@niledatabase/server 5.0.0-alpha.2 → 5.0.0-alpha.4

package/dist/index.d.ts

@@ -1,5 +1,13 @@
 import pg, { PoolConfig, PoolClient } from 'pg';
 
+type ExtensionCtx = {
+    handleOnRequest: (config: Config, _init: RequestInit & {
+        request: Request;
+    }, params: RequestInit) => Promise<void>;
+};
+type ConfigConstructor = NileConfig & {
+    extensionCtx?: ExtensionCtx;
+};
 declare class Config {
     routes: Routes;
     handlers: {
@@ -14,7 +22,9 @@ declare class Config {
         delete: string[];
         put: string[];
     };
-    logger?: LoggerType;
+    extensionCtx: ExtensionCtx;
+    extensions?: Extension[];
+    logger: LoggerType;
     /**
      * Stores the set tenant id from Server for use in sub classes
      */
@@ -47,7 +57,7 @@ declare class Config {
      */
     routePrefix: string;
     db: NilePoolConfig;
-    constructor(config?: NileConfig, logger?: string);
+    constructor(config?: ConfigConstructor);
 }
 
 type Routes = {
@@ -70,193 +80,10 @@ type Routes = {
     PASSWORD_RESET: string;
     LOG: string;
     VERIFY_EMAIL: string;
+    INVITES: string;
+    INVITE: string;
 };
 
-type Opts = {
-    basePath?: string;
-    fetch?: typeof fetch;
-};
-type NilePoolConfig = PoolConfig & {
-    afterCreate?: AfterCreate;
-};
-type LoggerType = {
-    info?: (args: unknown | unknown[]) => void;
-    warn?: (args: unknown | unknown[]) => void;
-    error?: (args: unknown | unknown[]) => void;
-    debug?: (args: unknown | unknown[]) => void;
-};
-type NileConfig = {
-    /**
-     * The specific database id. Either passed in or figured out by NILEDB_API_URL
-     * process.env.NILEDB_ID
-     */
-    databaseId?: string;
-    /**
-     * The user UUID to the database
-     * process.env.NILEDB_USER
-     */
-    user?: string;
-    /**
-     * The password UUID to the database
-     * process.env.NILEDB_PASSWORD
-     */
-    password?: string;
-    /**
-     * The name of the database. Automatically obtained from NILEDB_POSTGRES_URL
-     * process.env.NILEDB_NAME
-     */
-    databaseName?: string;
-    /**
-     * A tenant id. Scopes requests to a specific tenant, both API and DB
-     * process.env.NILEDB_TENANT
-     */
-    tenantId?: string | null | undefined;
-    /**
-     * A user id. Possibly not the logged in user, used for setting database context (nile.user_id)
-     * Generally speaking, this wouldn't be used for authentication, and in some cases simply won't do anything on some endpoints
-     */
-    userId?: string | null | undefined;
-    /**
-     * Shows a bunch of logging on the server side to see what's being done between the sdk and nile-auth
-     */
-    debug?: boolean;
-    /**
-     * DB configuration overrides. Environment variables are the way to go, but maybe you need something more
-     */
-    db?: NilePoolConfig;
-    /**
-     * Some kind of logger if you want to send to an external service
-     */
-    logger?: LoggerType;
-    /**
-     * The configuration value that maps to `NILEDB_API_URL` - its going to be nile-auth (or similar service)
-     */
-    apiUrl?: string | undefined;
-    /**
-     * Ignore client callbackUrls by setting this.
-     * You can force the callback URL server side to be sure nile-auth redirects to whatever location.
-     */
-    callbackUrl?: string | undefined;
-    /**
-     * Need to override some routes? Change it here
-     */
-    routes?: Partial<Routes>;
-    /**
-     * don't like the default `/api`? change it here
-     */
-    routePrefix?: string | undefined;
-    /**
-     * In some cases, you may want to force secure cookies.
-     * The SDK handles this for you, but might be necessary in some firewall / internal cases
-     * Defaults to true if you're in production
-     */
-    secureCookies?: boolean;
-    /**
-     * The origin for the requests.
-     * Allows the setting of the callback origin to a random FE
-     * eg FE localhost:3001 -> BE: localhost:5432 would set to localhost:3001 to be sure nile-auth uses that.
-     * In full stack cases, will just be the `host` header of the incoming request, which is used by default
-     * It is also important to set this when dealing with secure cookies. Calling via server side needs to know if TLS is being used so that nile-auth knows which cookies to be sent.
-     */
-    origin?: null | undefined | string;
-    /**
-     * Set the headers to use in API requests.
-     * The `cookie` would be expected if you are setting this, else most calls will be unauthorized
-     */
-    headers?: null | Headers | Record<string, string>;
-};
-type NileDb = NilePoolConfig & {
-    tenantId?: string;
-};
-type AfterCreate = (conn: PoolClient, done: (err: null | Error, conn: PoolClient) => void) => void;
-interface NileBody<R, B> {
-    readonly body: ReadableStream<Uint8Array> | null | B;
-    readonly bodyUsed: boolean;
-    arrayBuffer(): Promise<ArrayBuffer>;
-    blob(): Promise<Blob>;
-    formData(): Promise<FormData>;
-    json(): Promise<R>;
-    text(): Promise<string>;
-}
-interface NResponse<T> extends NileBody<T, any> {
-    readonly headers: Headers;
-    readonly ok: boolean;
-    readonly redirected: boolean;
-    readonly status: number;
-    readonly statusText: string;
-    readonly type: ResponseType;
-    readonly url: string;
-    clone(): Response;
-}
-interface NRequest<T> extends NileBody<any, T> {
-    /** Returns the cache mode associated with request, which is a string indicating how the request will interact with the browser's cache when fetching. */
-    readonly cache: RequestCache;
-    /** Returns the credentials mode associated with request, which is a string indicating whether credentials will be sent with the request always, never, or only when sent to a same-origin URL. */
-    readonly credentials: RequestCredentials;
-    /** Returns the kind of resource requested by request, e.g., "document" or "script". */
-    readonly destination: RequestDestination;
-    /** Returns a Headers object consisting of the headers associated with request. Note that headers added in the network layer by the user agent will not be accounted for in this object, e.g., the "Host" header. */
-    readonly headers: Headers;
-    /** Returns request's subresource integrity metadata, which is a cryptographic hash of the resource being fetched. Its value consists of multiple hashes separated by whitespace. [SRI] */
-    readonly integrity: string;
-    /** Returns a boolean indicating whether or not request can outlive the global in which it was created. */
-    readonly keepalive: boolean;
-    /** Returns request's HTTP method, which is "GET" by default. */
-    readonly method: string;
-    /** Returns the mode associated with request, which is a string indicating whether the request will use CORS, or will be restricted to same-origin URLs. */
-    readonly mode: RequestMode;
-    /** Returns the redirect mode associated with request, which is a string indicating how redirects for the request will be handled during fetching. A request will follow redirects by default. */
-    readonly redirect: RequestRedirect;
-    /** Returns the referrer of request. Its value can be a same-origin URL if explicitly set in init, the empty string to indicate no referrer, and "about:client" when defaulting to the global's default. This is used during fetching to determine the value of the `Referer` header of the request being made. */
-    readonly referrer: string;
-    /** Returns the referrer policy associated with request. This is used during fetching to compute the value of the request's referrer. */
-    readonly referrerPolicy: ReferrerPolicy;
-    /** Returns the signal associated with request, which is an AbortSignal object indicating whether or not request has been aborted, and its abort event handler. */
-    readonly signal: AbortSignal;
-    /** Returns the URL of request as a string. */
-    readonly url: string;
-    clone(): Request;
-}
-type NileRequest<T> = NRequest<T> | T;
-declare const APIErrorErrorCodeEnum: {
-    readonly InternalError: "internal_error";
-    readonly BadRequest: "bad_request";
-    readonly EntityNotFound: "entity_not_found";
-    readonly DuplicateEntity: "duplicate_entity";
-    readonly InvalidCredentials: "invalid_credentials";
-    readonly UnknownOidcProvider: "unknown_oidc_provider";
-    readonly ProviderAlreadyExists: "provider_already_exists";
-    readonly ProviderConfigError: "provider_config_error";
-    readonly ProviderMismatch: "provider_mismatch";
-    readonly ProviderUpdateError: "provider_update_error";
-    readonly SessionStateMissing: "session_state_missing";
-    readonly SessionStateMismatch: "session_state_mismatch";
-    readonly OidcCodeMissing: "oidc_code_missing";
-};
-type APIErrorErrorCodeEnum = (typeof APIErrorErrorCodeEnum)[keyof typeof APIErrorErrorCodeEnum];
-interface APIError {
-    [key: string]: any | any;
-    /**
-     *
-     * @type {string}
-     * @memberof APIError
-     */
-    errorCode: APIErrorErrorCodeEnum;
-    /**
-     *
-     * @type {string}
-     * @memberof APIError
-     */
-    message: string;
-    /**
-     *
-     * @type {number}
-     * @memberof APIError
-     */
-    statusCode: number;
-}
-type NileResponse<T> = Promise<T | NResponse<T & APIError>>;
-
 interface CreateBasicUserRequest {
     email: string;
     password: string;
@@ -304,43 +131,6 @@ interface User {
     tenants: string[];
 }
 
-type Tenant = {
-    id: string;
-    name: string;
-};
-
-type ProviderName = 'discord' | 'github' | 'google' | 'hubspot' | 'linkedin' | 'slack' | 'twitter' | 'email' | 'credentials' | 'azure';
-type Providers = {
-    [providerName in ProviderName]: Provider;
-};
-type Provider = {
-    id: string;
-    name: string;
-    type: string;
-    signinUrl: string;
-    callbackUrl: string;
-};
-type JWT = {
-    email: string;
-    sub: string;
-    id: string;
-    iat: number;
-    exp: number;
-    jti: string;
-};
-type ActiveSession = {
-    id: string;
-    email: string;
-    expires: string;
-    user?: {
-        id: string;
-        name: string;
-        image: string;
-        email: string;
-        emailVerified: void | Date;
-    };
-};
-
 declare class Users {
     #private;
     constructor(config: Config);
@@ -348,12 +138,30 @@ declare class Users {
         emailVerified: boolean;
     }>, rawResponse?: boolean): Promise<T>;
     removeSelf(): Promise<Response>;
-    getSelf(rawResponse?: true): Promise<Response>;
     getSelf<T = User | Response>(): Promise<T>;
-    verifySelf(rawResponse?: true): Promise<Response>;
-    verifySelf<T = Response | void>(): Promise<T>;
+    getSelf(rawResponse?: true): Promise<Response>;
+    verifySelf<T = void>(): Promise<T>;
+    verifySelf(rawResponse: true): Promise<Response>;
+    verifySelf<T = Response | User>(options: {
+        bypassEmail?: boolean;
+        callbackUrl?: string;
+    }, rawResponse?: true): Promise<T>;
 }
 
+type Tenant = {
+    id: string;
+    name: string;
+};
+type Invite = {
+    id: string;
+    tenant_id: string;
+    token: string;
+    identifier: string;
+    roles: null | string;
+    created_by: string;
+    expires: Date;
+};
+
 type ReqContext = {
     userId?: string;
     tenantId?: string;
@@ -364,6 +172,7 @@ type JoinTenantRequest = string | ReqContext | {
 declare class Tenants {
     #private;
     constructor(config: Config);
+    create(name: string, rawResponse: true): Promise<Response>;
     create<T = Tenant | Response>(name: string, rawResponse?: boolean): Promise<T>;
     create<T = Tenant | Response>(payload: {
         name: string;
@@ -373,27 +182,79 @@ declare class Tenants {
     delete<T = Response>(payload: {
         id: string;
     }): Promise<T>;
-    get(rawResponse: true): Promise<Response>;
+    get<T = Tenant | Response>(): Promise<T>;
     get<T = Tenant | Response>(id: string, rawResponse?: boolean): Promise<T>;
+    get(rawResponse: true): Promise<Response>;
     get<T = Tenant | Response>(payload: {
         id: string;
     }, rawResponse?: boolean): Promise<T>;
     update(req: Partial<Tenant>, rawResponse: true): Promise<Response>;
     update<T = Tenant | Response | undefined>(req: Partial<Tenant>, rawResponse?: boolean): Promise<T>;
-    list(rawResponse: true): Promise<Response>;
     list<T = Tenant[] | Response>(): Promise<T>;
+    list(rawResponse: true): Promise<Response>;
     leaveTenant<T = Response>(req?: string | {
         tenantId: string;
     }): Promise<T>;
     addMember(req: JoinTenantRequest, rawResponse: true): Promise<Response>;
     addMember<T = User | Response>(req: JoinTenantRequest, rawResponse?: boolean): Promise<T>;
     removeMember(req: JoinTenantRequest, rawResponse?: boolean): Promise<Response>;
-    users(req: boolean): Promise<Response>;
     users<T = User[] | Response>(req?: boolean | {
         tenantId?: string;
     }, rawResponse?: boolean): Promise<T>;
+    users(req: true): Promise<Response>;
+    invites<T = Invite[] | Response>(): Promise<T>;
+    invite<T = Response | Invite>(req: string | {
+        email: string;
+        callbackUrl?: string;
+        redirectUrl?: string;
+    }, rawResponse?: boolean): Promise<T>;
+    invite(req: string | {
+        email: string;
+        callbackUrl?: string;
+        redirectUrl?: string;
+    }, rawResponse: true): Promise<Response>;
+    acceptInvite<T = Response>(req?: {
+        identifier: string;
+        token: string;
+        redirectUrl?: string;
+    }, rawResponse?: boolean): Promise<T>;
+    deleteInvite<T = Response>(req: string | {
+        id: string;
+    }): Promise<T>;
 }
 
+type ProviderName = 'discord' | 'github' | 'google' | 'hubspot' | 'linkedin' | 'slack' | 'twitter' | 'email' | 'credentials' | 'azure';
+type Providers = {
+    [providerName in ProviderName]: Provider;
+};
+type Provider = {
+    id: string;
+    name: string;
+    type: string;
+    signinUrl: string;
+    callbackUrl: string;
+};
+type JWT = {
+    email: string;
+    sub: string;
+    id: string;
+    iat: number;
+    exp: number;
+    jti: string;
+};
+type ActiveSession = {
+    id: string;
+    email: string;
+    expires: string;
+    user?: {
+        id: string;
+        name: string;
+        image: string;
+        email: string;
+        emailVerified: void | Date;
+    };
+};
+
 type SignUpPayload = {
     email: string;
     password: string;
@@ -403,10 +264,10 @@ type SignUpPayload = {
 declare class Auth {
     #private;
     constructor(config: Config);
-    getSession(rawResponse: true): Promise<Response>;
     getSession<T = JWT | ActiveSession | undefined>(rawResponse?: false): Promise<T>;
-    getCsrf(rawResponse: true): Promise<Response>;
+    getSession(rawResponse: true): Promise<Response>;
     getCsrf<T = Response | JSON>(rawResponse?: false): Promise<T>;
+    getCsrf(rawResponse: true): Promise<Response>;
     listProviders(rawResponse: true): Promise<Response>;
     listProviders<T = {
         [key: string]: Provider;
@@ -419,6 +280,11 @@ declare class Auth {
      */
     signUp(payload: SignUpPayload, rawResponse: true): Promise<Response>;
     signUp<T = User | Response>(payload: SignUpPayload): Promise<T>;
+    forgotPassword(req: {
+        email: string;
+        callbackUrl?: string;
+        redirectUrl?: string;
+    }): Promise<Response>;
     resetPassword(req: Request | {
         email: string;
         password: string;
@@ -505,4 +371,205 @@ declare class Server {
 }
 declare function create(config?: NileConfig): Server;
 
-export { type APIError, APIErrorErrorCodeEnum, type ActiveSession, type AfterCreate, type CreateBasicUserRequest, type CreateTenantUserRequest, type JWT, type LoggerType, type LoginUserResponse, type LoginUserResponseToken, LoginUserResponseTokenTypeEnum, create as Nile, type NileConfig, type NileDb, type NilePoolConfig, type NileRequest, type NileResponse, type Opts, type Providers, Server, type Tenant, type User, parseCSRF, parseCallback, parseToken };
+type Opts = {
+    basePath?: string;
+    fetch?: typeof fetch;
+};
+interface ExtensionResult {
+    id?: string;
+    [key: string]: unknown;
+    onRequest?: (req: Request) => void | Promise<void | RequestInit>;
+    onResponse?: (res: Response) => void | Promise<void>;
+}
+type Extension = (instance: Server) => ExtensionResult | Promise<ExtensionResult>;
+type NilePoolConfig = PoolConfig & {
+    afterCreate?: AfterCreate;
+};
+type LoggerType = {
+    info: (args: unknown | unknown[]) => void;
+    warn: (args: unknown | unknown[]) => void;
+    error: (args: unknown | unknown[]) => void;
+    debug: (args: unknown | unknown[]) => void;
+};
+type NileConfig = {
+    /**
+     * The specific database id. Either passed in or figured out by NILEDB_API_URL
+     * process.env.NILEDB_ID
+     */
+    databaseId?: string;
+    /**
+     * The user UUID to the database
+     * process.env.NILEDB_USER
+     */
+    user?: string;
+    /**
+     * The password UUID to the database
+     * process.env.NILEDB_PASSWORD
+     */
+    password?: string;
+    /**
+     * The name of the database. Automatically obtained from NILEDB_POSTGRES_URL
+     * process.env.NILEDB_NAME
+     */
+    databaseName?: string;
+    /**
+     * A tenant id. Scopes requests to a specific tenant, both API and DB
+     * process.env.NILEDB_TENANT
+     */
+    tenantId?: string | null | undefined;
+    /**
+     * A user id. Possibly not the logged in user, used for setting database context (nile.user_id)
+     * Generally speaking, this wouldn't be used for authentication, and in some cases simply won't do anything on some endpoints
+     */
+    userId?: string | null | undefined;
+    /**
+     * Shows a bunch of logging on the server side to see what's being done between the sdk and nile-auth
+     */
+    debug?: boolean;
+    /**
+     * DB configuration overrides. Environment variables are the way to go, but maybe you need something more
+     */
+    db?: NilePoolConfig;
+    /**
+     * Some kind of logger if you want to send to an external service
+     */
+    logger?: LoggerType;
+    /**
+     * The configuration value that maps to `NILEDB_API_URL` - its going to be nile-auth (or similar service)
+     */
+    apiUrl?: string | undefined;
+    /**
+     * Ignore client callbackUrls by setting this.
+     * You can force the callback URL server side to be sure nile-auth redirects to whatever location.
+     */
+    callbackUrl?: string | undefined;
+    /**
+     * Need to override some routes? Change it here
+     */
+    routes?: Partial<Routes>;
+    /**
+     * don't like the default `/api`? change it here
+     */
+    routePrefix?: string | undefined;
+    /**
+     * In some cases, you may want to force secure cookies.
+     * The SDK handles this for you, but might be necessary in some firewall / internal cases
+     * Defaults to true if you're in production
+     */
+    secureCookies?: boolean;
+    /**
+     * The origin for the requests.
+     * Allows the setting of the callback origin to a random FE
+     * eg FE localhost:3001 -> BE: localhost:5432 would set to localhost:3001 to be sure nile-auth uses that.
+     * In full stack cases, will just be the `host` header of the incoming request, which is used by default
+     * It is also important to set this when dealing with secure cookies. Calling via server side needs to know if TLS is being used so that nile-auth knows which cookies to be sent.
+     */
+    origin?: null | undefined | string;
+    /**
+     * Set the headers to use in API requests.
+     * The `cookie` would be expected if you are setting this, else most calls will be unauthorized
+     */
+    headers?: null | Headers | Record<string, string>;
+    /**
+     * Functions to run at various points to make life easier
+     */
+    extensions?: Extension[];
+};
+type NileDb = NilePoolConfig & {
+    tenantId?: string;
+};
+type AfterCreate = (conn: PoolClient, done: (err: null | Error, conn: PoolClient) => void) => void;
+interface NileBody<R, B> {
+    readonly body: ReadableStream<Uint8Array> | null | B;
+    readonly bodyUsed: boolean;
+    arrayBuffer(): Promise<ArrayBuffer>;
+    blob(): Promise<Blob>;
+    formData(): Promise<FormData>;
+    json(): Promise<R>;
+    text(): Promise<string>;
+}
+interface NResponse<T> extends NileBody<T, any> {
+    readonly headers: Headers;
+    readonly ok: boolean;
+    readonly redirected: boolean;
+    readonly status: number;
+    readonly statusText: string;
+    readonly type: ResponseType;
+    readonly url: string;
+    clone(): Response;
+}
+interface NRequest<T> extends NileBody<any, T> {
+    /** Returns the cache mode associated with request, which is a string indicating how the request will interact with the browser's cache when fetching. */
+    readonly cache: RequestCache;
+    /** Returns the credentials mode associated with request, which is a string indicating whether credentials will be sent with the request always, never, or only when sent to a same-origin URL. */
+    readonly credentials: RequestCredentials;
+    /** Returns the kind of resource requested by request, e.g., "document" or "script". */
+    readonly destination: RequestDestination;
+    /** Returns a Headers object consisting of the headers associated with request. Note that headers added in the network layer by the user agent will not be accounted for in this object, e.g., the "Host" header. */
+    readonly headers: Headers;
+    /** Returns request's subresource integrity metadata, which is a cryptographic hash of the resource being fetched. Its value consists of multiple hashes separated by whitespace. [SRI] */
+    readonly integrity: string;
+    /** Returns a boolean indicating whether or not request can outlive the global in which it was created. */
+    readonly keepalive: boolean;
+    /** Returns request's HTTP method, which is "GET" by default. */
+    readonly method: string;
+    /** Returns the mode associated with request, which is a string indicating whether the request will use CORS, or will be restricted to same-origin URLs. */
+    readonly mode: RequestMode;
+    /** Returns the redirect mode associated with request, which is a string indicating how redirects for the request will be handled during fetching. A request will follow redirects by default. */
+    readonly redirect: RequestRedirect;
+    /** Returns the referrer of request. Its value can be a same-origin URL if explicitly set in init, the empty string to indicate no referrer, and "about:client" when defaulting to the global's default. This is used during fetching to determine the value of the `Referer` header of the request being made. */
+    readonly referrer: string;
+    /** Returns the referrer policy associated with request. This is used during fetching to compute the value of the request's referrer. */
+    readonly referrerPolicy: ReferrerPolicy;
+    /** Returns the signal associated with request, which is an AbortSignal object indicating whether or not request has been aborted, and its abort event handler. */
+    readonly signal: AbortSignal;
+    /** Returns the URL of request as a string. */
+    readonly url: string;
+    clone(): Request;
+}
+type NileRequest<T> = NRequest<T> | T;
+declare const APIErrorErrorCodeEnum: {
+    readonly InternalError: "internal_error";
+    readonly BadRequest: "bad_request";
+    readonly EntityNotFound: "entity_not_found";
+    readonly DuplicateEntity: "duplicate_entity";
+    readonly InvalidCredentials: "invalid_credentials";
+    readonly UnknownOidcProvider: "unknown_oidc_provider";
+    readonly ProviderAlreadyExists: "provider_already_exists";
+    readonly ProviderConfigError: "provider_config_error";
+    readonly ProviderMismatch: "provider_mismatch";
+    readonly ProviderUpdateError: "provider_update_error";
+    readonly SessionStateMissing: "session_state_missing";
+    readonly SessionStateMismatch: "session_state_mismatch";
+    readonly OidcCodeMissing: "oidc_code_missing";
+};
+type APIErrorErrorCodeEnum = (typeof APIErrorErrorCodeEnum)[keyof typeof APIErrorErrorCodeEnum];
+interface APIError {
+    [key: string]: any | any;
+    /**
+     *
+     * @type {string}
+     * @memberof APIError
+     */
+    errorCode: APIErrorErrorCodeEnum;
+    /**
+     *
+     * @type {string}
+     * @memberof APIError
+     */
+    message: string;
+    /**
+     *
+     * @type {number}
+     * @memberof APIError
+     */
+    statusCode: number;
+}
+type NileResponse<T> = Promise<T | NResponse<T & APIError>>;
+
+declare const TENANT_COOKIE = "nile.tenant-id";
+declare const USER_COOKIE = "nile.user-id";
+declare const HEADER_ORIGIN = "nile-origin";
+declare const HEADER_SECURE_COOKIES = "nile-secure-cookies";
+
+export { type APIError, APIErrorErrorCodeEnum, type ActiveSession, type AfterCreate, type CreateBasicUserRequest, type CreateTenantUserRequest, type Extension, type ExtensionResult, HEADER_ORIGIN, HEADER_SECURE_COOKIES, type Invite, type JWT, type LoggerType, type LoginUserResponse, type LoginUserResponseToken, LoginUserResponseTokenTypeEnum, create as Nile, type NileConfig, type NileDb, type NilePoolConfig, type NileRequest, type NileResponse, type Opts, type Providers, Server, TENANT_COOKIE, type Tenant, USER_COOKIE, type User, parseCSRF, parseCallback, parseToken };