@stackframe/stack 2.5.8 → 2.5.10

package/dist/esm/lib/stack-app.js

@@ -14,6 +14,7 @@ import { suspend, suspendIfSsr } from "@stackframe/stack-shared/dist/utils/react
 import { Result } from "@stackframe/stack-shared/dist/utils/results";
 import { Store } from "@stackframe/stack-shared/dist/utils/stores";
 import { mergeScopeStrings } from "@stackframe/stack-shared/dist/utils/strings";
+import { getRelativePart, isRelative } from "@stackframe/stack-shared/dist/utils/urls";
 import { generateUuid } from "@stackframe/stack-shared/dist/utils/uuids";
 import * as cookie from "cookie";
 import * as NextNavigationUnscrambled from "next/navigation";
@@ -22,23 +23,25 @@ import { constructRedirectUrl } from "../utils/url";
 import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
 import { deleteCookie, getCookie, setOrDeleteCookie } from "./cookie";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.5.8";
+var clientVersion = "js @stackframe/stack@2.5.10";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
+  const home = partial.home ?? "/";
+  const afterSignIn = partial.afterSignIn ?? home;
   return {
     handler,
     signIn: `${handler}/sign-in`,
-    afterSignIn: "/",
+    afterSignIn: home,
     signUp: `${handler}/sign-up`,
-    afterSignUp: "/",
+    afterSignUp: afterSignIn,
     signOut: `${handler}/sign-out`,
-    afterSignOut: "/",
+    afterSignOut: home,
     emailVerification: `${handler}/email-verification`,
     passwordReset: `${handler}/password-reset`,
     forgotPassword: `${handler}/forgot-password`,
     oauthCallback: `${handler}/oauth-callback`,
     magicLinkCallback: `${handler}/magic-link-callback`,
-    home: "/",
+    home,
     accountSettings: `${handler}/account-settings`,
     error: `${handler}/error`,
     ...filterUndefined(partial)
@@ -46,7 +49,7 @@ function getUrls(partial) {
 }
 async function _redirectTo(url, options) {
   if (isReactServer) {
-    NextNavigation.redirect(url, options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
+    NextNavigation.redirect(url.toString(), options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
   } else {
     if (options?.replace) {
       window.location.replace(url);
@@ -149,7 +152,10 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     this._currentUserOAuthConnectionAccessTokensCache = createCacheBySession(
       async (session, [accountId, scope]) => {
         try {
-          return await this._interface.getAccessToken(accountId, scope || "", session);
+          const result = await this._interface.createProviderAccessToken(accountId, scope || "", session);
+          return {
+            accessToken: result.access_token
+          };
         } catch (err) {
           if (!(err instanceof KnownErrors.OAuthConnectionDoesNotHaveRequiredScope || err instanceof KnownErrors.OAuthConnectionNotConnectedToUser)) {
             throw err;
@@ -261,12 +267,12 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
     return this._uniqueIdentifier;
   }
-  async _checkFeatureSupport(featureName, options) {
-    return await this._interface.checkFeatureSupport({ ...options, featureName });
+  async _checkFeatureSupport(name, options) {
+    return await this._interface.checkFeatureSupport({ ...options, name });
   }
-  _useCheckFeatureSupport(featureName, options) {
-    runAsynchronously(this._checkFeatureSupport(featureName, options));
-    throw new StackAssertionError(`${featureName} is not currently supported. Please reach out to Stack support for more information.`);
+  _useCheckFeatureSupport(name, options) {
+    runAsynchronously(this._checkFeatureSupport(name, options));
+    throw new StackAssertionError(`${name} is not currently supported. Please reach out to Stack support for more information.`);
   }
   get _refreshTokenCookieName() {
     return `stack-refresh-${this.projectId}`;
@@ -529,7 +535,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     };
   }
-  _createCurrentUserExtra(crud, session) {
+  _createUserExtra(crud, session) {
     const app = this;
     async function getConnectedAccount(id, options) {
       const scopeString = options?.scopes?.join(" ");
@@ -599,7 +605,10 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return app._updateClientUser(update, session);
       },
       sendVerificationEmail() {
-        return app._sendVerificationEmail(session);
+        if (!crud?.primary_email) {
+          throw new StackAssertionError("User does not have a primary email");
+        }
+        return app._sendVerificationEmail(crud.primary_email, session);
       },
       updatePassword(options) {
         return app._updatePassword(options, session);
@@ -625,7 +634,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     const currentUser = {
       ...this._createBaseUser(crud),
       ...this._createAuth(session),
-      ...this._createCurrentUserExtra(crud, session),
+      ...this._createUserExtra(crud, session),
       ...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
     };
     Object.freeze(currentUser);
@@ -646,57 +655,93 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   get projectId() {
     return this._interface.projectId;
   }
+  async _isTrusted(url) {
+    return isRelative(url);
+  }
   get urls() {
     return getUrls(this._urlOptions);
   }
-  async _redirectTo(handlerName, options) {
-    const url = this.urls[handlerName];
+  async _redirectIfTrusted(url, options) {
+    if (!await this._isTrusted(url)) {
+      throw new Error(`Redirect URL ${url} is not trusted; should be relative.`);
+    }
+    return await _redirectTo(url, options);
+  }
+  async _redirectToHandler(handlerName, options) {
+    let url = this.urls[handlerName];
     if (!url) {
       throw new Error(`No URL for handler name ${handlerName}`);
     }
-    await _redirectTo(url, options);
+    if (handlerName === "afterSignIn" || handlerName === "afterSignUp") {
+      if (isReactServer || typeof window === "undefined") {
+        try {
+          await this._checkFeatureSupport("rsc-handler-" + handlerName, {});
+        } catch (e) {
+        }
+      } else {
+        const queryParams = new URLSearchParams(window.location.search);
+        url = queryParams.get("after_auth_return_to") || url;
+      }
+    } else if (handlerName === "signIn" || handlerName === "signUp") {
+      if (isReactServer || typeof window === "undefined") {
+        try {
+          await this._checkFeatureSupport("rsc-handler-" + handlerName, {});
+        } catch (e) {
+        }
+      } else {
+        const currentUrl = new URL(window.location.href);
+        const nextUrl = new URL(url, currentUrl);
+        if (currentUrl.searchParams.has("after_auth_return_to")) {
+          nextUrl.searchParams.set("after_auth_return_to", currentUrl.searchParams.get("after_auth_return_to"));
+        } else if (currentUrl.protocol === nextUrl.protocol && currentUrl.host === nextUrl.host) {
+          nextUrl.searchParams.set("after_auth_return_to", getRelativePart(currentUrl));
+        }
+        url = getRelativePart(nextUrl);
+      }
+    }
+    await this._redirectIfTrusted(url, options);
   }
-  async redirectToSignIn() {
-    return await this._redirectTo("signIn");
+  async redirectToSignIn(options) {
+    return await this._redirectToHandler("signIn", options);
   }
-  async redirectToSignUp() {
-    return await this._redirectTo("signUp");
+  async redirectToSignUp(options) {
+    return await this._redirectToHandler("signUp", options);
   }
-  async redirectToSignOut() {
-    return await this._redirectTo("signOut");
+  async redirectToSignOut(options) {
+    return await this._redirectToHandler("signOut", options);
   }
-  async redirectToEmailVerification() {
-    return await this._redirectTo("emailVerification");
+  async redirectToEmailVerification(options) {
+    return await this._redirectToHandler("emailVerification", options);
   }
-  async redirectToPasswordReset() {
-    return await this._redirectTo("passwordReset");
+  async redirectToPasswordReset(options) {
+    return await this._redirectToHandler("passwordReset", options);
   }
-  async redirectToForgotPassword() {
-    return await this._redirectTo("forgotPassword");
+  async redirectToForgotPassword(options) {
+    return await this._redirectToHandler("forgotPassword", options);
   }
-  async redirectToHome() {
-    return await this._redirectTo("home");
+  async redirectToHome(options) {
+    return await this._redirectToHandler("home", options);
   }
-  async redirectToOAuthCallback() {
-    return await this._redirectTo("oauthCallback");
+  async redirectToOAuthCallback(options) {
+    return await this._redirectToHandler("oauthCallback", options);
   }
-  async redirectToMagicLinkCallback() {
-    return await this._redirectTo("magicLinkCallback");
+  async redirectToMagicLinkCallback(options) {
+    return await this._redirectToHandler("magicLinkCallback", options);
   }
-  async redirectToAfterSignIn() {
-    return await this._redirectTo("afterSignIn");
+  async redirectToAfterSignIn(options) {
+    return await this._redirectToHandler("afterSignIn", options);
   }
-  async redirectToAfterSignUp() {
-    return await this._redirectTo("afterSignUp");
+  async redirectToAfterSignUp(options) {
+    return await this._redirectToHandler("afterSignUp", options);
   }
-  async redirectToAfterSignOut() {
-    return await this._redirectTo("afterSignOut");
+  async redirectToAfterSignOut(options) {
+    return await this._redirectToHandler("afterSignOut", options);
   }
-  async redirectToAccountSettings() {
-    return await this._redirectTo("accountSettings");
+  async redirectToAccountSettings(options) {
+    return await this._redirectToHandler("accountSettings", options);
   }
-  async redirectToError() {
-    return await this._redirectTo("error");
+  async redirectToError(options) {
+    return await this._redirectToHandler("error", options);
   }
   async sendForgotPasswordEmail(email) {
     const redirectUrl = constructRedirectUrl(this.urls.passwordReset);
@@ -725,7 +770,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     if (crud === null) {
       switch (options?.or) {
         case "redirect": {
-          await this.redirectToSignIn();
+          await this.redirectToSignIn({ replace: true });
           break;
         }
         case "throw": {
@@ -746,7 +791,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     if (crud === null) {
       switch (options?.or) {
         case "redirect": {
-          setTimeout(() => router.replace(this.urls.signIn), 0);
+          runAsynchronously(this.redirectToSignIn({ replace: true }));
           suspend();
           throw new StackAssertionError("suspend should never return");
         }
@@ -840,9 +885,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     await this._interface.signOut(session);
     await this.redirectToAfterSignOut();
   }
-  async _sendVerificationEmail(session) {
+  async _sendVerificationEmail(email, session) {
     const emailVerificationRedirectUrl = constructRedirectUrl(this.urls.emailVerification);
-    return await this._interface.sendVerificationEmail(emailVerificationRedirectUrl, session);
+    return await this._interface.sendVerificationEmail(email, emailVerificationRedirectUrl, session);
   }
   async _updatePassword(options, session) {
     return await this._interface.updatePassword(options, session);
@@ -987,7 +1032,13 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return await this._interface.listServerTeamMemberPermissions({ teamId, userId, recursive });
     });
   }
+  async _updateServerUser(userId, update) {
+    const result = await this._interface.updateServerUser(userId, userUpdateOptionsToCrud(update));
+    await this._refreshUsers();
+    return result;
+  }
   _createBaseUser(crud) {
+    const app = this;
     if (!crud) {
       throw new StackAssertionError("User not found");
     }
@@ -996,10 +1047,41 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       ..."server_metadata" in crud ? {
         // server user
         serverMetadata: crud.server_metadata
-      } : {}
+      } : {},
+      async setServerMetadata(metadata) {
+        await app._updateServerUser(crud.id, { serverMetadata: metadata });
+      },
+      async setPrimaryEmail(email, options) {
+        await app._updateServerUser(crud.id, { primaryEmail: email, primaryEmailVerified: options?.verified });
+      },
+      async grantPermission(scope, permissionId) {
+        await app._interface.grantServerTeamUserPermission(scope.id, crud.id, permissionId);
+        for (const recursive of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
+        }
+      },
+      async revokePermission(scope, permissionId) {
+        await app._interface.revokeServerTeamUserPermission(scope.id, crud.id, permissionId);
+        for (const recursive of [true, false]) {
+          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
+        }
+      },
+      async delete() {
+        const res = await app._interface.deleteServerServerUser(crud.id);
+        await app._refreshUsers();
+        return res;
+      },
+      async createSession(options) {
+        const tokens = await app._interface.createServerUserSession(crud.id, options.expiresInMillis ?? 1e3 * 60 * 60 * 24 * 365);
+        return {
+          async getTokens() {
+            return tokens;
+          }
+        };
+      }
     };
   }
-  _createCurrentUserExtra(crud) {
+  _createUserExtra(crud) {
     if (!crud) {
       throw new StackAssertionError("User not found");
     }
@@ -1011,15 +1093,9 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       async setClientMetadata(metadata) {
         return await this.update({ clientMetadata: metadata });
       },
-      async setServerMetadata(metadata) {
-        return await this.update({ serverMetadata: metadata });
-      },
       async setSelectedTeam(team) {
         return await this.update({ selectedTeamId: team?.id ?? null });
       },
-      async setPrimaryEmail(email, options) {
-        return await this.update({ primaryEmail: email, primaryEmailVerified: options?.verified });
-      },
       getConnectedAccount: async () => {
         return await app._checkFeatureSupport("getConnectedAccount() on ServerUser", {});
       },
@@ -1066,26 +1142,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       async hasPermission(scope, permissionId) {
         return await this.getPermission(scope, permissionId) !== null;
       },
-      async grantPermission(scope, permissionId) {
-        await app._interface.grantServerTeamUserPermission(scope.id, crud.id, permissionId);
-        for (const recursive of [true, false]) {
-          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
-        }
-      },
-      async revokePermission(scope, permissionId) {
-        await app._interface.revokeServerTeamUserPermission(scope.id, crud.id, permissionId);
-        for (const recursive of [true, false]) {
-          await app._serverTeamUserPermissionsCache.refresh([scope.id, crud.id, recursive]);
-        }
-      },
-      async delete() {
-        const res = await app._interface.deleteServerServerUser(crud.id);
-        await app._refreshUsers();
-        return res;
-      },
       async update(update) {
-        const res = await app._interface.updateServerUser(crud.id, serverUserUpdateOptionsToCrud(update));
-        await app._refreshUsers();
+        await app._updateServerUser(crud.id, update);
       },
       async sendVerificationEmail() {
         return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
@@ -1097,8 +1155,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
   }
   _serverUserFromCrud(crud) {
     return {
-      ...this._createBaseUser(crud),
-      ...this._createCurrentUserExtra(crud)
+      ...this._createUserExtra(crud),
+      ...this._createBaseUser(crud)
     };
   }
   _currentUserFromCrud(crud, session) {
@@ -1156,7 +1214,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     if (crud === null) {
       switch (options?.or) {
         case "redirect": {
-          await this.redirectToSignIn();
+          await this.redirectToSignIn({ replace: true });
           break;
         }
         case "throw": {
@@ -1185,7 +1243,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     if (crud === null) {
       switch (options?.or) {
         case "redirect": {
-          setTimeout(() => router.replace(this.urls.signIn), 0);
+          runAsynchronously(this.redirectToSignIn({ replace: true }));
           suspend();
           throw new StackAssertionError("suspend should never return");
         }
@@ -1335,7 +1393,8 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
           enabled: p.enabled,
           type: "standard",
           clientId: p.client_id ?? throwErr("Client ID is missing"),
-          clientSecret: p.client_secret ?? throwErr("Client secret is missing")
+          clientSecret: p.client_secret ?? throwErr("Client secret is missing"),
+          facebookConfigId: p.facebook_config_id
         }),
         emailConfig: data.config.email_config.type === "shared" ? {
           type: "shared"
@@ -1501,16 +1560,6 @@ function userUpdateOptionsToCrud(options) {
     selected_team_id: options.selectedTeamId
   };
 }
-function serverUserUpdateOptionsToCrud(options) {
-  return {
-    display_name: options.displayName,
-    client_metadata: options.clientMetadata,
-    selected_team_id: options.selectedTeamId,
-    primary_email: options.primaryEmail,
-    primary_email_verified: options.primaryEmailVerified,
-    server_metadata: options.serverMetadata
-  };
-}
 function adminProjectUpdateOptionsToCrud(options) {
   return {
     display_name: options.displayName,
@@ -1527,7 +1576,8 @@ function adminProjectUpdateOptionsToCrud(options) {
         type: p.type,
         ...p.type === "standard" && {
           client_id: p.clientId,
-          client_secret: p.clientSecret
+          client_secret: p.clientSecret,
+          facebook_config_id: p.facebookConfigId
         }
       })),
       email_config: options.config?.emailConfig && (options.config.emailConfig.type === "shared" ? {