@robelest/convex-auth 0.0.4-preview.27 → 0.0.4-preview.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -5
- package/dist/bin.js +6488 -1571
- package/dist/browser/index.js +10 -7
- package/dist/browser/locks.js +3 -5
- package/dist/browser/navigation.js +7 -10
- package/dist/browser/runtime.js +35 -33
- package/dist/client/core/types.js +17 -0
- package/dist/client/factors/device.js +26 -19
- package/dist/client/index.js +151 -163
- package/dist/client/runtime/proxy.js +6 -6
- package/dist/client/services/adapters.js +3 -7
- package/dist/client/services/http.js +2 -5
- package/dist/client/services/resolve.js +5 -11
- package/dist/client/services/runtime.js +2 -5
- package/dist/component/_generated/component.d.ts +46 -0
- package/dist/component/index.d.ts +3 -3
- package/dist/component/model.d.ts +25 -25
- package/dist/component/public/identity/sessions.js +38 -1
- package/dist/component/public/identity/tokens.js +81 -3
- package/dist/component/public/identity/verifiers.js +9 -3
- package/dist/component/public.js +3 -3
- package/dist/component/schema.d.ts +320 -320
- package/dist/core/index.d.ts +380 -0
- package/dist/core/index.js +83 -0
- package/dist/otel.d.ts +13 -17
- package/dist/otel.js +39 -49
- package/dist/providers/email.d.ts +2 -2
- package/dist/providers/password.js +8 -16
- package/dist/providers/phone.js +2 -9
- package/dist/server/auth-context.d.ts +204 -0
- package/dist/server/auth-context.js +76 -0
- package/dist/server/auth.d.ts +25 -187
- package/dist/server/auth.js +5 -96
- package/dist/server/componentContext.d.ts +12 -0
- package/dist/server/componentContext.js +1 -0
- package/dist/server/config.js +1 -12
- package/dist/server/constants.js +6 -0
- package/dist/server/contract.d.ts +1 -1
- package/dist/server/core.js +5 -14
- package/dist/server/crypto.js +26 -18
- package/dist/server/db.js +6 -1
- package/dist/server/device.js +88 -78
- package/dist/server/http.d.ts +4 -3
- package/dist/server/http.js +74 -86
- package/dist/server/index.d.ts +2 -1
- package/dist/server/limits.js +22 -15
- package/dist/server/mounts.d.ts +103 -103
- package/dist/server/mutations/account.js +6 -4
- package/dist/server/mutations/invalidate.js +3 -6
- package/dist/server/mutations/oauth.js +86 -88
- package/dist/server/mutations/refresh.js +45 -87
- package/dist/server/mutations/register.js +19 -19
- package/dist/server/mutations/retrieve.js +17 -15
- package/dist/server/mutations/signature.js +9 -13
- package/dist/server/mutations/signin.js +7 -3
- package/dist/server/mutations/signout.js +10 -15
- package/dist/server/mutations/store.js +22 -12
- package/dist/server/mutations/verifier.js +11 -6
- package/dist/server/mutations/verify.js +55 -46
- package/dist/server/oauth/runtime.js +27 -25
- package/dist/server/passkey.js +299 -250
- package/dist/server/prefetch.js +283 -281
- package/dist/server/refresh.js +7 -60
- package/dist/server/runtime.d.ts +82 -206
- package/dist/server/runtime.js +63 -56
- package/dist/server/services/config.js +5 -3
- package/dist/server/services/logger.js +2 -4
- package/dist/server/services/providers.js +2 -4
- package/dist/server/services/refresh.js +2 -4
- package/dist/server/services/resolve.js +15 -14
- package/dist/server/services/signin.js +2 -4
- package/dist/server/sessions.js +32 -33
- package/dist/server/signin.js +177 -142
- package/dist/server/sso/domain.d.ts +20 -68
- package/dist/server/sso/domain.js +444 -413
- package/dist/server/sso/http.js +53 -59
- package/dist/server/sso/oidc.js +94 -80
- package/dist/server/tokens.js +13 -3
- package/dist/server/totp.js +153 -116
- package/dist/server/types.d.ts +2 -2
- package/dist/server/users.js +18 -23
- package/dist/server/utils/cache.js +51 -0
- package/dist/server/utils/dispatch.js +36 -0
- package/dist/server/utils/retry.js +24 -0
- package/dist/server/utils/span.js +32 -0
- package/dist/shared/errors.js +9 -3
- package/dist/shared/log.js +20 -22
- package/package.json +41 -33
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import * as
|
|
2
|
-
import * as
|
|
1
|
+
import * as convex_values87 from "convex/values";
|
|
2
|
+
import * as convex_server81 from "convex/server";
|
|
3
3
|
|
|
4
4
|
//#region src/component/schema.d.ts
|
|
5
5
|
/**
|
|
@@ -9,30 +9,30 @@ import * as convex_server75 from "convex/server";
|
|
|
9
9
|
* verification codes, PKCE verifiers, rate limits) and hierarchical group
|
|
10
10
|
* management (groups, members, invites).
|
|
11
11
|
*/
|
|
12
|
-
declare const _default:
|
|
12
|
+
declare const _default: convex_server81.SchemaDefinition<{
|
|
13
13
|
/**
|
|
14
14
|
* Authenticated users. A user may have multiple linked accounts
|
|
15
15
|
* and multiple concurrent sessions.
|
|
16
16
|
*/
|
|
17
|
-
User:
|
|
17
|
+
User: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
18
18
|
email?: string | undefined;
|
|
19
19
|
name?: string | undefined;
|
|
20
20
|
image?: string | undefined;
|
|
21
|
-
extend?: any;
|
|
22
21
|
phone?: string | undefined;
|
|
22
|
+
extend?: any;
|
|
23
23
|
emailVerificationTime?: number | undefined;
|
|
24
24
|
phoneVerificationTime?: number | undefined;
|
|
25
25
|
isAnonymous?: boolean | undefined;
|
|
26
26
|
}, {
|
|
27
|
-
name:
|
|
28
|
-
image:
|
|
29
|
-
email:
|
|
30
|
-
emailVerificationTime:
|
|
31
|
-
phone:
|
|
32
|
-
phoneVerificationTime:
|
|
33
|
-
isAnonymous:
|
|
34
|
-
extend:
|
|
35
|
-
}, "required", "email" | "name" | "image" | "
|
|
27
|
+
name: convex_values87.VString<string | undefined, "optional">;
|
|
28
|
+
image: convex_values87.VString<string | undefined, "optional">;
|
|
29
|
+
email: convex_values87.VString<string | undefined, "optional">;
|
|
30
|
+
emailVerificationTime: convex_values87.VFloat64<number | undefined, "optional">;
|
|
31
|
+
phone: convex_values87.VString<string | undefined, "optional">;
|
|
32
|
+
phoneVerificationTime: convex_values87.VFloat64<number | undefined, "optional">;
|
|
33
|
+
isAnonymous: convex_values87.VBoolean<boolean | undefined, "optional">;
|
|
34
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
35
|
+
}, "required", "email" | "name" | "image" | "phone" | "extend" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | `extend.${string}`>, {
|
|
36
36
|
email: ["email", "_creationTime"];
|
|
37
37
|
email_verified: ["email", "emailVerificationTime", "_creationTime"];
|
|
38
38
|
phone: ["phone", "_creationTime"];
|
|
@@ -43,12 +43,12 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
43
43
|
* across different devices or browsers. Sessions expire after a
|
|
44
44
|
* configurable duration.
|
|
45
45
|
*/
|
|
46
|
-
Session:
|
|
47
|
-
userId:
|
|
46
|
+
Session: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
47
|
+
userId: convex_values87.GenericId<"User">;
|
|
48
48
|
expirationTime: number;
|
|
49
49
|
}, {
|
|
50
|
-
userId:
|
|
51
|
-
expirationTime:
|
|
50
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">;
|
|
51
|
+
expirationTime: convex_values87.VFloat64<number, "required">;
|
|
52
52
|
}, "required", "userId" | "expirationTime">, {
|
|
53
53
|
user_id: ["userId", "_creationTime"];
|
|
54
54
|
}, {}, {}>;
|
|
@@ -57,23 +57,23 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
57
57
|
* authentication provider (e.g. Google OAuth, email/password).
|
|
58
58
|
* A user can have multiple accounts linked.
|
|
59
59
|
*/
|
|
60
|
-
Account:
|
|
60
|
+
Account: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
61
61
|
emailVerified?: string | undefined;
|
|
62
62
|
extend?: any;
|
|
63
63
|
secret?: string | undefined;
|
|
64
64
|
phoneVerified?: string | undefined;
|
|
65
|
-
userId:
|
|
65
|
+
userId: convex_values87.GenericId<"User">;
|
|
66
66
|
provider: string;
|
|
67
67
|
providerAccountId: string;
|
|
68
68
|
}, {
|
|
69
|
-
userId:
|
|
70
|
-
provider:
|
|
71
|
-
providerAccountId:
|
|
72
|
-
secret:
|
|
73
|
-
emailVerified:
|
|
74
|
-
phoneVerified:
|
|
75
|
-
extend:
|
|
76
|
-
}, "required", "emailVerified" | "
|
|
69
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">;
|
|
70
|
+
provider: convex_values87.VString<string, "required">;
|
|
71
|
+
providerAccountId: convex_values87.VString<string, "required">;
|
|
72
|
+
secret: convex_values87.VString<string | undefined, "optional">;
|
|
73
|
+
emailVerified: convex_values87.VString<string | undefined, "optional">;
|
|
74
|
+
phoneVerified: convex_values87.VString<string | undefined, "optional">;
|
|
75
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
76
|
+
}, "required", "emailVerified" | "userId" | "extend" | `extend.${string}` | "provider" | "providerAccountId" | "secret" | "phoneVerified">, {
|
|
77
77
|
user_id_provider: ["userId", "provider", "_creationTime"];
|
|
78
78
|
provider_account_id: ["provider", "providerAccountId", "_creationTime"];
|
|
79
79
|
}, {}, {}>;
|
|
@@ -85,17 +85,17 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
85
85
|
* been used yet. A 10-second reuse window allows for concurrent requests.
|
|
86
86
|
* Any invalid use of a token invalidates the entire chain.
|
|
87
87
|
*/
|
|
88
|
-
RefreshToken:
|
|
88
|
+
RefreshToken: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
89
89
|
firstUsedTime?: number | undefined;
|
|
90
|
-
parentRefreshTokenId?:
|
|
91
|
-
sessionId: convex_values0.GenericId<"Session">;
|
|
90
|
+
parentRefreshTokenId?: convex_values87.GenericId<"RefreshToken"> | undefined;
|
|
92
91
|
expirationTime: number;
|
|
92
|
+
sessionId: convex_values87.GenericId<"Session">;
|
|
93
93
|
}, {
|
|
94
|
-
sessionId:
|
|
95
|
-
expirationTime:
|
|
96
|
-
firstUsedTime:
|
|
97
|
-
parentRefreshTokenId:
|
|
98
|
-
}, "required", "
|
|
94
|
+
sessionId: convex_values87.VId<convex_values87.GenericId<"Session">, "required">;
|
|
95
|
+
expirationTime: convex_values87.VFloat64<number, "required">;
|
|
96
|
+
firstUsedTime: convex_values87.VFloat64<number | undefined, "optional">;
|
|
97
|
+
parentRefreshTokenId: convex_values87.VId<convex_values87.GenericId<"RefreshToken"> | undefined, "optional">;
|
|
98
|
+
}, "required", "expirationTime" | "sessionId" | "firstUsedTime" | "parentRefreshTokenId">, {
|
|
99
99
|
session_id: ["sessionId", "_creationTime"];
|
|
100
100
|
session_id_first_used: ["sessionId", "firstUsedTime", "_creationTime"];
|
|
101
101
|
session_id_parent_refresh_token_id: ["sessionId", "parentRefreshTokenId", "_creationTime"];
|
|
@@ -103,23 +103,23 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
103
103
|
/**
|
|
104
104
|
* Verification codes for OTP tokens, magic link tokens, and OAuth codes.
|
|
105
105
|
*/
|
|
106
|
-
VerificationCode:
|
|
106
|
+
VerificationCode: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
107
107
|
emailVerified?: string | undefined;
|
|
108
|
-
verifier?: string | undefined;
|
|
109
108
|
phoneVerified?: string | undefined;
|
|
110
|
-
|
|
111
|
-
provider: string;
|
|
112
|
-
accountId: convex_values0.GenericId<"Account">;
|
|
109
|
+
verifier?: string | undefined;
|
|
113
110
|
expirationTime: number;
|
|
111
|
+
provider: string;
|
|
112
|
+
accountId: convex_values87.GenericId<"Account">;
|
|
113
|
+
code: string;
|
|
114
114
|
}, {
|
|
115
|
-
accountId:
|
|
116
|
-
provider:
|
|
117
|
-
code:
|
|
118
|
-
expirationTime:
|
|
119
|
-
verifier:
|
|
120
|
-
emailVerified:
|
|
121
|
-
phoneVerified:
|
|
122
|
-
}, "required", "emailVerified" | "
|
|
115
|
+
accountId: convex_values87.VId<convex_values87.GenericId<"Account">, "required">;
|
|
116
|
+
provider: convex_values87.VString<string, "required">;
|
|
117
|
+
code: convex_values87.VString<string, "required">;
|
|
118
|
+
expirationTime: convex_values87.VFloat64<number, "required">;
|
|
119
|
+
verifier: convex_values87.VString<string | undefined, "optional">;
|
|
120
|
+
emailVerified: convex_values87.VString<string | undefined, "optional">;
|
|
121
|
+
phoneVerified: convex_values87.VString<string | undefined, "optional">;
|
|
122
|
+
}, "required", "emailVerified" | "expirationTime" | "provider" | "phoneVerified" | "accountId" | "code" | "verifier">, {
|
|
123
123
|
account_id: ["accountId", "_creationTime"];
|
|
124
124
|
code: ["code", "_creationTime"];
|
|
125
125
|
}, {}, {}>;
|
|
@@ -127,12 +127,12 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
127
127
|
* PKCE verifiers for OAuth flows. Stores the cryptographic verifier
|
|
128
128
|
* used to prove the authorization request originated from this client.
|
|
129
129
|
*/
|
|
130
|
-
AuthVerifier:
|
|
131
|
-
sessionId?:
|
|
130
|
+
AuthVerifier: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
131
|
+
sessionId?: convex_values87.GenericId<"Session"> | undefined;
|
|
132
132
|
signature?: string | undefined;
|
|
133
133
|
}, {
|
|
134
|
-
sessionId:
|
|
135
|
-
signature:
|
|
134
|
+
sessionId: convex_values87.VId<convex_values87.GenericId<"Session"> | undefined, "optional">;
|
|
135
|
+
signature: convex_values87.VString<string | undefined, "optional">;
|
|
136
136
|
}, "required", "sessionId" | "signature">, {
|
|
137
137
|
signature: ["signature", "_creationTime"];
|
|
138
138
|
}, {}, {}>;
|
|
@@ -141,11 +141,11 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
141
141
|
* registered authenticator (Touch ID, Face ID, security key, etc.).
|
|
142
142
|
* A user can have multiple passkeys across different devices.
|
|
143
143
|
*/
|
|
144
|
-
Passkey:
|
|
144
|
+
Passkey: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
145
145
|
name?: string | undefined;
|
|
146
146
|
lastUsedAt?: number | undefined;
|
|
147
147
|
transports?: string[] | undefined;
|
|
148
|
-
userId:
|
|
148
|
+
userId: convex_values87.GenericId<"User">;
|
|
149
149
|
createdAt: number;
|
|
150
150
|
credentialId: string;
|
|
151
151
|
publicKey: ArrayBuffer;
|
|
@@ -154,17 +154,17 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
154
154
|
deviceType: string;
|
|
155
155
|
backedUp: boolean;
|
|
156
156
|
}, {
|
|
157
|
-
userId:
|
|
158
|
-
credentialId:
|
|
159
|
-
publicKey:
|
|
160
|
-
algorithm:
|
|
161
|
-
counter:
|
|
162
|
-
transports:
|
|
163
|
-
deviceType:
|
|
164
|
-
backedUp:
|
|
165
|
-
name:
|
|
166
|
-
createdAt:
|
|
167
|
-
lastUsedAt:
|
|
157
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">; /** Base64url-encoded credential ID from the authenticator. */
|
|
158
|
+
credentialId: convex_values87.VString<string, "required">; /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
|
|
159
|
+
publicKey: convex_values87.VBytes<ArrayBuffer, "required">; /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
|
|
160
|
+
algorithm: convex_values87.VFloat64<number, "required">; /** Signature counter for clone detection. Many authenticators return 0. */
|
|
161
|
+
counter: convex_values87.VFloat64<number, "required">; /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
|
|
162
|
+
transports: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">; /** Whether this is a single-device or multi-device (synced) credential. */
|
|
163
|
+
deviceType: convex_values87.VString<string, "required">; /** Whether the credential is backed up (synced passkey). */
|
|
164
|
+
backedUp: convex_values87.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
|
|
165
|
+
name: convex_values87.VString<string | undefined, "optional">;
|
|
166
|
+
createdAt: convex_values87.VFloat64<number, "required">;
|
|
167
|
+
lastUsedAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
168
168
|
}, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp">, {
|
|
169
169
|
user_id: ["userId", "_creationTime"];
|
|
170
170
|
credential_id: ["credentialId", "_creationTime"];
|
|
@@ -178,24 +178,24 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
178
178
|
* by successfully entering a code from their authenticator app.
|
|
179
179
|
* Unverified enrollments are in-progress setup that can be discarded.
|
|
180
180
|
*/
|
|
181
|
-
TotpFactor:
|
|
181
|
+
TotpFactor: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
182
182
|
name?: string | undefined;
|
|
183
183
|
lastUsedAt?: number | undefined;
|
|
184
|
-
userId:
|
|
184
|
+
userId: convex_values87.GenericId<"User">;
|
|
185
185
|
createdAt: number;
|
|
186
186
|
secret: ArrayBuffer;
|
|
187
187
|
digits: number;
|
|
188
188
|
period: number;
|
|
189
189
|
verified: boolean;
|
|
190
190
|
}, {
|
|
191
|
-
userId:
|
|
192
|
-
secret:
|
|
193
|
-
digits:
|
|
194
|
-
period:
|
|
195
|
-
verified:
|
|
196
|
-
name:
|
|
197
|
-
createdAt:
|
|
198
|
-
lastUsedAt:
|
|
191
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">; /** Raw TOTP secret key bytes. */
|
|
192
|
+
secret: convex_values87.VBytes<ArrayBuffer, "required">; /** Number of digits in each code (typically 6). */
|
|
193
|
+
digits: convex_values87.VFloat64<number, "required">; /** Time period in seconds for code rotation (typically 30). */
|
|
194
|
+
period: convex_values87.VFloat64<number, "required">; /** Whether setup has been confirmed with a valid code. */
|
|
195
|
+
verified: convex_values87.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "Google Authenticator"). */
|
|
196
|
+
name: convex_values87.VString<string | undefined, "optional">;
|
|
197
|
+
createdAt: convex_values87.VFloat64<number, "required">;
|
|
198
|
+
lastUsedAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
199
199
|
}, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "secret" | "digits" | "period" | "verified">, {
|
|
200
200
|
user_id: ["userId", "_creationTime"];
|
|
201
201
|
user_id_verified: ["userId", "verified", "_creationTime"];
|
|
@@ -205,9 +205,9 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
205
205
|
* device auth session — the device polls with `deviceCode` while the
|
|
206
206
|
* user authorizes via `userCode` on a secondary device.
|
|
207
207
|
*/
|
|
208
|
-
DeviceCode:
|
|
209
|
-
userId?:
|
|
210
|
-
sessionId?:
|
|
208
|
+
DeviceCode: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
209
|
+
userId?: convex_values87.GenericId<"User"> | undefined;
|
|
210
|
+
sessionId?: convex_values87.GenericId<"Session"> | undefined;
|
|
211
211
|
lastPolledAt?: number | undefined;
|
|
212
212
|
status: "pending" | "authorized" | "denied";
|
|
213
213
|
expiresAt: number;
|
|
@@ -215,14 +215,14 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
215
215
|
userCode: string;
|
|
216
216
|
interval: number;
|
|
217
217
|
}, {
|
|
218
|
-
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash:
|
|
219
|
-
userCode:
|
|
220
|
-
expiresAt:
|
|
221
|
-
interval:
|
|
222
|
-
status:
|
|
223
|
-
userId:
|
|
224
|
-
sessionId:
|
|
225
|
-
lastPolledAt:
|
|
218
|
+
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash: convex_values87.VString<string, "required">; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
|
|
219
|
+
userCode: convex_values87.VString<string, "required">; /** Expiration timestamp (ms since epoch). */
|
|
220
|
+
expiresAt: convex_values87.VFloat64<number, "required">; /** Minimum polling interval in seconds. */
|
|
221
|
+
interval: convex_values87.VFloat64<number, "required">; /** Current status of this device authorization session. */
|
|
222
|
+
status: convex_values87.VUnion<"pending" | "authorized" | "denied", [convex_values87.VLiteral<"pending", "required">, convex_values87.VLiteral<"authorized", "required">, convex_values87.VLiteral<"denied", "required">], "required", never>; /** Set when the user authorizes — links to the authorizing user. */
|
|
223
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">; /** Set when the user authorizes — the session created for the device. */
|
|
224
|
+
sessionId: convex_values87.VId<convex_values87.GenericId<"Session"> | undefined, "optional">; /** Timestamp of the last poll request (for slow_down enforcement). */
|
|
225
|
+
lastPolledAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
226
226
|
}, "required", "status" | "expiresAt" | "userId" | "sessionId" | "deviceCodeHash" | "userCode" | "interval" | "lastPolledAt">, {
|
|
227
227
|
device_code_hash: ["deviceCodeHash", "_creationTime"];
|
|
228
228
|
user_code_status: ["userCode", "status", "_creationTime"];
|
|
@@ -230,14 +230,14 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
230
230
|
/**
|
|
231
231
|
* Rate limit tracking for OTP and password sign-in attempts.
|
|
232
232
|
*/
|
|
233
|
-
RateLimit:
|
|
233
|
+
RateLimit: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
234
234
|
identifier: string;
|
|
235
235
|
last_attempt_time: number;
|
|
236
236
|
attempts_left: number;
|
|
237
237
|
}, {
|
|
238
|
-
identifier:
|
|
239
|
-
last_attempt_time:
|
|
240
|
-
attempts_left:
|
|
238
|
+
identifier: convex_values87.VString<string, "required">;
|
|
239
|
+
last_attempt_time: convex_values87.VFloat64<number, "required">;
|
|
240
|
+
attempts_left: convex_values87.VFloat64<number, "required">;
|
|
241
241
|
}, "required", "identifier" | "last_attempt_time" | "attempts_left">, {
|
|
242
242
|
by_identifier: ["identifier", "_creationTime"];
|
|
243
243
|
}, {}, {}>;
|
|
@@ -246,32 +246,32 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
246
246
|
* Groups can nest arbitrarily deep via `parentGroupId` for modeling
|
|
247
247
|
* organizations, teams, departments, or any tree structure.
|
|
248
248
|
*/
|
|
249
|
-
Group:
|
|
249
|
+
Group: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
250
|
+
slug?: string | undefined;
|
|
250
251
|
type?: string | undefined;
|
|
251
252
|
extend?: any;
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
rootGroupId?: convex_values0.GenericId<"Group"> | undefined;
|
|
253
|
+
parentGroupId?: convex_values87.GenericId<"Group"> | undefined;
|
|
254
|
+
rootGroupId?: convex_values87.GenericId<"Group"> | undefined;
|
|
255
255
|
isRoot?: boolean | undefined;
|
|
256
256
|
tags?: {
|
|
257
|
-
value: string;
|
|
258
257
|
key: string;
|
|
258
|
+
value: string;
|
|
259
259
|
}[] | undefined;
|
|
260
260
|
policy?: {
|
|
261
261
|
extend?: any;
|
|
262
|
+
version: 1;
|
|
262
263
|
identity: {
|
|
263
264
|
accountLinking: {
|
|
264
265
|
oidc: "verifiedEmail" | "none";
|
|
265
266
|
saml: "verifiedEmail" | "none";
|
|
266
267
|
};
|
|
267
268
|
};
|
|
268
|
-
version: 1;
|
|
269
269
|
provisioning: {
|
|
270
270
|
user: {
|
|
271
271
|
createOnSignIn: boolean;
|
|
272
272
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
273
273
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
274
|
-
authority: "
|
|
274
|
+
authority: "app" | "sso" | "scim";
|
|
275
275
|
};
|
|
276
276
|
scimReuse: {
|
|
277
277
|
user: "none" | "externalId";
|
|
@@ -298,37 +298,37 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
298
298
|
} | undefined;
|
|
299
299
|
name: string;
|
|
300
300
|
}, {
|
|
301
|
-
name:
|
|
302
|
-
slug:
|
|
303
|
-
type:
|
|
304
|
-
parentGroupId:
|
|
305
|
-
rootGroupId:
|
|
306
|
-
isRoot:
|
|
307
|
-
tags:
|
|
308
|
-
value: string;
|
|
301
|
+
name: convex_values87.VString<string, "required">;
|
|
302
|
+
slug: convex_values87.VString<string | undefined, "optional">;
|
|
303
|
+
type: convex_values87.VString<string | undefined, "optional">;
|
|
304
|
+
parentGroupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">; /** Denormalized root group ID. Self-referencing for root groups. */
|
|
305
|
+
rootGroupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">; /** Denormalized flag: `true` when `parentGroupId` is absent. */
|
|
306
|
+
isRoot: convex_values87.VBoolean<boolean | undefined, "optional">; /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */
|
|
307
|
+
tags: convex_values87.VArray<{
|
|
309
308
|
key: string;
|
|
310
|
-
}[] | undefined, convex_values0.VObject<{
|
|
311
309
|
value: string;
|
|
310
|
+
}[] | undefined, convex_values87.VObject<{
|
|
312
311
|
key: string;
|
|
312
|
+
value: string;
|
|
313
313
|
}, {
|
|
314
|
-
key:
|
|
315
|
-
value:
|
|
316
|
-
}, "required", "
|
|
317
|
-
policy:
|
|
314
|
+
key: convex_values87.VString<string, "required">;
|
|
315
|
+
value: convex_values87.VString<string, "required">;
|
|
316
|
+
}, "required", "key" | "value">, "optional">;
|
|
317
|
+
policy: convex_values87.VObject<{
|
|
318
318
|
extend?: any;
|
|
319
|
+
version: 1;
|
|
319
320
|
identity: {
|
|
320
321
|
accountLinking: {
|
|
321
322
|
oidc: "verifiedEmail" | "none";
|
|
322
323
|
saml: "verifiedEmail" | "none";
|
|
323
324
|
};
|
|
324
325
|
};
|
|
325
|
-
version: 1;
|
|
326
326
|
provisioning: {
|
|
327
327
|
user: {
|
|
328
328
|
createOnSignIn: boolean;
|
|
329
329
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
330
330
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
331
|
-
authority: "
|
|
331
|
+
authority: "app" | "sso" | "scim";
|
|
332
332
|
};
|
|
333
333
|
scimReuse: {
|
|
334
334
|
user: "none" | "externalId";
|
|
@@ -353,27 +353,27 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
353
353
|
};
|
|
354
354
|
};
|
|
355
355
|
} | undefined, {
|
|
356
|
-
version:
|
|
357
|
-
identity:
|
|
356
|
+
version: convex_values87.VLiteral<1, "required">;
|
|
357
|
+
identity: convex_values87.VObject<{
|
|
358
358
|
accountLinking: {
|
|
359
359
|
oidc: "verifiedEmail" | "none";
|
|
360
360
|
saml: "verifiedEmail" | "none";
|
|
361
361
|
};
|
|
362
362
|
}, {
|
|
363
|
-
accountLinking:
|
|
363
|
+
accountLinking: convex_values87.VObject<{
|
|
364
364
|
oidc: "verifiedEmail" | "none";
|
|
365
365
|
saml: "verifiedEmail" | "none";
|
|
366
366
|
}, {
|
|
367
|
-
oidc:
|
|
368
|
-
saml:
|
|
367
|
+
oidc: convex_values87.VUnion<"verifiedEmail" | "none", [convex_values87.VLiteral<"verifiedEmail", "required">, convex_values87.VLiteral<"none", "required">], "required", never>;
|
|
368
|
+
saml: convex_values87.VUnion<"verifiedEmail" | "none", [convex_values87.VLiteral<"verifiedEmail", "required">, convex_values87.VLiteral<"none", "required">], "required", never>;
|
|
369
369
|
}, "required", "oidc" | "saml">;
|
|
370
370
|
}, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
|
|
371
|
-
provisioning:
|
|
371
|
+
provisioning: convex_values87.VObject<{
|
|
372
372
|
user: {
|
|
373
373
|
createOnSignIn: boolean;
|
|
374
374
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
375
375
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
376
|
-
authority: "
|
|
376
|
+
authority: "app" | "sso" | "scim";
|
|
377
377
|
};
|
|
378
378
|
scimReuse: {
|
|
379
379
|
user: "none" | "externalId";
|
|
@@ -397,59 +397,59 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
397
397
|
source: "protocol";
|
|
398
398
|
};
|
|
399
399
|
}, {
|
|
400
|
-
user:
|
|
400
|
+
user: convex_values87.VObject<{
|
|
401
401
|
createOnSignIn: boolean;
|
|
402
402
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
403
403
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
404
|
-
authority: "
|
|
404
|
+
authority: "app" | "sso" | "scim";
|
|
405
405
|
}, {
|
|
406
|
-
createOnSignIn:
|
|
407
|
-
updateProfileOnLogin:
|
|
408
|
-
updateProfileFromScim:
|
|
409
|
-
authority:
|
|
406
|
+
createOnSignIn: convex_values87.VBoolean<boolean, "required">;
|
|
407
|
+
updateProfileOnLogin: convex_values87.VUnion<"never" | "missing" | "always", [convex_values87.VLiteral<"never", "required">, convex_values87.VLiteral<"missing", "required">, convex_values87.VLiteral<"always", "required">], "required", never>;
|
|
408
|
+
updateProfileFromScim: convex_values87.VUnion<"never" | "missing" | "always", [convex_values87.VLiteral<"never", "required">, convex_values87.VLiteral<"missing", "required">, convex_values87.VLiteral<"always", "required">], "required", never>;
|
|
409
|
+
authority: convex_values87.VUnion<"app" | "sso" | "scim", [convex_values87.VLiteral<"app", "required">, convex_values87.VLiteral<"sso", "required">, convex_values87.VLiteral<"scim", "required">], "required", never>;
|
|
410
410
|
}, "required", "createOnSignIn" | "updateProfileOnLogin" | "updateProfileFromScim" | "authority">;
|
|
411
|
-
scimReuse:
|
|
411
|
+
scimReuse: convex_values87.VObject<{
|
|
412
412
|
user: "none" | "externalId";
|
|
413
413
|
}, {
|
|
414
|
-
user:
|
|
414
|
+
user: convex_values87.VUnion<"none" | "externalId", [convex_values87.VLiteral<"externalId", "required">, convex_values87.VLiteral<"none", "required">], "required", never>;
|
|
415
415
|
}, "required", "user">;
|
|
416
|
-
jit:
|
|
416
|
+
jit: convex_values87.VObject<{
|
|
417
417
|
defaultRole?: string | undefined;
|
|
418
418
|
defaultRoleIds?: string[] | undefined;
|
|
419
419
|
mode: "off" | "createUser" | "createUserAndMembership";
|
|
420
420
|
}, {
|
|
421
|
-
mode:
|
|
422
|
-
defaultRole:
|
|
423
|
-
defaultRoleIds:
|
|
421
|
+
mode: convex_values87.VUnion<"off" | "createUser" | "createUserAndMembership", [convex_values87.VLiteral<"off", "required">, convex_values87.VLiteral<"createUser", "required">, convex_values87.VLiteral<"createUserAndMembership", "required">], "required", never>;
|
|
422
|
+
defaultRole: convex_values87.VString<string | undefined, "optional">;
|
|
423
|
+
defaultRoleIds: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">;
|
|
424
424
|
}, "required", "mode" | "defaultRole" | "defaultRoleIds">;
|
|
425
|
-
deprovision:
|
|
425
|
+
deprovision: convex_values87.VObject<{
|
|
426
426
|
mode: "soft" | "hard";
|
|
427
427
|
}, {
|
|
428
|
-
mode:
|
|
428
|
+
mode: convex_values87.VUnion<"soft" | "hard", [convex_values87.VLiteral<"soft", "required">, convex_values87.VLiteral<"hard", "required">], "required", never>;
|
|
429
429
|
}, "required", "mode">;
|
|
430
|
-
groups:
|
|
430
|
+
groups: convex_values87.VObject<{
|
|
431
431
|
mapping?: Record<string, string[]> | undefined;
|
|
432
432
|
mode: "ignore" | "sync";
|
|
433
433
|
source: "protocol";
|
|
434
434
|
}, {
|
|
435
|
-
mode:
|
|
436
|
-
source:
|
|
437
|
-
mapping:
|
|
435
|
+
mode: convex_values87.VUnion<"ignore" | "sync", [convex_values87.VLiteral<"ignore", "required">, convex_values87.VLiteral<"sync", "required">], "required", never>;
|
|
436
|
+
source: convex_values87.VLiteral<"protocol", "required">;
|
|
437
|
+
mapping: convex_values87.VRecord<Record<string, string[]> | undefined, convex_values87.VString<string, "required">, convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">, "optional", string>;
|
|
438
438
|
}, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
|
|
439
|
-
roles:
|
|
439
|
+
roles: convex_values87.VObject<{
|
|
440
440
|
mapping?: Record<string, string[]> | undefined;
|
|
441
441
|
mode: "map" | "ignore";
|
|
442
442
|
source: "protocol";
|
|
443
443
|
}, {
|
|
444
|
-
mode:
|
|
445
|
-
source:
|
|
446
|
-
mapping:
|
|
444
|
+
mode: convex_values87.VUnion<"map" | "ignore", [convex_values87.VLiteral<"ignore", "required">, convex_values87.VLiteral<"map", "required">], "required", never>;
|
|
445
|
+
source: convex_values87.VLiteral<"protocol", "required">;
|
|
446
|
+
mapping: convex_values87.VRecord<Record<string, string[]> | undefined, convex_values87.VString<string, "required">, convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">, "optional", string>;
|
|
447
447
|
}, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
|
|
448
448
|
}, "required", "user" | "scimReuse" | "jit" | "deprovision" | "groups" | "roles" | "user.createOnSignIn" | "user.updateProfileOnLogin" | "user.updateProfileFromScim" | "user.authority" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode" | "groups.mode" | "groups.source" | "groups.mapping" | `groups.mapping.${string}` | "roles.mode" | "roles.source" | "roles.mapping" | `roles.mapping.${string}`>;
|
|
449
|
-
extend:
|
|
450
|
-
}, "optional", "extend" |
|
|
451
|
-
extend:
|
|
452
|
-
}, "required", "name" | "
|
|
449
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
450
|
+
}, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.user" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.groups" | "provisioning.roles" | "provisioning.user.createOnSignIn" | "provisioning.user.updateProfileOnLogin" | "provisioning.user.updateProfileFromScim" | "provisioning.user.authority" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode" | "provisioning.groups.mode" | "provisioning.groups.source" | "provisioning.groups.mapping" | `provisioning.groups.mapping.${string}` | "provisioning.roles.mode" | "provisioning.roles.source" | "provisioning.roles.mapping" | `provisioning.roles.mapping.${string}`>;
|
|
451
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
452
|
+
}, "required", "name" | "slug" | "type" | "extend" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags" | "policy" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.user" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.groups" | "policy.provisioning.roles" | "policy.provisioning.user.createOnSignIn" | "policy.provisioning.user.updateProfileOnLogin" | "policy.provisioning.user.updateProfileFromScim" | "policy.provisioning.user.authority" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | "policy.provisioning.groups.mode" | "policy.provisioning.groups.source" | "policy.provisioning.groups.mapping" | `policy.provisioning.groups.mapping.${string}` | "policy.provisioning.roles.mode" | "policy.provisioning.roles.source" | "policy.provisioning.roles.mapping" | `policy.provisioning.roles.mapping.${string}`>, {
|
|
453
453
|
slug: ["slug", "_creationTime"];
|
|
454
454
|
parent_group_id: ["parentGroupId", "_creationTime"];
|
|
455
455
|
root_group_id: ["rootGroupId", "_creationTime"];
|
|
@@ -462,15 +462,15 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
462
462
|
* Each row maps one `(key, value)` pair to a group. Kept in sync by
|
|
463
463
|
* `groupCreate`, `groupUpdate`, and `groupDelete`.
|
|
464
464
|
*/
|
|
465
|
-
GroupTag:
|
|
466
|
-
value: string;
|
|
465
|
+
GroupTag: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
467
466
|
key: string;
|
|
468
|
-
|
|
467
|
+
value: string;
|
|
468
|
+
group_id: convex_values87.GenericId<"Group">;
|
|
469
469
|
}, {
|
|
470
|
-
group_id:
|
|
471
|
-
key:
|
|
472
|
-
value:
|
|
473
|
-
}, "required", "
|
|
470
|
+
group_id: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
471
|
+
key: convex_values87.VString<string, "required">;
|
|
472
|
+
value: convex_values87.VString<string, "required">;
|
|
473
|
+
}, "required", "key" | "value" | "group_id">, {
|
|
474
474
|
by_group: ["group_id", "_creationTime"];
|
|
475
475
|
by_key_value: ["key", "value", "_creationTime"];
|
|
476
476
|
by_key: ["key", "_creationTime"];
|
|
@@ -480,21 +480,21 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
480
480
|
* role (e.g. "owner", "admin", "member", "viewer"). A user can be a
|
|
481
481
|
* member of multiple groups with different roles in each.
|
|
482
482
|
*/
|
|
483
|
-
GroupMember:
|
|
483
|
+
GroupMember: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
484
484
|
status?: string | undefined;
|
|
485
485
|
extend?: any;
|
|
486
486
|
role?: string | undefined;
|
|
487
487
|
roleIds?: string[] | undefined;
|
|
488
|
-
|
|
489
|
-
|
|
488
|
+
userId: convex_values87.GenericId<"User">;
|
|
489
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
490
490
|
}, {
|
|
491
|
-
groupId:
|
|
492
|
-
userId:
|
|
493
|
-
role:
|
|
494
|
-
roleIds:
|
|
495
|
-
status:
|
|
496
|
-
extend:
|
|
497
|
-
}, "required", "status" | "
|
|
491
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
492
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">;
|
|
493
|
+
role: convex_values87.VString<string | undefined, "optional">;
|
|
494
|
+
roleIds: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">;
|
|
495
|
+
status: convex_values87.VString<string | undefined, "optional">;
|
|
496
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
497
|
+
}, "required", "status" | "userId" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds">, {
|
|
498
498
|
group_id: ["groupId", "_creationTime"];
|
|
499
499
|
group_id_user_id: ["groupId", "userId", "_creationTime"];
|
|
500
500
|
group_id_status: ["groupId", "status", "_creationTime"];
|
|
@@ -508,31 +508,31 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
508
508
|
* `email` and `invitedByUserId` are optional to support CLI-generated
|
|
509
509
|
* invite links where neither is known upfront.
|
|
510
510
|
*/
|
|
511
|
-
GroupInvite:
|
|
511
|
+
GroupInvite: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
512
512
|
email?: string | undefined;
|
|
513
|
-
groupId?: convex_values0.GenericId<"Group"> | undefined;
|
|
514
|
-
extend?: any;
|
|
515
513
|
expiresTime?: number | undefined;
|
|
516
514
|
acceptedTime?: number | undefined;
|
|
515
|
+
extend?: any;
|
|
516
|
+
groupId?: convex_values87.GenericId<"Group"> | undefined;
|
|
517
517
|
role?: string | undefined;
|
|
518
518
|
roleIds?: string[] | undefined;
|
|
519
|
-
invitedByUserId?:
|
|
520
|
-
acceptedByUserId?:
|
|
519
|
+
invitedByUserId?: convex_values87.GenericId<"User"> | undefined;
|
|
520
|
+
acceptedByUserId?: convex_values87.GenericId<"User"> | undefined;
|
|
521
521
|
status: "pending" | "accepted" | "revoked" | "expired";
|
|
522
522
|
tokenHash: string;
|
|
523
523
|
}, {
|
|
524
|
-
groupId:
|
|
525
|
-
invitedByUserId:
|
|
526
|
-
email:
|
|
527
|
-
tokenHash:
|
|
528
|
-
role:
|
|
529
|
-
roleIds:
|
|
530
|
-
status:
|
|
531
|
-
expiresTime:
|
|
532
|
-
acceptedByUserId:
|
|
533
|
-
acceptedTime:
|
|
534
|
-
extend:
|
|
535
|
-
}, "required", "email" | "status" | "
|
|
524
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">;
|
|
525
|
+
invitedByUserId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
|
|
526
|
+
email: convex_values87.VString<string | undefined, "optional">;
|
|
527
|
+
tokenHash: convex_values87.VString<string, "required">;
|
|
528
|
+
role: convex_values87.VString<string | undefined, "optional">;
|
|
529
|
+
roleIds: convex_values87.VArray<string[] | undefined, convex_values87.VString<string, "required">, "optional">;
|
|
530
|
+
status: convex_values87.VUnion<"pending" | "accepted" | "revoked" | "expired", [convex_values87.VLiteral<"pending", "required">, convex_values87.VLiteral<"accepted", "required">, convex_values87.VLiteral<"revoked", "required">, convex_values87.VLiteral<"expired", "required">], "required", never>;
|
|
531
|
+
expiresTime: convex_values87.VFloat64<number | undefined, "optional">;
|
|
532
|
+
acceptedByUserId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
|
|
533
|
+
acceptedTime: convex_values87.VFloat64<number | undefined, "optional">;
|
|
534
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
535
|
+
}, "required", "email" | "status" | "expiresTime" | "acceptedTime" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "acceptedByUserId">, {
|
|
536
536
|
token_hash: ["tokenHash", "_creationTime"];
|
|
537
537
|
status: ["status", "_creationTime"];
|
|
538
538
|
email_status: ["email", "status", "_creationTime"];
|
|
@@ -547,23 +547,23 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
547
547
|
* SDK can evolve without forcing schema churn for every protocol-specific
|
|
548
548
|
* field addition.
|
|
549
549
|
*/
|
|
550
|
-
GroupConnection:
|
|
550
|
+
GroupConnection: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
551
551
|
name?: string | undefined;
|
|
552
|
-
extend?: any;
|
|
553
552
|
slug?: string | undefined;
|
|
553
|
+
extend?: any;
|
|
554
554
|
config?: any;
|
|
555
555
|
status: "draft" | "active" | "disabled";
|
|
556
|
-
groupId: convex_values0.GenericId<"Group">;
|
|
557
556
|
protocol: "oidc" | "saml";
|
|
557
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
558
558
|
}, {
|
|
559
|
-
groupId:
|
|
560
|
-
slug:
|
|
561
|
-
name:
|
|
562
|
-
protocol:
|
|
563
|
-
status:
|
|
564
|
-
config:
|
|
565
|
-
extend:
|
|
566
|
-
}, "required", "name" | "
|
|
559
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
560
|
+
slug: convex_values87.VString<string | undefined, "optional">;
|
|
561
|
+
name: convex_values87.VString<string | undefined, "optional">;
|
|
562
|
+
protocol: convex_values87.VUnion<"oidc" | "saml", [convex_values87.VLiteral<"oidc", "required">, convex_values87.VLiteral<"saml", "required">], "required", never>;
|
|
563
|
+
status: convex_values87.VUnion<"draft" | "active" | "disabled", [convex_values87.VLiteral<"draft", "required">, convex_values87.VLiteral<"active", "required">, convex_values87.VLiteral<"disabled", "required">], "required", never>;
|
|
564
|
+
config: convex_values87.VAny<any, "optional", string>;
|
|
565
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
566
|
+
}, "required", "name" | "slug" | "status" | "extend" | `extend.${string}` | "protocol" | "groupId" | "config" | `config.${string}`>, {
|
|
567
567
|
group_id: ["groupId", "_creationTime"];
|
|
568
568
|
slug: ["slug", "_creationTime"];
|
|
569
569
|
status: ["status", "_creationTime"];
|
|
@@ -571,19 +571,19 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
571
571
|
/**
|
|
572
572
|
* Verified or pending domains linked to an group connection record.
|
|
573
573
|
*/
|
|
574
|
-
GroupConnectionDomain:
|
|
574
|
+
GroupConnectionDomain: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
575
575
|
verifiedAt?: number | undefined;
|
|
576
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
577
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
576
578
|
domain: string;
|
|
577
|
-
groupId: convex_values0.GenericId<"Group">;
|
|
578
|
-
connectionId: convex_values0.GenericId<"GroupConnection">;
|
|
579
579
|
isPrimary: boolean;
|
|
580
580
|
}, {
|
|
581
|
-
connectionId:
|
|
582
|
-
groupId:
|
|
583
|
-
domain:
|
|
584
|
-
isPrimary:
|
|
585
|
-
verifiedAt:
|
|
586
|
-
}, "required", "
|
|
581
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
582
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
583
|
+
domain: convex_values87.VString<string, "required">;
|
|
584
|
+
isPrimary: convex_values87.VBoolean<boolean, "required">;
|
|
585
|
+
verifiedAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
586
|
+
}, "required", "groupId" | "connectionId" | "domain" | "isPrimary" | "verifiedAt">, {
|
|
587
587
|
connection_id: ["connectionId", "_creationTime"];
|
|
588
588
|
group_id: ["groupId", "_creationTime"];
|
|
589
589
|
domain: ["domain", "_creationTime"];
|
|
@@ -591,27 +591,27 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
591
591
|
/**
|
|
592
592
|
* Pending DNS TXT verification challenges for group connection domains.
|
|
593
593
|
*/
|
|
594
|
-
GroupConnectionDomainVerification:
|
|
595
|
-
domain: string;
|
|
596
|
-
groupId: convex_values0.GenericId<"Group">;
|
|
594
|
+
GroupConnectionDomainVerification: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
597
595
|
expiresAt: number;
|
|
598
|
-
|
|
596
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
599
597
|
tokenHash: string;
|
|
600
|
-
|
|
598
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
599
|
+
domain: string;
|
|
600
|
+
domainId: convex_values87.GenericId<"GroupConnectionDomain">;
|
|
601
601
|
recordName: string;
|
|
602
602
|
token: string;
|
|
603
603
|
requestedAt: number;
|
|
604
604
|
}, {
|
|
605
|
-
connectionId:
|
|
606
|
-
groupId:
|
|
607
|
-
domainId:
|
|
608
|
-
domain:
|
|
609
|
-
recordName:
|
|
610
|
-
token:
|
|
611
|
-
tokenHash:
|
|
612
|
-
requestedAt:
|
|
613
|
-
expiresAt:
|
|
614
|
-
}, "required", "
|
|
605
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
606
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
607
|
+
domainId: convex_values87.VId<convex_values87.GenericId<"GroupConnectionDomain">, "required">;
|
|
608
|
+
domain: convex_values87.VString<string, "required">;
|
|
609
|
+
recordName: convex_values87.VString<string, "required">;
|
|
610
|
+
token: convex_values87.VString<string, "required">;
|
|
611
|
+
tokenHash: convex_values87.VString<string, "required">;
|
|
612
|
+
requestedAt: convex_values87.VFloat64<number, "required">;
|
|
613
|
+
expiresAt: convex_values87.VFloat64<number, "required">;
|
|
614
|
+
}, "required", "expiresAt" | "groupId" | "tokenHash" | "connectionId" | "domain" | "domainId" | "recordName" | "token" | "requestedAt">, {
|
|
615
615
|
connection_id: ["connectionId", "_creationTime"];
|
|
616
616
|
domain_id: ["domainId", "_creationTime"];
|
|
617
617
|
token_hash: ["tokenHash", "_creationTime"];
|
|
@@ -619,19 +619,19 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
619
619
|
/**
|
|
620
620
|
* Encrypted group connection secrets stored separately from protocol config.
|
|
621
621
|
*/
|
|
622
|
-
GroupConnectionSecret:
|
|
623
|
-
groupId:
|
|
624
|
-
|
|
625
|
-
connectionId: convex_values0.GenericId<"GroupConnection">;
|
|
622
|
+
GroupConnectionSecret: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
623
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
624
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
626
625
|
ciphertext: string;
|
|
627
626
|
updatedAt: number;
|
|
627
|
+
kind: "oidc_client_secret";
|
|
628
628
|
}, {
|
|
629
|
-
connectionId:
|
|
630
|
-
groupId:
|
|
631
|
-
kind:
|
|
632
|
-
ciphertext:
|
|
633
|
-
updatedAt:
|
|
634
|
-
}, "required", "groupId" | "
|
|
629
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
630
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
631
|
+
kind: convex_values87.VUnion<"oidc_client_secret", [convex_values87.VLiteral<"oidc_client_secret", "required">], "required", never>;
|
|
632
|
+
ciphertext: convex_values87.VString<string, "required">;
|
|
633
|
+
updatedAt: convex_values87.VFloat64<number, "required">;
|
|
634
|
+
}, "required", "groupId" | "connectionId" | "ciphertext" | "updatedAt" | "kind">, {
|
|
635
635
|
connection_id: ["connectionId", "_creationTime"];
|
|
636
636
|
connection_id_kind: ["connectionId", "kind", "_creationTime"];
|
|
637
637
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -639,23 +639,23 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
639
639
|
/**
|
|
640
640
|
* SCIM configuration for an group connection tenant.
|
|
641
641
|
*/
|
|
642
|
-
GroupConnectionScimConfig:
|
|
642
|
+
GroupConnectionScimConfig: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
643
643
|
extend?: any;
|
|
644
644
|
lastRotatedAt?: number | undefined;
|
|
645
645
|
status: "draft" | "active" | "disabled";
|
|
646
|
-
groupId:
|
|
647
|
-
connectionId: convex_values0.GenericId<"GroupConnection">;
|
|
646
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
648
647
|
tokenHash: string;
|
|
648
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
649
649
|
basePath: string;
|
|
650
650
|
}, {
|
|
651
|
-
connectionId:
|
|
652
|
-
groupId:
|
|
653
|
-
status:
|
|
654
|
-
basePath:
|
|
655
|
-
tokenHash:
|
|
656
|
-
lastRotatedAt:
|
|
657
|
-
extend:
|
|
658
|
-
}, "required", "status" | "
|
|
651
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
652
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
653
|
+
status: convex_values87.VUnion<"draft" | "active" | "disabled", [convex_values87.VLiteral<"draft", "required">, convex_values87.VLiteral<"active", "required">, convex_values87.VLiteral<"disabled", "required">], "required", never>;
|
|
654
|
+
basePath: convex_values87.VString<string, "required">;
|
|
655
|
+
tokenHash: convex_values87.VString<string, "required">;
|
|
656
|
+
lastRotatedAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
657
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
658
|
+
}, "required", "status" | "extend" | `extend.${string}` | "groupId" | "tokenHash" | "connectionId" | "basePath" | "lastRotatedAt">, {
|
|
659
659
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
660
660
|
group_id: ["groupId", "_creationTime"];
|
|
661
661
|
token_hash: ["tokenHash", "_creationTime"];
|
|
@@ -664,27 +664,27 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
664
664
|
/**
|
|
665
665
|
* External SCIM identities mapped into local users/groups.
|
|
666
666
|
*/
|
|
667
|
-
GroupConnectionScimIdentity:
|
|
667
|
+
GroupConnectionScimIdentity: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
668
|
+
userId?: convex_values87.GenericId<"User"> | undefined;
|
|
668
669
|
active?: boolean | undefined;
|
|
669
|
-
|
|
670
|
-
mappedGroupId?: convex_values0.GenericId<"Group"> | undefined;
|
|
670
|
+
mappedGroupId?: convex_values87.GenericId<"Group"> | undefined;
|
|
671
671
|
lastProvisionedAt?: number | undefined;
|
|
672
672
|
raw?: any;
|
|
673
|
-
groupId: convex_values0.GenericId<"Group">;
|
|
674
|
-
connectionId: convex_values0.GenericId<"GroupConnection">;
|
|
675
673
|
externalId: string;
|
|
676
|
-
|
|
674
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
675
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
676
|
+
resourceType: "user" | "group";
|
|
677
677
|
}, {
|
|
678
|
-
connectionId:
|
|
679
|
-
groupId:
|
|
680
|
-
resourceType:
|
|
681
|
-
externalId:
|
|
682
|
-
userId:
|
|
683
|
-
mappedGroupId:
|
|
684
|
-
lastProvisionedAt:
|
|
685
|
-
active:
|
|
686
|
-
raw:
|
|
687
|
-
}, "required", "
|
|
678
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
679
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
680
|
+
resourceType: convex_values87.VUnion<"user" | "group", [convex_values87.VLiteral<"user", "required">, convex_values87.VLiteral<"group", "required">], "required", never>;
|
|
681
|
+
externalId: convex_values87.VString<string, "required">;
|
|
682
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
|
|
683
|
+
mappedGroupId: convex_values87.VId<convex_values87.GenericId<"Group"> | undefined, "optional">;
|
|
684
|
+
lastProvisionedAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
685
|
+
active: convex_values87.VBoolean<boolean | undefined, "optional">;
|
|
686
|
+
raw: convex_values87.VAny<any, "optional", string>;
|
|
687
|
+
}, "required", "userId" | "externalId" | "groupId" | "active" | "connectionId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
|
|
688
688
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
689
689
|
group_id: ["groupId", "_creationTime"];
|
|
690
690
|
group_connection_id_resource_type_external_id: ["connectionId", "resourceType", "externalId", "_creationTime"];
|
|
@@ -695,33 +695,33 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
695
695
|
/**
|
|
696
696
|
* Immutable audit trail for group connection operations.
|
|
697
697
|
*/
|
|
698
|
-
GroupAuditEvent:
|
|
698
|
+
GroupAuditEvent: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
699
699
|
metadata?: any;
|
|
700
|
-
connectionId?:
|
|
700
|
+
connectionId?: convex_values87.GenericId<"GroupConnection"> | undefined;
|
|
701
701
|
actorId?: string | undefined;
|
|
702
702
|
subjectId?: string | undefined;
|
|
703
703
|
requestId?: string | undefined;
|
|
704
704
|
ip?: string | undefined;
|
|
705
705
|
status: "success" | "failure";
|
|
706
|
-
groupId:
|
|
706
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
707
707
|
actorType: "user" | "scim" | "system" | "api_key" | "webhook";
|
|
708
708
|
eventType: string;
|
|
709
709
|
subjectType: string;
|
|
710
710
|
occurredAt: number;
|
|
711
711
|
}, {
|
|
712
|
-
connectionId:
|
|
713
|
-
groupId:
|
|
714
|
-
eventType:
|
|
715
|
-
actorType:
|
|
716
|
-
actorId:
|
|
717
|
-
subjectType:
|
|
718
|
-
subjectId:
|
|
719
|
-
status:
|
|
720
|
-
occurredAt:
|
|
721
|
-
requestId:
|
|
722
|
-
ip:
|
|
723
|
-
metadata:
|
|
724
|
-
}, "required", "status" | "
|
|
712
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection"> | undefined, "optional">;
|
|
713
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
714
|
+
eventType: convex_values87.VString<string, "required">;
|
|
715
|
+
actorType: convex_values87.VUnion<"user" | "scim" | "system" | "api_key" | "webhook", [convex_values87.VLiteral<"user", "required">, convex_values87.VLiteral<"system", "required">, convex_values87.VLiteral<"scim", "required">, convex_values87.VLiteral<"api_key", "required">, convex_values87.VLiteral<"webhook", "required">], "required", never>;
|
|
716
|
+
actorId: convex_values87.VString<string | undefined, "optional">;
|
|
717
|
+
subjectType: convex_values87.VString<string, "required">;
|
|
718
|
+
subjectId: convex_values87.VString<string | undefined, "optional">;
|
|
719
|
+
status: convex_values87.VUnion<"success" | "failure", [convex_values87.VLiteral<"success", "required">, convex_values87.VLiteral<"failure", "required">], "required", never>;
|
|
720
|
+
occurredAt: convex_values87.VFloat64<number, "required">;
|
|
721
|
+
requestId: convex_values87.VString<string | undefined, "optional">;
|
|
722
|
+
ip: convex_values87.VString<string | undefined, "optional">;
|
|
723
|
+
metadata: convex_values87.VAny<any, "optional", string>;
|
|
724
|
+
}, "required", "status" | "metadata" | `metadata.${string}` | "groupId" | "connectionId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip">, {
|
|
725
725
|
group_connection_id_occurred_at: ["connectionId", "occurredAt", "_creationTime"];
|
|
726
726
|
group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
|
|
727
727
|
event_type_occurred_at: ["eventType", "occurredAt", "_creationTime"];
|
|
@@ -729,31 +729,31 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
729
729
|
/**
|
|
730
730
|
* Webhook endpoints subscribed to group audit and lifecycle events.
|
|
731
731
|
*/
|
|
732
|
-
GroupWebhookEndpoint:
|
|
732
|
+
GroupWebhookEndpoint: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
733
733
|
extend?: any;
|
|
734
|
-
createdByUserId?:
|
|
734
|
+
createdByUserId?: convex_values87.GenericId<"User"> | undefined;
|
|
735
735
|
lastSuccessAt?: number | undefined;
|
|
736
736
|
lastFailureAt?: number | undefined;
|
|
737
737
|
status: "active" | "disabled";
|
|
738
|
-
groupId:
|
|
739
|
-
connectionId:
|
|
738
|
+
groupId: convex_values87.GenericId<"Group">;
|
|
739
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
740
740
|
url: string;
|
|
741
741
|
secretHash: string;
|
|
742
742
|
subscriptions: string[];
|
|
743
743
|
failureCount: number;
|
|
744
744
|
}, {
|
|
745
|
-
connectionId:
|
|
746
|
-
groupId:
|
|
747
|
-
url:
|
|
748
|
-
status:
|
|
749
|
-
secretHash:
|
|
750
|
-
subscriptions:
|
|
751
|
-
createdByUserId:
|
|
752
|
-
lastSuccessAt:
|
|
753
|
-
lastFailureAt:
|
|
754
|
-
failureCount:
|
|
755
|
-
extend:
|
|
756
|
-
}, "required", "status" | "
|
|
745
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
746
|
+
groupId: convex_values87.VId<convex_values87.GenericId<"Group">, "required">;
|
|
747
|
+
url: convex_values87.VString<string, "required">;
|
|
748
|
+
status: convex_values87.VUnion<"active" | "disabled", [convex_values87.VLiteral<"active", "required">, convex_values87.VLiteral<"disabled", "required">], "required", never>;
|
|
749
|
+
secretHash: convex_values87.VString<string, "required">;
|
|
750
|
+
subscriptions: convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">;
|
|
751
|
+
createdByUserId: convex_values87.VId<convex_values87.GenericId<"User"> | undefined, "optional">;
|
|
752
|
+
lastSuccessAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
753
|
+
lastFailureAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
754
|
+
failureCount: convex_values87.VFloat64<number, "required">;
|
|
755
|
+
extend: convex_values87.VAny<any, "optional", string>;
|
|
756
|
+
}, "required", "status" | "extend" | `extend.${string}` | "groupId" | "connectionId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
|
|
757
757
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
758
758
|
group_id: ["groupId", "_creationTime"];
|
|
759
759
|
status: ["status", "_creationTime"];
|
|
@@ -761,30 +761,30 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
761
761
|
/**
|
|
762
762
|
* Delivery queue for outbound group webhooks.
|
|
763
763
|
*/
|
|
764
|
-
GroupWebhookDelivery:
|
|
765
|
-
auditEventId?:
|
|
764
|
+
GroupWebhookDelivery: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
765
|
+
auditEventId?: convex_values87.GenericId<"GroupAuditEvent"> | undefined;
|
|
766
766
|
lastAttemptAt?: number | undefined;
|
|
767
767
|
lastResponseStatus?: number | undefined;
|
|
768
768
|
lastError?: string | undefined;
|
|
769
769
|
status: "pending" | "processing" | "delivered" | "failed";
|
|
770
|
-
connectionId:
|
|
770
|
+
connectionId: convex_values87.GenericId<"GroupConnection">;
|
|
771
771
|
eventType: string;
|
|
772
|
-
endpointId:
|
|
772
|
+
endpointId: convex_values87.GenericId<"GroupWebhookEndpoint">;
|
|
773
773
|
attemptCount: number;
|
|
774
774
|
nextAttemptAt: number;
|
|
775
775
|
payload: any;
|
|
776
776
|
}, {
|
|
777
|
-
connectionId:
|
|
778
|
-
endpointId:
|
|
779
|
-
auditEventId:
|
|
780
|
-
eventType:
|
|
781
|
-
status:
|
|
782
|
-
attemptCount:
|
|
783
|
-
nextAttemptAt:
|
|
784
|
-
lastAttemptAt:
|
|
785
|
-
lastResponseStatus:
|
|
786
|
-
lastError:
|
|
787
|
-
payload:
|
|
777
|
+
connectionId: convex_values87.VId<convex_values87.GenericId<"GroupConnection">, "required">;
|
|
778
|
+
endpointId: convex_values87.VId<convex_values87.GenericId<"GroupWebhookEndpoint">, "required">;
|
|
779
|
+
auditEventId: convex_values87.VId<convex_values87.GenericId<"GroupAuditEvent"> | undefined, "optional">;
|
|
780
|
+
eventType: convex_values87.VString<string, "required">;
|
|
781
|
+
status: convex_values87.VUnion<"pending" | "processing" | "delivered" | "failed", [convex_values87.VLiteral<"pending", "required">, convex_values87.VLiteral<"processing", "required">, convex_values87.VLiteral<"delivered", "required">, convex_values87.VLiteral<"failed", "required">], "required", never>;
|
|
782
|
+
attemptCount: convex_values87.VFloat64<number, "required">;
|
|
783
|
+
nextAttemptAt: convex_values87.VFloat64<number, "required">;
|
|
784
|
+
lastAttemptAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
785
|
+
lastResponseStatus: convex_values87.VFloat64<number | undefined, "optional">;
|
|
786
|
+
lastError: convex_values87.VString<string | undefined, "optional">;
|
|
787
|
+
payload: convex_values87.VAny<any, "required", string>;
|
|
788
788
|
}, "required", "status" | "connectionId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
|
|
789
789
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
790
790
|
status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
|
|
@@ -804,7 +804,7 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
804
804
|
* - **Expiration**: optional TTL
|
|
805
805
|
* - **Soft revocation**: `revoked` flag preserves audit trail
|
|
806
806
|
*/
|
|
807
|
-
ApiKey:
|
|
807
|
+
ApiKey: convex_server81.TableDefinition<convex_values87.VObject<{
|
|
808
808
|
lastUsedAt?: number | undefined;
|
|
809
809
|
expiresAt?: number | undefined;
|
|
810
810
|
rateLimit?: {
|
|
@@ -818,7 +818,7 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
818
818
|
metadata?: any;
|
|
819
819
|
name: string;
|
|
820
820
|
revoked: boolean;
|
|
821
|
-
userId:
|
|
821
|
+
userId: convex_values87.GenericId<"User">;
|
|
822
822
|
prefix: string;
|
|
823
823
|
hashedKey: string;
|
|
824
824
|
scopes: {
|
|
@@ -827,39 +827,39 @@ declare const _default: convex_server75.SchemaDefinition<{
|
|
|
827
827
|
}[];
|
|
828
828
|
createdAt: number;
|
|
829
829
|
}, {
|
|
830
|
-
userId:
|
|
831
|
-
prefix:
|
|
832
|
-
hashedKey:
|
|
833
|
-
name:
|
|
834
|
-
scopes:
|
|
830
|
+
userId: convex_values87.VId<convex_values87.GenericId<"User">, "required">; /** First chars of the key for display (e.g. "sk_abc1..."). */
|
|
831
|
+
prefix: convex_values87.VString<string, "required">; /** SHA-256 hex hash of the full raw key. */
|
|
832
|
+
hashedKey: convex_values87.VString<string, "required">; /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
|
|
833
|
+
name: convex_values87.VString<string, "required">; /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
|
|
834
|
+
scopes: convex_values87.VArray<{
|
|
835
835
|
resource: string;
|
|
836
836
|
actions: string[];
|
|
837
|
-
}[],
|
|
837
|
+
}[], convex_values87.VObject<{
|
|
838
838
|
resource: string;
|
|
839
839
|
actions: string[];
|
|
840
840
|
}, {
|
|
841
|
-
resource:
|
|
842
|
-
actions:
|
|
841
|
+
resource: convex_values87.VString<string, "required">;
|
|
842
|
+
actions: convex_values87.VArray<string[], convex_values87.VString<string, "required">, "required">;
|
|
843
843
|
}, "required", "resource" | "actions">, "required">; /** Optional per-key rate limit configuration. */
|
|
844
|
-
rateLimit:
|
|
844
|
+
rateLimit: convex_values87.VObject<{
|
|
845
845
|
maxRequests: number;
|
|
846
846
|
windowMs: number;
|
|
847
847
|
} | undefined, {
|
|
848
|
-
maxRequests:
|
|
849
|
-
windowMs:
|
|
848
|
+
maxRequests: convex_values87.VFloat64<number, "required">;
|
|
849
|
+
windowMs: convex_values87.VFloat64<number, "required">;
|
|
850
850
|
}, "optional", "maxRequests" | "windowMs">; /** Rate limit state tracking (token-bucket). */
|
|
851
|
-
rateLimitState:
|
|
851
|
+
rateLimitState: convex_values87.VObject<{
|
|
852
852
|
attemptsLeft: number;
|
|
853
853
|
lastAttemptTime: number;
|
|
854
854
|
} | undefined, {
|
|
855
|
-
attemptsLeft:
|
|
856
|
-
lastAttemptTime:
|
|
855
|
+
attemptsLeft: convex_values87.VFloat64<number, "required">;
|
|
856
|
+
lastAttemptTime: convex_values87.VFloat64<number, "required">;
|
|
857
857
|
}, "optional", "attemptsLeft" | "lastAttemptTime">; /** Expiration timestamp. Null/undefined = never expires. */
|
|
858
|
-
expiresAt:
|
|
859
|
-
lastUsedAt:
|
|
860
|
-
createdAt:
|
|
861
|
-
revoked:
|
|
862
|
-
metadata:
|
|
858
|
+
expiresAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
859
|
+
lastUsedAt: convex_values87.VFloat64<number | undefined, "optional">;
|
|
860
|
+
createdAt: convex_values87.VFloat64<number, "required">; /** Soft-revoke flag. Revoked keys are kept for audit trail. */
|
|
861
|
+
revoked: convex_values87.VBoolean<boolean, "required">; /** Arbitrary app-specific metadata attached to the key. */
|
|
862
|
+
metadata: convex_values87.VAny<any, "optional", string>;
|
|
863
863
|
}, "required", "name" | "revoked" | "lastUsedAt" | "expiresAt" | "userId" | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "createdAt" | "metadata" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | `metadata.${string}`>, {
|
|
864
864
|
user_id: ["userId", "_creationTime"];
|
|
865
865
|
hashed_key: ["hashedKey", "_creationTime"];
|