@stackframe/stack-shared 2.5.17 → 2.5.19

package/dist/known-errors.js

@@ -206,7 +206,7 @@ const AdminAccessTokenExpired = createKnownErrorConstructor(InvalidAdminAccessTo
 ], () => []);
 const InvalidProjectForAdminAccessToken = createKnownErrorConstructor(InvalidAdminAccessToken, "INVALID_PROJECT_FOR_ADMIN_ACCESS_TOKEN", () => [
     401,
-    "Admin access token not valid for this project.",
+    "Admin access tokens must be created on the internal project.",
 ], () => []);
 const AdminAccessTokenIsNotAdmin = createKnownErrorConstructor(InvalidAdminAccessToken, "ADMIN_ACCESS_TOKEN_IS_NOT_ADMIN", () => [
     401,
@@ -320,6 +320,10 @@ const ProjectNotFound = createKnownErrorConstructor(KnownError, "PROJECT_NOT_FOU
         },
     ];
 }, (json) => [json.project_id]);
+const SignUpNotEnabled = createKnownErrorConstructor(KnownError, "SIGN_UP_NOT_ENABLED", () => [
+    400,
+    "Creation of new accounts is not enabled for this project. Please ask the project owner to enable it.",
+], () => []);
 const PasswordAuthenticationNotEnabled = createKnownErrorConstructor(KnownError, "PASSWORD_AUTHENTICATION_NOT_ENABLED", () => [
     400,
     "Password authentication is not enabled for this project.",
@@ -471,6 +475,17 @@ const OAuthProviderNotFoundOrNotEnabled = createKnownErrorConstructor(KnownError
     400,
     "The OAuth provider is not found or not enabled.",
 ], () => []);
+const MultiFactorAuthenticationRequired = createKnownErrorConstructor(KnownError, "MULTI_FACTOR_AUTHENTICATION_REQUIRED", (attemptCode) => [
+    400,
+    `Multi-factor authentication is required for this user.`,
+    {
+        attempt_code: attemptCode,
+    },
+], (json) => [json.attempt_code]);
+const InvalidTotpCode = createKnownErrorConstructor(KnownError, "INVALID_TOTP_CODE", () => [
+    400,
+    "The TOTP code is invalid. Please try again.",
+], () => []);
 const UserAuthenticationRequired = createKnownErrorConstructor(KnownError, "USER_AUTHENTICATION_REQUIRED", () => [
     401,
     "User authentication required for this endpoint.",
@@ -488,6 +503,15 @@ const TeamPermissionRequired = createKnownErrorConstructor(KnownError, "TEAM_PER
         permission_id: permissionId,
     },
 ], (json) => [json.team_id, json.user_id, json.permission_id]);
+const TeamPermissionNotFound = createKnownErrorConstructor(KnownError, "TEAM_PERMISSION_NOT_FOUND", (teamId, userId, permissionId) => [
+    401,
+    `User ${userId} does not have permission ${permissionId} in team ${teamId}.`,
+    {
+        team_id: teamId,
+        user_id: userId,
+        permission_id: permissionId,
+    },
+], (json) => [json.team_id, json.user_id, json.permission_id]);
 const InvalidSharedOAuthProviderId = createKnownErrorConstructor(KnownError, "INVALID_SHARED_OAUTH_PROVIDER_ID", (providerId) => [
     400,
     `The shared OAuth provider with ID ${providerId} is not valid.`,
@@ -552,6 +576,7 @@ export const KnownErrors = {
     UserNotFound,
     ApiKeyNotFound,
     ProjectNotFound,
+    SignUpNotEnabled,
     PasswordAuthenticationNotEnabled,
     EmailPasswordMismatch,
     RedirectUrlNotWhitelisted,
@@ -582,12 +607,15 @@ export const KnownErrors = {
     UserAlreadyConnectedToAnotherOAuthConnection,
     OuterOAuthTimeout,
     OAuthProviderNotFoundOrNotEnabled,
+    MultiFactorAuthenticationRequired,
+    InvalidTotpCode,
     UserAuthenticationRequired,
     TeamMembershipAlreadyExists,
     TeamPermissionRequired,
     InvalidSharedOAuthProviderId,
     InvalidStandardOAuthProviderId,
     InvalidAuthorizationCode,
+    TeamPermissionNotFound,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/schema-fields.d.ts

@@ -22,6 +22,7 @@ export declare const jsonSchema: yup.MixedSchema<{} | null, yup.AnyObject, undef
 export declare const jsonStringSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const jsonStringOrEmptySchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const base64Schema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const clientOrHigherAuthTypeSchema: yup.StringSchema<"client" | "server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const serverOrHigherAuthTypeSchema: yup.StringSchema<"server" | "admin" | undefined, yup.AnyObject, undefined, "">;
 export declare const adminAuthTypeSchema: yup.StringSchema<"admin" | undefined, yup.AnyObject, undefined, "">;
@@ -35,6 +36,8 @@ export declare const projectConfigIdSchema: yup.StringSchema<string | undefined,
 export declare const projectAllowLocalhostSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectCreateTeamOnSignUpSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectMagicLinkEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectClientTeamCreationEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectSignUpEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectCredentialEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthIdSchema: yup.StringSchema<"google" | "github" | "facebook" | "microsoft" | "spotify" | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
@@ -98,6 +101,8 @@ export declare const teamProfileImageUrlSchema: yup.StringSchema<string | undefi
 export declare const teamClientMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const teamServerMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const teamCreatedAtMillisSchema: yup.NumberSchema<number | undefined, yup.AnyObject, undefined, "">;
+export declare const teamInvitationEmailSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const teamInvitationCallbackUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const teamMemberDisplayNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const teamMemberProfileImageUrlSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare function yupRequiredWhen<S extends yup.AnyObject>(schema: S, triggerName: string, isValue: any): S;

package/dist/schema-fields.js

@@ -1,4 +1,5 @@
 import * as yup from "yup";
+import { isBase64 } from "./utils/bytes";
 import { StackAssertionError } from "./utils/errors";
 import { allProviders } from "./utils/oauth";
 import { isUuid } from "./utils/uuids";
@@ -39,15 +40,17 @@ export function yupTuple(...args) {
 export function yupObject(...args) {
     const object = yup.object(...args).test('no-unknown-object-properties', ({ path }) => `${path} contains unknown properties`, (value, context) => {
         if (context.options.context?.noUnknownPathPrefixes?.some((prefix) => context.path.startsWith(prefix))) {
-            const availableKeys = new Set(Object.keys(context.schema.fields));
-            const unknownKeys = Object.keys(value ?? {}).filter(key => !availableKeys.has(key));
-            if (unknownKeys.length > 0) {
-                // TODO "did you mean XYZ"
-                return context.createError({
-                    message: `${context.path} contains unknown properties: ${unknownKeys.join(', ')}`,
-                    path: context.path,
-                    params: { unknownKeys },
-                });
+            if (context.schema.spec.noUnknown !== false) {
+                const availableKeys = new Set(Object.keys(context.schema.fields));
+                const unknownKeys = Object.keys(value ?? {}).filter(key => !availableKeys.has(key));
+                if (unknownKeys.length > 0) {
+                    // TODO "did you mean XYZ"
+                    return context.createError({
+                        message: `${context.path} contains unknown properties: ${unknownKeys.join(', ')}`,
+                        path: context.path,
+                        params: { unknownKeys },
+                    });
+                }
             }
         }
         return true;
@@ -124,6 +127,11 @@ export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON fo
     }
 });
 export const emailSchema = yupString().email();
+export const base64Schema = yupString().test("is-base64", "Invalid base64 format", (value) => {
+    if (value == null)
+        return true;
+    return isBase64(value);
+});
 // Request auth
 export const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']);
 export const serverOrHigherAuthTypeSchema = yupString().oneOf(['server', 'admin']);
@@ -140,6 +148,8 @@ export const projectConfigIdSchema = yupString().meta({ openapiField: { descript
 export const projectAllowLocalhostSchema = yupBoolean().meta({ openapiField: { description: 'Whether localhost is allowed as a domain for this project. Should only be allowed in development mode', exampleValue: true } });
 export const projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField: { description: 'Whether a team should be created for each user that signs up', exampleValue: true } });
 export const projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether magic link authentication is enabled for this project', exampleValue: true } });
+export const projectClientTeamCreationEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can create teams', exampleValue: true } });
+export const projectSignUpEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether users can sign up new accounts, or whether they are only allowed to sign in to existing accounts. Regardless of this option, the server API can always create new users with the `POST /users` endpoint.', exampleValue: true } });
 export const projectCredentialEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether email password authentication is enabled for this project', exampleValue: true } });
 // Project OAuth config
 export const oauthIdSchema = yupString().oneOf(allProviders).meta({ openapiField: { description: `OAuth provider ID, one of ${allProviders.map(x => `\`${x}\``).join(', ')}`, exampleValue: 'google' } });
@@ -180,7 +190,7 @@ export const userIdSchema = yupString().uuid().meta({ openapiField: { descriptio
 export const primaryEmailSchema = emailSchema.meta({ openapiField: { description: 'Primary email', exampleValue: 'johndoe@example.com' } });
 export const primaryEmailVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });
 export const userDisplayNameSchema = yupString().nullable().meta({ openapiField: { description: _displayNameDescription('user'), exampleValue: 'John Doe' } });
-export const selectedTeamIdSchema = yupString().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
+export const selectedTeamIdSchema = yupString().uuid().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
 export const profileImageUrlSchema = yupString().meta({ openapiField: { description: _profileImageUrlDescription('user'), exampleValue: 'https://example.com/image.jpg' } });
 export const signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: _signedUpAtMillisDescription, exampleValue: 1630000000000 } });
 export const userClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('user'), exampleValue: { key: 'value' } } });
@@ -232,6 +242,8 @@ export const teamProfileImageUrlSchema = yupString().meta({ openapiField: { desc
 export const teamClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('team'), exampleValue: { key: 'value' } } });
 export const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('team'), exampleValue: { key: 'value' } } });
 export const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });
+export const teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });
+export const teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct a verification link for the verification e-mail. A query argument `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.', exampleValue: 'https://example.com/handler/email-verification' } });
 // Team member profiles
 export const teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team member') + ' Note that this is separate from the display_name of the user.', exampleValue: 'John Doe' } });
 export const teamMemberProfileImageUrlSchema = yupString().meta({ openapiField: { description: _profileImageUrlDescription('team member'), exampleValue: 'https://example.com/image.jpg' } });

package/dist/utils/bytes.d.ts

@@ -1,2 +1,6 @@
 export declare function encodeBase32(input: Uint8Array): string;
 export declare function decodeBase32(input: string): Uint8Array;
+export declare function encodeBase64(input: Uint8Array): string;
+export declare function decodeBase64(input: string): Uint8Array;
+export declare function isBase32(input: string): boolean;
+export declare function isBase64(input: string): boolean;

package/dist/utils/bytes.js

@@ -1,3 +1,4 @@
+import { StackAssertionError } from "./errors";
 const crockfordAlphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
 const crockfordReplacements = new Map([
     ["o", "0"],
@@ -19,9 +20,16 @@ export function encodeBase32(input) {
     if (bits > 0) {
         output += crockfordAlphabet[(value << (5 - bits)) & 31];
     }
+    // sanity check
+    if (!isBase32(output)) {
+        throw new StackAssertionError("Invalid base32 output; this should never happen");
+    }
     return output;
 }
 export function decodeBase32(input) {
+    if (!isBase32(input)) {
+        throw new StackAssertionError("Invalid base32 string");
+    }
     const output = new Uint8Array((input.length * 5 / 8) | 0);
     let bits = 0;
     let value = 0;
@@ -46,3 +54,31 @@ export function decodeBase32(input) {
     }
     return output;
 }
+export function encodeBase64(input) {
+    const res = btoa(String.fromCharCode(...input));
+    // sanity check
+    if (!isBase64(res)) {
+        throw new StackAssertionError("Invalid base64 output; this should never happen");
+    }
+    return res;
+}
+export function decodeBase64(input) {
+    if (!isBase64(input)) {
+        throw new StackAssertionError("Invalid base64 string");
+    }
+    return new Uint8Array(atob(input).split("").map((char) => char.charCodeAt(0)));
+}
+export function isBase32(input) {
+    for (const char of input) {
+        if (char === " ")
+            continue;
+        if (!crockfordAlphabet.includes(char)) {
+            return false;
+        }
+    }
+    return true;
+}
+export function isBase64(input) {
+    const regex = /^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/;
+    return regex.test(input);
+}

package/dist/utils/crypto.d.ts

@@ -1,4 +1,4 @@
-export declare function generateRandomValues(array: Uint8Array): any;
+export declare function generateRandomValues(array: Uint8Array): typeof array;
 /**
  * Generates a secure alphanumeric string using the system's cryptographically secure
  * random number generator.

package/dist/utils/errors.d.ts

@@ -2,10 +2,16 @@ import { Json } from "./json";
 export declare function throwErr(errorMessage: string, extraData?: any): never;
 export declare function throwErr(error: Error): never;
 export declare function throwErr(...args: StatusErrorConstructorParameters): never;
-export declare class StackAssertionError extends Error {
+export declare class StackAssertionError extends Error implements ErrorWithCustomCapture {
     readonly extraData?: Record<string, any> | undefined;
     constructor(message: string, extraData?: Record<string, any> | undefined, options?: ErrorOptions);
+    customCaptureExtraArgs: {
+        cause?: {} | undefined;
+    }[];
 }
+export type ErrorWithCustomCapture = {
+    customCaptureExtraArgs: any[];
+};
 export declare function registerErrorSink(sink: (location: string, error: unknown) => void): void;
 export declare function captureError(location: string, error: unknown): void;
 type Status = {

package/dist/utils/errors.js

@@ -16,6 +16,12 @@ export class StackAssertionError extends Error {
         const disclaimer = `\n\nThis is likely an error in Stack. Please make sure you are running the newest version and report it.`;
         super(`${message}${message.endsWith(disclaimer) ? "" : disclaimer}`, options);
         this.extraData = extraData;
+        this.customCaptureExtraArgs = [
+            {
+                ...this.extraData,
+                ...this.cause ? { cause: this.cause } : {},
+            },
+        ];
     }
 }
 StackAssertionError.prototype.name = "StackAssertionError";
@@ -35,7 +41,7 @@ registerErrorSink((location, error, ...extraArgs) => {
 });
 export function captureError(location, error) {
     for (const sink of errorSinks) {
-        sink(location, error);
+        sink(location, error, ...error && (typeof error === 'object' || typeof error === 'function') && "customCaptureExtraArgs" in error && Array.isArray(error.customCaptureExtraArgs) ? error.customCaptureExtraArgs : []);
     }
 }
 export class StatusError extends Error {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.5.17",
+  "version": "2.5.19",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -36,7 +36,7 @@
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.5.17"
+    "@stackframe/stack-sc": "2.5.19"
   },
   "devDependencies": {
     "rimraf": "^5.0.5",