@stackframe/stack-shared 2.4.0 → 2.4.2

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { StackClientInterface, UserJson as UserJson, UserCustomizableJson, ClientProjectJson, ProjectJson, OAuthProviderConfigJson, getProductionModeErrors, } from "./interface/clientInterface";
-export { StackServerInterface, ServerUserJson, ServerUserCustomizableJson, } from "./interface/serverInterface";
+export { StackClientInterface, UserJson as UserJson, ClientProjectJson, ProjectJson, OAuthProviderConfigJson, getProductionModeErrors, } from "./interface/clientInterface";
+export { StackServerInterface, ServerUserJson, } from "./interface/serverInterface";
 export { StackAdminInterface, ApiKeySetBaseJson, ApiKeySetFirstViewJson, ApiKeySetJson, } from "./interface/adminInterface";
 export { KnownError, KnownErrors, } from "./known-errors";

package/dist/interface/adminInterface.d.ts

@@ -17,6 +17,8 @@ export type OAuthProviderUpdateOptions = {
     tenantId?: string;
 });
 export type ProjectUpdateOptions = {
+    displayName?: string;
+    description?: string;
     isProductionMode?: boolean;
     config?: {
         domains?: {
@@ -27,6 +29,7 @@ export type ProjectUpdateOptions = {
         credentialEnabled?: boolean;
         magicLinkEnabled?: boolean;
         allowLocalhost?: boolean;
+        createTeamOnSignUp?: boolean;
     };
 };
 export type ApiKeySetBaseJson = {

package/dist/interface/clientInterface.d.ts

@@ -3,12 +3,13 @@ import { Result } from "../utils/results";
 import { ReadonlyJson } from '../utils/json';
 import { AsyncStore, ReadonlyAsyncStore } from '../utils/stores';
 import { KnownErrors } from '../known-errors';
-export type UserCustomizableJson = {
-    readonly projectId: string;
+import { ProjectUpdateOptions } from './adminInterface';
+type UserCustomizableJson = {
     readonly displayName: string | null;
     readonly clientMetadata: ReadonlyJson;
 };
 export type UserJson = UserCustomizableJson & {
+    readonly projectId: string;
     readonly id: string;
     readonly primaryEmail: string | null;
     readonly primaryEmailVerified: boolean;
@@ -16,11 +17,15 @@ export type UserJson = UserCustomizableJson & {
     readonly clientMetadata: ReadonlyJson;
     readonly profileImageUrl: string | null;
     readonly signedUpAtMillis: number;
+    /**
+     * not used anymore, for backwards compatibility
+     */
     readonly authMethod: "credential" | "oauth";
     readonly hasPassword: boolean;
     readonly authWithEmail: boolean;
     readonly oauthProviders: readonly string[];
 };
+export type UserUpdateJson = Partial<UserCustomizableJson>;
 export type ClientProjectJson = {
     readonly id: string;
     readonly credentialEnabled: boolean;
@@ -65,6 +70,7 @@ export type ProjectJson = {
         oauthProviders: OAuthProviderConfigJson[];
         emailConfig?: EmailConfigJson;
         domains: DomainConfigJson[];
+        createTeamOnSignUp: boolean;
     };
 };
 export type OAuthProviderConfigJson = {
@@ -98,6 +104,30 @@ export type ProductionModeError = {
     errorMessage: string;
     fixUrlRelative: string;
 };
+export type OrglikeJson = {
+    id: string;
+    displayName: string;
+    createdAtMillis: number;
+};
+export type TeamJson = OrglikeJson;
+export type OrganizationJson = OrglikeJson;
+export type TeamMemberJson = {
+    userId: string;
+    teamId: string;
+    displayName: string | null;
+};
+export type PermissionDefinitionScopeJson = {
+    type: "global";
+} | {
+    type: "any-team";
+} | {
+    type: "specific-team";
+    teamId: string;
+};
+export type PermissionDefinitionJson = {
+    id: string;
+    scope: PermissionDefinitionScopeJson;
+};
 export declare class StackClientInterface {
     readonly options: ClientInterfaceOptions;
     constructor(options: ClientInterfaceOptions);
@@ -141,9 +171,18 @@ export declare class StackClientInterface {
     callOAuthCallback(oauthParams: URLSearchParams, redirectUri: string, codeVerifier: string, state: string, tokenStore: TokenStore): Promise<oauth.OAuth2TokenEndpointResponse>;
     signOut(tokenStore: TokenStore): Promise<void>;
     getClientUserByToken(tokenStore: TokenStore): Promise<Result<UserJson>>;
+    listClientUserTeamPermissions(options: {
+        teamId: string;
+        type: 'global' | 'team';
+        direct: boolean;
+    }, tokenStore: TokenStore): Promise<PermissionDefinitionJson[]>;
+    listClientUserTeams(tokenStore: TokenStore): Promise<TeamJson[]>;
     getClientProject(): Promise<Result<ClientProjectJson>>;
-    setClientUserCustomizableData(update: Partial<UserCustomizableJson>, tokenStore: TokenStore): Promise<void>;
+    setClientUserCustomizableData(update: UserUpdateJson, tokenStore: TokenStore): Promise<void>;
     listProjects(tokenStore: TokenStore): Promise<ProjectJson[]>;
-    createProject(project: Pick<ProjectJson, "displayName" | "description">, tokenStore: TokenStore): Promise<ProjectJson>;
+    createProject(project: ProjectUpdateOptions & {
+        displayName: string;
+    }, tokenStore: TokenStore): Promise<ProjectJson>;
 }
 export declare function getProductionModeErrors(project: ProjectJson): ProductionModeError[];
+export {};

package/dist/interface/clientInterface.js

@@ -4,6 +4,8 @@ import { Result } from "../utils/results";
 import { AsyncStore } from '../utils/stores';
 import { KnownError, KnownErrors } from '../known-errors';
 import { StackAssertionError } from '../utils/errors';
+import { cookies } from '@stackframe/stack-sc';
+import { generateSecureRandomString } from '../utils/crypto';
 export const sharedProviders = [
     "shared-github",
     "shared-google",
@@ -124,6 +126,8 @@ export class StackClientInterface {
             await this.refreshAccessToken(tokenStore);
             tokenObj = await tokenStore.getOrWait();
         }
+        // all requests should be dynamic to prevent Next.js caching
+        cookies?.();
         const url = this.getApiUrl() + path;
         const params = {
             /**
@@ -148,8 +152,10 @@ export class StackClientInterface {
                 ...'projectOwnerTokens' in this.options ? {
                     "X-Stack-Admin-Access-Token": (await this.options.projectOwnerTokens?.getOrWait())?.accessToken ?? "",
                 } : {},
+                "X-Stack-Random-Nonce": generateSecureRandomString(),
                 ...options.headers,
             },
+            cache: "no-store",
         };
         const rawRes = await fetch(url, params);
         const processedRes = await this._processResponse(rawRes);
@@ -433,6 +439,16 @@ export class StackClientInterface {
             return Result.error(new Error("Failed to get user"));
         return Result.ok(user);
     }
+    async listClientUserTeamPermissions(options, tokenStore) {
+        const response = await this.sendClientRequest(`/current-user/teams/${options.teamId}/permissions?type=${options.type}&direct=${options.direct}`, {}, tokenStore);
+        const permissions = await response.json();
+        return permissions;
+    }
+    async listClientUserTeams(tokenStore) {
+        const response = await this.sendClientRequest("/current-user/teams", {}, tokenStore);
+        const teams = await response.json();
+        return teams;
+    }
     async getClientProject() {
         const response = await this.sendClientRequest("/projects/" + this.options.projectId, {}, null);
         const project = await response.json();
@@ -474,7 +490,7 @@ export class StackClientInterface {
 }
 export function getProductionModeErrors(project) {
     const errors = [];
-    const fixUrlRelative = `/projects/${encodeURIComponent(project.id)}/auth/urls-and-callbacks`;
+    const fixUrlRelative = `/projects/${project.id}/auth/urls-and-callbacks`;
     if (project.evaluatedConfig.allowLocalhost) {
         errors.push({
             errorMessage: "Localhost is not allowed in production mode, turn off 'Allow localhost' in project settings",

package/dist/interface/serverInterface.d.ts

@@ -1,13 +1,28 @@
-import { ClientInterfaceOptions, UserCustomizableJson, UserJson, TokenStore, StackClientInterface, ReadonlyTokenStore } from "./clientInterface";
+import { ClientInterfaceOptions, UserJson, TokenStore, StackClientInterface, ReadonlyTokenStore, OrglikeJson, UserUpdateJson, PermissionDefinitionJson, PermissionDefinitionScopeJson as PermissionDefinitionScopeJson, TeamMemberJson } from "./clientInterface";
 import { Result } from "../utils/results";
 import { ReadonlyJson } from "../utils/json";
 export type ServerUserJson = UserJson & {
     readonly serverMetadata: ReadonlyJson;
 };
-export type ServerUserCustomizableJson = UserCustomizableJson & {
-    readonly serverMetadata: ReadonlyJson;
-    readonly primaryEmail: string | null;
-    readonly primaryEmailVerified: boolean;
+export type ServerUserUpdateJson = UserUpdateJson & {
+    readonly serverMetadata?: ReadonlyJson;
+    readonly primaryEmail?: string | null;
+    readonly primaryEmailVerified?: boolean;
+};
+export type ServerOrglikeCustomizableJson = Pick<ServerOrglikeJson, "displayName">;
+export type ServerOrglikeJson = OrglikeJson & {};
+export type ServerTeamCustomizableJson = ServerOrglikeCustomizableJson;
+export type ServerTeamJson = ServerOrglikeJson;
+export type ServerTeamMemberJson = TeamMemberJson;
+export type ServerPermissionDefinitionCustomizableJson = {
+    readonly id: string;
+    readonly description?: string;
+    readonly scope: PermissionDefinitionScopeJson;
+    readonly containPermissionIds: string[];
+};
+export type ServerPermissionDefinitionJson = PermissionDefinitionJson & ServerPermissionDefinitionCustomizableJson & {
+    readonly __databaseUniqueId: string;
+    readonly scope: PermissionDefinitionScopeJson;
 };
 export type ServerAuthApplicationOptions = (ClientInterfaceOptions & ({
     readonly secretServerKey: string;
@@ -24,7 +39,39 @@ export declare class StackServerInterface extends StackClientInterface {
         }>;
     }>;
     getServerUserByToken(tokenStore: TokenStore): Promise<Result<ServerUserJson>>;
+    getServerUserById(userId: string): Promise<Result<ServerUserJson>>;
+    listServerUserTeamPermissions(options: {
+        teamId: string;
+        type: 'global' | 'team';
+        direct: boolean;
+    }, tokenStore: TokenStore): Promise<ServerPermissionDefinitionJson[]>;
+    listServerUserTeams(tokenStore: TokenStore): Promise<ServerTeamJson[]>;
+    listPermissionDefinitions(): Promise<ServerPermissionDefinitionJson[]>;
+    createPermissionDefinition(data: ServerPermissionDefinitionCustomizableJson): Promise<ServerPermissionDefinitionJson>;
+    updatePermissionDefinition(permissionId: string, data: Partial<ServerPermissionDefinitionCustomizableJson>): Promise<void>;
+    deletePermissionDefinition(permissionId: string): Promise<void>;
     listUsers(): Promise<ServerUserJson[]>;
-    setServerUserCustomizableData(userId: string, update: Partial<ServerUserCustomizableJson>): Promise<void>;
+    listTeams(): Promise<ServerTeamJson[]>;
+    listTeamMembers(teamId: string): Promise<ServerTeamMemberJson[]>;
+    createTeam(data: ServerTeamCustomizableJson): Promise<ServerTeamJson>;
+    updateTeam(teamId: string, data: Partial<ServerTeamCustomizableJson>): Promise<void>;
+    deleteTeam(teamId: string): Promise<void>;
+    addUserToTeam(options: {
+        userId: string;
+        teamId: string;
+    }): Promise<void>;
+    removeUserFromTeam(options: {
+        userId: string;
+        teamId: string;
+    }): Promise<void>;
+    setServerUserCustomizableData(userId: string, update: ServerUserUpdateJson): Promise<void>;
+    listTeamMemberPermissions(options: {
+        teamId: string;
+        userId: string;
+        type: 'global' | 'team';
+        direct: boolean;
+    }): Promise<ServerPermissionDefinitionJson[]>;
+    grantTeamUserPermission(teamId: string, userId: string, permissionId: string, type: 'global' | 'team'): Promise<void>;
+    revokeTeamUserPermission(teamId: string, userId: string, permissionId: string, type: 'global' | 'team'): Promise<void>;
     deleteServerUser(userId: string): Promise<void>;
 }

package/dist/interface/serverInterface.js

@@ -22,10 +22,107 @@ export class StackServerInterface extends StackClientInterface {
             return Result.error(new Error("Failed to get user"));
         return Result.ok(user);
     }
+    async getServerUserById(userId) {
+        const response = await this.sendServerRequest(`/users/${userId}?server=true`, {}, null);
+        const user = await response.json();
+        if (!user)
+            return Result.error(new Error("Failed to get user"));
+        return Result.ok(user);
+    }
+    async listServerUserTeamPermissions(options, tokenStore) {
+        const response = await this.sendServerRequest(`/current-user/teams/${options.teamId}/permissions?type=${options.type}&direct=${options.direct}&server=true`, {}, tokenStore);
+        const permissions = await response.json();
+        return permissions;
+    }
+    async listServerUserTeams(tokenStore) {
+        const response = await this.sendServerRequest("/current-user/teams?server=true", {}, tokenStore);
+        const teams = await response.json();
+        return teams;
+    }
+    async listPermissionDefinitions() {
+        const response = await this.sendServerRequest(`/permission-definitions?server=true`, {}, null);
+        return await response.json();
+    }
+    async createPermissionDefinition(data) {
+        const response = await this.sendServerRequest("/permission-definitions?server=true", {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                ...data,
+                scope: {
+                    type: "any-team",
+                }
+            }),
+        }, null);
+        return await response.json();
+    }
+    async updatePermissionDefinition(permissionId, data) {
+        await this.sendServerRequest(`/permission-definitions/${permissionId}?server=true`, {
+            method: "PUT",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify(data),
+        }, null);
+    }
+    async deletePermissionDefinition(permissionId) {
+        await this.sendServerRequest(`/permission-definitions/${permissionId}?server=true`, { method: "DELETE" }, null);
+    }
     async listUsers() {
         const response = await this.sendServerRequest("/users?server=true", {}, null);
         return await response.json();
     }
+    async listTeams() {
+        const response = await this.sendServerRequest("/teams?server=true", {}, null);
+        const json = await response.json();
+        return json;
+    }
+    async listTeamMembers(teamId) {
+        const response = await this.sendServerRequest(`/teams/${teamId}/users?server=true`, {}, null);
+        return await response.json();
+    }
+    async createTeam(data) {
+        const response = await this.sendServerRequest("/teams?server=true", {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify(data),
+        }, null);
+        return await response.json();
+    }
+    async updateTeam(teamId, data) {
+        await this.sendServerRequest(`/teams/${teamId}?server=true`, {
+            method: "PUT",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify(data),
+        }, null);
+    }
+    async deleteTeam(teamId) {
+        await this.sendServerRequest(`/teams/${teamId}?server=true`, { method: "DELETE" }, null);
+    }
+    async addUserToTeam(options) {
+        await this.sendServerRequest(`/teams/${options.teamId}/users/${options.userId}?server=true`, {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({}),
+        }, null);
+    }
+    async removeUserFromTeam(options) {
+        await this.sendServerRequest(`/teams/${options.teamId}/users/${options.userId}?server=true`, {
+            method: "DELETE",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({}),
+        }, null);
+    }
     async setServerUserCustomizableData(userId, update) {
         await this.sendServerRequest(`/users/${userId}?server=true`, {
             method: "PUT",
@@ -35,6 +132,28 @@ export class StackServerInterface extends StackClientInterface {
             body: JSON.stringify(update),
         }, null);
     }
+    async listTeamMemberPermissions(options) {
+        const response = await this.sendServerRequest(`/teams/${options.teamId}/users/${options.userId}/permissions?server=true&type=${options.type}&direct=${options.direct}`, {}, null);
+        return await response.json();
+    }
+    async grantTeamUserPermission(teamId, userId, permissionId, type) {
+        await this.sendServerRequest(`/teams/${teamId}/users/${userId}/permissions/${permissionId}?server=true`, {
+            method: "POST",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ type }),
+        }, null);
+    }
+    async revokeTeamUserPermission(teamId, userId, permissionId, type) {
+        await this.sendServerRequest(`/teams/${teamId}/users/${userId}/permissions/${permissionId}?server=true`, {
+            method: "DELETE",
+            headers: {
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ type }),
+        }, null);
+    }
     async deleteServerUser(userId) {
         await this.sendServerRequest(`/users/${userId}?server=true`, {
             method: "DELETE",

package/dist/known-errors.d.ts

@@ -1,3 +1,4 @@
+import { PermissionDefinitionScopeJson } from "./interface/clientInterface";
 import { StatusError } from "./utils/errors";
 import { Json } from "./utils/json";
 export type KnownErrorJson = {
@@ -226,5 +227,14 @@ export declare const KnownErrors: {
     EmailAlreadyVerified: KnownErrorConstructor<KnownError & KnownErrorBrand<"EMAIL_ALREADY_VERIFIED">, []> & {
         errorCode: "EMAIL_ALREADY_VERIFIED";
     };
+    PermissionNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"PERMISSION_NOT_FOUND">, [permissionId: string]> & {
+        errorCode: "PERMISSION_NOT_FOUND";
+    };
+    PermissionScopeMismatch: KnownErrorConstructor<KnownError & KnownErrorBrand<"PERMISSION_SCOPE_MISMATCH">, [permissionId: string, permissionScope: PermissionDefinitionScopeJson, testScope: PermissionDefinitionScopeJson]> & {
+        errorCode: "PERMISSION_SCOPE_MISMATCH";
+    };
+    TeamNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"TEAM_NOT_FOUND">, [teamId: string]> & {
+        errorCode: "TEAM_NOT_FOUND";
+    };
 };
 export {};

package/dist/known-errors.js

@@ -296,6 +296,43 @@ const EmailAlreadyVerified = createKnownErrorConstructor(KnownError, "EMAIL_ALRE
     400,
     "The e-mail is already verified.",
 ], () => []);
+const PermissionNotFound = createKnownErrorConstructor(KnownError, "PERMISSION_NOT_FOUND", (permissionId) => [
+    404,
+    `Permission ${permissionId} not found. Make sure you created it on the dashboard.`,
+    {
+        permissionId,
+    },
+], (json) => [json.details.permissionId]);
+const PermissionScopeMismatch = createKnownErrorConstructor(KnownError, "PERMISSION_SCOPE_MISMATCH", (permissionId, permissionScope, testScope) => {
+    return [
+        400,
+        `The scope of the permission with ID ${permissionId} is \`${permissionScope.type}\` but you tested against permissions of scope \`${testScope.type}\`. ${{
+            "global": `Please don't specify any teams when using global permissions. For example: \`user.hasPermission(${JSON.stringify(permissionId)})\`.`,
+            "any-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
+            "specific-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
+        }[permissionScope.type]}`,
+        {
+            permissionId,
+            permissionScope,
+            testScope,
+        },
+    ];
+}, (json) => [json.details.permissionId, json.details.permissionScope, json.details.testScope]);
+const UserNotInTeam = createKnownErrorConstructor(KnownError, "USER_NOT_IN_TEAM", (userId, teamId) => [
+    400,
+    `User ${userId} is not in team ${teamId}.`,
+    {
+        userId,
+        teamId,
+    },
+], (json) => [json.details.userId, json.details.teamId]);
+const TeamNotFound = createKnownErrorConstructor(KnownError, "TEAM_NOT_FOUND", (teamId) => [
+    404,
+    `Team ${teamId} not found.`,
+    {
+        teamId,
+    },
+], (json) => [json.details.teamId]);
 export const KnownErrors = {
     UnsupportedError,
     SchemaError,
@@ -358,6 +395,9 @@ export const KnownErrors = {
     PasswordResetCodeAlreadyUsed,
     PasswordMismatch,
     EmailAlreadyVerified,
+    PermissionNotFound,
+    PermissionScopeMismatch,
+    TeamNotFound,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/utils/errors.js

@@ -1,6 +1,6 @@
 export function throwErr(...args) {
     if (typeof args[0] === "string") {
-        throw new Error(args[0]);
+        throw new StackAssertionError(args[0]);
     }
     else if (args[0] instanceof Error) {
         throw args[0];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.4.0",
+  "version": "2.4.2",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -23,7 +23,8 @@
     "bcrypt": "^5.1.1",
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
-    "uuid": "^9.0.1"
+    "uuid": "^9.0.1",
+    "@stackframe/stack-sc": "1.5.1"
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.2",