RubyGems - better_auth - Versions diffs - 0.1.1 → 0.3.0 - Mend

better_auth 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +23 -0
data/README.md +110 -18
data/lib/better_auth/adapters/base.rb +49 -0
data/lib/better_auth/adapters/internal_adapter.rb +589 -0
data/lib/better_auth/adapters/memory.rb +235 -0
data/lib/better_auth/adapters/mongodb.rb +9 -0
data/lib/better_auth/adapters/mssql.rb +42 -0
data/lib/better_auth/adapters/mysql.rb +33 -0
data/lib/better_auth/adapters/postgres.rb +17 -0
data/lib/better_auth/adapters/sql.rb +441 -0
data/lib/better_auth/adapters/sqlite.rb +20 -0
data/lib/better_auth/api.rb +226 -0
data/lib/better_auth/api_error.rb +53 -0
data/lib/better_auth/auth.rb +42 -0
data/lib/better_auth/configuration.rb +399 -0
data/lib/better_auth/context.rb +211 -0
data/lib/better_auth/cookies.rb +278 -0
data/lib/better_auth/core.rb +37 -1
data/lib/better_auth/crypto/jwe.rb +76 -0
data/lib/better_auth/crypto.rb +191 -0
data/lib/better_auth/database_hooks.rb +114 -0
data/lib/better_auth/endpoint.rb +326 -0
data/lib/better_auth/error.rb +52 -0
data/lib/better_auth/middleware/origin_check.rb +128 -0
data/lib/better_auth/password.rb +120 -0
data/lib/better_auth/plugin.rb +142 -0
data/lib/better_auth/plugin_context.rb +16 -0
data/lib/better_auth/plugin_registry.rb +67 -0
data/lib/better_auth/plugins/access.rb +87 -0
data/lib/better_auth/plugins/additional_fields.rb +29 -0
data/lib/better_auth/plugins/admin/schema.rb +28 -0
data/lib/better_auth/plugins/admin.rb +518 -0
data/lib/better_auth/plugins/anonymous.rb +198 -0
data/lib/better_auth/plugins/api_key.rb +16 -0
data/lib/better_auth/plugins/bearer.rb +128 -0
data/lib/better_auth/plugins/captcha.rb +159 -0
data/lib/better_auth/plugins/custom_session.rb +84 -0
data/lib/better_auth/plugins/device_authorization.rb +302 -0
data/lib/better_auth/plugins/email_otp.rb +536 -0
data/lib/better_auth/plugins/expo.rb +88 -0
data/lib/better_auth/plugins/generic_oauth.rb +780 -0
data/lib/better_auth/plugins/have_i_been_pwned.rb +94 -0
data/lib/better_auth/plugins/jwt.rb +482 -0
data/lib/better_auth/plugins/last_login_method.rb +92 -0
data/lib/better_auth/plugins/magic_link.rb +181 -0
data/lib/better_auth/plugins/mcp.rb +342 -0
data/lib/better_auth/plugins/multi_session.rb +173 -0
data/lib/better_auth/plugins/oauth_protocol.rb +694 -0
data/lib/better_auth/plugins/oauth_provider.rb +16 -0
data/lib/better_auth/plugins/oauth_proxy.rb +257 -0
data/lib/better_auth/plugins/oidc_provider.rb +597 -0
data/lib/better_auth/plugins/one_tap.rb +154 -0
data/lib/better_auth/plugins/one_time_token.rb +106 -0
data/lib/better_auth/plugins/open_api.rb +489 -0
data/lib/better_auth/plugins/organization/schema.rb +106 -0
data/lib/better_auth/plugins/organization.rb +995 -0
data/lib/better_auth/plugins/passkey.rb +16 -0
data/lib/better_auth/plugins/phone_number.rb +321 -0
data/lib/better_auth/plugins/scim.rb +16 -0
data/lib/better_auth/plugins/siwe.rb +242 -0
data/lib/better_auth/plugins/sso.rb +16 -0
data/lib/better_auth/plugins/stripe.rb +16 -0
data/lib/better_auth/plugins/two_factor.rb +514 -0
data/lib/better_auth/plugins/username.rb +278 -0
data/lib/better_auth/plugins.rb +46 -0
data/lib/better_auth/rate_limiter.rb +232 -0
data/lib/better_auth/request_ip.rb +70 -0
data/lib/better_auth/router.rb +378 -0
data/lib/better_auth/routes/account.rb +211 -0
data/lib/better_auth/routes/email_verification.rb +111 -0
data/lib/better_auth/routes/error.rb +102 -0
data/lib/better_auth/routes/ok.rb +15 -0
data/lib/better_auth/routes/password.rb +183 -0
data/lib/better_auth/routes/session.rb +160 -0
data/lib/better_auth/routes/sign_in.rb +90 -0
data/lib/better_auth/routes/sign_out.rb +15 -0
data/lib/better_auth/routes/sign_up.rb +196 -0
data/lib/better_auth/routes/social.rb +367 -0
data/lib/better_auth/routes/user.rb +205 -0
data/lib/better_auth/schema/sql.rb +202 -0
data/lib/better_auth/schema.rb +291 -0
data/lib/better_auth/session.rb +122 -0
data/lib/better_auth/session_store.rb +91 -0
data/lib/better_auth/social_providers/apple.rb +91 -0
data/lib/better_auth/social_providers/atlassian.rb +32 -0
data/lib/better_auth/social_providers/base.rb +325 -0
data/lib/better_auth/social_providers/cognito.rb +32 -0
data/lib/better_auth/social_providers/discord.rb +81 -0
data/lib/better_auth/social_providers/dropbox.rb +33 -0
data/lib/better_auth/social_providers/facebook.rb +35 -0
data/lib/better_auth/social_providers/figma.rb +31 -0
data/lib/better_auth/social_providers/github.rb +74 -0
data/lib/better_auth/social_providers/gitlab.rb +67 -0
data/lib/better_auth/social_providers/google.rb +90 -0
data/lib/better_auth/social_providers/huggingface.rb +31 -0
data/lib/better_auth/social_providers/kakao.rb +32 -0
data/lib/better_auth/social_providers/kick.rb +32 -0
data/lib/better_auth/social_providers/line.rb +33 -0
data/lib/better_auth/social_providers/linear.rb +44 -0
data/lib/better_auth/social_providers/linkedin.rb +30 -0
data/lib/better_auth/social_providers/microsoft_entra_id.rb +137 -0
data/lib/better_auth/social_providers/naver.rb +31 -0
data/lib/better_auth/social_providers/notion.rb +33 -0
data/lib/better_auth/social_providers/paybin.rb +31 -0
data/lib/better_auth/social_providers/paypal.rb +36 -0
data/lib/better_auth/social_providers/polar.rb +31 -0
data/lib/better_auth/social_providers/railway.rb +49 -0
data/lib/better_auth/social_providers/reddit.rb +32 -0
data/lib/better_auth/social_providers/roblox.rb +31 -0
data/lib/better_auth/social_providers/salesforce.rb +38 -0
data/lib/better_auth/social_providers/slack.rb +30 -0
data/lib/better_auth/social_providers/spotify.rb +31 -0
data/lib/better_auth/social_providers/tiktok.rb +35 -0
data/lib/better_auth/social_providers/twitch.rb +39 -0
data/lib/better_auth/social_providers/twitter.rb +32 -0
data/lib/better_auth/social_providers/vercel.rb +47 -0
data/lib/better_auth/social_providers/vk.rb +34 -0
data/lib/better_auth/social_providers/wechat.rb +104 -0
data/lib/better_auth/social_providers/zoom.rb +31 -0
data/lib/better_auth/social_providers.rb +38 -0
data/lib/better_auth/version.rb +1 -1
data/lib/better_auth.rb +86 -2
metadata +233 -21
data/.ruby-version +0 -1
data/.standard.yml +0 -12
data/.vscode/settings.json +0 -22
data/AGENTS.md +0 -50
data/CLAUDE.md +0 -1
data/CODE_OF_CONDUCT.md +0 -173
data/CONTRIBUTING.md +0 -187
data/Gemfile +0 -12
data/Makefile +0 -207
data/Rakefile +0 -25
data/SECURITY.md +0 -28
data/docker-compose.yml +0 -63

data/lib/better_auth/plugins/passkey.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Plugins
+    module_function
+    def passkey(*args)
+      Kernel.require "better_auth/passkey"
+      BetterAuth::Plugins.passkey(*args)
+    rescue LoadError => error
+      raise if error.path && error.path != "better_auth/passkey"
+      raise LoadError, "BetterAuth::Plugins.passkey requires the better_auth-passkey gem. Add `gem \"better_auth-passkey\"` and `require \"better_auth/passkey\"`."
+    end
+  end
+end

data/lib/better_auth/plugins/phone_number.rb ADDED Viewed

@@ -0,0 +1,321 @@
+# frozen_string_literal: true
+require "securerandom"
+module BetterAuth
+  module Plugins
+    PHONE_NUMBER_ERROR_CODES = {
+      "INVALID_PHONE_NUMBER" => "Invalid phone number",
+      "PHONE_NUMBER_EXIST" => "Phone number already exists",
+      "PHONE_NUMBER_NOT_EXIST" => "phone number isn't registered",
+      "INVALID_PHONE_NUMBER_OR_PASSWORD" => "Invalid phone number or password",
+      "UNEXPECTED_ERROR" => "Unexpected error",
+      "OTP_NOT_FOUND" => "OTP not found",
+      "OTP_EXPIRED" => "OTP expired",
+      "INVALID_OTP" => "Invalid OTP",
+      "PHONE_NUMBER_NOT_VERIFIED" => "Phone number not verified",
+      "PHONE_NUMBER_CANNOT_BE_UPDATED" => "Phone number cannot be updated",
+      "SEND_OTP_NOT_IMPLEMENTED" => "sendOTP not implemented",
+      "TOO_MANY_ATTEMPTS" => "Too many attempts"
+    }.freeze
+    module_function
+    def phone_number(options = {})
+      config = {
+        expires_in: 300,
+        otp_length: 6,
+        allowed_attempts: 3,
+        phone_number: "phoneNumber",
+        phone_number_verified: "phoneNumberVerified"
+      }.merge(normalize_hash(options))
+      Plugin.new(
+        id: "phone-number",
+        hooks: {
+          before: [
+            {
+              matcher: ->(ctx) { ctx.path == "/sign-up/email" && normalize_hash(ctx.body).key?(:phone_number) },
+              handler: ->(ctx) { validate_unique_phone_number!(ctx, normalize_hash(ctx.body)[:phone_number]) }
+            },
+            {
+              matcher: ->(ctx) { ctx.path == "/update-user" && normalize_hash(ctx.body).key?(:phone_number) },
+              handler: ->(_ctx) { raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["PHONE_NUMBER_CANNOT_BE_UPDATED"]) }
+            }
+          ]
+        },
+        endpoints: {
+          sign_in_phone_number: sign_in_phone_number_endpoint(config),
+          send_phone_number_otp: send_phone_number_otp_endpoint(config),
+          verify_phone_number: verify_phone_number_endpoint(config),
+          request_password_reset_phone_number: request_password_reset_phone_number_endpoint(config),
+          reset_password_phone_number: reset_password_phone_number_endpoint(config)
+        },
+        schema: phone_number_schema(config[:schema]),
+        rate_limit: [
+          {
+            path_matcher: ->(path) { path.start_with?("/phone-number") },
+            window: 60_000,
+            max: 10
+          }
+        ],
+        error_codes: PHONE_NUMBER_ERROR_CODES,
+        options: config
+      )
+    end
+    def sign_in_phone_number_endpoint(config)
+      Endpoint.new(path: "/sign-in/phone-number", method: "POST") do |ctx|
+        body = normalize_hash(ctx.body)
+        phone_number = body[:phone_number].to_s
+        password = body[:password].to_s
+        validate_phone_number!(config, phone_number)
+        found = ctx.context.adapter.find_one(model: "user", where: [{field: "phoneNumber", value: phone_number}])
+        unless found
+          Routes.hash_password(ctx, password)
+          raise APIError.new("UNAUTHORIZED", message: PHONE_NUMBER_ERROR_CODES["INVALID_PHONE_NUMBER_OR_PASSWORD"])
+        end
+        if config[:require_verification] && !found["phoneNumberVerified"]
+          code = phone_number_generate_code(config)
+          phone_number_store_code(ctx, config, phone_number, code)
+          phone_number_deliver_otp(config, {phone_number: phone_number, code: code}, ctx)
+          raise APIError.new("UNAUTHORIZED", message: PHONE_NUMBER_ERROR_CODES["PHONE_NUMBER_NOT_VERIFIED"])
+        end
+        credential = ctx.context.internal_adapter.find_accounts(found["id"]).find { |entry| entry["providerId"] == "credential" }
+        current_password = credential && credential["password"]
+        unless current_password && Routes.verify_password_value(ctx, password, current_password)
+          Routes.hash_password(ctx, password) unless current_password
+          raise APIError.new("UNAUTHORIZED", message: PHONE_NUMBER_ERROR_CODES["INVALID_PHONE_NUMBER_OR_PASSWORD"])
+        end
+        dont_remember_me = body.key?(:remember_me) && (body[:remember_me] == false || body[:remember_me].to_s == "false")
+        session = ctx.context.internal_adapter.create_session(found["id"], dont_remember_me)
+        raise APIError.new("UNAUTHORIZED", message: BASE_ERROR_CODES["FAILED_TO_CREATE_SESSION"]) unless session
+        Cookies.set_session_cookie(ctx, {session: session, user: found}, dont_remember_me)
+        ctx.json({token: session["token"], user: Schema.parse_output(ctx.context.options, "user", found)})
+      end
+    end
+    def send_phone_number_otp_endpoint(config)
+      Endpoint.new(path: "/phone-number/send-otp", method: "POST") do |ctx|
+        sender = config[:send_otp]
+        unless sender.respond_to?(:call)
+          raise APIError.new("NOT_IMPLEMENTED", message: PHONE_NUMBER_ERROR_CODES["SEND_OTP_NOT_IMPLEMENTED"])
+        end
+        body = normalize_hash(ctx.body)
+        phone_number = body[:phone_number].to_s
+        validate_phone_number!(config, phone_number)
+        code = phone_number_generate_code(config)
+        phone_number_store_code(ctx, config, phone_number, code)
+        phone_number_deliver_otp(config, {phone_number: phone_number, code: code}, ctx)
+        ctx.json({message: "code sent"})
+      end
+    end
+    def verify_phone_number_endpoint(config)
+      Endpoint.new(path: "/phone-number/verify", method: "POST") do |ctx|
+        body = normalize_hash(ctx.body)
+        phone_number = body[:phone_number].to_s
+        code = body[:code].to_s
+        phone_number_verify_code!(ctx, config, phone_number, code)
+        if truthy?(body[:update_phone_number])
+          session = Routes.current_session(ctx)
+          existing = ctx.context.adapter.find_many(model: "user", where: [{field: "phoneNumber", value: phone_number}])
+          unless existing.empty?
+            raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["PHONE_NUMBER_EXIST"])
+          end
+          updated = ctx.context.internal_adapter.update_user(
+            session[:user]["id"],
+            phoneNumber: phone_number,
+            phoneNumberVerified: true
+          )
+          next ctx.json({status: true, token: session[:session]["token"], user: Schema.parse_output(ctx.context.options, "user", updated)})
+        end
+        user = ctx.context.adapter.find_one(model: "user", where: [{field: "phoneNumber", value: phone_number}])
+        user = if user
+          ctx.context.internal_adapter.update_user(user["id"], phoneNumberVerified: true)
+        elsif config[:sign_up_on_verification]
+          phone_number_create_user(ctx, config, body, phone_number)
+        end
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: BASE_ERROR_CODES["FAILED_TO_UPDATE_USER"]) unless user
+        callback = config[:callback_on_verification]
+        callback.call({phone_number: phone_number, user: user}, ctx) if callback.respond_to?(:call)
+        if truthy?(body[:disable_session])
+          next ctx.json({status: true, token: nil, user: Schema.parse_output(ctx.context.options, "user", user)})
+        end
+        session = ctx.context.internal_adapter.create_session(user["id"])
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: BASE_ERROR_CODES["FAILED_TO_CREATE_SESSION"]) unless session
+        Cookies.set_session_cookie(ctx, {session: session, user: user})
+        ctx.json({status: true, token: session["token"], user: Schema.parse_output(ctx.context.options, "user", user)})
+      end
+    end
+    def request_password_reset_phone_number_endpoint(config)
+      Endpoint.new(path: "/phone-number/request-password-reset", method: "POST") do |ctx|
+        body = normalize_hash(ctx.body)
+        phone_number = body[:phone_number].to_s
+        user = ctx.context.adapter.find_one(model: "user", where: [{field: "phoneNumber", value: phone_number}])
+        code = phone_number_generate_code(config)
+        phone_number_store_code(ctx, config, "#{phone_number}-request-password-reset", code)
+        if user && config[:send_password_reset_otp].respond_to?(:call)
+          config[:send_password_reset_otp].call({phone_number: phone_number, code: code}, ctx)
+        end
+        ctx.json({status: true})
+      end
+    end
+    def reset_password_phone_number_endpoint(config)
+      Endpoint.new(path: "/phone-number/reset-password", method: "POST") do |ctx|
+        body = normalize_hash(ctx.body)
+        phone_number = body[:phone_number].to_s
+        otp = body[:otp].to_s
+        new_password = body[:new_password]
+        verification = phone_number_verify_code!(ctx, config, "#{phone_number}-request-password-reset", otp, consume: false)
+        user = ctx.context.adapter.find_one(model: "user", where: [{field: "phoneNumber", value: phone_number}])
+        raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["UNEXPECTED_ERROR"]) unless user
+        Routes.validate_password_length!(new_password, ctx.context.options.email_and_password)
+        ctx.context.internal_adapter.update_password(user["id"], Routes.hash_password(ctx, new_password))
+        ctx.context.internal_adapter.delete_verification_value(verification["id"])
+        ctx.context.internal_adapter.delete_sessions(user["id"]) if ctx.context.options.email_and_password[:revoke_sessions_on_password_reset]
+        ctx.json({status: true})
+      end
+    end
+    def phone_number_schema(custom_schema)
+      base = {
+        user: {
+          fields: {
+            phoneNumber: {type: "string", required: false, unique: true, sortable: true, returned: true},
+            phoneNumberVerified: {type: "boolean", required: false, returned: true, input: false}
+          }
+        }
+      }
+      deep_merge_hashes(base, normalize_hash(custom_schema || {}))
+    end
+    def phone_number_create_user(ctx, config, body, phone_number)
+      sign_up = config[:sign_up_on_verification]
+      email_callback = sign_up[:get_temp_email]
+      name_callback = sign_up[:get_temp_name]
+      email = email_callback.respond_to?(:call) ? email_callback.call(phone_number) : "temp-#{phone_number}"
+      name = name_callback.respond_to?(:call) ? name_callback.call(phone_number) : phone_number
+      reserved = %i[phone_number code disable_session update_phone_number]
+      additional = body.reject { |key, _value| reserved.include?(key.to_sym) }
+      ctx.context.internal_adapter.create_user(
+        additional.merge(
+          "email" => email,
+          "name" => name,
+          "phoneNumber" => phone_number,
+          "phoneNumberVerified" => true,
+          "emailVerified" => false
+        )
+      )
+    end
+    def phone_number_verify_code!(ctx, config, identifier, code, consume: true)
+      verifier = config[:verify_otp]
+      if verifier.respond_to?(:call)
+        valid = verifier.call({phone_number: identifier.delete_suffix("-request-password-reset"), code: code}, ctx)
+        raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["INVALID_OTP"]) unless valid
+        verification = ctx.context.internal_adapter.find_verification_value(identifier)
+        ctx.context.internal_adapter.delete_verification_value(verification["id"]) if consume && verification
+        return verification || true
+      end
+      verification = ctx.context.internal_adapter.find_verification_value(identifier)
+      raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["OTP_NOT_FOUND"]) unless verification
+      if Routes.expired_time?(verification["expiresAt"])
+        raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["OTP_EXPIRED"])
+      end
+      stored_code, attempts = phone_number_split_code(verification["value"])
+      attempts_count = attempts.to_i
+      if attempts_count >= config[:allowed_attempts].to_i
+        ctx.context.internal_adapter.delete_verification_value(verification["id"])
+        raise APIError.new("FORBIDDEN", message: PHONE_NUMBER_ERROR_CODES["TOO_MANY_ATTEMPTS"])
+      end
+      unless stored_code == code
+        ctx.context.internal_adapter.update_verification_value(verification["id"], value: "#{stored_code}:#{attempts_count + 1}")
+        raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["INVALID_OTP"])
+      end
+      ctx.context.internal_adapter.delete_verification_value(verification["id"]) if consume
+      verification
+    end
+    def phone_number_store_code(ctx, config, identifier, code)
+      ctx.context.internal_adapter.delete_verification_by_identifier(identifier)
+      ctx.context.internal_adapter.create_verification_value(
+        identifier: identifier,
+        value: "#{code}:0",
+        expiresAt: Time.now + config[:expires_in].to_i
+      )
+    end
+    def phone_number_deliver_otp(config, data, ctx)
+      sender = config[:send_otp]
+      sender.call(data, ctx) if sender.respond_to?(:call)
+    end
+    def validate_unique_phone_number!(ctx, phone_number)
+      return if phone_number.to_s.empty?
+      existing = ctx.context.adapter.find_one(model: "user", where: [{field: "phoneNumber", value: phone_number.to_s}])
+      raise APIError.new("UNPROCESSABLE_ENTITY", message: PHONE_NUMBER_ERROR_CODES["PHONE_NUMBER_EXIST"]) if existing
+    end
+    def validate_phone_number!(config, phone_number)
+      validator = config[:phone_number_validator]
+      return unless validator.respond_to?(:call)
+      return if validator.call(phone_number)
+      raise APIError.new("BAD_REQUEST", message: PHONE_NUMBER_ERROR_CODES["INVALID_PHONE_NUMBER"])
+    end
+    def phone_number_generate_code(config)
+      Array.new(config[:otp_length].to_i) { SecureRandom.random_number(10).to_s }.join
+    end
+    def phone_number_split_code(value)
+      string = value.to_s
+      index = string.rindex(":")
+      return [string, ""] unless index
+      [string[0...index], string[(index + 1)..]]
+    end
+    def truthy?(value)
+      value == true || value.to_s == "true"
+    end
+    def deep_merge_hashes(base, override)
+      base.merge(override) do |_key, old_value, new_value|
+        if old_value.is_a?(Hash) && new_value.is_a?(Hash)
+          deep_merge_hashes(old_value, new_value)
+        else
+          new_value
+        end
+      end
+    end
+  end
+end

data/lib/better_auth/plugins/scim.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Plugins
+    module_function
+    def scim(*args)
+      Kernel.require "better_auth/scim"
+      BetterAuth::Plugins.scim(*args)
+    rescue LoadError => error
+      raise if error.path && error.path != "better_auth/scim"
+      raise LoadError, "BetterAuth::Plugins.scim requires the better_auth-scim gem. Add `gem \"better_auth-scim\"` and `require \"better_auth/scim\"`."
+    end
+  end
+end

data/lib/better_auth/plugins/siwe.rb ADDED Viewed

@@ -0,0 +1,242 @@
+# frozen_string_literal: true
+require "uri"
+module BetterAuth
+  module Plugins
+    module_function
+    SIWE_WALLET_PATTERN = /\A0[xX][a-fA-F0-9]{40}\z/
+    SIWE_EMAIL_PATTERN = /\A[^@\s]+@[^@\s]+\.[^@\s]+\z/
+    def siwe(options = {})
+      config = normalize_hash(options)
+      Plugin.new(
+        id: "siwe",
+        schema: siwe_schema(config[:schema]),
+        endpoints: {
+          get_siwe_nonce: get_siwe_nonce_endpoint(config),
+          verify_siwe_message: verify_siwe_message_endpoint(config)
+        },
+        options: config
+      )
+    end
+    def get_siwe_nonce_endpoint(config)
+      Endpoint.new(path: "/siwe/nonce", method: "POST", body_schema: ->(body) { siwe_nonce_body(body) }) do |ctx|
+        body = normalize_hash(ctx.body)
+        wallet_address = siwe_normalize_wallet!(body[:wallet_address])
+        chain_id = siwe_chain_id(body[:chain_id])
+        nonce_callback = config[:get_nonce]
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: "SIWE nonce callback is required") unless nonce_callback.respond_to?(:call)
+        nonce = nonce_callback.call.to_s
+        ctx.context.internal_adapter.create_verification_value(
+          identifier: siwe_identifier(wallet_address, chain_id),
+          value: nonce,
+          expiresAt: Time.now + (15 * 60)
+        )
+        ctx.json({nonce: nonce})
+      end
+    end
+    def verify_siwe_message_endpoint(config)
+      Endpoint.new(path: "/siwe/verify", method: "POST", body_schema: ->(body) { siwe_verify_body(body, config) }) do |ctx|
+        body = normalize_hash(ctx.body)
+        wallet_address = siwe_normalize_wallet!(body[:wallet_address])
+        chain_id = siwe_chain_id(body[:chain_id])
+        email = body[:email].to_s
+        anonymous = config.key?(:anonymous) ? config[:anonymous] : true
+        raise APIError.new("BAD_REQUEST", message: "Email is required when anonymous is disabled.") if anonymous == false && email.empty?
+        raise APIError.new("BAD_REQUEST", message: "Invalid email address") if !email.empty? && !SIWE_EMAIL_PATTERN.match?(email)
+        verification = ctx.context.internal_adapter.find_verification_value(siwe_identifier(wallet_address, chain_id))
+        if !verification || siwe_expired_time?(verification["expiresAt"])
+          raise APIError.new("UNAUTHORIZED_INVALID_OR_EXPIRED_NONCE", message: "Unauthorized: Invalid or expired nonce")
+        end
+        verified = siwe_verify_message(config, body, wallet_address, chain_id, verification["value"], ctx)
+        raise APIError.new("UNAUTHORIZED", message: "Unauthorized: Invalid SIWE signature") unless verified
+        ctx.context.internal_adapter.delete_verification_value(verification["id"])
+        user = siwe_find_user(ctx, wallet_address, chain_id)
+        user ||= siwe_create_user(ctx, config, wallet_address, chain_id, email, anonymous)
+        siwe_ensure_wallet_and_account(ctx, user, wallet_address, chain_id)
+        session = ctx.context.internal_adapter.create_session(user["id"])
+        session_data = {session: session, user: user}
+        Cookies.set_session_cookie(ctx, session_data)
+        ctx.json({
+          token: session["token"],
+          success: true,
+          user: {
+            id: user["id"],
+            walletAddress: wallet_address,
+            chainId: chain_id
+          }
+        })
+      rescue APIError
+        raise
+      rescue
+        raise APIError.new("UNAUTHORIZED", message: "Something went wrong. Please try again later.")
+      end
+    end
+    def siwe_schema(custom_schema = nil)
+      base = {
+        "walletAddress" => {
+          fields: {
+            userId: {type: "string", references: {model: "user", field: "id"}, required: true, index: true},
+            address: {type: "string", required: true},
+            chainId: {type: "number", required: true},
+            isPrimary: {type: "boolean", default_value: false},
+            createdAt: {type: "date", required: true}
+          }
+        }
+      }
+      return base unless custom_schema.is_a?(Hash)
+      normalize_hash(custom_schema).each_with_object(base) do |(raw_model, table), result|
+        model = Schema.storage_key(raw_model)
+        current = result[model] || {}
+        custom_table = normalize_hash(table)
+        fields = siwe_merge_schema_fields(current[:fields] || current["fields"] || {}, custom_table.delete(:fields) || {})
+        result[model] = current.merge(custom_table).merge(fields: fields)
+      end
+    end
+    def siwe_merge_schema_fields(base_fields, custom_fields)
+      fields = base_fields.each_with_object({}) do |(raw_field, attributes), result|
+        result[Schema.storage_key(raw_field)] = normalize_hash(attributes)
+      end
+      normalize_hash(custom_fields).each do |raw_field, value|
+        field = Schema.storage_key(raw_field)
+        custom_attributes = (value.is_a?(String) || value.is_a?(Symbol)) ? {field_name: value.to_s} : normalize_hash(value)
+        fields[field] = (fields[field] || {}).merge(custom_attributes)
+      end
+      fields
+    end
+    def siwe_nonce_body(body)
+      data = normalize_hash(body)
+      siwe_normalize_wallet!(data[:wallet_address])
+      data[:chain_id] = siwe_chain_id(data[:chain_id])
+      data
+    end
+    def siwe_verify_body(body, config)
+      data = normalize_hash(body)
+      raise APIError.new("BAD_REQUEST", message: "message is required") if data[:message].to_s.empty?
+      raise APIError.new("BAD_REQUEST", message: "signature is required") if data[:signature].to_s.empty?
+      siwe_normalize_wallet!(data[:wallet_address])
+      data[:chain_id] = siwe_chain_id(data[:chain_id])
+      anonymous = config.key?(:anonymous) ? config[:anonymous] : true
+      email = data[:email].to_s
+      raise APIError.new("BAD_REQUEST", message: "Email is required when anonymous is disabled.") if anonymous == false && email.empty?
+      raise APIError.new("BAD_REQUEST", message: "Invalid email address") if !email.empty? && !SIWE_EMAIL_PATTERN.match?(email)
+      data
+    end
+    def siwe_normalize_wallet!(value)
+      wallet = value.to_s
+      raise APIError.new("BAD_REQUEST", message: "Invalid walletAddress") unless SIWE_WALLET_PATTERN.match?(wallet)
+      Crypto.to_checksum_address(wallet)
+    end
+    def siwe_chain_id(value)
+      chain_id = (value.nil? || value.to_s.empty?) ? 1 : value.to_i
+      raise APIError.new("BAD_REQUEST", message: "Invalid chainId") unless chain_id.positive? && chain_id <= 2_147_483_647
+      chain_id
+    end
+    def siwe_identifier(wallet_address, chain_id)
+      "siwe:#{wallet_address}:#{chain_id}"
+    end
+    def siwe_verify_message(config, body, wallet_address, chain_id, nonce, ctx)
+      verifier = config[:verify_message]
+      raise APIError.new("INTERNAL_SERVER_ERROR", message: "SIWE verify_message callback is required") unless verifier.respond_to?(:call)
+      verifier.call(
+        message: body[:message].to_s,
+        signature: body[:signature].to_s,
+        address: wallet_address,
+        chain_id: chain_id,
+        cacao: {
+          h: {t: "caip122"},
+          p: {
+            domain: config[:domain],
+            aud: config[:domain],
+            nonce: nonce,
+            iss: config[:domain],
+            version: "1"
+          },
+          s: {t: "eip191", s: body[:signature].to_s}
+        }
+      )
+    end
+    def siwe_find_user(ctx, wallet_address, chain_id)
+      existing = ctx.context.adapter.find_one(
+        model: "walletAddress",
+        where: [
+          {field: "address", value: wallet_address},
+          {field: "chainId", value: chain_id}
+        ]
+      )
+      existing ||= ctx.context.adapter.find_one(model: "walletAddress", where: [{field: "address", value: wallet_address}])
+      existing && ctx.context.internal_adapter.find_user_by_id(existing["userId"])
+    end
+    def siwe_create_user(ctx, config, wallet_address, _chain_id, email, anonymous)
+      domain = config[:email_domain_name] || URI.parse(ctx.context.base_url).host || ctx.context.base_url
+      lookup = config[:ens_lookup]
+      ens = lookup.respond_to?(:call) ? normalize_hash(lookup.call(wallet_address: wallet_address) || {}) : {}
+      ctx.context.internal_adapter.create_user(
+        name: ens[:name] || wallet_address,
+        email: (anonymous == false && !email.empty?) ? email : "#{wallet_address}@#{domain}",
+        image: ens[:avatar] || ""
+      )
+    end
+    def siwe_ensure_wallet_and_account(ctx, user, wallet_address, chain_id)
+      exact = ctx.context.adapter.find_one(
+        model: "walletAddress",
+        where: [
+          {field: "address", value: wallet_address},
+          {field: "chainId", value: chain_id}
+        ]
+      )
+      return if exact
+      any_wallet = ctx.context.adapter.find_one(model: "walletAddress", where: [{field: "address", value: wallet_address}])
+      ctx.context.adapter.create(
+        model: "walletAddress",
+        data: {
+          userId: user["id"],
+          address: wallet_address,
+          chainId: chain_id,
+          isPrimary: any_wallet.nil?,
+          createdAt: Time.now
+        }
+      )
+      ctx.context.internal_adapter.create_account(
+        userId: user["id"],
+        providerId: "siwe",
+        accountId: "#{wallet_address}:#{chain_id}"
+      )
+    end
+    def siwe_expired_time?(value)
+      value && value < Time.now
+    end
+  end
+end

data/lib/better_auth/plugins/sso.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Plugins
+    module_function
+    def sso(*args)
+      Kernel.require "better_auth/sso"
+      BetterAuth::Plugins.sso(*args)
+    rescue LoadError => error
+      raise if error.path && error.path != "better_auth/sso"
+      raise LoadError, "BetterAuth::Plugins.sso requires the better_auth-sso gem. Add `gem \"better_auth-sso\"` and `require \"better_auth/sso\"`."
+    end
+  end
+end

data/lib/better_auth/plugins/stripe.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Plugins
+    module_function
+    def stripe(*args)
+      Kernel.require "better_auth/stripe"
+      BetterAuth::Plugins.stripe(*args)
+    rescue LoadError => error
+      raise if error.path && error.path != "better_auth/stripe"
+      raise LoadError, "BetterAuth::Plugins.stripe requires the better_auth-stripe gem. Add `gem \"better_auth-stripe\"` and `require \"better_auth/stripe\"`."
+    end
+  end
+end