@stackframe/stack-shared 2.7.25 → 2.7.27

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @stackframe/stack-shared
 
+## 2.7.27
+
+### Patch Changes
+
+- Various changes
+
+## 2.7.26
+
+### Patch Changes
+
+- Various changes
+
 ## 2.7.25
 
 ## 2.7.24

package/dist/interface/adminInterface.d.ts

@@ -1,6 +1,7 @@
 import { InternalSession } from "../sessions";
 import { ApiKeysCrud } from "./crud/api-keys";
 import { EmailTemplateCrud, EmailTemplateType } from "./crud/email-templates";
+import { InternalEmailsCrud } from "./crud/emails";
 import { ProjectsCrud } from "./crud/projects";
 import { SvixTokenCrud } from "./crud/svix-token";
 import { TeamPermissionDefinitionsCrud } from "./crud/team-permissions";
@@ -61,4 +62,5 @@ export declare class StackAdminInterface extends StackServerInterface {
         success: boolean;
         error_message?: string;
     }>;
+    listSentEmails(): Promise<InternalEmailsCrud["Admin"]["List"]>;
 }

package/dist/interface/adminInterface.js

@@ -136,4 +136,10 @@ export class StackAdminInterface extends StackServerInterface {
         }, null);
         return await response.json();
     }
+    async listSentEmails() {
+        const response = await this.sendAdminRequest("/internal/emails", {
+            method: "GET",
+        }, null);
+        return await response.json();
+    }
 }

package/dist/interface/clientInterface.d.ts

@@ -7,6 +7,7 @@ import { ContactChannelsCrud } from './crud/contact-channels';
 import { CurrentUserCrud } from './crud/current-user';
 import { ConnectedAccountAccessTokenCrud } from './crud/oauth';
 import { InternalProjectsCrud, ProjectsCrud } from './crud/projects';
+import { SessionsCrud } from './crud/sessions';
 import { TeamInvitationCrud } from './crud/team-invitation';
 import { TeamMemberProfilesCrud } from './crud/team-member-profiles';
 import { TeamPermissionsCrud } from './crud/team-permissions';
@@ -193,6 +194,9 @@ export declare class StackClientInterface {
     createClientContactChannel(data: ContactChannelsCrud['Client']['Create'], session: InternalSession): Promise<ContactChannelsCrud['Client']['Read']>;
     updateClientContactChannel(id: string, data: ContactChannelsCrud['Client']['Update'], session: InternalSession): Promise<ContactChannelsCrud['Client']['Read']>;
     deleteClientContactChannel(id: string, session: InternalSession): Promise<void>;
+    deleteSession(sessionId: string, session: InternalSession): Promise<void>;
+    listSessions(session: InternalSession): Promise<SessionsCrud['Client']['List']>;
     listClientContactChannels(session: InternalSession): Promise<ContactChannelsCrud['Client']['Read'][]>;
     sendCurrentUserContactChannelVerificationEmail(contactChannelId: string, callbackUrl: string, session: InternalSession): Promise<Result<undefined, KnownErrors["EmailAlreadyVerified"]>>;
+    cliLogin(loginCode: string, refreshToken: string, session: InternalSession): Promise<Result<undefined, KnownErrors["SchemaError"]>>;
 }

package/dist/interface/clientInterface.js

@@ -876,6 +876,17 @@ export class StackClientInterface {
             method: "DELETE",
         }, session);
     }
+    async deleteSession(sessionId, session) {
+        await this.sendClientRequest(`/auth/sessions/${sessionId}?user_id=me`, {
+            method: "DELETE",
+        }, session);
+    }
+    async listSessions(session) {
+        const response = await this.sendClientRequest("/auth/sessions?user_id=me", {
+            method: "GET",
+        }, session);
+        return await response.json();
+    }
     async listClientContactChannels(session) {
         const response = await this.sendClientRequest("/contact-channels?user_id=me", {
             method: "GET",
@@ -896,4 +907,20 @@ export class StackClientInterface {
         }
         return Result.ok(undefined);
     }
+    async cliLogin(loginCode, refreshToken, session) {
+        const responseOrError = await this.sendClientRequestAndCatchKnownError("/auth/cli/complete", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify({
+                login_code: loginCode,
+                refresh_token: refreshToken,
+            }),
+        }, session, [KnownErrors.SchemaError]);
+        if (responseOrError.status === "error") {
+            return Result.error(responseOrError.error);
+        }
+        return Result.ok(undefined);
+    }
 }

package/dist/interface/crud/emails.d.ts

@@ -0,0 +1,34 @@
+import { CrudTypeOf } from "../../crud";
+export declare const sentEmailReadSchema: import("yup").ObjectSchema<{
+    id: string;
+    subject: string;
+    sent_at_millis: number;
+    to: string[] | undefined;
+    sender_config: {} | null;
+    error: {} | null | undefined;
+}, import("yup").AnyObject, {
+    id: undefined;
+    subject: undefined;
+    sent_at_millis: undefined;
+    to: undefined;
+    sender_config: undefined;
+    error: undefined;
+}, "">;
+export declare const internalEmailsCrud: import("../../crud").CrudSchemaFromOptions<{
+    clientReadSchema: import("yup").ObjectSchema<{
+        id: string;
+        subject: string;
+        sent_at_millis: number;
+        to: string[] | undefined;
+        sender_config: {} | null;
+        error: {} | null | undefined;
+    }, import("yup").AnyObject, {
+        id: undefined;
+        subject: undefined;
+        sent_at_millis: undefined;
+        to: undefined;
+        sender_config: undefined;
+        error: undefined;
+    }, "">;
+}>;
+export type InternalEmailsCrud = CrudTypeOf<typeof internalEmailsCrud>;

package/dist/interface/crud/emails.js

@@ -0,0 +1,13 @@
+import { createCrud } from "../../crud";
+import * as fieldSchema from "../../schema-fields";
+export const sentEmailReadSchema = fieldSchema.yupObject({
+    id: fieldSchema.yupString().defined(),
+    subject: fieldSchema.yupString().defined(),
+    sent_at_millis: fieldSchema.yupNumber().defined(),
+    to: fieldSchema.yupArray(fieldSchema.yupString().defined()),
+    sender_config: fieldSchema.yupMixed().nullable().defined(),
+    error: fieldSchema.yupMixed().nullable().optional(),
+}).defined();
+export const internalEmailsCrud = createCrud({
+    clientReadSchema: sentEmailReadSchema,
+});

package/dist/interface/crud/projects.d.ts

@@ -64,6 +64,7 @@ export declare const projectsCrudAdminReadSchema: import("yup").ObjectSchema<{
         team_member_default_permissions: {
             id: string;
         }[];
+        oauth_account_merge_strategy: "link_method" | "raise_error" | "allow_duplicates";
     };
 }, import("yup").AnyObject, {
     id: undefined;
@@ -96,6 +97,7 @@ export declare const projectsCrudAdminReadSchema: import("yup").ObjectSchema<{
         create_team_on_sign_up: undefined;
         team_creator_default_permissions: undefined;
         team_member_default_permissions: undefined;
+        oauth_account_merge_strategy: undefined;
     };
 }, "">;
 export declare const projectsCrudClientReadSchema: import("yup").ObjectSchema<{
@@ -166,6 +168,7 @@ export declare const projectsCrudAdminUpdateSchema: import("yup").ObjectSchema<{
         team_member_default_permissions?: {
             id: string;
         }[] | undefined;
+        oauth_account_merge_strategy?: "link_method" | "raise_error" | "allow_duplicates" | undefined;
     } | undefined;
 }, import("yup").AnyObject, {
     display_name: undefined;
@@ -214,6 +217,7 @@ export declare const projectsCrudAdminCreateSchema: import("yup").ObjectSchema<{
         team_member_default_permissions?: {
             id: string;
         }[] | undefined;
+        oauth_account_merge_strategy?: "link_method" | "raise_error" | "allow_duplicates" | undefined;
     } | undefined;
 } & {
     display_name: string;
@@ -300,6 +304,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             team_member_default_permissions: {
                 id: string;
             }[];
+            oauth_account_merge_strategy: "link_method" | "raise_error" | "allow_duplicates";
         };
     }, import("yup").AnyObject, {
         id: undefined;
@@ -332,6 +337,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             create_team_on_sign_up: undefined;
             team_creator_default_permissions: undefined;
             team_member_default_permissions: undefined;
+            oauth_account_merge_strategy: undefined;
         };
     }, "">;
     adminUpdateSchema: import("yup").ObjectSchema<{
@@ -375,6 +381,7 @@ export declare const projectsCrud: import("../../crud").CrudSchemaFromOptions<{
             team_member_default_permissions?: {
                 id: string;
             }[] | undefined;
+            oauth_account_merge_strategy?: "link_method" | "raise_error" | "allow_duplicates" | undefined;
         } | undefined;
     }, import("yup").AnyObject, {
         display_name: undefined;
@@ -456,6 +463,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
             team_member_default_permissions: {
                 id: string;
             }[];
+            oauth_account_merge_strategy: "link_method" | "raise_error" | "allow_duplicates";
         };
     }, import("yup").AnyObject, {
         id: undefined;
@@ -488,6 +496,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
             create_team_on_sign_up: undefined;
             team_creator_default_permissions: undefined;
             team_member_default_permissions: undefined;
+            oauth_account_merge_strategy: undefined;
         };
     }, "">;
     clientCreateSchema: import("yup").ObjectSchema<{
@@ -531,6 +540,7 @@ export declare const internalProjectsCrud: import("../../crud").CrudSchemaFromOp
             team_member_default_permissions?: {
                 id: string;
             }[] | undefined;
+            oauth_account_merge_strategy?: "link_method" | "raise_error" | "allow_duplicates" | undefined;
         } | undefined;
     } & {
         display_name: string;

package/dist/interface/crud/projects.js

@@ -74,6 +74,7 @@ export const projectsCrudAdminReadSchema = yupObject({
         create_team_on_sign_up: schemaFields.projectCreateTeamOnSignUpSchema.defined(),
         team_creator_default_permissions: yupArray(teamPermissionSchema.defined()).defined(),
         team_member_default_permissions: yupArray(teamPermissionSchema.defined()).defined(),
+        oauth_account_merge_strategy: schemaFields.oauthAccountMergeStrategySchema.defined(),
     }).defined(),
 }).defined();
 export const projectsCrudClientReadSchema = yupObject({
@@ -107,6 +108,7 @@ export const projectsCrudAdminUpdateSchema = yupObject({
         create_team_on_sign_up: schemaFields.projectCreateTeamOnSignUpSchema.optional(),
         team_creator_default_permissions: yupArray(teamPermissionSchema.defined()).optional(),
         team_member_default_permissions: yupArray(teamPermissionSchema.defined()).optional(),
+        oauth_account_merge_strategy: schemaFields.oauthAccountMergeStrategySchema.optional(),
     }).optional().default(undefined),
 }).defined();
 export const projectsCrudAdminCreateSchema = projectsCrudAdminUpdateSchema.concat(yupObject({

package/dist/interface/crud/sessions.d.ts

@@ -0,0 +1,144 @@
+import { CrudTypeOf } from "../../crud";
+export declare const sessionsCrudServerCreateSchema: import("yup").ObjectSchema<{
+    user_id: string;
+    expires_in_millis: number;
+    is_impersonation: boolean;
+}, import("yup").AnyObject, {
+    user_id: undefined;
+    expires_in_millis: number;
+    is_impersonation: false;
+}, "">;
+export declare const sessionsCreateOutputSchema: import("yup").ObjectSchema<{
+    refresh_token: string;
+    access_token: string;
+}, import("yup").AnyObject, {
+    refresh_token: undefined;
+    access_token: undefined;
+}, "">;
+export declare const sessionsCrudReadSchema: import("yup").ObjectSchema<{
+    id: string;
+    user_id: string;
+    created_at: number;
+    is_impersonation: boolean;
+    last_used_at: number | undefined;
+    is_current_session: boolean | undefined;
+    last_used_at_end_user_ip_info: {
+        countryCode?: string | null | undefined;
+        regionCode?: string | null | undefined;
+        cityName?: string | null | undefined;
+        latitude?: number | null | undefined;
+        longitude?: number | null | undefined;
+        tzIdentifier?: string | null | undefined;
+        ip: string;
+    } | undefined;
+}, import("yup").AnyObject, {
+    id: undefined;
+    user_id: undefined;
+    created_at: undefined;
+    is_impersonation: undefined;
+    last_used_at: undefined;
+    is_current_session: undefined;
+    last_used_at_end_user_ip_info: {
+        ip: undefined;
+        countryCode: undefined;
+        regionCode: undefined;
+        cityName: undefined;
+        latitude: undefined;
+        longitude: undefined;
+        tzIdentifier: undefined;
+    };
+}, "">;
+export declare const sessionsCrudDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
+export declare const sessionsCrud: import("../../crud").CrudSchemaFromOptions<{
+    serverReadSchema: import("yup").ObjectSchema<{
+        id: string;
+        user_id: string;
+        created_at: number;
+        is_impersonation: boolean;
+        last_used_at: number | undefined;
+        is_current_session: boolean | undefined;
+        last_used_at_end_user_ip_info: {
+            countryCode?: string | null | undefined;
+            regionCode?: string | null | undefined;
+            cityName?: string | null | undefined;
+            latitude?: number | null | undefined;
+            longitude?: number | null | undefined;
+            tzIdentifier?: string | null | undefined;
+            ip: string;
+        } | undefined;
+    }, import("yup").AnyObject, {
+        id: undefined;
+        user_id: undefined;
+        created_at: undefined;
+        is_impersonation: undefined;
+        last_used_at: undefined;
+        is_current_session: undefined;
+        last_used_at_end_user_ip_info: {
+            ip: undefined;
+            countryCode: undefined;
+            regionCode: undefined;
+            cityName: undefined;
+            latitude: undefined;
+            longitude: undefined;
+            tzIdentifier: undefined;
+        };
+    }, "">;
+    serverDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
+    clientReadSchema: import("yup").ObjectSchema<{
+        id: string;
+        user_id: string;
+        created_at: number;
+        is_impersonation: boolean;
+        last_used_at: number | undefined;
+        is_current_session: boolean | undefined;
+        last_used_at_end_user_ip_info: {
+            countryCode?: string | null | undefined;
+            regionCode?: string | null | undefined;
+            cityName?: string | null | undefined;
+            latitude?: number | null | undefined;
+            longitude?: number | null | undefined;
+            tzIdentifier?: string | null | undefined;
+            ip: string;
+        } | undefined;
+    }, import("yup").AnyObject, {
+        id: undefined;
+        user_id: undefined;
+        created_at: undefined;
+        is_impersonation: undefined;
+        last_used_at: undefined;
+        is_current_session: undefined;
+        last_used_at_end_user_ip_info: {
+            ip: undefined;
+            countryCode: undefined;
+            regionCode: undefined;
+            cityName: undefined;
+            latitude: undefined;
+            longitude: undefined;
+            tzIdentifier: undefined;
+        };
+    }, "">;
+    clientDeleteSchema: import("yup").MixedSchema<{} | undefined, import("yup").AnyObject, undefined, "">;
+    docs: {
+        serverList: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        serverDelete: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        clientList: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+        clientDelete: {
+            summary: string;
+            description: string;
+            tags: string[];
+        };
+    };
+}>;
+export type SessionsCrud = CrudTypeOf<typeof sessionsCrud>;

package/dist/interface/crud/sessions.js

@@ -0,0 +1,55 @@
+import { createCrud } from "../../crud";
+import { yupBoolean, yupMixed, yupNumber, yupObject, yupString } from "../../schema-fields";
+import { geoInfoSchema } from "../../utils/geo";
+// Create
+export const sessionsCrudServerCreateSchema = yupObject({
+    user_id: yupString().uuid().defined(),
+    expires_in_millis: yupNumber().max(1000 * 60 * 60 * 24 * 367).default(1000 * 60 * 60 * 24 * 365),
+    is_impersonation: yupBoolean().default(false),
+}).defined();
+export const sessionsCreateOutputSchema = yupObject({
+    refresh_token: yupString().defined(),
+    access_token: yupString().defined(),
+}).defined();
+export const sessionsCrudReadSchema = yupObject({
+    id: yupString().defined(),
+    user_id: yupString().uuid().defined(),
+    created_at: yupNumber().defined(),
+    is_impersonation: yupBoolean().defined(),
+    last_used_at: yupNumber().optional(),
+    is_current_session: yupBoolean(),
+    // TODO move this to a shared type
+    // TODO: what about if not trusted?
+    last_used_at_end_user_ip_info: geoInfoSchema.optional(),
+}).defined();
+// Delete
+export const sessionsCrudDeleteSchema = yupMixed();
+export const sessionsCrud = createCrud({
+    // serverCreateSchema: sessionsCrudServerCreateSchema,
+    serverReadSchema: sessionsCrudReadSchema,
+    serverDeleteSchema: sessionsCrudDeleteSchema,
+    clientReadSchema: sessionsCrudReadSchema,
+    clientDeleteSchema: sessionsCrudDeleteSchema,
+    docs: {
+        serverList: {
+            summary: "List sessions",
+            description: "List all sessions for the current user.",
+            tags: ["Sessions"],
+        },
+        serverDelete: {
+            summary: "Delete session",
+            description: "Delete a session by ID.",
+            tags: ["Sessions"],
+        },
+        clientList: {
+            summary: "List sessions",
+            description: "List all sessions for the current user.",
+            tags: ["Sessions"],
+        },
+        clientDelete: {
+            summary: "Delete session",
+            description: "Delete a session by ID.",
+            tags: ["Sessions"],
+        },
+    },
+});

package/dist/interface/crud/team-permissions.d.ts

@@ -46,6 +46,40 @@ export declare const teamPermissionsCrud: import("../../crud").CrudSchemaFromOpt
     };
 }>;
 export type TeamPermissionsCrud = CrudTypeOf<typeof teamPermissionsCrud>;
+export declare const teamPermissionCreatedWebhookEvent: {
+    type: string;
+    schema: import("yup").ObjectSchema<{
+        id: string;
+        user_id: string;
+        team_id: string;
+    }, import("yup").AnyObject, {
+        id: undefined;
+        user_id: undefined;
+        team_id: undefined;
+    }, "">;
+    metadata: {
+        summary: string;
+        description: string;
+        tags: string[];
+    };
+};
+export declare const teamPermissionDeletedWebhookEvent: {
+    type: string;
+    schema: import("yup").ObjectSchema<{
+        id: string;
+        user_id: string;
+        team_id: string;
+    }, import("yup").AnyObject, {
+        id: undefined;
+        user_id: undefined;
+        team_id: undefined;
+    }, "">;
+    metadata: {
+        summary: string;
+        description: string;
+        tags: string[];
+    };
+};
 export declare const teamPermissionDefinitionsCrudAdminReadSchema: import("yup").ObjectSchema<{
     id: string;
     description: string | undefined;

package/dist/interface/crud/team-permissions.js

@@ -36,6 +36,24 @@ export const teamPermissionsCrud = createCrud({
         },
     },
 });
+export const teamPermissionCreatedWebhookEvent = {
+    type: "team_permission.created",
+    schema: teamPermissionsCrud.server.readSchema,
+    metadata: {
+        summary: "Team Permission Created",
+        description: "This event is triggered when a team permission is created.",
+        tags: ["Teams"],
+    },
+};
+export const teamPermissionDeletedWebhookEvent = {
+    type: "team_permission.deleted",
+    schema: teamPermissionsCrud.server.readSchema,
+    metadata: {
+        summary: "Team Permission Deleted",
+        description: "This event is triggered when a team permission is deleted.",
+        tags: ["Teams"],
+    },
+};
 // =============== Team permission definitions =================
 export const teamPermissionDefinitionsCrudAdminReadSchema = yupObject({
     id: schemaFields.teamPermissionDefinitionIdSchema.defined(),

package/dist/interface/serverInterface.d.ts

@@ -5,6 +5,7 @@ import { ClientInterfaceOptions, StackClientInterface } from "./clientInterface"
 import { ContactChannelsCrud } from "./crud/contact-channels";
 import { CurrentUserCrud } from "./crud/current-user";
 import { ConnectedAccountAccessTokenCrud } from "./crud/oauth";
+import { SessionsCrud } from "./crud/sessions";
 import { TeamInvitationCrud } from "./crud/team-invitation";
 import { TeamMemberProfilesCrud } from "./crud/team-member-profiles";
 import { TeamMembershipsCrud } from "./crud/team-memberships";
@@ -74,7 +75,7 @@ export declare class StackServerInterface extends StackClientInterface {
     }): Promise<void>;
     updateServerUser(userId: string, update: UsersCrud['Server']['Update']): Promise<UsersCrud['Server']['Read']>;
     createServerProviderAccessToken(userId: string, provider: string, scope: string): Promise<ConnectedAccountAccessTokenCrud['Server']['Read']>;
-    createServerUserSession(userId: string, expiresInMillis: number): Promise<{
+    createServerUserSession(userId: string, expiresInMillis: number, isImpersonation: boolean): Promise<{
         accessToken: string;
         refreshToken: string;
     }>;
@@ -95,6 +96,8 @@ export declare class StackServerInterface extends StackClientInterface {
     deleteServerContactChannel(userId: string, contactChannelId: string): Promise<void>;
     listServerContactChannels(userId: string): Promise<ContactChannelsCrud['Server']['Read'][]>;
     sendServerContactChannelVerificationEmail(userId: string, contactChannelId: string, callbackUrl: string): Promise<void>;
+    listServerSessions(userId: string): Promise<SessionsCrud['Server']['Read'][]>;
+    deleteServerSession(sessionId: string): Promise<void>;
     sendServerTeamInvitation(options: {
         email: string;
         teamId: string;

package/dist/interface/serverInterface.js

@@ -58,10 +58,11 @@ export class StackServerInterface extends StackClientInterface {
         return user;
     }
     async getServerUserById(userId) {
-        const response = await this.sendServerRequest(urlString `/users/${userId}`, {}, null);
-        const user = await response.json();
-        if (!user)
-            return Result.error(new Error("Failed to get user"));
+        const responseOrError = await this.sendServerRequestAndCatchKnownError(urlString `/users/${userId}`, {}, null, [KnownErrors.UserNotFound]);
+        if (responseOrError.status === "error") {
+            return Result.error(responseOrError.error);
+        }
+        const user = await responseOrError.data.json();
         return Result.ok(user);
     }
     async listServerTeamInvitations(options) {
@@ -182,7 +183,7 @@ export class StackServerInterface extends StackClientInterface {
         }, null);
         return await response.json();
     }
-    async createServerUserSession(userId, expiresInMillis) {
+    async createServerUserSession(userId, expiresInMillis, isImpersonation) {
         const response = await this.sendServerRequest("/auth/sessions", {
             method: "POST",
             headers: {
@@ -191,6 +192,7 @@ export class StackServerInterface extends StackClientInterface {
             body: JSON.stringify({
                 user_id: userId,
                 expires_in_millis: expiresInMillis,
+                is_impersonation: isImpersonation,
             }),
         }, null);
         const result = await response.json();
@@ -285,6 +287,17 @@ export class StackServerInterface extends StackClientInterface {
             body: JSON.stringify({ callback_url: callbackUrl }),
         }, null);
     }
+    async listServerSessions(userId) {
+        const response = await this.sendServerRequest(urlString `/auth/sessions?user_id=${userId}`, {
+            method: "GET",
+        }, null);
+        return await response.json();
+    }
+    async deleteServerSession(sessionId) {
+        await this.sendServerRequest(urlString `/auth/sessions/${sessionId}`, {
+            method: "DELETE",
+        }, null);
+    }
     async sendServerTeamInvitation(options) {
         await this.sendServerRequest("/team-invitations/send-code", {
             method: "POST",

package/dist/known-errors.d.ts

@@ -46,6 +46,11 @@ export type KnownErrors = {
     [K in keyof typeof KnownErrors]: InstanceType<typeof KnownErrors[K]>;
 };
 export declare const KnownErrors: {
+    CannotDeleteCurrentSession: KnownErrorConstructor<KnownError & KnownErrorBrand<"REFRESH_TOKEN_ERROR"> & {
+        constructorArgs: [statusCode: number, humanReadableMessage: string, details?: Json | undefined];
+    } & KnownErrorBrand<"CANNOT_DELETE_CURRENT_SESSION">, []> & {
+        errorCode: "CANNOT_DELETE_CURRENT_SESSION";
+    };
     UnsupportedError: KnownErrorConstructor<KnownError & KnownErrorBrand<"UNSUPPORTED_ERROR">, [originalErrorCode: string]> & {
         errorCode: "UNSUPPORTED_ERROR";
     };
@@ -194,7 +199,7 @@ export declare const KnownErrors: {
     };
     AccessTokenExpired: KnownErrorConstructor<KnownError & KnownErrorBrand<"SESSION_AUTHENTICATION_ERROR"> & {
         constructorArgs: [statusCode: number, humanReadableMessage: string, details?: Json | undefined];
-    } & KnownErrorBrand<"INVALID_SESSION_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ACCESS_TOKEN"> & KnownErrorBrand<"ACCESS_TOKEN_EXPIRED">, [expiredAt: Date | undefined]> & {
+    } & KnownErrorBrand<"INVALID_SESSION_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ACCESS_TOKEN"> & KnownErrorBrand<"ACCESS_TOKEN_EXPIRED">, [Date | undefined]> & {
         errorCode: "ACCESS_TOKEN_EXPIRED";
     };
     InvalidProjectForAccessToken: KnownErrorConstructor<KnownError & KnownErrorBrand<"SESSION_AUTHENTICATION_ERROR"> & {
@@ -218,6 +223,9 @@ export declare const KnownErrors: {
     UserEmailAlreadyExists: KnownErrorConstructor<KnownError & KnownErrorBrand<"USER_EMAIL_ALREADY_EXISTS">, []> & {
         errorCode: "USER_EMAIL_ALREADY_EXISTS";
     };
+    EmailNotVerified: KnownErrorConstructor<KnownError & KnownErrorBrand<"EMAIL_NOT_VERIFIED">, []> & {
+        errorCode: "EMAIL_NOT_VERIFIED";
+    };
     UserIdDoesNotExist: KnownErrorConstructor<KnownError & KnownErrorBrand<"USER_ID_DOES_NOT_EXIST">, [userId: string]> & {
         errorCode: "USER_ID_DOES_NOT_EXIST";
     };
@@ -380,8 +388,11 @@ export declare const KnownErrors: {
     OAuthProviderAccessDenied: KnownErrorConstructor<KnownError & KnownErrorBrand<"OAUTH_PROVIDER_ACCESS_DENIED">, []> & {
         errorCode: "OAUTH_PROVIDER_ACCESS_DENIED";
     };
-    ContactChannelAlreadyUsedForAuthBySomeoneElse: KnownErrorConstructor<KnownError & KnownErrorBrand<"CONTACT_CHANNEL_ALREADY_USED_FOR_AUTH_BY_SOMEONE_ELSE">, [type: "email"]> & {
+    ContactChannelAlreadyUsedForAuthBySomeoneElse: KnownErrorConstructor<KnownError & KnownErrorBrand<"CONTACT_CHANNEL_ALREADY_USED_FOR_AUTH_BY_SOMEONE_ELSE">, [type: "email", contactChannelValue?: string | undefined]> & {
         errorCode: "CONTACT_CHANNEL_ALREADY_USED_FOR_AUTH_BY_SOMEONE_ELSE";
     };
+    InvalidPollingCodeError: KnownErrorConstructor<KnownError & KnownErrorBrand<"INVALID_POLLING_CODE">, [details?: Json | undefined]> & {
+        errorCode: "INVALID_POLLING_CODE";
+    };
 };
 export {};

package/dist/known-errors.js

@@ -245,7 +245,7 @@ const AccessTokenExpired = createKnownErrorConstructor(InvalidAccessToken, "ACCE
     401,
     `Access token has expired. Please refresh it and try again.${expiredAt ? ` (The access token expired at ${expiredAt.toISOString()}.)` : ""}`,
     { expired_at_millis: expiredAt?.getTime() ?? null },
-], (json) => [json.expired_at_millis ?? undefined]);
+], (json) => [json.expired_at_millis ? new Date(json.expired_at_millis) : undefined]);
 const InvalidProjectForAccessToken = createKnownErrorConstructor(InvalidAccessToken, "INVALID_PROJECT_FOR_ACCESS_TOKEN", () => [
     401,
     "Access token not valid for this project.",
@@ -255,6 +255,10 @@ const RefreshTokenNotFoundOrExpired = createKnownErrorConstructor(RefreshTokenEr
     401,
     "Refresh token not found for this project, or the session has expired/been revoked.",
 ], () => []);
+const CannotDeleteCurrentSession = createKnownErrorConstructor(RefreshTokenError, "CANNOT_DELETE_CURRENT_SESSION", () => [
+    400,
+    "Cannot delete the current session.",
+], () => []);
 const ProviderRejected = createKnownErrorConstructor(RefreshTokenError, "PROVIDER_REJECTED", () => [
     401,
     "The provider refused to refresh their token. This usually means that the provider used to authenticate the user no longer regards this session as valid, and the user must re-authenticate.",
@@ -263,6 +267,10 @@ const UserEmailAlreadyExists = createKnownErrorConstructor(KnownError, "USER_EMA
     409,
     "User email already exists.",
 ], () => []);
+const EmailNotVerified = createKnownErrorConstructor(KnownError, "EMAIL_NOT_VERIFIED", () => [
+    400,
+    "The email is not verified.",
+], () => []);
 const CannotGetOwnUserWithoutUser = createKnownErrorConstructor(KnownError, "CANNOT_GET_OWN_USER_WITHOUT_USER", () => [
     400,
     "You have specified 'me' as a userId, but did not provide authentication for a user.",
@@ -531,12 +539,20 @@ const OAuthProviderAccessDenied = createKnownErrorConstructor(KnownError, "OAUTH
     400,
     "The OAuth provider denied access to the user.",
 ], () => []);
-const ContactChannelAlreadyUsedForAuthBySomeoneElse = createKnownErrorConstructor(KnownError, "CONTACT_CHANNEL_ALREADY_USED_FOR_AUTH_BY_SOMEONE_ELSE", (type) => [
+const ContactChannelAlreadyUsedForAuthBySomeoneElse = createKnownErrorConstructor(KnownError, "CONTACT_CHANNEL_ALREADY_USED_FOR_AUTH_BY_SOMEONE_ELSE", (type, contactChannelValue) => [
     409,
-    `This ${type} is already used for authentication by another account.`,
-    { type },
-], (json) => [json.type]);
+    contactChannelValue ?
+        `The ${type} (${contactChannelValue}) is already used for authentication by another account.` :
+        `This ${type} is already used for authentication by another account.`,
+    { type, contact_channel_value: contactChannelValue ?? null },
+], (json) => [json.type, json.contact_channel_value]);
+const InvalidPollingCodeError = createKnownErrorConstructor(KnownError, "INVALID_POLLING_CODE", (details) => [
+    400,
+    "The polling code is invalid or does not exist.",
+    details,
+], (json) => [json]);
 export const KnownErrors = {
+    CannotDeleteCurrentSession,
     UnsupportedError,
     BodyParsingError,
     SchemaError,
@@ -575,6 +591,7 @@ export const KnownErrors = {
     ProviderRejected,
     RefreshTokenNotFoundOrExpired,
     UserEmailAlreadyExists,
+    EmailNotVerified,
     UserIdDoesNotExist,
     UserNotFound,
     ApiKeyNotFound,
@@ -626,6 +643,7 @@ export const KnownErrors = {
     TeamPermissionNotFound,
     OAuthProviderAccessDenied,
     ContactChannelAlreadyUsedForAuthBySomeoneElse,
+    InvalidPollingCodeError,
 };
 // ensure that all known error codes are unique
 const knownErrorCodes = new Set();

package/dist/schema-fields.d.ts

@@ -72,6 +72,7 @@ export declare const oauthClientIdSchema: yup.StringSchema<string | undefined, y
 export declare const oauthClientSecretSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthFacebookConfigIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const oauthMicrosoftTenantIdSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
+export declare const oauthAccountMergeStrategySchema: yup.StringSchema<"link_method" | "raise_error" | "allow_duplicates" | undefined, yup.AnyObject, undefined, "">;
 export declare const emailTypeSchema: yup.StringSchema<"shared" | "standard" | undefined, yup.AnyObject, undefined, "">;
 export declare const emailSenderNameSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;
 export declare const emailHostSchema: yup.StringSchema<string | undefined, yup.AnyObject, undefined, "">;

package/dist/schema-fields.js

@@ -248,6 +248,7 @@ export const oauthClientIdSchema = yupString().meta({ openapiField: { descriptio
 export const oauthClientSecretSchema = yupString().meta({ openapiField: { description: 'OAuth client secret. Needs to be specified when using type="standard"', exampleValue: 'google-oauth-client-secret' } });
 export const oauthFacebookConfigIdSchema = yupString().meta({ openapiField: { description: 'The configuration id for Facebook business login (for things like ads and marketing). This is only required if you are using the standard OAuth with Facebook and you are using Facebook business login.' } });
 export const oauthMicrosoftTenantIdSchema = yupString().meta({ openapiField: { description: 'The Microsoft tenant id for Microsoft directory. This is only required if you are using the standard OAuth with Microsoft and you have an Azure AD tenant.' } });
+export const oauthAccountMergeStrategySchema = yupString().oneOf(['link_method', 'raise_error', 'allow_duplicates']).meta({ openapiField: { description: 'Determines how to handle OAuth logins that match an existing user by email. `link_method` adds the OAuth method to the existing user. `raise_error` rejects the login with an error. `allow_duplicates` creates a new user.', exampleValue: 'link_method' } });
 // Project email config
 export const emailTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'Email provider type, one of shared, standard. "shared" uses Stack shared email provider and it is only meant for development. "standard" uses your own email server and will have your email address as the sender.', exampleValue: 'standard' } });
 export const emailSenderNameSchema = yupString().meta({ openapiField: { description: 'Email sender name. Needs to be specified when using type="standard"', exampleValue: 'Stack' } });

package/dist/utils/geo.d.ts

@@ -0,0 +1,19 @@
+import * as yup from "yup";
+export declare const geoInfoSchema: yup.ObjectSchema<{
+    ip: string;
+    countryCode: string | null | undefined;
+    regionCode: string | null | undefined;
+    cityName: string | null | undefined;
+    latitude: number | null | undefined;
+    longitude: number | null | undefined;
+    tzIdentifier: string | null | undefined;
+}, yup.AnyObject, {
+    ip: undefined;
+    countryCode: undefined;
+    regionCode: undefined;
+    cityName: undefined;
+    latitude: undefined;
+    longitude: undefined;
+    tzIdentifier: undefined;
+}, "">;
+export type GeoInfo = yup.InferType<typeof geoInfoSchema>;

package/dist/utils/geo.js

@@ -0,0 +1,10 @@
+import { yupNumber, yupObject, yupString } from "../schema-fields";
+export const geoInfoSchema = yupObject({
+    ip: yupString().defined(),
+    countryCode: yupString().nullable(),
+    regionCode: yupString().nullable(),
+    cityName: yupString().nullable(),
+    latitude: yupNumber().nullable(),
+    longitude: yupNumber().nullable(),
+    tzIdentifier: yupString().nullable(),
+});

package/dist/utils/strings.js

@@ -2,6 +2,8 @@ import { findLastIndex, unique } from "./arrays";
 import { StackAssertionError } from "./errors";
 import { filterUndefined } from "./objects";
 export function typedToLowercase(s) {
+    if (typeof s !== "string")
+        throw new StackAssertionError("Expected a string for typedToLowercase", { s });
     return s.toLowerCase();
 }
 import.meta.vitest?.test("typedToLowercase", ({ expect }) => {
@@ -12,8 +14,11 @@ import.meta.vitest?.test("typedToLowercase", ({ expect }) => {
     expect(typedToLowercase("123")).toBe("123");
     expect(typedToLowercase("MIXED123case")).toBe("mixed123case");
     expect(typedToLowercase("Special@Chars!")).toBe("special@chars!");
+    expect(() => typedToLowercase(123)).toThrow("Expected a string for typedToLowercase");
 });
 export function typedToUppercase(s) {
+    if (typeof s !== "string")
+        throw new StackAssertionError("Expected a string for typedToUppercase", { s });
     return s.toUpperCase();
 }
 import.meta.vitest?.test("typedToUppercase", ({ expect }) => {
@@ -24,6 +29,7 @@ import.meta.vitest?.test("typedToUppercase", ({ expect }) => {
     expect(typedToUppercase("123")).toBe("123");
     expect(typedToUppercase("mixed123Case")).toBe("MIXED123CASE");
     expect(typedToUppercase("special@chars!")).toBe("SPECIAL@CHARS!");
+    expect(() => typedToUppercase(123)).toThrow("Expected a string for typedToUppercase");
 });
 export function typedCapitalize(s) {
     return s.charAt(0).toUpperCase() + s.slice(1);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.7.25",
+  "version": "2.7.27",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "type": "module",