@stackframe/stack-shared 2.5.35 → 2.6.0

package/dist/interface/crud/users.d.ts

@@ -61,7 +61,7 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
     } | {
         type: "oauth";
         provider: {
-            type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+            type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
             id: string;
             provider_user_id: string;
         };
@@ -69,7 +69,7 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
     connected_accounts: {
         type: "oauth";
         provider: {
-            type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+            type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
             id: string;
             provider_user_id: string;
         };
@@ -107,9 +107,9 @@ export declare const usersCrudServerReadSchema: import("yup").ObjectSchema<{
     last_active_at_millis: undefined;
 }, "">;
 export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
+    primary_email: string | null | undefined;
     password: string | null | undefined;
     display_name: string | null | undefined;
-    primary_email: string | null | undefined;
     profile_image_url: string | null | undefined;
     client_metadata: {} | null | undefined;
     client_read_only_metadata: {} | null | undefined;
@@ -119,8 +119,8 @@ export declare const usersCrudServerCreateSchema: import("yup").ObjectSchema<{
     totp_secret_base64: string | null | undefined;
 } & {
     oauth_providers: {
-        id: string;
         email: string | null;
+        id: string;
         account_id: string;
     }[] | undefined;
 }, import("yup").AnyObject, {
@@ -176,7 +176,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         } | {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -184,7 +184,7 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         connected_accounts: {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -247,9 +247,9 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         selected_team_id: undefined;
     }, "">;
     serverCreateSchema: import("yup").ObjectSchema<{
+        primary_email: string | null | undefined;
         password: string | null | undefined;
         display_name: string | null | undefined;
-        primary_email: string | null | undefined;
         profile_image_url: string | null | undefined;
         client_metadata: {} | null | undefined;
         client_read_only_metadata: {} | null | undefined;
@@ -259,8 +259,8 @@ export declare const usersCrud: import("../../crud").CrudSchemaFromOptions<{
         totp_secret_base64: string | null | undefined;
     } & {
         oauth_providers: {
-            id: string;
             email: string | null;
+            id: string;
             account_id: string;
         }[] | undefined;
     }, import("yup").AnyObject, {
@@ -346,7 +346,7 @@ export declare const userCreatedWebhookEvent: {
         } | {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -354,7 +354,7 @@ export declare const userCreatedWebhookEvent: {
         connected_accounts: {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -436,7 +436,7 @@ export declare const userUpdatedWebhookEvent: {
         } | {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -444,7 +444,7 @@ export declare const userUpdatedWebhookEvent: {
         connected_accounts: {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -491,8 +491,12 @@ export declare const userDeletedWebhookEvent: {
     type: string;
     schema: import("yup").ObjectSchema<{
         id: string;
+        teams: {
+            id: string;
+        }[];
     }, import("yup").AnyObject, {
         id: undefined;
+        teams: undefined;
     }, "">;
     metadata: {
         summary: string;

package/dist/interface/crud/users.js

@@ -123,6 +123,9 @@ export const userUpdatedWebhookEvent = {
 };
 const webhookUserDeletedSchema = fieldSchema.yupObject({
     id: fieldSchema.userIdSchema.required(),
+    teams: fieldSchema.yupArray(fieldSchema.yupObject({
+        id: fieldSchema.yupString().required(),
+    })).required(),
 }).required();
 export const userDeletedWebhookEvent = {
     type: "user.deleted",

package/dist/interface/webhooks.d.ts

@@ -47,7 +47,7 @@ export declare const webhookEvents: readonly [{
         } | {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -55,7 +55,7 @@ export declare const webhookEvents: readonly [{
         connected_accounts: {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -136,7 +136,7 @@ export declare const webhookEvents: readonly [{
         } | {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -144,7 +144,7 @@ export declare const webhookEvents: readonly [{
         connected_accounts: {
             type: "oauth";
             provider: {
-                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+                type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
                 id: string;
                 provider_user_id: string;
             };
@@ -190,8 +190,12 @@ export declare const webhookEvents: readonly [{
     type: string;
     schema: yup.ObjectSchema<{
         id: string;
+        teams: {
+            id: string;
+        }[];
     }, yup.AnyObject, {
         id: undefined;
+        teams: undefined;
     }, "">;
     metadata: {
         summary: string;

package/dist/known-errors.d.ts

@@ -291,6 +291,11 @@ export declare const KnownErrors: {
     } & KnownErrorBrand<"VERIFICATION_CODE_ALREADY_USED">, []> & {
         errorCode: "VERIFICATION_CODE_ALREADY_USED";
     };
+    VerificationCodeMaxAttemptsReached: KnownErrorConstructor<KnownError & KnownErrorBrand<"VERIFICATION_ERROR"> & {
+        constructorArgs: [statusCode: number, humanReadableMessage: string, details?: Json | undefined];
+    } & KnownErrorBrand<"VERIFICATION_CODE_MAX_ATTEMPTS_REACHED">, []> & {
+        errorCode: "VERIFICATION_CODE_MAX_ATTEMPTS_REACHED";
+    };
     PasswordConfirmationMismatch: KnownErrorConstructor<KnownError & KnownErrorBrand<"PASSWORD_CONFIRMATION_MISMATCH">, []> & {
         errorCode: "PASSWORD_CONFIRMATION_MISMATCH";
     };
@@ -375,5 +380,8 @@ export declare const KnownErrors: {
     TeamPermissionNotFound: KnownErrorConstructor<KnownError & KnownErrorBrand<"TEAM_PERMISSION_NOT_FOUND">, [any, any, any]> & {
         errorCode: "TEAM_PERMISSION_NOT_FOUND";
     };
+    OAuthProviderAccessDenied: KnownErrorConstructor<KnownError & KnownErrorBrand<"OAUTH_PROVIDER_ACCESS_DENIED">, []> & {
+        errorCode: "OAUTH_PROVIDER_ACCESS_DENIED";
+    };
 };
 export {};

package/dist/known-errors.js

@@ -372,6 +372,10 @@ const VerificationCodeAlreadyUsed = createKnownErrorConstructor(VerificationCode
     400,
     "The verification link has already been used.",
 ], () => []);
+const VerificationCodeMaxAttemptsReached = createKnownErrorConstructor(VerificationCodeError, "VERIFICATION_CODE_MAX_ATTEMPTS_REACHED", () => [
+    400,
+    "The verification code nonce has reached the maximum number of attempts. This code is not valid anymore.",
+], () => []);
 const PasswordConfirmationMismatch = createKnownErrorConstructor(KnownError, "PASSWORD_CONFIRMATION_MISMATCH", () => [
     400,
     "Passwords do not match.",
@@ -530,6 +534,10 @@ const InvalidAuthorizationCode = createKnownErrorConstructor(KnownError, "INVALI
     400,
     "The given authorization code is invalid.",
 ], () => []);
+const OAuthProviderAccessDenied = createKnownErrorConstructor(KnownError, "OAUTH_PROVIDER_ACCESS_DENIED", () => [
+    400,
+    "The OAuth provider denied access to the user.",
+], () => []);
 export const KnownErrors = {
     UnsupportedError,
     BodyParsingError,
@@ -588,6 +596,7 @@ export const KnownErrors = {
     VerificationCodeNotFound,
     VerificationCodeExpired,
     VerificationCodeAlreadyUsed,
+    VerificationCodeMaxAttemptsReached,
     PasswordConfirmationMismatch,
     EmailAlreadyVerified,
     EmailNotAssociatedWithUser,
@@ -616,6 +625,7 @@ export const KnownErrors = {
     InvalidStandardOAuthProviderId,
     InvalidAuthorizationCode,
     TeamPermissionNotFound,
+    OAuthProviderAccessDenied,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/schema-fields.d.ts

@@ -1,4 +1,7 @@
 import * as yup from "yup";
+export declare function yupValidate<S extends yup.ISchema<any>>(schema: S, obj: unknown, options?: yup.ValidateOptions & {
+    currentUserId?: string | null;
+}): Promise<yup.InferType<S>>;
 declare const StackAdaptSentinel: unique symbol;
 export type StackAdaptSentinel = typeof StackAdaptSentinel;
 export declare function yupString<A extends string, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.string<A, B>>): yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
@@ -37,9 +40,10 @@ export declare const projectAllowLocalhostSchema: yup.BooleanSchema<boolean | un
 export declare const projectCreateTeamOnSignUpSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectMagicLinkEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectClientTeamCreationEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
+export declare const projectClientUserDeletionEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectSignUpEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const projectCredentialEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
-export declare const oauthIdSchema: yup.StringSchema<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthIdSchema: yup.StringSchema<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthEnabledSchema: yup.BooleanSchema<boolean | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthTypeSchema: yup.StringSchema<"shared" | "standard" | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthClientIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
@@ -70,7 +74,7 @@ export declare const userClientReadOnlyMetadataSchema: yup.MixedSchema<{} | null
 export declare const userServerMetadataSchema: yup.MixedSchema<{} | null, yup.AnyObject, undefined, "">;
 export declare const userOAuthProviderSchema: yup.ObjectSchema<{
     id: string;
-    type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | undefined>;
+    type: NonNullable<"google" | "github" | "microsoft" | "spotify" | "facebook" | "discord" | "gitlab" | "bitbucket" | "linkedin" | "apple" | "x" | undefined>;
     provider_user_id: string;
 }, yup.AnyObject, {
     id: undefined;

package/dist/schema-fields.js

@@ -1,8 +1,58 @@
 import * as yup from "yup";
+import { KnownErrors } from ".";
 import { isBase64 } from "./utils/bytes";
 import { StackAssertionError } from "./utils/errors";
 import { allProviders } from "./utils/oauth";
+import { deepPlainClone, omit } from "./utils/objects";
 import { isUuid } from "./utils/uuids";
+export async function yupValidate(schema, obj, options) {
+    try {
+        return await schema.validate(obj, {
+            ...omit(options ?? {}, ['currentUserId']),
+            context: {
+                ...options?.context,
+                stackAllowUserIdMe: options?.currentUserId !== undefined,
+            },
+        });
+    }
+    catch (error) {
+        if (error instanceof ReplaceFieldWithOwnUserId) {
+            const currentUserId = options?.currentUserId;
+            if (!currentUserId)
+                throw new KnownErrors.CannotGetOwnUserWithoutUser();
+            // parse yup path
+            let pathRemaining = error.path;
+            const fieldPath = [];
+            while (pathRemaining.length > 0) {
+                if (pathRemaining.startsWith("[")) {
+                    const index = pathRemaining.indexOf("]");
+                    if (index < 0)
+                        throw new StackAssertionError("Invalid path");
+                    fieldPath.push(JSON.parse(pathRemaining.slice(1, index)));
+                    pathRemaining = pathRemaining.slice(index + 1);
+                }
+                else {
+                    let dotIndex = pathRemaining.indexOf(".");
+                    if (dotIndex === -1)
+                        dotIndex = pathRemaining.length;
+                    fieldPath.push(pathRemaining.slice(0, dotIndex));
+                    pathRemaining = pathRemaining.slice(dotIndex + 1);
+                }
+            }
+            const newObj = deepPlainClone(obj);
+            let it = newObj;
+            for (const field of fieldPath.slice(0, -1)) {
+                if (!Object.prototype.hasOwnProperty.call(it, field)) {
+                    throw new StackAssertionError(`Segment ${field} of path ${error.path} not found in object`);
+                }
+                it = it[field];
+            }
+            it[fieldPath[fieldPath.length - 1]] = currentUserId;
+            return await yupValidate(schema, newObj, options);
+        }
+        throw error;
+    }
+}
 const _idDescription = (identify) => `The unique identifier of this ${identify}`;
 const _displayNameDescription = (identify) => `Human-readable ${identify} display name. This is not a unique identifier.`;
 const _clientMetaDataDescription = (identify) => `Client metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client.`;
@@ -82,7 +132,10 @@ export function yupUnion(...args) {
                 errors.push(e);
             }
         }
-        throw new AggregateError(errors, 'Invalid value; must be one of the provided schemas');
+        return context.createError({
+            message: `${context.path} is not matched by any of the provided schemas:\n${errors.map((e, i) => '\tSchema ' + i + ": \n\t\t" + e.errors.join('\n\t\t')).join('\n')}`,
+            path: context.path,
+        });
     });
 }
 // Common
@@ -151,6 +204,7 @@ export const projectAllowLocalhostSchema = yupBoolean().meta({ openapiField: { d
 export const projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField: { description: 'Whether a team should be created for each user that signs up', exampleValue: true } });
 export const projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether magic link authentication is enabled for this project', exampleValue: true } });
 export const projectClientTeamCreationEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can create teams', exampleValue: true } });
+export const projectClientUserDeletionEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can delete their own account from the client', exampleValue: true } });
 export const projectSignUpEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether users can sign up new accounts, or whether they are only allowed to sign in to existing accounts. Regardless of this option, the server API can always create new users with the `POST /users` endpoint.', exampleValue: true } });
 export const projectCredentialEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether email password authentication is enabled for this project', exampleValue: true } });
 // Project OAuth config
@@ -184,6 +238,10 @@ export const userIdOrMeSchema = yupString().uuid().transform(v => {
     else
         return v;
 }).test((v, context) => {
+    if (!("stackAllowUserIdMe" in (context.options.context ?? {})))
+        throw new StackAssertionError('userIdOrMeSchema is not allowed in this context. Make sure you\'re using yupValidate from schema-fields.ts to validate, instead of schema.validate(...).');
+    if (!context.options.context?.stackAllowUserIdMe)
+        throw new StackAssertionError('userIdOrMeSchema is not allowed in this context. Make sure you\'re passing in the currentUserId option in yupValidate.');
     if (v === userIdMeSentinelUuid)
         throw new ReplaceFieldWithOwnUserId(context.path);
     return true;
@@ -206,8 +264,8 @@ export const userOAuthProviderSchema = yupObject({
 export const userLastActiveAtMillisSchema = yupNumber().nullable().meta({ openapiField: { description: _lastActiveAtMillisDescription, exampleValue: 1630000000000 } });
 // Auth
 export const signInEmailSchema = emailSchema.meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });
-export const emailOtpSignInCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct the magic link from. A query argument `code` with the verification code will be appended to it. The page should then make a request to the `/auth/otp/sign-in` endpoint.', exampleValue: 'https://example.com/handler/magic-link-callback' } });
-export const emailVerificationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct a verification link for the verification e-mail. A query argument `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.', exampleValue: 'https://example.com/handler/email-verification' } });
+export const emailOtpSignInCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct the magic link from. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/auth/otp/sign-in` endpoint.', exampleValue: 'https://example.com/handler/magic-link-callback' } });
+export const emailVerificationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct a verification link for the verification e-mail. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.', exampleValue: 'https://example.com/handler/email-verification' } });
 export const accessTokenResponseSchema = yupString().meta({ openapiField: { description: 'Short-lived access token that can be used to authenticate the user', exampleValue: 'eyJhmMiJB2TO...diI4QT' } });
 export const refreshTokenResponseSchema = yupString().meta({ openapiField: { description: 'Long-lived refresh token that can be used to obtain a new access token', exampleValue: 'i8ns3aq2...14y' } });
 export const signInResponseSchema = yupObject({
@@ -248,8 +306,8 @@ export const teamClientMetadataSchema = jsonSchema.meta({ openapiField: { descri
 export const teamClientReadOnlyMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientReadOnlyMetaDataDescription('team'), exampleValue: { key: 'value' } } });
 export const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('team'), exampleValue: { key: 'value' } } });
 export const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });
-export const teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });
-export const teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct a verification link for the verification e-mail. A query argument `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.', exampleValue: 'https://example.com/handler/email-verification' } });
+export const teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: 'The email of the user to invite.', exampleValue: 'johndoe@example.com' } });
+export const teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct an invite link with. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/team-invitations/accept` endpoint.', exampleValue: 'https://example.com/handler/team-invitation' } });
 // Team member profiles
 export const teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team member') + ' Note that this is separate from the display_name of the user.', exampleValue: 'John Doe' } });
 export const teamMemberProfileImageUrlSchema = urlSchema.max(1000000).meta({ openapiField: { description: _profileImageUrlDescription('team member'), exampleValue: 'https://example.com/image.jpg' } });

package/dist/utils/jwt.d.ts

@@ -15,7 +15,7 @@ export declare function getPublicJwkSet(): Promise<{
         d: string;
         x: string;
         y: string;
-    }, "kty" | "crv" | "x" | "y">[];
+    }, "x" | "kty" | "crv" | "y">[];
 }>;
 export declare function encryptJWE(payload: any, expirationTime?: string): Promise<string>;
 export declare function decryptJWE(jwt: string): Promise<jose.JWTPayload>;

package/dist/utils/jwt.js

@@ -1,8 +1,8 @@
+import elliptic from "elliptic";
 import * as jose from "jose";
+import { encodeBase64 } from "./bytes";
 import { getEnvVariable } from "./env";
-import elliptic from "elliptic";
 import { globalVar } from "./globals";
-import { encodeBase64 } from "./bytes";
 import { pick } from "./objects";
 const STACK_SERVER_SECRET = jose.base64url.decode(getEnvVariable("STACK_SERVER_SECRET"));
 export async function signJWT(issuer, payload, expirationTime = "5m") {

package/dist/utils/oauth.d.ts

@@ -1,6 +1,6 @@
-export declare const standardProviders: readonly ["google", "github", "microsoft", "spotify", "facebook", "discord", "gitlab", "bitbucket", "linkedin"];
+export declare const standardProviders: readonly ["google", "github", "microsoft", "spotify", "facebook", "discord", "gitlab", "bitbucket", "linkedin", "apple", "x"];
 export declare const sharedProviders: readonly ["google", "github", "microsoft", "spotify"];
-export declare const allProviders: readonly ["google", "github", "microsoft", "spotify", "facebook", "discord", "gitlab", "bitbucket", "linkedin"];
+export declare const allProviders: readonly ["google", "github", "microsoft", "spotify", "facebook", "discord", "gitlab", "bitbucket", "linkedin", "apple", "x"];
 export type ProviderType = typeof allProviders[number];
 export type StandardProviderType = typeof standardProviders[number];
 export type SharedProviderType = typeof sharedProviders[number];

package/dist/utils/oauth.js

@@ -1,4 +1,4 @@
-export const standardProviders = ["google", "github", "microsoft", "spotify", "facebook", "discord", "gitlab", "bitbucket", "linkedin"];
+export const standardProviders = ["google", "github", "microsoft", "spotify", "facebook", "discord", "gitlab", "bitbucket", "linkedin", "apple", "x"];
 // No more shared providers should be added except for special cases
 export const sharedProviders = ["google", "github", "microsoft", "spotify"];
 export const allProviders = standardProviders;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.5.35",
+  "version": "2.6.0",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -36,13 +36,15 @@
     "elliptic": "^6.5.7",
     "jose": "^5.2.2",
     "oauth4webapi": "^2.10.3",
+    "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.5.35"
+    "@stackframe/stack-sc": "2.6.0"
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.2",
     "@types/elliptic": "^6.4.18",
     "@types/react": "^18.2.66",
+    "@types/semver": "^7.5.8",
     "@types/uuid": "^9.0.8",
     "next": "^14.1.0",
     "react": "^18.2.0",

package/dist/interface/crud-deprecated/api-keys.d.ts

@@ -1,134 +0,0 @@
-import { CrudTypeOf } from "../../crud";
-export declare const apiKeysCreateInputSchema: import("yup").ObjectSchema<{
-    description: string;
-    expires_at_millis: number;
-    has_publishable_client_key: NonNullable<boolean | undefined>;
-    has_secret_server_key: NonNullable<boolean | undefined>;
-    has_super_secret_admin_key: NonNullable<boolean | undefined>;
-}, import("yup").AnyObject, {
-    description: undefined;
-    expires_at_millis: undefined;
-    has_publishable_client_key: undefined;
-    has_secret_server_key: undefined;
-    has_super_secret_admin_key: undefined;
-}, "">;
-export declare const apiKeysCreateOutputSchema: import("yup").ObjectSchema<{
-    id: string;
-    description: string;
-    expires_at_millis: number;
-    manually_revoked_at_millis: number | undefined;
-    created_at_millis: number;
-} & {
-    publishable_client_key: string | undefined;
-    secret_server_key: string | undefined;
-    super_secret_admin_key: string | undefined;
-}, import("yup").AnyObject, {
-    id: undefined;
-    description: undefined;
-    expires_at_millis: undefined;
-    manually_revoked_at_millis: undefined;
-    created_at_millis: undefined;
-    publishable_client_key: undefined;
-    secret_server_key: undefined;
-    super_secret_admin_key: undefined;
-}, "">;
-export declare const apiKeysCrudAdminObfuscatedReadSchema: import("yup").ObjectSchema<{
-    id: string;
-    description: string;
-    expires_at_millis: number;
-    manually_revoked_at_millis: number | undefined;
-    created_at_millis: number;
-} & {
-    publishable_client_key: {
-        last_four: string;
-    } | undefined;
-    secret_server_key: {
-        last_four: string;
-    } | undefined;
-    super_secret_admin_key: {
-        last_four: string;
-    } | undefined;
-}, import("yup").AnyObject, {
-    id: undefined;
-    description: undefined;
-    expires_at_millis: undefined;
-    manually_revoked_at_millis: undefined;
-    created_at_millis: undefined;
-    publishable_client_key: {
-        last_four: undefined;
-    };
-    secret_server_key: {
-        last_four: undefined;
-    };
-    super_secret_admin_key: {
-        last_four: undefined;
-    };
-}, "">;
-export declare const apiKeysCrudAdminUpdateSchema: import("yup").ObjectSchema<{
-    description: string | undefined;
-    revoked: boolean | undefined;
-}, import("yup").AnyObject, {
-    description: undefined;
-    revoked: undefined;
-}, "">;
-export declare const apiKeysCrudAdminDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
-export declare const apiKeysCrud: import("../../crud").CrudSchemaFromOptions<{
-    adminReadSchema: import("yup").ObjectSchema<{
-        id: string;
-        description: string;
-        expires_at_millis: number;
-        manually_revoked_at_millis: number | undefined;
-        created_at_millis: number;
-    } & {
-        publishable_client_key: {
-            last_four: string;
-        } | undefined;
-        secret_server_key: {
-            last_four: string;
-        } | undefined;
-        super_secret_admin_key: {
-            last_four: string;
-        } | undefined;
-    }, import("yup").AnyObject, {
-        id: undefined;
-        description: undefined;
-        expires_at_millis: undefined;
-        manually_revoked_at_millis: undefined;
-        created_at_millis: undefined;
-        publishable_client_key: {
-            last_four: undefined;
-        };
-        secret_server_key: {
-            last_four: undefined;
-        };
-        super_secret_admin_key: {
-            last_four: undefined;
-        };
-    }, "">;
-    adminUpdateSchema: import("yup").ObjectSchema<{
-        description: string | undefined;
-        revoked: boolean | undefined;
-    }, import("yup").AnyObject, {
-        description: undefined;
-        revoked: undefined;
-    }, "">;
-    adminDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
-    docs: {
-        adminList: {
-            hidden: true;
-        };
-        adminRead: {
-            hidden: true;
-        };
-        adminCreate: {
-            hidden: true;
-        };
-        adminUpdate: {
-            hidden: true;
-        };
-        adminDelete: {
-            hidden: true;
-        };
-    };
-}>;
-export type ApiKeysCrud = CrudTypeOf<typeof apiKeysCrud>;

package/dist/interface/crud-deprecated/api-keys.js

@@ -1,61 +0,0 @@
-import { createCrud } from "../../crud";
-import { yupBoolean, yupMixed, yupNumber, yupObject, yupString } from "../../schema-fields";
-const baseApiKeysReadSchema = yupObject({
-    id: yupString().required(),
-    description: yupString().required(),
-    expires_at_millis: yupNumber().required(),
-    manually_revoked_at_millis: yupNumber().optional(),
-    created_at_millis: yupNumber().required(),
-});
-// Used for the result of the create endpoint
-export const apiKeysCreateInputSchema = yupObject({
-    description: yupString().required(),
-    expires_at_millis: yupNumber().required(),
-    has_publishable_client_key: yupBoolean().required(),
-    has_secret_server_key: yupBoolean().required(),
-    has_super_secret_admin_key: yupBoolean().required(),
-});
-export const apiKeysCreateOutputSchema = baseApiKeysReadSchema.concat(yupObject({
-    publishable_client_key: yupString().optional(),
-    secret_server_key: yupString().optional(),
-    super_secret_admin_key: yupString().optional(),
-}).required());
-// Used for list, read and update endpoints after the initial creation
-export const apiKeysCrudAdminObfuscatedReadSchema = baseApiKeysReadSchema.concat(yupObject({
-    publishable_client_key: yupObject({
-        last_four: yupString().required(),
-    }).optional(),
-    secret_server_key: yupObject({
-        last_four: yupString().required(),
-    }).optional(),
-    super_secret_admin_key: yupObject({
-        last_four: yupString().required(),
-    }).optional(),
-}));
-export const apiKeysCrudAdminUpdateSchema = yupObject({
-    description: yupString().optional(),
-    revoked: yupBoolean().oneOf([true]).optional(),
-}).required();
-export const apiKeysCrudAdminDeleteSchema = yupMixed();
-export const apiKeysCrud = createCrud({
-    adminReadSchema: apiKeysCrudAdminObfuscatedReadSchema,
-    adminUpdateSchema: apiKeysCrudAdminUpdateSchema,
-    adminDeleteSchema: apiKeysCrudAdminDeleteSchema,
-    docs: {
-        adminList: {
-            hidden: true,
-        },
-        adminRead: {
-            hidden: true,
-        },
-        adminCreate: {
-            hidden: true,
-        },
-        adminUpdate: {
-            hidden: true,
-        },
-        adminDelete: {
-            hidden: true,
-        },
-    },
-});