auth/admin_actions.ts

Admin RPC action handlers — admin-only operations exposed on the JSON-RPC surface.

Four action categories:

- Account management: admin_account_list, admin_session_list, admin_session_revoke_all, admin_token_revoke_all. - Audit log reads: audit_log_list, audit_log_role_grant_history. - Invite CRUD: invite_create, invite_list, invite_delete. - App settings: app_settings_get, app_settings_update (registered only when AdminActionOptions.app_settings is provided — the mutable ref is owned by the server context and shared with signup middleware).

The action specs themselves live in auth/admin_action_specs.ts. Mutations emit matching audit events via deps.audit.emit.

Authorization is declared at the spec level (auth: {role: 'admin'}) so the RPC dispatcher enforces it before the handler runs and the generated surface accurately reports the requirement. role_grant_revoke in auth/role_grant_offer_actions.ts uses the same spec-level pattern even though its sibling methods are authenticated-but-not-admin — the dispatcher checks auth per-spec, so mixed-auth endpoints compose cleanly. Handler-level gates are reserved for input-dependent elevation (e.g. role_grant_offer_list/_history elevate to admin only when the caller passes an account_id other than their own — an input-dependent check the spec can't express).

Declarations
#

2 declarations

view source

AdminActionOptions
#

auth/admin_actions.ts view source

AdminActionOptions

roles

Role schema result from create_role_schema(). Defaults to builtin roles only. Used to derive grantable_roles (the subset whose RoleSpec.grant_paths includes 'admin') returned by admin_account_list.

type RoleSchemaResult

app_settings

Mutable in-memory app settings ref — typically ctx.app_settings from AppServerContext. When provided, the factory wires the app_settings_get and app_settings_update handlers; the update handler mutates this ref so signup middleware reads the new value without a DB round trip. When omitted, those two methods have no handler and RPC dispatch returns method_not_found.

type AppSettings

create_admin_actions
#

auth/admin_actions.ts view source

(deps: Pick<RouteFactoryDeps, "log" | "audit">, options?: AdminActionOptions): RpcAction[]

Create the admin-only RPC actions.

deps

RouteFactoryDeps (log, audit, …). log drives RPC- internal error logging; audit.emit writes audit rows via the captured pool. The bound emitter encapsulates on_audit_event fan-out and the optional AuditLogConfig.

type Pick<RouteFactoryDeps, "log" | "audit">

options

role schema for grantable_roles derivation

type AdminActionOptions
default {}

returns

RpcAction[]

the RpcAction array to spread into a create_rpc_endpoint call

Depends on
#

Imported by
#