npm - @hexclave/next - Versions diffs - 1.0.21 → 1.0.23 - Mend

@hexclave/next 1.0.21 → 1.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/src/lib/auth.ts CHANGED Viewed

@@ -2,7 +2,7 @@
 //===========================================
 // THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template
 //===========================================
-import { KnownError, HexclaveClientInterface } from "@hexclave/shared";
+import { KnownError, KnownErrors, HexclaveClientInterface } from "@hexclave/shared";
 import { InternalSession } from "@hexclave/shared/dist/sessions";
 import { HexclaveAssertionError, throwErr } from "@hexclave/shared/dist/utils/errors";
 import { Result } from "@hexclave/shared/dist/utils/results";
@@ -50,10 +50,39 @@ type OAuthCallbackConsumptionResult =
     error: KnownError,
   };
+const oauthErrorParams = ["error", "error_description", "errorCode", "message", "details"] as const;
+function removeOAuthErrorParamsFromHistory(originalUrl: URL): void {
+  const newUrl = new URL(originalUrl);
+  for (const param of oauthErrorParams) {
+    newUrl.searchParams.delete(param);
+  }
+  window.history.replaceState({}, "", newUrl.toString());
+}
+function getProviderOAuthErrorFromUrl(originalUrl: URL): KnownError | null {
+  const providerError = originalUrl.searchParams.get("error");
+  const providerErrorDescription = originalUrl.searchParams.get("error_description");
+  if (providerError == null && providerErrorDescription == null) {
+    return null;
+  }
+  switch (providerError) {
+    case "access_denied":
+    case "consent_required": {
+      return new KnownErrors.OAuthProviderAccessDenied();
+    }
+    case "server_error":
+    case "temporarily_unavailable":
+    default: {
+      return new KnownErrors.OAuthProviderTemporarilyUnavailable();
+    }
+  }
+}
 function consumeOAuthCallbackQueryParams(options?: {
   dontWarnAboutMissingQueryParams?: boolean,
 }): OAuthCallbackConsumptionResult | null {
-  const oauthErrorParams = ["error", "error_description", "errorCode", "message", "details"] as const;
   const requiredParams = ["code", "state"];
   const originalUrl = new URL(window.location.href);
   const knownErrorCode = originalUrl.searchParams.get("errorCode");
@@ -72,11 +101,7 @@ function consumeOAuthCallbackQueryParams(options?: {
       }
     }
-    const newUrl = new URL(originalUrl);
-    for (const param of oauthErrorParams) {
-      newUrl.searchParams.delete(param);
-    }
-    window.history.replaceState({}, "", newUrl.toString());
+    removeOAuthErrorParamsFromHistory(originalUrl);
     return {
       type: "known-error",
@@ -88,6 +113,15 @@ function consumeOAuthCallbackQueryParams(options?: {
     };
   }
+  const providerOAuthError = getProviderOAuthErrorFromUrl(originalUrl);
+  if (providerOAuthError != null && !requiredParams.every(param => originalUrl.searchParams.has(param))) {
+    removeOAuthErrorParamsFromHistory(originalUrl);
+    return {
+      type: "known-error",
+      error: providerOAuthError,
+    };
+  }
   for (const param of requiredParams) {
     if (!originalUrl.searchParams.has(param)) {
       if (!options?.dontWarnAboutMissingQueryParams) {

package/src/lib/hexclave-app/apps/implementations/admin-app-impl.ts CHANGED Viewed

@@ -1092,10 +1092,11 @@ export class _HexclaveAdminAppImplIncomplete<HasTokenStore extends boolean, Proj
     return result as AdminEmailOutbox;
   }
-  async listOutboxEmails(options?: { status?: string, simpleStatus?: string, limit?: number, cursor?: string }): Promise<{ items: AdminEmailOutbox[], nextCursor: string | null }> {
+  async listOutboxEmails(options?: { status?: string, simpleStatus?: string, userId?: string, limit?: number, cursor?: string }): Promise<{ items: AdminEmailOutbox[], nextCursor: string | null }> {
     const response = await this._interface.listOutboxEmails({
       status: options?.status,
       simple_status: options?.simpleStatus,
+      user_id: options?.userId,
       limit: options?.limit,
       cursor: options?.cursor,
     });

package/src/lib/hexclave-app/apps/implementations/client-app-impl.cross-domain.test.ts CHANGED Viewed

@@ -439,6 +439,72 @@ describe("StackClientApp cross-domain auth", () => {
     }
   });
+  it("redirects hosted current-page OAuth callback errors to the hosted error handler during startup", async () => {
+    const projectId = "00000000-0000-4000-8000-000000000010";
+    const previousWindow = globalThis.window;
+    const previousDocument = globalThis.document;
+    const callbackUrl = new URL("https://demo.stack-auth.com/dashboard");
+    callbackUrl.searchParams.set("errorCode", "SIGN_UP_REJECTED");
+    callbackUrl.searchParams.set("message", "Your sign up was rejected by an administrator's sign-up rule.");
+    callbackUrl.searchParams.set("details", JSON.stringify({
+      message: "Your sign up was rejected by an administrator's sign-up rule.",
+    }));
+    let currentHref = callbackUrl.toString();
+    let redirectedUrl = "";
+    const redirectSpy = vi.spyOn(StackClientApp.prototype as any, "_redirectTo").mockImplementation(async (...args: unknown[]) => {
+      const options = args[0] as { url: string | URL };
+      redirectedUrl = options.url.toString();
+    });
+    globalThis.document = createMockDocument();
+    globalThis.window = {
+      location: {
+        get href() {
+          return currentHref;
+        },
+        set href(value: string) {
+          currentHref = value;
+        },
+        origin: callbackUrl.origin,
+      },
+      history: {
+        replaceState: (_state: unknown, _title: string, url: string) => {
+          currentHref = new URL(url, currentHref).toString();
+        },
+      },
+      addEventListener: () => {},
+      removeEventListener: () => {},
+    } as any;
+    try {
+      new StackClientApp({
+        baseUrl: "http://localhost:12345",
+        projectId,
+        publishableClientKey: "stack-pk-test",
+        tokenStore: "memory",
+        redirectMethod: "window",
+        urls: {
+          default: { type: "hosted" },
+        },
+        noAutomaticPrefetch: true,
+      });
+      await new Promise((resolve) => setTimeout(resolve, 0));
+      await new Promise((resolve) => setTimeout(resolve, 0));
+    } finally {
+      redirectSpy.mockRestore();
+      globalThis.window = previousWindow;
+      globalThis.document = previousDocument;
+    }
+    const errorUrl = new URL(redirectedUrl);
+    expect(errorUrl.origin).toBe(`https://${projectId}.built-with-stack-auth.com`);
+    expect(errorUrl.pathname).toBe("/handler/error");
+    expect(errorUrl.searchParams.get("errorCode")).toBe("SIGN_UP_REJECTED");
+    expect(errorUrl.searchParams.get("message")).toBe("Your sign up was rejected by an administrator's sign-up rule.");
+    expect(new URL(currentHref).searchParams.has("errorCode")).toBe(false);
+  });
   it("uses direct sign-out instead of hosted sign-out redirects when code execution is available", async () => {
     const clientApp = new StackClientApp({
       baseUrl: "http://localhost:12345",

package/src/lib/hexclave-app/apps/implementations/client-app-impl.ts CHANGED Viewed

@@ -3,7 +3,7 @@
 // THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template
 //===========================================
 import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
-import { KnownErrors, HexclaveClientInterface } from "@hexclave/shared";
+import { KnownError, KnownErrors, HexclaveClientInterface } from "@hexclave/shared";
 import type { RequestListener } from "@hexclave/shared/dist/interface/client-interface";
 import { ContactChannelsCrud } from "@hexclave/shared/dist/interface/crud/contact-channels";
 import { CurrentUserCrud } from "@hexclave/shared/dist/interface/crud/current-user";
@@ -714,11 +714,11 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
     if (
       isBrowserLike()
       && (this._isOAuthCallbackUrlHosted() || this._currentUrlLooksLikeNestedCrossDomainOAuthCallback())
-      && this._currentUrlLooksLikeHexclaveOAuthCallback()
+      && (this._currentUrlLooksLikeHexclaveOAuthCallback() || this._currentUrlLooksLikeOAuthCallbackError())
     ) {
       this._trackPendingAuthResolution(async () => {
         if (isBrowserLike()) {
-          await this.callOAuthCallback({ dontWarnAboutMissingQueryParams: true });
+          await this._handleHostedOAuthCallbackDuringStartup();
         }
       });
     }
@@ -734,7 +734,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
     }
     if (isBrowserLike() && resolvedOptions.devTool !== false) {
-      mountDevTool(this as any);
+      mountDevTool(this as any, resolvedOptions.devTool);
     }
     if (isBrowserLike()) {
       // Independent of the dev tool: the clickmap overlay only ever renders
@@ -818,6 +818,22 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
       currentUrl.searchParams.has("code") && currentUrl.searchParams.has("state")
     ) || (
       currentUrl.searchParams.has("errorCode") && currentUrl.searchParams.has("message")
+    ) || (
+      this._currentUrlLooksLikeOAuthCallbackError()
+    );
+  }
+  protected _currentUrlLooksLikeOAuthCallbackError(): boolean {
+    if (typeof window === "undefined") {
+      return false;
+    }
+    const currentUrl = new URL(window.location.href);
+    if (currentUrl.searchParams.has("errorCode") && currentUrl.searchParams.has("message")) {
+      return true;
+    }
+    return (
+      (currentUrl.searchParams.has("error") || currentUrl.searchParams.has("error_description"))
+      && !(currentUrl.searchParams.has("code") && currentUrl.searchParams.has("state"))
     );
   }
@@ -859,6 +875,26 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
     return currentUrl.toString();
   }
+  protected async _redirectToOAuthCallbackError(error: KnownError): Promise<void> {
+    const errorUrl = new URL(this._getUrls().error, window.location.href);
+    errorUrl.searchParams.set("errorCode", error.errorCode);
+    errorUrl.searchParams.set("message", error.message);
+    errorUrl.searchParams.set("details", JSON.stringify(error.details ?? {}));
+    await this._redirectIfTrusted(errorUrl.toString(), { replace: true });
+  }
+  protected async _handleHostedOAuthCallbackDuringStartup(): Promise<void> {
+    try {
+      await this.callOAuthCallback({ dontWarnAboutMissingQueryParams: true });
+    } catch (error) {
+      if (KnownError.isKnownError(error)) {
+        await this._redirectToOAuthCallbackError(error);
+        return;
+      }
+      throw error;
+    }
+  }
   protected async _fetchCurrentRefreshTokenIdIfSignedIn(options?: {
     awaitPendingAuthResolutions?: boolean,
     overrideTokenStoreInit?: TokenStoreInit,

package/src/lib/hexclave-app/apps/interfaces/admin-app.ts CHANGED Viewed

@@ -20,6 +20,7 @@ import { StackServerApp, StackServerAppConstructorOptions } from "./server-app";
 export type EmailOutboxListOptions = {
   status?: string,
   simpleStatus?: string,
+  userId?: string,
   limit?: number,
   cursor?: string,
 };

package/src/lib/hexclave-app/apps/interfaces/client-app.ts CHANGED Viewed

@@ -26,11 +26,13 @@ export type StackClientAppConstructorOptions<HasTokenStore extends boolean, Proj
   inheritsFrom?: StackClientApp<any, any>,
   /**
-   * Whether to show the Hexclave dev tool indicator in browser-like development environments.
+   * Whether to show the Hexclave dev tool indicator in browser-like environments.
    *
-   * Defaults to true.
+   * - `true`: always show
+   * - `false`: never show
+   * - `"auto"` (default): show based on NODE_ENV or origin heuristics
    */
-  devTool?: boolean,
+  devTool?: boolean | "auto",
   /**
    * By default, the Stack app will automatically prefetch some data from Stack's server when this app is first