kitcn 0.0.1 → 0.12.1

package/dist/auth/http/index.js

@@ -0,0 +1,461 @@
+import { ROUTABLE_HTTP_METHODS, httpActionGeneric, httpRouter } from "convex/server";
+
+//#region src/auth/error-response.ts
+const isApiErrorLike = (error) => !!error && typeof error === "object" && (error.name === "APIError" && "statusCode" in error || typeof error.statusCode === "number");
+const toResponseInit = (error) => {
+	const init = {
+		headers: new Headers(error.headers ?? {}),
+		status: typeof error.statusCode === "number" ? error.statusCode : 500
+	};
+	if (typeof error.status === "string") init.statusText = error.status;
+	return init;
+};
+const toAuthErrorResponse = (error) => {
+	if (!isApiErrorLike(error)) return null;
+	const init = toResponseInit(error);
+	const { body } = error;
+	if (body === void 0) return new Response(null, init);
+	if (typeof body === "string") {
+		if (init.headers instanceof Headers && !init.headers.has("content-type")) init.headers.set("content-type", "text/plain");
+		return new Response(body, init);
+	}
+	return Response.json(body, init);
+};
+
+//#endregion
+//#region src/auth/middleware.ts
+/**
+* Create auth middleware that handles auth routes and OpenID well-known redirect.
+*
+* @example
+* ```ts
+* import { Hono } from 'hono';
+* import { cors } from 'hono/cors';
+* import { authMiddleware } from 'kitcn/auth/http';
+* import { createHttpRouter } from 'kitcn/server';
+*
+* const app = new Hono();
+* app.use('/api/*', cors({ origin: process.env.SITE_URL, credentials: true }));
+* app.use(authMiddleware(getAuth));
+*
+* export default createHttpRouter(app, httpRouter);
+* ```
+*/
+function authMiddleware(getAuth, opts = {}) {
+	const basePath = opts.basePath ?? "/api/auth";
+	return async (c, next) => {
+		if (c.req.path === "/.well-known/openid-configuration") return c.redirect(`${process.env.CONVEX_SITE_URL}${basePath}/convex/.well-known/openid-configuration`);
+		if (c.req.path.startsWith(basePath)) {
+			if (opts.verbose) console.log("request headers", c.req.raw.headers);
+			const auth = getAuth(c.env);
+			let response;
+			try {
+				response = await auth.handler(c.req.raw);
+			} catch (error) {
+				const errorResponse = toAuthErrorResponse(error);
+				if (errorResponse) return errorResponse;
+				throw error;
+			}
+			if (opts.verbose) console.log("response headers", response.headers);
+			return response;
+		}
+		return next();
+	};
+}
+
+//#endregion
+//#region src/internal/upstream/server/cors.ts
+/** biome-ignore-all lint: vendored upstream helper source */
+/**
+* Vendored from upstream helper repository at commit c5e52c8.
+* Source path: packages/convex_helpers/server/cors.ts
+*/
+/**
+* This file defines a CorsHttpRouter class that extends Convex's HttpRouter.
+* It provides CORS (Cross-Origin Resource Sharing) support for HTTP routes.
+*
+* The CorsHttpRouter:
+* 1. Allows specifying allowed origins for CORS.
+* 2. Overrides the route method to add CORS headers to all non-OPTIONS requests.
+* 3. Automatically adds an OPTIONS route to handle CORS preflight requests.
+* 4. Uses the handleCors helper function to apply CORS headers consistently.
+*
+* This router simplifies the process of making Convex HTTP endpoints
+* accessible to web applications hosted on different domains while
+* maintaining proper CORS configuration.
+*/
+const DEFAULT_EXPOSED_HEADERS = ["Content-Range", "Accept-Ranges"];
+/**
+* Factory function to create a router that adds CORS support to routes.
+* @param allowedOrigins An array of allowed origins for CORS.
+* @returns A function to use instead of http.route when you want CORS.
+*/
+const corsRouter = (http, corsConfig) => {
+	const allowedExactMethodsByPath = /* @__PURE__ */ new Map();
+	const allowedPrefixMethodsByPath = /* @__PURE__ */ new Map();
+	return {
+		http,
+		route: (routeSpec) => {
+			const tempRouter = httpRouter();
+			tempRouter.exactRoutes = http.exactRoutes;
+			tempRouter.prefixRoutes = http.prefixRoutes;
+			const config = {
+				...corsConfig,
+				...routeSpec
+			};
+			const httpCorsHandler = handleCors({
+				originalHandler: routeSpec.handler,
+				allowedMethods: [routeSpec.method],
+				...config
+			});
+			/**
+			* Figure out what kind of route we're adding: exact or prefix and handle
+			* accordingly.
+			*/
+			if ("path" in routeSpec) {
+				let methods = allowedExactMethodsByPath.get(routeSpec.path);
+				if (!methods) {
+					methods = /* @__PURE__ */ new Set();
+					allowedExactMethodsByPath.set(routeSpec.path, methods);
+				}
+				methods.add(routeSpec.method);
+				tempRouter.route({
+					path: routeSpec.path,
+					method: routeSpec.method,
+					handler: httpCorsHandler
+				});
+				handleExactRoute(tempRouter, routeSpec, config, Array.from(methods));
+			} else {
+				let methods = allowedPrefixMethodsByPath.get(routeSpec.pathPrefix);
+				if (!methods) {
+					methods = /* @__PURE__ */ new Set();
+					allowedPrefixMethodsByPath.set(routeSpec.pathPrefix, methods);
+				}
+				methods.add(routeSpec.method);
+				tempRouter.route({
+					pathPrefix: routeSpec.pathPrefix,
+					method: routeSpec.method,
+					handler: httpCorsHandler
+				});
+				handlePrefixRoute(tempRouter, routeSpec, config, Array.from(methods));
+			}
+			/**
+			* Copy the routes from the temporary router to the main router.
+			*/
+			http.exactRoutes = new Map(tempRouter.exactRoutes);
+			http.prefixRoutes = new Map(tempRouter.prefixRoutes);
+		}
+	};
+};
+/**
+* Handles exact route matching and adds OPTIONS handler.
+* @param tempRouter Temporary router instance.
+* @param routeSpec Route specification for exact matching.
+*/
+function handleExactRoute(tempRouter, routeSpec, config, allowedMethods) {
+	const currentMethodsForPath = tempRouter.exactRoutes.get(routeSpec.path);
+	/**
+	* Add the OPTIONS handler for the given path
+	*/
+	const optionsHandler = createOptionsHandlerForMethods(allowedMethods, config);
+	currentMethodsForPath?.set("OPTIONS", optionsHandler);
+	tempRouter.exactRoutes.set(routeSpec.path, new Map(currentMethodsForPath));
+}
+/**
+* Handles prefix route matching and adds OPTIONS handler.
+* @param tempRouter Temporary router instance.
+* @param routeSpec Route specification for prefix matching.
+*/
+function handlePrefixRoute(tempRouter, routeSpec, config, allowedMethods) {
+	/**
+	* prefixRoutes is structured differently than exactRoutes. It's defined as
+	* a Map<string, Map<string, PublicHttpAction>> where the KEY is the
+	* METHOD and the VALUE is a map of paths and handlers.
+	*/
+	const optionsHandler = createOptionsHandlerForMethods(allowedMethods, config);
+	const optionsPrefixes = tempRouter.prefixRoutes.get("OPTIONS") || /* @__PURE__ */ new Map();
+	optionsPrefixes.set(routeSpec.pathPrefix, optionsHandler);
+	tempRouter.prefixRoutes.set("OPTIONS", optionsPrefixes);
+}
+/**
+* Creates an OPTIONS handler for the given HTTP methods.
+* @param methods Array of HTTP methods to be allowed.
+* @returns A CORS-enabled OPTIONS handler.
+*/
+function createOptionsHandlerForMethods(methods, config) {
+	return handleCors({
+		...config,
+		allowedMethods: methods
+	});
+}
+/**
+* handleCors() is a higher-order function that wraps a Convex HTTP action handler to add CORS support.
+* It allows for customization of allowed HTTP methods and origins for cross-origin requests.
+*
+* The function:
+* 1. Validates and normalizes the allowed HTTP methods.
+* 2. Generates appropriate CORS headers based on the provided configuration.
+* 3. Handles preflight OPTIONS requests automatically.
+* 4. Wraps the original handler to add CORS headers to its response.
+*
+* This helper simplifies the process of making Convex HTTP actions accessible
+* to web applications hosted on different domains.
+*/
+const SECONDS_IN_A_DAY = 3600 * 24;
+/**
+* Example CORS origins:
+* - "*" (allow all origins)
+* - "https://example.com" (allow a specific domain)
+* - "https://*.example.com" (allow all subdomains of example.com)
+* - "https://example1.com, https://example2.com" (allow multiple specific domains)
+* - "null" (allow requests from data URLs or local files)
+*/
+const handleCors = ({ originalHandler, allowedMethods = ["OPTIONS"], allowedOrigins = ["*"], allowedHeaders = ["Content-Type"], exposedHeaders = DEFAULT_EXPOSED_HEADERS, allowCredentials = false, browserCacheMaxAge = SECONDS_IN_A_DAY, enforceAllowOrigins = false, debug = false }) => {
+	const filteredMethods = Array.from(new Set(allowedMethods.map((method) => method.toUpperCase()))).filter((method) => ROUTABLE_HTTP_METHODS.includes(method));
+	if (filteredMethods.length === 0) throw new Error("No valid HTTP methods provided");
+	/**
+	* Ensure OPTIONS is not duplicated if it was passed in
+	* E.g. if allowedMethods = ["GET", "OPTIONS"]
+	*/
+	const allowMethods = filteredMethods.includes("OPTIONS") ? filteredMethods.join(", ") : [...filteredMethods].join(", ");
+	/**
+	* Build up the set of CORS headers
+	*/
+	const commonHeaders = { Vary: "Origin" };
+	if (allowCredentials) commonHeaders["Access-Control-Allow-Credentials"] = "true";
+	if (exposedHeaders.length > 0) commonHeaders["Access-Control-Expose-Headers"] = exposedHeaders.join(", ");
+	async function parseAllowedOrigins(request) {
+		return Array.isArray(allowedOrigins) ? allowedOrigins : await allowedOrigins(request);
+	}
+	async function isAllowedOrigin(request) {
+		const requestOrigin = request.headers.get("origin");
+		if (!requestOrigin) return false;
+		return (await parseAllowedOrigins(request)).some((allowed) => {
+			if (allowed === "*") return true;
+			if (allowed === requestOrigin) return true;
+			if (allowed.startsWith("*.")) {
+				const wildcardDomain = allowed.slice(1);
+				const rootDomain = allowed.slice(2);
+				try {
+					const url = new URL(requestOrigin);
+					return url.protocol === "https:" && (url.hostname.endsWith(wildcardDomain) || url.hostname === rootDomain);
+				} catch {
+					return false;
+				}
+			}
+			return false;
+		});
+	}
+	/**
+	* Return our modified HTTP action
+	*/
+	return httpActionGeneric(async (ctx, request) => {
+		if (debug) console.log("CORS request", {
+			path: request.url,
+			origin: request.headers.get("origin"),
+			headers: request.headers,
+			method: request.method,
+			body: request.body
+		});
+		const requestOrigin = request.headers.get("origin");
+		const parsedAllowedOrigins = await parseAllowedOrigins(request);
+		if (debug) console.log("allowed origins", parsedAllowedOrigins);
+		let allowOrigins = null;
+		if (parsedAllowedOrigins.includes("*") && requestOrigin && !allowCredentials) allowOrigins = requestOrigin;
+		else if (requestOrigin) {
+			if (await isAllowedOrigin(request)) allowOrigins = requestOrigin;
+		}
+		if (enforceAllowOrigins && !allowOrigins) {
+			console.error(`Request from origin ${requestOrigin} blocked, missing from allowed origins: ${parsedAllowedOrigins.join()}`);
+			return new Response(null, { status: 403 });
+		}
+		/**
+		* OPTIONS has no handler and just returns headers
+		*/
+		if (request.method === "OPTIONS") {
+			const responseHeaders = new Headers({
+				...commonHeaders,
+				...allowOrigins ? { "Access-Control-Allow-Origin": allowOrigins } : {},
+				"Access-Control-Allow-Methods": allowMethods,
+				"Access-Control-Allow-Headers": allowedHeaders.join(", "),
+				"Access-Control-Max-Age": browserCacheMaxAge.toString()
+			});
+			if (debug) console.log("CORS OPTIONS response headers", responseHeaders);
+			return new Response(null, {
+				status: 204,
+				headers: responseHeaders
+			});
+		}
+		/**
+		* If the method is not OPTIONS, it must pass a handler
+		*/
+		if (!originalHandler) throw new Error("No PublicHttpAction provider to CORS handler");
+		const originalResponse = await ("_handler" in originalHandler ? originalHandler["_handler"] : originalHandler)(ctx, request);
+		/**
+		* Second, get a copy of the original response's headers and add the
+		* allow origin header if it's allowed
+		*/
+		const newHeaders = new Headers(originalResponse.headers);
+		if (allowOrigins) newHeaders.set("Access-Control-Allow-Origin", allowOrigins);
+		/**
+		* Third, add or update our other CORS headers
+		*/
+		Object.entries(commonHeaders).forEach(([key, value]) => {
+			newHeaders.set(key, value);
+		});
+		if (debug) console.log("CORS response headers", newHeaders);
+		/**
+		* Fourth, return the modified Response.
+		* A Response object is immutable, so we create a new one to return here.
+		*/
+		return new Response(originalResponse.body, {
+			status: originalResponse.status,
+			statusText: originalResponse.statusText,
+			headers: newHeaders
+		});
+	});
+};
+
+//#endregion
+//#region src/auth/registerRoutes.ts
+/** biome-ignore-all lint/suspicious/noConsole: lib */
+const LOCAL_AUTH_HOSTS = new Set([
+	"127.0.0.1",
+	"::1",
+	"localhost"
+]);
+const LOCAL_CONVEX_AUTH_IP_PATHS = new Set([
+	"/convex/.well-known/openid-configuration",
+	"/convex/jwks",
+	"/convex/token"
+]);
+const withLocalConvexAuthIp = (request, basePath) => {
+	if (request.headers.get("x-forwarded-for")) return request;
+	let url;
+	try {
+		url = new URL(request.url);
+	} catch {
+		return request;
+	}
+	if (!LOCAL_AUTH_HOSTS.has(url.hostname)) return request;
+	if (request.method !== "GET") return request;
+	const normalizedBasePath = basePath.length > 1 && basePath.endsWith("/") ? basePath.slice(0, -1) : basePath;
+	const normalizedPath = normalizedBasePath === "/" ? url.pathname : url.pathname.startsWith(normalizedBasePath) ? url.pathname.slice(normalizedBasePath.length) || "/" : url.pathname;
+	if (!LOCAL_CONVEX_AUTH_IP_PATHS.has(normalizedPath)) return request;
+	const headers = new Headers(request.headers);
+	headers.set("x-forwarded-for", "127.0.0.1");
+	return new Request(url.toString(), {
+		headers,
+		method: request.method
+	});
+};
+const registerRoutes = (http, getAuth, opts = {}) => {
+	const staticAuth = getAuth({});
+	const path = staticAuth.options.basePath ?? "/api/auth";
+	const authRequestHandler = httpActionGeneric(async (ctx, request) => {
+		if (opts?.verbose) {
+			console.log("options.baseURL", staticAuth.options.baseURL);
+			console.log("request headers", request.headers);
+		}
+		const auth = getAuth(ctx);
+		const authRequest = withLocalConvexAuthIp(request, path);
+		let response;
+		try {
+			response = await auth.handler(authRequest);
+		} catch (error) {
+			const errorResponse = toAuthErrorResponse(error);
+			if (errorResponse) return errorResponse;
+			throw error;
+		}
+		if (opts?.verbose) console.log("response headers", response.headers);
+		return response;
+	});
+	if (!http.lookup("/.well-known/openid-configuration", "GET")) http.route({
+		handler: httpActionGeneric(async () => {
+			const url = `${process.env.CONVEX_SITE_URL}${path}/convex/.well-known/openid-configuration`;
+			return Response.redirect(url);
+		}),
+		method: "GET",
+		path: "/.well-known/openid-configuration"
+	});
+	if (!opts.cors) {
+		http.route({
+			handler: authRequestHandler,
+			method: "GET",
+			pathPrefix: `${path}/`
+		});
+		http.route({
+			handler: authRequestHandler,
+			method: "POST",
+			pathPrefix: `${path}/`
+		});
+		return;
+	}
+	const corsOpts = typeof opts.cors === "boolean" ? {
+		allowedHeaders: [],
+		allowedOrigins: [],
+		exposedHeaders: []
+	} : opts.cors;
+	let trustedOriginsOption;
+	const cors = corsRouter(http, {
+		allowCredentials: true,
+		allowedHeaders: [
+			"Content-Type",
+			"Better-Auth-Cookie",
+			"Authorization"
+		].concat(corsOpts.allowedHeaders ?? []),
+		debug: opts?.verbose,
+		enforceAllowOrigins: false,
+		exposedHeaders: ["Set-Better-Auth-Cookie"].concat(corsOpts.exposedHeaders ?? []),
+		allowedOrigins: async (request) => {
+			const resolvedTrustedOrigins = trustedOriginsOption ?? (await staticAuth.$context).options.trustedOrigins ?? [];
+			trustedOriginsOption = resolvedTrustedOrigins;
+			return (Array.isArray(resolvedTrustedOrigins) ? resolvedTrustedOrigins : await resolvedTrustedOrigins(request) ?? []).filter((origin) => typeof origin === "string").map((origin) => origin.endsWith("*") && origin.length > 1 ? origin.slice(0, -1) : origin).concat(corsOpts.allowedOrigins ?? []);
+		}
+	});
+	cors.route({
+		handler: authRequestHandler,
+		method: "GET",
+		pathPrefix: `${path}/`
+	});
+	cors.route({
+		handler: authRequestHandler,
+		method: "POST",
+		pathPrefix: `${path}/`
+	});
+};
+
+//#endregion
+//#region src/auth-http/index.ts
+/**
+* Install Convex-safe polyfills required by Better Auth's HTTP handling.
+* This runs automatically when importing `kitcn/auth/http`.
+*/
+function installAuthHttpPolyfills() {
+	if (typeof MessageChannel !== "undefined") return;
+	class MockMessagePort {
+		onmessage;
+		onmessageerror;
+		addEventListener() {}
+		close() {}
+		dispatchEvent(_event) {
+			return false;
+		}
+		postMessage(_message, _transfer = []) {}
+		removeEventListener() {}
+		start() {}
+	}
+	class MockMessageChannel {
+		port1;
+		port2;
+		constructor() {
+			this.port1 = new MockMessagePort();
+			this.port2 = new MockMessagePort();
+		}
+	}
+	globalThis.MessageChannel = MockMessageChannel;
+}
+installAuthHttpPolyfills();
+
+//#endregion
+export { authMiddleware, installAuthHttpPolyfills, registerRoutes };

package/dist/auth/index.d.ts

@@ -0,0 +1,221 @@
+import { a as QueryCtxWithPreferredOrmQueryTable, n as LookupByIdResultByCtx, t as DocByCtx } from "../query-context-CFZqIvD7.js";
+import { t as GetAuth } from "../types-BiJE7qxR.js";
+import { t as GenericCtx } from "../context-utils-HPC5nXzx.js";
+import { S as defineAuth, _ as GenericAuthBeforeResult, a as AuthFunctions, b as GenericAuthTriggerHandlers, c as createApi, d as deleteOneHandler, f as findManyHandler, g as BetterAuthOptionsWithoutDatabase, h as updateOneHandler, i as getGeneratedAuthDisabledReason, l as createHandler, m as updateManyHandler, n as GeneratedAuthDisabledReasonKind, o as Triggers, p as findOneHandler, r as createDisabledAuthRuntime, s as createClient, t as AuthRuntime, u as deleteManyHandler, v as GenericAuthDefinition, x as GenericAuthTriggers, y as GenericAuthTriggerChange } from "../generated-contract-disabled-D-sOFy92.js";
+import * as convex_values0 from "convex/values";
+import { Infer } from "convex/values";
+import { DocumentByName, GenericDataModel, GenericMutationCtx, GenericQueryCtx, GenericSchema, PaginationOptions, PaginationResult, SchemaDefinition, TableNamesInDataModel } from "convex/server";
+import { convex } from "@convex-dev/better-auth/plugins";
+import * as better_auth_adapters0 from "better-auth/adapters";
+import { DBAdapterDebugLogOption } from "better-auth/adapters";
+import { BetterAuthDBSchema } from "better-auth/db";
+import { BetterAuthOptions } from "better-auth/minimal";
+import * as better_auth0 from "better-auth";
+import { Where } from "better-auth/types";
+import { SetOptional } from "type-fest";
+
+//#region src/auth/adapter.d.ts
+declare const handlePagination: (next: ({
+  paginationOpts
+}: {
+  paginationOpts: PaginationOptions;
+}) => Promise<SetOptional<PaginationResult<any>, "page"> & {
+  count?: number;
+}>, {
+  limit,
+  numItems
+}?: {
+  limit?: number;
+  numItems?: number;
+}) => Promise<{
+  count: number;
+  cursor: string | null;
+  docs: any[];
+  isDone: boolean;
+}>;
+type ConvexCleanedWhere = Where & {
+  value: number[] | string[] | boolean | number | string | null;
+};
+declare const adapterConfig: {
+  adapterId: string;
+  adapterName: string;
+  debugLogs: false;
+  disableIdGeneration: true;
+  mapKeysTransformInput: {
+    id: string;
+  };
+  mapKeysTransformOutput: {
+    _id: string;
+  };
+  supportsJSON: false;
+  supportsNumericIds: false;
+  supportsDates: false;
+  supportsArrays: true;
+  transaction: false;
+  usePlural: false;
+  customTransformInput: ({
+    data,
+    fieldAttributes
+  }: {
+    data: any;
+    fieldAttributes: better_auth0.DBFieldAttribute;
+    field: string;
+    action: "create" | "update" | "findOne" | "findMany" | "updateMany" | "delete" | "deleteMany" | "count";
+    model: string;
+    schema: BetterAuthDBSchema;
+    options: BetterAuthOptions;
+  }) => any;
+  customTransformOutput: ({
+    data,
+    fieldAttributes
+  }: {
+    data: any;
+    fieldAttributes: better_auth0.DBFieldAttribute;
+    field: string;
+    select: string[];
+    model: string;
+    schema: BetterAuthDBSchema;
+    options: BetterAuthOptions;
+  }) => any;
+};
+declare const httpAdapter: <DataModel extends GenericDataModel, Schema extends SchemaDefinition<any, any>>(ctx: GenericCtx<DataModel>, {
+  authFunctions,
+  debugLogs,
+  schema
+}: {
+  authFunctions: AuthFunctions;
+  debugLogs?: DBAdapterDebugLogOption;
+  schema?: Schema;
+}) => better_auth_adapters0.AdapterFactory<BetterAuthOptions>;
+declare const dbAdapter: <DataModel extends GenericDataModel, Schema extends SchemaDefinition<any, any>>(ctx: GenericCtx<DataModel>, getAuthOptions: (ctx: any) => BetterAuthOptions, {
+  authFunctions,
+  debugLogs,
+  schema
+}: {
+  authFunctions: AuthFunctions;
+  schema: Schema;
+  debugLogs?: DBAdapterDebugLogOption;
+}) => better_auth_adapters0.AdapterFactory<BetterAuthOptions>;
+//#endregion
+//#region src/auth/adapter-utils.d.ts
+type AdapterPaginationOptions = PaginationOptions & {
+  endCursor?: string | null;
+  maximumRowsRead?: number;
+};
+declare const adapterWhereValidator: convex_values0.VObject<{
+  connector?: "AND" | "OR" | undefined;
+  operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
+  value: string | number | boolean | string[] | number[] | null;
+  field: string;
+}, {
+  connector: convex_values0.VUnion<"AND" | "OR" | undefined, [convex_values0.VLiteral<"AND", "required">, convex_values0.VLiteral<"OR", "required">], "optional", never>;
+  field: convex_values0.VString<string, "required">;
+  operator: convex_values0.VUnion<"lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined, [convex_values0.VLiteral<"lt", "required">, convex_values0.VLiteral<"lte", "required">, convex_values0.VLiteral<"gt", "required">, convex_values0.VLiteral<"gte", "required">, convex_values0.VLiteral<"eq", "required">, convex_values0.VLiteral<"in", "required">, convex_values0.VLiteral<"not_in", "required">, convex_values0.VLiteral<"ne", "required">, convex_values0.VLiteral<"contains", "required">, convex_values0.VLiteral<"starts_with", "required">, convex_values0.VLiteral<"ends_with", "required">], "optional", never>;
+  value: convex_values0.VUnion<string | number | boolean | string[] | number[] | null, [convex_values0.VString<string, "required">, convex_values0.VFloat64<number, "required">, convex_values0.VBoolean<boolean, "required">, convex_values0.VArray<string[], convex_values0.VString<string, "required">, "required">, convex_values0.VArray<number[], convex_values0.VFloat64<number, "required">, "required">, convex_values0.VNull<null, "required">], "required", never>;
+}, "required", "value" | "connector" | "field" | "operator">;
+declare const adapterArgsValidator: convex_values0.VObject<{
+  select?: string[] | undefined;
+  where?: {
+    connector?: "AND" | "OR" | undefined;
+    operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
+    value: string | number | boolean | string[] | number[] | null;
+    field: string;
+  }[] | undefined;
+  limit?: number | undefined;
+  offset?: number | undefined;
+  sortBy?: {
+    field: string;
+    direction: "asc" | "desc";
+  } | undefined;
+  model: string;
+}, {
+  limit: convex_values0.VFloat64<number | undefined, "optional">;
+  model: convex_values0.VString<string, "required">;
+  offset: convex_values0.VFloat64<number | undefined, "optional">;
+  select: convex_values0.VArray<string[] | undefined, convex_values0.VString<string, "required">, "optional">;
+  sortBy: convex_values0.VObject<{
+    field: string;
+    direction: "asc" | "desc";
+  } | undefined, {
+    direction: convex_values0.VUnion<"asc" | "desc", [convex_values0.VLiteral<"asc", "required">, convex_values0.VLiteral<"desc", "required">], "required", never>;
+    field: convex_values0.VString<string, "required">;
+  }, "optional", "field" | "direction">;
+  where: convex_values0.VArray<{
+    connector?: "AND" | "OR" | undefined;
+    operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
+    value: string | number | boolean | string[] | number[] | null;
+    field: string;
+  }[] | undefined, convex_values0.VObject<{
+    connector?: "AND" | "OR" | undefined;
+    operator?: "lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined;
+    value: string | number | boolean | string[] | number[] | null;
+    field: string;
+  }, {
+    connector: convex_values0.VUnion<"AND" | "OR" | undefined, [convex_values0.VLiteral<"AND", "required">, convex_values0.VLiteral<"OR", "required">], "optional", never>;
+    field: convex_values0.VString<string, "required">;
+    operator: convex_values0.VUnion<"lt" | "lte" | "gt" | "gte" | "eq" | "in" | "not_in" | "ne" | "contains" | "starts_with" | "ends_with" | undefined, [convex_values0.VLiteral<"lt", "required">, convex_values0.VLiteral<"lte", "required">, convex_values0.VLiteral<"gt", "required">, convex_values0.VLiteral<"gte", "required">, convex_values0.VLiteral<"eq", "required">, convex_values0.VLiteral<"in", "required">, convex_values0.VLiteral<"not_in", "required">, convex_values0.VLiteral<"ne", "required">, convex_values0.VLiteral<"contains", "required">, convex_values0.VLiteral<"starts_with", "required">, convex_values0.VLiteral<"ends_with", "required">], "optional", never>;
+    value: convex_values0.VUnion<string | number | boolean | string[] | number[] | null, [convex_values0.VString<string, "required">, convex_values0.VFloat64<number, "required">, convex_values0.VBoolean<boolean, "required">, convex_values0.VArray<string[], convex_values0.VString<string, "required">, "required">, convex_values0.VArray<number[], convex_values0.VFloat64<number, "required">, "required">, convex_values0.VNull<null, "required">], "required", never>;
+  }, "required", "value" | "connector" | "field" | "operator">, "optional">;
+}, "required", "model" | "select" | "where" | "limit" | "offset" | "sortBy" | "sortBy.field" | "sortBy.direction">;
+declare const hasUniqueFields: (betterAuthSchema: BetterAuthDBSchema, model: string, input: Record<string, any>) => boolean;
+declare const checkUniqueFields: <Schema extends SchemaDefinition<any, any>>(ctx: GenericQueryCtx<GenericDataModel>, schema: Schema, betterAuthSchema: BetterAuthDBSchema, table: string, input: Record<string, any>, doc?: Record<string, any>) => Promise<void>;
+declare const selectFields: <T extends TableNamesInDataModel<GenericDataModel>, D extends DocumentByName<GenericDataModel, T>>(doc: D | null, select?: string[]) => D | null;
+declare const paginate: <Doc extends DocumentByName<GenericDataModel, T>, T extends TableNamesInDataModel<GenericDataModel>>(ctx: GenericQueryCtx<GenericDataModel>, schema: SchemaDefinition<any, any>, betterAuthSchema: BetterAuthDBSchema, args: Infer<typeof adapterArgsValidator> & {
+  paginationOpts: AdapterPaginationOptions;
+}) => Promise<PaginationResult<Doc>>;
+declare const listOne: <Doc extends DocumentByName<GenericDataModel, T>, T extends TableNamesInDataModel<GenericDataModel>>(ctx: GenericQueryCtx<GenericDataModel>, schema: SchemaDefinition<any, any>, betterAuthSchema: BetterAuthDBSchema, args: Infer<typeof adapterArgsValidator>) => Promise<Doc | null>;
+//#endregion
+//#region src/auth/generated-contract.d.ts
+type UnknownFn = (...args: never[]) => unknown;
+declare const getInvalidAuthDefinitionExportReason: (authDefinitionPath?: string) => string;
+type AuthDefinitionModule<GenericCtx, DataModel extends GenericDataModel, Schema extends SchemaDefinition<GenericSchema, true>, AuthOptions extends BetterAuthOptionsWithoutDatabase> = {
+  default: GenericAuthDefinition<GenericCtx, DataModel, Schema, AuthOptions>;
+};
+type AuthDefinitionInput<GenericCtx, DataModel extends GenericDataModel, Schema extends SchemaDefinition<GenericSchema, true>, AuthOptions extends BetterAuthOptionsWithoutDatabase> = GenericAuthDefinition<GenericCtx, DataModel, Schema, AuthOptions> | AuthDefinitionModule<GenericCtx, DataModel, Schema, AuthOptions>;
+declare const resolveGeneratedAuthDefinition: <Definition extends UnknownFn>(input: unknown, reason: string) => Definition;
+declare const createAuthRuntime: <DataModel extends GenericDataModel, Schema extends SchemaDefinition<GenericSchema, true>, TriggerCtx extends GenericMutationCtx<DataModel> = GenericMutationCtx<DataModel>, GenericCtx = GenericMutationCtx<DataModel>, AuthOptions extends BetterAuthOptionsWithoutDatabase = BetterAuthOptionsWithoutDatabase>(config: {
+  internal: unknown;
+  moduleName: string;
+  schema: Schema;
+  auth: AuthDefinitionInput<GenericCtx, DataModel, Schema, AuthOptions>;
+  context?: (ctx: GenericMutationCtx<DataModel>) => TriggerCtx | Promise<TriggerCtx>;
+}) => AuthRuntime<DataModel, Schema, TriggerCtx, GenericCtx, AuthOptions>;
+//#endregion
+//#region src/auth/helpers.d.ts
+type SessionDoc<TCtx extends GenericQueryCtx<any>> = DocByCtx<TCtx, 'session'>;
+type SessionResult<TCtx extends GenericQueryCtx<any>> = LookupByIdResultByCtx<TCtx, 'session'>;
+type SessionLookupCtx<TCtx extends GenericQueryCtx<any>> = QueryCtxWithPreferredOrmQueryTable<TCtx, 'session'>;
+type SessionClientSignals = {
+  ip?: string;
+  userAgent?: string;
+};
+declare const getAuthUserIdentity: <DataModel extends GenericDataModel>(ctx: GenericQueryCtx<DataModel>) => Promise<{
+  sessionId: DocumentByName<DataModel, "session">["_id"];
+  userId: DocumentByName<DataModel, "user">["_id"];
+  tokenIdentifier: string;
+  subject: string;
+  issuer: string;
+  name?: string;
+  givenName?: string;
+  familyName?: string;
+  nickname?: string;
+  preferredUsername?: string;
+  profileUrl?: string;
+  pictureUrl?: string;
+  email?: string;
+  emailVerified?: boolean;
+  gender?: string;
+  birthday?: string;
+  timezone?: string;
+  language?: string;
+  phoneNumber?: string;
+  phoneNumberVerified?: boolean;
+  address?: string;
+  updatedAt?: string;
+} | null>;
+declare const getAuthUserId: <DataModel extends GenericDataModel>(ctx: GenericQueryCtx<DataModel>) => Promise<string | null>;
+declare function getSession<TCtx extends GenericQueryCtx<any>>(ctx: TCtx & SessionLookupCtx<TCtx>, _sessionId?: SessionDoc<TCtx>['_id']): Promise<SessionResult<TCtx>>;
+declare const getSessionNetworkSignals: <TCtx extends GenericQueryCtx<any>>(ctx: TCtx & QueryCtxWithPreferredOrmQueryTable<TCtx, "session">, session?: SessionResult<TCtx> | null) => Promise<SessionClientSignals>;
+declare const getHeaders: <TCtx extends GenericQueryCtx<any>>(ctx: TCtx & QueryCtxWithPreferredOrmQueryTable<TCtx, "session">, session?: SessionResult<TCtx> | null) => Promise<Headers>;
+//#endregion
+export { type AuthFunctions, type AuthRuntime, BetterAuthOptionsWithoutDatabase, ConvexCleanedWhere, type GeneratedAuthDisabledReasonKind, GenericAuthBeforeResult, GenericAuthDefinition, GenericAuthTriggerChange, GenericAuthTriggerHandlers, GenericAuthTriggers, GetAuth, SessionClientSignals, type Triggers, adapterArgsValidator, adapterConfig, adapterWhereValidator, checkUniqueFields, convex, createApi, createAuthRuntime, createClient, createDisabledAuthRuntime, createHandler, dbAdapter, defineAuth, deleteManyHandler, deleteOneHandler, findManyHandler, findOneHandler, getAuthUserId, getAuthUserIdentity, getGeneratedAuthDisabledReason, getHeaders, getInvalidAuthDefinitionExportReason, getSession, getSessionNetworkSignals, handlePagination, hasUniqueFields, httpAdapter, listOne, paginate, resolveGeneratedAuthDefinition, selectFields, updateManyHandler, updateOneHandler };