@stackframe/stack-shared 2.4.8 → 2.4.9

package/CHANGELOG.md

@@ -0,0 +1,163 @@
+# @stackframe/stack-shared
+
+## 2.4.9
+
+### Patch Changes
+
+- Bugfixes
+- Updated dependencies
+  - @stackframe/stack-sc@1.5.4
+
+## 2.4.8
+
+### Patch Changes
+
+- Improved UUID generation
+
+## 2.4.7
+
+### Patch Changes
+
+- Bugfixes
+- Updated dependencies
+  - @stackframe/stack-sc@1.5.3
+
+## 2.4.6
+
+### Patch Changes
+
+- Remove crypto-browserify dependency
+
+## 2.4.5
+
+### Patch Changes
+
+- Team selection
+
+## 2.4.4
+
+### Patch Changes
+
+- UX improvements
+
+## 2.4.3
+
+### Patch Changes
+
+- CRUD schemas
+- Updated dependencies
+  - @stackframe/stack-sc@1.5.2
+
+## 2.4.2
+
+### Patch Changes
+
+- New projects page
+
+## 2.4.1
+
+### Patch Changes
+
+- Teams, permissions and RBAC
+- Updated dependencies
+  - @stackframe/stack-sc@1.5.1
+
+## 2.4.0
+
+### Minor Changes
+
+- Middleware support
+
+## 2.3.6
+
+### Patch Changes
+
+- Bugfixes
+
+## 2.3.5
+
+### Patch Changes
+
+- CommonJS support
+
+## 2.3.4
+
+### Patch Changes
+
+- Bugfixes
+
+## 2.3.3
+
+### Patch Changes
+
+- Partial pre-rendering
+
+## 2.3.2
+
+### Patch Changes
+
+- Magic link configuration
+
+## 2.3.1
+
+### Patch Changes
+
+- Add README file
+
+## 2.3.0
+
+### Minor Changes
+
+- 96c26a7: added magic link
+
+### Patch Changes
+
+- Various small improvements
+
+## 2.2.2
+
+### Patch Changes
+
+- 5909ecd: fixed bugs
+
+## 2.2.1
+
+### Patch Changes
+
+- fixed minor errors
+
+## 2.2.0
+
+### Minor Changes
+
+- 2995d96: Added new UserButton component and Account setting page
+
+## 2.1.0
+
+### Minor Changes
+
+- 9e9907f: Added new stack UI system
+
+## 2.0.0
+
+### Major Changes
+
+- 948252f: removed redirect URL in function options, redirect automatically to default URL
+
+## 1.2.1
+
+### Patch Changes
+
+- fixed import bugs
+
+## 1.2.0
+
+### Minor Changes
+
+- Fixed infinite reload bug, added dashboard provider update
+
+## 1.1.0
+
+### Minor Changes
+
+- fixed bugs

package/dist/interface/clientInterface.d.ts

@@ -44,7 +44,8 @@ export type ClientInterfaceOptions = {
 } & ({
     publishableClientKey: string;
 } | {
-    projectOwnerTokens: ReadonlyTokenStore;
+    projectOwnerTokens: TokenStore;
+    refreshProjectOwnerTokens: () => Promise<void>;
 });
 export type SharedProvider = "shared-github" | "shared-google" | "shared-facebook" | "shared-microsoft";
 export declare const sharedProviders: readonly ["shared-github", "shared-google", "shared-facebook", "shared-microsoft"];
@@ -135,7 +136,7 @@ export declare class StackClientInterface {
     constructor(options: ClientInterfaceOptions);
     get projectId(): string;
     getApiUrl(): string;
-    protected refreshAccessToken(tokenStore: TokenStore): Promise<void>;
+    refreshAccessToken(tokenStore: TokenStore): Promise<void>;
     protected sendClientRequest(path: string, requestOptions: RequestInit, tokenStoreOrNull: TokenStore | null, requestType?: "client" | "server" | "admin"): Promise<Response & {
         usedTokens: Readonly<{
             refreshToken: string | null;

package/dist/interface/clientInterface.js

@@ -119,6 +119,16 @@ export class StackClientInterface {
             await this.refreshAccessToken(tokenStore);
             tokenObj = await tokenStore.getOrWait();
         }
+        let adminTokenStore = null;
+        let adminTokenObj = null;
+        if ("projectOwnerTokens" in this.options) {
+            adminTokenStore = this.options.projectOwnerTokens;
+            adminTokenObj = await adminTokenStore.getOrWait();
+            if (!adminTokenObj.accessToken) {
+                await this.options.refreshProjectOwnerTokens();
+                adminTokenObj = await adminTokenStore.getOrWait();
+            }
+        }
         // all requests should be dynamic to prevent Next.js caching
         cookies?.();
         const url = this.getApiUrl() + path;
@@ -129,8 +139,13 @@ export class StackClientInterface {
              *
              * To help debugging, also omit cookies on same-origin, so we don't accidentally
              * implement reliance on cookies anywhere.
+             *
+             * However, Cloudflare Workers don't actually support `credentials`, so we only set it
+             * if Cloudflare-exclusive globals are not detected. https://github.com/cloudflare/workers-sdk/issues/2514
              */
-            credentials: "omit",
+            ..."WebSocketPair" in globalThis ? {} : {
+                credentials: "omit",
+            },
             ...options,
             headers: {
                 "X-Stack-Override-Error-Status": "true",
@@ -147,13 +162,26 @@ export class StackClientInterface {
                 ...'publishableClientKey' in this.options ? {
                     "X-Stack-Publishable-Client-Key": this.options.publishableClientKey,
                 } : {},
-                ...'projectOwnerTokens' in this.options ? {
-                    "X-Stack-Admin-Access-Token": (await this.options.projectOwnerTokens?.getOrWait())?.accessToken ?? "",
+                ...adminTokenObj ? {
+                    "X-Stack-Admin-Access-Token": adminTokenObj.accessToken ?? "",
                 } : {},
+                /**
+                 * Next.js until v15 would cache fetch requests by default, and forcefully disabling it was nearly impossible.
+                 *
+                 * This header is used to change the cache key and hence always disable it, because we do our own caching.
+                 *
+                 * When we drop support for Next.js <15, we may be able to remove this header, but please make sure that this is
+                 * the case (I haven't actually tested.)
+                 */
                 "X-Stack-Random-Nonce": generateSecureRandomString(),
                 ...options.headers,
             },
-            cache: "no-store",
+            /**
+             * Cloudflare Workers does not support cache, so don't pass it there
+             */
+            ..."WebSocketPair" in globalThis ? {} : {
+                cache: "no-store",
+            },
         };
         const rawRes = await fetch(url, params);
         const processedRes = await this._processResponse(rawRes);
@@ -166,6 +194,15 @@ export class StackClientInterface {
                 });
                 return Result.error(new Error("Access token expired"));
             }
+            // Same for the admin access token
+            // TODO HACK: Some of the backend hasn't been ported to use the new error codes, so if we have project owner tokens we need to check for ApiKeyNotFound too. Once the migration to smartRouteHandlers is complete, we can check for AdminAccessTokenExpired only.
+            if (adminTokenStore && (processedRes.error instanceof KnownErrors.AdminAccessTokenExpired || processedRes.error instanceof KnownErrors.ApiKeyNotFound)) {
+                adminTokenStore.set({
+                    accessToken: null,
+                    refreshToken: adminTokenObj.refreshToken,
+                });
+                return Result.error(new Error("Admin access token expired"));
+            }
             // Known errors are client side errors, and should hence not be retried (except for access token expired above).
             // Hence, throw instead of returning an error
             throw processedRes.error;

package/dist/known-errors.js

@@ -1,4 +1,4 @@
-import { StatusError, throwErr, throwStackErr } from "./utils/errors";
+import { StatusError, throwErr } from "./utils/errors";
 import { identityArgs } from "./utils/functions";
 import { deindent } from "./utils/strings";
 export class KnownError extends StatusError {
@@ -26,7 +26,7 @@ export class KnownError extends StatusError {
         };
     }
     get errorCode() {
-        return this.constructor.errorCode ?? throwStackErr(`Can't find error code for this KnownError. Is its constructor a KnownErrorConstructor? ${this}`);
+        return this.constructor.errorCode ?? throwErr(`Can't find error code for this KnownError. Is its constructor a KnownErrorConstructor? ${this}`);
     }
     static constructorArgsFromJson(json) {
         return [

package/dist/utils/errors.d.ts

@@ -1,12 +1,11 @@
 import { Json } from "./json";
-export declare function throwErr(errorMessage: string): never;
+export declare function throwErr(errorMessage: string, extraData?: any): never;
 export declare function throwErr(error: Error): never;
 export declare function throwErr(...args: StatusErrorConstructorParameters): never;
 export declare class StackAssertionError extends Error {
     readonly extraData?: Record<string, any> | undefined;
     constructor(message: string, extraData?: Record<string, any> | undefined, options?: ErrorOptions);
 }
-export declare function throwStackErr(message: string, extraData?: any): never;
 export declare function registerErrorSink(sink: (location: string, error: unknown) => void): void;
 export declare function captureError(location: string, error: unknown): void;
 type Status = {

package/dist/utils/errors.js

@@ -1,6 +1,6 @@
 export function throwErr(...args) {
     if (typeof args[0] === "string") {
-        throw new StackAssertionError(args[0]);
+        throw new StackAssertionError(args[0], args[1]);
     }
     else if (args[0] instanceof Error) {
         throw args[0];
@@ -19,9 +19,6 @@ export class StackAssertionError extends Error {
     }
 }
 StackAssertionError.prototype.name = "StackAssertionError";
-export function throwStackErr(message, extraData) {
-    throw new StackAssertionError(message, extraData);
-}
 const errorSinks = new Set();
 export function registerErrorSink(sink) {
     if (errorSinks.has(sink)) {

package/package.json

@@ -1,11 +1,13 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.4.8",
+  "version": "2.4.9",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
     "README.md",
-    "dist"
+    "dist",
+    "CHANGELOG.md",
+    "LICENSE"
   ],
   "peerDependencies": {
     "react": "^18.2",
@@ -24,7 +26,7 @@
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "1.5.3"
+    "@stackframe/stack-sc": "1.5.4"
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.2",