eAAA,CACd,KAAA,YACC,KAAA,IAAS,qBAAA"}

package/dist/providers/oauth.js DELETED Viewed

@@ -1,43 +0,0 @@
-//#region src/providers/oauth.ts
-/** The internal tag for identifying OAuth provider configs. */
-const OAUTH_PROVIDER_TAG = "__convex_oauth";
-/**
-* Wrap an Arctic provider instance with scopes and profile config.
-*
-* The provider ID is derived from `provider.constructor.name.toLowerCase()`
-* unless overridden via `config.id`.
-*
-* @param provider - An Arctic provider instance (e.g. `new Google(...)`)
-* @param config - Optional scopes, profile callback, and ID override
-* @returns A tagged OAuth provider config for the `providers` array
-*
-* @example
-* ```ts
-* import { Google } from "arctic";
-* import { OAuth } from "@robelest/convex-auth/providers";
-*
-* OAuth(new Google(clientId, clientSecret, redirectURI), {
-*   scopes: ["openid", "profile", "email"],
-* })
-* ```
-*/
-function OAuth(provider, config) {
-	if (!provider || typeof provider.createAuthorizationURL !== "function" || typeof provider.validateAuthorizationCode !== "function") throw new Error("OAuth() expects an Arctic provider instance with createAuthorizationURL and validateAuthorizationCode methods.");
-	return {
-		_tag: OAUTH_PROVIDER_TAG,
-		id: config?.id ?? provider.constructor?.name?.toLowerCase() ?? "oauth",
-		provider,
-		scopes: config?.scopes ?? [],
-		profile: config?.profile
-	};
-}
-/**
-* Type guard to check if a provider config is an OAuth provider.
-*/
-function isOAuthProvider(value) {
-	return typeof value === "object" && value !== null && "_tag" in value && value._tag === OAUTH_PROVIDER_TAG;
-}
-//#endregion
-export { OAUTH_PROVIDER_TAG, OAuth, isOAuthProvider };
-//# sourceMappingURL=oauth.js.map

package/dist/providers/oauth.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth.js","names":[],"sources":["../../src/providers/oauth.ts"],"sourcesContent":["/**\n * OAuth provider factory for wrapping Arctic provider instances.\n *\n * ```ts\n * import { Google, GitHub } from \"arctic\";\n * import { OAuth } from \"@robelest/convex-auth/providers\";\n *\n * OAuth(new Google(clientId, clientSecret, redirectURI), {\n * scopes: [\"openid\", \"profile\", \"email\"],\n * })\n * ```\n *\n * @module\n */\n\nimport type { OAuth2Tokens } from \"arctic\";\n\nimport type { OAuthProfile } from \"../server/types\";\n\n/**\n * Configuration for an OAuth provider.\n */\nexport interface OAuthConfig {\n /** OAuth scopes to request during authorization. */\n scopes?: string[];\n /**\n * Extract user profile from tokens.\n *\n * Required for non-OIDC providers (e.g. GitHub) that don't return an ID token.\n * For OIDC providers, defaults to decoding the ID token claims.\n */\n profile?: (tokens: OAuth2Tokens) => Promise<OAuthProfile>;\n /**\n * Override the provider ID derived from the class name.\n * Used for route matching (`/api/auth/signin/{id}`).\n */\n id?: string;\n}\n\n/** The internal tag for identifying OAuth provider configs. */\nexport const OAUTH_PROVIDER_TAG = \"__convex_oauth\" as const;\n\n/**\n * An OAuth provider instance with config attached.\n *\n * Created by the `OAuth()` factory. The runtime detects these via the `_tag` field.\n */\nexport interface OAuthProviderInstance {\n readonly _tag: typeof OAUTH_PROVIDER_TAG;\n /** The provider ID (e.g. \"google\", \"github\"). */\n readonly id: string;\n /** The Arctic provider instance. */\n readonly provider: any;\n /** OAuth scopes. */\n readonly scopes: string[];\n /** Optional profile extraction callback. */\n readonly profile?: (tokens: OAuth2Tokens) => Promise<OAuthProfile>;\n}\n\n/**\n * Wrap an Arctic provider instance with scopes and profile config.\n *\n * The provider ID is derived from `provider.constructor.name.toLowerCase()`\n * unless overridden via `config.id`.\n *\n * @param provider - An Arctic provider instance (e.g. `new Google(...)`)\n * @param config - Optional scopes, profile callback, and ID override\n * @returns A tagged OAuth provider config for the `providers` array\n *\n * @example\n * ```ts\n * import { Google } from \"arctic\";\n * import { OAuth } from \"@robelest/convex-auth/providers\";\n *\n * OAuth(new Google(clientId, clientSecret, redirectURI), {\n * scopes: [\"openid\", \"profile\", \"email\"],\n * })\n * ```\n */\nexport function OAuth(\n provider: any,\n config?: OAuthConfig,\n): OAuthProviderInstance {\n if (\n !provider ||\n typeof provider.createAuthorizationURL !== \"function\" ||\n typeof provider.validateAuthorizationCode !== \"function\"\n ) {\n throw new Error(\n \"OAuth() expects an Arctic provider instance with createAuthorizationURL and validateAuthorizationCode methods.\",\n );\n }\n\n const id = config?.id ?? provider.constructor?.name?.toLowerCase() ?? \"oauth\";\n\n return {\n _tag: OAUTH_PROVIDER_TAG,\n id,\n provider,\n scopes: config?.scopes ?? [],\n profile: config?.profile,\n };\n}\n\n/**\n * Type guard to check if a provider config is an OAuth provider.\n */\nexport function isOAuthProvider(\n value: unknown,\n): value is OAuthProviderInstance {\n return (\n typeof value === \"object\" &&\n value !== null &&\n \"_tag\" in value &&\n (value as any)._tag === OAUTH_PROVIDER_TAG\n );\n}\n"],"mappings":";;AAwCA,MAAa,qBAAqB;;;;;;;;;;;;;;;;;;;;;AAuClC,SAAgB,MACd,UACA,QACuB;AACvB,KACE,CAAC,YACD,OAAO,SAAS,2BAA2B,cAC3C,OAAO,SAAS,8BAA8B,WAE9C,OAAM,IAAI,MACR,iHACD;AAKH,QAAO;EACL,MAAM;EACN,IAJS,QAAQ,MAAM,SAAS,aAAa,MAAM,aAAa,IAAI;EAKpE;EACA,QAAQ,QAAQ,UAAU,EAAE;EAC5B,SAAS,QAAQ;EAClB;;;;;AAMH,SAAgB,gBACd,OACgC;AAChC,QACE,OAAO,UAAU,YACjB,UAAU,QACV,UAAU,SACT,MAAc,SAAS"}

package/dist/providers/passkey.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"passkey.d.ts","names":[],"sources":["../../src/providers/passkey.ts"],"mappings":";;AAiBA;;;;;;;;;;;;;UAAiB,aAAA;EAkBM;EAhBrB,MAAA;EAgCkB;EA9BlB,IAAA;EAmCsC;EAjCtC,MAAA;EA8BS;EA5BT,WAAA;EA6BiB;EA3BjB,gBAAA;EA6BoB;EA3BpB,WAAA;EA2BsC;EAzBtC,uBAAA;;EAEA,UAAA;;EAEA,qBAAA;AAAA;;;;;;;;;;;;;;cAgBW,OAAA;EAAA,SACF,EAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA,EAAQ,aAAA;cAEL,MAAA,GAAQ,aAAA;AAAA"}

package/dist/providers/passkey.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"passkey.js","names":[],"sources":["../../src/providers/passkey.ts"],"sourcesContent":["/**\n * Passkey (WebAuthn) authentication provider.\n *\n * ```ts\n * import { Passkey } from \"@robelest/convex-auth/providers\";\n *\n * new Passkey({ rpName: \"My App\" })\n * ```\n *\n * @module\n */\n\nimport type { PasskeyProviderConfig } from \"../server/types\";\n\n/**\n * Configuration for the Passkey provider.\n */\nexport interface PasskeyConfig {\n /** Relying Party display name. Defaults to SITE_URL hostname. */\n rpName?: string;\n /** Relying Party ID (hostname). Defaults to SITE_URL hostname. */\n rpId?: string;\n /** Allowed origins for credential verification. Defaults to SITE_URL plus SECONDARY_URL. */\n origin?: string | string[];\n /** Attestation conveyance preference. Defaults to \"none\". */\n attestation?: \"none\" | \"direct\";\n /** User verification requirement. Defaults to \"required\". */\n userVerification?: \"required\" | \"preferred\" | \"discouraged\";\n /** Resident key (discoverable credential) preference. Defaults to \"preferred\". */\n residentKey?: \"required\" | \"preferred\" | \"discouraged\";\n /** Restrict to platform or cross-platform authenticators. */\n authenticatorAttachment?: \"platform\" | \"cross-platform\";\n /** Supported COSE algorithms. Defaults to [-7 (ES256), -257 (RS256)]. */\n algorithms?: number[];\n /** Challenge expiration in ms. Defaults to 300_000 (5 minutes). */\n challengeExpirationMs?: number;\n}\n\n/**\n * Passkey (WebAuthn) authentication provider.\n *\n * Enables passwordless authentication via biometrics, security keys,\n * and synced passkeys using the Web Authentication API.\n *\n * @example\n * ```ts\n * import { Passkey } from \"@robelest/convex-auth/providers\";\n *\n * new Passkey({ rpName: \"My App\" })\n * ```\n */\nexport class Passkey {\n readonly id: string;\n readonly type = \"passkey\" as const;\n readonly config: PasskeyConfig;\n\n constructor(config: PasskeyConfig = {}) {\n this.id = \"passkey\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): PasskeyProviderConfig {\n return {\n id: this.id,\n type: \"passkey\",\n options: {\n attestation: \"none\",\n userVerification: \"required\",\n residentKey: \"preferred\",\n algorithms: [-7, -257], // ES256, RS256\n challengeExpirationMs: 300_000, // 5 minutes\n ...this.config,\n },\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAmDA,IAAa,UAAb,MAAqB;CACnB,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,SAAwB,EAAE,EAAE;AACtC,OAAK,KAAK;AACV,OAAK,SAAS;;;CAIhB,kBAAyC;AACvC,SAAO;GACL,IAAI,KAAK;GACT,MAAM;GACN,SAAS;IACP,aAAa;IACb,kBAAkB;IAClB,aAAa;IACb,YAAY,CAAC,IAAI,KAAK;IACtB,uBAAuB;IACvB,GAAG,KAAK;IACT;GACF"}

package/dist/providers/password.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"password.d.ts","names":[],"sources":["../../src/providers/password.ts"],"mappings":";;;;;;;;;UA4CiB,cAAA,mBAAiC,gBAAA;EAiBvB;;;;EAZzB,EAAA;EAkBK;;;;;;;EAVL,OAAA;EAkCA;;;EA9BE,MAAA,EAAQ,MAAA,SAAe,KAAA;EAmCzB;;;;EA9BE,GAAA,EAAK,8BAAA,CAA+B,SAAA,MACjC,mBAAA,CAAoB,cAAA,CAAe,SAAA;IACtC,KAAA;EAAA;EA2EiB;;;;;;;;;;;EA9DnB,4BAAA,IAAgC,QAAA;EA8DyB;;;;EAzDzD,MAAA,GAAS,iBAAA;EA4DuB;;;;EAvDhC,KAAA,GAAQ,WAAA,QAAmB,IAAA,UAAc,WAAA;EA0D4B;;;;EArDrE,MAAA,GAAS,WAAA,QAAmB,IAAA,UAAc,WAAA;AAAA;;;;;;;;;;;;;;;;;;cA+C/B,QAAA,mBAA2B,gBAAA,GAAmB,gBAAA;EAAA,SAChD,EAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA,EAAQ,cAAA,CAAe,SAAA;cAG9B,MAAA,GAAQ,cAAA,CAAe,SAAA;AAAA"}

package/dist/providers/password.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"password.js","names":[],"sources":["../../src/providers/password.ts"],"sourcesContent":["/**\n * Configure {@link Password} provider for email/password authentication.\n *\n * The `Password` provider supports the following flows, determined\n * by the `flow` parameter:\n *\n * - `\"signUp\"`: Create a new account with a password.\n * - `\"signIn\"`: Sign in with an existing account and password.\n * - `\"reset\"`: Request a password reset.\n * - `\"reset-verification\"`: Verify a password reset code and change password.\n * - `\"email-verification\"`: If email verification is enabled and `code` is\n * included in params, verify an OTP.\n *\n * ```ts\n * import { Password } from \"@robelest/convex-auth/providers\";\n *\n * new Password()\n * ```\n *\n * @module\n */\n\nimport { scryptAsync } from \"@noble/hashes/scrypt.js\";\nimport { bytesToHex } from \"@noble/hashes/utils.js\";\nimport { Fx } from \"@robelest/fx\";\nimport {\n DocumentByName,\n GenericDataModel,\n WithoutSystemFields,\n} from \"convex/server\";\nimport { Value } from \"convex/values\";\n\nimport type {\n EmailConfig,\n GenericActionCtxWithAuthConfig,\n GenericDoc,\n AuthProviderConfig,\n ConvexCredentialsConfig,\n} from \"../server/types\";\nimport { Credentials, type CredentialsConfig } from \"./credentials\";\n\n/**\n * The available options to a {@link Password} provider for Convex Auth.\n */\nexport interface PasswordConfig<DataModel extends GenericDataModel> {\n /**\n * Uniquely identifies the provider, allowing to use\n * multiple different {@link Password} providers.\n */\n id?: string;\n /**\n * Perform checks on provided params and customize the user\n * information stored after sign up, including email normalization.\n *\n * Called for every flow (\"signUp\", \"signIn\", \"reset\",\n * \"reset-verification\" and \"email-verification\").\n */\n profile?: (\n /**\n * The values passed to the `signIn` function.\n */\n params: Record<string, Value | undefined>,\n /**\n * Convex ActionCtx in case you want to read from or write to\n * the database.\n */\n ctx: GenericActionCtxWithAuthConfig<DataModel>,\n ) => WithoutSystemFields<DocumentByName<DataModel, \"User\">> & {\n email: string;\n };\n /**\n * Performs custom validation on password provided during sign up or reset.\n *\n * Otherwise the default validation is used (password is not empty and\n * at least 8 characters in length).\n *\n * If the provided password is invalid, implementations must throw an Error.\n *\n * @param password the password supplied during \"signUp\" or\n * \"reset-verification\" flows.\n */\n validatePasswordRequirements?: (password: string) => void;\n /**\n * Provide hashing and verification functions if you want to control\n * how passwords are hashed.\n */\n crypto?: CredentialsConfig[\"crypto\"];\n /**\n * An email provider used to require verification\n * before password reset.\n */\n reset?: EmailConfig | ((...args: any) => EmailConfig);\n /**\n * An email provider used to require verification\n * before sign up / sign in.\n */\n verify?: EmailConfig | ((...args: any) => EmailConfig);\n}\n\ntype PasswordFlowDispatch =\n | { tag: \"signUp\" }\n | { tag: \"signIn\" }\n | { tag: \"reset\" }\n | { tag: \"resetVerification\" }\n | { tag: \"emailVerification\" }\n | { tag: \"invalid\"; flow: unknown };\n\nconst PASSWORD_FLOW_TAG = {\n signUp: \"signUp\",\n signIn: \"signIn\",\n reset: \"reset\",\n \"reset-verification\": \"resetVerification\",\n \"email-verification\": \"emailVerification\",\n} as const;\n\ntype PasswordFlowInput = keyof typeof PASSWORD_FLOW_TAG;\n\nfunction decodePasswordFlow(flow: unknown): PasswordFlowDispatch {\n if (typeof flow !== \"string\") {\n return { tag: \"invalid\", flow };\n }\n\n const tag = PASSWORD_FLOW_TAG[flow as PasswordFlowInput];\n return tag === undefined ? { tag: \"invalid\", flow } : { tag };\n}\n\n/**\n * Email and password authentication provider.\n *\n * Passwords are by default hashed using scrypt.\n * You can customize the hashing via the `crypto` option.\n *\n * Email verification is not required unless you pass\n * an email provider to the `verify` option.\n *\n * @example\n * ```ts\n * import { Password } from \"@robelest/convex-auth/providers\";\n *\n * new Password()\n * new Password({ verify: myEmailProvider })\n * ```\n */\nexport class Password<DataModel extends GenericDataModel = GenericDataModel> {\n readonly id: string;\n readonly type = \"credentials\" as const;\n readonly config: PasswordConfig<DataModel>;\n\n constructor(\n config: PasswordConfig<DataModel> = {} as PasswordConfig<DataModel>,\n ) {\n this.id = config.id ?? \"password\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): ConvexCredentialsConfig {\n const config = this.config;\n const provider = this.id;\n\n return new Credentials<DataModel>({\n id: \"password\",\n authorize: async (params, ctx) => {\n const flowDispatch = decodePasswordFlow(params.flow);\n\n const validatePasswordRequirements = (password: string) => {\n if (config.validatePasswordRequirements !== undefined) {\n config.validatePasswordRequirements(password);\n return;\n }\n validateDefaultPasswordRequirements(password);\n };\n\n await Fx.run(\n Fx.match(flowDispatch, flowDispatch.tag, {\n signUp: () =>\n Fx.sync(() => {\n validatePasswordRequirements(params.password as string);\n }),\n resetVerification: () =>\n Fx.sync(() => {\n validatePasswordRequirements(params.newPassword as string);\n }),\n signIn: () => Fx.succeed(undefined),\n reset: () => Fx.succeed(undefined),\n emailVerification: () => Fx.succeed(undefined),\n invalid: () => Fx.succeed(undefined),\n }),\n );\n\n const profile = config.profile?.(params, ctx) ?? defaultProfile(params);\n const { email } = profile;\n const requirePasswordParam = (\n value: unknown,\n flow: \"signUp\" | \"signIn\",\n ) => {\n if (typeof value !== \"string\" || value.length === 0) {\n throw new Error(`Missing \\`password\\` param for \\`${flow}\\` flow`);\n }\n return value;\n };\n\n const finalizeCredentialsResult = async (\n account: GenericDoc<DataModel, \"Account\">,\n user: GenericDoc<DataModel, \"User\">,\n ) => {\n if (config.verify && !account.emailVerified) {\n return await ctx.auth.provider.signIn(\n ctx,\n config.verify as AuthProviderConfig,\n {\n accountId: account._id,\n params,\n },\n );\n }\n return { userId: user._id };\n };\n\n return await Fx.run(\n Fx.match(flowDispatch, flowDispatch.tag, {\n signUp: () =>\n Fx.promise(async () => {\n const secret = requirePasswordParam(params.password, \"signUp\");\n const created = await ctx.auth.account.create(ctx, {\n provider,\n account: { id: email, secret },\n profile: profile as any,\n shouldLinkViaEmail: config.verify !== undefined,\n shouldLinkViaPhone: false,\n });\n return await finalizeCredentialsResult(\n created.account,\n created.user,\n );\n }),\n signIn: () =>\n Fx.promise(async () => {\n const secret = requirePasswordParam(params.password, \"signIn\");\n const retrieved = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email, secret },\n });\n if (retrieved === null) {\n throw new Error(\"Invalid credentials\");\n }\n return await finalizeCredentialsResult(\n retrieved.account,\n retrieved.user,\n );\n }),\n reset: () =>\n Fx.promise(async () => {\n if (!config.reset) {\n throw new Error(\n `Password reset is not enabled for ${provider}`,\n );\n }\n const { account } = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email },\n });\n return await ctx.auth.provider.signIn(\n ctx,\n config.reset as AuthProviderConfig,\n {\n accountId: account._id,\n params,\n },\n );\n }),\n resetVerification: () =>\n Fx.promise(async () => {\n if (!config.reset) {\n throw new Error(\n `Password reset is not enabled for ${provider}`,\n );\n }\n if (params.newPassword === undefined) {\n throw new Error(\n \"Missing `newPassword` param for `reset-verification` flow\",\n );\n }\n const result = await ctx.auth.provider.signIn(\n ctx,\n config.reset as AuthProviderConfig,\n { params },\n );\n if (result === null) {\n throw new Error(\"Invalid code\");\n }\n const { userId, sessionId } = result;\n const secret = params.newPassword as string;\n await ctx.auth.account.update(ctx, {\n provider,\n account: { id: email, secret },\n });\n await ctx.auth.session.invalidate(ctx, {\n userId,\n except: [sessionId],\n });\n return { userId, sessionId };\n }),\n emailVerification: () =>\n Fx.promise(async () => {\n if (!config.verify) {\n throw new Error(\n `Email verification is not enabled for ${provider}`,\n );\n }\n const { account } = await ctx.auth.account.get(ctx, {\n provider,\n account: { id: email },\n });\n return await ctx.auth.provider.signIn(\n ctx,\n config.verify as AuthProviderConfig,\n {\n accountId: account._id,\n params,\n },\n );\n }),\n invalid: () =>\n Fx.fatal(\n new Error(\n \"Missing `flow` param, it must be one of \" +\n '\"signUp\", \"signIn\", \"reset\", \"reset-verification\" or ' +\n '\"email-verification\"!',\n ),\n ),\n }),\n );\n },\n crypto: config.crypto ?? {\n async hashSecret(password: string) {\n return await hashPassword(password);\n },\n async verifySecret(password: string, hash: string) {\n return await verifyPassword(password, hash);\n },\n },\n extraProviders: [\n config.reset as AuthProviderConfig | undefined,\n config.verify as AuthProviderConfig | undefined,\n ],\n ...config,\n })._toMaterialized();\n }\n}\n\n// ============================================================================\n// Helpers\n// ============================================================================\n\nfunction validateDefaultPasswordRequirements(password: string) {\n if (!password || password.length < 8) {\n throw new Error(\"Invalid password\");\n }\n}\n\nfunction defaultProfile(params: Record<string, unknown>) {\n const email = params.email;\n if (typeof email !== \"string\" || email.trim().length === 0) {\n throw new Error(\"Missing `email` param\");\n }\n return {\n email,\n };\n}\n\nconst PASSWORD_HASH_PARAMS = {\n N: 16384,\n r: 16,\n p: 1,\n dkLen: 64,\n} as const;\n\nconst PASSWORD_HASH_PREFIX = `scrypt:N=${PASSWORD_HASH_PARAMS.N},r=${PASSWORD_HASH_PARAMS.r},p=${PASSWORD_HASH_PARAMS.p},dkLen=${PASSWORD_HASH_PARAMS.dkLen}`;\n\nasync function hashPassword(password: string) {\n const salt = crypto.getRandomValues(new Uint8Array(32));\n const hash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);\n return `${PASSWORD_HASH_PREFIX}$${bytesToHex(salt)}$${bytesToHex(hash)}`;\n}\n\nasync function verifyPassword(password: string, storedHash: string) {\n const [prefix, saltHex, hashHex] = storedHash.split(\"$\");\n if (\n prefix !== PASSWORD_HASH_PREFIX ||\n saltHex === undefined ||\n hashHex === undefined\n ) {\n return false;\n }\n\n let salt: Uint8Array;\n let expectedHash: Uint8Array;\n try {\n salt = hexToBytes(saltHex);\n expectedHash = hexToBytes(hashHex);\n } catch {\n return false;\n }\n if (\n salt.length !== 32 ||\n expectedHash.length !== PASSWORD_HASH_PARAMS.dkLen\n ) {\n return false;\n }\n\n const actualHash = await scryptAsync(password, salt, PASSWORD_HASH_PARAMS);\n return constantTimeEqual(actualHash, expectedHash);\n}\n\nfunction hexToBytes(hex: string) {\n if (hex.length % 2 !== 0) {\n throw new Error(\"Invalid password hash\");\n }\n const bytes = new Uint8Array(hex.length / 2);\n for (let i = 0; i < bytes.length; i++) {\n const start = i * 2;\n const value = Number.parseInt(hex.slice(start, start + 2), 16);\n if (Number.isNaN(value)) {\n throw new Error(\"Invalid password hash\");\n }\n bytes[i] = value;\n }\n return bytes;\n}\n\nfunction constantTimeEqual(left: Uint8Array, right: Uint8Array) {\n if (left.length !== right.length) {\n return false;\n }\n let diff = 0;\n for (let i = 0; i < left.length; i++) {\n diff |= left[i] ^ right[i];\n }\n return diff === 0;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA2GA,MAAM,oBAAoB;CACxB,QAAQ;CACR,QAAQ;CACR,OAAO;CACP,sBAAsB;CACtB,sBAAsB;CACvB;AAID,SAAS,mBAAmB,MAAqC;AAC/D,KAAI,OAAO,SAAS,SAClB,QAAO;EAAE,KAAK;EAAW;EAAM;CAGjC,MAAM,MAAM,kBAAkB;AAC9B,QAAO,QAAQ,SAAY;EAAE,KAAK;EAAW;EAAM,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;;AAoB/D,IAAa,WAAb,MAA6E;CAC3E,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YACE,SAAoC,EAAE,EACtC;AACA,OAAK,KAAK,OAAO,MAAM;AACvB,OAAK,SAAS;;;CAIhB,kBAA2C;EACzC,MAAM,SAAS,KAAK;EACpB,MAAM,WAAW,KAAK;AAEtB,SAAO,IAAI,YAAuB;GAChC,IAAI;GACJ,WAAW,OAAO,QAAQ,QAAQ;IAChC,MAAM,eAAe,mBAAmB,OAAO,KAAK;IAEpD,MAAM,gCAAgC,aAAqB;AACzD,SAAI,OAAO,iCAAiC,QAAW;AACrD,aAAO,6BAA6B,SAAS;AAC7C;;AAEF,yCAAoC,SAAS;;AAG/C,UAAM,GAAG,IACP,GAAG,MAAM,cAAc,aAAa,KAAK;KACvC,cACE,GAAG,WAAW;AACZ,mCAA6B,OAAO,SAAmB;OACvD;KACJ,yBACE,GAAG,WAAW;AACZ,mCAA6B,OAAO,YAAsB;OAC1D;KACJ,cAAc,GAAG,QAAQ,OAAU;KACnC,aAAa,GAAG,QAAQ,OAAU;KAClC,yBAAyB,GAAG,QAAQ,OAAU;KAC9C,eAAe,GAAG,QAAQ,OAAU;KACrC,CAAC,CACH;IAED,MAAM,UAAU,OAAO,UAAU,QAAQ,IAAI,IAAI,eAAe,OAAO;IACvE,MAAM,EAAE,UAAU;IAClB,MAAM,wBACJ,OACA,SACG;AACH,SAAI,OAAO,UAAU,YAAY,MAAM,WAAW,EAChD,OAAM,IAAI,MAAM,oCAAoC,KAAK,SAAS;AAEpE,YAAO;;IAGT,MAAM,4BAA4B,OAChC,SACA,SACG;AACH,SAAI,OAAO,UAAU,CAAC,QAAQ,cAC5B,QAAO,MAAM,IAAI,KAAK,SAAS,OAC7B,KACA,OAAO,QACP;MACE,WAAW,QAAQ;MACnB;MACD,CACF;AAEH,YAAO,EAAE,QAAQ,KAAK,KAAK;;AAG7B,WAAO,MAAM,GAAG,IACd,GAAG,MAAM,cAAc,aAAa,KAAK;KACvC,cACE,GAAG,QAAQ,YAAY;MACrB,MAAM,SAAS,qBAAqB,OAAO,UAAU,SAAS;MAC9D,MAAM,UAAU,MAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;OACjD;OACA,SAAS;QAAE,IAAI;QAAO;QAAQ;OACrB;OACT,oBAAoB,OAAO,WAAW;OACtC,oBAAoB;OACrB,CAAC;AACF,aAAO,MAAM,0BACX,QAAQ,SACR,QAAQ,KACT;OACD;KACJ,cACE,GAAG,QAAQ,YAAY;MACrB,MAAM,SAAS,qBAAqB,OAAO,UAAU,SAAS;MAC9D,MAAM,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;OAChD;OACA,SAAS;QAAE,IAAI;QAAO;QAAQ;OAC/B,CAAC;AACF,UAAI,cAAc,KAChB,OAAM,IAAI,MAAM,sBAAsB;AAExC,aAAO,MAAM,0BACX,UAAU,SACV,UAAU,KACX;OACD;KACJ,aACE,GAAG,QAAQ,YAAY;AACrB,UAAI,CAAC,OAAO,MACV,OAAM,IAAI,MACR,qCAAqC,WACtC;MAEH,MAAM,EAAE,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;OAClD;OACA,SAAS,EAAE,IAAI,OAAO;OACvB,CAAC;AACF,aAAO,MAAM,IAAI,KAAK,SAAS,OAC7B,KACA,OAAO,OACP;OACE,WAAW,QAAQ;OACnB;OACD,CACF;OACD;KACJ,yBACE,GAAG,QAAQ,YAAY;AACrB,UAAI,CAAC,OAAO,MACV,OAAM,IAAI,MACR,qCAAqC,WACtC;AAEH,UAAI,OAAO,gBAAgB,OACzB,OAAM,IAAI,MACR,4DACD;MAEH,MAAM,SAAS,MAAM,IAAI,KAAK,SAAS,OACrC,KACA,OAAO,OACP,EAAE,QAAQ,CACX;AACD,UAAI,WAAW,KACb,OAAM,IAAI,MAAM,eAAe;MAEjC,MAAM,EAAE,QAAQ,cAAc;MAC9B,MAAM,SAAS,OAAO;AACtB,YAAM,IAAI,KAAK,QAAQ,OAAO,KAAK;OACjC;OACA,SAAS;QAAE,IAAI;QAAO;QAAQ;OAC/B,CAAC;AACF,YAAM,IAAI,KAAK,QAAQ,WAAW,KAAK;OACrC;OACA,QAAQ,CAAC,UAAU;OACpB,CAAC;AACF,aAAO;OAAE;OAAQ;OAAW;OAC5B;KACJ,yBACE,GAAG,QAAQ,YAAY;AACrB,UAAI,CAAC,OAAO,OACV,OAAM,IAAI,MACR,yCAAyC,WAC1C;MAEH,MAAM,EAAE,YAAY,MAAM,IAAI,KAAK,QAAQ,IAAI,KAAK;OAClD;OACA,SAAS,EAAE,IAAI,OAAO;OACvB,CAAC;AACF,aAAO,MAAM,IAAI,KAAK,SAAS,OAC7B,KACA,OAAO,QACP;OACE,WAAW,QAAQ;OACnB;OACD,CACF;OACD;KACJ,eACE,GAAG,sBACD,IAAI,MACF,+HAGD,CACF;KACJ,CAAC,CACH;;GAEH,QAAQ,OAAO,UAAU;IACvB,MAAM,WAAW,UAAkB;AACjC,YAAO,MAAM,aAAa,SAAS;;IAErC,MAAM,aAAa,UAAkB,MAAc;AACjD,YAAO,MAAM,eAAe,UAAU,KAAK;;IAE9C;GACD,gBAAgB,CACd,OAAO,OACP,OAAO,OACR;GACD,GAAG;GACJ,CAAC,CAAC,iBAAiB;;;AAQxB,SAAS,oCAAoC,UAAkB;AAC7D,KAAI,CAAC,YAAY,SAAS,SAAS,EACjC,OAAM,IAAI,MAAM,mBAAmB;;AAIvC,SAAS,eAAe,QAAiC;CACvD,MAAM,QAAQ,OAAO;AACrB,KAAI,OAAO,UAAU,YAAY,MAAM,MAAM,CAAC,WAAW,EACvD,OAAM,IAAI,MAAM,wBAAwB;AAE1C,QAAO,EACL,OACD;;AAGH,MAAM,uBAAuB;CAC3B,GAAG;CACH,GAAG;CACH,GAAG;CACH,OAAO;CACR;AAED,MAAM,uBAAuB,YAAY,qBAAqB,EAAE,KAAK,qBAAqB,EAAE,KAAK,qBAAqB,EAAE,SAAS,qBAAqB;AAEtJ,eAAe,aAAa,UAAkB;CAC5C,MAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC;CACvD,MAAM,OAAO,MAAM,YAAY,UAAU,MAAM,qBAAqB;AACpE,QAAO,GAAG,qBAAqB,GAAG,WAAW,KAAK,CAAC,GAAG,WAAW,KAAK;;AAGxE,eAAe,eAAe,UAAkB,YAAoB;CAClE,MAAM,CAAC,QAAQ,SAAS,WAAW,WAAW,MAAM,IAAI;AACxD,KACE,WAAW,wBACX,YAAY,UACZ,YAAY,OAEZ,QAAO;CAGT,IAAI;CACJ,IAAI;AACJ,KAAI;AACF,SAAO,WAAW,QAAQ;AAC1B,iBAAe,WAAW,QAAQ;SAC5B;AACN,SAAO;;AAET,KACE,KAAK,WAAW,MAChB,aAAa,WAAW,qBAAqB,MAE7C,QAAO;AAIT,QAAO,kBADY,MAAM,YAAY,UAAU,MAAM,qBAAqB,EACrC,aAAa;;AAGpD,SAAS,WAAW,KAAa;AAC/B,KAAI,IAAI,SAAS,MAAM,EACrB,OAAM,IAAI,MAAM,wBAAwB;CAE1C,MAAM,QAAQ,IAAI,WAAW,IAAI,SAAS,EAAE;AAC5C,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,MAAM,QAAQ,IAAI;EAClB,MAAM,QAAQ,OAAO,SAAS,IAAI,MAAM,OAAO,QAAQ,EAAE,EAAE,GAAG;AAC9D,MAAI,OAAO,MAAM,MAAM,CACrB,OAAM,IAAI,MAAM,wBAAwB;AAE1C,QAAM,KAAK;;AAEb,QAAO;;AAGT,SAAS,kBAAkB,MAAkB,OAAmB;AAC9D,KAAI,KAAK,WAAW,MAAM,OACxB,QAAO;CAET,IAAI,OAAO;AACX,MAAK,IAAI,IAAI,GAAG,IAAI,KAAK,QAAQ,IAC/B,SAAQ,KAAK,KAAK,MAAM;AAE1B,QAAO,SAAS"}

package/dist/providers/phone.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"phone.d.ts","names":[],"sources":["../../src/providers/phone.ts"],"mappings":";;;;;;;;;UAgBiB,mBAAA;EA0BJ;EAxBX,IAAA,EAAM,WAAA;;EAEN,EAAA;EA+B4B;EA7B5B,MAAA;AAAA;;;;;;;;;;;;;;;;;;cAoBW,KAAA;EAAA,SASiB,MAAA,EAAQ,mBAAA;EAAA,SAR3B,EAAA;EAAA,SACA,IAAA;;;;;;cAOmB,MAAA,EAAQ,mBAAA;AAAA"}

package/dist/providers/phone.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"phone.js","names":[],"sources":["../../src/providers/phone.ts"],"sourcesContent":["/**\n * Phone / SMS authentication provider.\n *\n * @module\n */\n\nimport { Fx } from \"@robelest/fx\";\n\nimport type { PhoneConfig } from \"../server/types\";\n\n/**\n * User-facing configuration for the {@link Phone} provider.\n *\n * Use this to send SMS or other phone-based verification messages during\n * sign-in.\n */\nexport interface PhoneProviderConfig {\n /** Send the verification code to the user's phone. */\n send: PhoneConfig[\"sendVerificationRequest\"];\n /** Provider ID override. Defaults to \"phone\". */\n id?: string;\n /** Token expiration in seconds. Defaults to 1200 (20 minutes). */\n maxAge?: number;\n}\n\n/**\n * Phone provider for SMS or phone-number verification flows.\n *\n * Wraps your `send()` implementation and materializes the runtime behavior\n * Convex Auth needs for short-code or magic-link-style phone verification.\n *\n * @example\n * ```ts\n * import { Phone } from \"@robelest/convex-auth/providers\";\n *\n * const phone = new Phone({\n * send: async ({ identifier, token }) => {\n * await sms.send({ to: identifier, body: `Your sign-in code is ${token}` });\n * },\n * });\n * ```\n */\nexport class Phone {\n readonly id: string;\n readonly type = \"phone\" as const;\n\n /**\n * Create a phone provider instance.\n *\n * @param config - Phone delivery and provider settings.\n */\n constructor(public readonly config: PhoneProviderConfig) {\n this.id = config.id ?? \"phone\";\n }\n\n /** @internal */\n _toMaterialized(): PhoneConfig {\n return {\n id: this.id,\n type: \"phone\",\n maxAge: this.config.maxAge ?? 60 * 20,\n authorize: async (params, account) => {\n const dispatch =\n typeof params.phone !== \"string\"\n ? ({ tag: \"missingPhone\" } as const)\n : account.providerAccountId !== params.phone\n ? ({ tag: \"mismatch\" } as const)\n : ({ tag: \"ok\" } as const);\n\n return await Fx.run(\n Fx.match(dispatch, dispatch.tag, {\n missingPhone: () =>\n Fx.fatal(\n new Error(\n \"Token verification requires a `phone` in params of `signIn`.\",\n ),\n ),\n mismatch: () =>\n Fx.fatal(\n new Error(\n \"Short verification code requires a matching `phone` \" +\n \"in params of `signIn`.\",\n ),\n ),\n ok: () => Fx.succeed(undefined),\n }),\n );\n },\n sendVerificationRequest: this.config.send,\n options: {} as any,\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA0CA,IAAa,QAAb,MAAmB;CACjB,AAAS;CACT,AAAS,OAAO;;;;;;CAOhB,YAAY,AAAgB,QAA6B;EAA7B;AAC1B,OAAK,KAAK,OAAO,MAAM;;;CAIzB,kBAA+B;AAC7B,SAAO;GACL,IAAI,KAAK;GACT,MAAM;GACN,QAAQ,KAAK,OAAO,UAAU;GAC9B,WAAW,OAAO,QAAQ,YAAY;IACpC,MAAM,WACJ,OAAO,OAAO,UAAU,WACnB,EAAE,KAAK,gBAAgB,GACxB,QAAQ,sBAAsB,OAAO,QAClC,EAAE,KAAK,YAAY,GACnB,EAAE,KAAK,MAAM;AAEtB,WAAO,MAAM,GAAG,IACd,GAAG,MAAM,UAAU,SAAS,KAAK;KAC/B,oBACE,GAAG,sBACD,IAAI,MACF,+DACD,CACF;KACH,gBACE,GAAG,sBACD,IAAI,MACF,6EAED,CACF;KACH,UAAU,GAAG,QAAQ,OAAU;KAChC,CAAC,CACH;;GAEH,yBAAyB,KAAK,OAAO;GACrC,SAAS,EAAE;GACZ"}

package/dist/providers/sso.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"sso.d.ts","names":[],"sources":["../../src/providers/sso.ts"],"mappings":";;AA6CA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAAa,GAAA;EAAA,SACF,EAAA;EAAA,SACA,IAAA;AAAA"}

package/dist/providers/sso.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"sso.js","names":[],"sources":["../../src/providers/sso.ts"],"sourcesContent":["/**\n * Enterprise SSO provider (OIDC + SAML + SCIM).\n *\n * Adding `new SSO()` to your providers list enables enterprise SSO\n * sign-in flows and registers the OIDC, SAML, and SCIM runtime HTTP\n * routes. It also makes `auth.sso.*` available on the auth\n * object returned by `createAuth`.\n *\n * ```ts\n * import { SSO } from \"@robelest/convex-auth/providers\";\n *\n * const auth = createAuth(components.auth, {\n * providers: [new SSO(), new Password()],\n * });\n *\n * // auth.sso is now available\n * await auth.sso.admin.oidc.configure(ctx, { enterpriseId, clientId, ... });\n * ```\n *\n * Without `new SSO()` in the providers list, `auth.sso` is not\n * present on the returned object and accessing it is a TypeScript error.\n *\n * @module\n */\n\nimport type { SSOProviderConfig } from \"../server/types\";\n\n/**\n * Enterprise SSO provider.\n *\n * Zero-configuration — sensible defaults are applied for all enterprise\n * protocols (OIDC, SAML, SCIM). Per-tenant configuration is done at\n * runtime via `auth.sso.*` helpers.\n *\n * @example\n * ```ts\n * import { createAuth } from \"@robelest/convex-auth/component\";\n * import { SSO, Password } from \"@robelest/convex-auth/providers\";\n * import { components } from \"./_generated/api\";\n *\n * export const auth = createAuth(components.auth, {\n * providers: [new SSO(), new Password()],\n * });\n * ```\n */\nexport class SSO {\n readonly id = \"enterprise-sso\";\n readonly type = \"sso\" as const;\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): SSOProviderConfig {\n return { id: this.id, type: \"sso\" };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AA6CA,IAAa,MAAb,MAAiB;CACf,AAAS,KAAK;CACd,AAAS,OAAO;;CAGhB,kBAAqC;AACnC,SAAO;GAAE,IAAI,KAAK;GAAI,MAAM;GAAO"}

package/dist/providers/totp.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"totp.d.ts","names":[],"sources":["../../src/providers/totp.ts"],"mappings":";;AAiBA;;;;;;;;;AAsBA;;;;UAtBiB,UAAA;EAwBN;EAtBT,MAAA;EAuBiB;EArBjB,MAAA;EAuBoB;EArBpB,MAAA;AAAA;;;;;;;;;;;;;;cAgBW,IAAA;EAAA,SACF,EAAA;EAAA,SACA,IAAA;EAAA,SACA,MAAA,EAAQ,UAAA;cAEL,MAAA,GAAQ,UAAA;AAAA"}

package/dist/providers/totp.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"totp.js","names":[],"sources":["../../src/providers/totp.ts"],"sourcesContent":["/**\n * TOTP (Time-based One-Time Password) two-factor authentication provider.\n *\n * ```ts\n * import { Totp } from \"@robelest/convex-auth/providers\";\n *\n * new Totp({ issuer: \"My App\" })\n * ```\n *\n * @module\n */\n\nimport type { TotpProviderConfig } from \"../server/types\";\n\n/**\n * Configuration for the TOTP provider.\n */\nexport interface TotpConfig {\n /** Issuer name shown in authenticator apps (e.g. \"My App\"). */\n issuer?: string;\n /** Number of digits in each code (default: 6). */\n digits?: number;\n /** Time period in seconds for code rotation (default: 30). */\n period?: number;\n}\n\n/**\n * TOTP (Time-based One-Time Password) two-factor authentication provider.\n *\n * Generates time-based one-time passwords compatible with authenticator\n * apps like Google Authenticator and Authy.\n *\n * @example\n * ```ts\n * import { Totp } from \"@robelest/convex-auth/providers\";\n *\n * new Totp({ issuer: \"My App\" })\n * ```\n */\nexport class Totp {\n readonly id: string;\n readonly type = \"totp\" as const;\n readonly config: TotpConfig;\n\n constructor(config: TotpConfig = {}) {\n this.id = \"totp\";\n this.config = config;\n }\n\n /** @internal Convert to the internal materialized config shape. */\n _toMaterialized(): TotpProviderConfig {\n return {\n id: this.id,\n type: \"totp\",\n options: {\n issuer: this.config.issuer ?? \"ConvexAuth\",\n digits: this.config.digits ?? 6,\n period: this.config.period ?? 30,\n },\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAuCA,IAAa,OAAb,MAAkB;CAChB,AAAS;CACT,AAAS,OAAO;CAChB,AAAS;CAET,YAAY,SAAqB,EAAE,EAAE;AACnC,OAAK,KAAK;AACV,OAAK,SAAS;;;CAIhB,kBAAsC;AACpC,SAAO;GACL,IAAI,KAAK;GACT,MAAM;GACN,SAAS;IACP,QAAQ,KAAK,OAAO,UAAU;IAC9B,QAAQ,KAAK,OAAO,UAAU;IAC9B,QAAQ,KAAK,OAAO,UAAU;IAC/B;GACF"}

package/dist/runtime/browser.js DELETED Viewed

@@ -1,68 +0,0 @@
-import { Fx } from "@robelest/fx";
-//#region src/client/runtime/browser.ts
-/** @internal */
-function base64urlEncode(buffer) {
-	const bytes = new Uint8Array(buffer);
-	let binary = "";
-	for (let i = 0; i < bytes.byteLength; i++) binary += String.fromCharCode(bytes[i]);
-	return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-/** @internal */
-function base64urlDecode(str) {
-	const padded = str.replace(/-/g, "+").replace(/_/g, "/");
-	const binary = atob(padded);
-	const bytes = new Uint8Array(binary.length);
-	for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
-	return bytes;
-}
-/** @internal */
-async function browserMutex(key, callback) {
-	const lockManager = globalThis?.navigator?.locks;
-	return lockManager !== void 0 ? await lockManager.request(key, callback) : await manualMutex(key, callback);
-}
-/** @internal */
-function getStorageListenerRegistry() {
-	const globalAny = globalThis;
-	if (globalAny.__convexAuthStorageListeners === void 0) globalAny.__convexAuthStorageListeners = {};
-	return globalAny.__convexAuthStorageListeners;
-}
-function getManualMutexTails() {
-	const globalAny = globalThis;
-	if (globalAny.__convexAuthMutexTails === void 0) globalAny.__convexAuthMutexTails = {};
-	return globalAny.__convexAuthMutexTails;
-}
-async function manualMutex(key, callback) {
-	const mutexTails = getManualMutexTails();
-	const previousTail = mutexTails[key] ?? Promise.resolve();
-	let releaseCurrent;
-	const currentTail = new Promise((resolve) => {
-		releaseCurrent = resolve;
-	});
-	mutexTails[key] = previousTail.then(() => currentTail, () => currentTail);
-	await Fx.run(Fx.from({
-		ok: () => previousTail,
-		err: () => void 0
-	}).pipe(Fx.recover(() => Fx.succeed(void 0))));
-	let result;
-	let threw = false;
-	let thrownError;
-	await Fx.run(Fx.from({
-		ok: async () => {
-			result = await callback();
-		},
-		err: (e) => e
-	}).pipe(Fx.recover((e) => {
-		threw = true;
-		thrownError = e;
-		return Fx.succeed(void 0);
-	})));
-	releaseCurrent?.();
-	if (mutexTails[key] === currentTail) delete mutexTails[key];
-	if (threw) throw thrownError;
-	return result;
-}
-//#endregion
-export { base64urlDecode, base64urlEncode, browserMutex, getStorageListenerRegistry };
-//# sourceMappingURL=browser.js.map

package/dist/runtime/browser.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"browser.js","names":[],"sources":["../../src/client/runtime/browser.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\n\n/** @internal */\nexport function base64urlEncode(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = \"\";\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]!);\n }\n return btoa(binary)\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\n/** @internal */\nexport function base64urlDecode(str: string): Uint8Array {\n const padded = str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\n/** @internal */\nexport async function browserMutex<T>(\n key: string,\n callback: () => Promise<T>,\n): Promise<T> {\n const lockManager = (globalThis as any)?.navigator?.locks;\n return lockManager !== undefined\n ? await lockManager.request(key, callback)\n : await manualMutex(key, callback);\n}\n\n/** @internal */\nexport function getStorageListenerRegistry(): Record<\n string,\n (event: StorageEvent) => void\n> {\n const globalAny = globalThis as any;\n if (globalAny.__convexAuthStorageListeners === undefined) {\n globalAny.__convexAuthStorageListeners = {} as Record<\n string,\n (event: StorageEvent) => void\n >;\n }\n return globalAny.__convexAuthStorageListeners as Record<\n string,\n (event: StorageEvent) => void\n >;\n}\n\nfunction getManualMutexTails(): Record<string, Promise<void>> {\n const globalAny = globalThis as any;\n if (globalAny.__convexAuthMutexTails === undefined) {\n globalAny.__convexAuthMutexTails = {} as Record<string, Promise<void>>;\n }\n return globalAny.__convexAuthMutexTails as Record<string, Promise<void>>;\n}\n\nasync function manualMutex<T>(\n key: string,\n callback: () => Promise<T>,\n): Promise<T> {\n const mutexTails = getManualMutexTails();\n const previousTail = mutexTails[key] ?? Promise.resolve();\n\n let releaseCurrent: (() => void) | undefined;\n const currentTail = new Promise<void>((resolve) => {\n releaseCurrent = resolve;\n });\n\n mutexTails[key] = previousTail.then(\n () => currentTail,\n () => currentTail,\n );\n\n await Fx.run(\n Fx.from({\n ok: () => previousTail,\n err: () => undefined,\n }).pipe(Fx.recover(() => Fx.succeed(undefined))),\n );\n let result: T;\n let threw = false;\n let thrownError: unknown;\n await Fx.run(\n Fx.from({\n ok: async () => {\n result = await callback();\n },\n err: (e) => e,\n }).pipe(\n Fx.recover((e) => {\n threw = true;\n thrownError = e;\n return Fx.succeed(undefined);\n }),\n ),\n );\n releaseCurrent?.();\n if (mutexTails[key] === currentTail) {\n delete mutexTails[key];\n }\n if (threw) {\n throw thrownError;\n }\n return result!;\n}\n"],"mappings":";;;;AAGA,SAAgB,gBAAgB,QAA6B;CAC3D,MAAM,QAAQ,IAAI,WAAW,OAAO;CACpC,IAAI,SAAS;AACb,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,IACpC,WAAU,OAAO,aAAa,MAAM,GAAI;AAE1C,QAAO,KAAK,OAAO,CAChB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,GAAG;;;AAIvB,SAAgB,gBAAgB,KAAyB;CACvD,MAAM,SAAS,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;CACxD,MAAM,SAAS,KAAK,OAAO;CAC3B,MAAM,QAAQ,IAAI,WAAW,OAAO,OAAO;AAC3C,MAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IACjC,OAAM,KAAK,OAAO,WAAW,EAAE;AAEjC,QAAO;;;AAIT,eAAsB,aACpB,KACA,UACY;CACZ,MAAM,cAAe,YAAoB,WAAW;AACpD,QAAO,gBAAgB,SACnB,MAAM,YAAY,QAAQ,KAAK,SAAS,GACxC,MAAM,YAAY,KAAK,SAAS;;;AAItC,SAAgB,6BAGd;CACA,MAAM,YAAY;AAClB,KAAI,UAAU,iCAAiC,OAC7C,WAAU,+BAA+B,EAAE;AAK7C,QAAO,UAAU;;AAMnB,SAAS,sBAAqD;CAC5D,MAAM,YAAY;AAClB,KAAI,UAAU,2BAA2B,OACvC,WAAU,yBAAyB,EAAE;AAEvC,QAAO,UAAU;;AAGnB,eAAe,YACb,KACA,UACY;CACZ,MAAM,aAAa,qBAAqB;CACxC,MAAM,eAAe,WAAW,QAAQ,QAAQ,SAAS;CAEzD,IAAI;CACJ,MAAM,cAAc,IAAI,SAAe,YAAY;AACjD,mBAAiB;GACjB;AAEF,YAAW,OAAO,aAAa,WACvB,mBACA,YACP;AAED,OAAM,GAAG,IACP,GAAG,KAAK;EACN,UAAU;EACV,WAAW;EACZ,CAAC,CAAC,KAAK,GAAG,cAAc,GAAG,QAAQ,OAAU,CAAC,CAAC,CACjD;CACD,IAAI;CACJ,IAAI,QAAQ;CACZ,IAAI;AACJ,OAAM,GAAG,IACP,GAAG,KAAK;EACN,IAAI,YAAY;AACd,YAAS,MAAM,UAAU;;EAE3B,MAAM,MAAM;EACb,CAAC,CAAC,KACD,GAAG,SAAS,MAAM;AAChB,UAAQ;AACR,gBAAc;AACd,SAAO,GAAG,QAAQ,OAAU;GAC5B,CACH,CACF;AACD,mBAAkB;AAClB,KAAI,WAAW,SAAS,YACtB,QAAO,WAAW;AAEpB,KAAI,MACF,OAAM;AAER,QAAO"}

package/dist/runtime/invite.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"invite.js","names":[],"sources":["../../src/client/runtime/invite.ts"],"sourcesContent":["/** @internal */\nexport function createInviteManager(args: {\n param: (name: string) => string | null;\n storageGet: (name: string) => Promise<string | null>;\n storageSet: (name: string, value: string) => Promise<void>;\n storageRemove: (name: string) => Promise<void>;\n cleanUrlParams: (params: string[]) => void;\n tokenKey: string;\n emailKey: string;\n}) {\n const {\n param,\n storageGet,\n storageSet,\n storageRemove,\n cleanUrlParams,\n tokenKey,\n emailKey,\n } = args;\n\n let pendingInvite: { token: string; email: string | null } | null = null;\n\n const urlInviteToken = param(\"invite\");\n if (urlInviteToken) {\n pendingInvite = { token: urlInviteToken, email: param(\"email\") };\n } else {\n void (async () => {\n const storedToken = await storageGet(tokenKey);\n if (storedToken && !pendingInvite) {\n pendingInvite = {\n token: storedToken,\n email: (await storageGet(emailKey)) ?? null,\n };\n void storageRemove(tokenKey);\n void storageRemove(emailKey);\n }\n })();\n }\n\n return {\n getPendingInvite() {\n return pendingInvite;\n },\n async persistInvite() {\n if (!pendingInvite) return;\n await storageSet(tokenKey, pendingInvite.token);\n if (pendingInvite.email) {\n await storageSet(emailKey, pendingInvite.email);\n }\n },\n async acceptInvite(): Promise<{ token: string }> {\n if (!pendingInvite) {\n throw new Error(\"No pending invite to accept.\");\n }\n const { token } = pendingInvite;\n pendingInvite = null;\n void storageRemove(tokenKey);\n void storageRemove(emailKey);\n cleanUrlParams([\"invite\", \"email\"]);\n return { token };\n },\n };\n}\n"],"mappings":";;AACA,SAAgB,oBAAoB,MAQjC;CACD,MAAM,EACJ,OACA,YACA,YACA,eACA,gBACA,UACA,aACE;CAEJ,IAAI,gBAAgE;CAEpE,MAAM,iBAAiB,MAAM,SAAS;AACtC,KAAI,eACF,iBAAgB;EAAE,OAAO;EAAgB,OAAO,MAAM,QAAQ;EAAE;KAEhE,EAAM,YAAY;EAChB,MAAM,cAAc,MAAM,WAAW,SAAS;AAC9C,MAAI,eAAe,CAAC,eAAe;AACjC,mBAAgB;IACd,OAAO;IACP,OAAQ,MAAM,WAAW,SAAS,IAAK;IACxC;AACD,GAAK,cAAc,SAAS;AAC5B,GAAK,cAAc,SAAS;;KAE5B;AAGN,QAAO;EACL,mBAAmB;AACjB,UAAO;;EAET,MAAM,gBAAgB;AACpB,OAAI,CAAC,cAAe;AACpB,SAAM,WAAW,UAAU,cAAc,MAAM;AAC/C,OAAI,cAAc,MAChB,OAAM,WAAW,UAAU,cAAc,MAAM;;EAGnD,MAAM,eAA2C;AAC/C,OAAI,CAAC,cACH,OAAM,IAAI,MAAM,+BAA+B;GAEjD,MAAM,EAAE,UAAU;AAClB,mBAAgB;AAChB,GAAK,cAAc,SAAS;AAC5B,GAAK,cAAc,SAAS;AAC5B,kBAAe,CAAC,UAAU,QAAQ,CAAC;AACnC,UAAO,EAAE,OAAO;;EAEnB"}

package/dist/runtime/proxy.js DELETED Viewed

@@ -1,70 +0,0 @@
-import { Fx } from "@robelest/fx";
-import { ConvexError } from "convex/values";
-//#region src/client/runtime/proxy.ts
-const NETWORK_ERROR_PATTERN = /(network|fetch|load failed|failed to fetch)/i;
-/** @internal */
-function isTransientNetworkError(error) {
-	return error instanceof TypeError || error instanceof Error && NETWORK_ERROR_PATTERN.test(error.message || "");
-}
-/** @internal */
-function isRetriableProxyRefreshError(error) {
-	if (isTransientNetworkError(error)) return true;
-	if (!(error instanceof Error)) return false;
-	const statusMatch = error.message.match(/Proxy request failed:\s*(\d{3})/);
-	if (statusMatch === null) return false;
-	const statusCode = Number(statusMatch[1]);
-	return statusCode >= 500 && statusCode < 600;
-}
-/** @internal */
-function createProxyHelpers(args) {
-	const { proxy } = args;
-	const resolveProxyUrl = () => {
-		const origin = typeof window !== "undefined" && typeof window.location?.origin === "string" ? window.location.origin : typeof location !== "undefined" && typeof location.origin === "string" ? location.origin : null;
-		if (origin !== null) return new URL(proxy, origin).toString();
-		return Fx.run(Fx.from({
-			ok: () => new URL(proxy).toString(),
-			err: () => proxy
-		}).pipe(Fx.recover((fallback) => Fx.succeed(fallback))));
-	};
-	const isAbsoluteUrl = (value) => {
-		return Fx.run(Fx.from({
-			ok: () => {
-				new URL(value);
-				return true;
-			},
-			err: () => false
-		}).pipe(Fx.recover((v) => Fx.succeed(v))));
-	};
-	const proxyFetch = async (body) => {
-		const proxyUrl = await resolveProxyUrl();
-		if (typeof window === "undefined" && !await isAbsoluteUrl(proxyUrl)) throw new Error(`Cannot call relative proxy URL \`${proxy}\` without a browser origin. Pass an absolute proxy URL for server runtimes.`);
-		const response = await fetch(proxyUrl, {
-			method: "POST",
-			headers: { "Content-Type": "application/json" },
-			credentials: "include",
-			body: JSON.stringify(body)
-		});
-		if (!response.ok) {
-			const errorBody = await Fx.run(Fx.from({
-				ok: () => response.json(),
-				err: () => ({})
-			}).pipe(Fx.recover((fallback) => Fx.succeed(fallback))));
-			if (typeof errorBody === "object" && errorBody !== null && "authError" in errorBody && typeof errorBody.authError === "object") throw new ConvexError(errorBody.authError);
-			throw new Error(errorBody.error ?? `Proxy request failed: ${response.status}`);
-		}
-		return Fx.run(Fx.from({
-			ok: () => response.json(),
-			err: () => /* @__PURE__ */ new Error("Proxy response was not valid JSON")
-		}).pipe(Fx.recover((e) => Fx.fatal(e))));
-	};
-	return {
-		isAbsoluteUrl,
-		proxyFetch,
-		resolveProxyUrl
-	};
-}
-//#endregion
-export { createProxyHelpers, isRetriableProxyRefreshError, isTransientNetworkError };
-//# sourceMappingURL=proxy.js.map

package/dist/runtime/proxy.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"proxy.js","names":[],"sources":["../../src/client/runtime/proxy.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { ConvexError, type Value } from \"convex/values\";\n\nconst NETWORK_ERROR_PATTERN = /(network|fetch|load failed|failed to fetch)/i;\n\n/** @internal */\nexport function isTransientNetworkError(error: unknown): boolean {\n return (\n error instanceof TypeError ||\n (error instanceof Error && NETWORK_ERROR_PATTERN.test(error.message || \"\"))\n );\n}\n\n/** @internal */\nexport function isRetriableProxyRefreshError(error: unknown): boolean {\n if (isTransientNetworkError(error)) {\n return true;\n }\n if (!(error instanceof Error)) {\n return false;\n }\n const statusMatch = error.message.match(/Proxy request failed:\\s*(\\d{3})/);\n if (statusMatch === null) {\n return false;\n }\n const statusCode = Number(statusMatch[1]);\n return statusCode >= 500 && statusCode < 600;\n}\n\n/** @internal */\nexport function createProxyHelpers(args: { proxy: string | undefined }) {\n const { proxy } = args;\n\n const resolveProxyUrl = () => {\n const origin =\n typeof window !== \"undefined\" &&\n typeof window.location?.origin === \"string\"\n ? window.location.origin\n : typeof location !== \"undefined\" && typeof location.origin === \"string\"\n ? location.origin\n : null;\n if (origin !== null) {\n return new URL(proxy!, origin).toString();\n }\n return Fx.run(\n Fx.from({\n ok: () => new URL(proxy!).toString(),\n err: () => proxy! as string,\n }).pipe(Fx.recover((fallback) => Fx.succeed(fallback))),\n );\n };\n\n const isAbsoluteUrl = (value: string) => {\n return Fx.run(\n Fx.from({\n ok: () => {\n new URL(value);\n return true;\n },\n err: () => false as const,\n }).pipe(Fx.recover((v) => Fx.succeed(v))),\n );\n };\n\n const proxyFetch = async (body: Record<string, unknown>) => {\n const proxyUrl = await resolveProxyUrl();\n if (typeof window === \"undefined\" && !(await isAbsoluteUrl(proxyUrl))) {\n throw new Error(\n `Cannot call relative proxy URL \\`${proxy!}\\` without a browser origin. ` +\n \"Pass an absolute proxy URL for server runtimes.\",\n );\n }\n\n const response = await fetch(proxyUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n credentials: \"include\",\n body: JSON.stringify(body),\n });\n if (!response.ok) {\n const errorBody = await Fx.run(\n Fx.from({\n ok: () => response.json() as Promise<Record<string, unknown>>,\n err: () => ({}) as Record<string, unknown>,\n }).pipe(Fx.recover((fallback) => Fx.succeed(fallback))),\n );\n if (\n typeof errorBody === \"object\" &&\n errorBody !== null &&\n \"authError\" in errorBody &&\n typeof (errorBody as Record<string, unknown>).authError === \"object\"\n ) {\n throw new ConvexError(\n (errorBody as Record<string, unknown>).authError as Value,\n );\n }\n throw new Error(\n ((errorBody as Record<string, unknown>).error as string) ??\n `Proxy request failed: ${response.status}`,\n );\n }\n return Fx.run(\n Fx.from({\n ok: () => response.json(),\n err: () => new Error(\"Proxy response was not valid JSON\"),\n }).pipe(Fx.recover((e) => Fx.fatal(e))),\n );\n };\n\n return { isAbsoluteUrl, proxyFetch, resolveProxyUrl };\n}\n"],"mappings":";;;;AAGA,MAAM,wBAAwB;;AAG9B,SAAgB,wBAAwB,OAAyB;AAC/D,QACE,iBAAiB,aAChB,iBAAiB,SAAS,sBAAsB,KAAK,MAAM,WAAW,GAAG;;;AAK9E,SAAgB,6BAA6B,OAAyB;AACpE,KAAI,wBAAwB,MAAM,CAChC,QAAO;AAET,KAAI,EAAE,iBAAiB,OACrB,QAAO;CAET,MAAM,cAAc,MAAM,QAAQ,MAAM,kCAAkC;AAC1E,KAAI,gBAAgB,KAClB,QAAO;CAET,MAAM,aAAa,OAAO,YAAY,GAAG;AACzC,QAAO,cAAc,OAAO,aAAa;;;AAI3C,SAAgB,mBAAmB,MAAqC;CACtE,MAAM,EAAE,UAAU;CAElB,MAAM,wBAAwB;EAC5B,MAAM,SACJ,OAAO,WAAW,eAClB,OAAO,OAAO,UAAU,WAAW,WAC/B,OAAO,SAAS,SAChB,OAAO,aAAa,eAAe,OAAO,SAAS,WAAW,WAC5D,SAAS,SACT;AACR,MAAI,WAAW,KACb,QAAO,IAAI,IAAI,OAAQ,OAAO,CAAC,UAAU;AAE3C,SAAO,GAAG,IACR,GAAG,KAAK;GACN,UAAU,IAAI,IAAI,MAAO,CAAC,UAAU;GACpC,WAAW;GACZ,CAAC,CAAC,KAAK,GAAG,SAAS,aAAa,GAAG,QAAQ,SAAS,CAAC,CAAC,CACxD;;CAGH,MAAM,iBAAiB,UAAkB;AACvC,SAAO,GAAG,IACR,GAAG,KAAK;GACN,UAAU;AACR,QAAI,IAAI,MAAM;AACd,WAAO;;GAET,WAAW;GACZ,CAAC,CAAC,KAAK,GAAG,SAAS,MAAM,GAAG,QAAQ,EAAE,CAAC,CAAC,CAC1C;;CAGH,MAAM,aAAa,OAAO,SAAkC;EAC1D,MAAM,WAAW,MAAM,iBAAiB;AACxC,MAAI,OAAO,WAAW,eAAe,CAAE,MAAM,cAAc,SAAS,CAClE,OAAM,IAAI,MACR,oCAAoC,MAAO,8EAE5C;EAGH,MAAM,WAAW,MAAM,MAAM,UAAU;GACrC,QAAQ;GACR,SAAS,EAAE,gBAAgB,oBAAoB;GAC/C,aAAa;GACb,MAAM,KAAK,UAAU,KAAK;GAC3B,CAAC;AACF,MAAI,CAAC,SAAS,IAAI;GAChB,MAAM,YAAY,MAAM,GAAG,IACzB,GAAG,KAAK;IACN,UAAU,SAAS,MAAM;IACzB,YAAY,EAAE;IACf,CAAC,CAAC,KAAK,GAAG,SAAS,aAAa,GAAG,QAAQ,SAAS,CAAC,CAAC,CACxD;AACD,OACE,OAAO,cAAc,YACrB,cAAc,QACd,eAAe,aACf,OAAQ,UAAsC,cAAc,SAE5D,OAAM,IAAI,YACP,UAAsC,UACxC;AAEH,SAAM,IAAI,MACN,UAAsC,SACtC,yBAAyB,SAAS,SACrC;;AAEH,SAAO,GAAG,IACR,GAAG,KAAK;GACN,UAAU,SAAS,MAAM;GACzB,2BAAW,IAAI,MAAM,oCAAoC;GAC1D,CAAC,CAAC,KAAK,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC,CACxC;;AAGH,QAAO;EAAE;EAAe;EAAY;EAAiB"}

package/dist/runtime/storage.js DELETED Viewed

@@ -1,37 +0,0 @@
-import { Fx } from "@robelest/fx";
-//#region src/client/runtime/storage.ts
-/** @internal */
-function createStorageHelpers(args) {
-	const { storage, key } = args;
-	const get = async (name) => {
-		if (!storage) return null;
-		return Fx.run(Fx.from({
-			ok: async () => await storage.getItem(key(name)) ?? null,
-			err: (e) => e
-		}).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to read ${name} from storage:`, error))), Fx.recover(() => Fx.succeed(null))));
-	};
-	const set = async (name, value) => {
-		if (!storage) return;
-		await Fx.run(Fx.from({
-			ok: () => storage.setItem(key(name), value),
-			err: (e) => e
-		}).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to write ${name} to storage:`, error))), Fx.recover(() => Fx.succeed(void 0))));
-	};
-	const remove = async (name) => {
-		if (!storage) return;
-		await Fx.run(Fx.from({
-			ok: () => storage.removeItem(key(name)),
-			err: (e) => e
-		}).pipe(Fx.inspect((error) => Fx.sync(() => console.error(`[convex-auth] Failed to remove ${name} from storage:`, error))), Fx.recover(() => Fx.succeed(void 0))));
-	};
-	return {
-		get,
-		set,
-		remove
-	};
-}
-//#endregion
-export { createStorageHelpers };
-//# sourceMappingURL=storage.js.map

package/dist/runtime/storage.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"storage.js","names":[],"sources":["../../src/client/runtime/storage.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\n\nimport type { Storage } from \"../core/types\";\n\n/** @internal */\nexport function createStorageHelpers(args: {\n storage: Storage | null;\n key: (name: string) => string;\n}) {\n const { storage, key } = args;\n\n const get = async (name: string): Promise<string | null> => {\n if (!storage) {\n return null;\n }\n return Fx.run(\n Fx.from({\n ok: async () => (await storage.getItem(key(name))) ?? null,\n err: (e) => e,\n }).pipe(\n Fx.inspect((error) =>\n Fx.sync(() =>\n console.error(\n `[convex-auth] Failed to read ${name} from storage:`,\n error,\n ),\n ),\n ),\n Fx.recover(() => Fx.succeed(null)),\n ),\n );\n };\n\n const set = async (name: string, value: string): Promise<void> => {\n if (!storage) {\n return;\n }\n await Fx.run(\n Fx.from({\n ok: () => storage.setItem(key(name), value),\n err: (e) => e,\n }).pipe(\n Fx.inspect((error) =>\n Fx.sync(() =>\n console.error(\n `[convex-auth] Failed to write ${name} to storage:`,\n error,\n ),\n ),\n ),\n Fx.recover(() => Fx.succeed(undefined)),\n ),\n );\n };\n\n const remove = async (name: string): Promise<void> => {\n if (!storage) {\n return;\n }\n await Fx.run(\n Fx.from({\n ok: () => storage.removeItem(key(name)),\n err: (e) => e,\n }).pipe(\n Fx.inspect((error) =>\n Fx.sync(() =>\n console.error(\n `[convex-auth] Failed to remove ${name} from storage:`,\n error,\n ),\n ),\n ),\n Fx.recover(() => Fx.succeed(undefined)),\n ),\n );\n };\n\n return { get, set, remove };\n}\n"],"mappings":";;;;AAKA,SAAgB,qBAAqB,MAGlC;CACD,MAAM,EAAE,SAAS,QAAQ;CAEzB,MAAM,MAAM,OAAO,SAAyC;AAC1D,MAAI,CAAC,QACH,QAAO;AAET,SAAO,GAAG,IACR,GAAG,KAAK;GACN,IAAI,YAAa,MAAM,QAAQ,QAAQ,IAAI,KAAK,CAAC,IAAK;GACtD,MAAM,MAAM;GACb,CAAC,CAAC,KACD,GAAG,SAAS,UACV,GAAG,WACD,QAAQ,MACN,gCAAgC,KAAK,iBACrC,MACD,CACF,CACF,EACD,GAAG,cAAc,GAAG,QAAQ,KAAK,CAAC,CACnC,CACF;;CAGH,MAAM,MAAM,OAAO,MAAc,UAAiC;AAChE,MAAI,CAAC,QACH;AAEF,QAAM,GAAG,IACP,GAAG,KAAK;GACN,UAAU,QAAQ,QAAQ,IAAI,KAAK,EAAE,MAAM;GAC3C,MAAM,MAAM;GACb,CAAC,CAAC,KACD,GAAG,SAAS,UACV,GAAG,WACD,QAAQ,MACN,iCAAiC,KAAK,eACtC,MACD,CACF,CACF,EACD,GAAG,cAAc,GAAG,QAAQ,OAAU,CAAC,CACxC,CACF;;CAGH,MAAM,SAAS,OAAO,SAAgC;AACpD,MAAI,CAAC,QACH;AAEF,QAAM,GAAG,IACP,GAAG,KAAK;GACN,UAAU,QAAQ,WAAW,IAAI,KAAK,CAAC;GACvC,MAAM,MAAM;GACb,CAAC,CAAC,KACD,GAAG,SAAS,UACV,GAAG,WACD,QAAQ,MACN,kCAAkC,KAAK,iBACvC,MACD,CACF,CACF,EACD,GAAG,cAAc,GAAG,QAAQ,OAAU,CAAC,CACxC,CACF;;AAGH,QAAO;EAAE;EAAK;EAAK;EAAQ"}

package/dist/server/auth.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"auth.d.ts","names":[],"sources":["../../src/server/auth.ts"],"mappings":";;;;;;;;;;AAyCA;;KAHY,UAAA,GAAa,IAAA,CAAK,gBAAA;;KAGlB,OAAA,GAAU,GAAA;AAAA,KAEjB,0BAAA,wBACoB,uBAAA,gBACrB,IAAA,CACF,UAAA,QAAkB,MAAA;EAGlB,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,MAAA,mCAEpB,IAAA;IACE,OAAA;IACA,MAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA;IACA,MAAA,GAAS,MAAA;EAAA,MAER,OAAA;IAAU,QAAA;EAAA;EACf,IAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,MAAA,iCAEpB,IAAA;IACE,KAAA;MACE,OAAA;MACA,MAAA;MACA,MAAA,GAAS,UAAA,CAAW,cAAA;MACpB,MAAA;IAAA;IAEF,KAAA;IACA,MAAA;IACA,OAAA;IACA,KAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,MAAA;EAClC,MAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,MAAA,mCAEpB,QAAA,UACA,IAAA,EAAM,MAAA;IAA4B,OAAA,GAAU,UAAA,CAAW,cAAA;EAAA,MACpD,OAAA;IAAU,QAAA;EAAA;EACf,OAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,MAAA,oCAEpB,IAAA;IACE,MAAA;IACA,OAAA;IACA,QAAA;IACA,QAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,MAAA;EAClC,OAAA,GACE,GAAA,EAAK,UAAA,CACH,UAAA,QAAkB,MAAA,oCAEpB,IAAA;IACE,MAAA;IACA,OAAA;IACA,QAAA;IACA,OAAA,GAAU,UAAA,CAAW,cAAA;IACrB,MAAA,GAAS,SAAA,CAAU,cAAA;IACnB,QAAA;EAAA,MAEC,UAAA,CAAW,UAAA,QAAkB,MAAA;AAAA;;;;;;;;;;;;;;;;KAkBxB,WAAA,wBACa,uBAAA;EAEvB,MAAA,EAAQ,UAAA,QAAkB,MAAA;EAC1B,OAAA,EAAS,UAAA,QAAkB,MAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,MAAA;EACzB,IAAA,EAAM,UAAA,QAAkB,MAAA;EACxB,OAAA,EAAS,UAAA,QAAkB,MAAA;EAC3B,QAAA,EAAU,UAAA,QAAkB,MAAA;EAC5B,OAAA,EAAS,UAAA,QAAkB,MAAA;EAC3B,KAAA,EAAO,UAAA,QAAkB,MAAA;EACzB,MAAA,EAAQ,0BAAA,CAA2B,cAAA;EACnC,MAAA,EAAQ,UAAA,QAAkB,MAAA;EAC1B,GAAA,EAAK,UAAA,QAAkB,MAAA;EACvB,IAAA,EAAM,UAAA,QAAkB,MAAA;EA7EpB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgHJ,OAAA,EAAS,mBAAA;EAzFP;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCJ;;;;;;;;EAwFE,GAAA,EAAK,kBAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;KA0BK,WAAA;EA/GV,4CAiHA,MAAA,EAAQ,SAAA,UAjHkB;EAmH1B,IAAA,EAAM,OAAA,EAlHG;EAoHT,OAAA,iBAnHA;EAqHA,IAAA,iBArHyB;EAuHzB,MAAA;AAAA;;;;;;;;;;;;;;;;;;;;KAsBU,mBAAA;EArIL,4EAuIL,MAAA,EAAQ,SAAA,iBAtIR;EAwIA,IAAA,EAAM,OAAA,SAxIkB;EA0IxB,OAAA,iBAvGS;EAyGT,IAAA,iBAlEK;EAoEL,MAAA;AAAA;AAAA,KAGG,eAAA;EACH,eAAA,QAAuB,OAAA,CAAQ,YAAA;AAAA;AAAA,KAG5B,wBAAA,GAA2B,eAAA,GAAkB,WAAA;AAAA,KAE7C,wBAAA,GAA2B,eAAA,GAAkB,mBAAA;AAAA,KAE7C,mBAAA,aAAgC,WAAA,GAAc,QAAA;AAAA,KAE9C,2BAAA,aAAwC,mBAAA,GAAsB,QAAA;AAAA,KAE9D,mBAAA;EAAA,kBACe,MAAA,oBAA0B,MAAA,iBAC1C,GAAA,OACA,MAAA,EAAQ,iBAAA,CAAkB,QAAA;IAAc,QAAA;EAAA,IACvC,OAAA,CAAQ,2BAAA,CAA4B,QAAA;EAAA,kBACrB,MAAA,oBAA0B,MAAA,iBAC1C,GAAA,OACA,MAAA,GAAS,iBAAA,CAAkB,QAAA,IAC1B,OAAA,CAAQ,mBAAA,CAAoB,QAAA;AAAA;AAAA,KAG5B,wBAAA;EACH,IAAA;EACA,KAAA,GACE,GAAA,OACA,KAAA,OACA,MAAA,WACG,OAAA;IACH,GAAA;MACE,IAAA,EAAM,KAAA;IAAA;IAER,IAAA;EAAA;AAAA;AAAA,KAIC,kBAAA;EAAA,kBACe,MAAA,oBAA0B,MAAA,iBAC1C,MAAA,EAAQ,iBAAA,CAAkB,QAAA;IAAc,QAAA;EAAA,IACvC,wBAAA,CAAyB,wBAAA,GAA2B,QAAA;EAAA,kBACrC,MAAA,oBAA0B,MAAA,iBAC1C,MAAA,GAAS,iBAAA,CAAkB,QAAA,IAC1B,wBAAA,CAAyB,wBAAA,GAA2B,QAAA;AAAA;AAAA,KAGpD,cAAA,GAAiB,UAAA,QAAkB,MAAA;AAAA,KAEnC,iBAAA;EACH,UAAA,EAAY,cAAA;IACV,MAAA;MACE,IAAA,EAAM,cAAA;MACN,QAAA,EAAU,cAAA;MACV,GAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,YAAA,UACA,OAAA,EAAS,KAAA;QACP,MAAA;QACA,SAAA;MAAA,OAEC,OAAA;QACH,YAAA;QACA,OAAA,EAAS,KAAA;UACP,QAAA;UACA,MAAA;UACA,SAAA;UACA,QAAA;UACA,UAAA;QAAA;MAAA;MAGJ,YAAA;QACE,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,YAAA;UACA,MAAA;UACA,WAAA;UACA,SAAA;UACA,SAAA;YACE,UAAA;YACA,UAAA;YACA,WAAA;UAAA;QAAA;QAGJ,OAAA,GACE,GAAA,EAAK,UAAA,CAAW,cAAA,8BAChB,IAAA;UAAQ,YAAA;UAAsB,MAAA;QAAA,MAC3B,OAAA;UACH,YAAA;UACA,MAAA;UACA,UAAA;UACA,MAAA,EAAQ,KAAA;YAAQ,IAAA;YAAc,EAAA;YAAa,OAAA;UAAA;QAAA;MAAA;IAAA;EAAA;EAKnD,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,IAAA,EAAM,IAAA,CAAK,cAAA;EACX,MAAA,EAAQ,cAAA;EACR,KAAA;IACE,IAAA,EAAM,cAAA;EAAA;EAER,OAAA;IACE,QAAA,EAAU,cAAA;IACV,QAAA;MACE,IAAA,EAAM,cAAA;IAAA;EAAA;AAAA;AAAA,KAKP,kBAAA;EACH,MAAA,EAAQ,cAAA;EACR,QAAA,EAAU,cAAA;AAAA;AAAA,KAGP,YAAA;EACH,KAAA,EAAO,iBAAA;EACP,MAAA,EAAQ,kBAAA;AAAA;AAAA,KAGL,aAAA;EACH,KAAA,EAAO,IAAA,CAAK,cAAA;AAAA;;;;AAtG2B;;;;;;;;;;;;KAwH7B,OAAA,wBACa,uBAAA,4BACrB,WAAA,CAAY,cAAA;EACd,GAAA,EAAK,YAAA;EACL,IAAA,EAAM,aAAA;AAAA;;AA/GA;;;;;;;;;;;;;;KAiII,gBAAA,WACA,kBAAA,2BACa,uBAAA,4BAEvB,MAAA,CAAO,CAAA,iBACH,OAAA,CAAQ,cAAA,IACR,WAAA,CAAY,cAAA;;;;;;;;;;;;;;;;;;KAmBN,cAAA,MACV,CAAA,SAAU,gBAAA,YACN,WAAA,CACE,kBAAA,CAAmB,CAAA,GACnB,eAAA,CAAgB,CAAA,GAChB,iBAAA,CAAkB,CAAA,KAEpB,WAAA;AAAA,iBAmFU,UAAA,WACJ,kBAAA,2BACa,uBAAA,yBAAA,CAEvB,SAAA,EAAW,gBAAA,eACX,MAAA,EAAQ,IAAA,CAAK,UAAA;EACX,SAAA,EAAW,CAAA;EACX,aAAA,GAAgB,cAAA;AAAA,IAEjB,gBAAA,CAAiB,CAAA,EAAG,cAAA;;;;AAnP0C;;;;;AAGd;;;;;;;;;;KAucvC,iBAAA,kBACO,MAAA,oBAA0B,MAAA;EA9anB;;;;EAobxB,QAAA;EAhagB;;;;;;EAuahB,OAAA,IACE,GAAA,OACA,IAAA,EAAM,OAAA,EACN,IAAA,EAAM,WAAA,KACH,OAAA,CAAQ,QAAA,IAAY,QAAA;EAlajB;;;;;;;;;;;;;;;;;;;;;;;;EA2bR,WAAA,IACE,GAAA,OACA,QAAA,QAAgB,OAAA,CAAQ,WAAA,aACrB,OAAA,CAAQ,WAAA,uBAAkC,WAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;KAkHrC,SAAA;EACE,KAAA,MAAW,IAAA,YAAgB,OAAA;IAAU,GAAA;MAAO,IAAA;IAAA;EAAA;AAAA,KACtD,OAAA,CAAQ,UAAA,CAAW,CAAA"}

package/dist/server/auth.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"auth.js","names":["getResolvedAuthContext","AuthFactory","config"],"sources":["../../src/server/auth.ts"],"sourcesContent":["/**\n * Auth configuration helpers for Convex Auth.\n *\n * @module\n */\n\nimport { Cv } from \"@robelest/fx/convex\";\nimport type { UserIdentity } from \"convex/server\";\nimport type { GenericId } from \"convex/values\";\n\nimport type { AuthApiRefs } from \"../client/index\";\nimport {\n createUnauthenticatedAuthContext,\n getAuthContext as getResolvedAuthContext,\n} from \"./context\";\nimport { Auth as AuthFactory } from \"./runtime\";\nimport type { Doc } from \"./types\";\nimport type {\n AuthAuthorizationConfig,\n AuthGrant,\n AuthProviderConfig,\n AuthRoleDefinition,\n AuthRoleId,\n ConvexAuthConfig,\n HasDeviceProvider,\n HasPasskeyProvider,\n HasSSO,\n HasTotpProvider,\n} from \"./types\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Config for auth setup. Extends the standard auth config\n * minus `component` (which is passed as the first constructor argument).\n */\nexport type AuthConfig = Omit<ConvexAuthConfig, \"component\">;\n\n/** Canonical user document type exposed by Convex Auth. */\nexport type UserDoc = Doc<\"User\">;\n\ntype MemberApiWithAuthorization<\n TAuthorization extends AuthAuthorizationConfig | undefined,\n> = Omit<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"],\n \"create\" | \"list\" | \"update\" | \"inspect\" | \"require\"\n> & {\n create: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"create\"]\n >[0],\n data: {\n groupId: string;\n userId: string;\n roleIds?: AuthRoleId<TAuthorization>[];\n status?: string;\n extend?: Record<string, unknown>;\n },\n ) => Promise<{ memberId: string }>;\n list: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]\n >[0],\n opts?: {\n where?: {\n groupId?: string;\n userId?: string;\n roleId?: AuthRoleId<TAuthorization>;\n status?: string;\n };\n limit?: number;\n cursor?: string | null;\n orderBy?: \"_creationTime\" | \"status\";\n order?: \"asc\" | \"desc\";\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"list\"]>;\n update: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"update\"]\n >[0],\n memberId: string,\n data: Record<string, unknown> & { roleIds?: AuthRoleId<TAuthorization>[] },\n ) => Promise<{ memberId: string }>;\n inspect: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"inspect\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n ancestry?: boolean;\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"inspect\"]>;\n require: (\n ctx: Parameters<\n ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"require\"]\n >[0],\n opts: {\n userId: string;\n groupId: string;\n ancestry?: boolean;\n roleIds?: AuthRoleId<TAuthorization>[];\n grants?: AuthGrant<TAuthorization>[];\n maxDepth?: number;\n },\n ) => ReturnType<ReturnType<typeof AuthFactory>[\"auth\"][\"member\"][\"require\"]>;\n};\n\n/**\n * The base auth API surface returned by {@link createAuth}.\n *\n * Provides core namespaces — `signIn`, `signOut`, `user`, `session`,\n * `member`, `invite`, `group`, `key`, and `http` — that are\n * always available regardless of which providers are configured.\n * Enterprise namespaces (`sso`, `scim`) are added conditionally by\n * {@link AuthApi} when an SSO provider is present.\n *\n * Use this type when you want to describe code that only depends on the\n * standard auth surface and should not assume enterprise features exist.\n *\n * @typeParam TAuthorization - The authorization config, used to narrow\n * role IDs and grant strings on the `member` API.\n */\nexport type AuthApiBase<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = {\n signIn: ReturnType<typeof AuthFactory>[\"signIn\"];\n signOut: ReturnType<typeof AuthFactory>[\"signOut\"];\n store: ReturnType<typeof AuthFactory>[\"store\"];\n user: ReturnType<typeof AuthFactory>[\"auth\"][\"user\"];\n session: ReturnType<typeof AuthFactory>[\"auth\"][\"session\"];\n provider: ReturnType<typeof AuthFactory>[\"auth\"][\"provider\"];\n account: ReturnType<typeof AuthFactory>[\"auth\"][\"account\"];\n group: ReturnType<typeof AuthFactory>[\"auth\"][\"group\"];\n member: MemberApiWithAuthorization<TAuthorization>;\n invite: ReturnType<typeof AuthFactory>[\"auth\"][\"invite\"];\n key: ReturnType<typeof AuthFactory>[\"auth\"][\"key\"];\n http: ReturnType<typeof AuthFactory>[\"auth\"][\"http\"];\n /**\n * Resolve the current request's auth context. Framework-agnostic — use\n * this in fluent-convex middleware, custom wrappers, or anywhere you\n * need the current `{ userId, user, groupId, role, grants }` object.\n *\n * Throws a structured `ConvexError` when unauthenticated by default.\n * Pass `{ optional: true }` to get a null-shaped auth object instead.\n *\n * @param ctx - Convex query, mutation, or action context.\n * @param config - Optional auth resolution config. Supports `optional`,\n * `resolve`, and `authResolve`.\n * @returns The current auth context.\n *\n * @example fluent-convex middleware\n * ```ts\n * const withAuth = convex.createMiddleware(async (ctx, next) => {\n * return next({ ...ctx, auth: await auth.context(ctx) });\n * });\n * ```\n *\n * @example Direct usage in a handler\n * ```ts\n * const authContext = await auth.context(ctx);\n * const { userId, grants } = authContext;\n * ```\n *\n * @example Optional usage\n * ```ts\n * const authContext = await auth.context(ctx, { optional: true });\n * if (authContext.userId === null) {\n * return null;\n * }\n * ```\n */\n context: AuthContextResolver;\n /**\n * Context enrichment for convex-helpers `customQuery` / `customMutation` /\n * `customAction`.\n *\n * Resolves the current user's identity, active group, membership role,\n * and grants, then attaches them to `ctx.auth`. Returns a `Customization`\n * object compatible with convex-helpers' custom function builders.\n *\n * `ctx.auth` is the current request auth context.\n * By default this throws when unauthenticated so handlers can assume\n * `ctx.auth.userId` and `ctx.auth.user` exist.\n *\n * @returns A convex-helpers `Customization` object.\n *\n * @example One-time setup in `convex/functions.ts`\n * ```ts\n * import { query, mutation, action } from \"./_generated/server\";\n * import { customQuery, customMutation, customAction } from \"convex-helpers/server/customFunctions\";\n * import { auth } from \"./auth\";\n *\n * export const authQuery = customQuery(query, auth.ctx());\n * export const authMutation = customMutation(mutation, auth.ctx());\n * export const authAction = customAction(action, auth.ctx());\n * ```\n *\n * @example Per-function usage\n * ```ts\n * import { authQuery } from \"./functions\";\n *\n * export const list = authQuery({\n * args: { workspaceId: v.string() },\n * handler: async (ctx, args) => {\n * const { userId, groupId, grants } = ctx.auth;\n * // business logic\n * },\n * });\n * ```\n */\n ctx: AuthContextFactory;\n};\n\n/**\n * Current request auth context injected into `ctx.auth` by `auth.ctx()`. This\n * is the authenticated auth shape returned by {@link createAuth().context}.\n * Optional context builders may still surface nullable fields when\n * `optional: true` is used.\n *\n * - `groupId` is `null` when the user has no active group set.\n * - `role` is `null` when no active group or no membership is resolved.\n * - `grants` is `[]` when no active group or no membership is resolved.\n *\n * @example\n * ```ts\n * import type { AuthContext } from \"@robelest/convex-auth/server\";\n *\n * const mockAuth: AuthContext = {\n * userId: \"user123\" as Id<\"User\">,\n * user: { _id: \"user123\", email: \"test@example.com\" },\n * groupId: \"group456\",\n * role: \"admin\",\n * grants: [\"read\", \"write\"],\n * };\n * ```\n */\nexport type AuthContext = {\n /** The authenticated user's document ID. */\n userId: GenericId<\"User\">;\n /** The authenticated user's full document. */\n user: UserDoc;\n /** The user's active group ID, or `null` if none set. */\n groupId: string | null;\n /** The user's primary role in the active group, or `null`. */\n role: string | null;\n /** Resolved grant strings from the user's role definitions. */\n grants: string[];\n};\n\n/**\n * Nullable auth context returned by `auth.context(ctx, { optional: true })`\n * and injected by `auth.ctx({ optional: true })`.\n *\n * Use this when callers may be unauthenticated but you still want a stable\n * auth-shaped object.\n *\n * - `userId` and `user` are `null` when unauthenticated.\n * - `groupId` and `role` are `null` when no active group is resolved.\n * - `grants` is `[]` when no membership is resolved.\n *\n * @example\n * ```ts\n * const authContext = await auth.context(ctx, { optional: true });\n * if (authContext.userId === null) {\n * return null;\n * }\n * ```\n */\nexport type OptionalAuthContext = {\n /** The authenticated user's document ID, or `null` when unauthenticated. */\n userId: GenericId<\"User\"> | null;\n /** The authenticated user's full document, or `null` when unauthenticated. */\n user: UserDoc | null;\n /** The user's active group ID, or `null` if none is set. */\n groupId: string | null;\n /** The user's primary role in the active group, or `null`. */\n role: string | null;\n /** Resolved grant strings for the active membership, or `[]`. */\n grants: string[];\n};\n\ntype AuthContextBase = {\n getUserIdentity: () => Promise<UserIdentity | null>;\n};\n\ntype RequiredAuthContextState = AuthContextBase & AuthContext;\n\ntype OptionalAuthContextState = AuthContextBase & OptionalAuthContext;\n\ntype ResolvedAuthContext<TResolve> = AuthContext & TResolve;\n\ntype ResolvedOptionalAuthContext<TResolve> = OptionalAuthContext & TResolve;\n\ntype AuthContextResolver = {\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n ctx: any,\n config: AuthContextConfig<TResolve> & { optional: true },\n ): Promise<ResolvedOptionalAuthContext<TResolve>>;\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n ctx: any,\n config?: AuthContextConfig<TResolve>,\n ): Promise<ResolvedAuthContext<TResolve>>;\n};\n\ntype AuthContextCustomization<TAuth> = {\n args: {};\n input: (\n ctx: any,\n _args: any,\n _extra?: any,\n ) => Promise<{\n ctx: {\n auth: TAuth;\n };\n args: {};\n }>;\n};\n\ntype AuthContextFactory = {\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n config: AuthContextConfig<TResolve> & { optional: true },\n ): AuthContextCustomization<OptionalAuthContextState & TResolve>;\n <TResolve extends Record<string, unknown> = Record<string, never>>(\n config?: AuthContextConfig<TResolve>,\n ): AuthContextCustomization<RequiredAuthContextState & TResolve>;\n};\n\ntype InternalSsoApi = ReturnType<typeof AuthFactory>[\"auth\"][\"sso\"];\n\ntype PublicSsoAdminApi = {\n connection: InternalSsoApi[\"connection\"] & {\n domain: {\n list: InternalSsoApi[\"domain\"][\"list\"];\n validate: InternalSsoApi[\"domain\"][\"validate\"];\n set: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n enterpriseId: string,\n domains: Array<{\n domain: string;\n isPrimary?: boolean;\n }>,\n ) => Promise<{\n enterpriseId: string;\n domains: Array<{\n domainId: string;\n domain: string;\n isPrimary: boolean;\n verified: boolean;\n verifiedAt: number | null;\n }>;\n }>;\n verification: {\n request: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n enterpriseId: string;\n domain: string;\n requestedAt: number;\n expiresAt: number;\n challenge: {\n recordType: \"TXT\";\n recordName: string;\n recordValue: string;\n };\n }>;\n confirm: (\n ctx: Parameters<InternalSsoApi[\"connection\"][\"create\"]>[0],\n args: { enterpriseId: string; domain: string },\n ) => Promise<{\n enterpriseId: string;\n domain: string;\n verifiedAt?: number;\n checks: Array<{ name: string; ok: boolean; message?: string }>;\n }>;\n };\n };\n };\n oidc: Omit<InternalSsoApi[\"oidc\"], \"signIn\">;\n saml: Omit<InternalSsoApi[\"saml\"], \"metadata\">;\n policy: InternalSsoApi[\"policy\"];\n audit: {\n list: InternalSsoApi[\"audit\"][\"list\"];\n };\n webhook: {\n endpoint: InternalSsoApi[\"webhook\"][\"endpoint\"];\n delivery: {\n list: InternalSsoApi[\"webhook\"][\"delivery\"][\"list\"];\n };\n };\n};\n\ntype PublicSsoClientApi = {\n signIn: InternalSsoApi[\"oidc\"][\"signIn\"];\n metadata: InternalSsoApi[\"saml\"][\"metadata\"];\n};\n\ntype PublicSsoApi = {\n admin: PublicSsoAdminApi;\n client: PublicSsoClientApi;\n};\n\ntype PublicScimApi = {\n admin: Omit<InternalSsoApi[\"scim\"], \"getConfigByToken\" | \"identity\">;\n};\n\n/**\n * Extended auth API that includes enterprise SSO and SCIM namespaces.\n *\n * This type is the union of {@link AuthApiBase} plus `sso` (SSO connection\n * management, OIDC/SAML, domain verification, policies, audit, webhooks)\n * and `scim` (SCIM provisioning configuration). It is returned by\n * {@link createAuth} only when `new SSO()` is included in the providers\n * array; otherwise the narrower {@link AuthApiBase} is returned instead.\n * Attempting to access `auth.sso` or `auth.scim` without an SSO provider\n * produces a compile-time error because the return type narrows back to\n * {@link AuthApiBase}.\n *\n * @typeParam TAuthorization - The authorization config, forwarded to\n * {@link AuthApiBase} for typed role IDs and grant strings.\n */\nexport type AuthApi<\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> = AuthApiBase<TAuthorization> & {\n sso: PublicSsoApi;\n scim: PublicScimApi;\n};\n\n/**\n * The return type of {@link createAuth}.\n *\n * Resolves to {@link AuthApi} (with `sso` and `scim` namespaces) when\n * `new SSO()` is present in the providers array, or to the narrower\n * {@link AuthApiBase} otherwise. This conditional type ensures that\n * enterprise-only APIs are only accessible when the SSO provider is\n * configured, producing a compile-time error if you try to access\n * `auth.sso` without it.\n * This lets application code keep a single `createAuth()` call while still\n * getting provider-aware typing on the resulting API object.\n *\n * @typeParam P - The tuple of provider configs passed to `createAuth`.\n * @typeParam TAuthorization - Optional authorization config for typed roles/grants.\n */\nexport type ConvexAuthResult<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n> =\n HasSSO<P> extends true\n ? AuthApi<TAuthorization>\n : AuthApiBase<TAuthorization>;\n\n/**\n * Infer the typed `AuthApiRefs` for the client SDK from a `createAuth` call.\n *\n * Use this as the generic parameter for `client()` on the frontend:\n *\n * ```ts\n * // convex/auth.ts\n * export const auth = createAuth(components.auth, { providers: [...] });\n *\n * // Frontend\n * import type { auth } from \"../convex/auth\";\n * import type { InferClientApi } from \"@robelest/convex-auth/server\";\n * const c = client<InferClientApi<typeof auth>>({ convex, api: api.auth });\n * ```\n *\n * @typeParam T - A ConvexAuthResult to extract the client API from.\n */\nexport type InferClientApi<T> =\n T extends ConvexAuthResult<infer P>\n ? AuthApiRefs<\n HasPasskeyProvider<P>,\n HasTotpProvider<P>,\n HasDeviceProvider<P>\n >\n : AuthApiRefs;\n\n/** @internal */\nexport type AuthLike = Pick<AuthApiBase, \"user\" | \"member\">;\n\n// ============================================================================\n// Auth setup APIs\n// ============================================================================\n\n/**\n * Create an auth API object.\n *\n * When `new SSO()` is included in providers, `auth.sso` and `auth.scim`\n * are available on the returned object. Without it, those namespaces are\n * absent and accessing them is a TypeScript compile error.\n *\n * @param component - The installed auth component reference from\n * `components.auth` in your Convex app definition.\n * @param config - Auth configuration including `providers` and optional\n * `authorization`. All fields from {@link AuthConfig} are accepted\n * except `component` (passed as the first argument).\n * @returns A {@link ConvexAuthResult} object — either {@link AuthApi}\n * (with `sso`/`scim`) or {@link AuthApiBase}, depending on whether\n * an SSO provider is present.\n *\n * @example\n * ```ts\n * export const auth = createAuth(components.auth, {\n * providers: [password(), google()],\n * authorization: { roles },\n * });\n * ```\n *\n * @see {@link AuthContextConfig}\n */\n\n// ---------------------------------------------------------------------------\n// Function builders — shared auth resolution logic\n// ---------------------------------------------------------------------------\n\nasync function resolveConfiguredAuthContext(\n auth: AuthLike,\n ctx: any,\n config?: AuthContextConfig<any>,\n): Promise<AuthContext | null> {\n const fallback = () => getResolvedAuthContext(auth, ctx);\n const authOverride = config?.authResolve\n ? await config.authResolve(ctx, fallback)\n : undefined;\n return authOverride === undefined ? await fallback() : authOverride;\n}\n\nfunction createNotSignedInError() {\n return Cv.error({\n code: \"NOT_SIGNED_IN\",\n message: \"Authentication required.\",\n });\n}\n\nasync function createPublicAuthContext(\n auth: AuthLike,\n ctx: any,\n config?: AuthContextConfig<any>,\n) {\n const resolved = await resolveConfiguredAuthContext(auth, ctx, config);\n\n if (resolved === null) {\n if (config?.optional !== true) {\n throw createNotSignedInError();\n }\n return createUnauthenticatedAuthContext();\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, resolved.user, resolved)\n : {};\n\n return {\n ...resolved,\n ...extra,\n };\n}\n\nexport function createAuth<\n P extends AuthProviderConfig[],\n TAuthorization extends AuthAuthorizationConfig | undefined = undefined,\n>(\n component: ConvexAuthConfig[\"component\"],\n config: Omit<AuthConfig, \"providers\" | \"authorization\"> & {\n providers: P;\n authorization?: TAuthorization;\n },\n): ConvexAuthResult<P, TAuthorization> {\n const authResult = AuthFactory({\n ...config,\n component,\n providers: [...config.providers],\n });\n const {\n domain: domainApi,\n scim: scimApi,\n connection: connectionApi,\n audit: auditApi,\n webhook: webhookApi,\n oidc: oidcApi,\n saml: samlApi,\n ...restSso\n } = authResult.auth.sso as InternalSsoApi;\n\n type SetEnterpriseDomains = PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"];\n type EnterpriseDomainInput = Array<{\n domain: string;\n isPrimary?: boolean;\n }>;\n const setEnterpriseDomains: PublicSsoAdminApi[\"connection\"][\"domain\"][\"set\"] =\n async (\n ctx: Parameters<SetEnterpriseDomains>[0],\n enterpriseId: Parameters<SetEnterpriseDomains>[1],\n domains: EnterpriseDomainInput,\n ) => {\n const enterprise = await connectionApi.get(ctx, enterpriseId);\n if (enterprise === null) {\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Enterprise not found.\",\n });\n }\n\n const normalized = domains.map((entry: (typeof domains)[number]) => ({\n ...entry,\n domain: entry.domain.trim().toLowerCase(),\n }));\n const deduped = new Map<string, (typeof normalized)[number]>();\n for (const entry of normalized) {\n if (entry.domain.length === 0) {\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Domain must not be empty.\",\n });\n }\n if (deduped.has(entry.domain)) {\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: `Duplicate domain: ${entry.domain}`,\n });\n }\n deduped.set(entry.domain, entry);\n }\n\n const nextDomains = [...deduped.values()];\n const primaryCount = nextDomains.filter(\n (entry) => entry.isPrimary,\n ).length;\n if (primaryCount > 1) {\n throw Cv.error({\n code: \"INVALID_PARAMETERS\",\n message: \"Only one primary domain may be set.\",\n });\n }\n if (nextDomains.length > 0 && primaryCount === 0) {\n nextDomains[0] = { ...nextDomains[0], isPrimary: true };\n }\n\n const currentDomains = await domainApi.list(ctx, enterpriseId);\n const currentByDomain = new Map<string, (typeof currentDomains)[number]>(\n currentDomains.map((entry: (typeof currentDomains)[number]) => [\n entry.domain.toLowerCase(),\n entry,\n ]),\n );\n\n for (const existing of currentDomains) {\n if (!deduped.has(existing.domain.toLowerCase())) {\n await domainApi.remove(ctx, existing._id);\n }\n }\n\n for (const nextDomain of nextDomains) {\n const current = currentByDomain.get(nextDomain.domain);\n if (current && current.isPrimary === Boolean(nextDomain.isPrimary)) {\n continue;\n }\n if (current) {\n await domainApi.remove(ctx, current._id);\n }\n const domainId = await domainApi.add(ctx, {\n enterpriseId: enterprise._id,\n groupId: enterprise.groupId,\n domain: nextDomain.domain,\n isPrimary: nextDomain.isPrimary,\n });\n if (current?.verifiedAt !== undefined) {\n await (ctx as any).runMutation(\n component.public.enterpriseDomainVerify,\n {\n domainId,\n verifiedAt: current.verifiedAt,\n },\n );\n }\n }\n\n const updatedDomains = await domainApi.list(ctx, enterpriseId);\n return {\n enterpriseId,\n domains: updatedDomains.map(\n (domain: (typeof updatedDomains)[number]) => ({\n domainId: domain._id,\n domain: domain.domain,\n isPrimary: domain.isPrimary,\n verified: domain.verifiedAt !== undefined,\n verifiedAt: domain.verifiedAt ?? null,\n }),\n ),\n };\n };\n\n const publicSso: PublicSsoApi = {\n admin: {\n ...restSso,\n oidc: {\n ...oidcApi,\n },\n saml: {\n ...samlApi,\n },\n connection: {\n ...connectionApi,\n domain: {\n list: domainApi.list,\n validate: domainApi.validate,\n set: setEnterpriseDomains,\n verification: {\n request: domainApi.verification.request,\n confirm: domainApi.verification.confirm,\n },\n },\n },\n policy: restSso.policy,\n audit: {\n list: auditApi.list,\n },\n webhook: {\n endpoint: webhookApi.endpoint,\n delivery: {\n list: webhookApi.delivery.list,\n },\n },\n },\n client: {\n signIn: oidcApi.signIn,\n metadata: samlApi.metadata,\n },\n };\n\n return {\n signIn: authResult.signIn,\n signOut: authResult.signOut,\n store: authResult.store,\n user: authResult.auth.user,\n session: authResult.auth.session,\n provider: authResult.auth.provider,\n account: authResult.auth.account,\n group: authResult.auth.group,\n member: authResult.auth.member,\n invite: authResult.auth.invite,\n key: authResult.auth.key,\n sso: publicSso,\n scim: {\n admin: {\n configure: scimApi.configure,\n get: scimApi.get,\n validate: scimApi.validate,\n },\n },\n http: authResult.auth.http,\n\n context: ((ctx: any, config?: AuthContextConfig<any>) =>\n createPublicAuthContext(authResult.auth, ctx, config)) as AuthContextResolver,\n\n ctx: ((config?: AuthContextConfig<any>) =>\n createAuthContextCustomization(authResult.auth, config)) as AuthContextFactory,\n } as unknown as ConvexAuthResult<P, TAuthorization>;\n}\n\n// ============================================================================\n// auth.ctx() — ctx enrichment for customQuery / customMutation\n// ============================================================================\n\n/**\n * Configuration for {@link createAuth().ctx} context enrichment.\n *\n * The same config shape is also used by {@link createAuth().context}.\n *\n * @typeParam TResolve - Extra fields returned from `resolve()` and merged into\n * the resulting `ctx.auth` object.\n *\n * @example\n * ```ts\n * const authContext = await auth.context(ctx, {\n * resolve: async (_ctx, user, authState) => ({\n * email: user.email,\n * canWrite: authState.grants.includes(\"posts.write\"),\n * }),\n * });\n * ```\n */\nexport type AuthContextConfig<\n TResolve extends Record<string, unknown> = Record<string, never>,\n> = {\n /**\n * Allow unauthenticated callers and return a null-shaped auth object instead\n * of throwing `NOT_SIGNED_IN`.\n */\n optional?: boolean;\n /**\n * Attach additional derived fields to the auth context after the base auth\n * context is resolved.\n *\n * This callback runs only when a user is authenticated.\n */\n resolve?: (\n ctx: any,\n user: UserDoc,\n auth: AuthContext,\n ) => Promise<TResolve> | TResolve;\n /**\n * Override or wrap the base auth resolution used by {@link createAuth().ctx}.\n *\n * Return `undefined` to fall back to the built-in resolver,\n * `null` for an explicit unauthenticated state, or an\n * {@link AuthContext} object to provide a pre-resolved auth state.\n * This is useful for tests, proxy auth, impersonation flows, or any\n * environment that needs to inject auth without depending on the standard\n * Convex auth tables.\n *\n * @param ctx - The Convex function context.\n * @param fallback - The built-in auth resolver used by {@link createAuth().ctx}.\n * @returns Resolved auth state, `null`, or `undefined` to use the fallback.\n *\n * @example\n * ```ts\n * const authCtx = auth.ctx({\n * authResolve: async (ctx, fallback) => {\n * const injected = getInjectedAuth(ctx);\n * return injected ?? (await fallback());\n * },\n * });\n * ```\n */\n authResolve?: (\n ctx: any,\n fallback: () => Promise<AuthContext | null>,\n ) => Promise<AuthContext | null | undefined> | AuthContext | null | undefined;\n};\n\n/**\n * Create a context enrichment for `customQuery` / `customMutation` — optional auth.\n *\n * When `optional: true` is set, unauthenticated requests are allowed.\n * The enriched `ctx.auth` will have `userId: null`, `user: null`,\n * `groupId: null`, `role: null`, and `grants: []` for unauthenticated callers.\n *\n * @param config - Configuration with `optional: true` and an optional\n * `resolve` callback for attaching extra fields to the auth context.\n * @returns An object with `args` and `input` compatible with Convex\n * custom function builders.\n *\n * @example\n * ```ts\n * const authCtx = auth.ctx({\n * optional: true,\n * resolve: async (_ctx, user) => ({ plan: user.extend?.plan ?? null }),\n * });\n * ```\n *\n * @see {@link createAuth}\n */\n\n/**\n * Create a context enrichment for `customQuery` / `customMutation` — required auth (default).\n *\n * When `optional` is omitted or `false`, unauthenticated requests throw a\n * structured `ConvexError` before your handler runs.\n *\n * @param config - Optional configuration with a `resolve` callback\n * for attaching extra fields to the auth context.\n * @returns An object with `args` and `input` compatible with Convex\n * custom function builders.\n *\n * @example\n * ```ts\n * const authCtx = auth.ctx({\n * resolve: async (_ctx, user) => ({ email: user.email }),\n * });\n * ```\n *\n * @see {@link createAuth}\n */\nfunction createAuthContextCustomization(\n auth: AuthLike,\n config?: AuthContextConfig<any>,\n) {\n return {\n args: {},\n input: async (ctx: any, _args: any, _extra?: any) => {\n const nativeAuth = ctx.auth;\n const getUserIdentity = nativeAuth.getUserIdentity.bind(nativeAuth);\n const resolved = await resolveConfiguredAuthContext(auth, ctx, config);\n\n if (resolved === null) {\n if (config?.optional !== true) {\n throw createNotSignedInError();\n }\n return {\n ctx: {\n auth: {\n getUserIdentity,\n ...createUnauthenticatedAuthContext(),\n },\n },\n args: {},\n };\n }\n\n const extra = config?.resolve\n ? await config.resolve(ctx, resolved.user, resolved)\n : {};\n\n return {\n ctx: {\n auth: {\n getUserIdentity,\n ...resolved,\n ...extra,\n },\n },\n args: {},\n };\n },\n };\n}\n\n/**\n * Extract the resolved `auth` context type from an `auth.ctx()` customization.\n *\n * Use this to type function parameters or variables that receive the\n * enriched auth context produced by `auth.ctx()`. The inferred type includes\n * `userId`, `user`, `groupId`, `role`, `grants`, `getUserIdentity`, and any\n * additional fields added by the `resolve` callback. This is the generic\n * utility for reusing the enriched auth shape without manually duplicating\n * conditional auth types.\n *\n * @typeParam T - An `auth.ctx()` return value (must have an `input` method\n * that returns `{ ctx: { auth: ... } }`).\n *\n * @example\n * ```ts\n * const authCtx = auth.ctx({\n * resolve: async (ctx, user) => ({ orgId: user.orgId }),\n * });\n * type Auth = InferAuth<typeof authCtx>;\n * // Auth = { userId: Id<\"User\">; user: UserDoc; getUserIdentity: ...; orgId: string }\n * ```\n *\n * @see {@link createAuth}\n */\nexport type InferAuth<\n T extends { input: (...args: any[]) => Promise<{ ctx: { auth: any } }> },\n> = Awaited<ReturnType<T[\"input\"]>>[\"ctx\"][\"auth\"];\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAugBA,eAAe,6BACb,MACA,KACA,QAC6B;CAC7B,MAAM,iBAAiBA,eAAuB,MAAM,IAAI;CACxD,MAAM,eAAe,QAAQ,cACzB,MAAM,OAAO,YAAY,KAAK,SAAS,GACvC;AACJ,QAAO,iBAAiB,SAAY,MAAM,UAAU,GAAG;;AAGzD,SAAS,yBAAyB;AAChC,QAAO,GAAG,MAAM;EACd,MAAM;EACN,SAAS;EACV,CAAC;;AAGJ,eAAe,wBACb,MACA,KACA,QACA;CACA,MAAM,WAAW,MAAM,6BAA6B,MAAM,KAAK,OAAO;AAEtE,KAAI,aAAa,MAAM;AACrB,MAAI,QAAQ,aAAa,KACvB,OAAM,wBAAwB;AAEhC,SAAO,kCAAkC;;CAG3C,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,SAAS,MAAM,SAAS,GAClD,EAAE;AAEN,QAAO;EACL,GAAG;EACH,GAAG;EACJ;;AAGH,SAAgB,WAId,WACA,QAIqC;CACrC,MAAM,aAAaC,KAAY;EAC7B,GAAG;EACH;EACA,WAAW,CAAC,GAAG,OAAO,UAAU;EACjC,CAAC;CACF,MAAM,EACJ,QAAQ,WACR,MAAM,SACN,YAAY,eACZ,OAAO,UACP,SAAS,YACT,MAAM,SACN,MAAM,SACN,GAAG,YACD,WAAW,KAAK;CAOpB,MAAM,uBACJ,OACE,KACA,cACA,YACG;EACH,MAAM,aAAa,MAAM,cAAc,IAAI,KAAK,aAAa;AAC7D,MAAI,eAAe,KACjB,OAAM,GAAG,MAAM;GACb,MAAM;GACN,SAAS;GACV,CAAC;EAGJ,MAAM,aAAa,QAAQ,KAAK,WAAqC;GACnE,GAAG;GACH,QAAQ,MAAM,OAAO,MAAM,CAAC,aAAa;GAC1C,EAAE;EACH,MAAM,0BAAU,IAAI,KAA0C;AAC9D,OAAK,MAAM,SAAS,YAAY;AAC9B,OAAI,MAAM,OAAO,WAAW,EAC1B,OAAM,GAAG,MAAM;IACb,MAAM;IACN,SAAS;IACV,CAAC;AAEJ,OAAI,QAAQ,IAAI,MAAM,OAAO,CAC3B,OAAM,GAAG,MAAM;IACb,MAAM;IACN,SAAS,qBAAqB,MAAM;IACrC,CAAC;AAEJ,WAAQ,IAAI,MAAM,QAAQ,MAAM;;EAGlC,MAAM,cAAc,CAAC,GAAG,QAAQ,QAAQ,CAAC;EACzC,MAAM,eAAe,YAAY,QAC9B,UAAU,MAAM,UAClB,CAAC;AACF,MAAI,eAAe,EACjB,OAAM,GAAG,MAAM;GACb,MAAM;GACN,SAAS;GACV,CAAC;AAEJ,MAAI,YAAY,SAAS,KAAK,iBAAiB,EAC7C,aAAY,KAAK;GAAE,GAAG,YAAY;GAAI,WAAW;GAAM;EAGzD,MAAM,iBAAiB,MAAM,UAAU,KAAK,KAAK,aAAa;EAC9D,MAAM,kBAAkB,IAAI,IAC1B,eAAe,KAAK,UAA2C,CAC7D,MAAM,OAAO,aAAa,EAC1B,MACD,CAAC,CACH;AAED,OAAK,MAAM,YAAY,eACrB,KAAI,CAAC,QAAQ,IAAI,SAAS,OAAO,aAAa,CAAC,CAC7C,OAAM,UAAU,OAAO,KAAK,SAAS,IAAI;AAI7C,OAAK,MAAM,cAAc,aAAa;GACpC,MAAM,UAAU,gBAAgB,IAAI,WAAW,OAAO;AACtD,OAAI,WAAW,QAAQ,cAAc,QAAQ,WAAW,UAAU,CAChE;AAEF,OAAI,QACF,OAAM,UAAU,OAAO,KAAK,QAAQ,IAAI;GAE1C,MAAM,WAAW,MAAM,UAAU,IAAI,KAAK;IACxC,cAAc,WAAW;IACzB,SAAS,WAAW;IACpB,QAAQ,WAAW;IACnB,WAAW,WAAW;IACvB,CAAC;AACF,OAAI,SAAS,eAAe,OAC1B,OAAO,IAAY,YACjB,UAAU,OAAO,wBACjB;IACE;IACA,YAAY,QAAQ;IACrB,CACF;;AAKL,SAAO;GACL;GACA,UAHqB,MAAM,UAAU,KAAK,KAAK,aAAa,EAGpC,KACrB,YAA6C;IAC5C,UAAU,OAAO;IACjB,QAAQ,OAAO;IACf,WAAW,OAAO;IAClB,UAAU,OAAO,eAAe;IAChC,YAAY,OAAO,cAAc;IAClC,EACF;GACF;;CAGL,MAAM,YAA0B;EAC9B,OAAO;GACL,GAAG;GACH,MAAM,EACJ,GAAG,SACJ;GACD,MAAM,EACJ,GAAG,SACJ;GACD,YAAY;IACV,GAAG;IACH,QAAQ;KACN,MAAM,UAAU;KAChB,UAAU,UAAU;KACpB,KAAK;KACL,cAAc;MACZ,SAAS,UAAU,aAAa;MAChC,SAAS,UAAU,aAAa;MACjC;KACF;IACF;GACD,QAAQ,QAAQ;GAChB,OAAO,EACL,MAAM,SAAS,MAChB;GACD,SAAS;IACP,UAAU,WAAW;IACrB,UAAU,EACR,MAAM,WAAW,SAAS,MAC3B;IACF;GACF;EACD,QAAQ;GACN,QAAQ,QAAQ;GAChB,UAAU,QAAQ;GACnB;EACF;AAED,QAAO;EACL,QAAQ,WAAW;EACnB,SAAS,WAAW;EACpB,OAAO,WAAW;EAClB,MAAM,WAAW,KAAK;EACtB,SAAS,WAAW,KAAK;EACzB,UAAU,WAAW,KAAK;EAC1B,SAAS,WAAW,KAAK;EACzB,OAAO,WAAW,KAAK;EACvB,QAAQ,WAAW,KAAK;EACxB,QAAQ,WAAW,KAAK;EACxB,KAAK,WAAW,KAAK;EACrB,KAAK;EACL,MAAM,EACJ,OAAO;GACL,WAAW,QAAQ;GACnB,KAAK,QAAQ;GACb,UAAU,QAAQ;GACnB,EACF;EACD,MAAM,WAAW,KAAK;EAEtB,WAAW,KAAU,aACnB,wBAAwB,WAAW,MAAM,KAAKC,SAAO;EAEvD,OAAO,aACL,+BAA+B,WAAW,MAAMA,SAAO;EAC1D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqHH,SAAS,+BACP,MACA,QACA;AACA,QAAO;EACL,MAAM,EAAE;EACR,OAAO,OAAO,KAAU,OAAY,WAAiB;GACnD,MAAM,aAAa,IAAI;GACvB,MAAM,kBAAkB,WAAW,gBAAgB,KAAK,WAAW;GACnE,MAAM,WAAW,MAAM,6BAA6B,MAAM,KAAK,OAAO;AAEtE,OAAI,aAAa,MAAM;AACrB,QAAI,QAAQ,aAAa,KACvB,OAAM,wBAAwB;AAEhC,WAAO;KACL,KAAK,EACH,MAAM;MACJ;MACA,GAAG,kCAAkC;MACtC,EACF;KACD,MAAM,EAAE;KACT;;GAGH,MAAM,QAAQ,QAAQ,UAClB,MAAM,OAAO,QAAQ,KAAK,SAAS,MAAM,SAAS,GAClD,EAAE;AAEN,UAAO;IACL,KAAK,EACH,MAAM;KACJ;KACA,GAAG;KACH,GAAG;KACJ,EACF;IACD,MAAM,EAAE;IACT;;EAEJ"}

package/dist/server/config.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export { };

package/dist/server/config.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"config.js","names":[],"sources":["../../src/server/config.ts"],"sourcesContent":["import {\n isOAuthProvider,\n type OAuthProviderInstance,\n} from \"../providers/oauth\";\nimport {\n AuthAuthorizationConfig,\n AuthProviderConfig,\n AuthProviderMaterializedConfig,\n ConvexAuthConfig,\n OAuthMaterializedConfig,\n} from \"./types\";\n\n// ============================================================================\n// Provider class detection\n// ============================================================================\n\n/** Check if something is a new-style class provider with `_toMaterialized()`. */\nfunction isClassProvider(\n provider: any,\n): provider is { _toMaterialized(): AuthProviderMaterializedConfig } {\n return (\n typeof provider === \"object\" &&\n provider !== null &&\n typeof provider._toMaterialized === \"function\"\n );\n}\n\n// ============================================================================\n// Public API\n// ============================================================================\n\n/**\n * Resolve raw provider configs into materialized form and apply defaults.\n *\n * @internal\n */\n/** @internal */\nexport function configDefaults(config_: ConvexAuthConfig) {\n const config = materializeAndDefaultProviders(config_);\n // Collect extra providers from credentials providers\n const extraProviders = config.providers\n .filter((p) => p.type === \"credentials\")\n .map((p) => p.extraProviders)\n .flat()\n .filter((p) => p !== undefined);\n return {\n ...config,\n authorization: normalizeAuthorizationConfig(config.authorization),\n extraProviders: materializeProviders(extraProviders),\n };\n}\n\n/**\n * Materialize a single provider config into its runtime form.\n *\n * @internal\n */\n/** @internal */\nexport function materializeProvider(provider: AuthProviderConfig) {\n const config = { providers: [provider], component: {} as any };\n materializeAndDefaultProviders(config);\n return config.providers[0] as AuthProviderMaterializedConfig;\n}\n\n/**\n * List available provider IDs for error messages.\n *\n * @internal\n */\n/** @internal */\nexport function listAvailableProviders(\n config: ReturnType<typeof configDefaults>,\n allowExtraProviders: boolean,\n) {\n const availableProviders = config.providers\n .concat(allowExtraProviders ? config.extraProviders : [])\n .map((provider) => `\\`${provider.id}\\``);\n return availableProviders.length > 0\n ? availableProviders.join(\", \")\n : \"no providers have been configured\";\n}\n\n// ============================================================================\n// Internal helpers\n// ============================================================================\n\nfunction materializeProviders(providers: AuthProviderConfig[]) {\n const config = { providers, component: {} as any };\n materializeAndDefaultProviders(config);\n return config.providers as AuthProviderMaterializedConfig[];\n}\n\ntype ProviderMaterializationDispatch =\n | { tag: \"oauth\"; raw: OAuthProviderInstance }\n | {\n tag: \"class\";\n raw: { _toMaterialized(): AuthProviderMaterializedConfig };\n }\n | { tag: \"factoryOrObject\"; raw: AuthProviderConfig };\n\ntype ProviderMaterializationHandlers<T> = {\n oauth: (\n dispatch: Extract<ProviderMaterializationDispatch, { tag: \"oauth\" }>,\n ) => T;\n class: (\n dispatch: Extract<ProviderMaterializationDispatch, { tag: \"class\" }>,\n ) => T;\n factoryOrObject: (\n dispatch: Extract<\n ProviderMaterializationDispatch,\n { tag: \"factoryOrObject\" }\n >,\n ) => T;\n};\n\nfunction decodeProviderMaterializationDispatch(\n raw: AuthProviderConfig,\n): ProviderMaterializationDispatch {\n if (isOAuthProvider(raw)) {\n return { tag: \"oauth\", raw };\n }\n if (isClassProvider(raw)) {\n return { tag: \"class\", raw };\n }\n return { tag: \"factoryOrObject\", raw };\n}\n\nfunction matchProviderMaterializationDispatch<T>(\n dispatch: ProviderMaterializationDispatch,\n handlers: ProviderMaterializationHandlers<T>,\n): T {\n return (\n handlers[dispatch.tag] as (dispatch: ProviderMaterializationDispatch) => T\n )(dispatch);\n}\n\nfunction materializeProviderConfig(raw: AuthProviderConfig) {\n const dispatch = decodeProviderMaterializationDispatch(raw);\n return matchProviderMaterializationDispatch(dispatch, {\n oauth: (d) => materializeOAuthProvider(d.raw),\n class: (d) => d.raw._toMaterialized(),\n factoryOrObject: (d) => {\n const resolved = typeof d.raw === \"function\" ? d.raw() : (d.raw as any);\n const merged = resolved.options\n ? { ...resolved, ...resolved.options }\n : resolved;\n return merged as AuthProviderMaterializedConfig;\n },\n });\n}\n\nfunction materializeAndDefaultProviders(config_: ConvexAuthConfig) {\n const allProviders: AuthProviderMaterializedConfig[] = [];\n\n for (const raw of config_.providers) {\n allProviders.push(materializeProviderConfig(raw));\n }\n\n const config = { ...config_, providers: allProviders };\n\n // Set phone provider API key from env\n config.providers.forEach((provider) => {\n if (provider.type === \"phone\") {\n const ID = provider.id.toUpperCase().replace(/-/g, \"_\");\n provider.apiKey ??= process.env[`AUTH_${ID}_KEY`];\n }\n });\n\n return config;\n}\n\nfunction normalizeAuthorizationConfig(\n authorization: ConvexAuthConfig[\"authorization\"],\n): AuthAuthorizationConfig {\n const roles = Object.fromEntries(\n Object.entries(authorization?.roles ?? {}).map(([roleId, role]) => [\n roleId,\n {\n ...(role.label ? { label: role.label } : {}),\n grants: Array.from(new Set(role.grants)).sort(),\n },\n ]),\n );\n return { roles };\n}\n\n/**\n * Materialize an Arctic-based `OAuthProviderInstance` into the runtime config.\n */\nfunction materializeOAuthProvider(\n instance: OAuthProviderInstance,\n): OAuthMaterializedConfig {\n return {\n id: instance.id,\n type: \"oauth\",\n provider: instance.provider,\n scopes: instance.scopes,\n profile: instance.profile,\n };\n}\n"],"mappings":";;;;AAiBA,SAAS,gBACP,UACmE;AACnE,QACE,OAAO,aAAa,YACpB,aAAa,QACb,OAAO,SAAS,oBAAoB;;;;;;;;AAcxC,SAAgB,eAAe,SAA2B;CACxD,MAAM,SAAS,+BAA+B,QAAQ;CAEtD,MAAM,iBAAiB,OAAO,UAC3B,QAAQ,MAAM,EAAE,SAAS,cAAc,CACvC,KAAK,MAAM,EAAE,eAAe,CAC5B,MAAM,CACN,QAAQ,MAAM,MAAM,OAAU;AACjC,QAAO;EACL,GAAG;EACH,eAAe,6BAA6B,OAAO,cAAc;EACjE,gBAAgB,qBAAqB,eAAe;EACrD;;;;;;;;AASH,SAAgB,oBAAoB,UAA8B;CAChE,MAAM,SAAS;EAAE,WAAW,CAAC,SAAS;EAAE,WAAW,EAAE;EAAS;AAC9D,gCAA+B,OAAO;AACtC,QAAO,OAAO,UAAU;;;;;;;;AAS1B,SAAgB,uBACd,QACA,qBACA;CACA,MAAM,qBAAqB,OAAO,UAC/B,OAAO,sBAAsB,OAAO,iBAAiB,EAAE,CAAC,CACxD,KAAK,aAAa,KAAK,SAAS,GAAG,IAAI;AAC1C,QAAO,mBAAmB,SAAS,IAC/B,mBAAmB,KAAK,KAAK,GAC7B;;AAON,SAAS,qBAAqB,WAAiC;CAC7D,MAAM,SAAS;EAAE;EAAW,WAAW,EAAE;EAAS;AAClD,gCAA+B,OAAO;AACtC,QAAO,OAAO;;AA0BhB,SAAS,sCACP,KACiC;AACjC,KAAI,gBAAgB,IAAI,CACtB,QAAO;EAAE,KAAK;EAAS;EAAK;AAE9B,KAAI,gBAAgB,IAAI,CACtB,QAAO;EAAE,KAAK;EAAS;EAAK;AAE9B,QAAO;EAAE,KAAK;EAAmB;EAAK;;AAGxC,SAAS,qCACP,UACA,UACG;AACH,QACE,SAAS,SAAS,KAClB,SAAS;;AAGb,SAAS,0BAA0B,KAAyB;AAE1D,QAAO,qCADU,sCAAsC,IAAI,EACL;EACpD,QAAQ,MAAM,yBAAyB,EAAE,IAAI;EAC7C,QAAQ,MAAM,EAAE,IAAI,iBAAiB;EACrC,kBAAkB,MAAM;GACtB,MAAM,WAAW,OAAO,EAAE,QAAQ,aAAa,EAAE,KAAK,GAAI,EAAE;AAI5D,UAHe,SAAS,UACpB;IAAE,GAAG;IAAU,GAAG,SAAS;IAAS,GACpC;;EAGP,CAAC;;AAGJ,SAAS,+BAA+B,SAA2B;CACjE,MAAM,eAAiD,EAAE;AAEzD,MAAK,MAAM,OAAO,QAAQ,UACxB,cAAa,KAAK,0BAA0B,IAAI,CAAC;CAGnD,MAAM,SAAS;EAAE,GAAG;EAAS,WAAW;EAAc;AAGtD,QAAO,UAAU,SAAS,aAAa;AACrC,MAAI,SAAS,SAAS,SAAS;GAC7B,MAAM,KAAK,SAAS,GAAG,aAAa,CAAC,QAAQ,MAAM,IAAI;AACvD,YAAS,WAAW,QAAQ,IAAI,QAAQ,GAAG;;GAE7C;AAEF,QAAO;;AAGT,SAAS,6BACP,eACyB;AAUzB,QAAO,EAAE,OATK,OAAO,YACnB,OAAO,QAAQ,eAAe,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,UAAU,CACjE,QACA;EACE,GAAI,KAAK,QAAQ,EAAE,OAAO,KAAK,OAAO,GAAG,EAAE;EAC3C,QAAQ,MAAM,KAAK,IAAI,IAAI,KAAK,OAAO,CAAC,CAAC,MAAM;EAChD,CACF,CAAC,CACH,EACe;;;;;AAMlB,SAAS,yBACP,UACyB;AACzB,QAAO;EACL,IAAI,SAAS;EACb,MAAM;EACN,UAAU,SAAS;EACnB,QAAQ,SAAS;EACjB,SAAS,SAAS;EACnB"}

package/dist/server/context.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export { };

package/dist/server/context.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"context.js","names":[],"sources":["../../src/server/context.ts"],"sourcesContent":["import type { UserIdentity } from \"convex/server\";\n\nimport { userIdFromIdentitySubject } from \"./identity\";\nimport type { AuthContext, AuthLike, OptionalAuthContext, UserDoc } from \"./auth\";\n\ntype AuthIdentityCtx = {\n auth: {\n getUserIdentity: () => Promise<UserIdentity | null>;\n };\n};\n\ntype AuthContextResolverLike = {\n user: {\n get: (ctx: any, userId: string) => Promise<UserDoc>;\n getActiveGroup: (\n ctx: any,\n args: { userId: string },\n ) => Promise<string | null>;\n };\n member: {\n inspect: (\n ctx: any,\n args: { userId: string; groupId: string },\n ) => Promise<{\n membership: unknown;\n roleIds: string[];\n grants: string[];\n }>;\n };\n};\n\n/** @internal */\nexport async function getSessionUserId(\n ctx: AuthIdentityCtx,\n): Promise<string | null> {\n const identity = await ctx.auth.getUserIdentity();\n if (identity === null) {\n return null;\n }\n return userIdFromIdentitySubject(identity.subject);\n}\n\n/** @internal */\nexport async function getAuthContextForUser(\n auth: AuthContextResolverLike,\n ctx: any,\n userId: string,\n): Promise<AuthContext> {\n const user = await auth.user.get(ctx, userId);\n const groupId = await auth.user.getActiveGroup(ctx, { userId });\n let role: string | null = null;\n let grants: string[] = [];\n if (groupId) {\n const resolved = await auth.member.inspect(ctx, { userId, groupId });\n if (resolved.membership) {\n role = resolved.roleIds[0] ?? null;\n grants = resolved.grants;\n }\n }\n return {\n userId: userId as AuthContext[\"userId\"],\n user,\n groupId,\n role,\n grants,\n };\n}\n\n/** @internal */\nexport async function getAuthContext(\n auth: AuthLike,\n ctx: AuthIdentityCtx & Record<string, unknown>,\n): Promise<AuthContext | null> {\n const userId = await getSessionUserId(ctx);\n if (userId === null) {\n return null;\n }\n return await getAuthContextForUser(auth, ctx, userId);\n}\n\n/** @internal */\nexport function createUnauthenticatedAuthContext(): OptionalAuthContext {\n return {\n userId: null,\n user: null,\n groupId: null,\n role: null,\n grants: [],\n };\n}\n"],"mappings":";;;;AAgCA,eAAsB,iBACpB,KACwB;CACxB,MAAM,WAAW,MAAM,IAAI,KAAK,iBAAiB;AACjD,KAAI,aAAa,KACf,QAAO;AAET,QAAO,0BAA0B,SAAS,QAAQ;;;AAIpD,eAAsB,sBACpB,MACA,KACA,QACsB;CACtB,MAAM,OAAO,MAAM,KAAK,KAAK,IAAI,KAAK,OAAO;CAC7C,MAAM,UAAU,MAAM,KAAK,KAAK,eAAe,KAAK,EAAE,QAAQ,CAAC;CAC/D,IAAI,OAAsB;CAC1B,IAAI,SAAmB,EAAE;AACzB,KAAI,SAAS;EACX,MAAM,WAAW,MAAM,KAAK,OAAO,QAAQ,KAAK;GAAE;GAAQ;GAAS,CAAC;AACpE,MAAI,SAAS,YAAY;AACvB,UAAO,SAAS,QAAQ,MAAM;AAC9B,YAAS,SAAS;;;AAGtB,QAAO;EACG;EACR;EACA;EACA;EACA;EACD;;;AAIH,eAAsB,eACpB,MACA,KAC6B;CAC7B,MAAM,SAAS,MAAM,iBAAiB,IAAI;AAC1C,KAAI,WAAW,KACb,QAAO;AAET,QAAO,MAAM,sBAAsB,MAAM,KAAK,OAAO;;;AAIvD,SAAgB,mCAAwD;AACtE,QAAO;EACL,QAAQ;EACR,MAAM;EACN,SAAS;EACT,MAAM;EACN,QAAQ,EAAE;EACX"}

package/dist/server/cookies.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export { };

package/dist/server/cookies.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"cookies.js","names":[],"sources":["../../src/server/cookies.ts"],"sourcesContent":["import { isLocalHost } from \"./utils\";\n\n/** @internal */\nexport const SHARED_COOKIE_OPTIONS = {\n httpOnly: true,\n sameSite: \"none\" as const,\n secure: true,\n path: \"/\",\n partitioned: true,\n};\n\nconst REDIRECT_MAX_AGE = 60 * 15; // 15 minutes in seconds\n/** @internal */\nexport function redirectToParamCookie(providerId: string, redirectTo: string) {\n return {\n name: redirectToParamCookieName(providerId),\n value: redirectTo,\n options: { ...SHARED_COOKIE_OPTIONS, maxAge: REDIRECT_MAX_AGE },\n };\n}\n\n/** @internal */\nexport function useRedirectToParam(\n providerId: string,\n cookies: Record<string, string | undefined>,\n) {\n const cookieName = redirectToParamCookieName(providerId);\n const redirectTo = cookies[cookieName];\n if (redirectTo === undefined) {\n return null;\n }\n\n // Clear the cookie\n const updatedCookie = {\n name: cookieName,\n value: \"\",\n options: { ...SHARED_COOKIE_OPTIONS, maxAge: 0 },\n };\n\n return { redirectTo, updatedCookie };\n}\n\nfunction redirectToParamCookieName(providerId: string) {\n return (\n (!isLocalHost(process.env.CONVEX_SITE_URL) ? \"__Host-\" : \"\") +\n providerId +\n \"RedirectTo\"\n );\n}\n"],"mappings":";;;;AAGA,MAAa,wBAAwB;CACnC,UAAU;CACV,UAAU;CACV,QAAQ;CACR,MAAM;CACN,aAAa;CACd;AAED,MAAM,mBAAmB;;AAEzB,SAAgB,sBAAsB,YAAoB,YAAoB;AAC5E,QAAO;EACL,MAAM,0BAA0B,WAAW;EAC3C,OAAO;EACP,SAAS;GAAE,GAAG;GAAuB,QAAQ;GAAkB;EAChE;;;AAIH,SAAgB,mBACd,YACA,SACA;CACA,MAAM,aAAa,0BAA0B,WAAW;CACxD,MAAM,aAAa,QAAQ;AAC3B,KAAI,eAAe,OACjB,QAAO;AAUT,QAAO;EAAE;EAAY,eANC;GACpB,MAAM;GACN,OAAO;GACP,SAAS;IAAE,GAAG;IAAuB,QAAQ;IAAG;GACjD;EAEmC;;AAGtC,SAAS,0BAA0B,YAAoB;AACrD,SACG,CAAC,YAAY,QAAQ,IAAI,gBAAgB,GAAG,YAAY,MACzD,aACA"}