@stackframe/stack-shared 2.5.3 → 2.5.5

package/dist/schema-fields.js

@@ -1,11 +1,63 @@
 import * as yup from "yup";
-import { yupJson } from "./utils/yup";
+const _idDescription = (identify) => `The immutable ID used to uniquely identify this ${identify}`;
+const _displayNameDescription = (identify) => `Human-readable ${identify} display name, used in places like frontend UI. This is not a unique identifier.`;
+const _clientMetaDataDescription = (identify) => `Client metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client.`;
+const _serverMetaDataDescription = (identify) => `Server metadata. Used as a data store, only accessible from the server side. You can store secret information related to the ${identify} here.`;
+const _atMillisDescription = (identify) => `(the number of milliseconds since epoch, January 1, 1970, UTC)`;
+const _createdAtMillisDescription = (identify) => `The time the ${identify} was created ${_atMillisDescription(identify)}`;
+const _updatedAtMillisDescription = (identify) => `The time the ${identify} was last updated ${_atMillisDescription(identify)}`;
+// Built-in replacements
+/* eslint-disable no-restricted-syntax */
+export function yupString(...args) {
+    return yup.string(...args);
+}
+export function yupNumber(...args) {
+    return yup.number(...args);
+}
+export function yupBoolean(...args) {
+    return yup.boolean(...args);
+}
+/**
+ * @deprecated, use number of milliseconds since epoch instead
+ */
+export function yupDate(...args) {
+    return yup.date(...args);
+}
+export function yupMixed(...args) {
+    return yup.mixed(...args);
+}
+export function yupArray(...args) {
+    return yup.array(...args);
+}
+export function yupTuple(...args) {
+    return yup.tuple(...args);
+}
+export function yupObject(...args) {
+    const object = yup.object(...args).test('no-unknown-object-properties', ({ path }) => `${path} contains unknown properties`, (value, context) => {
+        if (context.options.context?.noUnknownPathPrefixes?.some((prefix) => context.path.startsWith(prefix))) {
+            const availableKeys = new Set(Object.keys(context.schema.fields));
+            const unknownKeys = Object.keys(value ?? {}).filter(key => !availableKeys.has(key));
+            if (unknownKeys.length > 0) {
+                // TODO "did you mean XYZ"
+                return context.createError({
+                    message: `${context.path} contains unknown properties: ${unknownKeys.join(', ')}`,
+                    path: context.path,
+                    params: { unknownKeys },
+                });
+            }
+        }
+        return true;
+    });
+    // we don't want to update the type of `object` to have a default flag
+    return object.default(undefined);
+}
+/* eslint-enable no-restricted-syntax */
 // Common
-export const adaptSchema = yup.mixed();
+export const adaptSchema = yupMixed();
 /**
  * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.
  */
-export const urlSchema = yup.string().test({
+export const urlSchema = yupString().test({
     name: 'url',
     message: 'Invalid URL',
     test: (value) => {
@@ -20,14 +72,54 @@ export const urlSchema = yup.string().test({
         }
     },
 });
+export const jsonSchema = yupMixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));
+export const jsonStringSchema = yupString().test("json", "Invalid JSON format", (value) => {
+    if (value == null)
+        return true;
+    try {
+        JSON.parse(value);
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+});
+export const emailSchema = yupString().email();
 // Request auth
-export const clientOrHigherAuthTypeSchema = yup.string().oneOf(['client', 'server', 'admin']);
-export const serverOrHigherAuthTypeSchema = yup.string().oneOf(['server', 'admin']);
-export const adminAuthTypeSchema = yup.string().oneOf(['admin']);
+export const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']);
+export const serverOrHigherAuthTypeSchema = yupString().oneOf(['server', 'admin']);
+export const adminAuthTypeSchema = yupString().oneOf(['admin']);
 // Projects
-export const projectIdSchema = yup.string().meta({ openapiField: { description: 'Project ID as retrieved on Stack\'s dashboard', exampleValue: 'project-id' } });
+export const projectIdSchema = yupString().meta({ openapiField: { description: _idDescription('project'), exampleValue: 'e0b52f4d-dece-408c-af49-d23061bb0f8d' } });
+export const projectDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('project'), exampleValue: 'MyMusic' } });
+export const projectDescriptionSchema = yupString().nullable().meta({ openapiField: { description: 'A human readable description of the project', exampleValue: 'A music streaming service' } });
+export const projectCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('project'), exampleValue: 1630000000000 } });
+export const projectUserCountSchema = yupNumber().meta({ openapiField: { description: 'The number of users in this project', exampleValue: 10 } });
+export const projectIsProductionModeSchema = yupBoolean().meta({ openapiField: { description: 'Whether the project is in production mode', exampleValue: true } });
+// Project config
+export const projectConfigIdSchema = yupString().meta({ openapiField: { description: _idDescription('project config'), exampleValue: 'd09201f0-54f5-40bd-89ff-6d1815ddad24' } });
+export const projectAllowLocalhostSchema = yupBoolean().meta({ openapiField: { description: 'Whether localhost is allowed as a domain for this project. Should only be allowed in development mode', exampleValue: true } });
+export const projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField: { description: 'Whether a team should be created for each user that signs up', exampleValue: true } });
+export const projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether magic link authentication is enabled for this project', exampleValue: true } });
+export const projectCredentialEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether email password authentication is enabled for this project', exampleValue: true } });
+// Project OAuth config
+export const oauthIdSchema = yupString().oneOf(['google', 'github', 'facebook', 'microsoft', 'spotify']).meta({ openapiField: { description: 'OAuth provider ID, one of google, github, facebook, microsoft, spotify', exampleValue: 'google' } });
+export const oauthEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether the OAuth provider is enabled. If an provider is first enabled, then disabled, it will be shown in the list but with enabled=false', exampleValue: true } });
+export const oauthTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'OAuth provider type, one of shared, standard. "shared" uses Stack shared OAuth keys and it is only meant for development. "standard" uses your own OAuth keys and will show your logo and company name when signing in with the provider.', exampleValue: 'standard' } });
+export const oauthClientIdSchema = yupString().meta({ openapiField: { description: 'OAuth client ID. Needs to be specified when using type="standard"', exampleValue: 'google-oauth-client-id' } });
+export const oauthClientSecretSchema = yupString().meta({ openapiField: { description: 'OAuth client secret. Needs to be specified when using type="standard"', exampleValue: 'google-oauth-client-secret' } });
+// Project email config
+export const emailTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'Email provider type, one of shared, standard. "shared" uses Stack shared email provider and it is only meant for development. "standard" uses your own email server and will have your email address as the sender.', exampleValue: 'standard' } });
+export const emailSenderNameSchema = yupString().meta({ openapiField: { description: 'Email sender name. Needs to be specified when using type="standard"', exampleValue: 'Stack' } });
+export const emailHostSchema = yupString().meta({ openapiField: { description: 'Email host. Needs to be specified when using type="standard"', exampleValue: 'smtp.your-domain.com' } });
+export const emailPortSchema = yupNumber().meta({ openapiField: { description: 'Email port. Needs to be specified when using type="standard"', exampleValue: 587 } });
+export const emailUsernameSchema = yupString().meta({ openapiField: { description: 'Email username. Needs to be specified when using type="standard"', exampleValue: 'smtp-email' } });
+export const emailSenderEmailSchema = emailSchema.meta({ openapiField: { description: 'Email sender email. Needs to be specified when using type="standard"', exampleValue: 'example@your-domain.com' } });
+export const emailPasswordSchema = yupString().meta({ openapiField: { description: 'Email password. Needs to be specified when using type="standard"', exampleValue: 'your-email-password' } });
+// Project domain config
+export const domainSchema = yupString().test('is-https', 'Domain must start with https://', (value) => value?.startsWith('https://')).meta({ openapiField: { description: 'Your domain URL. Make sure you own and trust this domain. Needs to start with https://', exampleValue: 'example.com' } });
+export const handlerPathSchema = yupString().test('is-handler-path', 'Handler path must start with /', (value) => value?.startsWith('/')).meta({ openapiField: { description: 'Handler path. If you did not setup a custom handler path, it should be "/handler" by default. It needs to start with /', exampleValue: '/handler' } });
 // Users
-export const userIdRequestSchema = yup.string().uuid().meta({ openapiField: { description: 'The ID of the user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
 export class ReplaceFieldWithOwnUserId extends Error {
     constructor(path) {
         super(`This error should be caught by whoever validated the schema, and the field in the path '${path}' should be replaced with the current user's id. This is a workaround to yup not providing access to the context inside the transform function.`);
@@ -35,7 +127,7 @@ export class ReplaceFieldWithOwnUserId extends Error {
     }
 }
 const userIdMeSentinelUuid = "cad564fd-f81b-43f4-b390-98abf3fcc17e";
-export const userIdOrMeRequestSchema = yup.string().uuid().transform(v => {
+export const userIdOrMeSchema = yupString().uuid().transform(v => {
     if (v === "me")
         return userIdMeSentinelUuid;
     else
@@ -45,23 +137,62 @@ export const userIdOrMeRequestSchema = yup.string().uuid().transform(v => {
         throw new ReplaceFieldWithOwnUserId(context.path);
     return true;
 }).meta({ openapiField: { description: 'The ID of the user, or the special value `me` to signify the currently authenticated user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
-export const userIdResponseSchema = yup.string().uuid().meta({ openapiField: { description: 'The immutable user ID used to uniquely identify this user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
-export const primaryEmailSchema = yup.string().email().meta({ openapiField: { description: 'Primary email', exampleValue: 'johndoe@example.com' } });
-export const primaryEmailVerifiedSchema = yup.boolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });
-export const userDisplayNameSchema = yup.string().nullable().meta({ openapiField: { description: 'Human-readable display name', exampleValue: 'John Doe' } });
-export const selectedTeamIdSchema = yup.string().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
-export const profileImageUrlSchema = yup.string().meta({ openapiField: { description: 'Profile image URL', exampleValue: 'https://example.com/image.jpg' } });
-export const signedUpAtMillisSchema = yup.number().meta({ openapiField: { description: 'Signed up at milliseconds', exampleValue: 1630000000000 } });
-export const userClientMetadataSchema = yupJson.meta({ openapiField: { description: 'Client metadata. Used as a data store, accessible from the client side', exampleValue: { key: 'value' } } });
-export const userServerMetadataSchema = yupJson.meta({ openapiField: { description: 'Server metadata. Used as a data store, only accessible from the server side', exampleValue: { key: 'value' } } });
+export const userIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription('user'), exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });
+export const primaryEmailSchema = emailSchema.meta({ openapiField: { description: 'Primary email', exampleValue: 'johndoe@example.com' } });
+export const primaryEmailVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });
+export const userDisplayNameSchema = yupString().nullable().meta({ openapiField: { description: _displayNameDescription('user'), exampleValue: 'John Doe' } });
+export const selectedTeamIdSchema = yupString().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });
+export const profileImageUrlSchema = yupString().meta({ openapiField: { description: 'Profile image URL', exampleValue: 'https://example.com/image.jpg' } });
+export const signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: 'Signed up at milliseconds', exampleValue: 1630000000000 } });
+export const userClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('user'), exampleValue: { key: 'value' } } });
+export const userServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('user'), exampleValue: { key: 'value' } } });
 // Auth
-export const signInEmailSchema = yup.string().email().meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });
-export const verificationLinkRedirectUrlSchema = urlSchema.meta({ openapiField: { description: 'The URL to redirect to after the user has verified their email. A query argument `code` with the verification code will be appended to it.', exampleValue: 'https://example.com/handler' } });
-export const accessTokenResponseSchema = yup.string().meta({ openapiField: { description: 'Short-lived access token that can be used to authenticate the user', exampleValue: 'eyJhmMiJBMTO...diI4QT' } });
-export const refreshTokenResponseSchema = yup.string().meta({ openapiField: { description: 'Long-lived refresh token that can be used to obtain a new access token', exampleValue: 'i8nsoaq2...14y' } });
-export const signInResponseSchema = yup.object({
+export const signInEmailSchema = emailSchema.meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });
+export const emailOtpSignInCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct the magic link from. A query argument `code` with the verification code will be appended to it. The page should then make a request to the `/auth/otp/sign-in` endpoint.', exampleValue: 'https://example.com/handler/magic-link-callback' } });
+export const emailVerificationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct a verification link for the verification e-mail. A query argument `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.', exampleValue: 'https://example.com/handler/email-verification' } });
+export const accessTokenResponseSchema = yupString().meta({ openapiField: { description: 'Short-lived access token that can be used to authenticate the user', exampleValue: 'eyJhmMiJBMTO...diI4QT' } });
+export const refreshTokenResponseSchema = yupString().meta({ openapiField: { description: 'Long-lived refresh token that can be used to obtain a new access token', exampleValue: 'i8nsoaq2...14y' } });
+export const signInResponseSchema = yupObject({
     refresh_token: refreshTokenResponseSchema.required(),
     access_token: accessTokenResponseSchema.required(),
-    is_new_user: yup.boolean().meta({ openapiField: { description: 'Whether the user is a new user', exampleValue: true } }).required(),
-    user_id: userIdResponseSchema.required(),
+    is_new_user: yupBoolean().meta({ openapiField: { description: 'Whether the user is a new user', exampleValue: true } }).required(),
+    user_id: userIdSchema.required(),
 });
+// Permissions
+export const teamSystemPermissions = [
+    '$update_team',
+    '$delete_team',
+    '$read_members',
+    '$remove_members',
+    '$invite_members',
+];
+export const teamPermissionIdSchema = yupString()
+    .matches(/^\$?[a-z0-9_:]+$/, 'Only lowercase letters, numbers, ":", "_" and optional "$" at the beginning are allowed')
+    .test('is-system-permission', 'System permissions must start with a dollar sign', (value, ctx) => {
+    if (!value)
+        return true;
+    if (value.startsWith('$') && !teamSystemPermissions.includes(value)) {
+        return ctx.createError({ message: 'Invalid system permission' });
+    }
+    return true;
+})
+    .meta({ openapiField: { description: `The permission ID used to uniquely identify a permission. Can either be a custom permission with lowercase letters, numbers, ":", and "_" characters, or one of the system permissions: ${teamSystemPermissions.join(', ')}`, exampleValue: '$read_secret_info' } });
+export const customTeamPermissionIdSchema = yupString()
+    .matches(/^[a-z0-9_:]+$/, 'Only lowercase letters, numbers, ":", "_" are allowed')
+    .meta({ openapiField: { description: 'The permission ID used to uniquely identify a permission. Can only contain lowercase letters, numbers, ":", and "_" characters', exampleValue: 'read_secret_info' } });
+export const teamPermissionDescriptionSchema = yupString().meta({ openapiField: { description: 'A human-readable description of the permission', exampleValue: 'Read secret information' } });
+export const containedPermissionIdsSchema = yupArray(teamPermissionIdSchema.required()).meta({ openapiField: { description: 'The IDs of the permissions that are contained in this permission', exampleValue: ['read_public_info'] } });
+// Teams
+export const teamIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription('team'), exampleValue: 'ad962777-8244-496a-b6a2-e0c6a449c79e' } });
+export const teamDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team'), exampleValue: 'My Team' } });
+export const teamClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('team'), exampleValue: { key: 'value' } } });
+export const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('team'), exampleValue: { key: 'value' } } });
+export const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });
+// Utils
+export function yupRequiredWhen(schema, triggerName, isValue) {
+    return schema.when(triggerName, {
+        is: isValue,
+        then: (schema) => schema.required(),
+        otherwise: (schema) => schema.optional()
+    });
+}

package/dist/sessions.d.ts

@@ -42,6 +42,7 @@ export declare class InternalSession {
         refreshToken: string | null;
         accessToken?: string | null;
     }): string;
+    isKnownToBeInvalid(): boolean;
     /**
      * Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.
      */

package/dist/sessions.js

@@ -1,12 +1,19 @@
+import { StackAssertionError } from "./utils/errors";
 import { Store } from "./utils/stores";
 export class AccessToken {
     constructor(token) {
         this.token = token;
+        if (token === "undefined") {
+            throw new StackAssertionError("Access token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!");
+        }
     }
 }
 export class RefreshToken {
     constructor(token) {
         this.token = token;
+        if (token === "undefined") {
+            throw new StackAssertionError("Refresh token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!");
+        }
     }
 }
 /**
@@ -39,6 +46,9 @@ export class InternalSession {
             return "not-logged-in";
         }
     }
+    isKnownToBeInvalid() {
+        return this._knownToBeInvalid.get();
+    }
     /**
      * Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.
      */
@@ -88,13 +98,13 @@ export class InternalSession {
      * @returns An access token (cached if possible), or null if the session either does not represent a user or the session is invalid.
      */
     async _getPotentiallyExpiredAccessToken() {
-        const oldAccessToken = this._accessToken.get();
-        if (oldAccessToken)
-            return oldAccessToken;
         if (!this._refreshToken)
             return null;
         if (this._knownToBeInvalid.get())
             return null;
+        const oldAccessToken = this._accessToken.get();
+        if (oldAccessToken)
+            return oldAccessToken;
         // refresh access token
         if (!this._refreshPromise) {
             this._refreshAndSetRefreshPromise(this._refreshToken);

package/dist/utils/compile-time.d.ts

@@ -1,4 +1,6 @@
 /**
- * Returns the first argument passed to it, but compilers won't be able to optimize it out. This is useful in some cases where compiler warnings go awry; for example, when importing things that may not exist (but are guaranteed to exist at runtime).
+ * Returns the first argument passed to it, but compilers won't be able to optimize it out. This is useful in some
+ * cases where compiler warnings go awry; for example, when importing things that may not exist (but are guaranteed
+ * to exist at runtime).
  */
 export declare function scrambleDuringCompileTime<T>(t: T): T;

package/dist/utils/compile-time.js

@@ -1,5 +1,7 @@
 /**
- * Returns the first argument passed to it, but compilers won't be able to optimize it out. This is useful in some cases where compiler warnings go awry; for example, when importing things that may not exist (but are guaranteed to exist at runtime).
+ * Returns the first argument passed to it, but compilers won't be able to optimize it out. This is useful in some
+ * cases where compiler warnings go awry; for example, when importing things that may not exist (but are guaranteed
+ * to exist at runtime).
  */
 export function scrambleDuringCompileTime(t) {
     return t;

package/dist/utils/errors.d.ts

@@ -13,8 +13,11 @@ type Status = {
     message: string;
 };
 type StatusErrorConstructorParameters = [
-    statusCode: number | Status,
+    status: Status,
     message?: string
+] | [
+    statusCode: number | Status,
+    message: string
 ];
 export declare class StatusError extends Error {
     name: string;
@@ -185,6 +188,10 @@ export declare class StatusError extends Error {
     getStatusCode(): number;
     getBody(): Uint8Array;
     getHeaders(): Record<string, string[]>;
+    toDescriptiveJson(): Json;
+    /**
+     * @deprecated this is not a good way to make status errors human-readable, use toDescriptiveJson instead
+     */
     toHttpJson(): Json;
 }
 export {};

package/dist/utils/errors.js

@@ -27,11 +27,11 @@ export function registerErrorSink(sink) {
     errorSinks.add(sink);
 }
 registerErrorSink((location, ...args) => {
-    console.error(`Error in ${location}:`, ...args);
+    console.error(`\x1b[41mError in ${location}:`, ...args, "\x1b[0m");
 });
-registerErrorSink((location, error, ...args) => {
+registerErrorSink((location, error, ...extraArgs) => {
     globalVar.stackCapturedErrors = globalVar.stackCapturedErrors ?? [];
-    globalVar.stackCapturedErrors.push({ location, error: args, extraArgs: args });
+    globalVar.stackCapturedErrors.push({ location, error, extraArgs });
 });
 export function captureError(location, error) {
     for (const sink of errorSinks) {
@@ -44,10 +44,12 @@ export class StatusError extends Error {
             message ??= status.message;
             status = status.statusCode;
         }
-        message ??= "Server Error";
         super(message);
         this.name = "StatusError";
         this.statusCode = status;
+        if (!message) {
+            throw new StackAssertionError("StatusError always requires a message unless a Status object is passed", {}, { cause: this });
+        }
     }
     isClientError() {
         return this.statusCode >= 400 && this.statusCode < 500;
@@ -66,6 +68,16 @@ export class StatusError extends Error {
             "Content-Type": ["text/plain; charset=utf-8"],
         };
     }
+    toDescriptiveJson() {
+        return {
+            status_code: this.getStatusCode(),
+            message: this.message,
+            headers: this.getHeaders(),
+        };
+    }
+    /**
+     * @deprecated this is not a good way to make status errors human-readable, use toDescriptiveJson instead
+     */
     toHttpJson() {
         return {
             status_code: this.statusCode,
@@ -114,3 +126,4 @@ StatusError.InsufficientStorage = { statusCode: 507, message: "Insufficient Stor
 StatusError.LoopDetected = { statusCode: 508, message: "Loop Detected" };
 StatusError.NotExtended = { statusCode: 510, message: "Not Extended" };
 StatusError.NetworkAuthenticationRequired = { statusCode: 511, message: "Network Authentication Required" };
+StatusError.prototype.name = "StatusError";

package/dist/utils/objects.d.ts

@@ -6,7 +6,9 @@ export type DeepPartial<T> = T extends object ? {
  *
  * Note that since they are assumed to be plain objects, this function does not compare prototypes.
  */
-export declare function deepPlainEquals<T>(obj1: T, obj2: unknown): obj2 is T;
+export declare function deepPlainEquals<T>(obj1: T, obj2: unknown, options?: {
+    ignoreUndefinedValues?: boolean;
+}): obj2 is T;
 export declare function deepPlainClone<T>(obj: T): T;
 export declare function deepPlainSnakeCaseToCamelCase(snakeCaseObj: any): any;
 export declare function deepPlainCamelCaseToSnakeCase(camelCaseObj: any): any;
@@ -27,3 +29,4 @@ export type FilterUndefined<T> = {
 export declare function filterUndefined<T extends {}>(obj: T): FilterUndefined<T>;
 export declare function pick<T extends {}, K extends keyof T>(obj: T, keys: K[]): Pick<T, K>;
 export declare function omit<T extends {}, K extends keyof T>(obj: T, keys: K[]): Omit<T, K>;
+export declare function split<T extends {}, K extends keyof T>(obj: T, keys: K[]): [Pick<T, K>, Omit<T, K>];

package/dist/utils/objects.js

@@ -5,7 +5,7 @@ import { camelCaseToSnakeCase, snakeCaseToCamelCase } from "./strings";
  *
  * Note that since they are assumed to be plain objects, this function does not compare prototypes.
  */
-export function deepPlainEquals(obj1, obj2) {
+export function deepPlainEquals(obj1, obj2, options = {}) {
     if (typeof obj1 !== typeof obj2)
         return false;
     if (obj1 === obj2)
@@ -19,13 +19,18 @@ export function deepPlainEquals(obj1, obj2) {
                     return false;
                 if (obj1.length !== obj2.length)
                     return false;
-                return obj1.every((v, i) => deepPlainEquals(v, obj2[i]));
+                return obj1.every((v, i) => deepPlainEquals(v, obj2[i], options));
             }
-            const keys1 = Object.keys(obj1);
-            const keys2 = Object.keys(obj2);
-            if (keys1.length !== keys2.length)
+            const entries1 = Object.entries(obj1).filter(([k, v]) => !options.ignoreUndefinedValues || v !== undefined);
+            const entries2 = Object.entries(obj2).filter(([k, v]) => !options.ignoreUndefinedValues || v !== undefined);
+            if (entries1.length !== entries2.length)
                 return false;
-            return keys1.every((k) => k in obj2 && deepPlainEquals(obj1[k], obj2[k]));
+            return entries1.every(([k, v1]) => {
+                const e2 = entries2.find(([k2]) => k === k2);
+                if (!e2)
+                    return false;
+                return deepPlainEquals(v1, e2[1], options);
+            });
         }
         case 'undefined':
         case 'string':
@@ -58,7 +63,7 @@ export function deepPlainSnakeCaseToCamelCase(snakeCaseObj) {
     if (typeof snakeCaseObj !== 'object' || !snakeCaseObj)
         return snakeCaseObj;
     if (Array.isArray(snakeCaseObj))
-        return snakeCaseObj.map(deepPlainSnakeCaseToCamelCase);
+        return snakeCaseObj.map(o => deepPlainSnakeCaseToCamelCase(o));
     return Object.fromEntries(Object.entries(snakeCaseObj).map(([k, v]) => [snakeCaseToCamelCase(k), deepPlainSnakeCaseToCamelCase(v)]));
 }
 export function deepPlainCamelCaseToSnakeCase(camelCaseObj) {
@@ -67,7 +72,7 @@ export function deepPlainCamelCaseToSnakeCase(camelCaseObj) {
     if (typeof camelCaseObj !== 'object' || !camelCaseObj)
         return camelCaseObj;
     if (Array.isArray(camelCaseObj))
-        return camelCaseObj.map(deepPlainCamelCaseToSnakeCase);
+        return camelCaseObj.map(o => deepPlainCamelCaseToSnakeCase(o));
     return Object.fromEntries(Object.entries(camelCaseObj).map(([k, v]) => [camelCaseToSnakeCase(k), deepPlainCamelCaseToSnakeCase(v)]));
 }
 export function typedEntries(obj) {
@@ -98,3 +103,6 @@ export function pick(obj, keys) {
 export function omit(obj, keys) {
     return Object.fromEntries(Object.entries(obj).filter(([k]) => !keys.includes(k)));
 }
+export function split(obj, keys) {
+    return [pick(obj, keys), omit(obj, keys)];
+}

package/dist/utils/promises.js

@@ -159,7 +159,12 @@ export function rateLimited(func, options) {
         const end = performance.now();
         waitUntil = Math.max(waitUntil, start + (options.throttleMs ?? 0), end + (options.gapMs ?? 0));
         for (const nextFunc of nextFuncs) {
-            value.status === "ok" ? nextFunc[0](value.data) : nextFunc[1](value.error);
+            if (value.status === "ok") {
+                nextFunc[0](value.data);
+            }
+            else {
+                nextFunc[1](value.error);
+            }
         }
     };
     runAsynchronously(async () => {

package/dist/utils/proxies.d.ts

@@ -1 +1,2 @@
 export declare function logged<T extends object>(name: string, toLog: T, options?: {}): T;
+export declare function createLazyProxy<FactoryResult>(factory: () => FactoryResult): FactoryResult;

package/dist/utils/proxies.js

@@ -57,3 +57,68 @@ export function logged(name, toLog, options = {}) {
     });
     return proxy;
 }
+export function createLazyProxy(factory) {
+    let cache = undefined;
+    let initialized = false;
+    function initializeIfNeeded() {
+        if (!initialized) {
+            cache = factory();
+            initialized = true;
+        }
+        return cache;
+    }
+    return new Proxy({}, {
+        get(target, prop, receiver) {
+            const instance = initializeIfNeeded();
+            return Reflect.get(instance, prop, receiver);
+        },
+        set(target, prop, value, receiver) {
+            const instance = initializeIfNeeded();
+            return Reflect.set(instance, prop, value, receiver);
+        },
+        has(target, prop) {
+            const instance = initializeIfNeeded();
+            return Reflect.has(instance, prop);
+        },
+        deleteProperty(target, prop) {
+            const instance = initializeIfNeeded();
+            return Reflect.deleteProperty(instance, prop);
+        },
+        ownKeys(target) {
+            const instance = initializeIfNeeded();
+            return Reflect.ownKeys(instance);
+        },
+        getOwnPropertyDescriptor(target, prop) {
+            const instance = initializeIfNeeded();
+            return Reflect.getOwnPropertyDescriptor(instance, prop);
+        },
+        defineProperty(target, prop, descriptor) {
+            const instance = initializeIfNeeded();
+            return Reflect.defineProperty(instance, prop, descriptor);
+        },
+        getPrototypeOf(target) {
+            const instance = initializeIfNeeded();
+            return Reflect.getPrototypeOf(instance);
+        },
+        setPrototypeOf(target, proto) {
+            const instance = initializeIfNeeded();
+            return Reflect.setPrototypeOf(instance, proto);
+        },
+        isExtensible(target) {
+            const instance = initializeIfNeeded();
+            return Reflect.isExtensible(instance);
+        },
+        preventExtensions(target) {
+            const instance = initializeIfNeeded();
+            return Reflect.preventExtensions(instance);
+        },
+        apply(target, thisArg, argumentsList) {
+            const instance = initializeIfNeeded();
+            return Reflect.apply(instance, thisArg, argumentsList);
+        },
+        construct(target, argumentsList, newTarget) {
+            const instance = initializeIfNeeded();
+            return Reflect.construct(instance, argumentsList, newTarget);
+        }
+    });
+}

package/dist/utils/react.d.ts

@@ -1,4 +1,4 @@
-/// <reference types="react" />
+import React from "react";
 export declare function getNodeText(node: React.ReactNode): string;
 /**
  * Suspends the currently rendered component indefinitely. Will not unsuspend unless the component rerenders.

package/dist/utils/react.js

@@ -1,4 +1,4 @@
-import { use } from "react";
+import React from "react";
 import { neverResolve } from "./promises";
 import { deindent } from "./strings";
 import { isBrowserLike } from "./env";
@@ -23,7 +23,7 @@ export function getNodeText(node) {
  * You can use this to translate older query- or AsyncResult-based code to new the Suspense system, for example: `if (query.isLoading) suspend();`
  */
 export function suspend() {
-    use(neverResolve());
+    React.use(neverResolve());
     throw new Error("Somehow a Promise that never resolves was resolved?");
 }
 /**

package/dist/utils/strings.js

@@ -107,12 +107,12 @@ export function mergeScopeStrings(...scopes) {
 }
 export function snakeCaseToCamelCase(snakeCase) {
     if (snakeCase.match(/[A-Z]/))
-        return snakeCase; // TODO: this is a hack for fixing the email templates, remove this after v2 migration
+        return snakeCase; // TODO next-release: this is a hack for fixing the email templates, remove this after v2 migration
     return snakeCase.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
 }
 export function camelCaseToSnakeCase(camelCase) {
     if (camelCase.match(/_/))
-        return camelCase; // TODO: this is a hack for fixing the email templates, remove this after v2 migration
+        return camelCase; // TODO next-release: this is a hack for fixing the email templates, remove this after v2 migration
     return camelCase.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
 }
 /**
@@ -256,7 +256,7 @@ function nicifyPropertyString(str) {
     return JSON.stringify(str);
 }
 function getNicifiableKeys(value) {
-    return ("getNicifiableKeys" in value ? value.getNicifiableKeys : null)?.() ?? Object.keys(value).sort();
+    return ("getNicifiableKeys" in value ? value.getNicifiableKeys?.bind(value) : null)?.() ?? Object.keys(value).sort();
 }
 function getNicifiableEntries(value) {
     const recordLikes = [Headers];

package/dist/utils/urls.d.ts

@@ -0,0 +1 @@
+export declare function isLocalhost(urlOrString: string | URL): boolean;

package/dist/utils/urls.js

@@ -0,0 +1,8 @@
+export function isLocalhost(urlOrString) {
+    const url = new URL(urlOrString);
+    if (url.hostname === "localhost" || url.hostname.endsWith(".localhost"))
+        return true;
+    if (url.hostname.match(/^127\.\d+\.\d+\.\d+$/))
+        return true;
+    return false;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.5.3",
+  "version": "2.5.5",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -36,7 +36,7 @@
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.5.3"
+    "@stackframe/stack-sc": "2.5.5"
   },
   "devDependencies": {
     "rimraf": "^5.0.5",

package/dist/utils/yup.d.ts

@@ -1,3 +0,0 @@
-import * as yup from "yup";
-export declare const yupJson: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
-export declare const yupJsonValidator: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;

package/dist/utils/yup.js

@@ -1,13 +0,0 @@
-import * as yup from "yup";
-export const yupJson = yup.mixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));
-export const yupJsonValidator = yup.string().test("json", "Invalid JSON format", (value) => {
-    if (!value)
-        return true;
-    try {
-        JSON.parse(value);
-        return true;
-    }
-    catch (error) {
-        return false;
-    }
-});