@stackframe/stack-shared 2.4.28 → 2.5.1

package/dist/known-errors.js

@@ -15,9 +15,8 @@ export class KnownError extends StatusError {
     getBody() {
         return new TextEncoder().encode(JSON.stringify({
             code: this.errorCode,
-            message: this.humanReadableMessage,
             details: this.details,
-            error: true,
+            error: this.humanReadableMessage,
         }, undefined, 2));
     }
     getHeaders() {
@@ -55,9 +54,11 @@ function createKnownErrorConstructor(SuperClass, errorCode, create, constructorA
     class KnownErrorImpl extends SuperClass {
         static errorCode = errorCode;
         name = `KnownError<${errorCode}>`;
+        constructorArgs;
         constructor(...args) {
             // @ts-expect-error
             super(...createFn(...args));
+            this.constructorArgs = args;
         }
         static constructorArgsFromJson(json) {
             return constructorArgsFromJsonFn(json);
@@ -94,52 +95,93 @@ const AllOverloadsFailed = createKnownErrorConstructor(KnownError, "ALL_OVERLOAD
         `).join("\n\n")}
     `,
     {
-        overloadErrors,
+        overload_errors: overloadErrors,
     },
 ], (json) => [
-    json.details?.overloadErrors ?? throwErr("overloadErrors not found in AllOverloadsFailed details"),
+    json.details?.overload_errors ?? throwErr("overload_errors not found in AllOverloadsFailed details"),
 ]);
 const ProjectAuthenticationError = createKnownErrorConstructor(KnownError, "PROJECT_AUTHENTICATION_ERROR", "inherit", "inherit");
-const InvalidProjectAuthentication = createKnownErrorConstructor(ProjectAuthenticationError, "INVALID_PROJECT_AUTHENTICATION", "inherit", "inherit");
-const ProjectKeyWithoutRequestType = createKnownErrorConstructor(InvalidProjectAuthentication, "PROJECT_KEY_WITHOUT_REQUEST_TYPE", () => [
+const InvalidProjectAccess = createKnownErrorConstructor(ProjectAuthenticationError, "INVALID_PROJECT_AUTHENTICATION", "inherit", "inherit");
+/**
+ * @deprecated Use ProjectKeyWithoutAccessType instead
+ */
+const ProjectKeyWithoutRequestType = createKnownErrorConstructor(InvalidProjectAccess, "PROJECT_KEY_WITHOUT_REQUEST_TYPE", () => [
     400,
     "Either an API key or an admin access token was provided, but the x-stack-request-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.",
 ], () => []);
-const InvalidRequestType = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_REQUEST_TYPE", (requestType) => [
+/**
+ * @deprecated Use InvalidAccessType instead
+ */
+const InvalidRequestType = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_REQUEST_TYPE", (requestType) => [
     400,
     `The x-stack-request-type header must be 'client', 'server', or 'admin', but was '${requestType}'.`,
 ], (json) => [
     json.details?.requestType ?? throwErr("requestType not found in InvalidRequestType details"),
 ]);
-const RequestTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAuthentication, "REQUEST_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
+/**
+ * @deprecated Use AccessTypeWithoutProjectId instead
+ */
+const RequestTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAccess, "REQUEST_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
     400,
     `The x-stack-request-type header was '${requestType}', but the x-stack-project-id header was not provided.`,
     {
-        requestType,
+        request_type: requestType,
     },
-], (json) => [json.requestType]);
-const InvalidPublishableClientKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_PUBLISHABLE_CLIENT_KEY", (projectId) => [
+], (json) => [json.request_type]);
+const ProjectKeyWithoutAccessType = createKnownErrorConstructor(InvalidProjectAccess, "PROJECT_KEY_WITHOUT_ACCESS_TYPE", () => [
+    400,
+    "Either an API key or an admin access token was provided, but the x-stack-access-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.",
+], () => []);
+const InvalidAccessType = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_ACCESS_TYPE", (requestType) => [
+    400,
+    `The x-stack-access-type header must be 'client', 'server', or 'admin', but was '${requestType}'.`,
+], (json) => [
+    json.details?.requestType ?? throwErr("requestType not found in InvalidRequestType details"),
+]);
+const AccessTypeWithoutProjectId = createKnownErrorConstructor(InvalidProjectAccess, "ACCESS_TYPE_WITHOUT_PROJECT_ID", (requestType) => [
+    400,
+    `The x-stack-access-type header was '${requestType}', but the x-stack-project-id header was not provided.`,
+    {
+        request_type: requestType,
+    },
+], (json) => [json.request_type]);
+const AccessTypeRequired = createKnownErrorConstructor(InvalidProjectAccess, "ACCESS_TYPE_REQUIRED", () => [
+    400,
+    `You must specify an access level for this Stack project. Make sure project API keys are provided (eg. x-stack-publishable-client-key) and you set the x-stack-access-type header to 'client', 'server', or 'admin'.`,
+], () => []);
+const InsufficientAccessType = createKnownErrorConstructor(InvalidProjectAccess, "INSUFFICIENT_ACCESS_TYPE", (actualAccessType, allowedAccessTypes) => [
+    401,
+    `The x-stack-access-type header must be ${allowedAccessTypes.map(s => `'${s}'`).join(" or ")}, but was '${actualAccessType}'.`,
+    {
+        actual_access_type: actualAccessType,
+        allowed_access_types: allowedAccessTypes,
+    },
+], (json) => [
+    json.details.actual_access_type,
+    json.details.allowed_access_types,
+]);
+const InvalidPublishableClientKey = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_PUBLISHABLE_CLIENT_KEY", (projectId) => [
     401,
     `The publishable key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,
     {
-        projectId,
+        project_id: projectId,
     },
-], (json) => [json.projectId]);
-const InvalidSecretServerKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_SECRET_SERVER_KEY", (projectId) => [
+], (json) => [json.project_id]);
+const InvalidSecretServerKey = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_SECRET_SERVER_KEY", (projectId) => [
     401,
     `The secret server key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,
     {
-        projectId,
+        project_id: projectId,
     },
-], (json) => [json.projectId]);
-const InvalidSuperSecretAdminKey = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_SUPER_SECRET_ADMIN_KEY", (projectId) => [
+], (json) => [json.project_id]);
+const InvalidSuperSecretAdminKey = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_SUPER_SECRET_ADMIN_KEY", (projectId) => [
     401,
     `The super secret admin key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,
     {
-        projectId,
+        project_id: projectId,
     },
-], (json) => [json.projectId]);
-const InvalidAdminAccessToken = createKnownErrorConstructor(InvalidProjectAuthentication, "INVALID_ADMIN_ACCESS_TOKEN", "inherit", "inherit");
+], (json) => [json.project_id]);
+const InvalidAdminAccessToken = createKnownErrorConstructor(InvalidProjectAccess, "INVALID_ADMIN_ACCESS_TOKEN", "inherit", "inherit");
 const UnparsableAdminAccessToken = createKnownErrorConstructor(InvalidAdminAccessToken, "UNPARSABLE_ADMIN_ACCESS_TOKEN", () => [
     401,
     "Admin access token is not parsable.",
@@ -156,27 +198,48 @@ const AdminAccessTokenIsNotAdmin = createKnownErrorConstructor(InvalidAdminAcces
     401,
     "Admin access token does not have the required permissions to access this project.",
 ], () => []);
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const ProjectAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationError, "PROJECT_AUTHENTICATION_REQUIRED", "inherit", "inherit");
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const ClientAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "CLIENT_AUTHENTICATION_REQUIRED", () => [
     401,
     "The publishable client key must be provided.",
 ], () => []);
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const ServerAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "SERVER_AUTHENTICATION_REQUIRED", () => [
     401,
     "The secret server key must be provided.",
 ], () => []);
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const ClientOrServerAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "CLIENT_OR_SERVER_AUTHENTICATION_REQUIRED", () => [
     401,
     "Either the publishable client key or the secret server key must be provided.",
 ], () => []);
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const ClientOrAdminAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "CLIENT_OR_ADMIN_AUTHENTICATION_REQUIRED", () => [
     401,
     "Either the publishable client key or the super secret admin key must be provided.",
 ], () => []);
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const ClientOrServerOrAdminAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "CLIENT_OR_SERVER_OR_ADMIN_AUTHENTICATION_REQUIRED", () => [
     401,
     "Either the publishable client key, the secret server key, or the super secret admin key must be provided.",
 ], () => []);
+/**
+ * @deprecated Use InsufficientAccessType instead
+ */
 const AdminAuthenticationRequired = createKnownErrorConstructor(ProjectAuthenticationRequired, "ADMIN_AUTHENTICATION_REQUIRED", () => [
     401,
     "The super secret admin key must be provided.",
@@ -221,6 +284,10 @@ const UserEmailAlreadyExists = createKnownErrorConstructor(KnownError, "USER_EMA
     400,
     "User already exists.",
 ], () => []);
+const CannotGetOwnUserWithoutUser = createKnownErrorConstructor(KnownError, "CANNOT_GET_OWN_USER_WITHOUT_USER", () => [
+    400,
+    "You have specified 'me' as a userId, but did not provide authentication for a user.",
+], () => []);
 const UserNotFound = createKnownErrorConstructor(KnownError, "USER_NOT_FOUND", () => [
     404,
     "User not found.",
@@ -260,52 +327,23 @@ const PasswordTooLong = createKnownErrorConstructor(PasswordRequirementsNotMet,
 ], (json) => [
     json.details?.maxLength ?? throwErr("maxLength not found in PasswordTooLong details"),
 ]);
-const EmailVerificationError = createKnownErrorConstructor(KnownError, "EMAIL_VERIFICATION_ERROR", "inherit", "inherit");
-const EmailVerificationCodeError = createKnownErrorConstructor(EmailVerificationError, "EMAIL_VERIFICATION_CODE_ERROR", "inherit", "inherit");
-const EmailVerificationCodeNotFound = createKnownErrorConstructor(EmailVerificationCodeError, "EMAIL_VERIFICATION_CODE_NOT_FOUND", () => [
+const VerificationCodeError = createKnownErrorConstructor(KnownError, "VERIFICATION_ERROR", "inherit", "inherit");
+const VerificationCodeNotFound = createKnownErrorConstructor(VerificationCodeError, "VERIFICATION_CODE_NOT_FOUND", () => [
     404,
-    "The e-mail verification code does not exist for this project.",
-], () => []);
-const EmailVerificationCodeExpired = createKnownErrorConstructor(EmailVerificationCodeError, "EMAIL_VERIFICATION_CODE_EXPIRED", () => [
-    400,
-    "The e-mail verification code has expired.",
+    "The verification code does not exist for this project.",
 ], () => []);
-const EmailVerificationCodeAlreadyUsed = createKnownErrorConstructor(EmailVerificationCodeError, "EMAIL_VERIFICATION_CODE_ALREADY_USED", () => [
+const VerificationCodeExpired = createKnownErrorConstructor(VerificationCodeError, "VERIFICATION_CODE_EXPIRED", () => [
     400,
-    "The e-mail verification link has already been used.",
-], () => []);
-const MagicLinkError = createKnownErrorConstructor(KnownError, "MAGIC_LINK_ERROR", "inherit", "inherit");
-const MagicLinkCodeError = createKnownErrorConstructor(MagicLinkError, "MAGIC_LINK_CODE_ERROR", "inherit", "inherit");
-const MagicLinkCodeNotFound = createKnownErrorConstructor(MagicLinkCodeError, "MAGIC_LINK_CODE_NOT_FOUND", () => [
-    404,
-    "The e-mail verification code does not exist for this project.",
+    "The verification code has expired.",
 ], () => []);
-const MagicLinkCodeExpired = createKnownErrorConstructor(MagicLinkCodeError, "MAGIC_LINK_CODE_EXPIRED", () => [
+const VerificationCodeAlreadyUsed = createKnownErrorConstructor(VerificationCodeError, "VERIFICATION_CODE_ALREADY_USED", () => [
     400,
-    "The e-mail verification code has expired.",
-], () => []);
-const MagicLinkCodeAlreadyUsed = createKnownErrorConstructor(MagicLinkCodeError, "MAGIC_LINK_CODE_ALREADY_USED", () => [
-    400,
-    "The e-mail verification link has already been used.",
+    "The verification link has already been used.",
 ], () => []);
 const PasswordMismatch = createKnownErrorConstructor(KnownError, "PASSWORD_MISMATCH", () => [
     400,
     "Passwords do not match.",
 ], () => []);
-const PasswordResetError = createKnownErrorConstructor(KnownError, "PASSWORD_RESET_ERROR", "inherit", "inherit");
-const PasswordResetCodeError = createKnownErrorConstructor(PasswordResetError, "PASSWORD_RESET_CODE_ERROR", "inherit", "inherit");
-const PasswordResetCodeNotFound = createKnownErrorConstructor(PasswordResetCodeError, "PASSWORD_RESET_CODE_NOT_FOUND", () => [
-    404,
-    "The password reset code does not exist for this project.",
-], () => []);
-const PasswordResetCodeExpired = createKnownErrorConstructor(PasswordResetCodeError, "PASSWORD_RESET_CODE_EXPIRED", () => [
-    400,
-    "The password reset code has expired.",
-], () => []);
-const PasswordResetCodeAlreadyUsed = createKnownErrorConstructor(PasswordResetCodeError, "PASSWORD_RESET_CODE_ALREADY_USED", () => [
-    400,
-    "The password reset code has already been used.",
-], () => []);
 const EmailAlreadyVerified = createKnownErrorConstructor(KnownError, "EMAIL_ALREADY_VERIFIED", () => [
     400,
     "The e-mail is already verified.",
@@ -314,9 +352,9 @@ const PermissionNotFound = createKnownErrorConstructor(KnownError, "PERMISSION_N
     404,
     `Permission ${permissionId} not found. Make sure you created it on the dashboard.`,
     {
-        permissionId,
+        permission_id: permissionId,
     },
-], (json) => [json.details.permissionId]);
+], (json) => [json.details.permission_id]);
 const PermissionScopeMismatch = createKnownErrorConstructor(KnownError, "PERMISSION_SCOPE_MISMATCH", (permissionId, permissionScope, testScope) => {
     return [
         400,
@@ -326,27 +364,27 @@ const PermissionScopeMismatch = createKnownErrorConstructor(KnownError, "PERMISS
             "specific-team": `Please specify the team. For example: \`user.hasPermission(team, ${JSON.stringify(permissionId)})\`.`,
         }[permissionScope.type]}`,
         {
-            permissionId,
-            permissionScope,
-            testScope,
+            permission_id: permissionId,
+            permission_scope: permissionScope,
+            test_scope: testScope,
         },
     ];
-}, (json) => [json.details.permissionId, json.details.permissionScope, json.details.testScope]);
+}, (json) => [json.details.permission_id, json.details.permission_scope, json.details.test_scope]);
 const UserNotInTeam = createKnownErrorConstructor(KnownError, "USER_NOT_IN_TEAM", (userId, teamId) => [
     400,
     `User ${userId} is not in team ${teamId}.`,
     {
-        userId,
-        teamId,
+        user_id: userId,
+        team_id: teamId,
     },
-], (json) => [json.details.userId, json.details.teamId]);
+], (json) => [json.details.user_id, json.details.team_id]);
 const TeamNotFound = createKnownErrorConstructor(KnownError, "TEAM_NOT_FOUND", (teamId) => [
     404,
     `Team ${teamId} not found.`,
     {
-        teamId,
+        team_id: teamId,
     },
-], (json) => [json.details.teamId]);
+], (json) => [json.details.team_id]);
 const EmailTemplateAlreadyExists = createKnownErrorConstructor(KnownError, "EMAIL_TEMPLATE_ALREADY_EXISTS", () => [
     400,
     "Email template already exists.",
@@ -385,10 +423,16 @@ export const KnownErrors = {
     SchemaError,
     AllOverloadsFailed,
     ProjectAuthenticationError,
-    InvalidProjectAuthentication,
+    InvalidProjectAuthentication: InvalidProjectAccess,
     ProjectKeyWithoutRequestType,
     InvalidRequestType,
     RequestTypeWithoutProjectId,
+    ProjectKeyWithoutAccessType,
+    InvalidAccessType,
+    AccessTypeWithoutProjectId,
+    AccessTypeRequired,
+    CannotGetOwnUserWithoutUser,
+    InsufficientAccessType,
     InvalidPublishableClientKey,
     InvalidSecretServerKey,
     InvalidSuperSecretAdminKey,
@@ -425,26 +469,14 @@ export const KnownErrors = {
     PasswordRequirementsNotMet,
     PasswordTooShort,
     PasswordTooLong,
-    EmailVerificationError,
-    EmailVerificationCodeError,
-    EmailVerificationCodeNotFound,
-    EmailVerificationCodeExpired,
-    EmailVerificationCodeAlreadyUsed,
-    MagicLinkError,
-    MagicLinkCodeError,
-    MagicLinkCodeNotFound,
-    MagicLinkCodeExpired,
-    MagicLinkCodeAlreadyUsed,
-    PasswordResetError,
-    PasswordResetCodeError,
-    PasswordResetCodeNotFound,
-    PasswordResetCodeExpired,
-    PasswordResetCodeAlreadyUsed,
+    VerificationCodeError,
+    VerificationCodeNotFound,
+    VerificationCodeExpired,
+    VerificationCodeAlreadyUsed,
     PasswordMismatch,
     EmailAlreadyVerified,
     PermissionNotFound,
     PermissionScopeMismatch,
-    UserNotInTeam,
     TeamNotFound,
     EmailTemplateAlreadyExists,
     OAuthConnectionNotConnectedToUser,

package/dist/schema-fields.d.ts

@@ -0,0 +1,43 @@
+import * as yup from "yup";
+declare const StackAdaptSentinel: unique symbol;
+export type StackAdaptSentinel = typeof StackAdaptSentinel;
+export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | undefined, yup.AnyObject, undefined, "">;
+/**
+ * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.
+ */
+export declare const urlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin" | undefined, yup.AnyObject, undefined, "">;
+export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin" | undefined, yup.AnyObject, undefined, "">;
+export declare const adminAuthTypeSchema: yup.StringSchema<"admin" | undefined, yup.AnyObject, undefined, "">;
+export declare const projectIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const userIdRequestSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare class ReplaceFieldWithOwnUserId extends Error {
+    readonly path: string;
+    constructor(path: string);
+}
+export declare const userIdOrMeRequestSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const userIdResponseSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const primaryEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const primaryEmailVerifiedSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const userDisplayNameSchema: yup.StringSchema<string | null | undefined, yup.AnyObject, undefined, "">;
+export declare const selectedTeamIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const profileImageUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const signedUpAtMillisSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare const userClientMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
+export declare const userServerMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
+export declare const signInEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const verificationLinkRedirectUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const accessTokenResponseSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const refreshTokenResponseSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const signInResponseSchema: yup.ObjectSchema<{
+    refresh_token: string;
+    access_token: string;
+    is_new_user: NonNullable<boolean | undefined>;
+    user_id: string;
+}, yup.AnyObject, {
+    refresh_token: undefined;
+    access_token: undefined;
+    is_new_user: undefined;
+    user_id: undefined;
+}, "">;
+export {};

package/dist/schema-fields.js

@@ -0,0 +1,68 @@
+import * as yup from "yup";
+import { yupJson } from "./utils/yup";
+// Common
+export const adaptSchema = yup.mixed();
+/**
+ * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.
+ */
+export const urlSchema = yup.string().test({
+    name: 'url',
+    message: 'Invalid URL',
+    test: (value) => {
+        if (value === undefined)
+            return true;
+        try {
+            new URL(value);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    },
+});
+// Request auth
+export const clientOrHigherAuthTypeSchema = yup.string().oneOf(['client', 'server', 'admin']);
+export const serverOrHigherAuthTypeSchema = yup.string().oneOf(['server', 'admin']);
+export const adminAuthTypeSchema = yup.string().oneOf(['admin']);
+// Projects
+export const projectIdSchema = yup.string().meta({ openapiField: { description: 'Project ID as retrieved on Stack\'s dashboard', exampleValue: 'project-id' } });
+// Users
+export const userIdRequestSchema = yup.string().uuid().meta({ openapiField: { description: 'The ID of the user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
+export class ReplaceFieldWithOwnUserId extends Error {
+    path;
+    constructor(path) {
+        super(`This error should be caught by whoever validated the schema, and the field in the path '${path}' should be replaced with the current user's id. This is a workaround to yup not providing access to the context inside the transform function.`);
+        this.path = path;
+    }
+}
+const userIdMeSentinelUuid = "cad564fd-f81b-43f4-b390-98abf3fcc17e";
+export const userIdOrMeRequestSchema = yup.string().uuid().transform(v => {
+    if (v === "me")
+        return userIdMeSentinelUuid;
+    else
+        return v;
+}).test((v, context) => {
+    if (v === userIdMeSentinelUuid)
+        throw new ReplaceFieldWithOwnUserId(context.path);
+    return true;
+}).meta({ openapiField: { description: 'The ID of the user, or the special value `me` to signify the currently authenticated user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
+export const userIdResponseSchema = yup.string().uuid().meta({ openapiField: { description: 'The immutable user ID used to uniquely identify this user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
+export const primaryEmailSchema = yup.string().email().meta({ openapiField: { description: 'Primary email', exampleValue: 'johndoe@example.com' } });
+export const primaryEmailVerifiedSchema = yup.boolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });
+export const userDisplayNameSchema = yup.string().nullable().meta({ openapiField: { description: 'Human-readable display name', exampleValue: 'John Doe' } });
+export const selectedTeamIdSchema = yup.string().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
+export const profileImageUrlSchema = yup.string().meta({ openapiField: { description: 'Profile image URL', exampleValue: 'https://example.com/image.jpg' } });
+export const signedUpAtMillisSchema = yup.number().meta({ openapiField: { description: 'Signed up at milliseconds', exampleValue: 1630000000000 } });
+export const userClientMetadataSchema = yupJson.meta({ openapiField: { description: 'Client metadata. Used as a data store, accessible from the client side', exampleValue: { key: 'value' } } });
+export const userServerMetadataSchema = yupJson.meta({ openapiField: { description: 'Server metadata. Used as a data store, only accessible from the server side', exampleValue: { key: 'value' } } });
+// Auth
+export const signInEmailSchema = yup.string().email().meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });
+export const verificationLinkRedirectUrlSchema = urlSchema.meta({ openapiField: { description: 'The URL to redirect to after the user has verified their email. A query argument `code` with the verification code will be appended to it.', exampleValue: 'https://example.com/handler' } });
+export const accessTokenResponseSchema = yup.string().meta({ openapiField: { description: 'Short-lived access token that can be used to authenticate the user', exampleValue: 'eyJhmMiJBMTO...diI4QT' } });
+export const refreshTokenResponseSchema = yup.string().meta({ openapiField: { description: 'Long-lived refresh token that can be used to obtain a new access token', exampleValue: 'i8nsoaq2...14y' } });
+export const signInResponseSchema = yup.object({
+    refresh_token: refreshTokenResponseSchema.required(),
+    access_token: accessTokenResponseSchema.required(),
+    is_new_user: yup.boolean().meta({ openapiField: { description: 'Whether the user is a new user', exampleValue: true } }).required(),
+    user_id: userIdResponseSchema.required(),
+});

package/dist/utils/env.d.ts

@@ -1,5 +1,6 @@
 export declare function isBrowserLike(): boolean;
 /**
- * Returns the environment variable with the given name, throwing an error if it's undefined or the empty string.
+ * Returns the environment variable with the given name, returning the default (if given) or throwing an error (otherwise) if it's undefined or the empty string.
  */
-export declare function getEnvVariable(name: string): string;
+export declare function getEnvVariable(name: string, defaultValue?: string | undefined): string;
+export declare function getNodeEnvironment(): string;

package/dist/utils/env.js

@@ -4,9 +4,9 @@ export function isBrowserLike() {
     return typeof window !== "undefined" && typeof document !== "undefined" && typeof document.createElement !== "undefined";
 }
 /**
- * Returns the environment variable with the given name, throwing an error if it's undefined or the empty string.
+ * Returns the environment variable with the given name, returning the default (if given) or throwing an error (otherwise) if it's undefined or the empty string.
  */
-export function getEnvVariable(name) {
+export function getEnvVariable(name, defaultValue) {
     if (isBrowserLike()) {
         throw new Error(deindent `
       Can't use getEnvVariable on the client because Next.js transpiles expressions of the kind process.env.XYZ at build-time on the client.
@@ -14,5 +14,8 @@ export function getEnvVariable(name) {
       Use process.env.XYZ directly instead.
     `);
     }
-    return (process.env[name] ?? throwErr(`Missing environment variable: ${name}`)) || throwErr(`Empty environment variable: ${name}`);
+    return ((process.env[name] || defaultValue) ?? throwErr(`Missing environment variable: ${name}`)) || (defaultValue ?? throwErr(`Empty environment variable: ${name}`));
+}
+export function getNodeEnvironment() {
+    return getEnvVariable("NODE_ENV", "");
 }

package/dist/utils/errors.js

@@ -110,7 +110,7 @@ export class StatusError extends Error {
     }
     toHttpJson() {
         return {
-            statusCode: this.statusCode,
+            status_code: this.statusCode,
             body: this.message,
             headers: this.getHeaders(),
         };

package/dist/utils/jwt.js

@@ -1,16 +1,16 @@
 import * as jose from "jose";
 import { getEnvVariable } from "./env";
-const SERVER_SECRET = jose.base64url.decode(getEnvVariable("SERVER_SECRET"));
+const STACK_SERVER_SECRET = jose.base64url.decode(getEnvVariable("STACK_SERVER_SECRET"));
 export async function encryptJWT(payload, expirationTime = "5m") {
     return await new jose.EncryptJWT(payload)
         .setProtectedHeader({ alg: "dir", enc: "A128CBC-HS256" })
         .setIssuedAt()
         .setExpirationTime(expirationTime)
-        .encrypt(SERVER_SECRET);
+        .encrypt(STACK_SERVER_SECRET);
 }
 export async function decryptJWT(jwt) {
     if (!jwt) {
         throw new Error("Provided JWT is empty");
     }
-    return (await jose.jwtDecrypt(jwt, SERVER_SECRET)).payload;
+    return (await jose.jwtDecrypt(jwt, STACK_SERVER_SECRET)).payload;
 }

package/dist/utils/objects.d.ts

@@ -7,11 +7,14 @@ export type DeepPartial<T> = T extends object ? {
  * Note that since they are assumed to be plain objects, this function does not compare prototypes.
  */
 export declare function deepPlainEquals<T>(obj1: T, obj2: unknown): obj2 is T;
+export declare function deepPlainClone<T>(obj: T): T;
+export declare function deepPlainSnakeCaseToCamelCase(snakeCaseObj: any): any;
+export declare function deepPlainCamelCaseToSnakeCase(camelCaseObj: any): any;
 export declare function typedEntries<T extends {}>(obj: T): [keyof T, T[keyof T]][];
 export declare function typedFromEntries<K extends PropertyKey, V>(entries: [K, V][]): Record<K, V>;
 export declare function typedKeys<T extends {}>(obj: T): (keyof T)[];
 export declare function typedValues<T extends {}>(obj: T): T[keyof T][];
-export declare function typedAssign<T extends {}, U extends {}>(target: T, source: U): asserts target is T & U;
+export declare function typedAssign<T extends {}, U extends {}>(target: T, source: U): T & U;
 export type FilterUndefined<T> = {
     [k in keyof T as (undefined extends T[k] ? (T[k] extends undefined | void ? never : k) : never)]+?: T[k] & ({} | null);
 } & {

package/dist/utils/objects.js

@@ -1,3 +1,5 @@
+import { StackAssertionError } from "./errors";
+import { camelCaseToSnakeCase, snakeCaseToCamelCase } from "./strings";
 /**
  * Assumes both objects are primitives, arrays, or non-function plain objects, and compares them deeply.
  *
@@ -39,6 +41,35 @@ export function deepPlainEquals(obj1, obj2) {
         }
     }
 }
+export function deepPlainClone(obj) {
+    if (typeof obj === 'function')
+        throw new StackAssertionError("deepPlainClone does not support functions");
+    if (typeof obj === 'symbol')
+        throw new StackAssertionError("deepPlainClone does not support symbols");
+    if (typeof obj !== 'object' || !obj)
+        return obj;
+    if (Array.isArray(obj))
+        return obj.map(deepPlainClone);
+    return Object.fromEntries(Object.entries(obj).map(([k, v]) => [k, deepPlainClone(v)]));
+}
+export function deepPlainSnakeCaseToCamelCase(snakeCaseObj) {
+    if (typeof snakeCaseObj === 'function')
+        throw new StackAssertionError("deepPlainSnakeCaseToCamelCase does not support functions");
+    if (typeof snakeCaseObj !== 'object' || !snakeCaseObj)
+        return snakeCaseObj;
+    if (Array.isArray(snakeCaseObj))
+        return snakeCaseObj.map(deepPlainSnakeCaseToCamelCase);
+    return Object.fromEntries(Object.entries(snakeCaseObj).map(([k, v]) => [snakeCaseToCamelCase(k), deepPlainSnakeCaseToCamelCase(v)]));
+}
+export function deepPlainCamelCaseToSnakeCase(camelCaseObj) {
+    if (typeof camelCaseObj === 'function')
+        throw new StackAssertionError("deepPlainCamelCaseToSnakeCase does not support functions");
+    if (typeof camelCaseObj !== 'object' || !camelCaseObj)
+        return camelCaseObj;
+    if (Array.isArray(camelCaseObj))
+        return camelCaseObj.map(deepPlainCamelCaseToSnakeCase);
+    return Object.fromEntries(Object.entries(camelCaseObj).map(([k, v]) => [camelCaseToSnakeCase(k), deepPlainCamelCaseToSnakeCase(v)]));
+}
 export function typedEntries(obj) {
     return Object.entries(obj);
 }
@@ -52,7 +83,7 @@ export function typedValues(obj) {
     return Object.values(obj);
 }
 export function typedAssign(target, source) {
-    Object.assign(target, source);
+    return Object.assign(target, source);
 }
 /**
  * Returns a new object with all undefined values removed. Useful when spreading optional parameters on an object, as

package/dist/utils/strings.d.ts

@@ -41,6 +41,8 @@ export declare function deindent(code: string): string;
 export declare function deindent(strings: TemplateStringsArray | readonly string[], ...values: any[]): string;
 export declare function extractScopes(scope: string, removeDuplicates?: boolean): string[];
 export declare function mergeScopeStrings(...scopes: string[]): string;
+export declare function snakeCaseToCamelCase(snakeCase: string): string;
+export declare function camelCaseToSnakeCase(camelCase: string): string;
 export type Nicifiable = {
     getNicifiableKeys?(): PropertyKey[];
     getNicifiedObjectExtraLines?(): string[];
@@ -57,6 +59,8 @@ export type NicifyOptions = {
         value: unknown;
     };
     keyInParent: PropertyKey | null;
-    overrides: (...args: Parameters<typeof nicify>) => ["result", string] | ["replace", unknown] | null;
+    hideFields: PropertyKey[];
+    overrides: (...args: Parameters<typeof nicify>) => string | null;
 };
 export declare function nicify(value: unknown, options?: Partial<NicifyOptions>): string;
+export declare function replaceAll(input: string, searchValue: string, replaceValue: string): string;