@better-auth/core 1.3.28 → 1.4.0-beta.11

package/dist/index-OrTFOyAG.d.ts

@@ -0,0 +1,1871 @@
+import { LiteralString, LiteralUnion } from "./helper-Dm5AtPVS.js";
+import { Account, BetterAuthDBSchema, BetterAuthPluginDBSchema, DBFieldAttribute, DBPreservedModels, RateLimit, SecondaryStorage, Session, User, Verification } from "./index-Cmh0x42V.js";
+import { OAuthProvider } from "./index-ChlC5Vy3.js";
+import { SocialProviderList, SocialProviders } from "./index-BPsqLi68.js";
+import { Logger, createLogger } from "./index-CsHMVqbX.js";
+import * as better_call0 from "better-call";
+import { CookieOptions, Endpoint, EndpointContext, EndpointOptions, InputContext, Middleware } from "better-call";
+import { BetterFetch, BetterFetchOption, BetterFetchPlugin } from "@better-fetch/fetch";
+import { Dialect, Kysely, Migration, MysqlPool, PostgresPool } from "kysely";
+import { Database } from "better-sqlite3";
+import { Database as Database$1 } from "bun:sqlite";
+import { DatabaseSync } from "node:sqlite";
+import { Atom, WritableAtom } from "nanostores";
+
+//#region src/db/adapter/index.d.ts
+type DBAdapterDebugLogOption = boolean | {
+  /**
+   * Useful when you want to log only certain conditions.
+   */
+  logCondition?: (() => boolean) | undefined;
+  create?: boolean;
+  update?: boolean;
+  updateMany?: boolean;
+  findOne?: boolean;
+  findMany?: boolean;
+  delete?: boolean;
+  deleteMany?: boolean;
+  count?: boolean;
+} | {
+  /**
+   * Only used for adapter tests to show debug logs if a test fails.
+   *
+   * @deprecated Not actually deprecated. Doing this for IDEs to show this option at the very bottom and stop end-users from using this.
+   */
+  isRunningAdapterTests: boolean;
+};
+type DBAdapterSchemaCreation = {
+  /**
+   * Code to be inserted into the file
+   */
+  code: string;
+  /**
+   * Path to the file, including the file name and extension.
+   * Relative paths are supported, with the current working directory of the developer's project as the base.
+   */
+  path: string;
+  /**
+   * Append the file if it already exists.
+   * Note: This will not apply if `overwrite` is set to true.
+   */
+  append?: boolean;
+  /**
+   * Overwrite the file if it already exists
+   */
+  overwrite?: boolean;
+};
+interface DBAdapterFactoryConfig<Options extends BetterAuthOptions = BetterAuthOptions> {
+  /**
+   * Use plural table names.
+   *
+   * All tables will be named with an `s` at the end.
+   *
+   * @default false
+   */
+  usePlural?: boolean;
+  /**
+   * Enable debug logs.
+   *
+   * @default false
+   */
+  debugLogs?: DBAdapterDebugLogOption;
+  /**
+   * Name of the adapter.
+   *
+   * This is used to identify the adapter in the debug logs.
+   *
+   * @default `adapterId`
+   */
+  adapterName?: string;
+  /**
+   * Adapter id
+   */
+  adapterId: string;
+  /**
+   * If the database supports numeric ids, set this to `true`.
+   *
+   * @default true
+   */
+  supportsNumericIds?: boolean;
+  /**
+   * If the database doesn't support JSON columns, set this to `false`.
+   *
+   * We will handle the translation between using `JSON` columns, and saving `string`s to the database.
+   *
+   * @default false
+   */
+  supportsJSON?: boolean;
+  /**
+   * If the database doesn't support dates, set this to `false`.
+   *
+   * We will handle the translation between using `Date` objects, and saving `string`s to the database.
+   *
+   * @default true
+   */
+  supportsDates?: boolean;
+  /**
+   * If the database doesn't support booleans, set this to `false`.
+   *
+   * We will handle the translation between using `boolean`s, and saving `0`s and `1`s to the database.
+   *
+   * @default true
+   */
+  supportsBooleans?: boolean;
+  /**
+   * Execute multiple operations in a transaction.
+   *
+   * If the database doesn't support transactions, set this to `false` and operations will be executed sequentially.
+   *
+   * @default false
+   */
+  transaction?: false | (<R>(callback: (trx: DBTransactionAdapter<Options>) => Promise<R>) => Promise<R>);
+  /**
+   * Disable id generation for the `create` method.
+   *
+   * This is useful for databases that don't support custom id values and would auto-generate them for you.
+   *
+   * @default false
+   */
+  disableIdGeneration?: boolean;
+  /**
+   * Map the keys of the input data.
+   *
+   * This is useful for databases that expect a different key name for a given situation.
+   *
+   * For example, MongoDB uses `_id` while in Better-Auth we use `id`.
+   *
+   *
+   * @example
+   * Each key represents the old key to replace.
+   * The value represents the new key
+   *
+   * This can be a partial object that only transforms some keys.
+   *
+   * ```ts
+   * mapKeysTransformInput: {
+   *  id: "_id" // We want to replace `id` to `_id` to save into MongoDB
+   * }
+   * ```
+   */
+  mapKeysTransformInput?: Record<string, string>;
+  /**
+   * Map the keys of the output data.
+   *
+   * This is useful for databases that expect a different key name for a given situation.
+   *
+   * For example, MongoDB uses `_id` while in Better-Auth we use `id`.
+   *
+   * @example
+   * Each key represents the old key to replace.
+   * The value represents the new key
+   *
+   * This can be a partial object that only transforms some keys.
+   *
+   * ```ts
+   * mapKeysTransformOutput: {
+   *  _id: "id" // In MongoDB, we save `id` as `_id`. So we want to replace `_id` with `id` when we get the data back.
+   * }
+   * ```
+   */
+  mapKeysTransformOutput?: Record<string, string>;
+  /**
+   * Custom transform input function.
+   *
+   * This function is used to transform the input data before it is saved to the database.
+   */
+  customTransformInput?: (props: {
+    data: any;
+    /**
+     * The fields of the model.
+     */
+    fieldAttributes: DBFieldAttribute;
+    /**
+     * The field to transform.
+     */
+    field: string;
+    /**
+     * The action which was called from the adapter.
+     */
+    action: "create" | "update";
+    /**
+     * The model name.
+     */
+    model: string;
+    /**
+     * The schema of the user's Better-Auth instance.
+     */
+    schema: BetterAuthDBSchema;
+    /**
+     * The options of the user's Better-Auth instance.
+     */
+    options: Options;
+  }) => any;
+  /**
+   * Custom transform output function.
+   *
+   * This function is used to transform the output data before it is returned to the user.
+   */
+  customTransformOutput?: (props: {
+    data: any;
+    /**
+     * The fields of the model.
+     */
+    fieldAttributes: DBFieldAttribute;
+    /**
+     * The field to transform.
+     */
+    field: string;
+    /**
+     * The fields to select.
+     */
+    select: string[];
+    /**
+     * The model name.
+     */
+    model: string;
+    /**
+     * The schema of the user's Better-Auth instance.
+     */
+    schema: BetterAuthDBSchema;
+    /**
+     * The options of the user's Better-Auth instance.
+     */
+    options: Options;
+  }) => any;
+  /**
+   * Custom ID generator function.
+   *
+   * By default, we can handle ID generation for you, however if the database your adapter is for only supports a specific custom id generation,
+   * then you can use this function to generate your own IDs.
+   *
+   *
+   * Notes:
+   * - If the user enabled `useNumberId`, then this option will be ignored. Unless this adapter config has `supportsNumericIds` set to `false`.
+   * - If `generateId` is `false` in the user's Better-Auth config, then this option will be ignored.
+   * - If `generateId` is a function, then it will override this option.
+   *
+   * @example
+   *
+   * ```ts
+   * customIdGenerator: ({ model }) => {
+   *  return "my-super-unique-id";
+   * }
+   * ```
+   */
+  customIdGenerator?: (props: {
+    model: string;
+  }) => string;
+  /**
+   * Whether to disable the transform output.
+   * Do not use this option unless you know what you are doing.
+   * @default false
+   */
+  disableTransformOutput?: boolean;
+  /**
+   * Whether to disable the transform input.
+   * Do not use this option unless you know what you are doing.
+   * @default false
+   */
+  disableTransformInput?: boolean;
+}
+type Where = {
+  /**
+   * @default eq
+   */
+  operator?: "eq" | "ne" | "lt" | "lte" | "gt" | "gte" | "in" | "not_in" | "contains" | "starts_with" | "ends_with";
+  value: string | number | boolean | string[] | number[] | Date | null;
+  field: string;
+  /**
+   * @default AND
+   */
+  connector?: "AND" | "OR";
+};
+type DBTransactionAdapter<Options extends BetterAuthOptions = BetterAuthOptions> = Omit<DBAdapter<Options>, "transaction">;
+type DBAdapter<Options extends BetterAuthOptions = BetterAuthOptions> = {
+  id: string;
+  create: <T extends Record<string, any>, R = T>(data: {
+    model: string;
+    data: Omit<T, "id">;
+    select?: string[];
+    /**
+     * By default, any `id` provided in `data` will be ignored.
+     *
+     * If you want to force the `id` to be the same as the `data.id`, set this to `true`.
+     */
+    forceAllowId?: boolean;
+  }) => Promise<R>;
+  findOne: <T>(data: {
+    model: string;
+    where: Where[];
+    select?: string[];
+  }) => Promise<T | null>;
+  findMany: <T>(data: {
+    model: string;
+    where?: Where[];
+    limit?: number;
+    sortBy?: {
+      field: string;
+      direction: "asc" | "desc";
+    };
+    offset?: number;
+  }) => Promise<T[]>;
+  count: (data: {
+    model: string;
+    where?: Where[];
+  }) => Promise<number>;
+  /**
+   * ⚠︎ Update may not return the updated data
+   * if multiple where clauses are provided
+   */
+  update: <T>(data: {
+    model: string;
+    where: Where[];
+    update: Record<string, any>;
+  }) => Promise<T | null>;
+  updateMany: (data: {
+    model: string;
+    where: Where[];
+    update: Record<string, any>;
+  }) => Promise<number>;
+  delete: <T>(data: {
+    model: string;
+    where: Where[];
+  }) => Promise<void>;
+  deleteMany: (data: {
+    model: string;
+    where: Where[];
+  }) => Promise<number>;
+  /**
+   * Execute multiple operations in a transaction.
+   * If the adapter doesn't support transactions, operations will be executed sequentially.
+   */
+  transaction: <R>(callback: (trx: DBTransactionAdapter<Options>) => Promise<R>) => Promise<R>;
+  /**
+   *
+   * @param options
+   * @param file - file path if provided by the user
+   */
+  createSchema?: (options: Options, file?: string) => Promise<DBAdapterSchemaCreation>;
+  options?: {
+    adapterConfig: DBAdapterFactoryConfig<Options>;
+  } & CustomAdapter["options"];
+};
+type CleanedWhere = Required<Where>;
+interface CustomAdapter {
+  create: <T extends Record<string, any>>({
+    data,
+    model,
+    select
+  }: {
+    model: string;
+    data: T;
+    select?: string[];
+  }) => Promise<T>;
+  update: <T>(data: {
+    model: string;
+    where: CleanedWhere[];
+    update: T;
+  }) => Promise<T | null>;
+  updateMany: (data: {
+    model: string;
+    where: CleanedWhere[];
+    update: Record<string, any>;
+  }) => Promise<number>;
+  findOne: <T>({
+    model,
+    where,
+    select
+  }: {
+    model: string;
+    where: CleanedWhere[];
+    select?: string[];
+  }) => Promise<T | null>;
+  findMany: <T>({
+    model,
+    where,
+    limit,
+    sortBy,
+    offset
+  }: {
+    model: string;
+    where?: CleanedWhere[];
+    limit: number;
+    sortBy?: {
+      field: string;
+      direction: "asc" | "desc";
+    };
+    offset?: number;
+  }) => Promise<T[]>;
+  delete: ({
+    model,
+    where
+  }: {
+    model: string;
+    where: CleanedWhere[];
+  }) => Promise<void>;
+  deleteMany: ({
+    model,
+    where
+  }: {
+    model: string;
+    where: CleanedWhere[];
+  }) => Promise<number>;
+  count: ({
+    model,
+    where
+  }: {
+    model: string;
+    where?: CleanedWhere[];
+  }) => Promise<number>;
+  createSchema?: (props: {
+    /**
+     * The file the user may have passed in to the `generate` command as the expected schema file output path.
+     */
+    file?: string;
+    /**
+     * The tables from the user's Better-Auth instance schema.
+     */
+    tables: BetterAuthDBSchema;
+  }) => Promise<DBAdapterSchemaCreation>;
+  /**
+   * Your adapter's options.
+   */
+  options?: Record<string, any> | undefined;
+}
+interface DBAdapterInstance<Options extends BetterAuthOptions = BetterAuthOptions> {
+  (options: BetterAuthOptions): DBAdapter<Options>;
+}
+//#endregion
+//#region src/types/cookie.d.ts
+type BetterAuthCookies = {
+  sessionToken: {
+    name: string;
+    options: CookieOptions;
+  };
+  sessionData: {
+    name: string;
+    options: CookieOptions;
+  };
+  dontRememberToken: {
+    name: string;
+    options: CookieOptions;
+  };
+};
+//#endregion
+//#region src/types/context.d.ts
+type GenericEndpointContext<Options extends BetterAuthOptions = BetterAuthOptions> = EndpointContext<string, any> & {
+  context: AuthContext<Options>;
+};
+interface InternalAdapter<Options extends BetterAuthOptions = BetterAuthOptions> {
+  createOAuthUser(user: Omit<User, "id" | "createdAt" | "updatedAt">, account: Omit<Account, "userId" | "id" | "createdAt" | "updatedAt"> & Partial<Account>): Promise<{
+    user: User;
+    account: Account;
+  }>;
+  createUser<T extends Record<string, any>>(user: Omit<User, "id" | "createdAt" | "updatedAt" | "emailVerified"> & Partial<User> & Record<string, any>): Promise<T & User>;
+  createAccount<T extends Record<string, any>>(account: Omit<Account, "id" | "createdAt" | "updatedAt"> & Partial<Account> & T): Promise<T & Account>;
+  listSessions(userId: string): Promise<Session[]>;
+  listUsers(limit?: number, offset?: number, sortBy?: {
+    field: string;
+    direction: "asc" | "desc";
+  }, where?: Where[]): Promise<User[]>;
+  countTotalUsers(where?: Where[]): Promise<number>;
+  deleteUser(userId: string): Promise<void>;
+  createSession(userId: string, dontRememberMe?: boolean, override?: Partial<Session> & Record<string, any>, overrideAll?: boolean): Promise<Session>;
+  findSession(token: string): Promise<{
+    session: Session & Record<string, any>;
+    user: User & Record<string, any>;
+  } | null>;
+  findSessions(sessionTokens: string[]): Promise<{
+    session: Session;
+    user: User;
+  }[]>;
+  updateSession(sessionToken: string, session: Partial<Session> & Record<string, any>): Promise<Session | null>;
+  deleteSession(token: string): Promise<void>;
+  deleteAccounts(userId: string): Promise<void>;
+  deleteAccount(accountId: string): Promise<void>;
+  deleteSessions(userIdOrSessionTokens: string | string[]): Promise<void>;
+  findOAuthUser(email: string, accountId: string, providerId: string): Promise<{
+    user: User;
+    accounts: Account[];
+  } | null>;
+  findUserByEmail(email: string, options?: {
+    includeAccounts: boolean;
+  }): Promise<{
+    user: User;
+    accounts: Account[];
+  } | null>;
+  findUserById(userId: string): Promise<User | null>;
+  linkAccount(account: Omit<Account, "id" | "createdAt" | "updatedAt"> & Partial<Account>): Promise<Account>;
+  updateUser(userId: string, data: Partial<User> & Record<string, any>): Promise<any>;
+  updateUserByEmail(email: string, data: Partial<User & Record<string, any>>): Promise<User>;
+  updatePassword(userId: string, password: string): Promise<void>;
+  findAccounts(userId: string): Promise<Account[]>;
+  findAccount(accountId: string): Promise<Account | null>;
+  findAccountByProviderId(accountId: string, providerId: string): Promise<Account | null>;
+  findAccountByUserId(userId: string): Promise<Account[]>;
+  updateAccount(id: string, data: Partial<Account>): Promise<Account>;
+  createVerificationValue(data: Omit<Verification, "createdAt" | "id" | "updatedAt"> & Partial<Verification>): Promise<Verification>;
+  findVerificationValue(identifier: string): Promise<Verification | null>;
+  deleteVerificationValue(id: string): Promise<void>;
+  deleteVerificationByIdentifier(identifier: string): Promise<void>;
+  updateVerificationValue(id: string, data: Partial<Verification>): Promise<Verification>;
+}
+type CreateCookieGetterFn = (cookieName: string, overrideAttributes?: Partial<CookieOptions>) => {
+  name: string;
+  attributes: CookieOptions;
+};
+type CheckPasswordFn<Options extends BetterAuthOptions = BetterAuthOptions> = (userId: string, ctx: GenericEndpointContext<Options>) => Promise<boolean>;
+type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> = {
+  options: Options;
+  appName: string;
+  baseURL: string;
+  trustedOrigins: string[];
+  oauthConfig?: {
+    /**
+     * This is dangerous and should only be used in dev or staging environments.
+     */
+    skipStateCookieCheck?: boolean;
+  };
+  /**
+   * New session that will be set after the request
+   * meaning: there is a `set-cookie` header that will set
+   * the session cookie. This is the fetched session. And it's set
+   * by `setNewSession` method.
+   */
+  newSession: {
+    session: Session & Record<string, any>;
+    user: User & Record<string, any>;
+  } | null;
+  session: {
+    session: Session & Record<string, any>;
+    user: User & Record<string, any>;
+  } | null;
+  setNewSession: (session: {
+    session: Session & Record<string, any>;
+    user: User & Record<string, any>;
+  } | null) => void;
+  socialProviders: OAuthProvider[];
+  authCookies: BetterAuthCookies;
+  logger: ReturnType<typeof createLogger>;
+  rateLimit: {
+    enabled: boolean;
+    window: number;
+    max: number;
+    storage: "memory" | "database" | "secondary-storage";
+  } & BetterAuthRateLimitOptions;
+  adapter: DBAdapter<Options>;
+  internalAdapter: InternalAdapter<Options>;
+  createAuthCookie: CreateCookieGetterFn;
+  secret: string;
+  sessionConfig: {
+    updateAge: number;
+    expiresIn: number;
+    freshAge: number;
+  };
+  generateId: (options: {
+    model: LiteralUnion<DBPreservedModels, string>;
+    size?: number;
+  }) => string | false;
+  secondaryStorage: SecondaryStorage | undefined;
+  password: {
+    hash: (password: string) => Promise<string>;
+    verify: (data: {
+      password: string;
+      hash: string;
+    }) => Promise<boolean>;
+    config: {
+      minPasswordLength: number;
+      maxPasswordLength: number;
+    };
+    checkPassword: CheckPasswordFn<Options>;
+  };
+  tables: BetterAuthDBSchema;
+  runMigrations: () => Promise<void>;
+  publishTelemetry: (event: {
+    type: string;
+    anonymousId?: string;
+    payload: Record<string, any>;
+  }) => Promise<void>;
+};
+//#endregion
+//#region src/types/init-options.d.ts
+type KyselyDatabaseType = "postgres" | "mysql" | "sqlite" | "mssql";
+type OmitId<T extends {
+  id: unknown;
+}> = Omit<T, "id">;
+type Optional<T> = { [P in keyof T]?: T[P] | undefined };
+type GenerateIdFn = (options: {
+  model: LiteralUnion<DBPreservedModels, string>;
+  size?: number;
+}) => string | false;
+type BetterAuthRateLimitOptions = {
+  /**
+   * By default, rate limiting is only
+   * enabled on production.
+   */
+  enabled?: boolean;
+  /**
+   * Default window to use for rate limiting. The value
+   * should be in seconds.
+   *
+   * @default 10 seconds
+   */
+  window?: number;
+  /**
+   * The default maximum number of requests allowed within the window.
+   *
+   * @default 100 requests
+   */
+  max?: number;
+  /**
+   * Custom rate limit rules to apply to
+   * specific paths.
+   */
+  customRules?: {
+    [key: string]: {
+      /**
+       * The window to use for the custom rule.
+       */
+      window: number;
+      /**
+       * The maximum number of requests allowed within the window.
+       */
+      max: number;
+    } | false | ((request: Request) => {
+      window: number;
+      max: number;
+    } | false | Promise<{
+      window: number;
+      max: number;
+    } | false>);
+  };
+  /**
+   * Storage configuration
+   *
+   * By default, rate limiting is stored in memory. If you passed a
+   * secondary storage, rate limiting will be stored in the secondary
+   * storage.
+   *
+   * @default "memory"
+   */
+  storage?: "memory" | "database" | "secondary-storage";
+  /**
+   * If database is used as storage, the name of the table to
+   * use for rate limiting.
+   *
+   * @default "rateLimit"
+   */
+  modelName?: string;
+  /**
+   * Custom field names for the rate limit table
+   */
+  fields?: Record<keyof RateLimit, string>;
+  /**
+   * custom storage configuration.
+   *
+   * NOTE: If custom storage is used storage
+   * is ignored
+   */
+  customStorage?: {
+    get: (key: string) => Promise<RateLimit | undefined>;
+    set: (key: string, value: RateLimit) => Promise<void>;
+  };
+};
+type BetterAuthAdvancedOptions = {
+  /**
+   * Ip address configuration
+   */
+  ipAddress?: {
+    /**
+     * List of headers to use for ip address
+     *
+     * Ip address is used for rate limiting and session tracking
+     *
+     * @example ["x-client-ip", "x-forwarded-for", "cf-connecting-ip"]
+     *
+     * @default
+     * @link https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/utils/get-request-ip.ts#L8
+     */
+    ipAddressHeaders?: string[];
+    /**
+     * Disable ip tracking
+     *
+     * ⚠︎ This is a security risk and it may expose your application to abuse
+     */
+    disableIpTracking?: boolean;
+  };
+  /**
+   * Use secure cookies
+   *
+   * @default false
+   */
+  useSecureCookies?: boolean;
+  /**
+   * Disable trusted origins check
+   *
+   * ⚠︎ This is a security risk and it may expose your application to CSRF attacks
+   */
+  disableCSRFCheck?: boolean;
+  /**
+   * Configure cookies to be cross subdomains
+   */
+  crossSubDomainCookies?: {
+    /**
+     * Enable cross subdomain cookies
+     */
+    enabled: boolean;
+    /**
+     * Additional cookies to be shared across subdomains
+     */
+    additionalCookies?: string[];
+    /**
+     * The domain to use for the cookies
+     *
+     * By default, the domain will be the root
+     * domain from the base URL.
+     */
+    domain?: string;
+  };
+  cookies?: {
+    [key: string]: {
+      name?: string;
+      attributes?: CookieOptions;
+    };
+  };
+  defaultCookieAttributes?: CookieOptions;
+  /**
+   * Prefix for cookies. If a cookie name is provided
+   * in cookies config, this will be overridden.
+   *
+   * @default
+   * ```txt
+   * "appName" -> which defaults to "better-auth"
+   * ```
+   */
+  cookiePrefix?: string;
+  /**
+   * Database configuration.
+   */
+  database?: {
+    /**
+     * The default number of records to return from the database
+     * when using the `findMany` adapter method.
+     *
+     * @default 100
+     */
+    defaultFindManyLimit?: number;
+    /**
+     * If your database auto increments number ids, set this to `true`.
+     *
+     * Note: If enabled, we will not handle ID generation (including if you use `generateId`), and it would be expected that your database will provide the ID automatically.
+     *
+     * @default false
+     */
+    useNumberId?: boolean;
+    /**
+     * Custom generateId function.
+     *
+     * If not provided, random ids will be generated.
+     * If set to false, the database's auto generated id will be used.
+     */
+    generateId?: GenerateIdFn | false;
+  };
+};
+type BetterAuthOptions = {
+  /**
+   * The name of the application
+   *
+   * process.env.APP_NAME
+   *
+   * @default "Better Auth"
+   */
+  appName?: string;
+  /**
+   * Base URL for the Better Auth. This is typically the
+   * root URL where your application server is hosted.
+   * If not explicitly set,
+   * the system will check the following environment variable:
+   *
+   * process.env.BETTER_AUTH_URL
+   */
+  baseURL?: string;
+  /**
+   * Base path for the Better Auth. This is typically
+   * the path where the
+   * Better Auth routes are mounted.
+   *
+   * @default "/api/auth"
+   */
+  basePath?: string;
+  /**
+   * The secret to use for encryption,
+   * signing and hashing.
+   *
+   * By default Better Auth will look for
+   * the following environment variables:
+   * process.env.BETTER_AUTH_SECRET,
+   * process.env.AUTH_SECRET
+   * If none of these environment
+   * variables are set,
+   * it will default to
+   * "better-auth-secret-123456789".
+   *
+   * on production if it's not set
+   * it will throw an error.
+   *
+   * you can generate a good secret
+   * using the following command:
+   * @example
+   * ```bash
+   * openssl rand -base64 32
+   * ```
+   */
+  secret?: string;
+  /**
+   * Database configuration
+   */
+  database?: PostgresPool | MysqlPool | Database | Dialect | DBAdapterInstance | Database$1 | DatabaseSync | {
+    dialect: Dialect;
+    type: KyselyDatabaseType;
+    /**
+     * casing for table names
+     *
+     * @default "camel"
+     */
+    casing?: "snake" | "camel";
+    /**
+     * Enable debug logs for the adapter
+     *
+     * @default false
+     */
+    debugLogs?: DBAdapterDebugLogOption;
+    /**
+     * Whether to execute multiple operations in a transaction.
+     * If the database doesn't support transactions,
+     * set this to `false` and operations will be executed sequentially.
+     * @default true
+     */
+    transaction?: boolean;
+  } | {
+    /**
+     * Kysely instance
+     */
+    db: Kysely<any>;
+    /**
+     * Database type between postgres, mysql and sqlite
+     */
+    type: KyselyDatabaseType;
+    /**
+     * casing for table names
+     *
+     * @default "camel"
+     */
+    casing?: "snake" | "camel";
+    /**
+     * Enable debug logs for the adapter
+     *
+     * @default false
+     */
+    debugLogs?: DBAdapterDebugLogOption;
+    /**
+     * Whether to execute multiple operations in a transaction.
+     * If the database doesn't support transactions,
+     * set this to `false` and operations will be executed sequentially.
+     * @default true
+     */
+    transaction?: boolean;
+  };
+  /**
+   * Secondary storage configuration
+   *
+   * This is used to store session and rate limit data.
+   */
+  secondaryStorage?: SecondaryStorage;
+  /**
+   * Email verification configuration
+   */
+  emailVerification?: {
+    /**
+     * Send a verification email
+     * @param data the data object
+     * @param request the request object
+     */
+    sendVerificationEmail?: (
+    /**
+     * @param user the user to send the
+     * verification email to
+     * @param url the URL to send the verification email to
+     * it contains the token as well
+     * @param token the token to send the verification email to
+     */
+    data: {
+      user: User;
+      url: string;
+      token: string;
+    },
+    /**
+     * The request object
+     */
+    request?: Request) => Promise<void>;
+    /**
+     * Send a verification email automatically
+     * after sign up
+     *
+     * @default false
+     */
+    sendOnSignUp?: boolean;
+    /**
+     * Send a verification email automatically
+     * on sign in when the user's email is not verified
+     *
+     * @default false
+     */
+    sendOnSignIn?: boolean;
+    /**
+     * Auto signin the user after they verify their email
+     */
+    autoSignInAfterVerification?: boolean;
+    /**
+     * Number of seconds the verification token is
+     * valid for.
+     * @default 3600 seconds (1 hour)
+     */
+    expiresIn?: number;
+    /**
+     * A function that is called when a user verifies their email
+     * @param user the user that verified their email
+     * @param request the request object
+     */
+    onEmailVerification?: (user: User, request?: Request) => Promise<void>;
+    /**
+     * A function that is called when a user's email is updated to verified
+     * @param user the user that verified their email
+     * @param request the request object
+     */
+    afterEmailVerification?: (user: User, request?: Request) => Promise<void>;
+  };
+  /**
+   * Email and password authentication
+   */
+  emailAndPassword?: {
+    /**
+     * Enable email and password authentication
+     *
+     * @default false
+     */
+    enabled: boolean;
+    /**
+     * Disable email and password sign up
+     *
+     * @default false
+     */
+    disableSignUp?: boolean;
+    /**
+     * Require email verification before a session
+     * can be created for the user.
+     *
+     * if the user is not verified, the user will not be able to sign in
+     * and on sign in attempts, the user will be prompted to verify their email.
+     */
+    requireEmailVerification?: boolean;
+    /**
+     * The maximum length of the password.
+     *
+     * @default 128
+     */
+    maxPasswordLength?: number;
+    /**
+     * The minimum length of the password.
+     *
+     * @default 8
+     */
+    minPasswordLength?: number;
+    /**
+     * send reset password
+     */
+    sendResetPassword?: (
+    /**
+     * @param user the user to send the
+     * reset password email to
+     * @param url the URL to send the reset password email to
+     * @param token the token to send to the user (could be used instead of sending the url
+     * if you need to redirect the user to custom route)
+     */
+    data: {
+      user: User;
+      url: string;
+      token: string;
+    },
+    /**
+     * The request object
+     */
+    request?: Request) => Promise<void>;
+    /**
+     * Number of seconds the reset password token is
+     * valid for.
+     * @default 1 hour (60 * 60)
+     */
+    resetPasswordTokenExpiresIn?: number;
+    /**
+     * A callback function that is triggered
+     * when a user's password is changed successfully.
+     */
+    onPasswordReset?: (data: {
+      user: User;
+    }, request?: Request) => Promise<void>;
+    /**
+     * Password hashing and verification
+     *
+     * By default Scrypt is used for password hashing and
+     * verification. You can provide your own hashing and
+     * verification function. if you want to use a
+     * different algorithm.
+     */
+    password?: {
+      hash?: (password: string) => Promise<string>;
+      verify?: (data: {
+        hash: string;
+        password: string;
+      }) => Promise<boolean>;
+    };
+    /**
+     * Automatically sign in the user after sign up
+     *
+     * @default true
+     */
+    autoSignIn?: boolean;
+    /**
+     * Whether to revoke all other sessions when resetting password
+     * @default false
+     */
+    revokeSessionsOnPasswordReset?: boolean;
+  };
+  /**
+   * list of social providers
+   */
+  socialProviders?: SocialProviders;
+  /**
+   * List of Better Auth plugins
+   */
+  plugins?: [] | BetterAuthPlugin[];
+  /**
+   * User configuration
+   */
+  user?: {
+    /**
+     * The model name for the user. Defaults to "user".
+     */
+    modelName?: string;
+    /**
+     * Map fields
+     *
+     * @example
+     * ```ts
+     * {
+     *  userId: "user_id"
+     * }
+     * ```
+     */
+    fields?: Partial<Record<keyof OmitId<User>, string>>;
+    /**
+     * Additional fields for the user
+     */
+    additionalFields?: {
+      [key: string]: DBFieldAttribute;
+    };
+    /**
+     * Changing email configuration
+     */
+    changeEmail?: {
+      /**
+       * Enable changing email
+       * @default false
+       */
+      enabled: boolean;
+      /**
+       * Send a verification email when the user changes their email.
+       * @param data the data object
+       * @param request the request object
+       */
+      sendChangeEmailVerification?: (data: {
+        user: User;
+        newEmail: string;
+        url: string;
+        token: string;
+      }, request?: Request) => Promise<void>;
+    };
+    /**
+     * User deletion configuration
+     */
+    deleteUser?: {
+      /**
+       * Enable user deletion
+       */
+      enabled?: boolean;
+      /**
+       * Send a verification email when the user deletes their account.
+       *
+       * if this is not set, the user will be deleted immediately.
+       * @param data the data object
+       * @param request the request object
+       */
+      sendDeleteAccountVerification?: (data: {
+        user: User;
+        url: string;
+        token: string;
+      }, request?: Request) => Promise<void>;
+      /**
+       * A function that is called before a user is deleted.
+       *
+       * to interrupt with error you can throw `APIError`
+       */
+      beforeDelete?: (user: User, request?: Request) => Promise<void>;
+      /**
+       * A function that is called after a user is deleted.
+       *
+       * This is useful for cleaning up user data
+       */
+      afterDelete?: (user: User, request?: Request) => Promise<void>;
+      /**
+       * The expiration time for the delete token.
+       *
+       * @default 1 day (60 * 60 * 24) in seconds
+       */
+      deleteTokenExpiresIn?: number;
+    };
+  };
+  session?: {
+    /**
+     * The model name for the session.
+     *
+     * @default "session"
+     */
+    modelName?: string;
+    /**
+     * Map fields
+     *
+     * @example
+     * ```ts
+     * {
+     *  userId: "user_id"
+     * }
+     */
+    fields?: Partial<Record<keyof OmitId<Session>, string>>;
+    /**
+     * Expiration time for the session token. The value
+     * should be in seconds.
+     * @default 7 days (60 * 60 * 24 * 7)
+     */
+    expiresIn?: number;
+    /**
+     * How often the session should be refreshed. The value
+     * should be in seconds.
+     * If set 0 the session will be refreshed every time it is used.
+     * @default 1 day (60 * 60 * 24)
+     */
+    updateAge?: number;
+    /**
+     * Disable session refresh so that the session is not updated
+     * regardless of the `updateAge` option.
+     *
+     * @default false
+     */
+    disableSessionRefresh?: boolean;
+    /**
+     * Additional fields for the session
+     */
+    additionalFields?: {
+      [key: string]: DBFieldAttribute;
+    };
+    /**
+     * By default if secondary storage is provided
+     * the session is stored in the secondary storage.
+     *
+     * Set this to true to store the session in the database
+     * as well.
+     *
+     * Reads are always done from the secondary storage.
+     *
+     * @default false
+     */
+    storeSessionInDatabase?: boolean;
+    /**
+     * By default, sessions are deleted from the database when secondary storage
+     * is provided when session is revoked.
+     *
+     * Set this to true to preserve session records in the database,
+     * even if they are deleted from the secondary storage.
+     *
+     * @default false
+     */
+    preserveSessionInDatabase?: boolean;
+    /**
+     * Enable caching session in cookie
+     */
+    cookieCache?: {
+      /**
+       * max age of the cookie
+       * @default 5 minutes (5 * 60)
+       */
+      maxAge?: number;
+      /**
+       * Enable caching session in cookie
+       * @default false
+       */
+      enabled?: boolean;
+    };
+    /**
+     * The age of the session to consider it fresh.
+     *
+     * This is used to check if the session is fresh
+     * for sensitive operations. (e.g. deleting an account)
+     *
+     * If the session is not fresh, the user should be prompted
+     * to sign in again.
+     *
+     * If set to 0, the session will be considered fresh every time. (⚠︎ not recommended)
+     *
+     * @default 1 day (60 * 60 * 24)
+     */
+    freshAge?: number;
+  };
+  account?: {
+    /**
+     * The model name for the account. Defaults to "account".
+     */
+    modelName?: string;
+    /**
+     * Map fields
+     */
+    fields?: Partial<Record<keyof OmitId<Account>, string>>;
+    /**
+     * Additional fields for the account
+     */
+    additionalFields?: {
+      [key: string]: DBFieldAttribute;
+    };
+    /**
+     * When enabled (true), the user account data (accessToken, idToken, refreshToken, etc.)
+     * will be updated on sign in with the latest data from the provider.
+     *
+     * @default true
+     */
+    updateAccountOnSignIn?: boolean;
+    /**
+     * Configuration for account linking.
+     */
+    accountLinking?: {
+      /**
+       * Enable account linking
+       *
+       * @default true
+       */
+      enabled?: boolean;
+      /**
+       * List of trusted providers
+       */
+      trustedProviders?: Array<LiteralUnion<SocialProviderList[number] | "email-password", string>>;
+      /**
+       * If enabled (true), this will allow users to manually linking accounts with different email addresses than the main user.
+       *
+       * @default false
+       *
+       * ⚠️ Warning: enabling this might lead to account takeovers, so proceed with caution.
+       */
+      allowDifferentEmails?: boolean;
+      /**
+       * If enabled (true), this will allow users to unlink all accounts.
+       *
+       * @default false
+       */
+      allowUnlinkingAll?: boolean;
+      /**
+       * If enabled (true), this will update the user information based on the newly linked account
+       *
+       * @default false
+       */
+      updateUserInfoOnLink?: boolean;
+    };
+    /**
+     * Encrypt OAuth tokens
+     *
+     * By default, OAuth tokens (access tokens, refresh tokens, ID tokens) are stored in plain text in the database.
+     * This poses a security risk if your database is compromised, as attackers could gain access to user accounts
+     * on external services.
+     *
+     * When enabled, tokens are encrypted using AES-256-GCM before storage, providing protection against:
+     * - Database breaches and unauthorized access to raw token data
+     * - Internal threats from database administrators or compromised credentials
+     * - Token exposure in database backups and logs
+     * @default false
+     */
+    encryptOAuthTokens?: boolean;
+  };
+  /**
+   * Verification configuration
+   */
+  verification?: {
+    /**
+     * Change the modelName of the verification table
+     */
+    modelName?: string;
+    /**
+     * Map verification fields
+     */
+    fields?: Partial<Record<keyof OmitId<Verification>, string>>;
+    /**
+     * disable cleaning up expired values when a verification value is
+     * fetched
+     */
+    disableCleanup?: boolean;
+  };
+  /**
+   * List of trusted origins.
+   */
+  trustedOrigins?: string[] | ((request: Request) => string[] | Promise<string[]>);
+  /**
+   * Rate limiting configuration
+   */
+  rateLimit?: BetterAuthRateLimitOptions;
+  /**
+   * Advanced options
+   */
+  advanced?: BetterAuthAdvancedOptions & {
+    /**
+     * @deprecated Please use `database.generateId` instead.
+     */
+    generateId?: never;
+  };
+  logger?: Logger;
+  /**
+   * allows you to define custom hooks that can be
+   * executed during lifecycle of core database
+   * operations.
+   */
+  databaseHooks?: {
+    /**
+     * User hooks
+     */
+    user?: {
+      create?: {
+        /**
+         * Hook that is called before a user is created.
+         * if the hook returns false, the user will not be created.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (user: User & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<User> & Record<string, any>;
+        }>;
+        /**
+         * Hook that is called after a user is created.
+         */
+        after?: (user: User & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      update?: {
+        /**
+         * Hook that is called before a user is updated.
+         * if the hook returns false, the user will not be updated.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (user: Partial<User> & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<User & Record<string, any>>;
+        }>;
+        /**
+         * Hook that is called after a user is updated.
+         */
+        after?: (user: User & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      delete?: {
+        /**
+         * Hook that is called before a user is deleted.
+         * if the hook returns false, the user will not be deleted.
+         */
+        before?: (user: User & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void>;
+        /**
+         * Hook that is called after a user is deleted.
+         */
+        after?: (user: User & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+    };
+    /**
+     * Session Hook
+     */
+    session?: {
+      create?: {
+        /**
+         * Hook that is called before a session is created.
+         * if the hook returns false, the session will not be created.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (session: Session & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<Session> & Record<string, any>;
+        }>;
+        /**
+         * Hook that is called after a session is created.
+         */
+        after?: (session: Session & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      /**
+       * Update hook
+       */
+      update?: {
+        /**
+         * Hook that is called before a user is updated.
+         * if the hook returns false, the session will not be updated.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (session: Partial<Session> & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<Session & Record<string, any>>;
+        }>;
+        /**
+         * Hook that is called after a session is updated.
+         */
+        after?: (session: Session & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      delete?: {
+        /**
+         * Hook that is called before a session is deleted.
+         * if the hook returns false, the session will not be deleted.
+         */
+        before?: (session: Session & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void>;
+        /**
+         * Hook that is called after a session is deleted.
+         */
+        after?: (session: Session & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+    };
+    /**
+     * Account Hook
+     */
+    account?: {
+      create?: {
+        /**
+         * Hook that is called before a account is created.
+         * If the hook returns false, the account will not be created.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (account: Account, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<Account> & Record<string, any>;
+        }>;
+        /**
+         * Hook that is called after a account is created.
+         */
+        after?: (account: Account, context?: GenericEndpointContext) => Promise<void>;
+      };
+      /**
+       * Update hook
+       */
+      update?: {
+        /**
+         * Hook that is called before a account is update.
+         * If the hook returns false, the user will not be updated.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (account: Partial<Account> & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<Account & Record<string, any>>;
+        }>;
+        /**
+         * Hook that is called after a account is updated.
+         */
+        after?: (account: Account & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      delete?: {
+        /**
+         * Hook that is called before an account is deleted.
+         * if the hook returns false, the account will not be deleted.
+         */
+        before?: (account: Account & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void>;
+        /**
+         * Hook that is called after an account is deleted.
+         */
+        after?: (account: Account & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+    };
+    /**
+     * Verification Hook
+     */
+    verification?: {
+      create?: {
+        /**
+         * Hook that is called before a verification is created.
+         * if the hook returns false, the verification will not be created.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (verification: Verification & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<Verification> & Record<string, any>;
+        }>;
+        /**
+         * Hook that is called after a verification is created.
+         */
+        after?: (verification: Verification & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      update?: {
+        /**
+         * Hook that is called before a verification is updated.
+         * if the hook returns false, the verification will not be updated.
+         * If the hook returns an object, it'll be used instead of the original data
+         */
+        before?: (verification: Partial<Verification> & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void | {
+          data: Optional<Verification & Record<string, any>>;
+        }>;
+        /**
+         * Hook that is called after a verification is updated.
+         */
+        after?: (verification: Verification & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+      delete?: {
+        /**
+         * Hook that is called before a verification is deleted.
+         * if the hook returns false, the verification will not be deleted.
+         */
+        before?: (verification: Verification & Record<string, unknown>, context?: GenericEndpointContext) => Promise<boolean | void>;
+        /**
+         * Hook that is called after a verification is deleted.
+         */
+        after?: (verification: Verification & Record<string, unknown>, context?: GenericEndpointContext) => Promise<void>;
+      };
+    };
+  };
+  /**
+   * API error handling
+   */
+  onAPIError?: {
+    /**
+     * Throw an error on API error
+     *
+     * @default false
+     */
+    throw?: boolean;
+    /**
+     * Custom error handler
+     *
+     * @param error
+     * @param ctx - Auth context
+     */
+    onError?: (error: unknown, ctx: AuthContext) => void | Promise<void>;
+    /**
+     * The URL to redirect to on error
+     *
+     * When errorURL is provided, the error will be added to the URL as a query parameter
+     * and the user will be redirected to the errorURL.
+     *
+     * @default - "/api/auth/error"
+     */
+    errorURL?: string;
+  };
+  /**
+   * Hooks
+   */
+  hooks?: {
+    /**
+     * Before a request is processed
+     */
+    before?: AuthMiddleware;
+    /**
+     * After a request is processed
+     */
+    after?: AuthMiddleware;
+  };
+  /**
+   * Disabled paths
+   *
+   * Paths you want to disable.
+   */
+  disabledPaths?: string[];
+  /**
+   * Telemetry configuration
+   */
+  telemetry?: {
+    /**
+     * Enable telemetry collection
+     *
+     * @default false
+     */
+    enabled?: boolean;
+    /**
+     * Enable debug mode
+     *
+     * @default false
+     */
+    debug?: boolean;
+  };
+};
+//#endregion
+//#region src/types/plugin.d.ts
+type Awaitable<T> = T | Promise<T>;
+type DeepPartial<T> = T extends Function ? T : T extends object ? { [K in keyof T]?: DeepPartial<T[K]> } : T;
+type HookEndpointContext = EndpointContext<string, any> & Omit<InputContext<string, any>, "method"> & {
+  context: AuthContext & {
+    returned?: unknown;
+    responseHeaders?: Headers;
+  };
+  headers?: Headers | undefined;
+};
+type BetterAuthPlugin = {
+  id: LiteralString;
+  /**
+   * The init function is called when the plugin is initialized.
+   * You can return a new context or modify the existing context.
+   */
+  init?: (ctx: AuthContext) => Awaitable<{
+    context?: DeepPartial<Omit<AuthContext, "options">>;
+    options?: Partial<BetterAuthOptions>;
+  }> | void | Promise<void>;
+  endpoints?: {
+    [key: string]: Endpoint;
+  };
+  middlewares?: {
+    path: string;
+    middleware: Middleware;
+  }[];
+  onRequest?: (request: Request, ctx: AuthContext) => Promise<{
+    response: Response;
+  } | {
+    request: Request;
+  } | void>;
+  onResponse?: (response: Response, ctx: AuthContext) => Promise<{
+    response: Response;
+  } | void>;
+  hooks?: {
+    before?: {
+      matcher: (context: HookEndpointContext) => boolean;
+      handler: AuthMiddleware;
+    }[];
+    after?: {
+      matcher: (context: HookEndpointContext) => boolean;
+      handler: AuthMiddleware;
+    }[];
+  };
+  /**
+   * Schema the plugin needs
+   *
+   * This will also be used to migrate the database. If the fields are dynamic from the plugins
+   * configuration each time the configuration is changed a new migration will be created.
+   *
+   * NOTE: If you want to create migrations manually using
+   * migrations option or any other way you
+   * can disable migration per table basis.
+   *
+   * @example
+   * ```ts
+   * schema: {
+   * 	user: {
+   * 		fields: {
+   * 			email: {
+   * 				 type: "string",
+   * 			},
+   * 			emailVerified: {
+   * 				type: "boolean",
+   * 				defaultValue: false,
+   * 			},
+   * 		},
+   * 	}
+   * } as AuthPluginSchema
+   * ```
+   */
+  schema?: BetterAuthPluginDBSchema;
+  /**
+   * The migrations of the plugin. If you define schema that will automatically create
+   * migrations for you.
+   *
+   * ⚠️ Only uses this if you dont't want to use the schema option and you disabled migrations for
+   * the tables.
+   */
+  migrations?: Record<string, Migration>;
+  /**
+   * The options of the plugin
+   */
+  options?: Record<string, any> | undefined;
+  /**
+   * types to be inferred
+   */
+  $Infer?: Record<string, any>;
+  /**
+   * The rate limit rules to apply to specific paths.
+   */
+  rateLimit?: {
+    window: number;
+    max: number;
+    pathMatcher: (path: string) => boolean;
+  }[];
+  /**
+   * The error codes returned by the plugin
+   */
+  $ERROR_CODES?: Record<string, string>;
+};
+//#endregion
+//#region src/types/plugin-client.d.ts
+interface ClientStore {
+  notify: (signal: string) => void;
+  listen: (signal: string, listener: () => void) => void;
+  atoms: Record<string, WritableAtom<any>>;
+}
+type ClientAtomListener = {
+  matcher: (path: string) => boolean;
+  signal: "$sessionSignal" | Omit<string, "$sessionSignal">;
+};
+interface BetterAuthClientOptions {
+  fetchOptions?: BetterFetchOption;
+  plugins?: BetterAuthClientPlugin[];
+  baseURL?: string;
+  basePath?: string;
+  disableDefaultFetchPlugins?: boolean;
+  $InferAuth?: BetterAuthOptions;
+}
+interface BetterAuthClientPlugin {
+  id: LiteralString;
+  /**
+   * only used for type inference. don't pass the
+   * actual plugin
+   */
+  $InferServerPlugin?: BetterAuthPlugin;
+  /**
+   * Custom actions
+   */
+  getActions?: ($fetch: BetterFetch, $store: ClientStore,
+  /**
+   * better-auth client options
+   */
+  options: BetterAuthClientOptions | undefined) => Record<string, any>;
+  /**
+   * State atoms that'll be resolved by each framework
+   * auth store.
+   */
+  getAtoms?: ($fetch: BetterFetch) => Record<string, Atom<any>>;
+  /**
+   * specify path methods for server plugin inferred
+   * endpoints to force a specific method.
+   */
+  pathMethods?: Record<string, "POST" | "GET">;
+  /**
+   * Better fetch plugins
+   */
+  fetchPlugins?: BetterFetchPlugin[];
+  /**
+   * a list of recaller based on a matcher function.
+   * The signal name needs to match a signal in this
+   * plugin or any plugin the user might have added.
+   */
+  atomListeners?: ClientAtomListener[];
+}
+//#endregion
+//#region src/api/index.d.ts
+declare const optionsMiddleware: <InputCtx extends better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>>(inputContext: InputCtx) => Promise<AuthContext>;
+declare const createAuthMiddleware: {
+  <Options extends better_call0.MiddlewareOptions, R>(options: Options, handler: (ctx: better_call0.MiddlewareContext<Options, AuthContext & {
+    returned?: unknown;
+    responseHeaders?: Headers;
+  }>) => Promise<R>): (inputContext: better_call0.MiddlewareInputContext<Options>) => Promise<R>;
+  <Options extends better_call0.MiddlewareOptions, R_1>(handler: (ctx: better_call0.MiddlewareContext<Options, AuthContext & {
+    returned?: unknown;
+    responseHeaders?: Headers;
+  }>) => Promise<R_1>): (inputContext: better_call0.MiddlewareInputContext<Options>) => Promise<R_1>;
+};
+declare const createAuthEndpoint: <Path extends string, Opts extends EndpointOptions, R>(path: Path, options: Opts, handler: (ctx: EndpointContext<Path, Opts, AuthContext>) => Promise<R>) => {
+  <AsResponse extends boolean = false, ReturnHeaders extends boolean = false>(...inputCtx: better_call0.HasRequiredKeys<better_call0.InputContext<Path, Opts & {
+    use: any[];
+  }>> extends true ? [better_call0.InferBodyInput<Opts & {
+    use: any[];
+  }, (Opts & {
+    use: any[];
+  })["metadata"] extends {
+    $Infer: {
+      body: infer B;
+    };
+  } ? B : (Opts & {
+    use: any[];
+  })["body"] extends better_call0.StandardSchemaV1<unknown, unknown> ? better_call0.StandardSchemaV1.InferInput<(Opts & {
+    use: any[];
+  })["body"]> : undefined> & better_call0.InferInputMethod<Opts & {
+    use: any[];
+  }, (Opts & {
+    use: any[];
+  })["method"] extends any[] ? (Opts & {
+    use: any[];
+  })["method"][number] : (Opts & {
+    use: any[];
+  })["method"] extends "*" ? better_call0.HTTPMethod : (Opts & {
+    use: any[];
+  })["method"] | undefined> & better_call0.InferQueryInput<Opts & {
+    use: any[];
+  }, (Opts & {
+    use: any[];
+  })["metadata"] extends {
+    $Infer: {
+      query: infer Query;
+    };
+  } ? Query : (Opts & {
+    use: any[];
+  })["query"] extends better_call0.StandardSchemaV1<unknown, unknown> ? better_call0.StandardSchemaV1.InferInput<(Opts & {
+    use: any[];
+  })["query"]> : Record<string, any> | undefined> & better_call0.InferParamInput<Path> & better_call0.InferRequestInput<Opts & {
+    use: any[];
+  }> & better_call0.InferHeadersInput<Opts & {
+    use: any[];
+  }> & {
+    asResponse?: boolean;
+    returnHeaders?: boolean;
+    use?: better_call0.Middleware[];
+    path?: string;
+  } & {
+    asResponse?: AsResponse | undefined;
+    returnHeaders?: ReturnHeaders | undefined;
+  }] : [((better_call0.InferBodyInput<Opts & {
+    use: any[];
+  }, (Opts & {
+    use: any[];
+  })["metadata"] extends {
+    $Infer: {
+      body: infer B;
+    };
+  } ? B : (Opts & {
+    use: any[];
+  })["body"] extends better_call0.StandardSchemaV1<unknown, unknown> ? better_call0.StandardSchemaV1.InferInput<(Opts & {
+    use: any[];
+  })["body"]> : undefined> & better_call0.InferInputMethod<Opts & {
+    use: any[];
+  }, (Opts & {
+    use: any[];
+  })["method"] extends any[] ? (Opts & {
+    use: any[];
+  })["method"][number] : (Opts & {
+    use: any[];
+  })["method"] extends "*" ? better_call0.HTTPMethod : (Opts & {
+    use: any[];
+  })["method"] | undefined> & better_call0.InferQueryInput<Opts & {
+    use: any[];
+  }, (Opts & {
+    use: any[];
+  })["metadata"] extends {
+    $Infer: {
+      query: infer Query;
+    };
+  } ? Query : (Opts & {
+    use: any[];
+  })["query"] extends better_call0.StandardSchemaV1<unknown, unknown> ? better_call0.StandardSchemaV1.InferInput<(Opts & {
+    use: any[];
+  })["query"]> : Record<string, any> | undefined> & better_call0.InferParamInput<Path> & better_call0.InferRequestInput<Opts & {
+    use: any[];
+  }> & better_call0.InferHeadersInput<Opts & {
+    use: any[];
+  }> & {
+    asResponse?: boolean;
+    returnHeaders?: boolean;
+    use?: better_call0.Middleware[];
+    path?: string;
+  } & {
+    asResponse?: AsResponse | undefined;
+    returnHeaders?: ReturnHeaders | undefined;
+  }) | undefined)?]): Promise<[AsResponse] extends [true] ? Response : [ReturnHeaders] extends [true] ? {
+    headers: Headers;
+    response: R;
+  } : R>;
+  options: Opts & {
+    use: any[];
+  };
+  path: Path;
+};
+type AuthEndpoint = ReturnType<typeof createAuthEndpoint>;
+type AuthMiddleware = ReturnType<typeof createAuthMiddleware>;
+//#endregion
+export { AuthContext, AuthEndpoint, AuthMiddleware, BetterAuthAdvancedOptions, BetterAuthClientOptions, BetterAuthClientPlugin, BetterAuthCookies, BetterAuthOptions, BetterAuthPlugin, BetterAuthRateLimitOptions, CleanedWhere, ClientAtomListener, ClientStore, CustomAdapter, DBAdapter, DBAdapterDebugLogOption, DBAdapterFactoryConfig, DBAdapterInstance, DBAdapterSchemaCreation, DBTransactionAdapter, GenerateIdFn, GenericEndpointContext, HookEndpointContext, InternalAdapter, Where, createAuthEndpoint, createAuthMiddleware, optionsMiddleware };