npm - @stackframe/stack - Versions diffs - 2.4.21 → 2.4.23 - Mend

@stackframe/stack 2.4.21 → 2.4.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/dist/esm/lib/stack-app.js CHANGED Viewed

@@ -1,6 +1,6 @@
 // src/lib/stack-app.ts
 import React, { use, useCallback, useMemo } from "react";
-import { KnownError, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
+import { KnownError, KnownErrors, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
 import { getCookie, setOrDeleteCookie } from "./cookie";
 import { StackAssertionError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { generateUuid } from "@stackframe/stack-shared/dist/utils/uuids";
@@ -9,11 +9,11 @@ import { suspendIfSsr } from "@stackframe/stack-shared/dist/utils/react";
 import { Store } from "@stackframe/stack-shared/dist/utils/stores";
 import { getProductionModeErrors } from "@stackframe/stack-shared/dist/interface/clientInterface";
 import { isBrowserLike } from "@stackframe/stack-shared/dist/utils/env";
-import { callOAuthCallback, signInWithOAuth } from "./auth";
+import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
 import * as NextNavigationUnscrambled from "next/navigation";
 import { constructRedirectUrl } from "../utils/url";
 import { deepPlainEquals, filterUndefined, omit } from "@stackframe/stack-shared/dist/utils/objects";
-import { resolved, runAsynchronously, wait } from "@stackframe/stack-shared/dist/utils/promises";
+import { neverResolve, resolved, runAsynchronously, wait } from "@stackframe/stack-shared/dist/utils/promises";
 import { AsyncCache } from "@stackframe/stack-shared/dist/utils/caches";
 import { suspend } from "@stackframe/stack-shared/dist/utils/react";
 import { scrambleDuringCompileTime } from "@stackframe/stack-shared/dist/utils/compile-time";
@@ -21,8 +21,9 @@ import { isReactServer } from "@stackframe/stack-sc";
 import * as cookie from "cookie";
 import { InternalSession } from "@stackframe/stack-shared/dist/sessions";
 import { useTrigger } from "@stackframe/stack-shared/dist/hooks/use-trigger";
+import { mergeScopeStrings } from "@stackframe/stack-shared/dist/utils/strings";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.4.21";
+var clientVersion = "js @stackframe/stack@2.4.23";
 function permissionDefinitionScopeToType(scope) {
   return { "any-team": "team", "specific-team": "team", "global": "global" }[scope.type];
 }
@@ -43,9 +44,22 @@ function getUrls(partial) {
     magicLinkCallback: `${handler}/magic-link-callback`,
     home: "/",
     accountSettings: `${handler}/account-settings`,
+    error: `${handler}/error`,
     ...filterUndefined(partial)
   };
 }
+async function _redirectTo(url, options) {
+  if (isReactServer) {
+    NextNavigation.redirect(url, options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
+  } else {
+    if (options?.replace) {
+      window.location.replace(url);
+    } else {
+      window.location.assign(url);
+    }
+    await wait(2e3);
+  }
+}
 function getDefaultProjectId() {
   return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || throwErr(new Error("Welcome to Stack! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
 }
@@ -120,6 +134,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
     this._tokenStoreInit = _options.tokenStore;
     this._urlOptions = _options.urls ?? {};
+    this._oauthScopesOnSignIn = _options.oauthScopesOnSignIn ?? {};
     if (_options.uniqueIdentifier) {
       this._uniqueIdentifier = _options.uniqueIdentifier;
       this._initUniqueIdentifier();
@@ -133,6 +148,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _interface;
   _tokenStoreInit;
   _urlOptions;
+  _oauthScopesOnSignIn;
   __DEMO_ENABLE_SLIGHT_FETCH_DELAY = false;
   _currentUserCache = createCacheBySession(async (session) => {
     if (this.__DEMO_ENABLE_SLIGHT_FETCH_DELAY) {
@@ -153,6 +169,64 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _currentUserTeamsCache = createCacheBySession(async (session) => {
     return await this._interface.listClientUserTeams(session);
   });
+  _currentUserOAuthConnectionAccessTokensCache = createCacheBySession(
+    async (session, [accountId, scope]) => {
+      try {
+        return await this._interface.getAccessToken(accountId, scope || "", session);
+      } catch (err) {
+        if (!(err instanceof KnownErrors.OAuthConnectionDoesNotHaveRequiredScope || err instanceof KnownErrors.OAuthConnectionNotConnectedToUser)) {
+          throw err;
+        }
+      }
+      return null;
+    }
+  );
+  _currentUserOAuthConnectionCache = createCacheBySession(
+    async (session, [connectionId, scope, redirect]) => {
+      const user = await this._currentUserCache.getOrWait([session], "write-only");
+      let hasConnection = true;
+      if (!user || !user.oauthProviders.find((p) => p === connectionId)) {
+        hasConnection = false;
+      }
+      const token = await this._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, connectionId, scope || ""], "write-only");
+      if (!token) {
+        hasConnection = false;
+      }
+      if (!hasConnection && redirect) {
+        await addNewOAuthProviderOrScope(
+          this._interface,
+          {
+            provider: connectionId,
+            redirectUrl: this.urls.oauthCallback,
+            errorRedirectUrl: this.urls.error,
+            providerScope: mergeScopeStrings(scope || "", (this._oauthScopesOnSignIn[connectionId] ?? []).join(" "))
+          },
+          this._getSession()
+        );
+        return await neverResolve();
+      } else if (!hasConnection) {
+        return null;
+      }
+      const app = this;
+      return {
+        id: connectionId,
+        async getAccessToken() {
+          const result = await app._currentUserOAuthConnectionAccessTokensCache.getOrWait([session, connectionId, scope || ""], "write-only");
+          if (!result) {
+            throw new StackAssertionError("No access token available");
+          }
+          return result;
+        },
+        useAccessToken() {
+          const result = useAsyncCache(app._currentUserOAuthConnectionAccessTokensCache, [session, connectionId, scope || ""], "oauthAccount.useAccessToken()");
+          if (!result) {
+            throw new StackAssertionError("No access token available");
+          }
+          return result;
+        }
+      };
+    }
+  );
   _initUniqueIdentifier() {
     if (!this._uniqueIdentifier) {
       throw new StackAssertionError("Unique identifier not initialized");
@@ -389,6 +463,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   _userFromJson(json) {
     const app = this;
+    async function getConnection(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return await app._currentUserOAuthConnectionCache.getOrWait([app._getSession(), id, scopeString || "", options?.or === "redirect"], "write-only");
+    }
+    function useConnection(id, options) {
+      const scopeString = options?.scopes?.join(" ");
+      return useAsyncCache(app._currentUserOAuthConnectionCache, [app._useSession(), id, scopeString || "", options?.or === "redirect"], "user.useConnection()");
+    }
     return {
       projectId: json.projectId,
       id: json.id,
@@ -402,6 +484,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       hasPassword: json.hasPassword,
       authWithEmail: json.authWithEmail,
       oauthProviders: json.oauthProviders,
+      getConnection,
+      useConnection,
       async getSelectedTeam() {
         return await this.getTeam(json.selectedTeamId || "");
       },
@@ -471,12 +555,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       displayName: json.displayName
     };
   }
-  _currentUserFromJson(json, session) {
-    if (json === null)
-      return null;
+  _authFromJson(session) {
     const app = this;
-    const currentUser = {
-      ...this._userFromJson(json),
+    return {
       _internalSession: session,
       currentSession: {
         async getTokens() {
@@ -487,15 +568,25 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           };
         }
       },
+      async getAuthHeaders() {
+        return {
+          "x-stack-auth": JSON.stringify(await this.getAuthJson())
+        };
+      },
+      async getAuthJson() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens;
+      },
+      signOut() {
+        return app._signOut(session);
+      },
+      // TODO these should not actually be on Auth, instead on User
       async updateSelectedTeam(team) {
         await app._updateUser({ selectedTeamId: team?.id ?? null }, session);
       },
       update(update) {
         return app._updateUser(update, session);
       },
-      signOut() {
-        return app._signOut(session);
-      },
       sendVerificationEmail() {
         return app._sendVerificationEmail(session);
       },
@@ -503,6 +594,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return app._updatePassword(options, session);
       }
     };
+  }
+  _currentUserFromJson(json, session) {
+    if (json === null)
+      return null;
+    const app = this;
+    const currentUser = {
+      ...this._userFromJson(json),
+      ...this._authFromJson(session)
+    };
     if (this._isInternalProject()) {
       const internalUser = {
         ...currentUser,
@@ -573,33 +673,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   get urls() {
     return getUrls(this._urlOptions);
   }
-  async getCrossOriginHeaders() {
-    return {
-      "x-stack-auth": JSON.stringify(await this.getCrossOriginTokenObject())
-    };
-  }
-  async getCrossOriginTokenObject() {
-    const user = await this.getUser();
-    if (!user)
-      return { accessToken: null, refreshToken: null };
-    const tokens = await user.currentSession.getTokens();
-    return tokens;
-  }
   async _redirectTo(handlerName, options) {
     const url = this.urls[handlerName];
     if (!url) {
       throw new Error(`No URL for handler name ${handlerName}`);
     }
-    if (isReactServer) {
-      NextNavigation.redirect(url, options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
-    } else {
-      if (options?.replace) {
-        window.location.replace(url);
-      } else {
-        window.location.assign(url);
-      }
-      await wait(2e3);
-    }
+    await _redirectTo(url, options);
   }
   async redirectToSignIn() {
     return await this._redirectTo("signIn");
@@ -640,6 +719,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async redirectToAccountSettings() {
     return await this._redirectTo("accountSettings");
   }
+  async redirectToError() {
+    return await this._redirectTo("error");
+  }
   async sendForgotPasswordEmail(email) {
     const redirectUrl = constructRedirectUrl(this.urls.passwordReset);
     const error = await this._interface.sendForgotPasswordEmail(email, redirectUrl);
@@ -719,7 +801,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   }
   async signInWithOAuth(provider) {
     this._ensurePersistentTokenStore();
-    await signInWithOAuth(this._interface, { provider, redirectUrl: this.urls.oauthCallback });
+    await signInWithOAuth(
+      this._interface,
+      {
+        provider,
+        redirectUrl: this.urls.oauthCallback,
+        errorRedirectUrl: this.urls.error,
+        providerScope: this._oauthScopesOnSignIn[provider]?.join(" ")
+      }
+    );
   }
   async signInWithCredential(options) {
     this._ensurePersistentTokenStore();
@@ -766,7 +856,10 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     const result = await callOAuthCallback(this._interface, this.urls.oauthCallback);
     if (result) {
       await this._signInToAccountWithTokens(result);
-      if (result.newUser) {
+      if (result.afterCallbackRedirectUrl) {
+        await _redirectTo(result.afterCallbackRedirectUrl, { replace: true });
+        return true;
+      } else if (result.newUser) {
         await this.redirectToAfterSignUp({ replace: true });
         return true;
       } else {
@@ -846,6 +939,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     return res;
   }
   async _refreshUser(session) {
+    await this._refreshSession(session);
+  }
+  async _refreshSession(session) {
     await this._currentUserCache.refresh([session]);
   }
   async _refreshUsers() {
@@ -889,6 +985,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           publishableClientKey: this._interface.options.publishableClientKey,
           tokenStore: this._tokenStoreInit,
           urls: this._urlOptions,
+          oauthScopesOnSignIn: this._oauthScopesOnSignIn,
           uniqueIdentifier: this._getUniqueIdentifier()
         };
       },
@@ -930,7 +1027,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     super("interface" in options ? {
       interface: options.interface,
       tokenStore: options.tokenStore,
-      urls: options.urls
+      urls: options.urls,
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn
     } : {
       interface: new StackServerInterface({
         baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
@@ -940,7 +1038,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey()
       }),
       tokenStore: options.tokenStore,
-      urls: options.urls ?? {}
+      urls: options.urls ?? {},
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn ?? {}
     });
   }
   _serverUserFromJson(json) {
@@ -1036,40 +1135,14 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     const nonCurrentServerUser = this._serverUserFromJson(json);
     const currentUser = {
       ...nonCurrentServerUser,
-      _internalSession: session,
-      currentSession: {
-        async getTokens() {
-          const tokens = await session.getPotentiallyExpiredTokens();
-          return {
-            accessToken: tokens?.accessToken.token ?? null,
-            refreshToken: tokens?.refreshToken?.token ?? null
-          };
-        }
-      },
+      ...this._authFromJson(session),
       async delete() {
         const res = await nonCurrentServerUser.delete();
         await app._refreshUser(session);
         return res;
       },
-      async updateSelectedTeam(team) {
-        await this.update({ selectedTeamId: team?.id ?? null });
-      },
-      async update(update) {
-        const res = await nonCurrentServerUser.update(update);
-        await app._refreshUser(session);
-        return res;
-      },
-      signOut() {
-        return app._signOut(session);
-      },
       getClientUser() {
         return app._currentUserFromJson(json, session);
-      },
-      sendVerificationEmail() {
-        return app._sendVerificationEmail(session);
-      },
-      updatePassword(options) {
-        return app._updatePassword(options, session);
       }
     };
     if (this._isInternalProject()) {
@@ -1244,7 +1317,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return teams.find((t) => t.id === teamId) ?? null;
     }, [teams, teamId]);
   }
-  async _refreshUser(session) {
+  async _refreshSession(session) {
     await Promise.all([
       super._refreshUser(session),
       this._currentServerUserCache.refresh([session])
@@ -1293,7 +1366,8 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         }
       }),
       tokenStore: options.tokenStore,
-      urls: options.urls
+      urls: options.urls,
+      oauthScopesOnSignIn: options.oauthScopesOnSignIn
     });
   }
   _createApiKeySetBaseFromJson(data) {