@stackframe/stack-shared 2.6.29 → 2.6.31

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @stackframe/stack-shared
 
+## 2.6.31
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.31
+
+## 2.6.30
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.30
+
 ## 2.6.29
 
 ### Patch Changes

package/dist/interface/adminInterface.js

@@ -30,7 +30,7 @@ export class StackAdminInterface extends StackServerInterface {
         return await response.json();
     }
     async createApiKey(options) {
-        const response = await this.sendServerRequest("/internal/api-keys", {
+        const response = await this.sendAdminRequest("/internal/api-keys", {
             method: "POST",
             headers: {
                 "content-type": "application/json",

package/dist/interface/clientInterface.d.ts

@@ -186,6 +186,7 @@ export declare class StackClientInterface {
     createProject(project: InternalProjectsCrud['Client']['Create'], session: InternalSession): Promise<InternalProjectsCrud['Client']['Read']>;
     createProviderAccessToken(provider: string, scope: string, session: InternalSession): Promise<ConnectedAccountAccessTokenCrud['Client']['Read']>;
     createClientTeam(data: TeamsCrud['Client']['Create'], session: InternalSession): Promise<TeamsCrud['Client']['Read']>;
+    deleteTeam(teamId: string, session: InternalSession): Promise<void>;
     deleteCurrentUser(session: InternalSession): Promise<void>;
     createClientContactChannel(data: ContactChannelsCrud['Client']['Create'], session: InternalSession): Promise<ContactChannelsCrud['Client']['Read']>;
     updateClientContactChannel(id: string, data: ContactChannelsCrud['Client']['Update'], session: InternalSession): Promise<ContactChannelsCrud['Client']['Read']>;

package/dist/interface/clientInterface.js

@@ -812,6 +812,11 @@ export class StackClientInterface {
         }, session);
         return await response.json();
     }
+    async deleteTeam(teamId, session) {
+        await this.sendClientRequest(`/teams/${teamId}`, {
+            method: "DELETE",
+        }, session);
+    }
     async deleteCurrentUser(session) {
         await this.sendClientRequest("/users/me", {
             method: "DELETE",

package/dist/interface/crud/projects.js

@@ -1,6 +1,6 @@
 import { createCrud } from "../../crud";
 import * as schemaFields from "../../schema-fields";
-import { yupArray, yupObject, yupDefinedWhen, yupString } from "../../schema-fields";
+import { yupArray, yupDefinedWhen, yupObject, yupString } from "../../schema-fields";
 const teamPermissionSchema = yupObject({
     id: yupString().defined(),
 }).defined();
@@ -11,8 +11,8 @@ const oauthProviderSchema = yupObject({
     client_id: yupDefinedWhen(schemaFields.oauthClientIdSchema, 'type', 'standard'),
     client_secret: yupDefinedWhen(schemaFields.oauthClientSecretSchema, 'type', 'standard'),
     // extra params
-    facebook_config_id: yupString().optional().meta({ openapiField: { description: 'This parameter is the configuration id for Facebook business login (for things like ads and marketing).' } }),
-    microsoft_tenant_id: yupString().optional().meta({ openapiField: { description: 'This parameter is the Microsoft tenant id for Microsoft directory' } }),
+    facebook_config_id: schemaFields.oauthFacebookConfigIdSchema.optional(),
+    microsoft_tenant_id: schemaFields.oauthMicrosoftTenantIdSchema.optional(),
 });
 const enabledOAuthProviderSchema = yupObject({
     id: schemaFields.oauthIdSchema.defined(),

package/dist/schema-fields.d.ts

@@ -20,6 +20,7 @@ export declare function yupMixed<A extends {}>(...args: Parameters<typeof yup.mi
 export declare function yupArray<A extends yup.Maybe<yup.AnyObject> = yup.AnyObject, B = any>(...args: Parameters<typeof yup.array<A, B>>): yup.ArraySchema<B[] | undefined, A, undefined, "">;
 export declare function yupTuple<T extends [unknown, ...unknown[]]>(...args: Parameters<typeof yup.tuple<T>>): yup.TupleSchema<T | undefined, yup.AnyObject, undefined, "">;
 export declare function yupObject<A extends yup.Maybe<yup.AnyObject>, B extends yup.ObjectShape>(...args: Parameters<typeof yup.object<A, B>>): yup.ObjectSchema<yup.TypeFromShape<B, yup.AnyObject> extends infer T ? T extends yup.TypeFromShape<B, yup.AnyObject> ? T extends {} ? { [k in keyof T]: T[k]; } : T : never : never, yup.AnyObject, yup.DefaultFromShape<B> extends infer T_1 ? T_1 extends yup.DefaultFromShape<B> ? T_1 extends {} ? { [k_1 in keyof T_1]: T_1[k_1]; } : T_1 : never : never, "">;
+export declare function yupNever(): yup.MixedSchema<never>;
 export declare function yupUnion<T extends yup.ISchema<any>[]>(...args: T): yup.MixedSchema<yup.InferType<T[number]>>;
 export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | undefined, yup.AnyObject, undefined, "">;
 /**
@@ -62,6 +63,8 @@ export declare const oauthEnabledSchema: yup.BooleanSchema<boolean | undefined,
 export declare const oauthTypeSchema: yup.StringSchema<"shared" | "standard" | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthClientIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthClientSecretSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthFacebookConfigIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthMicrosoftTenantIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailTypeSchema: yup.StringSchema<"shared" | "standard" | undefined, yup.AnyObject, undefined, "">;
 export declare const emailSenderNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailHostSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;

package/dist/schema-fields.js

@@ -123,6 +123,9 @@ export function yupObject(...args) {
     // we don't want to update the type of `object` to have a default flag
     return object.default(undefined);
 }
+export function yupNever() {
+    return yupMixed().test('never', 'This value should never be reached', () => false);
+}
 export function yupUnion(...args) {
     if (args.length === 0)
         throw new Error('yupUnion must have at least one schema');
@@ -171,7 +174,7 @@ export const urlSchema = yupString().test({
     },
 });
 export const jsonSchema = yupMixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));
-export const jsonStringSchema = yupString().test("json", "Invalid JSON format", (value) => {
+export const jsonStringSchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
     if (value == null)
         return true;
     try {
@@ -182,7 +185,7 @@ export const jsonStringSchema = yupString().test("json", "Invalid JSON format",
         return false;
     }
 });
-export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON format", (value) => {
+export const jsonStringOrEmptySchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
     if (!value)
         return true;
     try {
@@ -193,7 +196,7 @@ export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON fo
         return false;
     }
 });
-export const base64Schema = yupString().test("is-base64", "Invalid base64 format", (value) => {
+export const base64Schema = yupString().test("is-base64", (params) => `${params.path} is not valid base64`, (value) => {
     if (value == null)
         return true;
     return isBase64(value);
@@ -236,6 +239,8 @@ export const oauthEnabledSchema = yupBoolean().meta({ openapiField: { descriptio
 export const oauthTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'OAuth provider type, one of shared, standard. "shared" uses Stack shared OAuth keys and it is only meant for development. "standard" uses your own OAuth keys and will show your logo and company name when signing in with the provider.', exampleValue: 'standard' } });
 export const oauthClientIdSchema = yupString().meta({ openapiField: { description: 'OAuth client ID. Needs to be specified when using type="standard"', exampleValue: 'google-oauth-client-id' } });
 export const oauthClientSecretSchema = yupString().meta({ openapiField: { description: 'OAuth client secret. Needs to be specified when using type="standard"', exampleValue: 'google-oauth-client-secret' } });
+export const oauthFacebookConfigIdSchema = yupString().meta({ openapiField: { description: 'The configuration id for Facebook business login (for things like ads and marketing). This is only required if you are using the standard OAuth with Facebook and you are using Facebook business login.' } });
+export const oauthMicrosoftTenantIdSchema = yupString().meta({ openapiField: { description: 'The Microsoft tenant id for Microsoft directory. This is only required if you are using the standard OAuth with Microsoft and you have an Azure AD tenant.' } });
 // Project email config
 export const emailTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'Email provider type, one of shared, standard. "shared" uses Stack shared email provider and it is only meant for development. "standard" uses your own email server and will have your email address as the sender.', exampleValue: 'standard' } });
 export const emailSenderNameSchema = yupString().meta({ openapiField: { description: 'Email sender name. Needs to be specified when using type="standard"', exampleValue: 'Stack' } });

package/dist/utils/env.js

@@ -3,6 +3,10 @@ import { deindent } from "./strings";
 export function isBrowserLike() {
     return typeof window !== "undefined" && typeof document !== "undefined" && typeof document.createElement !== "undefined";
 }
+// newName: oldName
+const ENV_VAR_RENAME = {
+    NEXT_PUBLIC_STACK_API_URL: ['STACK_BASE_URL', 'NEXT_PUBLIC_STACK_URL'],
+};
 /**
  * Returns the environment variable with the given name, returning the default (if given) or throwing an error (otherwise) if it's undefined or the empty string.
  */
@@ -21,7 +25,30 @@ export function getEnvVariable(name, defaultValue) {
       Use getNextRuntime() instead.
     `);
     }
-    return ((process.env[name] || defaultValue) ?? throwErr(`Missing environment variable: ${name}`)) || (defaultValue ?? throwErr(`Empty environment variable: ${name}`));
+    // throw error if the old name is used as the retrieve key
+    for (const [newName, oldNames] of Object.entries(ENV_VAR_RENAME)) {
+        if (oldNames.includes(name)) {
+            throwErr(`Environment variable ${name} has been renamed to ${newName}. Please update your configuration to use the new name.`);
+        }
+    }
+    let value = process.env[name];
+    // check the key under the old name if the new name is not found
+    if (!value && ENV_VAR_RENAME[name]) {
+        for (const oldName of ENV_VAR_RENAME[name]) {
+            value = process.env[oldName];
+            if (value)
+                break;
+        }
+    }
+    if (value === undefined) {
+        if (defaultValue !== undefined) {
+            value = defaultValue;
+        }
+        else {
+            throwErr(`Missing environment variable: ${name}`);
+        }
+    }
+    return value;
 }
 export function getNextRuntime() {
     // This variable is compiled into the client bundle, so we can't use getEnvVariable here.

package/dist/utils/hashes.d.ts

@@ -1,3 +1,4 @@
+export declare function sha512(input: Uint8Array | string): Promise<string>;
 export declare function hashPassword(password: string): Promise<string>;
 export declare function comparePassword(password: string, hash: string): Promise<boolean>;
 export declare function isPasswordHashValid(hash: string): Promise<boolean>;

package/dist/utils/hashes.js

@@ -1,5 +1,11 @@
 import bcrypt from 'bcrypt';
 import { StackAssertionError } from './errors';
+export async function sha512(input) {
+    const bytes = typeof input === "string" ? new TextEncoder().encode(input) : input;
+    return await crypto.subtle.digest("SHA-512", bytes).then(buf => {
+        return Array.prototype.map.call(new Uint8Array(buf), x => (('00' + x.toString(16)).slice(-2))).join('');
+    });
+}
 export async function hashPassword(password) {
     const passwordBytes = new TextEncoder().encode(password);
     if (passwordBytes.length >= 72) {

package/dist/utils/jwt.d.ts

@@ -11,21 +11,26 @@ export declare function verifyJWT(options: {
     issuer: string;
     jwt: string;
 }): Promise<jose.JWTPayload>;
-export declare function getPrivateJwk(secret: string): Promise<{
-    kty: string;
-    crv: string;
+export type PrivateJwk = {
+    kty: "EC";
+    alg: "ES256";
+    crv: "P-256";
+    kid: string;
     d: string;
     x: string;
     y: string;
-}>;
-export declare function getPublicJwkSet(secret: string): Promise<{
-    keys: {
-        kid: string;
-        x: string;
-        kty: string;
-        crv: string;
-        y: string;
-    }[];
+};
+export declare function getPrivateJwk(secret: string): Promise<PrivateJwk>;
+export type PublicJwk = {
+    kty: "EC";
+    alg: "ES256";
+    crv: "P-256";
+    kid: string;
+    x: string;
+    y: string;
+};
+export declare function getPublicJwkSet(secretOrPrivateJwk: string | PrivateJwk): Promise<{
+    keys: PublicJwk[];
 }>;
 export declare function getPerAudienceSecret(options: {
     audience: string;

package/dist/utils/jwt.js

@@ -1,12 +1,11 @@
+import crypto from "crypto";
 import elliptic from "elliptic";
 import * as jose from "jose";
+import { JOSEError } from "jose/errors";
 import { encodeBase64Url } from "./bytes";
-import { getEnvVariable } from "./env";
 import { globalVar } from "./globals";
 import { pick } from "./objects";
-import crypto from "crypto";
-import { JOSEError } from "jose/errors";
-const STACK_SERVER_SECRET = getEnvVariable("STACK_SERVER_SECRET");
+const STACK_SERVER_SECRET = process.env.STACK_SERVER_SECRET ?? "";
 try {
     jose.base64url.decode(STACK_SERVER_SECRET);
 }
@@ -60,21 +59,25 @@ export async function getPrivateJwk(secret) {
     return {
         kty: 'EC',
         crv: 'P-256',
+        alg: 'ES256',
+        kid: getKid({ secret }),
         d: encodeBase64Url(priv),
         x: encodeBase64Url(publicKey.getX().toBuffer()),
         y: encodeBase64Url(publicKey.getY().toBuffer()),
     };
 }
-export async function getPublicJwkSet(secret) {
-    const privateJwk = await getPrivateJwk(secret);
-    const jwk = pick(privateJwk, ["kty", "crv", "x", "y"]);
+export async function getPublicJwkSet(secretOrPrivateJwk) {
+    const privateJwk = typeof secretOrPrivateJwk === "string" ? await getPrivateJwk(secretOrPrivateJwk) : secretOrPrivateJwk;
+    const jwk = pick(privateJwk, ["kty", "alg", "crv", "x", "y", "kid"]);
     return {
-        keys: [{ ...jwk, kid: getKid({ secret }) }],
+        keys: [jwk],
     };
 }
 export function getPerAudienceSecret(options) {
     return jose.base64url.encode(crypto
         .createHash('sha256')
+        // TODO we should prefix a string like "stack-audience-secret" before we hash so you can't use `getKid(...)` to get the secret for eg. the "kid" audience if the same secret value is used
+        // Sadly doing this modification is a bit annoying as we need to leave the old keys to be valid for a little longer
         .update(JSON.stringify([options.secret, options.audience]))
         .digest());
 }
@@ -82,6 +85,6 @@ export function getPerAudienceSecret(options) {
 export function getKid(options) {
     return jose.base64url.encode(crypto
         .createHash('sha256')
-        .update(JSON.stringify([options.secret, "kid"]))
+        .update(JSON.stringify([options.secret, "kid"])) // TODO see above in getPerAudienceSecret
         .digest()).slice(0, 12);
 }

package/dist/utils/node-http.d.ts

@@ -0,0 +1,15 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import { IncomingMessage, ServerResponse } from "http";
+declare class ServerResponseWithBodyChunks extends ServerResponse {
+    bodyChunks: Uint8Array[];
+    _send(data: string, encoding: BufferEncoding, callback?: (() => void) | null, byteLength?: number): void;
+}
+export declare function createNodeHttpServerDuplex(options: {
+    method: string;
+    originalUrl?: URL;
+    url: URL;
+    headers: Headers;
+    body: Uint8Array;
+}): Promise<[IncomingMessage, ServerResponseWithBodyChunks]>;
+export {};

package/dist/utils/node-http.js

@@ -0,0 +1,38 @@
+import { IncomingMessage, ServerResponse } from "http";
+import { getRelativePart } from "./urls";
+class ServerResponseWithBodyChunks extends ServerResponse {
+    constructor() {
+        super(...arguments);
+        this.bodyChunks = [];
+    }
+    // note: we actually override this, even though it's private in the parent
+    _send(data, encoding, callback, byteLength) {
+        if (typeof encoding === "function") {
+            callback = encoding;
+            encoding = "utf-8";
+        }
+        const encodedBuffer = new Uint8Array(Buffer.from(data, encoding));
+        this.bodyChunks.push(encodedBuffer);
+        callback?.();
+    }
+}
+export async function createNodeHttpServerDuplex(options) {
+    // See https://github.com/nodejs/node/blob/main/lib/_http_incoming.js
+    // and https://github.com/nodejs/node/blob/main/lib/_http_common.js (particularly the `parserXyz` functions)
+    const incomingMessage = new IncomingMessage({
+        encrypted: options.originalUrl?.protocol === "https:", // trick frameworks into believing this is an HTTPS request
+    });
+    incomingMessage.httpVersionMajor = 1;
+    incomingMessage.httpVersionMinor = 1;
+    incomingMessage.httpVersion = '1.1';
+    incomingMessage.method = options.method;
+    incomingMessage.url = getRelativePart(options.url);
+    incomingMessage.originalUrl = options.originalUrl && getRelativePart(options.originalUrl); // originalUrl is an extension used by some servers; for example, oidc-provider reads it to construct the paths for the .well-known/openid-configuration
+    const rawHeaders = [...options.headers.entries()].flat();
+    incomingMessage._addHeaderLines(rawHeaders, rawHeaders.length);
+    incomingMessage.push(Buffer.from(options.body));
+    incomingMessage.complete = true;
+    incomingMessage.push(null); // to emit end event, see: https://github.com/nodejs/node/blob/4cf6fabce20eb3050c5b543d249e931ea3d3cad5/lib/_http_common.js#L150
+    const serverResponse = new ServerResponseWithBodyChunks(incomingMessage);
+    return [incomingMessage, serverResponse];
+}

package/dist/utils/strings.js

@@ -210,6 +210,9 @@ export function nicify(value, options = {}) {
             if (value instanceof URL) {
                 return `URL(${JSON.stringify(value.toString())})`;
             }
+            if (ArrayBuffer.isView(value)) {
+                return `${value.constructor.name}([${value.toString()}])`;
+            }
             const constructorName = [null, Object.prototype].includes(Object.getPrototypeOf(value)) ? null : (nicifiableClassNameOverrides.get(value.constructor) ?? value.constructor.name);
             const constructorString = constructorName ? `${nicifyPropertyString(constructorName)} ` : "";
             const entries = getNicifiableEntries(value).filter(([k]) => !hideFields.includes(k));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.6.29",
+  "version": "2.6.31",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -50,7 +50,7 @@
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.6.29"
+    "@stackframe/stack-sc": "2.6.31"
   },
   "devDependencies": {
     "@simplewebauthn/types": "^11.0.0",