while-basic
diff --git a/‎.changeset/shiny-kangaroos-arrive.md‎
Lines changed: 8 additions & 0 deletions b/‎.changeset/shiny-kangaroos-arrive.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎apps/dev/src/components/custom-button.tsx‎
Lines changed: 1 addition & 1 deletion b/‎apps/dev/src/components/custom-button.tsx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/docs/02-customization/03-custom-components.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/docs/02-customization/03-custom-components.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package.json‎
Lines changed: 0 additions & 2 deletions b/‎package.json‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎packages/stack-server/backend-design-doc.md‎
Lines changed: 5 additions & 0 deletions b/‎packages/stack-server/backend-design-doc.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/stack-server/prisma/migrations/20240418090527_magic_link/migration.sql‎
Lines changed: 27 additions & 0 deletions b/‎packages/stack-server/prisma/migrations/20240418090527_magic_link/migration.sql‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎packages/stack-server/prisma/schema.prisma‎
Lines changed: 22 additions & 0 deletions b/‎packages/stack-server/prisma/schema.prisma‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎packages/stack-server/prisma/seed.ts‎
Lines changed: 1 addition & 0 deletions b/‎packages/stack-server/prisma/seed.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/stack-server/src/app/api/v1/auth/callback/[provider]/route.tsx‎
Lines changed: 1 addition & 0 deletions b/‎packages/stack-server/src/app/api/v1/auth/callback/[provider]/route.tsx‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/stack-server/src/app/api/v1/auth/magic-link-verification/route.tsx‎
Lines changed: 69 additions & 0 deletions b/‎packages/stack-server/src/app/api/v1/auth/magic-link-verification/route.tsx‎
Lines changed: 69 additions & 0 deletions
@@ -0,0 +1,8 @@
+---
+"@stackframe/stack-server": minor
+"@stackframe/stack-shared": minor
+"@stackframe/stack": minor
+"@stackframe/stack-sc": minor
+---
+
+added magic link
@@ -4,7 +4,7 @@ import React from "react";
 import { Button as DefaultButton, useDesign } from "@stackframe/stack";
 
 export const Button = React.forwardRef<
-  HTMLButtonElement,
+  React.ElementRef<typeof DefaultButton>,
   React.ComponentProps<typeof DefaultButton>
 >(({
   variant = "primary",
 
@@ -21,7 +21,7 @@ import React from "react";
 import { Button as DefaultButton, useDesign } from "@stackframe/stack";
 
 export const Button = React.forwardRef<
-  HTMLButtonElement,
+  React.ElementRef<typeof DefaultButton>,
   React.ComponentProps<typeof DefaultButton>
 >(({
   variant = "primary",
 
@@ -48,7 +48,5 @@
     "overrides": {}
   },
   "dependencies": {
-    "@radix-ui/react-separator": "^1.0.3",
-    "@stackframe/stack": "workspace:^"
   }
 }
@@ -57,6 +57,11 @@ Terminology: "Invalid" means it was found but not valid, "Not found" means it wa
     - `EmailVerificationCodeNotFound`: The e-mail verification code does not exist for this project. (404)
     - `EmailVerificationCodeExpired`: The e-mail verification code has expired. (400)
     - `EmailVerificationCodeAlreadyUsed`: The e-mail verification code has already been used. (400)
+- `MagicLinkError`:
+  - `MagicLinkCodeError`:
+    - `MagicLinkCodeNotFound`: The magic link code does not exist for this project. (404)
+    - `MagicLinkCodeExpired`: The magic link code has expired. (400)
+    - `MagicLinkCodeAlreadyUsed`: The magic link code has already been used. (400)
 - `PasswordResetError`:
   - `PasswordResetCodeError`:
     - `PasswordResetCodeNotFound`: The password reset code does not exist for this project. (404)
 
@@ -0,0 +1,27 @@
+-- AlterTable
+ALTER TABLE "ProjectConfig" ADD COLUMN     "magicLinkEnabled" BOOLEAN NOT NULL DEFAULT false;
+
+-- AlterTable, authWithEmail default to true if password hash is set previously, otherwise false
+ALTER TABLE "ProjectUser" ADD COLUMN "authWithEmail" BOOLEAN NOT NULL DEFAULT false;
+UPDATE "ProjectUser" SET "authWithEmail" = true WHERE "passwordHash" IS NOT NULL;
+
+-- CreateTable
+CREATE TABLE "ProjectUserMagicLinkCode" (
+    "projectId" TEXT NOT NULL,
+    "projectUserId" UUID NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "code" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3) NOT NULL,
+    "usedAt" TIMESTAMP(3),
+    "redirectUrl" TEXT NOT NULL,
+    "newUser" BOOLEAN NOT NULL,
+
+    CONSTRAINT "ProjectUserMagicLinkCode_pkey" PRIMARY KEY ("projectId","code")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ProjectUserMagicLinkCode_code_key" ON "ProjectUserMagicLinkCode"("code");
+
+-- AddForeignKey
+ALTER TABLE "ProjectUserMagicLinkCode" ADD CONSTRAINT "ProjectUserMagicLinkCode_projectId_projectUserId_fkey" FOREIGN KEY ("projectId", "projectUserId") REFERENCES "ProjectUser"("projectId", "projectUserId") ON DELETE CASCADE ON UPDATE CASCADE;
@@ -39,6 +39,7 @@ model ProjectConfig {
 
   allowLocalhost    Boolean
   credentialEnabled Boolean
+  magicLinkEnabled  Boolean
 
   projects             Project[]
   oauthProviderConfigs OAuthProviderConfig[]
@@ -87,17 +88,20 @@ model ProjectUser {
   projectUserOAuthAccounts         ProjectUserOAuthAccount[]
   projectUserEmailVerificationCode ProjectUserEmailVerificationCode[]
   projectUserPasswordResetCode     ProjectUserPasswordResetCode[]
+  projectUserMagicLinkCode         ProjectUserMagicLinkCode[]
 
   primaryEmail         String?
   primaryEmailVerified Boolean
   profileImageUrl      String?
   displayName          String?
   passwordHash         String?
+  authWithEmail        Boolean
 
   serverMetadata Json?
   clientMetadata Json?
 
@@id([projectId, projectUserId])
+  @@unique([projectId, primaryEmail, authWithEmail])
 }
 
 model ProjectUserOAuthAccount {
@@ -188,6 +192,24 @@ model ProjectUserPasswordResetCode {
@@id([projectId, code])
 }
 
+model ProjectUserMagicLinkCode {
+  projectId     String
+  projectUserId String @db.Uuid
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  code        String    @unique
+  expiresAt   DateTime
+  usedAt      DateTime?
+  redirectUrl String
+  newUser     Boolean
+
+  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
+
+  @@id([projectId, code])
+}
+
 //#region API keys
 
 model ApiKeySet {
 
@@ -58,6 +58,7 @@ async function seed() {
             }
           },
           credentialEnabled: true,
+          magicLinkEnabled: true,
         },
       },
     },
 
@@ -148,6 +148,7 @@ export const GET = deprecatedSmartRouteHandler(async (req: NextRequest, options:
                     profileImageUrl: userInfo.profileImageUrl,
                     primaryEmail: userInfo.email,
                     primaryEmailVerified: true,
+                    authWithEmail: false,
                   },
                 },
               },
 
@@ -0,0 +1,69 @@
+import { NextRequest, NextResponse } from "next/server";
+import * as yup from "yup";
+import { prismaClient } from "@/prisma-client";
+import { deprecatedParseRequest, deprecatedSmartRouteHandler } from "@/lib/route-handlers";
+import { KnownErrors } from "@stackframe/stack-shared";
+import { createAuthTokens } from "@/lib/tokens";
+
+const postSchema = yup.object({
+  body: yup.object({
+    code: yup.string().required(),
+  }),
+});
+
+export const POST = deprecatedSmartRouteHandler(async (req: NextRequest) => {
+  const { body: { code } } = await deprecatedParseRequest(req, postSchema);
+
+  const codeRecord = await prismaClient.projectUserMagicLinkCode.findUnique({
+    where: {
+      code
+    },
+    include: {
+      projectUser: true,
+    },
+  });
+
+  if (!codeRecord) {
+    throw new KnownErrors.MagicLinkCodeNotFound();
+  }
+
+  if (codeRecord.expiresAt < new Date()) {
+    throw new KnownErrors.MagicLinkCodeExpired();
+  }
+
+  if (codeRecord.usedAt) {
+    throw new KnownErrors.MagicLinkCodeAlreadyUsed();
+  }
+  
+  await prismaClient.projectUser.update({
+    where: {
+      projectId_projectUserId: {
+        projectId: codeRecord.projectId,
+        projectUserId: codeRecord.projectUserId,
+      },
+    },
+    data: {
+      primaryEmailVerified: true,
+    },
+  });
+
+  await prismaClient.projectUserMagicLinkCode.update({
+    where: {
+      code,
+    },
+    data: {
+      usedAt: new Date(),
+    },
+  });
+
+  const { refreshToken, accessToken } = await createAuthTokens({ 
+    projectId: codeRecord.projectId,
+    projectUserId: codeRecord.projectUserId,
+  });
+
+  return NextResponse.json({
+    refreshToken,
+    accessToken,
+    newUser: codeRecord.newUser,
+  });
+});
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,5 @@`
`48`	`48`	`"overrides": {}`
`49`	`49`	`},`
`50`	`50`	`"dependencies": {`
`51`		`- "@radix-ui/react-separator": "^1.0.3",`
`52`		`- "@stackframe/stack": "workspace:^"`
`53`	`51`	`}`
`54`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ async function seed() {`
`58`	`58`	`}`
`59`	`59`	`},`
`60`	`60`	`credentialEnabled: true,`
	`61`	`+ magicLinkEnabled: true,`
`61`	`62`	`},`
`62`	`63`	`},`
`63`	`64`	`},`