@fluxbase/sdk 0.0.1-rc.32 → 0.0.1-rc.34

package/dist/index.d.cts

@@ -99,9 +99,17 @@ interface TwoFactorSetupResponse {
     totp: TOTPSetup;
 }
 /**
- * MFA verify/enable response (Supabase-compatible)
+ * MFA enable response - returned when activating 2FA after setup
  */
 interface TwoFactorEnableResponse {
+    success: boolean;
+    backup_codes: string[];
+    message: string;
+}
+/**
+ * MFA login response - returned when verifying 2FA during login
+ */
+interface TwoFactorLoginResponse {
     access_token: string;
     refresh_token: string;
     user: User;
@@ -200,6 +208,8 @@ interface RealtimeMessage {
     config?: PostgresChangesConfig;
     presence?: any;
     broadcast?: any;
+    messageId?: string;
+    status?: string;
 }
 interface PostgresChangesConfig {
     event: 'INSERT' | 'UPDATE' | 'DELETE' | '*';
@@ -250,6 +260,7 @@ interface RealtimeChannelConfig {
     broadcast?: {
         self?: boolean;
         ack?: boolean;
+        ackTimeout?: number;
     };
     presence?: {
         key?: string;
@@ -406,6 +417,69 @@ interface OAuthUrlResponse {
     url: string;
     provider: string;
 }
+type OTPType = 'signup' | 'invite' | 'magiclink' | 'recovery' | 'email_change' | 'sms' | 'phone_change' | 'email';
+interface SignInWithOtpCredentials {
+    email?: string;
+    phone?: string;
+    options?: {
+        emailRedirectTo?: string;
+        shouldCreateUser?: boolean;
+        data?: Record<string, any>;
+        captchaToken?: string;
+    };
+}
+interface VerifyOtpParams {
+    email?: string;
+    phone?: string;
+    token: string;
+    type: OTPType;
+    options?: {
+        redirectTo?: string;
+        captchaToken?: string;
+    };
+}
+interface ResendOtpParams {
+    type: 'signup' | 'sms' | 'email';
+    email?: string;
+    phone?: string;
+    options?: {
+        emailRedirectTo?: string;
+        captchaToken?: string;
+    };
+}
+interface OTPResponse {
+    user: null;
+    session: null;
+    messageId?: string;
+}
+interface UserIdentity {
+    id: string;
+    user_id: string;
+    identity_data?: Record<string, any>;
+    provider: string;
+    created_at: string;
+    updated_at: string;
+}
+interface UserIdentitiesResponse {
+    identities: UserIdentity[];
+}
+interface LinkIdentityCredentials {
+    provider: string;
+}
+interface UnlinkIdentityParams {
+    identity: UserIdentity;
+}
+interface ReauthenticateResponse {
+    nonce: string;
+}
+interface SignInWithIdTokenCredentials {
+    provider: 'google' | 'apple';
+    token: string;
+    nonce?: string;
+    options?: {
+        captchaToken?: string;
+    };
+}
 interface AdminSetupStatusResponse {
     needs_setup: boolean;
     has_admin: boolean;
@@ -1282,6 +1356,8 @@ declare class RealtimeChannel {
     private maxReconnectAttempts;
     private reconnectDelay;
     private heartbeatInterval;
+    private pendingAcks;
+    private messageIdCounter;
     constructor(url: string, channelName: string, token?: string | null, config?: RealtimeChannelConfig);
     /**
      * Listen to postgres_changes with optional row-level filtering
@@ -1645,6 +1721,15 @@ declare class FluxbaseAuth {
         user: User;
         session: AuthSession;
     }>>;
+    /**
+     * Refresh the session (Supabase-compatible alias)
+     * Alias for refreshSession() to maintain compatibility with Supabase naming
+     * Returns a new session with refreshed tokens
+     */
+    refreshToken(): Promise<FluxbaseResponse<{
+        user: User;
+        session: AuthSession;
+    }>>;
     /**
      * Get the current user from the server
      */
@@ -1666,9 +1751,10 @@ declare class FluxbaseAuth {
     /**
      * Setup 2FA for the current user (Supabase-compatible)
      * Enrolls a new MFA factor and returns TOTP details
+     * @param issuer - Optional custom issuer name for the QR code (e.g., "MyApp"). If not provided, uses server default.
      * @returns Promise with factor id, type, and TOTP setup details
      */
-    setup2FA(): Promise<DataResponse<TwoFactorSetupResponse>>;
+    setup2FA(issuer?: string): Promise<DataResponse<TwoFactorSetupResponse>>;
     /**
      * Enable 2FA after verifying the TOTP code (Supabase-compatible)
      * Verifies the TOTP code and returns new tokens with MFA session
@@ -1695,7 +1781,7 @@ declare class FluxbaseAuth {
      * @param request - User ID and TOTP code
      * @returns Promise with access_token, refresh_token, and user
      */
-    verify2FA(request: TwoFactorVerifyRequest): Promise<DataResponse<TwoFactorEnableResponse>>;
+    verify2FA(request: TwoFactorVerifyRequest): Promise<DataResponse<TwoFactorLoginResponse>>;
     /**
      * Send password reset email (Supabase-compatible)
      * Sends a password reset link to the provided email address
@@ -1769,6 +1855,60 @@ declare class FluxbaseAuth {
         provider: string;
         url: string;
     }>>;
+    /**
+     * Sign in with OTP (One-Time Password) - Supabase-compatible
+     * Sends a one-time password via email or SMS for passwordless authentication
+     * @param credentials - Email or phone number and optional configuration
+     * @returns Promise with OTP-style response
+     */
+    signInWithOtp(credentials: SignInWithOtpCredentials): Promise<DataResponse<OTPResponse>>;
+    /**
+     * Verify OTP (One-Time Password) - Supabase-compatible
+     * Verify OTP tokens for various authentication flows
+     * @param params - OTP verification parameters including token and type
+     * @returns Promise with user and session if successful
+     */
+    verifyOtp(params: VerifyOtpParams): Promise<FluxbaseAuthResponse>;
+    /**
+     * Resend OTP (One-Time Password) - Supabase-compatible
+     * Resend OTP code when user doesn't receive it
+     * @param params - Resend parameters including type and email/phone
+     * @returns Promise with OTP-style response
+     */
+    resendOtp(params: ResendOtpParams): Promise<DataResponse<OTPResponse>>;
+    /**
+     * Get user identities (linked OAuth providers) - Supabase-compatible
+     * Lists all OAuth identities linked to the current user
+     * @returns Promise with list of user identities
+     */
+    getUserIdentities(): Promise<DataResponse<UserIdentitiesResponse>>;
+    /**
+     * Link an OAuth identity to current user - Supabase-compatible
+     * Links an additional OAuth provider to the existing account
+     * @param credentials - Provider to link
+     * @returns Promise with OAuth URL to complete linking
+     */
+    linkIdentity(credentials: LinkIdentityCredentials): Promise<DataResponse<OAuthUrlResponse>>;
+    /**
+     * Unlink an OAuth identity from current user - Supabase-compatible
+     * Removes a linked OAuth provider from the account
+     * @param params - Identity to unlink
+     * @returns Promise with void response
+     */
+    unlinkIdentity(params: UnlinkIdentityParams): Promise<VoidResponse>;
+    /**
+     * Reauthenticate to get security nonce - Supabase-compatible
+     * Get a security nonce for sensitive operations (password change, etc.)
+     * @returns Promise with nonce for reauthentication
+     */
+    reauthenticate(): Promise<DataResponse<ReauthenticateResponse>>;
+    /**
+     * Sign in with ID token (for native mobile apps) - Supabase-compatible
+     * Authenticate using native mobile app ID tokens (Google, Apple)
+     * @param credentials - Provider, ID token, and optional nonce
+     * @returns Promise with user and session
+     */
+    signInWithIdToken(credentials: SignInWithIdTokenCredentials): Promise<FluxbaseAuthResponse>;
     /**
      * Internal: Set the session and persist it
      */

package/dist/index.d.ts

@@ -99,9 +99,17 @@ interface TwoFactorSetupResponse {
     totp: TOTPSetup;
 }
 /**
- * MFA verify/enable response (Supabase-compatible)
+ * MFA enable response - returned when activating 2FA after setup
  */
 interface TwoFactorEnableResponse {
+    success: boolean;
+    backup_codes: string[];
+    message: string;
+}
+/**
+ * MFA login response - returned when verifying 2FA during login
+ */
+interface TwoFactorLoginResponse {
     access_token: string;
     refresh_token: string;
     user: User;
@@ -200,6 +208,8 @@ interface RealtimeMessage {
     config?: PostgresChangesConfig;
     presence?: any;
     broadcast?: any;
+    messageId?: string;
+    status?: string;
 }
 interface PostgresChangesConfig {
     event: 'INSERT' | 'UPDATE' | 'DELETE' | '*';
@@ -250,6 +260,7 @@ interface RealtimeChannelConfig {
     broadcast?: {
         self?: boolean;
         ack?: boolean;
+        ackTimeout?: number;
     };
     presence?: {
         key?: string;
@@ -406,6 +417,69 @@ interface OAuthUrlResponse {
     url: string;
     provider: string;
 }
+type OTPType = 'signup' | 'invite' | 'magiclink' | 'recovery' | 'email_change' | 'sms' | 'phone_change' | 'email';
+interface SignInWithOtpCredentials {
+    email?: string;
+    phone?: string;
+    options?: {
+        emailRedirectTo?: string;
+        shouldCreateUser?: boolean;
+        data?: Record<string, any>;
+        captchaToken?: string;
+    };
+}
+interface VerifyOtpParams {
+    email?: string;
+    phone?: string;
+    token: string;
+    type: OTPType;
+    options?: {
+        redirectTo?: string;
+        captchaToken?: string;
+    };
+}
+interface ResendOtpParams {
+    type: 'signup' | 'sms' | 'email';
+    email?: string;
+    phone?: string;
+    options?: {
+        emailRedirectTo?: string;
+        captchaToken?: string;
+    };
+}
+interface OTPResponse {
+    user: null;
+    session: null;
+    messageId?: string;
+}
+interface UserIdentity {
+    id: string;
+    user_id: string;
+    identity_data?: Record<string, any>;
+    provider: string;
+    created_at: string;
+    updated_at: string;
+}
+interface UserIdentitiesResponse {
+    identities: UserIdentity[];
+}
+interface LinkIdentityCredentials {
+    provider: string;
+}
+interface UnlinkIdentityParams {
+    identity: UserIdentity;
+}
+interface ReauthenticateResponse {
+    nonce: string;
+}
+interface SignInWithIdTokenCredentials {
+    provider: 'google' | 'apple';
+    token: string;
+    nonce?: string;
+    options?: {
+        captchaToken?: string;
+    };
+}
 interface AdminSetupStatusResponse {
     needs_setup: boolean;
     has_admin: boolean;
@@ -1282,6 +1356,8 @@ declare class RealtimeChannel {
     private maxReconnectAttempts;
     private reconnectDelay;
     private heartbeatInterval;
+    private pendingAcks;
+    private messageIdCounter;
     constructor(url: string, channelName: string, token?: string | null, config?: RealtimeChannelConfig);
     /**
      * Listen to postgres_changes with optional row-level filtering
@@ -1645,6 +1721,15 @@ declare class FluxbaseAuth {
         user: User;
         session: AuthSession;
     }>>;
+    /**
+     * Refresh the session (Supabase-compatible alias)
+     * Alias for refreshSession() to maintain compatibility with Supabase naming
+     * Returns a new session with refreshed tokens
+     */
+    refreshToken(): Promise<FluxbaseResponse<{
+        user: User;
+        session: AuthSession;
+    }>>;
     /**
      * Get the current user from the server
      */
@@ -1666,9 +1751,10 @@ declare class FluxbaseAuth {
     /**
      * Setup 2FA for the current user (Supabase-compatible)
      * Enrolls a new MFA factor and returns TOTP details
+     * @param issuer - Optional custom issuer name for the QR code (e.g., "MyApp"). If not provided, uses server default.
      * @returns Promise with factor id, type, and TOTP setup details
      */
-    setup2FA(): Promise<DataResponse<TwoFactorSetupResponse>>;
+    setup2FA(issuer?: string): Promise<DataResponse<TwoFactorSetupResponse>>;
     /**
      * Enable 2FA after verifying the TOTP code (Supabase-compatible)
      * Verifies the TOTP code and returns new tokens with MFA session
@@ -1695,7 +1781,7 @@ declare class FluxbaseAuth {
      * @param request - User ID and TOTP code
      * @returns Promise with access_token, refresh_token, and user
      */
-    verify2FA(request: TwoFactorVerifyRequest): Promise<DataResponse<TwoFactorEnableResponse>>;
+    verify2FA(request: TwoFactorVerifyRequest): Promise<DataResponse<TwoFactorLoginResponse>>;
     /**
      * Send password reset email (Supabase-compatible)
      * Sends a password reset link to the provided email address
@@ -1769,6 +1855,60 @@ declare class FluxbaseAuth {
         provider: string;
         url: string;
     }>>;
+    /**
+     * Sign in with OTP (One-Time Password) - Supabase-compatible
+     * Sends a one-time password via email or SMS for passwordless authentication
+     * @param credentials - Email or phone number and optional configuration
+     * @returns Promise with OTP-style response
+     */
+    signInWithOtp(credentials: SignInWithOtpCredentials): Promise<DataResponse<OTPResponse>>;
+    /**
+     * Verify OTP (One-Time Password) - Supabase-compatible
+     * Verify OTP tokens for various authentication flows
+     * @param params - OTP verification parameters including token and type
+     * @returns Promise with user and session if successful
+     */
+    verifyOtp(params: VerifyOtpParams): Promise<FluxbaseAuthResponse>;
+    /**
+     * Resend OTP (One-Time Password) - Supabase-compatible
+     * Resend OTP code when user doesn't receive it
+     * @param params - Resend parameters including type and email/phone
+     * @returns Promise with OTP-style response
+     */
+    resendOtp(params: ResendOtpParams): Promise<DataResponse<OTPResponse>>;
+    /**
+     * Get user identities (linked OAuth providers) - Supabase-compatible
+     * Lists all OAuth identities linked to the current user
+     * @returns Promise with list of user identities
+     */
+    getUserIdentities(): Promise<DataResponse<UserIdentitiesResponse>>;
+    /**
+     * Link an OAuth identity to current user - Supabase-compatible
+     * Links an additional OAuth provider to the existing account
+     * @param credentials - Provider to link
+     * @returns Promise with OAuth URL to complete linking
+     */
+    linkIdentity(credentials: LinkIdentityCredentials): Promise<DataResponse<OAuthUrlResponse>>;
+    /**
+     * Unlink an OAuth identity from current user - Supabase-compatible
+     * Removes a linked OAuth provider from the account
+     * @param params - Identity to unlink
+     * @returns Promise with void response
+     */
+    unlinkIdentity(params: UnlinkIdentityParams): Promise<VoidResponse>;
+    /**
+     * Reauthenticate to get security nonce - Supabase-compatible
+     * Get a security nonce for sensitive operations (password change, etc.)
+     * @returns Promise with nonce for reauthentication
+     */
+    reauthenticate(): Promise<DataResponse<ReauthenticateResponse>>;
+    /**
+     * Sign in with ID token (for native mobile apps) - Supabase-compatible
+     * Authenticate using native mobile app ID tokens (Google, Apple)
+     * @param credentials - Provider, ID token, and optional nonce
+     * @returns Promise with user and session
+     */
+    signInWithIdToken(credentials: SignInWithIdTokenCredentials): Promise<FluxbaseAuthResponse>;
     /**
      * Internal: Set the session and persist it
      */

package/dist/index.js

@@ -291,6 +291,14 @@ var FluxbaseAuth = class {
       return { user: session.user, session };
     });
   }
+  /**
+   * Refresh the session (Supabase-compatible alias)
+   * Alias for refreshSession() to maintain compatibility with Supabase naming
+   * Returns a new session with refreshed tokens
+   */
+  async refreshToken() {
+    return this.refreshSession();
+  }
   /**
    * Get the current user from the server
    */
@@ -347,15 +355,17 @@ var FluxbaseAuth = class {
   /**
    * Setup 2FA for the current user (Supabase-compatible)
    * Enrolls a new MFA factor and returns TOTP details
+   * @param issuer - Optional custom issuer name for the QR code (e.g., "MyApp"). If not provided, uses server default.
    * @returns Promise with factor id, type, and TOTP setup details
    */
-  async setup2FA() {
+  async setup2FA(issuer) {
     return wrapAsync(async () => {
       if (!this.session) {
         throw new Error("Not authenticated");
       }
       return await this.fetch.post(
-        "/api/v1/auth/2fa/setup"
+        "/api/v1/auth/2fa/setup",
+        issuer ? { issuer } : void 0
       );
     });
   }
@@ -617,6 +627,136 @@ var FluxbaseAuth = class {
       return { provider, url };
     });
   }
+  /**
+   * Sign in with OTP (One-Time Password) - Supabase-compatible
+   * Sends a one-time password via email or SMS for passwordless authentication
+   * @param credentials - Email or phone number and optional configuration
+   * @returns Promise with OTP-style response
+   */
+  async signInWithOtp(credentials) {
+    return wrapAsync(async () => {
+      await this.fetch.post("/api/v1/auth/otp/signin", credentials);
+      return { user: null, session: null };
+    });
+  }
+  /**
+   * Verify OTP (One-Time Password) - Supabase-compatible
+   * Verify OTP tokens for various authentication flows
+   * @param params - OTP verification parameters including token and type
+   * @returns Promise with user and session if successful
+   */
+  async verifyOtp(params) {
+    return wrapAsync(async () => {
+      const response = await this.fetch.post(
+        "/api/v1/auth/otp/verify",
+        params
+      );
+      if (response.access_token && response.refresh_token) {
+        const session = {
+          ...response,
+          expires_at: Date.now() + response.expires_in * 1e3
+        };
+        this.setSessionInternal(session);
+        return { user: response.user, session };
+      }
+      return { user: response.user, session: null };
+    });
+  }
+  /**
+   * Resend OTP (One-Time Password) - Supabase-compatible
+   * Resend OTP code when user doesn't receive it
+   * @param params - Resend parameters including type and email/phone
+   * @returns Promise with OTP-style response
+   */
+  async resendOtp(params) {
+    return wrapAsync(async () => {
+      await this.fetch.post("/api/v1/auth/otp/resend", params);
+      return { user: null, session: null };
+    });
+  }
+  /**
+   * Get user identities (linked OAuth providers) - Supabase-compatible
+   * Lists all OAuth identities linked to the current user
+   * @returns Promise with list of user identities
+   */
+  async getUserIdentities() {
+    return wrapAsync(async () => {
+      if (!this.session) {
+        throw new Error("Not authenticated");
+      }
+      return await this.fetch.get(
+        "/api/v1/auth/user/identities"
+      );
+    });
+  }
+  /**
+   * Link an OAuth identity to current user - Supabase-compatible
+   * Links an additional OAuth provider to the existing account
+   * @param credentials - Provider to link
+   * @returns Promise with OAuth URL to complete linking
+   */
+  async linkIdentity(credentials) {
+    return wrapAsync(async () => {
+      if (!this.session) {
+        throw new Error("Not authenticated");
+      }
+      return await this.fetch.post(
+        "/api/v1/auth/user/identities",
+        credentials
+      );
+    });
+  }
+  /**
+   * Unlink an OAuth identity from current user - Supabase-compatible
+   * Removes a linked OAuth provider from the account
+   * @param params - Identity to unlink
+   * @returns Promise with void response
+   */
+  async unlinkIdentity(params) {
+    return wrapAsyncVoid(async () => {
+      if (!this.session) {
+        throw new Error("Not authenticated");
+      }
+      await this.fetch.delete(
+        `/api/v1/auth/user/identities/${params.identity.id}`
+      );
+    });
+  }
+  /**
+   * Reauthenticate to get security nonce - Supabase-compatible
+   * Get a security nonce for sensitive operations (password change, etc.)
+   * @returns Promise with nonce for reauthentication
+   */
+  async reauthenticate() {
+    return wrapAsync(async () => {
+      if (!this.session) {
+        throw new Error("Not authenticated");
+      }
+      return await this.fetch.post(
+        "/api/v1/auth/reauthenticate"
+      );
+    });
+  }
+  /**
+   * Sign in with ID token (for native mobile apps) - Supabase-compatible
+   * Authenticate using native mobile app ID tokens (Google, Apple)
+   * @param credentials - Provider, ID token, and optional nonce
+   * @returns Promise with user and session
+   */
+  async signInWithIdToken(credentials) {
+    return wrapAsync(async () => {
+      const response = await this.fetch.post(
+        "/api/v1/auth/signin/idtoken",
+        credentials
+      );
+      const session = {
+        ...response,
+        expires_at: Date.now() + response.expires_in * 1e3
+      };
+      this.setSessionInternal(session);
+      return { user: session.user, session };
+    });
+  }
   /**
    * Internal: Set the session and persist it
    */
@@ -700,6 +840,8 @@ var RealtimeChannel = class {
     this.maxReconnectAttempts = 10;
     this.reconnectDelay = 1e3;
     this.heartbeatInterval = null;
+    this.pendingAcks = /* @__PURE__ */ new Map();
+    this.messageIdCounter = 0;
     this.url = url;
     this.channelName = channelName;
     this.token = token;
@@ -822,16 +964,40 @@ var RealtimeChannel = class {
       return "error";
     }
     try {
+      const messageId = this.config.broadcast?.ack ? `msg_${Date.now()}_${++this.messageIdCounter}` : void 0;
       this.ws.send(
         JSON.stringify({
           type: "broadcast",
           channel: this.channelName,
           event: message.event,
-          payload: message.payload
+          payload: message.payload,
+          ...messageId && { messageId }
         })
       );
-      if (this.config.broadcast?.ack) {
-        return "ok";
+      if (this.config.broadcast?.ack && messageId) {
+        const ackTimeout = this.config.broadcast.ackTimeout || 5e3;
+        return await new Promise((resolve, reject) => {
+          const timeout = setTimeout(() => {
+            this.pendingAcks.delete(messageId);
+            reject(new Error("Acknowledgment timeout"));
+          }, ackTimeout);
+          this.pendingAcks.set(messageId, {
+            resolve: (value) => {
+              clearTimeout(timeout);
+              this.pendingAcks.delete(messageId);
+              resolve(value);
+            },
+            reject: (reason) => {
+              clearTimeout(timeout);
+              this.pendingAcks.delete(messageId);
+              reject(reason);
+            },
+            timeout
+          });
+        }).catch((error) => {
+          console.error("[Fluxbase Realtime] Acknowledgment error:", error);
+          return "error";
+        });
       }
       return "ok";
     } catch (error) {
@@ -1010,7 +1176,14 @@ var RealtimeChannel = class {
         }
         break;
       case "ack":
-        console.log("[Fluxbase Realtime] Subscription acknowledged");
+        if (message.messageId && this.pendingAcks.has(message.messageId)) {
+          const ackHandler = this.pendingAcks.get(message.messageId);
+          if (ackHandler) {
+            ackHandler.resolve(message.status || "ok");
+          }
+        } else {
+          console.log("[Fluxbase Realtime] Acknowledged:", message);
+        }
         break;
       case "error":
         console.error("[Fluxbase Realtime] Error:", message.error);