@robelest/convex-auth 0.0.4-preview.30 → 0.0.4-preview.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin.js +125 -36
- package/dist/browser/index.d.ts +3 -13
- package/dist/browser/index.js +47 -12
- package/dist/browser/navigation.js +1 -1
- package/dist/browser/passkey.js +7 -7
- package/dist/browser/runtime.js +13 -15
- package/dist/client/core/types.d.ts +179 -63
- package/dist/client/core/types.js +6 -0
- package/dist/client/factors/totp.js +1 -1
- package/dist/client/index.d.ts +5 -4
- package/dist/client/index.js +115 -56
- package/dist/client/runtime/mutex.js +3 -2
- package/dist/component/_generated/component.d.ts +40 -0
- package/dist/component/http.js +9 -0
- package/dist/component/index.d.ts +1 -1
- package/dist/component/model.d.ts +27 -27
- package/dist/component/model.js +2 -1
- package/dist/component/modules.js +1 -0
- package/dist/component/public/factors/passkeys.js +31 -1
- package/dist/component/public/identity/codes.js +1 -1
- package/dist/component/public/identity/tokens.js +2 -1
- package/dist/component/public/identity/verifiers.js +15 -5
- package/dist/component/public.js +2 -2
- package/dist/component/schema.d.ts +287 -285
- package/dist/component/schema.js +2 -1
- package/dist/core/index.d.ts +8 -3
- package/dist/core/index.js +7 -2
- package/dist/expo/index.d.ts +21 -0
- package/dist/expo/index.js +148 -0
- package/dist/expo/passkey.js +174 -0
- package/dist/providers/apple.d.ts +1 -1
- package/dist/providers/apple.js +6 -8
- package/dist/providers/custom.d.ts +1 -1
- package/dist/providers/custom.js +4 -7
- package/dist/providers/github.d.ts +1 -1
- package/dist/providers/github.js +5 -8
- package/dist/providers/google.d.ts +1 -1
- package/dist/providers/google.js +5 -8
- package/dist/providers/microsoft.d.ts +1 -1
- package/dist/providers/microsoft.js +5 -9
- package/dist/providers/password.d.ts +18 -37
- package/dist/providers/password.js +170 -115
- package/dist/providers/redirect.d.ts +1 -0
- package/dist/providers/redirect.js +20 -0
- package/dist/server/auth.d.ts +6 -7
- package/dist/server/auth.js +3 -2
- package/dist/server/{ctxCache.js → cache/context.js} +2 -2
- package/dist/server/{componentContext.d.ts → component/context.d.ts} +2 -2
- package/dist/server/context.js +3 -10
- package/dist/server/contract.d.ts +2 -87
- package/dist/server/contract.js +1 -1
- package/dist/server/cookies.js +25 -1
- package/dist/server/core.js +1 -1
- package/dist/server/errors.js +24 -1
- package/dist/server/{auth-context.d.ts → facade.d.ts} +3 -45
- package/dist/server/{auth-context.js → facade.js} +11 -12
- package/dist/server/http.d.ts +7 -7
- package/dist/server/http.js +47 -7
- package/dist/server/{convexIdentity.d.ts → identity/convex.d.ts} +3 -3
- package/dist/server/index.d.ts +5 -3
- package/dist/server/index.js +3 -2
- package/dist/server/mounts.d.ts +171 -18
- package/dist/server/mutations/code.js +7 -1
- package/dist/server/mutations/{credentialsSignIn.js → credentials/signin.js} +10 -10
- package/dist/server/mutations/index.js +1 -1
- package/dist/server/mutations/invalidate.js +11 -1
- package/dist/server/mutations/oauth.js +25 -27
- package/dist/server/mutations/signin.js +6 -0
- package/dist/server/mutations/signout.js +5 -0
- package/dist/server/mutations/store.js +1 -1
- package/dist/server/oauth/factory.js +11 -3
- package/dist/server/passkey.js +126 -110
- package/dist/server/prefetch.js +8 -1
- package/dist/server/redirects.js +11 -3
- package/dist/server/refresh.js +6 -1
- package/dist/server/runtime.d.ts +68 -37
- package/dist/server/runtime.js +318 -36
- package/dist/server/services/group.js +4 -0
- package/dist/server/sessions.js +1 -0
- package/dist/server/signin.js +8 -6
- package/dist/server/sso/domain.d.ts +159 -16
- package/dist/server/sso/domain.js +1 -1
- package/dist/server/sso/http.js +144 -60
- package/dist/server/sso/oidc.js +28 -12
- package/dist/server/sso/policy.js +30 -14
- package/dist/server/sso/provision.js +1 -1
- package/dist/server/sso/saml.js +18 -9
- package/dist/server/sso/scim.js +12 -4
- package/dist/server/sso/shared.js +5 -5
- package/dist/server/telemetry.js +3 -0
- package/dist/server/tokens.js +10 -2
- package/dist/server/totp.js +127 -100
- package/dist/server/types.d.ts +224 -151
- package/dist/server/url.js +1 -1
- package/dist/server/users.js +93 -53
- package/dist/server/wellknown.d.ts +75 -0
- package/dist/server/wellknown.js +198 -0
- package/dist/shared/errors.js +0 -1
- package/package.json +36 -4
- package/dist/server/oauth/index.js +0 -12
- package/dist/server/utils/dispatch.js +0 -36
- package/dist/shared/authResults.d.ts +0 -16
- /package/dist/server/{componentContext.js → component/context.js} +0 -0
- /package/dist/server/{convexIdentity.js → identity/convex.js} +0 -0
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import * as
|
|
2
|
-
import * as
|
|
1
|
+
import * as convex_values50 from "convex/values";
|
|
2
|
+
import * as convex_server80 from "convex/server";
|
|
3
3
|
|
|
4
4
|
//#region src/component/schema.d.ts
|
|
5
5
|
/**
|
|
@@ -9,12 +9,12 @@ import * as convex_server89 from "convex/server";
|
|
|
9
9
|
* verification codes, PKCE verifiers, rate limits) and hierarchical group
|
|
10
10
|
* management (groups, members, invites).
|
|
11
11
|
*/
|
|
12
|
-
declare const _default:
|
|
12
|
+
declare const _default: convex_server80.SchemaDefinition<{
|
|
13
13
|
/**
|
|
14
14
|
* Authenticated users. A user may have multiple linked accounts
|
|
15
15
|
* and multiple concurrent sessions.
|
|
16
16
|
*/
|
|
17
|
-
User:
|
|
17
|
+
User: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
18
18
|
name?: string | undefined;
|
|
19
19
|
email?: string | undefined;
|
|
20
20
|
image?: string | undefined;
|
|
@@ -25,15 +25,15 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
25
25
|
isAnonymous?: boolean | undefined;
|
|
26
26
|
hasTotp?: boolean | undefined;
|
|
27
27
|
}, {
|
|
28
|
-
name:
|
|
29
|
-
image:
|
|
30
|
-
email:
|
|
31
|
-
emailVerificationTime:
|
|
32
|
-
phone:
|
|
33
|
-
phoneVerificationTime:
|
|
34
|
-
isAnonymous:
|
|
35
|
-
hasTotp:
|
|
36
|
-
extend:
|
|
28
|
+
name: convex_values50.VString<string | undefined, "optional">;
|
|
29
|
+
image: convex_values50.VString<string | undefined, "optional">;
|
|
30
|
+
email: convex_values50.VString<string | undefined, "optional">;
|
|
31
|
+
emailVerificationTime: convex_values50.VFloat64<number | undefined, "optional">;
|
|
32
|
+
phone: convex_values50.VString<string | undefined, "optional">;
|
|
33
|
+
phoneVerificationTime: convex_values50.VFloat64<number | undefined, "optional">;
|
|
34
|
+
isAnonymous: convex_values50.VBoolean<boolean | undefined, "optional">;
|
|
35
|
+
hasTotp: convex_values50.VBoolean<boolean | undefined, "optional">;
|
|
36
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
37
37
|
}, "required", "name" | "email" | "image" | "phone" | "extend" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | "hasTotp" | `extend.${string}`>, {
|
|
38
38
|
email: ["email", "_creationTime"];
|
|
39
39
|
email_verified: ["email", "emailVerificationTime", "_creationTime"];
|
|
@@ -45,12 +45,12 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
45
45
|
* across different devices or browsers. Sessions expire after a
|
|
46
46
|
* configurable duration.
|
|
47
47
|
*/
|
|
48
|
-
Session:
|
|
49
|
-
userId:
|
|
48
|
+
Session: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
49
|
+
userId: convex_values50.GenericId<"User">;
|
|
50
50
|
expirationTime: number;
|
|
51
51
|
}, {
|
|
52
|
-
userId:
|
|
53
|
-
expirationTime:
|
|
52
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User">, "required">;
|
|
53
|
+
expirationTime: convex_values50.VFloat64<number, "required">;
|
|
54
54
|
}, "required", "userId" | "expirationTime">, {
|
|
55
55
|
user_id: ["userId", "_creationTime"];
|
|
56
56
|
}, {}, {}>;
|
|
@@ -59,22 +59,22 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
59
59
|
* authentication provider (e.g. Google OAuth, email/password).
|
|
60
60
|
* A user can have multiple accounts linked.
|
|
61
61
|
*/
|
|
62
|
-
Account:
|
|
62
|
+
Account: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
63
63
|
emailVerified?: string | undefined;
|
|
64
64
|
extend?: any;
|
|
65
65
|
secret?: string | undefined;
|
|
66
66
|
phoneVerified?: string | undefined;
|
|
67
|
-
userId:
|
|
67
|
+
userId: convex_values50.GenericId<"User">;
|
|
68
68
|
provider: string;
|
|
69
69
|
providerAccountId: string;
|
|
70
70
|
}, {
|
|
71
|
-
userId:
|
|
72
|
-
provider:
|
|
73
|
-
providerAccountId:
|
|
74
|
-
secret:
|
|
75
|
-
emailVerified:
|
|
76
|
-
phoneVerified:
|
|
77
|
-
extend:
|
|
71
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User">, "required">;
|
|
72
|
+
provider: convex_values50.VString<string, "required">;
|
|
73
|
+
providerAccountId: convex_values50.VString<string, "required">;
|
|
74
|
+
secret: convex_values50.VString<string | undefined, "optional">;
|
|
75
|
+
emailVerified: convex_values50.VString<string | undefined, "optional">;
|
|
76
|
+
phoneVerified: convex_values50.VString<string | undefined, "optional">;
|
|
77
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
78
78
|
}, "required", "emailVerified" | "userId" | "extend" | `extend.${string}` | "provider" | "providerAccountId" | "secret" | "phoneVerified">, {
|
|
79
79
|
user_id_provider: ["userId", "provider", "_creationTime"];
|
|
80
80
|
provider_account_id: ["provider", "providerAccountId", "_creationTime"];
|
|
@@ -87,16 +87,16 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
87
87
|
* been used yet. A 10-second reuse window allows for concurrent requests.
|
|
88
88
|
* Any invalid use of a token invalidates the entire chain.
|
|
89
89
|
*/
|
|
90
|
-
RefreshToken:
|
|
90
|
+
RefreshToken: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
91
91
|
firstUsedTime?: number | undefined;
|
|
92
|
-
parentRefreshTokenId?:
|
|
92
|
+
parentRefreshTokenId?: convex_values50.GenericId<"RefreshToken"> | undefined;
|
|
93
93
|
expirationTime: number;
|
|
94
|
-
sessionId:
|
|
94
|
+
sessionId: convex_values50.GenericId<"Session">;
|
|
95
95
|
}, {
|
|
96
|
-
sessionId:
|
|
97
|
-
expirationTime:
|
|
98
|
-
firstUsedTime:
|
|
99
|
-
parentRefreshTokenId:
|
|
96
|
+
sessionId: convex_values50.VId<convex_values50.GenericId<"Session">, "required">;
|
|
97
|
+
expirationTime: convex_values50.VFloat64<number, "required">;
|
|
98
|
+
firstUsedTime: convex_values50.VFloat64<number | undefined, "optional">;
|
|
99
|
+
parentRefreshTokenId: convex_values50.VId<convex_values50.GenericId<"RefreshToken"> | undefined, "optional">;
|
|
100
100
|
}, "required", "expirationTime" | "sessionId" | "firstUsedTime" | "parentRefreshTokenId">, {
|
|
101
101
|
session_id: ["sessionId", "_creationTime"];
|
|
102
102
|
session_id_first_used: ["sessionId", "firstUsedTime", "_creationTime"];
|
|
@@ -105,22 +105,22 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
105
105
|
/**
|
|
106
106
|
* Verification codes for OTP tokens, magic link tokens, and OAuth codes.
|
|
107
107
|
*/
|
|
108
|
-
VerificationCode:
|
|
108
|
+
VerificationCode: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
109
109
|
emailVerified?: string | undefined;
|
|
110
110
|
phoneVerified?: string | undefined;
|
|
111
111
|
verifier?: string | undefined;
|
|
112
112
|
expirationTime: number;
|
|
113
113
|
provider: string;
|
|
114
|
-
accountId:
|
|
114
|
+
accountId: convex_values50.GenericId<"Account">;
|
|
115
115
|
code: string;
|
|
116
116
|
}, {
|
|
117
|
-
accountId:
|
|
118
|
-
provider:
|
|
119
|
-
code:
|
|
120
|
-
expirationTime:
|
|
121
|
-
verifier:
|
|
122
|
-
emailVerified:
|
|
123
|
-
phoneVerified:
|
|
117
|
+
accountId: convex_values50.VId<convex_values50.GenericId<"Account">, "required">;
|
|
118
|
+
provider: convex_values50.VString<string, "required">;
|
|
119
|
+
code: convex_values50.VString<string, "required">;
|
|
120
|
+
expirationTime: convex_values50.VFloat64<number, "required">;
|
|
121
|
+
verifier: convex_values50.VString<string | undefined, "optional">;
|
|
122
|
+
emailVerified: convex_values50.VString<string | undefined, "optional">;
|
|
123
|
+
phoneVerified: convex_values50.VString<string | undefined, "optional">;
|
|
124
124
|
}, "required", "emailVerified" | "expirationTime" | "provider" | "phoneVerified" | "accountId" | "code" | "verifier">, {
|
|
125
125
|
account_id: ["accountId", "_creationTime"];
|
|
126
126
|
code: ["code", "_creationTime"];
|
|
@@ -129,13 +129,15 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
129
129
|
* PKCE verifiers for OAuth flows. Stores the cryptographic verifier
|
|
130
130
|
* used to prove the authorization request originated from this client.
|
|
131
131
|
*/
|
|
132
|
-
AuthVerifier:
|
|
133
|
-
|
|
132
|
+
AuthVerifier: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
133
|
+
expirationTime?: number | undefined;
|
|
134
|
+
sessionId?: convex_values50.GenericId<"Session"> | undefined;
|
|
134
135
|
signature?: string | undefined;
|
|
135
136
|
}, {
|
|
136
|
-
sessionId:
|
|
137
|
-
signature:
|
|
138
|
-
|
|
137
|
+
sessionId: convex_values50.VId<convex_values50.GenericId<"Session"> | undefined, "optional">;
|
|
138
|
+
signature: convex_values50.VString<string | undefined, "optional">;
|
|
139
|
+
expirationTime: convex_values50.VFloat64<number | undefined, "optional">;
|
|
140
|
+
}, "required", "expirationTime" | "sessionId" | "signature">, {
|
|
139
141
|
signature: ["signature", "_creationTime"];
|
|
140
142
|
}, {}, {}>;
|
|
141
143
|
/**
|
|
@@ -143,11 +145,11 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
143
145
|
* registered authenticator (Touch ID, Face ID, security key, etc.).
|
|
144
146
|
* A user can have multiple passkeys across different devices.
|
|
145
147
|
*/
|
|
146
|
-
Passkey:
|
|
148
|
+
Passkey: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
147
149
|
name?: string | undefined;
|
|
148
150
|
lastUsedAt?: number | undefined;
|
|
149
151
|
transports?: string[] | undefined;
|
|
150
|
-
userId:
|
|
152
|
+
userId: convex_values50.GenericId<"User">;
|
|
151
153
|
createdAt: number;
|
|
152
154
|
credentialId: string;
|
|
153
155
|
publicKey: ArrayBuffer;
|
|
@@ -156,17 +158,17 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
156
158
|
deviceType: string;
|
|
157
159
|
backedUp: boolean;
|
|
158
160
|
}, {
|
|
159
|
-
userId:
|
|
160
|
-
credentialId:
|
|
161
|
-
publicKey:
|
|
162
|
-
algorithm:
|
|
163
|
-
counter:
|
|
164
|
-
transports:
|
|
165
|
-
deviceType:
|
|
166
|
-
backedUp:
|
|
167
|
-
name:
|
|
168
|
-
createdAt:
|
|
169
|
-
lastUsedAt:
|
|
161
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User">, "required">; /** Base64url-encoded credential ID from the authenticator. */
|
|
162
|
+
credentialId: convex_values50.VString<string, "required">; /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
|
|
163
|
+
publicKey: convex_values50.VBytes<ArrayBuffer, "required">; /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
|
|
164
|
+
algorithm: convex_values50.VFloat64<number, "required">; /** Signature counter for clone detection. Many authenticators return 0. */
|
|
165
|
+
counter: convex_values50.VFloat64<number, "required">; /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
|
|
166
|
+
transports: convex_values50.VArray<string[] | undefined, convex_values50.VString<string, "required">, "optional">; /** Whether this is a single-device or multi-device (synced) credential. */
|
|
167
|
+
deviceType: convex_values50.VString<string, "required">; /** Whether the credential is backed up (synced passkey). */
|
|
168
|
+
backedUp: convex_values50.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
|
|
169
|
+
name: convex_values50.VString<string | undefined, "optional">;
|
|
170
|
+
createdAt: convex_values50.VFloat64<number, "required">;
|
|
171
|
+
lastUsedAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
170
172
|
}, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp">, {
|
|
171
173
|
user_id: ["userId", "_creationTime"];
|
|
172
174
|
credential_id: ["credentialId", "_creationTime"];
|
|
@@ -180,24 +182,24 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
180
182
|
* by successfully entering a code from their authenticator app.
|
|
181
183
|
* Unverified enrollments are in-progress setup that can be discarded.
|
|
182
184
|
*/
|
|
183
|
-
TotpFactor:
|
|
185
|
+
TotpFactor: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
184
186
|
name?: string | undefined;
|
|
185
187
|
lastUsedAt?: number | undefined;
|
|
186
|
-
userId:
|
|
188
|
+
userId: convex_values50.GenericId<"User">;
|
|
187
189
|
createdAt: number;
|
|
188
190
|
secret: ArrayBuffer;
|
|
189
191
|
digits: number;
|
|
190
192
|
period: number;
|
|
191
193
|
verified: boolean;
|
|
192
194
|
}, {
|
|
193
|
-
userId:
|
|
194
|
-
secret:
|
|
195
|
-
digits:
|
|
196
|
-
period:
|
|
197
|
-
verified:
|
|
198
|
-
name:
|
|
199
|
-
createdAt:
|
|
200
|
-
lastUsedAt:
|
|
195
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User">, "required">; /** Raw TOTP secret key bytes. */
|
|
196
|
+
secret: convex_values50.VBytes<ArrayBuffer, "required">; /** Number of digits in each code (typically 6). */
|
|
197
|
+
digits: convex_values50.VFloat64<number, "required">; /** Time period in seconds for code rotation (typically 30). */
|
|
198
|
+
period: convex_values50.VFloat64<number, "required">; /** Whether setup has been confirmed with a valid code. */
|
|
199
|
+
verified: convex_values50.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "Google Authenticator"). */
|
|
200
|
+
name: convex_values50.VString<string | undefined, "optional">;
|
|
201
|
+
createdAt: convex_values50.VFloat64<number, "required">;
|
|
202
|
+
lastUsedAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
201
203
|
}, "required", "name" | "lastUsedAt" | "userId" | "createdAt" | "secret" | "digits" | "period" | "verified">, {
|
|
202
204
|
user_id: ["userId", "_creationTime"];
|
|
203
205
|
user_id_verified: ["userId", "verified", "_creationTime"];
|
|
@@ -207,9 +209,9 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
207
209
|
* device auth session — the device polls with `deviceCode` while the
|
|
208
210
|
* user authorizes via `userCode` on a secondary device.
|
|
209
211
|
*/
|
|
210
|
-
DeviceCode:
|
|
211
|
-
userId?:
|
|
212
|
-
sessionId?:
|
|
212
|
+
DeviceCode: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
213
|
+
userId?: convex_values50.GenericId<"User"> | undefined;
|
|
214
|
+
sessionId?: convex_values50.GenericId<"Session"> | undefined;
|
|
213
215
|
lastPolledAt?: number | undefined;
|
|
214
216
|
status: "pending" | "authorized" | "denied";
|
|
215
217
|
expiresAt: number;
|
|
@@ -217,14 +219,14 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
217
219
|
userCode: string;
|
|
218
220
|
interval: number;
|
|
219
221
|
}, {
|
|
220
|
-
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash:
|
|
221
|
-
userCode:
|
|
222
|
-
expiresAt:
|
|
223
|
-
interval:
|
|
224
|
-
status:
|
|
225
|
-
userId:
|
|
226
|
-
sessionId:
|
|
227
|
-
lastPolledAt:
|
|
222
|
+
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash: convex_values50.VString<string, "required">; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
|
|
223
|
+
userCode: convex_values50.VString<string, "required">; /** Expiration timestamp (ms since epoch). */
|
|
224
|
+
expiresAt: convex_values50.VFloat64<number, "required">; /** Minimum polling interval in seconds. */
|
|
225
|
+
interval: convex_values50.VFloat64<number, "required">; /** Current status of this device authorization session. */
|
|
226
|
+
status: convex_values50.VUnion<"pending" | "authorized" | "denied", [convex_values50.VLiteral<"pending", "required">, convex_values50.VLiteral<"authorized", "required">, convex_values50.VLiteral<"denied", "required">], "required", never>; /** Set when the user authorizes — links to the authorizing user. */
|
|
227
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User"> | undefined, "optional">; /** Set when the user authorizes — the session created for the device. */
|
|
228
|
+
sessionId: convex_values50.VId<convex_values50.GenericId<"Session"> | undefined, "optional">; /** Timestamp of the last poll request (for slow_down enforcement). */
|
|
229
|
+
lastPolledAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
228
230
|
}, "required", "status" | "expiresAt" | "userId" | "sessionId" | "deviceCodeHash" | "userCode" | "interval" | "lastPolledAt">, {
|
|
229
231
|
device_code_hash: ["deviceCodeHash", "_creationTime"];
|
|
230
232
|
user_code_status: ["userCode", "status", "_creationTime"];
|
|
@@ -232,14 +234,14 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
232
234
|
/**
|
|
233
235
|
* Rate limit tracking for OTP and password sign-in attempts.
|
|
234
236
|
*/
|
|
235
|
-
RateLimit:
|
|
237
|
+
RateLimit: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
236
238
|
identifier: string;
|
|
237
239
|
last_attempt_time: number;
|
|
238
240
|
attempts_left: number;
|
|
239
241
|
}, {
|
|
240
|
-
identifier:
|
|
241
|
-
last_attempt_time:
|
|
242
|
-
attempts_left:
|
|
242
|
+
identifier: convex_values50.VString<string, "required">;
|
|
243
|
+
last_attempt_time: convex_values50.VFloat64<number, "required">;
|
|
244
|
+
attempts_left: convex_values50.VFloat64<number, "required">;
|
|
243
245
|
}, "required", "identifier" | "last_attempt_time" | "attempts_left">, {
|
|
244
246
|
by_identifier: ["identifier", "_creationTime"];
|
|
245
247
|
}, {}, {}>;
|
|
@@ -248,12 +250,12 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
248
250
|
* Groups can nest arbitrarily deep via `parentGroupId` for modeling
|
|
249
251
|
* organizations, teams, departments, or any tree structure.
|
|
250
252
|
*/
|
|
251
|
-
Group:
|
|
253
|
+
Group: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
252
254
|
slug?: string | undefined;
|
|
253
255
|
type?: string | undefined;
|
|
254
256
|
extend?: any;
|
|
255
|
-
parentGroupId?:
|
|
256
|
-
rootGroupId?:
|
|
257
|
+
parentGroupId?: convex_values50.GenericId<"Group"> | undefined;
|
|
258
|
+
rootGroupId?: convex_values50.GenericId<"Group"> | undefined;
|
|
257
259
|
isRoot?: boolean | undefined;
|
|
258
260
|
tags?: {
|
|
259
261
|
key: string;
|
|
@@ -300,23 +302,23 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
300
302
|
} | undefined;
|
|
301
303
|
name: string;
|
|
302
304
|
}, {
|
|
303
|
-
name:
|
|
304
|
-
slug:
|
|
305
|
-
type:
|
|
306
|
-
parentGroupId:
|
|
307
|
-
rootGroupId:
|
|
308
|
-
isRoot:
|
|
309
|
-
tags:
|
|
305
|
+
name: convex_values50.VString<string, "required">;
|
|
306
|
+
slug: convex_values50.VString<string | undefined, "optional">;
|
|
307
|
+
type: convex_values50.VString<string | undefined, "optional">;
|
|
308
|
+
parentGroupId: convex_values50.VId<convex_values50.GenericId<"Group"> | undefined, "optional">; /** Denormalized root group ID. Self-referencing for root groups. */
|
|
309
|
+
rootGroupId: convex_values50.VId<convex_values50.GenericId<"Group"> | undefined, "optional">; /** Denormalized flag: `true` when `parentGroupId` is absent. */
|
|
310
|
+
isRoot: convex_values50.VBoolean<boolean | undefined, "optional">; /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */
|
|
311
|
+
tags: convex_values50.VArray<{
|
|
310
312
|
key: string;
|
|
311
313
|
value: string;
|
|
312
|
-
}[] | undefined,
|
|
314
|
+
}[] | undefined, convex_values50.VObject<{
|
|
313
315
|
key: string;
|
|
314
316
|
value: string;
|
|
315
317
|
}, {
|
|
316
|
-
key:
|
|
317
|
-
value:
|
|
318
|
+
key: convex_values50.VString<string, "required">;
|
|
319
|
+
value: convex_values50.VString<string, "required">;
|
|
318
320
|
}, "required", "key" | "value">, "optional">;
|
|
319
|
-
policy:
|
|
321
|
+
policy: convex_values50.VObject<{
|
|
320
322
|
extend?: any;
|
|
321
323
|
version: 1;
|
|
322
324
|
identity: {
|
|
@@ -355,22 +357,22 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
355
357
|
};
|
|
356
358
|
};
|
|
357
359
|
} | undefined, {
|
|
358
|
-
version:
|
|
359
|
-
identity:
|
|
360
|
+
version: convex_values50.VLiteral<1, "required">;
|
|
361
|
+
identity: convex_values50.VObject<{
|
|
360
362
|
accountLinking: {
|
|
361
363
|
oidc: "verifiedEmail" | "none";
|
|
362
364
|
saml: "verifiedEmail" | "none";
|
|
363
365
|
};
|
|
364
366
|
}, {
|
|
365
|
-
accountLinking:
|
|
367
|
+
accountLinking: convex_values50.VObject<{
|
|
366
368
|
oidc: "verifiedEmail" | "none";
|
|
367
369
|
saml: "verifiedEmail" | "none";
|
|
368
370
|
}, {
|
|
369
|
-
oidc:
|
|
370
|
-
saml:
|
|
371
|
+
oidc: convex_values50.VUnion<"verifiedEmail" | "none", [convex_values50.VLiteral<"verifiedEmail", "required">, convex_values50.VLiteral<"none", "required">], "required", never>;
|
|
372
|
+
saml: convex_values50.VUnion<"verifiedEmail" | "none", [convex_values50.VLiteral<"verifiedEmail", "required">, convex_values50.VLiteral<"none", "required">], "required", never>;
|
|
371
373
|
}, "required", "oidc" | "saml">;
|
|
372
374
|
}, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
|
|
373
|
-
provisioning:
|
|
375
|
+
provisioning: convex_values50.VObject<{
|
|
374
376
|
user: {
|
|
375
377
|
createOnSignIn: boolean;
|
|
376
378
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
@@ -399,58 +401,58 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
399
401
|
source: "protocol";
|
|
400
402
|
};
|
|
401
403
|
}, {
|
|
402
|
-
user:
|
|
404
|
+
user: convex_values50.VObject<{
|
|
403
405
|
createOnSignIn: boolean;
|
|
404
406
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
405
407
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
406
408
|
authority: "app" | "sso" | "scim";
|
|
407
409
|
}, {
|
|
408
|
-
createOnSignIn:
|
|
409
|
-
updateProfileOnLogin:
|
|
410
|
-
updateProfileFromScim:
|
|
411
|
-
authority:
|
|
410
|
+
createOnSignIn: convex_values50.VBoolean<boolean, "required">;
|
|
411
|
+
updateProfileOnLogin: convex_values50.VUnion<"never" | "missing" | "always", [convex_values50.VLiteral<"never", "required">, convex_values50.VLiteral<"missing", "required">, convex_values50.VLiteral<"always", "required">], "required", never>;
|
|
412
|
+
updateProfileFromScim: convex_values50.VUnion<"never" | "missing" | "always", [convex_values50.VLiteral<"never", "required">, convex_values50.VLiteral<"missing", "required">, convex_values50.VLiteral<"always", "required">], "required", never>;
|
|
413
|
+
authority: convex_values50.VUnion<"app" | "sso" | "scim", [convex_values50.VLiteral<"app", "required">, convex_values50.VLiteral<"sso", "required">, convex_values50.VLiteral<"scim", "required">], "required", never>;
|
|
412
414
|
}, "required", "createOnSignIn" | "updateProfileOnLogin" | "updateProfileFromScim" | "authority">;
|
|
413
|
-
scimReuse:
|
|
415
|
+
scimReuse: convex_values50.VObject<{
|
|
414
416
|
user: "none" | "externalId";
|
|
415
417
|
}, {
|
|
416
|
-
user:
|
|
418
|
+
user: convex_values50.VUnion<"none" | "externalId", [convex_values50.VLiteral<"externalId", "required">, convex_values50.VLiteral<"none", "required">], "required", never>;
|
|
417
419
|
}, "required", "user">;
|
|
418
|
-
jit:
|
|
420
|
+
jit: convex_values50.VObject<{
|
|
419
421
|
defaultRole?: string | undefined;
|
|
420
422
|
defaultRoleIds?: string[] | undefined;
|
|
421
423
|
mode: "off" | "createUser" | "createUserAndMembership";
|
|
422
424
|
}, {
|
|
423
|
-
mode:
|
|
424
|
-
defaultRole:
|
|
425
|
-
defaultRoleIds:
|
|
425
|
+
mode: convex_values50.VUnion<"off" | "createUser" | "createUserAndMembership", [convex_values50.VLiteral<"off", "required">, convex_values50.VLiteral<"createUser", "required">, convex_values50.VLiteral<"createUserAndMembership", "required">], "required", never>;
|
|
426
|
+
defaultRole: convex_values50.VString<string | undefined, "optional">;
|
|
427
|
+
defaultRoleIds: convex_values50.VArray<string[] | undefined, convex_values50.VString<string, "required">, "optional">;
|
|
426
428
|
}, "required", "mode" | "defaultRole" | "defaultRoleIds">;
|
|
427
|
-
deprovision:
|
|
429
|
+
deprovision: convex_values50.VObject<{
|
|
428
430
|
mode: "soft" | "hard";
|
|
429
431
|
}, {
|
|
430
|
-
mode:
|
|
432
|
+
mode: convex_values50.VUnion<"soft" | "hard", [convex_values50.VLiteral<"soft", "required">, convex_values50.VLiteral<"hard", "required">], "required", never>;
|
|
431
433
|
}, "required", "mode">;
|
|
432
|
-
groups:
|
|
434
|
+
groups: convex_values50.VObject<{
|
|
433
435
|
mapping?: Record<string, string[]> | undefined;
|
|
434
436
|
mode: "ignore" | "sync";
|
|
435
437
|
source: "protocol";
|
|
436
438
|
}, {
|
|
437
|
-
mode:
|
|
438
|
-
source:
|
|
439
|
-
mapping:
|
|
439
|
+
mode: convex_values50.VUnion<"ignore" | "sync", [convex_values50.VLiteral<"ignore", "required">, convex_values50.VLiteral<"sync", "required">], "required", never>;
|
|
440
|
+
source: convex_values50.VLiteral<"protocol", "required">;
|
|
441
|
+
mapping: convex_values50.VRecord<Record<string, string[]> | undefined, convex_values50.VString<string, "required">, convex_values50.VArray<string[], convex_values50.VString<string, "required">, "required">, "optional", string>;
|
|
440
442
|
}, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
|
|
441
|
-
roles:
|
|
443
|
+
roles: convex_values50.VObject<{
|
|
442
444
|
mapping?: Record<string, string[]> | undefined;
|
|
443
445
|
mode: "map" | "ignore";
|
|
444
446
|
source: "protocol";
|
|
445
447
|
}, {
|
|
446
|
-
mode:
|
|
447
|
-
source:
|
|
448
|
-
mapping:
|
|
448
|
+
mode: convex_values50.VUnion<"map" | "ignore", [convex_values50.VLiteral<"ignore", "required">, convex_values50.VLiteral<"map", "required">], "required", never>;
|
|
449
|
+
source: convex_values50.VLiteral<"protocol", "required">;
|
|
450
|
+
mapping: convex_values50.VRecord<Record<string, string[]> | undefined, convex_values50.VString<string, "required">, convex_values50.VArray<string[], convex_values50.VString<string, "required">, "required">, "optional", string>;
|
|
449
451
|
}, "required", "mode" | "source" | "mapping" | `mapping.${string}`>;
|
|
450
452
|
}, "required", "user" | "scimReuse" | "jit" | "deprovision" | "groups" | "roles" | "user.createOnSignIn" | "user.updateProfileOnLogin" | "user.updateProfileFromScim" | "user.authority" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode" | "groups.mode" | "groups.source" | "groups.mapping" | `groups.mapping.${string}` | "roles.mode" | "roles.source" | "roles.mapping" | `roles.mapping.${string}`>;
|
|
451
|
-
extend:
|
|
453
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
452
454
|
}, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.user" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.groups" | "provisioning.roles" | "provisioning.user.createOnSignIn" | "provisioning.user.updateProfileOnLogin" | "provisioning.user.updateProfileFromScim" | "provisioning.user.authority" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode" | "provisioning.groups.mode" | "provisioning.groups.source" | "provisioning.groups.mapping" | `provisioning.groups.mapping.${string}` | "provisioning.roles.mode" | "provisioning.roles.source" | "provisioning.roles.mapping" | `provisioning.roles.mapping.${string}`>;
|
|
453
|
-
extend:
|
|
455
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
454
456
|
}, "required", "name" | "slug" | "type" | "extend" | `extend.${string}` | "parentGroupId" | "rootGroupId" | "isRoot" | "tags" | "policy" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.user" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.groups" | "policy.provisioning.roles" | "policy.provisioning.user.createOnSignIn" | "policy.provisioning.user.updateProfileOnLogin" | "policy.provisioning.user.updateProfileFromScim" | "policy.provisioning.user.authority" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | "policy.provisioning.groups.mode" | "policy.provisioning.groups.source" | "policy.provisioning.groups.mapping" | `policy.provisioning.groups.mapping.${string}` | "policy.provisioning.roles.mode" | "policy.provisioning.roles.source" | "policy.provisioning.roles.mapping" | `policy.provisioning.roles.mapping.${string}`>, {
|
|
455
457
|
slug: ["slug", "_creationTime"];
|
|
456
458
|
parent_group_id: ["parentGroupId", "_creationTime"];
|
|
@@ -464,14 +466,14 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
464
466
|
* Each row maps one `(key, value)` pair to a group. Kept in sync by
|
|
465
467
|
* `groupCreate`, `groupUpdate`, and `groupDelete`.
|
|
466
468
|
*/
|
|
467
|
-
GroupTag:
|
|
469
|
+
GroupTag: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
468
470
|
key: string;
|
|
469
471
|
value: string;
|
|
470
|
-
group_id:
|
|
472
|
+
group_id: convex_values50.GenericId<"Group">;
|
|
471
473
|
}, {
|
|
472
|
-
group_id:
|
|
473
|
-
key:
|
|
474
|
-
value:
|
|
474
|
+
group_id: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
475
|
+
key: convex_values50.VString<string, "required">;
|
|
476
|
+
value: convex_values50.VString<string, "required">;
|
|
475
477
|
}, "required", "key" | "value" | "group_id">, {
|
|
476
478
|
by_group: ["group_id", "_creationTime"];
|
|
477
479
|
by_key_value: ["key", "value", "_creationTime"];
|
|
@@ -482,20 +484,20 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
482
484
|
* role (e.g. "owner", "admin", "member", "viewer"). A user can be a
|
|
483
485
|
* member of multiple groups with different roles in each.
|
|
484
486
|
*/
|
|
485
|
-
GroupMember:
|
|
487
|
+
GroupMember: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
486
488
|
status?: string | undefined;
|
|
487
489
|
extend?: any;
|
|
488
490
|
role?: string | undefined;
|
|
489
491
|
roleIds?: string[] | undefined;
|
|
490
|
-
userId:
|
|
491
|
-
groupId:
|
|
492
|
+
userId: convex_values50.GenericId<"User">;
|
|
493
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
492
494
|
}, {
|
|
493
|
-
groupId:
|
|
494
|
-
userId:
|
|
495
|
-
role:
|
|
496
|
-
roleIds:
|
|
497
|
-
status:
|
|
498
|
-
extend:
|
|
495
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
496
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User">, "required">;
|
|
497
|
+
role: convex_values50.VString<string | undefined, "optional">;
|
|
498
|
+
roleIds: convex_values50.VArray<string[] | undefined, convex_values50.VString<string, "required">, "optional">;
|
|
499
|
+
status: convex_values50.VString<string | undefined, "optional">;
|
|
500
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
499
501
|
}, "required", "status" | "userId" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds">, {
|
|
500
502
|
group_id: ["groupId", "_creationTime"];
|
|
501
503
|
group_id_user_id: ["groupId", "userId", "_creationTime"];
|
|
@@ -510,30 +512,30 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
510
512
|
* `email` and `invitedByUserId` are optional to support CLI-generated
|
|
511
513
|
* invite links where neither is known upfront.
|
|
512
514
|
*/
|
|
513
|
-
GroupInvite:
|
|
515
|
+
GroupInvite: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
514
516
|
email?: string | undefined;
|
|
515
517
|
expiresTime?: number | undefined;
|
|
516
518
|
acceptedTime?: number | undefined;
|
|
517
519
|
extend?: any;
|
|
518
|
-
groupId?:
|
|
520
|
+
groupId?: convex_values50.GenericId<"Group"> | undefined;
|
|
519
521
|
role?: string | undefined;
|
|
520
522
|
roleIds?: string[] | undefined;
|
|
521
|
-
invitedByUserId?:
|
|
522
|
-
acceptedByUserId?:
|
|
523
|
+
invitedByUserId?: convex_values50.GenericId<"User"> | undefined;
|
|
524
|
+
acceptedByUserId?: convex_values50.GenericId<"User"> | undefined;
|
|
523
525
|
status: "pending" | "accepted" | "revoked" | "expired";
|
|
524
526
|
tokenHash: string;
|
|
525
527
|
}, {
|
|
526
|
-
groupId:
|
|
527
|
-
invitedByUserId:
|
|
528
|
-
email:
|
|
529
|
-
tokenHash:
|
|
530
|
-
role:
|
|
531
|
-
roleIds:
|
|
532
|
-
status:
|
|
533
|
-
expiresTime:
|
|
534
|
-
acceptedByUserId:
|
|
535
|
-
acceptedTime:
|
|
536
|
-
extend:
|
|
528
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group"> | undefined, "optional">;
|
|
529
|
+
invitedByUserId: convex_values50.VId<convex_values50.GenericId<"User"> | undefined, "optional">;
|
|
530
|
+
email: convex_values50.VString<string | undefined, "optional">;
|
|
531
|
+
tokenHash: convex_values50.VString<string, "required">;
|
|
532
|
+
role: convex_values50.VString<string | undefined, "optional">;
|
|
533
|
+
roleIds: convex_values50.VArray<string[] | undefined, convex_values50.VString<string, "required">, "optional">;
|
|
534
|
+
status: convex_values50.VUnion<"pending" | "accepted" | "revoked" | "expired", [convex_values50.VLiteral<"pending", "required">, convex_values50.VLiteral<"accepted", "required">, convex_values50.VLiteral<"revoked", "required">, convex_values50.VLiteral<"expired", "required">], "required", never>;
|
|
535
|
+
expiresTime: convex_values50.VFloat64<number | undefined, "optional">;
|
|
536
|
+
acceptedByUserId: convex_values50.VId<convex_values50.GenericId<"User"> | undefined, "optional">;
|
|
537
|
+
acceptedTime: convex_values50.VFloat64<number | undefined, "optional">;
|
|
538
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
537
539
|
}, "required", "email" | "status" | "expiresTime" | "acceptedTime" | "extend" | `extend.${string}` | "groupId" | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "acceptedByUserId">, {
|
|
538
540
|
token_hash: ["tokenHash", "_creationTime"];
|
|
539
541
|
status: ["status", "_creationTime"];
|
|
@@ -549,22 +551,22 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
549
551
|
* SDK can evolve without forcing schema churn for every protocol-specific
|
|
550
552
|
* field addition.
|
|
551
553
|
*/
|
|
552
|
-
GroupConnection:
|
|
554
|
+
GroupConnection: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
553
555
|
name?: string | undefined;
|
|
554
556
|
slug?: string | undefined;
|
|
555
557
|
extend?: any;
|
|
556
558
|
config?: any;
|
|
557
559
|
status: "draft" | "active" | "disabled";
|
|
558
560
|
protocol: "oidc" | "saml";
|
|
559
|
-
groupId:
|
|
561
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
560
562
|
}, {
|
|
561
|
-
groupId:
|
|
562
|
-
slug:
|
|
563
|
-
name:
|
|
564
|
-
protocol:
|
|
565
|
-
status:
|
|
566
|
-
config:
|
|
567
|
-
extend:
|
|
563
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
564
|
+
slug: convex_values50.VString<string | undefined, "optional">;
|
|
565
|
+
name: convex_values50.VString<string | undefined, "optional">;
|
|
566
|
+
protocol: convex_values50.VUnion<"oidc" | "saml", [convex_values50.VLiteral<"oidc", "required">, convex_values50.VLiteral<"saml", "required">], "required", never>;
|
|
567
|
+
status: convex_values50.VUnion<"draft" | "active" | "disabled", [convex_values50.VLiteral<"draft", "required">, convex_values50.VLiteral<"active", "required">, convex_values50.VLiteral<"disabled", "required">], "required", never>;
|
|
568
|
+
config: convex_values50.VAny<any, "optional", string>;
|
|
569
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
568
570
|
}, "required", "name" | "slug" | "status" | "extend" | `extend.${string}` | "protocol" | "groupId" | "config" | `config.${string}`>, {
|
|
569
571
|
group_id: ["groupId", "_creationTime"];
|
|
570
572
|
slug: ["slug", "_creationTime"];
|
|
@@ -575,18 +577,18 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
575
577
|
/**
|
|
576
578
|
* Verified or pending domains linked to an group connection record.
|
|
577
579
|
*/
|
|
578
|
-
GroupConnectionDomain:
|
|
580
|
+
GroupConnectionDomain: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
579
581
|
verifiedAt?: number | undefined;
|
|
580
|
-
groupId:
|
|
581
|
-
connectionId:
|
|
582
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
583
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
582
584
|
domain: string;
|
|
583
585
|
isPrimary: boolean;
|
|
584
586
|
}, {
|
|
585
|
-
connectionId:
|
|
586
|
-
groupId:
|
|
587
|
-
domain:
|
|
588
|
-
isPrimary:
|
|
589
|
-
verifiedAt:
|
|
587
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
588
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
589
|
+
domain: convex_values50.VString<string, "required">;
|
|
590
|
+
isPrimary: convex_values50.VBoolean<boolean, "required">;
|
|
591
|
+
verifiedAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
590
592
|
}, "required", "groupId" | "connectionId" | "domain" | "isPrimary" | "verifiedAt">, {
|
|
591
593
|
connection_id: ["connectionId", "_creationTime"];
|
|
592
594
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -595,26 +597,26 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
595
597
|
/**
|
|
596
598
|
* Pending DNS TXT verification challenges for group connection domains.
|
|
597
599
|
*/
|
|
598
|
-
GroupConnectionDomainVerification:
|
|
600
|
+
GroupConnectionDomainVerification: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
599
601
|
expiresAt: number;
|
|
600
|
-
groupId:
|
|
602
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
601
603
|
tokenHash: string;
|
|
602
|
-
connectionId:
|
|
604
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
603
605
|
domain: string;
|
|
604
|
-
domainId:
|
|
606
|
+
domainId: convex_values50.GenericId<"GroupConnectionDomain">;
|
|
605
607
|
recordName: string;
|
|
606
608
|
token: string;
|
|
607
609
|
requestedAt: number;
|
|
608
610
|
}, {
|
|
609
|
-
connectionId:
|
|
610
|
-
groupId:
|
|
611
|
-
domainId:
|
|
612
|
-
domain:
|
|
613
|
-
recordName:
|
|
614
|
-
token:
|
|
615
|
-
tokenHash:
|
|
616
|
-
requestedAt:
|
|
617
|
-
expiresAt:
|
|
611
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
612
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
613
|
+
domainId: convex_values50.VId<convex_values50.GenericId<"GroupConnectionDomain">, "required">;
|
|
614
|
+
domain: convex_values50.VString<string, "required">;
|
|
615
|
+
recordName: convex_values50.VString<string, "required">;
|
|
616
|
+
token: convex_values50.VString<string, "required">;
|
|
617
|
+
tokenHash: convex_values50.VString<string, "required">;
|
|
618
|
+
requestedAt: convex_values50.VFloat64<number, "required">;
|
|
619
|
+
expiresAt: convex_values50.VFloat64<number, "required">;
|
|
618
620
|
}, "required", "expiresAt" | "groupId" | "tokenHash" | "connectionId" | "domain" | "domainId" | "recordName" | "token" | "requestedAt">, {
|
|
619
621
|
connection_id: ["connectionId", "_creationTime"];
|
|
620
622
|
domain_id: ["domainId", "_creationTime"];
|
|
@@ -623,18 +625,18 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
623
625
|
/**
|
|
624
626
|
* Encrypted group connection secrets stored separately from protocol config.
|
|
625
627
|
*/
|
|
626
|
-
GroupConnectionSecret:
|
|
627
|
-
groupId:
|
|
628
|
-
connectionId:
|
|
628
|
+
GroupConnectionSecret: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
629
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
630
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
629
631
|
ciphertext: string;
|
|
630
632
|
updatedAt: number;
|
|
631
633
|
kind: "oidc_client_secret";
|
|
632
634
|
}, {
|
|
633
|
-
connectionId:
|
|
634
|
-
groupId:
|
|
635
|
-
kind:
|
|
636
|
-
ciphertext:
|
|
637
|
-
updatedAt:
|
|
635
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
636
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
637
|
+
kind: convex_values50.VUnion<"oidc_client_secret", [convex_values50.VLiteral<"oidc_client_secret", "required">], "required", never>;
|
|
638
|
+
ciphertext: convex_values50.VString<string, "required">;
|
|
639
|
+
updatedAt: convex_values50.VFloat64<number, "required">;
|
|
638
640
|
}, "required", "groupId" | "connectionId" | "ciphertext" | "updatedAt" | "kind">, {
|
|
639
641
|
connection_id: ["connectionId", "_creationTime"];
|
|
640
642
|
connection_id_kind: ["connectionId", "kind", "_creationTime"];
|
|
@@ -643,22 +645,22 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
643
645
|
/**
|
|
644
646
|
* SCIM configuration for an group connection tenant.
|
|
645
647
|
*/
|
|
646
|
-
GroupConnectionScimConfig:
|
|
648
|
+
GroupConnectionScimConfig: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
647
649
|
extend?: any;
|
|
648
650
|
lastRotatedAt?: number | undefined;
|
|
649
651
|
status: "draft" | "active" | "disabled";
|
|
650
|
-
groupId:
|
|
652
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
651
653
|
tokenHash: string;
|
|
652
|
-
connectionId:
|
|
654
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
653
655
|
basePath: string;
|
|
654
656
|
}, {
|
|
655
|
-
connectionId:
|
|
656
|
-
groupId:
|
|
657
|
-
status:
|
|
658
|
-
basePath:
|
|
659
|
-
tokenHash:
|
|
660
|
-
lastRotatedAt:
|
|
661
|
-
extend:
|
|
657
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
658
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
659
|
+
status: convex_values50.VUnion<"draft" | "active" | "disabled", [convex_values50.VLiteral<"draft", "required">, convex_values50.VLiteral<"active", "required">, convex_values50.VLiteral<"disabled", "required">], "required", never>;
|
|
660
|
+
basePath: convex_values50.VString<string, "required">;
|
|
661
|
+
tokenHash: convex_values50.VString<string, "required">;
|
|
662
|
+
lastRotatedAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
663
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
662
664
|
}, "required", "status" | "extend" | `extend.${string}` | "groupId" | "tokenHash" | "connectionId" | "basePath" | "lastRotatedAt">, {
|
|
663
665
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
664
666
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -668,26 +670,26 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
668
670
|
/**
|
|
669
671
|
* External SCIM identities mapped into local users/groups.
|
|
670
672
|
*/
|
|
671
|
-
GroupConnectionScimIdentity:
|
|
672
|
-
userId?:
|
|
673
|
+
GroupConnectionScimIdentity: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
674
|
+
userId?: convex_values50.GenericId<"User"> | undefined;
|
|
673
675
|
active?: boolean | undefined;
|
|
674
|
-
mappedGroupId?:
|
|
676
|
+
mappedGroupId?: convex_values50.GenericId<"Group"> | undefined;
|
|
675
677
|
lastProvisionedAt?: number | undefined;
|
|
676
678
|
raw?: any;
|
|
677
679
|
externalId: string;
|
|
678
|
-
groupId:
|
|
679
|
-
connectionId:
|
|
680
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
681
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
680
682
|
resourceType: "user" | "group";
|
|
681
683
|
}, {
|
|
682
|
-
connectionId:
|
|
683
|
-
groupId:
|
|
684
|
-
resourceType:
|
|
685
|
-
externalId:
|
|
686
|
-
userId:
|
|
687
|
-
mappedGroupId:
|
|
688
|
-
lastProvisionedAt:
|
|
689
|
-
active:
|
|
690
|
-
raw:
|
|
684
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
685
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
686
|
+
resourceType: convex_values50.VUnion<"user" | "group", [convex_values50.VLiteral<"user", "required">, convex_values50.VLiteral<"group", "required">], "required", never>;
|
|
687
|
+
externalId: convex_values50.VString<string, "required">;
|
|
688
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User"> | undefined, "optional">;
|
|
689
|
+
mappedGroupId: convex_values50.VId<convex_values50.GenericId<"Group"> | undefined, "optional">;
|
|
690
|
+
lastProvisionedAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
691
|
+
active: convex_values50.VBoolean<boolean | undefined, "optional">;
|
|
692
|
+
raw: convex_values50.VAny<any, "optional", string>;
|
|
691
693
|
}, "required", "userId" | "externalId" | "groupId" | "active" | "connectionId" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
|
|
692
694
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
693
695
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -699,32 +701,32 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
699
701
|
/**
|
|
700
702
|
* Immutable audit trail for group connection operations.
|
|
701
703
|
*/
|
|
702
|
-
GroupAuditEvent:
|
|
704
|
+
GroupAuditEvent: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
703
705
|
metadata?: any;
|
|
704
|
-
connectionId?:
|
|
706
|
+
connectionId?: convex_values50.GenericId<"GroupConnection"> | undefined;
|
|
705
707
|
actorId?: string | undefined;
|
|
706
708
|
subjectId?: string | undefined;
|
|
707
709
|
requestId?: string | undefined;
|
|
708
710
|
ip?: string | undefined;
|
|
709
711
|
status: "success" | "failure";
|
|
710
|
-
groupId:
|
|
712
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
711
713
|
actorType: "user" | "scim" | "system" | "api_key" | "webhook";
|
|
712
714
|
eventType: string;
|
|
713
715
|
subjectType: string;
|
|
714
716
|
occurredAt: number;
|
|
715
717
|
}, {
|
|
716
|
-
connectionId:
|
|
717
|
-
groupId:
|
|
718
|
-
eventType:
|
|
719
|
-
actorType:
|
|
720
|
-
actorId:
|
|
721
|
-
subjectType:
|
|
722
|
-
subjectId:
|
|
723
|
-
status:
|
|
724
|
-
occurredAt:
|
|
725
|
-
requestId:
|
|
726
|
-
ip:
|
|
727
|
-
metadata:
|
|
718
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection"> | undefined, "optional">;
|
|
719
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
720
|
+
eventType: convex_values50.VString<string, "required">;
|
|
721
|
+
actorType: convex_values50.VUnion<"user" | "scim" | "system" | "api_key" | "webhook", [convex_values50.VLiteral<"user", "required">, convex_values50.VLiteral<"system", "required">, convex_values50.VLiteral<"scim", "required">, convex_values50.VLiteral<"api_key", "required">, convex_values50.VLiteral<"webhook", "required">], "required", never>;
|
|
722
|
+
actorId: convex_values50.VString<string | undefined, "optional">;
|
|
723
|
+
subjectType: convex_values50.VString<string, "required">;
|
|
724
|
+
subjectId: convex_values50.VString<string | undefined, "optional">;
|
|
725
|
+
status: convex_values50.VUnion<"success" | "failure", [convex_values50.VLiteral<"success", "required">, convex_values50.VLiteral<"failure", "required">], "required", never>;
|
|
726
|
+
occurredAt: convex_values50.VFloat64<number, "required">;
|
|
727
|
+
requestId: convex_values50.VString<string | undefined, "optional">;
|
|
728
|
+
ip: convex_values50.VString<string | undefined, "optional">;
|
|
729
|
+
metadata: convex_values50.VAny<any, "optional", string>;
|
|
728
730
|
}, "required", "status" | "metadata" | `metadata.${string}` | "groupId" | "connectionId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip">, {
|
|
729
731
|
group_connection_id_occurred_at: ["connectionId", "occurredAt", "_creationTime"];
|
|
730
732
|
group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
|
|
@@ -733,30 +735,30 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
733
735
|
/**
|
|
734
736
|
* Webhook endpoints subscribed to group audit and lifecycle events.
|
|
735
737
|
*/
|
|
736
|
-
GroupWebhookEndpoint:
|
|
738
|
+
GroupWebhookEndpoint: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
737
739
|
extend?: any;
|
|
738
|
-
createdByUserId?:
|
|
740
|
+
createdByUserId?: convex_values50.GenericId<"User"> | undefined;
|
|
739
741
|
lastSuccessAt?: number | undefined;
|
|
740
742
|
lastFailureAt?: number | undefined;
|
|
741
743
|
status: "active" | "disabled";
|
|
742
|
-
groupId:
|
|
743
|
-
connectionId:
|
|
744
|
+
groupId: convex_values50.GenericId<"Group">;
|
|
745
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
744
746
|
url: string;
|
|
745
747
|
secretHash: string;
|
|
746
748
|
subscriptions: string[];
|
|
747
749
|
failureCount: number;
|
|
748
750
|
}, {
|
|
749
|
-
connectionId:
|
|
750
|
-
groupId:
|
|
751
|
-
url:
|
|
752
|
-
status:
|
|
753
|
-
secretHash:
|
|
754
|
-
subscriptions:
|
|
755
|
-
createdByUserId:
|
|
756
|
-
lastSuccessAt:
|
|
757
|
-
lastFailureAt:
|
|
758
|
-
failureCount:
|
|
759
|
-
extend:
|
|
751
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
752
|
+
groupId: convex_values50.VId<convex_values50.GenericId<"Group">, "required">;
|
|
753
|
+
url: convex_values50.VString<string, "required">;
|
|
754
|
+
status: convex_values50.VUnion<"active" | "disabled", [convex_values50.VLiteral<"active", "required">, convex_values50.VLiteral<"disabled", "required">], "required", never>;
|
|
755
|
+
secretHash: convex_values50.VString<string, "required">;
|
|
756
|
+
subscriptions: convex_values50.VArray<string[], convex_values50.VString<string, "required">, "required">;
|
|
757
|
+
createdByUserId: convex_values50.VId<convex_values50.GenericId<"User"> | undefined, "optional">;
|
|
758
|
+
lastSuccessAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
759
|
+
lastFailureAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
760
|
+
failureCount: convex_values50.VFloat64<number, "required">;
|
|
761
|
+
extend: convex_values50.VAny<any, "optional", string>;
|
|
760
762
|
}, "required", "status" | "extend" | `extend.${string}` | "groupId" | "connectionId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
|
|
761
763
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
762
764
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -765,30 +767,30 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
765
767
|
/**
|
|
766
768
|
* Delivery queue for outbound group webhooks.
|
|
767
769
|
*/
|
|
768
|
-
GroupWebhookDelivery:
|
|
769
|
-
auditEventId?:
|
|
770
|
+
GroupWebhookDelivery: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
771
|
+
auditEventId?: convex_values50.GenericId<"GroupAuditEvent"> | undefined;
|
|
770
772
|
lastAttemptAt?: number | undefined;
|
|
771
773
|
lastResponseStatus?: number | undefined;
|
|
772
774
|
lastError?: string | undefined;
|
|
773
775
|
status: "pending" | "processing" | "delivered" | "failed";
|
|
774
|
-
connectionId:
|
|
776
|
+
connectionId: convex_values50.GenericId<"GroupConnection">;
|
|
775
777
|
eventType: string;
|
|
776
|
-
endpointId:
|
|
778
|
+
endpointId: convex_values50.GenericId<"GroupWebhookEndpoint">;
|
|
777
779
|
attemptCount: number;
|
|
778
780
|
nextAttemptAt: number;
|
|
779
781
|
payload: any;
|
|
780
782
|
}, {
|
|
781
|
-
connectionId:
|
|
782
|
-
endpointId:
|
|
783
|
-
auditEventId:
|
|
784
|
-
eventType:
|
|
785
|
-
status:
|
|
786
|
-
attemptCount:
|
|
787
|
-
nextAttemptAt:
|
|
788
|
-
lastAttemptAt:
|
|
789
|
-
lastResponseStatus:
|
|
790
|
-
lastError:
|
|
791
|
-
payload:
|
|
783
|
+
connectionId: convex_values50.VId<convex_values50.GenericId<"GroupConnection">, "required">;
|
|
784
|
+
endpointId: convex_values50.VId<convex_values50.GenericId<"GroupWebhookEndpoint">, "required">;
|
|
785
|
+
auditEventId: convex_values50.VId<convex_values50.GenericId<"GroupAuditEvent"> | undefined, "optional">;
|
|
786
|
+
eventType: convex_values50.VString<string, "required">;
|
|
787
|
+
status: convex_values50.VUnion<"pending" | "processing" | "delivered" | "failed", [convex_values50.VLiteral<"pending", "required">, convex_values50.VLiteral<"processing", "required">, convex_values50.VLiteral<"delivered", "required">, convex_values50.VLiteral<"failed", "required">], "required", never>;
|
|
788
|
+
attemptCount: convex_values50.VFloat64<number, "required">;
|
|
789
|
+
nextAttemptAt: convex_values50.VFloat64<number, "required">;
|
|
790
|
+
lastAttemptAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
791
|
+
lastResponseStatus: convex_values50.VFloat64<number | undefined, "optional">;
|
|
792
|
+
lastError: convex_values50.VString<string | undefined, "optional">;
|
|
793
|
+
payload: convex_values50.VAny<any, "required", string>;
|
|
792
794
|
}, "required", "status" | "connectionId" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
|
|
793
795
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
794
796
|
status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
|
|
@@ -808,7 +810,7 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
808
810
|
* - **Expiration**: optional TTL
|
|
809
811
|
* - **Soft revocation**: `revoked` flag preserves audit trail
|
|
810
812
|
*/
|
|
811
|
-
ApiKey:
|
|
813
|
+
ApiKey: convex_server80.TableDefinition<convex_values50.VObject<{
|
|
812
814
|
lastUsedAt?: number | undefined;
|
|
813
815
|
expiresAt?: number | undefined;
|
|
814
816
|
rateLimit?: {
|
|
@@ -822,7 +824,7 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
822
824
|
metadata?: any;
|
|
823
825
|
name: string;
|
|
824
826
|
revoked: boolean;
|
|
825
|
-
userId:
|
|
827
|
+
userId: convex_values50.GenericId<"User">;
|
|
826
828
|
prefix: string;
|
|
827
829
|
hashedKey: string;
|
|
828
830
|
scopes: {
|
|
@@ -831,39 +833,39 @@ declare const _default: convex_server89.SchemaDefinition<{
|
|
|
831
833
|
}[];
|
|
832
834
|
createdAt: number;
|
|
833
835
|
}, {
|
|
834
|
-
userId:
|
|
835
|
-
prefix:
|
|
836
|
-
hashedKey:
|
|
837
|
-
name:
|
|
838
|
-
scopes:
|
|
836
|
+
userId: convex_values50.VId<convex_values50.GenericId<"User">, "required">; /** First chars of the key for display (e.g. "sk_abc1..."). */
|
|
837
|
+
prefix: convex_values50.VString<string, "required">; /** SHA-256 hex hash of the full raw key. */
|
|
838
|
+
hashedKey: convex_values50.VString<string, "required">; /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
|
|
839
|
+
name: convex_values50.VString<string, "required">; /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
|
|
840
|
+
scopes: convex_values50.VArray<{
|
|
839
841
|
resource: string;
|
|
840
842
|
actions: string[];
|
|
841
|
-
}[],
|
|
843
|
+
}[], convex_values50.VObject<{
|
|
842
844
|
resource: string;
|
|
843
845
|
actions: string[];
|
|
844
846
|
}, {
|
|
845
|
-
resource:
|
|
846
|
-
actions:
|
|
847
|
+
resource: convex_values50.VString<string, "required">;
|
|
848
|
+
actions: convex_values50.VArray<string[], convex_values50.VString<string, "required">, "required">;
|
|
847
849
|
}, "required", "resource" | "actions">, "required">; /** Optional per-key rate limit configuration. */
|
|
848
|
-
rateLimit:
|
|
850
|
+
rateLimit: convex_values50.VObject<{
|
|
849
851
|
maxRequests: number;
|
|
850
852
|
windowMs: number;
|
|
851
853
|
} | undefined, {
|
|
852
|
-
maxRequests:
|
|
853
|
-
windowMs:
|
|
854
|
+
maxRequests: convex_values50.VFloat64<number, "required">;
|
|
855
|
+
windowMs: convex_values50.VFloat64<number, "required">;
|
|
854
856
|
}, "optional", "maxRequests" | "windowMs">; /** Rate limit state tracking (token-bucket). */
|
|
855
|
-
rateLimitState:
|
|
857
|
+
rateLimitState: convex_values50.VObject<{
|
|
856
858
|
attemptsLeft: number;
|
|
857
859
|
lastAttemptTime: number;
|
|
858
860
|
} | undefined, {
|
|
859
|
-
attemptsLeft:
|
|
860
|
-
lastAttemptTime:
|
|
861
|
+
attemptsLeft: convex_values50.VFloat64<number, "required">;
|
|
862
|
+
lastAttemptTime: convex_values50.VFloat64<number, "required">;
|
|
861
863
|
}, "optional", "attemptsLeft" | "lastAttemptTime">; /** Expiration timestamp. Null/undefined = never expires. */
|
|
862
|
-
expiresAt:
|
|
863
|
-
lastUsedAt:
|
|
864
|
-
createdAt:
|
|
865
|
-
revoked:
|
|
866
|
-
metadata:
|
|
864
|
+
expiresAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
865
|
+
lastUsedAt: convex_values50.VFloat64<number | undefined, "optional">;
|
|
866
|
+
createdAt: convex_values50.VFloat64<number, "required">; /** Soft-revoke flag. Revoked keys are kept for audit trail. */
|
|
867
|
+
revoked: convex_values50.VBoolean<boolean, "required">; /** Arbitrary app-specific metadata attached to the key. */
|
|
868
|
+
metadata: convex_values50.VAny<any, "optional", string>;
|
|
867
869
|
}, "required", "name" | "revoked" | "lastUsedAt" | "expiresAt" | "userId" | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "createdAt" | "metadata" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime" | `metadata.${string}`>, {
|
|
868
870
|
user_id: ["userId", "_creationTime"];
|
|
869
871
|
hashed_key: ["hashedKey", "_creationTime"];
|