mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-21 21:09:49 +08:00
b874da4a1b
The session-ownership guard recomputed the key from the session's existing
refresh token, so refresh-backed sessions accepted any access token. Validate
the incoming token pair against this.sessionKey instead, so a foreign token
can't be installed into either an access-only or a refresh-backed session.
Also route the sign-in current-user prefetch through runAsynchronously instead
of swallowing failures with .catch(() => {}), per the project's async-error
handling guideline.
|
||
|---|---|---|
| .. | ||
| scripts | ||
| src | ||
| .env | ||
| .eslintrc.cjs | ||
| .gitignore | ||
| components.json | ||
| LICENSE | ||
| next-env.d.ts | ||
| package-template.json | ||
| package.json | ||
| postcss.config.js | ||
| quetzal.config.json | ||
| README.md | ||
| tailwind.config.js | ||
| tsconfig.json | ||
| tsdown.config.ts | ||
| vitest.config.ts | ||
This package has been renamed.
Stack Auth is now Hexclave! The new packages are:
- @hexclave/next
- @hexclave/react
- @hexclave/js
- @hexclave/cli
See the migration guide for more information.