@stackframe/stack 2.6.12 → 2.6.16

package/dist/esm/lib/stack-app.js

@@ -1,4 +1,5 @@
 // src/lib/stack-app.ts
+import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
 import { isReactServer } from "@stackframe/stack-sc";
 import { KnownErrors, StackAdminInterface, StackClientInterface, StackServerInterface } from "@stackframe/stack-shared";
 import { getProductionModeErrors } from "@stackframe/stack-shared/dist/helpers/production-mode";
@@ -24,7 +25,7 @@ import { constructRedirectUrl } from "../utils/url";
 import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
 import { deleteCookie, getCookie, setOrDeleteCookie } from "./cookie";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.6.12";
+var clientVersion = "js @stackframe/stack@2.6.16";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   const home = partial.home ?? "/";
@@ -503,6 +504,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         signUpEnabled: crud.config.sign_up_enabled,
         credentialEnabled: crud.config.credential_enabled,
         magicLinkEnabled: crud.config.magic_link_enabled,
+        passkeyEnabled: crud.config.passkey_enabled,
         clientTeamCreationEnabled: crud.config.client_team_creation_enabled,
         clientUserDeletionEnabled: crud.config.client_user_deletion_enabled,
         oauthProviders: crud.config.enabled_oauth_providers.map((p) => ({
@@ -534,7 +536,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       clientMetadata: crud.client_metadata,
       clientReadOnlyMetadata: crud.client_read_only_metadata,
       async inviteUser(options) {
-        return await app._interface.sendTeamInvitation({
+        await app._interface.sendTeamInvitation({
           teamId: crud.id,
           email: options.email,
           session: app._getSession(),
@@ -565,7 +567,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       isPrimary: crud.is_primary,
       usedForAuth: crud.used_for_auth,
       async sendVerificationEmail() {
-        return await app._interface.sendCurrentUserContactChannelVerificationEmail(crud.id, constructRedirectUrl(app.urls.emailVerification), app._getSession());
+        await app._interface.sendCurrentUserContactChannelVerificationEmail(crud.id, constructRedirectUrl(app.urls.emailVerification), app._getSession());
       },
       async update(data) {
         await app._interface.updateClientContactChannel(crud.id, contactChannelUpdateOptionsToCrud(data), app._getSession());
@@ -599,6 +601,31 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         const tokens = await this.currentSession.getTokens();
         return tokens;
       },
+      async registerPasskey() {
+        const initiationResult = await app._interface.initiatePasskeyRegistration({}, session);
+        if (initiationResult.status !== "ok") {
+          return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to get initiation options for passkey registration"));
+        }
+        const { options_json, code } = initiationResult.data;
+        if (options_json.rp.id !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
+          throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);
+        }
+        options_json.rp.id = window.location.hostname;
+        let attResp;
+        try {
+          attResp = await startRegistration({ optionsJSON: options_json });
+          debugger;
+        } catch (error) {
+          if (error instanceof WebAuthnError) {
+            return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+          } else {
+            return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to start passkey registration"));
+          }
+        }
+        const registrationResult = await app._interface.registerPasskey({ credential: attResp, code }, session);
+        await app._refreshUser(session);
+        return registrationResult;
+      },
       signOut() {
         return app._signOut(session);
       }
@@ -621,6 +648,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       emailAuthEnabled: crud.auth_with_email,
       otpAuthEnabled: crud.otp_auth_enabled,
       oauthProviders: crud.oauth_providers,
+      passkeyAuthEnabled: crud.passkey_auth_enabled,
       selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team),
       isMultiFactorRequired: crud.requires_totp_mfa,
       toClientJson() {
@@ -1107,6 +1135,38 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       return Result.error(result.error);
     }
   }
+  async signInWithPasskey() {
+    this._ensurePersistentTokenStore();
+    let result;
+    try {
+      result = await this._catchMfaRequiredError(async () => {
+        const initiationResult = await this._interface.initiatePasskeyAuthentication({}, this._getSession());
+        if (initiationResult.status !== "ok") {
+          return Result.error(new KnownErrors.PasskeyAuthenticationFailed("Failed to get initiation options for passkey authentication"));
+        }
+        const { options_json, code } = initiationResult.data;
+        if (options_json.rpId !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
+          throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rpId}`);
+        }
+        options_json.rpId = window.location.hostname;
+        const authentication_response = await startAuthentication({ optionsJSON: options_json });
+        return await this._interface.signInWithPasskey({ authentication_response, code });
+      });
+    } catch (error) {
+      if (error instanceof WebAuthnError) {
+        return Result.error(new KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+      } else {
+        return Result.error(new KnownErrors.PasskeyAuthenticationFailed("Failed to sign in with passkey"));
+      }
+    }
+    if (result.status === "ok") {
+      await this._signInToAccountWithTokens(result.data);
+      await this.redirectToAfterSignIn({ replace: true });
+      return Result.ok(void 0);
+    } else {
+      return Result.error(result.error);
+    }
+  }
   async callOAuthCallback() {
     this._ensurePersistentTokenStore();
     let result;
@@ -1263,8 +1323,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     this._currentServerUserCache = createCacheBySession(async (session) => {
       return await this._interface.getServerUserByToken(session);
     });
-    this._serverUsersCache = createCache(async () => {
-      return await this._interface.listServerUsers();
+    this._serverUsersCache = createCache(async ([cursor, limit, orderBy, desc, query]) => {
+      return await this._interface.listServerUsers({ cursor, limit, orderBy, desc, query });
     });
     this._serverUserCache = createCache(async ([userId]) => {
       const user = await this._interface.getServerUserById(userId);
@@ -1339,7 +1399,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
     return {
       ...this._clientContactChannelFromCrud(crud),
       async sendVerificationEmail() {
-        return await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, constructRedirectUrl(app.urls.emailVerification));
+        await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, constructRedirectUrl(app.urls.emailVerification));
       },
       async update(data) {
         await app._interface.updateServerContactChannel(userId, crud.id, serverContactChannelUpdateOptionsToCrud(data));
@@ -1557,7 +1617,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         await app._serverTeamMemberProfilesCache.refresh([crud.id]);
       },
       async inviteUser(options) {
-        return await app._interface.sendTeamInvitation({
+        await app._interface.sendTeamInvitation({
           teamId: crud.id,
           email: options.email,
           session: null,
@@ -1639,15 +1699,17 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       return crud && this._serverUserFromCrud(crud);
     }, [crud]);
   }
-  async listUsers() {
-    const crud = await this._serverUsersCache.getOrWait([], "write-only");
-    return crud.map((j) => this._serverUserFromCrud(j));
+  async listUsers(options) {
+    const crud = await this._serverUsersCache.getOrWait([options?.cursor, options?.limit, options?.orderBy, options?.desc, options?.query], "write-only");
+    const result = crud.items.map((j) => this._serverUserFromCrud(j));
+    result.nextCursor = crud.pagination?.next_cursor ?? null;
+    return result;
   }
-  useUsers() {
-    const crud = useAsyncCache(this._serverUsersCache, [], "useServerUsers()");
-    return useMemo(() => {
-      return crud.map((j) => this._serverUserFromCrud(j));
-    }, [crud]);
+  useUsers(options) {
+    const crud = useAsyncCache(this._serverUsersCache, [options?.cursor, options?.limit, options?.orderBy, options?.desc, options?.query], "useServerUsers()");
+    const result = crud.items.map((j) => this._serverUserFromCrud(j));
+    result.nextCursor = crud.pagination?.next_cursor ?? null;
+    return result;
   }
   _serverPermissionFromCrud(crud) {
     return {
@@ -1761,6 +1823,7 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
         signUpEnabled: data.config.sign_up_enabled,
         credentialEnabled: data.config.credential_enabled,
         magicLinkEnabled: data.config.magic_link_enabled,
+        passkeyEnabled: data.config.passkey_enabled,
         legacyGlobalJwtSigning: data.config.legacy_global_jwt_signing,
         clientTeamCreationEnabled: data.config.client_team_creation_enabled,
         clientUserDeletionEnabled: data.config.client_user_deletion_enabled,
@@ -1980,7 +2043,8 @@ function userUpdateOptionsToCrud(options) {
     selected_team_id: options.selectedTeamId,
     totp_secret_base64: options.totpMultiFactorSecret != null ? encodeBase64(options.totpMultiFactorSecret) : options.totpMultiFactorSecret,
     profile_image_url: options.profileImageUrl,
-    otp_auth_enabled: options.otpAuthEnabled
+    otp_auth_enabled: options.otpAuthEnabled,
+    passkey_auth_enabled: options.passkeyAuthEnabled
   };
 }
 function serverUserUpdateOptionsToCrud(options) {
@@ -2043,6 +2107,7 @@ function adminProjectUpdateOptionsToCrud(options) {
       sign_up_enabled: options.config?.signUpEnabled,
       credential_enabled: options.config?.credentialEnabled,
       magic_link_enabled: options.config?.magicLinkEnabled,
+      passkey_enabled: options.config?.passkeyEnabled,
       allow_localhost: options.config?.allowLocalhost,
       create_team_on_sign_up: options.config?.createTeamOnSignUp,
       client_team_creation_enabled: options.config?.clientTeamCreationEnabled,