@stackframe/stack 2.4.18 → 2.4.21

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @stackframe/stack
 
+## 2.4.21
+
+### Patch Changes
+
+- Bugfixes
+- Updated dependencies
+  - @stackframe/stack-sc@2.4.21
+  - @stackframe/stack-shared@2.4.21
+
+## 2.4.20
+
+### Patch Changes
+
+- Support multiple projects on the same domain
+- Updated dependencies
+  - @stackframe/stack-shared@2.4.20
+  - @stackframe/stack-sc@2.4.20
+
+## 2.4.19
+
+### Patch Changes
+
+- Sync package versions
+- Updated dependencies
+  - @stackframe/stack-sc@2.4.19
+  - @stackframe/stack-shared@2.4.19
+
 ## 2.4.18
 
 ### Patch Changes

package/dist/components-core/index.d.mts

@@ -12,18 +12,18 @@ import React__default from 'react';
 declare const Button: React__default.ForwardRefExoticComponent<Omit<Omit<ButtonProps, "ref"> & React__default.RefAttributes<HTMLButtonElement>, "ref"> & React__default.RefAttributes<HTMLButtonElement>>;
 declare const Input: React__default.ForwardRefExoticComponent<Omit<Omit<React__default.InputHTMLAttributes<HTMLInputElement> & Pick<React__default.HTMLProps<HTMLInputElement>, "ref">, "ref"> & React__default.RefAttributes<HTMLInputElement>, "ref"> & React__default.RefAttributes<HTMLInputElement>>;
 declare const Container: React__default.ForwardRefExoticComponent<Omit<{
-    size?: number | "xs" | "sm" | "md" | "lg" | "xl" | undefined;
+    size?: number | "sm" | "md" | "lg" | "xs" | "xl" | undefined;
 } & Omit<React__default.HTMLProps<HTMLDivElement>, "size">, "ref"> & React__default.RefAttributes<HTMLDivElement>>;
 declare const Separator: React__default.ForwardRefExoticComponent<Omit<Omit<_radix_ui_react_separator.SeparatorProps & React__default.RefAttributes<HTMLDivElement>, "ref"> & React__default.RefAttributes<HTMLDivElement>, "ref"> & React__default.RefAttributes<HTMLDivElement>>;
 declare const Label: React__default.ForwardRefExoticComponent<Omit<Omit<_radix_ui_react_label.LabelProps & React__default.RefAttributes<HTMLLabelElement>, "ref"> & React__default.RefAttributes<HTMLLabelElement>, "ref"> & React__default.RefAttributes<HTMLLabelElement>>;
 declare const Link: React__default.ForwardRefExoticComponent<Omit<Omit<{
-    size?: "xs" | "sm" | "md" | "lg" | "xl" | undefined;
+    size?: "sm" | "md" | "lg" | "xs" | "xl" | undefined;
     href: string | url.Url;
 } & Omit<React__default.HTMLProps<HTMLLinkElement>, "size" | "href">, "ref"> & React__default.RefAttributes<HTMLAnchorElement>, "ref"> & React__default.RefAttributes<HTMLAnchorElement>>;
 declare const Text: React__default.ForwardRefExoticComponent<Omit<Omit<{
     variant?: "primary" | "secondary" | "warning" | "success" | undefined;
-    as?: "h1" | "h2" | "h3" | "h4" | "h5" | "h6" | "p" | undefined;
-    size?: "xs" | "sm" | "md" | "lg" | "xl" | undefined;
+    as?: "h2" | "h3" | "p" | "h1" | "h4" | "h5" | "h6" | undefined;
+    size?: "sm" | "md" | "lg" | "xs" | "xl" | undefined;
 } & Omit<React__default.HTMLProps<HTMLParagraphElement>, "size">, "ref"> & React__default.RefAttributes<HTMLParagraphElement>, "ref"> & React__default.RefAttributes<HTMLParagraphElement>>;
 declare const Popover: React__default.ForwardRefExoticComponent<_radix_ui_react_popover.PopoverProps & React__default.RefAttributes<never>>;
 declare const PopoverTrigger: React__default.ForwardRefExoticComponent<Omit<_radix_ui_react_popover.PopoverTriggerProps & React__default.RefAttributes<HTMLButtonElement>, "ref"> & React__default.RefAttributes<HTMLButtonElement>>;

package/dist/components-core/index.d.ts

@@ -12,18 +12,18 @@ import React__default from 'react';
 declare const Button: React__default.ForwardRefExoticComponent<Omit<Omit<ButtonProps, "ref"> & React__default.RefAttributes<HTMLButtonElement>, "ref"> & React__default.RefAttributes<HTMLButtonElement>>;
 declare const Input: React__default.ForwardRefExoticComponent<Omit<Omit<React__default.InputHTMLAttributes<HTMLInputElement> & Pick<React__default.HTMLProps<HTMLInputElement>, "ref">, "ref"> & React__default.RefAttributes<HTMLInputElement>, "ref"> & React__default.RefAttributes<HTMLInputElement>>;
 declare const Container: React__default.ForwardRefExoticComponent<Omit<{
-    size?: number | "xs" | "sm" | "md" | "lg" | "xl" | undefined;
+    size?: number | "sm" | "md" | "lg" | "xs" | "xl" | undefined;
 } & Omit<React__default.HTMLProps<HTMLDivElement>, "size">, "ref"> & React__default.RefAttributes<HTMLDivElement>>;
 declare const Separator: React__default.ForwardRefExoticComponent<Omit<Omit<_radix_ui_react_separator.SeparatorProps & React__default.RefAttributes<HTMLDivElement>, "ref"> & React__default.RefAttributes<HTMLDivElement>, "ref"> & React__default.RefAttributes<HTMLDivElement>>;
 declare const Label: React__default.ForwardRefExoticComponent<Omit<Omit<_radix_ui_react_label.LabelProps & React__default.RefAttributes<HTMLLabelElement>, "ref"> & React__default.RefAttributes<HTMLLabelElement>, "ref"> & React__default.RefAttributes<HTMLLabelElement>>;
 declare const Link: React__default.ForwardRefExoticComponent<Omit<Omit<{
-    size?: "xs" | "sm" | "md" | "lg" | "xl" | undefined;
+    size?: "sm" | "md" | "lg" | "xs" | "xl" | undefined;
     href: string | url.Url;
 } & Omit<React__default.HTMLProps<HTMLLinkElement>, "size" | "href">, "ref"> & React__default.RefAttributes<HTMLAnchorElement>, "ref"> & React__default.RefAttributes<HTMLAnchorElement>>;
 declare const Text: React__default.ForwardRefExoticComponent<Omit<Omit<{
     variant?: "primary" | "secondary" | "warning" | "success" | undefined;
-    as?: "h1" | "h2" | "h3" | "h4" | "h5" | "h6" | "p" | undefined;
-    size?: "xs" | "sm" | "md" | "lg" | "xl" | undefined;
+    as?: "h2" | "h3" | "p" | "h1" | "h4" | "h5" | "h6" | undefined;
+    size?: "sm" | "md" | "lg" | "xs" | "xl" | undefined;
 } & Omit<React__default.HTMLProps<HTMLParagraphElement>, "size">, "ref"> & React__default.RefAttributes<HTMLParagraphElement>, "ref"> & React__default.RefAttributes<HTMLParagraphElement>>;
 declare const Popover: React__default.ForwardRefExoticComponent<_radix_ui_react_popover.PopoverProps & React__default.RefAttributes<never>>;
 declare const PopoverTrigger: React__default.ForwardRefExoticComponent<Omit<_radix_ui_react_popover.PopoverTriggerProps & React__default.RefAttributes<HTMLButtonElement>, "ref"> & React__default.RefAttributes<HTMLButtonElement>>;

package/dist/esm/lib/stack-app.js

@@ -8,21 +8,21 @@ import { AsyncResult, Result } from "@stackframe/stack-shared/dist/utils/results
 import { suspendIfSsr } from "@stackframe/stack-shared/dist/utils/react";
 import { Store } from "@stackframe/stack-shared/dist/utils/stores";
 import { getProductionModeErrors } from "@stackframe/stack-shared/dist/interface/clientInterface";
-import { isBrowserLike } from "@stackframe/stack-shared/src/utils/env";
+import { isBrowserLike } from "@stackframe/stack-shared/dist/utils/env";
 import { callOAuthCallback, signInWithOAuth } from "./auth";
 import * as NextNavigationUnscrambled from "next/navigation";
 import { constructRedirectUrl } from "../utils/url";
-import { filterUndefined, omit } from "@stackframe/stack-shared/dist/utils/objects";
+import { deepPlainEquals, filterUndefined, omit } from "@stackframe/stack-shared/dist/utils/objects";
 import { resolved, runAsynchronously, wait } from "@stackframe/stack-shared/dist/utils/promises";
 import { AsyncCache } from "@stackframe/stack-shared/dist/utils/caches";
 import { suspend } from "@stackframe/stack-shared/dist/utils/react";
 import { scrambleDuringCompileTime } from "@stackframe/stack-shared/dist/utils/compile-time";
 import { isReactServer } from "@stackframe/stack-sc";
 import * as cookie from "cookie";
-import { Session } from "@stackframe/stack-shared/dist/sessions";
+import { InternalSession } from "@stackframe/stack-shared/dist/sessions";
 import { useTrigger } from "@stackframe/stack-shared/dist/hooks/use-trigger";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.4.18";
+var clientVersion = "js @stackframe/stack@2.4.21";
 function permissionDefinitionScopeToType(scope) {
   return { "any-team": "team", "specific-team": "team", "global": "global" }[scope.type];
 }
@@ -68,43 +68,6 @@ function createEmptyTokenStore() {
     accessToken: null
   });
 }
-var storedCookieTokenStore = null;
-var getCookieTokenStore = () => {
-  if (!isBrowserLike()) {
-    throw new Error("Cannot use cookie token store on the server!");
-  }
-  if (storedCookieTokenStore === null) {
-    const getCurrentValue = () => ({
-      refreshToken: getCookie("stack-refresh"),
-      accessToken: getCookie("stack-access")
-    });
-    storedCookieTokenStore = new Store(getCurrentValue());
-    let hasSucceededInWriting = true;
-    setInterval(() => {
-      if (hasSucceededInWriting) {
-        const currentValue = getCurrentValue();
-        const oldValue = storedCookieTokenStore.get();
-        if (JSON.stringify(currentValue) !== JSON.stringify(oldValue)) {
-          storedCookieTokenStore.set(currentValue);
-        }
-      }
-    }, 100);
-    storedCookieTokenStore.onChange((value) => {
-      try {
-        setOrDeleteCookie("stack-refresh", value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
-        setOrDeleteCookie("stack-access", value.accessToken, { maxAge: 60 * 60 * 24 });
-        hasSucceededInWriting = true;
-      } catch (e) {
-        if (!isBrowserLike()) {
-          hasSucceededInWriting = false;
-        } else {
-          throw e;
-        }
-      }
-    });
-  }
-  return storedCookieTokenStore;
-};
 var loadingSentinel = Symbol("stackAppCacheLoadingSentinel");
 function useAsyncCache(cache, dependencies, caller) {
   suspendIfSsr(caller);
@@ -212,24 +175,72 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   _memoryTokenStore = createEmptyTokenStore();
   _requestTokenStores = /* @__PURE__ */ new WeakMap();
+  _storedCookieTokenStore = null;
+  get _refreshTokenCookieName() {
+    return `stack-refresh-${this.projectId}`;
+  }
+  get _accessTokenCookieName() {
+    return `stack-access`;
+  }
+  _getCookieTokenStore() {
+    if (!isBrowserLike()) {
+      throw new Error("Cannot use cookie token store on the server!");
+    }
+    if (this._storedCookieTokenStore === null) {
+      const getCurrentValue = (old) => ({
+        refreshToken: getCookie(this._refreshTokenCookieName) ?? getCookie("stack-refresh"),
+        // keep old cookie name for backwards-compatibility
+        // if there is an access token in memory already, don't update the access token based on cookies (access token
+        // cookies may be set by another project on the same domain)
+        // see the comment in _accessTokenCookieName for more information
+        accessToken: old === null ? getCookie(this._accessTokenCookieName) : old.accessToken
+      });
+      this._storedCookieTokenStore = new Store(getCurrentValue(null));
+      let hasSucceededInWriting = true;
+      setInterval(() => {
+        if (hasSucceededInWriting) {
+          const oldValue = this._storedCookieTokenStore.get();
+          const currentValue = getCurrentValue(oldValue);
+          if (!deepPlainEquals(currentValue, oldValue)) {
+            this._storedCookieTokenStore.set(currentValue);
+          }
+        }
+      }, 100);
+      this._storedCookieTokenStore.onChange((value) => {
+        try {
+          setOrDeleteCookie(this._refreshTokenCookieName, value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
+          setOrDeleteCookie(this._accessTokenCookieName, value.accessToken, { maxAge: 60 * 60 * 24 });
+          hasSucceededInWriting = true;
+        } catch (e) {
+          if (!isBrowserLike()) {
+            hasSucceededInWriting = false;
+          } else {
+            throw e;
+          }
+        }
+      });
+    }
+    return this._storedCookieTokenStore;
+  }
   _getOrCreateTokenStore(overrideTokenStoreInit) {
     const tokenStoreInit = overrideTokenStoreInit === void 0 ? this._tokenStoreInit : overrideTokenStoreInit;
     switch (tokenStoreInit) {
       case "cookie": {
-        return getCookieTokenStore();
+        return this._getCookieTokenStore();
       }
       case "nextjs-cookie": {
         if (isBrowserLike()) {
-          return getCookieTokenStore();
+          return this._getCookieTokenStore();
         } else {
           const store = new Store({
-            refreshToken: getCookie("stack-refresh"),
-            accessToken: getCookie("stack-access")
+            refreshToken: getCookie(this._refreshTokenCookieName) ?? getCookie("stack-refresh"),
+            // keep old cookie name for backwards-compatibility
+            accessToken: getCookie(this._accessTokenCookieName)
           });
           store.onChange((value) => {
             try {
-              setOrDeleteCookie("stack-refresh", value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
-              setOrDeleteCookie("stack-access", value.accessToken, { maxAge: 60 * 60 * 24 });
+              setOrDeleteCookie(this._refreshTokenCookieName, value.refreshToken, { maxAge: 60 * 60 * 24 * 365 });
+              setOrDeleteCookie(this._accessTokenCookieName, value.accessToken, { maxAge: 60 * 60 * 24 });
             } catch (e) {
             }
           });
@@ -239,21 +250,43 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       case "memory": {
         return this._memoryTokenStore;
       }
-      case null: {
-        return createEmptyTokenStore();
-      }
       default: {
-        if (tokenStoreInit !== null && typeof tokenStoreInit === "object" && "headers" in tokenStoreInit) {
+        if (tokenStoreInit === null) {
+          return createEmptyTokenStore();
+        } else if (typeof tokenStoreInit === "object" && "headers" in tokenStoreInit) {
           if (this._requestTokenStores.has(tokenStoreInit))
             return this._requestTokenStores.get(tokenStoreInit);
+          const stackAuthHeader = tokenStoreInit.headers.get("x-stack-auth");
+          if (stackAuthHeader) {
+            let parsed2;
+            try {
+              parsed2 = JSON.parse(stackAuthHeader);
+              if (typeof parsed2 !== "object")
+                throw new Error("x-stack-auth header must be a JSON object");
+              if (parsed2 === null)
+                throw new Error("x-stack-auth header must not be null");
+            } catch (e) {
+              throw new Error(`Invalid x-stack-auth header: ${stackAuthHeader}`, { cause: e });
+            }
+            return this._getOrCreateTokenStore({
+              accessToken: parsed2.accessToken ?? null,
+              refreshToken: parsed2.refreshToken ?? null
+            });
+          }
           const cookieHeader = tokenStoreInit.headers.get("cookie");
           const parsed = cookie.parse(cookieHeader || "");
           const res = new Store({
-            refreshToken: parsed["stack-refresh"] || null,
-            accessToken: parsed["stack-access"] || null
+            refreshToken: parsed[this._refreshTokenCookieName] || parsed["stack-refresh"] || null,
+            // keep old cookie name for backwards-compatibility
+            accessToken: parsed[this._accessTokenCookieName] || null
           });
           this._requestTokenStores.set(tokenStoreInit, res);
           return res;
+        } else if ("accessToken" in tokenStoreInit || "refreshToken" in tokenStoreInit) {
+          return new Store({
+            refreshToken: tokenStoreInit.refreshToken,
+            accessToken: tokenStoreInit.accessToken
+          });
         }
         throw new Error(`Invalid token store ${tokenStoreInit}`);
       }
@@ -270,7 +303,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _sessionsByTokenStoreAndSessionKey = /* @__PURE__ */ new WeakMap();
   _getSessionFromTokenStore(tokenStore) {
     const tokenObj = tokenStore.get();
-    const sessionKey = Session.calculateSessionKey(tokenObj);
+    const sessionKey = InternalSession.calculateSessionKey(tokenObj);
     const existing = sessionKey ? this._sessionsByTokenStoreAndSessionKey.get(tokenStore)?.get(sessionKey) : null;
     if (existing)
       return existing;
@@ -444,7 +477,16 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     const app = this;
     const currentUser = {
       ...this._userFromJson(json),
-      session,
+      _internalSession: session,
+      currentSession: {
+        async getTokens() {
+          const tokens = await session.getPotentiallyExpiredTokens();
+          return {
+            accessToken: tokens?.accessToken.token ?? null,
+            refreshToken: tokens?.refreshToken?.token ?? null
+          };
+        }
+      },
       async updateSelectedTeam(team) {
         await app._updateUser({ selectedTeamId: team?.id ?? null }, session);
       },
@@ -531,6 +573,18 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   get urls() {
     return getUrls(this._urlOptions);
   }
+  async getCrossOriginHeaders() {
+    return {
+      "x-stack-auth": JSON.stringify(await this.getCrossOriginTokenObject())
+    };
+  }
+  async getCrossOriginTokenObject() {
+    const user = await this.getUser();
+    if (!user)
+      return { accessToken: null, refreshToken: null };
+    const tokens = await user.currentSession.getTokens();
+    return tokens;
+  }
   async _redirectTo(handlerName, options) {
     const url = this.urls[handlerName];
     if (!url) {
@@ -982,7 +1036,16 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     const nonCurrentServerUser = this._serverUserFromJson(json);
     const currentUser = {
       ...nonCurrentServerUser,
-      session,
+      _internalSession: session,
+      currentSession: {
+        async getTokens() {
+          const tokens = await session.getPotentiallyExpiredTokens();
+          return {
+            accessToken: tokens?.accessToken.token ?? null,
+            refreshToken: tokens?.refreshToken?.token ?? null
+          };
+        }
+      },
       async delete() {
         const res = await nonCurrentServerUser.delete();
         await app._refreshUser(session);