@stackframe/stack 2.8.36 → 2.8.40

package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.js

@@ -128,6 +128,11 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return results;
       }
     );
+    this._currentUserOAuthProvidersCache = createCacheBySession(
+      async (session) => {
+        return await this._interface.listOAuthProviders({ user_id: "me" }, session);
+      }
+    );
     this._userItemCache = createCacheBySession(
       async (session, [userId, itemId]) => {
         return await this._interface.getItem({ userId, itemId }, session);
@@ -143,6 +148,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return await this._interface.getItem({ customCustomerId, itemId }, session);
       }
     );
+    this._convexPartialUserCache = createCache(
+      async ([ctx]) => await this._getPartialUserFromConvex(ctx)
+    );
     this._anonymousSignUpInProgress = null;
     this._memoryTokenStore = createEmptyTokenStore();
     this._nextServerCookiesTokenStores = /* @__PURE__ */ new WeakMap();
@@ -432,7 +440,8 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   }
   async _getSession(overrideTokenStoreInit) {
     const tokenStore = this._getOrCreateTokenStore(await this._createCookieHelper(), overrideTokenStoreInit);
-    return this._getSessionFromTokenStore(tokenStore);
+    const session = this._getSessionFromTokenStore(tokenStore);
+    return session;
   }
   _useSession(overrideTokenStoreInit) {
     const tokenStore = this._useTokenStore(overrideTokenStoreInit);
@@ -653,6 +662,41 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       }
     };
   }
+  _clientOAuthProviderFromCrud(crud, session) {
+    const app = this;
+    return {
+      id: crud.id,
+      type: crud.type,
+      userId: crud.user_id,
+      email: crud.email,
+      allowSignIn: crud.allow_sign_in,
+      allowConnectedAccounts: crud.allow_connected_accounts,
+      async update(data) {
+        try {
+          await app._interface.updateOAuthProvider(
+            crud.user_id,
+            crud.id,
+            {
+              allow_sign_in: data.allowSignIn,
+              allow_connected_accounts: data.allowConnectedAccounts
+            },
+            session
+          );
+          await app._currentUserOAuthProvidersCache.refresh([session]);
+          return Result.ok(void 0);
+        } catch (error) {
+          if (KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn.isInstance(error)) {
+            return Result.error(error);
+          }
+          throw error;
+        }
+      },
+      async delete() {
+        await app._interface.deleteOAuthProvider(crud.user_id, crud.id, session);
+        await app._currentUserOAuthProvidersCache.refresh([session]);
+      }
+    };
+  }
   _clientItemFromCrud(crud) {
     const app = this;
     return {
@@ -944,6 +988,22 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         );
         await app._userApiKeysCache.refresh([session]);
         return app._clientApiKeyFromCrud(session, result);
+      },
+      useOAuthProviders() {
+        const results = useAsyncCache(app._currentUserOAuthProvidersCache, [session], "user.useOAuthProviders()");
+        return results.map((crud2) => app._clientOAuthProviderFromCrud(crud2, session));
+      },
+      async listOAuthProviders() {
+        const results = Result.orThrow(await app._currentUserOAuthProvidersCache.getOrWait([session], "write-only"));
+        return results.map((crud2) => app._clientOAuthProviderFromCrud(crud2, session));
+      },
+      useOAuthProvider(id) {
+        const providers = this.useOAuthProviders();
+        return useMemo(() => providers.find((p) => p.id === id) ?? null, [providers, id]);
+      },
+      async getOAuthProvider(id) {
+        const providers = await this.listOAuthProviders();
+        return providers.find((p) => p.id === id) ?? null;
       }
     };
   }
@@ -1272,12 +1332,89 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       return crud && this._currentUserFromCrud(crud, session);
     }, [crud, session, options?.or]);
   }
+  _getTokenPartialUserFromSession(session, options) {
+    const accessToken = session.getAccessTokenIfNotExpiredYet(0);
+    if (!accessToken) {
+      return null;
+    }
+    const isAnonymous = accessToken.payload.is_anonymous;
+    if (isAnonymous && options.or !== "anonymous") {
+      return null;
+    }
+    return {
+      id: accessToken.payload.sub,
+      primaryEmail: accessToken.payload.email,
+      displayName: accessToken.payload.name,
+      primaryEmailVerified: accessToken.payload.email_verified,
+      isAnonymous
+    };
+  }
+  async _getPartialUserFromConvex(ctx) {
+    const auth = await ctx.auth.getUserIdentity();
+    if (!auth) {
+      return null;
+    }
+    return {
+      id: auth.subject,
+      displayName: auth.name ?? null,
+      primaryEmail: auth.email ?? null,
+      primaryEmailVerified: auth.email_verified,
+      isAnonymous: auth.is_anonymous
+    };
+  }
+  async getPartialUser(options) {
+    switch (options.from) {
+      case "token": {
+        this._ensurePersistentTokenStore(options.tokenStore ?? this._tokenStoreInit);
+        const session = await this._getSession(options.tokenStore);
+        return this._getTokenPartialUserFromSession(session, options);
+      }
+      case "convex": {
+        return await this._getPartialUserFromConvex(options.ctx);
+      }
+      default: {
+        throw new Error(`Invalid 'from' option: ${options.from}`);
+      }
+    }
+  }
+  usePartialUser(options) {
+    switch (options.from) {
+      case "token": {
+        this._ensurePersistentTokenStore(options.tokenStore ?? this._tokenStoreInit);
+        const session = this._useSession(options.tokenStore);
+        return this._getTokenPartialUserFromSession(session, options);
+      }
+      case "convex": {
+        const result = useAsyncCache(this._convexPartialUserCache, [options.ctx], "usePartialUser(convex)");
+        return result;
+      }
+      default: {
+        throw new Error(`Invalid 'from' option: ${options.from}`);
+      }
+    }
+  }
+  getConvexClientAuth(options) {
+    return async (args) => {
+      const session = await this._getSession(options.tokenStore);
+      if (!args.forceRefreshToken) {
+        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4);
+        return tokens2?.accessToken.token ?? null;
+      }
+      const tokens = await session.fetchNewTokens();
+      return tokens?.accessToken.token ?? null;
+    };
+  }
+  async getConvexHttpClientAuth(options) {
+    const session = await this._getSession(options.tokenStore);
+    const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+    return tokens?.accessToken.token ?? throwErr("No access token available");
+  }
   async _updateClientUser(update, session) {
     const res = await this._interface.updateClientUser(userUpdateOptionsToCrud(update), session);
     await this._refreshUser(session);
     return res;
   }
-  async signInWithOAuth(provider) {
+  async signInWithOAuth(provider, options) {
     if (typeof window === "undefined") {
       throw new Error("signInWithOAuth can currently only be called in a browser environment");
     }
@@ -1287,7 +1424,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       this._interface,
       {
         provider,
-        redirectUrl: this.urls.oauthCallback,
+        redirectUrl: options?.returnTo ?? this.urls.oauthCallback,
         errorRedirectUrl: this.urls.error,
         providerScope: this._oauthScopesOnSignIn[provider]?.join(" ")
       },