npm - @blinkdotnew/sdk - Versions diffs - 0.17.3 → 0.18.0 - Mend

@blinkdotnew/sdk 0.17.3 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -18,9 +18,49 @@ var BlinkError = class extends Error {
   }
 };
 var BlinkAuthError = class extends BlinkError {
-  constructor(message, details) {
-    super(message, "AUTH_ERROR", 401, details);
+  code;
+  retryable;
+  userMessage;
+  constructor(code, message, userMessage, details) {
+    super(message, code, 401, details);
     this.name = "BlinkAuthError";
+    this.code = code;
+    this.retryable = ["NETWORK_ERROR", "RATE_LIMITED"].includes(code);
+    this.userMessage = userMessage || this.getDefaultUserMessage(code);
+  }
+  getDefaultUserMessage(code) {
+    switch (code) {
+      case "INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */:
+        return "Invalid email or password. Please try again.";
+      case "EMAIL_NOT_VERIFIED" /* EMAIL_NOT_VERIFIED */:
+        return "Please verify your email address before signing in.";
+      case "POPUP_CANCELED" /* POPUP_CANCELED */:
+        return "Sign-in was canceled. Please try again.";
+      case "NETWORK_ERROR" /* NETWORK_ERROR */:
+        return "Network error. Please check your connection and try again.";
+      case "RATE_LIMITED" /* RATE_LIMITED */:
+        return "Too many attempts. Please wait a moment and try again.";
+      case "AUTH_TIMEOUT" /* AUTH_TIMEOUT */:
+        return "Authentication timed out. Please try again.";
+      case "REDIRECT_FAILED" /* REDIRECT_FAILED */:
+        return "Redirect failed. Please try again.";
+      case "TOKEN_EXPIRED" /* TOKEN_EXPIRED */:
+        return "Session expired. Please sign in again.";
+      case "USER_NOT_FOUND" /* USER_NOT_FOUND */:
+        return "User not found. Please check your email and try again.";
+      case "EMAIL_ALREADY_EXISTS" /* EMAIL_ALREADY_EXISTS */:
+        return "An account with this email already exists.";
+      case "WEAK_PASSWORD" /* WEAK_PASSWORD */:
+        return "Password is too weak. Please choose a stronger password.";
+      case "INVALID_EMAIL" /* INVALID_EMAIL */:
+        return "Please enter a valid email address.";
+      case "MAGIC_LINK_EXPIRED" /* MAGIC_LINK_EXPIRED */:
+        return "Magic link has expired. Please request a new one.";
+      case "VERIFICATION_FAILED" /* VERIFICATION_FAILED */:
+        return "Verification failed. Please try again.";
+      default:
+        return "Authentication error. Please try again.";
+    }
   }
 };
 var BlinkNetworkError = class extends BlinkError {
@@ -865,15 +905,32 @@ var HttpClient = class {
 // src/auth.ts
 var BlinkAuth = class {
   config;
+  authConfig;
   authState;
   listeners = /* @__PURE__ */ new Set();
-  authUrl = "https://blink.new";
+  authUrl;
+  coreUrl;
   parentWindowTokens = null;
   isIframe = false;
   initializationPromise = null;
   isInitialized = false;
   constructor(config) {
     this.config = config;
+    this.authConfig = {
+      mode: "managed",
+      // Default mode
+      authUrl: "https://blink.new",
+      coreUrl: "https://core.blink.new",
+      ...config.auth
+    };
+    this.authUrl = this.authConfig.authUrl || "https://blink.new";
+    this.coreUrl = this.authConfig.coreUrl || "https://core.blink.new";
+    if (typeof window !== "undefined" && this.coreUrl === "https://core.blink.new" && (window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1")) {
+      console.warn("\u26A0\uFE0F Using default coreUrl in development. Set auth.coreUrl to your app origin for headless auth endpoints to work.");
+    }
+    if (config.authRequired !== void 0 && !config.auth?.mode) {
+      this.authConfig.mode = config.authRequired ? "managed" : "headless";
+    }
     this.authState = {
       user: null,
       tokens: null,
@@ -883,6 +940,7 @@ var BlinkAuth = class {
     if (typeof window !== "undefined") {
       this.isIframe = window.self !== window.top;
       this.setupParentWindowListener();
+      this.setupCrossTabSync();
       this.initializationPromise = this.initialize();
     } else {
       this.isInitialized = true;
@@ -992,7 +1050,14 @@ var BlinkAuth = class {
    * Redirect to Blink auth page
    */
   login(nextUrl) {
-    let redirectUrl = nextUrl || (typeof window !== "undefined" ? window.location.href : "");
+    let redirectUrl = nextUrl || this.authConfig.redirectUrl;
+    if (!redirectUrl && typeof window !== "undefined") {
+      if (window.location.href.startsWith("http")) {
+        redirectUrl = window.location.href;
+      } else {
+        redirectUrl = `${window.location.protocol}//${window.location.host}${window.location.pathname}${window.location.search}${window.location.hash}`;
+      }
+    }
     if (redirectUrl && typeof window !== "undefined") {
       try {
         const url = new URL(redirectUrl);
@@ -1004,7 +1069,7 @@ var BlinkAuth = class {
       }
     }
     const authUrl = new URL("/auth", this.authUrl);
-    authUrl.searchParams.set("redirect_url", redirectUrl);
+    authUrl.searchParams.set("redirect_url", redirectUrl || "");
     if (this.config.projectId) {
       authUrl.searchParams.set("project_id", this.config.projectId);
     }
@@ -1115,7 +1180,7 @@ var BlinkAuth = class {
         }
         const timeout = setTimeout(() => {
           unsubscribe();
-          reject(new BlinkAuthError("Authentication timeout - no user available"));
+          reject(new BlinkAuthError("AUTH_TIMEOUT" /* AUTH_TIMEOUT */, "Authentication timeout - no user available"));
         }, 5e3);
         const unsubscribe = this.onAuthStateChanged((state) => {
           if (state.user) {
@@ -1125,14 +1190,14 @@ var BlinkAuth = class {
           } else if (!state.isLoading && !state.isAuthenticated) {
             clearTimeout(timeout);
             unsubscribe();
-            reject(new BlinkAuthError("Not authenticated"));
+            reject(new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "Not authenticated"));
           }
         });
       });
     }
     let token = this.getToken();
     if (!token) {
-      throw new BlinkAuthError("No access token available");
+      throw new BlinkAuthError("TOKEN_EXPIRED" /* TOKEN_EXPIRED */, "No access token available");
     }
     try {
       const response = await fetch(`${this.authUrl}/api/auth/me`, {
@@ -1167,7 +1232,9 @@ var BlinkAuth = class {
             this.redirectToAuth();
           }
         }
-        throw new BlinkAuthError(`Failed to fetch user: ${response.statusText}`);
+        const errorData = await response.json().catch(() => ({}));
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || `Failed to fetch user: ${response.statusText}`);
       }
       const data = await response.json();
       const user = data.user;
@@ -1180,16 +1247,650 @@ var BlinkAuth = class {
       if (error instanceof BlinkAuthError) {
         throw error;
       }
-      throw new BlinkAuthError(`Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Sign up with email and password (headless mode)
+   */
+  async signUp(data) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signUp is only available in headless mode");
+    }
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/signup`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          ...data,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Sign up failed");
+      }
+      const result = await response.json();
+      await this.setTokens({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        token_type: result.token_type,
+        expires_in: result.expires_in,
+        refresh_expires_in: result.refresh_expires_in
+      }, true);
+      return result.user;
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Sign in with email and password (headless mode)
+   */
+  async signInWithEmail(email, password) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithEmail is only available in headless mode");
+    }
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/signin/email`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          email,
+          password,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Sign in failed");
+      }
+      const result = await response.json();
+      await this.setTokens({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        token_type: result.token_type,
+        expires_in: result.expires_in,
+        refresh_expires_in: result.refresh_expires_in
+      }, true);
+      return result.user;
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Sign in with Google (headless mode)
+   */
+  async signInWithGoogle(options) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithGoogle is only available in headless mode");
+    }
+    return this.signInWithProvider("google", options);
+  }
+  /**
+   * Sign in with GitHub (headless mode)
+   */
+  async signInWithGitHub(options) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithGitHub is only available in headless mode");
+    }
+    return this.signInWithProvider("github", options);
+  }
+  /**
+   * Sign in with Apple (headless mode)
+   */
+  async signInWithApple(options) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithApple is only available in headless mode");
+    }
+    return this.signInWithProvider("apple", options);
+  }
+  /**
+   * Sign in with Microsoft (headless mode)
+   */
+  async signInWithMicrosoft(options) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithMicrosoft is only available in headless mode");
+    }
+    return this.signInWithProvider("microsoft", options);
+  }
+  /**
+   * Generic provider sign-in method (headless mode)
+   */
+  async signInWithProvider(provider, options) {
+    if (this.authConfig.mode !== "headless") {
+      throw new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "signInWithProvider is only available in headless mode");
+    }
+    return new Promise((resolve, reject) => {
+      const state = this.generateState();
+      try {
+        if (typeof window !== "undefined") {
+          sessionStorage.setItem("blink_oauth_state", state);
+        }
+      } catch {
+      }
+      const redirectUrl = options?.redirectUrl || window.location.origin;
+      const popupUrl = new URL("/auth", this.authUrl);
+      popupUrl.searchParams.set("provider", provider);
+      popupUrl.searchParams.set("project_id", this.config.projectId);
+      popupUrl.searchParams.set("state", state);
+      popupUrl.searchParams.set("mode", "popup");
+      popupUrl.searchParams.set("redirect_url", redirectUrl);
+      const popup = window.open(
+        popupUrl.toString(),
+        "blink-auth",
+        "width=500,height=600,scrollbars=yes,resizable=yes"
+      );
+      if (!popup) {
+        reject(new BlinkAuthError("POPUP_CANCELED" /* POPUP_CANCELED */, "Popup was blocked"));
+        return;
+      }
+      let timeoutId;
+      const messageListener = (event) => {
+        let allowed = false;
+        try {
+          const authOrigin = new URL(this.authUrl).origin;
+          if (event.origin === authOrigin) allowed = true;
+        } catch {
+        }
+        if (event.origin === "http://localhost:3000" || event.origin === "http://localhost:3001") allowed = true;
+        if (!allowed) return;
+        if (event.data?.type === "BLINK_AUTH_TOKENS") {
+          const { access_token, refresh_token, token_type, expires_in, refresh_expires_in, projectId, state: returnedState } = event.data;
+          try {
+            const expected = sessionStorage.getItem("blink_oauth_state");
+            if (returnedState && expected && returnedState !== expected) {
+              reject(new BlinkAuthError("VERIFICATION_FAILED" /* VERIFICATION_FAILED */, "State mismatch"));
+              clearTimeout(timeoutId);
+              window.removeEventListener("message", messageListener);
+              popup.close();
+              return;
+            }
+          } catch {
+          }
+          if (projectId !== this.config.projectId) {
+            reject(new BlinkAuthError("INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */, "Project ID mismatch"));
+            return;
+          }
+          this.setTokens({
+            access_token,
+            refresh_token,
+            token_type,
+            expires_in,
+            refresh_expires_in
+          }, true).then(() => {
+            resolve(this.authState.user);
+          }).catch(reject);
+          clearTimeout(timeoutId);
+          window.removeEventListener("message", messageListener);
+          popup.close();
+        } else if (event.data?.type === "BLINK_AUTH_ERROR") {
+          const errorCode = this.mapErrorCodeFromResponse(event.data.code);
+          reject(new BlinkAuthError(errorCode, event.data.message || "Authentication failed"));
+          clearTimeout(timeoutId);
+          window.removeEventListener("message", messageListener);
+          popup.close();
+        }
+      };
+      timeoutId = setTimeout(() => {
+        window.removeEventListener("message", messageListener);
+        if (!popup.closed) {
+          popup.close();
+        }
+        reject(new BlinkAuthError("AUTH_TIMEOUT" /* AUTH_TIMEOUT */, "Authentication timed out"));
+      }, 3e4);
+      const checkClosed = setInterval(() => {
+        if (popup.closed) {
+          clearInterval(checkClosed);
+          clearTimeout(timeoutId);
+          window.removeEventListener("message", messageListener);
+          reject(new BlinkAuthError("POPUP_CANCELED" /* POPUP_CANCELED */, "Authentication was canceled"));
+        }
+      }, 1e3);
+      window.addEventListener("message", messageListener);
+    });
+  }
+  /**
+   * Generate password reset token (for custom email delivery)
+   */
+  async generatePasswordResetToken(email) {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/password/reset/generate`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          email,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(
+          errorCode,
+          errorData.error || "Failed to generate password reset token",
+          errorData.error
+        );
+      }
+      const data = await response.json();
+      return data;
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        "Failed to generate password reset token",
+        "Network error occurred"
+      );
+    }
+  }
+  /**
+   * Send password reset email (using Blink default email service)
+   */
+  async sendPasswordResetEmail(email) {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/password/reset`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          email,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Failed to send password reset email");
+      }
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Confirm password reset with token
+   */
+  async confirmPasswordReset(token, newPassword) {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/password/reset/confirm`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          token,
+          password: newPassword,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Failed to reset password");
+      }
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Change password (requires current authentication)
+   */
+  async changePassword(oldPassword, newPassword) {
+    const token = await this.getValidToken();
+    if (!token) {
+      throw new BlinkAuthError("TOKEN_EXPIRED" /* TOKEN_EXPIRED */, "No access token available");
+    }
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/password/change`, {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${token}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          oldPassword,
+          newPassword
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Failed to change password");
+      }
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Generate email verification token (for custom email delivery)
+   */
+  async generateEmailVerificationToken() {
+    const token = await this.getValidToken();
+    if (!token) {
+      throw new BlinkAuthError("TOKEN_EXPIRED" /* TOKEN_EXPIRED */, "No access token available");
+    }
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/email/verify/generate`, {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${token}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(
+          errorCode,
+          errorData.error || "Failed to generate email verification token",
+          errorData.error
+        );
+      }
+      const data = await response.json();
+      return data;
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        "Failed to generate email verification token",
+        "Network error occurred"
+      );
+    }
+  }
+  /**
+   * Send email verification (using Blink default email service)
+   */
+  async sendEmailVerification() {
+    const token = await this.getValidToken();
+    if (!token) {
+      throw new BlinkAuthError("TOKEN_EXPIRED" /* TOKEN_EXPIRED */, "No access token available");
+    }
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/email/verify/send`, {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${token}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Failed to send verification email");
+      }
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Verify email with token
+   */
+  async verifyEmail(token) {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/email/verify`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          token,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Failed to verify email");
+      }
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Generate magic link token (for custom email delivery)
+   */
+  async generateMagicLinkToken(email, options) {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/signin/magic/generate`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          email,
+          redirectUrl: options?.redirectUrl,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(
+          errorCode,
+          errorData.error || "Failed to generate magic link token",
+          errorData.error
+        );
+      }
+      const data = await response.json();
+      return data;
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError(
+        "NETWORK_ERROR" /* NETWORK_ERROR */,
+        "Failed to generate magic link token",
+        "Network error occurred"
+      );
     }
   }
+  /**
+   * Send magic link (using Blink default email service)
+   */
+  async sendMagicLink(email, options) {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/signin/magic`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          email,
+          redirectUrl: options?.redirectUrl,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Failed to send magic link");
+      }
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Verify magic link (automatic on redirect)
+   */
+  async verifyMagicLink(token) {
+    const magicToken = token || this.extractMagicTokenFromUrl();
+    if (!magicToken) {
+      throw new BlinkAuthError("VERIFICATION_FAILED" /* VERIFICATION_FAILED */, "No magic link token found");
+    }
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/signin/magic/verify`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          token: magicToken,
+          projectId: this.config.projectId
+        })
+      });
+      if (!response.ok) {
+        const errorData = await response.json();
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || "Magic link verification failed");
+      }
+      const result = await response.json();
+      await this.setTokens({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        token_type: result.token_type,
+        expires_in: result.expires_in,
+        refresh_expires_in: result.refresh_expires_in
+      }, true);
+      return result.user;
+    } catch (error) {
+      if (error instanceof BlinkAuthError) {
+        throw error;
+      }
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  /**
+   * Get available providers for the current project
+   */
+  async getAvailableProviders() {
+    try {
+      const response = await fetch(`${this.coreUrl}/api/auth/providers?projectId=${encodeURIComponent(this.config.projectId)}`);
+      if (!response.ok) {
+        return ["email", "google"];
+      }
+      const data = await response.json();
+      return data.providers || ["email", "google"];
+    } catch (error) {
+      return ["email", "google"];
+    }
+  }
+  /**
+   * Check if user has a specific role
+   */
+  hasRole(role) {
+    const user = this.authState.user;
+    if (!user || !user.role) {
+      return false;
+    }
+    if (Array.isArray(role)) {
+      return role.includes(user.role);
+    }
+    return user.role === role;
+  }
+  /**
+   * Check if user can perform a specific action
+   */
+  can(permission, resource) {
+    const user = this.authState.user;
+    if (!user || !user.role) {
+      return false;
+    }
+    const roles = this.authConfig.roles;
+    if (!roles) {
+      return false;
+    }
+    const roleConfig = roles[user.role];
+    if (!roleConfig) {
+      return false;
+    }
+    if (roleConfig.permissions.includes("*")) {
+      return true;
+    }
+    const fullPermission = resource ? `${permission}.${resource}` : permission;
+    if (roleConfig.permissions.includes(fullPermission)) {
+      return true;
+    }
+    if (roleConfig.permissions.includes(permission)) {
+      return true;
+    }
+    const visited = /* @__PURE__ */ new Set();
+    const hasPermissionInRole = (roleName) => {
+      if (visited.has(roleName)) return false;
+      visited.add(roleName);
+      const rc = roles[roleName];
+      if (!rc) return false;
+      if (rc.permissions.includes("*")) return true;
+      const fullPermission2 = resource ? `${permission}.${resource}` : permission;
+      if (rc.permissions.includes(fullPermission2) || rc.permissions.includes(permission)) return true;
+      if (rc.inherit) {
+        for (const parent of rc.inherit) {
+          if (hasPermissionInRole(parent)) return true;
+        }
+      }
+      return false;
+    };
+    if (hasPermissionInRole(user.role)) return true;
+    return false;
+  }
+  /**
+   * Sign out (clear local tokens)
+   * Note: With stateless tokens, this only clears local storage
+   */
+  async signOut() {
+    this.clearTokens();
+  }
+  /**
+   * @deprecated Use signOut() instead. Kept for backward compatibility.
+   */
+  async revokeAllSessions() {
+    return this.signOut();
+  }
+  /**
+   * Recover auth state (clear corrupted tokens and re-initialize)
+   */
+  async recoverAuthState() {
+    console.log("\u{1F504} Recovering auth state...");
+    this.clearTokens();
+    this.isInitialized = false;
+    this.initializationPromise = null;
+    if (typeof window !== "undefined") {
+      this.initializationPromise = this.initialize();
+      await this.initializationPromise;
+    }
+    console.log("\u2705 Auth state recovery complete");
+  }
   /**
    * Update user profile
    */
   async updateMe(updates) {
     const token = this.getToken();
     if (!token) {
-      throw new BlinkAuthError("No access token available");
+      throw new BlinkAuthError("TOKEN_EXPIRED" /* TOKEN_EXPIRED */, "No access token available");
     }
     try {
       const response = await fetch(`${this.authUrl}/api/auth/me`, {
@@ -1201,7 +1902,9 @@ var BlinkAuth = class {
         body: JSON.stringify(updates)
       });
       if (!response.ok) {
-        throw new BlinkAuthError(`Failed to update user: ${response.statusText}`);
+        const errorData = await response.json().catch(() => ({}));
+        const errorCode = this.mapErrorCodeFromResponse(errorData.code);
+        throw new BlinkAuthError(errorCode, errorData.error || `Failed to update user: ${response.statusText}`);
       }
       const data = await response.json();
       const user = data.user;
@@ -1214,7 +1917,7 @@ var BlinkAuth = class {
       if (error instanceof BlinkAuthError) {
         throw error;
       }
-      throw new BlinkAuthError(`Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
+      throw new BlinkAuthError("NETWORK_ERROR" /* NETWORK_ERROR */, `Network error: ${error instanceof Error ? error.message : "Unknown error"}`);
     }
   }
   /**
@@ -1528,6 +2231,93 @@ var BlinkAuth = class {
       }
     });
   }
+  /**
+   * Generate secure random state for OAuth flows
+   */
+  generateState() {
+    if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+      const array = new Uint8Array(16);
+      crypto.getRandomValues(array);
+      return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("");
+    } else {
+      return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+    }
+  }
+  /**
+   * Extract magic link token from URL
+   */
+  extractMagicTokenFromUrl() {
+    if (typeof window === "undefined") return null;
+    const params = new URLSearchParams(window.location.search);
+    return params.get("magic_token") || params.get("token");
+  }
+  /**
+   * Map server error codes to BlinkAuthErrorCode
+   */
+  mapErrorCodeFromResponse(serverCode) {
+    switch (serverCode) {
+      case "INVALID_CREDENTIALS":
+      case "auth/invalid-credential":
+      case "auth/wrong-password":
+      case "auth/user-not-found":
+        return "INVALID_CREDENTIALS" /* INVALID_CREDENTIALS */;
+      case "EMAIL_NOT_VERIFIED":
+      case "auth/email-not-verified":
+        return "EMAIL_NOT_VERIFIED" /* EMAIL_NOT_VERIFIED */;
+      case "EMAIL_ALREADY_VERIFIED":
+        return "VERIFICATION_FAILED" /* VERIFICATION_FAILED */;
+      case "POPUP_CANCELED":
+      case "auth/popup-closed-by-user":
+        return "POPUP_CANCELED" /* POPUP_CANCELED */;
+      case "NETWORK_ERROR":
+        return "NETWORK_ERROR" /* NETWORK_ERROR */;
+      case "RATE_LIMITED":
+      case "auth/too-many-requests":
+        return "RATE_LIMITED" /* RATE_LIMITED */;
+      case "AUTH_TIMEOUT":
+        return "AUTH_TIMEOUT" /* AUTH_TIMEOUT */;
+      case "REDIRECT_FAILED":
+        return "REDIRECT_FAILED" /* REDIRECT_FAILED */;
+      case "TOKEN_EXPIRED":
+      case "auth/id-token-expired":
+        return "TOKEN_EXPIRED" /* TOKEN_EXPIRED */;
+      case "USER_NOT_FOUND":
+        return "USER_NOT_FOUND" /* USER_NOT_FOUND */;
+      case "EMAIL_ALREADY_EXISTS":
+      case "auth/email-already-in-use":
+        return "EMAIL_ALREADY_EXISTS" /* EMAIL_ALREADY_EXISTS */;
+      case "WEAK_PASSWORD":
+      case "auth/weak-password":
+        return "WEAK_PASSWORD" /* WEAK_PASSWORD */;
+      case "INVALID_EMAIL":
+      case "auth/invalid-email":
+        return "INVALID_EMAIL" /* INVALID_EMAIL */;
+      case "MAGIC_LINK_EXPIRED":
+        return "MAGIC_LINK_EXPIRED" /* MAGIC_LINK_EXPIRED */;
+      case "VERIFICATION_FAILED":
+        return "VERIFICATION_FAILED" /* VERIFICATION_FAILED */;
+      default:
+        return "NETWORK_ERROR" /* NETWORK_ERROR */;
+    }
+  }
+  /**
+   * Setup cross-tab authentication synchronization
+   */
+  setupCrossTabSync() {
+    if (typeof window === "undefined") return;
+    window.addEventListener("storage", (e) => {
+      if (e.key === "blink_tokens") {
+        const newTokens = e.newValue ? JSON.parse(e.newValue) : null;
+        if (newTokens && newTokens !== this.authState.tokens) {
+          this.setTokens(newTokens, false).catch((error) => {
+            console.error("Failed to sync tokens from other tab:", error);
+          });
+        } else if (!newTokens && this.authState.tokens) {
+          this.clearTokens();
+        }
+      }
+    });
+  }
 };
 // src/database.ts
@@ -2560,47 +3350,39 @@ var BlinkAIImpl = class {
     }
   }
   /**
-    * Generates images from text descriptions using AI.
-    *
-    * @param options - Object containing:
-    *   - `prompt`: Text description of the desired image (required)
-    *   - `size`: Image dimensions (default: "1024x1024")
-    *   - `quality`: Image quality ("auto", "low", "medium", or "high", default: "auto")
-    *   - `n`: Number of images to generate (default: 1)
-    *   - `background`: Background handling ("auto", "transparent", "opaque", default: "auto")
-    *   - Plus optional signal parameter
-    *
-    * @example
-    * ```ts
-    * // Basic image generation
-    * const { data } = await blink.ai.generateImage({
-    *   prompt: "A serene landscape with mountains and a lake at sunset"
-    * });
-    * console.log("Image URL:", data[0].url);
-    *
-     * // High-quality image with specific size
-  * const { data } = await blink.ai.generateImage({
-  *   prompt: "A futuristic city skyline with flying cars",
-  *   size: "1536x1024",
-  *   quality: "high",
-  *   background: "transparent"
-  * });
-    *
-     * // Multiple images
-  * const { data } = await blink.ai.generateImage({
-  *   prompt: "A cute robot mascot for a tech company",
-  *   n: 3,
-  *   size: "1024x1024",
-  *   quality: "high"
-  * });
-    * data.forEach((img, i) => console.log(`Image ${i+1}:`, img.url));
-    * ```
-    *
-    * @returns Promise<ImageGenerationResponse> - Object containing:
-    *   - `data`: Array of generated images with URLs
-    *   - `created`: Timestamp of generation
-    *   - `usage`: Token usage information
-    */
+   * Generates images from text descriptions using Gemini 2.5 Flash Image.
+   *
+   * @param options - Object containing:
+   *   - `prompt`: Text description of the desired image (required, up to 100k characters)
+   *   - `n`: Number of images to generate (default: 1)
+   *   - Plus optional signal parameter
+   *
+   * @example
+   * ```ts
+   * // Basic image generation
+   * const { data } = await blink.ai.generateImage({
+   *   prompt: "A serene landscape with mountains and a lake at sunset"
+   * });
+   * console.log("Image URL:", data[0].url);
+   *
+   * // Multiple images
+   * const { data } = await blink.ai.generateImage({
+   *   prompt: "A futuristic city skyline with flying cars",
+   *   n: 3
+   * });
+   * data.forEach((img, i) => console.log(`Image ${i+1}:`, img.url));
+   *
+   * // Detailed prompt for better results
+   * const { data } = await blink.ai.generateImage({
+   *   prompt: "A cute robot mascot for a tech company, digital art style, vibrant colors, modern design, friendly expression"
+   * });
+   * ```
+   *
+   * @returns Promise<ImageGenerationResponse> - Object containing:
+   *   - `data`: Array of generated images with URLs
+   *   - `created`: Timestamp of generation
+   *   - `model`: Always "gemini-2.5-flash-image-preview"
+   */
   async generateImage(options) {
     try {
       if (!options.prompt) {
@@ -2609,12 +3391,7 @@ var BlinkAIImpl = class {
       const response = await this.httpClient.aiImage(
         options.prompt,
         {
-          model: "gpt-image-1",
-          size: options.size,
-          quality: options.quality,
           n: options.n,
-          background: options.background,
-          response_format: "url",
           signal: options.signal
         }
       );
@@ -2651,65 +3428,70 @@ var BlinkAIImpl = class {
     }
   }
   /**
-    * Modifies existing images using AI with text prompts for image-to-image editing.
-    *
-    * @param options - Object containing:
-    *   - `images`: Array of public image URLs to modify (required, up to 16 images)
-    *   - `prompt`: Text description of desired modifications (required)
-    *   - `size`: Output image dimensions (default: "auto")
-    *   - `quality`: Image quality ("auto", "low", "medium", or "high", default: "auto")
-    *   - `n`: Number of output images to generate (default: 1)
-    *   - `background`: Background handling ("auto", "transparent", "opaque", default: "auto")
-    *   - Plus optional signal parameter
-    *
-    * @example
-    * ```ts
-    * // Professional headshots from casual photos
-    * const { data } = await blink.ai.modifyImage({
-    *   images: [
-    *     "https://storage.example.com/user-photo-1.jpg",
-    *     "https://storage.example.com/user-photo-2.jpg"
-    *   ],
-     *   prompt: "Transform into professional business headshots with studio lighting",
-  *   quality: "high",
-  *   n: 4
-    * });
-    * data.forEach((img, i) => console.log(`Headshot ${i+1}:`, img.url));
-    *
-    * // Artistic style transformation
-     * const { data } = await blink.ai.modifyImage({
-  *   images: ["https://storage.example.com/portrait.jpg"],
-  *   prompt: "Transform into oil painting style with dramatic lighting",
-  *   quality: "high",
-  *   size: "1024x1024"
-  * });
-    *
-    * // Background replacement
-    * const { data } = await blink.ai.modifyImage({
-    *   images: ["https://storage.example.com/product.jpg"],
-    *   prompt: "Remove background and place on clean white studio background",
-    *   background: "transparent",
-    *   n: 2
-    * });
-    *
-    * // Batch processing multiple photos
-    * const userPhotos = [
-    *   "https://storage.example.com/photo1.jpg",
-    *   "https://storage.example.com/photo2.jpg",
-    *   "https://storage.example.com/photo3.jpg"
-    * ];
-    * const { data } = await blink.ai.modifyImage({
-     *   images: userPhotos,
-  *   prompt: "Convert to black and white vintage style photographs",
-  *   quality: "high"
-    * });
-    * ```
-    *
-    * @returns Promise<ImageGenerationResponse> - Object containing:
-    *   - `data`: Array of modified images with URLs
-    *   - `created`: Timestamp of generation
-    *   - `usage`: Token usage information
-    */
+   * Modifies existing images using Gemini 2.5 Flash Image with text prompts for image-to-image editing.
+   *
+   * @param options - Object containing:
+   *   - `images`: Array of public image URLs to modify (required, up to 50 images)
+   *   - `prompt`: Text description of desired modifications (required, up to 100k characters)
+   *   - `n`: Number of output images to generate (default: 1)
+   *   - Plus optional signal parameter
+   *
+   * @example
+   * ```ts
+   * // Professional headshots from casual photos
+   * const { data } = await blink.ai.modifyImage({
+   *   images: [
+   *     "https://storage.example.com/user-photo-1.jpg",
+   *     "https://storage.example.com/user-photo-2.jpg"
+   *   ],
+   *   prompt: "Transform into professional business headshots with studio lighting",
+   *   n: 4
+   * });
+   * data.forEach((img, i) => console.log(`Headshot ${i+1}:`, img.url));
+   *
+   * // Artistic style transformation
+   * const { data } = await blink.ai.modifyImage({
+   *   images: ["https://storage.example.com/portrait.jpg"],
+   *   prompt: "Transform into oil painting style with dramatic lighting"
+   * });
+   *
+   * // Background replacement
+   * const { data } = await blink.ai.modifyImage({
+   *   images: ["https://storage.example.com/product.jpg"],
+   *   prompt: "Remove background and place on clean white studio background",
+   *   n: 2
+   * });
+   *
+   * // Batch processing multiple photos
+   * const userPhotos = [
+   *   "https://storage.example.com/photo1.jpg",
+   *   "https://storage.example.com/photo2.jpg",
+   *   "https://storage.example.com/photo3.jpg"
+   * ];
+   * const { data } = await blink.ai.modifyImage({
+   *   images: userPhotos,
+   *   prompt: "Convert to black and white vintage style photographs"
+   * });
+   *
+   * // 🎨 Style Transfer - IMPORTANT: Provide all images in array
+   * // ❌ WRONG - Don't reference other images in prompt
+   * const wrong = await blink.ai.modifyImage({
+   *   images: [userPhotoUrl],
+   *   prompt: `Apply hairstyle from ${referenceUrl}`
+   * });
+   *
+   * // ✅ CORRECT - Provide all images in array
+   * const { data } = await blink.ai.modifyImage({
+   *   images: [userPhotoUrl, hairstyleReferenceUrl],
+   *   prompt: "Apply the hairstyle from the second image to the person in the first image"
+   * });
+   * ```
+   *
+   * @returns Promise<ImageGenerationResponse> - Object containing:
+   *   - `data`: Array of modified images with URLs
+   *   - `created`: Timestamp of generation
+   *   - `model`: Always "gemini-2.5-flash-image-preview"
+   */
   async modifyImage(options) {
     try {
       if (!options.prompt) {
@@ -2718,8 +3500,8 @@ var BlinkAIImpl = class {
       if (!options.images || !Array.isArray(options.images) || options.images.length === 0) {
         throw new BlinkAIError("Images array is required and must contain at least one image URL");
       }
-      if (options.images.length > 16) {
-        throw new BlinkAIError("Maximum 16 images allowed");
+      if (options.images.length > 50) {
+        throw new BlinkAIError("Maximum 50 images allowed");
       }
       for (let i = 0; i < options.images.length; i++) {
         const validation = this.validateImageUrl(options.images[i]);
@@ -2731,13 +3513,8 @@ var BlinkAIImpl = class {
         options.prompt,
         // Non-null assertion since we validated above
         {
-          model: "gpt-image-1",
           images: options.images,
-          size: options.size,
-          quality: options.quality,
           n: options.n,
-          background: options.background,
-          response_format: "url",
           signal: options.signal
         }
       );