@robelest/convex-auth 0.0.4-preview.27 → 0.0.4-preview.28

package/dist/server/runtime.js

@@ -1,8 +1,7 @@
 import { LOG_LEVELS } from "../shared/log.js";
-import { requireEnv } from "./env.js";
-import { siteUrlsFromEnv } from "./url.js";
-import { redirectToParamCookie, useRedirectToParam } from "./cookies.js";
 import { generateRandomString, sha256 } from "./random.js";
+import { createCoreDomains } from "./core.js";
+import { requireEnv } from "./env.js";
 import { log, logError } from "./log.js";
 import { callModifyAccount } from "./mutations/account.js";
 import { callInvalidateSessions } from "./mutations/invalidate.js";
@@ -14,17 +13,17 @@ import { callRetrieveAccountWithCredentials } from "./mutations/retrieve.js";
 import { callVerifierSignature } from "./mutations/signature.js";
 import { callSignOut } from "./mutations/signout.js";
 import { storeArgs, storeImpl } from "./mutations/store.js";
-import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
-import { createCoreDomains } from "./core.js";
+import { siteUrlsFromEnv } from "./url.js";
+import { redirectToParamCookie, useRedirectToParam } from "./cookies.js";
 import { addAuthRoutes, addOpenIdRoutes, convertErrorsToResponse, createHttpAction, createHttpContext, createHttpRoute, getCookies } from "./http.js";
 import { createOAuthAuthorizationURL, handleOAuthCallback } from "./oauth/runtime.js";
+import { redirectAbsoluteUrl, setURLSearchParam } from "./redirects.js";
 import { encryptSecret } from "./secret.js";
 import { createGroupService } from "./services/group.js";
 import { resolveServerServices } from "./services/resolve.js";
 import { createGroupConnectionDomain } from "./sso/domain.js";
 import { addGroupHttpRuntime } from "./sso/http.js";
 import { ConvexError, v } from "convex/values";
-import { Effect, Match } from "effect";
 import { actionGeneric, internalMutationGeneric } from "convex/server";
 import { serialize } from "cookie";
 
@@ -163,28 +162,25 @@ function Auth(config_) {
 					if (request.headers.get("Content-Type")?.includes("application/x-www-form-urlencoded")) (await request.formData()).forEach((value, key) => {
 						if (typeof value === "string") params.append(key, value);
 					});
-					return Effect.runPromise(Effect.gen(function* () {
-						const result = yield* handleOAuthCallback(providerId, provider, Object.fromEntries(params.entries()), cookies);
+					try {
+						const result = await handleOAuthCallback(providerId, provider, Object.fromEntries(params.entries()), cookies);
 						const oauthCookies = result.cookies;
 						const { id: profileId, ...profileData } = result.profile;
 						const { signature } = result;
-						const verificationCode = yield* Effect.promise(() => callUserOAuth(ctx, {
+						const redirUrl = setURLSearchParam(destinationUrl, "code", await callUserOAuth(ctx, {
 							provider: providerId,
 							providerAccountId: profileId,
 							profile: profileData,
 							signature
 						}));
-						return Effect.sync(() => {
-							const redirUrl = setURLSearchParam(destinationUrl, "code", verificationCode);
-							const redirHeaders = new Headers({ Location: redirUrl });
-							redirHeaders.set("Cache-Control", "must-revalidate");
-							for (const { name, value, options } of [...oauthCookies, ...maybeRedirectTo !== null ? [maybeRedirectTo.updatedCookie] : []]) redirHeaders.append("Set-Cookie", serialize(name, value, options));
-							return new Response(null, {
-								status: 302,
-								headers: redirHeaders
-							});
+						const redirHeaders = new Headers({ Location: redirUrl });
+						redirHeaders.set("Cache-Control", "must-revalidate");
+						for (const { name, value, options } of [...oauthCookies, ...maybeRedirectTo !== null ? [maybeRedirectTo.updatedCookie] : []]) redirHeaders.append("Set-Cookie", serialize(name, value, options));
+						return new Response(null, {
+							status: 302,
+							headers: redirHeaders
 						});
-					}).pipe(Effect.flatten, Effect.catch((error) => Effect.sync(() => {
+					} catch (error) {
 						logError(error);
 						const respHeaders = new Headers({ Location: destinationUrl });
 						for (const { name, value, options } of maybeRedirectTo !== null ? [maybeRedirectTo.updatedCookie] : []) respHeaders.append("Set-Cookie", serialize(name, value, options));
@@ -192,7 +188,7 @@ function Auth(config_) {
 							status: 302,
 							headers: respHeaders
 						});
-					}))));
+					}
 				}
 			});
 		},
@@ -230,42 +226,53 @@ function Auth(config_) {
 					allowExtraProviders: false,
 					resolveSsoProtocol: group.resolveGroupConnectionSsoProtocolOrThrow
 				});
-				return Match.value(result).pipe(Match.when({ kind: "redirect" }, (r) => ({
-					kind: "redirect",
-					redirect: r.redirect,
-					verifier: r.verifier
-				})), Match.when({ kind: "signedIn" }, (r) => ({
-					kind: "signedIn",
-					tokens: r.signedIn?.tokens ?? null
-				})), Match.when({ kind: "refreshTokens" }, (r) => ({
-					kind: "signedIn",
-					tokens: r.signedIn?.tokens ?? null
-				})), Match.when({ kind: "started" }, () => ({ kind: "started" })), Match.when({ kind: "passkeyOptions" }, (r) => ({
-					kind: "passkeyOptions",
-					options: r.options,
-					verifier: r.verifier
-				})), Match.when({ kind: "totpRequired" }, (r) => ({
-					kind: "totpRequired",
-					verifier: r.verifier
-				})), Match.when({ kind: "totpSetup" }, (r) => ({
-					kind: "totpSetup",
-					totpSetup: {
-						uri: r.uri,
-						secret: r.secret,
-						totpId: r.totpId
-					},
-					verifier: r.verifier
-				})), Match.when({ kind: "deviceCode" }, (r) => ({
-					kind: "deviceCode",
-					deviceCode: {
-						deviceCode: r.deviceCode,
-						userCode: r.userCode,
-						verificationUri: r.verificationUri,
-						verificationUriComplete: r.verificationUriComplete,
-						expiresIn: r.expiresIn,
-						interval: r.interval
-					}
-				})), Match.exhaustive);
+				const handler = {
+					redirect: (r) => ({
+						kind: "redirect",
+						redirect: r.redirect,
+						verifier: r.verifier
+					}),
+					signedIn: (r) => ({
+						kind: "signedIn",
+						tokens: r.signedIn?.tokens ?? null
+					}),
+					refreshTokens: (r) => ({
+						kind: "signedIn",
+						tokens: r.signedIn?.tokens ?? null
+					}),
+					started: () => ({ kind: "started" }),
+					passkeyOptions: (r) => ({
+						kind: "passkeyOptions",
+						options: r.options,
+						verifier: r.verifier
+					}),
+					totpRequired: (r) => ({
+						kind: "totpRequired",
+						verifier: r.verifier
+					}),
+					totpSetup: (r) => ({
+						kind: "totpSetup",
+						totpSetup: {
+							uri: r.uri,
+							secret: r.secret,
+							totpId: r.totpId
+						},
+						verifier: r.verifier
+					}),
+					deviceCode: (r) => ({
+						kind: "deviceCode",
+						deviceCode: {
+							deviceCode: r.deviceCode,
+							userCode: r.userCode,
+							verificationUri: r.verificationUri,
+							verificationUriComplete: r.verificationUriComplete,
+							expiresIn: r.expiresIn,
+							interval: r.interval
+						}
+					})
+				}[result.kind];
+				if (!handler) throw new Error(`Unexpected sign-in result kind: ${result.kind}`);
+				return handler(result);
 			}
 		}),
 		signOut: actionGeneric({

package/dist/server/services/config.js

@@ -1,8 +1,10 @@
-import { Layer, ServiceMap } from "effect";
+import { configDefaults } from "../config.js";
 
 //#region src/server/services/config.ts
-var AuthConfigService = class extends ServiceMap.Service()("AuthConfigService") {};
+const createAuthConfig = (config_) => {
+	return { config: configDefaults(config_) };
+};
 
 //#endregion
-export { AuthConfigService };
+export { createAuthConfig };
 //# sourceMappingURL=config.js.map

package/dist/server/services/logger.js

@@ -1,10 +1,8 @@
 import { logMessage } from "../../shared/log.js";
-import { Layer, ServiceMap } from "effect";
 
 //#region src/server/services/logger.ts
-var AuthLoggerService = class extends ServiceMap.Service()("AuthLoggerService") {};
-const AuthLoggerLive = Layer.succeed(AuthLoggerService)({ log: (level, ...args) => logMessage("convex-auth", level, args) });
+const createAuthLogger = () => ({ log: (level, ...args) => logMessage("convex-auth", level, args) });
 
 //#endregion
-export { AuthLoggerLive, AuthLoggerService };
+export { createAuthLogger };
 //# sourceMappingURL=logger.js.map

package/dist/server/services/providers.js

@@ -1,11 +1,9 @@
 import { LOG_LEVELS } from "../../shared/log.js";
 import { listAvailableProviders } from "../config.js";
 import { ConvexError } from "convex/values";
-import { Layer, ServiceMap } from "effect";
 
 //#region src/server/services/providers.ts
-var ProviderRegistryService = class extends ServiceMap.Service()("ProviderRegistryService") {};
-const ProviderRegistryLive = (config, logger) => Layer.succeed(ProviderRegistryService)({ getProviderOrThrow: (id, allowExtraProviders = false) => {
+const createProviderRegistry = (config, logger) => ({ getProviderOrThrow: (id, allowExtraProviders = false) => {
 	const provider = config.providers.find((configuredProvider) => configuredProvider.id === id) ?? (allowExtraProviders ? config.extraProviders.find((configuredProvider) => configuredProvider.id === id) : void 0);
 	if (provider === void 0) {
 		const detail = `Provider \`${id}\` is not configured, available providers are ${listAvailableProviders(config, allowExtraProviders)}.`;
@@ -20,5 +18,5 @@ const ProviderRegistryLive = (config, logger) => Layer.succeed(ProviderRegistryS
 } });
 
 //#endregion
-export { ProviderRegistryLive, ProviderRegistryService };
+export { createProviderRegistry };
 //# sourceMappingURL=providers.js.map

package/dist/server/services/refresh.js

@@ -1,10 +1,8 @@
 import { refreshSessionImpl } from "../mutations/refresh.js";
-import { Layer, ServiceMap } from "effect";
 
 //#region src/server/services/refresh.ts
-var AuthRefreshService = class extends ServiceMap.Service()("AuthRefreshService") {};
-const AuthRefreshLive = (config) => Layer.succeed(AuthRefreshService)({ refresh: (ctx, args, getProviderOrThrow) => refreshSessionImpl(ctx, args, getProviderOrThrow, config) });
+const createAuthRefresh = (config) => ({ refresh: (ctx, args) => refreshSessionImpl(ctx, args, config) });
 
 //#endregion
-export { AuthRefreshLive, AuthRefreshService };
+export { createAuthRefresh };
 //# sourceMappingURL=refresh.js.map

package/dist/server/services/resolve.js

@@ -1,23 +1,24 @@
 import { configDefaults } from "../config.js";
-import { AuthConfigService } from "./config.js";
-import { AuthLoggerLive, AuthLoggerService } from "./logger.js";
-import { ProviderRegistryLive, ProviderRegistryService } from "./providers.js";
-import { AuthRefreshLive, AuthRefreshService } from "./refresh.js";
-import { AuthSignInLive, AuthSignInService } from "./signin.js";
-import { Effect, Layer, ServiceMap } from "effect";
+import { createAuthConfig } from "./config.js";
+import { createAuthLogger } from "./logger.js";
+import { createProviderRegistry } from "./providers.js";
+import { createAuthRefresh } from "./refresh.js";
+import { createAuthSignIn } from "./signin.js";
 
 //#region src/server/services/resolve.ts
 function resolveServerServices(config) {
 	const configValue = configDefaults(config);
-	const loggerValue = Effect.runSync(Effect.map(Effect.scoped(Layer.build(AuthLoggerLive)), (context$1) => ServiceMap.getUnsafe(context$1, AuthLoggerService)));
-	const layer = Layer.mergeAll(Layer.succeed(AuthLoggerService)(loggerValue), Layer.succeed(AuthConfigService)({ config: configValue }), ProviderRegistryLive(configValue, loggerValue), AuthSignInLive(configValue), AuthRefreshLive(configValue));
-	const context = Effect.runSync(Effect.scoped(Layer.build(layer)));
+	const logger = createAuthLogger();
+	const authConfig = createAuthConfig(config);
+	const providerRegistry = createProviderRegistry(configValue, logger);
+	const signIn = createAuthSignIn(configValue);
+	const refresh = createAuthRefresh(configValue);
 	return {
-		config: ServiceMap.getUnsafe(context, AuthConfigService).config,
-		logger: ServiceMap.getUnsafe(context, AuthLoggerService),
-		providerRegistry: ServiceMap.getUnsafe(context, ProviderRegistryService),
-		signIn: ServiceMap.getUnsafe(context, AuthSignInService),
-		refresh: ServiceMap.getUnsafe(context, AuthRefreshService)
+		config: authConfig.config,
+		logger,
+		providerRegistry,
+		signIn,
+		refresh
 	};
 }
 

package/dist/server/services/signin.js

@@ -1,10 +1,8 @@
 import { signInImpl } from "../signin.js";
-import { Layer, ServiceMap } from "effect";
 
 //#region src/server/services/signin.ts
-var AuthSignInService = class extends ServiceMap.Service()("AuthSignInService") {};
-const AuthSignInLive = (_config) => Layer.succeed(AuthSignInService)({ signIn: (ctx, provider, args, options) => signInImpl(ctx, provider, args, options) });
+const createAuthSignIn = (_config) => ({ signIn: (ctx, provider, args, options) => signInImpl(ctx, provider, args, options) });
 
 //#endregion
-export { AuthSignInLive, AuthSignInService };
+export { createAuthSignIn };
 //# sourceMappingURL=signin.js.map

package/dist/server/sessions.js

@@ -1,54 +1,53 @@
 import { LOG_LEVELS } from "../shared/log.js";
-import { envOptionalNumber, readConfigSync } from "./env.js";
 import { authDb } from "./db.js";
+import { envOptionalNumber, readConfigSync } from "./env.js";
 import { log, maybeRedact } from "./log.js";
-import { REFRESH_TOKEN_DIVIDER, createRefreshToken } from "./refresh.js";
+import { REFRESH_TOKEN_DIVIDER, refreshTokenExpirationTime } from "./refresh.js";
 import { TOKEN_SUB_CLAIM_DIVIDER, generateToken } from "./tokens.js";
 
 //#region src/server/sessions.ts
 const DEFAULT_SESSION_TOTAL_DURATION_MS = 1e3 * 60 * 60 * 24 * 30;
+const sessionExpirationTime = (config, now = Date.now()) => now + (config.session?.totalDurationMs ?? readConfigSync(envOptionalNumber("AUTH_SESSION_TOTAL_DURATION_MS")) ?? DEFAULT_SESSION_TOTAL_DURATION_MS);
+const encodeRefreshToken = (refreshTokenId, sessionId) => `${refreshTokenId}${REFRESH_TOKEN_DIVIDER}${sessionId}`;
 /** @internal */
-async function maybeGenerateTokensForSession(ctx, config, userId, sessionId, generateTokens) {
+async function maybeGenerateTokensForSession(config, args, generateTokens) {
 	return {
-		userId,
-		sessionId,
-		tokens: generateTokens ? await generateTokensForSession(ctx, config, {
-			userId,
-			sessionId,
-			issuedRefreshTokenId: null,
-			parentRefreshTokenId: null
+		userId: args.userId,
+		sessionId: args.sessionId,
+		tokens: generateTokens && args.refreshTokenId !== void 0 ? await generateTokensForSession(config, {
+			userId: args.userId,
+			sessionId: args.sessionId,
+			refreshTokenId: args.refreshTokenId
 		}) : null
 	};
 }
 /** @internal */
-async function createNewAndDeleteExistingSession(ctx, config, userId) {
-	const db = authDb(ctx, config);
-	const existingSessionId = await getAuthSessionId(ctx);
-	if (existingSessionId !== null) {
-		const existingSession = await db.sessions.getById(existingSessionId);
-		if (existingSession !== null) await deleteSession(ctx, existingSession, config);
-	}
-	return await createSession(ctx, userId, config);
+async function issueSession(ctx, config, args) {
+	const issued = await authDb(ctx, config).sessions.issue({
+		userId: args.userId,
+		sessionId: args.existingSessionId,
+		replaceSessionId: args.replaceSessionId,
+		sessionExpirationTime: sessionExpirationTime(config),
+		refreshTokenExpirationTime: args.generateTokens ? refreshTokenExpirationTime(config) : void 0
+	});
+	return await maybeGenerateTokensForSession(config, {
+		userId: issued.userId,
+		sessionId: issued.sessionId,
+		refreshTokenId: issued.refreshTokenId
+	}, args.generateTokens);
 }
 /** @internal */
-async function generateTokensForSession(ctx, config, args) {
-	const ids = {
-		userId: args.userId,
-		sessionId: args.sessionId
-	};
-	const refreshTokenId = args.issuedRefreshTokenId ?? await createRefreshToken(ctx, config, args.sessionId, args.parentRefreshTokenId);
+async function generateTokensForSession(config, args) {
 	const result = {
-		token: await generateToken(ids, config),
-		refreshToken: `${refreshTokenId}${REFRESH_TOKEN_DIVIDER}${args.sessionId}`
+		token: await generateToken({
+			userId: args.userId,
+			sessionId: args.sessionId
+		}, config),
+		refreshToken: encodeRefreshToken(args.refreshTokenId, args.sessionId)
 	};
-	log(LOG_LEVELS.DEBUG, `Generated token ${maybeRedact(result.token)} and refresh token ${maybeRedact(refreshTokenId)} for session ${maybeRedact(args.sessionId)}`);
+	log(LOG_LEVELS.DEBUG, `Generated token ${maybeRedact(result.token)} and refresh token ${maybeRedact(args.refreshTokenId)} for session ${maybeRedact(args.sessionId)}`);
 	return result;
 }
-async function createSession(ctx, userId, config) {
-	const db = authDb(ctx, config);
-	const expirationTime = Date.now() + (config.session?.totalDurationMs ?? readConfigSync(envOptionalNumber("AUTH_SESSION_TOTAL_DURATION_MS")) ?? DEFAULT_SESSION_TOTAL_DURATION_MS);
-	return await db.sessions.create(userId, expirationTime);
-}
 /** @internal */
 async function deleteSession(ctx, session, config) {
 	const db = authDb(ctx, config);
@@ -69,5 +68,5 @@ async function getAuthSessionId(ctx) {
 }
 
 //#endregion
-export { createNewAndDeleteExistingSession, deleteSession, generateTokensForSession, getAuthSessionId, maybeGenerateTokensForSession };
+export { deleteSession, generateTokensForSession, getAuthSessionId, issueSession };
 //# sourceMappingURL=sessions.js.map