@robelest/convex-auth 0.0.4-preview.27 → 0.0.4-preview.28

package/dist/server/http.js

@@ -1,7 +1,6 @@
 import { createUnauthenticatedAuthContext, getAuthContextForUser, getSessionUserId } from "./context.js";
 import { logError } from "./log.js";
 import { ConvexError } from "convex/values";
-import { Cause, Effect, Exit } from "effect";
 import { httpActionGeneric } from "convex/server";
 import { parse } from "cookie";
 
@@ -26,12 +25,6 @@ function buildCorsHeaders(request, corsConfig, defaultOrigins) {
 		"Access-Control-Allow-Headers": corsConfig?.headers ?? "Content-Type,Authorization"
 	};
 }
-function runBoundary(effect) {
-	return Effect.runPromiseExit(effect).then(Exit.match({
-		onSuccess: (value) => value,
-		onFailure: (cause) => Promise.reject(Cause.squash(cause))
-	}));
-}
 async function getHttpKeyContext(auth, ctx, request) {
 	const authHeader = request.headers.get("Authorization");
 	if (!authHeader?.startsWith("Bearer sk_")) return null;
@@ -87,82 +80,78 @@ function createHttpAction(auth, defaultOrigins) {
 	return (handler, options) => {
 		return httpActionGeneric(async (genericCtx, request) => {
 			const corsHeaders = buildCorsHeaders(request, options?.cors, defaultOrigins);
-			return runBoundary(Effect.tryPromise({
-				try: async () => {
-					const authHeader = request.headers.get("Authorization");
-					if (!authHeader?.startsWith("Bearer ")) return new Response(JSON.stringify({
-						error: "Missing or malformed Authorization: Bearer header.",
-						code: "MISSING_BEARER_TOKEN"
-					}), {
-						status: 401,
-						headers: {
-							...corsHeaders,
-							"Content-Type": "application/json"
-						}
-					});
-					const rawKey = authHeader.slice(7);
-					const keyResult = await Effect.runPromise(Effect.tryPromise({
-						try: () => auth.key.verify(genericCtx, rawKey),
-						catch: (error) => error
-					}).pipe(Effect.match({
-						onFailure: (error) => ({
-							ok: false,
-							error
-						}),
-						onSuccess: (value) => ({
-							ok: true,
-							value
-						})
-					})));
-					if (!keyResult.ok) {
-						if (keyResult.error instanceof ConvexError && typeof keyResult.error.data === "object" && keyResult.error.data !== null && "code" in keyResult.error.data && "message" in keyResult.error.data) {
-							const { code, message } = keyResult.error.data;
-							return new Response(JSON.stringify({
-								error: message,
-								code
-							}), {
-								status: 403,
-								headers: {
-									...corsHeaders,
-									"Content-Type": "application/json"
-								}
-							});
-						}
-						throw keyResult.error;
+			try {
+				const authHeader = request.headers.get("Authorization");
+				if (!authHeader?.startsWith("Bearer ")) return new Response(JSON.stringify({
+					error: "Missing or malformed Authorization: Bearer header.",
+					code: "MISSING_BEARER_TOKEN"
+				}), {
+					status: 401,
+					headers: {
+						...corsHeaders,
+						"Content-Type": "application/json"
 					}
-					if (options?.scope && !keyResult.value.scopes.can(options.scope.resource, options.scope.action)) return new Response(JSON.stringify({
-						error: "This API key does not have the required permissions.",
-						code: "SCOPE_CHECK_FAILED"
-					}), {
-						status: 403,
-						headers: {
-							...corsHeaders,
-							"Content-Type": "application/json"
-						}
-					});
-					const result = await handler(Object.assign(genericCtx, { key: {
-						userId: keyResult.value.userId,
-						keyId: keyResult.value.keyId,
-						scopes: keyResult.value.scopes
-					} }), request);
-					return result instanceof Response ? (() => {
-						const headers = new Headers(result.headers);
-						for (const [k, val] of Object.entries(corsHeaders)) if (!headers.has(k)) headers.set(k, val);
-						return new Response(result.body, {
-							status: result.status,
-							statusText: result.statusText,
-							headers
+				});
+				const rawKey = authHeader.slice(7);
+				let keyResult;
+				try {
+					keyResult = {
+						ok: true,
+						value: await auth.key.verify(genericCtx, rawKey)
+					};
+				} catch (error) {
+					keyResult = {
+						ok: false,
+						error
+					};
+				}
+				if (!keyResult.ok) {
+					if (keyResult.error instanceof ConvexError && typeof keyResult.error.data === "object" && keyResult.error.data !== null && "code" in keyResult.error.data && "message" in keyResult.error.data) {
+						const { code, message } = keyResult.error.data;
+						return new Response(JSON.stringify({
+							error: message,
+							code
+						}), {
+							status: 403,
+							headers: {
+								...corsHeaders,
+								"Content-Type": "application/json"
+							}
 						});
-					})() : new Response(JSON.stringify(result), {
-						status: 200,
-						headers: {
-							...corsHeaders,
-							"Content-Type": "application/json"
-						}
+					}
+					throw keyResult.error;
+				}
+				if (options?.scope && !keyResult.value.scopes.can(options.scope.resource, options.scope.action)) return new Response(JSON.stringify({
+					error: "This API key does not have the required permissions.",
+					code: "SCOPE_CHECK_FAILED"
+				}), {
+					status: 403,
+					headers: {
+						...corsHeaders,
+						"Content-Type": "application/json"
+					}
+				});
+				const result = await handler(Object.assign(genericCtx, { key: {
+					userId: keyResult.value.userId,
+					keyId: keyResult.value.keyId,
+					scopes: keyResult.value.scopes
+				} }), request);
+				return result instanceof Response ? (() => {
+					const headers = new Headers(result.headers);
+					for (const [k, val] of Object.entries(corsHeaders)) if (!headers.has(k)) headers.set(k, val);
+					return new Response(result.body, {
+						status: result.status,
+						statusText: result.statusText,
+						headers
 					});
-				},
-				catch: (error) => error
-			}).pipe(Effect.catch((error) => Effect.sync(() => {
+				})() : new Response(JSON.stringify(result), {
+					status: 200,
+					headers: {
+						...corsHeaders,
+						"Content-Type": "application/json"
+					}
+				});
+			} catch (error) {
 				logError(error);
 				return new Response(JSON.stringify({
 					error: "An unexpected error occurred.",
@@ -174,7 +163,7 @@ function createHttpAction(auth, defaultOrigins) {
 						"Content-Type": "application/json"
 					}
 				});
-			}))));
+			}
 		});
 	};
 }
@@ -203,10 +192,9 @@ function createHttpRoute(wrapAction, defaultOrigins) {
 }
 function convertErrorsToResponse(errorStatusCode, action) {
 	return async (ctx, request) => {
-		return runBoundary(Effect.tryPromise({
-			try: () => action(ctx, request),
-			catch: (error) => error
-		}).pipe(Effect.catch((error) => Effect.sync(() => {
+		try {
+			return await action(ctx, request);
+		} catch (error) {
 			if (error instanceof ConvexError && typeof error.data === "object" && error.data !== null && "code" in error.data && "message" in error.data) return new Response(JSON.stringify({
 				code: error.data.code,
 				message: error.data.message
@@ -223,7 +211,7 @@ function convertErrorsToResponse(errorStatusCode, action) {
 				status: 500,
 				statusText: "Internal Server Error"
 			});
-		}))));
+		}
 	};
 }
 function getCookies(request) {

package/dist/server/index.d.ts

@@ -1,5 +1,6 @@
+import { AuthConfig, AuthContext, AuthContextConfig, InferAuth, OptionalAuthContext, UserDoc } from "./auth-context.js";
 import { HttpAuthContext, HttpAuthContextConfig, OptionalHttpAuthContext } from "./http.js";
-import { AuthApi, AuthApiBase, AuthConfig, AuthContext, AuthContextConfig, ConvexAuthResult, InferAuth, InferClientApi, OptionalAuthContext, UserDoc, createAuth } from "./auth.js";
+import { AuthApi, AuthApiBase, ConvexAuthResult, InferClientApi, createAuth } from "./auth.js";
 import { CreateAuthGroupSsoOptions, GroupSsoAccessHandler, GroupSsoAccessInput, GroupSsoAccessPermissions, GroupSsoPermission, GroupSsoResolvedAccessHandler, createAuthGroupSso, scim, sso } from "./mounts.js";
 import { AuthCookie, AuthCookieConfig, AuthCookies, RefreshResult, ServerOptions, authCookieNames, parseAuthCookies, serializeAuthCookies, server, shouldProxyAuthAction, structuredAuthCookies } from "./prefetch.js";
 export { type AuthApi, type AuthApiBase, type AuthConfig, type AuthContext, type AuthContextConfig, type AuthCookie, type AuthCookieConfig, type AuthCookies, type ConvexAuthResult, type CreateAuthGroupSsoOptions, type GroupSsoAccessHandler, type GroupSsoAccessInput, type GroupSsoAccessPermissions, type GroupSsoPermission, type GroupSsoResolvedAccessHandler, type HttpAuthContext, type HttpAuthContextConfig, type InferAuth, type InferClientApi, type OptionalAuthContext, type OptionalHttpAuthContext, type RefreshResult, type ServerOptions, type UserDoc, authCookieNames, createAuth, createAuthGroupSso, parseAuthCookies, scim, serializeAuthCookies, server, shouldProxyAuthAction, sso, structuredAuthCookies };

package/dist/server/limits.js

@@ -1,5 +1,4 @@
 import { authDb } from "./db.js";
-import { Effect } from "effect";
 
 //#region src/server/limits.ts
 const DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR = 10;
@@ -7,28 +6,36 @@ const DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR = 10;
 * Check whether the given identifier is currently rate-limited.
 * @internal
 */
-const isSignInRateLimited = (ctx, identifier, config) => Effect.map(getRateLimitState(ctx, identifier, config), (state) => {
+async function isSignInRateLimited(ctx, identifier, config) {
+	const state = await getRateLimitState(ctx, identifier, config);
 	return state !== null && state.attemptsLeft < 1;
-});
+}
 /**
 * Record a failed sign-in attempt for the given identifier.
 * @internal
 */
-const recordFailedSignIn = (ctx, identifier, config) => Effect.flatMap(getRateLimitState(ctx, identifier, config), (state) => state !== null ? Effect.promise(() => authDb(ctx, config).rateLimits.patch(state.limit._id, {
-	attemptsLeft: state.attemptsLeft - 1,
-	lastAttemptTime: Date.now()
-})) : Effect.promise(() => authDb(ctx, config).rateLimits.create({
-	identifier,
-	attemptsLeft: (config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR) - 1,
-	lastAttemptTime: Date.now()
-})).pipe(Effect.asVoid));
+async function recordFailedSignIn(ctx, identifier, config) {
+	const state = await getRateLimitState(ctx, identifier, config);
+	if (state !== null) await authDb(ctx, config).rateLimits.patch(state.limit._id, {
+		attemptsLeft: state.attemptsLeft - 1,
+		lastAttemptTime: Date.now()
+	});
+	else await authDb(ctx, config).rateLimits.create({
+		identifier,
+		attemptsLeft: (config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR) - 1,
+		lastAttemptTime: Date.now()
+	});
+}
 /**
 * Reset the rate limit for the given identifier.
 * @internal
 */
-const resetSignInRateLimit = (ctx, identifier, config) => Effect.flatMap(getRateLimitState(ctx, identifier, config), (state) => state !== null ? Effect.promise(() => authDb(ctx, config).rateLimits.delete(state.limit._id)) : Effect.void);
-const getRateLimitState = (ctx, identifier, config) => Effect.map(Effect.promise(() => authDb(ctx, config).rateLimits.get(identifier)), (limit) => {
-	const typedLimit = limit;
+async function resetSignInRateLimit(ctx, identifier, config) {
+	const state = await getRateLimitState(ctx, identifier, config);
+	if (state !== null) await authDb(ctx, config).rateLimits.delete(state.limit._id);
+}
+async function getRateLimitState(ctx, identifier, config) {
+	const typedLimit = await authDb(ctx, config).rateLimits.get(identifier);
 	if (typedLimit === null) return null;
 	const now = Date.now();
 	const maxAttemptsPerHour = config.signIn?.maxFailedAttemptsPerHour ?? DEFAULT_MAX_SIGN_IN_ATTEMPTS_PER_HOUR;
@@ -38,7 +45,7 @@ const getRateLimitState = (ctx, identifier, config) => Effect.map(Effect.promise
 		limit: typedLimit,
 		attemptsLeft: Math.min(maxAttemptsPerHour, typedLimit.attemptsLeft + elapsed * maxAttemptsPerMs)
 	};
-});
+}
 
 //#endregion
 export { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit };