@insforge/sdk 1.4.1 → 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/ssr.js CHANGED
@@ -34,6 +34,7 @@ __export(ssr_exports, {
34
34
  DEFAULT_REFRESH_TOKEN_COOKIE: () => DEFAULT_REFRESH_TOKEN_COOKIE,
35
35
  accessTokenCookieOptions: () => accessTokenCookieOptions,
36
36
  clearAuthCookies: () => clearAuthCookies,
37
+ createAuthActions: () => createAuthActions,
37
38
  createBrowserClient: () => createBrowserClient,
38
39
  createRefreshAuthRouter: () => createRefreshAuthRouter,
39
40
  createServerClient: () => createServerClient,
@@ -881,19 +882,32 @@ var HttpClient = class {
881
882
 
882
883
  // src/modules/auth/helpers.ts
883
884
  var PKCE_VERIFIER_KEY = "insforge_pkce_verifier";
885
+ async function getWebCrypto() {
886
+ const webCrypto = globalThis.crypto;
887
+ if (typeof webCrypto?.getRandomValues === "function" && webCrypto.subtle) {
888
+ return webCrypto;
889
+ }
890
+ if (typeof process !== "undefined" && process.versions?.node) {
891
+ const { webcrypto } = await import("crypto");
892
+ return webcrypto;
893
+ }
894
+ throw new Error("Web Crypto API is not available in this environment");
895
+ }
884
896
  function base64UrlEncode(buffer) {
885
897
  const base64 = btoa(String.fromCharCode(...buffer));
886
898
  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
887
899
  }
888
- function generateCodeVerifier() {
900
+ async function generateCodeVerifier() {
901
+ const webCrypto = await getWebCrypto();
889
902
  const array = new Uint8Array(32);
890
- crypto.getRandomValues(array);
903
+ webCrypto.getRandomValues(array);
891
904
  return base64UrlEncode(array);
892
905
  }
893
906
  async function generateCodeChallenge(verifier) {
907
+ const webCrypto = await getWebCrypto();
894
908
  const encoder = new TextEncoder();
895
909
  const data = encoder.encode(verifier);
896
- const hash = await crypto.subtle.digest("SHA-256", data);
910
+ const hash = await webCrypto.subtle.digest("SHA-256", data);
897
911
  return base64UrlEncode(new Uint8Array(hash));
898
912
  }
899
913
  function storePkceVerifier(verifier) {
@@ -940,7 +954,7 @@ var Auth = class {
940
954
  this.http = http;
941
955
  this.tokenManager = tokenManager;
942
956
  this.options = options;
943
- this.authCallbackHandled = this.detectAuthCallback();
957
+ this.authCallbackHandled = options.detectOAuthCallback === false ? Promise.resolve() : this.detectAuthCallback();
944
958
  }
945
959
  isServerMode() {
946
960
  return !!this.options.isServerMode;
@@ -1037,10 +1051,16 @@ var Auth = class {
1037
1051
  async signOut() {
1038
1052
  try {
1039
1053
  try {
1054
+ const serverMode = this.isServerMode();
1055
+ const csrfToken = !serverMode ? getCsrfToken() : null;
1040
1056
  await this.http.post(
1041
- this.isServerMode() ? "/api/auth/logout?client_type=mobile" : "/api/auth/logout",
1057
+ serverMode ? "/api/auth/logout?client_type=mobile" : "/api/auth/logout",
1042
1058
  void 0,
1043
- { credentials: "include", skipAuthRefresh: true }
1059
+ {
1060
+ credentials: "include",
1061
+ skipAuthRefresh: true,
1062
+ ...csrfToken ? { headers: { "X-CSRF-Token": csrfToken } } : {}
1063
+ }
1044
1064
  );
1045
1065
  } catch {
1046
1066
  }
@@ -1086,7 +1106,7 @@ var Auth = class {
1086
1106
  }
1087
1107
  const { provider } = signInOptions;
1088
1108
  const providerKey = encodeURIComponent(provider.toLowerCase());
1089
- const codeVerifier = generateCodeVerifier();
1109
+ const codeVerifier = await generateCodeVerifier();
1090
1110
  const codeChallenge = await generateCodeChallenge(codeVerifier);
1091
1111
  storePkceVerifier(codeVerifier);
1092
1112
  const params = {
@@ -1446,12 +1466,30 @@ function createInsForgePostgrestFetch(httpClient) {
1446
1466
  };
1447
1467
  }
1448
1468
  var Database = class {
1449
- constructor(httpClient) {
1469
+ constructor(httpClient, defaultSchema) {
1450
1470
  this.postgrest = new import_postgrest_js.PostgrestClient("http://dummy", {
1451
1471
  fetch: createInsForgePostgrestFetch(httpClient),
1452
- headers: {}
1472
+ headers: {},
1473
+ ...defaultSchema ? { schema: defaultSchema } : {}
1453
1474
  });
1454
1475
  }
1476
+ /**
1477
+ * Select a non-default Postgres schema for the chained query. Maps to
1478
+ * PostgREST's `Accept-Profile` (reads) / `Content-Profile` (writes) header.
1479
+ * The schema must be exposed by the backend.
1480
+ *
1481
+ * @example
1482
+ * const { data } = await client.database
1483
+ * .schema('analytics')
1484
+ * .from('events')
1485
+ * .select('*');
1486
+ *
1487
+ * @example
1488
+ * await client.database.schema('analytics').rpc('rollup', { day: '2026-01-01' });
1489
+ */
1490
+ schema(schemaName) {
1491
+ return this.postgrest.schema(schemaName);
1492
+ }
1455
1493
  /**
1456
1494
  * Create a query builder for a table
1457
1495
  *
@@ -2808,9 +2846,10 @@ var InsForgeClient = class {
2808
2846
  this.tokenManager.setAccessToken(accessToken);
2809
2847
  }
2810
2848
  this.auth = new Auth(this.http, this.tokenManager, {
2811
- isServerMode: config.isServerMode ?? !!accessToken
2849
+ isServerMode: config.isServerMode ?? !!accessToken,
2850
+ detectOAuthCallback: config.auth?.detectOAuthCallback
2812
2851
  });
2813
- this.database = new Database(this.http);
2852
+ this.database = new Database(this.http, config.db?.schema);
2814
2853
  this.storage = new Storage(this.http);
2815
2854
  this.ai = new AI(this.http);
2816
2855
  this.functions = new Functions(this.http, config.functionsUrl);
@@ -3217,7 +3256,10 @@ function createBrowserClient(options = {}) {
3217
3256
  fetch: ssrFetch,
3218
3257
  // Browser clients manage tokens via the refresh route, not a static
3219
3258
  // config token; shadow any untyped accessToken in the options spread.
3220
- accessToken: void 0
3259
+ accessToken: void 0,
3260
+ auth: {
3261
+ detectOAuthCallback: false
3262
+ }
3221
3263
  });
3222
3264
  const setAccessToken = client.setAccessToken.bind(client);
3223
3265
  client.setAccessToken = (token) => {
@@ -3422,6 +3464,109 @@ function createRefreshAuthRouter(options = {}) {
3422
3464
  };
3423
3465
  }
3424
3466
 
3467
+ // src/ssr/auth-actions.ts
3468
+ function persistSessionCookies(cookies, data, settings) {
3469
+ if (!data?.accessToken) return;
3470
+ setAuthCookies(
3471
+ cookies,
3472
+ {
3473
+ accessToken: data.accessToken,
3474
+ refreshToken: data.refreshToken
3475
+ },
3476
+ settings
3477
+ );
3478
+ }
3479
+ function sanitizeAuthData(data) {
3480
+ if (!data) return null;
3481
+ const {
3482
+ accessToken: _accessToken,
3483
+ refreshToken: _refreshToken,
3484
+ csrfToken: _csrfToken,
3485
+ ...safeData
3486
+ } = data;
3487
+ return safeData;
3488
+ }
3489
+ function toSafeAuthResult(result) {
3490
+ return {
3491
+ data: sanitizeAuthData(result.data),
3492
+ error: result.error
3493
+ };
3494
+ }
3495
+ function createAuthActions(options = {}) {
3496
+ const {
3497
+ cookies,
3498
+ requestCookies,
3499
+ responseCookies,
3500
+ names,
3501
+ options: cookieOptions,
3502
+ ...clientOptions
3503
+ } = options;
3504
+ const readCookies = requestCookies ?? cookies;
3505
+ const writeCookies = responseCookies ?? cookies;
3506
+ if (!writeCookies?.set) {
3507
+ throw new Error(
3508
+ "createAuthActions() requires a writable cookie store. Pass cookies in Server Actions or responseCookies in Route Handlers."
3509
+ );
3510
+ }
3511
+ const cookieSettings = {
3512
+ names,
3513
+ options: cookieOptions
3514
+ };
3515
+ const createClient = () => createServerClient({
3516
+ ...clientOptions,
3517
+ names,
3518
+ options: cookieOptions,
3519
+ cookies: readCookies
3520
+ });
3521
+ return {
3522
+ signUp: async (request) => {
3523
+ const result = await createClient().auth.signUp(request);
3524
+ persistSessionCookies(writeCookies, result.data, cookieSettings);
3525
+ return toSafeAuthResult(result);
3526
+ },
3527
+ signInWithPassword: async (request) => {
3528
+ const result = await createClient().auth.signInWithPassword(request);
3529
+ persistSessionCookies(writeCookies, result.data, cookieSettings);
3530
+ return toSafeAuthResult(
3531
+ result
3532
+ );
3533
+ },
3534
+ signInWithOAuth: async (providerOrOptions, signInOptions) => {
3535
+ return createClient().auth.signInWithOAuth(
3536
+ providerOrOptions,
3537
+ signInOptions
3538
+ );
3539
+ },
3540
+ signInWithIdToken: async (credentials) => {
3541
+ const result = await createClient().auth.signInWithIdToken(credentials);
3542
+ persistSessionCookies(writeCookies, result.data, cookieSettings);
3543
+ return toSafeAuthResult(
3544
+ result
3545
+ );
3546
+ },
3547
+ exchangeOAuthCode: async (code, codeVerifier) => {
3548
+ const result = await createClient().auth.exchangeOAuthCode(
3549
+ code,
3550
+ codeVerifier
3551
+ );
3552
+ persistSessionCookies(writeCookies, result.data, cookieSettings);
3553
+ return toSafeAuthResult(
3554
+ result
3555
+ );
3556
+ },
3557
+ verifyEmail: async (request) => {
3558
+ const result = await createClient().auth.verifyEmail(request);
3559
+ persistSessionCookies(writeCookies, result.data, cookieSettings);
3560
+ return toSafeAuthResult(result);
3561
+ },
3562
+ signOut: async () => {
3563
+ const result = await createClient().auth.signOut();
3564
+ clearAuthCookies(writeCookies, cookieSettings);
3565
+ return result;
3566
+ }
3567
+ };
3568
+ }
3569
+
3425
3570
  // src/ssr/update-session.ts
3426
3571
  async function updateSession(options) {
3427
3572
  const accessCookieName = getAccessTokenCookieName(options.names);
@@ -3483,6 +3628,7 @@ async function updateSession(options) {
3483
3628
  DEFAULT_REFRESH_TOKEN_COOKIE,
3484
3629
  accessTokenCookieOptions,
3485
3630
  clearAuthCookies,
3631
+ createAuthActions,
3486
3632
  createBrowserClient,
3487
3633
  createRefreshAuthRouter,
3488
3634
  createServerClient,