@stackframe/tanstack-start 0.0.1 → 2.8.91

package/dist/lib/stack-app/apps/implementations/server-app-impl.js

@@ -0,0 +1,1385 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_chunk = require('../../../../chunk-BE-pF4vm.js');
+let _stackframe_stack_shared_dist_utils_errors = require("@stackframe/stack-shared/dist/utils/errors");
+let _stackframe_stack_shared_dist_utils_promises = require("@stackframe/stack-shared/dist/utils/promises");
+let react = require("react");
+let _stackframe_stack_shared = require("@stackframe/stack-shared");
+let _stackframe_stack_shared_dist_utils_react = require("@stackframe/stack-shared/dist/utils/react");
+let _stackframe_stack_shared_dist_utils_results = require("@stackframe/stack-shared/dist/utils/results");
+let __common_js = require("./common.js");
+let _simplewebauthn_browser = require("@simplewebauthn/browser");
+let _stackframe_stack_shared_dist_sessions = require("@stackframe/stack-shared/dist/sessions");
+let ____________utils_url_js = require("../../../../utils/url.js");
+let ______api_keys_index_js = require("../../api-keys/index.js");
+let ______contact_channels_index_js = require("../../contact-channels/index.js");
+let ______teams_index_js = require("../../teams/index.js");
+let ______users_index_js = require("../../users/index.js");
+let __client_app_impl_js = require("./client-app-impl.js");
+
+//#region src/lib/stack-app/apps/implementations/server-app-impl.ts
+var _StackServerAppImplIncomplete = class extends __client_app_impl_js._StackClientAppImplIncomplete {
+	async _refreshTeamMembership(teamId, userId) {
+		await Promise.all([
+			this._serverTeamMemberProfilesCache.refresh([teamId]),
+			this._serverTeamsCache.refreshWhere(([u]) => u === userId || u === void 0),
+			this._serverUsersCache.refreshWhere((key) => key[8] === teamId)
+		]);
+	}
+	_createServerCustomer(userIdOrTeamId, type) {
+		const app = this;
+		const productsCache = type === "user" ? app._serverUserProductsCache : app._serverTeamProductsCache;
+		const customerOptions = type === "user" ? { userId: userIdOrTeamId } : { teamId: userIdOrTeamId };
+		return {
+			...this._createCustomer(userIdOrTeamId, type, null),
+			async getItem(itemId) {
+				return await app.getItem({
+					itemId,
+					...customerOptions
+				});
+			},
+			useItem(itemId) {
+				return app.useItem({
+					itemId,
+					...customerOptions
+				});
+			},
+			async grantProduct(productOptions) {
+				if (type === "user") if ("productId" in productOptions) await app.grantProduct({
+					userId: userIdOrTeamId,
+					productId: productOptions.productId,
+					quantity: productOptions.quantity
+				});
+				else await app.grantProduct({
+					userId: userIdOrTeamId,
+					product: productOptions.product,
+					quantity: productOptions.quantity
+				});
+				else if ("productId" in productOptions) await app.grantProduct({
+					teamId: userIdOrTeamId,
+					productId: productOptions.productId,
+					quantity: productOptions.quantity
+				});
+				else await app.grantProduct({
+					teamId: userIdOrTeamId,
+					product: productOptions.product,
+					quantity: productOptions.quantity
+				});
+				await productsCache.refresh([
+					userIdOrTeamId,
+					null,
+					null
+				]);
+			},
+			async createCheckoutUrl(options) {
+				const productIdOrInline = "productId" in options ? options.productId : options.product;
+				return await app._interface.createCheckoutUrl(type, userIdOrTeamId, productIdOrInline, null, options.returnUrl, "server");
+			}
+		};
+	}
+	async _updateServerUser(userId, update) {
+		const result = await this._interface.updateServerUser(userId, (0, ______users_index_js.serverUserUpdateOptionsToCrud)(update));
+		await this._refreshUsers();
+		return result;
+	}
+	_serverEditableTeamProfileFromCrud(crud) {
+		const app = this;
+		return {
+			displayName: crud.display_name,
+			profileImageUrl: crud.profile_image_url,
+			async update(update) {
+				await app._interface.updateServerTeamMemberProfile({
+					teamId: crud.team_id,
+					userId: crud.user_id,
+					profile: {
+						display_name: update.displayName,
+						profile_image_url: update.profileImageUrl
+					}
+				});
+				await app._serverUserTeamProfileCache.refresh([crud.team_id, crud.user_id]);
+			}
+		};
+	}
+	_serverContactChannelFromCrud(userId, crud) {
+		const app = this;
+		return {
+			id: crud.id,
+			value: crud.value,
+			type: crud.type,
+			isVerified: crud.is_verified,
+			isPrimary: crud.is_primary,
+			usedForAuth: crud.used_for_auth,
+			async sendVerificationEmail(options) {
+				await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, options?.callbackUrl ?? (0, ____________utils_url_js.constructRedirectUrl)(app.urls.emailVerification, "callbackUrl"));
+			},
+			async update(data) {
+				await app._interface.updateServerContactChannel(userId, crud.id, (0, ______contact_channels_index_js.serverContactChannelUpdateOptionsToCrud)(data));
+				await Promise.all([app._serverContactChannelsCache.refresh([userId]), app._serverUserCache.refresh([userId])]);
+			},
+			async delete() {
+				await app._interface.deleteServerContactChannel(userId, crud.id);
+				await Promise.all([app._serverContactChannelsCache.refresh([userId]), app._serverUserCache.refresh([userId])]);
+			}
+		};
+	}
+	_serverNotificationCategoryFromCrud(userId, crud) {
+		const app = this;
+		return {
+			id: crud.notification_category_id,
+			name: crud.notification_category_name,
+			enabled: crud.enabled,
+			canDisable: crud.can_disable,
+			async setEnabled(enabled) {
+				await app._interface.setServerNotificationsEnabled(userId, crud.notification_category_id, enabled);
+				await app._serverNotificationCategoriesCache.refresh([userId]);
+			}
+		};
+	}
+	_serverOAuthProviderFromCrud(crud) {
+		const app = this;
+		return {
+			id: crud.id,
+			type: crud.type,
+			userId: crud.user_id,
+			accountId: crud.account_id,
+			email: crud.email,
+			allowSignIn: crud.allow_sign_in,
+			allowConnectedAccounts: crud.allow_connected_accounts,
+			async update(data) {
+				try {
+					await app._interface.updateServerOAuthProvider(crud.user_id, crud.id, {
+						account_id: data.accountId,
+						email: data.email,
+						allow_sign_in: data.allowSignIn,
+						allow_connected_accounts: data.allowConnectedAccounts
+					});
+					await Promise.all([app._serverOAuthProvidersCache.refresh([crud.user_id]), app._serverUserConnectedAccountsCache.refresh([crud.user_id])]);
+					return _stackframe_stack_shared_dist_utils_results.Result.ok(void 0);
+				} catch (error) {
+					if (_stackframe_stack_shared.KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn.isInstance(error)) return _stackframe_stack_shared_dist_utils_results.Result.error(error);
+					throw error;
+				}
+			},
+			async delete() {
+				await app._interface.deleteServerOAuthProvider(crud.user_id, crud.id);
+				await Promise.all([app._serverOAuthProvidersCache.refresh([crud.user_id]), app._serverUserConnectedAccountsCache.refresh([crud.user_id])]);
+			}
+		};
+	}
+	constructor(options, extraOptions) {
+		const resolvedOptions = (0, __common_js.resolveConstructorOptions)(options);
+		const publishableClientKey = resolvedOptions.publishableClientKey ?? (0, __common_js.getDefaultPublishableClientKey)();
+		super(resolvedOptions, {
+			...extraOptions,
+			interface: extraOptions?.interface ?? (() => {
+				const apiUrls = (0, __common_js.resolveApiUrls)(resolvedOptions.baseUrl);
+				return new _stackframe_stack_shared.StackServerInterface({
+					getBaseUrl: () => apiUrls()[0],
+					getApiUrls: apiUrls,
+					projectId: resolvedOptions.projectId ?? (0, __common_js.getDefaultProjectId)(),
+					extraRequestHeaders: resolvedOptions.extraRequestHeaders ?? (0, __common_js.getDefaultExtraRequestHeaders)(),
+					clientVersion: __common_js.clientVersion,
+					...publishableClientKey != null ? { publishableClientKey } : {},
+					secretServerKey: resolvedOptions.secretServerKey ?? (0, __common_js.getDefaultSecretServerKey)()
+				});
+			})()
+		});
+		this._currentServerUserCache = (0, __common_js.createCacheBySession)(async (session) => {
+			if (session.isKnownToBeInvalid()) return null;
+			return await this._interface.getServerUserByToken(session);
+		});
+		this._serverUsersCache = (0, __common_js.createCache)(async ([cursor, limit, orderBy, desc, query, includeRestricted, includeAnonymous, onlyAnonymous, teamId]) => {
+			if (onlyAnonymous && !includeAnonymous) throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("onlyAnonymous=true requires includeAnonymous=true");
+			if (onlyAnonymous) return await this._interface.listServerUsers({
+				cursor,
+				limit,
+				orderBy,
+				desc,
+				query,
+				includeRestricted,
+				includeAnonymous: true,
+				onlyAnonymous: true,
+				teamId
+			});
+			return await this._interface.listServerUsers({
+				cursor,
+				limit,
+				orderBy,
+				desc,
+				query,
+				includeRestricted,
+				includeAnonymous,
+				teamId
+			});
+		});
+		this._serverUserCache = (0, __common_js.createCache)(async ([userId]) => {
+			const user = await this._interface.getServerUserById(userId);
+			return _stackframe_stack_shared_dist_utils_results.Result.or(user, null);
+		});
+		this._serverTeamsCache = (0, __common_js.createCache)(async ([userId, orderBy, desc, cursor, limit, query]) => {
+			return await this._interface.listServerTeamsPaginated({
+				userId,
+				orderBy,
+				desc,
+				cursor,
+				limit,
+				query
+			});
+		});
+		this._serverUserTeamInvitationsCache = (0, __common_js.createCache)(async ([userId]) => {
+			return await this._interface.listServerUserTeamInvitations(userId);
+		});
+		this._serverTeamUserPermissionsCache = (0, __common_js.createCache)(async ([teamId, userId, recursive]) => {
+			return await this._interface.listServerTeamPermissions({
+				teamId,
+				userId,
+				recursive
+			}, null);
+		});
+		this._serverAllTeamMemberPermissionsCache = (0, __common_js.createCache)(async ([teamId, recursive]) => {
+			return await this._interface.listServerTeamPermissions({
+				teamId,
+				recursive
+			}, null);
+		});
+		this._serverUserProjectPermissionsCache = (0, __common_js.createCache)(async ([userId, recursive]) => {
+			return await this._interface.listServerProjectPermissions({
+				userId,
+				recursive
+			}, null);
+		});
+		this._serverUserOAuthConnectionAccessTokensCache = (0, __common_js.createCache)(async ([userId, providerId, scope]) => {
+			try {
+				return { accessToken: (await this._interface.createServerProviderAccessToken(userId, providerId, scope || "")).access_token };
+			} catch (err) {
+				if (!(_stackframe_stack_shared.KnownErrors.OAuthConnectionDoesNotHaveRequiredScope.isInstance(err) || _stackframe_stack_shared.KnownErrors.OAuthConnectionNotConnectedToUser.isInstance(err))) throw err;
+			}
+			return null;
+		});
+		this._serverUserOAuthConnectionCache = (0, __common_js.createCache)(async ([userId, providerId, scope, redirect]) => {
+			return await this._getUserOAuthConnectionCacheFn({
+				getUser: async () => _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverUserCache.getOrWait([userId], "write-only")),
+				getOrWaitOAuthToken: async () => _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverUserOAuthConnectionAccessTokensCache.getOrWait([
+					userId,
+					providerId,
+					scope || ""
+				], "write-only")),
+				useOAuthToken: () => (0, __common_js.useAsyncCache)(this._serverUserOAuthConnectionAccessTokensCache, [
+					userId,
+					providerId,
+					scope || ""
+				], "user.useConnectedAccount()"),
+				providerId,
+				scope,
+				redirect,
+				session: null
+			});
+		});
+		this._serverUserConnectedAccountsCache = (0, __common_js.createCache)(async ([userId]) => {
+			return (await this._interface.listServerConnectedAccounts(userId)).items.map((item) => this._createServerOAuthConnectionFromCrudItem(userId, item));
+		});
+		this._serverUserOAuthConnectionAccessTokensByAccountCache = (0, __common_js.createCache)(async ([userId, providerId, providerAccountId, scope]) => {
+			try {
+				return { accessToken: (await this._interface.createServerProviderAccessTokenByAccount(userId, providerId, providerAccountId, scope || "")).access_token };
+			} catch (err) {
+				if (!(_stackframe_stack_shared.KnownErrors.OAuthConnectionDoesNotHaveRequiredScope.isInstance(err) || _stackframe_stack_shared.KnownErrors.OAuthConnectionNotConnectedToUser.isInstance(err))) throw err;
+			}
+			return null;
+		});
+		this._serverTeamMemberProfilesCache = (0, __common_js.createCache)(async ([teamId]) => {
+			return await this._interface.listServerTeamMemberProfiles({ teamId });
+		});
+		this._serverTeamInvitationsCache = (0, __common_js.createCache)(async ([teamId]) => {
+			return await this._interface.listServerTeamInvitations({ teamId });
+		});
+		this._serverUserTeamProfileCache = (0, __common_js.createCache)(async ([teamId, userId]) => {
+			return await this._interface.getServerTeamMemberProfile({
+				teamId,
+				userId
+			});
+		});
+		this._serverContactChannelsCache = (0, __common_js.createCache)(async ([userId]) => {
+			return await this._interface.listServerContactChannels(userId);
+		});
+		this._serverNotificationCategoriesCache = (0, __common_js.createCache)(async ([userId]) => {
+			return await this._interface.listServerNotificationCategories(userId);
+		});
+		this._serverDataVaultStoreValueCache = (0, __common_js.createCache)(async ([storeId, key, secret]) => {
+			return await this._interface.getDataVaultStoreValue(secret, storeId, key);
+		});
+		this._emailDeliveryInfoCache = (0, __common_js.createCache)(async () => {
+			return await this._interface.getEmailDeliveryInfo();
+		});
+		this._serverUserApiKeysCache = (0, __common_js.createCache)(async ([userId]) => {
+			return await this._interface.listProjectApiKeys({ user_id: userId }, null, "server");
+		});
+		this._serverTeamApiKeysCache = (0, __common_js.createCache)(async ([teamId]) => {
+			return await this._interface.listProjectApiKeys({ team_id: teamId }, null, "server");
+		});
+		this._convexIdentitySubjectCache = (0, __common_js.createCache)(async ([ctx]) => {
+			const identity = await ctx.auth.getUserIdentity();
+			return identity ? identity.subject : null;
+		});
+		this._serverCheckApiKeyCache = (0, __common_js.createCache)(async ([type, apiKey]) => {
+			return await this._interface.checkProjectApiKey(type, apiKey, null, "server");
+		});
+		this._serverOAuthProvidersCache = (0, __common_js.createCache)(async ([userId]) => {
+			return await this._interface.listServerOAuthProviders({ user_id: userId });
+		});
+		this._serverTeamItemsCache = (0, __common_js.createCache)(async ([teamId, itemId]) => {
+			return await this._interface.getItem({
+				teamId,
+				itemId
+			}, null, "server");
+		});
+		this._serverUserItemsCache = (0, __common_js.createCache)(async ([userId, itemId]) => {
+			return await this._interface.getItem({
+				userId,
+				itemId
+			}, null, "server");
+		});
+		this._serverCustomItemsCache = (0, __common_js.createCache)(async ([customCustomerId, itemId]) => {
+			return await this._interface.getItem({
+				customCustomerId,
+				itemId
+			}, null, "server");
+		});
+		this._serverUserProductsCache = (0, __common_js.createCache)(async ([userId, cursor, limit]) => {
+			return await this._interface.listProducts({
+				customer_type: "user",
+				customer_id: userId,
+				cursor: cursor ?? void 0,
+				limit: limit ?? void 0
+			}, null, "server");
+		});
+		this._serverTeamProductsCache = (0, __common_js.createCache)(async ([teamId, cursor, limit]) => {
+			return await this._interface.listProducts({
+				customer_type: "team",
+				customer_id: teamId,
+				cursor: cursor ?? void 0,
+				limit: limit ?? void 0
+			}, null, "server");
+		});
+		this._serverCustomProductsCache = (0, __common_js.createCache)(async ([customCustomerId, cursor, limit]) => {
+			return await this._interface.listProducts({
+				customer_type: "custom",
+				customer_id: customCustomerId,
+				cursor: cursor ?? void 0,
+				limit: limit ?? void 0
+			}, null, "server");
+		});
+	}
+	_serverApiKeyFromCrud(crud) {
+		return {
+			...this._baseApiKeyFromCrud(crud),
+			async revoke() {
+				await this.update({ revoked: true });
+			},
+			update: async (options) => {
+				await this._interface.updateProjectApiKey(crud.type === "team" ? { team_id: crud.team_id } : { user_id: crud.user_id }, crud.id, await (0, ______api_keys_index_js.apiKeyUpdateOptionsToCrud)(crud.type, options), null, "server");
+				if (crud.type === "team") await this._serverTeamApiKeysCache.refresh([crud.team_id]);
+				else await this._serverUserApiKeysCache.refresh([crud.user_id]);
+			}
+		};
+	}
+	_createServerOAuthConnectionFromCrudItem(userId, item) {
+		const app = this;
+		const providerId = item.provider;
+		const providerAccountId = item.provider_account_id;
+		return {
+			id: providerId,
+			provider: providerId,
+			providerAccountId,
+			async getAccessToken(options) {
+				const scopeString = options?.scopes?.join(" ") ?? "";
+				const result = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserOAuthConnectionAccessTokensByAccountCache.getOrWait([
+					userId,
+					providerId,
+					providerAccountId,
+					scopeString
+				], "write-only"));
+				if (!result) {
+					const scopeDetail = scopeString ? `The requested scopes [${scopeString}] are not available on the existing token.` : "The OAuth refresh token has likely been revoked or expired.";
+					return _stackframe_stack_shared_dist_utils_results.Result.error(new _stackframe_stack_shared.KnownErrors.OAuthAccessTokenNotAvailable(providerId, `${scopeDetail} The user needs to re-authorize by calling \`linkConnectedAccount\` or using \`getOrLinkConnectedAccount\`.`));
+				}
+				return _stackframe_stack_shared_dist_utils_results.Result.ok(result);
+			},
+			useAccessToken(options) {
+				const scopeString = options?.scopes?.join(" ") ?? "";
+				const result = (0, __common_js.useAsyncCache)(app._serverUserOAuthConnectionAccessTokensByAccountCache, [
+					userId,
+					providerId,
+					providerAccountId,
+					scopeString
+				], "connection.useAccessToken()");
+				if (!result) {
+					const scopeDetail = scopeString ? `The requested scopes [${scopeString}] are not available on the existing token.` : "The OAuth refresh token has likely been revoked or expired.";
+					return _stackframe_stack_shared_dist_utils_results.Result.error(new _stackframe_stack_shared.KnownErrors.OAuthAccessTokenNotAvailable(providerId, `${scopeDetail} The user needs to re-authorize by calling \`linkConnectedAccount\` or using \`getOrLinkConnectedAccount\`.`));
+				}
+				return _stackframe_stack_shared_dist_utils_results.Result.ok(result);
+			}
+		};
+	}
+	_serverUserFromCrud(crud) {
+		const app = this;
+		async function getConnectedAccount(idOrAccount, options) {
+			const scopeString = options?.scopes?.join(" ") ?? "";
+			if (typeof idOrAccount === "object" && "provider" in idOrAccount && "providerAccountId" in idOrAccount) {
+				const { provider, providerAccountId } = idOrAccount;
+				const found = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserConnectedAccountsCache.getOrWait([crud.id], "write-only")).find((a) => a.provider === provider && a.providerAccountId === providerAccountId);
+				if (!found) return null;
+				return found;
+			}
+			return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserOAuthConnectionCache.getOrWait([
+				crud.id,
+				idOrAccount,
+				scopeString,
+				options?.or === "redirect"
+			], "write-only"));
+		}
+		function useConnectedAccount(idOrAccount, options) {
+			const scopeString = options?.scopes?.join(" ") ?? "";
+			if (typeof idOrAccount === "object" && "provider" in idOrAccount && "providerAccountId" in idOrAccount) {
+				const { provider, providerAccountId } = idOrAccount;
+				return (0, __common_js.useAsyncCache)(app._serverUserConnectedAccountsCache, [crud.id], "user.useConnectedAccount()").find((a) => a.provider === provider && a.providerAccountId === providerAccountId) ?? null;
+			}
+			return (0, __common_js.useAsyncCache)(app._serverUserOAuthConnectionCache, [
+				crud.id,
+				idOrAccount,
+				scopeString,
+				options?.or === "redirect"
+			], "user.useConnectedAccount()");
+		}
+		const crudWithAdminRestriction = crud;
+		return (0, ______users_index_js.withUserDestructureGuard)({
+			...super._createBaseUser(crud),
+			lastActiveAt: new Date(crud.last_active_at_millis),
+			serverMetadata: crud.server_metadata,
+			restrictedByAdmin: crudWithAdminRestriction.restricted_by_admin,
+			restrictedByAdminReason: crudWithAdminRestriction.restricted_by_admin_reason,
+			restrictedByAdminPrivateDetails: crudWithAdminRestriction.restricted_by_admin_private_details,
+			countryCode: crud.country_code,
+			riskScores: { signUp: {
+				bot: crud.risk_scores.sign_up.bot,
+				freeTrialAbuse: crud.risk_scores.sign_up.free_trial_abuse
+			} },
+			async setPrimaryEmail(email, options) {
+				await app._updateServerUser(crud.id, {
+					primaryEmail: email,
+					primaryEmailVerified: options?.verified
+				});
+			},
+			async grantPermission(scopeOrPermissionId, permissionId) {
+				if (scopeOrPermissionId && typeof scopeOrPermissionId !== "string" && permissionId) {
+					const scope = scopeOrPermissionId;
+					await app._interface.grantServerTeamUserPermission(scope.id, crud.id, permissionId);
+					for (const recursive of [true, false]) {
+						await app._serverTeamUserPermissionsCache.refresh([
+							scope.id,
+							crud.id,
+							recursive
+						]);
+						await app._serverAllTeamMemberPermissionsCache.refresh([scope.id, recursive]);
+					}
+				} else {
+					const pId = scopeOrPermissionId;
+					await app._interface.grantServerProjectPermission(crud.id, pId);
+					for (const recursive of [true, false]) await app._serverUserProjectPermissionsCache.refresh([crud.id, recursive]);
+				}
+			},
+			async revokePermission(scopeOrPermissionId, permissionId) {
+				if (scopeOrPermissionId && typeof scopeOrPermissionId !== "string" && permissionId) {
+					const scope = scopeOrPermissionId;
+					await app._interface.revokeServerTeamUserPermission(scope.id, crud.id, permissionId);
+					for (const recursive of [true, false]) {
+						await app._serverTeamUserPermissionsCache.refresh([
+							scope.id,
+							crud.id,
+							recursive
+						]);
+						await app._serverAllTeamMemberPermissionsCache.refresh([scope.id, recursive]);
+					}
+				} else {
+					const pId = scopeOrPermissionId;
+					await app._interface.revokeServerProjectPermission(crud.id, pId);
+					for (const recursive of [true, false]) await app._serverUserProjectPermissionsCache.refresh([crud.id, recursive]);
+				}
+			},
+			async delete() {
+				const res = await app._interface.deleteServerUser(crud.id);
+				await app._refreshUsers();
+				return res;
+			},
+			async createSession(options) {
+				const tokens = await app._interface.createServerUserSession(crud.id, options.expiresInMillis ?? 1e3 * 60 * 60 * 24 * 365, options.isImpersonation ?? false);
+				return { async getTokens() {
+					return tokens;
+				} };
+			},
+			async getActiveSessions() {
+				return (await app._interface.listServerSessions(crud.id)).items.map((session) => app._clientSessionFromCrud(session));
+			},
+			async revokeSession(sessionId) {
+				await app._interface.deleteServerSession(sessionId);
+			},
+			async setDisplayName(displayName) {
+				return await this.update({ displayName });
+			},
+			async setClientMetadata(metadata) {
+				return await this.update({ clientMetadata: metadata });
+			},
+			async setClientReadOnlyMetadata(metadata) {
+				return await this.update({ clientReadOnlyMetadata: metadata });
+			},
+			async setServerMetadata(metadata) {
+				return await this.update({ serverMetadata: metadata });
+			},
+			async setSelectedTeam(team) {
+				return await this.update({ selectedTeamId: typeof team === "string" ? team : team?.id ?? null });
+			},
+			getConnectedAccount,
+			useConnectedAccount,
+			async listConnectedAccounts() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserConnectedAccountsCache.getOrWait([crud.id], "write-only"));
+			},
+			useConnectedAccounts() {
+				return (0, __common_js.useAsyncCache)(app._serverUserConnectedAccountsCache, [crud.id], "user.useConnectedAccounts()");
+			},
+			async linkConnectedAccount() {
+				throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("linkConnectedAccount is not available for server users. OAuth flows must be initiated on the client side.");
+			},
+			async getOrLinkConnectedAccount() {
+				throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("getOrLinkConnectedAccount is not available for server users. OAuth flows must be initiated on the client side.");
+			},
+			useOrLinkConnectedAccount() {
+				throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("useOrLinkConnectedAccount is not available for server users. OAuth flows must be initiated on the client side.");
+			},
+			selectedTeam: crud.selected_team ? app._serverTeamFromCrud(crud.selected_team) : null,
+			async getTeam(teamId) {
+				return (await this.listTeams()).find((t) => t.id === teamId) ?? null;
+			},
+			useTeam(teamId) {
+				const teams = this.useTeams();
+				return (0, react.useMemo)(() => {
+					return teams.find((t) => t.id === teamId) ?? null;
+				}, [teams, teamId]);
+			},
+			async listTeams(options) {
+				const result = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverTeamsCache.getOrWait([
+					crud.id,
+					options?.orderBy,
+					options?.desc,
+					options?.cursor,
+					options?.limit,
+					options?.query
+				], "write-only"));
+				const teams = result.items.map((t) => app._serverTeamFromCrud(t));
+				teams.nextCursor = result.pagination?.next_cursor ?? null;
+				return teams;
+			},
+			useTeams(options) {
+				const result = (0, __common_js.useAsyncCache)(app._serverTeamsCache, [
+					crud.id,
+					options?.orderBy,
+					options?.desc,
+					options?.cursor,
+					options?.limit,
+					options?.query
+				], "user.useTeams()");
+				return (0, react.useMemo)(() => {
+					const teams = result.items.map((t) => app._serverTeamFromCrud(t));
+					teams.nextCursor = result.pagination?.next_cursor ?? null;
+					return teams;
+				}, [result]);
+			},
+			createTeam: async (data) => {
+				const team = await app._interface.createServerTeam((0, ______teams_index_js.serverTeamCreateOptionsToCrud)({
+					creatorUserId: crud.id,
+					...data
+				}));
+				await app._serverTeamsCache.refreshWhere(() => true);
+				await app._updateServerUser(crud.id, { selectedTeamId: team.id });
+				return app._serverTeamFromCrud(team);
+			},
+			leaveTeam: async (team) => {
+				await app._interface.leaveServerTeam({
+					teamId: team.id,
+					userId: crud.id
+				});
+				await app._refreshTeamMembership(team.id, crud.id);
+			},
+			async listTeamInvitations() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserTeamInvitationsCache.getOrWait([crud.id], "write-only")).map((inv) => app._serverReceivedTeamInvitationFromCrud(crud.id, inv));
+			},
+			useTeamInvitations() {
+				const invitations = (0, __common_js.useAsyncCache)(app._serverUserTeamInvitationsCache, [crud.id], "user.useTeamInvitations()");
+				return (0, react.useMemo)(() => invitations.map((inv) => app._serverReceivedTeamInvitationFromCrud(crud.id, inv)), [invitations]);
+			},
+			async listPermissions(scopeOrOptions, options) {
+				if (scopeOrOptions && "id" in scopeOrOptions) {
+					const scope = scopeOrOptions;
+					const recursive = options?.recursive ?? true;
+					return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverTeamUserPermissionsCache.getOrWait([
+						scope.id,
+						crud.id,
+						recursive
+					], "write-only")).map((crud) => app._serverPermissionFromCrud(crud));
+				} else {
+					const recursive = scopeOrOptions?.recursive ?? true;
+					return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserProjectPermissionsCache.getOrWait([crud.id, recursive], "write-only")).map((crud) => app._serverPermissionFromCrud(crud));
+				}
+			},
+			usePermissions(scopeOrOptions, options) {
+				if (scopeOrOptions && "id" in scopeOrOptions) {
+					const scope = scopeOrOptions;
+					const recursive = options?.recursive ?? true;
+					const permissions = (0, __common_js.useAsyncCache)(app._serverTeamUserPermissionsCache, [
+						scope.id,
+						crud.id,
+						recursive
+					], "user.usePermissions()");
+					return (0, react.useMemo)(() => permissions.map((crud) => app._serverPermissionFromCrud(crud)), [permissions]);
+				} else {
+					const recursive = scopeOrOptions?.recursive ?? true;
+					const permissions = (0, __common_js.useAsyncCache)(app._serverUserProjectPermissionsCache, [crud.id, recursive], "user.usePermissions()");
+					return (0, react.useMemo)(() => permissions.map((crud) => app._serverPermissionFromCrud(crud)), [permissions]);
+				}
+			},
+			async getPermission(scopeOrPermissionId, permissionId) {
+				if (scopeOrPermissionId && typeof scopeOrPermissionId !== "string") {
+					const scope = scopeOrPermissionId;
+					return (await this.listPermissions(scope)).find((p) => p.id === permissionId) ?? null;
+				} else {
+					const pid = scopeOrPermissionId;
+					return (await this.listPermissions()).find((p) => p.id === pid) ?? null;
+				}
+			},
+			usePermission(scopeOrPermissionId, permissionId) {
+				if (scopeOrPermissionId && typeof scopeOrPermissionId !== "string") {
+					const scope = scopeOrPermissionId;
+					const permissions = this.usePermissions(scope);
+					return (0, react.useMemo)(() => permissions.find((p) => p.id === permissionId) ?? null, [permissions, permissionId]);
+				} else {
+					const pid = scopeOrPermissionId;
+					const permissions = this.usePermissions();
+					return (0, react.useMemo)(() => permissions.find((p) => p.id === pid) ?? null, [permissions, pid]);
+				}
+			},
+			async hasPermission(scopeOrPermissionId, permissionId) {
+				if (scopeOrPermissionId && typeof scopeOrPermissionId !== "string") {
+					const scope = scopeOrPermissionId;
+					return await this.getPermission(scope, permissionId) !== null;
+				} else {
+					const pid = scopeOrPermissionId;
+					return await this.getPermission(pid) !== null;
+				}
+			},
+			async update(update) {
+				await app._updateServerUser(crud.id, update);
+			},
+			async sendVerificationEmail() {
+				return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
+			},
+			async updatePassword(options) {
+				const result = await app._interface.updatePassword(options);
+				await app._serverUserCache.refresh([crud.id]);
+				return result;
+			},
+			async setPassword(options) {
+				const result = await this.update(options);
+				await app._serverUserCache.refresh([crud.id]);
+				return result;
+			},
+			async getTeamProfile(team) {
+				const result = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserTeamProfileCache.getOrWait([team.id, crud.id], "write-only"));
+				return app._serverEditableTeamProfileFromCrud(result);
+			},
+			useTeamProfile(team) {
+				const result = (0, __common_js.useAsyncCache)(app._serverUserTeamProfileCache, [team.id, crud.id], "user.useTeamProfile()");
+				return (0, react.useMemo)(() => app._serverEditableTeamProfileFromCrud(result), [result]);
+			},
+			async listContactChannels() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverContactChannelsCache.getOrWait([crud.id], "write-only")).map((data) => app._serverContactChannelFromCrud(crud.id, data));
+			},
+			useContactChannels() {
+				const result = (0, __common_js.useAsyncCache)(app._serverContactChannelsCache, [crud.id], "user.useContactChannels()");
+				return (0, react.useMemo)(() => result.map((data) => app._serverContactChannelFromCrud(crud.id, data)), [result]);
+			},
+			createContactChannel: async (data) => {
+				const contactChannel = await app._interface.createServerContactChannel((0, ______contact_channels_index_js.serverContactChannelCreateOptionsToCrud)(crud.id, data));
+				await Promise.all([app._serverContactChannelsCache.refresh([crud.id]), app._serverUserCache.refresh([crud.id])]);
+				return app._serverContactChannelFromCrud(crud.id, contactChannel);
+			},
+			useNotificationCategories() {
+				return (0, __common_js.useAsyncCache)(app._serverNotificationCategoriesCache, [crud.id], "user.useNotificationCategories()").map((category) => app._serverNotificationCategoryFromCrud(crud.id, category));
+			},
+			async listNotificationCategories() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverNotificationCategoriesCache.getOrWait([crud.id], "write-only")).map((category) => app._serverNotificationCategoryFromCrud(crud.id, category));
+			},
+			useApiKeys() {
+				return (0, __common_js.useAsyncCache)(app._serverUserApiKeysCache, [crud.id], "user.useApiKeys()").map((apiKey) => app._serverApiKeyFromCrud(apiKey));
+			},
+			async listApiKeys() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverUserApiKeysCache.getOrWait([crud.id], "write-only")).map((apiKey) => app._serverApiKeyFromCrud(apiKey));
+			},
+			async createApiKey(options) {
+				const result = await app._interface.createProjectApiKey(await (0, ______api_keys_index_js.apiKeyCreationOptionsToCrud)("user", crud.id, options), null, "server");
+				await app._serverUserApiKeysCache.refresh([crud.id]);
+				return app._serverApiKeyFromCrud(result);
+			},
+			useOAuthProviders() {
+				const results = (0, __common_js.useAsyncCache)(app._serverOAuthProvidersCache, [crud.id], "user.useOAuthProviders()");
+				return (0, react.useMemo)(() => results.map((oauthCrud) => app._serverOAuthProviderFromCrud(oauthCrud)), [results]);
+			},
+			async listOAuthProviders() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverOAuthProvidersCache.getOrWait([crud.id], "write-only")).map((oauthCrud) => app._serverOAuthProviderFromCrud(oauthCrud));
+			},
+			useOAuthProvider(id) {
+				const providers = this.useOAuthProviders();
+				return (0, react.useMemo)(() => providers.find((p) => p.id === id) ?? null, [providers, id]);
+			},
+			async getOAuthProvider(id) {
+				return (await this.listOAuthProviders()).find((p) => p.id === id) ?? null;
+			},
+			async registerPasskey(options) {
+				const hostname = options?.hostname || (await app._getCurrentUrl())?.hostname;
+				if (!hostname) throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("hostname must be provided if the Stack App does not have a redirect method");
+				const initiationResult = await app._interface.initiateServerPasskeyRegistration(crud.id);
+				if (initiationResult.status !== "ok") return _stackframe_stack_shared_dist_utils_results.Result.error(new _stackframe_stack_shared.KnownErrors.PasskeyRegistrationFailed("Failed to get initiation options for passkey registration"));
+				const { options_json, code } = initiationResult.data;
+				if (options_json.rp.id !== "THIS_VALUE_WILL_BE_REPLACED.example.com") throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError(`Expected returned RP ID from server to equal sentinel, but found ${options_json.rp.id}`);
+				options_json.rp.id = hostname;
+				let attResp;
+				try {
+					attResp = await (0, _simplewebauthn_browser.startRegistration)({ optionsJSON: options_json });
+				} catch (error) {
+					if (error instanceof _simplewebauthn_browser.WebAuthnError) return _stackframe_stack_shared_dist_utils_results.Result.error(new _stackframe_stack_shared.KnownErrors.PasskeyWebAuthnError(error.message, error.name));
+					else {
+						(0, _stackframe_stack_shared_dist_utils_errors.captureError)("passkey-registration-failed", error);
+						return _stackframe_stack_shared_dist_utils_results.Result.error(new _stackframe_stack_shared.KnownErrors.PasskeyRegistrationFailed("Failed to start passkey registration due to unknown error"));
+					}
+				}
+				const { accessToken, refreshToken } = await app._interface.createServerUserSession(crud.id, 6e4 * 2, false);
+				const tempSession = new _stackframe_stack_shared_dist_sessions.InternalSession({
+					accessToken,
+					refreshToken,
+					refreshAccessTokenCallback: async () => null
+				});
+				const registrationResult = await app._interface.registerPasskey({
+					credential: attResp,
+					code
+				}, tempSession);
+				await app._serverUserCache.refresh([crud.id]);
+				return registrationResult;
+			},
+			...app._createServerCustomer(crud.id, "user")
+		});
+	}
+	_serverTeamUserFromCrud(crud) {
+		return (0, ______users_index_js.withUserDestructureGuard)({
+			...this._serverUserFromCrud(crud.user),
+			teamProfile: {
+				displayName: crud.display_name,
+				profileImageUrl: crud.profile_image_url
+			}
+		});
+	}
+	_serverSentTeamInvitationFromCrud(crud) {
+		return {
+			id: crud.id,
+			recipientEmail: crud.recipient_email,
+			expiresAt: new Date(crud.expires_at_millis),
+			revoke: async () => {
+				await this._interface.revokeServerTeamInvitation(crud.id, crud.team_id);
+				await this._serverTeamInvitationsCache.refresh([crud.team_id]);
+			}
+		};
+	}
+	_serverReceivedTeamInvitationFromCrud(userId, crud) {
+		const app = this;
+		return {
+			id: crud.id,
+			teamId: crud.team_id,
+			teamDisplayName: crud.team_display_name,
+			recipientEmail: crud.recipient_email,
+			expiresAt: new Date(crud.expires_at_millis),
+			accept: async () => {
+				await app._interface.acceptServerTeamInvitationById(crud.id, userId);
+				await Promise.all([
+					app._serverUserTeamInvitationsCache.refresh([userId]),
+					app._serverTeamInvitationsCache.refresh([crud.team_id]),
+					app._refreshTeamMembership(crud.team_id, userId)
+				]);
+			}
+		};
+	}
+	_currentUserFromCrud(crud, session) {
+		return (0, ______users_index_js.withUserDestructureGuard)({
+			...this._serverUserFromCrud(crud),
+			...this._createAuth(session),
+			...this._isInternalProject() ? this._createInternalUserExtra(session) : {}
+		});
+	}
+	_serverTeamFromCrud(crud) {
+		const app = this;
+		return {
+			id: crud.id,
+			displayName: crud.display_name,
+			profileImageUrl: crud.profile_image_url,
+			createdAt: new Date(crud.created_at_millis),
+			clientMetadata: crud.client_metadata,
+			clientReadOnlyMetadata: crud.client_read_only_metadata,
+			serverMetadata: crud.server_metadata,
+			async update(update) {
+				await app._interface.updateServerTeam(crud.id, (0, ______teams_index_js.serverTeamUpdateOptionsToCrud)(update));
+				await Promise.all([app._serverTeamsCache.refreshWhere(() => true), app._serverUsersCache.refreshWhere(() => true)]);
+			},
+			async delete() {
+				await app._interface.deleteServerTeam(crud.id);
+				await Promise.all([app._serverTeamsCache.refreshWhere(() => true), app._serverUsersCache.refreshWhere(() => true)]);
+			},
+			async listUsers() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverTeamMemberProfilesCache.getOrWait([crud.id], "write-only")).map((u) => app._serverTeamUserFromCrud(u));
+			},
+			useUsers() {
+				const result = (0, __common_js.useAsyncCache)(app._serverTeamMemberProfilesCache, [crud.id], "team.useUsers()");
+				return (0, react.useMemo)(() => result.map((u) => app._serverTeamUserFromCrud(u)), [result]);
+			},
+			async addUser(userId) {
+				await app._interface.addServerUserToTeam({
+					teamId: crud.id,
+					userId
+				});
+				await app._refreshTeamMembership(crud.id, userId);
+			},
+			async removeUser(userId) {
+				await app._interface.removeServerUserFromTeam({
+					teamId: crud.id,
+					userId
+				});
+				await app._refreshTeamMembership(crud.id, userId);
+			},
+			async inviteUser(options) {
+				await app._interface.sendServerTeamInvitation({
+					teamId: crud.id,
+					email: options.email,
+					callbackUrl: options.callbackUrl ?? (0, ____________utils_url_js.constructRedirectUrl)(app.urls.teamInvitation, "callbackUrl")
+				});
+				await app._serverTeamInvitationsCache.refresh([crud.id]);
+			},
+			async listInvitations() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverTeamInvitationsCache.getOrWait([crud.id], "write-only")).map((crud) => app._serverSentTeamInvitationFromCrud(crud));
+			},
+			useInvitations() {
+				const result = (0, __common_js.useAsyncCache)(app._serverTeamInvitationsCache, [crud.id], "team.useInvitations()");
+				return (0, react.useMemo)(() => result.map((crud) => app._serverSentTeamInvitationFromCrud(crud)), [result]);
+			},
+			useApiKeys() {
+				return (0, __common_js.useAsyncCache)(app._serverTeamApiKeysCache, [crud.id], "team.useApiKeys()").map((apiKey) => app._serverApiKeyFromCrud(apiKey));
+			},
+			async listApiKeys() {
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await app._serverTeamApiKeysCache.getOrWait([crud.id], "write-only")).map((apiKey) => app._serverApiKeyFromCrud(apiKey));
+			},
+			async createApiKey(options) {
+				const result = await app._interface.createProjectApiKey(await (0, ______api_keys_index_js.apiKeyCreationOptionsToCrud)("team", crud.id, options), null, "server");
+				await app._serverTeamApiKeysCache.refresh([crud.id]);
+				return app._serverApiKeyFromCrud(result);
+			},
+			...app._createServerCustomer(crud.id, "team")
+		};
+	}
+	_serverItemFromCrud(customer, crud) {
+		const app = this;
+		return {
+			displayName: crud.display_name,
+			quantity: crud.quantity,
+			nonNegativeQuantity: Math.max(0, crud.quantity),
+			increaseQuantity: async (delta) => {
+				const updateOptions = customer.type === "user" ? {
+					itemId: crud.id,
+					userId: customer.id
+				} : customer.type === "team" ? {
+					itemId: crud.id,
+					teamId: customer.id
+				} : {
+					itemId: crud.id,
+					customCustomerId: customer.id
+				};
+				await app._interface.updateItemQuantity(updateOptions, { delta });
+				if (customer.type === "user") await app._serverUserItemsCache.refresh([customer.id, crud.id]);
+				else if (customer.type === "team") await app._serverTeamItemsCache.refresh([customer.id, crud.id]);
+				else await app._serverCustomItemsCache.refresh([customer.id, crud.id]);
+			},
+			decreaseQuantity: async (delta) => {
+				const updateOptions = customer.type === "user" ? {
+					itemId: crud.id,
+					userId: customer.id
+				} : customer.type === "team" ? {
+					itemId: crud.id,
+					teamId: customer.id
+				} : {
+					itemId: crud.id,
+					customCustomerId: customer.id
+				};
+				await app._interface.updateItemQuantity(updateOptions, {
+					delta: -delta,
+					allow_negative: true
+				});
+				if (customer.type === "user") await app._serverUserItemsCache.refresh([customer.id, crud.id]);
+				else if (customer.type === "team") await app._serverTeamItemsCache.refresh([customer.id, crud.id]);
+				else await app._serverCustomItemsCache.refresh([customer.id, crud.id]);
+			},
+			tryDecreaseQuantity: async (delta) => {
+				try {
+					const updateOptions = customer.type === "user" ? {
+						itemId: crud.id,
+						userId: customer.id
+					} : customer.type === "team" ? {
+						itemId: crud.id,
+						teamId: customer.id
+					} : {
+						itemId: crud.id,
+						customCustomerId: customer.id
+					};
+					await app._interface.updateItemQuantity(updateOptions, { delta: -delta });
+					if (customer.type === "user") await app._serverUserItemsCache.refresh([customer.id, crud.id]);
+					else if (customer.type === "team") await app._serverTeamItemsCache.refresh([customer.id, crud.id]);
+					else await app._serverCustomItemsCache.refresh([customer.id, crud.id]);
+					return true;
+				} catch (error) {
+					if (error instanceof _stackframe_stack_shared.KnownErrors.ItemQuantityInsufficientAmount) return false;
+					throw error;
+				}
+			}
+		};
+	}
+	async _getUserApiKey(options) {
+		const crud = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverCheckApiKeyCache.getOrWait(["user", options.apiKey], "write-only"));
+		return crud ? this._serverApiKeyFromCrud(crud) : null;
+	}
+	async _getTeamApiKey(options) {
+		const crud = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverCheckApiKeyCache.getOrWait(["team", options.apiKey], "write-only"));
+		return crud ? this._serverApiKeyFromCrud(crud) : null;
+	}
+	_useUserApiKey(options) {
+		const crud = (0, __common_js.useAsyncCache)(this._serverCheckApiKeyCache, ["user", options.apiKey], "serverApp.useUserApiKey()");
+		return (0, react.useMemo)(() => crud ? this._serverApiKeyFromCrud(crud) : null, [crud]);
+	}
+	_useTeamApiKey(options) {
+		const crud = (0, __common_js.useAsyncCache)(this._serverCheckApiKeyCache, ["team", options.apiKey], "serverApp.useTeamApiKey()");
+		return (0, react.useMemo)(() => crud ? this._serverApiKeyFromCrud(crud) : null, [crud]);
+	}
+	async _getUserByApiKey(apiKey) {
+		const apiKeyObject = await this._getUserApiKey({ apiKey });
+		if (apiKeyObject === null) return null;
+		return await this.getServerUserById(apiKeyObject.userId);
+	}
+	async _getUserByConvex(ctx, includeAnonymous) {
+		const identity = await ctx.auth.getUserIdentity();
+		if (identity === null) return null;
+		const user = await this.getServerUserById(identity.subject);
+		if (user?.isAnonymous && !includeAnonymous) return null;
+		return user;
+	}
+	_useUserByConvex(ctx, includeAnonymous) {
+		const subject = (0, __common_js.useAsyncCache)(this._convexIdentitySubjectCache, [ctx], "serverApp.useUserByConvex()");
+		if (subject === null) return null;
+		const user = this.useUserById(subject);
+		if (user?.isAnonymous && !includeAnonymous) return null;
+		return user;
+	}
+	_useUserByApiKey(apiKey) {
+		const apiKeyObject = this._useUserApiKey({ apiKey });
+		if (apiKeyObject === null) return null;
+		return this.useUserById(apiKeyObject.userId);
+	}
+	async _getTeamByApiKey(apiKey) {
+		const apiKeyObject = await this._getTeamApiKey({ apiKey });
+		if (apiKeyObject === null) return null;
+		return await this.getTeam(apiKeyObject.teamId);
+	}
+	_useTeamByApiKey(apiKey) {
+		const apiKeyObject = this._useTeamApiKey({ apiKey });
+		if (apiKeyObject === null) return null;
+		return this.useTeam(apiKeyObject.teamId);
+	}
+	async createUser(options) {
+		const crud = await this._interface.createServerUser((0, ______users_index_js.serverUserCreateOptionsToCrud)(options));
+		await this._refreshUsers();
+		return this._serverUserFromCrud(crud);
+	}
+	async getUser(options) {
+		if (typeof options === "string") return await this.getServerUserById(options);
+		else if (typeof options === "object" && "apiKey" in options) return await this._getUserByApiKey(options.apiKey);
+		else if (typeof options === "object" && "from" in options && options.from === "convex") return await this._getUserByConvex(options.ctx, "or" in options && options.or === "anonymous");
+		else {
+			options = options;
+			if (options?.or === "anonymous" && options.includeRestricted === false) throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+			this._ensurePersistentTokenStore(options?.tokenStore);
+			const session = await this._getSession(options?.tokenStore);
+			let crud = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._currentServerUserCache.getOrWait([session], "write-only"));
+			const includeAnonymous = options?.or === "anonymous" || options?.or === "anonymous-if-exists[deprecated]";
+			const includeRestricted = options?.includeRestricted === true || includeAnonymous;
+			if (crud === null || crud.is_anonymous && !includeAnonymous || crud.is_restricted && !includeRestricted) switch (options?.or) {
+				case "redirect":
+					if (!crud?.is_anonymous && crud?.is_restricted) await this.redirectToOnboarding({ replace: true });
+					else await this.redirectToSignIn({ replace: true });
+					break;
+				case "throw": throw new Error("User is not signed in but getUser was called with { or: 'throw' }");
+				case "anonymous": {
+					const tokens = await this._signUpAnonymously();
+					return await this.getUser({
+						tokenStore: tokens,
+						or: "anonymous-if-exists[deprecated]",
+						includeRestricted: true
+					}) ?? (0, _stackframe_stack_shared_dist_utils_errors.throwErr)("Something went wrong while signing up anonymously");
+				}
+				case void 0:
+				case "anonymous-if-exists[deprecated]":
+				case "return-null": return null;
+			}
+			return crud && this._currentUserFromCrud(crud, session);
+		}
+	}
+	async getServerUser() {
+		console.warn("stackServerApp.getServerUser is deprecated; use stackServerApp.getUser instead");
+		return await this.getUser();
+	}
+	async getServerUserById(userId) {
+		const crud = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverUserCache.getOrWait([userId], "write-only"));
+		return crud && this._serverUserFromCrud(crud);
+	}
+	useUser(options) {
+		if (typeof options === "string") return this.useUserById(options);
+		else if (typeof options === "object" && "apiKey" in options) return this._useUserByApiKey(options.apiKey);
+		else if (typeof options === "object" && "from" in options && options.from === "convex") return this._useUserByConvex(options.ctx, "or" in options && options.or === "anonymous");
+		else {
+			options = options;
+			if (options?.or === "anonymous" && options.includeRestricted === false) throw new Error("Cannot use { or: 'anonymous' } with { includeRestricted: false }. Anonymous users implicitly include restricted users.");
+			this._ensurePersistentTokenStore(options?.tokenStore);
+			const session = this._useSession(options?.tokenStore);
+			let crud = (0, __common_js.useAsyncCache)(this._currentServerUserCache, [session], "serverApp.useUser()");
+			options?.or === "anonymous" || options?.or;
+			options?.includeRestricted;
+			if (crud === null) switch (options?.or) {
+				case "redirect":
+					(0, _stackframe_stack_shared_dist_utils_promises.runAsynchronously)(this.redirectToSignIn({ replace: true }));
+					(0, _stackframe_stack_shared_dist_utils_react.suspend)();
+					throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("suspend should never return");
+				case "throw": throw new Error("User is not signed in but useUser was called with { or: 'throw' }");
+				case "anonymous":
+					(0, _stackframe_stack_shared_dist_utils_promises.runAsynchronously)(async () => {
+						await this._signUpAnonymously();
+						if (typeof window !== "undefined") window.location.reload();
+					});
+					(0, _stackframe_stack_shared_dist_utils_react.suspend)();
+					throw new _stackframe_stack_shared_dist_utils_errors.StackAssertionError("suspend should never return");
+				case void 0:
+				case "anonymous-if-exists[deprecated]":
+				case "return-null":
+			}
+			return (0, react.useMemo)(() => {
+				return crud && this._currentUserFromCrud(crud, session);
+			}, [
+				crud,
+				session,
+				options?.or
+			]);
+		}
+	}
+	useUserById(userId) {
+		const crud = (0, __common_js.useAsyncCache)(this._serverUserCache, [userId], "serverApp.useUserById()");
+		return (0, react.useMemo)(() => {
+			return crud && this._serverUserFromCrud(crud);
+		}, [crud]);
+	}
+	async listUsers(options) {
+		const crud = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverUsersCache.getOrWait([
+			options?.cursor,
+			options?.limit,
+			options?.orderBy,
+			options?.desc,
+			options?.query,
+			options?.includeRestricted,
+			options?.includeAnonymous,
+			options?.onlyAnonymous,
+			options?.teamId
+		], "write-only"));
+		const result = crud.items.map((j) => this._serverUserFromCrud(j));
+		result.nextCursor = crud.pagination?.next_cursor ?? null;
+		return result;
+	}
+	useUsers(options) {
+		const crud = (0, __common_js.useAsyncCache)(this._serverUsersCache, [
+			options?.cursor,
+			options?.limit,
+			options?.orderBy,
+			options?.desc,
+			options?.query,
+			options?.includeRestricted,
+			options?.includeAnonymous,
+			options?.onlyAnonymous,
+			options?.teamId
+		], "serverApp.useUsers()");
+		const result = crud.items.map((j) => this._serverUserFromCrud(j));
+		result.nextCursor = crud.pagination?.next_cursor ?? null;
+		return result;
+	}
+	_serverPermissionFromCrud(crud) {
+		return { id: crud.id };
+	}
+	_serverTeamPermissionDefinitionFromCrud(crud) {
+		return {
+			id: crud.id,
+			description: crud.description,
+			containedPermissionIds: crud.contained_permission_ids
+		};
+	}
+	_serverProjectPermissionDefinitionFromCrud(crud) {
+		return {
+			id: crud.id,
+			description: crud.description,
+			containedPermissionIds: crud.contained_permission_ids
+		};
+	}
+	async getItem(options) {
+		if ("userId" in options) {
+			const result = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverUserItemsCache.getOrWait([options.userId, options.itemId], "write-only"));
+			return this._serverItemFromCrud({
+				type: "user",
+				id: options.userId
+			}, result);
+		} else if ("teamId" in options) {
+			const result = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverTeamItemsCache.getOrWait([options.teamId, options.itemId], "write-only"));
+			return this._serverItemFromCrud({
+				type: "team",
+				id: options.teamId
+			}, result);
+		} else {
+			const result = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverCustomItemsCache.getOrWait([options.customCustomerId, options.itemId], "write-only"));
+			return this._serverItemFromCrud({
+				type: "custom",
+				id: options.customCustomerId
+			}, result);
+		}
+	}
+	async listProducts(options) {
+		if ("userId" in options) {
+			const response = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverUserProductsCache.getOrWait([
+				options.userId,
+				options.cursor ?? null,
+				options.limit ?? null
+			], "write-only"));
+			return this._customerProductsFromResponse(response);
+		} else if ("teamId" in options) {
+			const response = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverTeamProductsCache.getOrWait([
+				options.teamId,
+				options.cursor ?? null,
+				options.limit ?? null
+			], "write-only"));
+			return this._customerProductsFromResponse(response);
+		}
+		const response = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverCustomProductsCache.getOrWait([
+			options.customCustomerId,
+			options.cursor ?? null,
+			options.limit ?? null
+		], "write-only"));
+		return this._customerProductsFromResponse(response);
+	}
+	useItem(options) {
+		let type;
+		let id;
+		let cache;
+		if ("userId" in options) {
+			type = "user";
+			id = options.userId;
+			cache = this._serverUserItemsCache;
+		} else if ("teamId" in options) {
+			type = "team";
+			id = options.teamId;
+			cache = this._serverTeamItemsCache;
+		} else {
+			type = "custom";
+			id = options.customCustomerId;
+			cache = this._serverCustomItemsCache;
+		}
+		const cacheKey = [id, options.itemId];
+		const result = (0, __common_js.useAsyncCache)(cache, cacheKey, "serverApp.useItem()");
+		return (0, react.useMemo)(() => this._serverItemFromCrud({
+			type,
+			id
+		}, result), [result]);
+	}
+	async grantProduct(options) {
+		let customerType;
+		let customerId;
+		if ("userId" in options) {
+			customerType = "user";
+			customerId = options.userId;
+		} else if ("teamId" in options) {
+			customerType = "team";
+			customerId = options.teamId;
+		} else {
+			customerType = "custom";
+			customerId = options.customCustomerId;
+		}
+		await this._interface.grantProduct({
+			customerType,
+			customerId,
+			productId: "productId" in options ? options.productId : void 0,
+			product: "product" in options ? options.product : void 0,
+			quantity: options.quantity
+		});
+		await (customerType === "user" ? this._serverUserProductsCache : customerType === "team" ? this._serverTeamProductsCache : this._serverCustomProductsCache).refresh([
+			customerId,
+			null,
+			null
+		]);
+	}
+	async createTeam(data) {
+		const team = await this._interface.createServerTeam((0, ______teams_index_js.serverTeamCreateOptionsToCrud)(data));
+		await this._serverTeamsCache.refreshWhere(() => true);
+		return this._serverTeamFromCrud(team);
+	}
+	async listTeams(options) {
+		const crud = _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverTeamsCache.getOrWait([
+			void 0,
+			options?.orderBy,
+			options?.desc,
+			options?.cursor,
+			options?.limit,
+			options?.query
+		], "write-only"));
+		const teams = crud.items.map((t) => this._serverTeamFromCrud(t));
+		teams.nextCursor = crud.pagination?.next_cursor ?? null;
+		return teams;
+	}
+	useTeams(options) {
+		const crud = (0, __common_js.useAsyncCache)(this._serverTeamsCache, [
+			void 0,
+			options?.orderBy,
+			options?.desc,
+			options?.cursor,
+			options?.limit,
+			options?.query
+		], "serverApp.useTeams()");
+		return (0, react.useMemo)(() => {
+			const teams = crud.items.map((t) => this._serverTeamFromCrud(t));
+			teams.nextCursor = crud.pagination?.next_cursor ?? null;
+			return teams;
+		}, [crud]);
+	}
+	async listTeamMemberPermissions(teamId, options) {
+		const recursive = options?.recursive ?? false;
+		return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverAllTeamMemberPermissionsCache.getOrWait([teamId, recursive], "write-only")).map((r) => ({
+			userId: r.user_id,
+			permissionId: r.id
+		}));
+	}
+	useTeamMemberPermissions(teamId, options) {
+		const recursive = options?.recursive ?? false;
+		const rows = (0, __common_js.useAsyncCache)(this._serverAllTeamMemberPermissionsCache, [teamId, recursive], "serverApp.useTeamMemberPermissions()");
+		return (0, react.useMemo)(() => rows.map((r) => ({
+			userId: r.user_id,
+			permissionId: r.id
+		})), [rows]);
+	}
+	async getTeam(options) {
+		if (typeof options === "object" && "apiKey" in options) return await this._getTeamByApiKey(options.apiKey);
+		else {
+			const teamId = options;
+			return (await this.listTeams()).find((t) => t.id === teamId) ?? null;
+		}
+	}
+	useTeam(options) {
+		if (typeof options === "object" && "apiKey" in options) return this._useTeamByApiKey(options.apiKey);
+		else {
+			const teamId = options;
+			const teams = this.useTeams();
+			return (0, react.useMemo)(() => {
+				return teams.find((t) => t.id === teamId) ?? null;
+			}, [teams, teamId]);
+		}
+	}
+	_createServerDataVaultStore(id) {
+		const validateOptions = (options) => {
+			if (typeof options.secret !== "string") throw new Error("secret must be a string, got " + typeof options.secret);
+		};
+		return {
+			id,
+			setValue: async (key, value, options) => {
+				validateOptions(options);
+				await this._interface.setDataVaultStoreValue(options.secret, id, key, value);
+			},
+			getValue: async (key, options) => {
+				validateOptions(options);
+				return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._serverDataVaultStoreValueCache.getOrWait([
+					id,
+					key,
+					options.secret
+				], "write-only"));
+			},
+			useValue: (key, options) => {
+				validateOptions(options);
+				return (0, __common_js.useAsyncCache)(this._serverDataVaultStoreValueCache, [
+					id,
+					key,
+					options.secret
+				], "store.useValue()");
+			}
+		};
+	}
+	async getDataVaultStore(id) {
+		return this._createServerDataVaultStore(id);
+	}
+	useDataVaultStore(id) {
+		return (0, react.useMemo)(() => this._createServerDataVaultStore(id), [id]);
+	}
+	async sendEmail(options) {
+		await this._interface.sendEmail(options);
+		await this._emailDeliveryInfoCache.refresh([]);
+	}
+	async getEmailDeliveryStats() {
+		return _stackframe_stack_shared_dist_utils_results.Result.orThrow(await this._emailDeliveryInfoCache.getOrWait([], "write-only"));
+	}
+	useEmailDeliveryStats() {
+		return (0, __common_js.useAsyncCache)(this._emailDeliveryInfoCache, [], "stackServerApp.useEmailDeliveryStats()");
+	}
+	async activateEmailCapacityBoost() {
+		await this._interface.activateEmailCapacityBoost();
+		await this._emailDeliveryInfoCache.refresh([]);
+	}
+	async _refreshSession(session) {
+		await Promise.all([super._refreshUser(session), this._currentServerUserCache.refresh([session])]);
+	}
+	async _refreshUsers() {
+		await Promise.all([
+			super._refreshUsers(),
+			this._serverUserCache.refreshWhere(() => true),
+			this._serverUsersCache.refreshWhere(() => true),
+			this._serverContactChannelsCache.refreshWhere(() => true),
+			this._serverOAuthProvidersCache.refreshWhere(() => true),
+			this._serverUserConnectedAccountsCache.refreshWhere(() => true)
+		]);
+	}
+	async createOAuthProvider(options) {
+		try {
+			const crud = await this._interface.createServerOAuthProvider({
+				user_id: options.userId,
+				provider_config_id: options.providerConfigId,
+				account_id: options.accountId,
+				email: options.email,
+				allow_sign_in: options.allowSignIn,
+				allow_connected_accounts: options.allowConnectedAccounts
+			});
+			await Promise.all([this._serverOAuthProvidersCache.refresh([options.userId]), this._serverUserConnectedAccountsCache.refresh([options.userId])]);
+			return _stackframe_stack_shared_dist_utils_results.Result.ok(this._serverOAuthProviderFromCrud(crud));
+		} catch (error) {
+			if (_stackframe_stack_shared.KnownErrors.OAuthProviderAccountIdAlreadyUsedForSignIn.isInstance(error)) return _stackframe_stack_shared_dist_utils_results.Result.error(error);
+			throw error;
+		}
+	}
+};
+
+//#endregion
+exports._StackServerAppImplIncomplete = _StackServerAppImplIncomplete;
+//# sourceMappingURL=server-app-impl.js.map