@depup/supabase__auth-js 2.99.2-depup.0

package/dist/module/lib/fetch.js

@@ -0,0 +1,174 @@
+import { __rest } from "tslib";
+import { API_VERSIONS, API_VERSION_HEADER_NAME } from './constants';
+import { expiresAt, looksLikeFetchResponse, parseResponseAPIVersion } from './helpers';
+import { AuthApiError, AuthRetryableFetchError, AuthWeakPasswordError, AuthUnknownError, AuthSessionMissingError, } from './errors';
+const _getErrorMessage = (err) => err.msg || err.message || err.error_description || err.error || JSON.stringify(err);
+const NETWORK_ERROR_CODES = [502, 503, 504];
+export async function handleError(error) {
+    var _a;
+    if (!looksLikeFetchResponse(error)) {
+        throw new AuthRetryableFetchError(_getErrorMessage(error), 0);
+    }
+    if (NETWORK_ERROR_CODES.includes(error.status)) {
+        // status in 500...599 range - server had an error, request might be retryed.
+        throw new AuthRetryableFetchError(_getErrorMessage(error), error.status);
+    }
+    let data;
+    try {
+        data = await error.json();
+    }
+    catch (e) {
+        throw new AuthUnknownError(_getErrorMessage(e), e);
+    }
+    let errorCode = undefined;
+    const responseAPIVersion = parseResponseAPIVersion(error);
+    if (responseAPIVersion &&
+        responseAPIVersion.getTime() >= API_VERSIONS['2024-01-01'].timestamp &&
+        typeof data === 'object' &&
+        data &&
+        typeof data.code === 'string') {
+        errorCode = data.code;
+    }
+    else if (typeof data === 'object' && data && typeof data.error_code === 'string') {
+        errorCode = data.error_code;
+    }
+    if (!errorCode) {
+        // Legacy support for weak password errors, when there were no error codes
+        if (typeof data === 'object' &&
+            data &&
+            typeof data.weak_password === 'object' &&
+            data.weak_password &&
+            Array.isArray(data.weak_password.reasons) &&
+            data.weak_password.reasons.length &&
+            data.weak_password.reasons.reduce((a, i) => a && typeof i === 'string', true)) {
+            throw new AuthWeakPasswordError(_getErrorMessage(data), error.status, data.weak_password.reasons);
+        }
+    }
+    else if (errorCode === 'weak_password') {
+        throw new AuthWeakPasswordError(_getErrorMessage(data), error.status, ((_a = data.weak_password) === null || _a === void 0 ? void 0 : _a.reasons) || []);
+    }
+    else if (errorCode === 'session_not_found') {
+        // The `session_id` inside the JWT does not correspond to a row in the
+        // `sessions` table. This usually means the user has signed out, has been
+        // deleted, or their session has somehow been terminated.
+        throw new AuthSessionMissingError();
+    }
+    throw new AuthApiError(_getErrorMessage(data), error.status || 500, errorCode);
+}
+const _getRequestParams = (method, options, parameters, body) => {
+    const params = { method, headers: (options === null || options === void 0 ? void 0 : options.headers) || {} };
+    if (method === 'GET') {
+        return params;
+    }
+    params.headers = Object.assign({ 'Content-Type': 'application/json;charset=UTF-8' }, options === null || options === void 0 ? void 0 : options.headers);
+    params.body = JSON.stringify(body);
+    return Object.assign(Object.assign({}, params), parameters);
+};
+export async function _request(fetcher, method, url, options) {
+    var _a;
+    const headers = Object.assign({}, options === null || options === void 0 ? void 0 : options.headers);
+    if (!headers[API_VERSION_HEADER_NAME]) {
+        headers[API_VERSION_HEADER_NAME] = API_VERSIONS['2024-01-01'].name;
+    }
+    if (options === null || options === void 0 ? void 0 : options.jwt) {
+        headers['Authorization'] = `Bearer ${options.jwt}`;
+    }
+    const qs = (_a = options === null || options === void 0 ? void 0 : options.query) !== null && _a !== void 0 ? _a : {};
+    if (options === null || options === void 0 ? void 0 : options.redirectTo) {
+        qs['redirect_to'] = options.redirectTo;
+    }
+    const queryString = Object.keys(qs).length ? '?' + new URLSearchParams(qs).toString() : '';
+    const data = await _handleRequest(fetcher, method, url + queryString, {
+        headers,
+        noResolveJson: options === null || options === void 0 ? void 0 : options.noResolveJson,
+    }, {}, options === null || options === void 0 ? void 0 : options.body);
+    return (options === null || options === void 0 ? void 0 : options.xform) ? options === null || options === void 0 ? void 0 : options.xform(data) : { data: Object.assign({}, data), error: null };
+}
+async function _handleRequest(fetcher, method, url, options, parameters, body) {
+    const requestParams = _getRequestParams(method, options, parameters, body);
+    let result;
+    try {
+        result = await fetcher(url, Object.assign({}, requestParams));
+    }
+    catch (e) {
+        console.error(e);
+        // fetch failed, likely due to a network or CORS error
+        throw new AuthRetryableFetchError(_getErrorMessage(e), 0);
+    }
+    if (!result.ok) {
+        await handleError(result);
+    }
+    if (options === null || options === void 0 ? void 0 : options.noResolveJson) {
+        return result;
+    }
+    try {
+        return await result.json();
+    }
+    catch (e) {
+        await handleError(e);
+    }
+}
+export function _sessionResponse(data) {
+    var _a;
+    let session = null;
+    if (hasSession(data)) {
+        session = Object.assign({}, data);
+        if (!data.expires_at) {
+            session.expires_at = expiresAt(data.expires_in);
+        }
+    }
+    const user = (_a = data.user) !== null && _a !== void 0 ? _a : data;
+    return { data: { session, user }, error: null };
+}
+export function _sessionResponsePassword(data) {
+    const response = _sessionResponse(data);
+    if (!response.error &&
+        data.weak_password &&
+        typeof data.weak_password === 'object' &&
+        Array.isArray(data.weak_password.reasons) &&
+        data.weak_password.reasons.length &&
+        data.weak_password.message &&
+        typeof data.weak_password.message === 'string' &&
+        data.weak_password.reasons.reduce((a, i) => a && typeof i === 'string', true)) {
+        response.data.weak_password = data.weak_password;
+    }
+    return response;
+}
+export function _userResponse(data) {
+    var _a;
+    const user = (_a = data.user) !== null && _a !== void 0 ? _a : data;
+    return { data: { user }, error: null };
+}
+export function _ssoResponse(data) {
+    return { data, error: null };
+}
+export function _generateLinkResponse(data) {
+    const { action_link, email_otp, hashed_token, redirect_to, verification_type } = data, rest = __rest(data, ["action_link", "email_otp", "hashed_token", "redirect_to", "verification_type"]);
+    const properties = {
+        action_link,
+        email_otp,
+        hashed_token,
+        redirect_to,
+        verification_type,
+    };
+    const user = Object.assign({}, rest);
+    return {
+        data: {
+            properties,
+            user,
+        },
+        error: null,
+    };
+}
+export function _noResolveJsonResponse(data) {
+    return data;
+}
+/**
+ * hasSession checks if the response object contains a valid session
+ * @param data A response object
+ * @returns true if a session is in the response
+ */
+function hasSession(data) {
+    return data.access_token && data.refresh_token && data.expires_in;
+}
+//# sourceMappingURL=fetch.js.map

package/dist/module/lib/fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.js","sourceRoot":"","sources":["../../../src/lib/fetch.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAA;AACnE,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAA;AAUtF,OAAO,EACL,YAAY,EACZ,uBAAuB,EACvB,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,UAAU,CAAA;AAiBjB,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAU,EAAE,CAC5C,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,KAAK,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;AAErF,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AAE3C,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAc;;IAC9C,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,uBAAuB,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;IAC/D,CAAC;IAED,IAAI,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/C,6EAA6E;QAC7E,MAAM,IAAI,uBAAuB,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1E,CAAC;IAED,IAAI,IAAS,CAAA;IACb,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;IAC3B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IACpD,CAAC;IAED,IAAI,SAAS,GAAuB,SAAS,CAAA;IAE7C,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAA;IACzD,IACE,kBAAkB;QAClB,kBAAkB,CAAC,OAAO,EAAE,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC,SAAS;QACpE,OAAO,IAAI,KAAK,QAAQ;QACxB,IAAI;QACJ,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAC7B,CAAC;QACD,SAAS,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;SAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnF,SAAS,GAAG,IAAI,CAAC,UAAU,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,0EAA0E;QAC1E,IACE,OAAO,IAAI,KAAK,QAAQ;YACxB,IAAI;YACJ,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;YACtC,IAAI,CAAC,aAAa;YAClB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;YACzC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM;YACjC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,CAAM,EAAE,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,IAAI,CAAC,EAC3F,CAAC;YACD,MAAM,IAAI,qBAAqB,CAC7B,gBAAgB,CAAC,IAAI,CAAC,EACtB,KAAK,CAAC,MAAM,EACZ,IAAI,CAAC,aAAa,CAAC,OAAO,CAC3B,CAAA;QACH,CAAC;IACH,CAAC;SAAM,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;QACzC,MAAM,IAAI,qBAAqB,CAC7B,gBAAgB,CAAC,IAAI,CAAC,EACtB,KAAK,CAAC,MAAM,EACZ,CAAA,MAAA,IAAI,CAAC,aAAa,0CAAE,OAAO,KAAI,EAAE,CAClC,CAAA;IACH,CAAC;SAAM,IAAI,SAAS,KAAK,mBAAmB,EAAE,CAAC;QAC7C,sEAAsE;QACtE,yEAAyE;QACzE,yDAAyD;QACzD,MAAM,IAAI,uBAAuB,EAAE,CAAA;IACrC,CAAC;IAED,MAAM,IAAI,YAAY,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,IAAI,GAAG,EAAE,SAAS,CAAC,CAAA;AAChF,CAAC;AAED,MAAM,iBAAiB,GAAG,CACxB,MAAyB,EACzB,OAAsB,EACtB,UAA4B,EAC5B,IAAa,EACb,EAAE;IACF,MAAM,MAAM,GAAyB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,KAAI,EAAE,EAAE,CAAA;IAEhF,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,CAAC,OAAO,mBAAK,cAAc,EAAE,gCAAgC,IAAK,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAE,CAAA;IAC1F,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;IAClC,uCAAY,MAAM,GAAK,UAAU,EAAE;AACrC,CAAC,CAAA;AAaD,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,OAAc,EACd,MAAyB,EACzB,GAAW,EACX,OAA8B;;IAE9B,MAAM,OAAO,qBACR,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CACpB,CAAA;IAED,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,uBAAuB,CAAC,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,IAAI,CAAA;IACpE,CAAC;IAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,EAAE,CAAC;QACjB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,OAAO,CAAC,GAAG,EAAE,CAAA;IACpD,CAAC;IAED,MAAM,EAAE,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,mCAAI,EAAE,CAAA;IAC/B,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,EAAE,CAAC;QACxB,EAAE,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,UAAU,CAAA;IACxC,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,eAAe,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAC1F,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,OAAO,EACP,MAAM,EACN,GAAG,GAAG,WAAW,EACjB;QACE,OAAO;QACP,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;KACtC,EACD,EAAE,EACF,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CACd,CAAA;IACD,OAAO,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,EAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,oBAAO,IAAI,CAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACnF,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,OAAc,EACd,MAAyB,EACzB,GAAW,EACX,OAAsB,EACtB,UAA4B,EAC5B,IAAa;IAEb,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IAE1E,IAAI,MAAW,CAAA;IAEf,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,oBACrB,aAAa,EAChB,CAAA;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEhB,sDAAsD;QACtD,MAAM,IAAI,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAC3D,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,WAAW,CAAC,MAAM,CAAC,CAAA;IAC3B,CAAC;IAED,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,IAAI,EAAE,CAAA;IAC5B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,WAAW,CAAC,CAAC,CAAC,CAAA;IACtB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAS;;IACxC,IAAI,OAAO,GAAG,IAAI,CAAA;IAClB,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,qBAAQ,IAAI,CAAE,CAAA;QAErB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACjD,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAS,MAAA,IAAI,CAAC,IAAI,mCAAK,IAAa,CAAA;IAC9C,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACjD,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,IAAS;IAChD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAyB,CAAA;IAE/D,IACE,CAAC,QAAQ,CAAC,KAAK;QACf,IAAI,CAAC,aAAa;QAClB,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;QACtC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;QACzC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM;QACjC,IAAI,CAAC,aAAa,CAAC,OAAO;QAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,KAAK,QAAQ;QAC9C,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAU,EAAE,CAAM,EAAE,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,IAAI,CAAC,EAC3F,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAA;IAClD,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAS;;IACrC,MAAM,IAAI,GAAS,MAAA,IAAI,CAAC,IAAI,mCAAK,IAAa,CAAA;IAC9C,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AACxC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAS;IACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;AAC9B,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAS;IAC7C,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,KAAc,IAAI,EAAb,IAAI,UAAK,IAAI,EAAxF,gFAAiF,CAAO,CAAA;IAE9F,MAAM,UAAU,GAA2B;QACzC,WAAW;QACX,SAAS;QACT,YAAY;QACZ,WAAW;QACX,iBAAiB;KAClB,CAAA;IAED,MAAM,IAAI,qBAAc,IAAI,CAAE,CAAA;IAC9B,OAAO;QACL,IAAI,EAAE;YACJ,UAAU;YACV,IAAI;SACL;QACD,KAAK,EAAE,IAAI;KACZ,CAAA;AACH,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAS;IAC9C,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAS;IAC3B,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,UAAU,CAAA;AACnE,CAAC"}

package/dist/module/lib/helpers.d.ts

@@ -0,0 +1,91 @@
+import { JwtHeader, JwtPayload, SupportedStorage, User } from './types';
+import { Uint8Array_ } from './webauthn.dom';
+export declare function expiresAt(expiresIn: number): number;
+/**
+ * Generates a unique identifier for internal callback subscriptions.
+ *
+ * This function uses JavaScript Symbols to create guaranteed-unique identifiers
+ * for auth state change callbacks. Symbols are ideal for this use case because:
+ * - They are guaranteed unique by the JavaScript runtime
+ * - They work in all environments (browser, SSR, Node.js)
+ * - They avoid issues with Next.js 16 deterministic rendering requirements
+ * - They are perfect for internal, non-serializable identifiers
+ *
+ * Note: This function is only used for internal subscription management,
+ * not for security-critical operations like session tokens.
+ */
+export declare function generateCallbackId(): symbol;
+export declare const isBrowser: () => boolean;
+/**
+ * Checks whether localStorage is supported on this browser.
+ */
+export declare const supportsLocalStorage: () => boolean;
+/**
+ * Extracts parameters encoded in the URL both in the query and fragment.
+ */
+export declare function parseParametersFromURL(href: string): {
+    [parameter: string]: string;
+};
+type Fetch = typeof fetch;
+export declare const resolveFetch: (customFetch?: Fetch) => Fetch;
+export declare const looksLikeFetchResponse: (maybeResponse: unknown) => maybeResponse is Response;
+export declare const setItemAsync: (storage: SupportedStorage, key: string, data: any) => Promise<void>;
+export declare const getItemAsync: (storage: SupportedStorage, key: string) => Promise<unknown>;
+export declare const removeItemAsync: (storage: SupportedStorage, key: string) => Promise<void>;
+/**
+ * A deferred represents some asynchronous work that is not yet finished, which
+ * may or may not culminate in a value.
+ * Taken from: https://github.com/mike-north/types/blob/master/src/async.ts
+ */
+export declare class Deferred<T = any> {
+    static promiseConstructor: PromiseConstructor;
+    readonly promise: PromiseLike<T>;
+    readonly resolve: (value?: T | PromiseLike<T>) => void;
+    readonly reject: (reason?: any) => any;
+    constructor();
+}
+export declare function decodeJWT(token: string): {
+    header: JwtHeader;
+    payload: JwtPayload;
+    signature: Uint8Array_;
+    raw: {
+        header: string;
+        payload: string;
+    };
+};
+/**
+ * Creates a promise that resolves to null after some time.
+ */
+export declare function sleep(time: number): Promise<null>;
+/**
+ * Converts the provided async function into a retryable function. Each result
+ * or thrown error is sent to the isRetryable function which should return true
+ * if the function should run again.
+ */
+export declare function retryable<T>(fn: (attempt: number) => Promise<T>, isRetryable: (attempt: number, error: any | null, result?: T) => boolean): Promise<T>;
+export declare function generatePKCEVerifier(): string;
+export declare function generatePKCEChallenge(verifier: string): Promise<string>;
+export declare function getCodeChallengeAndMethod(storage: SupportedStorage, storageKey: string, isPasswordRecovery?: boolean): Promise<string[]>;
+export declare function parseResponseAPIVersion(response: Response): Date | null;
+export declare function validateExp(exp: number): void;
+export declare function getAlgorithm(alg: 'HS256' | 'RS256' | 'ES256'): RsaHashedImportParams | EcKeyImportParams;
+export declare function validateUUID(str: string): void;
+export declare function userNotAvailableProxy(): User;
+/**
+ * Creates a proxy around a user object that warns when properties are accessed on the server.
+ * This is used to alert developers that using user data from getSession() on the server is insecure.
+ *
+ * @param user The actual user object to wrap
+ * @param suppressWarningRef An object with a 'value' property that controls warning suppression
+ * @returns A proxied user object that warns on property access
+ */
+export declare function insecureUserWarningProxy(user: User, suppressWarningRef: {
+    value: boolean;
+}): User;
+/**
+ * Deep clones a JSON-serializable object using JSON.parse(JSON.stringify(obj)).
+ * Note: Only works for JSON-safe data.
+ */
+export declare function deepClone<T>(obj: T): T;
+export {};
+//# sourceMappingURL=helpers.d.ts.map

package/dist/module/lib/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/helpers.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACvE,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAE5C,wBAAgB,SAAS,CAAC,SAAS,EAAE,MAAM,UAG1C;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAED,eAAO,MAAM,SAAS,eAAyE,CAAA;AAO/F;;GAEG;AACH,eAAO,MAAM,oBAAoB,eAmChC,CAAA;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM;;EAsBlD;AAED,KAAK,KAAK,GAAG,OAAO,KAAK,CAAA;AAEzB,eAAO,MAAM,YAAY,GAAI,cAAc,KAAK,KAAG,KAKlD,CAAA;AAED,eAAO,MAAM,sBAAsB,GAAI,eAAe,OAAO,KAAG,aAAa,IAAI,QAShF,CAAA;AAGD,eAAO,MAAM,YAAY,GACvB,SAAS,gBAAgB,EACzB,KAAK,MAAM,EACX,MAAM,GAAG,KACR,OAAO,CAAC,IAAI,CAEd,CAAA;AAED,eAAO,MAAM,YAAY,GAAU,SAAS,gBAAgB,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,OAAO,CAY1F,CAAA;AAED,eAAO,MAAM,eAAe,GAAU,SAAS,gBAAgB,EAAE,KAAK,MAAM,KAAG,OAAO,CAAC,IAAI,CAE1F,CAAA;AAED;;;;GAIG;AACH,qBAAa,QAAQ,CAAC,CAAC,GAAG,GAAG;IAC3B,OAAc,kBAAkB,EAAE,kBAAkB,CAAU;IAE9D,SAAgB,OAAO,EAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAExC,SAAgB,OAAO,EAAG,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,IAAI,CAAA;IAE9D,SAAgB,MAAM,EAAG,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,GAAG,CAAA;;CAW/C;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG;IACxC,MAAM,EAAE,SAAS,CAAA;IACjB,OAAO,EAAE,UAAU,CAAA;IACnB,SAAS,EAAE,WAAW,CAAA;IACtB,GAAG,EAAE;QACH,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;CACF,CAwBA;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAIvD;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,CAAC,EACzB,EAAE,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,EACnC,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,KAAK,OAAO,GACvE,OAAO,CAAC,CAAC,CAAC,CAuBZ;AAOD,wBAAgB,oBAAoB,WAcnC;AAaD,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,mBAc3D;AAED,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,gBAAgB,EACzB,UAAU,EAAE,MAAM,EAClB,kBAAkB,UAAQ,qBAW3B;AAKD,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,eAiBzD;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,QAQtC;AAED,wBAAgB,YAAY,CAC1B,GAAG,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAC/B,qBAAqB,GAAG,iBAAiB,CAgB3C;AAID,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,QAIvC;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAoC5C;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,IAAI,EAAE,kBAAkB,EAAE;IAAE,KAAK,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,CAkCjG;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAEtC"}

package/dist/module/lib/helpers.js

@@ -0,0 +1,368 @@
+import { API_VERSION_HEADER_NAME, BASE64URL_REGEX } from './constants';
+import { AuthInvalidJwtError } from './errors';
+import { base64UrlToUint8Array, stringFromBase64URL } from './base64url';
+export function expiresAt(expiresIn) {
+    const timeNow = Math.round(Date.now() / 1000);
+    return timeNow + expiresIn;
+}
+/**
+ * Generates a unique identifier for internal callback subscriptions.
+ *
+ * This function uses JavaScript Symbols to create guaranteed-unique identifiers
+ * for auth state change callbacks. Symbols are ideal for this use case because:
+ * - They are guaranteed unique by the JavaScript runtime
+ * - They work in all environments (browser, SSR, Node.js)
+ * - They avoid issues with Next.js 16 deterministic rendering requirements
+ * - They are perfect for internal, non-serializable identifiers
+ *
+ * Note: This function is only used for internal subscription management,
+ * not for security-critical operations like session tokens.
+ */
+export function generateCallbackId() {
+    return Symbol('auth-callback');
+}
+export const isBrowser = () => typeof window !== 'undefined' && typeof document !== 'undefined';
+const localStorageWriteTests = {
+    tested: false,
+    writable: false,
+};
+/**
+ * Checks whether localStorage is supported on this browser.
+ */
+export const supportsLocalStorage = () => {
+    if (!isBrowser()) {
+        return false;
+    }
+    try {
+        if (typeof globalThis.localStorage !== 'object') {
+            return false;
+        }
+    }
+    catch (e) {
+        // DOM exception when accessing `localStorage`
+        return false;
+    }
+    if (localStorageWriteTests.tested) {
+        return localStorageWriteTests.writable;
+    }
+    const randomKey = `lswt-${Math.random()}${Math.random()}`;
+    try {
+        globalThis.localStorage.setItem(randomKey, randomKey);
+        globalThis.localStorage.removeItem(randomKey);
+        localStorageWriteTests.tested = true;
+        localStorageWriteTests.writable = true;
+    }
+    catch (e) {
+        // localStorage can't be written to
+        // https://www.chromium.org/for-testers/bug-reporting-guidelines/uncaught-securityerror-failed-to-read-the-localstorage-property-from-window-access-is-denied-for-this-document
+        localStorageWriteTests.tested = true;
+        localStorageWriteTests.writable = false;
+    }
+    return localStorageWriteTests.writable;
+};
+/**
+ * Extracts parameters encoded in the URL both in the query and fragment.
+ */
+export function parseParametersFromURL(href) {
+    const result = {};
+    const url = new URL(href);
+    if (url.hash && url.hash[0] === '#') {
+        try {
+            const hashSearchParams = new URLSearchParams(url.hash.substring(1));
+            hashSearchParams.forEach((value, key) => {
+                result[key] = value;
+            });
+        }
+        catch (e) {
+            // hash is not a query string
+        }
+    }
+    // search parameters take precedence over hash parameters
+    url.searchParams.forEach((value, key) => {
+        result[key] = value;
+    });
+    return result;
+}
+export const resolveFetch = (customFetch) => {
+    if (customFetch) {
+        return (...args) => customFetch(...args);
+    }
+    return (...args) => fetch(...args);
+};
+export const looksLikeFetchResponse = (maybeResponse) => {
+    return (typeof maybeResponse === 'object' &&
+        maybeResponse !== null &&
+        'status' in maybeResponse &&
+        'ok' in maybeResponse &&
+        'json' in maybeResponse &&
+        typeof maybeResponse.json === 'function');
+};
+// Storage helpers
+export const setItemAsync = async (storage, key, data) => {
+    await storage.setItem(key, JSON.stringify(data));
+};
+export const getItemAsync = async (storage, key) => {
+    const value = await storage.getItem(key);
+    if (!value) {
+        return null;
+    }
+    try {
+        return JSON.parse(value);
+    }
+    catch (_a) {
+        return value;
+    }
+};
+export const removeItemAsync = async (storage, key) => {
+    await storage.removeItem(key);
+};
+/**
+ * A deferred represents some asynchronous work that is not yet finished, which
+ * may or may not culminate in a value.
+ * Taken from: https://github.com/mike-north/types/blob/master/src/async.ts
+ */
+export class Deferred {
+    constructor() {
+        // eslint-disable-next-line @typescript-eslint/no-extra-semi
+        ;
+        this.promise = new Deferred.promiseConstructor((res, rej) => {
+            // eslint-disable-next-line @typescript-eslint/no-extra-semi
+            ;
+            this.resolve = res;
+            this.reject = rej;
+        });
+    }
+}
+Deferred.promiseConstructor = Promise;
+export function decodeJWT(token) {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        throw new AuthInvalidJwtError('Invalid JWT structure');
+    }
+    // Regex checks for base64url format
+    for (let i = 0; i < parts.length; i++) {
+        if (!BASE64URL_REGEX.test(parts[i])) {
+            throw new AuthInvalidJwtError('JWT not in base64url format');
+        }
+    }
+    const data = {
+        // using base64url lib
+        header: JSON.parse(stringFromBase64URL(parts[0])),
+        payload: JSON.parse(stringFromBase64URL(parts[1])),
+        signature: base64UrlToUint8Array(parts[2]),
+        raw: {
+            header: parts[0],
+            payload: parts[1],
+        },
+    };
+    return data;
+}
+/**
+ * Creates a promise that resolves to null after some time.
+ */
+export async function sleep(time) {
+    return await new Promise((accept) => {
+        setTimeout(() => accept(null), time);
+    });
+}
+/**
+ * Converts the provided async function into a retryable function. Each result
+ * or thrown error is sent to the isRetryable function which should return true
+ * if the function should run again.
+ */
+export function retryable(fn, isRetryable) {
+    const promise = new Promise((accept, reject) => {
+        // eslint-disable-next-line @typescript-eslint/no-extra-semi
+        ;
+        (async () => {
+            for (let attempt = 0; attempt < Infinity; attempt++) {
+                try {
+                    const result = await fn(attempt);
+                    if (!isRetryable(attempt, null, result)) {
+                        accept(result);
+                        return;
+                    }
+                }
+                catch (e) {
+                    if (!isRetryable(attempt, e)) {
+                        reject(e);
+                        return;
+                    }
+                }
+            }
+        })();
+    });
+    return promise;
+}
+function dec2hex(dec) {
+    return ('0' + dec.toString(16)).substr(-2);
+}
+// Functions below taken from: https://stackoverflow.com/questions/63309409/creating-a-code-verifier-and-challenge-for-pkce-auth-on-spotify-api-in-reactjs
+export function generatePKCEVerifier() {
+    const verifierLength = 56;
+    const array = new Uint32Array(verifierLength);
+    if (typeof crypto === 'undefined') {
+        const charSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+        const charSetLen = charSet.length;
+        let verifier = '';
+        for (let i = 0; i < verifierLength; i++) {
+            verifier += charSet.charAt(Math.floor(Math.random() * charSetLen));
+        }
+        return verifier;
+    }
+    crypto.getRandomValues(array);
+    return Array.from(array, dec2hex).join('');
+}
+async function sha256(randomString) {
+    const encoder = new TextEncoder();
+    const encodedData = encoder.encode(randomString);
+    const hash = await crypto.subtle.digest('SHA-256', encodedData);
+    const bytes = new Uint8Array(hash);
+    return Array.from(bytes)
+        .map((c) => String.fromCharCode(c))
+        .join('');
+}
+export async function generatePKCEChallenge(verifier) {
+    const hasCryptoSupport = typeof crypto !== 'undefined' &&
+        typeof crypto.subtle !== 'undefined' &&
+        typeof TextEncoder !== 'undefined';
+    if (!hasCryptoSupport) {
+        console.warn('WebCrypto API is not supported. Code challenge method will default to use plain instead of sha256.');
+        return verifier;
+    }
+    const hashed = await sha256(verifier);
+    return btoa(hashed).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+export async function getCodeChallengeAndMethod(storage, storageKey, isPasswordRecovery = false) {
+    const codeVerifier = generatePKCEVerifier();
+    let storedCodeVerifier = codeVerifier;
+    if (isPasswordRecovery) {
+        storedCodeVerifier += '/PASSWORD_RECOVERY';
+    }
+    await setItemAsync(storage, `${storageKey}-code-verifier`, storedCodeVerifier);
+    const codeChallenge = await generatePKCEChallenge(codeVerifier);
+    const codeChallengeMethod = codeVerifier === codeChallenge ? 'plain' : 's256';
+    return [codeChallenge, codeChallengeMethod];
+}
+/** Parses the API version which is 2YYY-MM-DD. */
+const API_VERSION_REGEX = /^2[0-9]{3}-(0[1-9]|1[0-2])-(0[1-9]|1[0-9]|2[0-9]|3[0-1])$/i;
+export function parseResponseAPIVersion(response) {
+    const apiVersion = response.headers.get(API_VERSION_HEADER_NAME);
+    if (!apiVersion) {
+        return null;
+    }
+    if (!apiVersion.match(API_VERSION_REGEX)) {
+        return null;
+    }
+    try {
+        const date = new Date(`${apiVersion}T00:00:00.0Z`);
+        return date;
+    }
+    catch (e) {
+        return null;
+    }
+}
+export function validateExp(exp) {
+    if (!exp) {
+        throw new Error('Missing exp claim');
+    }
+    const timeNow = Math.floor(Date.now() / 1000);
+    if (exp <= timeNow) {
+        throw new Error('JWT has expired');
+    }
+}
+export function getAlgorithm(alg) {
+    switch (alg) {
+        case 'RS256':
+            return {
+                name: 'RSASSA-PKCS1-v1_5',
+                hash: { name: 'SHA-256' },
+            };
+        case 'ES256':
+            return {
+                name: 'ECDSA',
+                namedCurve: 'P-256',
+                hash: { name: 'SHA-256' },
+            };
+        default:
+            throw new Error('Invalid alg claim');
+    }
+}
+const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+export function validateUUID(str) {
+    if (!UUID_REGEX.test(str)) {
+        throw new Error('@supabase/auth-js: Expected parameter to be UUID but is not');
+    }
+}
+export function userNotAvailableProxy() {
+    const proxyTarget = {};
+    return new Proxy(proxyTarget, {
+        get: (target, prop) => {
+            if (prop === '__isUserNotAvailableProxy') {
+                return true;
+            }
+            // Preventative check for common problematic symbols during cloning/inspection
+            // These symbols might be accessed by structuredClone or other internal mechanisms.
+            if (typeof prop === 'symbol') {
+                const sProp = prop.toString();
+                if (sProp === 'Symbol(Symbol.toPrimitive)' ||
+                    sProp === 'Symbol(Symbol.toStringTag)' ||
+                    sProp === 'Symbol(util.inspect.custom)') {
+                    // Node.js util.inspect
+                    return undefined;
+                }
+            }
+            throw new Error(`@supabase/auth-js: client was created with userStorage option and there was no user stored in the user storage. Accessing the "${prop}" property of the session object is not supported. Please use getUser() instead.`);
+        },
+        set: (_target, prop) => {
+            throw new Error(`@supabase/auth-js: client was created with userStorage option and there was no user stored in the user storage. Setting the "${prop}" property of the session object is not supported. Please use getUser() to fetch a user object you can manipulate.`);
+        },
+        deleteProperty: (_target, prop) => {
+            throw new Error(`@supabase/auth-js: client was created with userStorage option and there was no user stored in the user storage. Deleting the "${prop}" property of the session object is not supported. Please use getUser() to fetch a user object you can manipulate.`);
+        },
+    });
+}
+/**
+ * Creates a proxy around a user object that warns when properties are accessed on the server.
+ * This is used to alert developers that using user data from getSession() on the server is insecure.
+ *
+ * @param user The actual user object to wrap
+ * @param suppressWarningRef An object with a 'value' property that controls warning suppression
+ * @returns A proxied user object that warns on property access
+ */
+export function insecureUserWarningProxy(user, suppressWarningRef) {
+    return new Proxy(user, {
+        get: (target, prop, receiver) => {
+            // Allow internal checks without warning
+            if (prop === '__isInsecureUserWarningProxy') {
+                return true;
+            }
+            // Preventative check for common problematic symbols during cloning/inspection
+            // These symbols might be accessed by structuredClone or other internal mechanisms
+            if (typeof prop === 'symbol') {
+                const sProp = prop.toString();
+                if (sProp === 'Symbol(Symbol.toPrimitive)' ||
+                    sProp === 'Symbol(Symbol.toStringTag)' ||
+                    sProp === 'Symbol(util.inspect.custom)' ||
+                    sProp === 'Symbol(nodejs.util.inspect.custom)') {
+                    // Return the actual value for these symbols to allow proper inspection
+                    return Reflect.get(target, prop, receiver);
+                }
+            }
+            // Emit warning on first property access
+            if (!suppressWarningRef.value && typeof prop === 'string') {
+                console.warn('Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure! This value comes directly from the storage medium (usually cookies on the server) and may not be authentic. Use supabase.auth.getUser() instead which authenticates the data by contacting the Supabase Auth server.');
+                suppressWarningRef.value = true;
+            }
+            return Reflect.get(target, prop, receiver);
+        },
+    });
+}
+/**
+ * Deep clones a JSON-serializable object using JSON.parse(JSON.stringify(obj)).
+ * Note: Only works for JSON-safe data.
+ */
+export function deepClone(obj) {
+    return JSON.parse(JSON.stringify(obj));
+}
+//# sourceMappingURL=helpers.js.map