@insforge/sdk 1.3.0-ssr.1 → 1.3.0-ssr.3

package/README.md

@@ -37,9 +37,25 @@ import { createClient } from "@insforge/sdk";
 
 const insforge = createClient({
   baseUrl: "http://localhost:7130", // Your InsForge backend URL
+  anonKey: "your-anon-key", // Optional public anon key
 });
 ```
 
+### Server Admin Client
+
+Use `createAdminClient()` only in trusted server code that needs project-admin privileges:
+
+```typescript
+import { createAdminClient } from "@insforge/sdk";
+
+const admin = createAdminClient({
+  baseUrl: "http://localhost:7130",
+  apiKey: process.env.INSFORGE_API_KEY!,
+});
+```
+
+`apiKey` belongs in `createAdminClient()`. Public and user-scoped clients use `anonKey`.
+
 ### Authentication
 
 ```javascript
@@ -261,6 +277,8 @@ const insforge = createClient({
 });
 ```
 
+For project-admin keys, use `createAdminClient({ apiKey })` in server-only code.
+
 ### SSR / Next.js
 
 Use `@insforge/sdk/ssr` for apps that need the same auth session in Server Components, Client Components, Storage, and Realtime.
@@ -295,7 +313,19 @@ import { createRefreshAuthRouter } from "@insforge/sdk/ssr";
 export const { POST } = createRefreshAuthRouter();
 ```
 
-For server-owned refresh cookies, run sign-in in a Route Handler or Server Action and use `setAuthCookies()` from `@insforge/sdk/ssr` with the auth response.
+For server-owned refresh cookies, run sign-in in a Route Handler or Server Action and use `setAuthCookies()` from `@insforge/sdk/ssr` with the framework cookie writer. In Next.js Route Handlers, pass `response.cookies`:
+
+```typescript
+import { NextResponse } from "next/server";
+import { setAuthCookies } from "@insforge/sdk/ssr";
+
+const response = NextResponse.json({ user: data.user });
+setAuthCookies(response.cookies, {
+  accessToken: data.accessToken,
+  refreshToken: data.refreshToken,
+});
+return response;
+```
 
 If your refresh route needs custom side effects:
 

package/dist/{client-B8ykVESe.d.mts → client-CQfw9UsO.d.mts}

@@ -78,6 +78,12 @@ interface InsForgeConfig {
      */
     retryDelay?: number;
 }
+type InsForgeAdminConfig = Omit<InsForgeConfig, 'anonKey' | 'edgeFunctionToken' | 'isServerMode'> & {
+    /**
+     * Project admin API key. Keep this server-side only.
+     */
+    apiKey: string;
+};
 interface AuthSession {
     user: UserSchema;
     accessToken: string;
@@ -1118,4 +1124,4 @@ declare class InsForgeClient {
     setAccessToken(token: string | null): void;
 }
 
-export { type AuthSession as A, type ConnectionState as C, Database as D, Emails as E, Functions as F, HttpClient as H, InsForgeClient as I, Logger as L, Payments as P, Realtime as R, Storage as S, TokenManager as T, type InsForgeConfig as a, type ApiError as b, type InsForgeErrorCode as c, InsForgeError as d, Auth as e, StorageBucket as f, type StorageResponse as g, AI as h, type FunctionInvokeOptions as i, type PaymentsResponse as j, type EventCallback as k, type AuthRefreshResponse as l };
+export { type AuthSession as A, type ConnectionState as C, Database as D, Emails as E, Functions as F, HttpClient as H, InsForgeClient as I, Logger as L, Payments as P, Realtime as R, Storage as S, TokenManager as T, type InsForgeConfig as a, type InsForgeAdminConfig as b, type ApiError as c, type InsForgeErrorCode as d, InsForgeError as e, Auth as f, StorageBucket as g, type StorageResponse as h, AI as i, type FunctionInvokeOptions as j, type PaymentsResponse as k, type EventCallback as l, type AuthRefreshResponse as m };

package/dist/{client-B8ykVESe.d.ts → client-CQfw9UsO.d.ts}

@@ -78,6 +78,12 @@ interface InsForgeConfig {
      */
     retryDelay?: number;
 }
+type InsForgeAdminConfig = Omit<InsForgeConfig, 'anonKey' | 'edgeFunctionToken' | 'isServerMode'> & {
+    /**
+     * Project admin API key. Keep this server-side only.
+     */
+    apiKey: string;
+};
 interface AuthSession {
     user: UserSchema;
     accessToken: string;
@@ -1118,4 +1124,4 @@ declare class InsForgeClient {
     setAccessToken(token: string | null): void;
 }
 
-export { type AuthSession as A, type ConnectionState as C, Database as D, Emails as E, Functions as F, HttpClient as H, InsForgeClient as I, Logger as L, Payments as P, Realtime as R, Storage as S, TokenManager as T, type InsForgeConfig as a, type ApiError as b, type InsForgeErrorCode as c, InsForgeError as d, Auth as e, StorageBucket as f, type StorageResponse as g, AI as h, type FunctionInvokeOptions as i, type PaymentsResponse as j, type EventCallback as k, type AuthRefreshResponse as l };
+export { type AuthSession as A, type ConnectionState as C, Database as D, Emails as E, Functions as F, HttpClient as H, InsForgeClient as I, Logger as L, Payments as P, Realtime as R, Storage as S, TokenManager as T, type InsForgeConfig as a, type InsForgeAdminConfig as b, type ApiError as c, type InsForgeErrorCode as d, InsForgeError as e, Auth as f, StorageBucket as g, type StorageResponse as h, AI as i, type FunctionInvokeOptions as j, type PaymentsResponse as k, type EventCallback as l, type AuthRefreshResponse as m };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { I as InsForgeClient, a as InsForgeConfig } from './client-B8ykVESe.mjs';
-export { h as AI, b as ApiError, e as Auth, A as AuthSession, C as ConnectionState, D as Database, E as Emails, k as EventCallback, i as FunctionInvokeOptions, F as Functions, H as HttpClient, d as InsForgeError, c as InsForgeErrorCode, L as Logger, P as Payments, j as PaymentsResponse, R as Realtime, S as Storage, f as StorageBucket, g as StorageResponse, T as TokenManager } from './client-B8ykVESe.mjs';
+import { I as InsForgeClient, a as InsForgeConfig, b as InsForgeAdminConfig } from './client-CQfw9UsO.mjs';
+export { i as AI, c as ApiError, f as Auth, A as AuthSession, C as ConnectionState, D as Database, E as Emails, l as EventCallback, j as FunctionInvokeOptions, F as Functions, H as HttpClient, e as InsForgeError, d as InsForgeErrorCode, L as Logger, P as Payments, k as PaymentsResponse, R as Realtime, S as Storage, g as StorageBucket, h as StorageResponse, T as TokenManager } from './client-CQfw9UsO.mjs';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, RealtimeErrorPayload, SendRawEmailRequest as SendEmailOptions, SendEmailResponse, SocketMessage, SubscribeResponse, UserSchema } from '@insforge/shared-schemas';
 import '@supabase/postgrest-js';
 
@@ -9,6 +9,7 @@ import '@supabase/postgrest-js';
  * @packageDocumentation
  */
 
-declare function createClient(config: InsForgeConfig): InsForgeClient;
+declare function createClient(config?: InsForgeConfig): InsForgeClient;
+declare function createAdminClient(config: InsForgeAdminConfig): InsForgeClient;
 
-export { InsForgeConfig as ClientOptions, InsForgeClient, InsForgeConfig, createClient, InsForgeClient as default };
+export { InsForgeConfig as ClientOptions, InsForgeAdminConfig, InsForgeClient, InsForgeConfig, createAdminClient, createClient, InsForgeClient as default };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { I as InsForgeClient, a as InsForgeConfig } from './client-B8ykVESe.js';
-export { h as AI, b as ApiError, e as Auth, A as AuthSession, C as ConnectionState, D as Database, E as Emails, k as EventCallback, i as FunctionInvokeOptions, F as Functions, H as HttpClient, d as InsForgeError, c as InsForgeErrorCode, L as Logger, P as Payments, j as PaymentsResponse, R as Realtime, S as Storage, f as StorageBucket, g as StorageResponse, T as TokenManager } from './client-B8ykVESe.js';
+import { I as InsForgeClient, a as InsForgeConfig, b as InsForgeAdminConfig } from './client-CQfw9UsO.js';
+export { i as AI, c as ApiError, f as Auth, A as AuthSession, C as ConnectionState, D as Database, E as Emails, l as EventCallback, j as FunctionInvokeOptions, F as Functions, H as HttpClient, e as InsForgeError, d as InsForgeErrorCode, L as Logger, P as Payments, k as PaymentsResponse, R as Realtime, S as Storage, g as StorageBucket, h as StorageResponse, T as TokenManager } from './client-CQfw9UsO.js';
 export { AuthErrorResponse, CreateSessionRequest, CreateUserRequest, RealtimeErrorPayload, SendRawEmailRequest as SendEmailOptions, SendEmailResponse, SocketMessage, SubscribeResponse, UserSchema } from '@insforge/shared-schemas';
 import '@supabase/postgrest-js';
 
@@ -9,6 +9,7 @@ import '@supabase/postgrest-js';
  * @packageDocumentation
  */
 
-declare function createClient(config: InsForgeConfig): InsForgeClient;
+declare function createClient(config?: InsForgeConfig): InsForgeClient;
+declare function createAdminClient(config: InsForgeAdminConfig): InsForgeClient;
 
-export { InsForgeConfig as ClientOptions, InsForgeClient, InsForgeConfig, createClient, InsForgeClient as default };
+export { InsForgeConfig as ClientOptions, InsForgeAdminConfig, InsForgeClient, InsForgeConfig, createAdminClient, createClient, InsForgeClient as default };

package/dist/index.js

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -34,6 +44,7 @@ __export(index_exports, {
   Storage: () => Storage,
   StorageBucket: () => StorageBucket,
   TokenManager: () => TokenManager,
+  createAdminClient: () => createAdminClient,
   createClient: () => createClient,
   default: () => index_default
 });
@@ -2218,7 +2229,6 @@ var Functions = class _Functions {
 };
 
 // src/modules/realtime.ts
-var import_socket = require("socket.io-client");
 var CONNECT_TIMEOUT = 1e4;
 var Realtime = class {
   constructor(baseUrl, tokenManager, anonKey) {
@@ -2253,61 +2263,69 @@ var Realtime = class {
     if (this.connectPromise) {
       return this.connectPromise;
     }
-    this.connectPromise = new Promise((resolve, reject) => {
-      const token = this.tokenManager.getAccessToken() ?? this.anonKey;
-      this.socket = (0, import_socket.io)(this.baseUrl, {
-        transports: ["websocket"],
-        auth: token ? { token } : void 0
-      });
-      let initialConnection = true;
-      let timeoutId = null;
-      const cleanup = () => {
-        if (timeoutId) {
-          clearTimeout(timeoutId);
-          timeoutId = null;
-        }
-      };
-      timeoutId = setTimeout(() => {
-        if (initialConnection) {
-          initialConnection = false;
-          this.connectPromise = null;
-          this.socket?.disconnect();
-          this.socket = null;
-          reject(new Error(`Connection timeout after ${CONNECT_TIMEOUT}ms`));
-        }
-      }, CONNECT_TIMEOUT);
-      this.socket.on("connect", () => {
-        cleanup();
-        for (const channel of this.subscribedChannels) {
-          this.socket.emit("realtime:subscribe", { channel });
-        }
-        this.notifyListeners("connect");
-        if (initialConnection) {
-          initialConnection = false;
-          this.connectPromise = null;
-          resolve();
-        }
-      });
-      this.socket.on("connect_error", (error) => {
-        cleanup();
-        this.notifyListeners("connect_error", error);
-        if (initialConnection) {
-          initialConnection = false;
-          this.connectPromise = null;
-          reject(error);
-        }
-      });
-      this.socket.on("disconnect", (reason) => {
-        this.notifyListeners("disconnect", reason);
-      });
-      this.socket.on("realtime:error", (error) => {
-        this.notifyListeners("error", error);
-      });
-      this.socket.onAny((event, message) => {
-        if (event === "realtime:error") return;
-        this.notifyListeners(event, message);
-      });
-    });
+    this.connectPromise = (async () => {
+      try {
+        const { io } = await import("socket.io-client");
+        await new Promise((resolve, reject) => {
+          const token = this.tokenManager.getAccessToken() ?? this.anonKey;
+          this.socket = io(this.baseUrl, {
+            transports: ["websocket"],
+            auth: token ? { token } : void 0
+          });
+          let initialConnection = true;
+          let timeoutId = null;
+          const cleanup = () => {
+            if (timeoutId) {
+              clearTimeout(timeoutId);
+              timeoutId = null;
+            }
+          };
+          timeoutId = setTimeout(() => {
+            if (initialConnection) {
+              initialConnection = false;
+              this.connectPromise = null;
+              this.socket?.disconnect();
+              this.socket = null;
+              reject(new Error(`Connection timeout after ${CONNECT_TIMEOUT}ms`));
+            }
+          }, CONNECT_TIMEOUT);
+          this.socket.on("connect", () => {
+            cleanup();
+            for (const channel of this.subscribedChannels) {
+              this.socket.emit("realtime:subscribe", { channel });
+            }
+            this.notifyListeners("connect");
+            if (initialConnection) {
+              initialConnection = false;
+              this.connectPromise = null;
+              resolve();
+            }
+          });
+          this.socket.on("connect_error", (error) => {
+            cleanup();
+            this.notifyListeners("connect_error", error);
+            if (initialConnection) {
+              initialConnection = false;
+              this.connectPromise = null;
+              reject(error);
+            }
+          });
+          this.socket.on("disconnect", (reason) => {
+            this.notifyListeners("disconnect", reason);
+          });
+          this.socket.on("realtime:error", (error) => {
+            this.notifyListeners("error", error);
+          });
+          this.socket.onAny((event, message) => {
+            if (event === "realtime:error") return;
+            this.notifyListeners(event, message);
+          });
+        });
+      } catch (error) {
+        this.connectPromise = null;
+        throw error;
+      }
+    })();
     return this.connectPromise;
   }
   /**
@@ -2631,9 +2649,20 @@ var InsForgeClient = class {
 };
 
 // src/index.ts
-function createClient(config) {
+function createClient(config = {}) {
   return new InsForgeClient(config);
 }
+function createAdminClient(config) {
+  if (!config?.apiKey) {
+    throw new Error("Missing apiKey. Pass apiKey to createAdminClient().");
+  }
+  const { apiKey, ...clientConfig } = config;
+  return new InsForgeClient({
+    ...clientConfig,
+    edgeFunctionToken: apiKey,
+    isServerMode: true
+  });
+}
 var index_default = InsForgeClient;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
@@ -2651,6 +2680,7 @@ var index_default = InsForgeClient;
   Storage,
   StorageBucket,
   TokenManager,
+  createAdminClient,
   createClient
 });
 //# sourceMappingURL=index.js.map