npm - @stackframe/stack - Versions diffs - 2.8.56 → 2.8.58 - Mend

@stackframe/stack 2.8.56 → 2.8.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

package/dist/lib/stack-app/apps/implementations/client-app-impl.js CHANGED Viewed

@@ -980,22 +980,65 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       _internalSession: session,
       currentSession: {
         async getTokens() {
-          const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+          const tokens = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
           return {
             accessToken: tokens?.accessToken.token ?? null,
             refreshToken: tokens?.refreshToken?.token ?? null
           };
+        },
+        useTokens() {
+          const [_, setCounter] = import_react2.default.useState(0);
+          import_react2.default.useEffect(() => {
+            const { unsubscribe: unsubscribeRefresh } = session.startRefreshingAccessToken(3e4, 6e4);
+            const { unsubscribe: unsubscribeInvalidate } = session.onInvalidate(() => setCounter((c) => c + 1));
+            const { unsubscribe: unsubscribeAccessTokenChange } = session.onAccessTokenChange(() => setCounter((c) => c + 1));
+            return () => {
+              unsubscribeRefresh();
+              unsubscribeInvalidate();
+              unsubscribeAccessTokenChange();
+            };
+          }, []);
+          let accessToken = session.isKnownToBeInvalid() ? null : session.getAccessTokenIfNotExpiredYet(2e4, 75e3);
+          if (accessToken === null) {
+            accessToken = (0, import_react.use)(session.getOrFetchLikelyValidTokens(2e4, 75e3))?.accessToken ?? null;
+          }
+          return {
+            accessToken: accessToken?.token ?? null,
+            refreshToken: session.getRefreshToken()?.token ?? null
+          };
         }
       },
+      async getAccessToken() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens.accessToken;
+      },
+      useAccessToken() {
+        return this.currentSession.useTokens().accessToken;
+      },
+      async getRefreshToken() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens.refreshToken;
+      },
+      useRefreshToken() {
+        return this.currentSession.useTokens().refreshToken;
+      },
       async getAuthHeaders() {
         return {
           "x-stack-auth": JSON.stringify(await this.getAuthJson())
         };
       },
+      useAuthHeaders() {
+        return {
+          "x-stack-auth": JSON.stringify(this.useAuthJson())
+        };
+      },
       async getAuthJson() {
         const tokens = await this.currentSession.getTokens();
         return tokens;
       },
+      useAuthJson() {
+        return this.currentSession.useTokens();
+      },
       signOut(options) {
         return app._signOut(session, options);
       }
@@ -1036,6 +1079,8 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       passkeyAuthEnabled: crud.passkey_auth_enabled,
       isMultiFactorRequired: crud.requires_totp_mfa,
       isAnonymous: crud.is_anonymous,
+      isRestricted: crud.is_restricted,
+      restrictedReason: crud.restricted_reason,
       toClientJson() {
         return crud;
       }
@@ -1066,7 +1111,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return this.update({ clientMetadata: metadata });
       },
       async setSelectedTeam(team) {
-        await this.update({ selectedTeamId: team?.id ?? null });
+        await this.update({ selectedTeamId: typeof team === "string" ? team : team?.id ?? null });
       },
       getConnectedAccount,
       useConnectedAccount,
@@ -1346,6 +1391,25 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     const response = import_results.Result.orThrow(await this._customProductsCache.getOrWait([session, options.customCustomerId, options.cursor ?? null, options.limit ?? null], "write-only"));
     return this._customerProductsFromResponse(response);
   }
+  async cancelSubscription(options) {
+    const session = await this._getSession();
+    const user = await this.getUser();
+    if (!user) {
+      throw new import_stack_shared.KnownErrors.UserAuthenticationRequired();
+    }
+    const customerType = "teamId" in options ? "team" : "user";
+    const customerId = "teamId" in options ? options.teamId : user.id;
+    await this._interface.cancelSubscription({
+      customer_type: customerType,
+      customer_id: customerId,
+      product_id: options.productId
+    }, session);
+    if (customerType === "user") {
+      await this._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === session && userId === customerId);
+    } else {
+      await this._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === session && teamId === customerId);
+    }
+  }
   useProducts(options) {
     const session = this._useSession();
     const cache = "userId" in options ? this._userProductsCache : "teamId" in options ? this._teamProductsCache : this._customProductsCache;
@@ -1355,15 +1419,13 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return this._customerProductsFromResponse(response);
   }
   _currentUserFromCrud(crud, session) {
-    const currentUser = {
+    const currentUser = (0, import_users.withUserDestructureGuard)({
       ...this._createBaseUser(crud),
       ...this._createAuth(session),
       ...this._createUserExtraFromCurrent(crud, session),
       ...this._isInternalProject() ? this._createInternalUserExtra(session) : {},
       ...this._createCustomer(crud.id, "user", session)
-    };
-    (0, import_users.attachUserDestructureGuard)(currentUser);
-    Object.freeze(currentUser);
+    });
     return currentUser;
   }
   _clientSessionFromCrud(crud) {
@@ -1451,7 +1513,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
           const queryParams = new URLSearchParams(window.location.search);
           url = queryParams.get("after_auth_return_to") || url;
         }
-      } else if (handlerName === "signIn" || handlerName === "signUp") {
+      } else if (handlerName === "signIn" || handlerName === "signUp" || handlerName === "onboarding") {
         if (isReactServer2 || typeof window === "undefined") {
         } else {
           const currentUrl = new URL(window.location.href);
@@ -1500,6 +1562,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   async redirectToAfterSignUp(options) {
     return await this._redirectToHandler("afterSignUp", options);
   }
+  async redirectToOnboarding(options) {
+    return await this._redirectToHandler("onboarding", options);
+  }
   async redirectToAfterSignOut(options) {
     return await this._redirectToHandler("afterSignOut", options);
   }
@@ -1565,16 +1630,22 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return result;
   }
   async getUser(options) {
+    if (options?.or === "anonymous" && options.includeRestricted === false) {
+      throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+    }
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = await this._getSession(options?.tokenStore);
     let crud = import_results.Result.orThrow(await this._currentUserCache.getOrWait([session], "write-only"));
-    if (crud?.is_anonymous && options?.or !== "anonymous" && options?.or !== "anonymous-if-exists[deprecated]") {
-      crud = null;
-    }
-    if (crud === null) {
+    const includeAnonymous = options?.or === "anonymous" || options?.or === "anonymous-if-exists[deprecated]";
+    const includeRestricted = options?.includeRestricted === true || includeAnonymous;
+    if (crud === null || crud.is_anonymous && !includeAnonymous || crud.is_restricted && !includeRestricted) {
       switch (options?.or) {
         case "redirect": {
-          await this.redirectToSignIn({ replace: true });
+          if (!crud?.is_anonymous && crud?.is_restricted) {
+            await this.redirectToOnboarding({ replace: true });
+          } else {
+            await this.redirectToSignIn({ replace: true });
+          }
           break;
         }
         case "throw": {
@@ -1582,7 +1653,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         }
         case "anonymous": {
           const tokens = await this._signUpAnonymously();
-          return await this.getUser({ tokenStore: tokens, or: "anonymous-if-exists[deprecated]" }) ?? (0, import_errors.throwErr)("Something went wrong while signing up anonymously");
+          return await this.getUser({ tokenStore: tokens, or: "anonymous-if-exists[deprecated]", includeRestricted: true }) ?? (0, import_errors.throwErr)("Something went wrong while signing up anonymously");
         }
         case void 0:
         case "anonymous-if-exists[deprecated]":
@@ -1594,16 +1665,22 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return crud && this._currentUserFromCrud(crud, session);
   }
   useUser(options) {
+    if (options?.or === "anonymous" && options.includeRestricted === false) {
+      throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+    }
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = this._useSession(options?.tokenStore);
     let crud = (0, import_common3.useAsyncCache)(this._currentUserCache, [session], "clientApp.useUser()");
-    if (crud?.is_anonymous && options?.or !== "anonymous" && options?.or !== "anonymous-if-exists[deprecated]") {
-      crud = null;
-    }
-    if (crud === null) {
+    const includeAnonymous = options?.or === "anonymous" || options?.or === "anonymous-if-exists[deprecated]";
+    const includeRestricted = options?.includeRestricted === true || includeAnonymous;
+    if (crud === null || crud.is_anonymous && !includeAnonymous || crud.is_restricted && !includeRestricted) {
       switch (options?.or) {
         case "redirect": {
-          (0, import_promises.runAsynchronously)(this.redirectToSignIn({ replace: true }));
+          if (!crud?.is_anonymous && crud?.is_restricted) {
+            (0, import_promises.runAsynchronously)(this.redirectToOnboarding({ replace: true }));
+          } else {
+            (0, import_promises.runAsynchronously)(this.redirectToSignIn({ replace: true }));
+          }
           (0, import_react.suspend)();
           throw new import_errors.StackAssertionError("suspend should never return");
         }
@@ -1631,7 +1708,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     }, [crud, session, options?.or]);
   }
   _getTokenPartialUserFromSession(session, options) {
-    const accessToken = session.getAccessTokenIfNotExpiredYet(0);
+    const accessToken = session.getAccessTokenIfNotExpiredYet(0, null);
     if (!accessToken) {
       return null;
     }
@@ -1644,7 +1721,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       primaryEmail: accessToken.payload.email,
       displayName: accessToken.payload.name,
       primaryEmailVerified: accessToken.payload.email_verified,
-      isAnonymous
+      isAnonymous,
+      isRestricted: accessToken.payload.is_restricted,
+      restrictedReason: accessToken.payload.restricted_reason
     };
   }
   async _getPartialUserFromConvex(ctx) {
@@ -1657,7 +1736,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       displayName: auth.name ?? null,
       primaryEmail: auth.email ?? null,
       primaryEmailVerified: auth.email_verified,
-      isAnonymous: auth.is_anonymous
+      isAnonymous: auth.is_anonymous,
+      isRestricted: auth.is_restricted,
+      restrictedReason: auth.restricted_reason ?? null
     };
   }
   async getPartialUser(options) {
@@ -1695,7 +1776,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return async (args) => {
       const session = await this._getSession(options.tokenStore ?? this._tokenStoreInit);
       if (!args.forceRefreshToken) {
-        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4);
+        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
         return tokens2?.accessToken.token ?? null;
       }
       const tokens = await session.fetchNewTokens();
@@ -1704,7 +1785,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   }
   async getConvexHttpClientAuth(options) {
     const session = await this._getSession(options.tokenStore);
-    const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+    const tokens = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
     return tokens?.accessToken.token ?? "";
   }
   async _updateClientUser(update, session) {
@@ -2051,11 +2132,44 @@ ${url}`);
       await user.signOut({ redirectUrl: options?.redirectUrl });
     }
   }
+  async getAccessToken(options) {
+    const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return await user.getAccessToken();
+    }
+    return null;
+  }
+  useAccessToken(options) {
+    const user = this.useUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return user.useAccessToken();
+    }
+    return null;
+  }
+  async getRefreshToken(options) {
+    const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return await user.getRefreshToken();
+    }
+    return null;
+  }
+  useRefreshToken(options) {
+    const user = this.useUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return user.useRefreshToken();
+    }
+    return null;
+  }
   async getAuthHeaders(options) {
     return {
       "x-stack-auth": JSON.stringify(await this.getAuthJson(options))
     };
   }
+  useAuthHeaders(options) {
+    return {
+      "x-stack-auth": JSON.stringify(this.useAuthJson(options))
+    };
+  }
   async getAuthJson(options) {
     const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
     if (user) {
@@ -2063,6 +2177,13 @@ ${url}`);
     }
     return { accessToken: null, refreshToken: null };
   }
+  useAuthJson(options) {
+    const user = this.useUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return user.useAuthJson();
+    }
+    return { accessToken: null, refreshToken: null };
+  }
   async getProject() {
     const crud = import_results.Result.orThrow(await this._currentProjectCache.getOrWait([], "write-only"));
     return this._clientProjectFromCrud(crud);
@@ -2099,6 +2220,7 @@ ${url}`);
   }
   async _refreshUser(session) {
     await this._refreshSession(session);
+    session.suggestAccessTokenExpired();
   }
   async _refreshSession(session) {
     await this._currentUserCache.refresh([session]);