@stackframe/stack 2.7.12 → 2.7.16

package/dist/esm/lib/stack-app.js

@@ -7,7 +7,7 @@ import { InternalSession } from "@stackframe/stack-shared/dist/sessions";
 import { encodeBase64 } from "@stackframe/stack-shared/dist/utils/bytes";
 import { AsyncCache } from "@stackframe/stack-shared/dist/utils/caches";
 import { scrambleDuringCompileTime } from "@stackframe/stack-shared/dist/utils/compile-time";
-import { isBrowserLike } from "@stackframe/stack-shared/dist/utils/env";
+import { getPublicEnvVar, isBrowserLike } from "@stackframe/stack-shared/dist/utils/env";
 import { StackAssertionError, concatStacktraces, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { DependenciesMap } from "@stackframe/stack-shared/dist/utils/maps";
 import { deepPlainEquals, filterUndefined, omit, pick } from "@stackframe/stack-shared/dist/utils/objects";
@@ -23,9 +23,9 @@ import * as NextNavigationUnscrambled from "next/navigation";
 import React, { useCallback, useMemo } from "react";
 import { constructRedirectUrl } from "../utils/url";
 import { addNewOAuthProviderOrScope, callOAuthCallback, signInWithOAuth } from "./auth";
-import { createBrowserCookieHelper, createCookieHelper, deleteCookieClient, getCookieClient, setOrDeleteCookie, setOrDeleteCookieClient } from "./cookie";
+import { createBrowserCookieHelper, createCookieHelper, createEmptyCookieHelper, deleteCookieClient, getCookieClient, setOrDeleteCookie, setOrDeleteCookieClient } from "./cookie";
 var NextNavigation = scrambleDuringCompileTime(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.7.12";
+var clientVersion = "js @stackframe/stack@2.7.16";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   const home = partial.home ?? "/";
@@ -50,23 +50,11 @@ function getUrls(partial) {
     ...filterUndefined(partial)
   };
 }
-async function _redirectTo(url, options) {
-  if (isReactServer) {
-    NextNavigation.redirect(url.toString(), options?.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
-  } else {
-    if (options?.replace) {
-      window.location.replace(url);
-    } else {
-      window.location.assign(url);
-    }
-    await wait(2e3);
-  }
-}
 function getDefaultProjectId() {
-  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
+  return getPublicEnvVar("NEXT_PUBLIC_STACK_PROJECT_ID") || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
 }
 function getDefaultPublishableClientKey() {
-  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
+  return getPublicEnvVar("NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY") || throwErr(new Error("Welcome to Stack Auth! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
 }
 function getDefaultSecretServerKey() {
   return process.env.STACK_SECRET_SERVER_KEY || throwErr(new Error("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable."));
@@ -75,7 +63,8 @@ function getDefaultSuperSecretAdminKey() {
   return process.env.STACK_SUPER_SECRET_ADMIN_KEY || throwErr(new Error("No super secret admin key provided. Please copy your key from the Stack dashboard and put it in the STACK_SUPER_SECRET_ADMIN_KEY environment variable."));
 }
 function getDefaultBaseUrl() {
-  return process.env.NEXT_PUBLIC_STACK_API_URL || process.env.NEXT_PUBLIC_STACK_URL || defaultBaseUrl;
+  const url = getPublicEnvVar("NEXT_PUBLIC_STACK_API_URL") || getPublicEnvVar("NEXT_PUBLIC_STACK_URL") || defaultBaseUrl;
+  return url.endsWith("/") ? url.slice(0, -1) : url;
 }
 var defaultBaseUrl = "https://api.stack-auth.com";
 function createEmptyTokenStore() {
@@ -226,13 +215,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       this._interface = _options.interface;
     } else {
       this._interface = new StackClientInterface({
-        baseUrl: _options.baseUrl ?? getDefaultBaseUrl(),
+        getBaseUrl: () => _options.baseUrl ?? getDefaultBaseUrl(),
         projectId: _options.projectId ?? getDefaultProjectId(),
         clientVersion,
         publishableClientKey: _options.publishableClientKey ?? getDefaultPublishableClientKey()
       });
     }
     this._tokenStoreInit = _options.tokenStore;
+    this._redirectMethod = _options.redirectMethod || "none";
+    this._redirectMethod = _options.redirectMethod || "nextjs";
     this._urlOptions = _options.urls ?? {};
     this._oauthScopesOnSignIn = _options.oauthScopesOnSignIn ?? {};
     if (_options.uniqueIdentifier) {
@@ -246,6 +237,13 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     }
   }
+  async _createCookieHelper() {
+    if (this._tokenStoreInit === "nextjs-cookie" || this._tokenStoreInit === "cookie") {
+      return await createCookieHelper();
+    } else {
+      return await createEmptyCookieHelper();
+    }
+  }
   async _getUserOAuthConnectionCacheFn(options) {
     const user = await options.getUser();
     let hasConnection = true;
@@ -483,7 +481,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     return session;
   }
   async _getSession(overrideTokenStoreInit) {
-    const tokenStore = this._getOrCreateTokenStore(await createCookieHelper(), overrideTokenStoreInit);
+    const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper(), overrideTokenStoreInit);
     return this._getSessionFromTokenStore(tokenStore);
   }
   _useSession(overrideTokenStoreInit) {
@@ -501,7 +499,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     if (!("accessToken" in tokens) || !("refreshToken" in tokens)) {
       throw new StackAssertionError("Invalid tokens object; can't sign in with this", { tokens });
     }
-    const tokenStore = this._getOrCreateTokenStore(await createCookieHelper());
+    const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper());
     tokenStore.set(tokens);
   }
   _hasPersistentTokenStore(overrideTokenStoreInit) {
@@ -571,8 +569,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       clientMetadata: crud.client_metadata,
       clientReadOnlyMetadata: crud.client_read_only_metadata,
       async inviteUser(options) {
-        if (!options.callbackUrl && typeof window === "undefined") {
-          throw new Error("Cannot invite user without a callback URL from the server. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
+        if (!options.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot invite user without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
         }
         await app._interface.sendTeamInvitation({
           teamId: crud.id,
@@ -652,7 +650,11 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         const tokens = await this.currentSession.getTokens();
         return tokens;
       },
-      async registerPasskey() {
+      async registerPasskey(options) {
+        const hostname = (await app._getCurrentUrl())?.hostname;
+        if (!hostname) {
+          throw new StackAssertionError("hostname must be provided if the Stack App does not have a redirect method");
+        }
         const initiationResult = await app._interface.initiatePasskeyRegistration({}, session);
         if (initiationResult.status !== "ok") {
           return Result.error(new KnownErrors.PasskeyRegistrationFailed("Failed to get initiation options for passkey registration"));
@@ -661,7 +663,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         if (options_json.rp.id !== "THIS_VALUE_WILL_BE_REPLACED.example.com") {
           throw new StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);
         }
-        options_json.rp.id = window.location.hostname;
+        options_json.rp.id = hostname;
         let attResp;
         try {
           attResp = await startRegistration({ optionsJSON: options_json });
@@ -762,10 +764,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return useMemo(() => teams.map((crud2) => app._clientTeamFromCrud(crud2, session)), [teams]);
       },
       async createTeam(data) {
-        const crud2 = await app._interface.createClientTeam({
-          ...teamCreateOptionsToCrud(data),
-          creator_user_id: "me"
-        }, session);
+        const crud2 = await app._interface.createClientTeam(teamCreateOptionsToCrud(data, "me"), session);
         await app._currentUserTeamsCache.refresh([session]);
         return app._clientTeamFromCrud(crud2, session);
       },
@@ -800,8 +799,8 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         if (!crud.primary_email) {
           throw new StackAssertionError("User does not have a primary email");
         }
-        if (!options?.callbackUrl && typeof window === "undefined") {
-          throw new Error("Cannot send verification email without a callback URL from the server. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
+        if (!options?.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot send verification email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
         }
         return await app._interface.sendVerificationEmail(crud.primary_email, options?.callbackUrl ?? constructRedirectUrl(app.urls.emailVerification), session);
       },
@@ -871,7 +870,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   _getOwnedAdminApp(forProjectId, session) {
     if (!this._ownedAdminApps.has([session, forProjectId])) {
       this._ownedAdminApps.set([session, forProjectId], new _StackAdminAppImpl({
-        baseUrl: this._interface.options.baseUrl,
+        baseUrl: this._interface.options.getBaseUrl(),
         projectId: forProjectId,
         tokenStore: null,
         projectOwnerSession: session,
@@ -889,11 +888,32 @@ var _StackClientAppImpl = class __StackClientAppImpl {
   get urls() {
     return getUrls(this._urlOptions);
   }
+  async _getCurrentUrl() {
+    if (this._redirectMethod === "none") {
+      return null;
+    }
+    return new URL(window.location.href);
+  }
+  async _redirectTo(options) {
+    if (this._redirectMethod === "none") {
+      return;
+    }
+    if (isReactServer && this._redirectMethod === "nextjs") {
+      NextNavigation.redirect(options.url.toString(), options.replace ? NextNavigation.RedirectType.replace : NextNavigation.RedirectType.push);
+    } else {
+      if (options.replace) {
+        window.location.replace(options.url);
+      } else {
+        window.location.assign(options.url);
+      }
+      await wait(2e3);
+    }
+  }
   async _redirectIfTrusted(url, options) {
     if (!await this._isTrusted(url)) {
       throw new Error(`Redirect URL ${url} is not trusted; should be relative.`);
     }
-    return await _redirectTo(url, options);
+    return await this._redirectTo({ url, ...options });
   }
   async _redirectToHandler(handlerName, options) {
     let url = this.urls[handlerName];
@@ -977,14 +997,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     return await this._redirectToHandler("teamInvitation", options);
   }
   async sendForgotPasswordEmail(email, options) {
-    if (!options?.callbackUrl && typeof window === "undefined") {
-      throw new Error("Cannot send forgot password email without a callback URL from the server. Make sure you pass the `callbackUrl` option: `sendForgotPasswordEmail({ email, callbackUrl: ... })`");
+    if (!options?.callbackUrl && !await this._getCurrentUrl()) {
+      throw new Error("Cannot send forgot password email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendForgotPasswordEmail({ email, callbackUrl: ... })`");
     }
     return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? constructRedirectUrl(this.urls.passwordReset));
   }
   async sendMagicLinkEmail(email, options) {
-    if (!options?.callbackUrl && typeof window === "undefined") {
-      throw new Error("Cannot send magic link email without a callback URL from the server. Make sure you pass the `callbackUrl` option: `sendMagicLinkEmail({ email, callbackUrl: ... })`");
+    if (!options?.callbackUrl && !await this._getCurrentUrl()) {
+      throw new Error("Cannot send magic link email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendMagicLinkEmail({ email, callbackUrl: ... })`");
     }
     return await this._interface.sendMagicLinkEmail(email, options?.callbackUrl ?? constructRedirectUrl(this.urls.magicLinkCallback));
   }
@@ -1081,6 +1101,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     return res;
   }
   async signInWithOAuth(provider) {
+    if (typeof window === "undefined") {
+      throw new Error("signInWithOAuth can currently only be called in a browser environment");
+    }
     this._ensurePersistentTokenStore();
     await signInWithOAuth(
       this._interface,
@@ -1224,6 +1247,9 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
   }
   async callOAuthCallback() {
+    if (typeof window === "undefined") {
+      throw new Error("callOAuthCallback can currently only be called in a browser environment");
+    }
     this._ensurePersistentTokenStore();
     let result;
     try {
@@ -1233,13 +1259,15 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     } catch (e) {
       if (e instanceof KnownErrors.InvalidTotpCode) {
         alert("Invalid TOTP code. Please try signing in again.");
+        return false;
+      } else {
+        throw e;
       }
-      throw e;
     }
     if (result.status === "ok" && result.data) {
       await this._signInToAccountWithTokens(result.data);
       if ("afterCallbackRedirectUrl" in result.data && result.data.afterCallbackRedirectUrl) {
-        await _redirectTo(result.data.afterCallbackRedirectUrl, { replace: true });
+        await this._redirectTo({ url: result.data.afterCallbackRedirectUrl, replace: true });
         return true;
       } else if (result.data.newUser) {
         await this.redirectToAfterSignUp({ replace: true });
@@ -1255,7 +1283,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     await storeLock.withWriteLock(async () => {
       await this._interface.signOut(session);
       if (options?.redirectUrl) {
-        await _redirectTo(options.redirectUrl);
+        await this._redirectTo({ url: options.redirectUrl, replace: true });
       } else {
         await this.redirectToAfterSignOut();
       }
@@ -1343,7 +1371,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
           throw new StackAssertionError("Cannot serialize to JSON from an application without a publishable client key");
         }
         return {
-          baseUrl: this._interface.options.baseUrl,
+          baseUrl: this._options.baseUrl,
           projectId: this.projectId,
           publishableClientKey: this._interface.options.publishableClientKey,
           tokenStore: this._tokenStoreInit,
@@ -1372,7 +1400,7 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       oauthScopesOnSignIn: options.oauthScopesOnSignIn
     } : {
       interface: new StackServerInterface({
-        baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
+        getBaseUrl: () => options.baseUrl ?? getDefaultBaseUrl(),
         projectId: options.projectId ?? getDefaultProjectId(),
         clientVersion,
         publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),
@@ -1482,8 +1510,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       isPrimary: crud.is_primary,
       usedForAuth: crud.used_for_auth,
       async sendVerificationEmail(options) {
-        if (!options?.callbackUrl && typeof window === "undefined") {
-          throw new Error("Cannot send verification email without a callback URL from the server. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
+        if (!options?.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot send verification email without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `sendVerificationEmail({ callbackUrl: ... })`");
         }
         await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, options?.callbackUrl ?? constructRedirectUrl(app.urls.emailVerification));
       },
@@ -1574,10 +1602,10 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return useMemo(() => teams.map((t) => app._serverTeamFromCrud(t)), [teams]);
       },
       createTeam: async (data) => {
-        const team = await app._interface.createServerTeam({
-          ...serverTeamCreateOptionsToCrud(data),
-          creator_user_id: crud.id
-        });
+        const team = await app._interface.createServerTeam(serverTeamCreateOptionsToCrud({
+          creatorUserId: crud.id,
+          ...data
+        }));
         await app._serverTeamsCache.refresh([void 0]);
         return app._serverTeamFromCrud(team);
       },
@@ -1714,8 +1742,8 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         await app._serverTeamMemberProfilesCache.refresh([crud.id]);
       },
       async inviteUser(options) {
-        if (!options.callbackUrl && typeof window === "undefined") {
-          throw new Error("Cannot invite user without a callback URL from the server. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
+        if (!options.callbackUrl && !await app._getCurrentUrl()) {
+          throw new Error("Cannot invite user without a callback URL from the server or without a redirect method. Make sure you pass the `callbackUrl` option: `inviteUser({ email, callbackUrl: ... })`");
         }
         await app._interface.sendServerTeamInvitation({
           teamId: crud.id,
@@ -1863,7 +1891,9 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
   async _refreshUsers() {
     await Promise.all([
       super._refreshUsers(),
-      this._serverUsersCache.refreshWhere(() => true)
+      this._serverUserCache.refreshWhere(() => true),
+      this._serverUsersCache.refreshWhere(() => true),
+      this._serverContactChannelsCache.refreshWhere(() => true)
     ]);
   }
 };
@@ -1871,7 +1901,7 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
   constructor(options) {
     super({
       interface: new StackAdminInterface({
-        baseUrl: options.baseUrl ?? getDefaultBaseUrl(),
+        getBaseUrl: () => options.baseUrl ?? getDefaultBaseUrl(),
         projectId: options.projectId ?? getDefaultProjectId(),
         clientVersion,
         ..."projectOwnerSession" in options ? {
@@ -2201,7 +2231,10 @@ function serverUserCreateOptionsToCrud(options) {
     otp_auth_enabled: options.otpAuthEnabled,
     primary_email_auth_enabled: options.primaryEmailAuthEnabled,
     display_name: options.displayName,
-    primary_email_verified: options.primaryEmailVerified
+    primary_email_verified: options.primaryEmailVerified,
+    client_metadata: options.clientMetadata,
+    client_read_only_metadata: options.clientReadOnlyMetadata,
+    server_metadata: options.serverMetadata
   };
 }
 function adminProjectUpdateOptionsToCrud(options) {
@@ -2272,14 +2305,19 @@ function teamUpdateOptionsToCrud(options) {
     client_metadata: options.clientMetadata
   };
 }
-function teamCreateOptionsToCrud(options) {
+function teamCreateOptionsToCrud(options, creatorUserId) {
   return {
     display_name: options.displayName,
-    profile_image_url: options.profileImageUrl
+    profile_image_url: options.profileImageUrl,
+    creator_user_id: creatorUserId
   };
 }
 function serverTeamCreateOptionsToCrud(options) {
-  return teamCreateOptionsToCrud(options);
+  return {
+    display_name: options.displayName,
+    profile_image_url: options.profileImageUrl,
+    creator_user_id: options.creatorUserId
+  };
 }
 function serverTeamUpdateOptionsToCrud(options) {
   return {