Account RPC action handlers — self-service operations for the authenticated account.
Seven request_response actions bound to handlers:
- Session reads: account_verify, account_session_list.
- Session mutations: account_session_revoke, account_session_revoke_all.
- API token management: account_token_create, account_token_list,
account_token_revoke.
The action specs themselves live in auth/account_action_specs.ts. Every spec
declares auth: {account: 'required', actor: 'none'} so the dispatcher
enforces account-grain auth before the handler runs. Revoke operations are
account-scoped (via
query_session_revoke_for_account / query_revoke_api_token_for_account)
so passing another account's session or token id returns revoked: false
rather than revealing whether the id exists.
Counterpart to auth/account_routes.ts, which keeps the cookie-lifecycle flows
(login, logout, password, signup, bootstrap) on REST.
2 declarations
auth/account_actions.ts view source
AccountActionOptions Options for create_account_actions.
max_tokensMax API tokens per account. When set, account_token_create enforces the
cap via query_api_token_enforce_limit inside the same transaction —
oldest tokens are evicted once the cap is exceeded. Default
DEFAULT_MAX_TOKENS; pass null to disable the cap.
number | nullauth/account_actions.ts view source
(deps: Pick<RouteFactoryDeps, "log" | "audit">, options?: AccountActionOptions): RpcAction[] Create the self-service account RPC actions.
depsRouteFactoryDeps (log, audit, …). audit.emit writes
audit rows via the captured pool; the bound emitter encapsulates
on_audit_event fan-out and the optional AuditLogConfig.
Pick<RouteFactoryDeps, "log" | "audit">optionsper-factory configuration
{}RpcAction[] the RpcAction array to spread into a create_rpc_endpoint call