@instroc/auth 1.3.1 → 2.0.0-alpha.2

package/dist/chunk-26ODM5TP.js

@@ -0,0 +1,958 @@
+// src/forms/use-login-form.ts
+import { useState as useState2, useCallback, useRef, useEffect as useEffect2 } from "react";
+
+// src/use-auth.ts
+import { useEffect, useState } from "react";
+import { setInstrocProjectId, useInstrocConfig } from "@instroc/client";
+
+// src/auth-actions.ts
+import { getInstrocConfig as getInstrocConfig2 } from "@instroc/client";
+
+// src/errors.ts
+var AuthError = class _AuthError extends Error {
+  constructor(message, status, code) {
+    super(message);
+    this.name = "AuthError";
+    this.status = status;
+    this.code = code;
+    Object.setPrototypeOf(this, _AuthError.prototype);
+  }
+};
+function authErrorFromResponse(response, data, fallbackMessage) {
+  const body = data ?? {};
+  const message = body.error || fallbackMessage;
+  return new AuthError(message, response.status, body.code);
+}
+
+// src/auth-fetch.ts
+import { getInstrocConfig } from "@instroc/client";
+
+// src/version.ts
+var SDK_NAME = "instroc-auth";
+var SDK_VERSION = true ? "2.0.0-alpha.2" : "0.0.0-dev";
+function withSdkHeader(init) {
+  const headers = new Headers(init?.headers ?? {});
+  headers.set("X-Instroc-SDK", `${SDK_NAME}/${SDK_VERSION}`);
+  return { ...init, headers };
+}
+
+// src/auth-fetch.ts
+var WARNING_SESSION_KEY = "instroc_auth_sdk_warning_seen";
+function noteDeprecationWarning(response) {
+  const warning = response.headers?.get?.("X-Instroc-SDK-Warning");
+  if (!warning)
+    return;
+  if (typeof window === "undefined")
+    return;
+  try {
+    if (sessionStorage.getItem(WARNING_SESSION_KEY))
+      return;
+    sessionStorage.setItem(WARNING_SESSION_KEY, "1");
+  } catch {
+  }
+  console.warn(`[instroc-auth] ${warning}`);
+}
+function buildAuthUrl(endpoint) {
+  const { projectId, baseUrl } = getInstrocConfig();
+  if (!projectId) {
+    throw new Error(
+      "Instroc SDK is not configured \u2014 call initInstroc({ projectId }) before using auth."
+    );
+  }
+  return `${baseUrl}/${projectId}/auth/${endpoint}`;
+}
+async function authFetch(url, init) {
+  const response = await fetch(url, {
+    ...withSdkHeader(init),
+    credentials: "include"
+  });
+  noteDeprecationWarning(response);
+  return response;
+}
+
+// src/auth-store.ts
+import { useSyncExternalStore } from "react";
+import { createStore } from "zustand/vanilla";
+var INITIAL_STATE = {
+  user: null,
+  session: null,
+  // Starts true so guards like `if (loading) showSpinner` don't flash the
+  // logged-out UI before the bootstrap fetch resolves.
+  loading: true,
+  error: null,
+  authConfig: null,
+  visibilityConfig: null
+};
+var authStore = createStore(() => ({
+  ...INITIAL_STATE
+}));
+function setAuthState(patch) {
+  authStore.setState(patch);
+}
+function getAuthState() {
+  return authStore.getState();
+}
+var authStateListeners = /* @__PURE__ */ new Set();
+function subscribeAuthStateChange(listener) {
+  authStateListeners.add(listener);
+  return () => {
+    authStateListeners.delete(listener);
+  };
+}
+function notifyAuthStateChange(user) {
+  for (const listener of authStateListeners) {
+    try {
+      listener(user);
+    } catch (err) {
+      console.error("[instroc-auth] onAuthStateChange listener threw:", err);
+    }
+  }
+}
+function useAuthStoreSelector(selector) {
+  return useSyncExternalStore(
+    authStore.subscribe,
+    () => selector(authStore.getState()),
+    () => selector(authStore.getState())
+  );
+}
+
+// src/auth-actions.ts
+var refreshTimeout = null;
+function clearRefreshTimer() {
+  if (refreshTimeout) {
+    clearTimeout(refreshTimeout);
+    refreshTimeout = null;
+  }
+}
+function inMemorySession(session) {
+  if (!session)
+    return null;
+  return {
+    // Tokens stay empty in JS — XSS can't read them, period.
+    access_token: "",
+    refresh_token: "",
+    expires_at: session.expires_at
+  };
+}
+function scheduleRefresh(expiresAt) {
+  clearRefreshTimer();
+  const expiresTime = new Date(expiresAt).getTime();
+  const now = Date.now();
+  const refreshIn = expiresTime - now - 5 * 60 * 1e3;
+  if (refreshIn > 0) {
+    refreshTimeout = setTimeout(async () => {
+      try {
+        await refreshSession();
+      } catch (err) {
+        console.warn("[instroc-auth] Token refresh failed:", err);
+        updateAuthState(null, null);
+      }
+    }, refreshIn);
+  }
+}
+function updateAuthState(newUser, newSession) {
+  const stripped = inMemorySession(newSession);
+  setAuthState({ user: newUser, session: stripped });
+  if (stripped) {
+    scheduleRefresh(stripped.expires_at);
+  } else {
+    clearRefreshTimer();
+  }
+  notifyAuthStateChange(newUser);
+}
+async function fetchUser() {
+  const { projectId } = getInstrocConfig2();
+  if (!projectId) {
+    setAuthState({ loading: false });
+    return;
+  }
+  try {
+    const response = await authFetch(buildAuthUrl("me"));
+    if (response.ok) {
+      const data = await response.json();
+      updateAuthState(data.user ?? null, data.session ?? null);
+    } else if (response.status === 401) {
+      const refreshResponse = await authFetch(buildAuthUrl("refresh"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: "{}"
+      });
+      if (refreshResponse.ok) {
+        const meResponse = await authFetch(buildAuthUrl("me"));
+        if (meResponse.ok) {
+          const data = await meResponse.json();
+          updateAuthState(data.user ?? null, data.session ?? null);
+        } else {
+          updateAuthState(null, null);
+        }
+      } else {
+        updateAuthState(null, null);
+      }
+    } else {
+      updateAuthState(null, null);
+    }
+  } catch (err) {
+    console.error("[instroc-auth] Failed to fetch user:", err);
+    updateAuthState(null, null);
+  } finally {
+    setAuthState({ loading: false });
+  }
+}
+async function fetchAuthConfig() {
+  const { projectId, baseUrl } = getInstrocConfig2();
+  if (!projectId)
+    return;
+  try {
+    const response = await authFetch(`${baseUrl}/${projectId}/auth/config`);
+    if (response.ok) {
+      const data = await response.json();
+      setAuthState({
+        authConfig: data.config || null,
+        visibilityConfig: data.visibility || {
+          projectName: "App",
+          visibility: "public",
+          requireLogin: false,
+          logoUrl: null,
+          welcomeMessage: null
+        }
+      });
+    }
+  } catch (err) {
+    console.error("[instroc-auth] Failed to fetch auth config:", err);
+  }
+}
+async function login(credentials) {
+  setAuthState({ error: null, loading: true });
+  try {
+    const response = await authFetch(buildAuthUrl("login"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(credentials)
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, data, "Login failed");
+    }
+    const authResponse = data;
+    updateAuthState(authResponse.user, authResponse.session);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Login failed";
+    setAuthState({ error: message });
+    throw err;
+  } finally {
+    setAuthState({ loading: false });
+  }
+}
+async function signup(credentials) {
+  setAuthState({ error: null, loading: true });
+  try {
+    const response = await authFetch(buildAuthUrl("signup"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(credentials)
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, data, "Signup failed");
+    }
+    const authResponse = data;
+    if (authResponse.needsVerification) {
+      return { status: "needs_verification", email: credentials.email };
+    }
+    if (authResponse.needsApproval) {
+      updateAuthState(authResponse.user, authResponse.session);
+      return { status: "needs_approval", user: authResponse.user };
+    }
+    if (authResponse.session.access_token) {
+      updateAuthState(authResponse.user, authResponse.session);
+      return { status: "authenticated", user: authResponse.user };
+    }
+    return { status: "needs_verification", email: credentials.email };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Signup failed";
+    setAuthState({ error: message });
+    throw err;
+  } finally {
+    setAuthState({ loading: false });
+  }
+}
+async function logout() {
+  try {
+    await authFetch(buildAuthUrl("logout"), { method: "POST" });
+  } catch (err) {
+    console.error("[instroc-auth] Logout error:", err);
+  } finally {
+    updateAuthState(null, null);
+    clearRefreshTimer();
+  }
+}
+async function updateProfile(data) {
+  const { user } = getAuthState();
+  if (!user) {
+    throw new AuthError("Not authenticated", 401);
+  }
+  setAuthState({ error: null });
+  try {
+    const response = await authFetch(buildAuthUrl("me"), {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(data)
+    });
+    const result = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, result, "Update failed");
+    }
+    setAuthState({ user: result.user });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Update failed";
+    setAuthState({ error: message });
+    throw err;
+  }
+}
+async function refreshSession() {
+  const { user, session } = getAuthState();
+  if (!session)
+    return;
+  const response = await authFetch(buildAuthUrl("refresh"), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: "{}"
+  });
+  const data = await response.json();
+  if (!response.ok) {
+    throw authErrorFromResponse(response, data, "Refresh failed");
+  }
+  const refreshData = data;
+  updateAuthState(user, {
+    access_token: "",
+    refresh_token: "",
+    expires_at: refreshData.expires_at
+  });
+}
+async function forgotPassword(email) {
+  setAuthState({ error: null });
+  try {
+    const response = await authFetch(buildAuthUrl("forgot-password"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, data, "Request failed");
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Request failed";
+    setAuthState({ error: message });
+    throw err;
+  }
+}
+async function resetPassword(token, newPassword) {
+  setAuthState({ error: null });
+  try {
+    const response = await authFetch(buildAuthUrl("reset-password"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ token, password: newPassword })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, data, "Reset failed");
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Reset failed";
+    setAuthState({ error: message });
+    throw err;
+  }
+}
+function signInWithOAuth(provider) {
+  const { projectId, baseUrl } = getInstrocConfig2();
+  if (!projectId) {
+    setAuthState({ error: "Project ID is required" });
+    return;
+  }
+  const currentUrl = window.location.origin + window.location.pathname;
+  const oauthUrl = `${baseUrl}/${projectId}/auth/oauth/${provider}?redirect_uri=${encodeURIComponent(currentUrl)}`;
+  window.location.href = oauthUrl;
+}
+async function verifyOTP(email, code) {
+  setAuthState({ error: null, loading: true });
+  try {
+    const response = await authFetch(buildAuthUrl("verify-email"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email, otp: code })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, data, "Verification failed");
+    }
+    if (data.session) {
+      updateAuthState(data.user, data.session);
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Verification failed";
+    setAuthState({ error: message });
+    throw err;
+  } finally {
+    setAuthState({ loading: false });
+  }
+}
+async function resendOTP(email) {
+  setAuthState({ error: null });
+  try {
+    const response = await authFetch(buildAuthUrl("resend-verification"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ email })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw authErrorFromResponse(response, data, "Failed to resend code");
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to resend code";
+    setAuthState({ error: message });
+    throw err;
+  }
+}
+function parseOAuthCallback() {
+  if (typeof window === "undefined")
+    return false;
+  const hash = window.location.hash;
+  if (hash && (hash.startsWith("#auth=") || hash.startsWith("#access_token="))) {
+    window.history.replaceState({}, "", window.location.pathname);
+    return true;
+  }
+  const params = new URLSearchParams(window.location.search);
+  const accessToken = params.get("access_token");
+  const refreshToken = params.get("refresh_token");
+  const verifyEmailToken = params.get("verify_email");
+  const { projectId } = getInstrocConfig2();
+  if (verifyEmailToken && projectId) {
+    fetch(buildAuthUrl("verify-email"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ token: verifyEmailToken }),
+      credentials: "include"
+    }).then(() => window.history.replaceState({}, "", window.location.pathname)).catch(
+      () => window.history.replaceState({}, "", window.location.pathname)
+    );
+    return true;
+  }
+  if (accessToken || refreshToken) {
+    window.history.replaceState({}, "", window.location.pathname);
+    return true;
+  }
+  return false;
+}
+
+// src/auth-bootstrap.ts
+import { configStore, getInstrocConfig as getInstrocConfig3 } from "@instroc/client";
+var bootstrapped = false;
+var lastBootstrappedProjectId = null;
+var unsubscribe = null;
+function runBootstrapForCurrentConfig() {
+  const { projectId } = getInstrocConfig3();
+  if (projectId === lastBootstrappedProjectId)
+    return;
+  lastBootstrappedProjectId = projectId;
+  if (!projectId) {
+    setAuthState({ loading: false });
+    return;
+  }
+  parseOAuthCallback();
+  void fetchUser();
+  void fetchAuthConfig();
+}
+function ensureAuthBootstrap() {
+  if (bootstrapped)
+    return;
+  bootstrapped = true;
+  unsubscribe = configStore.subscribe(() => {
+    runBootstrapForCurrentConfig();
+  });
+  runBootstrapForCurrentConfig();
+}
+
+// src/use-auth.ts
+function useAuth() {
+  ensureAuthBootstrap();
+  const { user, session, loading, error, authConfig, visibilityConfig } = useAuthStoreSelector((state) => state);
+  const { projectId } = useInstrocConfig();
+  return {
+    user,
+    session,
+    loading,
+    error,
+    authConfig,
+    visibilityConfig,
+    projectId,
+    login,
+    signup,
+    logout,
+    signInWithOAuth,
+    verifyOTP,
+    resendOTP,
+    updateProfile,
+    refreshSession,
+    forgotPassword,
+    resetPassword,
+    setProjectId: setInstrocProjectId
+  };
+}
+var useAuthContext = useAuth;
+function useUser() {
+  const { user, loading } = useAuth();
+  return { user, loading };
+}
+function useSession() {
+  const { session, loading } = useAuth();
+  return { session, loading };
+}
+function useAuthRequired() {
+  const { user, loading, session } = useAuth();
+  if (loading) {
+    return { user: null, session: null, loading: true };
+  }
+  if (!user) {
+    throw new Error("Authentication required");
+  }
+  return { user, session, loading: false };
+}
+function useIsOwner() {
+  const { user, session, loading } = useAuth();
+  if (loading || !user || !session)
+    return false;
+  if (user.is_owner === true)
+    return true;
+  const claim = decodeIsOwnerClaim(session.access_token);
+  return claim === true;
+}
+function useIsWorkspaceMember() {
+  const [isMember, setIsMember] = useState(() => isDevHost());
+  useEffect(() => {
+    if (typeof window === "undefined")
+      return;
+    let cancelled = false;
+    (async () => {
+      try {
+        const res = await fetch("/__instroc/workspace-status", {
+          credentials: "include",
+          cache: "no-store"
+        });
+        if (cancelled)
+          return;
+        if (!res.ok) {
+          setIsMember(isDevHost());
+          return;
+        }
+        const data = await res.json();
+        setIsMember(data.isWorkspaceMember === true);
+      } catch {
+        if (!cancelled)
+          setIsMember(isDevHost());
+      }
+    })();
+    return () => {
+      cancelled = true;
+    };
+  }, []);
+  return isMember;
+}
+function isDevHost() {
+  if (typeof window === "undefined")
+    return false;
+  const h = window.location.hostname;
+  return h === "localhost" || h === "127.0.0.1" || h.endsWith(".fly.dev") || h.endsWith(".workers.dev") || h === "preview.instroc.app";
+}
+function decodeIsOwnerClaim(accessToken) {
+  try {
+    const parts = accessToken.split(".");
+    if (parts.length !== 3)
+      return void 0;
+    const payload = parts[1];
+    const base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
+    const json = typeof atob !== "undefined" ? atob(padded) : Buffer.from(padded, "base64").toString("utf-8");
+    const decoded = JSON.parse(json);
+    return decoded.is_owner;
+  } catch {
+    return void 0;
+  }
+}
+
+// src/forms/use-form-action.ts
+function resolveErrorMessage(err, messages, fallback) {
+  if (err instanceof AuthError) {
+    return messages?.[err.status] ?? err.message ?? fallback;
+  }
+  if (err instanceof Error)
+    return err.message;
+  return fallback;
+}
+function applyErrorResult(err, onError, messages, fallback, setError) {
+  const override = onError?.(err);
+  if (override === null) {
+    setError(null);
+    return;
+  }
+  if (typeof override === "string") {
+    setError(override);
+    return;
+  }
+  setError(resolveErrorMessage(err, messages, fallback));
+}
+
+// src/forms/use-login-form.ts
+function useLoginForm(options = {}) {
+  const { login: login2, user } = useAuth();
+  const { onSuccess, onNeedsVerification, onError, messages } = options;
+  const [loading, setLoading] = useState2(false);
+  const [error, setError] = useState2(null);
+  const mountedRef = useRef(true);
+  useEffect2(() => {
+    mountedRef.current = true;
+    return () => {
+      mountedRef.current = false;
+    };
+  }, []);
+  const safeSetError = useCallback((msg) => {
+    if (mountedRef.current)
+      setError(msg);
+  }, []);
+  const clearError = useCallback(() => safeSetError(null), [safeSetError]);
+  const submit = useCallback(
+    async (credentials) => {
+      if (mountedRef.current) {
+        setLoading(true);
+        setError(null);
+      }
+      try {
+        await login2(credentials);
+        onSuccess?.(user ?? { id: "", email: credentials.email });
+      } catch (err) {
+        if (err instanceof AuthError && err.status === 403 && onNeedsVerification) {
+          safeSetError(null);
+          onNeedsVerification(credentials.email);
+          return;
+        }
+        applyErrorResult(
+          err,
+          onError,
+          messages,
+          "Login failed. Please try again.",
+          safeSetError
+        );
+      } finally {
+        if (mountedRef.current)
+          setLoading(false);
+      }
+    },
+    [
+      login2,
+      user,
+      onSuccess,
+      onNeedsVerification,
+      onError,
+      messages,
+      safeSetError
+    ]
+  );
+  return { submit, loading, error, setError: safeSetError, clearError };
+}
+
+// src/forms/use-signup-form.ts
+import { useState as useState3, useCallback as useCallback2, useRef as useRef2, useEffect as useEffect3 } from "react";
+function useSignupForm(options = {}) {
+  const { signup: signup2 } = useAuth();
+  const { onSuccess, onNeedsVerification, onNeedsApproval, onError, messages } = options;
+  const [loading, setLoading] = useState3(false);
+  const [error, setError] = useState3(null);
+  const mountedRef = useRef2(true);
+  useEffect3(() => {
+    mountedRef.current = true;
+    return () => {
+      mountedRef.current = false;
+    };
+  }, []);
+  const safeSetError = useCallback2((msg) => {
+    if (mountedRef.current)
+      setError(msg);
+  }, []);
+  const clearError = useCallback2(() => safeSetError(null), [safeSetError]);
+  const submit = useCallback2(
+    async (credentials) => {
+      if (mountedRef.current) {
+        setLoading(true);
+        setError(null);
+      }
+      try {
+        const result = await signup2(credentials);
+        switch (result.status) {
+          case "authenticated":
+            onSuccess?.(result.user);
+            return;
+          case "needs_verification":
+            onNeedsVerification?.(result.email);
+            return;
+          case "needs_approval":
+            onNeedsApproval?.(result.user);
+            return;
+        }
+      } catch (err) {
+        applyErrorResult(
+          err,
+          onError,
+          messages,
+          "Signup failed. Please try again.",
+          safeSetError
+        );
+      } finally {
+        if (mountedRef.current)
+          setLoading(false);
+      }
+    },
+    [
+      signup2,
+      onSuccess,
+      onNeedsVerification,
+      onNeedsApproval,
+      onError,
+      messages,
+      safeSetError
+    ]
+  );
+  return { submit, loading, error, setError: safeSetError, clearError };
+}
+
+// src/forms/use-otp-form.ts
+import { useState as useState4, useCallback as useCallback3, useRef as useRef3, useEffect as useEffect4 } from "react";
+function useOtpForm(options) {
+  const { verifyOTP: verifyOTP2, resendOTP: resendOTP2 } = useAuth();
+  const {
+    email,
+    onSuccess,
+    onResendSuccess,
+    onError,
+    messages,
+    resendCooldownSeconds = 60
+  } = options;
+  const [loading, setLoading] = useState4(false);
+  const [resending, setResending] = useState4(false);
+  const [resendCooldown, setResendCooldown] = useState4(0);
+  const [error, setError] = useState4(null);
+  const mountedRef = useRef3(true);
+  useEffect4(() => {
+    mountedRef.current = true;
+    return () => {
+      mountedRef.current = false;
+    };
+  }, []);
+  useEffect4(() => {
+    if (resendCooldown <= 0)
+      return;
+    const id = setTimeout(() => setResendCooldown((s) => s - 1), 1e3);
+    return () => clearTimeout(id);
+  }, [resendCooldown]);
+  const safeSetError = useCallback3((msg) => {
+    if (mountedRef.current)
+      setError(msg);
+  }, []);
+  const clearError = useCallback3(() => safeSetError(null), [safeSetError]);
+  const submit = useCallback3(
+    async (code) => {
+      if (mountedRef.current) {
+        setLoading(true);
+        setError(null);
+      }
+      try {
+        await verifyOTP2(email, code);
+        onSuccess?.();
+      } catch (err) {
+        applyErrorResult(
+          err,
+          onError,
+          messages,
+          "Verification failed. Please try again.",
+          safeSetError
+        );
+      } finally {
+        if (mountedRef.current)
+          setLoading(false);
+      }
+    },
+    [verifyOTP2, email, onSuccess, onError, messages, safeSetError]
+  );
+  const resend = useCallback3(async () => {
+    if (resendCooldown > 0)
+      return;
+    if (mountedRef.current) {
+      setResending(true);
+      setError(null);
+    }
+    try {
+      await resendOTP2(email);
+      if (mountedRef.current)
+        setResendCooldown(resendCooldownSeconds);
+      onResendSuccess?.();
+    } catch (err) {
+      applyErrorResult(
+        err,
+        onError,
+        messages,
+        "Could not resend code. Please try again.",
+        safeSetError
+      );
+    } finally {
+      if (mountedRef.current)
+        setResending(false);
+    }
+  }, [
+    resendCooldown,
+    resendOTP2,
+    email,
+    resendCooldownSeconds,
+    onResendSuccess,
+    onError,
+    messages,
+    safeSetError
+  ]);
+  return {
+    submit,
+    resend,
+    loading,
+    resending,
+    resendCooldown,
+    error,
+    setError: safeSetError,
+    clearError
+  };
+}
+
+// src/forms/use-forgot-password-form.ts
+import { useState as useState5, useCallback as useCallback4, useRef as useRef4, useEffect as useEffect5 } from "react";
+function useForgotPasswordForm(options = {}) {
+  const { forgotPassword: forgotPassword2 } = useAuth();
+  const { onSuccess, onError, messages } = options;
+  const [loading, setLoading] = useState5(false);
+  const [submitted, setSubmitted] = useState5(false);
+  const [error, setError] = useState5(null);
+  const mountedRef = useRef4(true);
+  useEffect5(() => {
+    mountedRef.current = true;
+    return () => {
+      mountedRef.current = false;
+    };
+  }, []);
+  const safeSetError = useCallback4((msg) => {
+    if (mountedRef.current)
+      setError(msg);
+  }, []);
+  const clearError = useCallback4(() => safeSetError(null), [safeSetError]);
+  const reset = useCallback4(() => {
+    if (mountedRef.current) {
+      setSubmitted(false);
+      setError(null);
+    }
+  }, []);
+  const submit = useCallback4(
+    async (email) => {
+      if (mountedRef.current) {
+        setLoading(true);
+        setError(null);
+      }
+      try {
+        await forgotPassword2(email);
+        if (mountedRef.current)
+          setSubmitted(true);
+        onSuccess?.(email);
+      } catch (err) {
+        applyErrorResult(
+          err,
+          onError,
+          messages,
+          "Could not send reset link. Please try again.",
+          safeSetError
+        );
+      } finally {
+        if (mountedRef.current)
+          setLoading(false);
+      }
+    },
+    [forgotPassword2, onSuccess, onError, messages, safeSetError]
+  );
+  return {
+    submit,
+    loading,
+    submitted,
+    error,
+    setError: safeSetError,
+    clearError,
+    reset
+  };
+}
+
+// src/forms/use-reset-password-form.ts
+import { useState as useState6, useCallback as useCallback5, useRef as useRef5, useEffect as useEffect6 } from "react";
+function useResetPasswordForm(options) {
+  const { resetPassword: resetPassword2 } = useAuth();
+  const { token, onSuccess, onError, messages } = options;
+  const [loading, setLoading] = useState6(false);
+  const [error, setError] = useState6(null);
+  const mountedRef = useRef5(true);
+  useEffect6(() => {
+    mountedRef.current = true;
+    return () => {
+      mountedRef.current = false;
+    };
+  }, []);
+  const safeSetError = useCallback5((msg) => {
+    if (mountedRef.current)
+      setError(msg);
+  }, []);
+  const clearError = useCallback5(() => safeSetError(null), [safeSetError]);
+  const submit = useCallback5(
+    async (newPassword) => {
+      if (mountedRef.current) {
+        setLoading(true);
+        setError(null);
+      }
+      try {
+        await resetPassword2(token, newPassword);
+        onSuccess?.();
+      } catch (err) {
+        applyErrorResult(
+          err,
+          onError,
+          messages,
+          "Could not reset password. Please try again.",
+          safeSetError
+        );
+      } finally {
+        if (mountedRef.current)
+          setLoading(false);
+      }
+    },
+    [resetPassword2, token, onSuccess, onError, messages, safeSetError]
+  );
+  return { submit, loading, error, setError: safeSetError, clearError };
+}
+
+export {
+  AuthError,
+  subscribeAuthStateChange,
+  ensureAuthBootstrap,
+  useAuth,
+  useAuthContext,
+  useUser,
+  useSession,
+  useAuthRequired,
+  useIsOwner,
+  useIsWorkspaceMember,
+  useLoginForm,
+  useSignupForm,
+  useOtpForm,
+  useForgotPasswordForm,
+  useResetPasswordForm
+};