@netlify/identity 0.4.1 → 0.4.2

package/dist/index.d.ts

@@ -86,17 +86,17 @@ interface AdminUserUpdates {
     password?: string;
     /** The user's role (e.g., `'admin'`, `'editor'`). */
     role?: string;
+    /** The user's audience (rarely needed; defaults to the site's audience). */
+    aud?: string;
     /** Set to `true` to force-confirm the user's email without sending a confirmation email. */
     confirm?: boolean;
     /** Server-managed metadata. Only writable via admin operations. */
     app_metadata?: Record<string, unknown>;
     /** User-managed metadata (display name, avatar, preferences, etc.). */
     user_metadata?: Record<string, unknown>;
-    [key: string]: unknown;
 }
 /**
- * Options for {@link admin.listUsers}. Only used on the server;
- * pagination is ignored in the browser (gotrue-js limitation).
+ * Pagination options for {@link admin.listUsers}.
  */
 interface ListUsersOptions {
     /** 1-based page number. */
@@ -107,9 +107,10 @@ interface ListUsersOptions {
 /**
  * Parameters for {@link admin.createUser}.
  *
- * The optional `data` fields are spread as top-level attributes in the GoTrue
- * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
- * `user_metadata`, `role`, or other GoTrue user fields at creation time.
+ * The optional `data` fields are forwarded as top-level attributes in the GoTrue
+ * request body. Only these keys are accepted: `role`, `aud`, `app_metadata`,
+ * `user_metadata`. Any other keys are silently ignored. `data` cannot override
+ * `email`, `password`, or `confirm`.
  *
  * @example
  * ```ts
@@ -123,7 +124,7 @@ interface ListUsersOptions {
 interface CreateUserParams {
     email: string;
     password: string;
-    /** Additional GoTrue user fields spread into the request body. */
+    /** GoTrue user fields: `role`, `aud`, `app_metadata`, `user_metadata`. Other keys are ignored. */
     data?: Record<string, unknown>;
 }
 
@@ -426,75 +427,61 @@ declare class MissingIdentityError extends Error {
 
 /**
  * The admin namespace for privileged user management operations.
- * All methods work in both server and browser contexts.
+ * All methods are server-only and require the operator token
+ * (automatically available in Netlify Functions and Edge Functions).
  *
- * **Server:** uses the operator token (automatically available in Netlify Functions).
- * **Browser:** requires a logged-in user with an admin role.
+ * Calling any admin method from a browser environment throws an `AuthError`.
  */
 interface Admin {
     /**
-     * Lists all users. Works in both server and browser contexts.
+     * Lists all users. Server-only.
      *
-     * **Server:** calls GoTrue `GET /admin/users` with the operator token. Pagination
+     * Calls GoTrue `GET /admin/users` with the operator token. Pagination
      * options (`page`, `perPage`) are forwarded as query parameters.
      *
-     * **Browser:** calls gotrue-js `user.admin.listUsers()`. The logged-in user must
-     * have an admin role. Pagination options are ignored (gotrue-js does not support them).
-     *
-     * @throws {AuthError} If the operator token is missing (server) or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, or if the operator token is missing.
      */
     listUsers: (options?: ListUsersOptions) => Promise<User[]>;
     /**
-     * Gets a single user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `GET /admin/users/:id` with the operator token.
+     * Gets a single user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.getUser()`. The logged-in user must
-     * have an admin role.
+     * Calls GoTrue `GET /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   or the operator token is missing.
      */
     getUser: (userId: string) => Promise<User>;
     /**
      * Creates a new user. The user is auto-confirmed (no confirmation email is sent).
-     * Works in both server and browser contexts.
+     * Server-only.
      *
-     * The optional `data` fields are spread as **top-level attributes** in the GoTrue
-     * request body (not nested under `user_metadata`). Use this to set `app_metadata`,
-     * `user_metadata`, `role`, or any other GoTrue user field at creation time.
+     * The optional `data` fields are forwarded as top-level attributes in the GoTrue
+     * request body. Accepted fields: `role`, `aud`, `app_metadata`, `user_metadata`.
+     * Any other keys in `data` are silently ignored. `data` cannot override `email`,
+     * `password`, or `confirm`.
      *
-     * **Server:** calls GoTrue `POST /admin/users` with the operator token.
+     * Calls GoTrue `POST /admin/users` with the operator token.
      *
-     * **Browser:** calls gotrue-js `user.admin.createUser()`. The logged-in user must
-     * have an admin role.
-     *
-     * @throws {AuthError} If the email already exists, the operator token is missing (server),
-     *   or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the email already exists,
+     *   or the operator token is missing.
      */
     createUser: (params: CreateUserParams) => Promise<User>;
     /**
-     * Updates an existing user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `PUT /admin/users/:id` with the operator token.
+     * Updates an existing user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.updateUser()`. The logged-in user must
-     * have an admin role.
+     * Calls GoTrue `PUT /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the update fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the update fails, or the operator token is missing.
      */
     updateUser: (userId: string, attributes: AdminUserUpdates) => Promise<User>;
     /**
-     * Deletes a user by ID. Works in both server and browser contexts.
-     *
-     * **Server:** calls GoTrue `DELETE /admin/users/:id` with the operator token.
+     * Deletes a user by ID. Server-only.
      *
-     * **Browser:** calls gotrue-js `user.admin.deleteUser()`. The logged-in user must
-     * have an admin role.
+     * Calls GoTrue `DELETE /admin/users/:id` with the operator token.
      *
-     * @throws {AuthError} If the user is not found, the deletion fails, the operator token
-     *   is missing (server), or no admin user is logged in (browser).
+     * @throws {AuthError} If called from a browser, the user is not found,
+     *   the deletion fails, or the operator token is missing.
      */
     deleteUser: (userId: string) => Promise<void>;
 }

package/dist/index.js

@@ -876,6 +876,19 @@ var updateUser = async (updates) => {
 };
 
 // src/admin.ts
+var SERVER_ONLY_MESSAGE = "Admin operations are server-only. Call admin methods from a Netlify Function or Edge Function, not from browser code.";
+var sanitizeUserId = (userId) => {
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  if (!uuidRegex.test(userId)) {
+    throw new AuthError("User ID is not a valid UUID");
+  }
+  return encodeURIComponent(userId);
+};
+var assertServer = () => {
+  if (isBrowser()) {
+    throw new AuthError(SERVER_ONLY_MESSAGE);
+  }
+};
 var getAdminAuth = () => {
   const ctx = getIdentityContext();
   if (!ctx?.url) {
@@ -907,105 +920,67 @@ var adminFetch = async (path, options = {}) => {
   }
   return res;
 };
-var getAdminUser = () => {
-  const client = getClient();
-  const user = client.currentUser();
-  if (!user) {
-    throw new AuthError("Admin operations require a logged-in user with admin role");
-  }
-  return user;
-};
 var listUsers = async (options) => {
-  if (!isBrowser()) {
-    const params = new URLSearchParams();
-    if (options?.page != null) params.set("page", String(options.page));
-    if (options?.perPage != null) params.set("per_page", String(options.perPage));
-    const query = params.toString();
-    const path = `/admin/users${query ? `?${query}` : ""}`;
-    const res = await adminFetch(path);
-    const body = await res.json();
-    return body.users.map(toUser);
-  }
-  try {
-    const user = getAdminUser();
-    const users = await user.admin.listUsers("");
-    return users.map(toUser);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
-  }
+  assertServer();
+  const params = new URLSearchParams();
+  if (options?.page != null) params.set("page", String(options.page));
+  if (options?.perPage != null) params.set("per_page", String(options.perPage));
+  const query = params.toString();
+  const path = `/admin/users${query ? `?${query}` : ""}`;
+  const res = await adminFetch(path);
+  const body = await res.json();
+  return body.users.map(toUser);
 };
 var getUser2 = async (userId) => {
-  if (!isBrowser()) {
-    const res = await adminFetch(`/admin/users/${userId}`);
-    const userData = await res.json();
-    return toUser(userData);
-  }
-  try {
-    const user = getAdminUser();
-    const userData = await user.admin.getUser({ id: userId });
-    return toUser(userData);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
-  }
+  assertServer();
+  const sanitizedUserId = sanitizeUserId(userId);
+  const res = await adminFetch(`/admin/users/${sanitizedUserId}`);
+  const userData = await res.json();
+  return toUser(userData);
 };
 var createUser = async (params) => {
-  if (!isBrowser()) {
-    const res = await adminFetch("/admin/users", {
-      method: "POST",
-      body: JSON.stringify({
-        email: params.email,
-        password: params.password,
-        ...params.data,
-        confirm: true
-      })
-    });
-    const userData = await res.json();
-    return toUser(userData);
-  }
-  try {
-    const user = getAdminUser();
-    const userData = await user.admin.createUser(params.email, params.password, {
-      ...params.data,
-      confirm: true
-    });
-    return toUser(userData);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+  assertServer();
+  const body = {
+    email: params.email,
+    password: params.password,
+    confirm: true
+  };
+  if (params.data) {
+    const allowedKeys = ["role", "aud", "app_metadata", "user_metadata"];
+    for (const key of allowedKeys) {
+      if (key in params.data) {
+        body[key] = params.data[key];
+      }
+    }
   }
+  const res = await adminFetch("/admin/users", {
+    method: "POST",
+    body: JSON.stringify(body)
+  });
+  const userData = await res.json();
+  return toUser(userData);
 };
 var updateUser2 = async (userId, attributes) => {
-  if (!isBrowser()) {
-    const res = await adminFetch(`/admin/users/${userId}`, {
-      method: "PUT",
-      body: JSON.stringify(attributes)
-    });
-    const userData = await res.json();
-    return toUser(userData);
-  }
-  try {
-    const user = getAdminUser();
-    const userData = await user.admin.updateUser({ id: userId }, attributes);
-    return toUser(userData);
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
+  assertServer();
+  const sanitizedUserId = sanitizeUserId(userId);
+  const body = {};
+  const allowedKeys = ["email", "password", "role", "aud", "confirm", "app_metadata", "user_metadata"];
+  for (const key of allowedKeys) {
+    if (key in attributes) {
+      body[key] = attributes[key];
+    }
   }
+  const res = await adminFetch(`/admin/users/${sanitizedUserId}`, {
+    method: "PUT",
+    body: JSON.stringify(body)
+  });
+  const userData = await res.json();
+  return toUser(userData);
 };
 var deleteUser = async (userId) => {
-  if (!isBrowser()) {
-    await adminFetch(`/admin/users/${userId}`, { method: "DELETE" });
-    return;
-  }
-  try {
-    const user = getAdminUser();
-    await user.admin.deleteUser({ id: userId });
-  } catch (error) {
-    if (error instanceof AuthError) throw error;
-    throw new AuthError(error.message, void 0, { cause: error });
-  }
+  assertServer();
+  const sanitizedUserId = sanitizeUserId(userId);
+  await adminFetch(`/admin/users/${sanitizedUserId}`, { method: "DELETE" });
 };
 var admin = { listUsers, getUser: getUser2, createUser, updateUser: updateUser2, deleteUser };
 export {