@stackframe/js 2.8.1 → 2.8.3

package/dist/lib/auth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/lib/auth.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { KnownError, StackClientInterface } from \"@stackframe/stack-shared\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { neverResolve } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { deindent } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { consumeVerifierAndStateCookie, saveVerifierAndState } from \"./cookie\";\n\nexport async function signInWithOAuth(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  }\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl),\n    codeChallenge,\n    state,\n    type: \"authenticate\",\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\nexport async function addNewOAuthProviderOrScope(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n *\n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\nfunction consumeOAuthCallbackQueryParams() {\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      console.warn(new Error(`Missing required query parameter on OAuth callback: ${param}. Maybe you opened or reloaded the oauth-callback page from your history?`));\n      return null;\n    }\n  }\n\n  const expectedState = originalUrl.searchParams.get(\"state\") ?? throwErr(\"This should never happen; isn't state required above?\");\n  const cookieResult = consumeVerifierAndStateCookie(expectedState);\n\n  if (!cookieResult) {\n    // If the state can't be found in the cookies, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    console.warn(deindent`\n      Stack found an outer OAuth callback state in the query parameters, but not in cookies.\n      \n      This could have multiple reasons:\n        - The cookie expired, because the OAuth flow took too long.\n        - The user's browser deleted the cookie, either manually or because of a very strict cookie policy.\n        - The cookie was already consumed by this page, and the user already logged in.\n        - You are using another OAuth client library with the same callback URL as Stack.\n        - The user opened the OAuth callback page from their history.\n\n      Either way, it is probably safe to ignore this warning unless you are debugging an OAuth issue.\n    `);\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return {\n    originalUrl,\n    codeVerifier: cookieResult.codeVerifier,\n    state: expectedState,\n  };\n}\n\nexport async function callOAuthCallback(\n  iface: StackClientInterface,\n  redirectUrl: string,\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const consumed = consumeOAuthCallbackQueryParams();\n  if (!consumed) return Result.ok(undefined);\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback, and the only instance\n  // of callOAuthCallback that's running)\n  try {\n    return Result.ok(await iface.callOAuthCallback({\n      oauthParams: consumed.originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl),\n      codeVerifier: consumed.codeVerifier,\n      state: consumed.state,\n    }));\n  } catch (e) {\n    if (e instanceof KnownError) {\n      throw e;\n    }\n    throw new StackAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAiD;AAEjD,oBAA8C;AAC9C,sBAA6B;AAC7B,qBAAuB;AACvB,qBAAyB;AACzB,iBAAqC;AACrC,oBAAoE;AAEpE,eAAsB,gBACpB,OACA,SAMA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,WAAW;AAAA,IACrD,sBAAkB,iCAAqB,QAAQ,gBAAgB;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAEA,eAAsB,2BACpB,OACA,SAMA,SACA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,WAAW;AAAA,IACrD,sBAAkB,iCAAqB,QAAQ,gBAAgB;AAAA,IAC/D,8BAA0B,iCAAqB,OAAO,SAAS,IAAI;AAAA,IACnE;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAOA,SAAS,kCAAkC;AACzC,QAAM,iBAAiB,CAAC,QAAQ,OAAO;AACvC,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,IAAI;AAChD,aAAW,SAAS,gBAAgB;AAClC,QAAI,CAAC,YAAY,aAAa,IAAI,KAAK,GAAG;AACxC,cAAQ,KAAK,IAAI,MAAM,uDAAuD,KAAK,2EAA2E,CAAC;AAC/J,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,gBAAgB,YAAY,aAAa,IAAI,OAAO,SAAK,wBAAS,uDAAuD;AAC/H,QAAM,mBAAe,6CAA8B,aAAa;AAEhE,MAAI,CAAC,cAAc;AAGjB,YAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KAWZ;AACD,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,IAAI,IAAI,WAAW;AAClC,aAAW,SAAS,gBAAgB;AAClC,WAAO,aAAa,OAAO,KAAK;AAAA,EAClC;AAQA,SAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,OAAO,SAAS,CAAC;AAErD,SAAO;AAAA,IACL;AAAA,IACA,cAAc,aAAa;AAAA,IAC3B,OAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBACpB,OACA,aACA;AAIA,QAAM,WAAW,gCAAgC;AACjD,MAAI,CAAC,SAAU,QAAO,sBAAO,GAAG,MAAS;AAKzC,MAAI;AACF,WAAO,sBAAO,GAAG,MAAM,MAAM,kBAAkB;AAAA,MAC7C,aAAa,SAAS,YAAY;AAAA,MAClC,iBAAa,iCAAqB,WAAW;AAAA,MAC7C,cAAc,SAAS;AAAA,MACvB,OAAO,SAAS;AAAA,IAClB,CAAC,CAAC;AAAA,EACJ,SAAS,GAAG;AACV,QAAI,aAAa,gCAAY;AAC3B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,kCAAoB,6DAA6D,EAAE,OAAO,EAAE,CAAC;AAAA,EACzG;AACF;","names":[]}
+{"version":3,"sources":["../../src/lib/auth.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { KnownError, StackClientInterface } from \"@stackframe/stack-shared\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { neverResolve } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { deindent } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { consumeVerifierAndStateCookie, saveVerifierAndState } from \"./cookie\";\n\nexport async function signInWithOAuth(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  }\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl, \"redirectUrl\"),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl, \"errorRedirectUrl\"),\n    codeChallenge,\n    state,\n    type: \"authenticate\",\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\nexport async function addNewOAuthProviderOrScope(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl, \"redirectUrl\"),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl, \"errorRedirectUrl\"),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href, \"afterCallbackRedirectUrl\"),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n *\n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\nfunction consumeOAuthCallbackQueryParams() {\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      console.warn(new Error(`Missing required query parameter on OAuth callback: ${param}. Maybe you opened or reloaded the oauth-callback page from your history?`));\n      return null;\n    }\n  }\n\n  const expectedState = originalUrl.searchParams.get(\"state\") ?? throwErr(\"This should never happen; isn't state required above?\");\n  const cookieResult = consumeVerifierAndStateCookie(expectedState);\n\n  if (!cookieResult) {\n    // If the state can't be found in the cookies, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    console.warn(deindent`\n      Stack found an outer OAuth callback state in the query parameters, but not in cookies.\n      \n      This could have multiple reasons:\n        - The cookie expired, because the OAuth flow took too long.\n        - The user's browser deleted the cookie, either manually or because of a very strict cookie policy.\n        - The cookie was already consumed by this page, and the user already logged in.\n        - You are using another OAuth client library with the same callback URL as Stack.\n        - The user opened the OAuth callback page from their history.\n\n      Either way, it is probably safe to ignore this warning unless you are debugging an OAuth issue.\n    `);\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return {\n    originalUrl,\n    codeVerifier: cookieResult.codeVerifier,\n    state: expectedState,\n  };\n}\n\nexport async function callOAuthCallback(\n  iface: StackClientInterface,\n  redirectUrl: string,\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const consumed = consumeOAuthCallbackQueryParams();\n  if (!consumed) return Result.ok(undefined);\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback, and the only instance\n  // of callOAuthCallback that's running)\n  try {\n    return Result.ok(await iface.callOAuthCallback({\n      oauthParams: consumed.originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl, \"redirectUri\"),\n      codeVerifier: consumed.codeVerifier,\n      state: consumed.state,\n    }));\n  } catch (e) {\n    if (e instanceof KnownError) {\n      throw e;\n    }\n    throw new StackAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAiD;AAEjD,oBAA8C;AAC9C,sBAA6B;AAC7B,qBAAuB;AACvB,qBAAyB;AACzB,iBAAqC;AACrC,oBAAoE;AAEpE,eAAsB,gBACpB,OACA,SAMA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,aAAa,aAAa;AAAA,IACpE,sBAAkB,iCAAqB,QAAQ,kBAAkB,kBAAkB;AAAA,IACnF;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAEA,eAAsB,2BACpB,OACA,SAMA,SACA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,aAAa,aAAa;AAAA,IACpE,sBAAkB,iCAAqB,QAAQ,kBAAkB,kBAAkB;AAAA,IACnF,8BAA0B,iCAAqB,OAAO,SAAS,MAAM,0BAA0B;AAAA,IAC/F;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAOA,SAAS,kCAAkC;AACzC,QAAM,iBAAiB,CAAC,QAAQ,OAAO;AACvC,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,IAAI;AAChD,aAAW,SAAS,gBAAgB;AAClC,QAAI,CAAC,YAAY,aAAa,IAAI,KAAK,GAAG;AACxC,cAAQ,KAAK,IAAI,MAAM,uDAAuD,KAAK,2EAA2E,CAAC;AAC/J,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,gBAAgB,YAAY,aAAa,IAAI,OAAO,SAAK,wBAAS,uDAAuD;AAC/H,QAAM,mBAAe,6CAA8B,aAAa;AAEhE,MAAI,CAAC,cAAc;AAGjB,YAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KAWZ;AACD,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,IAAI,IAAI,WAAW;AAClC,aAAW,SAAS,gBAAgB;AAClC,WAAO,aAAa,OAAO,KAAK;AAAA,EAClC;AAQA,SAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,OAAO,SAAS,CAAC;AAErD,SAAO;AAAA,IACL;AAAA,IACA,cAAc,aAAa;AAAA,IAC3B,OAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBACpB,OACA,aACA;AAIA,QAAM,WAAW,gCAAgC;AACjD,MAAI,CAAC,SAAU,QAAO,sBAAO,GAAG,MAAS;AAKzC,MAAI;AACF,WAAO,sBAAO,GAAG,MAAM,MAAM,kBAAkB;AAAA,MAC7C,aAAa,SAAS,YAAY;AAAA,MAClC,iBAAa,iCAAqB,aAAa,aAAa;AAAA,MAC5D,cAAc,SAAS;AAAA,MACvB,OAAO,SAAS;AAAA,IAClB,CAAC,CAAC;AAAA,EACJ,SAAS,GAAG;AACV,QAAI,aAAa,gCAAY;AAC3B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,kCAAoB,6DAA6D,EAAE,OAAO,EAAE,CAAC;AAAA,EACzG;AACF;","names":[]}

package/dist/lib/stack-app/api-keys/index.js

@@ -20,20 +20,29 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/lib/stack-app/api-keys/index.ts
 var api_keys_exports = {};
 __export(api_keys_exports, {
-  apiKeyCreateOptionsToCrud: () => apiKeyCreateOptionsToCrud
+  apiKeyCreationOptionsToCrud: () => apiKeyCreationOptionsToCrud,
+  apiKeyUpdateOptionsToCrud: () => apiKeyUpdateOptionsToCrud
 });
 module.exports = __toCommonJS(api_keys_exports);
-function apiKeyCreateOptionsToCrud(options) {
+var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
+async function apiKeyCreationOptionsToCrud(type, userIdOrTeamId, options) {
   return {
     description: options.description,
-    expires_at_millis: options.expiresAt.getTime(),
-    has_publishable_client_key: options.hasPublishableClientKey,
-    has_secret_server_key: options.hasSecretServerKey,
-    has_super_secret_admin_key: options.hasSuperSecretAdminKey
+    expires_at_millis: options.expiresAt == null ? options.expiresAt : options.expiresAt.getTime(),
+    is_public: options.isPublic,
+    ...type === "user" ? { user_id: userIdOrTeamId } : { team_id: userIdOrTeamId }
   };
 }
+async function apiKeyUpdateOptionsToCrud(type, options) {
+  return (0, import_objects.filterUndefined)({
+    description: options.description,
+    expires_at_millis: options.expiresAt == null ? options.expiresAt : options.expiresAt.getTime(),
+    revoked: options.revoked
+  });
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  apiKeyCreateOptionsToCrud
+  apiKeyCreationOptionsToCrud,
+  apiKeyUpdateOptionsToCrud
 });
 //# sourceMappingURL=index.js.map

package/dist/lib/stack-app/api-keys/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/lib/stack-app/api-keys/index.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { ApiKeyCreateCrudRequest } from \"@stackframe/stack-shared/dist/interface/adminInterface\";\nimport { ApiKeysCrud } from \"@stackframe/stack-shared/dist/interface/crud/api-keys\";\n\n\nexport type ApiKeyBase = {\n  id: string,\n  description: string,\n  expiresAt: Date,\n  manuallyRevokedAt: Date | null,\n  createdAt: Date,\n  isValid(): boolean,\n  whyInvalid(): \"expired\" | \"manually-revoked\" | null,\n  revoke(): Promise<void>,\n};\n\nexport type ApiKeyBaseCrudRead = Pick<ApiKeysCrud[\"Admin\"][\"Read\"], \"id\" | \"created_at_millis\" | \"description\" | \"expires_at_millis\" | \"manually_revoked_at_millis\">;\n\nexport type ApiKeyFirstView = {\n  publishableClientKey?: string,\n  secretServerKey?: string,\n  superSecretAdminKey?: string,\n} & ApiKeyBase;\n\nexport type ApiKey = {\n  publishableClientKey: null | {\n    lastFour: string,\n  },\n  secretServerKey: null | {\n    lastFour: string,\n  },\n  superSecretAdminKey: null | {\n    lastFour: string,\n  },\n} & ApiKeyBase;\n\nexport type ApiKeyCreateOptions = {\n  description: string,\n  expiresAt: Date,\n  hasPublishableClientKey: boolean,\n  hasSecretServerKey: boolean,\n  hasSuperSecretAdminKey: boolean,\n};\nexport function apiKeyCreateOptionsToCrud(options: ApiKeyCreateOptions): ApiKeyCreateCrudRequest {\n  return {\n    description: options.description,\n    expires_at_millis: options.expiresAt.getTime(),\n    has_publishable_client_key: options.hasPublishableClientKey,\n    has_secret_server_key: options.hasSecretServerKey,\n    has_super_secret_admin_key: options.hasSuperSecretAdminKey,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA8CO,SAAS,0BAA0B,SAAuD;AAC/F,SAAO;AAAA,IACL,aAAa,QAAQ;AAAA,IACrB,mBAAmB,QAAQ,UAAU,QAAQ;AAAA,IAC7C,4BAA4B,QAAQ;AAAA,IACpC,uBAAuB,QAAQ;AAAA,IAC/B,4BAA4B,QAAQ;AAAA,EACtC;AACF;","names":[]}
+{"version":3,"sources":["../../../../src/lib/stack-app/api-keys/index.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { TeamApiKeysCrud, UserApiKeysCrud, teamApiKeysCreateInputSchema, userApiKeysCreateInputSchema } from \"@stackframe/stack-shared/dist/interface/crud/project-api-keys\";\nimport { filterUndefined } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { IfAndOnlyIf, PrettifyType } from \"@stackframe/stack-shared/dist/utils/types\";\nimport type * as yup from \"yup\";\n\nexport type ApiKeyType = \"user\" | \"team\";\n\nexport type ApiKey<Type extends ApiKeyType = ApiKeyType, IsFirstView extends boolean = false> =\n  & {\n      id: string,\n      description: string,\n      expiresAt?: Date,\n      manuallyRevokedAt?: Date | null,\n      createdAt: Date,\n      value: IfAndOnlyIf<IsFirstView, true, string, { lastFour: string }>,\n      update(options: ApiKeyUpdateOptions<Type>): Promise<void>,\n      revoke: () => Promise<void>,\n      isValid: () => boolean,\n      whyInvalid: () => \"manually-revoked\" | \"expired\" | null,\n    }\n  & (\n    | (\"user\" extends Type ? { type: \"user\", userId: string } : never)\n    | (\"team\" extends Type ? { type: \"team\", teamId: string } : never)\n  );\n\nexport type UserApiKeyFirstView = PrettifyType<ApiKey<\"user\", true>>;\nexport type UserApiKey = PrettifyType<ApiKey<\"user\", false>>;\n\nexport type TeamApiKeyFirstView = PrettifyType<ApiKey<\"team\", true>>;\nexport type TeamApiKey = PrettifyType<ApiKey<\"team\", false>>;\n\nexport type ApiKeyCreationOptions<Type extends ApiKeyType = ApiKeyType> =\n  & {\n    description: string,\n    expiresAt: Date | null,\n    /**\n     * Whether the API key should be considered public. A public API key will not be detected by the secret scanner, which\n     * automatically revokes API keys when it detects that they may have been exposed to the public.\n     */\n    isPublic?: boolean,\n  };\nexport function apiKeyCreationOptionsToCrud(type: \"user\", userId: string, options: ApiKeyCreationOptions<\"user\">): Promise<yup.InferType<typeof userApiKeysCreateInputSchema>>;\nexport function apiKeyCreationOptionsToCrud(type: \"team\", teamId: string, options: ApiKeyCreationOptions<\"team\">): Promise<yup.InferType<typeof teamApiKeysCreateInputSchema>>;\nexport function apiKeyCreationOptionsToCrud(type: ApiKeyType, userIdOrTeamId: string, options: ApiKeyCreationOptions): Promise<yup.InferType<typeof userApiKeysCreateInputSchema> | yup.InferType<typeof teamApiKeysCreateInputSchema>>;\nexport async function apiKeyCreationOptionsToCrud(type: ApiKeyType, userIdOrTeamId: string, options: ApiKeyCreationOptions): Promise<yup.InferType<typeof userApiKeysCreateInputSchema> | yup.InferType<typeof teamApiKeysCreateInputSchema>> {\n  return {\n    description: options.description,\n    expires_at_millis: options.expiresAt == null ? options.expiresAt : options.expiresAt.getTime(),\n    is_public: options.isPublic,\n    ...(type === \"user\" ? { user_id: userIdOrTeamId } : { team_id: userIdOrTeamId }),\n  };\n}\n\n\nexport type ApiKeyUpdateOptions<Type extends ApiKeyType = ApiKeyType> = {\n  description?: string,\n  expiresAt?: Date | null,\n  revoked?: boolean,\n};\nexport function apiKeyUpdateOptionsToCrud(type: \"user\", options: ApiKeyUpdateOptions<\"user\">): Promise<UserApiKeysCrud[\"Client\"][\"Update\"]>;\nexport function apiKeyUpdateOptionsToCrud(type: \"team\", options: ApiKeyUpdateOptions<\"team\">): Promise<TeamApiKeysCrud[\"Client\"][\"Update\"]>;\nexport function apiKeyUpdateOptionsToCrud(type: ApiKeyType, options: ApiKeyUpdateOptions): Promise<UserApiKeysCrud[\"Client\"][\"Update\"] | TeamApiKeysCrud[\"Client\"][\"Update\"]>;\nexport async function apiKeyUpdateOptionsToCrud(type: ApiKeyType, options: ApiKeyUpdateOptions): Promise<UserApiKeysCrud[\"Client\"][\"Update\"] | TeamApiKeysCrud[\"Client\"][\"Update\"]> {\n  return filterUndefined({\n    description: options.description,\n    expires_at_millis: options.expiresAt == null ? options.expiresAt : options.expiresAt.getTime(),\n    revoked: options.revoked,\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAAgC;AA2ChC,eAAsB,4BAA4B,MAAkB,gBAAwB,SAAkJ;AAC5O,SAAO;AAAA,IACL,aAAa,QAAQ;AAAA,IACrB,mBAAmB,QAAQ,aAAa,OAAO,QAAQ,YAAY,QAAQ,UAAU,QAAQ;AAAA,IAC7F,WAAW,QAAQ;AAAA,IACnB,GAAI,SAAS,SAAS,EAAE,SAAS,eAAe,IAAI,EAAE,SAAS,eAAe;AAAA,EAChF;AACF;AAWA,eAAsB,0BAA0B,MAAkB,SAAkH;AAClL,aAAO,gCAAgB;AAAA,IACrB,aAAa,QAAQ;AAAA,IACrB,mBAAmB,QAAQ,aAAa,OAAO,QAAQ,YAAY,QAAQ,UAAU,QAAQ;AAAA,IAC7F,SAAS,QAAQ;AAAA,EACnB,CAAC;AACH;","names":[]}

package/dist/lib/stack-app/apps/implementations/admin-app-impl.js

@@ -28,9 +28,9 @@ var import_production_mode = require("@stackframe/stack-shared/dist/helpers/prod
 var import_errors = require("@stackframe/stack-shared/dist/utils/errors");
 var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
 var import_results = require("@stackframe/stack-shared/dist/utils/results");
-var import_api_keys = require("../../api-keys");
 var import_common = require("../../common");
 var import_email_templates = require("../../email-templates");
+var import_internal_api_keys = require("../../internal-api-keys");
 var import_permissions = require("../../permissions");
 var import_projects = require("../../projects");
 var import_common2 = require("./common");
@@ -62,8 +62,9 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
     this._adminProjectCache = (0, import_common2.createCache)(async () => {
       return await this._interface.getProject();
     });
-    this._apiKeysCache = (0, import_common2.createCache)(async () => {
-      return await this._interface.listApiKeys();
+    this._internalApiKeysCache = (0, import_common2.createCache)(async () => {
+      const res = await this._interface.listInternalApiKeys();
+      return res;
     });
     this._adminEmailTemplatesCache = (0, import_common2.createCache)(async () => {
       return await this._interface.listEmailTemplates();
@@ -113,6 +114,8 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
         clientUserDeletionEnabled: data.config.client_user_deletion_enabled,
         allowLocalhost: data.config.allow_localhost,
         oauthAccountMergeStrategy: data.config.oauth_account_merge_strategy,
+        allowUserApiKeys: data.config.allow_user_api_keys,
+        allowTeamApiKeys: data.config.allow_team_api_keys,
         oauthProviders: data.config.oauth_providers.map((p) => p.type === "shared" ? {
           id: p.id,
           enabled: p.enabled,
@@ -175,7 +178,7 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
       () => this._refreshProject()
     );
   }
-  _createApiKeyBaseFromCrud(data) {
+  _createInternalApiKeyBaseFromCrud(data) {
     const app = this;
     return {
       id: data.id,
@@ -192,36 +195,36 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
         return null;
       },
       async revoke() {
-        const res = await app._interface.revokeApiKeyById(data.id);
-        await app._refreshApiKeys();
+        const res = await app._interface.revokeInternalApiKeyById(data.id);
+        await app._refreshInternalApiKeys();
         return res;
       }
     };
   }
-  _createApiKeyFromCrud(data) {
+  _createInternalApiKeyFromCrud(data) {
     return {
-      ...this._createApiKeyBaseFromCrud(data),
+      ...this._createInternalApiKeyBaseFromCrud(data),
       publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,
       secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,
       superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null
     };
   }
-  _createApiKeyFirstViewFromCrud(data) {
+  _createInternalApiKeyFirstViewFromCrud(data) {
     return {
-      ...this._createApiKeyBaseFromCrud(data),
+      ...this._createInternalApiKeyBaseFromCrud(data),
       publishableClientKey: data.publishable_client_key,
       secretServerKey: data.secret_server_key,
       superSecretAdminKey: data.super_secret_admin_key
     };
   }
-  async listApiKeys() {
-    const crud = import_results.Result.orThrow(await this._apiKeysCache.getOrWait([], "write-only"));
-    return crud.map((j) => this._createApiKeyFromCrud(j));
+  async listInternalApiKeys() {
+    const crud = import_results.Result.orThrow(await this._internalApiKeysCache.getOrWait([], "write-only"));
+    return crud.map((j) => this._createInternalApiKeyFromCrud(j));
   }
-  async createApiKey(options) {
-    const crud = await this._interface.createApiKey((0, import_api_keys.apiKeyCreateOptionsToCrud)(options));
-    await this._refreshApiKeys();
-    return this._createApiKeyFirstViewFromCrud(crud);
+  async createInternalApiKey(options) {
+    const crud = await this._interface.createInternalApiKey((0, import_internal_api_keys.internalApiKeyCreateOptionsToCrud)(options));
+    await this._refreshInternalApiKeys();
+    return this._createInternalApiKeyFirstViewFromCrud(crud);
   }
   async listEmailTemplates() {
     const crud = import_results.Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], "write-only"));
@@ -275,8 +278,8 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
       this._adminProjectCache.refresh([])
     ]);
   }
-  async _refreshApiKeys() {
-    await this._apiKeysCache.refresh([]);
+  async _refreshInternalApiKeys() {
+    await this._internalApiKeysCache.refresh([]);
   }
   get [import_common.stackAppInternalsSymbol]() {
     return {

package/dist/lib/stack-app/apps/implementations/admin-app-impl.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../src/lib/stack-app/apps/implementations/admin-app-impl.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { StackAdminInterface } from \"@stackframe/stack-shared\";\nimport { getProductionModeErrors } from \"@stackframe/stack-shared/dist/helpers/production-mode\";\nimport { ApiKeyCreateCrudResponse } from \"@stackframe/stack-shared/dist/interface/adminInterface\";\nimport { ApiKeysCrud } from \"@stackframe/stack-shared/dist/interface/crud/api-keys\";\nimport { EmailTemplateCrud, EmailTemplateType } from \"@stackframe/stack-shared/dist/interface/crud/email-templates\";\nimport { InternalProjectsCrud } from \"@stackframe/stack-shared/dist/interface/crud/projects\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { pick } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { AdminSentEmail } from \"../..\";\nimport { ApiKey, ApiKeyBase, ApiKeyBaseCrudRead, ApiKeyCreateOptions, ApiKeyFirstView, apiKeyCreateOptionsToCrud } from \"../../api-keys\";\nimport { EmailConfig, stackAppInternalsSymbol } from \"../../common\";\nimport { AdminEmailTemplate, AdminEmailTemplateUpdateOptions, adminEmailTemplateUpdateOptionsToCrud } from \"../../email-templates\";\nimport { AdminTeamPermission, AdminTeamPermissionDefinition, AdminTeamPermissionDefinitionCreateOptions, AdminTeamPermissionDefinitionUpdateOptions, AdminProjectPermission, AdminProjectPermissionDefinition, AdminProjectPermissionDefinitionCreateOptions, AdminProjectPermissionDefinitionUpdateOptions, adminTeamPermissionDefinitionCreateOptionsToCrud, adminTeamPermissionDefinitionUpdateOptionsToCrud, adminProjectPermissionDefinitionCreateOptionsToCrud, adminProjectPermissionDefinitionUpdateOptionsToCrud } from \"../../permissions\";\nimport { AdminOwnedProject, AdminProject, AdminProjectUpdateOptions, adminProjectUpdateOptionsToCrud } from \"../../projects\";\nimport { StackAdminApp, StackAdminAppConstructorOptions } from \"../interfaces/admin-app\";\nimport { clientVersion, createCache, getBaseUrl, getDefaultProjectId, getDefaultPublishableClientKey, getDefaultSecretServerKey, getDefaultSuperSecretAdminKey } from \"./common\";\nimport { _StackServerAppImplIncomplete } from \"./server-app-impl\";\n\n\nexport class _StackAdminAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string> extends _StackServerAppImplIncomplete<HasTokenStore, ProjectId> implements StackAdminApp<HasTokenStore, ProjectId>\n{\n  declare protected _interface: StackAdminInterface;\n\n  private readonly _adminProjectCache = createCache(async () => {\n    return await this._interface.getProject();\n  });\n  private readonly _apiKeysCache = createCache(async () => {\n    return await this._interface.listApiKeys();\n  });\n  private readonly _adminEmailTemplatesCache = createCache(async () => {\n    return await this._interface.listEmailTemplates();\n  });\n  private readonly _adminTeamPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listTeamPermissionDefinitions();\n  });\n  private readonly _adminProjectPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listProjectPermissionDefinitions();\n  });\n  private readonly _svixTokenCache = createCache(async () => {\n    return await this._interface.getSvixToken();\n  });\n  private readonly _metricsCache = createCache(async () => {\n    return await this._interface.getMetrics();\n  });\n\n  constructor(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>) {\n    super({\n      interface: new StackAdminInterface({\n        getBaseUrl: () => getBaseUrl(options.baseUrl),\n        projectId: options.projectId ?? getDefaultProjectId(),\n        extraRequestHeaders: options.extraRequestHeaders ?? {},\n        clientVersion,\n        ...\"projectOwnerSession\" in options ? {\n          projectOwnerSession: options.projectOwnerSession,\n        } : {\n          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),\n          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),\n          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey(),\n        },\n      }),\n      baseUrl: options.baseUrl,\n      extraRequestHeaders: options.extraRequestHeaders,\n      projectId: options.projectId,\n      tokenStore: options.tokenStore,\n      urls: options.urls,\n      oauthScopesOnSignIn: options.oauthScopesOnSignIn,\n      redirectMethod: options.redirectMethod,\n    });\n  }\n\n  _adminOwnedProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminOwnedProject {\n    if (this._tokenStoreInit !== null) {\n      throw new StackAssertionError(\"Owned apps must always have tokenStore === null — did you not create this project with app._createOwnedApp()?\");;\n    }\n    return {\n      ...this._adminProjectFromCrud(data, onRefresh),\n      app: this as StackAdminApp<false>,\n    };\n  }\n\n  _adminProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminProject {\n    if (data.id !== this.projectId) {\n      throw new StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);\n    }\n\n    const app = this;\n    return {\n      id: data.id,\n      displayName: data.display_name,\n      description: data.description,\n      createdAt: new Date(data.created_at_millis),\n      userCount: data.user_count,\n      isProductionMode: data.is_production_mode,\n      config: {\n        id: data.config.id,\n        signUpEnabled: data.config.sign_up_enabled,\n        credentialEnabled: data.config.credential_enabled,\n        magicLinkEnabled: data.config.magic_link_enabled,\n        passkeyEnabled: data.config.passkey_enabled,\n        clientTeamCreationEnabled: data.config.client_team_creation_enabled,\n        clientUserDeletionEnabled: data.config.client_user_deletion_enabled,\n        allowLocalhost: data.config.allow_localhost,\n        oauthAccountMergeStrategy: data.config.oauth_account_merge_strategy,\n        oauthProviders: data.config.oauth_providers.map((p) => ((p.type === 'shared' ? {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'shared',\n        } as const : {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'standard',\n          clientId: p.client_id ?? throwErr(\"Client ID is missing\"),\n          clientSecret: p.client_secret ?? throwErr(\"Client secret is missing\"),\n          facebookConfigId: p.facebook_config_id,\n          microsoftTenantId: p.microsoft_tenant_id,\n        } as const))),\n        emailConfig: data.config.email_config.type === 'shared' ? {\n          type: 'shared'\n        } : {\n          type: 'standard',\n          host: data.config.email_config.host ?? throwErr(\"Email host is missing\"),\n          port: data.config.email_config.port ?? throwErr(\"Email port is missing\"),\n          username: data.config.email_config.username ?? throwErr(\"Email username is missing\"),\n          password: data.config.email_config.password ?? throwErr(\"Email password is missing\"),\n          senderName: data.config.email_config.sender_name ?? throwErr(\"Email sender name is missing\"),\n          senderEmail: data.config.email_config.sender_email ?? throwErr(\"Email sender email is missing\"),\n        },\n        domains: data.config.domains.map((d) => ({\n          domain: d.domain,\n          handlerPath: d.handler_path,\n        })),\n        createTeamOnSignUp: data.config.create_team_on_sign_up,\n        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,\n        teamMemberDefaultPermissions: data.config.team_member_default_permissions,\n        userDefaultPermissions: data.config.user_default_permissions,\n      },\n\n      async update(update: AdminProjectUpdateOptions) {\n        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));\n        await onRefresh();\n      },\n      async delete() {\n        await app._interface.deleteProject();\n      },\n      async getProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n      useProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n    };\n  }\n\n  _adminEmailTemplateFromCrud(data: EmailTemplateCrud['Admin']['Read']): AdminEmailTemplate {\n    return {\n      type: data.type,\n      subject: data.subject,\n      content: data.content,\n      isDefault: data.is_default,\n    };\n  }\n\n  override async getProject(): Promise<AdminProject> {\n    return this._adminProjectFromCrud(\n      Result.orThrow(await this._adminProjectCache.getOrWait([], \"write-only\")),\n      () => this._refreshProject()\n    );\n  }\n\n\n  protected _createApiKeyBaseFromCrud(data: ApiKeyBaseCrudRead): ApiKeyBase {\n    const app = this;\n    return {\n      id: data.id,\n      description: data.description,\n      expiresAt: new Date(data.expires_at_millis),\n      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,\n      createdAt: new Date(data.created_at_millis),\n      isValid() {\n        return this.whyInvalid() === null;\n      },\n      whyInvalid() {\n        if (this.expiresAt.getTime() < Date.now()) return \"expired\";\n        if (this.manuallyRevokedAt) return \"manually-revoked\";\n        return null;\n      },\n      async revoke() {\n        const res = await app._interface.revokeApiKeyById(data.id);\n        await app._refreshApiKeys();\n        return res;\n      }\n    };\n  }\n\n  protected _createApiKeyFromCrud(data: ApiKeysCrud[\"Admin\"][\"Read\"]): ApiKey {\n    return {\n      ...this._createApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,\n      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,\n      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null,\n    };\n  }\n\n  protected _createApiKeyFirstViewFromCrud(data: ApiKeyCreateCrudResponse): ApiKeyFirstView {\n    return {\n      ...this._createApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key,\n      secretServerKey: data.secret_server_key,\n      superSecretAdminKey: data.super_secret_admin_key,\n    };\n  }\n\n  async listApiKeys(): Promise<ApiKey[]> {\n    const crud = Result.orThrow(await this._apiKeysCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._createApiKeyFromCrud(j));\n  }\n\n\n  async createApiKey(options: ApiKeyCreateOptions): Promise<ApiKeyFirstView> {\n    const crud = await this._interface.createApiKey(apiKeyCreateOptionsToCrud(options));\n    await this._refreshApiKeys();\n    return this._createApiKeyFirstViewFromCrud(crud);\n  }\n\n  async listEmailTemplates(): Promise<AdminEmailTemplate[]> {\n    const crud = Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._adminEmailTemplateFromCrud(j));\n  }\n\n  async updateEmailTemplate(type: EmailTemplateType, data: AdminEmailTemplateUpdateOptions): Promise<void> {\n    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async resetEmailTemplate(type: EmailTemplateType) {\n    await this._interface.resetEmailTemplate(type);\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async createTeamPermissionDefinition(data: AdminTeamPermissionDefinitionCreateOptions): Promise<AdminTeamPermission>{\n    const crud = await this._interface.createTeamPermissionDefinition(adminTeamPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n    return this._serverTeamPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateTeamPermissionDefinition(permissionId: string, data: AdminTeamPermissionDefinitionUpdateOptions) {\n    await this._interface.updateTeamPermissionDefinition(permissionId, adminTeamPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteTeamPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deleteTeamPermissionDefinition(permissionId);\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listTeamPermissionDefinitions(): Promise<AdminTeamPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));\n  }\n\n\n  async createProjectPermissionDefinition(data: AdminProjectPermissionDefinitionCreateOptions): Promise<AdminProjectPermission> {\n    const crud = await this._interface.createProjectPermissionDefinition(adminProjectPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n    return this._serverProjectPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateProjectPermissionDefinition(permissionId: string, data: AdminProjectPermissionDefinitionUpdateOptions) {\n    await this._interface.updateProjectPermissionDefinition(permissionId, adminProjectPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteProjectPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deleteProjectPermissionDefinition(permissionId);\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listProjectPermissionDefinitions(): Promise<AdminProjectPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminProjectPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverProjectPermissionDefinitionFromCrud(p));\n  }\n\n\n  protected override async _refreshProject() {\n    await Promise.all([\n      super._refreshProject(),\n      this._adminProjectCache.refresh([]),\n    ]);\n  }\n\n  protected async _refreshApiKeys() {\n    await this._apiKeysCache.refresh([]);\n  }\n\n  get [stackAppInternalsSymbol]() {\n    return {\n      ...super[stackAppInternalsSymbol],\n    };\n  }\n\n  async sendTestEmail(options: {\n    recipientEmail: string,\n    emailConfig: EmailConfig,\n  }): Promise<Result<undefined, { errorMessage: string }>> {\n    const response = await this._interface.sendTestEmail({\n      recipient_email: options.recipientEmail,\n      email_config: {\n        ...(pick(options.emailConfig, ['host', 'port', 'username', 'password'])),\n        sender_email: options.emailConfig.senderEmail,\n        sender_name: options.emailConfig.senderName,\n      },\n    });\n\n    if (response.success) {\n      return Result.ok(undefined);\n    } else {\n      return Result.error({ errorMessage: response.error_message ?? throwErr(\"Email test error not specified\") });\n    }\n  }\n\n  async listSentEmails(): Promise<AdminSentEmail[]> {\n    const response = await this._interface.listSentEmails();\n    return response.items.map((email) => ({\n      id: email.id,\n      to: email.to ?? [],\n      subject: email.subject,\n      recipient: email.to?.[0] ?? \"\",\n      sentAt: new Date(email.sent_at_millis),\n      error: email.error,\n    }));\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAoC;AACpC,6BAAwC;AAKxC,oBAA8C;AAC9C,qBAAqB;AACrB,qBAAuB;AAEvB,sBAAwH;AACxH,oBAAqD;AACrD,6BAA2G;AAC3G,yBAAigB;AACjgB,sBAA4G;AAE5G,IAAAA,iBAAsK;AACtK,6BAA8C;AAGvC,IAAM,+BAAN,cAAoG,qDAC3G;AAAA,EAyBE,YAAY,SAAoE;AAC9E,UAAM;AAAA,MACJ,WAAW,IAAI,wCAAoB;AAAA,QACjC,YAAY,UAAM,2BAAW,QAAQ,OAAO;AAAA,QAC5C,WAAW,QAAQ,iBAAa,oCAAoB;AAAA,QACpD,qBAAqB,QAAQ,uBAAuB,CAAC;AAAA,QACrD;AAAA,QACA,GAAG,yBAAyB,UAAU;AAAA,UACpC,qBAAqB,QAAQ;AAAA,QAC/B,IAAI;AAAA,UACF,sBAAsB,QAAQ,4BAAwB,+CAA+B;AAAA,UACrF,iBAAiB,QAAQ,uBAAmB,0CAA0B;AAAA,UACtE,qBAAqB,QAAQ,2BAAuB,8CAA8B;AAAA,QACpF;AAAA,MACF,CAAC;AAAA,MACD,SAAS,QAAQ;AAAA,MACjB,qBAAqB,QAAQ;AAAA,MAC7B,WAAW,QAAQ;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,MAAM,QAAQ;AAAA,MACd,qBAAqB,QAAQ;AAAA,MAC7B,gBAAgB,QAAQ;AAAA,IAC1B,CAAC;AA5CH,SAAiB,yBAAqB,4BAAY,YAAY;AAC5D,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,YAAY;AAAA,IAC3C,CAAC;AACD,SAAiB,gCAA4B,4BAAY,YAAY;AACnE,aAAO,MAAM,KAAK,WAAW,mBAAmB;AAAA,IAClD,CAAC;AACD,SAAiB,2CAAuC,4BAAY,YAAY;AAC9E,aAAO,MAAM,KAAK,WAAW,8BAA8B;AAAA,IAC7D,CAAC;AACD,SAAiB,8CAA0C,4BAAY,YAAY;AACjF,aAAO,MAAM,KAAK,WAAW,iCAAiC;AAAA,IAChE,CAAC;AACD,SAAiB,sBAAkB,4BAAY,YAAY;AACzD,aAAO,MAAM,KAAK,WAAW,aAAa;AAAA,IAC5C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AAAA,EAyBD;AAAA,EAEA,2BAA2B,MAA6C,WAAmD;AACzH,QAAI,KAAK,oBAAoB,MAAM;AACjC,YAAM,IAAI,kCAAoB,oHAA+G;AAAE;AAAA,IACjJ;AACA,WAAO;AAAA,MACL,GAAG,KAAK,sBAAsB,MAAM,SAAS;AAAA,MAC7C,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,sBAAsB,MAA6C,WAA8C;AAC/G,QAAI,KAAK,OAAO,KAAK,WAAW;AAC9B,YAAM,IAAI,kCAAoB,gDAAgD,KAAK,EAAE,+CAA+C,KAAK,SAAS,IAAI;AAAA,IACxJ;AAEA,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,WAAW,KAAK;AAAA,MAChB,kBAAkB,KAAK;AAAA,MACvB,QAAQ;AAAA,QACN,IAAI,KAAK,OAAO;AAAA,QAChB,eAAe,KAAK,OAAO;AAAA,QAC3B,mBAAmB,KAAK,OAAO;AAAA,QAC/B,kBAAkB,KAAK,OAAO;AAAA,QAC9B,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO,gBAAgB,IAAI,CAAC,MAAQ,EAAE,SAAS,WAAW;AAAA,UAC7E,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,QACR,IAAa;AAAA,UACX,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,UACN,UAAU,EAAE,iBAAa,wBAAS,sBAAsB;AAAA,UACxD,cAAc,EAAE,qBAAiB,wBAAS,0BAA0B;AAAA,UACpE,kBAAkB,EAAE;AAAA,UACpB,mBAAmB,EAAE;AAAA,QACvB,CAAY;AAAA,QACZ,aAAa,KAAK,OAAO,aAAa,SAAS,WAAW;AAAA,UACxD,MAAM;AAAA,QACR,IAAI;AAAA,UACF,MAAM;AAAA,UACN,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,YAAY,KAAK,OAAO,aAAa,mBAAe,wBAAS,8BAA8B;AAAA,UAC3F,aAAa,KAAK,OAAO,aAAa,oBAAgB,wBAAS,+BAA+B;AAAA,QAChG;AAAA,QACA,SAAS,KAAK,OAAO,QAAQ,IAAI,CAAC,OAAO;AAAA,UACvC,QAAQ,EAAE;AAAA,UACV,aAAa,EAAE;AAAA,QACjB,EAAE;AAAA,QACF,oBAAoB,KAAK,OAAO;AAAA,QAChC,+BAA+B,KAAK,OAAO;AAAA,QAC3C,8BAA8B,KAAK,OAAO;AAAA,QAC1C,wBAAwB,KAAK,OAAO;AAAA,MACtC;AAAA,MAEA,MAAM,OAAO,QAAmC;AAC9C,cAAM,IAAI,WAAW,kBAAc,iDAAgC,MAAM,CAAC;AAC1E,cAAM,UAAU;AAAA,MAClB;AAAA,MACA,MAAM,SAAS;AACb,cAAM,IAAI,WAAW,cAAc;AAAA,MACrC;AAAA,MACA,MAAM,0BAA0B;AAC9B,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,MACA,0BAA0B;AACxB,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,4BAA4B,MAA8D;AACxF,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AAAA,EAEA,MAAe,aAAoC;AACjD,WAAO,KAAK;AAAA,MACV,sBAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU,CAAC,GAAG,YAAY,CAAC;AAAA,MACxE,MAAM,KAAK,gBAAgB;AAAA,IAC7B;AAAA,EACF;AAAA,EAGU,0BAA0B,MAAsC;AACxE,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,mBAAmB,KAAK,6BAA6B,IAAI,KAAK,KAAK,0BAA0B,IAAI;AAAA,MACjG,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,UAAU;AACR,eAAO,KAAK,WAAW,MAAM;AAAA,MAC/B;AAAA,MACA,aAAa;AACX,YAAI,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AAClD,YAAI,KAAK,kBAAmB,QAAO;AACnC,eAAO;AAAA,MACT;AAAA,MACA,MAAM,SAAS;AACb,cAAM,MAAM,MAAM,IAAI,WAAW,iBAAiB,KAAK,EAAE;AACzD,cAAM,IAAI,gBAAgB;AAC1B,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEU,sBAAsB,MAA4C;AAC1E,WAAO;AAAA,MACL,GAAG,KAAK,0BAA0B,IAAI;AAAA,MACtC,sBAAsB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,MAC1G,iBAAiB,KAAK,oBAAoB,EAAE,UAAU,KAAK,kBAAkB,UAAU,IAAI;AAAA,MAC3F,qBAAqB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,IAC3G;AAAA,EACF;AAAA,EAEU,+BAA+B,MAAiD;AACxF,WAAO;AAAA,MACL,GAAG,KAAK,0BAA0B,IAAI;AAAA,MACtC,sBAAsB,KAAK;AAAA,MAC3B,iBAAiB,KAAK;AAAA,MACtB,qBAAqB,KAAK;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,MAAM,cAAiC;AACrC,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,cAAc,UAAU,CAAC,GAAG,YAAY,CAAC;AAChF,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,sBAAsB,CAAC,CAAC;AAAA,EACtD;AAAA,EAGA,MAAM,aAAa,SAAwD;AACzE,UAAM,OAAO,MAAM,KAAK,WAAW,iBAAa,2CAA0B,OAAO,CAAC;AAClF,UAAM,KAAK,gBAAgB;AAC3B,WAAO,KAAK,+BAA+B,IAAI;AAAA,EACjD;AAAA,EAEA,MAAM,qBAAoD;AACxD,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,0BAA0B,UAAU,CAAC,GAAG,YAAY,CAAC;AAC5F,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,4BAA4B,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,oBAAoB,MAAyB,MAAsD;AACvG,UAAM,KAAK,WAAW,oBAAoB,UAAM,8DAAsC,IAAI,CAAC;AAC3F,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,mBAAmB,MAAyB;AAChD,UAAM,KAAK,WAAW,mBAAmB,IAAI;AAC7C,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,+BAA+B,MAA+E;AAClH,UAAM,OAAO,MAAM,KAAK,WAAW,mCAA+B,qEAAiD,IAAI,CAAC;AACxH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAC1D,WAAO,KAAK,wCAAwC,IAAI;AAAA,EAC1D;AAAA,EAEA,MAAM,+BAA+B,cAAsB,MAAkD;AAC3G,UAAM,KAAK,WAAW,+BAA+B,kBAAc,qEAAiD,IAAI,CAAC;AACzH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,+BAA+B,cAAqC;AACxE,UAAM,KAAK,WAAW,+BAA+B,YAAY;AACjE,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,gCAA0E;AAC9E,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,qCAAqC,UAAU,CAAC,GAAG,YAAY,CAAC;AACvG,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,wCAAwC,CAAC,CAAC;AAAA,EACxE;AAAA,EAGA,MAAM,kCAAkC,MAAsF;AAC5H,UAAM,OAAO,MAAM,KAAK,WAAW,sCAAkC,wEAAoD,IAAI,CAAC;AAC9H,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAC7D,WAAO,KAAK,2CAA2C,IAAI;AAAA,EAC7D;AAAA,EAEA,MAAM,kCAAkC,cAAsB,MAAqD;AACjH,UAAM,KAAK,WAAW,kCAAkC,kBAAc,wEAAoD,IAAI,CAAC;AAC/H,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAAA,EAC/D;AAAA,EAEA,MAAM,kCAAkC,cAAqC;AAC3E,UAAM,KAAK,WAAW,kCAAkC,YAAY;AACpE,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAAA,EAC/D;AAAA,EAEA,MAAM,mCAAgF;AACpF,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,wCAAwC,UAAU,CAAC,GAAG,YAAY,CAAC;AAC1G,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,2CAA2C,CAAC,CAAC;AAAA,EAC3E;AAAA,EAGA,MAAyB,kBAAkB;AACzC,UAAM,QAAQ,IAAI;AAAA,MAChB,MAAM,gBAAgB;AAAA,MACtB,KAAK,mBAAmB,QAAQ,CAAC,CAAC;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,KAAK,cAAc,QAAQ,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,KAAK,qCAAuB,IAAI;AAC9B,WAAO;AAAA,MACL,GAAG,MAAM,qCAAuB;AAAA,IAClC;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,SAGqC;AACvD,UAAM,WAAW,MAAM,KAAK,WAAW,cAAc;AAAA,MACnD,iBAAiB,QAAQ;AAAA,MACzB,cAAc;AAAA,QACZ,OAAI,qBAAK,QAAQ,aAAa,CAAC,QAAQ,QAAQ,YAAY,UAAU,CAAC;AAAA,QACtE,cAAc,QAAQ,YAAY;AAAA,QAClC,aAAa,QAAQ,YAAY;AAAA,MACnC;AAAA,IACF,CAAC;AAED,QAAI,SAAS,SAAS;AACpB,aAAO,sBAAO,GAAG,MAAS;AAAA,IAC5B,OAAO;AACL,aAAO,sBAAO,MAAM,EAAE,cAAc,SAAS,qBAAiB,wBAAS,gCAAgC,EAAE,CAAC;AAAA,IAC5G;AAAA,EACF;AAAA,EAEA,MAAM,iBAA4C;AAChD,UAAM,WAAW,MAAM,KAAK,WAAW,eAAe;AACtD,WAAO,SAAS,MAAM,IAAI,CAAC,WAAW;AAAA,MACpC,IAAI,MAAM;AAAA,MACV,IAAI,MAAM,MAAM,CAAC;AAAA,MACjB,SAAS,MAAM;AAAA,MACf,WAAW,MAAM,KAAK,CAAC,KAAK;AAAA,MAC5B,QAAQ,IAAI,KAAK,MAAM,cAAc;AAAA,MACrC,OAAO,MAAM;AAAA,IACf,EAAE;AAAA,EACJ;AACF;","names":["import_common"]}
+{"version":3,"sources":["../../../../../src/lib/stack-app/apps/implementations/admin-app-impl.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { StackAdminInterface } from \"@stackframe/stack-shared\";\nimport { getProductionModeErrors } from \"@stackframe/stack-shared/dist/helpers/production-mode\";\nimport { InternalApiKeyCreateCrudResponse } from \"@stackframe/stack-shared/dist/interface/adminInterface\";\nimport { EmailTemplateCrud, EmailTemplateType } from \"@stackframe/stack-shared/dist/interface/crud/email-templates\";\nimport { InternalApiKeysCrud } from \"@stackframe/stack-shared/dist/interface/crud/internal-api-keys\";\nimport { InternalProjectsCrud } from \"@stackframe/stack-shared/dist/interface/crud/projects\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { pick } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { AdminSentEmail } from \"../..\";\nimport { EmailConfig, stackAppInternalsSymbol } from \"../../common\";\nimport { AdminEmailTemplate, AdminEmailTemplateUpdateOptions, adminEmailTemplateUpdateOptionsToCrud } from \"../../email-templates\";\nimport { InternalApiKey, InternalApiKeyBase, InternalApiKeyBaseCrudRead, InternalApiKeyCreateOptions, InternalApiKeyFirstView, internalApiKeyCreateOptionsToCrud } from \"../../internal-api-keys\";\nimport { AdminProjectPermission, AdminProjectPermissionDefinition, AdminProjectPermissionDefinitionCreateOptions, AdminProjectPermissionDefinitionUpdateOptions, AdminTeamPermission, AdminTeamPermissionDefinition, AdminTeamPermissionDefinitionCreateOptions, AdminTeamPermissionDefinitionUpdateOptions, adminProjectPermissionDefinitionCreateOptionsToCrud, adminProjectPermissionDefinitionUpdateOptionsToCrud, adminTeamPermissionDefinitionCreateOptionsToCrud, adminTeamPermissionDefinitionUpdateOptionsToCrud } from \"../../permissions\";\nimport { AdminOwnedProject, AdminProject, AdminProjectUpdateOptions, adminProjectUpdateOptionsToCrud } from \"../../projects\";\nimport { StackAdminApp, StackAdminAppConstructorOptions } from \"../interfaces/admin-app\";\nimport { clientVersion, createCache, getBaseUrl, getDefaultProjectId, getDefaultPublishableClientKey, getDefaultSecretServerKey, getDefaultSuperSecretAdminKey } from \"./common\";\nimport { _StackServerAppImplIncomplete } from \"./server-app-impl\";\n\n\nexport class _StackAdminAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string> extends _StackServerAppImplIncomplete<HasTokenStore, ProjectId> implements StackAdminApp<HasTokenStore, ProjectId>\n{\n  declare protected _interface: StackAdminInterface;\n\n  private readonly _adminProjectCache = createCache(async () => {\n    return await this._interface.getProject();\n  });\n  private readonly _internalApiKeysCache = createCache(async () => {\n    const res = await this._interface.listInternalApiKeys();\n    return res;\n  });\n  private readonly _adminEmailTemplatesCache = createCache(async () => {\n    return await this._interface.listEmailTemplates();\n  });\n  private readonly _adminTeamPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listTeamPermissionDefinitions();\n  });\n  private readonly _adminProjectPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listProjectPermissionDefinitions();\n  });\n  private readonly _svixTokenCache = createCache(async () => {\n    return await this._interface.getSvixToken();\n  });\n  private readonly _metricsCache = createCache(async () => {\n    return await this._interface.getMetrics();\n  });\n\n  constructor(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>) {\n    super({\n      interface: new StackAdminInterface({\n        getBaseUrl: () => getBaseUrl(options.baseUrl),\n        projectId: options.projectId ?? getDefaultProjectId(),\n        extraRequestHeaders: options.extraRequestHeaders ?? {},\n        clientVersion,\n        ...\"projectOwnerSession\" in options ? {\n          projectOwnerSession: options.projectOwnerSession,\n        } : {\n          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),\n          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),\n          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey(),\n        },\n      }),\n      baseUrl: options.baseUrl,\n      extraRequestHeaders: options.extraRequestHeaders,\n      projectId: options.projectId,\n      tokenStore: options.tokenStore,\n      urls: options.urls,\n      oauthScopesOnSignIn: options.oauthScopesOnSignIn,\n      redirectMethod: options.redirectMethod,\n    });\n  }\n\n  _adminOwnedProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminOwnedProject {\n    if (this._tokenStoreInit !== null) {\n      throw new StackAssertionError(\"Owned apps must always have tokenStore === null — did you not create this project with app._createOwnedApp()?\");;\n    }\n    return {\n      ...this._adminProjectFromCrud(data, onRefresh),\n      app: this as StackAdminApp<false>,\n    };\n  }\n\n  _adminProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminProject {\n    if (data.id !== this.projectId) {\n      throw new StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);\n    }\n\n    const app = this;\n    return {\n      id: data.id,\n      displayName: data.display_name,\n      description: data.description,\n      createdAt: new Date(data.created_at_millis),\n      userCount: data.user_count,\n      isProductionMode: data.is_production_mode,\n      config: {\n        id: data.config.id,\n        signUpEnabled: data.config.sign_up_enabled,\n        credentialEnabled: data.config.credential_enabled,\n        magicLinkEnabled: data.config.magic_link_enabled,\n        passkeyEnabled: data.config.passkey_enabled,\n        clientTeamCreationEnabled: data.config.client_team_creation_enabled,\n        clientUserDeletionEnabled: data.config.client_user_deletion_enabled,\n        allowLocalhost: data.config.allow_localhost,\n        oauthAccountMergeStrategy: data.config.oauth_account_merge_strategy,\n        allowUserApiKeys: data.config.allow_user_api_keys,\n        allowTeamApiKeys: data.config.allow_team_api_keys,\n        oauthProviders: data.config.oauth_providers.map((p) => ((p.type === 'shared' ? {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'shared',\n        } as const : {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'standard',\n          clientId: p.client_id ?? throwErr(\"Client ID is missing\"),\n          clientSecret: p.client_secret ?? throwErr(\"Client secret is missing\"),\n          facebookConfigId: p.facebook_config_id,\n          microsoftTenantId: p.microsoft_tenant_id,\n        } as const))),\n        emailConfig: data.config.email_config.type === 'shared' ? {\n          type: 'shared'\n        } : {\n          type: 'standard',\n          host: data.config.email_config.host ?? throwErr(\"Email host is missing\"),\n          port: data.config.email_config.port ?? throwErr(\"Email port is missing\"),\n          username: data.config.email_config.username ?? throwErr(\"Email username is missing\"),\n          password: data.config.email_config.password ?? throwErr(\"Email password is missing\"),\n          senderName: data.config.email_config.sender_name ?? throwErr(\"Email sender name is missing\"),\n          senderEmail: data.config.email_config.sender_email ?? throwErr(\"Email sender email is missing\"),\n        },\n        domains: data.config.domains.map((d) => ({\n          domain: d.domain,\n          handlerPath: d.handler_path,\n        })),\n        createTeamOnSignUp: data.config.create_team_on_sign_up,\n        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,\n        teamMemberDefaultPermissions: data.config.team_member_default_permissions,\n        userDefaultPermissions: data.config.user_default_permissions,\n      },\n\n      async update(update: AdminProjectUpdateOptions) {\n        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));\n        await onRefresh();\n      },\n      async delete() {\n        await app._interface.deleteProject();\n      },\n      async getProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n      useProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n    };\n  }\n\n  _adminEmailTemplateFromCrud(data: EmailTemplateCrud['Admin']['Read']): AdminEmailTemplate {\n    return {\n      type: data.type,\n      subject: data.subject,\n      content: data.content,\n      isDefault: data.is_default,\n    };\n  }\n\n  override async getProject(): Promise<AdminProject> {\n    return this._adminProjectFromCrud(\n      Result.orThrow(await this._adminProjectCache.getOrWait([], \"write-only\")),\n      () => this._refreshProject()\n    );\n  }\n\n\n  protected _createInternalApiKeyBaseFromCrud(data: InternalApiKeyBaseCrudRead): InternalApiKeyBase {\n    const app = this;\n    return {\n      id: data.id,\n      description: data.description,\n      expiresAt: new Date(data.expires_at_millis),\n      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,\n      createdAt: new Date(data.created_at_millis),\n      isValid() {\n        return this.whyInvalid() === null;\n      },\n      whyInvalid() {\n        if (this.expiresAt.getTime() < Date.now()) return \"expired\";\n        if (this.manuallyRevokedAt) return \"manually-revoked\";\n        return null;\n      },\n      async revoke() {\n        const res = await app._interface.revokeInternalApiKeyById(data.id);\n        await app._refreshInternalApiKeys();\n        return res;\n      }\n    };\n  }\n\n  protected _createInternalApiKeyFromCrud(data: InternalApiKeysCrud[\"Admin\"][\"Read\"]): InternalApiKey {\n    return {\n      ...this._createInternalApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,\n      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,\n      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null,\n    };\n  }\n\n  protected _createInternalApiKeyFirstViewFromCrud(data: InternalApiKeyCreateCrudResponse): InternalApiKeyFirstView {\n    return {\n      ...this._createInternalApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key,\n      secretServerKey: data.secret_server_key,\n      superSecretAdminKey: data.super_secret_admin_key,\n    };\n  }\n\n  async listInternalApiKeys(): Promise<InternalApiKey[]> {\n    const crud = Result.orThrow(await this._internalApiKeysCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._createInternalApiKeyFromCrud(j));\n  }\n\n\n  async createInternalApiKey(options: InternalApiKeyCreateOptions): Promise<InternalApiKeyFirstView> {\n    const crud = await this._interface.createInternalApiKey(internalApiKeyCreateOptionsToCrud(options));\n    await this._refreshInternalApiKeys();\n    return this._createInternalApiKeyFirstViewFromCrud(crud);\n  }\n\n  async listEmailTemplates(): Promise<AdminEmailTemplate[]> {\n    const crud = Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._adminEmailTemplateFromCrud(j));\n  }\n\n  async updateEmailTemplate(type: EmailTemplateType, data: AdminEmailTemplateUpdateOptions): Promise<void> {\n    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async resetEmailTemplate(type: EmailTemplateType) {\n    await this._interface.resetEmailTemplate(type);\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async createTeamPermissionDefinition(data: AdminTeamPermissionDefinitionCreateOptions): Promise<AdminTeamPermission>{\n    const crud = await this._interface.createTeamPermissionDefinition(adminTeamPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n    return this._serverTeamPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateTeamPermissionDefinition(permissionId: string, data: AdminTeamPermissionDefinitionUpdateOptions) {\n    await this._interface.updateTeamPermissionDefinition(permissionId, adminTeamPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteTeamPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deleteTeamPermissionDefinition(permissionId);\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listTeamPermissionDefinitions(): Promise<AdminTeamPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));\n  }\n\n\n  async createProjectPermissionDefinition(data: AdminProjectPermissionDefinitionCreateOptions): Promise<AdminProjectPermission> {\n    const crud = await this._interface.createProjectPermissionDefinition(adminProjectPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n    return this._serverProjectPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateProjectPermissionDefinition(permissionId: string, data: AdminProjectPermissionDefinitionUpdateOptions) {\n    await this._interface.updateProjectPermissionDefinition(permissionId, adminProjectPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteProjectPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deleteProjectPermissionDefinition(permissionId);\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listProjectPermissionDefinitions(): Promise<AdminProjectPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminProjectPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverProjectPermissionDefinitionFromCrud(p));\n  }\n\n\n  protected override async _refreshProject() {\n    await Promise.all([\n      super._refreshProject(),\n      this._adminProjectCache.refresh([]),\n    ]);\n  }\n\n  protected async _refreshInternalApiKeys() {\n    await this._internalApiKeysCache.refresh([]);\n  }\n\n  get [stackAppInternalsSymbol]() {\n    return {\n      ...super[stackAppInternalsSymbol],\n    };\n  }\n\n  async sendTestEmail(options: {\n    recipientEmail: string,\n    emailConfig: EmailConfig,\n  }): Promise<Result<undefined, { errorMessage: string }>> {\n    const response = await this._interface.sendTestEmail({\n      recipient_email: options.recipientEmail,\n      email_config: {\n        ...(pick(options.emailConfig, ['host', 'port', 'username', 'password'])),\n        sender_email: options.emailConfig.senderEmail,\n        sender_name: options.emailConfig.senderName,\n      },\n    });\n\n    if (response.success) {\n      return Result.ok(undefined);\n    } else {\n      return Result.error({ errorMessage: response.error_message ?? throwErr(\"Email test error not specified\") });\n    }\n  }\n\n  async listSentEmails(): Promise<AdminSentEmail[]> {\n    const response = await this._interface.listSentEmails();\n    return response.items.map((email) => ({\n      id: email.id,\n      to: email.to ?? [],\n      subject: email.subject,\n      recipient: email.to?.[0] ?? \"\",\n      sentAt: new Date(email.sent_at_millis),\n      error: email.error,\n    }));\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAoC;AACpC,6BAAwC;AAKxC,oBAA8C;AAC9C,qBAAqB;AACrB,qBAAuB;AAEvB,oBAAqD;AACrD,6BAA2G;AAC3G,+BAAwK;AACxK,yBAAigB;AACjgB,sBAA4G;AAE5G,IAAAA,iBAAsK;AACtK,6BAA8C;AAGvC,IAAM,+BAAN,cAAoG,qDAC3G;AAAA,EA0BE,YAAY,SAAoE;AAC9E,UAAM;AAAA,MACJ,WAAW,IAAI,wCAAoB;AAAA,QACjC,YAAY,UAAM,2BAAW,QAAQ,OAAO;AAAA,QAC5C,WAAW,QAAQ,iBAAa,oCAAoB;AAAA,QACpD,qBAAqB,QAAQ,uBAAuB,CAAC;AAAA,QACrD;AAAA,QACA,GAAG,yBAAyB,UAAU;AAAA,UACpC,qBAAqB,QAAQ;AAAA,QAC/B,IAAI;AAAA,UACF,sBAAsB,QAAQ,4BAAwB,+CAA+B;AAAA,UACrF,iBAAiB,QAAQ,uBAAmB,0CAA0B;AAAA,UACtE,qBAAqB,QAAQ,2BAAuB,8CAA8B;AAAA,QACpF;AAAA,MACF,CAAC;AAAA,MACD,SAAS,QAAQ;AAAA,MACjB,qBAAqB,QAAQ;AAAA,MAC7B,WAAW,QAAQ;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,MAAM,QAAQ;AAAA,MACd,qBAAqB,QAAQ;AAAA,MAC7B,gBAAgB,QAAQ;AAAA,IAC1B,CAAC;AA7CH,SAAiB,yBAAqB,4BAAY,YAAY;AAC5D,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AACD,SAAiB,4BAAwB,4BAAY,YAAY;AAC/D,YAAM,MAAM,MAAM,KAAK,WAAW,oBAAoB;AACtD,aAAO;AAAA,IACT,CAAC;AACD,SAAiB,gCAA4B,4BAAY,YAAY;AACnE,aAAO,MAAM,KAAK,WAAW,mBAAmB;AAAA,IAClD,CAAC;AACD,SAAiB,2CAAuC,4BAAY,YAAY;AAC9E,aAAO,MAAM,KAAK,WAAW,8BAA8B;AAAA,IAC7D,CAAC;AACD,SAAiB,8CAA0C,4BAAY,YAAY;AACjF,aAAO,MAAM,KAAK,WAAW,iCAAiC;AAAA,IAChE,CAAC;AACD,SAAiB,sBAAkB,4BAAY,YAAY;AACzD,aAAO,MAAM,KAAK,WAAW,aAAa;AAAA,IAC5C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AAAA,EAyBD;AAAA,EAEA,2BAA2B,MAA6C,WAAmD;AACzH,QAAI,KAAK,oBAAoB,MAAM;AACjC,YAAM,IAAI,kCAAoB,oHAA+G;AAAE;AAAA,IACjJ;AACA,WAAO;AAAA,MACL,GAAG,KAAK,sBAAsB,MAAM,SAAS;AAAA,MAC7C,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,sBAAsB,MAA6C,WAA8C;AAC/G,QAAI,KAAK,OAAO,KAAK,WAAW;AAC9B,YAAM,IAAI,kCAAoB,gDAAgD,KAAK,EAAE,+CAA+C,KAAK,SAAS,IAAI;AAAA,IACxJ;AAEA,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,WAAW,KAAK;AAAA,MAChB,kBAAkB,KAAK;AAAA,MACvB,QAAQ;AAAA,QACN,IAAI,KAAK,OAAO;AAAA,QAChB,eAAe,KAAK,OAAO;AAAA,QAC3B,mBAAmB,KAAK,OAAO;AAAA,QAC/B,kBAAkB,KAAK,OAAO;AAAA,QAC9B,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,kBAAkB,KAAK,OAAO;AAAA,QAC9B,kBAAkB,KAAK,OAAO;AAAA,QAC9B,gBAAgB,KAAK,OAAO,gBAAgB,IAAI,CAAC,MAAQ,EAAE,SAAS,WAAW;AAAA,UAC7E,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,QACR,IAAa;AAAA,UACX,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,UACN,UAAU,EAAE,iBAAa,wBAAS,sBAAsB;AAAA,UACxD,cAAc,EAAE,qBAAiB,wBAAS,0BAA0B;AAAA,UACpE,kBAAkB,EAAE;AAAA,UACpB,mBAAmB,EAAE;AAAA,QACvB,CAAY;AAAA,QACZ,aAAa,KAAK,OAAO,aAAa,SAAS,WAAW;AAAA,UACxD,MAAM;AAAA,QACR,IAAI;AAAA,UACF,MAAM;AAAA,UACN,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,YAAY,KAAK,OAAO,aAAa,mBAAe,wBAAS,8BAA8B;AAAA,UAC3F,aAAa,KAAK,OAAO,aAAa,oBAAgB,wBAAS,+BAA+B;AAAA,QAChG;AAAA,QACA,SAAS,KAAK,OAAO,QAAQ,IAAI,CAAC,OAAO;AAAA,UACvC,QAAQ,EAAE;AAAA,UACV,aAAa,EAAE;AAAA,QACjB,EAAE;AAAA,QACF,oBAAoB,KAAK,OAAO;AAAA,QAChC,+BAA+B,KAAK,OAAO;AAAA,QAC3C,8BAA8B,KAAK,OAAO;AAAA,QAC1C,wBAAwB,KAAK,OAAO;AAAA,MACtC;AAAA,MAEA,MAAM,OAAO,QAAmC;AAC9C,cAAM,IAAI,WAAW,kBAAc,iDAAgC,MAAM,CAAC;AAC1E,cAAM,UAAU;AAAA,MAClB;AAAA,MACA,MAAM,SAAS;AACb,cAAM,IAAI,WAAW,cAAc;AAAA,MACrC;AAAA,MACA,MAAM,0BAA0B;AAC9B,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,MACA,0BAA0B;AACxB,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,4BAA4B,MAA8D;AACxF,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AAAA,EAEA,MAAe,aAAoC;AACjD,WAAO,KAAK;AAAA,MACV,sBAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU,CAAC,GAAG,YAAY,CAAC;AAAA,MACxE,MAAM,KAAK,gBAAgB;AAAA,IAC7B;AAAA,EACF;AAAA,EAGU,kCAAkC,MAAsD;AAChG,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,mBAAmB,KAAK,6BAA6B,IAAI,KAAK,KAAK,0BAA0B,IAAI;AAAA,MACjG,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,UAAU;AACR,eAAO,KAAK,WAAW,MAAM;AAAA,MAC/B;AAAA,MACA,aAAa;AACX,YAAI,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AAClD,YAAI,KAAK,kBAAmB,QAAO;AACnC,eAAO;AAAA,MACT;AAAA,MACA,MAAM,SAAS;AACb,cAAM,MAAM,MAAM,IAAI,WAAW,yBAAyB,KAAK,EAAE;AACjE,cAAM,IAAI,wBAAwB;AAClC,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEU,8BAA8B,MAA4D;AAClG,WAAO;AAAA,MACL,GAAG,KAAK,kCAAkC,IAAI;AAAA,MAC9C,sBAAsB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,MAC1G,iBAAiB,KAAK,oBAAoB,EAAE,UAAU,KAAK,kBAAkB,UAAU,IAAI;AAAA,MAC3F,qBAAqB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,IAC3G;AAAA,EACF;AAAA,EAEU,uCAAuC,MAAiE;AAChH,WAAO;AAAA,MACL,GAAG,KAAK,kCAAkC,IAAI;AAAA,MAC9C,sBAAsB,KAAK;AAAA,MAC3B,iBAAiB,KAAK;AAAA,MACtB,qBAAqB,KAAK;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,MAAM,sBAAiD;AACrD,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,sBAAsB,UAAU,CAAC,GAAG,YAAY,CAAC;AACxF,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,8BAA8B,CAAC,CAAC;AAAA,EAC9D;AAAA,EAGA,MAAM,qBAAqB,SAAwE;AACjG,UAAM,OAAO,MAAM,KAAK,WAAW,yBAAqB,4DAAkC,OAAO,CAAC;AAClG,UAAM,KAAK,wBAAwB;AACnC,WAAO,KAAK,uCAAuC,IAAI;AAAA,EACzD;AAAA,EAEA,MAAM,qBAAoD;AACxD,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,0BAA0B,UAAU,CAAC,GAAG,YAAY,CAAC;AAC5F,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,4BAA4B,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,oBAAoB,MAAyB,MAAsD;AACvG,UAAM,KAAK,WAAW,oBAAoB,UAAM,8DAAsC,IAAI,CAAC;AAC3F,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,mBAAmB,MAAyB;AAChD,UAAM,KAAK,WAAW,mBAAmB,IAAI;AAC7C,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,+BAA+B,MAA+E;AAClH,UAAM,OAAO,MAAM,KAAK,WAAW,mCAA+B,qEAAiD,IAAI,CAAC;AACxH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAC1D,WAAO,KAAK,wCAAwC,IAAI;AAAA,EAC1D;AAAA,EAEA,MAAM,+BAA+B,cAAsB,MAAkD;AAC3G,UAAM,KAAK,WAAW,+BAA+B,kBAAc,qEAAiD,IAAI,CAAC;AACzH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,+BAA+B,cAAqC;AACxE,UAAM,KAAK,WAAW,+BAA+B,YAAY;AACjE,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,gCAA0E;AAC9E,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,qCAAqC,UAAU,CAAC,GAAG,YAAY,CAAC;AACvG,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,wCAAwC,CAAC,CAAC;AAAA,EACxE;AAAA,EAGA,MAAM,kCAAkC,MAAsF;AAC5H,UAAM,OAAO,MAAM,KAAK,WAAW,sCAAkC,wEAAoD,IAAI,CAAC;AAC9H,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAC7D,WAAO,KAAK,2CAA2C,IAAI;AAAA,EAC7D;AAAA,EAEA,MAAM,kCAAkC,cAAsB,MAAqD;AACjH,UAAM,KAAK,WAAW,kCAAkC,kBAAc,wEAAoD,IAAI,CAAC;AAC/H,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAAA,EAC/D;AAAA,EAEA,MAAM,kCAAkC,cAAqC;AAC3E,UAAM,KAAK,WAAW,kCAAkC,YAAY;AACpE,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAAA,EAC/D;AAAA,EAEA,MAAM,mCAAgF;AACpF,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,wCAAwC,UAAU,CAAC,GAAG,YAAY,CAAC;AAC1G,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,2CAA2C,CAAC,CAAC;AAAA,EAC3E;AAAA,EAGA,MAAyB,kBAAkB;AACzC,UAAM,QAAQ,IAAI;AAAA,MAChB,MAAM,gBAAgB;AAAA,MACtB,KAAK,mBAAmB,QAAQ,CAAC,CAAC;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAgB,0BAA0B;AACxC,UAAM,KAAK,sBAAsB,QAAQ,CAAC,CAAC;AAAA,EAC7C;AAAA,EAEA,KAAK,qCAAuB,IAAI;AAC9B,WAAO;AAAA,MACL,GAAG,MAAM,qCAAuB;AAAA,IAClC;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,SAGqC;AACvD,UAAM,WAAW,MAAM,KAAK,WAAW,cAAc;AAAA,MACnD,iBAAiB,QAAQ;AAAA,MACzB,cAAc;AAAA,QACZ,OAAI,qBAAK,QAAQ,aAAa,CAAC,QAAQ,QAAQ,YAAY,UAAU,CAAC;AAAA,QACtE,cAAc,QAAQ,YAAY;AAAA,QAClC,aAAa,QAAQ,YAAY;AAAA,MACnC;AAAA,IACF,CAAC;AAED,QAAI,SAAS,SAAS;AACpB,aAAO,sBAAO,GAAG,MAAS;AAAA,IAC5B,OAAO;AACL,aAAO,sBAAO,MAAM,EAAE,cAAc,SAAS,qBAAiB,wBAAS,gCAAgC,EAAE,CAAC;AAAA,IAC5G;AAAA,EACF;AAAA,EAEA,MAAM,iBAA4C;AAChD,UAAM,WAAW,MAAM,KAAK,WAAW,eAAe;AACtD,WAAO,SAAS,MAAM,IAAI,CAAC,WAAW;AAAA,MACpC,IAAI,MAAM;AAAA,MACV,IAAI,MAAM,MAAM,CAAC;AAAA,MACjB,SAAS,MAAM;AAAA,MACf,WAAW,MAAM,KAAK,CAAC,KAAK;AAAA,MAC5B,QAAQ,IAAI,KAAK,MAAM,cAAc;AAAA,MACrC,OAAO,MAAM;AAAA,IACf,EAAE;AAAA,EACJ;AACF;","names":["import_common"]}

package/dist/lib/stack-app/apps/implementations/client-app-impl.js

@@ -50,6 +50,7 @@ var cookie = __toESM(require("cookie"));
 var import_url = require("../../../../utils/url");
 var import_auth = require("../../../auth");
 var import_cookie = require("../../../cookie");
+var import_api_keys = require("../../api-keys");
 var import_common = require("../../common");
 var import_contact_channels = require("../../contact-channels");
 var import_projects = require("../../projects");
@@ -134,6 +135,18 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return await this._interface.listClientContactChannels(session);
       }
     );
+    this._userApiKeysCache = (0, import_common2.createCacheBySession)(
+      async (session) => {
+        const results = await this._interface.listProjectApiKeys({ user_id: "me" }, session, "client");
+        return results;
+      }
+    );
+    this._teamApiKeysCache = (0, import_common2.createCacheBySession)(
+      async (session, [teamId]) => {
+        const results = await this._interface.listProjectApiKeys({ team_id: teamId }, session, "client");
+        return results;
+      }
+    );
     this._anonymousSignUpInProgress = null;
     this._memoryTokenStore = (0, import_common2.createEmptyTokenStore)();
     this._nextServerCookiesTokenStores = /* @__PURE__ */ new WeakMap();
@@ -444,6 +457,8 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         passkeyEnabled: crud.config.passkey_enabled,
         clientTeamCreationEnabled: crud.config.client_team_creation_enabled,
         clientUserDeletionEnabled: crud.config.client_user_deletion_enabled,
+        allowTeamApiKeys: crud.config.allow_team_api_keys,
+        allowUserApiKeys: crud.config.allow_user_api_keys,
         oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({
           id: p.id
         }))
@@ -475,6 +490,47 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       }
     };
   }
+  _baseApiKeyFromCrud(crud) {
+    return {
+      id: crud.id,
+      description: crud.description,
+      expiresAt: crud.expires_at_millis ? new Date(crud.expires_at_millis) : void 0,
+      manuallyRevokedAt: crud.manually_revoked_at_millis ? new Date(crud.manually_revoked_at_millis) : null,
+      createdAt: new Date(crud.created_at_millis),
+      ...crud.type === "team" ? { type: "team", teamId: crud.team_id } : { type: "user", userId: crud.user_id },
+      value: typeof crud.value === "string" ? crud.value : {
+        lastFour: crud.value.last_four
+      },
+      isValid: function() {
+        return this.whyInvalid() === null;
+      },
+      whyInvalid: function() {
+        if (this.manuallyRevokedAt) {
+          return "manually-revoked";
+        }
+        if (this.expiresAt && this.expiresAt < /* @__PURE__ */ new Date()) {
+          return "expired";
+        }
+        return null;
+      }
+    };
+  }
+  _clientApiKeyFromCrud(session, crud) {
+    return {
+      ...this._baseApiKeyFromCrud(crud),
+      async revoke() {
+        await this.update({ revoked: true });
+      },
+      update: async (options) => {
+        await this._interface.updateProjectApiKey(crud.type === "team" ? { team_id: crud.team_id } : { user_id: crud.user_id }, crud.id, options, session, "client");
+        if (crud.type === "team") {
+          await this._teamApiKeysCache.refresh([session, crud.team_id]);
+        } else {
+          await this._userApiKeysCache.refresh([session]);
+        }
+      }
+    };
+  }
   _clientTeamFromCrud(crud, session) {
     const app = this;
     return {
@@ -484,14 +540,11 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       clientMetadata: crud.client_metadata,
       clientReadOnlyMetadata: crud.client_read_only_metadata,
       async inviteUser(options) {
-        if (!options.callbackUrl && !await app._getCurrentUrl()) {
-          throw new Error("Cannot invite user without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
-        }
         await app._interface.sendTeamInvitation({
           teamId: crud.id,
           email: options.email,
           session,
-          callbackUrl: options.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.teamInvitation)
+          callbackUrl: options.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.teamInvitation, "callbackUrl")
         });
         await app._teamInvitationsCache.refresh([session, crud.id]);
       },
@@ -510,6 +563,19 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       async delete() {
         await app._interface.deleteTeam(crud.id, session);
         await app._currentUserTeamsCache.refresh([session]);
+      },
+      async listApiKeys() {
+        const results = import_results.Result.orThrow(await app._teamApiKeysCache.getOrWait([session, crud.id], "write-only"));
+        return results.map((crud2) => app._clientApiKeyFromCrud(session, crud2));
+      },
+      async createApiKey(options) {
+        const result = await app._interface.createProjectApiKey(
+          await (0, import_api_keys.apiKeyCreationOptionsToCrud)("team", crud.id, options),
+          session,
+          "client"
+        );
+        await app._teamApiKeysCache.refresh([session, crud.id]);
+        return app._clientApiKeyFromCrud(session, result);
       }
     };
   }
@@ -522,8 +588,12 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       isVerified: crud.is_verified,
       isPrimary: crud.is_primary,
       usedForAuth: crud.used_for_auth,
-      async sendVerificationEmail() {
-        await app._interface.sendCurrentUserContactChannelVerificationEmail(crud.id, (0, import_url.constructRedirectUrl)(app.urls.emailVerification), session);
+      async sendVerificationEmail(options) {
+        await app._interface.sendCurrentUserContactChannelVerificationEmail(
+          crud.id,
+          options?.callbackUrl || (0, import_url.constructRedirectUrl)(app.urls.emailVerification, "callbackUrl"),
+          session
+        );
       },
       async update(data) {
         await app._interface.updateClientContactChannel(crud.id, (0, import_contact_channels.contactChannelUpdateOptionsToCrud)(data), session);
@@ -625,6 +695,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       oauthProviders: crud.oauth_providers,
       passkeyAuthEnabled: crud.passkey_auth_enabled,
       isMultiFactorRequired: crud.requires_totp_mfa,
+      isAnonymous: crud.is_anonymous,
       toClientJson() {
         return crud;
       }
@@ -711,10 +782,11 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         if (!crud.primary_email) {
           throw new import_errors.StackAssertionError("User does not have a primary email");
         }
-        if (!options?.callbackUrl && !await app._getCurrentUrl()) {
-          throw new Error("Cannot send verification email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
-        }
-        return await app._interface.sendVerificationEmail(crud.primary_email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.emailVerification), session);
+        return await app._interface.sendVerificationEmail(
+          crud.primary_email,
+          options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(app.urls.emailVerification, "callbackUrl"),
+          session
+        );
       },
       async updatePassword(options) {
         const result = await app._interface.updatePassword(options, session);
@@ -743,6 +815,19 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         const crud2 = await app._interface.createClientContactChannel((0, import_contact_channels.contactChannelCreateOptionsToCrud)("me", data), session);
         await app._clientContactChannelsCache.refresh([session]);
         return app._clientContactChannelFromCrud(crud2, session);
+      },
+      async listApiKeys() {
+        const results = await app._interface.listProjectApiKeys({ user_id: "me" }, session, "client");
+        return results.map((crud2) => app._clientApiKeyFromCrud(session, crud2));
+      },
+      async createApiKey(options) {
+        const result = await app._interface.createProjectApiKey(
+          await (0, import_api_keys.apiKeyCreationOptionsToCrud)("user", "me", options),
+          session,
+          "client"
+        );
+        await app._userApiKeysCache.refresh([session]);
+        return app._clientApiKeyFromCrud(session, result);
       }
     };
   }
@@ -908,16 +993,10 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return await this._redirectToHandler("teamInvitation", options);
   }
   async sendForgotPasswordEmail(email, options) {
-    if (!options?.callbackUrl && !await this._getCurrentUrl()) {
-      throw new Error("Cannot send forgot password email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendForgotPasswordEmail({ email, callbackUrl: ... })`");
-    }
-    return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.passwordReset));
+    return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.passwordReset, "callbackUrl"));
   }
   async sendMagicLinkEmail(email, options) {
-    if (!options?.callbackUrl && !await this._getCurrentUrl()) {
-      throw new Error("Cannot send magic link email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendMagicLinkEmail({ email, callbackUrl: ... })`");
-    }
-    return await this._interface.sendMagicLinkEmail(email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.magicLinkCallback));
+    return await this._interface.sendMagicLinkEmail(email, options?.callbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.magicLinkCallback, "callbackUrl"));
   }
   async resetPassword(options) {
     return await this._interface.resetPassword(options);
@@ -1067,7 +1146,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   async signUpWithCredential(options) {
     this._ensurePersistentTokenStore();
     const session = await this._getSession();
-    const emailVerificationRedirectUrl = options.verificationCallbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.emailVerification);
+    const emailVerificationRedirectUrl = options.verificationCallbackUrl ?? (0, import_url.constructRedirectUrl)(this.urls.emailVerification, "verificationCallbackUrl");
     const result = await this._interface.signUpWithCredential(
       options.email,
       options.password,