@stackframe/stack 2.3.8 → 2.4.1

package/dist/lib/stack-app.js

@@ -53,6 +53,9 @@ var import_objects = require("@stackframe/stack-shared/dist/utils/objects");
 var import_promises = require("@stackframe/stack-shared/dist/utils/promises");
 var import_caches = require("@stackframe/stack-shared/dist/utils/caches");
 var import_react3 = require("@stackframe/stack-shared/dist/utils/react");
+function permissionDefinitionScopeToType(scope) {
+  return { "any-team": "team", "specific-team": "team", "global": "global" }[scope.type];
+}
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   return {
@@ -80,10 +83,10 @@ function getDefaultPublishableClientKey() {
   return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || (0, import_errors.throwErr)("Welcome to Stack! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable.");
 }
 function getDefaultSecretServerKey() {
-  return process.env.STACK_SECRET_SERVER_KEY || (0, import_errors.throwErr)("No secret server key provided. Please copy your publishable client key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable.");
+  return process.env.STACK_SECRET_SERVER_KEY || (0, import_errors.throwErr)("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable.");
 }
 function getDefaultSuperSecretAdminKey() {
-  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || (0, import_errors.throwErr)("No super secret admin key provided. Please copy your publishable client key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable.");
+  return process.env.STACK_SUPER_SECRET_ADMIN_KEY || (0, import_errors.throwErr)("No super secret admin key provided. Please copy your key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable.");
 }
 function getDefaultBaseUrl() {
   return process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
@@ -120,8 +123,8 @@ var cookieTokenStoreInitializer = () => {
     }, 10);
     cookieTokenStore.onChange((value) => {
       try {
-        (0, import_cookie.setOrDeleteCookie)("stack-refresh", value.refreshToken);
-        (0, import_cookie.setOrDeleteCookie)("stack-access", value.accessToken);
+        (0, import_cookie.setOrDeleteCookie)("stack-refresh", value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
+        (0, import_cookie.setOrDeleteCookie)("stack-access", value.accessToken, { maxAge: 60 * 60 * 24 });
         hasSucceededInWriting = true;
       } catch (e) {
         hasSucceededInWriting = false;
@@ -143,8 +146,8 @@ var tokenStoreInitializers = /* @__PURE__ */ new Map([
       });
       store.onChange((value) => {
         try {
-          (0, import_cookie.setOrDeleteCookie)("stack-refresh", value.refreshToken);
-          (0, import_cookie.setOrDeleteCookie)("stack-access", value.accessToken);
+          (0, import_cookie.setOrDeleteCookie)("stack-refresh", value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
+          (0, import_cookie.setOrDeleteCookie)("stack-access", value.accessToken, { maxAge: 60 * 60 * 24 });
         } catch (e) {
         }
       });
@@ -216,6 +219,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _ownedProjectsCache = createCacheByTokenStore(async (tokenStore) => {
     return await this._interface.listProjects(tokenStore);
   });
+  _currentUserPermissionsCache = createCacheByTokenStore(async (tokenStore, [teamId, type, direct]) => {
+    return await this._interface.listClientUserTeamPermissions({ teamId, type, direct }, tokenStore);
+  });
+  _currentUserTeamsCache = createCacheByTokenStore(async (tokenStore) => {
+    return await this._interface.listClientUserTeams(tokenStore);
+  });
   constructor(options) {
     if ("interface" in options) {
       this._interface = options.interface;
@@ -250,7 +259,33 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       throw new Error("Cannot call this function on a Stack app with a project ID other than 'internal'.");
     }
   }
+  _permissionFromJson(json) {
+    const type = permissionDefinitionScopeToType(json.scope);
+    if (type === "team") {
+      return {
+        id: json.id,
+        type,
+        teamId: json.scope.teamId
+      };
+    } else {
+      return {
+        id: json.id,
+        type
+      };
+    }
+  }
+  _teamFromJson(json) {
+    return {
+      id: json.id,
+      displayName: json.displayName,
+      createdAt: new Date(json.createdAtMillis),
+      toJson() {
+        return json;
+      }
+    };
+  }
   _userFromJson(json) {
+    const app = this;
     return {
       projectId: json.projectId,
       id: json.id,
@@ -264,11 +299,69 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       hasPassword: json.hasPassword,
       authWithEmail: json.authWithEmail,
       oauthProviders: json.oauthProviders,
+      async getTeam(teamId) {
+        const teams = await this.listTeams();
+        return teams.find((t) => t.id === teamId) ?? null;
+      },
+      useTeam(teamId) {
+        const teams = this.useTeams();
+        return (0, import_react.useMemo)(() => {
+          return teams.find((t) => t.id === teamId) ?? null;
+        }, [teams, teamId]);
+      },
+      onTeamChange(teamId, callback) {
+        return this.onTeamsChange((teams) => {
+          const team = teams.find((t) => t.id === teamId) ?? null;
+          callback(team);
+        });
+      },
+      async listTeams() {
+        const teams = await app._currentUserTeamsCache.getOrWait([getTokenStore(app._tokenStoreOptions)], "write-only");
+        return teams.map((json2) => app._teamFromJson(json2));
+      },
+      useTeams() {
+        const teams = useCache(app._currentUserTeamsCache, [getTokenStore(app._tokenStoreOptions)], "user.useTeams()");
+        return (0, import_react.useMemo)(() => teams.map((json2) => app._teamFromJson(json2)), [teams]);
+      },
+      onTeamsChange(callback) {
+        return app._currentUserTeamsCache.onChange([getTokenStore(app._tokenStoreOptions)], (value, oldValue) => {
+          callback(value.map((json2) => app._teamFromJson(json2)), oldValue?.map((json2) => app._teamFromJson(json2)));
+        });
+      },
+      async listPermissions(scope, options) {
+        const permissions = await app._currentUserPermissionsCache.getOrWait([getTokenStore(app._tokenStoreOptions), scope.id, "team", !!options?.direct], "write-only");
+        return permissions.map((json2) => app._permissionFromJson(json2));
+      },
+      usePermissions(scope, options) {
+        const permissions = useCache(app._currentUserPermissionsCache, [getTokenStore(app._tokenStoreOptions), scope.id, "team", !!options?.direct], "user.usePermissions()");
+        return (0, import_react.useMemo)(() => permissions.map((json2) => app._permissionFromJson(json2)), [permissions]);
+      },
+      usePermission(scope, permissionId) {
+        const permissions = this.usePermissions(scope);
+        return (0, import_react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+      },
+      async getPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.find((p) => p.id === permissionId) ?? null;
+      },
+      async hasPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.some((p) => p.id === permissionId);
+      },
       toJson() {
         return json;
       }
     };
   }
+  _teamMemberFromJson(json) {
+    if (json === null)
+      return null;
+    return {
+      teamId: json.teamId,
+      userId: json.userId,
+      displayName: json.displayName
+    };
+  }
   _currentUserFromJson(json, tokenStore) {
     if (json === null)
       return null;
@@ -346,7 +439,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         allowLocalhost: data.evaluatedConfig.allowLocalhost,
         oauthProviders: data.evaluatedConfig.oauthProviders,
         emailConfig: data.evaluatedConfig.emailConfig,
-        domains: data.evaluatedConfig.domains
+        domains: data.evaluatedConfig.domains,
+        createTeamOnSignUp: data.evaluatedConfig.createTeamOnSignUp
       },
       async update(update) {
         await adminInterface.updateProject(update);
@@ -378,7 +472,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       throw new Error(`No URL for handler name ${handlerName}`);
     }
     window.location.href = this.urls[handlerName];
-    return (0, import_promises.neverResolve)();
+    return (0, import_promises.wait)(2e3);
   }
   async redirectToSignIn() {
     return await this._redirectTo("signIn");
@@ -469,7 +563,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         case "redirect": {
           router.replace(this.urls.signIn);
           (0, import_react3.suspend)();
-          throw new Error("suspend should never return! This is a bug in Stack.");
+          throw new import_errors.StackAssertionError("suspend should never return");
         }
         case "throw": {
           throw new Error("User is not signed in but useUser was called with { or: 'throw' }");
@@ -541,10 +635,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     this._ensurePersistentTokenStore();
     const tokenStore = getTokenStore(this._tokenStoreOptions);
     const result = await (0, import_auth.callOAuthCallback)(this._interface, tokenStore, this.urls.oauthCallback);
-    if (result?.newUser) {
-      window.location.replace(this.urls.afterSignUp);
-    } else {
-      window.location.replace(this.urls.afterSignIn);
+    if (result) {
+      if (result.newUser) {
+        window.location.replace(this.urls.afterSignUp);
+      } else {
+        window.location.replace(this.urls.afterSignIn);
+      }
     }
     await (0, import_promises.neverResolve)();
   }
@@ -679,6 +775,22 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
   _serverUsersCache = createCache(async () => {
     return await this._interface.listUsers();
   });
+  _serverUserCache = createCache(async ([userId]) => {
+    const user = await this._interface.getServerUserById(userId);
+    return import_results.Result.or(user, null);
+  });
+  _serverTeamsCache = createCache(async () => {
+    return await this._interface.listTeams();
+  });
+  _serverTeamMembersCache = createCache(async ([teamId]) => {
+    return await this._interface.listTeamMembers(teamId);
+  });
+  _serverTeamPermissionDefinitionsCache = createCache(async () => {
+    return await this._interface.listPermissionDefinitions();
+  });
+  _serverTeamUserPermissionsCache = createCache(async ([teamId, userId, type, direct]) => {
+    return await this._interface.listTeamMemberPermissions({ teamId, userId, type, direct });
+  });
   constructor(options) {
     if ("interface" in options) {
       super({
@@ -719,6 +831,67 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       getClientUser() {
         return app._userFromJson(json);
       },
+      async grantPermission(scope, permissionId) {
+        await app._interface.grantTeamUserPermission(scope.id, json.id, permissionId, "team");
+        for (const direct of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, json.id, "team", direct]);
+        }
+      },
+      async revokePermission(scope, permissionId) {
+        await app._interface.revokeTeamUserPermission(scope.id, json.id, permissionId, "team");
+        for (const direct of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, json.id, "team", direct]);
+        }
+      },
+      async getTeam(teamId) {
+        const teams = await this.listTeams();
+        return teams.find((t) => t.id === teamId) ?? null;
+      },
+      useTeam(teamId) {
+        const teams = this.useTeams();
+        return (0, import_react.useMemo)(() => {
+          return teams.find((t) => t.id === teamId) ?? null;
+        }, [teams, teamId]);
+      },
+      onTeamChange(teamId, callback) {
+        return this.onTeamsChange((teams) => {
+          const team = teams.find((t) => t.id === teamId) ?? null;
+          callback(team);
+        });
+      },
+      async listTeams() {
+        const teams = await app._serverTeamsCache.getOrWait([getTokenStore(app._tokenStoreOptions)], "write-only");
+        return teams.map((json2) => app._serverTeamFromJson(json2));
+      },
+      useTeams() {
+        const teams = useCache(app._serverTeamsCache, [getTokenStore(app._tokenStoreOptions)], "user.useTeams()");
+        return (0, import_react.useMemo)(() => teams.map((json2) => app._serverTeamFromJson(json2)), [teams]);
+      },
+      onTeamsChange(callback) {
+        return app._serverTeamsCache.onChange([getTokenStore(app._tokenStoreOptions)], (value, oldValue) => {
+          callback(value.map((json2) => app._serverTeamFromJson(json2)), oldValue?.map((json2) => app._serverTeamFromJson(json2)));
+        });
+      },
+      async listPermissions(scope, options) {
+        const permissions = await app._serverTeamUserPermissionsCache.getOrWait([scope.id, json.id, "team", !!options?.direct], "write-only");
+        return permissions.map((json2) => app._serverPermissionFromJson(json2));
+      },
+      usePermissions(scope, options) {
+        const permissions = useCache(app._serverTeamUserPermissionsCache, [scope.id, json.id, "team", !!options?.direct], "user.usePermissions()");
+        return (0, import_react.useMemo)(() => permissions.map((json2) => app._serverPermissionFromJson(json2)), [permissions]);
+      },
+      usePermission(scope, permissionId) {
+        const permissions = this.usePermissions(scope);
+        return (0, import_react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+      },
+      async getPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.find((p) => p.id === permissionId) ?? null;
+      },
+      async hasPermission(scope, permissionId) {
+        const permissions = await this.listPermissions(scope);
+        return permissions.some((p) => p.id === permissionId);
+      },
       toJson() {
         return app._serverUserToJson(this);
       }
@@ -778,6 +951,20 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return currentUser;
     }
   }
+  _serverTeamMemberFromJson(json) {
+    if (json === null)
+      return null;
+    const app = this;
+    return {
+      ...app._teamMemberFromJson(json),
+      async getUser() {
+        const user = app._serverUserFromJson(await app._serverUserCache.getOrWait([json.userId], "write-only"));
+        if (!user)
+          throw new Error(`User ${json.userId} not found`);
+        return user;
+      }
+    };
+  }
   _serverUserToJson(user) {
     return {
       projectId: user.projectId,
@@ -795,12 +982,56 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       oauthProviders: user.oauthProviders
     };
   }
+  _serverTeamFromJson(json) {
+    const app = this;
+    return {
+      id: json.id,
+      displayName: json.displayName,
+      createdAt: new Date(json.createdAtMillis),
+      async listMembers() {
+        return (await app._interface.listTeamMembers(json.id)).map((u) => app._serverTeamMemberFromJson(u));
+      },
+      async update(update) {
+        await app._interface.updateTeam(json.id, update);
+        await app._serverTeamsCache.refresh([]);
+      },
+      async delete() {
+        await app._interface.deleteTeam(json.id);
+        await app._serverTeamsCache.refresh([]);
+      },
+      useMembers() {
+        const result = useCache(app._serverTeamMembersCache, [json.id], "team.useUsers()");
+        return (0, import_react.useMemo)(() => result.map((u) => app._serverTeamMemberFromJson(u)), [result]);
+      },
+      async addUser(userId) {
+        await app._interface.addUserToTeam({
+          teamId: json.id,
+          userId
+        });
+        await app._serverTeamMembersCache.refresh([json.id]);
+      },
+      async removeUser(userId) {
+        await app._interface.removeUserFromTeam({
+          teamId: json.id,
+          userId
+        });
+        await app._serverTeamMembersCache.refresh([json.id]);
+      },
+      toJson() {
+        return json;
+      }
+    };
+  }
   async getServerUser() {
     this._ensurePersistentTokenStore();
     const tokenStore = getTokenStore(this._tokenStoreOptions);
     const userJson = await this._currentServerUserCache.getOrWait([tokenStore], "write-only");
     return this._currentServerUserFromJson(userJson, tokenStore);
   }
+  async getServerUserById(userId) {
+    const json = await this._serverUserCache.getOrWait([userId], "write-only");
+    return this._serverUserFromJson(json);
+  }
   useServerUser(options) {
     this._ensurePersistentTokenStore();
     const tokenStore = getTokenStore(this._tokenStoreOptions);
@@ -834,6 +1065,58 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       callback(users.map((j) => this._serverUserFromJson(j)));
     });
   }
+  async listPermissionDefinitions() {
+    return await this._serverTeamPermissionDefinitionsCache.getOrWait([], "write-only");
+  }
+  usePermissionDefinitions() {
+    return useCache(this._serverTeamPermissionDefinitionsCache, [], "usePermissions()");
+  }
+  _serverPermissionFromJson(json) {
+    return {
+      ...this._permissionFromJson(json),
+      __databaseUniqueId: json.__databaseUniqueId,
+      description: json.description,
+      containPermissionIds: json.containPermissionIds
+    };
+  }
+  async createPermissionDefinition(data) {
+    const permission = await this._serverPermissionFromJson(await this._interface.createPermissionDefinition(data));
+    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+    return permission;
+  }
+  async updatePermissionDefinition(permissionId, data) {
+    await this._interface.updatePermissionDefinition(permissionId, data);
+    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async deletePermissionDefinition(permissionId) {
+    await this._interface.deletePermissionDefinition(permissionId);
+    await this._serverTeamPermissionDefinitionsCache.refresh([]);
+  }
+  async listTeams() {
+    const teams = await this._serverTeamsCache.getOrWait([], "write-only");
+    return teams.map((t) => this._serverTeamFromJson(t));
+  }
+  async createTeam(data) {
+    const team = await this._interface.createTeam(data);
+    await this._serverTeamsCache.refresh([]);
+    return this._serverTeamFromJson(team);
+  }
+  useTeams() {
+    const teams = useCache(this._serverTeamsCache, [], "useServerTeams()");
+    return (0, import_react.useMemo)(() => {
+      return teams.map((t) => this._serverTeamFromJson(t));
+    }, [teams]);
+  }
+  async getTeam(teamId) {
+    const teams = await this.listTeams();
+    return teams.find((t) => t.id === teamId) ?? null;
+  }
+  useTeam(teamId) {
+    const teams = this.useTeams();
+    return (0, import_react.useMemo)(() => {
+      return teams.find((t) => t.id === teamId) ?? null;
+    }, [teams, teamId]);
+  }
   async _refreshUser(tokenStore) {
     await Promise.all([
       super._refreshUser(tokenStore),
@@ -976,3 +1259,4 @@ var StackAdminApp = _StackAdminAppImpl;
   StackServerApp,
   stackAppInternalsSymbol
 });
+//# sourceMappingURL=stack-app.js.map