@insforge/react 1.1.6 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/dist/atoms.cjs.map +1 -1
  2. package/dist/atoms.js.map +1 -1
  3. package/dist/components.cjs +11 -2
  4. package/dist/components.cjs.map +1 -1
  5. package/dist/components.js +11 -2
  6. package/dist/components.js.map +1 -1
  7. package/dist/forms.cjs.map +1 -1
  8. package/dist/forms.js.map +1 -1
  9. package/dist/hooks.cjs.map +1 -1
  10. package/dist/hooks.js.map +1 -1
  11. package/dist/index.cjs +28 -2
  12. package/dist/index.cjs.map +1 -1
  13. package/dist/index.js +28 -2
  14. package/dist/index.js.map +1 -1
  15. package/dist/lib.cjs.map +1 -1
  16. package/dist/lib.d.cts +0 -6
  17. package/dist/lib.d.ts +0 -6
  18. package/dist/lib.js.map +1 -1
  19. package/package.json +114 -114
package/dist/index.js CHANGED
@@ -544,10 +544,27 @@ var InsforgeManager = class _InsforgeManager {
544
544
  const state = this.getState();
545
545
  this.listeners.forEach((listener) => listener(state));
546
546
  }
547
+ /**
548
+ * Clean up sensitive auth parameters from URL
549
+ * This is needed because SDK's detectAuthCallback may not run in Next.js
550
+ * when the SDK client is created at module level (before hydration)
551
+ */
552
+ cleanUrlParams() {
553
+ if (typeof window === "undefined") return;
554
+ const params = new URLSearchParams(window.location.search);
555
+ const authParams = ["access_token", "user_id", "email", "name", "csrf_token", "error"];
556
+ const hasAuthParams = authParams.some((p) => params.has(p));
557
+ if (hasAuthParams) {
558
+ const url = new URL(window.location.href);
559
+ authParams.forEach((p) => url.searchParams.delete(p));
560
+ window.history.replaceState({}, document.title, url.toString());
561
+ }
562
+ }
547
563
  // Load auth state
548
564
  // Gets session and user data from getCurrentSession()
549
565
  // Called after hydration to restore authentication state
550
566
  async loadAuthState() {
567
+ this.cleanUrlParams();
551
568
  try {
552
569
  const {
553
570
  data: { session }
@@ -4164,6 +4181,11 @@ function SignInForm({
4164
4181
  }
4165
4182
 
4166
4183
  // src/lib/hosted-auth.ts
4184
+ function getCsrfTokenFromCookie() {
4185
+ if (typeof document === "undefined") return null;
4186
+ const match2 = document.cookie.match(/(?:^|;\s*)insforge_csrf_token=([^;]*)/);
4187
+ return match2 ? decodeURIComponent(match2[1]) : null;
4188
+ }
4167
4189
  function isHostedAuthEnvironment() {
4168
4190
  if (typeof window === "undefined") {
4169
4191
  return false;
@@ -4214,11 +4236,13 @@ function SignIn({ onError, ...uiProps }) {
4214
4236
  isHandlingOAuthRedirectRef.current = false;
4215
4237
  return;
4216
4238
  }
4239
+ const csrfToken = getCsrfTokenFromCookie();
4217
4240
  const legacyUrl = buildLegacyAuthUrl(redirectUrl, {
4218
4241
  accessToken: session.accessToken,
4219
4242
  userId: session.user.id,
4220
4243
  email: session.user.email,
4221
- name: session.user.profile?.name || ""
4244
+ name: session.user.profile?.name || "",
4245
+ csrfToken: csrfToken || void 0
4222
4246
  });
4223
4247
  window.location.href = legacyUrl;
4224
4248
  } catch (err) {
@@ -4509,11 +4533,13 @@ function SignUp({ onError, emailRedirectTo, ...uiProps }) {
4509
4533
  isHandlingOAuthRedirectRef.current = false;
4510
4534
  return;
4511
4535
  }
4536
+ const csrfToken = getCsrfTokenFromCookie();
4512
4537
  const legacyUrl = buildLegacyAuthUrl(redirectUrl, {
4513
4538
  accessToken: session.accessToken,
4514
4539
  userId: session.user.id,
4515
4540
  email: session.user.email,
4516
- name: session.user.profile?.name || ""
4541
+ name: session.user.profile?.name || "",
4542
+ csrfToken: csrfToken || void 0
4517
4543
  });
4518
4544
  window.location.href = legacyUrl;
4519
4545
  } catch (err) {