kitcn
Version:
kitcn - React Query integration and CLI tools for Convex
345 lines (344 loc) • 11.8 kB
TypeScript
'use client';
import { ConvexReactClient } from "convex/react";
import { ReactNode } from "react";
import * as react_jsx_runtime0 from "react/jsx-runtime";
import { AuthConfig } from "convex/server";
import * as better_auth0 from "better-auth";
import { BetterAuthClientPlugin, Session, User } from "better-auth";
import * as better_auth_api0 from "better-auth/api";
import * as better_auth_plugins_oidc_provider0 from "better-auth/plugins/oidc-provider";
import * as jose from "jose";
import { BetterAuthOptions } from "better-auth/minimal";
import { createAuthClient } from "better-auth/react";
//#region src/auth/internal/convex-plugin.d.ts
declare const convex: (opts: {
authConfig: AuthConfig;
jwks?: string;
jwksRotateOnTokenGenerationError?: boolean;
jwt?: {
definePayload?: (session: {
session: Session & Record<string, any>;
user: User & Record<string, any>;
}) => Promise<Record<string, any>> | Record<string, any> | undefined;
expirationSeconds?: number;
};
/**
* @deprecated Use jwt.expirationSeconds instead.
*/
jwtExpirationSeconds?: number;
options?: BetterAuthOptions;
}) => {
id: "convex";
init: (ctx: better_auth0.AuthContext) => void;
hooks: {
before: ({
matcher(context: better_auth0.HookEndpointContext): boolean;
handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
context: {
headers: Headers;
};
} | undefined>;
} | {
matcher: (ctx: better_auth0.HookEndpointContext) => boolean;
handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
context: better_auth0.MiddlewareContext<better_auth0.MiddlewareOptions, {
returned?: unknown | undefined;
responseHeaders?: Headers | undefined;
} & better_auth0.PluginContext<BetterAuthOptions> & better_auth0.InfoContext & {
options: BetterAuthOptions;
trustedOrigins: string[];
trustedProviders: string[];
isTrustedOrigin: (url: string, settings?: {
allowRelativePaths: boolean;
}) => boolean;
oauthConfig: {
skipStateCookieCheck?: boolean | undefined;
storeStateStrategy: "database" | "cookie";
};
newSession: {
session: {
id: string;
createdAt: Date;
updatedAt: Date;
userId: string;
expiresAt: Date;
token: string;
ipAddress?: string | null | undefined;
userAgent?: string | null | undefined;
} & Record<string, any>;
user: {
id: string;
createdAt: Date;
updatedAt: Date;
email: string;
emailVerified: boolean;
name: string;
image?: string | null | undefined;
} & Record<string, any>;
} | null;
session: {
session: {
id: string;
createdAt: Date;
updatedAt: Date;
userId: string;
expiresAt: Date;
token: string;
ipAddress?: string | null | undefined;
userAgent?: string | null | undefined;
} & Record<string, any>;
user: {
id: string;
createdAt: Date;
updatedAt: Date;
email: string;
emailVerified: boolean;
name: string;
image?: string | null | undefined;
} & Record<string, any>;
} | null;
setNewSession: (session: {
session: {
id: string;
createdAt: Date;
updatedAt: Date;
userId: string;
expiresAt: Date;
token: string;
ipAddress?: string | null | undefined;
userAgent?: string | null | undefined;
} & Record<string, any>;
user: {
id: string;
createdAt: Date;
updatedAt: Date;
email: string;
emailVerified: boolean;
name: string;
image?: string | null | undefined;
} & Record<string, any>;
} | null) => void;
socialProviders: better_auth0.OAuthProvider[];
authCookies: better_auth0.BetterAuthCookies;
logger: ReturnType<(options?: better_auth0.Logger | undefined) => better_auth0.InternalLogger>;
rateLimit: {
enabled: boolean;
window: number;
max: number;
storage: "memory" | "database" | "secondary-storage";
} & Omit<better_auth0.BetterAuthRateLimitOptions, "enabled" | "window" | "max" | "storage">;
adapter: better_auth0.DBAdapter<BetterAuthOptions>;
internalAdapter: better_auth0.InternalAdapter<BetterAuthOptions>;
createAuthCookie: (cookieName: string, overrideAttributes?: Partial<better_auth0.CookieOptions> | undefined) => better_auth0.BetterAuthCookie;
secret: string;
secretConfig: string | better_auth0.SecretConfig;
sessionConfig: {
updateAge: number;
expiresIn: number;
freshAge: number;
cookieRefreshCache: false | {
enabled: true;
updateAge: number;
};
};
generateId: (options: {
model: better_auth0.ModelNames;
size?: number | undefined;
}) => string | false;
secondaryStorage: better_auth0.SecondaryStorage | undefined;
password: {
hash: (password: string) => Promise<string>;
verify: (data: {
password: string;
hash: string;
}) => Promise<boolean>;
config: {
minPasswordLength: number;
maxPasswordLength: number;
};
checkPassword: (userId: string, ctx: better_auth0.GenericEndpointContext<BetterAuthOptions>) => Promise<boolean>;
};
tables: better_auth0.BetterAuthDBSchema;
runMigrations: () => Promise<void>;
publishTelemetry: (event: {
type: string;
anonymousId?: string | undefined;
payload: Record<string, any>;
}) => Promise<void>;
skipOriginCheck: boolean | string[];
skipCSRFCheck: boolean;
runInBackground: (promise: Promise<unknown>) => void;
runInBackgroundOrAwait: (promise: Promise<unknown> | void) => better_auth0.Awaitable<unknown>;
}>;
}>;
})[];
after: {
matcher: (context: better_auth0.HookEndpointContext) => boolean;
handler: better_auth_api0.AuthMiddleware;
}[];
};
endpoints: {
getOpenIdConfig: better_auth0.StrictEndpoint<"/convex/.well-known/openid-configuration", {
method: "GET";
metadata: {
isAction: false;
};
}, better_auth_plugins_oidc_provider0.OIDCMetadata>;
getJwks: better_auth0.StrictEndpoint<"/convex/jwks", {
method: "GET";
metadata: {
openapi: {
description: string;
responses: {
'200': {
description: string;
};
};
};
};
}, jose.JSONWebKeySet>;
getLatestJwks: better_auth0.StrictEndpoint<"/convex/latest-jwks", {
isAction: boolean;
method: "POST";
metadata: {
SERVER_ONLY: true;
openapi: {
description: string;
};
};
}, any[]>;
rotateKeys: better_auth0.StrictEndpoint<"/convex/rotate-keys", {
isAction: boolean;
method: "POST";
metadata: {
SERVER_ONLY: true;
openapi: {
description: string;
};
};
}, any[]>;
getToken: better_auth0.StrictEndpoint<"/convex/token", {
method: "GET";
requireHeaders: true;
use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
session: {
session: Record<string, any> & {
id: string;
createdAt: Date;
updatedAt: Date;
userId: string;
expiresAt: Date;
token: string;
ipAddress?: string | null | undefined;
userAgent?: string | null | undefined;
};
user: Record<string, any> & {
id: string;
createdAt: Date;
updatedAt: Date;
email: string;
emailVerified: boolean;
name: string;
image?: string | null | undefined;
};
};
}>)[];
metadata: {
openapi: {
description: string;
};
};
}, {
token: string;
}>;
};
schema: {
jwks: {
fields: {
publicKey: {
type: "string";
required: true;
};
privateKey: {
type: "string";
required: true;
};
createdAt: {
type: "date";
required: true;
};
expiresAt: {
type: "date";
required: false;
};
};
};
user: {
readonly fields: {
readonly userId: {
readonly type: "string";
readonly required: false;
readonly input: false;
};
};
};
};
};
//#endregion
//#region src/auth/internal/convex-client.d.ts
declare const convexClient: () => {
id: "convex";
$InferServerPlugin: ReturnType<typeof convex>;
};
//#endregion
//#region src/auth-client/types.d.ts
type ConvexClient = ReturnType<typeof convexClient>;
type CrossDomainClient = BetterAuthClientPlugin & {
id: 'cross-domain';
getActions: (...args: never[]) => {
crossDomain: {
oneTimeToken: {
verify: (args: unknown) => Promise<unknown>;
};
};
getCookie: () => string;
notifySessionSignal: () => void;
};
};
type PluginsWithCrossDomain = (CrossDomainClient | ConvexClient | BetterAuthClientPlugin)[];
type PluginsWithoutCrossDomain = (ConvexClient | BetterAuthClientPlugin)[];
type AuthClientWithPlugins<Plugins extends PluginsWithCrossDomain | PluginsWithoutCrossDomain> = ReturnType<typeof createAuthClient<BetterAuthClientPlugin & {
plugins: Plugins;
}>>;
type AuthClient = AuthClientWithPlugins<PluginsWithCrossDomain> | AuthClientWithPlugins<PluginsWithoutCrossDomain>;
//#endregion
//#region src/auth-client/convex-auth-provider.d.ts
type ConvexAuthProviderProps = {
children: ReactNode; /** Convex client instance */
client: ConvexReactClient; /** Better Auth client instance */
authClient: AuthClient; /** Initial session token (from SSR) */
initialToken?: string; /** Callback when mutation called while unauthorized */
onMutationUnauthorized?: () => void; /** Callback when query called while unauthorized */
onQueryUnauthorized?: (info: {
queryName: string;
}) => void; /** Custom function to detect UNAUTHORIZED errors. Default checks code property. */
isUnauthorized?: (error: unknown) => boolean;
};
/**
* Unified auth provider for Convex + Better Auth.
* Handles token sync, HMR persistence, and auth callbacks.
*
* Structure: AuthProvider wraps ConvexAuthProviderInner so that
* useAuthStore() is available when creating fetchAccessToken.
*/
declare function ConvexAuthProvider({
children,
client,
authClient,
initialToken,
onMutationUnauthorized,
onQueryUnauthorized,
isUnauthorized
}: ConvexAuthProviderProps): react_jsx_runtime0.JSX.Element;
//#endregion
export { type AuthClient, type AuthClientWithPlugins, ConvexAuthProvider, ConvexAuthProviderProps, type PluginsWithCrossDomain, type PluginsWithoutCrossDomain, convexClient };