@supabase/auth-js 2.61.0

package/src/index.ts

@@ -0,0 +1,12 @@
+import GoTrueAdminApi from './GoTrueAdminApi'
+import GoTrueClient from './GoTrueClient'
+import AuthAdminApi from './AuthAdminApi'
+import AuthClient from './AuthClient'
+export { GoTrueAdminApi, GoTrueClient, AuthAdminApi, AuthClient }
+export * from './lib/types'
+export * from './lib/errors'
+export {
+  navigatorLock,
+  NavigatorLockAcquireTimeoutError,
+  internals as lockInternals,
+} from './lib/locks'

package/src/lib/constants.ts

@@ -0,0 +1,10 @@
+import { version } from './version'
+export const GOTRUE_URL = 'http://localhost:9999'
+export const STORAGE_KEY = 'supabase.auth.token'
+export const AUDIENCE = ''
+export const DEFAULT_HEADERS = { 'X-Client-Info': `gotrue-js/${version}` }
+export const EXPIRY_MARGIN = 10 // in seconds
+export const NETWORK_FAILURE = {
+  MAX_RETRIES: 10,
+  RETRY_INTERVAL: 2, // in deciseconds
+}

package/src/lib/errors.ts

@@ -0,0 +1,150 @@
+import { WeakPasswordReasons } from './types'
+
+export class AuthError extends Error {
+  status: number | undefined
+  protected __isAuthError = true
+
+  constructor(message: string, status?: number) {
+    super(message)
+    this.name = 'AuthError'
+    this.status = status
+  }
+}
+
+export function isAuthError(error: unknown): error is AuthError {
+  return typeof error === 'object' && error !== null && '__isAuthError' in error
+}
+
+export class AuthApiError extends AuthError {
+  status: number
+
+  constructor(message: string, status: number) {
+    super(message, status)
+    this.name = 'AuthApiError'
+    this.status = status
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      status: this.status,
+    }
+  }
+}
+
+export function isAuthApiError(error: unknown): error is AuthApiError {
+  return isAuthError(error) && error.name === 'AuthApiError'
+}
+
+export class AuthUnknownError extends AuthError {
+  originalError: unknown
+
+  constructor(message: string, originalError: unknown) {
+    super(message)
+    this.name = 'AuthUnknownError'
+    this.originalError = originalError
+  }
+}
+
+export class CustomAuthError extends AuthError {
+  name: string
+  status: number
+  constructor(message: string, name: string, status: number) {
+    super(message)
+    this.name = name
+    this.status = status
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      status: this.status,
+    }
+  }
+}
+
+export class AuthSessionMissingError extends CustomAuthError {
+  constructor() {
+    super('Auth session missing!', 'AuthSessionMissingError', 400)
+  }
+}
+
+export class AuthInvalidTokenResponseError extends CustomAuthError {
+  constructor() {
+    super('Auth session or user missing', 'AuthInvalidTokenResponseError', 500)
+  }
+}
+
+export class AuthInvalidCredentialsError extends CustomAuthError {
+  constructor(message: string) {
+    super(message, 'AuthInvalidCredentialsError', 400)
+  }
+}
+
+export class AuthImplicitGrantRedirectError extends CustomAuthError {
+  details: { error: string; code: string } | null = null
+  constructor(message: string, details: { error: string; code: string } | null = null) {
+    super(message, 'AuthImplicitGrantRedirectError', 500)
+    this.details = details
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      status: this.status,
+      details: this.details,
+    }
+  }
+}
+
+export class AuthPKCEGrantCodeExchangeError extends CustomAuthError {
+  details: { error: string; code: string } | null = null
+  constructor(message: string, details: { error: string; code: string } | null = null) {
+    super(message, 'AuthPKCEGrantCodeExchangeError', 500)
+    this.details = details
+  }
+
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      status: this.status,
+      details: this.details,
+    }
+  }
+}
+
+export class AuthRetryableFetchError extends CustomAuthError {
+  constructor(message: string, status: number) {
+    super(message, 'AuthRetryableFetchError', status)
+  }
+}
+
+export function isAuthRetryableFetchError(error: unknown): error is AuthRetryableFetchError {
+  return isAuthError(error) && error.name === 'AuthRetryableFetchError'
+}
+
+/**
+ * This error is thrown on certain methods when the password used is deemed
+ * weak. Inspect the reasons to identify what password strength rules are
+ * inadequate.
+ */
+export class AuthWeakPasswordError extends CustomAuthError {
+  /**
+   * Reasons why the password is deemed weak.
+   */
+  reasons: WeakPasswordReasons[]
+
+  constructor(message: string, status: number, reasons: string[]) {
+    super(message, 'AuthWeakPasswordError', status)
+
+    this.reasons = reasons
+  }
+}
+
+export function isAuthWeakPasswordError(error: unknown): error is AuthWeakPasswordError {
+  return isAuthError(error) && error.name === 'AuthWeakPasswordError'
+}

package/src/lib/fetch.ts

@@ -0,0 +1,238 @@
+import { expiresAt, looksLikeFetchResponse } from './helpers'
+import {
+  AuthResponse,
+  AuthResponsePassword,
+  SSOResponse,
+  GenerateLinkProperties,
+  GenerateLinkResponse,
+  User,
+  UserResponse,
+} from './types'
+import {
+  AuthApiError,
+  AuthRetryableFetchError,
+  AuthWeakPasswordError,
+  AuthUnknownError,
+} from './errors'
+
+export type Fetch = typeof fetch
+
+export interface FetchOptions {
+  headers?: {
+    [key: string]: string
+  }
+  noResolveJson?: boolean
+}
+
+export interface FetchParameters {
+  signal?: AbortSignal
+}
+
+export type RequestMethodType = 'GET' | 'POST' | 'PUT' | 'DELETE'
+
+const _getErrorMessage = (err: any): string =>
+  err.msg || err.message || err.error_description || err.error || JSON.stringify(err)
+
+const NETWORK_ERROR_CODES = [502, 503, 504]
+
+async function handleError(error: unknown) {
+  if (!looksLikeFetchResponse(error)) {
+    throw new AuthRetryableFetchError(_getErrorMessage(error), 0)
+  }
+
+  if (NETWORK_ERROR_CODES.includes(error.status)) {
+    // status in 500...599 range - server had an error, request might be retryed.
+    throw new AuthRetryableFetchError(_getErrorMessage(error), error.status)
+  }
+
+  let data: any
+  try {
+    data = await error.json()
+  } catch (e: any) {
+    throw new AuthUnknownError(_getErrorMessage(e), e)
+  }
+
+  if (
+    typeof data === 'object' &&
+    data &&
+    typeof data.weak_password === 'object' &&
+    data.weak_password &&
+    Array.isArray(data.weak_password.reasons) &&
+    data.weak_password.reasons.length &&
+    data.weak_password.reasons.reduce((a: boolean, i: any) => a && typeof i === 'string', true)
+  ) {
+    throw new AuthWeakPasswordError(
+      _getErrorMessage(data),
+      error.status,
+      data.weak_password.reasons
+    )
+  }
+
+  throw new AuthApiError(_getErrorMessage(data), error.status || 500)
+}
+
+const _getRequestParams = (
+  method: RequestMethodType,
+  options?: FetchOptions,
+  parameters?: FetchParameters,
+  body?: object
+) => {
+  const params: { [k: string]: any } = { method, headers: options?.headers || {} }
+
+  if (method === 'GET') {
+    return params
+  }
+
+  params.headers = { 'Content-Type': 'application/json;charset=UTF-8', ...options?.headers }
+  params.body = JSON.stringify(body)
+  return { ...params, ...parameters }
+}
+
+interface GotrueRequestOptions extends FetchOptions {
+  jwt?: string
+  redirectTo?: string
+  body?: object
+  query?: { [key: string]: string }
+  /**
+   * Function that transforms api response from gotrue into a desirable / standardised format
+   */
+  xform?: (data: any) => any
+}
+
+export async function _request(
+  fetcher: Fetch,
+  method: RequestMethodType,
+  url: string,
+  options?: GotrueRequestOptions
+) {
+  const headers = { ...options?.headers }
+  if (options?.jwt) {
+    headers['Authorization'] = `Bearer ${options.jwt}`
+  }
+  const qs = options?.query ?? {}
+  if (options?.redirectTo) {
+    qs['redirect_to'] = options.redirectTo
+  }
+  const queryString = Object.keys(qs).length ? '?' + new URLSearchParams(qs).toString() : ''
+  const data = await _handleRequest(
+    fetcher,
+    method,
+    url + queryString,
+    { headers, noResolveJson: options?.noResolveJson },
+    {},
+    options?.body
+  )
+  return options?.xform ? options?.xform(data) : { data: { ...data }, error: null }
+}
+
+async function _handleRequest(
+  fetcher: Fetch,
+  method: RequestMethodType,
+  url: string,
+  options?: FetchOptions,
+  parameters?: FetchParameters,
+  body?: object
+): Promise<any> {
+  const requestParams = _getRequestParams(method, options, parameters, body)
+
+  let result: any
+
+  try {
+    result = await fetcher(url, requestParams)
+  } catch (e) {
+    console.error(e)
+
+    // fetch failed, likely due to a network or CORS error
+    throw new AuthRetryableFetchError(_getErrorMessage(e), 0)
+  }
+
+  if (!result.ok) {
+    await handleError(result)
+  }
+
+  if (options?.noResolveJson) {
+    return result
+  }
+
+  try {
+    return await result.json()
+  } catch (e: any) {
+    await handleError(e)
+  }
+}
+
+export function _sessionResponse(data: any): AuthResponse {
+  let session = null
+  if (hasSession(data)) {
+    session = { ...data }
+
+    if (!data.expires_at) {
+      session.expires_at = expiresAt(data.expires_in)
+    }
+  }
+
+  const user: User = data.user ?? (data as User)
+  return { data: { session, user }, error: null }
+}
+
+export function _sessionResponsePassword(data: any): AuthResponsePassword {
+  const response = _sessionResponse(data) as AuthResponsePassword
+
+  if (
+    !response.error &&
+    data.weak_password &&
+    typeof data.weak_password === 'object' &&
+    Array.isArray(data.weak_password.reasons) &&
+    data.weak_password.reasons.length &&
+    data.weak_password.message &&
+    typeof data.weak_password.message === 'string' &&
+    data.weak_password.reasons.reduce((a: boolean, i: any) => a && typeof i === 'string', true)
+  ) {
+    response.data.weak_password = data.weak_password
+  }
+
+  return response
+}
+
+export function _userResponse(data: any): UserResponse {
+  const user: User = data.user ?? (data as User)
+  return { data: { user }, error: null }
+}
+
+export function _ssoResponse(data: any): SSOResponse {
+  return { data, error: null }
+}
+
+export function _generateLinkResponse(data: any): GenerateLinkResponse {
+  const { action_link, email_otp, hashed_token, redirect_to, verification_type, ...rest } = data
+
+  const properties: GenerateLinkProperties = {
+    action_link,
+    email_otp,
+    hashed_token,
+    redirect_to,
+    verification_type,
+  }
+
+  const user: User = { ...rest }
+  return {
+    data: {
+      properties,
+      user,
+    },
+    error: null,
+  }
+}
+
+export function _noResolveJsonResponse(data: any): Response {
+  return data
+}
+
+/**
+ * hasSession checks if the response object contains a valid session
+ * @param data A response object
+ * @returns true if a session is in the response
+ */
+function hasSession(data: any): boolean {
+  return data.access_token && data.refresh_token && data.expires_in
+}

package/src/lib/helpers.ts

@@ -0,0 +1,306 @@
+import { SupportedStorage } from './types'
+export function expiresAt(expiresIn: number) {
+  const timeNow = Math.round(Date.now() / 1000)
+  return timeNow + expiresIn
+}
+
+export function uuid() {
+  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
+    const r = (Math.random() * 16) | 0,
+      v = c == 'x' ? r : (r & 0x3) | 0x8
+    return v.toString(16)
+  })
+}
+
+export const isBrowser = () => typeof document !== 'undefined'
+
+const localStorageWriteTests = {
+  tested: false,
+  writable: false,
+}
+
+/**
+ * Checks whether localStorage is supported on this browser.
+ */
+export const supportsLocalStorage = () => {
+  if (!isBrowser()) {
+    return false
+  }
+
+  try {
+    if (typeof globalThis.localStorage !== 'object') {
+      return false
+    }
+  } catch (e) {
+    // DOM exception when accessing `localStorage`
+    return false
+  }
+
+  if (localStorageWriteTests.tested) {
+    return localStorageWriteTests.writable
+  }
+
+  const randomKey = `lswt-${Math.random()}${Math.random()}`
+
+  try {
+    globalThis.localStorage.setItem(randomKey, randomKey)
+    globalThis.localStorage.removeItem(randomKey)
+
+    localStorageWriteTests.tested = true
+    localStorageWriteTests.writable = true
+  } catch (e) {
+    // localStorage can't be written to
+    // https://www.chromium.org/for-testers/bug-reporting-guidelines/uncaught-securityerror-failed-to-read-the-localstorage-property-from-window-access-is-denied-for-this-document
+
+    localStorageWriteTests.tested = true
+    localStorageWriteTests.writable = false
+  }
+
+  return localStorageWriteTests.writable
+}
+
+/**
+ * Extracts parameters encoded in the URL both in the query and fragment.
+ */
+export function parseParametersFromURL(href: string) {
+  const result: { [parameter: string]: string } = {}
+
+  const url = new URL(href)
+
+  if (url.hash && url.hash[0] === '#') {
+    try {
+      const hashSearchParams = new URLSearchParams(url.hash.substring(1))
+      hashSearchParams.forEach((value, key) => {
+        result[key] = value
+      })
+    } catch (e: any) {
+      // hash is not a query string
+    }
+  }
+
+  // search parameters take precedence over hash parameters
+  url.searchParams.forEach((value, key) => {
+    result[key] = value
+  })
+
+  return result
+}
+
+type Fetch = typeof fetch
+
+export const resolveFetch = (customFetch?: Fetch): Fetch => {
+  let _fetch: Fetch
+  if (customFetch) {
+    _fetch = customFetch
+  } else if (typeof fetch === 'undefined') {
+    _fetch = (...args) =>
+      import('@supabase/node-fetch' as any).then(({ default: fetch }) => fetch(...args))
+  } else {
+    _fetch = fetch
+  }
+  return (...args) => _fetch(...args)
+}
+
+export const looksLikeFetchResponse = (maybeResponse: unknown): maybeResponse is Response => {
+  return (
+    typeof maybeResponse === 'object' &&
+    maybeResponse !== null &&
+    'status' in maybeResponse &&
+    'ok' in maybeResponse &&
+    'json' in maybeResponse &&
+    typeof (maybeResponse as any).json === 'function'
+  )
+}
+
+// Storage helpers
+export const setItemAsync = async (
+  storage: SupportedStorage,
+  key: string,
+  data: any
+): Promise<void> => {
+  await storage.setItem(key, JSON.stringify(data))
+}
+
+export const getItemAsync = async (storage: SupportedStorage, key: string): Promise<unknown> => {
+  const value = await storage.getItem(key)
+
+  if (!value) {
+    return null
+  }
+
+  try {
+    return JSON.parse(value)
+  } catch {
+    return value
+  }
+}
+
+export const removeItemAsync = async (storage: SupportedStorage, key: string): Promise<void> => {
+  await storage.removeItem(key)
+}
+
+export function decodeBase64URL(value: string): string {
+  const key = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
+  let base64 = ''
+  let chr1, chr2, chr3
+  let enc1, enc2, enc3, enc4
+  let i = 0
+  value = value.replace('-', '+').replace('_', '/')
+
+  while (i < value.length) {
+    enc1 = key.indexOf(value.charAt(i++))
+    enc2 = key.indexOf(value.charAt(i++))
+    enc3 = key.indexOf(value.charAt(i++))
+    enc4 = key.indexOf(value.charAt(i++))
+    chr1 = (enc1 << 2) | (enc2 >> 4)
+    chr2 = ((enc2 & 15) << 4) | (enc3 >> 2)
+    chr3 = ((enc3 & 3) << 6) | enc4
+    base64 = base64 + String.fromCharCode(chr1)
+
+    if (enc3 != 64 && chr2 != 0) {
+      base64 = base64 + String.fromCharCode(chr2)
+    }
+    if (enc4 != 64 && chr3 != 0) {
+      base64 = base64 + String.fromCharCode(chr3)
+    }
+  }
+  return base64
+}
+
+/**
+ * A deferred represents some asynchronous work that is not yet finished, which
+ * may or may not culminate in a value.
+ * Taken from: https://github.com/mike-north/types/blob/master/src/async.ts
+ */
+export class Deferred<T = any> {
+  public static promiseConstructor: PromiseConstructor = Promise
+
+  public readonly promise!: PromiseLike<T>
+
+  public readonly resolve!: (value?: T | PromiseLike<T>) => void
+
+  public readonly reject!: (reason?: any) => any
+
+  public constructor() {
+    // eslint-disable-next-line @typescript-eslint/no-extra-semi
+    ;(this as any).promise = new Deferred.promiseConstructor((res, rej) => {
+      // eslint-disable-next-line @typescript-eslint/no-extra-semi
+      ;(this as any).resolve = res
+      // eslint-disable-next-line @typescript-eslint/no-extra-semi
+      ;(this as any).reject = rej
+    })
+  }
+}
+
+// Taken from: https://stackoverflow.com/questions/38552003/how-to-decode-jwt-token-in-javascript-without-using-a-library
+export function decodeJWTPayload(token: string) {
+  // Regex checks for base64url format
+  const base64UrlRegex = /^([a-z0-9_-]{4})*($|[a-z0-9_-]{3}=?$|[a-z0-9_-]{2}(==)?$)$/i
+
+  const parts = token.split('.')
+
+  if (parts.length !== 3) {
+    throw new Error('JWT is not valid: not a JWT structure')
+  }
+
+  if (!base64UrlRegex.test(parts[1])) {
+    throw new Error('JWT is not valid: payload is not in base64url format')
+  }
+
+  const base64Url = parts[1]
+  return JSON.parse(decodeBase64URL(base64Url))
+}
+
+/**
+ * Creates a promise that resolves to null after some time.
+ */
+export async function sleep(time: number): Promise<null> {
+  return await new Promise((accept) => {
+    setTimeout(() => accept(null), time)
+  })
+}
+
+/**
+ * Converts the provided async function into a retryable function. Each result
+ * or thrown error is sent to the isRetryable function which should return true
+ * if the function should run again.
+ */
+export function retryable<T>(
+  fn: (attempt: number) => Promise<T>,
+  isRetryable: (attempt: number, error: any | null, result?: T) => boolean
+): Promise<T> {
+  const promise = new Promise<T>((accept, reject) => {
+    // eslint-disable-next-line @typescript-eslint/no-extra-semi
+    ;(async () => {
+      for (let attempt = 0; attempt < Infinity; attempt++) {
+        try {
+          const result = await fn(attempt)
+
+          if (!isRetryable(attempt, null, result)) {
+            accept(result)
+            return
+          }
+        } catch (e: any) {
+          if (!isRetryable(attempt, e)) {
+            reject(e)
+            return
+          }
+        }
+      }
+    })()
+  })
+
+  return promise
+}
+
+function dec2hex(dec: number) {
+  return ('0' + dec.toString(16)).substr(-2)
+}
+
+// Functions below taken from: https://stackoverflow.com/questions/63309409/creating-a-code-verifier-and-challenge-for-pkce-auth-on-spotify-api-in-reactjs
+export function generatePKCEVerifier() {
+  const verifierLength = 56
+  const array = new Uint32Array(verifierLength)
+  if (typeof crypto === 'undefined') {
+    const charSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~'
+    const charSetLen = charSet.length
+    let verifier = ''
+    for (let i = 0; i < verifierLength; i++) {
+      verifier += charSet.charAt(Math.floor(Math.random() * charSetLen))
+    }
+    return verifier
+  }
+  crypto.getRandomValues(array)
+  return Array.from(array, dec2hex).join('')
+}
+
+async function sha256(randomString: string) {
+  const encoder = new TextEncoder()
+  const encodedData = encoder.encode(randomString)
+  const hash = await crypto.subtle.digest('SHA-256', encodedData)
+  const bytes = new Uint8Array(hash)
+
+  return Array.from(bytes)
+    .map((c) => String.fromCharCode(c))
+    .join('')
+}
+
+function base64urlencode(str: string) {
+  return btoa(str).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
+}
+
+export async function generatePKCEChallenge(verifier: string) {
+  const hasCryptoSupport =
+    typeof crypto !== 'undefined' &&
+    typeof crypto.subtle !== 'undefined' &&
+    typeof TextEncoder !== 'undefined'
+
+  if (!hasCryptoSupport) {
+    console.warn(
+      'WebCrypto API is not supported. Code challenge method will default to use plain instead of sha256.'
+    )
+    return verifier
+  }
+  const hashed = await sha256(verifier)
+  return base64urlencode(hashed)
+}