@stackframe/stack-shared 2.6.30 → 2.6.31

package/CHANGELOG.md

@@ -1,5 +1,12 @@
 # @stackframe/stack-shared
 
+## 2.6.31
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-sc@2.6.31
+
 ## 2.6.30
 
 ### Patch Changes

package/dist/interface/adminInterface.js

@@ -30,7 +30,7 @@ export class StackAdminInterface extends StackServerInterface {
         return await response.json();
     }
     async createApiKey(options) {
-        const response = await this.sendServerRequest("/internal/api-keys", {
+        const response = await this.sendAdminRequest("/internal/api-keys", {
             method: "POST",
             headers: {
                 "content-type": "application/json",

package/dist/interface/clientInterface.d.ts

@@ -186,6 +186,7 @@ export declare class StackClientInterface {
     createProject(project: InternalProjectsCrud['Client']['Create'], session: InternalSession): Promise<InternalProjectsCrud['Client']['Read']>;
     createProviderAccessToken(provider: string, scope: string, session: InternalSession): Promise<ConnectedAccountAccessTokenCrud['Client']['Read']>;
     createClientTeam(data: TeamsCrud['Client']['Create'], session: InternalSession): Promise<TeamsCrud['Client']['Read']>;
+    deleteTeam(teamId: string, session: InternalSession): Promise<void>;
     deleteCurrentUser(session: InternalSession): Promise<void>;
     createClientContactChannel(data: ContactChannelsCrud['Client']['Create'], session: InternalSession): Promise<ContactChannelsCrud['Client']['Read']>;
     updateClientContactChannel(id: string, data: ContactChannelsCrud['Client']['Update'], session: InternalSession): Promise<ContactChannelsCrud['Client']['Read']>;

package/dist/interface/clientInterface.js

@@ -812,6 +812,11 @@ export class StackClientInterface {
         }, session);
         return await response.json();
     }
+    async deleteTeam(teamId, session) {
+        await this.sendClientRequest(`/teams/${teamId}`, {
+            method: "DELETE",
+        }, session);
+    }
     async deleteCurrentUser(session) {
         await this.sendClientRequest("/users/me", {
             method: "DELETE",

package/dist/schema-fields.d.ts

@@ -20,6 +20,7 @@ export declare function yupMixed<A extends {}>(...args: Parameters<typeof yup.mi
 export declare function yupArray<A extends yup.Maybe<yup.AnyObject> = yup.AnyObject, B = any>(...args: Parameters<typeof yup.array<A, B>>): yup.ArraySchema<B[] | undefined, A, undefined, "">;
 export declare function yupTuple<T extends [unknown, ...unknown[]]>(...args: Parameters<typeof yup.tuple<T>>): yup.TupleSchema<T | undefined, yup.AnyObject, undefined, "">;
 export declare function yupObject<A extends yup.Maybe<yup.AnyObject>, B extends yup.ObjectShape>(...args: Parameters<typeof yup.object<A, B>>): yup.ObjectSchema<yup.TypeFromShape<B, yup.AnyObject> extends infer T ? T extends yup.TypeFromShape<B, yup.AnyObject> ? T extends {} ? { [k in keyof T]: T[k]; } : T : never : never, yup.AnyObject, yup.DefaultFromShape<B> extends infer T_1 ? T_1 extends yup.DefaultFromShape<B> ? T_1 extends {} ? { [k_1 in keyof T_1]: T_1[k_1]; } : T_1 : never : never, "">;
+export declare function yupNever(): yup.MixedSchema<never>;
 export declare function yupUnion<T extends yup.ISchema<any>[]>(...args: T): yup.MixedSchema<yup.InferType<T[number]>>;
 export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | undefined, yup.AnyObject, undefined, "">;
 /**

package/dist/schema-fields.js

@@ -123,6 +123,9 @@ export function yupObject(...args) {
     // we don't want to update the type of `object` to have a default flag
     return object.default(undefined);
 }
+export function yupNever() {
+    return yupMixed().test('never', 'This value should never be reached', () => false);
+}
 export function yupUnion(...args) {
     if (args.length === 0)
         throw new Error('yupUnion must have at least one schema');
@@ -171,7 +174,7 @@ export const urlSchema = yupString().test({
     },
 });
 export const jsonSchema = yupMixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));
-export const jsonStringSchema = yupString().test("json", "Invalid JSON format", (value) => {
+export const jsonStringSchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
     if (value == null)
         return true;
     try {
@@ -182,7 +185,7 @@ export const jsonStringSchema = yupString().test("json", "Invalid JSON format",
         return false;
     }
 });
-export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON format", (value) => {
+export const jsonStringOrEmptySchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
     if (!value)
         return true;
     try {
@@ -193,7 +196,7 @@ export const jsonStringOrEmptySchema = yupString().test("json", "Invalid JSON fo
         return false;
     }
 });
-export const base64Schema = yupString().test("is-base64", "Invalid base64 format", (value) => {
+export const base64Schema = yupString().test("is-base64", (params) => `${params.path} is not valid base64`, (value) => {
     if (value == null)
         return true;
     return isBase64(value);

package/dist/utils/env.js

@@ -3,6 +3,10 @@ import { deindent } from "./strings";
 export function isBrowserLike() {
     return typeof window !== "undefined" && typeof document !== "undefined" && typeof document.createElement !== "undefined";
 }
+// newName: oldName
+const ENV_VAR_RENAME = {
+    NEXT_PUBLIC_STACK_API_URL: ['STACK_BASE_URL', 'NEXT_PUBLIC_STACK_URL'],
+};
 /**
  * Returns the environment variable with the given name, returning the default (if given) or throwing an error (otherwise) if it's undefined or the empty string.
  */
@@ -21,7 +25,30 @@ export function getEnvVariable(name, defaultValue) {
       Use getNextRuntime() instead.
     `);
     }
-    return ((process.env[name] || defaultValue) ?? throwErr(`Missing environment variable: ${name}`)) || (defaultValue ?? throwErr(`Empty environment variable: ${name}`));
+    // throw error if the old name is used as the retrieve key
+    for (const [newName, oldNames] of Object.entries(ENV_VAR_RENAME)) {
+        if (oldNames.includes(name)) {
+            throwErr(`Environment variable ${name} has been renamed to ${newName}. Please update your configuration to use the new name.`);
+        }
+    }
+    let value = process.env[name];
+    // check the key under the old name if the new name is not found
+    if (!value && ENV_VAR_RENAME[name]) {
+        for (const oldName of ENV_VAR_RENAME[name]) {
+            value = process.env[oldName];
+            if (value)
+                break;
+        }
+    }
+    if (value === undefined) {
+        if (defaultValue !== undefined) {
+            value = defaultValue;
+        }
+        else {
+            throwErr(`Missing environment variable: ${name}`);
+        }
+    }
+    return value;
 }
 export function getNextRuntime() {
     // This variable is compiled into the client bundle, so we can't use getEnvVariable here.

package/dist/utils/hashes.d.ts

@@ -1,3 +1,4 @@
+export declare function sha512(input: Uint8Array | string): Promise<string>;
 export declare function hashPassword(password: string): Promise<string>;
 export declare function comparePassword(password: string, hash: string): Promise<boolean>;
 export declare function isPasswordHashValid(hash: string): Promise<boolean>;

package/dist/utils/hashes.js

@@ -1,5 +1,11 @@
 import bcrypt from 'bcrypt';
 import { StackAssertionError } from './errors';
+export async function sha512(input) {
+    const bytes = typeof input === "string" ? new TextEncoder().encode(input) : input;
+    return await crypto.subtle.digest("SHA-512", bytes).then(buf => {
+        return Array.prototype.map.call(new Uint8Array(buf), x => (('00' + x.toString(16)).slice(-2))).join('');
+    });
+}
 export async function hashPassword(password) {
     const passwordBytes = new TextEncoder().encode(password);
     if (passwordBytes.length >= 72) {

package/dist/utils/jwt.d.ts

@@ -11,21 +11,26 @@ export declare function verifyJWT(options: {
     issuer: string;
     jwt: string;
 }): Promise<jose.JWTPayload>;
-export declare function getPrivateJwk(secret: string): Promise<{
-    kty: string;
-    crv: string;
+export type PrivateJwk = {
+    kty: "EC";
+    alg: "ES256";
+    crv: "P-256";
+    kid: string;
     d: string;
     x: string;
     y: string;
-}>;
-export declare function getPublicJwkSet(secret: string): Promise<{
-    keys: {
-        kid: string;
-        x: string;
-        kty: string;
-        crv: string;
-        y: string;
-    }[];
+};
+export declare function getPrivateJwk(secret: string): Promise<PrivateJwk>;
+export type PublicJwk = {
+    kty: "EC";
+    alg: "ES256";
+    crv: "P-256";
+    kid: string;
+    x: string;
+    y: string;
+};
+export declare function getPublicJwkSet(secretOrPrivateJwk: string | PrivateJwk): Promise<{
+    keys: PublicJwk[];
 }>;
 export declare function getPerAudienceSecret(options: {
     audience: string;

package/dist/utils/jwt.js

@@ -1,12 +1,11 @@
+import crypto from "crypto";
 import elliptic from "elliptic";
 import * as jose from "jose";
+import { JOSEError } from "jose/errors";
 import { encodeBase64Url } from "./bytes";
-import { getEnvVariable } from "./env";
 import { globalVar } from "./globals";
 import { pick } from "./objects";
-import crypto from "crypto";
-import { JOSEError } from "jose/errors";
-const STACK_SERVER_SECRET = getEnvVariable("STACK_SERVER_SECRET");
+const STACK_SERVER_SECRET = process.env.STACK_SERVER_SECRET ?? "";
 try {
     jose.base64url.decode(STACK_SERVER_SECRET);
 }
@@ -60,21 +59,25 @@ export async function getPrivateJwk(secret) {
     return {
         kty: 'EC',
         crv: 'P-256',
+        alg: 'ES256',
+        kid: getKid({ secret }),
         d: encodeBase64Url(priv),
         x: encodeBase64Url(publicKey.getX().toBuffer()),
         y: encodeBase64Url(publicKey.getY().toBuffer()),
     };
 }
-export async function getPublicJwkSet(secret) {
-    const privateJwk = await getPrivateJwk(secret);
-    const jwk = pick(privateJwk, ["kty", "crv", "x", "y"]);
+export async function getPublicJwkSet(secretOrPrivateJwk) {
+    const privateJwk = typeof secretOrPrivateJwk === "string" ? await getPrivateJwk(secretOrPrivateJwk) : secretOrPrivateJwk;
+    const jwk = pick(privateJwk, ["kty", "alg", "crv", "x", "y", "kid"]);
     return {
-        keys: [{ ...jwk, kid: getKid({ secret }) }],
+        keys: [jwk],
     };
 }
 export function getPerAudienceSecret(options) {
     return jose.base64url.encode(crypto
         .createHash('sha256')
+        // TODO we should prefix a string like "stack-audience-secret" before we hash so you can't use `getKid(...)` to get the secret for eg. the "kid" audience if the same secret value is used
+        // Sadly doing this modification is a bit annoying as we need to leave the old keys to be valid for a little longer
         .update(JSON.stringify([options.secret, options.audience]))
         .digest());
 }
@@ -82,6 +85,6 @@ export function getPerAudienceSecret(options) {
 export function getKid(options) {
     return jose.base64url.encode(crypto
         .createHash('sha256')
-        .update(JSON.stringify([options.secret, "kid"]))
+        .update(JSON.stringify([options.secret, "kid"])) // TODO see above in getPerAudienceSecret
         .digest()).slice(0, 12);
 }

package/dist/utils/node-http.d.ts

@@ -0,0 +1,15 @@
+/// <reference types="node" />
+/// <reference types="node" />
+import { IncomingMessage, ServerResponse } from "http";
+declare class ServerResponseWithBodyChunks extends ServerResponse {
+    bodyChunks: Uint8Array[];
+    _send(data: string, encoding: BufferEncoding, callback?: (() => void) | null, byteLength?: number): void;
+}
+export declare function createNodeHttpServerDuplex(options: {
+    method: string;
+    originalUrl?: URL;
+    url: URL;
+    headers: Headers;
+    body: Uint8Array;
+}): Promise<[IncomingMessage, ServerResponseWithBodyChunks]>;
+export {};

package/dist/utils/node-http.js

@@ -0,0 +1,38 @@
+import { IncomingMessage, ServerResponse } from "http";
+import { getRelativePart } from "./urls";
+class ServerResponseWithBodyChunks extends ServerResponse {
+    constructor() {
+        super(...arguments);
+        this.bodyChunks = [];
+    }
+    // note: we actually override this, even though it's private in the parent
+    _send(data, encoding, callback, byteLength) {
+        if (typeof encoding === "function") {
+            callback = encoding;
+            encoding = "utf-8";
+        }
+        const encodedBuffer = new Uint8Array(Buffer.from(data, encoding));
+        this.bodyChunks.push(encodedBuffer);
+        callback?.();
+    }
+}
+export async function createNodeHttpServerDuplex(options) {
+    // See https://github.com/nodejs/node/blob/main/lib/_http_incoming.js
+    // and https://github.com/nodejs/node/blob/main/lib/_http_common.js (particularly the `parserXyz` functions)
+    const incomingMessage = new IncomingMessage({
+        encrypted: options.originalUrl?.protocol === "https:", // trick frameworks into believing this is an HTTPS request
+    });
+    incomingMessage.httpVersionMajor = 1;
+    incomingMessage.httpVersionMinor = 1;
+    incomingMessage.httpVersion = '1.1';
+    incomingMessage.method = options.method;
+    incomingMessage.url = getRelativePart(options.url);
+    incomingMessage.originalUrl = options.originalUrl && getRelativePart(options.originalUrl); // originalUrl is an extension used by some servers; for example, oidc-provider reads it to construct the paths for the .well-known/openid-configuration
+    const rawHeaders = [...options.headers.entries()].flat();
+    incomingMessage._addHeaderLines(rawHeaders, rawHeaders.length);
+    incomingMessage.push(Buffer.from(options.body));
+    incomingMessage.complete = true;
+    incomingMessage.push(null); // to emit end event, see: https://github.com/nodejs/node/blob/4cf6fabce20eb3050c5b543d249e931ea3d3cad5/lib/_http_common.js#L150
+    const serverResponse = new ServerResponseWithBodyChunks(incomingMessage);
+    return [incomingMessage, serverResponse];
+}

package/dist/utils/strings.js

@@ -210,6 +210,9 @@ export function nicify(value, options = {}) {
             if (value instanceof URL) {
                 return `URL(${JSON.stringify(value.toString())})`;
             }
+            if (ArrayBuffer.isView(value)) {
+                return `${value.constructor.name}([${value.toString()}])`;
+            }
             const constructorName = [null, Object.prototype].includes(Object.getPrototypeOf(value)) ? null : (nicifiableClassNameOverrides.get(value.constructor) ?? value.constructor.name);
             const constructorString = constructorName ? `${nicifyPropertyString(constructorName)} ` : "";
             const entries = getNicifiableEntries(value).filter(([k]) => !hideFields.includes(k));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.6.30",
+  "version": "2.6.31",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -50,7 +50,7 @@
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.6.30"
+    "@stackframe/stack-sc": "2.6.31"
   },
   "devDependencies": {
     "@simplewebauthn/types": "^11.0.0",