@stackframe/stack-shared 2.7.7 → 2.7.9

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # @stackframe/stack-shared
 
+## 2.7.9
+
+### Patch Changes
+
+- Various changes
+  - @stackframe/stack-sc@2.7.9
+
+## 2.7.8
+
+### Patch Changes
+
+- Various changes
+- Updated dependencies
+  - @stackframe/stack-sc@2.7.8
+
 ## 2.7.7
 
 ### Patch Changes

package/dist/known-errors.d.ts

@@ -121,7 +121,7 @@ export declare const KnownErrors: {
     };
     AdminAccessTokenExpired: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & {
         constructorArgs: [statusCode: number, humanReadableMessage: string, details?: Json | undefined];
-    } & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ADMIN_ACCESS_TOKEN"> & KnownErrorBrand<"ADMIN_ACCESS_TOKEN_EXPIRED">, []> & {
+    } & KnownErrorBrand<"INVALID_PROJECT_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ADMIN_ACCESS_TOKEN"> & KnownErrorBrand<"ADMIN_ACCESS_TOKEN_EXPIRED">, [expiredAt: Date | undefined]> & {
         errorCode: "ADMIN_ACCESS_TOKEN_EXPIRED";
     };
     InvalidProjectForAdminAccessToken: KnownErrorConstructor<KnownError & KnownErrorBrand<"PROJECT_AUTHENTICATION_ERROR"> & {
@@ -194,7 +194,7 @@ export declare const KnownErrors: {
     };
     AccessTokenExpired: KnownErrorConstructor<KnownError & KnownErrorBrand<"SESSION_AUTHENTICATION_ERROR"> & {
         constructorArgs: [statusCode: number, humanReadableMessage: string, details?: Json | undefined];
-    } & KnownErrorBrand<"INVALID_SESSION_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ACCESS_TOKEN"> & KnownErrorBrand<"ACCESS_TOKEN_EXPIRED">, []> & {
+    } & KnownErrorBrand<"INVALID_SESSION_AUTHENTICATION"> & KnownErrorBrand<"INVALID_ACCESS_TOKEN"> & KnownErrorBrand<"ACCESS_TOKEN_EXPIRED">, [expiredAt: Date | undefined]> & {
         errorCode: "ACCESS_TOKEN_EXPIRED";
     };
     InvalidProjectForAccessToken: KnownErrorConstructor<KnownError & KnownErrorBrand<"SESSION_AUTHENTICATION_ERROR"> & {

package/dist/known-errors.js

@@ -171,10 +171,11 @@ const UnparsableAdminAccessToken = createKnownErrorConstructor(InvalidAdminAcces
     401,
     "Admin access token is not parsable.",
 ], () => []);
-const AdminAccessTokenExpired = createKnownErrorConstructor(InvalidAdminAccessToken, "ADMIN_ACCESS_TOKEN_EXPIRED", () => [
+const AdminAccessTokenExpired = createKnownErrorConstructor(InvalidAdminAccessToken, "ADMIN_ACCESS_TOKEN_EXPIRED", (expiredAt) => [
     401,
-    "Admin access token has expired. Please refresh it and try again.",
-], () => []);
+    `Admin access token has expired. Please refresh it and try again.${expiredAt ? ` (The access token expired at ${expiredAt.toISOString()}.)` : ""}`,
+    { expired_at_millis: expiredAt?.getTime() ?? null },
+], (json) => [json.expired_at_millis ?? undefined]);
 const InvalidProjectForAdminAccessToken = createKnownErrorConstructor(InvalidAdminAccessToken, "INVALID_PROJECT_FOR_ADMIN_ACCESS_TOKEN", () => [
     401,
     "Admin access tokens must be created on the internal project.",
@@ -240,10 +241,11 @@ const UnparsableAccessToken = createKnownErrorConstructor(InvalidAccessToken, "U
     401,
     "Access token is not parsable.",
 ], () => []);
-const AccessTokenExpired = createKnownErrorConstructor(InvalidAccessToken, "ACCESS_TOKEN_EXPIRED", () => [
+const AccessTokenExpired = createKnownErrorConstructor(InvalidAccessToken, "ACCESS_TOKEN_EXPIRED", (expiredAt) => [
     401,
-    "Access token has expired. Please refresh it and try again.",
-], () => []);
+    `Access token has expired. Please refresh it and try again.${expiredAt ? ` (The access token expired at ${expiredAt.toISOString()}.)` : ""}`,
+    { expired_at_millis: expiredAt?.getTime() ?? null },
+], (json) => [json.expired_at_millis ?? undefined]);
 const InvalidProjectForAccessToken = createKnownErrorConstructor(InvalidAccessToken, "INVALID_PROJECT_FOR_ACCESS_TOKEN", () => [
     401,
     "Access token not valid for this project.",

package/dist/schema-fields.d.ts

@@ -4,6 +4,10 @@ declare module "yup" {
         nonEmpty(message?: string): StringSchema<TType, TContext, TDefault, TFlags>;
         empty(): StringSchema<TType, TContext, TDefault, TFlags>;
     }
+    interface Schema<TType, TContext, TDefault, TFlags> {
+        getNested<K extends keyof TType>(path: K): yup.Schema<TType[K], TContext, TDefault, TFlags>;
+        concat<U extends yup.AnySchema>(schema: U): yup.Schema<Omit<TType, keyof yup.InferType<U>> & yup.InferType<U>, TContext, TDefault, TFlags>;
+    }
 }
 export declare function yupValidate<S extends yup.ISchema<any>>(schema: S, obj: unknown, options?: yup.ValidateOptions & {
     currentUserId?: string | null;
@@ -23,6 +27,7 @@ export declare function yupTuple<T extends [unknown, ...unknown[]]>(...args: Par
 export declare function yupObject<A extends yup.Maybe<yup.AnyObject>, B extends yup.ObjectShape>(...args: Parameters<typeof yup.object<A, B>>): yup.ObjectSchema<yup.TypeFromShape<B, yup.AnyObject> extends infer T ? T extends yup.TypeFromShape<B, yup.AnyObject> ? T extends {} ? { [k in keyof T]: T[k]; } : T : never : never, yup.AnyObject, yup.DefaultFromShape<B> extends infer T_1 ? T_1 extends yup.DefaultFromShape<B> ? T_1 extends {} ? { [k_1 in keyof T_1]: T_1[k_1]; } : T_1 : never : never, "">;
 export declare function yupNever(): yup.MixedSchema<never>;
 export declare function yupUnion<T extends yup.ISchema<any>[]>(...args: T): yup.MixedSchema<yup.InferType<T[number]>>;
+export declare function ensureObjectSchema<T extends yup.AnyObject>(schema: yup.Schema<T>): yup.ObjectSchema<T> & typeof schema;
 export declare const adaptSchema: yup.MixedSchema<typeof StackAdaptSentinel | undefined, yup.AnyObject, undefined, "">;
 /**
  * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.

package/dist/schema-fields.js

@@ -13,6 +13,11 @@ yup.addMethod(yup.string, "nonEmpty", function (message) {
         return value !== "";
     });
 });
+yup.addMethod(yup.Schema, "getNested", function (path) {
+    if (!path.match(/^[a-zA-Z_][a-zA-Z0-9_]*$/))
+        throw new StackAssertionError(`yupSchema.getNested can currently only be used with alphanumeric keys. Fix this in the future. Provided key: ${path}`);
+    return yup.reach(this, path);
+});
 export async function yupValidate(schema, obj, options) {
     try {
         return await schema.validate(obj, {
@@ -155,6 +160,11 @@ export function yupUnion(...args) {
         });
     });
 }
+export function ensureObjectSchema(schema) {
+    if (!(schema instanceof yup.ObjectSchema))
+        throw new StackAssertionError(`assertObjectSchema: schema is not an ObjectSchema: ${schema.describe().type}`);
+    return schema;
+}
 // Common
 export const adaptSchema = yupMixed();
 /**

package/dist/sessions.d.ts

@@ -73,9 +73,9 @@ export declare class InternalSession {
     /**
      * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.
      *
-     * The newly generated tokens are shortlived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
+     * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
      *
-     * In most cases, you should prefer `getOrFetchLikelyValidTokens` with a fallback to `markAccessTokenExpired` and a retry mechanism if the endpoint rejects the token.
+     * In most cases, you should prefer `getOrFetchLikelyValidTokens`.
      *
      * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).
      */
@@ -95,11 +95,7 @@ export declare class InternalSession {
      */
     private _getPotentiallyInvalidAccessTokenIfAvailable;
     /**
-     * @returns An access token (cached if possible), or null if the session either does not represent a user or the session is invalid.
-     */
-    private _getOrFetchPotentiallyInvalidAccessToken;
-    /**
-     * You should prefer `_getOrFetchAccessToken` in almost all cases.
+     * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.
      *
      * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.
      */

package/dist/sessions.js

@@ -10,7 +10,7 @@ export class AccessToken {
     }
     get expiresAt() {
         const { exp } = jose.decodeJwt(this.token);
-        if (!exp)
+        if (exp === undefined)
             return new Date(8640000000000000); // max date value
         return new Date(exp * 1000);
     }
@@ -107,9 +107,9 @@ export class InternalSession {
     /**
      * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.
      *
-     * The newly generated tokens are shortlived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
+     * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
      *
-     * In most cases, you should prefer `getOrFetchLikelyValidTokens` with a fallback to `markAccessTokenExpired` and a retry mechanism if the endpoint rejects the token.
+     * In most cases, you should prefer `getOrFetchLikelyValidTokens`.
      *
      * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).
      */
@@ -133,30 +133,17 @@ export class InternalSession {
      * @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.
      */
     _getPotentiallyInvalidAccessTokenIfAvailable() {
-        const accessToken = this._accessToken.get();
-        if (accessToken && !accessToken.isExpired())
-            return accessToken;
-        return null;
-    }
-    /**
-     * @returns An access token (cached if possible), or null if the session either does not represent a user or the session is invalid.
-     */
-    async _getOrFetchPotentiallyInvalidAccessToken() {
         if (!this._refreshToken)
             return null;
         if (this.isKnownToBeInvalid())
             return null;
-        const oldAccessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();
-        if (oldAccessToken)
-            return oldAccessToken;
-        // refresh access token
-        if (!this._refreshPromise) {
-            this._refreshAndSetRefreshPromise(this._refreshToken);
-        }
-        return await this._refreshPromise;
+        const accessToken = this._accessToken.get();
+        if (accessToken && !accessToken.isExpired())
+            return accessToken;
+        return null;
     }
     /**
-     * You should prefer `_getOrFetchAccessToken` in almost all cases.
+     * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.
      *
      * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.
      */
@@ -165,7 +152,9 @@ export class InternalSession {
             return null;
         if (this._knownToBeInvalid.get())
             return null;
-        this._refreshAndSetRefreshPromise(this._refreshToken);
+        if (!this._refreshPromise) {
+            this._refreshAndSetRefreshPromise(this._refreshToken);
+        }
         return await this._refreshPromise;
     }
     _refreshAndSetRefreshPromise(refreshToken) {

package/dist/utils/booleans.d.ts

@@ -0,0 +1,4 @@
+export type Truthy<T> = T extends null | undefined | 0 | "" | false ? false : true;
+export type Falsy<T> = T extends null | undefined | 0 | "" | false ? true : false;
+export declare function isTruthy<T>(value: T): value is T & Truthy<T>;
+export declare function isFalsy<T>(value: T): value is T & Falsy<T>;

package/dist/utils/booleans.js

@@ -0,0 +1,6 @@
+export function isTruthy(value) {
+    return !!value;
+}
+export function isFalsy(value) {
+    return !value;
+}

package/dist/utils/fs.d.ts

@@ -0,0 +1,4 @@
+export declare function list(path: string): Promise<string[]>;
+export declare function listRecursively(p: string, options?: {
+    excludeDirectories?: boolean;
+}): Promise<string[]>;

package/dist/utils/fs.js

@@ -0,0 +1,22 @@
+import * as stackFs from "fs";
+import * as path from "path";
+export async function list(path) {
+    return await stackFs.promises.readdir(path);
+}
+export async function listRecursively(p, options = {}) {
+    const files = await list(p);
+    return [
+        ...(await Promise.all(files.map(async (fileName) => {
+            const filePath = path.join(p, fileName);
+            if ((await stackFs.promises.stat(filePath)).isDirectory()) {
+                return [
+                    ...(await listRecursively(filePath, options)),
+                    ...(options.excludeDirectories ? [] : [filePath]),
+                ];
+            }
+            else {
+                return [filePath];
+            }
+        }))).flat(),
+    ];
+}

package/dist/utils/numbers.d.ts

@@ -1,2 +1,3 @@
 export declare function prettyPrintWithMagnitudes(num: number): string;
 export declare function toFixedMax(num: number, maxDecimals: number): string;
+export declare function numberCompare(a: number, b: number): number;

package/dist/utils/numbers.js

@@ -24,3 +24,6 @@ export function prettyPrintWithMagnitudes(num) {
 export function toFixedMax(num, maxDecimals) {
     return num.toFixed(maxDecimals).replace(/\.?0+$/, "");
 }
+export function numberCompare(a, b) {
+    return Math.sign(a - b);
+}

package/dist/utils/strings.d.ts

@@ -45,6 +45,7 @@ export declare function deindent(code: string): string;
 export declare function deindent(strings: TemplateStringsArray | readonly string[], ...values: any[]): string;
 export declare function extractScopes(scope: string, removeDuplicates?: boolean): string[];
 export declare function mergeScopeStrings(...scopes: string[]): string;
+export declare function escapeTemplateLiteral(s: string): string;
 export type Nicifiable = {
     getNicifiableKeys?(): PropertyKey[];
     getNicifiedObjectExtraLines?(): string[];

package/dist/utils/strings.js

@@ -103,15 +103,20 @@ export function deindent(strings, ...values) {
     return templateIdentity(deindentedStrings, ...indentedValues);
 }
 export function extractScopes(scope, removeDuplicates = true) {
+    // TODO what is this for? can we move this into the OAuth code in the backend?
     const trimmedString = scope.trim();
     const scopesArray = trimmedString.split(/\s+/);
     const filtered = scopesArray.filter(scope => scope.length > 0);
     return removeDuplicates ? [...new Set(filtered)] : filtered;
 }
 export function mergeScopeStrings(...scopes) {
+    // TODO what is this for? can we move this into the OAuth code in the backend?
     const allScope = scopes.map((s) => extractScopes(s)).flat().join(" ");
     return extractScopes(allScope).join(" ");
 }
+export function escapeTemplateLiteral(s) {
+    return s.replaceAll("`", "\\`").replaceAll("\\", "\\\\").replaceAll("$", "\\$");
+}
 /**
  * Some classes have different constructor names in different environments (eg. `Headers` is sometimes called `_Headers`,
  * so we create an object of overrides to handle these cases.
@@ -165,11 +170,27 @@ export function nicify(value, options = {}) {
         });
     };
     switch (typeof value) {
-        case "string":
         case "boolean":
         case "number": {
             return JSON.stringify(value);
         }
+        case "string": {
+            const isDeindentable = (v) => deindent(v) === v && v.includes("\n");
+            const wrapInDeindent = (v) => deindent `
+        deindent\`
+        ${currentIndent + lineIndent}${escapeTemplateLiteral(value).replaceAll("\n", nl + lineIndent)}
+        ${currentIndent}\`
+      `;
+            if (isDeindentable(value)) {
+                return wrapInDeindent(value);
+            }
+            else if (value.endsWith("\n") && isDeindentable(value.slice(0, -1))) {
+                return wrapInDeindent(value.slice(0, -1)) + ' + "\\n"';
+            }
+            else {
+                return JSON.stringify(value);
+            }
+        }
         case "undefined": {
             return "undefined";
         }
@@ -205,7 +226,7 @@ export function nicify(value, options = {}) {
                 }
             }
             if (value instanceof URL) {
-                return `URL(${JSON.stringify(value.toString())})`;
+                return `URL(${nicify(value.toString())})`;
             }
             if (ArrayBuffer.isView(value)) {
                 return `${value.constructor.name}([${value.toString()}])`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-shared",
-  "version": "2.7.7",
+  "version": "2.7.9",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "files": [
@@ -51,7 +51,7 @@
     "oauth4webapi": "^2.10.3",
     "semver": "^7.6.3",
     "uuid": "^9.0.1",
-    "@stackframe/stack-sc": "2.7.7"
+    "@stackframe/stack-sc": "2.7.9"
   },
   "devDependencies": {
     "@sentry/nextjs": "^8.40.0",