@stackframe/js 2.8.54 → 2.8.58

package/dist/lib/stack-app/apps/implementations/client-app-impl.js

@@ -39,6 +39,7 @@ var import_sessions = require("@stackframe/stack-shared/dist/sessions");
 var import_bytes = require("@stackframe/stack-shared/dist/utils/bytes");
 var import_env = require("@stackframe/stack-shared/dist/utils/env");
 var import_errors = require("@stackframe/stack-shared/dist/utils/errors");
+var import_json = require("@stackframe/stack-shared/dist/utils/json");
 var import_maps = require("@stackframe/stack-shared/dist/utils/maps");
 var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
 var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
@@ -58,7 +59,6 @@ var import_projects = require("../../projects/index.js");
 var import_teams = require("../../teams/index.js");
 var import_users = require("../../users/index.js");
 var import_common2 = require("./common.js");
-var import_json = require("@stackframe/stack-shared/dist/utils/json");
 var isReactServer = false;
 var process = globalThis.process ?? { env: {} };
 var allClientApps = /* @__PURE__ */ new Map();
@@ -483,9 +483,10 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return;
       }
       const domain = await this._trustedParentDomainCache.getOrWait([hostname], "read-write");
+      const cookieOptions = { maxAge: 60 * 60 * 24 * 365, noOpIfServerComponent: true };
       const setCookie = async (targetDomain, value2) => {
         const name = this._getCustomRefreshCookieName(targetDomain);
-        const options = { maxAge: 60 * 60 * 24 * 365, domain: targetDomain, noOpIfServerComponent: true };
+        const options = { ...cookieOptions, domain: targetDomain };
         if (context === "browser") {
           (0, import_cookie.setOrDeleteCookieClient)(name, value2, options);
         } else {
@@ -498,7 +499,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       const value = refreshToken && updatedAt ? this._formatRefreshCookieValue(refreshToken, updatedAt) : null;
       await setCookie(domain.data, value);
       const isSecure = await (0, import_cookie.isSecure)();
-      await (0, import_cookie.setOrDeleteCookie)(this._getRefreshTokenDefaultCookieNameForSecure(isSecure), null);
+      await (0, import_cookie.setOrDeleteCookie)(this._getRefreshTokenDefaultCookieNameForSecure(isSecure), null, cookieOptions);
     });
   }
   async _getTrustedParentDomain(currentDomain) {
@@ -550,7 +551,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
           );
           (0, import_cookie.setOrDeleteCookieClient)(defaultName, refreshCookieValue, { maxAge: 60 * 60 * 24 * 365, secure });
           (0, import_cookie.setOrDeleteCookieClient)(this._accessTokenCookieName, accessTokenPayload, { maxAge: 60 * 60 * 24 });
-          cookieNamesToDelete.forEach((name) => (0, import_cookie.deleteCookieClient)(name));
+          cookieNamesToDelete.forEach((name) => (0, import_cookie.deleteCookieClient)(name, {}));
           this._queueCustomRefreshCookieUpdate(refreshToken, updatedAt, "browser");
           hasSucceededInWriting = true;
         } catch (e) {
@@ -594,7 +595,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
               if (cookieNamesToDelete.length > 0) {
                 await Promise.all(
                   cookieNamesToDelete.map(
-                    (name) => (0, import_cookie.setOrDeleteCookie)(name, null, { noOpIfServerComponent: true })
+                    (name) => (0, import_cookie.deleteCookie)(name, { noOpIfServerComponent: true })
                   )
                 );
               }
@@ -930,13 +931,21 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       _internalSession: session,
       currentSession: {
         async getTokens() {
-          const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+          const tokens = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
           return {
             accessToken: tokens?.accessToken.token ?? null,
             refreshToken: tokens?.refreshToken?.token ?? null
           };
         }
       },
+      async getAccessToken() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens.accessToken;
+      },
+      async getRefreshToken() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens.refreshToken;
+      },
       async getAuthHeaders() {
         return {
           "x-stack-auth": JSON.stringify(await this.getAuthJson())
@@ -986,6 +995,8 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       passkeyAuthEnabled: crud.passkey_auth_enabled,
       isMultiFactorRequired: crud.requires_totp_mfa,
       isAnonymous: crud.is_anonymous,
+      isRestricted: crud.is_restricted,
+      restrictedReason: crud.restricted_reason,
       toClientJson() {
         return crud;
       }
@@ -1012,7 +1023,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return this.update({ clientMetadata: metadata });
       },
       async setSelectedTeam(team) {
-        await this.update({ selectedTeamId: team?.id ?? null });
+        await this.update({ selectedTeamId: typeof team === "string" ? team : team?.id ?? null });
       },
       getConnectedAccount,
       async getTeam(teamId) {
@@ -1217,16 +1228,33 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     const response = import_results.Result.orThrow(await this._customProductsCache.getOrWait([session, options.customCustomerId, options.cursor ?? null, options.limit ?? null], "write-only"));
     return this._customerProductsFromResponse(response);
   }
+  async cancelSubscription(options) {
+    const session = await this._getSession();
+    const user = await this.getUser();
+    if (!user) {
+      throw new import_stack_shared.KnownErrors.UserAuthenticationRequired();
+    }
+    const customerType = "teamId" in options ? "team" : "user";
+    const customerId = "teamId" in options ? options.teamId : user.id;
+    await this._interface.cancelSubscription({
+      customer_type: customerType,
+      customer_id: customerId,
+      product_id: options.productId
+    }, session);
+    if (customerType === "user") {
+      await this._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === session && userId === customerId);
+    } else {
+      await this._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === session && teamId === customerId);
+    }
+  }
   _currentUserFromCrud(crud, session) {
-    const currentUser = {
+    const currentUser = (0, import_users.withUserDestructureGuard)({
       ...this._createBaseUser(crud),
       ...this._createAuth(session),
       ...this._createUserExtraFromCurrent(crud, session),
       ...this._isInternalProject() ? this._createInternalUserExtra(session) : {},
       ...this._createCustomer(crud.id, "user", session)
-    };
-    (0, import_users.attachUserDestructureGuard)(currentUser);
-    Object.freeze(currentUser);
+    });
     return currentUser;
   }
   _clientSessionFromCrud(crud) {
@@ -1299,7 +1327,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
           const queryParams = new URLSearchParams(window.location.search);
           url = queryParams.get("after_auth_return_to") || url;
         }
-      } else if (handlerName === "signIn" || handlerName === "signUp") {
+      } else if (handlerName === "signIn" || handlerName === "signUp" || handlerName === "onboarding") {
         if (isReactServer || typeof window === "undefined") {
         } else {
           const currentUrl = new URL(window.location.href);
@@ -1348,6 +1376,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   async redirectToAfterSignUp(options) {
     return await this._redirectToHandler("afterSignUp", options);
   }
+  async redirectToOnboarding(options) {
+    return await this._redirectToHandler("onboarding", options);
+  }
   async redirectToAfterSignOut(options) {
     return await this._redirectToHandler("afterSignOut", options);
   }
@@ -1413,16 +1444,22 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return result;
   }
   async getUser(options) {
+    if (options?.or === "anonymous" && options.includeRestricted === false) {
+      throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+    }
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = await this._getSession(options?.tokenStore);
     let crud = import_results.Result.orThrow(await this._currentUserCache.getOrWait([session], "write-only"));
-    if (crud?.is_anonymous && options?.or !== "anonymous" && options?.or !== "anonymous-if-exists[deprecated]") {
-      crud = null;
-    }
-    if (crud === null) {
+    const includeAnonymous = options?.or === "anonymous" || options?.or === "anonymous-if-exists[deprecated]";
+    const includeRestricted = options?.includeRestricted === true || includeAnonymous;
+    if (crud === null || crud.is_anonymous && !includeAnonymous || crud.is_restricted && !includeRestricted) {
       switch (options?.or) {
         case "redirect": {
-          await this.redirectToSignIn({ replace: true });
+          if (!crud?.is_anonymous && crud?.is_restricted) {
+            await this.redirectToOnboarding({ replace: true });
+          } else {
+            await this.redirectToSignIn({ replace: true });
+          }
           break;
         }
         case "throw": {
@@ -1430,7 +1467,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         }
         case "anonymous": {
           const tokens = await this._signUpAnonymously();
-          return await this.getUser({ tokenStore: tokens, or: "anonymous-if-exists[deprecated]" }) ?? (0, import_errors.throwErr)("Something went wrong while signing up anonymously");
+          return await this.getUser({ tokenStore: tokens, or: "anonymous-if-exists[deprecated]", includeRestricted: true }) ?? (0, import_errors.throwErr)("Something went wrong while signing up anonymously");
         }
         case void 0:
         case "anonymous-if-exists[deprecated]":
@@ -1442,7 +1479,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return crud && this._currentUserFromCrud(crud, session);
   }
   _getTokenPartialUserFromSession(session, options) {
-    const accessToken = session.getAccessTokenIfNotExpiredYet(0);
+    const accessToken = session.getAccessTokenIfNotExpiredYet(0, null);
     if (!accessToken) {
       return null;
     }
@@ -1455,7 +1492,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       primaryEmail: accessToken.payload.email,
       displayName: accessToken.payload.name,
       primaryEmailVerified: accessToken.payload.email_verified,
-      isAnonymous
+      isAnonymous,
+      isRestricted: accessToken.payload.is_restricted,
+      restrictedReason: accessToken.payload.restricted_reason
     };
   }
   async _getPartialUserFromConvex(ctx) {
@@ -1468,7 +1507,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       displayName: auth.name ?? null,
       primaryEmail: auth.email ?? null,
       primaryEmailVerified: auth.email_verified,
-      isAnonymous: auth.is_anonymous
+      isAnonymous: auth.is_anonymous,
+      isRestricted: auth.is_restricted,
+      restrictedReason: auth.restricted_reason ?? null
     };
   }
   async getPartialUser(options) {
@@ -1490,7 +1531,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return async (args) => {
       const session = await this._getSession(options.tokenStore ?? this._tokenStoreInit);
       if (!args.forceRefreshToken) {
-        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4);
+        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
         return tokens2?.accessToken.token ?? null;
       }
       const tokens = await session.fetchNewTokens();
@@ -1499,7 +1540,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   }
   async getConvexHttpClientAuth(options) {
     const session = await this._getSession(options.tokenStore);
-    const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+    const tokens = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
     return tokens?.accessToken.token ?? "";
   }
   async _updateClientUser(update, session) {
@@ -1846,6 +1887,20 @@ ${url}`);
       await user.signOut({ redirectUrl: options?.redirectUrl });
     }
   }
+  async getAccessToken(options) {
+    const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return await user.getAccessToken();
+    }
+    return null;
+  }
+  async getRefreshToken(options) {
+    const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return await user.getRefreshToken();
+    }
+    return null;
+  }
   async getAuthHeaders(options) {
     return {
       "x-stack-auth": JSON.stringify(await this.getAuthJson(options))
@@ -1882,6 +1937,7 @@ ${url}`);
   }
   async _refreshUser(session) {
     await this._refreshSession(session);
+    session.suggestAccessTokenExpired();
   }
   async _refreshSession(session) {
     await this._currentUserCache.refresh([session]);