@robelest/convex-auth 0.0.4-preview.36 → 0.0.4-preview.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/component/model.d.ts +143 -143
- package/dist/component/schema.d.ts +302 -302
- package/dist/model.js +1 -1
- package/dist/server/mounts.d.ts +2 -2
- package/dist/server/validators.d.ts +81 -85
- package/dist/server/validators.js +74 -12
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as convex_values1187 from "convex/values";
|
|
2
2
|
import * as convex_server93 from "convex/server";
|
|
3
3
|
|
|
4
4
|
//#region src/component/schema.d.ts
|
|
@@ -14,29 +14,29 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
14
14
|
* Authenticated users. A user may have multiple linked accounts
|
|
15
15
|
* and multiple concurrent sessions.
|
|
16
16
|
*/
|
|
17
|
-
User: convex_server93.TableDefinition<
|
|
17
|
+
User: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
18
18
|
name?: string | undefined;
|
|
19
19
|
email?: string | undefined;
|
|
20
|
-
phone?: string | undefined;
|
|
21
20
|
image?: string | undefined;
|
|
21
|
+
phone?: string | undefined;
|
|
22
22
|
emailVerificationTime?: number | undefined;
|
|
23
23
|
phoneVerificationTime?: number | undefined;
|
|
24
24
|
isAnonymous?: boolean | undefined;
|
|
25
|
-
lastActiveGroup?:
|
|
25
|
+
lastActiveGroup?: convex_values1187.GenericId<"Group"> | undefined;
|
|
26
26
|
hasTotp?: boolean | undefined;
|
|
27
27
|
extend?: any;
|
|
28
28
|
}, {
|
|
29
|
-
name:
|
|
30
|
-
image:
|
|
31
|
-
email:
|
|
32
|
-
emailVerificationTime:
|
|
33
|
-
phone:
|
|
34
|
-
phoneVerificationTime:
|
|
35
|
-
isAnonymous:
|
|
36
|
-
lastActiveGroup:
|
|
37
|
-
hasTotp:
|
|
38
|
-
extend:
|
|
39
|
-
}, "required", "name" | "email" | "
|
|
29
|
+
name: convex_values1187.VString<string | undefined, "optional">;
|
|
30
|
+
image: convex_values1187.VString<string | undefined, "optional">;
|
|
31
|
+
email: convex_values1187.VString<string | undefined, "optional">;
|
|
32
|
+
emailVerificationTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
33
|
+
phone: convex_values1187.VString<string | undefined, "optional">;
|
|
34
|
+
phoneVerificationTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
35
|
+
isAnonymous: convex_values1187.VBoolean<boolean | undefined, "optional">;
|
|
36
|
+
lastActiveGroup: convex_values1187.VId<convex_values1187.GenericId<"Group"> | undefined, "optional">;
|
|
37
|
+
hasTotp: convex_values1187.VBoolean<boolean | undefined, "optional">;
|
|
38
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
39
|
+
}, "required", "name" | "email" | "image" | "phone" | "emailVerificationTime" | "phoneVerificationTime" | "isAnonymous" | "lastActiveGroup" | "hasTotp" | "extend" | `extend.${string}`>, {
|
|
40
40
|
email: ["email", "_creationTime"];
|
|
41
41
|
email_verified: ["email", "emailVerificationTime", "_creationTime"];
|
|
42
42
|
phone: ["phone", "_creationTime"];
|
|
@@ -53,24 +53,24 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
53
53
|
* email-based account linking for SSO must stay scoped to the same
|
|
54
54
|
* `connectionId` (see server/users.ts) to avoid cross-IdP takeover.
|
|
55
55
|
*/
|
|
56
|
-
UserEmail: convex_server93.TableDefinition<
|
|
56
|
+
UserEmail: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
57
57
|
verificationTime?: number | undefined;
|
|
58
|
-
accountId?:
|
|
58
|
+
accountId?: convex_values1187.GenericId<"Account"> | undefined;
|
|
59
59
|
provider?: string | undefined;
|
|
60
|
-
connectionId?:
|
|
60
|
+
connectionId?: convex_values1187.GenericId<"GroupConnection"> | undefined;
|
|
61
61
|
email: string;
|
|
62
|
-
userId:
|
|
62
|
+
userId: convex_values1187.GenericId<"User">;
|
|
63
63
|
isPrimary: boolean;
|
|
64
64
|
source: "password" | "oauth" | "oidc" | "saml" | "scim";
|
|
65
65
|
}, {
|
|
66
|
-
userId:
|
|
67
|
-
email:
|
|
68
|
-
verificationTime:
|
|
69
|
-
isPrimary:
|
|
70
|
-
source:
|
|
71
|
-
accountId:
|
|
72
|
-
provider:
|
|
73
|
-
connectionId:
|
|
66
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">;
|
|
67
|
+
email: convex_values1187.VString<string, "required">;
|
|
68
|
+
verificationTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
69
|
+
isPrimary: convex_values1187.VBoolean<boolean, "required">;
|
|
70
|
+
source: convex_values1187.VUnion<"password" | "oauth" | "oidc" | "saml" | "scim", [convex_values1187.VLiteral<"password", "required">, convex_values1187.VLiteral<"oauth", "required">, convex_values1187.VLiteral<"oidc", "required">, convex_values1187.VLiteral<"saml", "required">, convex_values1187.VLiteral<"scim", "required">], "required", never>;
|
|
71
|
+
accountId: convex_values1187.VId<convex_values1187.GenericId<"Account"> | undefined, "optional">;
|
|
72
|
+
provider: convex_values1187.VString<string | undefined, "optional">;
|
|
73
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection"> | undefined, "optional">;
|
|
74
74
|
}, "required", "email" | "userId" | "verificationTime" | "isPrimary" | "source" | "accountId" | "provider" | "connectionId">, {
|
|
75
75
|
email: ["email", "_creationTime"];
|
|
76
76
|
email_verified: ["email", "verificationTime", "_creationTime"];
|
|
@@ -83,12 +83,12 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
83
83
|
* across different devices or browsers. Sessions expire after a
|
|
84
84
|
* configurable duration.
|
|
85
85
|
*/
|
|
86
|
-
Session: convex_server93.TableDefinition<
|
|
87
|
-
userId:
|
|
86
|
+
Session: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
87
|
+
userId: convex_values1187.GenericId<"User">;
|
|
88
88
|
expirationTime: number;
|
|
89
89
|
}, {
|
|
90
|
-
userId:
|
|
91
|
-
expirationTime:
|
|
90
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">;
|
|
91
|
+
expirationTime: convex_values1187.VFloat64<number, "required">;
|
|
92
92
|
}, "required", "userId" | "expirationTime">, {
|
|
93
93
|
user_id: ["userId", "_creationTime"];
|
|
94
94
|
}, {}, {}>;
|
|
@@ -97,23 +97,23 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
97
97
|
* authentication provider (e.g. Google OAuth, email/password).
|
|
98
98
|
* A user can have multiple accounts linked.
|
|
99
99
|
*/
|
|
100
|
-
Account: convex_server93.TableDefinition<
|
|
100
|
+
Account: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
101
|
+
emailVerified?: string | undefined;
|
|
101
102
|
extend?: any;
|
|
102
103
|
secret?: string | undefined;
|
|
103
|
-
emailVerified?: string | undefined;
|
|
104
104
|
phoneVerified?: string | undefined;
|
|
105
|
-
userId:
|
|
105
|
+
userId: convex_values1187.GenericId<"User">;
|
|
106
106
|
provider: string;
|
|
107
107
|
providerAccountId: string;
|
|
108
108
|
}, {
|
|
109
|
-
userId:
|
|
110
|
-
provider:
|
|
111
|
-
providerAccountId:
|
|
112
|
-
secret:
|
|
113
|
-
emailVerified:
|
|
114
|
-
phoneVerified:
|
|
115
|
-
extend:
|
|
116
|
-
}, "required", "extend" | `extend.${string}` | "userId" | "provider" | "providerAccountId" | "secret" | "
|
|
109
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">;
|
|
110
|
+
provider: convex_values1187.VString<string, "required">;
|
|
111
|
+
providerAccountId: convex_values1187.VString<string, "required">;
|
|
112
|
+
secret: convex_values1187.VString<string | undefined, "optional">;
|
|
113
|
+
emailVerified: convex_values1187.VString<string | undefined, "optional">;
|
|
114
|
+
phoneVerified: convex_values1187.VString<string | undefined, "optional">;
|
|
115
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
116
|
+
}, "required", "emailVerified" | "extend" | `extend.${string}` | "userId" | "provider" | "providerAccountId" | "secret" | "phoneVerified">, {
|
|
117
117
|
user_id_provider: ["userId", "provider", "_creationTime"];
|
|
118
118
|
provider_account_id: ["provider", "providerAccountId", "_creationTime"];
|
|
119
119
|
}, {}, {}>;
|
|
@@ -125,16 +125,16 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
125
125
|
* been used yet. A 10-second reuse window allows for concurrent requests.
|
|
126
126
|
* Any invalid use of a token invalidates the entire chain.
|
|
127
127
|
*/
|
|
128
|
-
RefreshToken: convex_server93.TableDefinition<
|
|
128
|
+
RefreshToken: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
129
129
|
firstUsedTime?: number | undefined;
|
|
130
|
-
parentRefreshTokenId?:
|
|
130
|
+
parentRefreshTokenId?: convex_values1187.GenericId<"RefreshToken"> | undefined;
|
|
131
131
|
expirationTime: number;
|
|
132
|
-
sessionId:
|
|
132
|
+
sessionId: convex_values1187.GenericId<"Session">;
|
|
133
133
|
}, {
|
|
134
|
-
sessionId:
|
|
135
|
-
expirationTime:
|
|
136
|
-
firstUsedTime:
|
|
137
|
-
parentRefreshTokenId:
|
|
134
|
+
sessionId: convex_values1187.VId<convex_values1187.GenericId<"Session">, "required">;
|
|
135
|
+
expirationTime: convex_values1187.VFloat64<number, "required">;
|
|
136
|
+
firstUsedTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
137
|
+
parentRefreshTokenId: convex_values1187.VId<convex_values1187.GenericId<"RefreshToken"> | undefined, "optional">;
|
|
138
138
|
}, "required", "expirationTime" | "sessionId" | "firstUsedTime" | "parentRefreshTokenId">, {
|
|
139
139
|
session_id: ["sessionId", "_creationTime"];
|
|
140
140
|
session_id_first_used: ["sessionId", "firstUsedTime", "_creationTime"];
|
|
@@ -143,23 +143,23 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
143
143
|
/**
|
|
144
144
|
* Verification codes for OTP tokens, magic link tokens, and OAuth codes.
|
|
145
145
|
*/
|
|
146
|
-
VerificationCode: convex_server93.TableDefinition<
|
|
146
|
+
VerificationCode: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
147
147
|
emailVerified?: string | undefined;
|
|
148
148
|
phoneVerified?: string | undefined;
|
|
149
149
|
verifier?: string | undefined;
|
|
150
|
-
accountId:
|
|
150
|
+
accountId: convex_values1187.GenericId<"Account">;
|
|
151
151
|
provider: string;
|
|
152
152
|
expirationTime: number;
|
|
153
153
|
code: string;
|
|
154
154
|
}, {
|
|
155
|
-
accountId:
|
|
156
|
-
provider:
|
|
157
|
-
code:
|
|
158
|
-
expirationTime:
|
|
159
|
-
verifier:
|
|
160
|
-
emailVerified:
|
|
161
|
-
phoneVerified:
|
|
162
|
-
}, "required", "
|
|
155
|
+
accountId: convex_values1187.VId<convex_values1187.GenericId<"Account">, "required">;
|
|
156
|
+
provider: convex_values1187.VString<string, "required">;
|
|
157
|
+
code: convex_values1187.VString<string, "required">;
|
|
158
|
+
expirationTime: convex_values1187.VFloat64<number, "required">;
|
|
159
|
+
verifier: convex_values1187.VString<string | undefined, "optional">;
|
|
160
|
+
emailVerified: convex_values1187.VString<string | undefined, "optional">;
|
|
161
|
+
phoneVerified: convex_values1187.VString<string | undefined, "optional">;
|
|
162
|
+
}, "required", "emailVerified" | "accountId" | "provider" | "expirationTime" | "phoneVerified" | "code" | "verifier">, {
|
|
163
163
|
account_id: ["accountId", "_creationTime"];
|
|
164
164
|
code: ["code", "_creationTime"];
|
|
165
165
|
}, {}, {}>;
|
|
@@ -167,14 +167,14 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
167
167
|
* PKCE verifiers for OAuth flows. Stores the cryptographic verifier
|
|
168
168
|
* used to prove the authorization request originated from this client.
|
|
169
169
|
*/
|
|
170
|
-
AuthVerifier: convex_server93.TableDefinition<
|
|
170
|
+
AuthVerifier: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
171
171
|
expirationTime?: number | undefined;
|
|
172
|
-
sessionId?:
|
|
172
|
+
sessionId?: convex_values1187.GenericId<"Session"> | undefined;
|
|
173
173
|
signature?: string | undefined;
|
|
174
174
|
}, {
|
|
175
|
-
sessionId:
|
|
176
|
-
signature:
|
|
177
|
-
expirationTime:
|
|
175
|
+
sessionId: convex_values1187.VId<convex_values1187.GenericId<"Session"> | undefined, "optional">;
|
|
176
|
+
signature: convex_values1187.VString<string | undefined, "optional">;
|
|
177
|
+
expirationTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
178
178
|
}, "required", "expirationTime" | "sessionId" | "signature">, {
|
|
179
179
|
signature: ["signature", "_creationTime"];
|
|
180
180
|
}, {}, {}>;
|
|
@@ -183,11 +183,11 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
183
183
|
* registered authenticator (Touch ID, Face ID, security key, etc.).
|
|
184
184
|
* A user can have multiple passkeys across different devices.
|
|
185
185
|
*/
|
|
186
|
-
Passkey: convex_server93.TableDefinition<
|
|
186
|
+
Passkey: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
187
187
|
name?: string | undefined;
|
|
188
188
|
transports?: string[] | undefined;
|
|
189
189
|
lastUsedAt?: number | undefined;
|
|
190
|
-
userId:
|
|
190
|
+
userId: convex_values1187.GenericId<"User">;
|
|
191
191
|
credentialId: string;
|
|
192
192
|
publicKey: ArrayBuffer;
|
|
193
193
|
algorithm: number;
|
|
@@ -196,17 +196,17 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
196
196
|
backedUp: boolean;
|
|
197
197
|
createdAt: number;
|
|
198
198
|
}, {
|
|
199
|
-
userId:
|
|
200
|
-
credentialId:
|
|
201
|
-
publicKey:
|
|
202
|
-
algorithm:
|
|
203
|
-
counter:
|
|
204
|
-
transports:
|
|
205
|
-
deviceType:
|
|
206
|
-
backedUp:
|
|
207
|
-
name:
|
|
208
|
-
createdAt:
|
|
209
|
-
lastUsedAt:
|
|
199
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">; /** Base64url-encoded credential ID from the authenticator. */
|
|
200
|
+
credentialId: convex_values1187.VString<string, "required">; /** Public key bytes (SEC1 uncompressed for EC, SPKI for RSA). */
|
|
201
|
+
publicKey: convex_values1187.VBytes<ArrayBuffer, "required">; /** COSE algorithm identifier (-7 for ES256, -257 for RS256, -8 for EdDSA). */
|
|
202
|
+
algorithm: convex_values1187.VFloat64<number, "required">; /** Signature counter for clone detection. Many authenticators return 0. */
|
|
203
|
+
counter: convex_values1187.VFloat64<number, "required">; /** Authenticator transport hints (e.g. "internal", "hybrid", "usb", "ble", "nfc"). */
|
|
204
|
+
transports: convex_values1187.VArray<string[] | undefined, convex_values1187.VString<string, "required">, "optional">; /** Whether this is a single-device or multi-device (synced) credential. */
|
|
205
|
+
deviceType: convex_values1187.VString<string, "required">; /** Whether the credential is backed up (synced passkey). */
|
|
206
|
+
backedUp: convex_values1187.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "MacBook Touch ID"). */
|
|
207
|
+
name: convex_values1187.VString<string | undefined, "optional">;
|
|
208
|
+
createdAt: convex_values1187.VFloat64<number, "required">;
|
|
209
|
+
lastUsedAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
210
210
|
}, "required", "name" | "userId" | "credentialId" | "publicKey" | "algorithm" | "counter" | "transports" | "deviceType" | "backedUp" | "createdAt" | "lastUsedAt">, {
|
|
211
211
|
user_id: ["userId", "_creationTime"];
|
|
212
212
|
credential_id: ["credentialId", "_creationTime"];
|
|
@@ -220,24 +220,24 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
220
220
|
* by successfully entering a code from their authenticator app.
|
|
221
221
|
* Unverified enrollments are in-progress setup that can be discarded.
|
|
222
222
|
*/
|
|
223
|
-
TotpFactor: convex_server93.TableDefinition<
|
|
223
|
+
TotpFactor: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
224
224
|
name?: string | undefined;
|
|
225
225
|
lastUsedAt?: number | undefined;
|
|
226
|
-
userId:
|
|
226
|
+
userId: convex_values1187.GenericId<"User">;
|
|
227
227
|
secret: ArrayBuffer;
|
|
228
228
|
createdAt: number;
|
|
229
229
|
digits: number;
|
|
230
230
|
period: number;
|
|
231
231
|
verified: boolean;
|
|
232
232
|
}, {
|
|
233
|
-
userId:
|
|
234
|
-
secret:
|
|
235
|
-
digits:
|
|
236
|
-
period:
|
|
237
|
-
verified:
|
|
238
|
-
name:
|
|
239
|
-
createdAt:
|
|
240
|
-
lastUsedAt:
|
|
233
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">; /** Raw TOTP secret key bytes. */
|
|
234
|
+
secret: convex_values1187.VBytes<ArrayBuffer, "required">; /** Number of digits in each code (typically 6). */
|
|
235
|
+
digits: convex_values1187.VFloat64<number, "required">; /** Time period in seconds for code rotation (typically 30). */
|
|
236
|
+
period: convex_values1187.VFloat64<number, "required">; /** Whether setup has been confirmed with a valid code. */
|
|
237
|
+
verified: convex_values1187.VBoolean<boolean, "required">; /** User-assigned friendly name (e.g. "Google Authenticator"). */
|
|
238
|
+
name: convex_values1187.VString<string | undefined, "optional">;
|
|
239
|
+
createdAt: convex_values1187.VFloat64<number, "required">;
|
|
240
|
+
lastUsedAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
241
241
|
}, "required", "name" | "userId" | "secret" | "createdAt" | "lastUsedAt" | "digits" | "period" | "verified">, {
|
|
242
242
|
user_id: ["userId", "_creationTime"];
|
|
243
243
|
user_id_verified: ["userId", "verified", "_creationTime"];
|
|
@@ -247,9 +247,9 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
247
247
|
* device auth session — the device polls with `deviceCode` while the
|
|
248
248
|
* user authorizes via `userCode` on a secondary device.
|
|
249
249
|
*/
|
|
250
|
-
DeviceCode: convex_server93.TableDefinition<
|
|
251
|
-
userId?:
|
|
252
|
-
sessionId?:
|
|
250
|
+
DeviceCode: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
251
|
+
userId?: convex_values1187.GenericId<"User"> | undefined;
|
|
252
|
+
sessionId?: convex_values1187.GenericId<"Session"> | undefined;
|
|
253
253
|
lastPolledAt?: number | undefined;
|
|
254
254
|
status: "pending" | "authorized" | "denied";
|
|
255
255
|
deviceCodeHash: string;
|
|
@@ -257,14 +257,14 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
257
257
|
expiresAt: number;
|
|
258
258
|
interval: number;
|
|
259
259
|
}, {
|
|
260
|
-
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash:
|
|
261
|
-
userCode:
|
|
262
|
-
expiresAt:
|
|
263
|
-
interval:
|
|
264
|
-
status:
|
|
265
|
-
userId:
|
|
266
|
-
sessionId:
|
|
267
|
-
lastPolledAt:
|
|
260
|
+
/** High-entropy code used by the device for polling. Stored as SHA-256 hash. */deviceCodeHash: convex_values1187.VString<string, "required">; /** Short human-readable code the user enters (e.g. "WDJB-MJHT"). */
|
|
261
|
+
userCode: convex_values1187.VString<string, "required">; /** Expiration timestamp (ms since epoch). */
|
|
262
|
+
expiresAt: convex_values1187.VFloat64<number, "required">; /** Minimum polling interval in seconds. */
|
|
263
|
+
interval: convex_values1187.VFloat64<number, "required">; /** Current status of this device authorization session. */
|
|
264
|
+
status: convex_values1187.VUnion<"pending" | "authorized" | "denied", [convex_values1187.VLiteral<"pending", "required">, convex_values1187.VLiteral<"authorized", "required">, convex_values1187.VLiteral<"denied", "required">], "required", never>; /** Set when the user authorizes — links to the authorizing user. */
|
|
265
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User"> | undefined, "optional">; /** Set when the user authorizes — the session created for the device. */
|
|
266
|
+
sessionId: convex_values1187.VId<convex_values1187.GenericId<"Session"> | undefined, "optional">; /** Timestamp of the last poll request (for slow_down enforcement). */
|
|
267
|
+
lastPolledAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
268
268
|
}, "required", "userId" | "sessionId" | "status" | "deviceCodeHash" | "userCode" | "expiresAt" | "interval" | "lastPolledAt">, {
|
|
269
269
|
device_code_hash: ["deviceCodeHash", "_creationTime"];
|
|
270
270
|
user_code_status: ["userCode", "status", "_creationTime"];
|
|
@@ -272,14 +272,14 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
272
272
|
/**
|
|
273
273
|
* Rate limit tracking for OTP and password sign-in attempts.
|
|
274
274
|
*/
|
|
275
|
-
RateLimit: convex_server93.TableDefinition<
|
|
275
|
+
RateLimit: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
276
276
|
identifier: string;
|
|
277
277
|
last_attempt_time: number;
|
|
278
278
|
attempts_left: number;
|
|
279
279
|
}, {
|
|
280
|
-
identifier:
|
|
281
|
-
last_attempt_time:
|
|
282
|
-
attempts_left:
|
|
280
|
+
identifier: convex_values1187.VString<string, "required">;
|
|
281
|
+
last_attempt_time: convex_values1187.VFloat64<number, "required">;
|
|
282
|
+
attempts_left: convex_values1187.VFloat64<number, "required">;
|
|
283
283
|
}, "required", "identifier" | "last_attempt_time" | "attempts_left">, {
|
|
284
284
|
by_identifier: ["identifier", "_creationTime"];
|
|
285
285
|
}, {}, {}>;
|
|
@@ -288,12 +288,12 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
288
288
|
* Groups can nest arbitrarily deep via `parentGroupId` for modeling
|
|
289
289
|
* organizations, teams, departments, or any tree structure.
|
|
290
290
|
*/
|
|
291
|
-
Group: convex_server93.TableDefinition<
|
|
291
|
+
Group: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
292
292
|
extend?: any;
|
|
293
293
|
type?: string | undefined;
|
|
294
294
|
slug?: string | undefined;
|
|
295
|
-
parentGroupId?:
|
|
296
|
-
rootGroupId?:
|
|
295
|
+
parentGroupId?: convex_values1187.GenericId<"Group"> | undefined;
|
|
296
|
+
rootGroupId?: convex_values1187.GenericId<"Group"> | undefined;
|
|
297
297
|
isRoot?: boolean | undefined;
|
|
298
298
|
tags?: {
|
|
299
299
|
key: string;
|
|
@@ -340,23 +340,23 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
340
340
|
} | undefined;
|
|
341
341
|
name: string;
|
|
342
342
|
}, {
|
|
343
|
-
name:
|
|
344
|
-
slug:
|
|
345
|
-
type:
|
|
346
|
-
parentGroupId:
|
|
347
|
-
rootGroupId:
|
|
348
|
-
isRoot:
|
|
349
|
-
tags:
|
|
343
|
+
name: convex_values1187.VString<string, "required">;
|
|
344
|
+
slug: convex_values1187.VString<string | undefined, "optional">;
|
|
345
|
+
type: convex_values1187.VString<string | undefined, "optional">;
|
|
346
|
+
parentGroupId: convex_values1187.VId<convex_values1187.GenericId<"Group"> | undefined, "optional">; /** Denormalized root group ID. Self-referencing for root groups. */
|
|
347
|
+
rootGroupId: convex_values1187.VId<convex_values1187.GenericId<"Group"> | undefined, "optional">; /** Denormalized flag: `true` when `parentGroupId` is absent. */
|
|
348
|
+
isRoot: convex_values1187.VBoolean<boolean | undefined, "optional">; /** Faceted classification tags. Normalized at write time (trimmed, lowercased). */
|
|
349
|
+
tags: convex_values1187.VArray<{
|
|
350
350
|
key: string;
|
|
351
351
|
value: string;
|
|
352
|
-
}[] | undefined,
|
|
352
|
+
}[] | undefined, convex_values1187.VObject<{
|
|
353
353
|
key: string;
|
|
354
354
|
value: string;
|
|
355
355
|
}, {
|
|
356
|
-
key:
|
|
357
|
-
value:
|
|
356
|
+
key: convex_values1187.VString<string, "required">;
|
|
357
|
+
value: convex_values1187.VString<string, "required">;
|
|
358
358
|
}, "required", "key" | "value">, "optional">;
|
|
359
|
-
policy:
|
|
359
|
+
policy: convex_values1187.VObject<{
|
|
360
360
|
extend?: any;
|
|
361
361
|
version: 1;
|
|
362
362
|
identity: {
|
|
@@ -395,22 +395,22 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
395
395
|
};
|
|
396
396
|
};
|
|
397
397
|
} | undefined, {
|
|
398
|
-
version:
|
|
399
|
-
identity:
|
|
398
|
+
version: convex_values1187.VLiteral<1, "required">;
|
|
399
|
+
identity: convex_values1187.VObject<{
|
|
400
400
|
accountLinking: {
|
|
401
401
|
oidc: "verifiedEmail" | "none" | "sameConnection";
|
|
402
402
|
saml: "verifiedEmail" | "none" | "sameConnection";
|
|
403
403
|
};
|
|
404
404
|
}, {
|
|
405
|
-
accountLinking:
|
|
405
|
+
accountLinking: convex_values1187.VObject<{
|
|
406
406
|
oidc: "verifiedEmail" | "none" | "sameConnection";
|
|
407
407
|
saml: "verifiedEmail" | "none" | "sameConnection";
|
|
408
408
|
}, {
|
|
409
|
-
oidc:
|
|
410
|
-
saml:
|
|
409
|
+
oidc: convex_values1187.VUnion<"verifiedEmail" | "none" | "sameConnection", [convex_values1187.VLiteral<"verifiedEmail", "required">, convex_values1187.VLiteral<"none", "required">, convex_values1187.VLiteral<"sameConnection", "required">], "required", never>;
|
|
410
|
+
saml: convex_values1187.VUnion<"verifiedEmail" | "none" | "sameConnection", [convex_values1187.VLiteral<"verifiedEmail", "required">, convex_values1187.VLiteral<"none", "required">, convex_values1187.VLiteral<"sameConnection", "required">], "required", never>;
|
|
411
411
|
}, "required", "oidc" | "saml">;
|
|
412
412
|
}, "required", "accountLinking" | "accountLinking.oidc" | "accountLinking.saml">;
|
|
413
|
-
provisioning:
|
|
413
|
+
provisioning: convex_values1187.VObject<{
|
|
414
414
|
user: {
|
|
415
415
|
createOnSignIn: boolean;
|
|
416
416
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
@@ -439,58 +439,58 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
439
439
|
mode: "map" | "ignore";
|
|
440
440
|
};
|
|
441
441
|
}, {
|
|
442
|
-
user:
|
|
442
|
+
user: convex_values1187.VObject<{
|
|
443
443
|
createOnSignIn: boolean;
|
|
444
444
|
updateProfileOnLogin: "never" | "missing" | "always";
|
|
445
445
|
updateProfileFromScim: "never" | "missing" | "always";
|
|
446
446
|
authority: "scim" | "app" | "sso";
|
|
447
447
|
}, {
|
|
448
|
-
createOnSignIn:
|
|
449
|
-
updateProfileOnLogin:
|
|
450
|
-
updateProfileFromScim:
|
|
451
|
-
authority:
|
|
448
|
+
createOnSignIn: convex_values1187.VBoolean<boolean, "required">;
|
|
449
|
+
updateProfileOnLogin: convex_values1187.VUnion<"never" | "missing" | "always", [convex_values1187.VLiteral<"never", "required">, convex_values1187.VLiteral<"missing", "required">, convex_values1187.VLiteral<"always", "required">], "required", never>;
|
|
450
|
+
updateProfileFromScim: convex_values1187.VUnion<"never" | "missing" | "always", [convex_values1187.VLiteral<"never", "required">, convex_values1187.VLiteral<"missing", "required">, convex_values1187.VLiteral<"always", "required">], "required", never>;
|
|
451
|
+
authority: convex_values1187.VUnion<"scim" | "app" | "sso", [convex_values1187.VLiteral<"app", "required">, convex_values1187.VLiteral<"sso", "required">, convex_values1187.VLiteral<"scim", "required">], "required", never>;
|
|
452
452
|
}, "required", "createOnSignIn" | "updateProfileOnLogin" | "updateProfileFromScim" | "authority">;
|
|
453
|
-
scimReuse:
|
|
453
|
+
scimReuse: convex_values1187.VObject<{
|
|
454
454
|
user: "none" | "externalId";
|
|
455
455
|
}, {
|
|
456
|
-
user:
|
|
456
|
+
user: convex_values1187.VUnion<"none" | "externalId", [convex_values1187.VLiteral<"externalId", "required">, convex_values1187.VLiteral<"none", "required">], "required", never>;
|
|
457
457
|
}, "required", "user">;
|
|
458
|
-
jit:
|
|
458
|
+
jit: convex_values1187.VObject<{
|
|
459
459
|
defaultRole?: string | undefined;
|
|
460
460
|
defaultRoleIds?: string[] | undefined;
|
|
461
461
|
mode: "off" | "createUser" | "createUserAndMembership";
|
|
462
462
|
}, {
|
|
463
|
-
mode:
|
|
464
|
-
defaultRole:
|
|
465
|
-
defaultRoleIds:
|
|
463
|
+
mode: convex_values1187.VUnion<"off" | "createUser" | "createUserAndMembership", [convex_values1187.VLiteral<"off", "required">, convex_values1187.VLiteral<"createUser", "required">, convex_values1187.VLiteral<"createUserAndMembership", "required">], "required", never>;
|
|
464
|
+
defaultRole: convex_values1187.VString<string | undefined, "optional">;
|
|
465
|
+
defaultRoleIds: convex_values1187.VArray<string[] | undefined, convex_values1187.VString<string, "required">, "optional">;
|
|
466
466
|
}, "required", "mode" | "defaultRole" | "defaultRoleIds">;
|
|
467
|
-
deprovision:
|
|
467
|
+
deprovision: convex_values1187.VObject<{
|
|
468
468
|
mode: "soft" | "hard";
|
|
469
469
|
}, {
|
|
470
|
-
mode:
|
|
470
|
+
mode: convex_values1187.VUnion<"soft" | "hard", [convex_values1187.VLiteral<"soft", "required">, convex_values1187.VLiteral<"hard", "required">], "required", never>;
|
|
471
471
|
}, "required", "mode">;
|
|
472
|
-
groups:
|
|
472
|
+
groups: convex_values1187.VObject<{
|
|
473
473
|
mapping?: Record<string, string[]> | undefined;
|
|
474
474
|
source: "protocol";
|
|
475
475
|
mode: "ignore" | "sync";
|
|
476
476
|
}, {
|
|
477
|
-
mode:
|
|
478
|
-
source:
|
|
479
|
-
mapping:
|
|
477
|
+
mode: convex_values1187.VUnion<"ignore" | "sync", [convex_values1187.VLiteral<"ignore", "required">, convex_values1187.VLiteral<"sync", "required">], "required", never>;
|
|
478
|
+
source: convex_values1187.VLiteral<"protocol", "required">;
|
|
479
|
+
mapping: convex_values1187.VRecord<Record<string, string[]> | undefined, convex_values1187.VString<string, "required">, convex_values1187.VArray<string[], convex_values1187.VString<string, "required">, "required">, "optional", string>;
|
|
480
480
|
}, "required", "source" | "mode" | "mapping" | `mapping.${string}`>;
|
|
481
|
-
roles:
|
|
481
|
+
roles: convex_values1187.VObject<{
|
|
482
482
|
mapping?: Record<string, string[]> | undefined;
|
|
483
483
|
source: "protocol";
|
|
484
484
|
mode: "map" | "ignore";
|
|
485
485
|
}, {
|
|
486
|
-
mode:
|
|
487
|
-
source:
|
|
488
|
-
mapping:
|
|
486
|
+
mode: convex_values1187.VUnion<"map" | "ignore", [convex_values1187.VLiteral<"ignore", "required">, convex_values1187.VLiteral<"map", "required">], "required", never>;
|
|
487
|
+
source: convex_values1187.VLiteral<"protocol", "required">;
|
|
488
|
+
mapping: convex_values1187.VRecord<Record<string, string[]> | undefined, convex_values1187.VString<string, "required">, convex_values1187.VArray<string[], convex_values1187.VString<string, "required">, "required">, "optional", string>;
|
|
489
489
|
}, "required", "source" | "mode" | "mapping" | `mapping.${string}`>;
|
|
490
490
|
}, "required", "user" | "scimReuse" | "jit" | "deprovision" | "groups" | "roles" | "user.createOnSignIn" | "user.updateProfileOnLogin" | "user.updateProfileFromScim" | "user.authority" | "scimReuse.user" | "jit.mode" | "jit.defaultRole" | "jit.defaultRoleIds" | "deprovision.mode" | "groups.source" | "groups.mode" | "groups.mapping" | `groups.mapping.${string}` | "roles.source" | "roles.mode" | "roles.mapping" | `roles.mapping.${string}`>;
|
|
491
|
-
extend:
|
|
491
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
492
492
|
}, "optional", "extend" | `extend.${string}` | "version" | "identity" | "provisioning" | "identity.accountLinking" | "identity.accountLinking.oidc" | "identity.accountLinking.saml" | "provisioning.user" | "provisioning.scimReuse" | "provisioning.jit" | "provisioning.deprovision" | "provisioning.groups" | "provisioning.roles" | "provisioning.user.createOnSignIn" | "provisioning.user.updateProfileOnLogin" | "provisioning.user.updateProfileFromScim" | "provisioning.user.authority" | "provisioning.scimReuse.user" | "provisioning.jit.mode" | "provisioning.jit.defaultRole" | "provisioning.jit.defaultRoleIds" | "provisioning.deprovision.mode" | "provisioning.groups.source" | "provisioning.groups.mode" | "provisioning.groups.mapping" | `provisioning.groups.mapping.${string}` | "provisioning.roles.source" | "provisioning.roles.mode" | "provisioning.roles.mapping" | `provisioning.roles.mapping.${string}`>;
|
|
493
|
-
extend:
|
|
493
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
494
494
|
}, "required", "name" | "extend" | "type" | `extend.${string}` | "slug" | "parentGroupId" | "rootGroupId" | "isRoot" | "tags" | "policy" | "policy.extend" | `policy.extend.${string}` | "policy.version" | "policy.identity" | "policy.provisioning" | "policy.identity.accountLinking" | "policy.identity.accountLinking.oidc" | "policy.identity.accountLinking.saml" | "policy.provisioning.user" | "policy.provisioning.scimReuse" | "policy.provisioning.jit" | "policy.provisioning.deprovision" | "policy.provisioning.groups" | "policy.provisioning.roles" | "policy.provisioning.user.createOnSignIn" | "policy.provisioning.user.updateProfileOnLogin" | "policy.provisioning.user.updateProfileFromScim" | "policy.provisioning.user.authority" | "policy.provisioning.scimReuse.user" | "policy.provisioning.jit.mode" | "policy.provisioning.jit.defaultRole" | "policy.provisioning.jit.defaultRoleIds" | "policy.provisioning.deprovision.mode" | "policy.provisioning.groups.source" | "policy.provisioning.groups.mode" | "policy.provisioning.groups.mapping" | `policy.provisioning.groups.mapping.${string}` | "policy.provisioning.roles.source" | "policy.provisioning.roles.mode" | "policy.provisioning.roles.mapping" | `policy.provisioning.roles.mapping.${string}`>, {
|
|
495
495
|
slug: ["slug", "_creationTime"];
|
|
496
496
|
parent_group_id: ["parentGroupId", "_creationTime"];
|
|
@@ -504,14 +504,14 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
504
504
|
* Each row maps one `(key, value)` pair to a group. Kept in sync by
|
|
505
505
|
* `groupCreate`, `groupUpdate`, and `groupDelete`.
|
|
506
506
|
*/
|
|
507
|
-
GroupTag: convex_server93.TableDefinition<
|
|
507
|
+
GroupTag: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
508
508
|
key: string;
|
|
509
509
|
value: string;
|
|
510
|
-
group_id:
|
|
510
|
+
group_id: convex_values1187.GenericId<"Group">;
|
|
511
511
|
}, {
|
|
512
|
-
group_id:
|
|
513
|
-
key:
|
|
514
|
-
value:
|
|
512
|
+
group_id: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
513
|
+
key: convex_values1187.VString<string, "required">;
|
|
514
|
+
value: convex_values1187.VString<string, "required">;
|
|
515
515
|
}, "required", "key" | "value" | "group_id">, {
|
|
516
516
|
by_group: ["group_id", "_creationTime"];
|
|
517
517
|
by_key_value: ["key", "value", "_creationTime"];
|
|
@@ -522,20 +522,20 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
522
522
|
* role (e.g. "owner", "admin", "member", "viewer"). A user can be a
|
|
523
523
|
* member of multiple groups with different roles in each.
|
|
524
524
|
*/
|
|
525
|
-
GroupMember: convex_server93.TableDefinition<
|
|
525
|
+
GroupMember: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
526
526
|
extend?: any;
|
|
527
527
|
status?: string | undefined;
|
|
528
528
|
role?: string | undefined;
|
|
529
529
|
roleIds?: string[] | undefined;
|
|
530
|
-
userId:
|
|
531
|
-
groupId:
|
|
530
|
+
userId: convex_values1187.GenericId<"User">;
|
|
531
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
532
532
|
}, {
|
|
533
|
-
groupId:
|
|
534
|
-
userId:
|
|
535
|
-
role:
|
|
536
|
-
roleIds:
|
|
537
|
-
status:
|
|
538
|
-
extend:
|
|
533
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
534
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">;
|
|
535
|
+
role: convex_values1187.VString<string | undefined, "optional">;
|
|
536
|
+
roleIds: convex_values1187.VArray<string[] | undefined, convex_values1187.VString<string, "required">, "optional">;
|
|
537
|
+
status: convex_values1187.VString<string | undefined, "optional">;
|
|
538
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
539
539
|
}, "required", "extend" | `extend.${string}` | "userId" | "status" | "groupId" | "role" | "roleIds">, {
|
|
540
540
|
group_id: ["groupId", "_creationTime"];
|
|
541
541
|
group_id_user_id: ["groupId", "userId", "_creationTime"];
|
|
@@ -550,30 +550,30 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
550
550
|
* `email` and `invitedByUserId` are optional to support CLI-generated
|
|
551
551
|
* invite links where neither is known upfront.
|
|
552
552
|
*/
|
|
553
|
-
GroupInvite: convex_server93.TableDefinition<
|
|
553
|
+
GroupInvite: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
554
554
|
email?: string | undefined;
|
|
555
555
|
extend?: any;
|
|
556
|
-
groupId?:
|
|
556
|
+
groupId?: convex_values1187.GenericId<"Group"> | undefined;
|
|
557
557
|
role?: string | undefined;
|
|
558
558
|
roleIds?: string[] | undefined;
|
|
559
|
-
invitedByUserId?:
|
|
559
|
+
invitedByUserId?: convex_values1187.GenericId<"User"> | undefined;
|
|
560
560
|
expiresTime?: number | undefined;
|
|
561
|
-
acceptedByUserId?:
|
|
561
|
+
acceptedByUserId?: convex_values1187.GenericId<"User"> | undefined;
|
|
562
562
|
acceptedTime?: number | undefined;
|
|
563
563
|
status: "pending" | "accepted" | "revoked" | "expired";
|
|
564
564
|
tokenHash: string;
|
|
565
565
|
}, {
|
|
566
|
-
groupId:
|
|
567
|
-
invitedByUserId:
|
|
568
|
-
email:
|
|
569
|
-
tokenHash:
|
|
570
|
-
role:
|
|
571
|
-
roleIds:
|
|
572
|
-
status:
|
|
573
|
-
expiresTime:
|
|
574
|
-
acceptedByUserId:
|
|
575
|
-
acceptedTime:
|
|
576
|
-
extend:
|
|
566
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group"> | undefined, "optional">;
|
|
567
|
+
invitedByUserId: convex_values1187.VId<convex_values1187.GenericId<"User"> | undefined, "optional">;
|
|
568
|
+
email: convex_values1187.VString<string | undefined, "optional">;
|
|
569
|
+
tokenHash: convex_values1187.VString<string, "required">;
|
|
570
|
+
role: convex_values1187.VString<string | undefined, "optional">;
|
|
571
|
+
roleIds: convex_values1187.VArray<string[] | undefined, convex_values1187.VString<string, "required">, "optional">;
|
|
572
|
+
status: convex_values1187.VUnion<"pending" | "accepted" | "revoked" | "expired", [convex_values1187.VLiteral<"pending", "required">, convex_values1187.VLiteral<"accepted", "required">, convex_values1187.VLiteral<"revoked", "required">, convex_values1187.VLiteral<"expired", "required">], "required", never>;
|
|
573
|
+
expiresTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
574
|
+
acceptedByUserId: convex_values1187.VId<convex_values1187.GenericId<"User"> | undefined, "optional">;
|
|
575
|
+
acceptedTime: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
576
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
577
577
|
}, "required", "email" | "extend" | `extend.${string}` | "status" | "groupId" | "role" | "roleIds" | "invitedByUserId" | "tokenHash" | "expiresTime" | "acceptedByUserId" | "acceptedTime">, {
|
|
578
578
|
token_hash: ["tokenHash", "_creationTime"];
|
|
579
579
|
status: ["status", "_creationTime"];
|
|
@@ -589,22 +589,22 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
589
589
|
* SDK can evolve without forcing schema churn for every protocol-specific
|
|
590
590
|
* field addition.
|
|
591
591
|
*/
|
|
592
|
-
GroupConnection: convex_server93.TableDefinition<
|
|
592
|
+
GroupConnection: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
593
593
|
name?: string | undefined;
|
|
594
594
|
extend?: any;
|
|
595
595
|
slug?: string | undefined;
|
|
596
596
|
config?: any;
|
|
597
597
|
status: "draft" | "active" | "disabled";
|
|
598
598
|
protocol: "oidc" | "saml";
|
|
599
|
-
groupId:
|
|
599
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
600
600
|
}, {
|
|
601
|
-
groupId:
|
|
602
|
-
slug:
|
|
603
|
-
name:
|
|
604
|
-
protocol:
|
|
605
|
-
status:
|
|
606
|
-
config:
|
|
607
|
-
extend:
|
|
601
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
602
|
+
slug: convex_values1187.VString<string | undefined, "optional">;
|
|
603
|
+
name: convex_values1187.VString<string | undefined, "optional">;
|
|
604
|
+
protocol: convex_values1187.VUnion<"oidc" | "saml", [convex_values1187.VLiteral<"oidc", "required">, convex_values1187.VLiteral<"saml", "required">], "required", never>;
|
|
605
|
+
status: convex_values1187.VUnion<"draft" | "active" | "disabled", [convex_values1187.VLiteral<"draft", "required">, convex_values1187.VLiteral<"active", "required">, convex_values1187.VLiteral<"disabled", "required">], "required", never>;
|
|
606
|
+
config: convex_values1187.VAny<any, "optional", string>;
|
|
607
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
608
608
|
}, "required", "name" | "extend" | `extend.${string}` | "status" | "slug" | "protocol" | "groupId" | "config" | `config.${string}`>, {
|
|
609
609
|
group_id: ["groupId", "_creationTime"];
|
|
610
610
|
slug: ["slug", "_creationTime"];
|
|
@@ -615,18 +615,18 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
615
615
|
/**
|
|
616
616
|
* Verified or pending domains linked to an group connection record.
|
|
617
617
|
*/
|
|
618
|
-
GroupConnectionDomain: convex_server93.TableDefinition<
|
|
618
|
+
GroupConnectionDomain: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
619
619
|
verifiedAt?: number | undefined;
|
|
620
620
|
isPrimary: boolean;
|
|
621
|
-
connectionId:
|
|
622
|
-
groupId:
|
|
621
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
622
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
623
623
|
domain: string;
|
|
624
624
|
}, {
|
|
625
|
-
connectionId:
|
|
626
|
-
groupId:
|
|
627
|
-
domain:
|
|
628
|
-
isPrimary:
|
|
629
|
-
verifiedAt:
|
|
625
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
626
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
627
|
+
domain: convex_values1187.VString<string, "required">;
|
|
628
|
+
isPrimary: convex_values1187.VBoolean<boolean, "required">;
|
|
629
|
+
verifiedAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
630
630
|
}, "required", "isPrimary" | "connectionId" | "groupId" | "domain" | "verifiedAt">, {
|
|
631
631
|
connection_id: ["connectionId", "_creationTime"];
|
|
632
632
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -635,26 +635,26 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
635
635
|
/**
|
|
636
636
|
* Pending DNS TXT verification challenges for group connection domains.
|
|
637
637
|
*/
|
|
638
|
-
GroupConnectionDomainVerification: convex_server93.TableDefinition<
|
|
639
|
-
connectionId:
|
|
638
|
+
GroupConnectionDomainVerification: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
639
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
640
640
|
expiresAt: number;
|
|
641
|
-
groupId:
|
|
641
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
642
642
|
tokenHash: string;
|
|
643
643
|
domain: string;
|
|
644
|
-
domainId:
|
|
644
|
+
domainId: convex_values1187.GenericId<"GroupConnectionDomain">;
|
|
645
645
|
recordName: string;
|
|
646
646
|
token: string;
|
|
647
647
|
requestedAt: number;
|
|
648
648
|
}, {
|
|
649
|
-
connectionId:
|
|
650
|
-
groupId:
|
|
651
|
-
domainId:
|
|
652
|
-
domain:
|
|
653
|
-
recordName:
|
|
654
|
-
token:
|
|
655
|
-
tokenHash:
|
|
656
|
-
requestedAt:
|
|
657
|
-
expiresAt:
|
|
649
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
650
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
651
|
+
domainId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnectionDomain">, "required">;
|
|
652
|
+
domain: convex_values1187.VString<string, "required">;
|
|
653
|
+
recordName: convex_values1187.VString<string, "required">;
|
|
654
|
+
token: convex_values1187.VString<string, "required">;
|
|
655
|
+
tokenHash: convex_values1187.VString<string, "required">;
|
|
656
|
+
requestedAt: convex_values1187.VFloat64<number, "required">;
|
|
657
|
+
expiresAt: convex_values1187.VFloat64<number, "required">;
|
|
658
658
|
}, "required", "connectionId" | "expiresAt" | "groupId" | "tokenHash" | "domain" | "domainId" | "recordName" | "token" | "requestedAt">, {
|
|
659
659
|
connection_id: ["connectionId", "_creationTime"];
|
|
660
660
|
domain_id: ["domainId", "_creationTime"];
|
|
@@ -663,18 +663,18 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
663
663
|
/**
|
|
664
664
|
* Encrypted group connection secrets stored separately from protocol config.
|
|
665
665
|
*/
|
|
666
|
-
GroupConnectionSecret: convex_server93.TableDefinition<
|
|
667
|
-
connectionId:
|
|
668
|
-
groupId:
|
|
666
|
+
GroupConnectionSecret: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
667
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
668
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
669
669
|
ciphertext: string;
|
|
670
670
|
updatedAt: number;
|
|
671
671
|
kind: "oidc_client_secret";
|
|
672
672
|
}, {
|
|
673
|
-
connectionId:
|
|
674
|
-
groupId:
|
|
675
|
-
kind:
|
|
676
|
-
ciphertext:
|
|
677
|
-
updatedAt:
|
|
673
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
674
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
675
|
+
kind: convex_values1187.VUnion<"oidc_client_secret", [convex_values1187.VLiteral<"oidc_client_secret", "required">], "required", never>;
|
|
676
|
+
ciphertext: convex_values1187.VString<string, "required">;
|
|
677
|
+
updatedAt: convex_values1187.VFloat64<number, "required">;
|
|
678
678
|
}, "required", "connectionId" | "groupId" | "ciphertext" | "updatedAt" | "kind">, {
|
|
679
679
|
connection_id: ["connectionId", "_creationTime"];
|
|
680
680
|
connection_id_kind: ["connectionId", "kind", "_creationTime"];
|
|
@@ -683,22 +683,22 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
683
683
|
/**
|
|
684
684
|
* SCIM configuration for an group connection tenant.
|
|
685
685
|
*/
|
|
686
|
-
GroupConnectionScimConfig: convex_server93.TableDefinition<
|
|
686
|
+
GroupConnectionScimConfig: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
687
687
|
extend?: any;
|
|
688
688
|
lastRotatedAt?: number | undefined;
|
|
689
|
-
connectionId:
|
|
689
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
690
690
|
status: "draft" | "active" | "disabled";
|
|
691
|
-
groupId:
|
|
691
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
692
692
|
tokenHash: string;
|
|
693
693
|
basePath: string;
|
|
694
694
|
}, {
|
|
695
|
-
connectionId:
|
|
696
|
-
groupId:
|
|
697
|
-
status:
|
|
698
|
-
basePath:
|
|
699
|
-
tokenHash:
|
|
700
|
-
lastRotatedAt:
|
|
701
|
-
extend:
|
|
695
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
696
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
697
|
+
status: convex_values1187.VUnion<"draft" | "active" | "disabled", [convex_values1187.VLiteral<"draft", "required">, convex_values1187.VLiteral<"active", "required">, convex_values1187.VLiteral<"disabled", "required">], "required", never>;
|
|
698
|
+
basePath: convex_values1187.VString<string, "required">;
|
|
699
|
+
tokenHash: convex_values1187.VString<string, "required">;
|
|
700
|
+
lastRotatedAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
701
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
702
702
|
}, "required", "extend" | `extend.${string}` | "connectionId" | "status" | "groupId" | "tokenHash" | "basePath" | "lastRotatedAt">, {
|
|
703
703
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
704
704
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -708,26 +708,26 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
708
708
|
/**
|
|
709
709
|
* External SCIM identities mapped into local users/groups.
|
|
710
710
|
*/
|
|
711
|
-
GroupConnectionScimIdentity: convex_server93.TableDefinition<
|
|
712
|
-
userId?:
|
|
711
|
+
GroupConnectionScimIdentity: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
712
|
+
userId?: convex_values1187.GenericId<"User"> | undefined;
|
|
713
713
|
active?: boolean | undefined;
|
|
714
|
-
mappedGroupId?:
|
|
714
|
+
mappedGroupId?: convex_values1187.GenericId<"Group"> | undefined;
|
|
715
715
|
lastProvisionedAt?: number | undefined;
|
|
716
716
|
raw?: any;
|
|
717
|
-
connectionId:
|
|
717
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
718
718
|
externalId: string;
|
|
719
|
-
groupId:
|
|
719
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
720
720
|
resourceType: "user" | "group";
|
|
721
721
|
}, {
|
|
722
|
-
connectionId:
|
|
723
|
-
groupId:
|
|
724
|
-
resourceType:
|
|
725
|
-
externalId:
|
|
726
|
-
userId:
|
|
727
|
-
mappedGroupId:
|
|
728
|
-
lastProvisionedAt:
|
|
729
|
-
active:
|
|
730
|
-
raw:
|
|
722
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
723
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
724
|
+
resourceType: convex_values1187.VUnion<"user" | "group", [convex_values1187.VLiteral<"user", "required">, convex_values1187.VLiteral<"group", "required">], "required", never>;
|
|
725
|
+
externalId: convex_values1187.VString<string, "required">;
|
|
726
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User"> | undefined, "optional">;
|
|
727
|
+
mappedGroupId: convex_values1187.VId<convex_values1187.GenericId<"Group"> | undefined, "optional">;
|
|
728
|
+
lastProvisionedAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
729
|
+
active: convex_values1187.VBoolean<boolean | undefined, "optional">;
|
|
730
|
+
raw: convex_values1187.VAny<any, "optional", string>;
|
|
731
731
|
}, "required", "userId" | "connectionId" | "externalId" | "groupId" | "active" | "resourceType" | "mappedGroupId" | "lastProvisionedAt" | "raw" | `raw.${string}`>, {
|
|
732
732
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
733
733
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -739,32 +739,32 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
739
739
|
/**
|
|
740
740
|
* Immutable audit trail for group connection operations.
|
|
741
741
|
*/
|
|
742
|
-
GroupAuditEvent: convex_server93.TableDefinition<
|
|
743
|
-
connectionId?:
|
|
742
|
+
GroupAuditEvent: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
743
|
+
connectionId?: convex_values1187.GenericId<"GroupConnection"> | undefined;
|
|
744
744
|
actorId?: string | undefined;
|
|
745
745
|
subjectId?: string | undefined;
|
|
746
746
|
requestId?: string | undefined;
|
|
747
747
|
ip?: string | undefined;
|
|
748
748
|
metadata?: any;
|
|
749
749
|
status: "success" | "failure";
|
|
750
|
-
groupId:
|
|
750
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
751
751
|
actorType: "scim" | "user" | "system" | "api_key" | "webhook";
|
|
752
752
|
eventType: string;
|
|
753
753
|
subjectType: string;
|
|
754
754
|
occurredAt: number;
|
|
755
755
|
}, {
|
|
756
|
-
connectionId:
|
|
757
|
-
groupId:
|
|
758
|
-
eventType:
|
|
759
|
-
actorType:
|
|
760
|
-
actorId:
|
|
761
|
-
subjectType:
|
|
762
|
-
subjectId:
|
|
763
|
-
status:
|
|
764
|
-
occurredAt:
|
|
765
|
-
requestId:
|
|
766
|
-
ip:
|
|
767
|
-
metadata:
|
|
756
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection"> | undefined, "optional">;
|
|
757
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
758
|
+
eventType: convex_values1187.VString<string, "required">;
|
|
759
|
+
actorType: convex_values1187.VUnion<"scim" | "user" | "system" | "api_key" | "webhook", [convex_values1187.VLiteral<"user", "required">, convex_values1187.VLiteral<"system", "required">, convex_values1187.VLiteral<"scim", "required">, convex_values1187.VLiteral<"api_key", "required">, convex_values1187.VLiteral<"webhook", "required">], "required", never>;
|
|
760
|
+
actorId: convex_values1187.VString<string | undefined, "optional">;
|
|
761
|
+
subjectType: convex_values1187.VString<string, "required">;
|
|
762
|
+
subjectId: convex_values1187.VString<string | undefined, "optional">;
|
|
763
|
+
status: convex_values1187.VUnion<"success" | "failure", [convex_values1187.VLiteral<"success", "required">, convex_values1187.VLiteral<"failure", "required">], "required", never>;
|
|
764
|
+
occurredAt: convex_values1187.VFloat64<number, "required">;
|
|
765
|
+
requestId: convex_values1187.VString<string | undefined, "optional">;
|
|
766
|
+
ip: convex_values1187.VString<string | undefined, "optional">;
|
|
767
|
+
metadata: convex_values1187.VAny<any, "optional", string>;
|
|
768
768
|
}, "required", "connectionId" | "status" | "groupId" | "actorType" | "eventType" | "actorId" | "subjectType" | "subjectId" | "occurredAt" | "requestId" | "ip" | "metadata" | `metadata.${string}`>, {
|
|
769
769
|
group_connection_id_occurred_at: ["connectionId", "occurredAt", "_creationTime"];
|
|
770
770
|
group_id_occurred_at: ["groupId", "occurredAt", "_creationTime"];
|
|
@@ -773,30 +773,30 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
773
773
|
/**
|
|
774
774
|
* Webhook endpoints subscribed to group audit and lifecycle events.
|
|
775
775
|
*/
|
|
776
|
-
GroupWebhookEndpoint: convex_server93.TableDefinition<
|
|
776
|
+
GroupWebhookEndpoint: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
777
777
|
extend?: any;
|
|
778
|
-
createdByUserId?:
|
|
778
|
+
createdByUserId?: convex_values1187.GenericId<"User"> | undefined;
|
|
779
779
|
lastSuccessAt?: number | undefined;
|
|
780
780
|
lastFailureAt?: number | undefined;
|
|
781
|
-
connectionId:
|
|
781
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
782
782
|
status: "active" | "disabled";
|
|
783
|
-
groupId:
|
|
783
|
+
groupId: convex_values1187.GenericId<"Group">;
|
|
784
784
|
url: string;
|
|
785
785
|
secretHash: string;
|
|
786
786
|
subscriptions: string[];
|
|
787
787
|
failureCount: number;
|
|
788
788
|
}, {
|
|
789
|
-
connectionId:
|
|
790
|
-
groupId:
|
|
791
|
-
url:
|
|
792
|
-
status:
|
|
793
|
-
secretHash:
|
|
794
|
-
subscriptions:
|
|
795
|
-
createdByUserId:
|
|
796
|
-
lastSuccessAt:
|
|
797
|
-
lastFailureAt:
|
|
798
|
-
failureCount:
|
|
799
|
-
extend:
|
|
789
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
790
|
+
groupId: convex_values1187.VId<convex_values1187.GenericId<"Group">, "required">;
|
|
791
|
+
url: convex_values1187.VString<string, "required">;
|
|
792
|
+
status: convex_values1187.VUnion<"active" | "disabled", [convex_values1187.VLiteral<"active", "required">, convex_values1187.VLiteral<"disabled", "required">], "required", never>;
|
|
793
|
+
secretHash: convex_values1187.VString<string, "required">;
|
|
794
|
+
subscriptions: convex_values1187.VArray<string[], convex_values1187.VString<string, "required">, "required">;
|
|
795
|
+
createdByUserId: convex_values1187.VId<convex_values1187.GenericId<"User"> | undefined, "optional">;
|
|
796
|
+
lastSuccessAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
797
|
+
lastFailureAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
798
|
+
failureCount: convex_values1187.VFloat64<number, "required">;
|
|
799
|
+
extend: convex_values1187.VAny<any, "optional", string>;
|
|
800
800
|
}, "required", "extend" | `extend.${string}` | "connectionId" | "status" | "groupId" | "url" | "secretHash" | "subscriptions" | "createdByUserId" | "lastSuccessAt" | "lastFailureAt" | "failureCount">, {
|
|
801
801
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
802
802
|
group_id: ["groupId", "_creationTime"];
|
|
@@ -805,30 +805,30 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
805
805
|
/**
|
|
806
806
|
* Delivery queue for outbound group webhooks.
|
|
807
807
|
*/
|
|
808
|
-
GroupWebhookDelivery: convex_server93.TableDefinition<
|
|
809
|
-
auditEventId?:
|
|
808
|
+
GroupWebhookDelivery: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
809
|
+
auditEventId?: convex_values1187.GenericId<"GroupAuditEvent"> | undefined;
|
|
810
810
|
lastAttemptAt?: number | undefined;
|
|
811
811
|
lastResponseStatus?: number | undefined;
|
|
812
812
|
lastError?: string | undefined;
|
|
813
|
-
connectionId:
|
|
813
|
+
connectionId: convex_values1187.GenericId<"GroupConnection">;
|
|
814
814
|
status: "pending" | "processing" | "delivered" | "failed";
|
|
815
815
|
eventType: string;
|
|
816
|
-
endpointId:
|
|
816
|
+
endpointId: convex_values1187.GenericId<"GroupWebhookEndpoint">;
|
|
817
817
|
attemptCount: number;
|
|
818
818
|
nextAttemptAt: number;
|
|
819
819
|
payload: any;
|
|
820
820
|
}, {
|
|
821
|
-
connectionId:
|
|
822
|
-
endpointId:
|
|
823
|
-
auditEventId:
|
|
824
|
-
eventType:
|
|
825
|
-
status:
|
|
826
|
-
attemptCount:
|
|
827
|
-
nextAttemptAt:
|
|
828
|
-
lastAttemptAt:
|
|
829
|
-
lastResponseStatus:
|
|
830
|
-
lastError:
|
|
831
|
-
payload:
|
|
821
|
+
connectionId: convex_values1187.VId<convex_values1187.GenericId<"GroupConnection">, "required">;
|
|
822
|
+
endpointId: convex_values1187.VId<convex_values1187.GenericId<"GroupWebhookEndpoint">, "required">;
|
|
823
|
+
auditEventId: convex_values1187.VId<convex_values1187.GenericId<"GroupAuditEvent"> | undefined, "optional">;
|
|
824
|
+
eventType: convex_values1187.VString<string, "required">;
|
|
825
|
+
status: convex_values1187.VUnion<"pending" | "processing" | "delivered" | "failed", [convex_values1187.VLiteral<"pending", "required">, convex_values1187.VLiteral<"processing", "required">, convex_values1187.VLiteral<"delivered", "required">, convex_values1187.VLiteral<"failed", "required">], "required", never>;
|
|
826
|
+
attemptCount: convex_values1187.VFloat64<number, "required">;
|
|
827
|
+
nextAttemptAt: convex_values1187.VFloat64<number, "required">;
|
|
828
|
+
lastAttemptAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
829
|
+
lastResponseStatus: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
830
|
+
lastError: convex_values1187.VString<string | undefined, "optional">;
|
|
831
|
+
payload: convex_values1187.VAny<any, "required", string>;
|
|
832
832
|
}, "required", "connectionId" | "status" | "eventType" | "endpointId" | "auditEventId" | "attemptCount" | "nextAttemptAt" | "lastAttemptAt" | "lastResponseStatus" | "lastError" | "payload" | `payload.${string}`>, {
|
|
833
833
|
group_connection_id: ["connectionId", "_creationTime"];
|
|
834
834
|
status_next_attempt_at: ["status", "nextAttemptAt", "_creationTime"];
|
|
@@ -848,7 +848,7 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
848
848
|
* - **Expiration**: optional TTL
|
|
849
849
|
* - **Soft revocation**: `revoked` flag preserves audit trail
|
|
850
850
|
*/
|
|
851
|
-
ApiKey: convex_server93.TableDefinition<
|
|
851
|
+
ApiKey: convex_server93.TableDefinition<convex_values1187.VObject<{
|
|
852
852
|
lastUsedAt?: number | undefined;
|
|
853
853
|
expiresAt?: number | undefined;
|
|
854
854
|
metadata?: any;
|
|
@@ -861,7 +861,7 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
861
861
|
lastAttemptTime: number;
|
|
862
862
|
} | undefined;
|
|
863
863
|
name: string;
|
|
864
|
-
userId:
|
|
864
|
+
userId: convex_values1187.GenericId<"User">;
|
|
865
865
|
createdAt: number;
|
|
866
866
|
revoked: boolean;
|
|
867
867
|
prefix: string;
|
|
@@ -871,39 +871,39 @@ declare const _default: convex_server93.SchemaDefinition<{
|
|
|
871
871
|
actions: string[];
|
|
872
872
|
}[];
|
|
873
873
|
}, {
|
|
874
|
-
userId:
|
|
875
|
-
prefix:
|
|
876
|
-
hashedKey:
|
|
877
|
-
name:
|
|
878
|
-
scopes:
|
|
874
|
+
userId: convex_values1187.VId<convex_values1187.GenericId<"User">, "required">; /** First chars of the key for display (e.g. "sk_abc1..."). */
|
|
875
|
+
prefix: convex_values1187.VString<string, "required">; /** SHA-256 hex hash of the full raw key. */
|
|
876
|
+
hashedKey: convex_values1187.VString<string, "required">; /** User-assigned name (e.g. "CI Pipeline", "Production API"). */
|
|
877
|
+
name: convex_values1187.VString<string, "required">; /** Scoped permissions: [{ resource: "users", actions: ["read", "list"] }]. */
|
|
878
|
+
scopes: convex_values1187.VArray<{
|
|
879
879
|
resource: string;
|
|
880
880
|
actions: string[];
|
|
881
|
-
}[],
|
|
881
|
+
}[], convex_values1187.VObject<{
|
|
882
882
|
resource: string;
|
|
883
883
|
actions: string[];
|
|
884
884
|
}, {
|
|
885
|
-
resource:
|
|
886
|
-
actions:
|
|
885
|
+
resource: convex_values1187.VString<string, "required">;
|
|
886
|
+
actions: convex_values1187.VArray<string[], convex_values1187.VString<string, "required">, "required">;
|
|
887
887
|
}, "required", "resource" | "actions">, "required">; /** Optional per-key rate limit configuration. */
|
|
888
|
-
rateLimit:
|
|
888
|
+
rateLimit: convex_values1187.VObject<{
|
|
889
889
|
maxRequests: number;
|
|
890
890
|
windowMs: number;
|
|
891
891
|
} | undefined, {
|
|
892
|
-
maxRequests:
|
|
893
|
-
windowMs:
|
|
892
|
+
maxRequests: convex_values1187.VFloat64<number, "required">;
|
|
893
|
+
windowMs: convex_values1187.VFloat64<number, "required">;
|
|
894
894
|
}, "optional", "maxRequests" | "windowMs">; /** Rate limit state tracking (token-bucket). */
|
|
895
|
-
rateLimitState:
|
|
895
|
+
rateLimitState: convex_values1187.VObject<{
|
|
896
896
|
attemptsLeft: number;
|
|
897
897
|
lastAttemptTime: number;
|
|
898
898
|
} | undefined, {
|
|
899
|
-
attemptsLeft:
|
|
900
|
-
lastAttemptTime:
|
|
899
|
+
attemptsLeft: convex_values1187.VFloat64<number, "required">;
|
|
900
|
+
lastAttemptTime: convex_values1187.VFloat64<number, "required">;
|
|
901
901
|
}, "optional", "attemptsLeft" | "lastAttemptTime">; /** Expiration timestamp. Null/undefined = never expires. */
|
|
902
|
-
expiresAt:
|
|
903
|
-
lastUsedAt:
|
|
904
|
-
createdAt:
|
|
905
|
-
revoked:
|
|
906
|
-
metadata:
|
|
902
|
+
expiresAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
903
|
+
lastUsedAt: convex_values1187.VFloat64<number | undefined, "optional">;
|
|
904
|
+
createdAt: convex_values1187.VFloat64<number, "required">; /** Soft-revoke flag. Revoked keys are kept for audit trail. */
|
|
905
|
+
revoked: convex_values1187.VBoolean<boolean, "required">; /** Arbitrary app-specific metadata attached to the key. */
|
|
906
|
+
metadata: convex_values1187.VAny<any, "optional", string>;
|
|
907
907
|
}, "required", "name" | "userId" | "createdAt" | "lastUsedAt" | "expiresAt" | "revoked" | "metadata" | `metadata.${string}` | "prefix" | "hashedKey" | "scopes" | "rateLimit" | "rateLimitState" | "rateLimit.maxRequests" | "rateLimit.windowMs" | "rateLimitState.attemptsLeft" | "rateLimitState.lastAttemptTime">, {
|
|
908
908
|
user_id: ["userId", "_creationTime"];
|
|
909
909
|
hashed_key: ["hashedKey", "_creationTime"];
|