@hexclave/next 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/components-page/account-settings/payments/payments-panel.js +3 -3
- package/dist/components-page/account-settings/payments/payments-panel.js.map +1 -1
- package/dist/components-page/hexclave-handler-client.d.ts +13 -1
- package/dist/components-page/hexclave-handler-client.d.ts.map +1 -1
- package/dist/components-page/hexclave-handler-client.js +44 -9
- package/dist/components-page/hexclave-handler-client.js.map +1 -1
- package/dist/components-page/hexclave-handler-client.test.d.ts +1 -0
- package/dist/components-page/hexclave-handler-client.test.js +51 -0
- package/dist/components-page/hexclave-handler-client.test.js.map +1 -0
- package/dist/dev-tool/dev-tool-core.js +2 -2
- package/dist/dev-tool/dev-tool-core.js.map +1 -1
- package/dist/esm/components-page/account-settings/payments/payments-panel.js +2 -2
- package/dist/esm/components-page/account-settings/payments/payments-panel.js.map +1 -1
- package/dist/esm/components-page/hexclave-handler-client.d.ts +12 -1
- package/dist/esm/components-page/hexclave-handler-client.d.ts.map +1 -1
- package/dist/esm/components-page/hexclave-handler-client.js +46 -12
- package/dist/esm/components-page/hexclave-handler-client.js.map +1 -1
- package/dist/esm/components-page/hexclave-handler-client.test.d.ts +1 -0
- package/dist/esm/components-page/hexclave-handler-client.test.js +51 -0
- package/dist/esm/components-page/hexclave-handler-client.test.js.map +1 -0
- package/dist/esm/dev-tool/dev-tool-core.js +2 -2
- package/dist/esm/dev-tool/dev-tool-core.js.map +1 -1
- package/dist/esm/generated/env.d.ts +26 -0
- package/dist/esm/{lib → generated}/env.d.ts.map +1 -1
- package/dist/esm/generated/env.js +67 -0
- package/dist/esm/generated/env.js.map +1 -0
- package/dist/esm/generated/quetzal-translations.d.ts +2 -2
- package/dist/esm/global.d.ts +8 -1
- package/dist/esm/global.d.ts.map +1 -0
- package/dist/esm/lib/hexclave-app/apps/implementations/admin-app-impl.d.ts.map +1 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/client-app-impl.cross-domain.test.js +263 -3
- package/dist/esm/lib/hexclave-app/apps/implementations/client-app-impl.cross-domain.test.js.map +1 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/client-app-impl.d.ts +3 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/client-app-impl.d.ts.map +1 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/client-app-impl.js +53 -26
- package/dist/esm/lib/hexclave-app/apps/implementations/client-app-impl.js.map +1 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/common.d.ts +8 -8
- package/dist/esm/lib/hexclave-app/apps/implementations/common.d.ts.map +1 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/common.js +28 -14
- package/dist/esm/lib/hexclave-app/apps/implementations/common.js.map +1 -1
- package/dist/esm/lib/hexclave-app/apps/implementations/server-app-impl.js +1 -1
- package/dist/esm/lib/hexclave-app/url-targets.d.ts.map +1 -1
- package/dist/esm/lib/hexclave-app/url-targets.js +25 -11
- package/dist/esm/lib/hexclave-app/url-targets.js.map +1 -1
- package/dist/esm/lib/hexclave-app/url-targets.test.js +12 -0
- package/dist/esm/lib/hexclave-app/url-targets.test.js.map +1 -1
- package/dist/generated/env.d.ts +26 -0
- package/dist/{lib → generated}/env.d.ts.map +1 -1
- package/dist/generated/env.js +69 -0
- package/dist/generated/env.js.map +1 -0
- package/dist/generated/quetzal-translations.d.ts +2 -2
- package/dist/global.d.ts +8 -1
- package/dist/global.d.ts.map +1 -0
- package/dist/lib/hexclave-app/apps/implementations/admin-app-impl.d.ts.map +1 -1
- package/dist/lib/hexclave-app/apps/implementations/client-app-impl.cross-domain.test.js +263 -3
- package/dist/lib/hexclave-app/apps/implementations/client-app-impl.cross-domain.test.js.map +1 -1
- package/dist/lib/hexclave-app/apps/implementations/client-app-impl.d.ts +3 -1
- package/dist/lib/hexclave-app/apps/implementations/client-app-impl.d.ts.map +1 -1
- package/dist/lib/hexclave-app/apps/implementations/client-app-impl.js +52 -25
- package/dist/lib/hexclave-app/apps/implementations/client-app-impl.js.map +1 -1
- package/dist/lib/hexclave-app/apps/implementations/common.d.ts +8 -8
- package/dist/lib/hexclave-app/apps/implementations/common.d.ts.map +1 -1
- package/dist/lib/hexclave-app/apps/implementations/common.js +28 -14
- package/dist/lib/hexclave-app/apps/implementations/common.js.map +1 -1
- package/dist/lib/hexclave-app/apps/implementations/server-app-impl.js +1 -1
- package/dist/lib/hexclave-app/url-targets.d.ts.map +1 -1
- package/dist/lib/hexclave-app/url-targets.js +25 -11
- package/dist/lib/hexclave-app/url-targets.js.map +1 -1
- package/dist/lib/hexclave-app/url-targets.test.js +12 -0
- package/dist/lib/hexclave-app/url-targets.test.js.map +1 -1
- package/package.json +9 -7
- package/src/components-page/account-settings/payments/payments-panel.tsx +2 -2
- package/src/components-page/hexclave-handler-client.test.tsx +64 -0
- package/src/components-page/hexclave-handler-client.tsx +50 -11
- package/src/dev-tool/dev-tool-core.ts +2 -2
- package/src/generated/.gitignore +1 -1
- package/src/global.d.ts +8 -1
- package/src/lib/hexclave-app/apps/implementations/client-app-impl.cross-domain.test.ts +316 -3
- package/src/lib/hexclave-app/apps/implementations/client-app-impl.ts +69 -25
- package/src/lib/hexclave-app/apps/implementations/common.ts +34 -14
- package/src/lib/hexclave-app/url-targets.test.ts +17 -0
- package/src/lib/hexclave-app/url-targets.ts +25 -7
- package/dist/esm/lib/env.d.ts +0 -42
- package/dist/esm/lib/env.js +0 -93
- package/dist/esm/lib/env.js.map +0 -1
- package/dist/lib/env.d.ts +0 -42
- package/dist/lib/env.js +0 -95
- package/dist/lib/env.js.map +0 -1
- package/src/lib/env.ts +0 -93
|
@@ -18,12 +18,12 @@ let _hexclave_shared_dist_utils_redirect_urls = require("@hexclave/shared/dist/u
|
|
|
18
18
|
let _hexclave_shared_dist_utils_bytes = require("@hexclave/shared/dist/utils/bytes");
|
|
19
19
|
let ______common_js = require("../../common.js");
|
|
20
20
|
let ______projects_index_js = require("../../projects/index.js");
|
|
21
|
-
let _simplewebauthn_browser = require("@simplewebauthn/browser");
|
|
22
21
|
let _hexclave_shared_dist_sessions = require("@hexclave/shared/dist/sessions");
|
|
22
|
+
let _hexclave_shared_dist_utils_stores = require("@hexclave/shared/dist/utils/stores");
|
|
23
|
+
let _simplewebauthn_browser = require("@simplewebauthn/browser");
|
|
23
24
|
let _hexclave_shared_dist_utils_compile_time = require("@hexclave/shared/dist/utils/compile-time");
|
|
24
25
|
let _hexclave_shared_dist_utils_json = require("@hexclave/shared/dist/utils/json");
|
|
25
26
|
let _hexclave_shared_dist_utils_maps = require("@hexclave/shared/dist/utils/maps");
|
|
26
|
-
let _hexclave_shared_dist_utils_stores = require("@hexclave/shared/dist/utils/stores");
|
|
27
27
|
let _hexclave_shared_dist_utils_turnstile_flow = require("@hexclave/shared/dist/utils/turnstile-flow");
|
|
28
28
|
let _hexclave_shared_dist_utils_uuids = require("@hexclave/shared/dist/utils/uuids");
|
|
29
29
|
let cookie = require("cookie");
|
|
@@ -31,7 +31,7 @@ cookie = require_chunk.__toESM(cookie);
|
|
|
31
31
|
let ____________utils_url_js = require("../../../../utils/url.js");
|
|
32
32
|
let _________auth_js = require("../../../auth.js");
|
|
33
33
|
let _________cookie_js = require("../../../cookie.js");
|
|
34
|
-
let
|
|
34
|
+
let ____________generated_env_js = require("../../../../generated/env.js");
|
|
35
35
|
let ______api_keys_index_js = require("../../api-keys/index.js");
|
|
36
36
|
let ______contact_channels_index_js = require("../../contact-channels/index.js");
|
|
37
37
|
let ______teams_index_js = require("../../teams/index.js");
|
|
@@ -510,15 +510,15 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
510
510
|
for (const param of oauthCallbackResponseQueryParams) currentUrl.searchParams.delete(param);
|
|
511
511
|
return currentUrl.toString();
|
|
512
512
|
}
|
|
513
|
-
async
|
|
514
|
-
const tokens = await (await this._getSession(options?.overrideTokenStoreInit, options)).
|
|
513
|
+
async _fetchCurrentRefreshTokenIdIfSignedIn(options) {
|
|
514
|
+
const tokens = await (await this._getSession(options?.overrideTokenStoreInit, options)).fetchNewTokens();
|
|
515
515
|
if (tokens?.refreshToken == null) return null;
|
|
516
516
|
return tokens.accessToken.payload.refresh_token_id;
|
|
517
517
|
}
|
|
518
518
|
async _addNestedCrossDomainAuthParamsToRedirectUrl(options) {
|
|
519
519
|
const targetUrl = new URL(options.url, options.currentUrl);
|
|
520
520
|
if (targetUrl.origin === options.currentUrl.origin) return options.url;
|
|
521
|
-
const refreshTokenId = await this.
|
|
521
|
+
const refreshTokenId = await this._fetchCurrentRefreshTokenIdIfSignedIn({
|
|
522
522
|
awaitPendingAuthResolutions: options.awaitPendingAuthResolutions,
|
|
523
523
|
overrideTokenStoreInit: options.overrideTokenStoreInit
|
|
524
524
|
});
|
|
@@ -549,7 +549,7 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
549
549
|
const afterCallbackRedirectUrlString = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.afterCallbackRedirectUrl);
|
|
550
550
|
const afterCallbackRedirectUrl = afterCallbackRedirectUrlString == null ? redirectUriUrl : new URL(afterCallbackRedirectUrlString, redirectUriUrl);
|
|
551
551
|
if (!await this._isTrusted(afterCallbackRedirectUrl.toString())) throw new Error(`Nested cross-domain auth after-callback redirect URL ${afterCallbackRedirectUrlString} is not trusted.`);
|
|
552
|
-
if (await this.
|
|
552
|
+
if (await this._fetchCurrentRefreshTokenIdIfSignedIn({ awaitPendingAuthResolutions: false }) !== refreshTokenId) throw new Error("Nested cross-domain auth source session does not match the requested refresh token ID.");
|
|
553
553
|
await this._redirectTo({
|
|
554
554
|
url: await this._createCrossDomainAuthRedirectUrl({
|
|
555
555
|
redirectUri: redirectUriUrl.toString(),
|
|
@@ -562,7 +562,9 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
562
562
|
});
|
|
563
563
|
return true;
|
|
564
564
|
}
|
|
565
|
-
|
|
565
|
+
const currentRefreshTokenId = await this._fetchCurrentRefreshTokenIdIfSignedIn({ awaitPendingAuthResolutions: false });
|
|
566
|
+
if (currentRefreshTokenId === refreshTokenId) return false;
|
|
567
|
+
if (currentRefreshTokenId != null) (await this._getSession(void 0, { awaitPendingAuthResolutions: false })).markInvalid();
|
|
566
568
|
const callbackUrlString = currentUrl.searchParams.get(nestedCrossDomainAuthQueryParams.callbackUrl);
|
|
567
569
|
if (callbackUrlString == null) throw new _hexclave_shared_dist_utils_errors.HexclaveAssertionError("Nested cross-domain auth URL is missing callback URL");
|
|
568
570
|
if ((0, _hexclave_shared_dist_utils_urls.isRelative)(callbackUrlString)) throw new Error("Nested cross-domain auth callback URL must be absolute.");
|
|
@@ -715,6 +717,13 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
715
717
|
accessToken
|
|
716
718
|
};
|
|
717
719
|
}
|
|
720
|
+
_getCurrentBrowserCookieTokenStoreValue(old) {
|
|
721
|
+
const tokens = this._getTokensFromCookies(this._getAllBrowserCookies());
|
|
722
|
+
return {
|
|
723
|
+
refreshToken: tokens.refreshToken,
|
|
724
|
+
accessToken: tokens.accessToken ?? (old?.refreshToken === tokens.refreshToken ? old.accessToken : null)
|
|
725
|
+
};
|
|
726
|
+
}
|
|
718
727
|
get _accessTokenCookieName() {
|
|
719
728
|
return `hexclave-access`;
|
|
720
729
|
}
|
|
@@ -819,19 +828,12 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
819
828
|
_getBrowserCookieTokenStore() {
|
|
820
829
|
if (!(0, _hexclave_shared_dist_utils_env.isBrowserLike)()) throw new Error("Cannot use cookie token store on the server!");
|
|
821
830
|
if (this._storedBrowserCookieTokenStore === null) {
|
|
822
|
-
|
|
823
|
-
const tokens = this._getTokensFromCookies(this._getAllBrowserCookies());
|
|
824
|
-
return {
|
|
825
|
-
refreshToken: tokens.refreshToken,
|
|
826
|
-
accessToken: tokens.accessToken ?? (old?.refreshToken === tokens.refreshToken ? old.accessToken : null)
|
|
827
|
-
};
|
|
828
|
-
};
|
|
829
|
-
this._storedBrowserCookieTokenStore = new _hexclave_shared_dist_utils_stores.Store(getCurrentValue(null));
|
|
831
|
+
this._storedBrowserCookieTokenStore = new _hexclave_shared_dist_utils_stores.Store(this._getCurrentBrowserCookieTokenStoreValue(null));
|
|
830
832
|
let hasSucceededInWriting = true;
|
|
831
833
|
setInterval(() => {
|
|
832
834
|
if (hasSucceededInWriting) {
|
|
833
835
|
const oldValue = this._storedBrowserCookieTokenStore.get();
|
|
834
|
-
const currentValue =
|
|
836
|
+
const currentValue = this._getCurrentBrowserCookieTokenStoreValue(oldValue);
|
|
835
837
|
if (!(0, _hexclave_shared_dist_utils_objects.deepPlainEquals)(currentValue, oldValue)) this._storedBrowserCookieTokenStore.set(currentValue);
|
|
836
838
|
}
|
|
837
839
|
}, 100);
|
|
@@ -857,6 +859,10 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
857
859
|
else throw e;
|
|
858
860
|
}
|
|
859
861
|
});
|
|
862
|
+
} else {
|
|
863
|
+
const oldValue = this._storedBrowserCookieTokenStore.get();
|
|
864
|
+
const currentValue = this._getCurrentBrowserCookieTokenStoreValue(oldValue);
|
|
865
|
+
if (!(0, _hexclave_shared_dist_utils_objects.deepPlainEquals)(currentValue, oldValue)) this._storedBrowserCookieTokenStore.set(currentValue);
|
|
860
866
|
}
|
|
861
867
|
return this._storedBrowserCookieTokenStore;
|
|
862
868
|
}
|
|
@@ -951,17 +957,17 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
951
957
|
accessToken: tokenObj.accessToken
|
|
952
958
|
});
|
|
953
959
|
session.onAccessTokenChange((newAccessToken) => {
|
|
954
|
-
tokenStore.update((old) => ({
|
|
960
|
+
tokenStore.update((old) => _hexclave_shared_dist_sessions.InternalSession.calculateSessionKey(old) === sessionKey ? {
|
|
955
961
|
...old,
|
|
956
962
|
accessToken: newAccessToken?.token ?? null
|
|
957
|
-
})
|
|
963
|
+
} : old);
|
|
958
964
|
});
|
|
959
965
|
session.onInvalidate(() => {
|
|
960
|
-
tokenStore.update((old) => ({
|
|
966
|
+
tokenStore.update((old) => _hexclave_shared_dist_sessions.InternalSession.calculateSessionKey(old) === sessionKey ? {
|
|
961
967
|
...old,
|
|
962
968
|
accessToken: null,
|
|
963
969
|
refreshToken: null
|
|
964
|
-
})
|
|
970
|
+
} : old);
|
|
965
971
|
});
|
|
966
972
|
let sessionsBySessionKey = this._sessionsByTokenStoreAndSessionKey.get(tokenStore) ?? /* @__PURE__ */ new Map();
|
|
967
973
|
this._sessionsByTokenStoreAndSessionKey.set(tokenStore, sessionsBySessionKey);
|
|
@@ -1910,17 +1916,17 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
1910
1916
|
}
|
|
1911
1917
|
_getBotChallengeSiteKeys() {
|
|
1912
1918
|
if (!(0, _hexclave_shared_dist_utils_env.isBrowserLike)()) return null;
|
|
1913
|
-
const visibleSiteKey =
|
|
1919
|
+
const visibleSiteKey = ____________generated_env_js.envVars.HEXCLAVE_BOT_CHALLENGE_SITE_KEY;
|
|
1914
1920
|
if (!visibleSiteKey) {
|
|
1915
1921
|
if (!this._botChallengeSiteKeysWarned) {
|
|
1916
1922
|
this._botChallengeSiteKeysWarned = true;
|
|
1917
|
-
console.warn("[stack-auth]
|
|
1923
|
+
console.warn("[stack-auth] HEXCLAVE_BOT_CHALLENGE_SITE_KEY is not set — bot challenge fraud protection is disabled. Set the env variable to enable it.");
|
|
1918
1924
|
}
|
|
1919
1925
|
return null;
|
|
1920
1926
|
}
|
|
1921
1927
|
return {
|
|
1922
1928
|
visibleSiteKey,
|
|
1923
|
-
invisibleSiteKey:
|
|
1929
|
+
invisibleSiteKey: ____________generated_env_js.envVars.HEXCLAVE_BOT_CHALLENGE_INVISIBLE_SITE_KEY ?? visibleSiteKey
|
|
1924
1930
|
};
|
|
1925
1931
|
}
|
|
1926
1932
|
_getBotChallengeFlowFailure(error) {
|
|
@@ -2042,6 +2048,7 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
2042
2048
|
}
|
|
2043
2049
|
async _createCrossDomainAuthRedirectUrl(options) {
|
|
2044
2050
|
const session = await this._getSession(options.overrideTokenStoreInit, { awaitPendingAuthResolutions: options.awaitPendingAuthResolutions });
|
|
2051
|
+
await session.fetchNewTokens();
|
|
2045
2052
|
const response = await this._interface.sendClientRequest("/auth/oauth/cross-domain/authorize", {
|
|
2046
2053
|
method: "POST",
|
|
2047
2054
|
headers: { "Content-Type": "application/json" },
|
|
@@ -2142,6 +2149,8 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
2142
2149
|
return await this._redirectToHandler("signUp", options);
|
|
2143
2150
|
}
|
|
2144
2151
|
async redirectToSignOut(options) {
|
|
2152
|
+
const configuredSignOutTarget = this._urlOptions.signOut ?? this._urlOptions.default;
|
|
2153
|
+
if (typeof configuredSignOutTarget !== "string" && configuredSignOutTarget?.type === "hosted") return await this.signOut();
|
|
2145
2154
|
return await this._redirectToHandler("signOut", options);
|
|
2146
2155
|
}
|
|
2147
2156
|
async redirectToEmailVerification(options) {
|
|
@@ -2679,9 +2688,27 @@ var _HexclaveClientAppImplIncomplete = class _HexclaveClientAppImplIncomplete {
|
|
|
2679
2688
|
url: options.redirectUrl,
|
|
2680
2689
|
replace: true
|
|
2681
2690
|
});
|
|
2682
|
-
else await this.
|
|
2691
|
+
else await this._redirectToDefaultAfterSignOut();
|
|
2683
2692
|
});
|
|
2684
2693
|
}
|
|
2694
|
+
async _redirectToDefaultAfterSignOut() {
|
|
2695
|
+
if (this._urlOptions.afterSignOut != null) {
|
|
2696
|
+
await this.redirectToAfterSignOut({ replace: true });
|
|
2697
|
+
return;
|
|
2698
|
+
}
|
|
2699
|
+
if (this._urlOptions.home != null) {
|
|
2700
|
+
await this.redirectToHome({ replace: true });
|
|
2701
|
+
return;
|
|
2702
|
+
}
|
|
2703
|
+
if (this._urlOptions.default?.type === "hosted" && typeof window !== "undefined") {
|
|
2704
|
+
await this._redirectTo({
|
|
2705
|
+
url: (0, _hexclave_shared_dist_utils_urls.getRelativePart)(new URL(window.location.href)),
|
|
2706
|
+
replace: true
|
|
2707
|
+
});
|
|
2708
|
+
return;
|
|
2709
|
+
}
|
|
2710
|
+
await this.redirectToAfterSignOut({ replace: true });
|
|
2711
|
+
}
|
|
2685
2712
|
async signOut(options) {
|
|
2686
2713
|
const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
|
|
2687
2714
|
if (user) await user.signOut({ redirectUrl: options?.redirectUrl });
|