better_auth 0.1.1 → 0.3.0

data/lib/better_auth/social_providers/reddit.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def reddit(client_id:, client_secret:, scopes: ["identity"], **options)
+      Base.oauth_provider(
+        id: "reddit",
+        name: "Reddit",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://www.reddit.com/api/v1/authorize",
+        token_endpoint: "https://www.reddit.com/api/v1/access_token",
+        user_info_endpoint: "https://oauth.reddit.com/api/v1/me",
+        user_info_headers: {"User-Agent" => "better-auth"},
+        scopes: scopes,
+        auth_params: ->(_data, opts) { {duration: opts[:duration]} },
+        profile_map: ->(profile) {
+          {
+            id: profile["id"],
+            name: profile["name"],
+            email: profile["oauth_client_id"],
+            image: profile["icon_img"].to_s.split("?").first,
+            emailVerified: !!profile["has_verified_email"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/roblox.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def roblox(client_id:, client_secret:, scopes: ["openid", "profile"], **options)
+      Base.oauth_provider(
+        id: "roblox",
+        name: "Roblox",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://apis.roblox.com/oauth/v1/authorize",
+        token_endpoint: "https://apis.roblox.com/oauth/v1/token",
+        user_info_endpoint: "https://apis.roblox.com/oauth/v1/userinfo",
+        scopes: scopes,
+        auth_params: ->(_data, opts) { {prompt: opts[:prompt] || "select_account consent"} },
+        profile_map: ->(profile) {
+          {
+            id: profile["sub"],
+            name: profile["nickname"] || profile["preferred_username"] || "",
+            email: profile["preferred_username"],
+            image: profile["picture"],
+            emailVerified: false
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/salesforce.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def salesforce(client_id:, client_secret:, scopes: ["openid", "email", "profile"], **options)
+      host = if options[:loginUrl] || options[:login_url]
+        "https://#{options[:loginUrl] || options[:login_url]}"
+      elsif options[:environment].to_s == "sandbox"
+        "https://test.salesforce.com"
+      else
+        "https://login.salesforce.com"
+      end
+      Base.oauth_provider(
+        id: "salesforce",
+        name: "Salesforce",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "#{host}/services/oauth2/authorize",
+        token_endpoint: "#{host}/services/oauth2/token",
+        user_info_endpoint: "#{host}/services/oauth2/userinfo",
+        scopes: scopes,
+        pkce: true,
+        profile_map: ->(profile) {
+          {
+            id: profile["user_id"],
+            name: profile["name"],
+            email: profile["email"],
+            image: profile.dig("photos", "picture") || profile.dig("photos", "thumbnail"),
+            emailVerified: !!profile["email_verified"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/slack.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def slack(client_id:, client_secret:, scopes: ["openid", "profile", "email"], **options)
+      Base.oauth_provider(
+        id: "slack",
+        name: "Slack",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://slack.com/openid/connect/authorize",
+        token_endpoint: "https://slack.com/api/openid.connect.token",
+        user_info_endpoint: "https://slack.com/api/openid.connect.userInfo",
+        scopes: scopes,
+        profile_map: ->(profile) {
+          {
+            id: profile["https://slack.com/user_id"] || profile["sub"],
+            name: profile["name"] || "",
+            email: profile["email"],
+            image: profile["picture"] || profile["https://slack.com/user_image_512"],
+            emailVerified: !!profile["email_verified"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/spotify.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def spotify(client_id:, client_secret:, scopes: ["user-read-email"], **options)
+      Base.oauth_provider(
+        id: "spotify",
+        name: "Spotify",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://accounts.spotify.com/authorize",
+        token_endpoint: "https://accounts.spotify.com/api/token",
+        user_info_endpoint: "https://api.spotify.com/v1/me",
+        scopes: scopes,
+        pkce: true,
+        profile_map: ->(profile) {
+          {
+            id: profile["id"],
+            name: profile["display_name"],
+            email: profile["email"],
+            image: Array(profile["images"]).first&.fetch("url", nil),
+            emailVerified: false
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/tiktok.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def tiktok(client_id:, client_secret:, scopes: ["user.info.profile"], **options)
+      client_key = options[:client_key] || options[:clientKey] || client_id
+      Base.oauth_provider(
+        id: "tiktok",
+        name: "TikTok",
+        client_id: client_key,
+        client_secret: client_secret,
+        authorization_endpoint: "https://www.tiktok.com/v2/auth/authorize",
+        token_endpoint: "https://open.tiktokapis.com/v2/oauth/token/",
+        user_info_endpoint: "https://open.tiktokapis.com/v2/user/info/?fields=open_id,avatar_large_url,display_name,username",
+        scopes: scopes,
+        scope_separator: ",",
+        auth_params: {client_key: client_key},
+        token_params: {client_key: client_key},
+        profile_map: ->(profile) {
+          user = profile.dig("data", "user") || profile
+          {
+            id: user["open_id"],
+            name: user["display_name"] || user["username"] || "",
+            email: user["email"] || user["username"],
+            image: user["avatar_large_url"],
+            emailVerified: false
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/twitch.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def twitch(client_id:, client_secret:, scopes: ["user:read:email", "openid"], **options)
+      Base.oauth_provider(
+        id: "twitch",
+        name: "Twitch",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://id.twitch.tv/oauth2/authorize",
+        token_endpoint: "https://id.twitch.tv/oauth2/token",
+        scopes: scopes,
+        auth_params: {
+          claims: JSON.generate({
+            userinfo: {
+              email: nil,
+              email_verified: nil,
+              preferred_username: nil,
+              picture: nil
+            }
+          })
+        },
+        profile_map: ->(profile) {
+          {
+            id: profile["sub"],
+            name: profile["preferred_username"],
+            email: profile["email"],
+            image: profile["picture"],
+            emailVerified: !!profile["email_verified"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/twitter.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def twitter(client_id:, client_secret:, scopes: ["users.read", "tweet.read", "offline.access", "users.email"], **options)
+      Base.oauth_provider(
+        id: "twitter",
+        name: "Twitter",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://x.com/i/oauth2/authorize",
+        token_endpoint: "https://api.x.com/2/oauth2/token",
+        user_info_endpoint: "https://api.x.com/2/users/me?user.fields=profile_image_url,verified",
+        scopes: scopes,
+        pkce: true,
+        profile_map: ->(profile) {
+          data = profile["data"] || profile
+          {
+            id: data["id"],
+            name: data["name"],
+            email: data["email"] || data["username"],
+            image: data["profile_image_url"],
+            emailVerified: !!data["confirmed_email"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/vercel.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def vercel(client_id:, client_secret:, scopes: [], **options)
+      provider = Base.oauth_provider(
+        id: "vercel",
+        name: "Vercel",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://vercel.com/oauth/authorize",
+        token_endpoint: "https://api.vercel.com/login/oauth/token",
+        user_info_endpoint: "https://api.vercel.com/login/oauth/userinfo",
+        scopes: scopes,
+        pkce: true,
+        profile_map: ->(profile) {
+          {
+            id: profile["sub"],
+            name: profile["name"] || profile["preferred_username"] || "",
+            email: profile["email"],
+            image: profile["picture"],
+            emailVerified: !!profile["email_verified"]
+          }
+        },
+        **options
+      )
+      provider[:create_authorization_url] = lambda do |data|
+        verifier = data[:code_verifier] || data[:codeVerifier]
+        raise Error, "codeVerifier is required for Vercel" if verifier.to_s.empty?
+
+        selected_scopes = Base.selected_scopes(scopes, Base.normalize_options(options), data)
+        Base.authorization_url(options[:authorization_endpoint] || "https://vercel.com/oauth/authorize", {
+          client_id: Base.primary_client_id(client_id),
+          redirect_uri: options[:redirect_uri] || options[:redirectURI] || data[:redirect_uri] || data[:redirectURI],
+          response_type: "code",
+          scope: selected_scopes.empty? ? nil : selected_scopes,
+          state: data[:state],
+          code_challenge: Base.pkce_challenge(verifier),
+          code_challenge_method: "S256"
+        })
+      end
+      provider
+    end
+  end
+end

data/lib/better_auth/social_providers/vk.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def vk(client_id:, client_secret:, scopes: ["email", "phone"], **options)
+      Base.oauth_provider(
+        id: "vk",
+        name: "VK",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://id.vk.com/authorize",
+        token_endpoint: "https://id.vk.com/oauth2/auth",
+        user_info_endpoint: "https://id.vk.com/oauth2/user_info",
+        user_info_method: :post,
+        user_info_body: {client_id: client_id},
+        scopes: scopes,
+        pkce: true,
+        profile_map: ->(profile) {
+          user = profile["user"] || profile
+          {
+            id: user["user_id"],
+            name: [user["first_name"], user["last_name"]].compact.join(" "),
+            email: user["email"],
+            image: user["avatar"],
+            emailVerified: false
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/wechat.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def wechat(client_id:, client_secret:, scopes: ["snsapi_login"], **options)
+      normalized = Base.normalize_options(options)
+      provider = Base.oauth_provider(
+        id: "wechat",
+        name: "WeChat",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://open.weixin.qq.com/connect/qrconnect",
+        token_endpoint: "https://api.weixin.qq.com/sns/oauth2/access_token",
+        user_info_endpoint: "https://api.weixin.qq.com/sns/userinfo",
+        scopes: scopes,
+        scope_separator: ",",
+        profile_map: ->(profile) {
+          {
+            id: profile["unionid"] || profile["openid"],
+            name: profile["nickname"],
+            email: profile["email"],
+            image: profile["headimgurl"],
+            emailVerified: false
+          }
+        },
+        **options
+      )
+      provider[:create_authorization_url] = lambda do |data|
+        "#{Base.authorization_url("https://open.weixin.qq.com/connect/qrconnect", {
+          appid: client_id,
+          redirect_uri: normalized[:redirect_uri] || data[:redirect_uri] || data[:redirectURI],
+          response_type: "code",
+          scope: Base.selected_scopes(scopes, normalized, data).join(","),
+          state: data[:state],
+          lang: options[:lang] || "cn"
+        })}#wechat_redirect"
+      end
+      provider[:validate_authorization_code] = lambda do |data|
+        url = Base.authorization_url("https://api.weixin.qq.com/sns/oauth2/access_token", {
+          appid: client_id,
+          secret: client_secret,
+          code: data[:code],
+          grant_type: "authorization_code"
+        })
+        payload = Base.get_json(url)
+        if !payload || payload["errcode"]
+          raise Error, "Failed to validate authorization code: #{payload&.fetch("errmsg", nil) || "Unknown error"}"
+        end
+
+        Base.normalize_tokens(payload).merge(
+          "openid" => payload["openid"],
+          "unionid" => payload["unionid"]
+        ).compact
+      end
+      provider[:refresh_access_token] = normalized[:refresh_access_token] || lambda do |refresh_token|
+        url = Base.authorization_url("https://api.weixin.qq.com/sns/oauth2/refresh_token", {
+          appid: client_id,
+          grant_type: "refresh_token",
+          refresh_token: refresh_token
+        })
+        payload = Base.get_json(url)
+        if !payload || payload["errcode"]
+          raise Error, "Failed to refresh access token: #{payload&.fetch("errmsg", nil) || "Unknown error"}"
+        end
+
+        Base.normalize_tokens(payload).merge(
+          "openid" => payload["openid"],
+          "unionid" => payload["unionid"]
+        ).compact
+      end
+      provider[:get_user_info] = lambda do |tokens|
+        custom = normalized[:get_user_info]
+        next custom.call(tokens) if custom
+
+        openid = tokens["openid"] || tokens[:openid]
+        next nil if openid.to_s.empty?
+
+        url = Base.authorization_url("https://api.weixin.qq.com/sns/userinfo", {
+          access_token: Base.access_token(tokens),
+          openid: openid,
+          lang: "zh_CN"
+        })
+        profile = Base.get_json(url)
+        next nil if !profile || profile["errcode"]
+
+        user = Base.apply_profile_mapping(
+          {
+            id: profile["unionid"] || profile["openid"] || openid,
+            name: profile["nickname"],
+            email: profile["email"],
+            image: profile["headimgurl"],
+            emailVerified: false
+          },
+          profile,
+          normalized
+        )
+        {user: user, data: profile}
+      end
+      provider
+    end
+  end
+end

data/lib/better_auth/social_providers/zoom.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def zoom(client_id:, client_secret:, scopes: [], **options)
+      Base.oauth_provider(
+        id: "zoom",
+        name: "Zoom",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://zoom.us/oauth/authorize",
+        token_endpoint: "https://zoom.us/oauth/token",
+        user_info_endpoint: "https://api.zoom.us/v2/users/me",
+        scopes: scopes,
+        pkce: options.fetch(:pkce, true),
+        profile_map: ->(profile) {
+          {
+            id: profile["id"],
+            name: profile["display_name"],
+            email: profile["email"],
+            image: profile["pic_url"],
+            emailVerified: !!profile["verified"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require_relative "social_providers/base"
+require_relative "social_providers/google"
+require_relative "social_providers/github"
+require_relative "social_providers/gitlab"
+require_relative "social_providers/discord"
+require_relative "social_providers/apple"
+require_relative "social_providers/microsoft_entra_id"
+require_relative "social_providers/atlassian"
+require_relative "social_providers/cognito"
+require_relative "social_providers/dropbox"
+require_relative "social_providers/facebook"
+require_relative "social_providers/figma"
+require_relative "social_providers/huggingface"
+require_relative "social_providers/kakao"
+require_relative "social_providers/kick"
+require_relative "social_providers/line"
+require_relative "social_providers/linear"
+require_relative "social_providers/linkedin"
+require_relative "social_providers/naver"
+require_relative "social_providers/notion"
+require_relative "social_providers/paybin"
+require_relative "social_providers/paypal"
+require_relative "social_providers/polar"
+require_relative "social_providers/railway"
+require_relative "social_providers/reddit"
+require_relative "social_providers/roblox"
+require_relative "social_providers/salesforce"
+require_relative "social_providers/slack"
+require_relative "social_providers/spotify"
+require_relative "social_providers/tiktok"
+require_relative "social_providers/twitch"
+require_relative "social_providers/twitter"
+require_relative "social_providers/vercel"
+require_relative "social_providers/vk"
+require_relative "social_providers/wechat"
+require_relative "social_providers/zoom"

data/lib/better_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BetterAuth
-  VERSION = "0.1.1"
+  VERSION = "0.3.0"
 end

data/lib/better_auth.rb

@@ -2,8 +2,92 @@
 
 require_relative "better_auth/version"
 require_relative "better_auth/core"
+require_relative "better_auth/error"
+require_relative "better_auth/api_error"
+require_relative "better_auth/crypto"
+require_relative "better_auth/password"
+require_relative "better_auth/plugin"
+require_relative "better_auth/configuration"
+require_relative "better_auth/schema"
+require_relative "better_auth/schema/sql"
+require_relative "better_auth/adapters/base"
+require_relative "better_auth/adapters/memory"
+require_relative "better_auth/adapters/sql"
+require_relative "better_auth/adapters/postgres"
+require_relative "better_auth/adapters/mysql"
+require_relative "better_auth/adapters/sqlite"
+require_relative "better_auth/adapters/mssql"
+require_relative "better_auth/database_hooks"
+require_relative "better_auth/adapters/internal_adapter"
+require_relative "better_auth/context"
+require_relative "better_auth/plugin_context"
+require_relative "better_auth/plugin_registry"
+require_relative "better_auth/plugins"
+require_relative "better_auth/plugins/additional_fields"
+require_relative "better_auth/plugins/custom_session"
+require_relative "better_auth/plugins/multi_session"
+require_relative "better_auth/plugins/last_login_method"
+require_relative "better_auth/plugins/bearer"
+require_relative "better_auth/plugins/jwt"
+require_relative "better_auth/plugins/open_api"
+require_relative "better_auth/plugins/access"
+require_relative "better_auth/plugins/username"
+require_relative "better_auth/plugins/anonymous"
+require_relative "better_auth/plugins/magic_link"
+require_relative "better_auth/plugins/email_otp"
+require_relative "better_auth/plugins/phone_number"
+require_relative "better_auth/plugins/one_time_token"
+require_relative "better_auth/plugins/one_tap"
+require_relative "better_auth/plugins/siwe"
+require_relative "better_auth/plugins/generic_oauth"
+require_relative "better_auth/plugins/oauth_proxy"
+require_relative "better_auth/plugins/passkey"
+require_relative "better_auth/plugins/organization/schema"
+require_relative "better_auth/plugins/organization"
+require_relative "better_auth/plugins/admin/schema"
+require_relative "better_auth/plugins/admin"
+require_relative "better_auth/plugins/oauth_protocol"
+require_relative "better_auth/plugins/oidc_provider"
+require_relative "better_auth/plugins/oauth_provider"
+require_relative "better_auth/plugins/device_authorization"
+require_relative "better_auth/plugins/mcp"
+require_relative "better_auth/plugins/two_factor"
+require_relative "better_auth/plugins/captcha"
+require_relative "better_auth/plugins/have_i_been_pwned"
+require_relative "better_auth/plugins/api_key"
+require_relative "better_auth/plugins/sso"
+require_relative "better_auth/plugins/scim"
+require_relative "better_auth/social_providers"
+%w[
+  better_auth/plugins/stripe
+  better_auth/plugins/expo
+].each do |optional_plugin|
+  require_relative optional_plugin if File.file?(File.expand_path("#{optional_plugin}.rb", __dir__))
+end
+require_relative "better_auth/session_store"
+require_relative "better_auth/cookies"
+require_relative "better_auth/session"
+require_relative "better_auth/endpoint"
+require_relative "better_auth/routes/ok"
+require_relative "better_auth/routes/error"
+require_relative "better_auth/routes/sign_up"
+require_relative "better_auth/routes/sign_in"
+require_relative "better_auth/routes/sign_out"
+require_relative "better_auth/routes/session"
+require_relative "better_auth/routes/password"
+require_relative "better_auth/routes/email_verification"
+require_relative "better_auth/routes/user"
+require_relative "better_auth/routes/account"
+require_relative "better_auth/routes/social"
+require_relative "better_auth/api"
+require_relative "better_auth/rate_limiter"
+require_relative "better_auth/request_ip"
+require_relative "better_auth/middleware/origin_check"
+require_relative "better_auth/router"
+require_relative "better_auth/auth"
 
 module BetterAuth
-  # Main entry point for Better Auth
-  # This module provides the core authentication functionality
+  def self.auth(options = {})
+    Auth.new(options)
+  end
 end