@insforge/sdk 1.1.6 → 1.2.0-dev.1

package/README.md

@@ -170,8 +170,29 @@ The SDK supports the following configuration options:
 
 ```javascript
 const insforge = createClient({
-  baseUrl: 'http://localhost:7130',  // Required: Your InsForge backend URL
-  storageStrategy: 'localStorage'     // Optional: 'localStorage' or 'memory' (default: 'localStorage')
+  baseUrl: 'http://localhost:7130', // Your InsForge backend URL
+  anonKey: 'your-anon-key',         // Optional
+  isServerMode: false               // Optional (set true in SSR/server runtime)
+});
+```
+
+### SSR / Next.js
+
+For SSR apps, configure `isServerMode: true`.
+In this mode, auth requests use `client_type=mobile` so auth methods return `refreshToken` in the response body.
+The SDK does not auto-refresh in server mode; your Next.js app should manage refresh token flow.
+In server mode, the SDK does not persist session/user state.
+Read your access token from cookies in Next.js and pass it as `edgeFunctionToken` per request.
+Your app should write/update cookies itself after login/refresh.
+
+```typescript
+import { createClient } from '@insforge/sdk';
+const accessToken = /* read access token from request cookies */ null;
+
+const insforge = createClient({
+  baseUrl: process.env.INSFORGE_URL!,
+  isServerMode: true,
+  edgeFunctionToken: accessToken ?? undefined,
 });
 ```
 
@@ -211,7 +232,7 @@ if (error) {
 The SDK works in all modern browsers that support:
 - ES6+ features
 - Fetch API
-- LocalStorage (for session management)
+- Cookies (for refresh token flow)
 
 For Node.js environments, ensure you're using Node.js 18 or higher.
 

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetProfileResponse, SendVerificationEmailRequest, VerifyEmailRequest, VerifyEmailResponse, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, GetPublicAuthConfigResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, EmbeddingsRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, RefreshSessionResponse, GetProfileResponse, SendVerificationEmailRequest, VerifyEmailRequest, VerifyEmailResponse, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, GetPublicAuthConfigResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, EmbeddingsRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, RealtimeErrorPayload, SendRawEmailRequest as SendEmailOptions, SendEmailResponse, SocketMessage, SubscribeResponse, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -36,29 +36,16 @@ interface InsForgeConfig {
      */
     fetch?: typeof fetch;
     /**
-     * Storage adapter for persisting tokens
+     * Enable server-side auth mode (SSR/Node runtime)
+     * In this mode auth endpoints use `client_type=mobile` and refresh_token body flow.
+     * @default false
      */
-    storage?: TokenStorage;
-    /**
-     * Whether to automatically refresh tokens before they expire
-     * @default true
-     */
-    autoRefreshToken?: boolean;
-    /**
-     * Whether to persist session in storage
-     * @default true
-     */
-    persistSession?: boolean;
+    isServerMode?: boolean;
     /**
      * Custom headers to include with every request
      */
     headers?: Record<string, string>;
 }
-interface TokenStorage {
-    getItem(key: string): string | null | Promise<string | null>;
-    setItem(key: string, value: string): void | Promise<void>;
-    removeItem(key: string): void | Promise<void>;
-}
 interface AuthSession {
     user: UserSchema;
     accessToken: string;
@@ -102,37 +89,16 @@ declare class HttpClient {
 /**
  * Token Manager for InsForge SDK
  *
- * Simple token storage that supports two modes:
- * - Memory mode (new backend): tokens stored in memory only, more secure
- * - Storage mode (legacy backend): tokens persisted in localStorage
+ * Memory-only token storage.
  */
 
 declare class TokenManager {
     private accessToken;
     private user;
-    private storage;
-    private _mode;
     onTokenChange: (() => void) | null;
-    constructor(storage?: TokenStorage);
-    /**
-     * Get current mode
-     */
-    get mode(): 'memory' | 'storage';
-    /**
-     * Set mode to memory (new backend with cookies + memory)
-     */
-    setMemoryMode(): void;
+    constructor();
     /**
-     * Set mode to storage (legacy backend with localStorage)
-     * Also loads existing session from localStorage
-     */
-    setStorageMode(): void;
-    /**
-     * Load session from localStorage
-     */
-    private loadFromStorage;
-    /**
-     * Save session (memory always, localStorage only in storage mode)
+     * Save session in memory
      */
     saveSession(session: AuthSession): void;
     /**
@@ -156,13 +122,9 @@ declare class TokenManager {
      */
     setUser(user: UserSchema): void;
     /**
-     * Clear session (both memory and localStorage)
+     * Clear in-memory session
      */
     clearSession(): void;
-    /**
-     * Check if there's a session in localStorage (for legacy detection)
-     */
-    hasStoredSession(): boolean;
 }
 
 /**
@@ -170,14 +132,19 @@ declare class TokenManager {
  * Handles authentication, sessions, profiles, and email verification
  */
 
+interface AuthOptions {
+    isServerMode?: boolean;
+}
 declare class Auth {
     private http;
     private tokenManager;
+    private options;
     private authCallbackHandled;
-    constructor(http: HttpClient, tokenManager: TokenManager);
+    constructor(http: HttpClient, tokenManager: TokenManager, options?: AuthOptions);
+    private isServerMode;
     /**
      * Save session from API response
-     * Handles token storage, CSRF token, and HTTP client auth header
+     * Handles token storage, CSRF token, and HTTP auth header
      */
     private saveSessionFromResponse;
     /**
@@ -218,6 +185,7 @@ declare class Auth {
     exchangeOAuthCode(code: string, codeVerifier?: string): Promise<{
         data: {
             accessToken: string;
+            refreshToken?: string;
             user: UserSchema;
             redirectTo?: string;
         } | null;
@@ -242,18 +210,23 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Get current session, automatically waits for pending OAuth callback
-     * @deprecated Use `getCurrentUser` instead
+     * Refresh the current auth session.
+     *
+     * Browser mode:
+     * - Uses httpOnly refresh cookie and optional CSRF header.
+     *
+     * Server mode (`isServerMode: true`):
+     * - Uses mobile auth flow and requires `refreshToken` in request body.
      */
-    getCurrentSession(): Promise<{
-        data: {
-            session: AuthSession | null;
-        };
+    refreshSession(options?: {
+        refreshToken?: string;
+    }): Promise<{
+        data: RefreshSessionResponse | null;
         error: InsForgeError | null;
     }>;
     /**
-   * Get current user, automatically waits for pending OAuth callback
-   */
+     * Get current user, automatically waits for pending OAuth callback
+     */
     getCurrentUser(): Promise<{
         data: {
             user: UserSchema | null;
@@ -930,4 +903,4 @@ declare class InsForgeClient {
 
 declare function createClient(config: InsForgeConfig): InsForgeClient;
 
-export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, type ConnectionState, Database, Emails, type EventCallback, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, Realtime, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, createClient, InsForgeClient as default };
+export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, type ConnectionState, Database, Emails, type EventCallback, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, Realtime, Storage, StorageBucket, type StorageResponse, TokenManager, createClient, InsForgeClient as default };

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, GetProfileResponse, SendVerificationEmailRequest, VerifyEmailRequest, VerifyEmailResponse, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, GetPublicAuthConfigResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, EmbeddingsRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
+import { UserSchema, CreateUserRequest, CreateUserResponse, CreateSessionRequest, CreateSessionResponse, OAuthProvidersSchema, RefreshSessionResponse, GetProfileResponse, SendVerificationEmailRequest, VerifyEmailRequest, VerifyEmailResponse, SendResetPasswordEmailRequest, ExchangeResetPasswordTokenRequest, GetPublicAuthConfigResponse, StorageFileSchema, ListObjectsResponseSchema, ChatCompletionRequest, ImageGenerationRequest, EmbeddingsRequest, SubscribeResponse, SocketMessage, SendRawEmailRequest, SendEmailResponse } from '@insforge/shared-schemas';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, RealtimeErrorPayload, SendRawEmailRequest as SendEmailOptions, SendEmailResponse, SocketMessage, SubscribeResponse, UserSchema } from '@insforge/shared-schemas';
 import * as _supabase_postgrest_js from '@supabase/postgrest-js';
 
@@ -36,29 +36,16 @@ interface InsForgeConfig {
      */
     fetch?: typeof fetch;
     /**
-     * Storage adapter for persisting tokens
+     * Enable server-side auth mode (SSR/Node runtime)
+     * In this mode auth endpoints use `client_type=mobile` and refresh_token body flow.
+     * @default false
      */
-    storage?: TokenStorage;
-    /**
-     * Whether to automatically refresh tokens before they expire
-     * @default true
-     */
-    autoRefreshToken?: boolean;
-    /**
-     * Whether to persist session in storage
-     * @default true
-     */
-    persistSession?: boolean;
+    isServerMode?: boolean;
     /**
      * Custom headers to include with every request
      */
     headers?: Record<string, string>;
 }
-interface TokenStorage {
-    getItem(key: string): string | null | Promise<string | null>;
-    setItem(key: string, value: string): void | Promise<void>;
-    removeItem(key: string): void | Promise<void>;
-}
 interface AuthSession {
     user: UserSchema;
     accessToken: string;
@@ -102,37 +89,16 @@ declare class HttpClient {
 /**
  * Token Manager for InsForge SDK
  *
- * Simple token storage that supports two modes:
- * - Memory mode (new backend): tokens stored in memory only, more secure
- * - Storage mode (legacy backend): tokens persisted in localStorage
+ * Memory-only token storage.
  */
 
 declare class TokenManager {
     private accessToken;
     private user;
-    private storage;
-    private _mode;
     onTokenChange: (() => void) | null;
-    constructor(storage?: TokenStorage);
-    /**
-     * Get current mode
-     */
-    get mode(): 'memory' | 'storage';
-    /**
-     * Set mode to memory (new backend with cookies + memory)
-     */
-    setMemoryMode(): void;
+    constructor();
     /**
-     * Set mode to storage (legacy backend with localStorage)
-     * Also loads existing session from localStorage
-     */
-    setStorageMode(): void;
-    /**
-     * Load session from localStorage
-     */
-    private loadFromStorage;
-    /**
-     * Save session (memory always, localStorage only in storage mode)
+     * Save session in memory
      */
     saveSession(session: AuthSession): void;
     /**
@@ -156,13 +122,9 @@ declare class TokenManager {
      */
     setUser(user: UserSchema): void;
     /**
-     * Clear session (both memory and localStorage)
+     * Clear in-memory session
      */
     clearSession(): void;
-    /**
-     * Check if there's a session in localStorage (for legacy detection)
-     */
-    hasStoredSession(): boolean;
 }
 
 /**
@@ -170,14 +132,19 @@ declare class TokenManager {
  * Handles authentication, sessions, profiles, and email verification
  */
 
+interface AuthOptions {
+    isServerMode?: boolean;
+}
 declare class Auth {
     private http;
     private tokenManager;
+    private options;
     private authCallbackHandled;
-    constructor(http: HttpClient, tokenManager: TokenManager);
+    constructor(http: HttpClient, tokenManager: TokenManager, options?: AuthOptions);
+    private isServerMode;
     /**
      * Save session from API response
-     * Handles token storage, CSRF token, and HTTP client auth header
+     * Handles token storage, CSRF token, and HTTP auth header
      */
     private saveSessionFromResponse;
     /**
@@ -218,6 +185,7 @@ declare class Auth {
     exchangeOAuthCode(code: string, codeVerifier?: string): Promise<{
         data: {
             accessToken: string;
+            refreshToken?: string;
             user: UserSchema;
             redirectTo?: string;
         } | null;
@@ -242,18 +210,23 @@ declare class Auth {
         error: InsForgeError | null;
     }>;
     /**
-     * Get current session, automatically waits for pending OAuth callback
-     * @deprecated Use `getCurrentUser` instead
+     * Refresh the current auth session.
+     *
+     * Browser mode:
+     * - Uses httpOnly refresh cookie and optional CSRF header.
+     *
+     * Server mode (`isServerMode: true`):
+     * - Uses mobile auth flow and requires `refreshToken` in request body.
      */
-    getCurrentSession(): Promise<{
-        data: {
-            session: AuthSession | null;
-        };
+    refreshSession(options?: {
+        refreshToken?: string;
+    }): Promise<{
+        data: RefreshSessionResponse | null;
         error: InsForgeError | null;
     }>;
     /**
-   * Get current user, automatically waits for pending OAuth callback
-   */
+     * Get current user, automatically waits for pending OAuth callback
+     */
     getCurrentUser(): Promise<{
         data: {
             user: UserSchema | null;
@@ -930,4 +903,4 @@ declare class InsForgeClient {
 
 declare function createClient(config: InsForgeConfig): InsForgeClient;
 
-export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, type ConnectionState, Database, Emails, type EventCallback, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, Realtime, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, createClient, InsForgeClient as default };
+export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, type ConnectionState, Database, Emails, type EventCallback, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, Realtime, Storage, StorageBucket, type StorageResponse, TokenManager, createClient, InsForgeClient as default };