@supabase/server 0.1.1-rc.26 → 0.1.1-rc.27

package/README.md

@@ -189,7 +189,7 @@ Extracts credentials from a Request and validates against the allow config.
 ```ts
 const { data: auth, error } = await verifyAuth(req, { allow: 'user' })
 if (error) {
-  return Response.json({ error: error.message }, { status: error.status })
+  return Response.json({ message: error.message }, { status: error.status })
 }
 ```
 
@@ -246,7 +246,10 @@ export default {
     if (url.pathname === '/todos') {
       const { data: auth, error } = await verifyAuth(req, { allow: 'user' })
       if (error)
-        return Response.json({ error: error.message }, { status: error.status })
+        return Response.json(
+          { message: error.message },
+          { status: error.status },
+        )
 
       const supabase = createContextClient(auth.token)
       const { data } = await supabase.from('todos').select()

package/dist/adapters/hono/index.cjs

@@ -1,5 +1,5 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_create_supabase_context = require('../../create-supabase-context-DcVorGKG.cjs');
+const require_create_supabase_context = require('../../create-supabase-context-BO7DGfth.cjs');
 let hono_http_exception = require("hono/http-exception");
 let hono_factory = require("hono/factory");
 

package/dist/adapters/hono/index.mjs

@@ -1,4 +1,4 @@
-import { t as createSupabaseContext } from "../../create-supabase-context-CmWaH3s6.mjs";
+import { t as createSupabaseContext } from "../../create-supabase-context--JXiHT_N.mjs";
 import { HTTPException } from "hono/http-exception";
 import { createMiddleware } from "hono/factory";
 

package/dist/core/index.cjs

@@ -1,5 +1,5 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_verify_auth = require('../verify-auth-DvRVnjdq.cjs');
+const require_verify_auth = require('../verify-auth-BjIehuNM.cjs');
 
 exports.createAdminClient = require_verify_auth.createAdminClient;
 exports.createContextClient = require_verify_auth.createContextClient;

package/dist/core/index.d.cts

@@ -1,5 +1,5 @@
 import { i as Credentials, n as AllowWithKey, r as AuthResult, s as SupabaseEnv } from "../types-CnKoFCMX.cjs";
-import { n as EnvError, t as AuthError } from "../errors-BmSsOAvx.cjs";
+import { i as EnvError, t as AuthError } from "../errors-O2ugIMec.cjs";
 import { SupabaseClient } from "@supabase/supabase-js";
 
 //#region src/core/resolve-env.d.ts
@@ -86,7 +86,7 @@ interface VerifyCredentialsOptions {
  *   allow: ['user', 'public'],
  * })
  * if (error) {
- *   return Response.json({ error: error.message }, { status: error.status })
+ *   return Response.json({ message: error.message }, { status: error.status })
  * }
  * ```
  */
@@ -135,7 +135,7 @@ interface VerifyAuthOptions {
  * })
  *
  * if (error) {
- *   return Response.json({ error: error.message }, { status: error.status })
+ *   return Response.json({ message: error.message }, { status: error.status })
  * }
  *
  * console.log(auth.userClaims!.id) // "d0f1a2b3-..."

package/dist/core/index.d.mts

@@ -1,5 +1,5 @@
 import { i as Credentials, n as AllowWithKey, r as AuthResult, s as SupabaseEnv } from "../types-ClmJ8pi8.mjs";
-import { n as EnvError, t as AuthError } from "../errors-5ivL23qo.mjs";
+import { i as EnvError, t as AuthError } from "../errors-CAH-RRA3.mjs";
 import { SupabaseClient } from "@supabase/supabase-js";
 
 //#region src/core/resolve-env.d.ts
@@ -86,7 +86,7 @@ interface VerifyCredentialsOptions {
  *   allow: ['user', 'public'],
  * })
  * if (error) {
- *   return Response.json({ error: error.message }, { status: error.status })
+ *   return Response.json({ message: error.message }, { status: error.status })
  * }
  * ```
  */
@@ -135,7 +135,7 @@ interface VerifyAuthOptions {
  * })
  *
  * if (error) {
- *   return Response.json({ error: error.message }, { status: error.status })
+ *   return Response.json({ message: error.message }, { status: error.status })
  * }
  *
  * console.log(auth.userClaims!.id) // "d0f1a2b3-..."

package/dist/core/index.mjs

@@ -1,3 +1,3 @@
-import { a as createAdminClient, i as createContextClient, n as verifyCredentials, o as resolveEnv, r as extractCredentials, t as verifyAuth } from "../verify-auth-2S7zFfR-.mjs";
+import { a as createAdminClient, i as createContextClient, n as verifyCredentials, o as resolveEnv, r as extractCredentials, t as verifyAuth } from "../verify-auth-mePXRNu9.mjs";
 
 export { createAdminClient, createContextClient, extractCredentials, resolveEnv, verifyAuth, verifyCredentials };

package/dist/{create-supabase-context-CmWaH3s6.mjs → create-supabase-context--JXiHT_N.mjs}

@@ -1,4 +1,4 @@
-import { a as createAdminClient, c as EnvError, i as createContextClient, s as AuthError, t as verifyAuth } from "./verify-auth-2S7zFfR-.mjs";
+import { a as createAdminClient, f as Errors, i as createContextClient, l as CreateSupabaseClientError, s as AuthError, t as verifyAuth, u as EnvError } from "./verify-auth-mePXRNu9.mjs";
 
 //#region src/create-supabase-context.ts
 /**
@@ -16,7 +16,7 @@ import { a as createAdminClient, c as EnvError, i as createContextClient, s as A
 * ```ts
 * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
 * if (error) {
-*   return Response.json({ error: error.message }, { status: error.status })
+*   return Response.json({ message: error.message }, { status: error.status })
 * }
 * const { data } = await ctx.supabase.rpc('get_my_items')
 * ```
@@ -46,7 +46,7 @@ async function createSupabaseContext(request, options) {
 	} catch (e) {
 		return {
 			data: null,
-			error: e instanceof EnvError ? new AuthError(e.message, e.code, 500) : new AuthError("Failed to create Supabase client", "CLIENT_ERROR", 500)
+			error: e instanceof EnvError ? new AuthError(e.message, e.code, 500) : Errors[CreateSupabaseClientError]()
 		};
 	}
 }

package/dist/{create-supabase-context-DcVorGKG.cjs → create-supabase-context-BO7DGfth.cjs}

@@ -1,4 +1,4 @@
-const require_verify_auth = require('./verify-auth-DvRVnjdq.cjs');
+const require_verify_auth = require('./verify-auth-BjIehuNM.cjs');
 
 //#region src/create-supabase-context.ts
 /**
@@ -16,7 +16,7 @@ const require_verify_auth = require('./verify-auth-DvRVnjdq.cjs');
 * ```ts
 * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
 * if (error) {
-*   return Response.json({ error: error.message }, { status: error.status })
+*   return Response.json({ message: error.message }, { status: error.status })
 * }
 * const { data } = await ctx.supabase.rpc('get_my_items')
 * ```
@@ -46,7 +46,7 @@ async function createSupabaseContext(request, options) {
 	} catch (e) {
 		return {
 			data: null,
-			error: e instanceof require_verify_auth.EnvError ? new require_verify_auth.AuthError(e.message, e.code, 500) : new require_verify_auth.AuthError("Failed to create Supabase client", "CLIENT_ERROR", 500)
+			error: e instanceof require_verify_auth.EnvError ? new require_verify_auth.AuthError(e.message, e.code, 500) : require_verify_auth.Errors[require_verify_auth.CreateSupabaseClientError]()
 		};
 	}
 }

package/dist/errors-CAH-RRA3.d.mts

@@ -0,0 +1,109 @@
+//#region src/errors.d.ts
+/**
+ * Thrown when a required environment variable is missing or malformed.
+ *
+ * Always has `status: 500` — environment errors are server-side configuration issues.
+ *
+ * @example
+ * ```ts
+ * import { EnvError } from '@supabase/server'
+ *
+ * try {
+ *   const client = createAdminClient()
+ * } catch (e) {
+ *   if (e instanceof EnvError) {
+ *     console.error(`Config issue [${e.code}]: ${e.message}`)
+ *     // → "Config issue [MISSING_SUPABASE_URL]: SUPABASE_URL is required but not set"
+ *   }
+ * }
+ * ```
+ */
+declare class EnvError extends Error {
+  /** Always `500` — environment errors are server-side issues. */
+  readonly status = 500;
+  /**
+   * Machine-readable error code.
+   *
+   * @see {@link EnvGenericError}, {@link MissingSupabaseURLError},
+   *   {@link MissingPublishableKeyError}, {@link MissingDefaultPublishableKeyError},
+   *   {@link MissingSecretKeyError}, {@link MissingDefaultSecretKeyError}
+   */
+  readonly code: string;
+  constructor(message: string, code?: string);
+}
+/** Generic environment error code. */
+declare const EnvGenericError = "ENV_ERROR";
+/** `SUPABASE_URL` is not set. */
+declare const MissingSupabaseURLError = "MISSING_SUPABASE_URL";
+/** Named publishable key not found in `SUPABASE_PUBLISHABLE_KEYS`. */
+declare const MissingPublishableKeyError = "MISSING_PUBLISHABLE_KEY";
+/** No default publishable key found. */
+declare const MissingDefaultPublishableKeyError = "MISSING_DEFAULT_PUBLISHABLE_KEY";
+/** Named secret key not found in `SUPABASE_SECRET_KEYS`. */
+declare const MissingSecretKeyError = "MISSING_SECRET_KEY";
+/** No default secret key found. */
+declare const MissingDefaultSecretKeyError = "MISSING_DEFAULT_SECRET_KEY";
+/**
+ * Thrown when authentication or authorization fails.
+ *
+ * Carries an HTTP `status` code suitable for returning directly in a response
+ * (typically `401` for invalid credentials, `500` for server-side auth failures).
+ *
+ * @example
+ * ```ts
+ * import { AuthError, createSupabaseContext } from '@supabase/server'
+ *
+ * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
+ * if (error) {
+ *   // error is an AuthError
+ *   return Response.json(
+ *     { message: error.message, code: error.code },
+ *     { status: error.status },
+ *   )
+ * }
+ * ```
+ */
+declare class AuthError extends Error {
+  /**
+   * HTTP status code.
+   *
+   * - `401` — Invalid or missing credentials
+   * - `500` — Server-side auth failure (e.g., missing JWKS, env misconfiguration)
+   */
+  readonly status: number;
+  /**
+   * Machine-readable error code.
+   *
+   * @see {@link AuthGenericError}, {@link InvalidCredentialsError},
+   *   {@link CreateSupabaseClientError}
+   */
+  readonly code: string;
+  constructor(message: string, code?: string, status?: number);
+}
+/** Generic authentication error code. */
+declare const AuthGenericError = "AUTH_ERROR";
+/** No credential matched any allowed auth mode. */
+declare const InvalidCredentialsError = "INVALID_CREDENTIALS";
+/** Failed to create a Supabase client after auth succeeded. */
+declare const CreateSupabaseClientError = "CREATE_SUPABASE_CLIENT_ERROR";
+/**
+ * Factory map for all error types. Keyed by error code constant, each entry
+ * returns a pre-configured {@link EnvError} or {@link AuthError}.
+ *
+ * @example
+ * ```ts
+ * throw Errors[MissingSupabaseURLError]()
+ * throw Errors[MissingPublishableKeyError]('mobile')
+ * ```
+ */
+declare const Errors: {
+  INVALID_CREDENTIALS: () => AuthError;
+  CREATE_SUPABASE_CLIENT_ERROR: () => AuthError;
+  MISSING_SUPABASE_URL: () => EnvError;
+  MISSING_SECRET_KEY: (name: string) => EnvError;
+  MISSING_DEFAULT_SECRET_KEY: () => EnvError;
+  MISSING_PUBLISHABLE_KEY: (name: string) => EnvError;
+  MISSING_DEFAULT_PUBLISHABLE_KEY: () => EnvError;
+};
+//#endregion
+export { EnvGenericError as a, MissingDefaultPublishableKeyError as c, MissingSecretKeyError as d, MissingSupabaseURLError as f, EnvError as i, MissingDefaultSecretKeyError as l, AuthGenericError as n, Errors as o, CreateSupabaseClientError as r, InvalidCredentialsError as s, AuthError as t, MissingPublishableKeyError as u };

package/dist/errors-O2ugIMec.d.cts

@@ -0,0 +1,109 @@
+//#region src/errors.d.ts
+/**
+ * Thrown when a required environment variable is missing or malformed.
+ *
+ * Always has `status: 500` — environment errors are server-side configuration issues.
+ *
+ * @example
+ * ```ts
+ * import { EnvError } from '@supabase/server'
+ *
+ * try {
+ *   const client = createAdminClient()
+ * } catch (e) {
+ *   if (e instanceof EnvError) {
+ *     console.error(`Config issue [${e.code}]: ${e.message}`)
+ *     // → "Config issue [MISSING_SUPABASE_URL]: SUPABASE_URL is required but not set"
+ *   }
+ * }
+ * ```
+ */
+declare class EnvError extends Error {
+  /** Always `500` — environment errors are server-side issues. */
+  readonly status = 500;
+  /**
+   * Machine-readable error code.
+   *
+   * @see {@link EnvGenericError}, {@link MissingSupabaseURLError},
+   *   {@link MissingPublishableKeyError}, {@link MissingDefaultPublishableKeyError},
+   *   {@link MissingSecretKeyError}, {@link MissingDefaultSecretKeyError}
+   */
+  readonly code: string;
+  constructor(message: string, code?: string);
+}
+/** Generic environment error code. */
+declare const EnvGenericError = "ENV_ERROR";
+/** `SUPABASE_URL` is not set. */
+declare const MissingSupabaseURLError = "MISSING_SUPABASE_URL";
+/** Named publishable key not found in `SUPABASE_PUBLISHABLE_KEYS`. */
+declare const MissingPublishableKeyError = "MISSING_PUBLISHABLE_KEY";
+/** No default publishable key found. */
+declare const MissingDefaultPublishableKeyError = "MISSING_DEFAULT_PUBLISHABLE_KEY";
+/** Named secret key not found in `SUPABASE_SECRET_KEYS`. */
+declare const MissingSecretKeyError = "MISSING_SECRET_KEY";
+/** No default secret key found. */
+declare const MissingDefaultSecretKeyError = "MISSING_DEFAULT_SECRET_KEY";
+/**
+ * Thrown when authentication or authorization fails.
+ *
+ * Carries an HTTP `status` code suitable for returning directly in a response
+ * (typically `401` for invalid credentials, `500` for server-side auth failures).
+ *
+ * @example
+ * ```ts
+ * import { AuthError, createSupabaseContext } from '@supabase/server'
+ *
+ * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
+ * if (error) {
+ *   // error is an AuthError
+ *   return Response.json(
+ *     { message: error.message, code: error.code },
+ *     { status: error.status },
+ *   )
+ * }
+ * ```
+ */
+declare class AuthError extends Error {
+  /**
+   * HTTP status code.
+   *
+   * - `401` — Invalid or missing credentials
+   * - `500` — Server-side auth failure (e.g., missing JWKS, env misconfiguration)
+   */
+  readonly status: number;
+  /**
+   * Machine-readable error code.
+   *
+   * @see {@link AuthGenericError}, {@link InvalidCredentialsError},
+   *   {@link CreateSupabaseClientError}
+   */
+  readonly code: string;
+  constructor(message: string, code?: string, status?: number);
+}
+/** Generic authentication error code. */
+declare const AuthGenericError = "AUTH_ERROR";
+/** No credential matched any allowed auth mode. */
+declare const InvalidCredentialsError = "INVALID_CREDENTIALS";
+/** Failed to create a Supabase client after auth succeeded. */
+declare const CreateSupabaseClientError = "CREATE_SUPABASE_CLIENT_ERROR";
+/**
+ * Factory map for all error types. Keyed by error code constant, each entry
+ * returns a pre-configured {@link EnvError} or {@link AuthError}.
+ *
+ * @example
+ * ```ts
+ * throw Errors[MissingSupabaseURLError]()
+ * throw Errors[MissingPublishableKeyError]('mobile')
+ * ```
+ */
+declare const Errors: {
+  INVALID_CREDENTIALS: () => AuthError;
+  CREATE_SUPABASE_CLIENT_ERROR: () => AuthError;
+  MISSING_SUPABASE_URL: () => EnvError;
+  MISSING_SECRET_KEY: (name: string) => EnvError;
+  MISSING_DEFAULT_SECRET_KEY: () => EnvError;
+  MISSING_PUBLISHABLE_KEY: (name: string) => EnvError;
+  MISSING_DEFAULT_PUBLISHABLE_KEY: () => EnvError;
+};
+//#endregion
+export { EnvGenericError as a, MissingDefaultPublishableKeyError as c, MissingSecretKeyError as d, MissingSupabaseURLError as f, EnvError as i, MissingDefaultSecretKeyError as l, AuthGenericError as n, Errors as o, CreateSupabaseClientError as r, InvalidCredentialsError as s, AuthError as t, MissingPublishableKeyError as u };

package/dist/index.cjs

@@ -1,6 +1,6 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-const require_verify_auth = require('./verify-auth-DvRVnjdq.cjs');
-const require_create_supabase_context = require('./create-supabase-context-DcVorGKG.cjs');
+const require_verify_auth = require('./verify-auth-BjIehuNM.cjs');
+const require_create_supabase_context = require('./create-supabase-context-BO7DGfth.cjs');
 let _supabase_supabase_js_cors = require("@supabase/supabase-js/cors");
 
 //#region src/cors.ts
@@ -70,7 +70,7 @@ function withSupabase(config, handler) {
 		});
 		const { data: ctx, error } = await require_create_supabase_context.createSupabaseContext(req, config);
 		if (error) return Response.json({
-			error: error.message,
+			message: error.message,
 			code: error.code
 		}, {
 			status: error.status,
@@ -84,6 +84,16 @@ function withSupabase(config, handler) {
 
 //#endregion
 exports.AuthError = require_verify_auth.AuthError;
+exports.AuthGenericError = require_verify_auth.AuthGenericError;
+exports.CreateSupabaseClientError = require_verify_auth.CreateSupabaseClientError;
 exports.EnvError = require_verify_auth.EnvError;
+exports.EnvGenericError = require_verify_auth.EnvGenericError;
+exports.Errors = require_verify_auth.Errors;
+exports.InvalidCredentialsError = require_verify_auth.InvalidCredentialsError;
+exports.MissingDefaultPublishableKeyError = require_verify_auth.MissingDefaultPublishableKeyError;
+exports.MissingDefaultSecretKeyError = require_verify_auth.MissingDefaultSecretKeyError;
+exports.MissingPublishableKeyError = require_verify_auth.MissingPublishableKeyError;
+exports.MissingSecretKeyError = require_verify_auth.MissingSecretKeyError;
+exports.MissingSupabaseURLError = require_verify_auth.MissingSupabaseURLError;
 exports.createSupabaseContext = require_create_supabase_context.createSupabaseContext;
 exports.withSupabase = withSupabase;

package/dist/index.d.cts

@@ -1,5 +1,5 @@
 import { a as JWTClaims, c as UserClaims, i as Credentials, l as WithSupabaseConfig, n as AllowWithKey, o as SupabaseContext, r as AuthResult, s as SupabaseEnv, t as Allow } from "./types-CnKoFCMX.cjs";
-import { n as EnvError, t as AuthError } from "./errors-BmSsOAvx.cjs";
+import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-O2ugIMec.cjs";
 
 //#region src/with-supabase.d.ts
 /**
@@ -43,7 +43,7 @@ declare function withSupabase<Database = unknown>(config: WithSupabaseConfig, ha
  * ```ts
  * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
  * if (error) {
- *   return Response.json({ error: error.message }, { status: error.status })
+ *   return Response.json({ message: error.message }, { status: error.status })
  * }
  * const { data } = await ctx.supabase.rpc('get_my_items')
  * ```
@@ -56,4 +56,4 @@ declare function createSupabaseContext<Database = unknown>(request: Request, opt
   error: AuthError;
 }>;
 //#endregion
-export { type Allow, type AllowWithKey, AuthError, type AuthResult, type Credentials, EnvError, type JWTClaims, type SupabaseContext, type SupabaseEnv, type UserClaims, type WithSupabaseConfig, createSupabaseContext, withSupabase };
+export { type Allow, type AllowWithKey, AuthError, AuthGenericError, type AuthResult, CreateSupabaseClientError, type Credentials, EnvError, EnvGenericError, Errors, InvalidCredentialsError, type JWTClaims, MissingDefaultPublishableKeyError, MissingDefaultSecretKeyError, MissingPublishableKeyError, MissingSecretKeyError, MissingSupabaseURLError, type SupabaseContext, type SupabaseEnv, type UserClaims, type WithSupabaseConfig, createSupabaseContext, withSupabase };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 import { a as JWTClaims, c as UserClaims, i as Credentials, l as WithSupabaseConfig, n as AllowWithKey, o as SupabaseContext, r as AuthResult, s as SupabaseEnv, t as Allow } from "./types-ClmJ8pi8.mjs";
-import { n as EnvError, t as AuthError } from "./errors-5ivL23qo.mjs";
+import { a as EnvGenericError, c as MissingDefaultPublishableKeyError, d as MissingSecretKeyError, f as MissingSupabaseURLError, i as EnvError, l as MissingDefaultSecretKeyError, n as AuthGenericError, o as Errors, r as CreateSupabaseClientError, s as InvalidCredentialsError, t as AuthError, u as MissingPublishableKeyError } from "./errors-CAH-RRA3.mjs";
 
 //#region src/with-supabase.d.ts
 /**
@@ -43,7 +43,7 @@ declare function withSupabase<Database = unknown>(config: WithSupabaseConfig, ha
  * ```ts
  * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
  * if (error) {
- *   return Response.json({ error: error.message }, { status: error.status })
+ *   return Response.json({ message: error.message }, { status: error.status })
  * }
  * const { data } = await ctx.supabase.rpc('get_my_items')
  * ```
@@ -56,4 +56,4 @@ declare function createSupabaseContext<Database = unknown>(request: Request, opt
   error: AuthError;
 }>;
 //#endregion
-export { type Allow, type AllowWithKey, AuthError, type AuthResult, type Credentials, EnvError, type JWTClaims, type SupabaseContext, type SupabaseEnv, type UserClaims, type WithSupabaseConfig, createSupabaseContext, withSupabase };
+export { type Allow, type AllowWithKey, AuthError, AuthGenericError, type AuthResult, CreateSupabaseClientError, type Credentials, EnvError, EnvGenericError, Errors, InvalidCredentialsError, type JWTClaims, MissingDefaultPublishableKeyError, MissingDefaultSecretKeyError, MissingPublishableKeyError, MissingSecretKeyError, MissingSupabaseURLError, type SupabaseContext, type SupabaseEnv, type UserClaims, type WithSupabaseConfig, createSupabaseContext, withSupabase };

package/dist/index.mjs

@@ -1,5 +1,5 @@
-import { c as EnvError, s as AuthError } from "./verify-auth-2S7zFfR-.mjs";
-import { t as createSupabaseContext } from "./create-supabase-context-CmWaH3s6.mjs";
+import { _ as MissingSecretKeyError, c as AuthGenericError, d as EnvGenericError, f as Errors, g as MissingPublishableKeyError, h as MissingDefaultSecretKeyError, l as CreateSupabaseClientError, m as MissingDefaultPublishableKeyError, p as InvalidCredentialsError, s as AuthError, u as EnvError, v as MissingSupabaseURLError } from "./verify-auth-mePXRNu9.mjs";
+import { t as createSupabaseContext } from "./create-supabase-context--JXiHT_N.mjs";
 import { corsHeaders } from "@supabase/supabase-js/cors";
 
 //#region src/cors.ts
@@ -69,7 +69,7 @@ function withSupabase(config, handler) {
 		});
 		const { data: ctx, error } = await createSupabaseContext(req, config);
 		if (error) return Response.json({
-			error: error.message,
+			message: error.message,
 			code: error.code
 		}, {
 			status: error.status,
@@ -82,4 +82,4 @@ function withSupabase(config, handler) {
 }
 
 //#endregion
-export { AuthError, EnvError, createSupabaseContext, withSupabase };
+export { AuthError, AuthGenericError, CreateSupabaseClientError, EnvError, EnvGenericError, Errors, InvalidCredentialsError, MissingDefaultPublishableKeyError, MissingDefaultSecretKeyError, MissingPublishableKeyError, MissingSecretKeyError, MissingSupabaseURLError, createSupabaseContext, withSupabase };

package/dist/{verify-auth-DvRVnjdq.cjs → verify-auth-BjIehuNM.cjs}

@@ -5,8 +5,7 @@ let jose = require("jose");
 /**
 * Thrown when a required environment variable is missing or malformed.
 *
-* Has a fixed `status` of `500` since environment errors are server-side
-* configuration issues, not client errors.
+* Always has `status: 500` — environment errors are server-side configuration issues.
 *
 * @example
 * ```ts
@@ -23,13 +22,32 @@ let jose = require("jose");
 * ```
 */
 var EnvError = class extends Error {
-	constructor(message, code = "ENV_ERROR") {
+	constructor(message, code = EnvGenericError) {
 		super(message);
 		this.status = 500;
 		this.name = "EnvError";
 		this.code = code;
 	}
 };
+/** Generic environment error code. */
+const EnvGenericError = "ENV_ERROR";
+/** `SUPABASE_URL` is not set. */
+const MissingSupabaseURLError = "MISSING_SUPABASE_URL";
+/** Named publishable key not found in `SUPABASE_PUBLISHABLE_KEYS`. */
+const MissingPublishableKeyError = "MISSING_PUBLISHABLE_KEY";
+/** No default publishable key found. */
+const MissingDefaultPublishableKeyError = "MISSING_DEFAULT_PUBLISHABLE_KEY";
+/** Named secret key not found in `SUPABASE_SECRET_KEYS`. */
+const MissingSecretKeyError = "MISSING_SECRET_KEY";
+/** No default secret key found. */
+const MissingDefaultSecretKeyError = "MISSING_DEFAULT_SECRET_KEY";
+const EnvErrorMap = {
+	[MissingSupabaseURLError]: () => new EnvError("SUPABASE_URL is required but not set", MissingSupabaseURLError),
+	[MissingSecretKeyError]: (name) => new EnvError(`No "${name}" secret key found. Include a "${name}" entry in SUPABASE_SECRET_KEYS.`, MissingSecretKeyError),
+	[MissingDefaultSecretKeyError]: () => new EnvError("No default secret key found. Set SUPABASE_SECRET_KEY or include a \"default\" entry in SUPABASE_SECRET_KEYS.", MissingDefaultSecretKeyError),
+	[MissingPublishableKeyError]: (name) => new EnvError(`No "${name}" publishable key found. Include a "${name}" entry in SUPABASE_PUBLISHABLE_KEYS.`, MissingPublishableKeyError),
+	[MissingDefaultPublishableKeyError]: () => new EnvError("No default publishable key found. Set SUPABASE_PUBLISHABLE_KEY or include a \"default\" entry in SUPABASE_PUBLISHABLE_KEYS.", MissingDefaultPublishableKeyError)
+};
 /**
 * Thrown when authentication or authorization fails.
 *
@@ -44,20 +62,44 @@ var EnvError = class extends Error {
 * if (error) {
 *   // error is an AuthError
 *   return Response.json(
-*     { error: error.message, code: error.code },
+*     { message: error.message, code: error.code },
 *     { status: error.status },
 *   )
 * }
 * ```
 */
 var AuthError = class extends Error {
-	constructor(message, code = "AUTH_ERROR", status = 401) {
+	constructor(message, code = AuthGenericError, status = 401) {
 		super(message);
 		this.name = "AuthError";
 		this.code = code;
 		this.status = status;
 	}
 };
+/** Generic authentication error code. */
+const AuthGenericError = "AUTH_ERROR";
+/** No credential matched any allowed auth mode. */
+const InvalidCredentialsError = "INVALID_CREDENTIALS";
+/** Failed to create a Supabase client after auth succeeded. */
+const CreateSupabaseClientError = "CREATE_SUPABASE_CLIENT_ERROR";
+const AuthErrorMap = {
+	[InvalidCredentialsError]: () => new AuthError("Invalid credentials", InvalidCredentialsError, 401),
+	[CreateSupabaseClientError]: () => new AuthError("Failed to create Supabase client", CreateSupabaseClientError, 500)
+};
+/**
+* Factory map for all error types. Keyed by error code constant, each entry
+* returns a pre-configured {@link EnvError} or {@link AuthError}.
+*
+* @example
+* ```ts
+* throw Errors[MissingSupabaseURLError]()
+* throw Errors[MissingPublishableKeyError]('mobile')
+* ```
+*/
+const Errors = {
+	...EnvErrorMap,
+	...AuthErrorMap
+};
 
 //#endregion
 //#region src/core/resolve-env.ts
@@ -138,7 +180,7 @@ function resolveEnv(overrides) {
 	const url = overrides?.url ?? getEnvVar("SUPABASE_URL");
 	if (!url) return {
 		data: null,
-		error: new EnvError("SUPABASE_URL is required but not set", "MISSING_SUPABASE_URL")
+		error: Errors[MissingSupabaseURLError]()
 	};
 	return {
 		data: {
@@ -176,7 +218,7 @@ function createAdminClient(env, keyName) {
 	const name = keyName ?? "default";
 	const keys = resolved.secretKeys;
 	const secretKey = keys[name] ?? (keyName == null ? Object.values(keys)[0] : void 0);
-	if (!secretKey) throw new EnvError(name === "default" ? "No default secret key found. Set SUPABASE_SECRET_KEY or include a \"default\" entry in SUPABASE_SECRET_KEYS." : `No "${name}" secret key found. Include a "${name}" entry in SUPABASE_SECRET_KEYS.`, "MISSING_SECRET_KEY");
+	if (!secretKey) throw name === "default" ? Errors[MissingDefaultSecretKeyError]() : Errors[MissingSecretKeyError](name);
 	return (0, _supabase_supabase_js.createClient)(resolved.url, secretKey, { auth: {
 		persistSession: false,
 		autoRefreshToken: false,
@@ -212,7 +254,7 @@ function createContextClient(token, env, keyName) {
 	const name = keyName ?? "default";
 	const keys = resolved.publishableKeys;
 	const anonKey = keys[name] ?? (keyName == null ? Object.values(keys)[0] : void 0);
-	if (!anonKey) throw new EnvError(name === "default" ? "No default publishable key found. Set SUPABASE_PUBLISHABLE_KEY or include a \"default\" entry in SUPABASE_PUBLISHABLE_KEYS." : `No "${name}" publishable key found. Include a "${name}" entry in SUPABASE_PUBLISHABLE_KEYS.`, "MISSING_PUBLISHABLE_KEY");
+	if (!anonKey) throw name === "default" ? Errors[MissingDefaultPublishableKeyError]() : Errors[MissingPublishableKeyError](name);
 	return (0, _supabase_supabase_js.createClient)(resolved.url, anonKey, {
 		global: { headers: token ? { Authorization: `Bearer ${token}` } : {} },
 		auth: {
@@ -424,7 +466,7 @@ async function tryMode(mode, credentials, env) {
 *   allow: ['user', 'public'],
 * })
 * if (error) {
-*   return Response.json({ error: error.message }, { status: error.status })
+*   return Response.json({ message: error.message }, { status: error.status })
 * }
 * ```
 */
@@ -444,7 +486,7 @@ async function verifyCredentials(credentials, options) {
 	}
 	return {
 		data: null,
-		error: new AuthError("Invalid credentials", "INVALID_CREDENTIALS", 401)
+		error: Errors[InvalidCredentialsError]()
 	};
 }
 
@@ -473,7 +515,7 @@ async function verifyCredentials(credentials, options) {
 * })
 *
 * if (error) {
-*   return Response.json({ error: error.message }, { status: error.status })
+*   return Response.json({ message: error.message }, { status: error.status })
 * }
 *
 * console.log(auth.userClaims!.id) // "d0f1a2b3-..."
@@ -490,12 +532,72 @@ Object.defineProperty(exports, 'AuthError', {
     return AuthError;
   }
 });
+Object.defineProperty(exports, 'AuthGenericError', {
+  enumerable: true,
+  get: function () {
+    return AuthGenericError;
+  }
+});
+Object.defineProperty(exports, 'CreateSupabaseClientError', {
+  enumerable: true,
+  get: function () {
+    return CreateSupabaseClientError;
+  }
+});
 Object.defineProperty(exports, 'EnvError', {
   enumerable: true,
   get: function () {
     return EnvError;
   }
 });
+Object.defineProperty(exports, 'EnvGenericError', {
+  enumerable: true,
+  get: function () {
+    return EnvGenericError;
+  }
+});
+Object.defineProperty(exports, 'Errors', {
+  enumerable: true,
+  get: function () {
+    return Errors;
+  }
+});
+Object.defineProperty(exports, 'InvalidCredentialsError', {
+  enumerable: true,
+  get: function () {
+    return InvalidCredentialsError;
+  }
+});
+Object.defineProperty(exports, 'MissingDefaultPublishableKeyError', {
+  enumerable: true,
+  get: function () {
+    return MissingDefaultPublishableKeyError;
+  }
+});
+Object.defineProperty(exports, 'MissingDefaultSecretKeyError', {
+  enumerable: true,
+  get: function () {
+    return MissingDefaultSecretKeyError;
+  }
+});
+Object.defineProperty(exports, 'MissingPublishableKeyError', {
+  enumerable: true,
+  get: function () {
+    return MissingPublishableKeyError;
+  }
+});
+Object.defineProperty(exports, 'MissingSecretKeyError', {
+  enumerable: true,
+  get: function () {
+    return MissingSecretKeyError;
+  }
+});
+Object.defineProperty(exports, 'MissingSupabaseURLError', {
+  enumerable: true,
+  get: function () {
+    return MissingSupabaseURLError;
+  }
+});
 Object.defineProperty(exports, 'createAdminClient', {
   enumerable: true,
   get: function () {

package/dist/{verify-auth-2S7zFfR-.mjs → verify-auth-mePXRNu9.mjs}

@@ -5,8 +5,7 @@ import { createLocalJWKSet, jwtVerify } from "jose";
 /**
 * Thrown when a required environment variable is missing or malformed.
 *
-* Has a fixed `status` of `500` since environment errors are server-side
-* configuration issues, not client errors.
+* Always has `status: 500` — environment errors are server-side configuration issues.
 *
 * @example
 * ```ts
@@ -23,13 +22,32 @@ import { createLocalJWKSet, jwtVerify } from "jose";
 * ```
 */
 var EnvError = class extends Error {
-	constructor(message, code = "ENV_ERROR") {
+	constructor(message, code = EnvGenericError) {
 		super(message);
 		this.status = 500;
 		this.name = "EnvError";
 		this.code = code;
 	}
 };
+/** Generic environment error code. */
+const EnvGenericError = "ENV_ERROR";
+/** `SUPABASE_URL` is not set. */
+const MissingSupabaseURLError = "MISSING_SUPABASE_URL";
+/** Named publishable key not found in `SUPABASE_PUBLISHABLE_KEYS`. */
+const MissingPublishableKeyError = "MISSING_PUBLISHABLE_KEY";
+/** No default publishable key found. */
+const MissingDefaultPublishableKeyError = "MISSING_DEFAULT_PUBLISHABLE_KEY";
+/** Named secret key not found in `SUPABASE_SECRET_KEYS`. */
+const MissingSecretKeyError = "MISSING_SECRET_KEY";
+/** No default secret key found. */
+const MissingDefaultSecretKeyError = "MISSING_DEFAULT_SECRET_KEY";
+const EnvErrorMap = {
+	[MissingSupabaseURLError]: () => new EnvError("SUPABASE_URL is required but not set", MissingSupabaseURLError),
+	[MissingSecretKeyError]: (name) => new EnvError(`No "${name}" secret key found. Include a "${name}" entry in SUPABASE_SECRET_KEYS.`, MissingSecretKeyError),
+	[MissingDefaultSecretKeyError]: () => new EnvError("No default secret key found. Set SUPABASE_SECRET_KEY or include a \"default\" entry in SUPABASE_SECRET_KEYS.", MissingDefaultSecretKeyError),
+	[MissingPublishableKeyError]: (name) => new EnvError(`No "${name}" publishable key found. Include a "${name}" entry in SUPABASE_PUBLISHABLE_KEYS.`, MissingPublishableKeyError),
+	[MissingDefaultPublishableKeyError]: () => new EnvError("No default publishable key found. Set SUPABASE_PUBLISHABLE_KEY or include a \"default\" entry in SUPABASE_PUBLISHABLE_KEYS.", MissingDefaultPublishableKeyError)
+};
 /**
 * Thrown when authentication or authorization fails.
 *
@@ -44,20 +62,44 @@ var EnvError = class extends Error {
 * if (error) {
 *   // error is an AuthError
 *   return Response.json(
-*     { error: error.message, code: error.code },
+*     { message: error.message, code: error.code },
 *     { status: error.status },
 *   )
 * }
 * ```
 */
 var AuthError = class extends Error {
-	constructor(message, code = "AUTH_ERROR", status = 401) {
+	constructor(message, code = AuthGenericError, status = 401) {
 		super(message);
 		this.name = "AuthError";
 		this.code = code;
 		this.status = status;
 	}
 };
+/** Generic authentication error code. */
+const AuthGenericError = "AUTH_ERROR";
+/** No credential matched any allowed auth mode. */
+const InvalidCredentialsError = "INVALID_CREDENTIALS";
+/** Failed to create a Supabase client after auth succeeded. */
+const CreateSupabaseClientError = "CREATE_SUPABASE_CLIENT_ERROR";
+const AuthErrorMap = {
+	[InvalidCredentialsError]: () => new AuthError("Invalid credentials", InvalidCredentialsError, 401),
+	[CreateSupabaseClientError]: () => new AuthError("Failed to create Supabase client", CreateSupabaseClientError, 500)
+};
+/**
+* Factory map for all error types. Keyed by error code constant, each entry
+* returns a pre-configured {@link EnvError} or {@link AuthError}.
+*
+* @example
+* ```ts
+* throw Errors[MissingSupabaseURLError]()
+* throw Errors[MissingPublishableKeyError]('mobile')
+* ```
+*/
+const Errors = {
+	...EnvErrorMap,
+	...AuthErrorMap
+};
 
 //#endregion
 //#region src/core/resolve-env.ts
@@ -138,7 +180,7 @@ function resolveEnv(overrides) {
 	const url = overrides?.url ?? getEnvVar("SUPABASE_URL");
 	if (!url) return {
 		data: null,
-		error: new EnvError("SUPABASE_URL is required but not set", "MISSING_SUPABASE_URL")
+		error: Errors[MissingSupabaseURLError]()
 	};
 	return {
 		data: {
@@ -176,7 +218,7 @@ function createAdminClient(env, keyName) {
 	const name = keyName ?? "default";
 	const keys = resolved.secretKeys;
 	const secretKey = keys[name] ?? (keyName == null ? Object.values(keys)[0] : void 0);
-	if (!secretKey) throw new EnvError(name === "default" ? "No default secret key found. Set SUPABASE_SECRET_KEY or include a \"default\" entry in SUPABASE_SECRET_KEYS." : `No "${name}" secret key found. Include a "${name}" entry in SUPABASE_SECRET_KEYS.`, "MISSING_SECRET_KEY");
+	if (!secretKey) throw name === "default" ? Errors[MissingDefaultSecretKeyError]() : Errors[MissingSecretKeyError](name);
 	return createClient(resolved.url, secretKey, { auth: {
 		persistSession: false,
 		autoRefreshToken: false,
@@ -212,7 +254,7 @@ function createContextClient(token, env, keyName) {
 	const name = keyName ?? "default";
 	const keys = resolved.publishableKeys;
 	const anonKey = keys[name] ?? (keyName == null ? Object.values(keys)[0] : void 0);
-	if (!anonKey) throw new EnvError(name === "default" ? "No default publishable key found. Set SUPABASE_PUBLISHABLE_KEY or include a \"default\" entry in SUPABASE_PUBLISHABLE_KEYS." : `No "${name}" publishable key found. Include a "${name}" entry in SUPABASE_PUBLISHABLE_KEYS.`, "MISSING_PUBLISHABLE_KEY");
+	if (!anonKey) throw name === "default" ? Errors[MissingDefaultPublishableKeyError]() : Errors[MissingPublishableKeyError](name);
 	return createClient(resolved.url, anonKey, {
 		global: { headers: token ? { Authorization: `Bearer ${token}` } : {} },
 		auth: {
@@ -424,7 +466,7 @@ async function tryMode(mode, credentials, env) {
 *   allow: ['user', 'public'],
 * })
 * if (error) {
-*   return Response.json({ error: error.message }, { status: error.status })
+*   return Response.json({ message: error.message }, { status: error.status })
 * }
 * ```
 */
@@ -444,7 +486,7 @@ async function verifyCredentials(credentials, options) {
 	}
 	return {
 		data: null,
-		error: new AuthError("Invalid credentials", "INVALID_CREDENTIALS", 401)
+		error: Errors[InvalidCredentialsError]()
 	};
 }
 
@@ -473,7 +515,7 @@ async function verifyCredentials(credentials, options) {
 * })
 *
 * if (error) {
-*   return Response.json({ error: error.message }, { status: error.status })
+*   return Response.json({ message: error.message }, { status: error.status })
 * }
 *
 * console.log(auth.userClaims!.id) // "d0f1a2b3-..."
@@ -484,4 +526,4 @@ async function verifyAuth(request, options) {
 }
 
 //#endregion
-export { createAdminClient as a, EnvError as c, createContextClient as i, verifyCredentials as n, resolveEnv as o, extractCredentials as r, AuthError as s, verifyAuth as t };
+export { MissingSecretKeyError as _, createAdminClient as a, AuthGenericError as c, EnvGenericError as d, Errors as f, MissingPublishableKeyError as g, MissingDefaultSecretKeyError as h, createContextClient as i, CreateSupabaseClientError as l, MissingDefaultPublishableKeyError as m, verifyCredentials as n, resolveEnv as o, InvalidCredentialsError as p, extractCredentials as r, AuthError as s, verifyAuth as t, EnvError as u, MissingSupabaseURLError as v };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/server",
-  "version": "0.1.1-rc.26",
+  "version": "0.1.1-rc.27",
   "description": "Server-side utilities for Supabase. Handles auth, client creation, and context injection so you write business logic, not boilerplate.",
   "keywords": [
     "edge",

package/dist/errors-5ivL23qo.d.mts

@@ -1,78 +0,0 @@
-//#region src/errors.d.ts
-/**
- * Thrown when a required environment variable is missing or malformed.
- *
- * Has a fixed `status` of `500` since environment errors are server-side
- * configuration issues, not client errors.
- *
- * @example
- * ```ts
- * import { EnvError } from '@supabase/server'
- *
- * try {
- *   const client = createAdminClient()
- * } catch (e) {
- *   if (e instanceof EnvError) {
- *     console.error(`Config issue [${e.code}]: ${e.message}`)
- *     // → "Config issue [MISSING_SUPABASE_URL]: SUPABASE_URL is required but not set"
- *   }
- * }
- * ```
- */
-declare class EnvError extends Error {
-  /** Always `500` — environment errors are server-side issues. */
-  readonly status = 500;
-  /**
-   * Machine-readable error code.
-   *
-   * Known codes:
-   * - `"MISSING_SUPABASE_URL"` — `SUPABASE_URL` not set
-   * - `"MISSING_PUBLISHABLE_KEY"` — No publishable key found
-   * - `"MISSING_SECRET_KEY"` — No secret key found
-   * - `"ENV_ERROR"` — Generic environment error
-   */
-  readonly code: string;
-  constructor(message: string, code?: string);
-}
-/**
- * Thrown when authentication or authorization fails.
- *
- * Carries an HTTP `status` code suitable for returning directly in a response
- * (typically `401` for invalid credentials, `500` for server-side auth failures).
- *
- * @example
- * ```ts
- * import { AuthError, createSupabaseContext } from '@supabase/server'
- *
- * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
- * if (error) {
- *   // error is an AuthError
- *   return Response.json(
- *     { error: error.message, code: error.code },
- *     { status: error.status },
- *   )
- * }
- * ```
- */
-declare class AuthError extends Error {
-  /**
-   * HTTP status code.
-   *
-   * - `401` — Invalid or missing credentials
-   * - `500` — Server-side auth failure (e.g., missing JWKS, env misconfiguration)
-   */
-  readonly status: number;
-  /**
-   * Machine-readable error code.
-   *
-   * Known codes:
-   * - `"INVALID_CREDENTIALS"` — No credential matched any allowed auth mode
-   * - `"CLIENT_ERROR"` — Failed to create a Supabase client after auth succeeded
-   * - `"AUTH_ERROR"` — Generic authentication error
-   * - Any `EnvError` code (propagated when env resolution fails during auth)
-   */
-  readonly code: string;
-  constructor(message: string, code?: string, status?: number);
-}
-//#endregion
-export { EnvError as n, AuthError as t };

package/dist/errors-BmSsOAvx.d.cts

@@ -1,78 +0,0 @@
-//#region src/errors.d.ts
-/**
- * Thrown when a required environment variable is missing or malformed.
- *
- * Has a fixed `status` of `500` since environment errors are server-side
- * configuration issues, not client errors.
- *
- * @example
- * ```ts
- * import { EnvError } from '@supabase/server'
- *
- * try {
- *   const client = createAdminClient()
- * } catch (e) {
- *   if (e instanceof EnvError) {
- *     console.error(`Config issue [${e.code}]: ${e.message}`)
- *     // → "Config issue [MISSING_SUPABASE_URL]: SUPABASE_URL is required but not set"
- *   }
- * }
- * ```
- */
-declare class EnvError extends Error {
-  /** Always `500` — environment errors are server-side issues. */
-  readonly status = 500;
-  /**
-   * Machine-readable error code.
-   *
-   * Known codes:
-   * - `"MISSING_SUPABASE_URL"` — `SUPABASE_URL` not set
-   * - `"MISSING_PUBLISHABLE_KEY"` — No publishable key found
-   * - `"MISSING_SECRET_KEY"` — No secret key found
-   * - `"ENV_ERROR"` — Generic environment error
-   */
-  readonly code: string;
-  constructor(message: string, code?: string);
-}
-/**
- * Thrown when authentication or authorization fails.
- *
- * Carries an HTTP `status` code suitable for returning directly in a response
- * (typically `401` for invalid credentials, `500` for server-side auth failures).
- *
- * @example
- * ```ts
- * import { AuthError, createSupabaseContext } from '@supabase/server'
- *
- * const { data: ctx, error } = await createSupabaseContext(request, { allow: 'user' })
- * if (error) {
- *   // error is an AuthError
- *   return Response.json(
- *     { error: error.message, code: error.code },
- *     { status: error.status },
- *   )
- * }
- * ```
- */
-declare class AuthError extends Error {
-  /**
-   * HTTP status code.
-   *
-   * - `401` — Invalid or missing credentials
-   * - `500` — Server-side auth failure (e.g., missing JWKS, env misconfiguration)
-   */
-  readonly status: number;
-  /**
-   * Machine-readable error code.
-   *
-   * Known codes:
-   * - `"INVALID_CREDENTIALS"` — No credential matched any allowed auth mode
-   * - `"CLIENT_ERROR"` — Failed to create a Supabase client after auth succeeded
-   * - `"AUTH_ERROR"` — Generic authentication error
-   * - Any `EnvError` code (propagated when env resolution fails during auth)
-   */
-  readonly code: string;
-  constructor(message: string, code?: string, status?: number);
-}
-//#endregion
-export { EnvError as n, AuthError as t };