@robelest/convex-auth 0.0.4-preview.34 → 0.0.4-preview.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/component/_generated/component.d.ts +6 -0
  2. package/dist/component/convex.config.js +2 -0
  3. package/dist/component/migrations.js +36 -0
  4. package/dist/component/model.d.ts +179 -177
  5. package/dist/component/model.js +1 -0
  6. package/dist/component/modules.js +1 -0
  7. package/dist/component/schema.d.ts +363 -361
  8. package/dist/component/schema.js +1 -0
  9. package/dist/core/index.d.ts +25 -25
  10. package/dist/core/index.js +4 -2
  11. package/dist/model.js +1 -0
  12. package/dist/server/auth.d.ts +4 -3
  13. package/dist/server/auth.js +2 -2
  14. package/dist/server/mounts.d.ts +32 -32
  15. package/dist/server/runtime.d.ts +11 -11
  16. package/dist/server/sso/domain.d.ts +1 -1
  17. package/dist/server/validators.d.ts +379 -371
  18. package/package.json +2 -1
package/dist/component/schema.js CHANGED
@@ -20,6 +20,7 @@ var schema_default = defineSchema({
20
20
  phoneVerificationTime: v.optional(v.number()),
21
21
  isAnonymous: v.optional(v.boolean()),
22
22
  lastActiveGroup: v.optional(v.id("Group")),
23
+ hasTotp: v.optional(v.boolean()),
23
24
  extend: v.optional(v.any())
24
25
  }).index("email", ["email"]).index("email_verified", ["email", "emailVerificationTime"]).index("phone", ["phone"]).index("phone_verified", ["phone", "phoneVerificationTime"]),
25
26
  UserEmail: defineTable({
package/dist/core/index.d.ts CHANGED
@@ -179,6 +179,31 @@ declare function createAuthContext(component: ConvexAuthConfig["component"], con
179
179
  }>;
180
180
  };
181
181
  group: {
182
+ active: {
183
+ get: (ctx: ComponentReadCtx & {
184
+ auth: convex_server0.Auth;
185
+ }, opts?: {
186
+ userId?: string;
187
+ }) => Promise<{
188
+ groupId: string;
189
+ group: Doc<"Group"> | null;
190
+ membership: Doc<"GroupMember">;
191
+ } | null>;
192
+ set: (ctx: ComponentCtx & {
193
+ auth: convex_server0.Auth;
194
+ }, groupId: string, opts?: {
195
+ userId?: string;
196
+ }) => Promise<{
197
+ groupId: string;
198
+ }>;
199
+ clear: (ctx: ComponentCtx & {
200
+ auth: convex_server0.Auth;
201
+ }, opts?: {
202
+ userId?: string;
203
+ }) => Promise<{
204
+ groupId: null;
205
+ }>;
206
+ };
182
207
  create: (ctx: ComponentCtx, data: {
183
208
  name: string;
184
209
  slug?: string;
@@ -474,31 +499,6 @@ declare function createAuthContext(component: ConvexAuthConfig["component"], con
474
499
  secret: string;
475
500
  }>;
476
501
  };
477
- active: {
478
- get: (ctx: ComponentReadCtx & {
479
- auth: convex_server0.Auth;
480
- }, opts?: {
481
- userId?: string;
482
- }) => Promise<{
483
- groupId: string;
484
- group: Doc<"Group"> | null;
485
- membership: Doc<"GroupMember">;
486
- } | null>;
487
- set: (ctx: ComponentCtx & {
488
- auth: convex_server0.Auth;
489
- }, groupId: string, opts?: {
490
- userId?: string;
491
- }) => Promise<{
492
- groupId: string;
493
- }>;
494
- clear: (ctx: ComponentCtx & {
495
- auth: convex_server0.Auth;
496
- }, opts?: {
497
- userId?: string;
498
- }) => Promise<{
499
- groupId: null;
500
- }>;
501
- };
502
502
  };
503
503
  //#endregion
504
504
  export { type AuthContext, type AuthContextConfig, type OptionalAuthContext, type UserDoc, createAuthContext };
package/dist/core/index.js CHANGED
@@ -64,11 +64,13 @@ function createAuthContext(component, config) {
64
64
  user: domains.user,
65
65
  session: domains.session,
66
66
  account: domains.account,
67
- group: domains.group,
67
+ group: {
68
+ ...domains.group,
69
+ active: domains.active
70
+ },
68
71
  member: domains.member,
69
72
  invite: domains.invite,
70
73
  key: domains.key,
71
- active: domains.active,
72
74
  ...createAuthContextFacade(authLike)
73
75
  };
74
76
  }
package/dist/model.js CHANGED
@@ -118,6 +118,7 @@ const vUserDoc = v.object({
118
118
  phoneVerificationTime: v.optional(v.number()),
119
119
  isAnonymous: v.optional(v.boolean()),
120
120
  lastActiveGroup: v.optional(v.id(TABLES.Group)),
121
+ hasTotp: v.optional(v.boolean()),
121
122
  extend: v.optional(v.any())
122
123
  });
123
124
  const vUserEmailSource = v.union(v.literal("password"), v.literal("oauth"), v.literal("oidc"), v.literal("saml"), v.literal("scim"));
package/dist/server/auth.d.ts CHANGED
@@ -117,11 +117,12 @@ type AuthApiBase<TAuthorization extends AuthAuthorizationConfig | undefined = un
117
117
  session: ReturnType<typeof Auth>["auth"]["session"];
118
118
  provider: ReturnType<typeof Auth>["auth"]["provider"];
119
119
  account: ReturnType<typeof Auth>["auth"]["account"];
120
- group: ReturnType<typeof Auth>["auth"]["group"];
120
+ group: ReturnType<typeof Auth>["auth"]["group"] & {
121
+ /** Current user's active-group selection (`get` / `set` / `clear`). */active: ReturnType<typeof Auth>["auth"]["active"];
122
+ };
121
123
  member: MemberApiWithAuthorization<TAuthorization>;
122
124
  invite: ReturnType<typeof Auth>["auth"]["invite"];
123
- key: ReturnType<typeof Auth>["auth"]["key"]; /** Current user's active-group selection (`get` / `set` / `clear`). */
124
- active: ReturnType<typeof Auth>["auth"]["active"];
125
+ key: ReturnType<typeof Auth>["auth"]["key"];
125
126
  request: ReturnType<typeof Auth>["auth"]["request"];
126
127
  /**
127
128
  * Resolve the current request's auth context. Framework-agnostic — use
package/dist/server/auth.js CHANGED
@@ -142,12 +142,12 @@ function createAuth(component, config) {
142
142
  account: authResult.auth.account,
143
143
  group: {
144
144
  ...authResult.auth.group,
145
- sso: publicGroupSso
145
+ sso: publicGroupSso,
146
+ active: authResult.auth.active
146
147
  },
147
148
  member: authResult.auth.member,
148
149
  invite: authResult.auth.invite,
149
150
  key: authResult.auth.key,
150
- active: authResult.auth.active,
151
151
  request: authResult.auth.request,
152
152
  ...createAuthContextFacade(authResult.auth)
153
153
  };
package/dist/server/mounts.d.ts CHANGED
@@ -215,10 +215,10 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
215
215
  connection: {
216
216
  create: convex_server19.RegisteredMutation<"public", {
217
217
  name?: string | undefined;
218
- slug?: string | undefined;
219
218
  status?: "draft" | "active" | "disabled" | undefined;
219
+ slug?: string | undefined;
220
220
  domain?: string | undefined;
221
- protocol: "saml" | "oidc";
221
+ protocol: "oidc" | "saml";
222
222
  groupId: string;
223
223
  }, Promise<{
224
224
  groupId: string;
@@ -264,9 +264,9 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
264
264
  list: convex_server19.RegisteredQuery<"public", {
265
265
  limit?: number | undefined;
266
266
  where?: {
267
+ status?: "draft" | "active" | "disabled" | undefined;
267
268
  slug?: string | undefined;
268
269
  groupId?: string | undefined;
269
- status?: "draft" | "active" | "disabled" | undefined;
270
270
  } | undefined;
271
271
  cursor?: string | null | undefined;
272
272
  orderBy?: string | undefined;
@@ -289,8 +289,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
289
289
  connectionId: string;
290
290
  data: {
291
291
  name?: string | undefined;
292
- slug?: string | undefined;
293
292
  status?: "draft" | "active" | "disabled" | undefined;
293
+ slug?: string | undefined;
294
294
  };
295
295
  }, Promise<{
296
296
  connectionId: string;
@@ -441,13 +441,13 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
441
441
  configure: convex_server19.RegisteredMutation<"public", {
442
442
  profile?: {
443
443
  mapping?: {
444
- email?: string | undefined;
445
444
  name?: string | undefined;
446
- emailVerified?: string | undefined;
445
+ email?: string | undefined;
447
446
  image?: string | undefined;
448
- subject?: string | undefined;
447
+ emailVerified?: string | undefined;
449
448
  groups?: string | undefined;
450
449
  roles?: string | undefined;
450
+ subject?: string | undefined;
451
451
  } | undefined;
452
452
  extraFields?: Record<string, string> | undefined;
453
453
  } | undefined;
@@ -511,12 +511,12 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
511
511
  configure: convex_server19.RegisteredAction<"public", {
512
512
  profile?: {
513
513
  mapping?: {
514
- email?: string | undefined;
515
514
  name?: string | undefined;
515
+ email?: string | undefined;
516
516
  image?: string | undefined;
517
- subject?: string | undefined;
518
517
  groups?: string | undefined;
519
518
  roles?: string | undefined;
519
+ subject?: string | undefined;
520
520
  firstName?: string | undefined;
521
521
  lastName?: string | undefined;
522
522
  } | undefined;
@@ -600,8 +600,8 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
600
600
  patch: {
601
601
  identity?: {
602
602
  accountLinking?: {
603
- saml?: "verifiedEmail" | "none" | "sameConnection" | undefined;
604
603
  oidc?: "verifiedEmail" | "none" | "sameConnection" | undefined;
604
+ saml?: "verifiedEmail" | "none" | "sameConnection" | undefined;
605
605
  } | undefined;
606
606
  } | undefined;
607
607
  provisioning?: {
@@ -609,7 +609,7 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
609
609
  createOnSignIn?: boolean | undefined;
610
610
  updateProfileOnLogin?: "never" | "missing" | "always" | undefined;
611
611
  updateProfileFromScim?: "never" | "missing" | "always" | undefined;
612
- authority?: "app" | "sso" | "scim" | undefined;
612
+ authority?: "scim" | "app" | "sso" | undefined;
613
613
  } | undefined;
614
614
  scimReuse?: {
615
615
  user?: "none" | "externalId" | undefined;
@@ -622,13 +622,13 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
622
622
  mode?: "soft" | "hard" | undefined;
623
623
  } | undefined;
624
624
  groups?: {
625
- mode?: "ignore" | "sync" | undefined;
626
625
  source?: "protocol" | undefined;
626
+ mode?: "ignore" | "sync" | undefined;
627
627
  mapping?: Record<string, string[]> | undefined;
628
628
  } | undefined;
629
629
  roles?: {
630
- mode?: "map" | "ignore" | undefined;
631
630
  source?: "protocol" | undefined;
631
+ mode?: "map" | "ignore" | undefined;
632
632
  mapping?: Record<string, string[]> | undefined;
633
633
  } | undefined;
634
634
  } | undefined;
@@ -772,22 +772,22 @@ declare function sso<TAuthorization extends AuthAuthorizationConfig | undefined
772
772
  declare function scim<TAuthorization extends AuthAuthorizationConfig | undefined = undefined, TRequirement = unknown>(auth: Pick<AuthApi<TAuthorization>, "context" | "group">, options?: CreateAuthGroupSsoOptions<TRequirement>): {
773
773
  admin: {
774
774
  configure: convex_server19.RegisteredMutation<"public", {
775
+ status?: "draft" | "active" | "disabled" | undefined;
775
776
  profile?: {
776
777
  mapping?: {
777
- email?: string | undefined;
778
778
  name?: string | undefined;
779
- subject?: string | undefined;
779
+ email?: string | undefined;
780
780
  phone?: string | undefined;
781
781
  externalId?: string | undefined;
782
782
  groups?: string | undefined;
783
783
  roles?: string | undefined;
784
784
  active?: string | undefined;
785
+ subject?: string | undefined;
785
786
  firstName?: string | undefined;
786
787
  lastName?: string | undefined;
787
788
  } | undefined;
788
789
  extraFields?: Record<string, string> | undefined;
789
790
  } | undefined;
790
- status?: "draft" | "active" | "disabled" | undefined;
791
791
  security?: {
792
792
  maxRequestSize?: number | undefined;
793
793
  } | undefined;
@@ -941,10 +941,10 @@ declare function scim<TAuthorization extends AuthAuthorizationConfig | undefined
941
941
  declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConfig | undefined = undefined, TRequirement = unknown>(auth: Pick<AuthApi<TAuthorization>, "context" | "group" | "member">, options: CreateAuthGroupSsoOptions<TRequirement>): {
942
942
  createConnection: convex_server19.RegisteredMutation<"public", {
943
943
  name?: string | undefined;
944
- slug?: string | undefined;
945
944
  status?: "draft" | "active" | "disabled" | undefined;
945
+ slug?: string | undefined;
946
946
  domain?: string | undefined;
947
- protocol: "saml" | "oidc";
947
+ protocol: "oidc" | "saml";
948
948
  groupId: string;
949
949
  }, Promise<{
950
950
  groupId: string;
@@ -990,9 +990,9 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
990
990
  listConnections: convex_server19.RegisteredQuery<"public", {
991
991
  limit?: number | undefined;
992
992
  where?: {
993
+ status?: "draft" | "active" | "disabled" | undefined;
993
994
  slug?: string | undefined;
994
995
  groupId?: string | undefined;
995
- status?: "draft" | "active" | "disabled" | undefined;
996
996
  } | undefined;
997
997
  cursor?: string | null | undefined;
998
998
  orderBy?: string | undefined;
@@ -1015,8 +1015,8 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1015
1015
  connectionId: string;
1016
1016
  data: {
1017
1017
  name?: string | undefined;
1018
- slug?: string | undefined;
1019
1018
  status?: "draft" | "active" | "disabled" | undefined;
1019
+ slug?: string | undefined;
1020
1020
  };
1021
1021
  }, Promise<{
1022
1022
  connectionId: string;
@@ -1161,13 +1161,13 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1161
1161
  configureOidc: convex_server19.RegisteredMutation<"public", {
1162
1162
  profile?: {
1163
1163
  mapping?: {
1164
- email?: string | undefined;
1165
1164
  name?: string | undefined;
1166
- emailVerified?: string | undefined;
1165
+ email?: string | undefined;
1167
1166
  image?: string | undefined;
1168
- subject?: string | undefined;
1167
+ emailVerified?: string | undefined;
1169
1168
  groups?: string | undefined;
1170
1169
  roles?: string | undefined;
1170
+ subject?: string | undefined;
1171
1171
  } | undefined;
1172
1172
  extraFields?: Record<string, string> | undefined;
1173
1173
  } | undefined;
@@ -1229,12 +1229,12 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1229
1229
  configureSaml: convex_server19.RegisteredAction<"public", {
1230
1230
  profile?: {
1231
1231
  mapping?: {
1232
- email?: string | undefined;
1233
1232
  name?: string | undefined;
1233
+ email?: string | undefined;
1234
1234
  image?: string | undefined;
1235
- subject?: string | undefined;
1236
1235
  groups?: string | undefined;
1237
1236
  roles?: string | undefined;
1237
+ subject?: string | undefined;
1238
1238
  firstName?: string | undefined;
1239
1239
  lastName?: string | undefined;
1240
1240
  } | undefined;
@@ -1316,8 +1316,8 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1316
1316
  patch: {
1317
1317
  identity?: {
1318
1318
  accountLinking?: {
1319
- saml?: "verifiedEmail" | "none" | "sameConnection" | undefined;
1320
1319
  oidc?: "verifiedEmail" | "none" | "sameConnection" | undefined;
1320
+ saml?: "verifiedEmail" | "none" | "sameConnection" | undefined;
1321
1321
  } | undefined;
1322
1322
  } | undefined;
1323
1323
  provisioning?: {
@@ -1325,7 +1325,7 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1325
1325
  createOnSignIn?: boolean | undefined;
1326
1326
  updateProfileOnLogin?: "never" | "missing" | "always" | undefined;
1327
1327
  updateProfileFromScim?: "never" | "missing" | "always" | undefined;
1328
- authority?: "app" | "sso" | "scim" | undefined;
1328
+ authority?: "scim" | "app" | "sso" | undefined;
1329
1329
  } | undefined;
1330
1330
  scimReuse?: {
1331
1331
  user?: "none" | "externalId" | undefined;
@@ -1338,13 +1338,13 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1338
1338
  mode?: "soft" | "hard" | undefined;
1339
1339
  } | undefined;
1340
1340
  groups?: {
1341
- mode?: "ignore" | "sync" | undefined;
1342
1341
  source?: "protocol" | undefined;
1342
+ mode?: "ignore" | "sync" | undefined;
1343
1343
  mapping?: Record<string, string[]> | undefined;
1344
1344
  } | undefined;
1345
1345
  roles?: {
1346
- mode?: "map" | "ignore" | undefined;
1347
1346
  source?: "protocol" | undefined;
1347
+ mode?: "map" | "ignore" | undefined;
1348
1348
  mapping?: Record<string, string[]> | undefined;
1349
1349
  } | undefined;
1350
1350
  } | undefined;
@@ -1421,22 +1421,22 @@ declare function createAuthGroupSso<TAuthorization extends AuthAuthorizationConf
1421
1421
  endpointId: string;
1422
1422
  }>>;
1423
1423
  configureScim: convex_server19.RegisteredMutation<"public", {
1424
+ status?: "draft" | "active" | "disabled" | undefined;
1424
1425
  profile?: {
1425
1426
  mapping?: {
1426
- email?: string | undefined;
1427
1427
  name?: string | undefined;
1428
- subject?: string | undefined;
1428
+ email?: string | undefined;
1429
1429
  phone?: string | undefined;
1430
1430
  externalId?: string | undefined;
1431
1431
  groups?: string | undefined;
1432
1432
  roles?: string | undefined;
1433
1433
  active?: string | undefined;
1434
+ subject?: string | undefined;
1434
1435
  firstName?: string | undefined;
1435
1436
  lastName?: string | undefined;
1436
1437
  } | undefined;
1437
1438
  extraFields?: Record<string, string> | undefined;
1438
1439
  } | undefined;
1439
- status?: "draft" | "active" | "disabled" | undefined;
1440
1440
  security?: {
1441
1441
  maxRequestSize?: number | undefined;
1442
1442
  } | undefined;
package/dist/server/runtime.d.ts CHANGED
@@ -276,11 +276,11 @@ declare function Auth(config_: ConvexAuthConfig): {
276
276
  _id: GenericId<"GroupMember">;
277
277
  _creationTime: number;
278
278
  extend?: any;
279
+ status?: string | undefined;
279
280
  role?: string | undefined;
280
281
  roleIds?: string[] | undefined;
281
- status?: string | undefined;
282
- groupId: GenericId<"Group">;
283
282
  userId: GenericId<"User">;
283
+ groupId: GenericId<"Group">;
284
284
  } & {
285
285
  _id: GenericId<"GroupMember">;
286
286
  _creationTime: number;
@@ -705,36 +705,36 @@ declare function Auth(config_: ConvexAuthConfig): {
705
705
  type: "verifier";
706
706
  } | {
707
707
  type: "verifierSignature";
708
- signature: string;
709
708
  verifier: string;
709
+ signature: string;
710
710
  } | {
711
711
  emails?: {
712
- primary?: boolean | undefined;
713
712
  verified?: boolean | undefined;
713
+ primary?: boolean | undefined;
714
714
  email: string;
715
715
  }[] | undefined;
716
716
  accountExtend?: {
717
+ saml?: {
718
+ attributes?: Record<string, string | string[]> | undefined;
719
+ sessionIndex?: string | undefined;
720
+ } | undefined;
717
721
  identity?: {
718
722
  type?: string | undefined;
719
723
  provider?: string | undefined;
724
+ connectionId?: string | undefined;
720
725
  providerAccountId?: string | undefined;
721
726
  protocol?: string | undefined;
722
- connectionId?: string | undefined;
723
727
  subject?: string | undefined;
724
728
  issuer?: string | undefined;
725
729
  discoveryUrl?: string | undefined;
726
730
  entityId?: string | undefined;
727
731
  } | undefined;
728
- saml?: {
729
- attributes?: Record<string, string | string[]> | undefined;
730
- sessionIndex?: string | undefined;
731
- } | undefined;
732
732
  } | undefined;
733
- profile: Record<string, string | number | boolean | (string | number | boolean | null)[] | Record<string, string | number | boolean | (string | number | boolean | null)[] | null> | null>;
734
733
  type: "userOAuth";
735
734
  provider: string;
736
735
  providerAccountId: string;
737
736
  signature: string;
737
+ profile: Record<string, string | number | boolean | (string | number | boolean | null)[] | Record<string, string | number | boolean | (string | number | boolean | null)[] | null> | null>;
738
738
  } | {
739
739
  email?: string | undefined;
740
740
  phone?: string | undefined;
@@ -747,9 +747,9 @@ declare function Auth(config_: ConvexAuthConfig): {
747
747
  } | {
748
748
  shouldLinkViaEmail?: boolean | undefined;
749
749
  shouldLinkViaPhone?: boolean | undefined;
750
- profile: Record<string, string | number | boolean | (string | number | boolean | null)[] | Record<string, string | number | boolean | (string | number | boolean | null)[] | null> | null>;
751
750
  type: "createAccountFromCredentials";
752
751
  provider: string;
752
+ profile: Record<string, string | number | boolean | (string | number | boolean | null)[] | Record<string, string | number | boolean | (string | number | boolean | null)[] | null> | null>;
753
753
  account: {
754
754
  secret?: string | undefined;
755
755
  id: string;
package/dist/server/sso/domain.d.ts CHANGED
@@ -448,7 +448,7 @@ declare function createGroupConnectionDomain<TDeps extends DomainDeps>(deps: TDe
448
448
  loginHint?: string;
449
449
  }) => Promise<{
450
450
  connectionId: string;
451
- protocol: "saml" | "oidc";
451
+ protocol: "oidc" | "saml";
452
452
  providerId: string;
453
453
  signInPath: string;
454
454
  callbackPath: string;