@stackframe/stack 2.6.11 → 2.6.15

package/dist/esm/lib/stack-app.js

@@ -1,4 +1,5 @@
 // src/lib/stack-app.ts
+import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
 import { isReactServer } from "@stackframe/stack-sc";
 import { KnownErrors, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
 import { getProductionModeErrors } from "@stackframe/stack-shared/dist/helpers/production-mode";
@@ -24,7 +25,7 @@ import { constructRedirectUrl } from "../utils/url";
 import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
 import { deleteCookie, getCookie, setOrDeleteCookie } from "./cookie";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.6.11";
+var clientVersion = "js @stackframe/stack@2.6.15";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   const home = partial.home ?? "/";
@@ -62,10 +63,10 @@ async function _redirectTo(url, options) {
   }
 }
 function getDefaultProjectId() {
-  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || throwErr(new Error("Welcome to Stack! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
+  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
 }
 function getDefaultPublishableClientKey() {
-  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || throwErr(new Error("Welcome to Stack! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
+  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
 }
 function getDefaultSecretServerKey() {
   return process.env.STACK_SECRET_SERVER_KEY || throwErr(new Error("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable."));
@@ -187,6 +188,11 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return await this._interface.getTeamMemberProfile({ teamId, userId: "me" }, session);
       }
     );
+    this._clientContactChannelsCache = createCacheBySession(
+      async (session) => {
+        return await this._interface.listClientContactChannels(session);
+      }
+    );
     this._memoryTokenStore = createEmptyTokenStore();
     this._requestTokenStores = /* @__PURE__ */ new WeakMap();
     this._storedCookieTokenStore = null;
@@ -498,6 +504,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         signUpEnabled: crud.config.sign_up_enabled,
         credentialEnabled: crud.config.credential_enabled,
         magicLinkEnabled: crud.config.magic_link_enabled,
+        passkeyEnabled: crud.config.passkey_enabled,
         clientTeamCreationEnabled: crud.config.client_team_creation_enabled,
         clientUserDeletionEnabled: crud.config.client_user_deletion_enabled,
         oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({
@@ -529,7 +536,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       clientMetadata: crud.client_metadata,
       clientReadOnlyMetadata: crud.client_read_only_metadata,
       async inviteUser(options) {
-        return await app._interface.sendTeamInvitation({
+        await app._interface.sendTeamInvitation({
           teamId: crud.id,
           email: options.email,
           session: app._getSession(),
@@ -550,6 +557,28 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     };
   }
+  _clientContactChannelFromCrud(crud) {
+    const app = this;
+    return {
+      id: crud.id,
+      value: crud.value,
+      type: crud.type,
+      isVerified: crud.is_verified,
+      isPrimary: crud.is_primary,
+      usedForAuth: crud.used_for_auth,
+      async sendVerificationEmail() {
+        return await app._interface.sendCurrentUserContactChannelVerificationEmail(crud.id, constructRedirectUrl(app.urls.emailVerification), app._getSession());
+      },
+      async update(data) {
+        await app._interface.updateClientContactChannel(crud.id, contactChannelUpdateOptionsToCrud(data), app._getSession());
+        await app._clientContactChannelsCache.refresh([app._getSession()]);
+      },
+      async delete() {
+        await app._interface.deleteClientContactChannel(crud.id, app._getSession());
+        await app._clientContactChannelsCache.refresh([app._getSession()]);
+      }
+    };
+  }
   _createAuth(session) {
     const app = this;
     return {
@@ -572,6 +601,31 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         const tokens = await this.currentSession.getTokens();
         return tokens;
       },
+      async registerPasskey() {
+        const initiationResult = await app._interface.initiatePasskeyRegistration({}, session);
+        if (initiationResult.status !== "ok") {
+          return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to get initiation options for passkey registration"));
+        }
+        const { options_json, code } = initiationResult.data;
+        if (options_json.rp.id !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
+          throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);
+        }
+        options_json.rp.id = window.location.hostname;
+        let attResp;
+        try {
+          attResp = await startRegistration({ optionsJSON: options_json });
+          debugger;
+        } catch (error) {
+          if (error instanceof WebAuthnError) {
+            return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+          } else {
+            return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to start passkey registration"));
+          }
+        }
+        const registrationResult = await app._interface.registerPasskey({ credential: attResp, code }, session);
+        await app._refreshUser(session);
+        return registrationResult;
+      },
       signOut() {
         return app._signOut(session);
       }
@@ -592,7 +646,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       clientReadOnlyMetadata: crud.client_read_only_metadata,
       hasPassword: crud.has_password,
       emailAuthEnabled: crud.auth_with_email,
+      otpAuthEnabled: crud.otp_auth_enabled,
       oauthProviders: crud.oauth_providers,
+      passkeyAuthEnabled: crud.passkey_auth_enabled,
       selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team),
       isMultiFactorRequired: crud.requires_totp_mfa,
       toClientJson() {
@@ -700,7 +756,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return await app._sendVerificationEmail(crud.primary_email, session);
       },
       async updatePassword(options) {
-        return await app._updatePassword(options, session);
+        const result = await app._interface.updatePassword(options, session);
+        await app._currentUserCache.refresh([session]);
+        return result;
+      },
+      async setPassword(options) {
+        const result = await app._interface.setPassword(options, session);
+        await app._currentUserCache.refresh([session]);
+        return result;
       },
       async getTeamProfile(team) {
         const result = await app._currentUserTeamProfileCache.getOrWait([session, team.id], "write-only");
@@ -713,6 +776,19 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       async delete() {
         await app._interface.deleteCurrentUser(session);
         session.markInvalid();
+      },
+      async listContactChannels() {
+        const result = await app._clientContactChannelsCache.getOrWait([session], "write-only");
+        return result.map((crud2) => app._clientContactChannelFromCrud(crud2));
+      },
+      useContactChannels() {
+        const result = useAsyncCache(app._clientContactChannelsCache, [session], "user.useContactChannels()");
+        return result.map((crud2) => app._clientContactChannelFromCrud(crud2));
+      },
+      async createContactChannel(data) {
+        const crud2 = await app._interface.createClientContactChannel(contactChannelCreateOptionsToCrud("me", data), session);
+        await app._clientContactChannelsCache.refresh([session]);
+        return app._clientContactChannelFromCrud(crud2);
       }
     };
   }
@@ -895,7 +971,10 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
   }
   async verifyEmail(code) {
-    return await this._interface.verifyEmail(code);
+    const result = await this._interface.verifyEmail(code);
+    await this._currentUserCache.refresh([this._getSession()]);
+    await this._clientContactChannelsCache.refresh([this._getSession()]);
+    return result;
   }
   async getUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
@@ -1056,6 +1135,38 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       return Result.error(result.error);
     }
   }
+  async signInWithPasskey() {
+    this._ensurePersistentTokenStore();
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        const initiationResult = await this._interface.initiatePasskeyAuthentication({}, this._getSession());
+        if (initiationResult.status !== "ok") {
+          return Result.error(new KnownErrors.PasskeyAuthenticationFailed("Failed to get initiation options for passkey authentication"));
+        }
+        const { options_json, code } = initiationResult.data;
+        if (options_json.rpId !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
+          throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rpId}`);
+        }
+        options_json.rpId = window.location.hostname;
+        const authentication_response = await startAuthentication({ optionsJSON: options_json });
+        return await this._interface.signInWithPasskey({ authentication_response, code });
+      });
+    } catch (error) {
+      if (error instanceof WebAuthnError) {
+        return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+      } else {
+        return Result.error(new KnownErrors.PasskeyAuthenticationFailed("Failed to sign in with passkey"));
+      }
+    }
+    if (result.status === "ok") {
+      await this._signInToAccountWithTokens(result.data);
+      await this.redirectToAfterSignIn({ replace: true });
+      return Result.ok(void 0);
+    } else {
+      return Result.error(result.error);
+    }
+  }
   async callOAuthCallback() {
     this._ensurePersistentTokenStore();
     let result;
@@ -1092,9 +1203,6 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     const emailVerificationRedirectUrl = constructRedirectUrl(this.urls.emailVerification);
     return await this._interface.sendVerificationEmail(email, emailVerificationRedirectUrl, session);
   }
-  async _updatePassword(options, session) {
-    return await this._interface.updatePassword(options, session);
-  }
   async signOut() {
     const user = await this.getUser();
     if (user) {
@@ -1264,6 +1372,11 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return await this._interface.getServerTeamMemberProfile({ teamId, userId });
       }
     );
+    this._serverContactChannelsCache = createCache(
+      async ([userId]) => {
+        return await this._interface.listServerContactChannels(userId);
+      }
+    );
   }
   async _updateServerUser(userId, update) {
     const result = await this._interface.updateServerUser(userId, serverUserUpdateOptionsToCrud(update));
@@ -1281,6 +1394,21 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       }
     };
   }
+  _serverContactChannelFromCrud(userId, crud) {
+    const app = this;
+    return {
+      ...this._clientContactChannelFromCrud(crud),
+      async sendVerificationEmail() {
+        return await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, constructRedirectUrl(app.urls.emailVerification));
+      },
+      async update(data) {
+        await app._interface.updateServerContactChannel(userId, crud.id, serverContactChannelUpdateOptionsToCrud(data));
+      },
+      async delete() {
+        await app._interface.deleteServerContactChannel(userId, crud.id);
+      }
+    };
+  }
   _serverUserFromCrud(crud) {
     const app = this;
     async function getConnectedAccount(id, options) {
@@ -1397,7 +1525,14 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
       },
       async updatePassword(options) {
-        return await this.update({ password: options.newPassword });
+        const result = await this.update({ password: options.newPassword });
+        await app._serverUserCache.refresh([crud.id]);
+        return result;
+      },
+      async setPassword(options) {
+        const result = await this.update(options);
+        await app._serverUserCache.refresh([crud.id]);
+        return result;
       },
       async getTeamProfile(team) {
         const result = await app._serverUserTeamProfileCache.getOrWait([team.id, crud.id], "write-only");
@@ -1406,6 +1541,19 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       useTeamProfile(team) {
         const result = useAsyncCache(app._serverUserTeamProfileCache, [team.id, crud.id], "user.useTeamProfile()");
         return useMemo(() => app._serverEditableTeamProfileFromCrud(result), [result]);
+      },
+      async listContactChannels() {
+        const result = await app._serverContactChannelsCache.getOrWait([crud.id], "write-only");
+        return result.map((data) => app._serverContactChannelFromCrud(crud.id, data));
+      },
+      useContactChannels() {
+        const result = useAsyncCache(app._serverContactChannelsCache, [crud.id], "user.useContactChannels()");
+        return useMemo(() => result.map((data) => app._serverContactChannelFromCrud(crud.id, data)), [result]);
+      },
+      createContactChannel: async (data) => {
+        const contactChannel = await app._interface.createServerContactChannel(serverContactChannelCreateOptionsToCrud(crud.id, data));
+        await app._serverContactChannelsCache.refresh([crud.id]);
+        return app._serverContactChannelFromCrud(crud.id, contactChannel);
       }
     };
   }
@@ -1469,7 +1617,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         await app._serverTeamMemberProfilesCache.refresh([crud.id]);
       },
       async inviteUser(options) {
-        return await app._interface.sendTeamInvitation({
+        await app._interface.sendTeamInvitation({
           teamId: crud.id,
           email: options.email,
           session: null,
@@ -1673,6 +1821,7 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         signUpEnabled: data.config.sign_up_enabled,
         credentialEnabled: data.config.credential_enabled,
         magicLinkEnabled: data.config.magic_link_enabled,
+        passkeyEnabled: data.config.passkey_enabled,
         legacyGlobalJwtSigning: data.config.legacy_global_jwt_signing,
         clientTeamCreationEnabled: data.config.client_team_creation_enabled,
         clientUserDeletionEnabled: data.config.client_user_deletion_enabled,
@@ -1854,13 +2003,46 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
     await this._apiKeysCache.refresh([]);
   }
 };
+function contactChannelCreateOptionsToCrud(userId, options) {
+  return {
+    value: options.value,
+    type: options.type,
+    used_for_auth: options.usedForAuth,
+    user_id: userId
+  };
+}
+function contactChannelUpdateOptionsToCrud(options) {
+  return {
+    value: options.value,
+    used_for_auth: options.usedForAuth,
+    is_primary: options.isPrimary
+  };
+}
+function serverContactChannelUpdateOptionsToCrud(options) {
+  return {
+    value: options.value,
+    is_verified: options.isVerified,
+    used_for_auth: options.usedForAuth
+  };
+}
+function serverContactChannelCreateOptionsToCrud(userId, options) {
+  return {
+    type: options.type,
+    value: options.value,
+    is_verified: options.isVerified,
+    user_id: userId,
+    used_for_auth: options.usedForAuth
+  };
+}
 function userUpdateOptionsToCrud(options) {
   return {
     display_name: options.displayName,
     client_metadata: options.clientMetadata,
     selected_team_id: options.selectedTeamId,
     totp_secret_base64: options.totpMultiFactorSecret != null ? encodeBase64(options.totpMultiFactorSecret) : options.totpMultiFactorSecret,
-    profile_image_url: options.profileImageUrl
+    profile_image_url: options.profileImageUrl,
+    otp_auth_enabled: options.otpAuthEnabled,
+    passkey_auth_enabled: options.passkeyAuthEnabled
   };
 }
 function serverUserUpdateOptionsToCrud(options) {
@@ -1882,7 +2064,8 @@ function serverUserCreateOptionsToCrud(options) {
   return {
     primary_email: options.primaryEmail,
     password: options.password,
-    primary_email_auth_enabled: true,
+    otp_auth_enabled: options.otpAuthEnabled,
+    primary_email_auth_enabled: options.primaryEmailAuthEnabled,
     display_name: options.displayName,
     primary_email_verified: options.primaryEmailVerified
   };
@@ -1922,6 +2105,7 @@ function adminProjectUpdateOptionsToCrud(options) {
       sign_up_enabled: options.config?.signUpEnabled,
       credential_enabled: options.config?.credentialEnabled,
       magic_link_enabled: options.config?.magicLinkEnabled,
+      passkey_enabled: options.config?.passkeyEnabled,
       allow_localhost: options.config?.allowLocalhost,
       create_team_on_sign_up: options.config?.createTeamOnSignUp,
       client_team_creation_enabled: options.config?.clientTeamCreationEnabled,