@instroc/auth 1.1.1 → 1.2.0

package/dist/{chunk-T7NGX4DQ.js → chunk-E6J2FYDA.js}

@@ -29,7 +29,7 @@ function authErrorFromResponse(response, data, fallbackMessage) {
 
 // src/version.ts
 var SDK_NAME = "instroc-auth";
-var SDK_VERSION = true ? "1.1.1" : "0.0.0-dev";
+var SDK_VERSION = true ? "1.2.0" : "0.0.0-dev";
 function withSdkHeader(init) {
   const headers = new Headers(init?.headers ?? {});
   headers.set("X-Instroc-SDK", `${SDK_NAME}/${SDK_VERSION}`);
@@ -42,7 +42,7 @@ var AuthContext = createContext(null);
 var STORAGE_KEY = "instroc_auth_session";
 var WARNING_SESSION_KEY = "instroc_auth_sdk_warning_seen";
 function noteDeprecationWarning(response) {
-  const warning = response.headers.get("X-Instroc-SDK-Warning");
+  const warning = response.headers?.get?.("X-Instroc-SDK-Warning");
   if (!warning)
     return;
   if (typeof window === "undefined")
@@ -596,6 +596,30 @@ function useAuthRequired() {
   }
   return { user, session, loading: false };
 }
+function useIsOwner() {
+  const { user, session, loading } = useAuthContext();
+  if (loading || !user || !session)
+    return false;
+  if (user.is_owner === true)
+    return true;
+  const claim = decodeIsOwnerClaim(session.access_token);
+  return claim === true;
+}
+function decodeIsOwnerClaim(accessToken) {
+  try {
+    const parts = accessToken.split(".");
+    if (parts.length !== 3)
+      return void 0;
+    const payload = parts[1];
+    const base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
+    const json = typeof atob !== "undefined" ? atob(padded) : Buffer.from(padded, "base64").toString("utf-8");
+    const decoded = JSON.parse(json);
+    return decoded.is_owner;
+  } catch {
+    return void 0;
+  }
+}
 
 // src/forms/use-form-action.ts
 function resolveErrorMessage(err, messages, fallback) {
@@ -962,6 +986,7 @@ export {
   useUser,
   useSession,
   useAuthRequired,
+  useIsOwner,
   useLoginForm,
   useSignupForm,
   useOtpForm,

package/dist/forms.d.ts

@@ -1 +1 @@
-export { M as MessageOverrides, O as OnErrorResult, m as UseForgotPasswordFormOptions, n as UseForgotPasswordFormReturn, U as UseLoginFormOptions, h as UseLoginFormReturn, k as UseOtpFormOptions, l as UseOtpFormReturn, o as UseResetPasswordFormOptions, p as UseResetPasswordFormReturn, i as UseSignupFormOptions, j as UseSignupFormReturn, f as useForgotPasswordForm, u as useLoginForm, e as useOtpForm, g as useResetPasswordForm, d as useSignupForm } from './index-D4rCSC9H.js';
+export { M as MessageOverrides, O as OnErrorResult, m as UseForgotPasswordFormOptions, n as UseForgotPasswordFormReturn, U as UseLoginFormOptions, h as UseLoginFormReturn, k as UseOtpFormOptions, l as UseOtpFormReturn, o as UseResetPasswordFormOptions, p as UseResetPasswordFormReturn, i as UseSignupFormOptions, j as UseSignupFormReturn, f as useForgotPasswordForm, u as useLoginForm, e as useOtpForm, g as useResetPasswordForm, d as useSignupForm } from './index-iglVgSQI.js';

package/dist/forms.js

@@ -4,7 +4,7 @@ import {
   useOtpForm,
   useResetPasswordForm,
   useSignupForm
-} from "./chunk-T7NGX4DQ.js";
+} from "./chunk-E6J2FYDA.js";
 export {
   useForgotPasswordForm,
   useLoginForm,

package/dist/{index-D4rCSC9H.d.ts → index-iglVgSQI.d.ts}

@@ -6,6 +6,13 @@ interface AuthUser {
     avatar_url: string | null;
     metadata: Record<string, unknown>;
     created_at: string;
+    /**
+     * True for the project owner (first user or explicitly designated). Mirrors
+     * the `is_owner` JWT claim used for RLS bypass on the server. Templates
+     * gate admin UIs (/admin, /studio) on this field so only the owner sees
+     * CRUD controls in production.
+     */
+    is_owner?: boolean;
 }
 interface AuthSession {
     access_token: string;

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { A as AuthProviderProps, a as AuthContextValue, b as AuthUser, c as AuthSession } from './index-D4rCSC9H.js';
-export { r as AuthConfig, w as AuthResponse, q as AuthState, L as LoginCredentials, M as MessageOverrides, s as OAuthProvider, O as OnErrorResult, R as RefreshResponse, S as SignupCredentials, t as SignupResult, v as UpdateProfileData, m as UseForgotPasswordFormOptions, n as UseForgotPasswordFormReturn, U as UseLoginFormOptions, h as UseLoginFormReturn, k as UseOtpFormOptions, l as UseOtpFormReturn, o as UseResetPasswordFormOptions, p as UseResetPasswordFormReturn, i as UseSignupFormOptions, j as UseSignupFormReturn, V as VisibilityConfig, f as useForgotPasswordForm, u as useLoginForm, e as useOtpForm, g as useResetPasswordForm, d as useSignupForm } from './index-D4rCSC9H.js';
+import { A as AuthProviderProps, a as AuthContextValue, b as AuthUser, c as AuthSession } from './index-iglVgSQI.js';
+export { r as AuthConfig, w as AuthResponse, q as AuthState, L as LoginCredentials, M as MessageOverrides, s as OAuthProvider, O as OnErrorResult, R as RefreshResponse, S as SignupCredentials, t as SignupResult, v as UpdateProfileData, m as UseForgotPasswordFormOptions, n as UseForgotPasswordFormReturn, U as UseLoginFormOptions, h as UseLoginFormReturn, k as UseOtpFormOptions, l as UseOtpFormReturn, o as UseResetPasswordFormOptions, p as UseResetPasswordFormReturn, i as UseSignupFormOptions, j as UseSignupFormReturn, V as VisibilityConfig, f as useForgotPasswordForm, u as useLoginForm, e as useOtpForm, g as useResetPasswordForm, d as useSignupForm } from './index-iglVgSQI.js';
 
 declare function AuthProvider({ children, projectId: initialProjectId, baseUrl, persistSession, onAuthStateChange, }: AuthProviderProps): JSX.Element;
 declare function useAuthContext(): AuthContextValue;
@@ -22,6 +22,18 @@ declare function useAuthRequired(): {
     session: AuthSession | null;
     loading: boolean;
 };
+/**
+ * Returns true if the current user is the project owner. Used by templates
+ * to gate admin/studio routes.
+ *
+ * Reads `user.is_owner` first (populated by the `/me` endpoint). Falls back
+ * to decoding the access token's `is_owner` claim so the check is accurate
+ * immediately after login (the login response doesn't echo is_owner — only
+ * `/me` does, and that only runs on mount).
+ *
+ * Returns `false` while loading or when unauthenticated.
+ */
+declare function useIsOwner(): boolean;
 
 /**
  * Typed error thrown by every `@instroc/auth` method when the server responds
@@ -54,4 +66,4 @@ declare class AuthError extends Error {
     constructor(message: string, status: number, code?: string);
 }
 
-export { AuthContextValue, AuthError, AuthProvider, AuthProviderProps, AuthSession, AuthUser, useAuth, useAuthContext, useAuthRequired, useSession, useUser };
+export { AuthContextValue, AuthError, AuthProvider, AuthProviderProps, AuthSession, AuthUser, useAuth, useAuthContext, useAuthRequired, useIsOwner, useSession, useUser };

package/dist/index.js

@@ -5,13 +5,14 @@ import {
   useAuthContext,
   useAuthRequired,
   useForgotPasswordForm,
+  useIsOwner,
   useLoginForm,
   useOtpForm,
   useResetPasswordForm,
   useSession,
   useSignupForm,
   useUser
-} from "./chunk-T7NGX4DQ.js";
+} from "./chunk-E6J2FYDA.js";
 export {
   AuthError,
   AuthProvider,
@@ -19,6 +20,7 @@ export {
   useAuthContext,
   useAuthRequired,
   useForgotPasswordForm,
+  useIsOwner,
   useLoginForm,
   useOtpForm,
   useResetPasswordForm,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@instroc/auth",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Authentication hooks for Instroc Cloud — useAuth, useUser, AuthProvider, and headless form hooks",
   "type": "module",
   "main": "dist/index.js",
@@ -18,10 +18,6 @@
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch"
-  },
   "peerDependencies": {
     "react": "^18.0.0"
   },
@@ -39,5 +35,9 @@
   },
   "publishConfig": {
     "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch"
   }
-}
+}