@stackframe/stack 2.8.56 → 2.8.59

package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.js

@@ -10,7 +10,7 @@ import { parseJson } from "@stackframe/stack-shared/dist/utils/json";
 import { DependenciesMap } from "@stackframe/stack-shared/dist/utils/maps";
 import { deepPlainEquals, omit } from "@stackframe/stack-shared/dist/utils/objects";
 import { neverResolve, runAsynchronously, wait } from "@stackframe/stack-shared/dist/utils/promises";
-import { suspend, suspendIfSsr } from "@stackframe/stack-shared/dist/utils/react";
+import { suspend, suspendIfSsr, use } from "@stackframe/stack-shared/dist/utils/react";
 import { Result } from "@stackframe/stack-shared/dist/utils/results";
 import { Store, storeLock } from "@stackframe/stack-shared/dist/utils/stores";
 import { deindent, mergeScopeStrings } from "@stackframe/stack-shared/dist/utils/strings";
@@ -27,7 +27,7 @@ import { stackAppInternalsSymbol } from "../../common.js";
 import { contactChannelCreateOptionsToCrud, contactChannelUpdateOptionsToCrud } from "../../contact-channels/index.js";
 import { adminProjectCreateOptionsToCrud } from "../../projects/index.js";
 import { teamCreateOptionsToCrud, teamUpdateOptionsToCrud } from "../../teams/index.js";
-import { attachUserDestructureGuard, userUpdateOptionsToCrud } from "../../users/index.js";
+import { userUpdateOptionsToCrud, withUserDestructureGuard } from "../../users/index.js";
 import { clientVersion, createCache, createCacheBySession, createEmptyTokenStore, getBaseUrl, getDefaultExtraRequestHeaders, getDefaultProjectId, getDefaultPublishableClientKey, getUrls, resolveConstructorOptions } from "./common.js";
 import { useAsyncCache } from "./common.js";
 import * as sc from "@stackframe/stack-sc";
@@ -179,6 +179,11 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         }, session);
       }
     );
+    this._customerBillingCache = createCacheBySession(
+      async (session, [customerType, customerId]) => {
+        return await this._interface.getCustomerBilling(customerType, customerId, session);
+      }
+    );
     this._convexPartialUserCache = createCache(
       async ([ctx]) => await this._getPartialUserFromConvex(ctx)
     );
@@ -415,7 +420,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     if (!isBrowserLike()) {
       throw new StackAssertionError("Cannot get browser cookies on the server!");
     }
-    return cookie.parse(document.cookie || "");
+    return cookie.parseCookie(document.cookie || "");
   }
   _getRefreshTokenCookieNamePatterns() {
     return {
@@ -615,7 +620,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
             });
           }
           const cookieHeader = tokenStoreInit.headers.get("cookie");
-          const parsed = cookie.parse(cookieHeader || "");
+          const parsed = cookie.parseCookie(cookieHeader || "");
           const res = new Store(this._getTokensFromCookies(parsed));
           this._requestTokenStores.set(tokenStoreInit, res);
           return res;
@@ -936,32 +941,92 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       displayName: item.product.display_name,
       customerType: item.product.customer_type,
       isServerOnly: item.product.server_only,
-      stackable: item.product.stackable
+      stackable: item.product.stackable,
+      type: item.type,
+      subscription: item.subscription ? {
+        currentPeriodEnd: item.subscription.current_period_end ? new Date(item.subscription.current_period_end) : null,
+        cancelAtPeriodEnd: item.subscription.cancel_at_period_end,
+        isCancelable: item.subscription.is_cancelable
+      } : null,
+      switchOptions: item.switch_options?.map((option) => ({
+        productId: option.product_id,
+        displayName: option.product.display_name,
+        prices: option.product.prices
+      }))
     }));
     return Object.assign(products, { nextCursor: response.pagination.next_cursor ?? null });
   }
+  _customerBillingFromResponse(response) {
+    return {
+      hasCustomer: response.has_customer,
+      defaultPaymentMethod: response.default_payment_method
+    };
+  }
   _createAuth(session) {
     const app = this;
     return {
       _internalSession: session,
       currentSession: {
         async getTokens() {
-          const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+          const tokens = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
           return {
             accessToken: tokens?.accessToken.token ?? null,
             refreshToken: tokens?.refreshToken?.token ?? null
           };
+        },
+        useTokens() {
+          const [_, setCounter] = React.useState(0);
+          React.useEffect(() => {
+            const { unsubscribe: unsubscribeRefresh } = session.startRefreshingAccessToken(3e4, 6e4);
+            const { unsubscribe: unsubscribeInvalidate } = session.onInvalidate(() => setCounter((c) => c + 1));
+            const { unsubscribe: unsubscribeAccessTokenChange } = session.onAccessTokenChange(() => setCounter((c) => c + 1));
+            return () => {
+              unsubscribeRefresh();
+              unsubscribeInvalidate();
+              unsubscribeAccessTokenChange();
+            };
+          }, []);
+          let accessToken = session.isKnownToBeInvalid() ? null : session.getAccessTokenIfNotExpiredYet(2e4, 75e3);
+          if (accessToken === null) {
+            accessToken = use(session.getOrFetchLikelyValidTokens(2e4, 75e3))?.accessToken ?? null;
+          }
+          return {
+            accessToken: accessToken?.token ?? null,
+            refreshToken: session.getRefreshToken()?.token ?? null
+          };
         }
       },
+      async getAccessToken() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens.accessToken;
+      },
+      useAccessToken() {
+        return this.currentSession.useTokens().accessToken;
+      },
+      async getRefreshToken() {
+        const tokens = await this.currentSession.getTokens();
+        return tokens.refreshToken;
+      },
+      useRefreshToken() {
+        return this.currentSession.useTokens().refreshToken;
+      },
       async getAuthHeaders() {
         return {
           "x-stack-auth": JSON.stringify(await this.getAuthJson())
         };
       },
+      useAuthHeaders() {
+        return {
+          "x-stack-auth": JSON.stringify(this.useAuthJson())
+        };
+      },
       async getAuthJson() {
         const tokens = await this.currentSession.getTokens();
         return tokens;
       },
+      useAuthJson() {
+        return this.currentSession.useTokens();
+      },
       signOut(options) {
         return app._signOut(session, options);
       }
@@ -1002,6 +1067,8 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       passkeyAuthEnabled: crud.passkey_auth_enabled,
       isMultiFactorRequired: crud.requires_totp_mfa,
       isAnonymous: crud.is_anonymous,
+      isRestricted: crud.is_restricted,
+      restrictedReason: crud.restricted_reason,
       toClientJson() {
         return crud;
       }
@@ -1032,7 +1099,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return this.update({ clientMetadata: metadata });
       },
       async setSelectedTeam(team) {
-        await this.update({ selectedTeamId: team?.id ?? null });
+        await this.update({ selectedTeamId: typeof team === "string" ? team : team?.id ?? null });
       },
       getConnectedAccount,
       useConnectedAccount,
@@ -1263,8 +1330,29 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   }
   _createCustomer(userIdOrTeamId, type, session) {
     const app = this;
+    const effectiveSession = session ?? app._interface.createSession({ refreshToken: null });
     const customerOptions = type === "user" ? { userId: userIdOrTeamId } : { teamId: userIdOrTeamId };
     return {
+      async getBilling() {
+        const response = Result.orThrow(await app._customerBillingCache.getOrWait([effectiveSession, type, userIdOrTeamId], "write-only"));
+        return app._customerBillingFromResponse(response);
+      },
+      useBilling() {
+        const response = useAsyncCache(app._customerBillingCache, [effectiveSession, type, userIdOrTeamId], "customer.useBilling()");
+        return app._customerBillingFromResponse(response);
+      },
+      async createPaymentMethodSetupIntent() {
+        const body = await app._interface.createCustomerPaymentMethodSetupIntent(type, userIdOrTeamId, effectiveSession);
+        return {
+          clientSecret: body.client_secret,
+          stripeAccountId: body.stripe_account_id
+        };
+      },
+      async setDefaultPaymentMethodFromSetupIntent(setupIntentId) {
+        const body = await app._interface.setDefaultCustomerPaymentMethodFromSetupIntent(type, userIdOrTeamId, setupIntentId, effectiveSession);
+        await app._customerBillingCache.refresh([effectiveSession, type, userIdOrTeamId]);
+        return body.default_payment_method;
+      },
       async getItem(itemId) {
         return await app.getItem({ itemId, ...customerOptions });
       },
@@ -1278,7 +1366,23 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         return app.useProducts({ ...options, ...customerOptions });
       },
       async createCheckoutUrl(options) {
-        return await app._interface.createCheckoutUrl(type, userIdOrTeamId, options.productId, session, options.returnUrl);
+        return await app._interface.createCheckoutUrl(type, userIdOrTeamId, options.productId, effectiveSession, options.returnUrl);
+      },
+      async switchSubscription(options) {
+        await app._interface.switchSubscription({
+          customer_type: type,
+          customer_id: userIdOrTeamId,
+          from_product_id: options.fromProductId,
+          to_product_id: options.toProductId,
+          price_id: options.priceId,
+          quantity: options.quantity
+        }, effectiveSession);
+        await app._customerBillingCache.refresh([effectiveSession, type, userIdOrTeamId]);
+        if (type === "user") {
+          await app._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === effectiveSession && userId === userIdOrTeamId);
+        } else {
+          await app._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === effectiveSession && teamId === userIdOrTeamId);
+        }
       }
     };
   }
@@ -1312,6 +1416,25 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     const response = Result.orThrow(await this._customProductsCache.getOrWait([session, options.customCustomerId, options.cursor ?? null, options.limit ?? null], "write-only"));
     return this._customerProductsFromResponse(response);
   }
+  async cancelSubscription(options) {
+    const session = await this._getSession();
+    const user = await this.getUser();
+    if (!user) {
+      throw new KnownErrors.UserAuthenticationRequired();
+    }
+    const customerType = "teamId" in options ? "team" : "user";
+    const customerId = "teamId" in options ? options.teamId : user.id;
+    await this._interface.cancelSubscription({
+      customer_type: customerType,
+      customer_id: customerId,
+      product_id: options.productId
+    }, session);
+    if (customerType === "user") {
+      await this._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === session && userId === customerId);
+    } else {
+      await this._teamProductsCache.invalidateWhere(([cachedSession, teamId]) => cachedSession === session && teamId === customerId);
+    }
+  }
   useProducts(options) {
     const session = this._useSession();
     const cache = "userId" in options ? this._userProductsCache : "teamId" in options ? this._teamProductsCache : this._customProductsCache;
@@ -1321,15 +1444,13 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return this._customerProductsFromResponse(response);
   }
   _currentUserFromCrud(crud, session) {
-    const currentUser = {
+    const currentUser = withUserDestructureGuard({
       ...this._createBaseUser(crud),
       ...this._createAuth(session),
       ...this._createUserExtraFromCurrent(crud, session),
       ...this._isInternalProject() ? this._createInternalUserExtra(session) : {},
       ...this._createCustomer(crud.id, "user", session)
-    };
-    attachUserDestructureGuard(currentUser);
-    Object.freeze(currentUser);
+    });
     return currentUser;
   }
   _clientSessionFromCrud(crud) {
@@ -1417,7 +1538,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
           const queryParams = new URLSearchParams(window.location.search);
           url = queryParams.get("after_auth_return_to") || url;
         }
-      } else if (handlerName === "signIn" || handlerName === "signUp") {
+      } else if (handlerName === "signIn" || handlerName === "signUp" || handlerName === "onboarding") {
         if (isReactServer2 || typeof window === "undefined") {
         } else {
           const currentUrl = new URL(window.location.href);
@@ -1466,6 +1587,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   async redirectToAfterSignUp(options) {
     return await this._redirectToHandler("afterSignUp", options);
   }
+  async redirectToOnboarding(options) {
+    return await this._redirectToHandler("onboarding", options);
+  }
   async redirectToAfterSignOut(options) {
     return await this._redirectToHandler("afterSignOut", options);
   }
@@ -1531,16 +1655,22 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return result;
   }
   async getUser(options) {
+    if (options?.or === "anonymous" && options.includeRestricted === false) {
+      throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+    }
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = await this._getSession(options?.tokenStore);
     let crud = Result.orThrow(await this._currentUserCache.getOrWait([session], "write-only"));
-    if (crud?.is_anonymous && options?.or !== "anonymous" && options?.or !== "anonymous-if-exists[deprecated]") {
-      crud = null;
-    }
-    if (crud === null) {
+    const includeAnonymous = options?.or === "anonymous" || options?.or === "anonymous-if-exists[deprecated]";
+    const includeRestricted = options?.includeRestricted === true || includeAnonymous;
+    if (crud === null || crud.is_anonymous && !includeAnonymous || crud.is_restricted && !includeRestricted) {
       switch (options?.or) {
         case "redirect": {
-          await this.redirectToSignIn({ replace: true });
+          if (!crud?.is_anonymous && crud?.is_restricted) {
+            await this.redirectToOnboarding({ replace: true });
+          } else {
+            await this.redirectToSignIn({ replace: true });
+          }
           break;
         }
         case "throw": {
@@ -1548,7 +1678,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
         }
         case "anonymous": {
           const tokens = await this._signUpAnonymously();
-          return await this.getUser({ tokenStore: tokens, or: "anonymous-if-exists[deprecated]" }) ?? throwErr("Something went wrong while signing up anonymously");
+          return await this.getUser({ tokenStore: tokens, or: "anonymous-if-exists[deprecated]", includeRestricted: true }) ?? throwErr("Something went wrong while signing up anonymously");
         }
         case void 0:
         case "anonymous-if-exists[deprecated]":
@@ -1560,16 +1690,22 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return crud && this._currentUserFromCrud(crud, session);
   }
   useUser(options) {
+    if (options?.or === "anonymous" && options.includeRestricted === false) {
+      throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+    }
     this._ensurePersistentTokenStore(options?.tokenStore);
     const session = this._useSession(options?.tokenStore);
     let crud = useAsyncCache(this._currentUserCache, [session], "clientApp.useUser()");
-    if (crud?.is_anonymous && options?.or !== "anonymous" && options?.or !== "anonymous-if-exists[deprecated]") {
-      crud = null;
-    }
-    if (crud === null) {
+    const includeAnonymous = options?.or === "anonymous" || options?.or === "anonymous-if-exists[deprecated]";
+    const includeRestricted = options?.includeRestricted === true || includeAnonymous;
+    if (crud === null || crud.is_anonymous && !includeAnonymous || crud.is_restricted && !includeRestricted) {
       switch (options?.or) {
         case "redirect": {
-          runAsynchronously(this.redirectToSignIn({ replace: true }));
+          if (!crud?.is_anonymous && crud?.is_restricted) {
+            runAsynchronously(this.redirectToOnboarding({ replace: true }));
+          } else {
+            runAsynchronously(this.redirectToSignIn({ replace: true }));
+          }
           suspend();
           throw new StackAssertionError("suspend should never return");
         }
@@ -1597,7 +1733,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     }, [crud, session, options?.or]);
   }
   _getTokenPartialUserFromSession(session, options) {
-    const accessToken = session.getAccessTokenIfNotExpiredYet(0);
+    const accessToken = session.getAccessTokenIfNotExpiredYet(0, null);
     if (!accessToken) {
       return null;
     }
@@ -1610,7 +1746,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       primaryEmail: accessToken.payload.email,
       displayName: accessToken.payload.name,
       primaryEmailVerified: accessToken.payload.email_verified,
-      isAnonymous
+      isAnonymous,
+      isRestricted: accessToken.payload.is_restricted,
+      restrictedReason: accessToken.payload.restricted_reason
     };
   }
   async _getPartialUserFromConvex(ctx) {
@@ -1623,7 +1761,9 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
       displayName: auth.name ?? null,
       primaryEmail: auth.email ?? null,
       primaryEmailVerified: auth.email_verified,
-      isAnonymous: auth.is_anonymous
+      isAnonymous: auth.is_anonymous,
+      isRestricted: auth.is_restricted,
+      restrictedReason: auth.restricted_reason ?? null
     };
   }
   async getPartialUser(options) {
@@ -1661,7 +1801,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
     return async (args) => {
       const session = await this._getSession(options.tokenStore ?? this._tokenStoreInit);
       if (!args.forceRefreshToken) {
-        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4);
+        const tokens2 = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
         return tokens2?.accessToken.token ?? null;
       }
       const tokens = await session.fetchNewTokens();
@@ -1670,7 +1810,7 @@ var __StackClientAppImplIncomplete = class __StackClientAppImplIncomplete {
   }
   async getConvexHttpClientAuth(options) {
     const session = await this._getSession(options.tokenStore);
-    const tokens = await session.getOrFetchLikelyValidTokens(2e4);
+    const tokens = await session.getOrFetchLikelyValidTokens(2e4, 75e3);
     return tokens?.accessToken.token ?? "";
   }
   async _updateClientUser(update, session) {
@@ -2017,11 +2157,44 @@ ${url}`);
       await user.signOut({ redirectUrl: options?.redirectUrl });
     }
   }
+  async getAccessToken(options) {
+    const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return await user.getAccessToken();
+    }
+    return null;
+  }
+  useAccessToken(options) {
+    const user = this.useUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return user.useAccessToken();
+    }
+    return null;
+  }
+  async getRefreshToken(options) {
+    const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return await user.getRefreshToken();
+    }
+    return null;
+  }
+  useRefreshToken(options) {
+    const user = this.useUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return user.useRefreshToken();
+    }
+    return null;
+  }
   async getAuthHeaders(options) {
     return {
       "x-stack-auth": JSON.stringify(await this.getAuthJson(options))
     };
   }
+  useAuthHeaders(options) {
+    return {
+      "x-stack-auth": JSON.stringify(this.useAuthJson(options))
+    };
+  }
   async getAuthJson(options) {
     const user = await this.getUser({ tokenStore: options?.tokenStore ?? void 0 });
     if (user) {
@@ -2029,6 +2202,13 @@ ${url}`);
     }
     return { accessToken: null, refreshToken: null };
   }
+  useAuthJson(options) {
+    const user = this.useUser({ tokenStore: options?.tokenStore ?? void 0 });
+    if (user) {
+      return user.useAuthJson();
+    }
+    return { accessToken: null, refreshToken: null };
+  }
   async getProject() {
     const crud = Result.orThrow(await this._currentProjectCache.getOrWait([], "write-only"));
     return this._clientProjectFromCrud(crud);
@@ -2065,6 +2245,7 @@ ${url}`);
   }
   async _refreshUser(session) {
     await this._refreshSession(session);
+    session.suggestAccessTokenExpired();
   }
   async _refreshSession(session) {
     await this._currentUserCache.refresh([session]);