@stackframe/stack 2.5.7 → 2.5.9

package/dist/lib/stack-app.d.mts

@@ -1,12 +1,12 @@
 import { KnownErrors } from '@stackframe/stack-shared';
 import { ProductionModeError } from '@stackframe/stack-shared/dist/helpers/production-mode';
-import { StandardProvider } from '@stackframe/stack-shared/dist/interface/clientInterface';
 import { ApiKeysCrud } from '@stackframe/stack-shared/dist/interface/crud/api-keys';
 import { CurrentUserCrud } from '@stackframe/stack-shared/dist/interface/crud/current-user';
 import { EmailTemplateType } from '@stackframe/stack-shared/dist/interface/crud/email-templates';
 import { TeamPermissionDefinitionsCrud } from '@stackframe/stack-shared/dist/interface/crud/team-permissions';
 import { InternalSession } from '@stackframe/stack-shared/dist/sessions';
 import { ReadonlyJson } from '@stackframe/stack-shared/dist/utils/json';
+import { ProviderType } from '@stackframe/stack-shared/dist/utils/oauth';
 
 type RequestLike = {
     headers: {
@@ -20,8 +20,8 @@ type TokenStoreInit<HasTokenStore extends boolean = boolean> = HasTokenStore ext
 type HandlerUrls = {
     handler: string;
     signIn: string;
-    afterSignIn: string;
     signUp: string;
+    afterSignIn: string;
     afterSignUp: string;
     signOut: string;
     afterSignOut: string;
@@ -35,7 +35,7 @@ type HandlerUrls = {
     error: string;
 };
 type OAuthScopesOnSignIn = {
-    [key in StandardProvider]: string[];
+    [key in ProviderType]: string[];
 };
 type ProjectCurrentUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalUser : CurrentUser;
 type ProjectCurrentServerUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalServerUser : CurrentServerUser;
@@ -150,11 +150,31 @@ type Auth = {
         refreshToken: string | null;
     }>;
 };
-type User = {
-    readonly projectId: string;
+/**
+ * ```
+ * +----------+-------------+-------------------+
+ * |    \     |   !Server   |      Server       |
+ * +----------+-------------+-------------------+
+ * | !Session | User        | ServerUser        |
+ * | Session  | CurrentUser | CurrentServerUser |
+ * +----------+-------------+-------------------+
+ * ```
+ *
+ * The fields on each of these types are available iff:
+ * BaseUser: true
+ * Auth: Session
+ * ServerBaseUser: Server
+ * UserExtra: Session OR Server
+ *
+ * The types are defined as follows (in the typescript manner):
+ * User = BaseUser
+ * CurrentUser = BaseUser & Auth & UserExtra
+ * ServerUser = BaseUser & ServerBaseUser & UserExtra
+ * CurrentServerUser = BaseUser & ServerBaseUser & Auth & UserExtra
+ **/
+type BaseUser = {
     readonly id: string;
     readonly displayName: string | null;
-    setDisplayName(displayName: string): Promise<void>;
     /**
      * The user's email address.
      *
@@ -162,11 +182,9 @@ type User = {
      */
     readonly primaryEmail: string | null;
     readonly primaryEmailVerified: boolean;
-    sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
     readonly profileImageUrl: string | null;
     readonly signedUpAt: Date;
     readonly clientMetadata: any;
-    setClientMetadata(metadata: any): Promise<void>;
     /**
      * Whether the primary e-mail can be used for authentication.
      */
@@ -178,6 +196,16 @@ type User = {
     readonly oauthProviders: readonly {
         id: string;
     }[];
+    /**
+     * A shorthand method to update multiple fields of the user at once.
+     */
+    readonly selectedTeam: Team | null;
+    toClientJson(): CurrentUserCrud["Client"]["Read"];
+};
+type UserExtra = {
+    setDisplayName(displayName: string): Promise<void>;
+    sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
+    setClientMetadata(metadata: any): Promise<void>;
     updatePassword(options: {
         oldPassword: string;
         newPassword: string;
@@ -186,27 +214,25 @@ type User = {
      * A shorthand method to update multiple fields of the user at once.
      */
     update(update: UserUpdateOptions): Promise<void>;
-    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
-    readonly selectedTeam: Team | null;
-    setSelectedTeam(team: Team | null): Promise<void>;
-    createTeam(data: TeamCreateOptions): Promise<Team>;
-    getConnectedAccount(id: StandardProvider, options: {
+    getConnectedAccount(id: ProviderType, options: {
         or: 'redirect';
         scopes?: string[];
     }): Promise<OAuthConnection>;
-    getConnectedAccount(id: StandardProvider, options?: {
+    getConnectedAccount(id: ProviderType, options?: {
         or?: 'redirect' | 'throw' | 'return-null';
         scopes?: string[];
     }): Promise<OAuthConnection | null>;
-    useConnectedAccount(id: StandardProvider, options: {
+    useConnectedAccount(id: ProviderType, options: {
         or: 'redirect';
         scopes?: string[];
     }): OAuthConnection;
-    useConnectedAccount(id: StandardProvider, options?: {
+    useConnectedAccount(id: ProviderType, options?: {
         or?: 'redirect' | 'throw' | 'return-null';
         scopes?: string[];
     }): OAuthConnection | null;
-    toClientJson(): CurrentUserCrud["Client"]["Read"];
+    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    setSelectedTeam(team: Team | null): Promise<void>;
+    createTeam(data: TeamCreateOptions): Promise<Team>;
 } & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     recursive?: boolean;
 }], TeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
@@ -217,18 +243,15 @@ type InternalUserExtra = {
         displayName: string;
     }): Promise<AdminProject>;
 } & AsyncStoreProperty<"ownedProjects", [], AdminOwnedProject[], true>;
-type CurrentUser = Auth & User;
+type User = BaseUser;
+type CurrentUser = BaseUser & Auth & UserExtra;
 type CurrentInternalUser = CurrentUser & InternalUserExtra;
 type UserUpdateOptions = {
     displayName?: string;
     clientMetadata?: ReadonlyJson;
     selectedTeamId?: string | null;
 };
-/**
- * A user including sensitive fields that should only be used on the server, never sent to the client
- * (such as sensitive information and serverMetadata).
- */
-type ServerUser = {
+type ServerBaseUser = {
     setPrimaryEmail(email: string, options?: {
         verified?: boolean | undefined;
     }): Promise<void>;
@@ -243,11 +266,22 @@ type ServerUser = {
     grantPermission(scope: Team, permissionId: string): Promise<void>;
     revokePermission(scope: Team, permissionId: string): Promise<void>;
     hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    /**
+     * Creates a new session object with a refresh token for this user. Can be used to impersonate them.
+     */
+    createSession(options?: {
+        expiresInMillis?: number;
+    }): Promise<Session>;
 } & AsyncStoreProperty<"team", [id: string], ServerTeam | null, false> & AsyncStoreProperty<"teams", [], ServerTeam[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     direct?: boolean;
 }], AdminTeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
     direct?: boolean;
-}], AdminTeamPermission[], true> & User;
+}], AdminTeamPermission[], true>;
+/**
+ * A user including sensitive fields that should only be used on the server, never sent to the client
+ * (such as sensitive information and serverMetadata).
+ */
+type ServerUser = ServerBaseUser & BaseUser & UserExtra;
 type CurrentServerUser = Auth & ServerUser;
 type CurrentInternalServerUser = CurrentServerUser & InternalUserExtra;
 type ServerUserUpdateOptions = {

package/dist/lib/stack-app.d.ts

@@ -1,12 +1,12 @@
 import { KnownErrors } from '@stackframe/stack-shared';
 import { ProductionModeError } from '@stackframe/stack-shared/dist/helpers/production-mode';
-import { StandardProvider } from '@stackframe/stack-shared/dist/interface/clientInterface';
 import { ApiKeysCrud } from '@stackframe/stack-shared/dist/interface/crud/api-keys';
 import { CurrentUserCrud } from '@stackframe/stack-shared/dist/interface/crud/current-user';
 import { EmailTemplateType } from '@stackframe/stack-shared/dist/interface/crud/email-templates';
 import { TeamPermissionDefinitionsCrud } from '@stackframe/stack-shared/dist/interface/crud/team-permissions';
 import { InternalSession } from '@stackframe/stack-shared/dist/sessions';
 import { ReadonlyJson } from '@stackframe/stack-shared/dist/utils/json';
+import { ProviderType } from '@stackframe/stack-shared/dist/utils/oauth';
 
 type RequestLike = {
     headers: {
@@ -20,8 +20,8 @@ type TokenStoreInit<HasTokenStore extends boolean = boolean> = HasTokenStore ext
 type HandlerUrls = {
     handler: string;
     signIn: string;
-    afterSignIn: string;
     signUp: string;
+    afterSignIn: string;
     afterSignUp: string;
     signOut: string;
     afterSignOut: string;
@@ -35,7 +35,7 @@ type HandlerUrls = {
     error: string;
 };
 type OAuthScopesOnSignIn = {
-    [key in StandardProvider]: string[];
+    [key in ProviderType]: string[];
 };
 type ProjectCurrentUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalUser : CurrentUser;
 type ProjectCurrentServerUser<ProjectId> = ProjectId extends "internal" ? CurrentInternalServerUser : CurrentServerUser;
@@ -150,11 +150,31 @@ type Auth = {
         refreshToken: string | null;
     }>;
 };
-type User = {
-    readonly projectId: string;
+/**
+ * ```
+ * +----------+-------------+-------------------+
+ * |    \     |   !Server   |      Server       |
+ * +----------+-------------+-------------------+
+ * | !Session | User        | ServerUser        |
+ * | Session  | CurrentUser | CurrentServerUser |
+ * +----------+-------------+-------------------+
+ * ```
+ *
+ * The fields on each of these types are available iff:
+ * BaseUser: true
+ * Auth: Session
+ * ServerBaseUser: Server
+ * UserExtra: Session OR Server
+ *
+ * The types are defined as follows (in the typescript manner):
+ * User = BaseUser
+ * CurrentUser = BaseUser & Auth & UserExtra
+ * ServerUser = BaseUser & ServerBaseUser & UserExtra
+ * CurrentServerUser = BaseUser & ServerBaseUser & Auth & UserExtra
+ **/
+type BaseUser = {
     readonly id: string;
     readonly displayName: string | null;
-    setDisplayName(displayName: string): Promise<void>;
     /**
      * The user's email address.
      *
@@ -162,11 +182,9 @@ type User = {
      */
     readonly primaryEmail: string | null;
     readonly primaryEmailVerified: boolean;
-    sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
     readonly profileImageUrl: string | null;
     readonly signedUpAt: Date;
     readonly clientMetadata: any;
-    setClientMetadata(metadata: any): Promise<void>;
     /**
      * Whether the primary e-mail can be used for authentication.
      */
@@ -178,6 +196,16 @@ type User = {
     readonly oauthProviders: readonly {
         id: string;
     }[];
+    /**
+     * A shorthand method to update multiple fields of the user at once.
+     */
+    readonly selectedTeam: Team | null;
+    toClientJson(): CurrentUserCrud["Client"]["Read"];
+};
+type UserExtra = {
+    setDisplayName(displayName: string): Promise<void>;
+    sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
+    setClientMetadata(metadata: any): Promise<void>;
     updatePassword(options: {
         oldPassword: string;
         newPassword: string;
@@ -186,27 +214,25 @@ type User = {
      * A shorthand method to update multiple fields of the user at once.
      */
     update(update: UserUpdateOptions): Promise<void>;
-    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
-    readonly selectedTeam: Team | null;
-    setSelectedTeam(team: Team | null): Promise<void>;
-    createTeam(data: TeamCreateOptions): Promise<Team>;
-    getConnectedAccount(id: StandardProvider, options: {
+    getConnectedAccount(id: ProviderType, options: {
         or: 'redirect';
         scopes?: string[];
     }): Promise<OAuthConnection>;
-    getConnectedAccount(id: StandardProvider, options?: {
+    getConnectedAccount(id: ProviderType, options?: {
         or?: 'redirect' | 'throw' | 'return-null';
         scopes?: string[];
     }): Promise<OAuthConnection | null>;
-    useConnectedAccount(id: StandardProvider, options: {
+    useConnectedAccount(id: ProviderType, options: {
         or: 'redirect';
         scopes?: string[];
     }): OAuthConnection;
-    useConnectedAccount(id: StandardProvider, options?: {
+    useConnectedAccount(id: ProviderType, options?: {
         or?: 'redirect' | 'throw' | 'return-null';
         scopes?: string[];
     }): OAuthConnection | null;
-    toClientJson(): CurrentUserCrud["Client"]["Read"];
+    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    setSelectedTeam(team: Team | null): Promise<void>;
+    createTeam(data: TeamCreateOptions): Promise<Team>;
 } & AsyncStoreProperty<"team", [id: string], Team | null, false> & AsyncStoreProperty<"teams", [], Team[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     recursive?: boolean;
 }], TeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
@@ -217,18 +243,15 @@ type InternalUserExtra = {
         displayName: string;
     }): Promise<AdminProject>;
 } & AsyncStoreProperty<"ownedProjects", [], AdminOwnedProject[], true>;
-type CurrentUser = Auth & User;
+type User = BaseUser;
+type CurrentUser = BaseUser & Auth & UserExtra;
 type CurrentInternalUser = CurrentUser & InternalUserExtra;
 type UserUpdateOptions = {
     displayName?: string;
     clientMetadata?: ReadonlyJson;
     selectedTeamId?: string | null;
 };
-/**
- * A user including sensitive fields that should only be used on the server, never sent to the client
- * (such as sensitive information and serverMetadata).
- */
-type ServerUser = {
+type ServerBaseUser = {
     setPrimaryEmail(email: string, options?: {
         verified?: boolean | undefined;
     }): Promise<void>;
@@ -243,11 +266,22 @@ type ServerUser = {
     grantPermission(scope: Team, permissionId: string): Promise<void>;
     revokePermission(scope: Team, permissionId: string): Promise<void>;
     hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    /**
+     * Creates a new session object with a refresh token for this user. Can be used to impersonate them.
+     */
+    createSession(options?: {
+        expiresInMillis?: number;
+    }): Promise<Session>;
 } & AsyncStoreProperty<"team", [id: string], ServerTeam | null, false> & AsyncStoreProperty<"teams", [], ServerTeam[], true> & AsyncStoreProperty<"permission", [scope: Team, permissionId: string, options?: {
     direct?: boolean;
 }], AdminTeamPermission | null, false> & AsyncStoreProperty<"permissions", [scope: Team, options?: {
     direct?: boolean;
-}], AdminTeamPermission[], true> & User;
+}], AdminTeamPermission[], true>;
+/**
+ * A user including sensitive fields that should only be used on the server, never sent to the client
+ * (such as sensitive information and serverMetadata).
+ */
+type ServerUser = ServerBaseUser & BaseUser & UserExtra;
 type CurrentServerUser = Auth & ServerUser;
 type CurrentInternalServerUser = CurrentServerUser & InternalUserExtra;
 type ServerUserUpdateOptions = {