@stackframe/stack 2.5.16 → 2.5.18

package/dist/esm/lib/stack-app.js

@@ -3,6 +3,7 @@ import { isReactServer } from "@stackframe/stack-sc";
 import { KnownError, KnownErrors, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
 import { getProductionModeErrors } from "@stackframe/stack-shared/dist/helpers/production-mode";
 import { InternalSession } from "@stackframe/stack-shared/dist/sessions";
+import { encodeBase64 } from "@stackframe/stack-shared/dist/utils/bytes";
 import { AsyncCache } from "@stackframe/stack-shared/dist/utils/caches";
 import { scrambleDuringCompileTime } from "@stackframe/stack-shared/dist/utils/compile-time";
 import { isBrowserLike } from "@stackframe/stack-shared/dist/utils/env";
@@ -23,7 +24,7 @@ import { constructRedirectUrl } from "../utils/url";
 import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
 import { deleteCookie, getCookie, setOrDeleteCookie } from "./cookie";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.5.16";
+var clientVersion = "js @stackframe/stack@2.5.18";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   const home = partial.home ?? "/";
@@ -44,6 +45,7 @@ function getUrls(partial) {
     home,
     accountSettings: `${handler}/account-settings`,
     error: `${handler}/error`,
+    teamInvitation: `${handler}/team-invitation`,
     ...filterUndefined(partial)
   };
 }
@@ -478,7 +480,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _clientProjectFromCrud(crud) {
     return {
       id: crud.id,
+      displayName: crud.display_name,
       config: {
+        signUpEnabled: crud.config.sign_up_enabled,
         credentialEnabled: crud.config.credential_enabled,
         magicLinkEnabled: crud.config.magic_link_enabled,
         oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({
@@ -493,10 +497,19 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     };
   }
   _clientTeamFromCrud(crud) {
+    const app = this;
     return {
       id: crud.id,
       displayName: crud.display_name,
-      profileImageUrl: crud.profile_image_url
+      profileImageUrl: crud.profile_image_url,
+      async inviteUser(options) {
+        return await app._interface.sendTeamInvitation({
+          teamId: crud.id,
+          email: options.email,
+          session: app._getSession(),
+          callbackUrl: constructRedirectUrl(app.urls.teamInvitation)
+        });
+      }
     };
   }
   _createAuth(session) {
@@ -542,6 +555,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       emailAuthEnabled: crud.auth_with_email,
       oauthProviders: crud.oauth_providers,
       selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team),
+      isMultiFactorRequired: crud.requires_totp_mfa,
       toClientJson() {
         return crud;
       }
@@ -613,17 +627,17 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       async hasPermission(scope, permissionId) {
         return await this.getPermission(scope, permissionId) !== null;
       },
-      update(update) {
-        return app._updateClientUser(update, session);
+      async update(update) {
+        return await app._updateClientUser(update, session);
       },
-      sendVerificationEmail() {
+      async sendVerificationEmail() {
         if (!crud?.primary_email) {
           throw new StackAssertionError("User does not have a primary email");
         }
-        return app._sendVerificationEmail(crud.primary_email, session);
+        return await app._sendVerificationEmail(crud.primary_email, session);
       },
-      updatePassword(options) {
-        return app._updatePassword(options, session);
+      async updatePassword(options) {
+        return await app._updatePassword(options, session);
       }
     };
   }
@@ -757,6 +771,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async redirectToError(options) {
     return await this._redirectToHandler("error", options);
   }
+  async redirectToTeamInvitation(options) {
+    return await this._redirectToHandler("teamInvitation", options);
+  }
   async sendForgotPasswordEmail(email) {
     const redirectUrl = constructRedirectUrl(this.urls.passwordReset);
     const error = await this._interface.sendForgotPasswordEmail(email, redirectUrl);
@@ -774,6 +791,42 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async verifyPasswordResetCode(code) {
     return await this._interface.verifyPasswordResetCode(code);
   }
+  async verifyTeamInvitationCode(code) {
+    const result = await this._interface.acceptTeamInvitation({
+      type: "check",
+      code,
+      session: this._getSession()
+    });
+    if (result.status === "ok") {
+      return Result.ok(void 0);
+    } else {
+      return Result.error(result.error);
+    }
+  }
+  async acceptTeamInvitation(code) {
+    const result = await this._interface.acceptTeamInvitation({
+      type: "use",
+      code,
+      session: this._getSession()
+    });
+    if (result.status === "ok") {
+      return Result.ok(void 0);
+    } else {
+      return Result.error(result.error);
+    }
+  }
+  async getTeamInvitationDetails(code) {
+    const result = await this._interface.acceptTeamInvitation({
+      type: "details",
+      code,
+      session: this._getSession()
+    });
+    if (result.status === "ok") {
+      return Result.ok({ teamDisplayName: result.data.team_display_name });
+    } else {
+      return Result.error(result.error);
+    }
+  }
   async verifyEmail(code) {
     return await this._interface.verifyEmail(code);
   }
@@ -841,7 +894,31 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   async signInWithCredential(options) {
     this._ensurePersistentTokenStore();
     const session = this._getSession();
-    const result = await this._interface.signInWithCredential(options.email, options.password, session);
+    let result;
+    try {
+      result = await this._interface.signInWithCredential(options.email, options.password, session);
+    } catch (e) {
+      if (options.__experimental_mfa && e instanceof KnownErrors.MultiFactorAuthenticationRequired) {
+        const otp = prompt("Please enter the six-digit TOTP code from your authenticator app.");
+        try {
+          if (!otp) {
+            throw new KnownErrors.InvalidTotpCode();
+          }
+          result = await this._interface.totpMfa(
+            e.details?.attempt_code ?? throwErr("attempt code missing"),
+            otp,
+            session
+          );
+        } catch (e2) {
+          if (e2 instanceof KnownErrors.InvalidTotpCode) {
+            return e2;
+          }
+          throw e2;
+        }
+      } else {
+        throw e;
+      }
+    }
     if (!(result instanceof KnownError)) {
       await this._signInToAccountWithTokens(result);
       return await this.redirectToAfterSignIn({ replace: true });
@@ -1040,7 +1117,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return await this._interface.listServerTeamUsers(teamId);
     });
     this._serverTeamUserPermissionsCache = createCache(async ([teamId, userId, recursive]) => {
-      return await this._interface.listServerTeamMemberPermissions({ teamId, userId, recursive });
+      return await this._interface.listServerTeamPermissions({ teamId, userId, recursive }, null);
     });
     this._serverUserOAuthConnectionAccessTokensCache = createCache(
       async ([userId, providerId, scope]) => {
@@ -1229,9 +1306,22 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
           userId
         });
         await app._serverTeamUsersCache.refresh([crud.id]);
+      },
+      async inviteUser(options) {
+        return await app._interface.sendTeamInvitation({
+          teamId: crud.id,
+          email: options.email,
+          session: null,
+          callbackUrl: constructRedirectUrl(app.urls.teamInvitation)
+        });
       }
     };
   }
+  async createUser(options) {
+    const crud = await this._interface.createServerUser(serverUserCreateOptionsToCrud(options));
+    await this._refreshUsers();
+    return this._serverUserFromCrud(crud);
+  }
   async getUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = this._getSession(options?.tokenStore);
@@ -1409,6 +1499,7 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
       isProductionMode: data.is_production_mode,
       config: {
         id: data.config.id,
+        signUpEnabled: data.config.sign_up_enabled,
         credentialEnabled: data.config.credential_enabled,
         magicLinkEnabled: data.config.magic_link_enabled,
         allowLocalhost: data.config.allow_localhost,
@@ -1589,7 +1680,8 @@ function userUpdateOptionsToCrud(options) {
   return {
     display_name: options.displayName,
     client_metadata: options.clientMetadata,
-    selected_team_id: options.selectedTeamId
+    selected_team_id: options.selectedTeamId,
+    totp_secret_base64: options.totpMultiFactorSecret != null ? encodeBase64(options.totpMultiFactorSecret) : options.totpMultiFactorSecret
   };
 }
 function serverUserUpdateOptionsToCrud(options) {
@@ -1601,7 +1693,17 @@ function serverUserUpdateOptionsToCrud(options) {
     selected_team_id: options.selectedTeamId,
     primary_email_auth_enabled: options.primaryEmailAuthEnabled,
     primary_email_verified: options.primaryEmailVerified,
-    password: options.password
+    password: options.password,
+    totp_secret_base64: options.totpMultiFactorSecret != null ? encodeBase64(options.totpMultiFactorSecret) : options.totpMultiFactorSecret
+  };
+}
+function serverUserCreateOptionsToCrud(options) {
+  return {
+    primary_email: options.primaryEmail,
+    password: options.password,
+    primary_email_auth_enabled: true,
+    display_name: options.displayName,
+    primary_email_verified: options.primaryEmailVerified
   };
 }
 function adminProjectUpdateOptionsToCrud(options) {
@@ -1635,6 +1737,7 @@ function adminProjectUpdateOptionsToCrud(options) {
         sender_name: options.config.emailConfig.senderName,
         sender_email: options.config.emailConfig.senderEmail
       }),
+      sign_up_enabled: options.config?.signUpEnabled,
       credential_enabled: options.config?.credentialEnabled,
       magic_link_enabled: options.config?.magicLinkEnabled,
       allow_localhost: options.config?.allowLocalhost,