npm - @stackframe/stack-shared - Versions diffs - 2.3.6 → 2.4.1 - Mend

@stackframe/stack-shared 2.3.6 → 2.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/index.d.ts +2 -2
package/dist/interface/adminInterface.d.ts +2 -1
package/dist/interface/adminInterface.js +2 -2
package/dist/interface/clientInterface.d.ts +40 -4
package/dist/interface/clientInterface.js +21 -4
package/dist/interface/serverInterface.d.ts +54 -7
package/dist/interface/serverInterface.js +121 -2
package/dist/known-errors.d.ts +22 -0
package/dist/known-errors.js +73 -1
package/dist/utils/errors.js +7 -2
package/dist/utils/strings.d.ts +1 -0
package/dist/utils/strings.js +3 -0
package/dist/utils/types.d.ts +1 -0
package/dist/utils/types.js +1 -0
package/package.json +13 -3

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export { StackClientInterface, UserJson as UserJson, UserCustomizableJson, ClientProjectJson, ProjectJson, OAuthProviderConfigJson, getProductionModeErrors, } from "./interface/clientInterface";
-export { StackServerInterface, ServerUserJson, ServerUserCustomizableJson, } from "./interface/serverInterface";
+export { StackClientInterface, UserJson as UserJson, ClientProjectJson, ProjectJson, OAuthProviderConfigJson, getProductionModeErrors, } from "./interface/clientInterface";
+export { StackServerInterface, ServerUserJson, } from "./interface/serverInterface";
 export { StackAdminInterface, ApiKeySetBaseJson, ApiKeySetFirstViewJson, ApiKeySetJson, } from "./interface/adminInterface";
 export { KnownError, KnownErrors, } from "./known-errors";

package/dist/interface/adminInterface.d.ts CHANGED Viewed

@@ -27,6 +27,7 @@ export type ProjectUpdateOptions = {
         credentialEnabled?: boolean;
         magicLinkEnabled?: boolean;
         allowLocalhost?: boolean;
+        createTeamOnSignUp?: boolean;
     };
 };
 export type ApiKeySetBaseJson = {
@@ -62,7 +63,7 @@ export type ApiKeySetCreateOptions = {
 export declare class StackAdminInterface extends StackServerInterface {
     readonly options: AdminAuthApplicationOptions;
     constructor(options: AdminAuthApplicationOptions);
-    protected sendAdminRequest(path: string, options: RequestInit, tokenStore: TokenStore | null): Promise<Response & {
+    protected sendAdminRequest(path: string, options: RequestInit, tokenStore: TokenStore | null, requestType?: "admin"): Promise<Response & {
         usedTokens: Readonly<{
             refreshToken: string | null;
             accessToken: string | null;

package/dist/interface/adminInterface.js CHANGED Viewed

@@ -5,14 +5,14 @@ export class StackAdminInterface extends StackServerInterface {
         super(options);
         this.options = options;
     }
-    async sendAdminRequest(path, options, tokenStore) {
+    async sendAdminRequest(path, options, tokenStore, requestType = "admin") {
         return await this.sendServerRequest(path, {
             ...options,
             headers: {
                 "x-stack-super-secret-admin-key": "superSecretAdminKey" in this.options ? this.options.superSecretAdminKey : "",
                 ...options.headers,
             },
-        }, tokenStore);
+        }, tokenStore, requestType);
     }
     async getProject(options) {
         const response = await this.sendAdminRequest("/projects/" + encodeURIComponent(this.projectId), {

package/dist/interface/clientInterface.d.ts CHANGED Viewed

@@ -3,12 +3,12 @@ import { Result } from "../utils/results";
 import { ReadonlyJson } from '../utils/json';
 import { AsyncStore, ReadonlyAsyncStore } from '../utils/stores';
 import { KnownErrors } from '../known-errors';
-export type UserCustomizableJson = {
-    readonly projectId: string;
+type UserCustomizableJson = {
     readonly displayName: string | null;
     readonly clientMetadata: ReadonlyJson;
 };
 export type UserJson = UserCustomizableJson & {
+    readonly projectId: string;
     readonly id: string;
     readonly primaryEmail: string | null;
     readonly primaryEmailVerified: boolean;
@@ -16,11 +16,15 @@ export type UserJson = UserCustomizableJson & {
     readonly clientMetadata: ReadonlyJson;
     readonly profileImageUrl: string | null;
     readonly signedUpAtMillis: number;
+    /**
+     * not used anymore, for backwards compatibility
+     */
     readonly authMethod: "credential" | "oauth";
     readonly hasPassword: boolean;
     readonly authWithEmail: boolean;
     readonly oauthProviders: readonly string[];
 };
+export type UserUpdateJson = Partial<UserCustomizableJson>;
 export type ClientProjectJson = {
     readonly id: string;
     readonly credentialEnabled: boolean;
@@ -65,6 +69,7 @@ export type ProjectJson = {
         oauthProviders: OAuthProviderConfigJson[];
         emailConfig?: EmailConfigJson;
         domains: DomainConfigJson[];
+        createTeamOnSignUp: boolean;
     };
 };
 export type OAuthProviderConfigJson = {
@@ -98,6 +103,30 @@ export type ProductionModeError = {
     errorMessage: string;
     fixUrlRelative: string;
 };
+export type OrglikeJson = {
+    id: string;
+    displayName: string;
+    createdAtMillis: number;
+};
+export type TeamJson = OrglikeJson;
+export type OrganizationJson = OrglikeJson;
+export type TeamMemberJson = {
+    userId: string;
+    teamId: string;
+    displayName: string | null;
+};
+export type PermissionDefinitionScopeJson = {
+    type: "global";
+} | {
+    type: "any-team";
+} | {
+    type: "specific-team";
+    teamId: string;
+};
+export type PermissionDefinitionJson = {
+    id: string;
+    scope: PermissionDefinitionScopeJson;
+};
 export declare class StackClientInterface {
     readonly options: ClientInterfaceOptions;
     constructor(options: ClientInterfaceOptions);
@@ -105,7 +134,7 @@ export declare class StackClientInterface {
     getSessionCookieName(): string;
     getApiUrl(): string;
     protected refreshAccessToken(tokenStore: TokenStore): Promise<void>;
-    protected sendClientRequest(path: string, requestOptions: RequestInit, tokenStoreOrNull: TokenStore | null): Promise<Response & {
+    protected sendClientRequest(path: string, requestOptions: RequestInit, tokenStoreOrNull: TokenStore | null, requestType?: "client" | "server" | "admin"): Promise<Response & {
         usedTokens: Readonly<{
             refreshToken: string | null;
             accessToken: string | null;
@@ -141,9 +170,16 @@ export declare class StackClientInterface {
     callOAuthCallback(oauthParams: URLSearchParams, redirectUri: string, codeVerifier: string, state: string, tokenStore: TokenStore): Promise<oauth.OAuth2TokenEndpointResponse>;
     signOut(tokenStore: TokenStore): Promise<void>;
     getClientUserByToken(tokenStore: TokenStore): Promise<Result<UserJson>>;
+    listClientUserTeamPermissions(options: {
+        teamId: string;
+        type: 'global' | 'team';
+        direct: boolean;
+    }, tokenStore: TokenStore): Promise<PermissionDefinitionJson[]>;
+    listClientUserTeams(tokenStore: TokenStore): Promise<TeamJson[]>;
     getClientProject(): Promise<Result<ClientProjectJson>>;
-    setClientUserCustomizableData(update: Partial<UserCustomizableJson>, tokenStore: TokenStore): Promise<void>;
+    setClientUserCustomizableData(update: UserUpdateJson, tokenStore: TokenStore): Promise<void>;
     listProjects(tokenStore: TokenStore): Promise<ProjectJson[]>;
     createProject(project: Pick<ProjectJson, "displayName" | "description">, tokenStore: TokenStore): Promise<ProjectJson>;
 }
 export declare function getProductionModeErrors(project: ProjectJson): ProductionModeError[];
+export {};

package/dist/interface/clientInterface.js CHANGED Viewed

@@ -4,6 +4,8 @@ import { Result } from "../utils/results";
 import { AsyncStore } from '../utils/stores';
 import { KnownError, KnownErrors } from '../known-errors';
 import { StackAssertionError } from '../utils/errors';
+import { cookies } from '@stackframe/stack-sc';
+import { generateSecureRandomString } from '../utils/crypto';
 export const sharedProviders = [
     "shared-github",
     "shared-google",
@@ -94,12 +96,12 @@ export class StackClientInterface {
             refreshToken: result.refresh_token ?? old?.refreshToken ?? null,
         }));
     }
-    async sendClientRequest(path, requestOptions, tokenStoreOrNull) {
+    async sendClientRequest(path, requestOptions, tokenStoreOrNull, requestType = "client") {
         const tokenStore = tokenStoreOrNull ?? new AsyncStore({
             accessToken: null,
             refreshToken: null,
         });
-        return await Result.orThrowAsync(Result.retry(() => this.sendClientRequestInner(path, requestOptions, tokenStore), 5, { exponentialDelayBase: 1000 }));
+        return await Result.orThrowAsync(Result.retry(() => this.sendClientRequestInner(path, requestOptions, tokenStore, requestType), 5, { exponentialDelayBase: 1000 }));
     }
     async sendClientRequestAndCatchKnownError(path, requestOptions, tokenStoreOrNull, errorsToCatch) {
         try {
@@ -118,12 +120,14 @@ export class StackClientInterface {
     /**
      * This object will be modified for future retries, so it should be passed by reference.
      */
-    tokenStore) {
+    tokenStore, requestType) {
         let tokenObj = await tokenStore.getOrWait();
         if (!tokenObj.accessToken && tokenObj.refreshToken) {
             await this.refreshAccessToken(tokenStore);
             tokenObj = await tokenStore.getOrWait();
         }
+        // all requests should be dynamic to prevent Next.js caching
+        cookies?.();
         const url = this.getApiUrl() + path;
         const params = {
             /**
@@ -138,6 +142,7 @@ export class StackClientInterface {
             headers: {
                 "X-Stack-Override-Error-Status": "true",
                 "X-Stack-Project-Id": this.projectId,
+                "X-Stack-Request-Type": requestType,
                 ...tokenObj.accessToken ? {
                     "Authorization": "StackSession " + tokenObj.accessToken,
                 } : {},
@@ -147,8 +152,10 @@ export class StackClientInterface {
                 ...'projectOwnerTokens' in this.options ? {
                     "X-Stack-Admin-Access-Token": (await this.options.projectOwnerTokens?.getOrWait())?.accessToken ?? "",
                 } : {},
+                "X-Stack-Random-Nonce": generateSecureRandomString(),
                 ...options.headers,
             },
+            cache: "no-store",
         };
         const rawRes = await fetch(url, params);
         const processedRes = await this._processResponse(rawRes);
@@ -432,6 +439,16 @@ export class StackClientInterface {
             return Result.error(new Error("Failed to get user"));
         return Result.ok(user);
     }
+    async listClientUserTeamPermissions(options, tokenStore) {
+        const response = await this.sendClientRequest(`/current-user/teams/${options.teamId}/permissions?type=${options.type}&direct=${options.direct}`, {}, tokenStore);
+        const permissions = await response.json();
+        return permissions;
+    }
+    async listClientUserTeams(tokenStore) {
+        const response = await this.sendClientRequest("/current-user/teams", {}, tokenStore);
+        const teams = await response.json();
+        return teams;
+    }
     async getClientProject() {
         const response = await this.sendClientRequest("/projects/" + this.options.projectId, {}, null);
         const project = await response.json();
@@ -473,7 +490,7 @@ export class StackClientInterface {
 }
 export function getProductionModeErrors(project) {
     const errors = [];
-    const fixUrlRelative = `/projects/${encodeURIComponent(project.id)}/auth/urls-and-callbacks`;
+    const fixUrlRelative = `/projects/${project.id}/auth/urls-and-callbacks`;
     if (project.evaluatedConfig.allowLocalhost) {
         errors.push({
             errorMessage: "Localhost is not allowed in production mode, turn off 'Allow localhost' in project settings",

package/dist/interface/serverInterface.d.ts CHANGED Viewed

@@ -1,13 +1,28 @@
-import { ClientInterfaceOptions, UserCustomizableJson, UserJson, TokenStore, StackClientInterface, ReadonlyTokenStore } from "./clientInterface";
+import { ClientInterfaceOptions, UserJson, TokenStore, StackClientInterface, ReadonlyTokenStore, OrglikeJson, UserUpdateJson, PermissionDefinitionJson, PermissionDefinitionScopeJson as PermissionDefinitionScopeJson, TeamMemberJson } from "./clientInterface";
 import { Result } from "../utils/results";
 import { ReadonlyJson } from "../utils/json";
 export type ServerUserJson = UserJson & {
     readonly serverMetadata: ReadonlyJson;
 };
-export type ServerUserCustomizableJson = UserCustomizableJson & {
-    readonly serverMetadata: ReadonlyJson;
-    readonly primaryEmail: string | null;
-    readonly primaryEmailVerified: boolean;
+export type ServerUserUpdateJson = UserUpdateJson & {
+    readonly serverMetadata?: ReadonlyJson;
+    readonly primaryEmail?: string | null;
+    readonly primaryEmailVerified?: boolean;
+};
+export type ServerOrglikeCustomizableJson = Pick<ServerOrglikeJson, "displayName">;
+export type ServerOrglikeJson = OrglikeJson & {};
+export type ServerTeamCustomizableJson = ServerOrglikeCustomizableJson;
+export type ServerTeamJson = ServerOrglikeJson;
+export type ServerTeamMemberJson = TeamMemberJson;
+export type ServerPermissionDefinitionCustomizableJson = {
+    readonly id: string;
+    readonly description?: string;
+    readonly scope: PermissionDefinitionScopeJson;
+    readonly containPermissionIds: string[];
+};
+export type ServerPermissionDefinitionJson = PermissionDefinitionJson & ServerPermissionDefinitionCustomizableJson & {
+    readonly __databaseUniqueId: string;
+    readonly scope: PermissionDefinitionScopeJson;
 };
 export type ServerAuthApplicationOptions = (ClientInterfaceOptions & ({
     readonly secretServerKey: string;
@@ -17,14 +32,46 @@ export type ServerAuthApplicationOptions = (ClientInterfaceOptions & ({
 export declare class StackServerInterface extends StackClientInterface {
     options: ServerAuthApplicationOptions;
     constructor(options: ServerAuthApplicationOptions);
-    protected sendServerRequest(path: string, options: RequestInit, tokenStore: TokenStore | null): Promise<Response & {
+    protected sendServerRequest(path: string, options: RequestInit, tokenStore: TokenStore | null, requestType?: "server" | "admin"): Promise<Response & {
         usedTokens: Readonly<{
             refreshToken: string | null;
             accessToken: string | null;
         }>;
     }>;
     getServerUserByToken(tokenStore: TokenStore): Promise<Result<ServerUserJson>>;
+    getServerUserById(userId: string): Promise<Result<ServerUserJson>>;
+    listServerUserTeamPermissions(options: {
+        teamId: string;
+        type: 'global' | 'team';
+        direct: boolean;
+    }, tokenStore: TokenStore): Promise<ServerPermissionDefinitionJson[]>;
+    listServerUserTeams(tokenStore: TokenStore): Promise<ServerTeamJson[]>;
+    listPermissionDefinitions(): Promise<ServerPermissionDefinitionJson[]>;
+    createPermissionDefinition(data: ServerPermissionDefinitionCustomizableJson): Promise<ServerPermissionDefinitionJson>;
+    updatePermissionDefinition(permissionId: string, data: Partial<ServerPermissionDefinitionCustomizableJson>): Promise<void>;
+    deletePermissionDefinition(permissionId: string): Promise<void>;
     listUsers(): Promise<ServerUserJson[]>;
-    setServerUserCustomizableData(userId: string, update: Partial<ServerUserCustomizableJson>): Promise<void>;
+    listTeams(): Promise<ServerTeamJson[]>;
+    listTeamMembers(teamId: string): Promise<ServerTeamMemberJson[]>;
+    createTeam(data: ServerTeamCustomizableJson): Promise<ServerTeamJson>;
+    updateTeam(teamId: string, data: Partial<ServerTeamCustomizableJson>): Promise<void>;
+    deleteTeam(teamId: string): Promise<void>;
+    addUserToTeam(options: {
+        userId: string;
+        teamId: string;
+    }): Promise<void>;
+    removeUserFromTeam(options: {
+        userId: string;
+        teamId: string;
+    }): Promise<void>;
+    setServerUserCustomizableData(userId: string, update: ServerUserUpdateJson): Promise<void>;
+    listTeamMemberPermissions(options: {
+        teamId: string;
+        userId: string;
+        type: 'global' | 'team';
+        direct: boolean;
+    }): Promise<ServerPermissionDefinitionJson[]>;
+    grantTeamUserPermission(teamId: string, userId: string, permissionId: string, type: 'global' | 'team'): Promise<void>;
+    revokeTeamUserPermission(teamId: string, userId: string, permissionId: string, type: 'global' | 'team'): Promise<void>;
     deleteServerUser(userId: string): Promise<void>;
 }

package/dist/interface/serverInterface.js CHANGED Viewed

@@ -6,14 +6,14 @@ export class StackServerInterface extends StackClientInterface {
         super(options);
         this.options = options;
     }
-    async sendServerRequest(path, options, tokenStore) {
+    async sendServerRequest(path, options, tokenStore, requestType = "server") {
         return await this.sendClientRequest(path, {
             ...options,
             headers: {
                 "x-stack-secret-server-key": "secretServerKey" in this.options ? this.options.secretServerKey : "",
                 ...options.headers,
             },
-        }, tokenStore);
+        }, tokenStore, requestType);
     }
     async getServerUserByToken(tokenStore) {
         const response = await this.sendServerRequest("/current-user?server=true", {}, tokenStore);
@@ -22,10 +22,107 @@ export class StackServerInterface extends StackClientInterface {
             return Result.error(new Error("Failed to get user"));
         return Result.ok(user);
     }
+    async getServerUserById(userId) {
+        const response = await this.sendServerRequest(`/users/${userId}?server=true`, {}, null);
+        const user = await response.json();
+        if (!user)
+            return Result.error(new Error("Failed to get user"));
+        return Result.ok(user);
+    }
+    async listServerUserTeamPermissions(options, tokenStore) {
+        const response = await this.sendServerRequest(`/current-user/teams/${options.teamId}/permissions?type=${options.type}&direct=${options.direct}&server=true`, {}, tokenStore);
+        const permissions = await response.json();
+        return permissions;
+    }
+    async listServerUserTeams(tokenStore) {
+        const response = await this.sendServerRequest("/current-user/teams?server=true", {}, tokenStore);
+        const teams = await response.json();
+        return teams;
+    }
+    async listPermissionDefinitions() {
+        const response = await this.sendServerRequest(`/permission-definitions?server=true`, {}, null);
+        return await response.json();
+    }
+    async createPermissionDefinition(data) {
+        const response = await this.sendServerRequest("/permission-definitions?server=true", {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                ...data,
+                scope: {
+                    type: "any-team",
+                }
+            }),
+        }, null);
+        return await response.json();
+    }
+    async updatePermissionDefinition(permissionId, data) {
+        await this.sendServerRequest(`/permission-definitions/${permissionId}?server=true`, {
+            method: "PUT",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify(data),
+        }, null);
+    }
+    async deletePermissionDefinition(permissionId) {
+        await this.sendServerRequest(`/permission-definitions/${permissionId}?server=true`, { method: "DELETE" }, null);
+    }
     async listUsers() {
         const response = await this.sendServerRequest("/users?server=true", {}, null);
         return await response.json();
     }
+    async listTeams() {
+        const response = await this.sendServerRequest("/teams?server=true", {}, null);
+        const json = await response.json();
+        return json;
+    }
+    async listTeamMembers(teamId) {
+        const response = await this.sendServerRequest(`/teams/${teamId}/users?server=true`, {}, null);
+        return await response.json();
+    }
+    async createTeam(data) {
+        const response = await this.sendServerRequest("/teams?server=true", {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify(data),
+        }, null);
+        return await response.json();
+    }
+    async updateTeam(teamId, data) {
+        await this.sendServerRequest(`/teams/${teamId}?server=true`, {
+            method: "PUT",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify(data),
+        }, null);
+    }
+    async deleteTeam(teamId) {
+        await this.sendServerRequest(`/teams/${teamId}?server=true`, { method: "DELETE" }, null);
+    }
+    async addUserToTeam(options) {
+        await this.sendServerRequest(`/teams/${options.teamId}/users/${options.userId}?server=true`, {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({}),
+        }, null);
+    }
+    async removeUserFromTeam(options) {
+        await this.sendServerRequest(`/teams/${options.teamId}/users/${options.userId}?server=true`, {
+            method: "DELETE",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({}),
+        }, null);
+    }
     async setServerUserCustomizableData(userId, update) {
         await this.sendServerRequest(`/users/${userId}?server=true`, {
             method: "PUT",
@@ -35,6 +132,28 @@ export class StackServerInterface extends StackClientInterface {
             body: JSON.stringify(update),
         }, null);
     }
+    async listTeamMemberPermissions(options) {
+        const response = await this.sendServerRequest(`/teams/${options.teamId}/users/${options.userId}/permissions?server=true&type=${options.type}&direct=${options.direct}`, {}, null);
+        return await response.json();
+    }
+    async grantTeamUserPermission(teamId, userId, permissionId, type) {
+        await this.sendServerRequest(`/teams/${teamId}/users/${userId}/permissions/${permissionId}?server=true`, {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ type }),
+        }, null);
+    }
+    async revokeTeamUserPermission(teamId, userId, permissionId, type) {
+        await this.sendServerRequest(`/teams/${teamId}/users/${userId}/permissions/${permissionId}?server=true`, {
+            method: "DELETE",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ type }),
+        }, null);
+    }
     async deleteServerUser(userId) {
         await this.sendServerRequest(`/users/${userId}?server=true`, {
             method: "DELETE",

package/dist/known-errors.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import { PermissionDefinitionScopeJson } from "./interface/clientInterface";
 import { StatusError } from "./utils/errors";
 import { Json } from "./utils/json";
 export type KnownErrorJson = {
@@ -58,6 +59,15 @@ export declare const KnownErrors: {
     InvalidProjectAuthentication: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION">, [statusCode: number, humanReadableMessage: string, details?: Json | undefined]> & {
         errorCode: "INVALID_PROJECT_AUTHENTICATION";
     };
+    ProjectKeyWithoutRequestType: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"PROJECT_KEY_WITHOUT_REQUEST_TYPE">, []> & {
+        errorCode: "PROJECT_KEY_WITHOUT_REQUEST_TYPE";
+    };
+    InvalidRequestType: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"INVALID_REQUEST_TYPE">, [requestType: string]> & {
+        errorCode: "INVALID_REQUEST_TYPE";
+    };
+    RequestTypeWithoutProjectId: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"REQUEST_TYPE_WITHOUT_PROJECT_ID">, [requestType: "client" | "server" | "admin"]> & {
+        errorCode: "REQUEST_TYPE_WITHOUT_PROJECT_ID";
+    };
     InvalidPublishableClientKey: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"INVALID_PUBLISHABLE_CLIENT_KEY">, []> & {
         errorCode: "INVALID_PUBLISHABLE_CLIENT_KEY";
     };
@@ -79,6 +89,9 @@ export declare const KnownErrors: {
     InvalidProjectForAdminAccessToken: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ADMIN_ACCESS_TOKEN"> & KnownErrorBrand<"INVALID_PROJECT_FOR_ADMIN_ACCESS_TOKEN">, []> & {
         errorCode: "INVALID_PROJECT_FOR_ADMIN_ACCESS_TOKEN";
     };
+    AdminAccessTokenIsNotAdmin: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ADMIN_ACCESS_TOKEN"> & KnownErrorBrand<"ADMIN_ACCESS_TOKEN_IS_NOT_ADMIN">, []> & {
+        errorCode: "ADMIN_ACCESS_TOKEN_IS_NOT_ADMIN";
+    };
     ProjectAuthenticationRequired: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & KnownErrorBrand<"PROJECT_AUTHENTICATION_REQUIRED">, [statusCode: number, humanReadableMessage: string, details?: Json | undefined]> & {
         errorCode: "PROJECT_AUTHENTICATION_REQUIRED";
     };
@@ -214,5 +227,14 @@ export declare const KnownErrors: {
     EmailAlreadyVerified: KnownErrorConstructor<KnownError & KnownErrorBrand<"EMAIL_ALREADY_VERIFIED">, []> & {
         errorCode: "EMAIL_ALREADY_VERIFIED";
     };
+    PermissionNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"PERMISSION_NOT_FOUND">, [permissionId: string]> & {
+        errorCode: "PERMISSION_NOT_FOUND";
+    };
+    PermissionScopeMismatch: KnownErrorConstructor<KnownError & KnownErrorBrand<"PERMISSION_SCOPE_MISMATCH">, [permissionId: string, permissionScope: PermissionDefinitionScopeJson, testScope: PermissionDefinitionScopeJson]> & {
+        errorCode: "PERMISSION_SCOPE_MISMATCH";
+    };
+    TeamNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"TEAM_NOT_FOUND">, [teamId: string]> & {
+        errorCode: "TEAM_NOT_FOUND";
+    };
 };
 export {};

package/dist/known-errors.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { StatusError, throwErr, throwStackErr } from "./utils/errors";
 import { identityArgs } from "./utils/functions";
+import { deindent } from "./utils/strings";
 export class KnownError extends StatusError {
     statusCode;
     humanReadableMessage;
@@ -80,7 +81,13 @@ const SchemaError = createKnownErrorConstructor(KnownError, "SCHEMA_ERROR", (mes
 ], (json) => [json.message]);
 const AllOverloadsFailed = createKnownErrorConstructor(KnownError, "ALL_OVERLOADS_FAILED", (overloadErrors) => [
     400,
-    "This endpoint has multiple overloads, but they all failed to process the request.",
+    deindent `
+      This endpoint has multiple overloads, but they all failed to process the request.
+        ${overloadErrors.map((e, i) => deindent `
+          Overload ${i + 1}: ${JSON.stringify(e, undefined, 2)}
+        `).join("\n\n")}
+    `,
     {
         overloads: overloadErrors,
     },
@@ -89,6 +96,23 @@ const AllOverloadsFailed = createKnownErrorConstructor(KnownError, "ALL_OVERLOAD
 ]);
 const ProjectAuthenticationError = createKnownErrorConstructor(KnownError, "PROJECT_AUTHENTICATION_ERROR", "inherit", "inherit");
 const InvalidProjectAuthentication = createKnownErrorConstructor(ProjectAuthenticationError, "INVALID_PROJECT_AUTHENTICATION", "inherit", "inherit");
+const ProjectKeyWithoutRequestType = createKnownErrorConstructor(InvalidProjectAuthentication, "PROJECT_KEY_WITHOUT_REQUEST_TYPE", () => [
+    400,
+    "Either an API key or an admin access token was provided, but the x-stack-request-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.",
+], () => []);
+const InvalidRequestType = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_REQUEST_TYPE", (requestType) => [
+    400,
+    `The x-stack-request-type header must be 'client', 'server', or 'admin', but was '${requestType}'.`,
+], (json) => [
+    json.details?.requestType ?? throwErr("requestType not found in InvalidRequestType details"),
+]);
+const RequestTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAuthentication, "REQUEST_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
+    400,
+    `The x-stack-request-type header was '${requestType}', but the x-stack-project-id header was not provided.`,
+    {
+        requestType,
+    },
+], (json) => [json.requestType]);
 const InvalidPublishableClientKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_PUBLISHABLE_CLIENT_KEY", () => [
     401,
     "The publishable key is not valid for the given project. Does the project and/or the key exist?",
@@ -114,6 +138,10 @@ const InvalidProjectForAdminAccessToken = createKnownErrorConstructor(InvalidAdm
     401,
     "Admin access token not valid for this project.",
 ], () => []);
+const AdminAccessTokenIsNotAdmin = createKnownErrorConstructor(InvalidAdminAccessToken, "ADMIN_ACCESS_TOKEN_IS_NOT_ADMIN", () => [
+    401,
+    "Admin access token does not have the required permissions to access this project.",
+], () => []);
 const ProjectAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationError, "PROJECT_AUTHENTICATION_REQUIRED", "inherit", "inherit");
 const ClientAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "CLIENT_AUTHENTICATION_REQUIRED", () => [
     401,
@@ -268,12 +296,52 @@ const EmailAlreadyVerified = createKnownErrorConstructor(KnownError, "EMAIL_ALRE
     400,
     "The e-mail is already verified.",
 ], () => []);
+const PermissionNotFound = createKnownErrorConstructor(KnownError, "PERMISSION_NOT_FOUND", (permissionId) => [
+    404,
+    `Permission ${permissionId} not found. Make sure you created it on the dashboard.`,
+    {
+        permissionId,
+    },
+], (json) => [json.details.permissionId]);
+const PermissionScopeMismatch = createKnownErrorConstructor(KnownError, "PERMISSION_SCOPE_MISMATCH", (permissionId, permissionScope, testScope) => {
+    return [
+        400,
+        `The scope of the permission with ID ${permissionId} is \`${permissionScope.type}\` but you tested against permissions of scope \`${testScope.type}\`. ${{
+            "global": `Please don't specify any teams when using global permissions. For example: \`user.hasPermission(${JSON.stringify(permissionId)})\`.`,
+            "any-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
+            "specific-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
+        }[permissionScope.type]}`,
+        {
+            permissionId,
+            permissionScope,
+            testScope,
+        },
+    ];
+}, (json) => [json.details.permissionId, json.details.permissionScope, json.details.testScope]);
+const UserNotInTeam = createKnownErrorConstructor(KnownError, "USER_NOT_IN_TEAM", (userId, teamId) => [
+    400,
+    `User ${userId} is not in team ${teamId}.`,
+    {
+        userId,
+        teamId,
+    },
+], (json) => [json.details.userId, json.details.teamId]);
+const TeamNotFound = createKnownErrorConstructor(KnownError, "TEAM_NOT_FOUND", (teamId) => [
+    404,
+    `Team ${teamId} not found.`,
+    {
+        teamId,
+    },
+], (json) => [json.details.teamId]);
 export const KnownErrors = {
     UnsupportedError,
     SchemaError,
     AllOverloadsFailed,
     ProjectAuthenticationError,
     InvalidProjectAuthentication,
+    ProjectKeyWithoutRequestType,
+    InvalidRequestType,
+    RequestTypeWithoutProjectId,
     InvalidPublishableClientKey,
     InvalidSecretServerKey,
     InvalidSuperSecretAdminKey,
@@ -281,6 +349,7 @@ export const KnownErrors = {
     UnparsableAdminAccessToken,
     AdminAccessTokenExpired,
     InvalidProjectForAdminAccessToken,
+    AdminAccessTokenIsNotAdmin,
     ProjectAuthenticationRequired,
     ClientAuthenticationRequired,
     ServerAuthenticationRequired,
@@ -326,6 +395,9 @@ export const KnownErrors = {
     PasswordResetCodeAlreadyUsed,
     PasswordMismatch,
     EmailAlreadyVerified,
+    PermissionNotFound,
+    PermissionScopeMismatch,
+    TeamNotFound,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/utils/errors.js CHANGED Viewed

@@ -1,6 +1,6 @@
 export function throwErr(...args) {
     if (typeof args[0] === "string") {
-        throw new Error(args[0]);
+        throw new StackAssertionError(args[0]);
     }
     else if (args[0] instanceof Error) {
         throw args[0];
@@ -28,7 +28,12 @@ export function registerErrorSink(sink) {
     }
     errorSinks.add(sink);
 }
-registerErrorSink((location, ...args) => console.error(`Error in ${location}:`, ...args));
+registerErrorSink((location, ...args) => {
+    console.error(`Error in ${location}:`, ...args);
+    if (process.env.NODE_ENV === "development") {
+        debugger;
+    }
+});
 export function captureError(location, error) {
     for (const sink of errorSinks) {
         sink(location, error);

package/dist/utils/strings.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 export declare function typedToLowercase<S extends string>(s: S): Lowercase<S>;
 export declare function typedToUppercase<S extends string>(s: S): Uppercase<S>;
+export declare function typedCapitalize<S extends string>(s: S): Capitalize<S>;
 /**
  * Returns all whitespace character at the start of the string.
  *

package/dist/utils/strings.js CHANGED Viewed

@@ -4,6 +4,9 @@ export function typedToLowercase(s) {
 export function typedToUppercase(s) {
     return s.toUpperCase();
 }
+export function typedCapitalize(s) {
+    return s.charAt(0).toUpperCase() + s.slice(1);
+}
 /**
  * Returns all whitespace character at the start of the string.
  *

package/dist/utils/types.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export type IsAny<T> = 0 extends (1 & T) ? true : false;

package/dist/utils/types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.3.6",
+  "version": "2.4.1",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -8,13 +8,23 @@
     "dist"
   ],
   "peerDependencies": {
-    "react": "^18.2"
+    "react": "^18.2",
+    "yup": "^1.4.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": true
+    },
+    "yup": {
+      "optional": true
+    }
   },
   "dependencies": {
     "bcrypt": "^5.1.1",
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
-    "uuid": "^9.0.1"
+    "uuid": "^9.0.1",
+    "@stackframe/stack-sc": "1.5.1"
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.2",