better_auth 0.2.0 → 0.4.0

data/lib/better_auth/social_providers/vk.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def vk(client_id:, client_secret:, scopes: ["email", "phone"], **options)
+      Base.oauth_provider(
+        id: "vk",
+        name: "VK",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://id.vk.com/authorize",
+        token_endpoint: "https://id.vk.com/oauth2/auth",
+        user_info_endpoint: "https://id.vk.com/oauth2/user_info",
+        user_info_method: :post,
+        user_info_body: {client_id: client_id},
+        scopes: scopes,
+        pkce: true,
+        profile_map: ->(profile) {
+          user = profile["user"] || profile
+          {
+            id: user["user_id"],
+            name: [user["first_name"], user["last_name"]].compact.join(" "),
+            email: user["email"],
+            image: user["avatar"],
+            emailVerified: false
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers/wechat.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def wechat(client_id:, client_secret:, scopes: ["snsapi_login"], **options)
+      normalized = Base.normalize_options(options)
+      provider = Base.oauth_provider(
+        id: "wechat",
+        name: "WeChat",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://open.weixin.qq.com/connect/qrconnect",
+        token_endpoint: "https://api.weixin.qq.com/sns/oauth2/access_token",
+        user_info_endpoint: "https://api.weixin.qq.com/sns/userinfo",
+        scopes: scopes,
+        scope_separator: ",",
+        profile_map: ->(profile) {
+          {
+            id: profile["unionid"] || profile["openid"],
+            name: profile["nickname"],
+            email: profile["email"],
+            image: profile["headimgurl"],
+            emailVerified: false
+          }
+        },
+        **options
+      )
+      provider[:create_authorization_url] = lambda do |data|
+        "#{Base.authorization_url("https://open.weixin.qq.com/connect/qrconnect", {
+          appid: client_id,
+          redirect_uri: normalized[:redirect_uri] || data[:redirect_uri] || data[:redirectURI],
+          response_type: "code",
+          scope: Base.selected_scopes(scopes, normalized, data).join(","),
+          state: data[:state],
+          lang: options[:lang] || "cn"
+        })}#wechat_redirect"
+      end
+      provider[:validate_authorization_code] = lambda do |data|
+        url = Base.authorization_url("https://api.weixin.qq.com/sns/oauth2/access_token", {
+          appid: client_id,
+          secret: client_secret,
+          code: data[:code],
+          grant_type: "authorization_code"
+        })
+        payload = Base.get_json(url)
+        if !payload || payload["errcode"]
+          raise Error, "Failed to validate authorization code: #{payload&.fetch("errmsg", nil) || "Unknown error"}"
+        end
+
+        Base.normalize_tokens(payload).merge(
+          "openid" => payload["openid"],
+          "unionid" => payload["unionid"]
+        ).compact
+      end
+      provider[:refresh_access_token] = normalized[:refresh_access_token] || lambda do |refresh_token|
+        url = Base.authorization_url("https://api.weixin.qq.com/sns/oauth2/refresh_token", {
+          appid: client_id,
+          grant_type: "refresh_token",
+          refresh_token: refresh_token
+        })
+        payload = Base.get_json(url)
+        if !payload || payload["errcode"]
+          raise Error, "Failed to refresh access token: #{payload&.fetch("errmsg", nil) || "Unknown error"}"
+        end
+
+        Base.normalize_tokens(payload).merge(
+          "openid" => payload["openid"],
+          "unionid" => payload["unionid"]
+        ).compact
+      end
+      provider[:get_user_info] = lambda do |tokens|
+        custom = normalized[:get_user_info]
+        next custom.call(tokens) if custom
+
+        openid = tokens["openid"] || tokens[:openid]
+        next nil if openid.to_s.empty?
+
+        url = Base.authorization_url("https://api.weixin.qq.com/sns/userinfo", {
+          access_token: Base.access_token(tokens),
+          openid: openid,
+          lang: "zh_CN"
+        })
+        profile = Base.get_json(url)
+        next nil if !profile || profile["errcode"]
+
+        user = Base.apply_profile_mapping(
+          {
+            id: profile["unionid"] || profile["openid"] || openid,
+            name: profile["nickname"],
+            email: profile["email"],
+            image: profile["headimgurl"],
+            emailVerified: false
+          },
+          profile,
+          normalized
+        )
+        {user: user, data: profile}
+      end
+      provider
+    end
+  end
+end

data/lib/better_auth/social_providers/zoom.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module SocialProviders
+    module_function
+
+    def zoom(client_id:, client_secret:, scopes: [], **options)
+      Base.oauth_provider(
+        id: "zoom",
+        name: "Zoom",
+        client_id: client_id,
+        client_secret: client_secret,
+        authorization_endpoint: "https://zoom.us/oauth/authorize",
+        token_endpoint: "https://zoom.us/oauth/token",
+        user_info_endpoint: "https://api.zoom.us/v2/users/me",
+        scopes: scopes,
+        pkce: options.fetch(:pkce, true),
+        profile_map: ->(profile) {
+          {
+            id: profile["id"],
+            name: profile["display_name"],
+            email: profile["email"],
+            image: profile["pic_url"],
+            emailVerified: !!profile["verified"]
+          }
+        },
+        **options
+      )
+    end
+  end
+end

data/lib/better_auth/social_providers.rb

@@ -7,3 +7,32 @@ require_relative "social_providers/gitlab"
 require_relative "social_providers/discord"
 require_relative "social_providers/apple"
 require_relative "social_providers/microsoft_entra_id"
+require_relative "social_providers/atlassian"
+require_relative "social_providers/cognito"
+require_relative "social_providers/dropbox"
+require_relative "social_providers/facebook"
+require_relative "social_providers/figma"
+require_relative "social_providers/huggingface"
+require_relative "social_providers/kakao"
+require_relative "social_providers/kick"
+require_relative "social_providers/line"
+require_relative "social_providers/linear"
+require_relative "social_providers/linkedin"
+require_relative "social_providers/naver"
+require_relative "social_providers/notion"
+require_relative "social_providers/paybin"
+require_relative "social_providers/paypal"
+require_relative "social_providers/polar"
+require_relative "social_providers/railway"
+require_relative "social_providers/reddit"
+require_relative "social_providers/roblox"
+require_relative "social_providers/salesforce"
+require_relative "social_providers/slack"
+require_relative "social_providers/spotify"
+require_relative "social_providers/tiktok"
+require_relative "social_providers/twitch"
+require_relative "social_providers/twitter"
+require_relative "social_providers/vercel"
+require_relative "social_providers/vk"
+require_relative "social_providers/wechat"
+require_relative "social_providers/zoom"

data/lib/better_auth/url_helpers.rb

@@ -0,0 +1,195 @@
+# frozen_string_literal: true
+
+require "uri"
+
+module BetterAuth
+  module URLHelpers
+    module_function
+
+    def valid_proxy_header?(header, type)
+      value = header.to_s
+      return false if value.strip.empty?
+
+      case type.to_sym
+      when :proto
+        ["http", "https"].include?(value)
+      when :host
+        return false if value.match?(/\.\.|\0|\s|\A[.]|[<>'"]|javascript:|file:|data:/i)
+        return false if value.match?(%r{[/\\]})
+
+        patterns = [
+          /\A[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?\z/,
+          /\A(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?\z/,
+          /\A\[[0-9a-fA-F:]+\](:[0-9]{1,5})?\z/,
+          /\Alocalhost(:[0-9]{1,5})?\z/i
+        ]
+        patterns.any? { |pattern| value.match?(pattern) } && valid_port?(value)
+      else
+        false
+      end
+    end
+
+    def matches_host_pattern?(host, pattern)
+      return false if host.to_s.empty? || pattern.to_s.empty?
+
+      normalized_host = normalize_host_pattern_value(host)
+      normalized_pattern = normalize_host_pattern_value(pattern)
+      regex = Regexp.escape(normalized_pattern)
+        .gsub("\\*", ".*")
+        .gsub("\\?", ".")
+      !!normalized_host.match?(/\A#{regex}\z/i)
+    end
+
+    def host_from_source(source, trusted_proxy_headers: false)
+      headers = headers_from_source(source)
+      if trusted_proxy_headers
+        forwarded_host = header_value(headers, "x-forwarded-host")
+        return forwarded_host if forwarded_host && valid_proxy_header?(forwarded_host, :host)
+      end
+
+      host = header_value(headers, "host")
+      return host if host && valid_proxy_header?(host, :host)
+
+      uri_host(source_url(source))
+    end
+
+    def protocol_from_source(source, config_protocol: nil, trusted_proxy_headers: false)
+      return config_protocol if ["http", "https"].include?(config_protocol)
+
+      headers = headers_from_source(source)
+      if trusted_proxy_headers
+        forwarded_proto = header_value(headers, "x-forwarded-proto")
+        return forwarded_proto if forwarded_proto && valid_proxy_header?(forwarded_proto, :proto)
+      end
+
+      protocol = uri_scheme(source_url(source))
+      return protocol if ["http", "https"].include?(protocol)
+
+      host = host_from_source(source, trusted_proxy_headers: trusted_proxy_headers)
+      return "http" if host && loopback_for_dev_scheme?(host)
+
+      "https"
+    end
+
+    def resolve_base_url(config, base_path, source = nil, load_env: true, trusted_proxy_headers: false)
+      if dynamic_config?(config)
+        return resolve_dynamic_base_url(config, source, base_path, trusted_proxy_headers: trusted_proxy_headers) if source
+        return with_path(config[:fallback] || config["fallback"], base_path) if config[:fallback] || config["fallback"]
+
+        return env_base_url(base_path) if load_env
+        return nil
+      end
+
+      return with_path(config, base_path) if config.is_a?(String)
+      return env_base_url(base_path) if load_env
+      return with_path(origin(source_url(source)), base_path) if source
+
+      nil
+    end
+
+    def resolve_dynamic_base_url(config, source, base_path, trusted_proxy_headers: false)
+      host = host_from_source(source, trusted_proxy_headers: trusted_proxy_headers)
+      fallback = config[:fallback] || config["fallback"]
+      raise Error, "Could not determine host from request headers. Please provide a fallback URL in your baseURL config." unless host || fallback
+
+      allowed_hosts = config[:allowed_hosts] || config["allowed_hosts"] || config[:allowedHosts] || config["allowedHosts"] || []
+      if host && allowed_hosts.any? { |pattern| matches_host_pattern?(host, pattern) }
+        protocol = protocol_from_source(source, config_protocol: config[:protocol] || config["protocol"], trusted_proxy_headers: trusted_proxy_headers)
+        return with_path("#{protocol}://#{host}", base_path)
+      end
+
+      return with_path(fallback, base_path) if fallback
+
+      raise Error, "Host \"#{host}\" is not in the allowed hosts list."
+    end
+
+    def with_path(url, path = "/api/auth")
+      parsed = URI.parse(url.to_s)
+      raise Error, "Invalid base URL: #{url}. URL must include 'http://' or 'https://'" unless ["http", "https"].include?(parsed.scheme)
+
+      current_path = parsed.path.to_s.gsub(%r{/+\z}, "")
+      return url.to_s if !current_path.empty? && current_path != "/"
+
+      trimmed = url.to_s.gsub(%r{/+\z}, "")
+      return trimmed if path.to_s.empty? || path == "/"
+
+      suffix = path.start_with?("/") ? path : "/#{path}"
+      "#{trimmed}#{suffix}"
+    rescue URI::InvalidURIError
+      raise Error, "Invalid base URL: #{url}. Please provide a valid base URL."
+    end
+
+    def origin(url)
+      parsed = URI.parse(url.to_s)
+      return nil unless ["http", "https"].include?(parsed.scheme)
+
+      port = parsed.port
+      default_port = (parsed.scheme == "http" && port == 80) || (parsed.scheme == "https" && port == 443)
+      default_port ? "#{parsed.scheme}://#{parsed.host}" : "#{parsed.scheme}://#{parsed.host}:#{port}"
+    rescue URI::InvalidURIError
+      nil
+    end
+
+    def uri_host(url)
+      parsed = URI.parse(url.to_s)
+      return nil unless parsed.host
+
+      default_port = (parsed.scheme == "http" && parsed.port == 80) || (parsed.scheme == "https" && parsed.port == 443)
+      default_port ? parsed.host : "#{parsed.host}:#{parsed.port}"
+    rescue URI::InvalidURIError
+      nil
+    end
+
+    def uri_scheme(url)
+      URI.parse(url.to_s).scheme
+    rescue URI::InvalidURIError
+      nil
+    end
+
+    def normalize_host_pattern_value(value)
+      value.to_s.sub(%r{\Ahttps?://}i, "").split("/").first.to_s.downcase
+    end
+
+    def headers_from_source(source)
+      return {} unless source
+      return source.headers if source.respond_to?(:headers)
+      return source if source.is_a?(Hash)
+
+      {}
+    end
+
+    def header_value(headers, key)
+      if headers.respond_to?(:get)
+        headers.get(key)
+      else
+        headers[key] || headers[key.to_s] || headers[key.to_s.downcase] || headers[key.to_s.upcase] || headers[key.tr("-", "_").upcase]
+      end
+    end
+
+    def source_url(source)
+      source.url if source.respond_to?(:url)
+    end
+
+    def dynamic_config?(config)
+      config.is_a?(Hash) && (config.key?(:allowed_hosts) || config.key?("allowed_hosts") || config.key?(:allowedHosts) || config.key?("allowedHosts"))
+    end
+
+    def env_base_url(base_path)
+      url = ENV["BETTER_AUTH_URL"] || ENV["NEXT_PUBLIC_BETTER_AUTH_URL"] || ENV["PUBLIC_BETTER_AUTH_URL"] || ENV["NUXT_PUBLIC_BETTER_AUTH_URL"] || ENV["NUXT_PUBLIC_AUTH_URL"]
+      url ||= ENV["BASE_URL"] if ENV["BASE_URL"] && ENV["BASE_URL"] != "/"
+      url ? with_path(url, base_path) : nil
+    end
+
+    def loopback_for_dev_scheme?(host)
+      hostname = host.to_s.sub(/:\d+\z/, "").sub(/\A\[/, "").sub(/\]\z/, "").downcase
+      hostname == "localhost" || hostname.end_with?(".localhost") || hostname == "::1" || hostname.start_with?("127.")
+    end
+
+    def valid_port?(host)
+      port = host[/:(\d{1,5})\z/, 1]
+      return true unless port
+
+      port.to_i.between?(1, 65_535)
+    end
+  end
+end

data/lib/better_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BetterAuth
-  VERSION = "0.2.0"
+  VERSION = "0.4.0"
 end

data/lib/better_auth.rb

@@ -5,6 +5,14 @@ require_relative "better_auth/core"
 require_relative "better_auth/error"
 require_relative "better_auth/api_error"
 require_relative "better_auth/crypto"
+require_relative "better_auth/host"
+require_relative "better_auth/url_helpers"
+require_relative "better_auth/request_state"
+require_relative "better_auth/async"
+require_relative "better_auth/deprecate"
+require_relative "better_auth/logger"
+require_relative "better_auth/instrumentation"
+require_relative "better_auth/oauth2"
 require_relative "better_auth/password"
 require_relative "better_auth/plugin"
 require_relative "better_auth/configuration"
@@ -17,7 +25,6 @@ require_relative "better_auth/adapters/postgres"
 require_relative "better_auth/adapters/mysql"
 require_relative "better_auth/adapters/sqlite"
 require_relative "better_auth/adapters/mssql"
-require_relative "better_auth/adapters/mongodb"
 require_relative "better_auth/database_hooks"
 require_relative "better_auth/adapters/internal_adapter"
 require_relative "better_auth/context"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: better_auth
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Sebastian Sala
@@ -217,20 +217,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: mongo
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.21'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.21'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -282,6 +268,7 @@ files:
 - lib/better_auth/adapters/sqlite.rb
 - lib/better_auth/api.rb
 - lib/better_auth/api_error.rb
+- lib/better_auth/async.rb
 - lib/better_auth/auth.rb
 - lib/better_auth/configuration.rb
 - lib/better_auth/context.rb
@@ -290,9 +277,14 @@ files:
 - lib/better_auth/crypto.rb
 - lib/better_auth/crypto/jwe.rb
 - lib/better_auth/database_hooks.rb
+- lib/better_auth/deprecate.rb
 - lib/better_auth/endpoint.rb
 - lib/better_auth/error.rb
+- lib/better_auth/host.rb
+- lib/better_auth/instrumentation.rb
+- lib/better_auth/logger.rb
 - lib/better_auth/middleware/origin_check.rb
+- lib/better_auth/oauth2.rb
 - lib/better_auth/password.rb
 - lib/better_auth/plugin.rb
 - lib/better_auth/plugin_context.rb
@@ -336,6 +328,7 @@ files:
 - lib/better_auth/plugins/username.rb
 - lib/better_auth/rate_limiter.rb
 - lib/better_auth/request_ip.rb
+- lib/better_auth/request_state.rb
 - lib/better_auth/router.rb
 - lib/better_auth/routes/account.rb
 - lib/better_auth/routes/email_verification.rb
@@ -354,12 +347,42 @@ files:
 - lib/better_auth/session_store.rb
 - lib/better_auth/social_providers.rb
 - lib/better_auth/social_providers/apple.rb
+- lib/better_auth/social_providers/atlassian.rb
 - lib/better_auth/social_providers/base.rb
+- lib/better_auth/social_providers/cognito.rb
 - lib/better_auth/social_providers/discord.rb
+- lib/better_auth/social_providers/dropbox.rb
+- lib/better_auth/social_providers/facebook.rb
+- lib/better_auth/social_providers/figma.rb
 - lib/better_auth/social_providers/github.rb
 - lib/better_auth/social_providers/gitlab.rb
 - lib/better_auth/social_providers/google.rb
+- lib/better_auth/social_providers/huggingface.rb
+- lib/better_auth/social_providers/kakao.rb
+- lib/better_auth/social_providers/kick.rb
+- lib/better_auth/social_providers/line.rb
+- lib/better_auth/social_providers/linear.rb
+- lib/better_auth/social_providers/linkedin.rb
 - lib/better_auth/social_providers/microsoft_entra_id.rb
+- lib/better_auth/social_providers/naver.rb
+- lib/better_auth/social_providers/notion.rb
+- lib/better_auth/social_providers/paybin.rb
+- lib/better_auth/social_providers/paypal.rb
+- lib/better_auth/social_providers/polar.rb
+- lib/better_auth/social_providers/railway.rb
+- lib/better_auth/social_providers/reddit.rb
+- lib/better_auth/social_providers/roblox.rb
+- lib/better_auth/social_providers/salesforce.rb
+- lib/better_auth/social_providers/slack.rb
+- lib/better_auth/social_providers/spotify.rb
+- lib/better_auth/social_providers/tiktok.rb
+- lib/better_auth/social_providers/twitch.rb
+- lib/better_auth/social_providers/twitter.rb
+- lib/better_auth/social_providers/vercel.rb
+- lib/better_auth/social_providers/vk.rb
+- lib/better_auth/social_providers/wechat.rb
+- lib/better_auth/social_providers/zoom.rb
+- lib/better_auth/url_helpers.rb
 - lib/better_auth/version.rb
 homepage: https://github.com/sebasxsala/better-auth
 licenses: