@supabase/server 0.1.0-alpha.1 → 0.1.1-rc.25

package/dist/wrappers/index.d.mts

@@ -1,4 +1,23 @@
 //#region src/wrappers/webhook.d.ts
+/**
+ * Verifies a webhook signature using HMAC-SHA256 with timing-safe comparison.
+ *
+ * @param payload - The raw request body as a string.
+ * @param signature - The hex-encoded signature from the webhook header.
+ * @param secret - The shared secret used to sign webhooks.
+ * @returns `true` if the signature is valid, `false` otherwise.
+ *
+ * @example
+ * ```ts
+ * const payload = await req.text()
+ * const signature = req.headers.get('x-webhook-signature') ?? ''
+ *
+ * const isValid = await verifyWebhookSignature(payload, signature, secret)
+ * if (!isValid) {
+ *   return Response.json({ error: 'Invalid signature' }, { status: 401 })
+ * }
+ * ```
+ */
 declare function verifyWebhookSignature(payload: string, signature: string, secret: string): Promise<boolean>;
 //#endregion
 export { verifyWebhookSignature };

package/dist/wrappers/index.mjs

@@ -1,5 +1,24 @@
 //#region src/wrappers/webhook.ts
 const encoder = new TextEncoder();
+/**
+* Verifies a webhook signature using HMAC-SHA256 with timing-safe comparison.
+*
+* @param payload - The raw request body as a string.
+* @param signature - The hex-encoded signature from the webhook header.
+* @param secret - The shared secret used to sign webhooks.
+* @returns `true` if the signature is valid, `false` otherwise.
+*
+* @example
+* ```ts
+* const payload = await req.text()
+* const signature = req.headers.get('x-webhook-signature') ?? ''
+*
+* const isValid = await verifyWebhookSignature(payload, signature, secret)
+* if (!isValid) {
+*   return Response.json({ error: 'Invalid signature' }, { status: 401 })
+* }
+* ```
+*/
 async function verifyWebhookSignature(payload, signature, secret) {
 	const key = await crypto.subtle.importKey("raw", encoder.encode(secret), {
 		name: "HMAC",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/server",
-  "version": "0.1.0-alpha.1",
+  "version": "0.1.1-rc.25",
   "description": "Server-side utilities for Supabase. Handles auth, client creation, and context injection so you write business logic, not boilerplate.",
   "keywords": [
     "edge",

package/dist/create-admin-client-BZ_3qcxI.d.cts

@@ -1,60 +0,0 @@
-import { i as Credentials, n as AllowWithKey, r as AuthResult, s as SupabaseEnv } from "./types-DNh3Z1O1.cjs";
-import { SupabaseClient } from "@supabase/supabase-js";
-
-//#region src/errors.d.ts
-declare class EnvError extends Error {
-  readonly status = 500;
-  readonly code: string;
-  constructor(message: string, code?: string);
-}
-declare class AuthError extends Error {
-  readonly status: number;
-  readonly code: string;
-  constructor(message: string, code?: string, status?: number);
-}
-//#endregion
-//#region src/core/resolve-env.d.ts
-declare function resolveEnv(overrides?: Partial<SupabaseEnv>): {
-  data: SupabaseEnv;
-  error: null;
-} | {
-  data: null;
-  error: EnvError;
-};
-//#endregion
-//#region src/core/extract-credentials.d.ts
-declare function extractCredentials(request: Request): Credentials;
-//#endregion
-//#region src/core/verify-credentials.d.ts
-interface VerifyCredentialsOptions {
-  allow: AllowWithKey | AllowWithKey[];
-  env?: Partial<SupabaseEnv>;
-}
-declare function verifyCredentials(credentials: Credentials, options: VerifyCredentialsOptions): Promise<{
-  data: AuthResult;
-  error: null;
-} | {
-  data: null;
-  error: AuthError;
-}>;
-//#endregion
-//#region src/core/verify-auth.d.ts
-interface VerifyAuthOptions {
-  allow: AllowWithKey | AllowWithKey[];
-  env?: Partial<SupabaseEnv>;
-}
-declare function verifyAuth(request: Request, options: VerifyAuthOptions): Promise<{
-  data: AuthResult;
-  error: null;
-} | {
-  data: null;
-  error: AuthError;
-}>;
-//#endregion
-//#region src/core/create-context-client.d.ts
-declare function createContextClient(token?: string | null, env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
-//#endregion
-//#region src/core/create-admin-client.d.ts
-declare function createAdminClient(env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
-//#endregion
-export { extractCredentials as a, EnvError as c, verifyCredentials as i, createContextClient as n, resolveEnv as o, verifyAuth as r, AuthError as s, createAdminClient as t };

package/dist/create-admin-client-CSX-Q_Fv.d.mts

@@ -1,60 +0,0 @@
-import { i as Credentials, n as AllowWithKey, r as AuthResult, s as SupabaseEnv } from "./types-BLM5-qA8.mjs";
-import { SupabaseClient } from "@supabase/supabase-js";
-
-//#region src/errors.d.ts
-declare class EnvError extends Error {
-  readonly status = 500;
-  readonly code: string;
-  constructor(message: string, code?: string);
-}
-declare class AuthError extends Error {
-  readonly status: number;
-  readonly code: string;
-  constructor(message: string, code?: string, status?: number);
-}
-//#endregion
-//#region src/core/resolve-env.d.ts
-declare function resolveEnv(overrides?: Partial<SupabaseEnv>): {
-  data: SupabaseEnv;
-  error: null;
-} | {
-  data: null;
-  error: EnvError;
-};
-//#endregion
-//#region src/core/extract-credentials.d.ts
-declare function extractCredentials(request: Request): Credentials;
-//#endregion
-//#region src/core/verify-credentials.d.ts
-interface VerifyCredentialsOptions {
-  allow: AllowWithKey | AllowWithKey[];
-  env?: Partial<SupabaseEnv>;
-}
-declare function verifyCredentials(credentials: Credentials, options: VerifyCredentialsOptions): Promise<{
-  data: AuthResult;
-  error: null;
-} | {
-  data: null;
-  error: AuthError;
-}>;
-//#endregion
-//#region src/core/verify-auth.d.ts
-interface VerifyAuthOptions {
-  allow: AllowWithKey | AllowWithKey[];
-  env?: Partial<SupabaseEnv>;
-}
-declare function verifyAuth(request: Request, options: VerifyAuthOptions): Promise<{
-  data: AuthResult;
-  error: null;
-} | {
-  data: null;
-  error: AuthError;
-}>;
-//#endregion
-//#region src/core/create-context-client.d.ts
-declare function createContextClient(token?: string | null, env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
-//#endregion
-//#region src/core/create-admin-client.d.ts
-declare function createAdminClient(env?: Partial<SupabaseEnv>, keyName?: string | null): SupabaseClient;
-//#endregion
-export { extractCredentials as a, EnvError as c, verifyCredentials as i, createContextClient as n, resolveEnv as o, verifyAuth as r, AuthError as s, createAdminClient as t };

package/dist/types-BLM5-qA8.d.mts

@@ -1,59 +0,0 @@
-import { SupabaseClient } from "@supabase/supabase-js";
-
-//#region src/types.d.ts
-type Allow = 'always' | 'public' | 'secret' | 'user';
-type AllowWithKey = Allow | `public:${string}` | `secret:${string}`;
-interface SupabaseEnv {
-  url: string;
-  publishableKeys: Record<string, string>;
-  secretKeys: Record<string, string>;
-  jwks: JsonWebKeySet | null;
-}
-interface JsonWebKeySet {
-  keys: JsonWebKey[];
-}
-interface Credentials {
-  token: string | null;
-  apikey: string | null;
-}
-interface AuthResult {
-  authType: Allow;
-  token: string | null;
-  userClaims: UserClaims | null;
-  claims: JWTClaims | null;
-  keyName?: string | null;
-}
-interface JWTClaims {
-  sub: string;
-  iss?: string;
-  aud?: string | string[];
-  exp?: number;
-  iat?: number;
-  role?: string;
-  email?: string;
-  app_metadata?: Record<string, unknown>;
-  user_metadata?: Record<string, unknown>;
-  [key: string]: unknown;
-}
-interface UserClaims {
-  id: string;
-  role?: string;
-  email?: string;
-  appMetadata?: Record<string, unknown>;
-  userMetadata?: Record<string, unknown>;
-}
-interface WithSupabaseConfig {
-  allow?: AllowWithKey | AllowWithKey[];
-  env?: Partial<SupabaseEnv>;
-  cors?: boolean | Record<string, string>;
-}
-interface SupabaseContext {
-  supabase: SupabaseClient;
-  supabaseAdmin: SupabaseClient;
-  /** JWT-derived identity. For the full Supabase User object, call `supabase.auth.getUser()`. */
-  userClaims: UserClaims | null;
-  claims: JWTClaims | null;
-  authType: Allow;
-}
-//#endregion
-export { JWTClaims as a, UserClaims as c, Credentials as i, WithSupabaseConfig as l, AllowWithKey as n, SupabaseContext as o, AuthResult as r, SupabaseEnv as s, Allow as t };

package/dist/types-DNh3Z1O1.d.cts

@@ -1,59 +0,0 @@
-import { SupabaseClient } from "@supabase/supabase-js";
-
-//#region src/types.d.ts
-type Allow = 'always' | 'public' | 'secret' | 'user';
-type AllowWithKey = Allow | `public:${string}` | `secret:${string}`;
-interface SupabaseEnv {
-  url: string;
-  publishableKeys: Record<string, string>;
-  secretKeys: Record<string, string>;
-  jwks: JsonWebKeySet | null;
-}
-interface JsonWebKeySet {
-  keys: JsonWebKey[];
-}
-interface Credentials {
-  token: string | null;
-  apikey: string | null;
-}
-interface AuthResult {
-  authType: Allow;
-  token: string | null;
-  userClaims: UserClaims | null;
-  claims: JWTClaims | null;
-  keyName?: string | null;
-}
-interface JWTClaims {
-  sub: string;
-  iss?: string;
-  aud?: string | string[];
-  exp?: number;
-  iat?: number;
-  role?: string;
-  email?: string;
-  app_metadata?: Record<string, unknown>;
-  user_metadata?: Record<string, unknown>;
-  [key: string]: unknown;
-}
-interface UserClaims {
-  id: string;
-  role?: string;
-  email?: string;
-  appMetadata?: Record<string, unknown>;
-  userMetadata?: Record<string, unknown>;
-}
-interface WithSupabaseConfig {
-  allow?: AllowWithKey | AllowWithKey[];
-  env?: Partial<SupabaseEnv>;
-  cors?: boolean | Record<string, string>;
-}
-interface SupabaseContext {
-  supabase: SupabaseClient;
-  supabaseAdmin: SupabaseClient;
-  /** JWT-derived identity. For the full Supabase User object, call `supabase.auth.getUser()`. */
-  userClaims: UserClaims | null;
-  claims: JWTClaims | null;
-  authType: Allow;
-}
-//#endregion
-export { JWTClaims as a, UserClaims as c, Credentials as i, WithSupabaseConfig as l, AllowWithKey as n, SupabaseContext as o, AuthResult as r, SupabaseEnv as s, Allow as t };