@kaiz11/stack-client 0.0.14

package/dist/lib/keys.js

@@ -0,0 +1,147 @@
+import { PLATFORM_TENANT_ID } from "../types.js";
+/**
+ * Error thrown when fetching the anon key fails
+ */
+export class AnonKeyError extends Error {
+    statusCode;
+    constructor(message, statusCode) {
+        super(message);
+        this.statusCode = statusCode;
+        this.name = "AnonKeyError";
+    }
+}
+/**
+ * Build the public key URL for a tenant
+ *
+ * @param baseUrl - Base URL of the stack (e.g., "https://stack.zenku.app")
+ * @param tenantId - Tenant identifier (default: "_platform")
+ * @returns The full URL to fetch the public key
+ *
+ * @example
+ * ```typescript
+ * const url = buildPublicKeyUrl("https://stack.zenku.app", "acme");
+ * // => "https://stack.zenku.app/tenants/acme/public_key"
+ * ```
+ */
+export function buildPublicKeyUrl(baseUrl, tenantId = PLATFORM_TENANT_ID) {
+    const base = baseUrl.replace(/\/$/, "");
+    return `${base}/tenants/${tenantId}/public_key`;
+}
+/**
+ * Fetch the anon key for a tenant
+ *
+ * The anon key is a pre-signed JWT with `role = "anon"` that can be used
+ * for unauthenticated requests. It's designed to be public - security
+ * comes from RLS policies, not from the key being secret.
+ *
+ * The response is cached by the server (Cache-Control: public, max-age=3600).
+ *
+ * @param baseUrl - Base URL of the stack (e.g., "https://stack.zenku.app")
+ * @param tenantId - Tenant identifier (default: "_platform")
+ * @returns The anon key (JWT string)
+ * @throws AnonKeyError if the fetch fails
+ *
+ * @example
+ * ```typescript
+ * import { fetchAnonKey } from "@kaiz11/stack-client";
+ *
+ * // Fetch anon key for a tenant
+ * const anonKey = await fetchAnonKey("https://stack.zenku.app", "acme");
+ *
+ * // Use it for unauthenticated requests
+ * const response = await fetch("https://stack.zenku.app/rest/acme/items", {
+ *   headers: { Authorization: `Bearer ${anonKey}` },
+ * });
+ * ```
+ */
+export async function fetchAnonKey(baseUrl, tenantId = PLATFORM_TENANT_ID) {
+    const url = buildPublicKeyUrl(baseUrl, tenantId);
+    const response = await fetch(url);
+    if (!response.ok) {
+        if (response.status === 404) {
+            throw new AnonKeyError(`Tenant "${tenantId}" not found`, 404);
+        }
+        throw new AnonKeyError(`Failed to fetch anon key: ${response.status} ${response.statusText}`, response.status);
+    }
+    const key = await response.text();
+    if (!key || !key.startsWith("eyJ")) {
+        throw new AnonKeyError("Invalid anon key format");
+    }
+    return key;
+}
+/**
+ * Anon key cache for avoiding repeated fetches
+ */
+const anonKeyCache = new Map();
+/**
+ * Default cache TTL (1 hour, matching server Cache-Control)
+ */
+const DEFAULT_CACHE_TTL = 3600 * 1000;
+/**
+ * Fetch the anon key with caching
+ *
+ * Same as `fetchAnonKey` but caches the result in memory to avoid
+ * repeated network requests. The cache respects the server's
+ * Cache-Control header (1 hour).
+ *
+ * @param baseUrl - Base URL of the stack
+ * @param tenantId - Tenant identifier (default: "_platform")
+ * @param options - Cache options
+ * @returns The anon key (JWT string)
+ *
+ * @example
+ * ```typescript
+ * // First call fetches from network
+ * const key1 = await fetchAnonKeyCached("https://stack.zenku.app", "acme");
+ *
+ * // Second call returns cached value
+ * const key2 = await fetchAnonKeyCached("https://stack.zenku.app", "acme");
+ *
+ * // Force refresh
+ * const key3 = await fetchAnonKeyCached("https://stack.zenku.app", "acme", {
+ *   forceRefresh: true,
+ * });
+ * ```
+ */
+export async function fetchAnonKeyCached(baseUrl, tenantId = PLATFORM_TENANT_ID, options) {
+    const cacheKey = `${baseUrl}:${tenantId}`;
+    const now = Date.now();
+    const ttl = options?.ttl ?? DEFAULT_CACHE_TTL;
+    // Check cache unless force refresh
+    if (!options?.forceRefresh) {
+        const cached = anonKeyCache.get(cacheKey);
+        if (cached && cached.expiresAt > now) {
+            return cached.key;
+        }
+    }
+    // Fetch fresh key
+    const key = await fetchAnonKey(baseUrl, tenantId);
+    // Cache it
+    anonKeyCache.set(cacheKey, {
+        key,
+        expiresAt: now + ttl,
+    });
+    return key;
+}
+/**
+ * Clear the anon key cache
+ *
+ * @param baseUrl - If provided, only clear cache for this base URL
+ * @param tenantId - If provided with baseUrl, only clear cache for this tenant
+ */
+export function clearAnonKeyCache(baseUrl, tenantId) {
+    if (baseUrl && tenantId) {
+        anonKeyCache.delete(`${baseUrl}:${tenantId}`);
+    }
+    else if (baseUrl) {
+        for (const key of anonKeyCache.keys()) {
+            if (key.startsWith(`${baseUrl}:`)) {
+                anonKeyCache.delete(key);
+            }
+        }
+    }
+    else {
+        anonKeyCache.clear();
+    }
+}
+//# sourceMappingURL=keys.js.map

package/dist/lib/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/lib/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,KAAK;IAGnB;IAFlB,YACE,OAAe,EACC,UAAmB;QAEnC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,eAAU,GAAV,UAAU,CAAS;QAGnC,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAe,EACf,WAAmB,kBAAkB;IAErC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxC,OAAO,GAAG,IAAI,YAAY,QAAQ,aAAa,CAAC;AAClD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAe,EACf,WAAmB,kBAAkB;IAErC,MAAM,GAAG,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAEjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,YAAY,CAAC,WAAW,QAAQ,aAAa,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,IAAI,YAAY,CACpB,6BAA6B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,EACrE,QAAQ,CAAC,MAAM,CAChB,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAElC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,YAAY,GAAG,IAAI,GAAG,EAA8C,CAAC;AAE3E;;GAEG;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,IAAI,CAAC;AAEtC;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,WAAmB,kBAAkB,EACrC,OAAkD;IAElD,MAAM,QAAQ,GAAG,GAAG,OAAO,IAAI,QAAQ,EAAE,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG,IAAI,iBAAiB,CAAC;IAE9C,mCAAmC;IACnC,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,GAAG,CAAC;QACpB,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAElD,WAAW;IACX,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE;QACzB,GAAG;QACH,SAAS,EAAE,GAAG,GAAG,GAAG;KACrB,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAgB,EAAE,QAAiB;IACnE,IAAI,OAAO,IAAI,QAAQ,EAAE,CAAC;QACxB,YAAY,CAAC,MAAM,CAAC,GAAG,OAAO,IAAI,QAAQ,EAAE,CAAC,CAAC;IAChD,CAAC;SAAM,IAAI,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YACtC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC;gBAClC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;AACH,CAAC"}

package/dist/lib/paths.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Build auth endpoint path
+ *
+ * @example
+ * authPath("_platform", "/token") → "/auth/_platform/token"
+ * authPath("acme", "/token") → "/auth/acme/token"
+ */
+export declare function authPath(tenantId: string, path: string): string;
+/**
+ * Build REST (PostgREST) endpoint path
+ *
+ * @example
+ * restPath("_platform", "/basejump/accounts") → "/rest/_platform/basejump/accounts"
+ * restPath("acme", "/todos") → "/rest/acme/todos"
+ */
+export declare function restPath(tenantId: string, path: string): string;
+/**
+ * Build storage endpoint path
+ *
+ * @example
+ * storagePath("acme", "/v1/object/public/avatars/user.png")
+ * → "/storage/acme/v1/object/public/avatars/user.png"
+ * storagePath("_platform", "/v1/bucket") → "/storage/_platform/v1/bucket"
+ */
+export declare function storagePath(tenantId: string, path: string): string;
+/**
+ * Build realtime endpoint path
+ *
+ * @example
+ * realtimePath("/websocket") → "/realtime/v1/websocket"
+ */
+export declare function realtimePath(path: string): string;
+/**
+ * Check if tenant ID is the platform
+ */
+export declare function isPlatform(tenantId: string): boolean;
+//# sourceMappingURL=paths.d.ts.map

package/dist/lib/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAElE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGjD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEpD"}

package/dist/lib/paths.js

@@ -0,0 +1,49 @@
+import { PLATFORM_TENANT_ID } from "../types.js";
+/**
+ * Build auth endpoint path
+ *
+ * @example
+ * authPath("_platform", "/token") → "/auth/_platform/token"
+ * authPath("acme", "/token") → "/auth/acme/token"
+ */
+export function authPath(tenantId, path) {
+    return `/auth/${tenantId}${path}`;
+}
+/**
+ * Build REST (PostgREST) endpoint path
+ *
+ * @example
+ * restPath("_platform", "/basejump/accounts") → "/rest/_platform/basejump/accounts"
+ * restPath("acme", "/todos") → "/rest/acme/todos"
+ */
+export function restPath(tenantId, path) {
+    return `/rest/${tenantId}${path}`;
+}
+/**
+ * Build storage endpoint path
+ *
+ * @example
+ * storagePath("acme", "/v1/object/public/avatars/user.png")
+ * → "/storage/acme/v1/object/public/avatars/user.png"
+ * storagePath("_platform", "/v1/bucket") → "/storage/_platform/v1/bucket"
+ */
+export function storagePath(tenantId, path) {
+    return `/storage/${tenantId}${path}`;
+}
+/**
+ * Build realtime endpoint path
+ *
+ * @example
+ * realtimePath("/websocket") → "/realtime/v1/websocket"
+ */
+export function realtimePath(path) {
+    // Realtime uses the same path for all tenants, tenant is identified by JWT
+    return `/realtime/v1${path}`;
+}
+/**
+ * Check if tenant ID is the platform
+ */
+export function isPlatform(tenantId) {
+    return tenantId === PLATFORM_TENANT_ID;
+}
+//# sourceMappingURL=paths.js.map

package/dist/lib/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CAAC,QAAgB,EAAE,IAAY;IACrD,OAAO,SAAS,QAAQ,GAAG,IAAI,EAAE,CAAC;AACpC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CAAC,QAAgB,EAAE,IAAY;IACrD,OAAO,SAAS,QAAQ,GAAG,IAAI,EAAE,CAAC;AACpC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,IAAY;IACxD,OAAO,YAAY,QAAQ,GAAG,IAAI,EAAE,CAAC;AACvC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,2EAA2E;IAC3E,OAAO,eAAe,IAAI,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,QAAQ,KAAK,kBAAkB,CAAC;AACzC,CAAC"}

package/dist/lib/token-store.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Token storage interface
+ */
+export interface TokenStore {
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    setTokens(accessToken: string, refreshToken: string): void;
+    clearTokens(): void;
+}
+/**
+ * In-memory token storage (for SSR, Workers, testing)
+ */
+export declare class MemoryTokenStore implements TokenStore {
+    private accessToken;
+    private refreshToken;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    setTokens(accessToken: string, refreshToken: string): void;
+    clearTokens(): void;
+}
+/**
+ * LocalStorage token storage (for browser)
+ */
+export declare class LocalStorageTokenStore implements TokenStore {
+    private prefix;
+    constructor(prefix?: string);
+    private get accessKey();
+    private get refreshKey();
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    setTokens(accessToken: string, refreshToken: string): void;
+    clearTokens(): void;
+}
+/**
+ * Token store type for configuration
+ */
+export type TokenStoreType = "memory" | "localStorage" | TokenStore;
+/**
+ * Create a token store from configuration
+ */
+export declare function createTokenStore(type: TokenStoreType, prefix?: string): TokenStore;
+//# sourceMappingURL=token-store.d.ts.map

package/dist/lib/token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../src/lib/token-store.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,cAAc,IAAI,MAAM,GAAG,IAAI,CAAC;IAChC,eAAe,IAAI,MAAM,GAAG,IAAI,CAAC;IACjC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3D,WAAW,IAAI,IAAI,CAAC;CACrB;AAED;;GAEG;AACH,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,YAAY,CAAuB;IAE3C,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAK1D,WAAW,IAAI,IAAI;CAIpB;AAED;;GAEG;AACH,qBAAa,sBAAuB,YAAW,UAAU;IAC3C,OAAO,CAAC,MAAM;gBAAN,MAAM,GAAE,MAAgB;IAE5C,OAAO,KAAK,SAAS,GAEpB;IAED,OAAO,KAAK,UAAU,GAErB;IAED,cAAc,IAAI,MAAM,GAAG,IAAI;IAK/B,eAAe,IAAI,MAAM,GAAG,IAAI;IAKhC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAM1D,WAAW,IAAI,IAAI;CAKpB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,cAAc,GAAG,UAAU,CAAC;AAEpE;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,cAAc,EACpB,MAAM,CAAC,EAAE,MAAM,GACd,UAAU,CAaZ"}

package/dist/lib/token-store.js

@@ -0,0 +1,75 @@
+/**
+ * In-memory token storage (for SSR, Workers, testing)
+ */
+export class MemoryTokenStore {
+    accessToken = null;
+    refreshToken = null;
+    getAccessToken() {
+        return this.accessToken;
+    }
+    getRefreshToken() {
+        return this.refreshToken;
+    }
+    setTokens(accessToken, refreshToken) {
+        this.accessToken = accessToken;
+        this.refreshToken = refreshToken;
+    }
+    clearTokens() {
+        this.accessToken = null;
+        this.refreshToken = null;
+    }
+}
+/**
+ * LocalStorage token storage (for browser)
+ */
+export class LocalStorageTokenStore {
+    prefix;
+    constructor(prefix = "stack") {
+        this.prefix = prefix;
+    }
+    get accessKey() {
+        return `${this.prefix}_access_token`;
+    }
+    get refreshKey() {
+        return `${this.prefix}_refresh_token`;
+    }
+    getAccessToken() {
+        if (typeof localStorage === "undefined")
+            return null;
+        return localStorage.getItem(this.accessKey);
+    }
+    getRefreshToken() {
+        if (typeof localStorage === "undefined")
+            return null;
+        return localStorage.getItem(this.refreshKey);
+    }
+    setTokens(accessToken, refreshToken) {
+        if (typeof localStorage === "undefined")
+            return;
+        localStorage.setItem(this.accessKey, accessToken);
+        localStorage.setItem(this.refreshKey, refreshToken);
+    }
+    clearTokens() {
+        if (typeof localStorage === "undefined")
+            return;
+        localStorage.removeItem(this.accessKey);
+        localStorage.removeItem(this.refreshKey);
+    }
+}
+/**
+ * Create a token store from configuration
+ */
+export function createTokenStore(type, prefix) {
+    if (typeof type === "object") {
+        return type;
+    }
+    switch (type) {
+        case "memory":
+            return new MemoryTokenStore();
+        case "localStorage":
+            return new LocalStorageTokenStore(prefix);
+        default:
+            throw new Error(`Unknown token store type: ${type}`);
+    }
+}
+//# sourceMappingURL=token-store.js.map

package/dist/lib/token-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../src/lib/token-store.ts"],"names":[],"mappings":"AAUA;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACnB,WAAW,GAAkB,IAAI,CAAC;IAClC,YAAY,GAAkB,IAAI,CAAC;IAE3C,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,SAAS,CAAC,WAAmB,EAAE,YAAoB;QACjD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED,WAAW;QACT,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,sBAAsB;IACb;IAApB,YAAoB,SAAiB,OAAO;QAAxB,WAAM,GAAN,MAAM,CAAkB;IAAG,CAAC;IAEhD,IAAY,SAAS;QACnB,OAAO,GAAG,IAAI,CAAC,MAAM,eAAe,CAAC;IACvC,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,GAAG,IAAI,CAAC,MAAM,gBAAgB,CAAC;IACxC,CAAC;IAED,cAAc;QACZ,IAAI,OAAO,YAAY,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QACrD,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC;IAED,eAAe;QACb,IAAI,OAAO,YAAY,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QACrD,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,SAAS,CAAC,WAAmB,EAAE,YAAoB;QACjD,IAAI,OAAO,YAAY,KAAK,WAAW;YAAE,OAAO;QAChD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAClD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACtD,CAAC;IAED,WAAW;QACT,IAAI,OAAO,YAAY,KAAK,WAAW;YAAE,OAAO;QAChD,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;CACF;AAOD;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAoB,EACpB,MAAe;IAEf,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,QAAQ;YACX,OAAO,IAAI,gBAAgB,EAAE,CAAC;QAChC,KAAK,cAAc;YACjB,OAAO,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC5C;YACE,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}

package/dist/mocks/handlers.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Options for creating auth handlers
+ */
+export interface AuthHandlersOptions {
+    /** Base URL of the stack server */
+    baseUrl: string;
+}
+/**
+ * Create MSW handlers for GoTrue auth endpoints
+ *
+ * @example
+ * ```typescript
+ * import { setupServer } from "msw/node";
+ * import { createAuthHandlers } from "@kaiz11/stack-client/mocks";
+ *
+ * const handlers = createAuthHandlers({ baseUrl: "https://stack.test" });
+ * const server = setupServer(...handlers);
+ * ```
+ */
+export declare function createAuthHandlers(options: AuthHandlersOptions): import("msw").HttpHandler[];
+/**
+ * Default handlers with standard test URL
+ *
+ * For SDK internal tests only. Developers should use createAuthHandlers
+ * with their own base URL.
+ */
+export declare const DEFAULT_BASE_URL = "https://stack.test";
+export declare const handlers: import("msw").HttpHandler[];
+//# sourceMappingURL=handlers.d.ts.map

package/dist/mocks/handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/mocks/handlers.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,+BAgF9D;AAED;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AACrD,eAAO,MAAM,QAAQ,6BAAoD,CAAC"}

package/dist/mocks/handlers.js

@@ -0,0 +1,79 @@
+import { http, HttpResponse } from "msw";
+import { createTokenResponse, errors } from "./responses.js";
+import { mockState, requestCounts, delay } from "./state.js";
+/**
+ * Create MSW handlers for GoTrue auth endpoints
+ *
+ * @example
+ * ```typescript
+ * import { setupServer } from "msw/node";
+ * import { createAuthHandlers } from "@kaiz11/stack-client/mocks";
+ *
+ * const handlers = createAuthHandlers({ baseUrl: "https://stack.test" });
+ * const server = setupServer(...handlers);
+ * ```
+ */
+export function createAuthHandlers(options) {
+    const { baseUrl } = options;
+    return [
+        // Sign in (password grant) and token refresh
+        http.post(`${baseUrl}/auth/:target/token`, async ({ request }) => {
+            await delay(mockState.latency);
+            const url = new URL(request.url);
+            const grantType = url.searchParams.get("grant_type");
+            if (grantType === "password") {
+                requestCounts.signIn++;
+                if (mockState.shouldFailSignIn) {
+                    return HttpResponse.json(mockState.signInError, { status: 401 });
+                }
+                const body = (await request.json());
+                return HttpResponse.json(createTokenResponse({ email: body.email }));
+            }
+            if (grantType === "refresh_token") {
+                requestCounts.refresh++;
+                if (mockState.shouldFailRefresh) {
+                    return HttpResponse.json(mockState.refreshError, { status: 401 });
+                }
+                // Generate new tokens (simulating rotation)
+                return HttpResponse.json(createTokenResponse({
+                    email: "user@example.com",
+                    refreshToken: `new-refresh-${Date.now()}`,
+                }));
+            }
+            return HttpResponse.json(errors.unsupportedGrantType, { status: 400 });
+        }),
+        // Sign up
+        http.post(`${baseUrl}/auth/:target/signup`, async ({ request }) => {
+            await delay(mockState.latency);
+            requestCounts.signUp++;
+            if (mockState.shouldFailSignUp) {
+                return HttpResponse.json(mockState.signUpError, { status: 422 });
+            }
+            const body = (await request.json());
+            return HttpResponse.json(createTokenResponse({
+                email: body.email,
+                userMetadata: body.data,
+            }));
+        }),
+        // Sign out
+        http.post(`${baseUrl}/auth/:target/logout`, async ({ request }) => {
+            await delay(mockState.latency);
+            requestCounts.signOut++;
+            // Check for Authorization header
+            const authHeader = request.headers.get("Authorization");
+            if (!authHeader) {
+                return HttpResponse.json(errors.unauthorized, { status: 401 });
+            }
+            return new HttpResponse(null, { status: 204 });
+        }),
+    ];
+}
+/**
+ * Default handlers with standard test URL
+ *
+ * For SDK internal tests only. Developers should use createAuthHandlers
+ * with their own base URL.
+ */
+export const DEFAULT_BASE_URL = "https://stack.test";
+export const handlers = createAuthHandlers({ baseUrl: DEFAULT_BASE_URL });
+//# sourceMappingURL=handlers.js.map

package/dist/mocks/handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/mocks/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,KAAK,CAAC;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAU7D;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAA4B;IAC7D,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5B,OAAO;QACL,6CAA6C;QAC7C,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,qBAAqB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;YAC/D,MAAM,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAE/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAErD,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;gBAC7B,aAAa,CAAC,MAAM,EAAE,CAAC;gBAEvB,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;oBAC/B,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnE,CAAC;gBAED,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAGjC,CAAC;gBACF,OAAO,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;gBAClC,aAAa,CAAC,OAAO,EAAE,CAAC;gBAExB,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;oBAChC,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBAED,4CAA4C;gBAC5C,OAAO,YAAY,CAAC,IAAI,CACtB,mBAAmB,CAAC;oBAClB,KAAK,EAAE,kBAAkB;oBACzB,YAAY,EAAE,eAAe,IAAI,CAAC,GAAG,EAAE,EAAE;iBAC1C,CAAC,CACH,CAAC;YACJ,CAAC;YAED,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACzE,CAAC,CAAC;QAEF,UAAU;QACV,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,sBAAsB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;YAChE,MAAM,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC/B,aAAa,CAAC,MAAM,EAAE,CAAC;YAEvB,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAC/B,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACnE,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAIjC,CAAC;YACF,OAAO,YAAY,CAAC,IAAI,CACtB,mBAAmB,CAAC;gBAClB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,YAAY,EAAE,IAAI,CAAC,IAAI;aACxB,CAAC,CACH,CAAC;QACJ,CAAC,CAAC;QAEF,WAAW;QACX,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,sBAAsB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;YAChE,MAAM,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC/B,aAAa,CAAC,OAAO,EAAE,CAAC;YAExB,iCAAiC;YACjC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AACrD,MAAM,CAAC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC"}

package/dist/mocks/index.d.ts

@@ -0,0 +1,5 @@
+export { generateTestJwt, generateUserId, createTokenResponse, errors, type TestJwtOptions, type TokenResponseOptions, type MockErrorResponse, } from "./responses.js";
+export { mockState, requestCounts, delay, type MockState, type MockOptions, type RequestCounts, } from "./state.js";
+export { createAuthHandlers, handlers, DEFAULT_BASE_URL, type AuthHandlersOptions, } from "./handlers.js";
+export { server } from "./server.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/mocks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mocks/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,MAAM,EACN,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,GACvB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,SAAS,EACT,aAAa,EACb,KAAK,EACL,KAAK,SAAS,EACd,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,gBAAgB,EAChB,KAAK,mBAAmB,GACzB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC"}

package/dist/mocks/index.js

@@ -0,0 +1,9 @@
+// Responses - single source of truth
+export { generateTestJwt, generateUserId, createTokenResponse, errors, } from "./responses.js";
+// State - mock behavior control
+export { mockState, requestCounts, delay, } from "./state.js";
+// MSW handlers - for SDK internal tests
+export { createAuthHandlers, handlers, DEFAULT_BASE_URL, } from "./handlers.js";
+// MSW server - for SDK internal tests
+export { server } from "./server.js";
+//# sourceMappingURL=index.js.map

package/dist/mocks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mocks/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AACrC,OAAO,EACL,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,MAAM,GAIP,MAAM,gBAAgB,CAAC;AAExB,gCAAgC;AAChC,OAAO,EACL,SAAS,EACT,aAAa,EACb,KAAK,GAIN,MAAM,YAAY,CAAC;AAEpB,wCAAwC;AACxC,OAAO,EACL,kBAAkB,EAClB,QAAQ,EACR,gBAAgB,GAEjB,MAAM,eAAe,CAAC;AAEvB,sCAAsC;AACtC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC"}

package/dist/mocks/responses.d.ts

@@ -0,0 +1,76 @@
+import type { GoTrueTokenResponse } from "../auth/types.js";
+/**
+ * Options for generating a test JWT
+ */
+export interface TestJwtOptions {
+    sub: string;
+    email: string;
+    exp?: number;
+    iat?: number;
+}
+/**
+ * Options for creating a token response
+ */
+export interface TokenResponseOptions {
+    email: string;
+    refreshToken?: string;
+    expiresIn?: number;
+    userMetadata?: Record<string, unknown>;
+}
+/**
+ * Generate a valid JWT for testing
+ *
+ * Creates a properly structured JWT that can be decoded by the SDK.
+ * The signature is fake but the payload is valid.
+ */
+export declare function generateTestJwt(options: TestJwtOptions): string;
+/**
+ * Generate a user ID from an email address
+ */
+export declare function generateUserId(email: string): string;
+/**
+ * Create a GoTrue token response
+ *
+ * This is the single source of truth for mock token responses.
+ * Used by both MSW handlers (for SDK tests) and mock auth client (for developer tests).
+ */
+export declare function createTokenResponse(options: TokenResponseOptions): GoTrueTokenResponse;
+/**
+ * Standard error responses (GoTrue format)
+ */
+export declare const errors: {
+    readonly invalidCredentials: {
+        readonly code: 401;
+        readonly error_code: "invalid_credentials";
+        readonly msg: "Invalid email or password";
+    };
+    readonly userAlreadyExists: {
+        readonly code: 422;
+        readonly error_code: "user_already_exists";
+        readonly msg: "User already registered";
+    };
+    readonly invalidRefreshToken: {
+        readonly code: 401;
+        readonly error_code: "invalid_grant";
+        readonly msg: "Invalid refresh token";
+    };
+    readonly unauthorized: {
+        readonly code: 401;
+        readonly error_code: "unauthorized";
+        readonly msg: "Missing or invalid authorization";
+    };
+    readonly unsupportedGrantType: {
+        readonly code: 400;
+        readonly error_code: "unsupported_grant_type";
+        readonly msg: "Unsupported grant type";
+    };
+};
+/**
+ * Error response type (GoTrue format)
+ */
+export type MockErrorResponse = {
+    code: number;
+    error_code: string;
+    msg: string;
+};
+//# sourceMappingURL=responses.d.ts.map

package/dist/mocks/responses.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"responses.d.ts","sourceRoot":"","sources":["../../src/mocks/responses.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,CAsB/D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,oBAAoB,GAC5B,mBAAmB,CAsBrB;AAED;;GAEG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BT,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC"}