zudoku 0.0.0-fix-firebase-export.2e421fda → 0.0.0-fix-circular-ref-false-positives.zbe02c6a6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zudoku",
-  "version": "0.0.0-fix-firebase-export.2e421fda",
+  "version": "0.0.0-fix-circular-ref-false-positives.zbe02c6a6",
   "type": "module",
   "homepage": "https://zudoku.dev",
   "repository": {
@@ -119,6 +119,10 @@
       "import": "./lib/zudoku.router.js",
       "types": "./dist/lib/core/router.d.ts"
     },
+    "./react-query": {
+      "import": "./lib/zudoku.react-query.js",
+      "types": "./dist/lib/core/react-query.d.ts"
+    },
     "./processors/*": {
       "import": "./lib/processors/*.js",
       "types": "./dist/lib/plugins/openapi/processors/*.d.ts"
@@ -150,6 +154,7 @@
   "dependencies": {
     "@apidevtools/json-schema-ref-parser": "14.1.1",
     "@envelop/core": "5.3.2",
+    "@fastify/deepmerge": "3.1.0",
     "@graphql-typed-document-node/core": "3.2.0",
     "@lekoarts/rehype-meta-as-attributes": "3.0.3",
     "@mdx-js/react": "3.1.1",
@@ -180,30 +185,32 @@
     "@radix-ui/react-visually-hidden": "1.2.4",
     "@scalar/openapi-parser": "0.23.2",
     "@sentry/node": "10.27.0",
-    "@shikijs/engine-javascript": "3.17.0",
-    "@shikijs/langs": "3.17.0",
-    "@shikijs/rehype": "3.17.0",
-    "@shikijs/themes": "3.17.0",
-    "@shikijs/transformers": "3.17.0",
+    "@shikijs/engine-javascript": "3.21.0",
+    "@shikijs/langs": "3.21.0",
+    "@shikijs/rehype": "3.21.0",
+    "@shikijs/themes": "3.21.0",
+    "@shikijs/transformers": "3.21.0",
     "@sindresorhus/slugify": "3.0.0",
     "@stefanprobst/rehype-extract-toc": "3.0.0",
     "@tailwindcss/typography": "0.5.19",
     "@tailwindcss/vite": "4.1.16",
     "@tanem/react-nprogress": "5.0.56",
-    "@tanstack/react-query": "5.85.5",
+    "@tanstack/react-query": "5.90.12",
     "@types/react": "19.2.7",
-    "@types/react-dom": "19.2.0",
+    "@types/react-dom": "19.2.3",
     "@vitejs/plugin-react": "5.1.0",
     "@x0k/json-schema-merge": "1.0.2",
     "@zudoku/httpsnippet": "10.0.9",
     "@zudoku/react-helmet-async": "2.0.5",
     "@zuplo/mcp": "^0.0.22",
+    "bs58": "^6.0.0",
     "class-variance-authority": "0.7.1",
     "clsx": "2.1.1",
     "cmdk": "1.1.1",
+    "dotenv": "^17.2.3",
     "embla-carousel-react": "8.6.0",
     "estree-util-value-to-estree": "3.4.1",
-    "express": "5.2.0",
+    "express": "5.2.1",
     "fast-equals": "5.2.2",
     "glob": "13.0.0",
     "glob-parent": "6.0.2",
@@ -223,15 +230,15 @@
     "next-themes": "0.4.6",
     "oauth4webapi": "2.17.0",
     "openapi-types": "12.1.3",
-    "pagefind": "1.4.0",
+    "pagefind": "1.5.0-beta.1",
     "picocolors": "1.1.1",
     "piscina": "5.1.4",
     "posthog-node": "5.14.1",
     "react-error-boundary": "6.0.0",
     "react-hook-form": "7.66.0",
-    "react-is": "19.2.0",
+    "react-is": "19.2.3",
     "react-markdown": "10.1.0",
-    "react-router": "7.8.2",
+    "react-router": "7.12.0",
     "rehype-mdx-import-media": "1.2.0",
     "rehype-raw": "7.0.0",
     "rehype-slug": "6.0.0",
@@ -243,11 +250,11 @@
     "remark-mdx-frontmatter": "5.2.0",
     "rollup": "4.52.5",
     "semver": "7.7.2",
-    "shiki": "3.17.0",
+    "shiki": "3.21.0",
     "sitemap": "9.0.0",
     "strip-ansi": "7.1.2",
-    "tailwind-merge": "3.3.1",
-    "tailwindcss": "4.1.16",
+    "tailwind-merge": "3.4.0",
+    "tailwindcss": "4.1.18",
     "tw-animate-css": "1.4.0",
     "unified": "^11.0.5",
     "unist-util-visit": "5.0.0",
@@ -266,28 +273,28 @@
     "@testing-library/jest-dom": "6.9.1",
     "@testing-library/react": "16.3.0",
     "@types/estree": "1.0.8",
-    "@types/express": "5.0.5",
+    "@types/express": "5.0.6",
     "@types/glob-parent": "5.1.3",
     "@types/har-format": "1.2.16",
     "@types/hast": "^3.0.4",
     "@types/json-schema": "7.0.15",
     "@types/mdast": "4.0.4",
     "@types/mdx": "2.0.13",
-    "@types/node": "22.13.5",
+    "@types/node": "22.19.1",
     "@types/react-is": "19.2.0",
     "@types/semver": "7.7.0",
     "@types/unist": "^3.0.3",
     "@types/yargs": "17.0.35",
-    "@vitest/coverage-v8": "3.2.4",
+    "@vitest/coverage-v8": "4.0.16",
     "esbuild": "0.27.0",
     "happy-dom": "20.0.10",
     "mdast-util-mdx": "3.0.0",
-    "react": "19.2.0",
-    "react-dom": "19.2.0",
+    "react": "19.2.3",
+    "react-dom": "19.2.3",
     "rollup-plugin-visualizer": "6.0.5",
     "tsx": "4.20.6",
     "typescript": "5.9.3",
-    "vitest": "4.0.6"
+    "vitest": "4.0.15"
   },
   "peerDependencies": {
     "@azure/msal-browser": "^4.13.0",

package/src/lib/auth/issuer.ts

@@ -32,7 +32,7 @@ export const getIssuer = async (config: ZudokuConfig) => {
       return config.authentication.issuer;
     }
     case "firebase": {
-      return config.authentication.authDomain;
+      return `https://securetoken.google.com/${config.authentication.projectId}`;
     }
     case undefined: {
       return undefined;

package/src/lib/authentication/authentication.ts

@@ -6,6 +6,7 @@ export type AuthActionOptions = { redirectTo?: string; replace?: boolean };
 
 export interface AuthenticationPlugin {
   initialize?(context: ZudokuContext): Promise<void>;
+  onPageLoad?(): void;
   setNavigate?(navigate: NavigateFunction): void;
 
   signUp(
@@ -18,12 +19,17 @@ export interface AuthenticationPlugin {
   ): Promise<void>;
 
   signOut({ navigate }: AuthActionContext): Promise<void>;
+
+  signRequest(request: Request): Promise<Request>;
+  requestEmailVerification?(
+    { navigate }: AuthActionContext,
+    options?: AuthActionOptions,
+  ): Promise<void>;
+
   /**
    * @deprecated use signRequest instead
    */
   getAccessToken?(): Promise<string>;
-  onPageLoad?(): void;
-  signRequest(request: Request): Promise<Request>;
 }
 
 export type AuthenticationProviderInitializer<TConfig> = (

package/src/lib/authentication/components/CallbackHandler.tsx

@@ -13,7 +13,7 @@ export function CallbackHandler({
   const { options } = useZudoku();
   const executeCallback = useSuspenseQuery({
     retry: false,
-    queryKey: ["oauth-callback"],
+    queryKey: ["oauth-callback", window.location.search],
     queryFn: async () => {
       const url = new URL(window.location.href);
 

package/src/lib/authentication/components/SignIn.tsx

@@ -8,6 +8,7 @@ import {
   CardHeader,
   CardTitle,
 } from "zudoku/ui/Card.js";
+import { useLatest } from "../../util/useLatest.js";
 import { useAuth } from "../hook.js";
 
 export const SignIn = () => {
@@ -15,12 +16,14 @@ export const SignIn = () => {
   const [search] = useSearchParams();
   const redirectTo = search.get("redirect") ?? undefined;
 
+  const login = useLatest(auth.login);
+
   useEffect(() => {
-    void auth.login({
+    void login.current({
       redirectTo,
       replace: true,
     });
-  }, [auth, redirectTo]);
+  }, [login, redirectTo]);
 
   return (
     <div className="flex items-center justify-center mt-8">

package/src/lib/authentication/components/SignUp.tsx

@@ -7,14 +7,17 @@ import {
   CardHeader,
   CardTitle,
 } from "zudoku/ui/Card.js";
+import { useLatest } from "../../util/useLatest.js";
 import { useAuth } from "../hook.js";
 
 export const SignUp = () => {
   const auth = useAuth();
 
+  const signup = useLatest(auth.signup);
+
   useEffect(() => {
-    void auth.signup();
-  }, [auth]);
+    void signup.current();
+  }, [signup]);
 
   return (
     <div className="flex items-center justify-center mt-8">

package/src/lib/authentication/hook.ts

@@ -52,5 +52,21 @@ export const useAuth = () => {
         },
       );
     },
+    supportsEmailVerification:
+      typeof authentication?.requestEmailVerification === "function",
+
+    requestEmailVerification: async (options?: AuthActionOptions) => {
+      if (!isAuthEnabled) {
+        throw new Error("Authentication is not enabled.");
+      }
+
+      await authentication.requestEmailVerification?.(
+        { navigate },
+        {
+          ...options,
+          redirectTo: options?.redirectTo ?? window.location.href,
+        },
+      );
+    },
   };
 };

package/src/lib/authentication/providers/auth0.tsx

@@ -1,4 +1,5 @@
 import type { Auth0AuthenticationConfig } from "../../../config/config.js";
+import { joinUrl } from "../../util/joinUrl.js";
 import type {
   AuthActionContext,
   AuthenticationPlugin,
@@ -43,7 +44,10 @@ class Auth0AuthenticationProvider
 
   signOut = async (_: AuthActionContext): Promise<void> => {
     const as = await this.getAuthServer();
-    const idToken = await this.getAccessToken();
+
+    // biome-ignore lint/suspicious/noExplicitAny: We don't have a good way for typing provider-data yet.
+    const providerData = useAuthState.getState().providerData as any;
+    const idToken = providerData?.idToken;
 
     useAuthState.setState({
       isAuthenticated: false,
@@ -53,15 +57,18 @@ class Auth0AuthenticationProvider
     });
 
     const redirectUrl = new URL(window.location.origin);
-    redirectUrl.pathname = this.redirectToAfterSignOut;
+    redirectUrl.pathname = joinUrl(
+      import.meta.env.BASE_URL,
+      this.redirectToAfterSignOut,
+    );
 
     // SEE: https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0
     // For Auth0 tenants created on or after 14 November 2023, RP-Initiated
     // Logout End Session Endpoint Discovery is enabled by default.
     // Otherwise we fallback to the old non-compliant logout
 
-    // The endSessionEndpoint is set, the IdP supports some form of logout,
-    // so we use the IdP logout. Otherwise, just redirect the user to home
+    // The end_session_endpoint is set, the IdP supports some form of logout,
+    // so we use auth0 logout. Otherwise, just redirect the user to home
     if (as.end_session_endpoint) {
       const logoutUrl = new URL(as.end_session_endpoint);
       if (idToken) {
@@ -72,12 +79,11 @@ class Auth0AuthenticationProvider
         redirectUrl.toString(),
       );
 
-      // window.location.href = logoutUrl.toString();
+      window.location.href = logoutUrl.toString();
     } else {
-      const _logoutUrl = new URL(
-        `${this.issuer.replace(/\/$/, "")}/oidc/logout`,
-      );
-      // window.location.href = logoutUrl.toString();
+      // const logoutUrl = new URL(`${this.issuer.replace(/\/$/, "")}/v2/logout`);
+      // logoutUrl.searchParams.set("returnTo", redirectUrl.toString());
+      // don't support the deprecated logout today
     }
   };
 }

package/src/lib/authentication/providers/clerk.tsx

@@ -29,32 +29,6 @@ const clerkAuth: AuthenticationProviderInitializer<
 
     await clerkApi.load();
 
-    if (clerkApi.user) {
-      const verifiedEmail = clerkApi.user.emailAddresses.find(
-        (email) => email.verification.status === "verified",
-      );
-      useAuthState.getState().setLoggedIn({
-        profile: {
-          sub: clerkApi.user.id,
-          name: clerkApi.user.fullName ?? undefined,
-          email:
-            verifiedEmail?.emailAddress ??
-            clerkApi.user.emailAddresses[0]?.emailAddress,
-          emailVerified: verifiedEmail !== undefined,
-          pictureUrl: clerkApi.user.imageUrl,
-        },
-        providerData: {
-          user: {
-            publicMetadata: clerkApi.user.publicMetadata,
-            id: clerkApi.user.id,
-            emailAddresses: clerkApi.user.emailAddresses,
-            imageUrl: clerkApi.user.imageUrl,
-            fullName: clerkApi.user.fullName,
-          },
-        },
-      });
-    }
-
     return clerkApi;
   })();
 

package/src/lib/authentication/providers/firebase.tsx

@@ -3,12 +3,15 @@ import {
   type Auth,
   createUserWithEmailAndPassword,
   getAuth,
+  sendEmailVerification,
+  sendPasswordResetEmail,
   signInWithEmailAndPassword,
   signInWithPopup,
   signOut,
   type User,
 } from "firebase/auth";
 import type { FirebaseAuthenticationConfig } from "../../../config/config.js";
+import { ZudokuError } from "../../util/invariant.js";
 import { CoreAuthenticationPlugin } from "../AuthenticationPlugin.js";
 import type {
   AuthActionContext,
@@ -19,7 +22,12 @@ import type {
 import { SignOut } from "../components/SignOut.js";
 import { AuthorizationError } from "../errors.js";
 import { useAuthState } from "../state.js";
-import { ZudokuSignInUi, ZudokuSignUpUi } from "../ui/ZudokuAuthUi.js";
+import { EmailVerificationUi } from "../ui/EmailVerificationUi.js";
+import {
+  ZudokuPasswordResetUi,
+  ZudokuSignInUi,
+  ZudokuSignUpUi,
+} from "../ui/ZudokuAuthUi.js";
 
 class FirebaseAuthenticationProvider
   extends CoreAuthenticationPlugin
@@ -28,6 +36,7 @@ class FirebaseAuthenticationProvider
   private readonly app: FirebaseApp;
   private readonly auth: Auth;
   private readonly providers: string[];
+  private readonly enableUsernamePassword: boolean;
 
   constructor(config: FirebaseAuthenticationConfig) {
     super();
@@ -42,7 +51,13 @@ class FirebaseAuthenticationProvider
       measurementId: config.measurementId,
     });
     this.auth = getAuth(this.app);
-    this.providers = config.providers ?? [];
+    this.providers = config.providers?.filter((p) => p !== "password") ?? [];
+    this.enableUsernamePassword =
+      config.providers?.includes("password") ?? false;
+  }
+
+  async initialize() {
+    await this.auth.authStateReady();
   }
 
   async signRequest(request: Request): Promise<Request> {
@@ -76,13 +91,77 @@ class FirebaseAuthenticationProvider
     );
   };
 
+  requestEmailVerification = async (
+    { navigate }: AuthActionContext,
+    { redirectTo }: AuthActionOptions,
+  ) => {
+    if (!this.auth.currentUser) {
+      throw new ZudokuError("User is not authenticated", {
+        title: "User not authenticated",
+      });
+    }
+
+    await sendEmailVerification(this.auth.currentUser);
+    void navigate(
+      redirectTo
+        ? `/verify-email?redirectTo=${encodeURIComponent(redirectTo)}`
+        : `/verify-email`,
+    );
+  };
+
   getRoutes = () => {
     return [
+      {
+        path: "/verify-email",
+        element: (
+          <EmailVerificationUi
+            onResendVerification={async () => {
+              if (!this.auth.currentUser) {
+                throw new ZudokuError("User is not authenticated", {
+                  title: "User not authenticated",
+                });
+              }
+              await sendEmailVerification(this.auth.currentUser);
+            }}
+            onCheckVerification={async () => {
+              if (!this.auth.currentUser) {
+                throw new ZudokuError("User is not authenticated", {
+                  title: "User not authenticated",
+                });
+              }
+              await this.auth.currentUser.reload();
+              const isVerified = this.auth.currentUser.emailVerified;
+
+              if (isVerified) {
+                await this.auth.currentUser.getIdToken(true);
+                await this.setUserLoggedIn(this.auth.currentUser);
+              }
+
+              return isVerified;
+            }}
+          />
+        ),
+      },
+      {
+        path: "/reset-password",
+        element: (
+          <ZudokuPasswordResetUi
+            onPasswordReset={async (email: string) => {
+              try {
+                await sendPasswordResetEmail(this.auth, email);
+              } catch (error) {
+                throw Error(getFirebaseErrorMessage(error), { cause: error });
+              }
+            }}
+          />
+        ),
+      },
       {
         path: "/signin",
         element: (
           <ZudokuSignInUi
             providers={this.providers}
+            enableUsernamePassword={this.enableUsernamePassword}
             onOAuthSignIn={async (providerId: string) => {
               useAuthState.setState({ isPending: true });
               const provider = await getProviderForId(providerId);
@@ -109,7 +188,13 @@ class FirebaseAuthenticationProvider
               password: string,
             ) => {
               try {
-                await signInWithEmailAndPassword(this.auth, email, password);
+                useAuthState.setState({ isPending: false });
+                const result = await signInWithEmailAndPassword(
+                  this.auth,
+                  email,
+                  password,
+                );
+                await this.setUserLoggedIn(result.user);
               } catch (error) {
                 throw Error(getFirebaseErrorMessage(error), { cause: error });
               }
@@ -122,6 +207,7 @@ class FirebaseAuthenticationProvider
         element: (
           <ZudokuSignUpUi
             providers={this.providers}
+            enableUsernamePassword={this.enableUsernamePassword}
             onOAuthSignUp={async (providerId: string) => {
               const provider = await getProviderForId(providerId);
               if (!provider) {
@@ -135,7 +221,13 @@ class FirebaseAuthenticationProvider
               email: string,
               password: string,
             ) => {
-              await createUserWithEmailAndPassword(this.auth, email, password);
+              useAuthState.setState({ isPending: true });
+              const createUser = await createUserWithEmailAndPassword(
+                this.auth,
+                email,
+                password,
+              );
+              await this.setUserLoggedIn(createUser.user);
             }}
           />
         ),
@@ -162,13 +254,13 @@ class FirebaseAuthenticationProvider
     const user = this.auth.currentUser;
 
     if (user) {
-      await this.updateUserState(user);
+      await this.setUserLoggedIn(user);
     } else {
       useAuthState.setState({ isPending: false });
     }
   };
 
-  private async updateUserState(user: User) {
+  private async setUserLoggedIn(user: User) {
     useAuthState.getState().setLoggedIn({
       profile: {
         sub: user.uid,

package/src/lib/authentication/providers/supabase.tsx

@@ -129,21 +129,12 @@ class SupabaseAuthenticationProvider
   };
 
   signOut = async () => {
-    await new Promise<void>((resolve) => {
-      const { data } = this.client.auth.onAuthStateChange(async (event) => {
-        if (event !== "SIGNED_OUT") return;
-        data.subscription.unsubscribe();
-        resolve();
-      });
-      void this.client.auth.signOut();
-    });
-
-    useAuthState.setState({
-      isAuthenticated: false,
-      isPending: false,
-      profile: undefined,
-      providerData: undefined,
-    });
+    const { error } = await this.client.auth.signOut({ scope: "local" });
+    if (error) {
+      // biome-ignore lint/suspicious: Logging is better than not doing anything
+      console.error("Error signing out", error);
+    }
+    useAuthState.getState().setLoggedOut();
   };
 
   onPageLoad = async () => {