Merge branch 'dev' into contact-channel-api

README.md

@@ -110,8 +110,8 @@ pnpm install
 pnpm run build
 
 # reset & start the dependencies (DB, Inbucket, etc.) as Docker containers, seeding the DB with the Prisma schema
-pnpm run restart-deps
-# pnpm run start-deps
+pnpm run start-deps
+# pnpm run restart-deps
 # pnpm run stop-deps
 
 # Start the dev server

apps/backend/CHANGELOG.md

@@ -1,5 +1,13 @@
 # @stackframe/stack-backend
 
+## 2.6.1
+
+### Patch Changes
+
+- Bugfixes
+  - @stackframe/stack-emails@2.6.1
+  - @stackframe/stack-shared@2.6.1
+
 ## 2.6.0
 
 ### Minor Changes

apps/backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/stack-backend",
-  "version": "2.6.0",
+  "version": "2.6.1",
   "private": true,
   "scripts": {
     "clean": "rimraf .next && rimraf node_modules",

apps/backend/src/app/api/v1/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx

@@ -2,10 +2,9 @@ import { usersCrudHandlers } from "@/app/api/v1/users/crud";
 import { getProvider } from "@/oauth";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { connectedAccountAccessTokenCrud } from "@stackframe/stack-shared/dist/interface/crud/oauth";
-import { yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
+import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StackAssertionError, StatusError } from "@stackframe/stack-shared/dist/utils/errors";
 import { createLazyProxy } from "@stackframe/stack-shared/dist/utils/proxies";
 import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
@@ -14,12 +13,10 @@ import { extractScopes } from "@stackframe/stack-shared/dist/utils/strings";
 export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>createCrudHandlers(connectedAccountAccessTokenCrud, {
   paramsSchema: yupObject({
     provider_id: yupString().required(),
-    user_id: yupString().required(),
+    user_id: userIdOrMeSchema.required(),
   }),
   async onCreate({ auth, data, params }) {
-    const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
-    if (auth.type === 'client' && auth.user?.id !== userId) {
+    if (auth.type === 'client' && auth.user?.id !== params.user_id) {
       throw new StatusError(StatusError.Forbidden, "Client can only access its own connected accounts");
     }
 
@@ -32,7 +29,7 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>crea
       throw new KnownErrors.OAuthAccessTokenNotAvailableWithSharedOAuthKeys();
     }
 
-    const user = await usersCrudHandlers.adminRead({ project: auth.project, user_id: userId });
+    const user = await usersCrudHandlers.adminRead({ project: auth.project, user_id: params.user_id });
     if (!user.oauth_providers.map(x => x.id).includes(params.provider_id)) {
       throw new KnownErrors.OAuthConnectionNotConnectedToUser();
     }
@@ -44,7 +41,7 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>crea
         projectId: auth.project.id,
         oAuthProviderConfigId: params.provider_id,
         projectUserOAuthAccount: {
-          projectUserId: userId,
+          projectUserId: params.user_id,
         },
         expiresAt: {
           // is at least 5 minutes in the future
@@ -66,7 +63,7 @@ export const connectedAccountAccessTokenCrudHandlers = createLazyProxy(() =>crea
         projectId: auth.project.id,
         oAuthProviderConfigId: params.provider_id,
         projectUserOAuthAccount: {
-          projectUserId: userId,
+          projectUserId: params.user_id,
         }
       },
     });

apps/backend/src/app/api/v1/team-member-profiles/crud.tsx

@@ -1,7 +1,6 @@
 import { ensureTeamExist, ensureTeamMembershipExists, ensureUserExist, ensureUserTeamPermissionExists } from "@/lib/request-checks";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { Prisma } from "@prisma/client";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { teamMemberProfilesCrud } from "@stackframe/stack-shared/dist/interface/crud/team-member-profiles";
@@ -33,7 +32,6 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
   }),
   onList: async ({ auth, query }) => {
     return await prismaClient.$transaction(async (tx) => {
-      const userId = getIdFromUserIdOrMe(query.user_id, auth.user);
       if (auth.type === 'client') {
         // Client can only:
         // - list users in their own team if they have the $read_members permission
@@ -47,7 +45,7 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
 
         await ensureTeamMembershipExists(tx, { projectId: auth.project.id, teamId: query.team_id, userId: currentUserId });
 
-        if (userId !== currentUserId) {
+        if (query.user_id !== currentUserId) {
           await ensureUserTeamPermissionExists(tx, {
             project: auth.project,
             teamId: query.team_id,
@@ -61,16 +59,16 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         if (query.team_id) {
           await ensureTeamExist(tx, { projectId: auth.project.id, teamId: query.team_id });
         }
-        if (userId) {
-          await ensureUserExist(tx, { projectId: auth.project.id, userId: userId });
+        if (query.user_id) {
+          await ensureUserExist(tx, { projectId: auth.project.id, userId: query.user_id });
         }
       }
 
       const db = await tx.teamMember.findMany({
         where: {
           projectId: auth.project.id,
           teamId: query.team_id,
-          projectUserId: userId,
+          projectUserId: query.user_id,
         },
         orderBy: {
           createdAt: 'asc',
@@ -88,11 +86,9 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
   },
   onRead: async ({ auth, params }) => {
     return await prismaClient.$transaction(async (tx) => {
-      const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
       if (auth.type === 'client') {
         const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
-        if (userId !== currentUserId) {
+        if (params.user_id !== currentUserId) {
           await ensureUserTeamPermissionExists(tx, {
             project: auth.project,
             teamId: params.team_id,
@@ -104,13 +100,13 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         }
       }
 
-      await ensureTeamMembershipExists(tx, { projectId: auth.project.id, teamId: params.team_id, userId: userId });
+      await ensureTeamMembershipExists(tx, { projectId: auth.project.id, teamId: params.team_id, userId: params.user_id });
 
       const db = await tx.teamMember.findUnique({
         where: {
           projectId_projectUserId_teamId: {
             projectId: auth.project.id,
-            projectUserId: userId,
+            projectUserId: params.user_id,
             teamId: params.team_id,
           },
         },
@@ -119,34 +115,32 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
 
       if (!db) {
         // This should never happen because of the check above
-        throw new KnownErrors.TeamMembershipNotFound(params.team_id, userId);
+        throw new KnownErrors.TeamMembershipNotFound(params.team_id, params.user_id);
       }
 
       return prismaToCrud(db, await getUserLastActiveAtMillis(db.projectUser.projectUserId, db.projectUser.createdAt));
     });
   },
   onUpdate: async ({ auth, data, params }) => {
     return await prismaClient.$transaction(async (tx) => {
-      const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
       if (auth.type === 'client') {
         const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
-        if (userId !== currentUserId) {
+        if (params.user_id !== currentUserId) {
           throw new StatusError(StatusError.Forbidden, 'Cannot update another user\'s profile');
         }
       }
 
       await ensureTeamMembershipExists(tx, {
         projectId: auth.project.id,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id,
       });
 
       const db = await tx.teamMember.update({
         where: {
           projectId_projectUserId_teamId: {
             projectId: auth.project.id,
-            projectUserId: userId,
+            projectUserId: params.user_id,
             teamId: params.team_id,
           },
         },

apps/backend/src/app/api/v1/team-memberships/crud.tsx

@@ -2,7 +2,6 @@ import { ensureTeamExist, ensureTeamMembershipExists, ensureTeamMembershipDoesNo
 import { isTeamSystemPermission, teamSystemPermissionStringToDBType } from "@/lib/permissions";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { teamMembershipsCrud } from "@stackframe/stack-shared/dist/interface/crud/team-memberships";
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { throwErr } from "@stackframe/stack-shared/dist/utils/errors";
@@ -57,8 +56,6 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
     user_id: userIdOrMeSchema.required(),
   }),
   onCreate: async ({ auth, params }) => {
-    const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
     await prismaClient.$transaction(async (tx) => {
       await ensureTeamExist(tx, {
         projectId: auth.project.id,
@@ -68,14 +65,14 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       await ensureTeamMembershipDoesNotExist(tx, {
         projectId: auth.project.id,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id
       });
 
       const user = await tx.projectUser.findUnique({
         where: {
           projectId_projectUserId: {
             projectId: auth.project.id,
-            projectUserId: userId,
+            projectUserId: params.user_id,
           },
         },
       });
@@ -87,14 +84,14 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       await addUserToTeam(tx, {
         project: auth.project,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id,
         type: 'member',
       });
     });
 
     const data = {
       team_id: params.team_id,
-      user_id: userId,
+      user_id: params.user_id,
     };
 
     await sendTeamMembershipCreatedWebhook({
@@ -105,15 +102,13 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
     return data;
   },
   onDelete: async ({ auth, params }) => {
-    const userId = getIdFromUserIdOrMe(params.user_id, auth.user);
-
     await prismaClient.$transaction(async (tx) => {
       // Users are always allowed to remove themselves from a team
       // Only users with the $remove_members permission can remove other users
       if (auth.type === 'client') {
         const currentUserId = auth.user?.id ?? throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
 
-        if (userId !== currentUserId) {
+        if (params.user_id !== currentUserId) {
           await ensureUserTeamPermissionExists(tx, {
             project: auth.project,
             teamId: params.team_id,
@@ -128,7 +123,7 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       await ensureTeamMembershipExists(tx, {
         projectId: auth.project.id,
         teamId: params.team_id,
-        userId,
+        userId: params.user_id,
       });
 
       await tx.teamMember.delete({
@@ -146,7 +141,7 @@ export const teamMembershipsCrudHandlers = createLazyProxy(() => createCrudHandl
       projectId: auth.project.id,
       data: {
         team_id: params.team_id,
-        user_id: userId,
+        user_id: params.user_id,
       },
     });
   },

apps/backend/src/app/api/v1/team-permissions/crud.tsx

@@ -2,7 +2,6 @@ import { grantTeamPermission, listUserTeamPermissions, revokeTeamPermission } fr
 import { ensureTeamMembershipExists, ensureUserTeamPermissionExists } from "@/lib/request-checks";
 import { prismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
-import { getIdFromUserIdOrMe } from "@/route-handlers/utils";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { teamPermissionsCrud } from '@stackframe/stack-shared/dist/interface/crud/team-permissions';
 import { teamPermissionDefinitionIdSchema, userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
@@ -53,11 +52,10 @@ export const teamPermissionsCrudHandlers = createLazyProxy(() => createCrudHandl
     });
   },
   async onList({ auth, query }) {
-    const userId = getIdFromUserIdOrMe(query.user_id, auth.user);
     if (auth.type === 'client') {
       const currentUserId = auth.user?.id || throwErr(new KnownErrors.CannotGetOwnUserWithoutUser());
 
-      if (userId !== currentUserId) {
+      if (query.user_id !== currentUserId) {
         throw new StatusError(StatusError.Forbidden, 'Client can only list permissions for their own user. user_id must be either "me" or the ID of the current user');
       }
     }
@@ -68,7 +66,7 @@ export const teamPermissionsCrudHandlers = createLazyProxy(() => createCrudHandl
           project: auth.project,
           teamId: query.team_id,
           permissionId: query.permission_id,
-          userId,
+          userId: query.user_id,
           recursive: query.recursive === 'true',
         }),
         is_paginated: false,