convex-zen 0.0.1

package/dist/component/lib/rateLimit.js

@@ -0,0 +1,96 @@
+import { v } from "convex/values";
+import { internalMutation, internalQuery } from "../_generated/server";
+/** Window duration: 10 minutes in milliseconds. */
+const WINDOW_MS = 10 * 60 * 1000;
+/** Max failures before lockout. */
+const MAX_FAILURES = 10;
+/** Lockout duration: 10 minutes. */
+const LOCKOUT_MS = 10 * 60 * 1000;
+/**
+ * Check if a key is currently rate limited.
+ * Returns { limited: true, retryAfter } if locked, { limited: false } otherwise.
+ */
+export const check = internalQuery({
+    args: {
+        key: v.string(),
+    },
+    handler: async (ctx, { key }) => {
+        const now = Date.now();
+        const record = await ctx.db
+            .query("rateLimits")
+            .withIndex("by_key", (q) => q.eq("key", key))
+            .unique();
+        if (!record) {
+            return { limited: false };
+        }
+        // Check hard lockout
+        if (record.lockedUntil !== undefined && record.lockedUntil > now) {
+            return { limited: true, retryAfter: record.lockedUntil - now };
+        }
+        // Check sliding window count
+        const windowAge = now - record.windowStart;
+        if (windowAge < WINDOW_MS && record.count >= MAX_FAILURES) {
+            return { limited: true, retryAfter: WINDOW_MS - windowAge };
+        }
+        return { limited: false };
+    },
+});
+/**
+ * Increment failure count for a key. Applies lockout if threshold reached.
+ */
+export const increment = internalMutation({
+    args: {
+        key: v.string(),
+    },
+    handler: async (ctx, { key }) => {
+        const now = Date.now();
+        const record = await ctx.db
+            .query("rateLimits")
+            .withIndex("by_key", (q) => q.eq("key", key))
+            .unique();
+        if (!record) {
+            await ctx.db.insert("rateLimits", {
+                key,
+                count: 1,
+                windowStart: now,
+            });
+            return;
+        }
+        const windowAge = now - record.windowStart;
+        let newCount;
+        let windowStart;
+        if (windowAge >= WINDOW_MS) {
+            // New window
+            newCount = 1;
+            windowStart = now;
+        }
+        else {
+            newCount = record.count + 1;
+            windowStart = record.windowStart;
+        }
+        const lockedUntil = newCount >= MAX_FAILURES ? now + LOCKOUT_MS : record.lockedUntil;
+        await ctx.db.patch(record._id, {
+            count: newCount,
+            windowStart,
+            lockedUntil,
+        });
+    },
+});
+/**
+ * Reset rate limit for a key (called on successful auth).
+ */
+export const reset = internalMutation({
+    args: {
+        key: v.string(),
+    },
+    handler: async (ctx, { key }) => {
+        const record = await ctx.db
+            .query("rateLimits")
+            .withIndex("by_key", (q) => q.eq("key", key))
+            .unique();
+        if (record) {
+            await ctx.db.delete(record._id);
+        }
+    },
+});
+//# sourceMappingURL=rateLimit.js.map

package/dist/component/lib/rateLimit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rateLimit.js","sourceRoot":"","sources":["../../../src/component/lib/rateLimit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEvE,mDAAmD;AACnD,MAAM,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEjC,mCAAmC;AACnC,MAAM,YAAY,GAAG,EAAE,CAAC;AAExB,oCAAoC;AACpC,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAElC;;;GAGG;AACH,MAAM,CAAC,MAAM,KAAK,GAAG,aAAa,CAAC;IACjC,IAAI,EAAE;QACJ,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;KAChB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACxB,KAAK,CAAC,YAAY,CAAC;aACnB,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;aAC5C,MAAM,EAAE,CAAC;QAEZ,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,KAAc,EAAE,CAAC;QACrC,CAAC;QAED,qBAAqB;QACrB,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,IAAI,MAAM,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC;YACjE,OAAO,EAAE,OAAO,EAAE,IAAa,EAAE,UAAU,EAAE,MAAM,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC;QAC1E,CAAC;QAED,6BAA6B;QAC7B,MAAM,SAAS,GAAG,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC;QAC3C,IAAI,SAAS,GAAG,SAAS,IAAI,MAAM,CAAC,KAAK,IAAI,YAAY,EAAE,CAAC;YAC1D,OAAO,EAAE,OAAO,EAAE,IAAa,EAAE,UAAU,EAAE,SAAS,GAAG,SAAS,EAAE,CAAC;QACvE,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAc,EAAE,CAAC;IACrC,CAAC;CACF,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,gBAAgB,CAAC;IACxC,IAAI,EAAE;QACJ,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;KAChB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACxB,KAAK,CAAC,YAAY,CAAC;aACnB,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;aAC5C,MAAM,EAAE,CAAC;QAEZ,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE;gBAChC,GAAG;gBACH,KAAK,EAAE,CAAC;gBACR,WAAW,EAAE,GAAG;aACjB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC;QAC3C,IAAI,QAAgB,CAAC;QACrB,IAAI,WAAmB,CAAC;QAExB,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;YAC3B,aAAa;YACb,QAAQ,GAAG,CAAC,CAAC;YACb,WAAW,GAAG,GAAG,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC;YAC5B,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACnC,CAAC;QAED,MAAM,WAAW,GACf,QAAQ,IAAI,YAAY,CAAC,CAAC,CAAC,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;QAEnE,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE;YAC7B,KAAK,EAAE,QAAQ;YACf,WAAW;YACX,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;CACF,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,KAAK,GAAG,gBAAgB,CAAC;IACpC,IAAI,EAAE;QACJ,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;KAChB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAC9B,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE;aACxB,KAAK,CAAC,YAAY,CAAC;aACnB,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;aAC5C,MAAM,EAAE,CAAC;QAEZ,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;CACF,CAAC,CAAC"}

package/dist/component/lib/validators.d.ts

@@ -0,0 +1,19 @@
+/** Runtime validator for OAuth provider configuration payloads. */
+export declare const oauthProviderConfigValidator: import("convex/values").VObject<{
+    id: string;
+    clientId: string;
+    clientSecret: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    userInfoUrl: string;
+    scopes: string[];
+}, {
+    id: import("convex/values").VString<string, "required">;
+    clientId: import("convex/values").VString<string, "required">;
+    clientSecret: import("convex/values").VString<string, "required">;
+    authorizationUrl: import("convex/values").VString<string, "required">;
+    tokenUrl: import("convex/values").VString<string, "required">;
+    userInfoUrl: import("convex/values").VString<string, "required">;
+    scopes: import("convex/values").VArray<string[], import("convex/values").VString<string, "required">, "required">;
+}, "required", "id" | "clientId" | "clientSecret" | "authorizationUrl" | "tokenUrl" | "userInfoUrl" | "scopes">;
+//# sourceMappingURL=validators.d.ts.map

package/dist/component/lib/validators.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../src/component/lib/validators.ts"],"names":[],"mappings":"AAEA,mEAAmE;AACnE,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;+GAQvC,CAAC"}

package/dist/component/lib/validators.js

@@ -0,0 +1,12 @@
+import { v } from "convex/values";
+/** Runtime validator for OAuth provider configuration payloads. */
+export const oauthProviderConfigValidator = v.object({
+    id: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    authorizationUrl: v.string(),
+    tokenUrl: v.string(),
+    userInfoUrl: v.string(),
+    scopes: v.array(v.string()),
+});
+//# sourceMappingURL=validators.js.map

package/dist/component/lib/validators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/component/lib/validators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAElC,mEAAmE;AACnE,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;CAC5B,CAAC,CAAC"}

package/dist/component/plugins/admin.d.ts

@@ -0,0 +1,72 @@
+/** List users with cursor-based pagination.
+ *
+ * paginate() is not available in components, so we use _creationTime as a
+ * cursor with .filter() + .take(). The cursor is a stringified _creationTime.
+ */
+export declare const listUsers: import("convex/server").RegisteredQuery<"internal", {
+    limit?: number;
+    cursor?: string;
+    actorUserId: import("convex/values").GenericId<"users">;
+}, Promise<{
+    users: {
+        _id: import("convex/values").GenericId<"users">;
+        _creationTime: number;
+        name?: string;
+        image?: string;
+        role?: string;
+        banned?: boolean;
+        banReason?: string;
+        banExpires?: number;
+        email: string;
+        emailVerified: boolean;
+        createdAt: number;
+        updatedAt: number;
+    }[];
+    cursor: string | null;
+    isDone: boolean;
+}>>;
+/** Get a single user by ID (admin view). */
+export declare const getUser: import("convex/server").RegisteredQuery<"internal", {
+    userId: import("convex/values").GenericId<"users">;
+    actorUserId: import("convex/values").GenericId<"users">;
+}, Promise<{
+    _id: import("convex/values").GenericId<"users">;
+    _creationTime: number;
+    name?: string;
+    image?: string;
+    role?: string;
+    banned?: boolean;
+    banReason?: string;
+    banExpires?: number;
+    email: string;
+    emailVerified: boolean;
+    createdAt: number;
+    updatedAt: number;
+} | null>>;
+/**
+ * Ban a user. Sets banned=true, banReason, and optional banExpires.
+ * Also invalidates all active sessions.
+ */
+export declare const banUser: import("convex/server").RegisteredMutation<"internal", {
+    expiresAt?: number;
+    reason?: string;
+    userId: import("convex/values").GenericId<"users">;
+    actorUserId: import("convex/values").GenericId<"users">;
+}, Promise<void>>;
+/** Unban a user. Clears ban fields. */
+export declare const unbanUser: import("convex/server").RegisteredMutation<"internal", {
+    userId: import("convex/values").GenericId<"users">;
+    actorUserId: import("convex/values").GenericId<"users">;
+}, Promise<void>>;
+/** Set a user's role. */
+export declare const setRole: import("convex/server").RegisteredMutation<"internal", {
+    role: string;
+    userId: import("convex/values").GenericId<"users">;
+    actorUserId: import("convex/values").GenericId<"users">;
+}, Promise<void>>;
+/** Delete a user and all associated data. */
+export declare const deleteUser: import("convex/server").RegisteredMutation<"internal", {
+    userId: import("convex/values").GenericId<"users">;
+    actorUserId: import("convex/values").GenericId<"users">;
+}, Promise<void>>;
+//# sourceMappingURL=admin.d.ts.map

package/dist/component/plugins/admin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../../src/component/plugins/admin.ts"],"names":[],"mappings":"AAiBA;;;;GAIG;AACH,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;GAkCpB,CAAC;AAEH,4CAA4C;AAC5C,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;UASlB,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,OAAO;;;;;iBA6BlB,CAAC;AAEH,uCAAuC;AACvC,eAAO,MAAM,SAAS;;;iBAkBpB,CAAC;AAEH,yBAAyB;AACzB,eAAO,MAAM,OAAO;;;;iBAiBlB,CAAC;AAEH,6CAA6C;AAC7C,eAAO,MAAM,UAAU;;;iBA6BrB,CAAC"}

package/dist/component/plugins/admin.js

@@ -0,0 +1,152 @@
+import { v } from "convex/values";
+import { internalMutation, internalQuery } from "../_generated/server";
+async function assertAdminActor(ctx, actorUserId) {
+    const actor = await ctx.db.get(actorUserId);
+    if (!actor) {
+        throw new Error("Unauthorized");
+    }
+    if (actor.role !== "admin") {
+        throw new Error("Forbidden");
+    }
+}
+/** List users with cursor-based pagination.
+ *
+ * paginate() is not available in components, so we use _creationTime as a
+ * cursor with .filter() + .take(). The cursor is a stringified _creationTime.
+ */
+export const listUsers = internalQuery({
+    args: {
+        actorUserId: v.id("users"),
+        limit: v.optional(v.number()),
+        cursor: v.optional(v.string()),
+    },
+    handler: async (ctx, args) => {
+        await assertAdminActor(ctx, args.actorUserId);
+        const limit = args.limit ?? 20;
+        let query = ctx.db.query("users").order("asc");
+        if (args.cursor) {
+            const cursorTime = parseFloat(args.cursor);
+            query = query.filter((q) => q.gt(q.field("_creationTime"), cursorTime));
+        }
+        const rows = await query.take(limit + 1);
+        const hasMore = rows.length > limit;
+        const page = hasMore ? rows.slice(0, limit) : rows;
+        const nextCursor = hasMore && page.length > 0
+            ? String(page[page.length - 1]._creationTime)
+            : null;
+        return {
+            users: page,
+            cursor: nextCursor,
+            isDone: !hasMore,
+        };
+    },
+});
+/** Get a single user by ID (admin view). */
+export const getUser = internalQuery({
+    args: {
+        actorUserId: v.id("users"),
+        userId: v.id("users"),
+    },
+    handler: async (ctx, { actorUserId, userId }) => {
+        await assertAdminActor(ctx, actorUserId);
+        return await ctx.db.get(userId);
+    },
+});
+/**
+ * Ban a user. Sets banned=true, banReason, and optional banExpires.
+ * Also invalidates all active sessions.
+ */
+export const banUser = internalMutation({
+    args: {
+        actorUserId: v.id("users"),
+        userId: v.id("users"),
+        reason: v.optional(v.string()),
+        expiresAt: v.optional(v.number()), // timestamp; undefined = permanent
+    },
+    handler: async (ctx, { actorUserId, userId, reason, expiresAt }) => {
+        await assertAdminActor(ctx, actorUserId);
+        const user = await ctx.db.get(userId);
+        if (!user)
+            throw new Error("User not found");
+        await ctx.db.patch(userId, {
+            banned: true,
+            banReason: reason,
+            banExpires: expiresAt,
+            updatedAt: Date.now(),
+        });
+        // Invalidate all active sessions
+        const sessions = await ctx.db
+            .query("sessions")
+            .withIndex("by_userId", (q) => q.eq("userId", userId))
+            .collect();
+        for (const session of sessions) {
+            await ctx.db.delete(session._id);
+        }
+    },
+});
+/** Unban a user. Clears ban fields. */
+export const unbanUser = internalMutation({
+    args: {
+        actorUserId: v.id("users"),
+        userId: v.id("users"),
+    },
+    handler: async (ctx, { actorUserId, userId }) => {
+        await assertAdminActor(ctx, actorUserId);
+        const user = await ctx.db.get(userId);
+        if (!user)
+            throw new Error("User not found");
+        await ctx.db.patch(userId, {
+            banned: false,
+            banReason: undefined,
+            banExpires: undefined,
+            updatedAt: Date.now(),
+        });
+    },
+});
+/** Set a user's role. */
+export const setRole = internalMutation({
+    args: {
+        actorUserId: v.id("users"),
+        userId: v.id("users"),
+        role: v.string(),
+    },
+    handler: async (ctx, { actorUserId, userId, role }) => {
+        await assertAdminActor(ctx, actorUserId);
+        const user = await ctx.db.get(userId);
+        if (!user)
+            throw new Error("User not found");
+        await ctx.db.patch(userId, {
+            role,
+            updatedAt: Date.now(),
+        });
+    },
+});
+/** Delete a user and all associated data. */
+export const deleteUser = internalMutation({
+    args: {
+        actorUserId: v.id("users"),
+        userId: v.id("users"),
+    },
+    handler: async (ctx, { actorUserId, userId }) => {
+        await assertAdminActor(ctx, actorUserId);
+        // Delete accounts
+        const accounts = await ctx.db
+            .query("accounts")
+            .withIndex("by_userId", (q) => q.eq("userId", userId))
+            .collect();
+        for (const account of accounts) {
+            await ctx.db.delete(account._id);
+        }
+        // Delete sessions
+        const sessions = await ctx.db
+            .query("sessions")
+            .withIndex("by_userId", (q) => q.eq("userId", userId))
+            .collect();
+        for (const session of sessions) {
+            await ctx.db.delete(session._id);
+        }
+        // Delete the user
+        await ctx.db.delete(userId);
+    },
+});
+//# sourceMappingURL=admin.js.map

package/dist/component/plugins/admin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.js","sourceRoot":"","sources":["../../../src/component/plugins/admin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGvE,KAAK,UAAU,gBAAgB,CAC7B,GAA4E,EAC5E,WAAwB;IAExB,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CAAC;IACrC,IAAI,EAAE;QACJ,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAC/B;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAE9C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAE/B,IAAI,KAAK,GAAG,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC3C,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACzB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,UAAU,CAAC,CAC3C,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnD,MAAM,UAAU,GACd,OAAO,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YACxB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC;YAC7C,CAAC,CAAC,IAAI,CAAC;QAEX,OAAO;YACL,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,CAAC,OAAO;SACjB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,4CAA4C;AAC5C,MAAM,CAAC,MAAM,OAAO,GAAG,aAAa,CAAC;IACnC,IAAI,EAAE;QACJ,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;KACtB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,EAAE;QAC9C,MAAM,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACzC,OAAO,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;CACF,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,gBAAgB,CAAC;IACtC,IAAI,EAAE;QACJ,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QACrB,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC9B,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,mCAAmC;KACvE;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE;QACjE,MAAM,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEzC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE7C,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE;YACzB,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,MAAM;YACjB,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;QAEH,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;aAC1B,KAAK,CAAC,UAAU,CAAC;aACjB,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QACb,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC,CAAC;AAEH,uCAAuC;AACvC,MAAM,CAAC,MAAM,SAAS,GAAG,gBAAgB,CAAC;IACxC,IAAI,EAAE;QACJ,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;KACtB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,EAAE;QAC9C,MAAM,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEzC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE7C,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE;YACzB,MAAM,EAAE,KAAK;YACb,SAAS,EAAE,SAAS;YACpB,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;CACF,CAAC,CAAC;AAEH,yBAAyB;AACzB,MAAM,CAAC,MAAM,OAAO,GAAG,gBAAgB,CAAC;IACtC,IAAI,EAAE;QACJ,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QACrB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACjB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;QACpD,MAAM,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEzC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE7C,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE;YACzB,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;CACF,CAAC,CAAC;AAEH,6CAA6C;AAC7C,MAAM,CAAC,MAAM,UAAU,GAAG,gBAAgB,CAAC;IACzC,IAAI,EAAE;QACJ,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;QAC1B,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC;KACtB;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,EAAE;QAC9C,MAAM,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEzC,kBAAkB;QAClB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;aAC1B,KAAK,CAAC,UAAU,CAAC;aACjB,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QACb,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,kBAAkB;QAClB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,EAAE;aAC1B,KAAK,CAAC,UAAU,CAAC;aACjB,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;aACrD,OAAO,EAAE,CAAC;QACb,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,kBAAkB;QAClB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;CACF,CAAC,CAAC"}

package/dist/component/providers/emailPassword.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Sign up with email and password.
+ *
+ * Returns the verification code so the host app (via ConvexAuth client)
+ * can send the email. Functions cannot be passed as Convex args.
+ *
+ * Flow:
+ * 1. Validate email
+ * 2. Check IP rate limit
+ * 3. Check email not already registered
+ * 4. Hash password with Argon2id
+ * 5. Create user + account
+ * 6. Generate verification code
+ * 7. Return { status: "verification_required", verificationCode }
+ */
+export declare const signUp: any;
+/**
+ * Sign in with email and password.
+ *
+ * Flow:
+ * 1. Check rate limits (IP + email)
+ * 2. Look up account by email
+ * 3. Verify Argon2id hash
+ * 4. Check banned status
+ * 5. Create session
+ * 6. Return { sessionToken, userId }
+ */
+export declare const signIn: any;
+/**
+ * Verify email address with a verification code.
+ */
+export declare const verifyEmail: any;
+/**
+ * Request a password reset code.
+ * Returns the reset code so the host app can send the email.
+ * Always returns { status: "sent" } to prevent email enumeration.
+ * Returns resetCode only when a real user was found.
+ */
+export declare const requestPasswordReset: any;
+/**
+ * Reset password using a verification code.
+ */
+export declare const resetPassword: any;
+/** Internal mutation to update password hash on an account. */
+export declare const updatePasswordHash: import("convex/server").RegisteredMutation<"internal", {
+    accountId: any;
+    passwordHash: string;
+}, Promise<void>>;
+//# sourceMappingURL=emailPassword.d.ts.map

package/dist/component/providers/emailPassword.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"emailPassword.d.ts","sourceRoot":"","sources":["../../../src/component/providers/emailPassword.ts"],"names":[],"mappings":"AA4BA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,MAAM,KA0EjB,CAAC;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,KAyFjB,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,WAAW,KA+BtB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,KA+C/B,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,aAAa,KA4CxB,CAAC;AAEH,+DAA+D;AAC/D,eAAO,MAAM,kBAAkB;;;iBAW7B,CAAC"}