@netlify/identity 0.3.1-alpha.6 → 0.4.2

package/dist/index.d.ts

@@ -86,17 +86,17 @@ interface AdminUserUpdates {
     password?: string;
     /** The user's role (e.g., `'admin'`, `'editor'`). */
     role?: string;
+    /** The user's audience (rarely needed; defaults to the site's audience). */
+    aud?: string;
     /** Set to `true` to force-confirm the user's email without sending a confirmation email. */
     confirm?: boolean;
     /** Server-managed metadata. Only writable via admin operations. */
     app_metadata?: Record<string, unknown>;
     /** User-managed metadata (display name, avatar, preferences, etc.). */
     user_metadata?: Record<string, unknown>;
-    [key: string]: unknown;
 }
 /**
- * Options for {@link admin.listUsers}. Only used on the server;
- * pagination is ignored in the browser (gotrue-js limitation).
+ * Pagination options for {@link admin.listUsers}.
  */
 interface ListUsersOptions {
     /** 1-based page number. */
@@ -107,9 +107,10 @@ interface ListUsersOptions {
 /**
  * Parameters for {@link admin.createUser}.
  *
- * The optional `data` fields are spread as top-level attributes in the GoTrue
- * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
- * `user_metadata`, `role`, or other GoTrue user fields at creation time.
+ * The optional `data` fields are forwarded as top-level attributes in the GoTrue
+ * request body. Only these keys are accepted: `role`, `aud`, `app_metadata`,
+ * `user_metadata`. Any other keys are silently ignored. `data` cannot override
+ * `email`, `password`, or `confirm`.
  *
  * @example
  * ```ts
@@ -123,7 +124,7 @@ interface ListUsersOptions {
 interface CreateUserParams {
     email: string;
     password: string;
-    /** Additional GoTrue user fields spread into the request body. */
+    /** GoTrue user fields: `role`, `aud`, `app_metadata`, `user_metadata`. Other keys are ignored. */
     data?: Record<string, unknown>;
 }
 
@@ -161,6 +162,8 @@ interface User {
     roles?: string[];
     /** The full `user_metadata` object. */
     metadata?: Record<string, unknown>;
+    /** The full `app_metadata` object. */
+    appMetadata?: Record<string, unknown>;
     /** The raw GoTrue user data, for accessing fields not mapped to this interface. */
     rawGoTrueData?: Record<string, unknown>;
 }
@@ -424,75 +427,61 @@ declare class MissingIdentityError extends Error {
 
 /**
  * The admin namespace for privileged user management operations.
- * All methods work in both server and browser contexts.
+ * All methods are server-only and require the operator token
+ * (automatically available in Netlify Functions and Edge Functions).
  *
- * **Server:** uses the operator token (automatically available in Netlify Functions).
- * **Browser:** requires a logged-in user with an admin role.
+ * Calling any admin method from a browser environment throws an `AuthError`.
  */
 interface Admin {
     /**
-     * Lists all users. Works in both server and browser contexts.
+     * Lists all users. Server-only.
      *
-     * **Server:** calls GoTrue `GET /admin/users` with the operator token. Pagination
+     * Calls GoTrue `GET /admin/users` with the operator token. Pagination
      * options (`page`, `perPage`) are forwarded as query parameters.
      *
-     * **Browser:** calls gotrue-js `user.admin.listUsers()`. The logged-in user must
-     * have an admin role. Pagination options are ignored (gotrue-js does not support them).
-     *
-     * @throws {AuthError} If the operator token is missing (server) or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, or if the operator token is missing.
      */
     listUsers: (options?: ListUsersOptions) => Promise<User[]>;
     /**
-     * Gets a single user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `GET /admin/users/:id` with the operator token.
+     * Gets a single user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.getUser()`. The logged-in user must
-     * have an admin role.
+     * Calls GoTrue `GET /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   or the operator token is missing.
      */
     getUser: (userId: string) => Promise<User>;
     /**
      * Creates a new user. The user is auto-confirmed (no confirmation email is sent).
-     * Works in both server and browser contexts.
+     * Server-only.
      *
-     * The optional `data` fields are spread as **top-level attributes** in the GoTrue
-     * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
-     * `user_metadata`, `role`, or any other GoTrue user field at creation time.
+     * The optional `data` fields are forwarded as top-level attributes in the GoTrue
+     * request body. Accepted fields: `role`, `aud`, `app_metadata`, `user_metadata`.
+     * Any other keys in `data` are silently ignored. `data` cannot override `email`,
+     * `password`, or `confirm`.
      *
-     * **Server:** calls GoTrue `POST /admin/users` with the operator token.
+     * Calls GoTrue `POST /admin/users` with the operator token.
      *
-     * **Browser:** calls gotrue-js `user.admin.createUser()`. The logged-in user must
-     * have an admin role.
-     *
-     * @throws {AuthError} If the email already exists, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the email already exists,
+     *   or the operator token is missing.
      */
     createUser: (params: CreateUserParams) => Promise<User>;
     /**
-     * Updates an existing user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `PUT /admin/users/:id` with the operator token.
+     * Updates an existing user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.updateUser()`. The logged-in user must
-     * have an admin role.
+     * Calls GoTrue `PUT /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the update fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the update fails, or the operator token is missing.
      */
     updateUser: (userId: string, attributes: AdminUserUpdates) => Promise<User>;
     /**
-     * Deletes a user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `DELETE /admin/users/:id` with the operator token.
+     * Deletes a user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.deleteUser()`. The logged-in user must
-     * have an admin role.
+     * Calls GoTrue `DELETE /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the deletion fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the deletion fails, or the operator token is missing.
      */
     deleteUser: (userId: string) => Promise<void>;
 }

package/dist/index.js

@@ -177,6 +177,24 @@ var triggerNextjsDynamic = () => {
   }
 };
 
+// src/fetch.ts
+var DEFAULT_TIMEOUT_MS = 5e3;
+var fetchWithTimeout = async (url, options = {}, timeoutMs = DEFAULT_TIMEOUT_MS) => {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    return await fetch(url, { ...options, signal: controller.signal });
+  } catch (error) {
+    if (error instanceof Error && error.name === "AbortError") {
+      const pathname = new URL(url).pathname;
+      throw new AuthError(`Identity request to ${pathname} timed out after ${timeoutMs}ms`);
+    }
+    throw error;
+  } finally {
+    clearTimeout(timer);
+  }
+};
+
 // src/events.ts
 var AUTH_EVENTS = {
   LOGIN: "login",
@@ -294,7 +312,7 @@ var refreshSession = async () => {
   }
   let res;
   try {
-    res = await fetch(`${identityUrl}/token`, {
+    res = await fetchWithTimeout(`${identityUrl}/token`, {
       method: "POST",
       headers: { "Content-Type": "application/x-www-form-urlencoded" },
       body: new URLSearchParams({ grant_type: "refresh_token", refresh_token: refreshToken }).toString()
@@ -348,7 +366,7 @@ var login = async (email, password) => {
     });
     let res;
     try {
-      res = await fetch(`${identityUrl}/token`, {
+      res = await fetchWithTimeout(`${identityUrl}/token`, {
         method: "POST",
         headers: { "Content-Type": "application/x-www-form-urlencoded" },
         body: body.toString()
@@ -364,7 +382,7 @@ var login = async (email, password) => {
     const accessToken = data.access_token;
     let userRes;
     try {
-      userRes = await fetch(`${identityUrl}/user`, {
+      userRes = await fetchWithTimeout(`${identityUrl}/user`, {
         headers: { Authorization: `Bearer ${accessToken}` }
       });
     } catch (error) {
@@ -398,7 +416,7 @@ var signup = async (email, password, data) => {
     const cookies = getCookies();
     let res;
     try {
-      res = await fetch(`${identityUrl}/signup`, {
+      res = await fetchWithTimeout(`${identityUrl}/signup`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ email, password, data })
@@ -445,7 +463,7 @@ var logout = async () => {
     const jwt = cookies.get(NF_JWT_COOKIE);
     if (jwt) {
       try {
-        await fetch(`${identityUrl}/logout`, {
+        await fetchWithTimeout(`${identityUrl}/logout`, {
           method: "POST",
           headers: { Authorization: `Bearer ${jwt}` }
         });
@@ -625,6 +643,7 @@ var toUser = (userData) => {
   const appMeta = userData.app_metadata ?? {};
   const name = userMeta.full_name || userMeta.name;
   const pictureUrl = userMeta.avatar_url;
+  const { token: _token, ...safeUserData } = userData;
   return {
     id: userData.id,
     email: userData.email,
@@ -636,7 +655,8 @@ var toUser = (userData) => {
     pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
     roles: toRoles(appMeta),
     metadata: userMeta,
-    rawGoTrueData: { ...userData }
+    appMetadata: appMeta,
+    rawGoTrueData: { ...safeUserData }
   };
 };
 var claimsToUser = (claims) => {
@@ -651,7 +671,8 @@ var claimsToUser = (claims) => {
     name: typeof name === "string" ? name : void 0,
     pictureUrl: typeof pictureUrl === "string" ? pictureUrl : void 0,
     roles: toRoles(appMeta),
-    metadata: userMeta
+    metadata: userMeta,
+    appMetadata: appMeta
   };
 };
 var decodeJwtPayload = (token) => {
@@ -666,7 +687,7 @@ var decodeJwtPayload = (token) => {
 };
 var fetchFullUser = async (identityUrl, jwt) => {
   try {
-    const res = await fetch(`${identityUrl}/user`, {
+    const res = await fetchWithTimeout(`${identityUrl}/user`, {
       headers: { Authorization: `Bearer ${jwt}` }
     });
     if (!res.ok) return null;
@@ -855,6 +876,19 @@ var updateUser = async (updates) => {
 };
 
 // src/admin.ts
+var SERVER_ONLY_MESSAGE = "Admin operations are server-only. Call admin methods from a Netlify Function or Edge Function, not from browser code.";
+var sanitizeUserId = (userId) => {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  if (!uuidRegex.test(userId)) {
+    throw new AuthError("User ID is not a valid UUID");
+  }
+  return encodeURIComponent(userId);
+};
+var assertServer = () => {
+  if (isBrowser()) {
+    throw new AuthError(SERVER_ONLY_MESSAGE);
+  }
+};
 var getAdminAuth = () => {
   const ctx = getIdentityContext();
   if (!ctx?.url) {
@@ -869,7 +903,7 @@ var adminFetch = async (path, options = {}) => {
   const { url, token } = getAdminAuth();
   let res;
   try {
-    res = await fetch(`${url}${path}`, {
+    res = await fetchWithTimeout(`${url}${path}`, {
       ...options,
       headers: {
         ...options.headers,
@@ -886,105 +920,67 @@ var adminFetch = async (path, options = {}) => {
   }
   return res;
 };
-var getAdminUser = () => {
-  const client = getClient();
-  const user = client.currentUser();
-  if (!user) {
-    throw new AuthError("Admin operations require a logged-in user with admin role");
-  }
-  return user;
-};
 var listUsers = async (options) => {
-  if (!isBrowser()) {
-    const params = new URLSearchParams();
-    if (options?.page != null) params.set("page", String(options.page));
-    if (options?.perPage != null) params.set("per_page", String(options.perPage));
-    const query = params.toString();
-    const path = `/admin/users${query ? `?${query}` : ""}`;
-    const res = await adminFetch(path);
-    const body = await res.json();
-    return body.users.map(toUser);
-  }
-  try {
-    const user = getAdminUser();
-    const users = await user.admin.listUsers("");
-    return users.map(toUser);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
-  }
+  assertServer();
+  const params = new URLSearchParams();
+  if (options?.page != null) params.set("page", String(options.page));
+  if (options?.perPage != null) params.set("per_page", String(options.perPage));
+  const query = params.toString();
+  const path = `/admin/users${query ? `?${query}` : ""}`;
+  const res = await adminFetch(path);
+  const body = await res.json();
+  return body.users.map(toUser);
 };
 var getUser2 = async (userId) => {
-  if (!isBrowser()) {
-    const res = await adminFetch(`/admin/users/${userId}`);
-    const userData = await res.json();
-    return toUser(userData);
-  }
-  try {
-    const user = getAdminUser();
-    const userData = await user.admin.getUser({ id: userId });
-    return toUser(userData);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
-  }
+  assertServer();
+  const sanitizedUserId = sanitizeUserId(userId);
+  const res = await adminFetch(`/admin/users/${sanitizedUserId}`);
+  const userData = await res.json();
+  return toUser(userData);
 };
 var createUser = async (params) => {
-  if (!isBrowser()) {
-    const res = await adminFetch("/admin/users", {
-      method: "POST",
-      body: JSON.stringify({
-        email: params.email,
-        password: params.password,
-        ...params.data,
-        confirm: true
-      })
-    });
-    const userData = await res.json();
-    return toUser(userData);
-  }
-  try {
-    const user = getAdminUser();
-    const userData = await user.admin.createUser(params.email, params.password, {
-      ...params.data,
-      confirm: true
-    });
-    return toUser(userData);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+  assertServer();
+  const body = {
+    email: params.email,
+    password: params.password,
+    confirm: true
+  };
+  if (params.data) {
+    const allowedKeys = ["role", "aud", "app_metadata", "user_metadata"];
+    for (const key of allowedKeys) {
+      if (key in params.data) {
+        body[key] = params.data[key];
+      }
+    }
   }
+  const res = await adminFetch("/admin/users", {
+    method: "POST",
+    body: JSON.stringify(body)
+  });
+  const userData = await res.json();
+  return toUser(userData);
 };
 var updateUser2 = async (userId, attributes) => {
-  if (!isBrowser()) {
-    const res = await adminFetch(`/admin/users/${userId}`, {
-      method: "PUT",
-      body: JSON.stringify(attributes)
-    });
-    const userData = await res.json();
-    return toUser(userData);
-  }
-  try {
-    const user = getAdminUser();
-    const userData = await user.admin.updateUser({ id: userId }, attributes);
-    return toUser(userData);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+  assertServer();
+  const sanitizedUserId = sanitizeUserId(userId);
+  const body = {};
+  const allowedKeys = ["email", "password", "role", "aud", "confirm", "app_metadata", "user_metadata"];
+  for (const key of allowedKeys) {
+    if (key in attributes) {
+      body[key] = attributes[key];
+    }
   }
+  const res = await adminFetch(`/admin/users/${sanitizedUserId}`, {
+    method: "PUT",
+    body: JSON.stringify(body)
+  });
+  const userData = await res.json();
+  return toUser(userData);
 };
 var deleteUser = async (userId) => {
-  if (!isBrowser()) {
-    await adminFetch(`/admin/users/${userId}`, { method: "DELETE" });
-    return;
-  }
-  try {
-    const user = getAdminUser();
-    await user.admin.deleteUser({ id: userId });
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
-  }
+  assertServer();
+  const sanitizedUserId = sanitizeUserId(userId);
+  await adminFetch(`/admin/users/${sanitizedUserId}`, { method: "DELETE" });
 };
 var admin = { listUsers, getUser: getUser2, createUser, updateUser: updateUser2, deleteUser };
 export {