Enhances sign-up process with Turnstile integration for fraud
protection. Builds on top of fraud-protection-temp-emails.
Made with [Cursor](https://cursor.com)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Cloudflare Turnstile bot-protection across signup/sign-in flows
(including SDK JSON mode).
* Email deliverability checks via Emailable.
* Sign-up risk scoring with persisted risk metrics and country code
tracking.
* UI: country-code selector, risk-score editing in user details, users
list refresh button, and Turnstile signup demo pages.
* **Bug Fixes**
* Use actual sign-up timestamp for reporting/metrics.
* **Documentation**
* Expanded knowledge base on Turnstile, risk scoring, and env
configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
Co-authored-by: BilalG1 <bg2002@gmail.com>
Co-authored-by: Armaan Jain <84474476+Developing-Gamer@users.noreply.github.com>
Co-authored-by: nams1570 <amanganapathy@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Projects now expose a domains field in the client API.
- Cookie API expanded: domain and secure options added, plus getAll and
isSecure helpers.
- **Refactor**
- Domain-aware cookie and token handling for cross-domain refresh flows.
- Minor signature/formatting tweaks to IP and URL utilities.
- **Tests**
- E2E coverage added: refresh-cookie scenarios and a project scaffolding
test.
- Backend snapshot updated to include domains.
- **Chores**
- Added a new dependency for domain parsing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Sign-up accepts an optional verification callback URL and a new
opt-out flag to disable email verification; when opted-out or absent,
URL checks and verification emails are skipped.
* Client APIs and runtime validation updated to forbid providing a
callback URL when opting out. Sign-up now retries without a callback if
a redirect URL is not whitelisted.
* **Tests**
* End-to-end tests added for sign-up without verification and for
conflicting verification settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <N2D4@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds a developer-friendly error guard to prevent a common
mistake where developers try to destructure the user object from
`getUser()` or `useUser()` calls (e.g., `const { user } = await
app.getUser()`), when the method already returns the user object
directly. The fix implements a property getter that throws a helpful
error message, attaches it to all user objects (client-side
`CurrentUser`, server-side `ServerUser`, and `ServerTeamUser`), and
includes E2E tests to verify the behavior. Additionally, it fixes a typo
in the Convex example and addresses seed script execution issues.
⏱️ Estimated Review Time: 5-15 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/template/src/lib/stack-app/users/index.ts` |
| 2 |
`packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts`
|
| 3 |
`packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts`
|
| 4 | `apps/e2e/tests/js/app.test.ts` |
| 5 | `examples/convex/convex/myFunctions.ts` |
| 6 | `apps/backend/prisma/seed.ts` |
| 7 | `.github/workflows/check-prisma-migrations.yaml` |
</details>
<details>
<summary>⚠️ Inconsistent Changes Detected</summary>
| File Path | Warning |
|-----------|---------|
| `.github/workflows/check-prisma-migrations.yaml` | Adds database
cleanup step for auto-migration metadata in CI workflow, which appears
unrelated to the main purpose of adding a user getter error guard |
| `apps/backend/prisma/seed.ts` | Restructures the seed script execution
logic and removes the main module check handler, which seems unrelated
to the user getter error fix |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds a guard to prevent destructuring of `user` objects and includes a
test to verify the error message.
>
> - **Behavior**:
> - Adds `attachUserDestructureGuard` function in `users/index.ts` to
throw an error when attempting to destructure `user`.
> - Updates `getUser()` in `client-app-impl.ts` and `server-app-impl.ts`
to use `attachUserDestructureGuard`.
> - Adds test in `app.test.ts` to verify error message when
destructuring `user`.
> - **Misc**:
> - Fixes string concatenation error in `myFunctions.ts`.
> - Adds step in `check-prisma-migrations.yaml` to remove auto-migration
metadata.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 9be5c8a0e2. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Added a protective guard that prevents destructuring the user from
current user objects on both client and server, displaying a clear,
actionable error with guidance to use supported access methods. Valid
usage is unaffected; no API changes.
* **Tests**
* Introduced end-to-end tests verifying the new error message and
behavior across sign-up, sign-in, and current user retrieval on client
and server.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
