@netlify/identity 0.3.0-alpha.3 → 0.3.0-alpha.5

package/dist/index.js

@@ -12,7 +12,7 @@ var AUTH_PROVIDERS = ["google", "github", "gitlab", "bitbucket", "facebook", "sa
 import GoTrue from "gotrue-js";
 
 // src/errors.ts
-var AuthError = class extends Error {
+var AuthError = class _AuthError extends Error {
   constructor(message, status, options) {
     super(message);
     this.name = "AuthError";
@@ -21,6 +21,10 @@ var AuthError = class extends Error {
       this.cause = options.cause;
     }
   }
+  static from(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return new _AuthError(message, void 0, { cause: error });
+  }
 };
 var MissingIdentityError = class extends Error {
   constructor(message = "Netlify Identity is not available.") {
@@ -45,7 +49,7 @@ var discoverApiUrl = () => {
       cachedApiUrl = identityContext.url;
     } else if (globalThis.Netlify?.context?.url) {
       cachedApiUrl = new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href;
-    } else if (process.env.URL) {
+    } else if (typeof process !== "undefined" && process.env?.URL) {
       cachedApiUrl = new URL(IDENTITY_PATH, process.env.URL).href;
     }
   }
@@ -82,7 +86,7 @@ var getIdentityContext = () => {
   if (globalThis.Netlify?.context?.url) {
     return { url: new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href };
   }
-  const siteUrl = process.env.URL;
+  const siteUrl = typeof process !== "undefined" ? process.env?.URL : void 0;
   if (siteUrl) {
     return { url: new URL(IDENTITY_PATH, siteUrl).href };
   }
@@ -94,7 +98,12 @@ var NF_JWT_COOKIE = "nf_jwt";
 var NF_REFRESH_COOKIE = "nf_refresh";
 var getCookie = (name) => {
   const match = document.cookie.match(new RegExp(`(?:^|; )${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}=([^;]*)`));
-  return match ? decodeURIComponent(match[1]) : null;
+  if (!match) return null;
+  try {
+    return decodeURIComponent(match[1]);
+  } catch {
+    return match[1];
+  }
 };
 var setAuthCookies = (cookies, accessToken, refreshToken) => {
   cookies.set({
@@ -164,143 +173,6 @@ var triggerNextjsDynamic = () => {
   }
 };
 
-// src/user.ts
-var toAuthProvider = (value) => typeof value === "string" && AUTH_PROVIDERS.includes(value) ? value : void 0;
-var toUser = (userData) => {
-  const userMeta = userData.user_metadata ?? {};
-  const appMeta = userData.app_metadata ?? {};
-  const name = userMeta.full_name || userMeta.name;
-  const pictureUrl = userMeta.avatar_url;
-  return {
-    id: userData.id,
-    email: userData.email,
-    emailVerified: !!userData.confirmed_at,
-    createdAt: userData.created_at,
-    updatedAt: userData.updated_at,
-    provider: toAuthProvider(appMeta.provider),
-    name: typeof name === "string" ? name : void 0,
-    pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
-    metadata: userMeta,
-    rawGoTrueData: { ...userData }
-  };
-};
-var claimsToUser = (claims) => {
-  const appMeta = claims.app_metadata ?? {};
-  const userMeta = claims.user_metadata ?? {};
-  const name = userMeta.full_name || userMeta.name;
-  return {
-    id: claims.sub ?? "",
-    email: claims.email,
-    provider: toAuthProvider(appMeta.provider),
-    name: typeof name === "string" ? name : void 0,
-    metadata: userMeta
-  };
-};
-var hydrating = false;
-var backgroundHydrate = (accessToken) => {
-  if (hydrating) return;
-  hydrating = true;
-  const refreshToken = getCookie(NF_REFRESH_COOKIE) ?? "";
-  const decoded = decodeJwtPayload(accessToken);
-  const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
-  const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
-  setTimeout(() => {
-    try {
-      const client = getClient();
-      client.createUser(
-        {
-          access_token: accessToken,
-          token_type: "bearer",
-          expires_in: expiresIn,
-          expires_at: expiresAt,
-          refresh_token: refreshToken
-        },
-        true
-      ).catch(() => {
-      }).finally(() => {
-        hydrating = false;
-      });
-    } catch {
-      hydrating = false;
-    }
-  }, 0);
-};
-var decodeJwtPayload = (token) => {
-  try {
-    const parts = token.split(".");
-    if (parts.length !== 3) return null;
-    const payload = atob(parts[1].replace(/-/g, "+").replace(/_/g, "/"));
-    return JSON.parse(payload);
-  } catch {
-    return null;
-  }
-};
-var getUser = () => {
-  if (isBrowser()) {
-    const client = getGoTrueClient();
-    const currentUser = client?.currentUser() ?? null;
-    if (currentUser) {
-      const jwt2 = getCookie(NF_JWT_COOKIE);
-      if (!jwt2) {
-        try {
-          currentUser.clearSession();
-        } catch {
-        }
-        return null;
-      }
-      return toUser(currentUser);
-    }
-    const jwt = getCookie(NF_JWT_COOKIE);
-    if (!jwt) return null;
-    const claims = decodeJwtPayload(jwt);
-    if (!claims) return null;
-    backgroundHydrate(jwt);
-    return claimsToUser(claims);
-  }
-  triggerNextjsDynamic();
-  const identityContext = globalThis.netlifyIdentityContext;
-  if (identityContext?.user) {
-    return claimsToUser(identityContext.user);
-  }
-  const serverJwt = getServerCookie(NF_JWT_COOKIE);
-  if (serverJwt) {
-    const claims = decodeJwtPayload(serverJwt);
-    if (claims) return claimsToUser(claims);
-  }
-  return null;
-};
-var isAuthenticated = () => getUser() !== null;
-
-// src/config.ts
-var getIdentityConfig = () => {
-  if (isBrowser()) {
-    return { url: `${window.location.origin}${IDENTITY_PATH}` };
-  }
-  return getIdentityContext();
-};
-var getSettings = async () => {
-  const client = getClient();
-  try {
-    const raw = await client.settings();
-    const external = raw.external ?? {};
-    return {
-      autoconfirm: raw.autoconfirm,
-      disableSignup: raw.disable_signup,
-      providers: {
-        google: external.google ?? false,
-        github: external.github ?? false,
-        gitlab: external.gitlab ?? false,
-        bitbucket: external.bitbucket ?? false,
-        facebook: external.facebook ?? false,
-        email: external.email ?? false,
-        saml: external.saml ?? false
-      }
-    };
-  } catch (err) {
-    throw new AuthError(err instanceof Error ? err.message : "Failed to fetch identity settings", 502, { cause: err });
-  }
-};
-
 // src/events.ts
 var AUTH_EVENTS = {
   LOGIN: "login",
@@ -379,7 +251,7 @@ var login = async (email, password) => {
         body: body.toString()
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
@@ -393,7 +265,7 @@ var login = async (email, password) => {
         headers: { Authorization: `Bearer ${accessToken}` }
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!userRes.ok) {
       const errorBody = await userRes.json().catch(() => ({}));
@@ -413,7 +285,7 @@ var login = async (email, password) => {
     emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var signup = async (email, password, data) => {
@@ -428,7 +300,7 @@ var signup = async (email, password, data) => {
         body: JSON.stringify({ email, password, data })
       });
     } catch (error) {
-      throw new AuthError(error.message, void 0, { cause: error });
+      throw AuthError.from(error);
     }
     if (!res.ok) {
       const errorBody = await res.json().catch(() => ({}));
@@ -457,7 +329,7 @@ var signup = async (email, password, data) => {
     }
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var logout = async () => {
@@ -486,7 +358,7 @@ var logout = async () => {
     deleteBrowserAuthCookies();
     emitAuthEvent(AUTH_EVENTS.LOGOUT, null);
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var oauthLogin = (provider) => {
@@ -517,7 +389,7 @@ var handleAuthCallback = async () => {
     return null;
   } catch (error) {
     if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var handleOAuthCallback = async (client, params, accessToken) => {
@@ -602,21 +474,172 @@ var hydrateSession = async () => {
   const decoded = decodeJwtPayload(accessToken);
   const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
   const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
-  const gotrueUser = await client.createUser(
-    {
-      access_token: accessToken,
-      token_type: "bearer",
-      expires_in: expiresIn,
-      expires_at: expiresAt,
-      refresh_token: refreshToken
-    },
-    persistSession
-  );
+  let gotrueUser;
+  try {
+    gotrueUser = await client.createUser(
+      {
+        access_token: accessToken,
+        token_type: "bearer",
+        expires_in: expiresIn,
+        expires_at: expiresAt,
+        refresh_token: refreshToken
+      },
+      persistSession
+    );
+  } catch {
+    deleteBrowserAuthCookies();
+    return null;
+  }
   const user = toUser(gotrueUser);
   emitAuthEvent(AUTH_EVENTS.LOGIN, user);
   return user;
 };
 
+// src/user.ts
+var toAuthProvider = (value) => typeof value === "string" && AUTH_PROVIDERS.includes(value) ? value : void 0;
+var toRoles = (appMeta) => {
+  const roles = appMeta.roles;
+  if (Array.isArray(roles) && roles.every((r) => typeof r === "string")) {
+    return roles;
+  }
+  return void 0;
+};
+var toUser = (userData) => {
+  const userMeta = userData.user_metadata ?? {};
+  const appMeta = userData.app_metadata ?? {};
+  const name = userMeta.full_name || userMeta.name;
+  const pictureUrl = userMeta.avatar_url;
+  return {
+    id: userData.id,
+    email: userData.email,
+    emailVerified: !!userData.confirmed_at,
+    createdAt: userData.created_at,
+    updatedAt: userData.updated_at,
+    provider: toAuthProvider(appMeta.provider),
+    name: typeof name === "string" ? name : void 0,
+    pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
+    roles: toRoles(appMeta),
+    metadata: userMeta,
+    rawGoTrueData: { ...userData }
+  };
+};
+var claimsToUser = (claims) => {
+  const appMeta = claims.app_metadata ?? {};
+  const userMeta = claims.user_metadata ?? {};
+  const name = userMeta.full_name || userMeta.name;
+  const pictureUrl = userMeta.avatar_url;
+  return {
+    id: claims.sub ?? "",
+    email: claims.email,
+    provider: toAuthProvider(appMeta.provider),
+    name: typeof name === "string" ? name : void 0,
+    pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
+    roles: toRoles(appMeta),
+    metadata: userMeta
+  };
+};
+var decodeJwtPayload = (token) => {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = atob(parts[1].replace(/-/g, "+").replace(/_/g, "/"));
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+};
+var fetchFullUser = async (identityUrl, jwt) => {
+  try {
+    const res = await fetch(`${identityUrl}/user`, {
+      headers: { Authorization: `Bearer ${jwt}` }
+    });
+    if (!res.ok) return null;
+    const userData = await res.json();
+    return toUser(userData);
+  } catch {
+    return null;
+  }
+};
+var resolveIdentityUrl = () => {
+  const identityContext = getIdentityContext();
+  if (identityContext?.url) return identityContext.url;
+  if (globalThis.Netlify?.context?.url) {
+    return new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href;
+  }
+  const siteUrl = typeof process !== "undefined" ? process.env?.URL : void 0;
+  if (siteUrl) {
+    return new URL(IDENTITY_PATH, siteUrl).href;
+  }
+  return null;
+};
+var getUser = async () => {
+  if (isBrowser()) {
+    const client = getGoTrueClient();
+    const currentUser = client?.currentUser() ?? null;
+    if (currentUser) {
+      const jwt2 = getCookie(NF_JWT_COOKIE);
+      if (!jwt2) {
+        try {
+          currentUser.clearSession();
+        } catch {
+        }
+        return null;
+      }
+      return toUser(currentUser);
+    }
+    const jwt = getCookie(NF_JWT_COOKIE);
+    if (!jwt) return null;
+    const claims2 = decodeJwtPayload(jwt);
+    if (!claims2) return null;
+    const hydrated = await hydrateSession();
+    if (hydrated) return hydrated;
+    return claimsToUser(claims2);
+  }
+  triggerNextjsDynamic();
+  const identityContext = globalThis.netlifyIdentityContext;
+  const serverJwt = identityContext?.token || getServerCookie(NF_JWT_COOKIE);
+  if (serverJwt) {
+    const identityUrl = resolveIdentityUrl();
+    if (identityUrl) {
+      const fullUser = await fetchFullUser(identityUrl, serverJwt);
+      if (fullUser) return fullUser;
+    }
+  }
+  const claims = identityContext?.user ?? (serverJwt ? decodeJwtPayload(serverJwt) : null);
+  return claims ? claimsToUser(claims) : null;
+};
+var isAuthenticated = async () => await getUser() !== null;
+
+// src/config.ts
+var getIdentityConfig = () => {
+  if (isBrowser()) {
+    return { url: `${window.location.origin}${IDENTITY_PATH}` };
+  }
+  return getIdentityContext();
+};
+var getSettings = async () => {
+  const client = getClient();
+  try {
+    const raw = await client.settings();
+    const external = raw.external ?? {};
+    return {
+      autoconfirm: raw.autoconfirm,
+      disableSignup: raw.disable_signup,
+      providers: {
+        google: external.google ?? false,
+        github: external.github ?? false,
+        gitlab: external.gitlab ?? false,
+        bitbucket: external.bitbucket ?? false,
+        facebook: external.facebook ?? false,
+        email: external.email ?? false,
+        saml: external.saml ?? false
+      }
+    };
+  } catch (err) {
+    throw new AuthError(err instanceof Error ? err.message : "Failed to fetch identity settings", 502, { cause: err });
+  }
+};
+
 // src/account.ts
 var resolveCurrentUser = async () => {
   const client = getClient();
@@ -636,7 +659,7 @@ var requestPasswordRecovery = async (email) => {
   try {
     await client.requestPasswordRecovery(email);
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var recoverPassword = async (token, newPassword) => {
@@ -648,7 +671,7 @@ var recoverPassword = async (token, newPassword) => {
     emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var confirmEmail = async (token) => {
@@ -659,7 +682,7 @@ var confirmEmail = async (token) => {
     emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var acceptInvite = async (token, password) => {
@@ -670,15 +693,15 @@ var acceptInvite = async (token, password) => {
     emitAuthEvent(AUTH_EVENTS.LOGIN, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var verifyEmailChange = async (token) => {
   if (!isBrowser()) throw new AuthError("verifyEmailChange() is only available in the browser");
   const currentUser = await resolveCurrentUser();
-  const jwt = await currentUser.jwt();
-  const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
   try {
+    const jwt = await currentUser.jwt();
+    const identityUrl = `${window.location.origin}${IDENTITY_PATH}`;
     const res = await fetch(`${identityUrl}/user`, {
       method: "PUT",
       headers: {
@@ -697,7 +720,7 @@ var verifyEmailChange = async (token) => {
     return user;
   } catch (error) {
     if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };
 var updateUser = async (updates) => {
@@ -708,7 +731,7 @@ var updateUser = async (updates) => {
     emitAuthEvent(AUTH_EVENTS.USER_UPDATED, user);
     return user;
   } catch (error) {
-    throw new AuthError(error.message, void 0, { cause: error });
+    throw AuthError.from(error);
   }
 };