@sanity/sdk 0.0.0-chore-react-18-compat.1 → 0.0.0-chore-react-18-compat.3

package/src/auth/authStore.ts

@@ -2,8 +2,10 @@ import {type ClientConfig, createClient, type SanityClient} from '@sanity/client
 import {type CurrentUser} from '@sanity/types'
 import {type Subscription} from 'rxjs'
 
-import {createResource} from '../resources/createResource'
-import {createStateSourceAction} from '../resources/createStateSourceAction'
+import {type AuthConfig, type AuthProvider} from '../config/authConfig'
+import {bindActionGlobally} from '../store/createActionBinder'
+import {createStateSourceAction} from '../store/createStateSourceAction'
+import {defineStore} from '../store/defineStore'
 import {AuthStateType} from './authStateType'
 import {refreshStampedToken} from './refreshStampedToken'
 import {subscribeToStateAndFetchCurrentUser} from './subscribeToStateAndFetchCurrentUser'
@@ -45,84 +47,6 @@ export type LoggingInAuthState = {type: AuthStateType.LOGGING_IN; isExchangingTo
  */
 export type ErrorAuthState = {type: AuthStateType.ERROR; error: unknown}
 
-/**
- * Configuration for an authentication provider
- * @public
- */
-export interface AuthProvider {
-  /**
-   * Unique identifier for the auth provider (e.g., 'google', 'github')
-   */
-  name: string
-
-  /**
-   * Display name for the auth provider in the UI
-   */
-  title: string
-
-  /**
-   * Complete authentication URL including callback and token parameters
-   */
-  url: string
-
-  /**
-   * Optional URL for direct sign-up flow
-   */
-  signUpUrl?: string
-}
-
-/**
- * Configuration options for creating an auth store.
- *
- * @public
- */
-export interface AuthConfig {
-  /**
-   * The initial location href to use when handling auth callbacks.
-   * Defaults to the current window location if available.
-   */
-  initialLocationHref?: string
-
-  /**
-   * Factory function to create a SanityClient instance.
-   * Defaults to the standard Sanity client factory if not provided.
-   */
-  clientFactory?: (config: ClientConfig) => SanityClient
-
-  /**
-   * Custom authentication providers to use instead of or in addition to the default ones.
-   * Can be an array of providers or a function that takes the default providers and returns
-   * a modified array or a Promise resolving to one.
-   */
-  providers?: AuthProvider[] | ((prev: AuthProvider[]) => AuthProvider[] | Promise<AuthProvider[]>)
-
-  /**
-   * The API hostname for requests. Usually leave this undefined, but it can be set
-   * if using a custom domain or CNAME for the API endpoint.
-   */
-  apiHost?: string
-
-  /**
-   * Storage implementation to persist authentication state.
-   * Defaults to `localStorage` if available.
-   */
-  storageArea?: Storage
-
-  /**
-   * A callback URL for your application.
-   * If none is provided, the auth API will redirect back to the current location (`location.href`).
-   * When handling callbacks, this URL's pathname is checked to ensure it matches the callback.
-   */
-  callbackUrl?: string
-
-  /**
-   * A static authentication token to use instead of handling the OAuth flow.
-   * When provided, the auth store will remain in a logged-in state with this token,
-   * ignoring any storage or callback handling.
-   */
-  token?: string
-}
-
 /**
  * Represents the various states the authentication can be in.
  *
@@ -149,13 +73,14 @@ export interface AuthStoreState {
     storageKey: string
     storageArea: Storage | undefined
     apiHost: string | undefined
+    loginUrl: string
     callbackUrl: string | undefined
     providedToken: string | undefined
   }
   dashboardContext?: DashboardContext
 }
 
-export const authStore = createResource<AuthStoreState>({
+export const authStore = defineStore<AuthStoreState>({
   name: 'Auth',
   getInitialState(instance) {
     const {
@@ -170,6 +95,20 @@ export const authStore = createResource<AuthStoreState>({
 
     const storageKey = `__sanity_auth_token`
 
+    // This login URL will only be used for local development
+    let loginDomain = 'https://www.sanity.io'
+    try {
+      if (apiHost && new URL(apiHost).hostname.endsWith('.sanity.work')) {
+        loginDomain = 'https://www.sanity.work'
+      }
+    } catch {
+      /* empty */
+    }
+    const loginUrl = new URL('/login', loginDomain)
+    loginUrl.searchParams.set('origin', initialLocationHref)
+    loginUrl.searchParams.set('type', 'stampedToken') // Token must be stamped to have an sid passed back
+    loginUrl.searchParams.set('withSid', 'true')
+
     let authState: AuthState
 
     const token = getTokenFromStorage(storageArea, storageKey)
@@ -188,6 +127,7 @@ export const authStore = createResource<AuthStoreState>({
       authState,
       options: {
         apiHost,
+        loginUrl: loginUrl.toString(),
         callbackUrl,
         customProviders,
         providedToken,
@@ -198,22 +138,23 @@ export const authStore = createResource<AuthStoreState>({
       },
     }
   },
-  initialize() {
-    const stateSubscription = subscribeToStateAndFetchCurrentUser(this)
-    let storageEventsSubscription: Subscription | undefined
-    if (this.state.get().options?.storageArea) {
-      storageEventsSubscription = subscribeToStorageEventsAndSetToken(this)
+  initialize(context) {
+    const subscriptions: Subscription[] = []
+    subscriptions.push(subscribeToStateAndFetchCurrentUser(context))
+
+    if (context.state.get().options?.storageArea) {
+      subscriptions.push(subscribeToStorageEventsAndSetToken(context))
     }
-    let refreshStampedTokenSubscription: Subscription | undefined
+
     if (!tokenRefresherRunning) {
       tokenRefresherRunning = true
-      refreshStampedTokenSubscription = refreshStampedToken(this)
+      subscriptions.push(refreshStampedToken(context))
     }
 
     return () => {
-      stateSubscription.unsubscribe()
-      storageEventsSubscription?.unsubscribe()
-      refreshStampedTokenSubscription?.unsubscribe()
+      for (const subscription of subscriptions) {
+        subscription.unsubscribe()
+      }
     }
   },
 })
@@ -221,33 +162,43 @@ export const authStore = createResource<AuthStoreState>({
 /**
  * @public
  */
-export const getCurrentUserState = createStateSourceAction(authStore, ({authState}) =>
-  authState.type === AuthStateType.LOGGED_IN ? authState.currentUser : null,
+export const getCurrentUserState = bindActionGlobally(
+  authStore,
+  createStateSourceAction(({state: {authState}}) =>
+    authState.type === AuthStateType.LOGGED_IN ? authState.currentUser : null,
+  ),
 )
 
 /**
  * @public
  */
-export const getTokenState = createStateSourceAction(authStore, ({authState}) =>
-  authState.type === AuthStateType.LOGGED_IN ? authState.token : null,
+export const getTokenState = bindActionGlobally(
+  authStore,
+  createStateSourceAction(({state: {authState}}) =>
+    authState.type === AuthStateType.LOGGED_IN ? authState.token : null,
+  ),
 )
+
 /**
  * @public
  */
-export const getLoginUrlsState = createStateSourceAction(
+export const getLoginUrlState = bindActionGlobally(
   authStore,
-  ({providers}) => providers ?? null,
+  createStateSourceAction(({state: {options}}) => options.loginUrl),
 )
 
 /**
  * @public
  */
-export const getAuthState = createStateSourceAction(authStore, ({authState}) => authState)
+export const getAuthState = bindActionGlobally(
+  authStore,
+  createStateSourceAction(({state: {authState}}) => authState),
+)
 
 /**
  * @public
  */
-export const getDashboardOrganizationId = createStateSourceAction(
+export const getDashboardOrganizationId = bindActionGlobally(
   authStore,
-  ({dashboardContext}) => dashboardContext?.orgId,
+  createStateSourceAction(({state: {dashboardContext}}) => dashboardContext?.orgId),
 )

package/src/auth/handleAuthCallback.test.ts

@@ -1,10 +1,12 @@
+import {NEVER} from 'rxjs'
 import {beforeEach, describe, it} from 'vitest'
 
-import {createSanityInstance} from '../instance/sanityInstance'
-import {createResourceState} from '../resources/createResource'
+import {createSanityInstance, type SanityInstance} from '../store/createSanityInstance'
 import {AuthStateType} from './authStateType'
-import {authStore} from './authStore'
+import {getAuthState} from './authStore'
 import {handleAuthCallback} from './handleAuthCallback'
+import {subscribeToStateAndFetchCurrentUser} from './subscribeToStateAndFetchCurrentUser'
+import {subscribeToStorageEventsAndSetToken} from './subscribeToStorageEventsAndSetToken'
 import {getAuthCode, getTokenFromStorage} from './utils'
 
 vi.mock('./utils', async (importOriginal) => {
@@ -12,20 +14,31 @@ vi.mock('./utils', async (importOriginal) => {
   return {...original, getTokenFromStorage: vi.fn(), getAuthCode: vi.fn()}
 })
 
-describe('handleAuthCallback', () => {
+vi.mock('./subscribeToStateAndFetchCurrentUser')
+vi.mock('./subscribeToStorageEventsAndSetToken')
+
+let instance: SanityInstance | undefined
+
+describe('handleCallback', () => {
   beforeEach(() => {
     vi.clearAllMocks()
+    vi.mocked(subscribeToStateAndFetchCurrentUser).mockImplementation(() => NEVER.subscribe())
+    vi.mocked(subscribeToStorageEventsAndSetToken).mockImplementation(() => NEVER.subscribe())
+  })
+
+  afterEach(() => {
+    instance?.dispose()
   })
 
   it('trades the auth code for a token, sets the state to logged in, and sets the token in storage', async () => {
-    const mockRequest = vi.fn().mockResolvedValue({token: 'new-token'})
-    const clientFactory = vi.fn().mockReturnValue({request: mockRequest})
+    const request = vi.fn().mockResolvedValue({token: 'new-token'})
+    const clientFactory = vi.fn().mockReturnValue({request})
     const setItem = vi.fn()
     vi.mocked(getTokenFromStorage).mockReturnValue(null)
     const authCode = 'auth-code'
     vi.mocked(getAuthCode).mockReturnValue(authCode)
 
-    const instance = createSanityInstance({
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
@@ -34,15 +47,16 @@ describe('handleAuthCallback', () => {
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
-    expect(state.get()).toMatchObject({authState: {isExchangingToken: false}})
+    const authState = getAuthState(instance)
+
+    expect(authState.getCurrent()).toMatchObject({isExchangingToken: false})
 
     const resultPromise = handleAuthCallback(
-      {instance, state},
+      instance,
       'https://example.com/callback?foo=bar#withSid=code',
     )
 
-    expect(state.get()).toMatchObject({authState: {isExchangingToken: true}})
+    expect(authState.getCurrent()).toMatchObject({isExchangingToken: true})
     const result = await resultPromise
 
     expect(result).toBe('https://example.com/callback?foo=bar')
@@ -51,13 +65,13 @@ describe('handleAuthCallback', () => {
       requestTagPrefix: 'sanity.sdk.auth',
       useProjectHostname: false,
     })
-    expect(mockRequest).toHaveBeenLastCalledWith({
+    expect(request).toHaveBeenLastCalledWith({
       method: 'GET',
       query: {sid: authCode},
       tag: 'fetch-token',
       uri: '/auth/fetch',
     })
-    expect(setItem).toHaveBeenCalledWith(state.get().options.storageKey, '{"token":"new-token"}')
+    expect(setItem).toHaveBeenCalledWith('__sanity_auth_token', '{"token":"new-token"}')
   })
 
   it('returns early if there is a provided token', async () => {
@@ -68,7 +82,7 @@ describe('handleAuthCallback', () => {
     const authCode = 'auth-code'
     vi.mocked(getAuthCode).mockReturnValue(authCode)
 
-    const instance = createSanityInstance({
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
@@ -78,9 +92,8 @@ describe('handleAuthCallback', () => {
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
     const result = await handleAuthCallback(
-      {instance, state},
+      instance,
       'https://example.com/callback?foo=bar#withSid=code',
     )
 
@@ -90,37 +103,58 @@ describe('handleAuthCallback', () => {
   })
 
   it('returns early if already exchanging the the token', async () => {
-    const clientFactory = vi.fn()
+    let resolveRequest!: (value: {token: string; label: string}) => void
+    const requestPromise = new Promise<{token: string; label: string}>((resolve) => {
+      resolveRequest = resolve
+    })
+    vi.mocked(getAuthCode).mockReturnValue('code')
+    const request = vi.fn().mockReturnValue(requestPromise)
+    const clientFactory = vi.fn().mockReturnValue({request})
     const setItem = vi.fn()
 
-    const instance = createSanityInstance({
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
         clientFactory,
-        storageArea: {setItem} as unknown as Storage,
+        storageArea: {setItem: setItem as Storage['setItem']} as Storage,
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
-    state.set('setAlreadyExchanging', {
-      authState: {type: AuthStateType.LOGGING_IN, isExchangingToken: true},
+    const authState = getAuthState(instance)
+    expect(authState.getCurrent()).toMatchObject({type: AuthStateType.LOGGING_IN})
+
+    const locationHref = 'https://example.com/callback?foo=bar#withSid=code'
+    const originalResultPromise = handleAuthCallback(instance, locationHref)
+
+    expect(authState.getCurrent()).toMatchObject({
+      type: AuthStateType.LOGGING_IN,
+      isExchangingToken: true,
     })
-    const result = await handleAuthCallback(
-      {instance, state},
-      'https://example.com/callback?foo=bar#withSid=code',
-    )
 
-    expect(result).toBe(false)
+    // ensures mock calls are reset to zero
+    clientFactory.mockClear()
+    setItem.mockClear()
+
+    // notice how this resolves first
+    const earlyResult = await handleAuthCallback(instance, locationHref)
+    expect(earlyResult).toBe(false)
+
     expect(clientFactory).not.toHaveBeenCalled()
     expect(setItem).not.toHaveBeenCalled()
+
+    // this will resolve
+    resolveRequest({token: 'token', label: 'label'})
+    expect(await originalResultPromise).toBe('https://example.com/callback?foo=bar')
+
+    // expect(result).toBe(false)
   })
 
   it('returns early if there is no auth code present', async () => {
     const clientFactory = vi.fn()
     const setItem = vi.fn()
 
-    const instance = createSanityInstance({
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
@@ -130,9 +164,8 @@ describe('handleAuthCallback', () => {
     })
     vi.mocked(getAuthCode).mockReturnValue(null)
 
-    const state = createResourceState(authStore.getInitialState(instance))
     const result = await handleAuthCallback(
-      {instance, state},
+      instance,
       'https://example.com/callback?foo=bar#withSid=code',
     )
 
@@ -150,7 +183,7 @@ describe('handleAuthCallback', () => {
     const authCode = 'auth-code'
     vi.mocked(getAuthCode).mockReturnValue(authCode)
 
-    const instance = createSanityInstance({
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
@@ -159,14 +192,14 @@ describe('handleAuthCallback', () => {
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
+    const authState = getAuthState(instance)
     const result = await handleAuthCallback(
-      {instance, state},
+      instance,
       'https://example.com/callback?foo=bar#withSid=code',
     )
 
     expect(result).toBe(false)
-    expect(state.get()).toMatchObject({authState: {type: AuthStateType.ERROR, error}})
+    expect(authState.getCurrent()).toMatchObject({type: AuthStateType.ERROR, error})
 
     expect(clientFactory).toHaveBeenCalledWith({
       apiVersion: '2021-06-07',

package/src/auth/handleAuthCallback.ts

@@ -1,4 +1,4 @@
-import {createAction} from '../resources/createAction'
+import {bindActionGlobally} from '../store/createActionBinder'
 import {DEFAULT_API_VERSION, REQUEST_TAG_PREFIX} from './authConstants'
 import {AuthStateType} from './authStateType'
 import {authStore, type AuthStoreState, type DashboardContext} from './authStore'
@@ -7,11 +7,12 @@ import {getAuthCode, getDefaultLocation} from './utils'
 /**
  * @public
  */
-export const handleAuthCallback = createAction(authStore, ({state}) => {
-  const {providedToken, callbackUrl, clientFactory, apiHost, storageArea, storageKey} =
-    state.get().options
+export const handleAuthCallback = bindActionGlobally(
+  authStore,
+  async ({state}, locationHref: string = getDefaultLocation()) => {
+    const {providedToken, callbackUrl, clientFactory, apiHost, storageArea, storageKey} =
+      state.get().options
 
-  return async function (locationHref: string = getDefaultLocation()) {
     // If a token is provided, no need to handle callback
     if (providedToken) return false
 
@@ -69,5 +70,5 @@ export const handleAuthCallback = createAction(authStore, ({state}) => {
       state.set('exchangeSessionForTokenError', {authState: {type: AuthStateType.ERROR, error}})
       return false
     }
-  }
-})
+  },
+)

package/src/auth/logout.test.ts

@@ -1,10 +1,12 @@
+import {NEVER} from 'rxjs'
 import {describe, it} from 'vitest'
 
-import {createSanityInstance} from '../instance/sanityInstance'
-import {createResourceState} from '../resources/createResource'
+import {createSanityInstance, type SanityInstance} from '../store/createSanityInstance'
 import {AuthStateType} from './authStateType'
-import {authStore} from './authStore'
+import {getAuthState} from './authStore'
 import {logout} from './logout'
+import {subscribeToStateAndFetchCurrentUser} from './subscribeToStateAndFetchCurrentUser'
+import {subscribeToStorageEventsAndSetToken} from './subscribeToStorageEventsAndSetToken'
 import {getTokenFromStorage} from './utils'
 
 vi.mock('./utils', async (importOriginal) => {
@@ -12,28 +14,43 @@ vi.mock('./utils', async (importOriginal) => {
   return {...original, getTokenFromStorage: vi.fn()}
 })
 
+vi.mock('./subscribeToStateAndFetchCurrentUser')
+vi.mock('./subscribeToStorageEventsAndSetToken')
+
+let instance: SanityInstance | undefined
+
+beforeEach(() => {
+  vi.mocked(subscribeToStateAndFetchCurrentUser).mockImplementation(() => NEVER.subscribe())
+  vi.mocked(subscribeToStorageEventsAndSetToken).mockImplementation(() => NEVER.subscribe())
+})
+
+afterEach(() => {
+  instance?.dispose()
+})
+
 describe('logout', () => {
   it("calls '/auth/logout', sets the state to logged out, and removes any storage items", async () => {
     vi.mocked(getTokenFromStorage).mockReturnValue('token')
     const mockRequest = vi.fn().mockResolvedValue(undefined)
-    const mockClient = {request: mockRequest}
-    const clientFactory = vi.fn().mockReturnValue(mockClient)
-    const removeItem = vi.fn()
-    const instance = createSanityInstance({
+    const clientFactory = vi.fn().mockReturnValue({request: mockRequest})
+    const removeItem = vi.fn() as Storage['removeItem']
+
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
         clientFactory,
-        storageArea: {removeItem} as unknown as Storage,
+        storageArea: {removeItem} as Storage,
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
+    const authState = getAuthState(instance)
+    expect(authState.getCurrent()).toMatchObject({type: AuthStateType.LOGGED_IN})
 
-    const logoutPromise = logout({state, instance})
-    expect(state.get()).toMatchObject({authState: {isDestroyingSession: true}})
+    const logoutPromise = logout(instance)
+    expect(authState.getCurrent()).toMatchObject({isDestroyingSession: true})
     await logoutPromise
-    expect(state.get()).toMatchObject({authState: {isDestroyingSession: false}})
+    expect(authState.getCurrent()).toMatchObject({isDestroyingSession: false})
 
     expect(clientFactory).toHaveBeenCalledWith({
       apiVersion: '2021-06-07',
@@ -42,50 +59,65 @@ describe('logout', () => {
       useProjectHostname: false,
     })
     expect(mockRequest).toHaveBeenCalledWith({method: 'POST', uri: '/auth/logout'})
-    expect(removeItem).toHaveBeenCalledWith(state.get().options.storageKey)
+    expect(removeItem).toHaveBeenCalledWith('__sanity_auth_token')
   })
 
   it('returns early if there is a provided token', async () => {
     const clientFactory = vi.fn()
-    const removeItem = vi.fn()
-    const instance = createSanityInstance({
+    const removeItem = vi.fn() as Storage['removeItem']
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
         token: 'provided-token',
         clientFactory,
-        storageArea: {removeItem} as unknown as Storage,
+        storageArea: {removeItem} as Storage,
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
-
-    await logout({state, instance})
+    await logout(instance)
 
     expect(clientFactory).not.toHaveBeenCalled()
     expect(removeItem).not.toHaveBeenCalled()
   })
 
   it('returns early if the session is already destroying', async () => {
-    const clientFactory = vi.fn()
-    const removeItem = vi.fn()
-    const instance = createSanityInstance({
+    let resolveRequest!: () => void
+    const requestPromise = new Promise<void>((resolve) => {
+      resolveRequest = resolve
+    })
+    const request = vi.fn().mockReturnValue(requestPromise)
+    const clientFactory = vi.fn().mockReturnValue({request})
+    const removeItem = vi.fn() as Storage['removeItem']
+    vi.mocked(getTokenFromStorage).mockReturnValue('token')
+
+    instance = createSanityInstance({
       projectId: 'p',
       dataset: 'd',
       auth: {
-        token: 'provided-token',
         clientFactory,
-        storageArea: {removeItem} as unknown as Storage,
+        storageArea: {removeItem} as Storage,
       },
     })
 
-    const state = createResourceState(authStore.getInitialState(instance))
-    state.set('setAlreadyDestroying', {
-      authState: {type: AuthStateType.LOGGED_OUT, isDestroyingSession: true},
-    })
+    const authState = getAuthState(instance)
+    expect(authState.getCurrent()).toMatchObject({type: AuthStateType.LOGGED_IN})
+
+    const originalLogout = logout(instance)
+    expect(authState.getCurrent()).toMatchObject({isDestroyingSession: true})
+
+    // reset counts
+    clientFactory.mockClear()
+    vi.mocked(removeItem).mockClear()
+
+    await logout(instance) // should early return
 
-    await logout({state, instance})
     expect(clientFactory).not.toHaveBeenCalled()
     expect(removeItem).not.toHaveBeenCalled()
+
+    resolveRequest()
+
+    await originalLogout
+    expect(removeItem).toHaveBeenCalledOnce()
   })
 })