@xylex-group/athena 2.12.1 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +1190 -1184
  3. package/bin/athena-js.js +104 -76
  4. package/dist/admin.cjs +45 -0
  5. package/dist/admin.cjs.map +1 -0
  6. package/dist/admin.d.cts +64 -0
  7. package/dist/admin.d.ts +64 -0
  8. package/dist/admin.js +41 -0
  9. package/dist/admin.js.map +1 -0
  10. package/dist/athena-auth-url-oLux_57a.d.cts +377 -0
  11. package/dist/athena-auth-url-oLux_57a.d.ts +377 -0
  12. package/dist/browser.cjs +33 -49
  13. package/dist/browser.cjs.map +1 -1
  14. package/dist/browser.d.cts +12 -10
  15. package/dist/browser.d.ts +12 -10
  16. package/dist/browser.js +33 -49
  17. package/dist/browser.js.map +1 -1
  18. package/dist/cli/index.cjs +150 -51
  19. package/dist/cli/index.cjs.map +1 -1
  20. package/dist/cli/index.d.cts +14 -5
  21. package/dist/cli/index.d.ts +14 -5
  22. package/dist/cli/index.js +150 -52
  23. package/dist/cli/index.js.map +1 -1
  24. package/dist/{client-CMtx5P4D.d.cts → client-BJjUwDSg.d.cts} +109 -1448
  25. package/dist/{client-Dre8H24u.d.ts → client-DVOKSYDI.d.ts} +109 -1448
  26. package/dist/cookies.cjs +18 -0
  27. package/dist/cookies.cjs.map +1 -1
  28. package/dist/cookies.d.cts +2 -1
  29. package/dist/cookies.d.ts +2 -1
  30. package/dist/cookies.js +17 -1
  31. package/dist/cookies.js.map +1 -1
  32. package/dist/{index-CVcQCGyG.d.ts → index-CFL9xbFR.d.cts} +2 -0
  33. package/dist/{index-CVcQCGyG.d.cts → index-UKJpunc6.d.ts} +2 -0
  34. package/dist/index.cjs +101 -49
  35. package/dist/index.cjs.map +1 -1
  36. package/dist/index.d.cts +13 -10
  37. package/dist/index.d.ts +13 -10
  38. package/dist/index.js +101 -50
  39. package/dist/index.js.map +1 -1
  40. package/dist/{model-form-DfTi8-D1.d.cts → model-form-Dw4zEL5a.d.cts} +2 -2
  41. package/dist/{model-form-CU0mWrF9.d.ts → model-form-yRg71q3H.d.ts} +2 -2
  42. package/dist/{module-DBGmbIuh.d.ts → module-DBteUIob.d.ts} +12 -9
  43. package/dist/{module-GoijrBXV.d.cts → module-yoX49uQC.d.cts} +12 -9
  44. package/dist/next/client.cjs +452 -49
  45. package/dist/next/client.cjs.map +1 -1
  46. package/dist/next/client.d.cts +7 -4
  47. package/dist/next/client.d.ts +7 -4
  48. package/dist/next/client.js +430 -50
  49. package/dist/next/client.js.map +1 -1
  50. package/dist/next/server.cjs +292 -49
  51. package/dist/next/server.cjs.map +1 -1
  52. package/dist/next/server.d.cts +81 -5
  53. package/dist/next/server.d.ts +81 -5
  54. package/dist/next/server.js +280 -50
  55. package/dist/next/server.js.map +1 -1
  56. package/dist/organization.cjs +72 -0
  57. package/dist/organization.cjs.map +1 -0
  58. package/dist/organization.d.cts +43 -0
  59. package/dist/organization.d.ts +43 -0
  60. package/dist/organization.js +70 -0
  61. package/dist/organization.js.map +1 -0
  62. package/dist/payload-BzVbUgY_.d.cts +219 -0
  63. package/dist/payload-DEOWN_oo.d.ts +219 -0
  64. package/dist/{pipeline-DrjU2vNA.d.ts → pipeline-Bj6RWt1A.d.ts} +1 -1
  65. package/dist/{pipeline-c7Gdm0qv.d.cts → pipeline-Dwck-wZO.d.cts} +1 -1
  66. package/dist/react.cjs +2 -13
  67. package/dist/react.cjs.map +1 -1
  68. package/dist/react.d.cts +26 -7
  69. package/dist/react.d.ts +26 -7
  70. package/dist/react.js +2 -13
  71. package/dist/react.js.map +1 -1
  72. package/dist/session-cookie-detection-BqOp9mO6.d.cts +46 -0
  73. package/dist/session-cookie-detection-BqOp9mO6.d.ts +46 -0
  74. package/dist/social-providers.cjs +4189 -0
  75. package/dist/social-providers.cjs.map +1 -0
  76. package/dist/social-providers.d.cts +4948 -0
  77. package/dist/social-providers.d.ts +4948 -0
  78. package/dist/social-providers.js +4117 -0
  79. package/dist/social-providers.js.map +1 -0
  80. package/dist/{types-Bez4HSbI.d.cts → types-BRP7sfSF.d.ts} +50 -2
  81. package/dist/{types-kPaHUqUa.d.ts → types-BU8uJH_b.d.cts} +50 -2
  82. package/dist/{types-BRUHGXo2.d.ts → types-CH78O90i.d.cts} +2 -2
  83. package/dist/{types-BRUHGXo2.d.cts → types-CH78O90i.d.ts} +2 -2
  84. package/dist/{types-BLizCLd1.d.cts → types-CjC9_5ZQ.d.cts} +3 -3
  85. package/dist/{types-DRRb0Fd0.d.ts → types-DPgejxYC.d.ts} +3 -3
  86. package/dist/types-eAKAh71s.d.cts +1476 -0
  87. package/dist/types-eAKAh71s.d.ts +1476 -0
  88. package/dist/utils.cjs +438 -15
  89. package/dist/utils.cjs.map +1 -1
  90. package/dist/utils.d.cts +76 -11
  91. package/dist/utils.d.ts +76 -11
  92. package/dist/utils.js +390 -16
  93. package/dist/utils.js.map +1 -1
  94. package/package.json +49 -22
  95. package/dist/shared-DZSGAmXs.d.cts +0 -35
  96. package/dist/shared-MMnVBBfy.d.ts +0 -35
@@ -0,0 +1,377 @@
1
+ /**
2
+ * Cookie name prefixes treated as Athena Auth / Better Auth session material.
3
+ *
4
+ * Used by {@link clearAuthCookies} when matching `document.cookie` names
5
+ * (including `__Secure-` prefixed variants).
6
+ *
7
+ * | Prefix | Typical cookies |
8
+ * |--------|-----------------|
9
+ * | `athena-auth` | `athena-auth.session_token`, `athena-auth.session-token`, chunked `session_data.*` |
10
+ * | `__Secure-athena-auth` | HTTPS-prefixed Athena cookies |
11
+ * | `better-auth` | Legacy Better Auth session cookies |
12
+ * | `__Secure-better-auth` | HTTPS-prefixed Better Auth cookies |
13
+ *
14
+ * @see {@link clearAuthCookies}
15
+ * @see docs/auth-cookies.md
16
+ */
17
+ declare const ATHENA_AUTH_COOKIE_PREFIXES: readonly ["athena-auth", "__Secure-athena-auth", "better-auth", "__Secure-better-auth"];
18
+ /** @deprecated Prefer {@link ATHENA_AUTH_COOKIE_PREFIXES}. */
19
+ declare const DEFAULT_AUTH_COOKIE_PREFIXES: readonly ["athena-auth", "__Secure-athena-auth", "better-auth", "__Secure-better-auth"];
20
+ interface ClearAuthCookiesOptions {
21
+ /**
22
+ * Name prefixes to clear. Defaults to {@link ATHENA_AUTH_COOKIE_PREFIXES}.
23
+ */
24
+ prefixes?: string[];
25
+ /**
26
+ * Hostname used to build domain candidates (host + parent domains).
27
+ * Defaults to `window.location.hostname` when available.
28
+ */
29
+ hostname?: string;
30
+ /**
31
+ * Cookie path attribute when expiring cookies.
32
+ * @default `/`
33
+ */
34
+ path?: string;
35
+ /**
36
+ * Override cookie header to scan (tests). Defaults to `document.cookie`.
37
+ */
38
+ cookieHeader?: string;
39
+ }
40
+ /**
41
+ * Clears Athena Auth / Better Auth browser cookies by name prefix.
42
+ *
43
+ * Safe to call from server/SSR: returns `[]` when `document` is unavailable.
44
+ * Prefer this over local copies of cookie-clearing loops in app `signOut`
45
+ * helpers.
46
+ *
47
+ * Compared to a minimal `document.cookie = …; path=/` wipe, this helper also:
48
+ * - expires with `Max-Age=0`
49
+ * - tries host + parent domain attributes (for subdomain deployments)
50
+ * - skips domain attributes on localhost / local hostnames
51
+ *
52
+ * For the **app-host bridge** httpOnly cookie written by
53
+ * `createAthenaAuthSessionBridgeHandlers`, also call
54
+ * `clearAthenaAuthSessionOnAppHost()` from `@xylex-group/athena/next/client`
55
+ * (that cookie is not always visible to `document.cookie`).
56
+ *
57
+ * @param options - Optional prefixes, hostname, path, or cookie header override
58
+ * @returns Cookie names that matched and were targeted for deletion
59
+ *
60
+ * @example
61
+ * ```ts
62
+ * import { clearAuthCookies } from "@xylex-group/athena/utils"
63
+ *
64
+ * export async function signOut(options?: { redirect?: boolean }) {
65
+ * try {
66
+ * await authClient.signOut({ fetchOptions: { throw: true } })
67
+ * } catch (error) {
68
+ * console.error("[auth] Sign out failed:", error)
69
+ * } finally {
70
+ * clearAuthCookies()
71
+ * if (options?.redirect !== false && typeof window !== "undefined") {
72
+ * window.location.href = "/sign-in"
73
+ * }
74
+ * }
75
+ * }
76
+ * ```
77
+ */
78
+ declare function clearAuthCookies(options?: ClearAuthCookiesOptions): string[];
79
+
80
+ /**
81
+ * Shared Athena Auth UI route segments, views, and redirect helpers.
82
+ *
83
+ * Aligned with `@xylex-group/athena-auth-ui` / Auth UI `routes.ts` so apps can
84
+ * import from `@xylex-group/athena/utils` instead of copying route maps.
85
+ */
86
+ /**
87
+ * Canonical auth screen ids used by UI routing and middleware.
88
+ *
89
+ * Note: the canonical forgot-password view id is `forgot-password`. The URL
90
+ * segment `forget-password` is accepted as a legacy alias and maps to that view.
91
+ */
92
+ type AuthView = 'sign-in' | 'sign-up' | 'forgot-password' | 'reset-password' | 'reset-email-sent' | 'check-email' | 'accept-invitation' | 'logout';
93
+ /** Default view when no path segment is present. */
94
+ declare const AUTH_DEFAULT_VIEW = "sign-in";
95
+ /** Optional two-factor path segment used by some app routers. */
96
+ declare const AUTH_TWO_FACTOR_SEGMENT = "two-factor";
97
+ /**
98
+ * Map of URL path segments → {@link AuthView}.
99
+ *
100
+ * Includes `forget-password` as a legacy alias for `forgot-password`.
101
+ */
102
+ declare const AUTH_VIEW_BY_SEGMENT: Readonly<Record<string, AuthView>>;
103
+ /**
104
+ * Views that should bounce **authenticated** users away (e.g. to app home).
105
+ * Reset/check-email/logout stay reachable while signed in.
106
+ */
107
+ declare const AUTHENTICATED_REDIRECT_VIEW_SET: Set<AuthView>;
108
+ /**
109
+ * Resolve an auth UI view from a single path segment.
110
+ *
111
+ * @param segment - e.g. `"sign-in"` from `/auth/[segment]`; `undefined` → default
112
+ * @returns Canonical {@link AuthView}, or `null` when the segment is unknown
113
+ *
114
+ * @example
115
+ * ```ts
116
+ * resolveAuthViewFromSegment(undefined) // "sign-in"
117
+ * resolveAuthViewFromSegment("forget-password") // "forgot-password"
118
+ * resolveAuthViewFromSegment("unknown") // null
119
+ * ```
120
+ */
121
+ declare function resolveAuthViewFromSegment(segment: string | undefined): AuthView | null;
122
+ /**
123
+ * Whether an authenticated user should be redirected away from this auth view.
124
+ *
125
+ * @param view - Resolved auth view
126
+ */
127
+ declare function shouldRedirectAuthenticatedAuthView(view: AuthView): boolean;
128
+ /**
129
+ * Default page routes under `/auth/*` for Next.js (or similar) apps.
130
+ */
131
+ declare const AUTH_ROUTES: {
132
+ readonly acceptInvitation: "/auth/accept-invitation";
133
+ readonly appHome: "/";
134
+ readonly checkEmail: "/auth/check-email";
135
+ readonly forgotPassword: "/auth/forgot-password";
136
+ readonly logout: "/auth/logout";
137
+ readonly resetEmailSent: "/auth/reset-email-sent";
138
+ readonly resetPassword: "/auth/reset-password";
139
+ readonly signIn: "/auth/sign-in";
140
+ readonly signUp: "/auth/sign-up";
141
+ readonly socialCallback: "/auth/social-callback";
142
+ };
143
+ type AuthRoutes = Record<keyof typeof AUTH_ROUTES, string>;
144
+ /**
145
+ * Build an auth route map with optional path overrides.
146
+ */
147
+ declare function createAuthRoutes(overrides?: Partial<AuthRoutes>): AuthRoutes;
148
+ /**
149
+ * Query/mode → path redirects used by legacy `?mode=` style entrypoints.
150
+ */
151
+ interface AuthModeRedirects {
152
+ readonly 'forgot-password': string;
153
+ readonly login: string;
154
+ readonly logout: string;
155
+ readonly 'reset-password': string;
156
+ readonly signup: string;
157
+ }
158
+ declare function createAuthModeRedirects(routes?: AuthRoutes): AuthModeRedirects;
159
+ declare const AUTH_MODE_REDIRECTS: AuthModeRedirects;
160
+ type AuthMode = keyof AuthModeRedirects;
161
+ declare const AUTH_MODE_SET: Set<string>;
162
+ declare const AUTHENTICATED_REDIRECT_MODE_SET: Set<keyof AuthModeRedirects>;
163
+ /**
164
+ * Type guard for legacy auth `mode` query values (`login`, `signup`, …).
165
+ */
166
+ declare function isAuthMode(value: string): value is AuthMode;
167
+ /**
168
+ * Whether an authenticated user should be redirected away from this auth mode.
169
+ */
170
+ declare function shouldRedirectAuthenticatedAuthMode(mode: AuthMode): boolean;
171
+ /**
172
+ * Resolve a path for a legacy auth mode string.
173
+ *
174
+ * @returns Path from {@link AUTH_MODE_REDIRECTS}, or `null` if unknown
175
+ */
176
+ declare function resolveAuthModeRedirect(mode: string | undefined, redirects?: AuthModeRedirects): string | null;
177
+
178
+ /**
179
+ * Resolve Athena Auth base / upstream URLs from env or explicit config.
180
+ *
181
+ * Mirrors the Athena Auth UI base-url contract so apps and the SDK share one
182
+ * precedence order for `ATHENA_AUTH_*` environment variables.
183
+ */
184
+ /** Default browser/proxy path for same-origin auth routing. */
185
+ declare const ATHENA_AUTH_PATH = "/api/auth";
186
+ /** Fallback origin when no absolute upstream is configured (server-side). */
187
+ declare const LOCAL_DEV_ORIGIN = "http://localhost:3000";
188
+ /**
189
+ * Hosted Athena Auth origin used when no upstream override is supplied.
190
+ * Origin only — no `/api/auth` suffix.
191
+ */
192
+ declare const DEFAULT_ATHENA_AUTH_ORIGIN = "https://auth.athena-auth.com";
193
+ /**
194
+ * @deprecated Prefer {@link DEFAULT_ATHENA_AUTH_ORIGIN}.
195
+ * Kept for callers that used the older name.
196
+ */
197
+ declare const DEFAULT_ATHENA_AUTH_UPSTREAM_URL = "https://auth.athena-auth.com";
198
+ /**
199
+ * Environment keys checked (in order) for the Athena Auth upstream URL.
200
+ *
201
+ * Prefer server-only keys first so private upstream hosts are not forced to
202
+ * rely on `NEXT_PUBLIC_*` values.
203
+ */
204
+ declare const ATHENA_AUTH_UPSTREAM_ENV_KEYS: readonly ["ATHENA_AUTH_UPSTREAM_URL", "ATHENA_AUTH_URL", "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL", "NEXT_PUBLIC_ATHENA_AUTH_URL"];
205
+ /**
206
+ * Auth UI naming parity (`base-url.ts`).
207
+ * Same ordered list as {@link ATHENA_AUTH_UPSTREAM_ENV_KEYS}.
208
+ */
209
+ declare const ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES: readonly ["ATHENA_AUTH_UPSTREAM_URL", "ATHENA_AUTH_URL", "NEXT_PUBLIC_ATHENA_AUTH_UPSTREAM_URL", "NEXT_PUBLIC_ATHENA_AUTH_URL"];
210
+ type AthenaAuthUpstreamEnvKey = (typeof ATHENA_AUTH_UPSTREAM_ENV_KEYS)[number];
211
+ /** Loose env map (Node `process.env` or a test fixture). */
212
+ type EnvLike = Record<string, string | undefined>;
213
+ type AthenaAuthUpstreamEnv = Partial<Record<AthenaAuthUpstreamEnvKey, string | undefined>> & EnvLike;
214
+ interface AthenaAuthClientBaseUrlOptions {
215
+ /**
216
+ * When `true` (default), ensure the client base ends with `/api/auth`.
217
+ * Set `false` when the auth server is mounted at a custom path or root.
218
+ */
219
+ appendAuthPath?: boolean;
220
+ }
221
+ /**
222
+ * Returns `true` when the value is an absolute `http://` or `https://` URL.
223
+ */
224
+ declare function isAbsoluteUrl(value: string): boolean;
225
+ /**
226
+ * Read the first non-empty Athena Auth upstream URL from an env-like map.
227
+ *
228
+ * @returns Trimmed URL string, or `undefined` when none of the keys are set
229
+ */
230
+ declare function readAthenaAuthUpstreamUrlFromEnv(env: EnvLike): string | undefined;
231
+ /**
232
+ * Normalize a consumer-supplied auth base URL so it targets `/api/auth`
233
+ * (unless the path already ends with that segment).
234
+ *
235
+ * Absolute URLs keep origin and rewrite pathname; relative paths are ensured
236
+ * to end with `/api/auth`.
237
+ *
238
+ * @example
239
+ * ```ts
240
+ * normalizeAthenaAuthBaseUrl('https://auth.example.com')
241
+ * // => 'https://auth.example.com/api/auth'
242
+ *
243
+ * normalizeAthenaAuthBaseUrl('/api/auth')
244
+ * // => '/api/auth'
245
+ * ```
246
+ */
247
+ declare function normalizeAthenaAuthBaseUrl(urlOrPath: string): string;
248
+ /**
249
+ * Resolve the **server-side** Athena Auth upstream origin (no `/api/auth` suffix).
250
+ *
251
+ * Used when proxying or calling the auth host directly from Node / edge.
252
+ *
253
+ * @param rawUpstreamUrl - Explicit URL, env map, or omit to read `process.env`
254
+ * @returns Origin like `https://auth.example.com` (no trailing slash)
255
+ */
256
+ declare function resolveAthenaAuthUpstreamUrl(rawUpstreamUrl?: string | AthenaAuthUpstreamEnv): string;
257
+ /**
258
+ * Resolve the **browser-facing** auth client base URL.
259
+ *
260
+ * Default behavior appends `/api/auth` for same-origin proxying. Pass
261
+ * `{ appendAuthPath: false }` to keep a custom path or root mount.
262
+ *
263
+ * Overloads match common call styles from Athena Auth UI and app code:
264
+ * - `resolveAthenaAuthClientBaseUrl("https://auth.example.com")`
265
+ * - `resolveAthenaAuthClientBaseUrl(process.env)`
266
+ * - `resolveAthenaAuthClientBaseUrl(undefined)` → env + defaults
267
+ * - `resolveAthenaAuthClientBaseUrl(path, upstream, { appendAuthPath: false })`
268
+ */
269
+ declare function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl?: string | EnvLike, rawUpstreamUrl?: string | AthenaAuthUpstreamEnv, options?: AthenaAuthClientBaseUrlOptions): string;
270
+ declare function resolveAthenaAuthClientBaseUrl(configuredAuthBaseUrl: string, rawUpstreamUrl?: string | AthenaAuthUpstreamEnv, options?: AthenaAuthClientBaseUrlOptions): string;
271
+ /**
272
+ * Build an absolute Athena Auth request URL for a path under the client base.
273
+ *
274
+ * Resolves at **call time** (reads env when `rawBaseUrl` is omitted) so module
275
+ * load order does not freeze a stale URL.
276
+ *
277
+ * @param path - Path relative to the auth base (leading slashes stripped)
278
+ * @param rawBaseUrl - Optional base string or env map
279
+ *
280
+ * @example
281
+ * ```ts
282
+ * resolveAthenaAuthRequestUrl('get-session', 'https://auth.example.com')
283
+ * // => 'https://auth.example.com/api/auth/get-session'
284
+ * ```
285
+ */
286
+ declare function resolveAthenaAuthRequestUrl(path: string, rawBaseUrl?: string | EnvLike): string;
287
+ /** Relative auth path for email verification (`GET /verify-email`). */
288
+ declare const ATHENA_AUTH_VERIFY_EMAIL_PATH = "verify-email";
289
+ /**
290
+ * Relative segment for session lookup (`GET /get-session`).
291
+ * Prefer with {@link resolveAthenaAuthRequestUrl} when `base` already ends in `/api/auth`.
292
+ */
293
+ declare const ATHENA_AUTH_GET_SESSION_PATH = "get-session";
294
+ /**
295
+ * Absolute app/proxy path for session lookup.
296
+ * Use with `new URL(ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH, appOrigin)` when
297
+ * `baseUrl` is the **app origin** (e.g. `https://app.example.com`), not the auth client base.
298
+ */
299
+ declare const ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH = "/api/auth/get-session";
300
+ /**
301
+ * @deprecated Alias of {@link ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH} for drop-in
302
+ * replacement of app-local `AUTH_SESSION_PATH` constants. Prefer the `ATHENA_` name.
303
+ */
304
+ declare const AUTH_SESSION_PATH = "/api/auth/get-session";
305
+ /**
306
+ * Query param that forces Athena Auth / Better Auth style session handlers to
307
+ * skip cookie cache and re-read the live session cookie.
308
+ */
309
+ declare const ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
310
+ /**
311
+ * @deprecated Alias of {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM}.
312
+ */
313
+ declare const DISABLE_COOKIE_CACHE_QUERY_PARAM = "disableCookieCache";
314
+ /** Value paired with {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM}. */
315
+ declare const ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
316
+ /**
317
+ * @deprecated Alias of {@link ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE}.
318
+ */
319
+ declare const DISABLE_COOKIE_CACHE_QUERY_VALUE = "true";
320
+ /**
321
+ * Optional request/response header some apps use to pass serialized session
322
+ * payload between edge middleware and the app (not set by the SDK itself).
323
+ */
324
+ declare const ATHENA_SESSION_DATA_HEADER = "x-session-data";
325
+ /**
326
+ * @deprecated Alias of {@link ATHENA_SESSION_DATA_HEADER}.
327
+ */
328
+ declare const SESSION_DATA_HEADER = "x-session-data";
329
+ /**
330
+ * Absolute callback URL for email verification.
331
+ *
332
+ * Equivalent to `resolveAthenaAuthRequestUrl("verify-email")` — use this in
333
+ * sign-up / send-verification payloads as `callbackURL` instead of a local
334
+ * wrapper around Auth UI `base-url` helpers.
335
+ *
336
+ * @param rawBaseUrl - Optional base string or env map (defaults to process env)
337
+ * @returns e.g. `https://auth.example.com/api/auth/verify-email`
338
+ *
339
+ * @example
340
+ * ```ts
341
+ * import { resolveEmailVerificationCallbackUrl } from "@xylex-group/athena/utils"
342
+ *
343
+ * await client.auth.signUp.email({
344
+ * email,
345
+ * password,
346
+ * name,
347
+ * callbackURL: resolveEmailVerificationCallbackUrl(),
348
+ * })
349
+ * ```
350
+ */
351
+ declare function resolveEmailVerificationCallbackUrl(rawBaseUrl?: string | EnvLike): string;
352
+ /**
353
+ * Build a same-origin (or absolute) **fresh** get-session URL.
354
+ *
355
+ * Appends `disableCookieCache=true` so middleware / RSC session probes do not
356
+ * reuse a stale cookie-cache entry.
357
+ *
358
+ * @param baseUrl - App origin (`https://app.example.com`) or any base accepted by
359
+ * the `URL` constructor. Resolves {@link ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH}
360
+ * (`/api/auth/get-session`) against that base.
361
+ * @returns URL such as `https://app.example.com/api/auth/get-session?disableCookieCache=true`
362
+ *
363
+ * @example
364
+ * ```ts
365
+ * import { createFreshSessionLookupUrl } from "@xylex-group/athena/utils"
366
+ *
367
+ * const url = createFreshSessionLookupUrl("https://app.example.com")
368
+ * await fetch(url, { headers: { cookie: requestHeaders.get("cookie") ?? "" } })
369
+ * ```
370
+ *
371
+ * For auth-client base URLs that already include `/api/auth`, prefer:
372
+ * `resolveAthenaAuthRequestUrl("get-session", authBase) + "?disableCookieCache=true"`
373
+ * or pass the **app** origin into this helper when you proxy `/api/auth/*` locally.
374
+ */
375
+ declare function createFreshSessionLookupUrl(baseUrl: string | URL): URL;
376
+
377
+ export { ATHENA_AUTH_COOKIE_PREFIXES as A, AUTH_SESSION_PATH as B, type ClearAuthCookiesOptions as C, DEFAULT_ATHENA_AUTH_ORIGIN as D, type EnvLike as E, AUTH_TWO_FACTOR_SEGMENT as F, type AthenaAuthClientBaseUrlOptions as G, type AthenaAuthUpstreamEnv as H, type AthenaAuthUpstreamEnvKey as I, type AuthMode as J, type AuthModeRedirects as K, type AuthRoutes as L, DEFAULT_ATHENA_AUTH_UPSTREAM_URL as M, DEFAULT_AUTH_COOKIE_PREFIXES as N, DISABLE_COOKIE_CACHE_QUERY_PARAM as O, DISABLE_COOKIE_CACHE_QUERY_VALUE as P, LOCAL_DEV_ORIGIN as Q, createAuthModeRedirects as R, SESSION_DATA_HEADER as S, createAuthRoutes as T, createFreshSessionLookupUrl as U, isAuthMode as V, readAthenaAuthUpstreamUrlFromEnv as W, resolveAuthModeRedirect as X, shouldRedirectAuthenticatedAuthMode as Y, ATHENA_AUTH_PATH as a, ATHENA_AUTH_UPSTREAM_ENV_KEYS as b, ATHENA_AUTH_UPSTREAM_URL_ENV_NAMES as c, AUTH_DEFAULT_VIEW as d, AUTH_ROUTES as e, AUTH_VIEW_BY_SEGMENT as f, type AuthView as g, clearAuthCookies as h, isAbsoluteUrl as i, resolveAthenaAuthRequestUrl as j, resolveAthenaAuthUpstreamUrl as k, resolveAuthViewFromSegment as l, resolveEmailVerificationCallbackUrl as m, normalizeAthenaAuthBaseUrl as n, ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_PARAM as o, ATHENA_AUTH_DISABLE_COOKIE_CACHE_QUERY_VALUE as p, ATHENA_AUTH_GET_SESSION_ABSOLUTE_PATH as q, resolveAthenaAuthClientBaseUrl as r, shouldRedirectAuthenticatedAuthView as s, ATHENA_AUTH_GET_SESSION_PATH as t, ATHENA_AUTH_VERIFY_EMAIL_PATH as u, ATHENA_SESSION_DATA_HEADER as v, AUTHENTICATED_REDIRECT_MODE_SET as w, AUTHENTICATED_REDIRECT_VIEW_SET as x, AUTH_MODE_REDIRECTS as y, AUTH_MODE_SET as z };
package/dist/browser.cjs CHANGED
@@ -802,7 +802,7 @@ var getCookieCache = async (request2, config) => {
802
802
 
803
803
  // src/utils/athena-request-headers.ts
804
804
  var NO_CACHE_HEADER_VALUE = "no-cache";
805
- var API_KEY_HEADER_CANDIDATES = ["X-Api-Key", "x-api-key", "apikey"];
805
+ var API_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key", "X-Api-Key", "x-api-key", "apikey"];
806
806
  var ATHENA_KEY_HEADER_CANDIDATES = ["X-Athena-Key", "x-athena-key"];
807
807
  var SESSION_TOKEN_HEADER_CANDIDATES = ["X-Athena-Auth-Session-Token"];
808
808
  var BEARER_MIRROR_HEADER_CANDIDATES = ["X-Athena-Auth-Bearer-Token"];
@@ -904,17 +904,6 @@ function buildServiceRequestHeaders(profile, sdkHeaderValue, config, options, ex
904
904
  });
905
905
  }
906
906
  function applyAthenaApiKeyHeaders(headers, apiKey, athenaKey) {
907
- if (apiKey) {
908
- if (!hasHeaderIgnoreCase(headers, "apikey")) {
909
- headers.apikey = apiKey;
910
- }
911
- if (!Object.hasOwn(headers, "x-api-key")) {
912
- headers["x-api-key"] = apiKey;
913
- }
914
- if (!Object.hasOwn(headers, "X-Api-Key")) {
915
- headers["X-Api-Key"] = apiKey;
916
- }
917
- }
918
907
  const resolvedAthenaKey = normalizeHeaderValue(athenaKey) ?? normalizeHeaderValue(apiKey);
919
908
  if (resolvedAthenaKey && !hasHeaderIgnoreCase(headers, "X-Athena-Key")) {
920
909
  headers["X-Athena-Key"] = resolvedAthenaKey;
@@ -1040,7 +1029,7 @@ function buildAthenaRequestHeaders(input) {
1040
1029
 
1041
1030
  // package.json
1042
1031
  var package_default = {
1043
- version: "2.12.1"
1032
+ version: "2.13.0"
1044
1033
  };
1045
1034
 
1046
1035
  // src/sdk-version.ts
@@ -3743,38 +3732,6 @@ async function withRetry(config, fn) {
3743
3732
  throw new Error("withRetry reached an unexpected state");
3744
3733
  }
3745
3734
 
3746
- // src/db/module.ts
3747
- function createDbModule(input) {
3748
- const db = {
3749
- from: input.from,
3750
- select(table2, first, second) {
3751
- if (first && typeof first === "object" && !Array.isArray(first)) {
3752
- return input.from(table2).select(void 0, first);
3753
- }
3754
- return input.from(table2).select(first, second);
3755
- },
3756
- insert(table2, values, options) {
3757
- return Array.isArray(values) ? input.from(table2).insert(values, options) : input.from(table2).insert(values, options);
3758
- },
3759
- upsert(table2, values, options) {
3760
- return Array.isArray(values) ? input.from(table2).upsert(values, options) : input.from(table2).upsert(values, options);
3761
- },
3762
- update(table2, values, options) {
3763
- return input.from(table2).update(values, options);
3764
- },
3765
- delete(table2, options) {
3766
- return input.from(table2).delete(options);
3767
- },
3768
- rpc(fn, args, options) {
3769
- return input.rpc(fn, args, options);
3770
- },
3771
- query(query, options) {
3772
- return input.query(query, options);
3773
- }
3774
- };
3775
- return db;
3776
- }
3777
-
3778
3735
  // src/storage/file.ts
3779
3736
  function createStorageFileModule(base, config = {}) {
3780
3737
  const upload = async (input, options) => {
@@ -9406,7 +9363,30 @@ function createClientFromConfig(config, sourceConfig) {
9406
9363
  config.experimental,
9407
9364
  queryTracer
9408
9365
  );
9409
- const db = createDbModule({ from, rpc, query });
9366
+ const untypedDbFrom = from;
9367
+ const db = {
9368
+ from,
9369
+ select(table2, first, second) {
9370
+ if (first && typeof first === "object" && !Array.isArray(first)) {
9371
+ return untypedDbFrom(table2).select(void 0, first);
9372
+ }
9373
+ return untypedDbFrom(table2).select(first, second);
9374
+ },
9375
+ insert(table2, values, options) {
9376
+ return Array.isArray(values) ? untypedDbFrom(table2).insert(values, options) : untypedDbFrom(table2).insert(values, options);
9377
+ },
9378
+ upsert(table2, values, options) {
9379
+ return Array.isArray(values) ? untypedDbFrom(table2).upsert(values, options) : untypedDbFrom(table2).upsert(values, options);
9380
+ },
9381
+ update(table2, values, options) {
9382
+ return untypedDbFrom(table2).update(values, options);
9383
+ },
9384
+ delete(table2, options) {
9385
+ return untypedDbFrom(table2).delete(options);
9386
+ },
9387
+ rpc,
9388
+ query
9389
+ };
9410
9390
  const chat = createChatModule({
9411
9391
  baseUrl: config.chatUrl,
9412
9392
  apiKey: config.apiKey,
@@ -9557,7 +9537,9 @@ function createClientFromConfig(config, sourceConfig) {
9557
9537
  var AthenaClient = class {
9558
9538
  /** Create a fluent builder for a strongly-typed Athena SDK client. */
9559
9539
  static builder() {
9560
- return createAthenaClientBuilder((config) => createClientFromInput(config));
9540
+ return createAthenaClientBuilder(
9541
+ (config) => createClientFromInput(config)
9542
+ );
9561
9543
  }
9562
9544
  static fromEnvironment(options = {}) {
9563
9545
  const env = options.env ?? process.env;
@@ -9588,7 +9570,8 @@ var AthenaClient = class {
9588
9570
  });
9589
9571
  }
9590
9572
  };
9591
- function createClient(configOrUrl, apiKey, options) {
9573
+ function createClient(...args) {
9574
+ const [configOrUrl, apiKey, options] = args;
9592
9575
  if (typeof configOrUrl === "string" || configOrUrl === null || configOrUrl === void 0) {
9593
9576
  return createClientFromInput({
9594
9577
  url: configOrUrl,
@@ -10209,7 +10192,8 @@ var TypedAthenaClientImpl = class _TypedAthenaClientImpl {
10209
10192
  fromModel(database, schema, model) {
10210
10193
  const modelDef = this.registryNavigator.resolveModel(database, schema, model);
10211
10194
  const tableName = this.registryNavigator.resolveTableName(schema, model, modelDef);
10212
- return this.baseClient.from(tableName);
10195
+ const from = this.baseClient.from;
10196
+ return from(tableName);
10213
10197
  }
10214
10198
  };
10215
10199
  function createTypedClient(registry, url, apiKey, options) {