npm - @netlify/identity - Versions diffs - 0.3.0-alpha.4 → 0.3.0-alpha.5 - Mend

@netlify/identity 0.3.0-alpha.4 → 0.3.0-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -54,8 +54,8 @@ import { login, getUser } from '@netlify/identity'
 const user = await login('jane@example.com', 'password123')
 console.log(`Hello, ${user.name}`)
-// Later, check auth state synchronously
-const currentUser = getUser()
+// Later, check auth state
+const currentUser = await getUser()
 ```
 ### Protect a Netlify Function
@@ -65,7 +65,7 @@ import { getUser } from '@netlify/identity'
 import type { Context } from '@netlify/functions'
 export default async (req: Request, context: Context) => {
-  const user = getUser()
+  const user = await getUser()
   if (!user) return new Response('Unauthorized', { status: 401 })
   return Response.json({ id: user.id, email: user.email })
 }
@@ -78,7 +78,7 @@ import { getUser } from '@netlify/identity'
 import type { Context } from '@netlify/edge-functions'
 export default async (req: Request, context: Context) => {
-  const user = getUser()
+  const user = await getUser()
   if (!user) return new Response('Unauthorized', { status: 401 })
   return Response.json({ id: user.id, email: user.email })
 }
@@ -91,20 +91,20 @@ export default async (req: Request, context: Context) => {
 #### `getUser`
 ```ts
-getUser(): User | null
+getUser(): Promise<User | null>
 ```
-Returns the current authenticated user, or `null` if not logged in. Synchronous. Never throws.
+Returns the current authenticated user, or `null` if not logged in. Always returns a full `User` object with all available fields (email, roles, timestamps, metadata) regardless of whether the call happens in the browser or on the server. Never throws.
 > **Next.js note:** Calling `getUser()` in a Server Component opts the page into [dynamic rendering](https://nextjs.org/docs/app/building-your-application/rendering/server-components#dynamic-rendering) because it reads cookies. This is expected and correct for authenticated pages. Next.js handles the internal dynamic rendering signal automatically.
 #### `isAuthenticated`
 ```ts
-isAuthenticated(): boolean
+isAuthenticated(): Promise<boolean>
 ```
-Returns `true` if a user is currently authenticated. Equivalent to `getUser() !== null`. Never throws.
+Returns `true` if a user is currently authenticated. Equivalent to `(await getUser()) !== null`. Never throws.
 #### `getIdentityConfig`
@@ -200,7 +200,7 @@ hydrateSession(): Promise<User | null>
 Bootstraps the browser-side gotrue-js session from server-set auth cookies (`nf_jwt`, `nf_refresh`). Returns the hydrated `User`, or `null` if no auth cookies are present. No-op on the server.
-**When to use:** After a server-side login (e.g., via a Netlify Function or Server Action), the `nf_jwt` cookie is set but gotrue-js has no browser session yet. `getUser()` works immediately (it decodes the cookie), but account operations like `updateUser()` or `verifyEmailChange()` require a live gotrue-js session. Call `hydrateSession()` once on page load to bridge this gap.
+**When to use:** After a server-side login (e.g., via a Netlify Function or Server Action), the `nf_jwt` cookie is set but gotrue-js has no browser session yet. `getUser()` calls `hydrateSession()` automatically, but account operations like `updateUser()` or `verifyEmailChange()` require a live gotrue-js session. Call `hydrateSession()` explicitly if you need the session ready before calling those operations.
 If a gotrue-js session already exists (e.g., from a browser-side login), this is a no-op and returns the existing user.
@@ -373,6 +373,7 @@ interface User {
   provider?: AuthProvider
   name?: string
   pictureUrl?: string
+  roles?: string[]
   metadata?: Record<string, unknown>
   rawGoTrueData?: Record<string, unknown>
 }
@@ -611,8 +612,8 @@ export default function LoginPage() {
 import { getUser } from '@netlify/identity'
 import { redirect } from 'next/navigation'
-export default function Dashboard() {
-  const user = getUser()
+export default async function Dashboard() {
+  const user = await getUser()
   if (!user) redirect('/login')
   return <h1>Hello, {user.email}</h1>
@@ -651,7 +652,7 @@ import { getUser } from '@netlify/identity'
 import { redirect } from '@remix-run/node'
 export async function loader() {
-  const user = getUser()
+  const user = await getUser()
   if (!user) return redirect('/login')
   return { user }
 }
@@ -669,7 +670,7 @@ import { createServerFn } from '@tanstack/react-start'
 import { getUser } from '@netlify/identity'
 export const getServerUser = createServerFn({ method: 'GET' }).handler(async () => {
-  const user = getUser()
+  const user = await getUser()
   return user ?? null
 })
 ```
@@ -755,7 +756,7 @@ export const POST: APIRoute = async ({ request }) => {
 // src/pages/dashboard.astro
 import { getUser } from '@netlify/identity'
-const user = getUser()
+const user = await getUser()
 if (!user) return Astro.redirect('/login')
 ---
 <h1>Hello, {user.email}</h1>
@@ -797,8 +798,8 @@ if (!user) return Astro.redirect('/login')
 import { getUser } from '@netlify/identity'
 import { redirect } from '@sveltejs/kit'
-export function load() {
-  const user = getUser()
+export async function load() {
+  const user = await getUser()
   if (!user) redirect(302, '/login')
   return { user }
 }
@@ -873,9 +874,10 @@ import { getUser, onAuthChange } from '@netlify/identity'
 import type { User } from '@netlify/identity'
 export function useAuth() {
-  const [user, setUser] = useState<User | null>(getUser())
+  const [user, setUser] = useState<User | null>(null)
   useEffect(() => {
+    getUser().then(setUser)
     return onAuthChange((_event, user) => setUser(user))
   }, [])

package/dist/index.cjs CHANGED Viewed

@@ -222,143 +222,6 @@ var triggerNextjsDynamic = () => {
   }
 };
-// src/user.ts
-var toAuthProvider = (value) => typeof value === "string" && AUTH_PROVIDERS.includes(value) ? value : void 0;
-var toUser = (userData) => {
-  const userMeta = userData.user_metadata ?? {};
-  const appMeta = userData.app_metadata ?? {};
-  const name = userMeta.full_name || userMeta.name;
-  const pictureUrl = userMeta.avatar_url;
-  return {
-    id: userData.id,
-    email: userData.email,
-    emailVerified: !!userData.confirmed_at,
-    createdAt: userData.created_at,
-    updatedAt: userData.updated_at,
-    provider: toAuthProvider(appMeta.provider),
-    name: typeof name === "string" ? name : void 0,
-    pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
-    metadata: userMeta,
-    rawGoTrueData: { ...userData }
-  };
-};
-var claimsToUser = (claims) => {
-  const appMeta = claims.app_metadata ?? {};
-  const userMeta = claims.user_metadata ?? {};
-  const name = userMeta.full_name || userMeta.name;
-  return {
-    id: claims.sub ?? "",
-    email: claims.email,
-    provider: toAuthProvider(appMeta.provider),
-    name: typeof name === "string" ? name : void 0,
-    metadata: userMeta
-  };
-};
-var hydrating = false;
-var backgroundHydrate = (accessToken) => {
-  if (hydrating) return;
-  hydrating = true;
-  const refreshToken = getCookie(NF_REFRESH_COOKIE) ?? "";
-  const decoded = decodeJwtPayload(accessToken);
-  const expiresAt = decoded?.exp ?? Math.floor(Date.now() / 1e3) + 3600;
-  const expiresIn = Math.max(0, expiresAt - Math.floor(Date.now() / 1e3));
-  setTimeout(() => {
-    try {
-      const client = getClient();
-      client.createUser(
-        {
-          access_token: accessToken,
-          token_type: "bearer",
-          expires_in: expiresIn,
-          expires_at: expiresAt,
-          refresh_token: refreshToken
-        },
-        true
-      ).catch(() => {
-      }).finally(() => {
-        hydrating = false;
-      });
-    } catch {
-      hydrating = false;
-    }
-  }, 0);
-};
-var decodeJwtPayload = (token) => {
-  try {
-    const parts = token.split(".");
-    if (parts.length !== 3) return null;
-    const payload = atob(parts[1].replace(/-/g, "+").replace(/_/g, "/"));
-    return JSON.parse(payload);
-  } catch {
-    return null;
-  }
-};
-var getUser = () => {
-  if (isBrowser()) {
-    const client = getGoTrueClient();
-    const currentUser = client?.currentUser() ?? null;
-    if (currentUser) {
-      const jwt2 = getCookie(NF_JWT_COOKIE);
-      if (!jwt2) {
-        try {
-          currentUser.clearSession();
-        } catch {
-        }
-        return null;
-      }
-      return toUser(currentUser);
-    }
-    const jwt = getCookie(NF_JWT_COOKIE);
-    if (!jwt) return null;
-    const claims = decodeJwtPayload(jwt);
-    if (!claims) return null;
-    backgroundHydrate(jwt);
-    return claimsToUser(claims);
-  }
-  triggerNextjsDynamic();
-  const identityContext = globalThis.netlifyIdentityContext;
-  if (identityContext?.user) {
-    return claimsToUser(identityContext.user);
-  }
-  const serverJwt = getServerCookie(NF_JWT_COOKIE);
-  if (serverJwt) {
-    const claims = decodeJwtPayload(serverJwt);
-    if (claims) return claimsToUser(claims);
-  }
-  return null;
-};
-var isAuthenticated = () => getUser() !== null;
-// src/config.ts
-var getIdentityConfig = () => {
-  if (isBrowser()) {
-    return { url: `${window.location.origin}${IDENTITY_PATH}` };
-  }
-  return getIdentityContext();
-};
-var getSettings = async () => {
-  const client = getClient();
-  try {
-    const raw = await client.settings();
-    const external = raw.external ?? {};
-    return {
-      autoconfirm: raw.autoconfirm,
-      disableSignup: raw.disable_signup,
-      providers: {
-        google: external.google ?? false,
-        github: external.github ?? false,
-        gitlab: external.gitlab ?? false,
-        bitbucket: external.bitbucket ?? false,
-        facebook: external.facebook ?? false,
-        email: external.email ?? false,
-        saml: external.saml ?? false
-      }
-    };
-  } catch (err) {
-    throw new AuthError(err instanceof Error ? err.message : "Failed to fetch identity settings", 502, { cause: err });
-  }
-};
 // src/events.ts
 var AUTH_EVENTS = {
   LOGIN: "login",
@@ -681,6 +544,151 @@ var hydrateSession = async () => {
   return user;
 };
+// src/user.ts
+var toAuthProvider = (value) => typeof value === "string" && AUTH_PROVIDERS.includes(value) ? value : void 0;
+var toRoles = (appMeta) => {
+  const roles = appMeta.roles;
+  if (Array.isArray(roles) && roles.every((r) => typeof r === "string")) {
+    return roles;
+  }
+  return void 0;
+};
+var toUser = (userData) => {
+  const userMeta = userData.user_metadata ?? {};
+  const appMeta = userData.app_metadata ?? {};
+  const name = userMeta.full_name || userMeta.name;
+  const pictureUrl = userMeta.avatar_url;
+  return {
+    id: userData.id,
+    email: userData.email,
+    emailVerified: !!userData.confirmed_at,
+    createdAt: userData.created_at,
+    updatedAt: userData.updated_at,
+    provider: toAuthProvider(appMeta.provider),
+    name: typeof name === "string" ? name : void 0,
+    pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
+    roles: toRoles(appMeta),
+    metadata: userMeta,
+    rawGoTrueData: { ...userData }
+  };
+};
+var claimsToUser = (claims) => {
+  const appMeta = claims.app_metadata ?? {};
+  const userMeta = claims.user_metadata ?? {};
+  const name = userMeta.full_name || userMeta.name;
+  const pictureUrl = userMeta.avatar_url;
+  return {
+    id: claims.sub ?? "",
+    email: claims.email,
+    provider: toAuthProvider(appMeta.provider),
+    name: typeof name === "string" ? name : void 0,
+    pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
+    roles: toRoles(appMeta),
+    metadata: userMeta
+  };
+};
+var decodeJwtPayload = (token) => {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = atob(parts[1].replace(/-/g, "+").replace(/_/g, "/"));
+    return JSON.parse(payload);
+  } catch {
+    return null;
+  }
+};
+var fetchFullUser = async (identityUrl, jwt) => {
+  try {
+    const res = await fetch(`${identityUrl}/user`, {
+      headers: { Authorization: `Bearer ${jwt}` }
+    });
+    if (!res.ok) return null;
+    const userData = await res.json();
+    return toUser(userData);
+  } catch {
+    return null;
+  }
+};
+var resolveIdentityUrl = () => {
+  const identityContext = getIdentityContext();
+  if (identityContext?.url) return identityContext.url;
+  if (globalThis.Netlify?.context?.url) {
+    return new URL(IDENTITY_PATH, globalThis.Netlify.context.url).href;
+  }
+  const siteUrl = typeof process !== "undefined" ? process.env?.URL : void 0;
+  if (siteUrl) {
+    return new URL(IDENTITY_PATH, siteUrl).href;
+  }
+  return null;
+};
+var getUser = async () => {
+  if (isBrowser()) {
+    const client = getGoTrueClient();
+    const currentUser = client?.currentUser() ?? null;
+    if (currentUser) {
+      const jwt2 = getCookie(NF_JWT_COOKIE);
+      if (!jwt2) {
+        try {
+          currentUser.clearSession();
+        } catch {
+        }
+        return null;
+      }
+      return toUser(currentUser);
+    }
+    const jwt = getCookie(NF_JWT_COOKIE);
+    if (!jwt) return null;
+    const claims2 = decodeJwtPayload(jwt);
+    if (!claims2) return null;
+    const hydrated = await hydrateSession();
+    if (hydrated) return hydrated;
+    return claimsToUser(claims2);
+  }
+  triggerNextjsDynamic();
+  const identityContext = globalThis.netlifyIdentityContext;
+  const serverJwt = identityContext?.token || getServerCookie(NF_JWT_COOKIE);
+  if (serverJwt) {
+    const identityUrl = resolveIdentityUrl();
+    if (identityUrl) {
+      const fullUser = await fetchFullUser(identityUrl, serverJwt);
+      if (fullUser) return fullUser;
+    }
+  }
+  const claims = identityContext?.user ?? (serverJwt ? decodeJwtPayload(serverJwt) : null);
+  return claims ? claimsToUser(claims) : null;
+};
+var isAuthenticated = async () => await getUser() !== null;
+// src/config.ts
+var getIdentityConfig = () => {
+  if (isBrowser()) {
+    return { url: `${window.location.origin}${IDENTITY_PATH}` };
+  }
+  return getIdentityContext();
+};
+var getSettings = async () => {
+  const client = getClient();
+  try {
+    const raw = await client.settings();
+    const external = raw.external ?? {};
+    return {
+      autoconfirm: raw.autoconfirm,
+      disableSignup: raw.disable_signup,
+      providers: {
+        google: external.google ?? false,
+        github: external.github ?? false,
+        gitlab: external.gitlab ?? false,
+        bitbucket: external.bitbucket ?? false,
+        facebook: external.facebook ?? false,
+        email: external.email ?? false,
+        saml: external.saml ?? false
+      }
+    };
+  } catch (err) {
+    throw new AuthError(err instanceof Error ? err.message : "Failed to fetch identity settings", 502, { cause: err });
+  }
+};
 // src/account.ts
 var resolveCurrentUser = async () => {
   const client = getClient();