@stackframe/stack 2.3.5 → 2.3.7

package/dist/esm/lib/stack-app.js

@@ -0,0 +1,940 @@
+// src/lib/stack-app.ts
+import React, { use, useCallback, useMemo } from "react";
+import { KnownError, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
+import { getCookie, setOrDeleteCookie } from "./cookie";
+import { StackAssertionError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
+import { generateUuid } from "@stackframe/stack-shared/dist/utils/uuids";
+import { AsyncResult, Result } from "@stackframe/stack-shared/dist/utils/results";
+import { suspendIfSsr } from "@stackframe/stack-shared/dist/utils/react";
+import { AsyncStore } from "@stackframe/stack-shared/dist/utils/stores";
+import { getProductionModeErrors } from "@stackframe/stack-shared/dist/interface/clientInterface";
+import { isClient } from "../utils/next";
+import { callOAuthCallback, signInWithOAuth } from "./auth";
+import * as NextNavigation from "next/navigation";
+import { constructRedirectUrl } from "../utils/url";
+import { filterUndefined, omit } from "@stackframe/stack-shared/dist/utils/objects";
+import { neverResolve, resolved, runAsynchronously, wait } from "@stackframe/stack-shared/dist/utils/promises";
+import { AsyncCache } from "@stackframe/stack-shared/dist/utils/caches";
+import { suspend } from "@stackframe/stack-shared/dist/utils/react";
+function getUrls(partial) {
+  const handler = partial.handler ?? "/handler";
+  return {
+    handler,
+    signIn: `${handler}/signin`,
+    afterSignIn: "/",
+    signUp: `${handler}/signup`,
+    afterSignUp: "/",
+    signOut: `${handler}/signout`,
+    afterSignOut: "/",
+    emailVerification: `${handler}/email-verification`,
+    passwordReset: `${handler}/password-reset`,
+    forgotPassword: `${handler}/forgot-password`,
+    oauthCallback: `${handler}/oauth-callback`,
+    magicLinkCallback: `${handler}/magic-link-callback`,
+    home: "/",
+    accountSettings: `${handler}/account-settings`,
+    ...filterUndefined(partial)
+  };
+}
+function getDefaultProjectId() {
+  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || throwErr("Welcome to Stack! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable.");
+}
+function getDefaultPublishableClientKey() {
+  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || throwErr("Welcome to Stack! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable.");
+}
+function getDefaultSecretServerKey() {
+  return process.env.STACK_SECRET_SERVER_KEY || throwErr("No secret server key provided. Please copy your publishable client key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable.");
+}
+function getDefaultSuperSecretAdminKey() {
+  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || throwErr("No super secret admin key provided. Please copy your publishable client key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable.");
+}
+function getDefaultBaseUrl() {
+  return process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
+}
+var defaultBaseUrl = "https://app.stack-auth.com";
+function createEmptyTokenStore() {
+  const store = new AsyncStore();
+  store.set({
+    refreshToken: null,
+    accessToken: null
+  });
+  return store;
+}
+var memoryTokenStore = createEmptyTokenStore();
+var cookieTokenStore = null;
+var cookieTokenStoreInitializer = () => {
+  if (!isClient()) {
+    throw new Error("Cannot use cookie token store on the server!");
+  }
+  if (cookieTokenStore === null) {
+    cookieTokenStore = new AsyncStore();
+    let hasSucceededInWriting = true;
+    setInterval(() => {
+      if (hasSucceededInWriting) {
+        const newValue = {
+          refreshToken: getCookie("stack-refresh"),
+          accessToken: getCookie("stack-access")
+        };
+        const res = cookieTokenStore.get();
+        if (res.status !== "ok" || res.data.refreshToken !== newValue.refreshToken || res.data.accessToken !== newValue.accessToken) {
+          cookieTokenStore.set(newValue);
+        }
+      }
+    }, 10);
+    cookieTokenStore.onChange((value) => {
+      try {
+        setOrDeleteCookie("stack-refresh", value.refreshToken);
+        setOrDeleteCookie("stack-access", value.accessToken);
+        hasSucceededInWriting = true;
+      } catch (e) {
+        hasSucceededInWriting = false;
+      }
+    });
+  }
+  return cookieTokenStore;
+};
+var tokenStoreInitializers = /* @__PURE__ */ new Map([
+  ["cookie", cookieTokenStoreInitializer],
+  ["nextjs-cookie", () => {
+    if (isClient()) {
+      return cookieTokenStoreInitializer();
+    } else {
+      const store = new AsyncStore();
+      store.set({
+        refreshToken: getCookie("stack-refresh"),
+        accessToken: getCookie("stack-access")
+      });
+      store.onChange((value) => {
+        try {
+          setOrDeleteCookie("stack-refresh", value.refreshToken);
+          setOrDeleteCookie("stack-access", value.accessToken);
+        } catch (e) {
+        }
+      });
+      return store;
+    }
+  }],
+  ["memory", () => memoryTokenStore],
+  [null, () => createEmptyTokenStore()]
+]);
+function getTokenStore(tokenStoreOptions) {
+  return (tokenStoreInitializers.get(tokenStoreOptions) ?? throwErr(`Invalid token store ${tokenStoreOptions}`))();
+}
+var loadingSentinel = Symbol("stackAppCacheLoadingSentinel");
+function useCache(cache, dependencies, caller) {
+  suspendIfSsr(caller);
+  const subscribe = useCallback((cb) => {
+    const { unsubscribe } = cache.onChange(dependencies, () => cb());
+    return unsubscribe;
+  }, [cache, ...dependencies]);
+  const getSnapshot = useCallback(() => {
+    return AsyncResult.or(cache.getIfCached(dependencies), loadingSentinel);
+  }, [cache, ...dependencies]);
+  const value = React.useSyncExternalStore(subscribe, getSnapshot, getSnapshot);
+  if (value === loadingSentinel) {
+    return use(cache.getOrWait(dependencies, "read-write"));
+  } else {
+    return use(resolved(value));
+  }
+}
+var stackAppInternalsSymbol = Symbol.for("StackAppInternals");
+var allClientApps = /* @__PURE__ */ new Map();
+var createCache = (fetcher) => {
+  return new AsyncCache(
+    async (dependencies) => await fetcher(dependencies),
+    {}
+  );
+};
+var createCacheByTokenStore = (fetcher) => {
+  return new AsyncCache(
+    async ([tokenStore, ...extraDependencies]) => await fetcher(tokenStore, extraDependencies),
+    {
+      onSubscribe: ([tokenStore], refresh) => {
+        const handlerObj = tokenStore.onChange((newValue, oldValue) => {
+          if (JSON.stringify(newValue) === JSON.stringify(oldValue))
+            return;
+          refresh();
+        });
+        return () => handlerObj.unsubscribe();
+      }
+    }
+  );
+};
+var _StackClientAppImpl = class __StackClientAppImpl {
+  _uniqueIdentifier;
+  _interface;
+  _tokenStoreOptions;
+  _urlOptions;
+  __DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;
+  _currentUserCache = createCacheByTokenStore(async (tokenStore) => {
+    if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {
+      await wait(2e3);
+    }
+    const user = await this._interface.getClientUserByToken(tokenStore);
+    return Result.or(user, null);
+  });
+  _currentProjectCache = createCache(async () => {
+    return Result.orThrow(await this._interface.getClientProject());
+  });
+  _ownedProjectsCache = createCacheByTokenStore(async (tokenStore) => {
+    return await this._interface.listProjects(tokenStore);
+  });
+  constructor(options) {
+    if ("interface" in options) {
+      this._interface = options.interface;
+    } else {
+      this._interface = new StackClientInterface({
+        baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
+        projectId: options.projectId ?? getDefaultProjectId(),
+        publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey()
+      });
+    }
+    this._tokenStoreOptions = options.tokenStore;
+    this._urlOptions = options.urls ?? {};
+    this._uniqueIdentifier = options.uniqueIdentifier ?? generateUuid();
+    if (allClientApps.has(this._uniqueIdentifier)) {
+      throw new StackAssertionError("A Stack client app with the same unique identifier already exists");
+    }
+    allClientApps.set(this._uniqueIdentifier, [options.checkString ?? "default check string", this]);
+  }
+  hasPersistentTokenStore() {
+    return this._tokenStoreOptions !== null;
+  }
+  _ensurePersistentTokenStore() {
+    if (!this.hasPersistentTokenStore()) {
+      throw new Error("Cannot call this function on a Stack app without a persistent token store. Make sure the tokenStore option is set to a non-null value when initializing Stack.");
+    }
+  }
+  isInternalProject() {
+    return this.projectId === "internal";
+  }
+  _ensureInternalProject() {
+    if (!this.isInternalProject()) {
+      throw new Error("Cannot call this function on a Stack app with a project ID other than 'internal'.");
+    }
+  }
+  _userFromJson(json) {
+    return {
+      projectId: json.projectId,
+      id: json.id,
+      displayName: json.displayName,
+      primaryEmail: json.primaryEmail,
+      primaryEmailVerified: json.primaryEmailVerified,
+      profileImageUrl: json.profileImageUrl,
+      signedUpAt: new Date(json.signedUpAtMillis),
+      clientMetadata: json.clientMetadata,
+      authMethod: json.authMethod,
+      hasPassword: json.hasPassword,
+      authWithEmail: json.authWithEmail,
+      oauthProviders: json.oauthProviders,
+      toJson() {
+        return json;
+      }
+    };
+  }
+  _currentUserFromJson(json, tokenStore) {
+    if (json === null)
+      return null;
+    const app = this;
+    const currentUser = {
+      ...this._userFromJson(json),
+      tokenStore,
+      update(update) {
+        return app._updateUser(update, tokenStore);
+      },
+      signOut() {
+        return app._signOut(tokenStore);
+      },
+      sendVerificationEmail() {
+        return app._sendVerificationEmail(tokenStore);
+      },
+      updatePassword(options) {
+        return app._updatePassword(options, tokenStore);
+      }
+    };
+    if (this.isInternalProject()) {
+      const internalUser = {
+        ...currentUser,
+        createProject(newProject) {
+          return app._createProject(newProject);
+        },
+        listOwnedProjects() {
+          return app._listOwnedProjects();
+        },
+        useOwnedProjects() {
+          return app._useOwnedProjects();
+        },
+        onOwnedProjectsChange(callback) {
+          return app._onOwnedProjectsChange(callback);
+        }
+      };
+      Object.freeze(internalUser);
+      return internalUser;
+    } else {
+      Object.freeze(currentUser);
+      return currentUser;
+    }
+  }
+  _userToJson(user) {
+    return {
+      projectId: user.projectId,
+      id: user.id,
+      displayName: user.displayName,
+      primaryEmail: user.primaryEmail,
+      primaryEmailVerified: user.primaryEmailVerified,
+      profileImageUrl: user.profileImageUrl,
+      signedUpAtMillis: user.signedUpAt.getTime(),
+      clientMetadata: user.clientMetadata,
+      authMethod: user.authMethod,
+      hasPassword: user.hasPassword,
+      authWithEmail: user.authWithEmail,
+      oauthProviders: user.oauthProviders
+    };
+  }
+  _projectAdminFromJson(data, adminInterface, onRefresh) {
+    if (data.id !== adminInterface.projectId) {
+      throw new Error(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${adminInterface.projectId})! This is a Stack bug.`);
+    }
+    return {
+      id: data.id,
+      displayName: data.displayName,
+      description: data.description,
+      createdAt: new Date(data.createdAtMillis),
+      userCount: data.userCount,
+      isProductionMode: data.isProductionMode,
+      evaluatedConfig: {
+        id: data.evaluatedConfig.id,
+        credentialEnabled: data.evaluatedConfig.credentialEnabled,
+        magicLinkEnabled: data.evaluatedConfig.magicLinkEnabled,
+        allowLocalhost: data.evaluatedConfig.allowLocalhost,
+        oauthProviders: data.evaluatedConfig.oauthProviders,
+        emailConfig: data.evaluatedConfig.emailConfig,
+        domains: data.evaluatedConfig.domains
+      },
+      async update(update) {
+        await adminInterface.updateProject(update);
+        await onRefresh();
+      },
+      toJson() {
+        return data;
+      },
+      getProductionModeErrors() {
+        return getProductionModeErrors(this.toJson());
+      }
+    };
+  }
+  _createAdminInterface(forProjectId, tokenStore) {
+    return new StackAdminInterface({
+      baseUrl: this._interface.options.baseUrl,
+      projectId: forProjectId,
+      projectOwnerTokens: tokenStore
+    });
+  }
+  get projectId() {
+    return this._interface.projectId;
+  }
+  get urls() {
+    return getUrls(this._urlOptions);
+  }
+  _redirectTo(handlerName) {
+    if (!this.urls[handlerName]) {
+      throw new Error(`No URL for handler name ${handlerName}`);
+    }
+    window.location.href = this.urls[handlerName];
+    return neverResolve();
+  }
+  async redirectToSignIn() {
+    return await this._redirectTo("signIn");
+  }
+  async redirectToSignUp() {
+    return await this._redirectTo("signUp");
+  }
+  async redirectToSignOut() {
+    return await this._redirectTo("signOut");
+  }
+  async redirectToEmailVerification() {
+    return await this._redirectTo("emailVerification");
+  }
+  async redirectToPasswordReset() {
+    return await this._redirectTo("passwordReset");
+  }
+  async redirectToForgotPassword() {
+    return await this._redirectTo("forgotPassword");
+  }
+  async redirectToHome() {
+    return await this._redirectTo("home");
+  }
+  async redirectToOAuthCallback() {
+    return await this._redirectTo("oauthCallback");
+  }
+  async redirectToMagicLinkCallback() {
+    return await this._redirectTo("magicLinkCallback");
+  }
+  async redirectToAfterSignIn() {
+    return await this._redirectTo("afterSignIn");
+  }
+  async redirectToAfterSignUp() {
+    return await this._redirectTo("afterSignUp");
+  }
+  async redirectToAfterSignOut() {
+    return await this._redirectTo("afterSignOut");
+  }
+  async redirectToAccountSettings() {
+    return await this._redirectTo("accountSettings");
+  }
+  async sendForgotPasswordEmail(email) {
+    const redirectUrl = constructRedirectUrl(this.urls.passwordReset);
+    const error = await this._interface.sendForgotPasswordEmail(email, redirectUrl);
+    return error;
+  }
+  async sendMagicLinkEmail(email) {
+    const magicLinkRedirectUrl = constructRedirectUrl(this.urls.magicLinkCallback);
+    const error = await this._interface.sendMagicLinkEmail(email, magicLinkRedirectUrl);
+    return error;
+  }
+  async resetPassword(options) {
+    const error = await this._interface.resetPassword(options);
+    return error;
+  }
+  async verifyPasswordResetCode(code) {
+    return await this._interface.verifyPasswordResetCode(code);
+  }
+  async verifyEmail(code) {
+    return await this._interface.verifyEmail(code);
+  }
+  async getUser(options) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const userJson = await this._currentUserCache.getOrWait([tokenStore], "write-only");
+    if (userJson === null) {
+      switch (options?.or) {
+        case "redirect": {
+          NextNavigation.redirect(this.urls.signIn, NextNavigation.RedirectType.replace);
+          throw new Error("redirect should never return!");
+        }
+        case "throw": {
+          throw new Error("User is not signed in but getUser was called with { or: 'throw' }");
+        }
+        default: {
+          return null;
+        }
+      }
+    }
+    return this._currentUserFromJson(userJson, tokenStore);
+  }
+  useUser(options) {
+    this._ensurePersistentTokenStore();
+    const router = NextNavigation.useRouter();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const userJson = useCache(this._currentUserCache, [tokenStore], "useUser()");
+    if (userJson === null) {
+      switch (options?.or) {
+        case "redirect": {
+          router.replace(this.urls.signIn);
+          suspend();
+          throw new Error("suspend should never return! This is a bug in Stack.");
+        }
+        case "throw": {
+          throw new Error("User is not signed in but useUser was called with { or: 'throw' }");
+        }
+        case void 0:
+        case "return-null": {
+        }
+      }
+    }
+    return useMemo(() => {
+      return this._currentUserFromJson(userJson, tokenStore);
+    }, [userJson, tokenStore, options?.or]);
+  }
+  onUserChange(callback) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    return this._currentUserCache.onChange([tokenStore], (userJson) => {
+      callback(this._currentUserFromJson(userJson, tokenStore));
+    });
+  }
+  async _updateUser(update, tokenStore) {
+    const res = await this._interface.setClientUserCustomizableData(update, tokenStore);
+    await this._refreshUser(tokenStore);
+    return res;
+  }
+  async signInWithOAuth(provider) {
+    this._ensurePersistentTokenStore();
+    await signInWithOAuth(this._interface, { provider, redirectUrl: this.urls.oauthCallback });
+  }
+  async signInWithCredential(options) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const errorCode = await this._interface.signInWithCredential(options.email, options.password, tokenStore);
+    if (!errorCode) {
+      window.location.assign(this.urls.afterSignIn);
+    }
+    return errorCode;
+  }
+  async signUpWithCredential(options) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const emailVerificationRedirectUrl = constructRedirectUrl(this.urls.emailVerification);
+    const errorCode = await this._interface.signUpWithCredential(
+      options.email,
+      options.password,
+      emailVerificationRedirectUrl,
+      tokenStore
+    );
+    if (!errorCode) {
+      window.location.assign(this.urls.afterSignUp);
+    }
+    return errorCode;
+  }
+  async signInWithMagicLink(code) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const result = await this._interface.signInWithMagicLink(code, tokenStore);
+    if (result instanceof KnownError) {
+      return result;
+    }
+    if (result.newUser) {
+      window.location.replace(this.urls.afterSignUp);
+    } else {
+      window.location.replace(this.urls.afterSignIn);
+    }
+    await neverResolve();
+  }
+  async callOAuthCallback() {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const result = await callOAuthCallback(this._interface, tokenStore, this.urls.oauthCallback);
+    if (result?.newUser) {
+      window.location.replace(this.urls.afterSignUp);
+    } else {
+      window.location.replace(this.urls.afterSignIn);
+    }
+    await neverResolve();
+  }
+  async _signOut(tokenStore) {
+    await this._interface.signOut(tokenStore);
+    window.location.assign(this.urls.afterSignOut);
+  }
+  async _sendVerificationEmail(tokenStore) {
+    const emailVerificationRedirectUrl = constructRedirectUrl(this.urls.emailVerification);
+    return await this._interface.sendVerificationEmail(emailVerificationRedirectUrl, tokenStore);
+  }
+  async _updatePassword(options, tokenStore) {
+    return await this._interface.updatePassword(options, tokenStore);
+  }
+  async signOut() {
+    const user = await this.getUser();
+    if (user) {
+      await user.signOut();
+    }
+  }
+  async getProject() {
+    return await this._currentProjectCache.getOrWait([], "write-only");
+  }
+  useProject() {
+    return useCache(this._currentProjectCache, [], "useProject()");
+  }
+  onProjectChange(callback) {
+    return this._currentProjectCache.onChange([], callback);
+  }
+  async _listOwnedProjects() {
+    this._ensureInternalProject();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const json = await this._ownedProjectsCache.getOrWait([tokenStore], "write-only");
+    return json.map((j) => this._projectAdminFromJson(
+      j,
+      this._createAdminInterface(j.id, tokenStore),
+      () => this._refreshOwnedProjects(tokenStore)
+    ));
+  }
+  _useOwnedProjects() {
+    this._ensureInternalProject();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const json = useCache(this._ownedProjectsCache, [tokenStore], "useOwnedProjects()");
+    return useMemo(() => json.map((j) => this._projectAdminFromJson(
+      j,
+      this._createAdminInterface(j.id, tokenStore),
+      () => this._refreshOwnedProjects(tokenStore)
+    )), [json]);
+  }
+  _onOwnedProjectsChange(callback) {
+    this._ensureInternalProject();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    return this._ownedProjectsCache.onChange([tokenStore], (projects) => {
+      callback(projects.map((j) => this._projectAdminFromJson(
+        j,
+        this._createAdminInterface(j.id, tokenStore),
+        () => this._refreshOwnedProjects(tokenStore)
+      )));
+    });
+  }
+  async _createProject(newProject) {
+    this._ensureInternalProject();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const json = await this._interface.createProject(newProject, tokenStore);
+    const res = this._projectAdminFromJson(
+      json,
+      this._createAdminInterface(json.id, tokenStore),
+      () => this._refreshOwnedProjects(tokenStore)
+    );
+    await this._refreshOwnedProjects(tokenStore);
+    return res;
+  }
+  async _refreshUser(tokenStore) {
+    await this._currentUserCache.refresh([tokenStore]);
+  }
+  async _refreshUsers() {
+  }
+  async _refreshProject() {
+    await this._currentProjectCache.refresh([]);
+  }
+  async _refreshOwnedProjects(tokenStore) {
+    await this._ownedProjectsCache.refresh([tokenStore]);
+  }
+  static get [stackAppInternalsSymbol]() {
+    return {
+      fromClientJson: (json) => {
+        const providedCheckString = JSON.stringify(omit(json, [
+          /* none currently */
+        ]));
+        const existing = allClientApps.get(json.uniqueIdentifier);
+        if (existing) {
+          const [existingCheckString, clientApp] = existing;
+          if (existingCheckString !== providedCheckString) {
+            throw new StackAssertionError("The provided app JSON does not match the configuration of the existing client app with the same unique identifier", { providedObj: json, existingString: existingCheckString });
+          }
+          return clientApp;
+        }
+        return new __StackClientAppImpl({
+          ...json,
+          checkString: providedCheckString
+        });
+      }
+    };
+  }
+  get [stackAppInternalsSymbol]() {
+    return {
+      toClientJson: () => {
+        if (!("publishableClientKey" in this._interface.options)) {
+          throw Error("Cannot serialize to JSON from an application without a publishable client key");
+        }
+        return {
+          baseUrl: this._interface.options.baseUrl,
+          projectId: this.projectId,
+          publishableClientKey: this._interface.options.publishableClientKey,
+          tokenStore: this._tokenStoreOptions,
+          urls: this._urlOptions,
+          uniqueIdentifier: this._uniqueIdentifier
+        };
+      },
+      setCurrentUser: (userJsonPromise) => {
+        runAsynchronously(this._currentUserCache.forceSetCachedValueAsync([getTokenStore(this._tokenStoreOptions)], userJsonPromise));
+      }
+    };
+  }
+};
+var _StackServerAppImpl = class extends _StackClientAppImpl {
+  // TODO override the client user cache to use the server user cache, so we save some requests
+  _currentServerUserCache = createCacheByTokenStore(async (tokenStore) => {
+    const user = await this._interface.getServerUserByToken(tokenStore);
+    return Result.or(user, null);
+  });
+  _serverUsersCache = createCache(async () => {
+    return await this._interface.listUsers();
+  });
+  constructor(options) {
+    if ("interface" in options) {
+      super({
+        interface: options.interface,
+        tokenStore: options.tokenStore,
+        urls: options.urls
+      });
+    } else {
+      super({
+        interface: new StackServerInterface({
+          baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
+          projectId: options.projectId ?? getDefaultProjectId(),
+          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
+          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey()
+        }),
+        tokenStore: options.tokenStore,
+        urls: options.urls ?? {}
+      });
+    }
+  }
+  _serverUserFromJson(json) {
+    if (json === null)
+      return null;
+    const app = this;
+    return {
+      ...this._userFromJson(json),
+      serverMetadata: json.serverMetadata,
+      async delete() {
+        const res = await app._interface.deleteServerUser(this.id);
+        await app._refreshUsers();
+        return res;
+      },
+      async update(update) {
+        const res = await app._interface.setServerUserCustomizableData(this.id, update);
+        await app._refreshUsers();
+        return res;
+      },
+      getClientUser() {
+        return app._userFromJson(json);
+      },
+      toJson() {
+        return app._serverUserToJson(this);
+      }
+    };
+  }
+  _currentServerUserFromJson(json, tokenStore) {
+    if (json === null)
+      return null;
+    const app = this;
+    const nonCurrentServerUser = this._serverUserFromJson(json);
+    const currentUser = {
+      ...nonCurrentServerUser,
+      tokenStore,
+      async delete() {
+        const res = await nonCurrentServerUser.delete();
+        await app._refreshUser(tokenStore);
+        return res;
+      },
+      async update(update) {
+        const res = await nonCurrentServerUser.update(update);
+        await app._refreshUser(tokenStore);
+        return res;
+      },
+      signOut() {
+        return app._signOut(tokenStore);
+      },
+      getClientUser() {
+        return app._currentUserFromJson(json, tokenStore);
+      },
+      sendVerificationEmail() {
+        return app._sendVerificationEmail(tokenStore);
+      },
+      updatePassword(options) {
+        return app._updatePassword(options, tokenStore);
+      }
+    };
+    if (this.isInternalProject()) {
+      const internalUser = {
+        ...currentUser,
+        createProject(newProject) {
+          return app._createProject(newProject);
+        },
+        listOwnedProjects() {
+          return app._listOwnedProjects();
+        },
+        useOwnedProjects() {
+          return app._useOwnedProjects();
+        },
+        onOwnedProjectsChange(callback) {
+          return app._onOwnedProjectsChange(callback);
+        }
+      };
+      Object.freeze(internalUser);
+      return internalUser;
+    } else {
+      Object.freeze(currentUser);
+      return currentUser;
+    }
+  }
+  _serverUserToJson(user) {
+    return {
+      projectId: user.projectId,
+      id: user.id,
+      displayName: user.displayName,
+      primaryEmail: user.primaryEmail,
+      primaryEmailVerified: user.primaryEmailVerified,
+      profileImageUrl: user.profileImageUrl,
+      signedUpAtMillis: user.signedUpAt.getTime(),
+      clientMetadata: user.clientMetadata,
+      serverMetadata: user.serverMetadata,
+      authMethod: user.authMethod,
+      hasPassword: user.hasPassword,
+      authWithEmail: user.authWithEmail,
+      oauthProviders: user.oauthProviders
+    };
+  }
+  async getServerUser() {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const userJson = await this._currentServerUserCache.getOrWait([tokenStore], "write-only");
+    return this._currentServerUserFromJson(userJson, tokenStore);
+  }
+  useServerUser(options) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    const userJson = useCache(this._currentServerUserCache, [tokenStore], "useServerUser()");
+    return useMemo(() => {
+      if (options?.required && userJson === null) {
+        use(this.redirectToSignIn());
+      }
+      return this._currentServerUserFromJson(userJson, tokenStore);
+    }, [userJson, tokenStore, options?.required]);
+  }
+  onServerUserChange(callback) {
+    this._ensurePersistentTokenStore();
+    const tokenStore = getTokenStore(this._tokenStoreOptions);
+    return this._currentServerUserCache.onChange([tokenStore], (userJson) => {
+      callback(this._currentServerUserFromJson(userJson, tokenStore));
+    });
+  }
+  async listServerUsers() {
+    const json = await this._serverUsersCache.getOrWait([], "write-only");
+    return json.map((j) => this._serverUserFromJson(j));
+  }
+  useServerUsers() {
+    const json = useCache(this._serverUsersCache, [], "useServerUsers()");
+    return useMemo(() => {
+      return json.map((j) => this._serverUserFromJson(j));
+    }, [json]);
+  }
+  onServerUsersChange(callback) {
+    return this._serverUsersCache.onChange([], (users) => {
+      callback(users.map((j) => this._serverUserFromJson(j)));
+    });
+  }
+  async _refreshUser(tokenStore) {
+    await Promise.all([
+      super._refreshUser(tokenStore),
+      this._currentServerUserCache.refresh([tokenStore])
+    ]);
+  }
+  async _refreshUsers() {
+    await Promise.all([
+      super._refreshUsers(),
+      this._serverUsersCache.refresh([])
+    ]);
+  }
+};
+var _StackAdminAppImpl = class extends _StackServerAppImpl {
+  _adminProjectCache = createCache(async () => {
+    return await this._interface.getProject();
+  });
+  _apiKeySetsCache = createCache(async () => {
+    return await this._interface.listApiKeySets();
+  });
+  constructor(options) {
+    super({
+      interface: new StackAdminInterface({
+        baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
+        projectId: options.projectId ?? getDefaultProjectId(),
+        ..."projectOwnerTokens" in options ? {
+          projectOwnerTokens: options.projectOwnerTokens
+        } : {
+          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
+          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),
+          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey()
+        }
+      }),
+      tokenStore: options.tokenStore,
+      urls: options.urls
+    });
+  }
+  _createApiKeySetBaseFromJson(data) {
+    const app = this;
+    return {
+      id: data.id,
+      description: data.description,
+      expiresAt: new Date(data.expiresAtMillis),
+      manuallyRevokedAt: data.manuallyRevokedAtMillis ? new Date(data.manuallyRevokedAtMillis) : null,
+      createdAt: new Date(data.createdAtMillis),
+      isValid() {
+        return this.whyInvalid() === null;
+      },
+      whyInvalid() {
+        if (this.expiresAt.getTime() < Date.now())
+          return "expired";
+        if (this.manuallyRevokedAt)
+          return "manually-revoked";
+        return null;
+      },
+      async revoke() {
+        const res = await app._interface.revokeApiKeySetById(data.id);
+        await app._refreshApiKeySets();
+        return res;
+      }
+    };
+  }
+  _createApiKeySetFromJson(data) {
+    return {
+      ...this._createApiKeySetBaseFromJson(data),
+      publishableClientKey: data.publishableClientKey ? { lastFour: data.publishableClientKey.lastFour } : null,
+      secretServerKey: data.secretServerKey ? { lastFour: data.secretServerKey.lastFour } : null,
+      superSecretAdminKey: data.superSecretAdminKey ? { lastFour: data.superSecretAdminKey.lastFour } : null
+    };
+  }
+  _createApiKeySetFirstViewFromJson(data) {
+    return {
+      ...this._createApiKeySetBaseFromJson(data),
+      publishableClientKey: data.publishableClientKey,
+      secretServerKey: data.secretServerKey,
+      superSecretAdminKey: data.superSecretAdminKey
+    };
+  }
+  async getProjectAdmin() {
+    return this._projectAdminFromJson(
+      await this._adminProjectCache.getOrWait([], "write-only"),
+      this._interface,
+      () => this._refreshProject()
+    );
+  }
+  useProjectAdmin() {
+    const json = useCache(this._adminProjectCache, [], "useProjectAdmin()");
+    return useMemo(() => this._projectAdminFromJson(
+      json,
+      this._interface,
+      () => this._refreshProject()
+    ), [json]);
+  }
+  onProjectAdminChange(callback) {
+    return this._adminProjectCache.onChange([], (project) => {
+      callback(this._projectAdminFromJson(
+        project,
+        this._interface,
+        () => this._refreshProject()
+      ));
+    });
+  }
+  async listApiKeySets() {
+    const json = await this._apiKeySetsCache.getOrWait([], "write-only");
+    return json.map((j) => this._createApiKeySetFromJson(j));
+  }
+  useApiKeySets() {
+    const json = useCache(this._apiKeySetsCache, [], "useApiKeySets()");
+    return useMemo(() => {
+      return json.map((j) => this._createApiKeySetFromJson(j));
+    }, [json]);
+  }
+  onApiKeySetsChange(callback) {
+    return this._apiKeySetsCache.onChange([], (apiKeySets) => {
+      callback(apiKeySets.map((j) => this._createApiKeySetFromJson(j)));
+    });
+  }
+  async createApiKeySet(options) {
+    const json = await this._interface.createApiKeySet(options);
+    await this._refreshApiKeySets();
+    return this._createApiKeySetFirstViewFromJson(json);
+  }
+  async _refreshProject() {
+    await Promise.all([
+      super._refreshProject(),
+      this._adminProjectCache.refresh([])
+    ]);
+  }
+  async _refreshApiKeySets() {
+    await this._apiKeySetsCache.refresh([]);
+  }
+};
+var StackClientApp = _StackClientAppImpl;
+var StackServerApp = _StackServerAppImpl;
+var StackAdminApp = _StackAdminAppImpl;
+export {
+  StackAdminApp,
+  StackClientApp,
+  StackServerApp,
+  stackAppInternalsSymbol
+};