RubyGems - better_auth - Versions diffs - 0.3.0 → 0.5.0 - Mend

better_auth 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +17 -0
data/README.md +24 -0
data/lib/better_auth/adapters/internal_adapter.rb +10 -7
data/lib/better_auth/adapters/memory.rb +57 -11
data/lib/better_auth/adapters/sql.rb +123 -20
data/lib/better_auth/api.rb +114 -9
data/lib/better_auth/async.rb +70 -0
data/lib/better_auth/configuration.rb +97 -7
data/lib/better_auth/context.rb +165 -12
data/lib/better_auth/cookies.rb +6 -4
data/lib/better_auth/core.rb +2 -0
data/lib/better_auth/crypto/jwe.rb +27 -5
data/lib/better_auth/crypto.rb +32 -0
data/lib/better_auth/database_hooks.rb +8 -8
data/lib/better_auth/deprecate.rb +28 -0
data/lib/better_auth/endpoint.rb +92 -5
data/lib/better_auth/error.rb +8 -1
data/lib/better_auth/host.rb +166 -0
data/lib/better_auth/instrumentation.rb +74 -0
data/lib/better_auth/logger.rb +31 -0
data/lib/better_auth/middleware/origin_check.rb +2 -2
data/lib/better_auth/oauth2.rb +94 -0
data/lib/better_auth/plugins/admin/schema.rb +2 -2
data/lib/better_auth/plugins/admin.rb +344 -16
data/lib/better_auth/plugins/anonymous.rb +37 -3
data/lib/better_auth/plugins/device_authorization.rb +102 -5
data/lib/better_auth/plugins/dub.rb +148 -0
data/lib/better_auth/plugins/email_otp.rb +261 -19
data/lib/better_auth/plugins/expo.rb +17 -1
data/lib/better_auth/plugins/generic_oauth.rb +67 -35
data/lib/better_auth/plugins/jwt.rb +37 -4
data/lib/better_auth/plugins/last_login_method.rb +2 -2
data/lib/better_auth/plugins/magic_link.rb +66 -3
data/lib/better_auth/plugins/mcp/authorization.rb +111 -0
data/lib/better_auth/plugins/mcp/config.rb +51 -0
data/lib/better_auth/plugins/mcp/consent.rb +31 -0
data/lib/better_auth/plugins/mcp/legacy_aliases.rb +39 -0
data/lib/better_auth/plugins/mcp/metadata.rb +81 -0
data/lib/better_auth/plugins/mcp/registration.rb +31 -0
data/lib/better_auth/plugins/mcp/resource_handler.rb +37 -0
data/lib/better_auth/plugins/mcp/schema.rb +91 -0
data/lib/better_auth/plugins/mcp/token.rb +108 -0
data/lib/better_auth/plugins/mcp/userinfo.rb +37 -0
data/lib/better_auth/plugins/mcp.rb +111 -263
data/lib/better_auth/plugins/multi_session.rb +61 -3
data/lib/better_auth/plugins/oauth_protocol.rb +173 -30
data/lib/better_auth/plugins/oauth_proxy.rb +26 -6
data/lib/better_auth/plugins/oidc_provider.rb +118 -14
data/lib/better_auth/plugins/one_tap.rb +7 -2
data/lib/better_auth/plugins/one_time_token.rb +42 -2
data/lib/better_auth/plugins/open_api.rb +163 -318
data/lib/better_auth/plugins/organization/schema.rb +6 -0
data/lib/better_auth/plugins/organization.rb +186 -56
data/lib/better_auth/plugins/phone_number.rb +141 -6
data/lib/better_auth/plugins/siwe.rb +69 -3
data/lib/better_auth/plugins/two_factor.rb +118 -41
data/lib/better_auth/plugins/username.rb +57 -2
data/lib/better_auth/rate_limiter.rb +38 -0
data/lib/better_auth/request_state.rb +44 -0
data/lib/better_auth/response.rb +42 -0
data/lib/better_auth/router.rb +7 -1
data/lib/better_auth/routes/account.rb +220 -42
data/lib/better_auth/routes/email_verification.rb +98 -14
data/lib/better_auth/routes/password.rb +126 -8
data/lib/better_auth/routes/session.rb +128 -13
data/lib/better_auth/routes/sign_in.rb +26 -2
data/lib/better_auth/routes/sign_out.rb +13 -1
data/lib/better_auth/routes/sign_up.rb +70 -4
data/lib/better_auth/routes/social.rb +132 -7
data/lib/better_auth/routes/user.rb +228 -20
data/lib/better_auth/routes/validation.rb +50 -0
data/lib/better_auth/secret_config.rb +115 -0
data/lib/better_auth/session.rb +13 -2
data/lib/better_auth/url_helpers.rb +206 -0
data/lib/better_auth/version.rb +1 -1
data/lib/better_auth.rb +12 -0
metadata +23 -1

data/lib/better_auth/routes/validation.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Routes
+    REQUEST_EMAIL_PATTERN = /\A[^@\s]+@[^@\s]+\.[^@\s]+\z/
+    def self.request_body_schema(required_strings: [], required_nonempty_strings: [], email_strings: [], optional_strings: [])
+      ->(body) {
+        data = request_validation_hash(body)
+        return false unless required_strings.all? { |key| request_string?(data, key) }
+        return false unless required_nonempty_strings.all? { |key| request_string?(data, key) && !data[request_storage_key(key)].empty? }
+        return false unless email_strings.all? { |key| request_string?(data, key) && REQUEST_EMAIL_PATTERN.match?(data[request_storage_key(key)]) }
+        return false unless optional_strings.all? { |key| !data.key?(request_storage_key(key)) || request_string?(data, key) }
+        data
+      }
+    end
+    def self.request_query_schema(required_strings: [], optional_strings: [])
+      ->(query) {
+        data = request_validation_hash(query)
+        return false unless required_strings.all? { |key| request_string?(data, key) }
+        return false unless optional_strings.all? { |key| !data.key?(request_storage_key(key)) || request_string?(data, key) }
+        data
+      }
+    end
+    def self.request_validation_hash(value)
+      return {} unless value.is_a?(Hash)
+      value.each_with_object({}) do |(key, object_value), result|
+        result[request_storage_key(key)] = object_value
+      end
+    end
+    def self.request_string?(data, key)
+      data[request_storage_key(key)].is_a?(String)
+    end
+    def self.request_storage_key(key)
+      key.to_s
+        .gsub(/([a-z\d])([A-Z])/, "\\1_\\2")
+        .tr("-", "_")
+        .downcase
+        .split("_")
+        .then { |parts| ([parts.first] + parts.drop(1).map(&:capitalize)).join }
+    end
+  end
+end

data/lib/better_auth/secret_config.rb ADDED Viewed

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+module BetterAuth
+  class SecretConfig
+    ENVELOPE_PREFIX = "$ba$"
+    attr_reader :keys, :current_version, :legacy_secret
+    def initialize(keys:, current_version:, legacy_secret: nil)
+      normalized_keys = keys.each_with_object({}) do |(version, value), result|
+        result[normalize_version!(version)] = value.to_s
+      end
+      @keys = normalized_keys.freeze
+      @current_version = normalize_version!(current_version)
+      @legacy_secret = legacy_secret unless legacy_secret.to_s.empty?
+    end
+    def current_secret
+      keys.fetch(current_version) do
+        raise Error, "Secret version #{current_version} not found in keys"
+      end
+    end
+    def all_secrets
+      entries = keys.map { |version, value| [version, value] }
+      entries << [-1, legacy_secret] if legacy_secret && !keys.value?(legacy_secret)
+      entries
+    end
+    def self.parse_env(value)
+      return nil if value.to_s.empty?
+      value.to_s.split(",").map do |entry|
+        entry = entry.strip
+        colon_index = entry.index(":")
+        raise Error, "Invalid BETTER_AUTH_SECRETS entry: \"#{entry}\". Expected format: \"<version>:<secret>\"" unless colon_index
+        version = entry[0...colon_index].strip
+        secret = entry[(colon_index + 1)..].to_s.strip
+        raise Error, "Empty secret value for version #{version} in BETTER_AUTH_SECRETS." if secret.empty?
+        {version: parse_version!(version, source: "BETTER_AUTH_SECRETS"), value: secret}
+      end
+    end
+    def self.validate_secrets!(secrets, logger: nil)
+      entries = Array(secrets)
+      raise Error, "`secrets` array must contain at least one entry." if entries.empty?
+      seen = {}
+      entries.each do |entry|
+        data = normalize_entry(entry)
+        version = parse_version!(data.fetch(:version), source: "`secrets`")
+        value = data.fetch(:value, nil).to_s
+        raise Error, "Empty secret value for version #{version} in `secrets`." if value.empty?
+        raise Error, "Duplicate version #{version} in `secrets`. Each version must be unique." if seen[version]
+        seen[version] = true
+      end
+      current = normalize_entry(entries.first)
+      current_version = parse_version!(current.fetch(:version), source: "`secrets`")
+      current_value = current.fetch(:value).to_s
+      warn(logger, "[better-auth] Warning: the current secret (version #{current_version}) should be at least 32 characters long for adequate security.") if current_value.length < 32
+      warn(logger, "[better-auth] Warning: the current secret appears low-entropy. Use a randomly generated secret for production.") if entropy(current_value) < 120
+    end
+    def self.build(secrets, legacy_secret, logger: nil)
+      validate_secrets!(secrets, logger: logger)
+      entries = Array(secrets).map { |entry| normalize_entry(entry) }
+      keys = entries.each_with_object({}) do |entry, result|
+        result[parse_version!(entry.fetch(:version), source: "`secrets`")] = entry.fetch(:value).to_s
+      end
+      current_version = parse_version!(entries.first.fetch(:version), source: "`secrets`")
+      legacy = (legacy_secret && legacy_secret != Configuration::DEFAULT_SECRET) ? legacy_secret : nil
+      new(keys: keys, current_version: current_version, legacy_secret: legacy)
+    end
+    def self.normalize_entry(entry)
+      raise Error, "Invalid `secrets` entry. Expected a hash with `version` and `value`." unless entry.is_a?(Hash)
+      entry.each_with_object({}) do |(key, value), result|
+        result[key.to_s.tr("-", "_").to_sym] = value
+      end
+    end
+    def self.parse_version!(value, source:)
+      text = value.to_s.strip
+      unless text.match?(/\A(?:0|[1-9]\d*)\z/)
+        raise Error, "Invalid version #{value} in #{source}. Version must be a non-negative integer."
+      end
+      text.to_i
+    end
+    def self.entropy(value)
+      unique = value.to_s.chars.uniq.length
+      return 0 if unique.zero?
+      Math.log2(unique**value.to_s.length)
+    end
+    def self.warn(logger, message)
+      if logger.respond_to?(:call)
+        logger.call(:warn, message)
+      elsif logger.respond_to?(:warn)
+        logger.warn(message)
+      end
+    end
+    def normalize_version!(version)
+      self.class.parse_version!(version, source: "`secrets`")
+    end
+  end
+end

data/lib/better_auth/session.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module BetterAuth
       return nil if payload["session"]["token"] && payload["session"]["token"] != token
       result = {session: payload["session"], user: payload["user"]}
-      Cookies.set_cookie_cache(ctx, result, false) if should_refresh_cookie_cache?(config, payload)
+      result = refresh_cached_session(ctx, result) if should_refresh_cookie_cache?(config, payload)
       result
     end
@@ -89,6 +89,17 @@ module BetterAuth
       refreshed
     end
+    def refresh_cached_session(ctx, result)
+      now = Time.now
+      session = stringify_keys(result[:session]).merge(
+        "expiresAt" => now + ctx.context.session_config[:expires_in].to_i,
+        "updatedAt" => now
+      )
+      refreshed = {session: session, user: result[:user]}
+      Cookies.set_session_cookie(ctx, refreshed, Cookies.dont_remember?(ctx))
+      refreshed
+    end
     def should_refresh_cookie_cache?(config, payload)
       refresh_cache = config[:refresh_cache]
       return false if refresh_cache == false || refresh_cache.nil?
@@ -97,7 +108,7 @@ module BetterAuth
       update_age = if refresh_cache.is_a?(Hash)
         (refresh_cache[:update_age] || refresh_cache["updateAge"] || refresh_cache["update_age"]).to_i
       else
-        (max_age * 0.8).to_i
+        (max_age * 0.2).to_i
       end
       updated_at = payload["updatedAt"].to_i
       updated_at.positive? && updated_at + (update_age * 1000) <= (Time.now.to_f * 1000).to_i

data/lib/better_auth/url_helpers.rb ADDED Viewed

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+require "uri"
+module BetterAuth
+  module URLHelpers
+    module_function
+    def valid_proxy_header?(header, type)
+      value = header.to_s
+      return false if value.strip.empty?
+      case type.to_sym
+      when :proto
+        ["http", "https"].include?(value)
+      when :host
+        return false if value.match?(/\.\.|\0|\s|\A[.]|[<>'"]|javascript:|file:|data:/i)
+        return false if value.match?(%r{[/\\]})
+        patterns = [
+          /\A[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?\z/,
+          /\A(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?\z/,
+          /\A\[[0-9a-fA-F:]+\](:[0-9]{1,5})?\z/,
+          /\Alocalhost(:[0-9]{1,5})?\z/i
+        ]
+        patterns.any? { |pattern| value.match?(pattern) } && valid_port?(value)
+      else
+        false
+      end
+    end
+    def matches_host_pattern?(host, pattern)
+      return false if host.to_s.empty? || pattern.to_s.empty?
+      normalized_host = normalize_host_pattern_value(host)
+      normalized_pattern = normalize_host_pattern_value(pattern)
+      regex = Regexp.escape(normalized_pattern)
+        .gsub("\\*", ".*")
+        .gsub("\\?", ".")
+      !!normalized_host.match?(/\A#{regex}\z/i)
+    end
+    def host_from_source(source, trusted_proxy_headers: false)
+      headers = headers_from_source(source)
+      if trusted_proxy_headers
+        forwarded_host = header_value(headers, "x-forwarded-host")
+        return forwarded_host if forwarded_host && valid_proxy_header?(forwarded_host, :host)
+      end
+      host = header_value(headers, "host")
+      return host if host && valid_proxy_header?(host, :host)
+      uri_host(source_url(source))
+    end
+    def protocol_from_source(source, config_protocol: nil, trusted_proxy_headers: false)
+      return config_protocol if ["http", "https"].include?(config_protocol)
+      headers = headers_from_source(source)
+      if trusted_proxy_headers
+        forwarded_proto = header_value(headers, "x-forwarded-proto")
+        return forwarded_proto if forwarded_proto && valid_proxy_header?(forwarded_proto, :proto)
+      end
+      protocol = uri_scheme(source_url(source))
+      return protocol if ["http", "https"].include?(protocol)
+      host = host_from_source(source, trusted_proxy_headers: trusted_proxy_headers)
+      return "http" if host && loopback_for_dev_scheme?(host)
+      "https"
+    end
+    def resolve_base_url(config, base_path, source = nil, load_env: true, trusted_proxy_headers: false)
+      if dynamic_config?(config)
+        return resolve_dynamic_base_url(config, source, base_path, trusted_proxy_headers: trusted_proxy_headers) if source
+        return with_path(config[:fallback] || config["fallback"], base_path) if config[:fallback] || config["fallback"]
+        return env_base_url(base_path) if load_env
+        return nil
+      end
+      return with_path(config, base_path) if config.is_a?(String)
+      return env_base_url(base_path) if load_env
+      return with_path(origin(source_url(source)), base_path) if source
+      nil
+    end
+    def resolve_dynamic_base_url(config, source, base_path, trusted_proxy_headers: false)
+      host = host_from_source(source, trusted_proxy_headers: trusted_proxy_headers)
+      fallback = config[:fallback] || config["fallback"]
+      raise Error, "Could not determine host from request headers. Please provide a fallback URL in your baseURL config." unless host || fallback
+      allowed_hosts = config[:allowed_hosts] || config["allowed_hosts"] || config[:allowedHosts] || config["allowedHosts"] || []
+      if host && allowed_hosts.any? { |pattern| matches_host_pattern?(host, pattern) }
+        protocol = protocol_from_source(source, config_protocol: config[:protocol] || config["protocol"], trusted_proxy_headers: trusted_proxy_headers)
+        return with_path("#{protocol}://#{host}", base_path)
+      end
+      return with_path(fallback, base_path) if fallback
+      raise Error, "Host \"#{host}\" is not in the allowed hosts list."
+    end
+    def with_path(url, path = "/api/auth")
+      parsed = URI.parse(url.to_s)
+      raise Error, "Invalid base URL: #{url}. URL must include 'http://' or 'https://'" unless ["http", "https"].include?(parsed.scheme)
+      current_path = parsed.path.to_s.gsub(%r{/+\z}, "")
+      return url.to_s if !current_path.empty? && current_path != "/"
+      trimmed = url.to_s.gsub(%r{/+\z}, "")
+      return trimmed if path.to_s.empty? || path == "/"
+      suffix = path.start_with?("/") ? path : "/#{path}"
+      "#{trimmed}#{suffix}"
+    rescue URI::InvalidURIError
+      raise Error, "Invalid base URL: #{url}. Please provide a valid base URL."
+    end
+    def origin(url)
+      parsed = URI.parse(url.to_s)
+      return nil unless ["http", "https"].include?(parsed.scheme)
+      port = parsed.port
+      default_port = (parsed.scheme == "http" && port == 80) || (parsed.scheme == "https" && port == 443)
+      default_port ? "#{parsed.scheme}://#{parsed.host}" : "#{parsed.scheme}://#{parsed.host}:#{port}"
+    rescue URI::InvalidURIError
+      nil
+    end
+    def uri_host(url)
+      parsed = URI.parse(url.to_s)
+      return nil unless parsed.host
+      default_port = (parsed.scheme == "http" && parsed.port == 80) || (parsed.scheme == "https" && parsed.port == 443)
+      default_port ? parsed.host : "#{parsed.host}:#{parsed.port}"
+    rescue URI::InvalidURIError
+      nil
+    end
+    def uri_scheme(url)
+      URI.parse(url.to_s).scheme
+    rescue URI::InvalidURIError
+      nil
+    end
+    def normalize_host_pattern_value(value)
+      value.to_s.sub(%r{\Ahttps?://}i, "").split("/").first.to_s.downcase
+    end
+    def headers_from_source(source)
+      return {} unless source
+      return source.headers if source.respond_to?(:headers)
+      return rack_request_headers(source) if source.respond_to?(:get_header)
+      return source if source.is_a?(Hash)
+      {}
+    end
+    def header_value(headers, key)
+      if headers.respond_to?(:get)
+        headers.get(key)
+      else
+        headers[key] || headers[key.to_s] || headers[key.to_s.downcase] || headers[key.to_s.upcase] || headers[key.tr("-", "_").upcase]
+      end
+    end
+    def source_url(source)
+      return source.url if source.respond_to?(:url)
+      source.get_header("REQUEST_URI") if source.respond_to?(:get_header)
+    end
+    def dynamic_config?(config)
+      config.is_a?(Hash) && (config.key?(:allowed_hosts) || config.key?("allowed_hosts") || config.key?(:allowedHosts) || config.key?("allowedHosts"))
+    end
+    def env_base_url(base_path)
+      url = ENV["BETTER_AUTH_URL"] || ENV["NEXT_PUBLIC_BETTER_AUTH_URL"] || ENV["PUBLIC_BETTER_AUTH_URL"] || ENV["NUXT_PUBLIC_BETTER_AUTH_URL"] || ENV["NUXT_PUBLIC_AUTH_URL"]
+      url ||= ENV["BASE_URL"] if ENV["BASE_URL"] && ENV["BASE_URL"] != "/"
+      url ? with_path(url, base_path) : nil
+    end
+    def loopback_for_dev_scheme?(host)
+      hostname = host.to_s.sub(/:\d+\z/, "").sub(/\A\[/, "").sub(/\]\z/, "").downcase
+      hostname == "localhost" || hostname.end_with?(".localhost") || hostname == "::1" || hostname.start_with?("127.")
+    end
+    def valid_port?(host)
+      port = host[/:(\d{1,5})\z/, 1]
+      return true unless port
+      port.to_i.between?(1, 65_535)
+    end
+    def rack_request_headers(source)
+      {
+        "x-forwarded-host" => source.get_header("HTTP_X_FORWARDED_HOST"),
+        "x-forwarded-proto" => source.get_header("HTTP_X_FORWARDED_PROTO"),
+        "host" => source.get_header("HTTP_HOST")
+      }.compact
+    end
+  end
+end

data/lib/better_auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module BetterAuth
-  VERSION = "0.3.0"
+  VERSION = "0.5.0"
 end

data/lib/better_auth.rb CHANGED Viewed

@@ -4,7 +4,17 @@ require_relative "better_auth/version"
 require_relative "better_auth/core"
 require_relative "better_auth/error"
 require_relative "better_auth/api_error"
+require_relative "better_auth/secret_config"
 require_relative "better_auth/crypto"
+require_relative "better_auth/host"
+require_relative "better_auth/url_helpers"
+require_relative "better_auth/request_state"
+require_relative "better_auth/response"
+require_relative "better_auth/async"
+require_relative "better_auth/deprecate"
+require_relative "better_auth/logger"
+require_relative "better_auth/instrumentation"
+require_relative "better_auth/oauth2"
 require_relative "better_auth/password"
 require_relative "better_auth/plugin"
 require_relative "better_auth/configuration"
@@ -40,6 +50,7 @@ require_relative "better_auth/plugins/one_time_token"
 require_relative "better_auth/plugins/one_tap"
 require_relative "better_auth/plugins/siwe"
 require_relative "better_auth/plugins/generic_oauth"
+require_relative "better_auth/plugins/dub"
 require_relative "better_auth/plugins/oauth_proxy"
 require_relative "better_auth/plugins/passkey"
 require_relative "better_auth/plugins/organization/schema"
@@ -68,6 +79,7 @@ require_relative "better_auth/session_store"
 require_relative "better_auth/cookies"
 require_relative "better_auth/session"
 require_relative "better_auth/endpoint"
+require_relative "better_auth/routes/validation"
 require_relative "better_auth/routes/ok"
 require_relative "better_auth/routes/error"
 require_relative "better_auth/routes/sign_up"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: better_auth
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Sebastian Sala
@@ -268,6 +268,7 @@ files:
 - lib/better_auth/adapters/sqlite.rb
 - lib/better_auth/api.rb
 - lib/better_auth/api_error.rb
+- lib/better_auth/async.rb
 - lib/better_auth/auth.rb
 - lib/better_auth/configuration.rb
 - lib/better_auth/context.rb
@@ -276,9 +277,14 @@ files:
 - lib/better_auth/crypto.rb
 - lib/better_auth/crypto/jwe.rb
 - lib/better_auth/database_hooks.rb
+- lib/better_auth/deprecate.rb
 - lib/better_auth/endpoint.rb
 - lib/better_auth/error.rb
+- lib/better_auth/host.rb
+- lib/better_auth/instrumentation.rb
+- lib/better_auth/logger.rb
 - lib/better_auth/middleware/origin_check.rb
+- lib/better_auth/oauth2.rb
 - lib/better_auth/password.rb
 - lib/better_auth/plugin.rb
 - lib/better_auth/plugin_context.rb
@@ -294,6 +300,7 @@ files:
 - lib/better_auth/plugins/captcha.rb
 - lib/better_auth/plugins/custom_session.rb
 - lib/better_auth/plugins/device_authorization.rb
+- lib/better_auth/plugins/dub.rb
 - lib/better_auth/plugins/email_otp.rb
 - lib/better_auth/plugins/expo.rb
 - lib/better_auth/plugins/generic_oauth.rb
@@ -302,6 +309,16 @@ files:
 - lib/better_auth/plugins/last_login_method.rb
 - lib/better_auth/plugins/magic_link.rb
 - lib/better_auth/plugins/mcp.rb
+- lib/better_auth/plugins/mcp/authorization.rb
+- lib/better_auth/plugins/mcp/config.rb
+- lib/better_auth/plugins/mcp/consent.rb
+- lib/better_auth/plugins/mcp/legacy_aliases.rb
+- lib/better_auth/plugins/mcp/metadata.rb
+- lib/better_auth/plugins/mcp/registration.rb
+- lib/better_auth/plugins/mcp/resource_handler.rb
+- lib/better_auth/plugins/mcp/schema.rb
+- lib/better_auth/plugins/mcp/token.rb
+- lib/better_auth/plugins/mcp/userinfo.rb
 - lib/better_auth/plugins/multi_session.rb
 - lib/better_auth/plugins/oauth_protocol.rb
 - lib/better_auth/plugins/oauth_provider.rb
@@ -322,6 +339,8 @@ files:
 - lib/better_auth/plugins/username.rb
 - lib/better_auth/rate_limiter.rb
 - lib/better_auth/request_ip.rb
+- lib/better_auth/request_state.rb
+- lib/better_auth/response.rb
 - lib/better_auth/router.rb
 - lib/better_auth/routes/account.rb
 - lib/better_auth/routes/email_verification.rb
@@ -334,8 +353,10 @@ files:
 - lib/better_auth/routes/sign_up.rb
 - lib/better_auth/routes/social.rb
 - lib/better_auth/routes/user.rb
+- lib/better_auth/routes/validation.rb
 - lib/better_auth/schema.rb
 - lib/better_auth/schema/sql.rb
+- lib/better_auth/secret_config.rb
 - lib/better_auth/session.rb
 - lib/better_auth/session_store.rb
 - lib/better_auth/social_providers.rb
@@ -375,6 +396,7 @@ files:
 - lib/better_auth/social_providers/vk.rb
 - lib/better_auth/social_providers/wechat.rb
 - lib/better_auth/social_providers/zoom.rb
+- lib/better_auth/url_helpers.rb
 - lib/better_auth/version.rb
 homepage: https://github.com/sebasxsala/better-auth
 licenses: