auth/admin_actions.ts

Admin RPC action handlers — admin-only operations exposed on the JSON-RPC surface.
Four action categories:
- Account management: admin_account_list, admin_session_list,
  admin_session_revoke_all, admin_token_revoke_all.
- Audit log reads: audit_log_list, audit_log_permit_history.
- Invite CRUD: invite_create, invite_list, invite_delete.
- App settings: app_settings_get, app_settings_update (registered only
  when AdminActionOptions.app_settings is provided — the mutable ref is
  owned by the server context and shared with signup middleware).
The action specs themselves live in auth/admin_action_specs.ts. Mutations
emit matching audit events via audit_log_fire_and_forget.
Authorization is declared at the spec level (auth: {role: 'admin'}) so
the RPC dispatcher enforces it before the handler runs and the generated
surface accurately reports the requirement. permit_revoke in
auth/permit_offer_actions.ts uses the same spec-level pattern even though its
sibling methods are authenticated-but-not-admin — the dispatcher checks
auth per-spec, so mixed-auth endpoints compose cleanly. Handler-level
gates are reserved for input-dependent elevation (e.g.
permit_offer_list/_history elevate to admin only when the caller
passes an account_id other than their own — an input-dependent check
the spec can't express).

Declarations
#

3 declarations

view source

AdminActionDeps
#

auth/admin_actions.ts view source

AdminActionDeps

Dependencies for create_admin_actions.
Shares shape with PermitOfferActionDeps so consumers can pass the same
deps to both factories. log drives RPC-internal error logging;
on_audit_event is wired by the two revoke-all mutations so SSE fan-out
mirrors the former REST-route behavior. audit_log_config flows from
AppDeps and is consumed by audit_log_fire_and_forget.

AdminActionOptions
#

auth/admin_actions.ts view source

AdminActionOptions

Options for create_admin_actions.

`roles`

Role schema result from create_role_schema(). Defaults to builtin
roles only. Used to derive grantable_roles (the web_grantable
subset) returned by admin_account_list.

type RoleSchemaResult

`app_settings`

Mutable in-memory app settings ref — typically ctx.app_settings from
AppServerContext. When provided, the factory wires the
app_settings_get and app_settings_update handlers; the update
handler mutates this ref so signup middleware reads the new value
without a DB round trip. When omitted, those two methods have no
handler and RPC dispatch returns method_not_found.

type AppSettings

create_admin_actions
#

auth/admin_actions.ts view source

(deps: AdminActionDeps, options?: AdminActionOptions): RpcAction[]

Create the admin-only RPC actions.

`deps`

AdminActionDeps slice of AppDeps (log, on_audit_event, optional audit_log_config)

type AdminActionDeps

`options`

role schema for grantable_roles derivation

type AdminActionOptions

default {}

returns

RpcAction[]

the RpcAction array to spread into a create_rpc_endpoint call

Depends on
#

Imported by
#

auth/standard_rpc_actions.ts