Account RPC action handlers — self-service operations for the authenticated account.
Seven request_response actions bound to handlers:
- Session reads: account_verify, account_session_list.
- Session mutations: account_session_revoke, account_session_revoke_all.
- API token management: account_token_create, account_token_list,
account_token_revoke.
The action specs themselves live in auth/account_action_specs.ts. Every spec
declares auth: 'authenticated' so the dispatcher enforces auth before the
handler runs. Revoke operations are account-scoped (via
query_session_revoke_for_account / query_revoke_api_token_for_account)
so passing another account's session or token id returns revoked: false
rather than revealing whether the id exists.
Counterpart to auth/account_routes.ts, which keeps the cookie-lifecycle flows
(login, logout, password, signup, bootstrap) on REST.
3 declarations
auth/account_actions.ts view source
AccountActionDeps Dependencies for create_account_actions.
Shares shape with AdminActionDeps / PermitOfferActionDeps so consumers
can pass the same deps to every action factory. audit_log_config is
carried through AppDeps and consumed by audit_log_fire_and_forget;
absent → defaults to BUILTIN_AUDIT_LOG_CONFIG.
auth/account_actions.ts view source
AccountActionOptions Options for create_account_actions.
max_tokensMax API tokens per account. When set, account_token_create enforces the
cap via query_api_token_enforce_limit inside the same transaction —
oldest tokens are evicted once the cap is exceeded. Default
DEFAULT_MAX_TOKENS; pass null to disable the cap.
number | nullauth/account_actions.ts view source
(deps: AccountActionDeps, options?: AccountActionOptions): RpcAction[] Create the self-service account RPC actions.
depsAccountActionDeps slice of AppDeps (log, on_audit_event, optional audit_log_config)
optionsper-factory configuration
{}RpcAction[] the RpcAction array to spread into a create_rpc_endpoint call