@insforge/sdk 0.0.58-dev.7 → 0.0.58

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, UserIdSchema, EmailSchema, RoleSchema, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, UserIdSchema, EmailSchema, RoleSchema, SendVerificationEmailRequest, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, VerifyEmailRequest, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -131,7 +131,7 @@ declare class Auth {
      * This runs on initialization to seamlessly complete the OAuth flow
      * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
      */
-    private detectOAuthCallback;
+    private detectAuthCallback;
     /**
      * Sign up a new user
      */
@@ -228,12 +228,28 @@ declare class Auth {
         error: any | null;
     }>;
     /**
-     * Send password reset code to user's email
-     * Always returns success to prevent user enumeration
+     * Send email verification (code or link based on config)
+     *
+     * Send email verification using the method configured in auth settings (verifyEmailMethod).
+     * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
+     * Prevents user enumeration by returning success even if email doesn't exist.
      */
-    sendPasswordResetCode(request: {
-        email: string;
-    }): Promise<{
+    sendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
+        data: {
+            success: boolean;
+            message: string;
+        } | null;
+        error: InsForgeError | null;
+    }>;
+    /**
+     * Send password reset (code or link based on config)
+     *
+     * Send password reset email using the method configured in auth settings (resetPasswordMethod).
+     * When method is 'code', sends a 6-digit numeric code for two-step flow.
+     * When method is 'link', sends a magic link.
+     * Prevents user enumeration by returning success even if email doesn't exist.
+     */
+    sendResetPasswordEmail(request: SendResetPasswordEmailRequest): Promise<{
         data: {
             success: boolean;
             message: string;
@@ -241,8 +257,33 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Reset password with OTP token
-     * Token can be from magic link or from code verification
+     * Exchange reset password code for reset token
+     *
+     * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
+     * 1. Verify the 6-digit code sent to user's email
+     * 2. Return a reset token that can be used to actually reset the password
+     *
+     * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
+     */
+    exchangeResetPasswordToken(request: ExchangeResetPasswordTokenRequest): Promise<{
+        data: {
+            token: string;
+            expiresAt: string;
+        } | null;
+        error: InsForgeError | null;
+    }>;
+    /**
+     * Reset password with token
+     *
+     * Reset user password with a token. The token can be:
+     * - Magic link token (64-character hex token from send-reset-password when method is 'link')
+     * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
+     *
+     * Both token types use RESET_PASSWORD purpose and are verified the same way.
+     *
+     * Flow summary:
+     * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
+     * - Link method: send-reset-password → reset-password (with link token directly)
      */
     resetPassword(request: {
         newPassword: string;
@@ -255,17 +296,23 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Verify email with OTP token
-     * If email is provided: uses numeric OTP verification (6-digit code)
-     * If email is NOT provided: uses link OTP verification (64-char token)
+     * Verify email with code or link
+     *
+     * Verify email address using the method configured in auth settings (verifyEmailMethod):
+     * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
+     * - Link verification: Provide only `otp` (64-character hex token from magic link)
+     *
+     * Successfully verified users will receive a session token.
+     *
+     * The email verification link sent to users always points to the backend API endpoint.
+     * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
+     * Otherwise, a default success page is displayed.
      */
-    verifyEmail(request: {
-        email?: string;
-        otp: string;
-    }): Promise<{
+    verifyEmail(request: VerifyEmailRequest): Promise<{
         data: {
             accessToken: string;
             user?: any;
+            redirectTo?: string;
         } | null;
         error: InsForgeError | null;
     }>;

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, UserIdSchema, EmailSchema, RoleSchema, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetPublicAuthConfigResponse, UserIdSchema, EmailSchema, RoleSchema, SendVerificationEmailRequest, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, VerifyEmailRequest, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -131,7 +131,7 @@ declare class Auth {
      * This runs on initialization to seamlessly complete the OAuth flow
      * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
      */
-    private detectOAuthCallback;
+    private detectAuthCallback;
     /**
      * Sign up a new user
      */
@@ -228,12 +228,28 @@ declare class Auth {
         error: any | null;
     }>;
     /**
-     * Send password reset code to user's email
-     * Always returns success to prevent user enumeration
+     * Send email verification (code or link based on config)
+     *
+     * Send email verification using the method configured in auth settings (verifyEmailMethod).
+     * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
+     * Prevents user enumeration by returning success even if email doesn't exist.
      */
-    sendPasswordResetCode(request: {
-        email: string;
-    }): Promise<{
+    sendVerificationEmail(request: SendVerificationEmailRequest): Promise<{
+        data: {
+            success: boolean;
+            message: string;
+        } | null;
+        error: InsForgeError | null;
+    }>;
+    /**
+     * Send password reset (code or link based on config)
+     *
+     * Send password reset email using the method configured in auth settings (resetPasswordMethod).
+     * When method is 'code', sends a 6-digit numeric code for two-step flow.
+     * When method is 'link', sends a magic link.
+     * Prevents user enumeration by returning success even if email doesn't exist.
+     */
+    sendResetPasswordEmail(request: SendResetPasswordEmailRequest): Promise<{
         data: {
             success: boolean;
             message: string;
@@ -241,8 +257,33 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Reset password with OTP token
-     * Token can be from magic link or from code verification
+     * Exchange reset password code for reset token
+     *
+     * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
+     * 1. Verify the 6-digit code sent to user's email
+     * 2. Return a reset token that can be used to actually reset the password
+     *
+     * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
+     */
+    exchangeResetPasswordToken(request: ExchangeResetPasswordTokenRequest): Promise<{
+        data: {
+            token: string;
+            expiresAt: string;
+        } | null;
+        error: InsForgeError | null;
+    }>;
+    /**
+     * Reset password with token
+     *
+     * Reset user password with a token. The token can be:
+     * - Magic link token (64-character hex token from send-reset-password when method is 'link')
+     * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
+     *
+     * Both token types use RESET_PASSWORD purpose and are verified the same way.
+     *
+     * Flow summary:
+     * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
+     * - Link method: send-reset-password → reset-password (with link token directly)
      */
     resetPassword(request: {
         newPassword: string;
@@ -255,17 +296,23 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Verify email with OTP token
-     * If email is provided: uses numeric OTP verification (6-digit code)
-     * If email is NOT provided: uses link OTP verification (64-char token)
+     * Verify email with code or link
+     *
+     * Verify email address using the method configured in auth settings (verifyEmailMethod):
+     * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
+     * - Link verification: Provide only `otp` (64-character hex token from magic link)
+     *
+     * Successfully verified users will receive a session token.
+     *
+     * The email verification link sent to users always points to the backend API endpoint.
+     * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
+     * Otherwise, a default success page is displayed.
      */
-    verifyEmail(request: {
-        email?: string;
-        otp: string;
-    }): Promise<{
+    verifyEmail(request: VerifyEmailRequest): Promise<{
         data: {
             accessToken: string;
             user?: any;
+            redirectTo?: string;
         } | null;
         error: InsForgeError | null;
     }>;

package/dist/index.js

@@ -296,12 +296,12 @@ function convertDbProfileToCamelCase(dbProfile) {
   const result = {
     id: dbProfile.id
   };
-  if (dbProfile.created_at !== void 0) result.createdAt = dbProfile.created_at;
-  if (dbProfile.updated_at !== void 0) result.updatedAt = dbProfile.updated_at;
   Object.keys(dbProfile).forEach((key) => {
-    if (key === "id" || key === "created_at" || key === "updated_at") return;
-    const camelKey = key.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
-    result[camelKey] = dbProfile[key];
+    result[key] = dbProfile[key];
+    if (key.includes("_")) {
+      const camelKey = key.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
+      result[camelKey] = dbProfile[key];
+    }
   });
   return result;
 }
@@ -319,14 +319,14 @@ var Auth = class {
     this.http = http;
     this.tokenManager = tokenManager;
     this.database = new Database(http, tokenManager);
-    this.detectOAuthCallback();
+    this.detectAuthCallback();
   }
   /**
    * Automatically detect and handle OAuth callback parameters in the URL
    * This runs on initialization to seamlessly complete the OAuth flow
    * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
    */
-  detectOAuthCallback() {
+  detectAuthCallback() {
     if (typeof window === "undefined") return;
     try {
       const params = new URLSearchParams(window.location.search);
@@ -628,14 +628,10 @@ var Auth = class {
         session.user = {
           id: data2.user.id,
           email: data2.user.email,
-          name: data2.profile?.nickname || "",
-          // Fallback - profile structure is dynamic
+          name: "",
           emailVerified: false,
-          // Not available from API, but required by UserSchema
           createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-          // Fallback
           updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-          // Fallback
         };
         this.tokenManager.saveSession(session);
       }
@@ -648,13 +644,48 @@ var Auth = class {
     return { data: null, error };
   }
   /**
-   * Send password reset code to user's email
-   * Always returns success to prevent user enumeration
+   * Send email verification (code or link based on config)
+   *
+   * Send email verification using the method configured in auth settings (verifyEmailMethod).
+   * When method is 'code', sends a 6-digit numeric code. When method is 'link', sends a magic link.
+   * Prevents user enumeration by returning success even if email doesn't exist.
    */
-  async sendPasswordResetCode(request) {
+  async sendVerificationEmail(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/email/send-reset-password-code",
+        "/api/auth/email/send-verification",
+        request
+      );
+      return {
+        data: response,
+        error: null
+      };
+    } catch (error) {
+      if (error instanceof InsForgeError) {
+        return { data: null, error };
+      }
+      return {
+        data: null,
+        error: new InsForgeError(
+          "An unexpected error occurred while sending verification code",
+          500,
+          "UNEXPECTED_ERROR"
+        )
+      };
+    }
+  }
+  /**
+   * Send password reset (code or link based on config)
+   *
+   * Send password reset email using the method configured in auth settings (resetPasswordMethod).
+   * When method is 'code', sends a 6-digit numeric code for two-step flow.
+   * When method is 'link', sends a magic link.
+   * Prevents user enumeration by returning success even if email doesn't exist.
+   */
+  async sendResetPasswordEmail(request) {
+    try {
+      const response = await this.http.post(
+        "/api/auth/email/send-reset-password",
         request
       );
       return {
@@ -676,13 +707,55 @@ var Auth = class {
     }
   }
   /**
-   * Reset password with OTP token
-   * Token can be from magic link or from code verification
+   * Exchange reset password code for reset token
+   *
+   * Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'):
+   * 1. Verify the 6-digit code sent to user's email
+   * 2. Return a reset token that can be used to actually reset the password
+   *
+   * This endpoint is not used when resetPasswordMethod is 'link' (magic link flow is direct).
+   */
+  async exchangeResetPasswordToken(request) {
+    try {
+      const response = await this.http.post(
+        "/api/auth/email/exchange-reset-password-token",
+        request
+      );
+      return {
+        data: response,
+        error: null
+      };
+    } catch (error) {
+      if (error instanceof InsForgeError) {
+        return { data: null, error };
+      }
+      return {
+        data: null,
+        error: new InsForgeError(
+          "An unexpected error occurred while verifying reset code",
+          500,
+          "UNEXPECTED_ERROR"
+        )
+      };
+    }
+  }
+  /**
+   * Reset password with token
+   *
+   * Reset user password with a token. The token can be:
+   * - Magic link token (64-character hex token from send-reset-password when method is 'link')
+   * - Reset token (from exchange-reset-password-token after code verification when method is 'code')
+   *
+   * Both token types use RESET_PASSWORD purpose and are verified the same way.
+   *
+   * Flow summary:
+   * - Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
+   * - Link method: send-reset-password → reset-password (with link token directly)
    */
   async resetPassword(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/reset-password",
+        "/api/auth/email/reset-password",
         request
       );
       return {
@@ -704,14 +777,22 @@ var Auth = class {
     }
   }
   /**
-   * Verify email with OTP token
-   * If email is provided: uses numeric OTP verification (6-digit code)
-   * If email is NOT provided: uses link OTP verification (64-char token)
+   * Verify email with code or link
+   *
+   * Verify email address using the method configured in auth settings (verifyEmailMethod):
+   * - Code verification: Provide both `email` and `otp` (6-digit numeric code)
+   * - Link verification: Provide only `otp` (64-character hex token from magic link)
+   *
+   * Successfully verified users will receive a session token.
+   *
+   * The email verification link sent to users always points to the backend API endpoint.
+   * If `verifyEmailRedirectTo` is configured, the backend will redirect to that URL after successful verification.
+   * Otherwise, a default success page is displayed.
    */
   async verifyEmail(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/verify-email",
+        "/api/auth/email/verify",
         request
       );
       if (response.accessToken) {