@better-auth/core 1.4.0-beta.13 → 1.4.0-beta.15

package/src/types/plugin-client.ts

@@ -1,12 +1,12 @@
-import type { BetterAuthPlugin } from "./plugin";
 import type {
 	BetterFetch,
 	BetterFetchOption,
 	BetterFetchPlugin,
 } from "@better-fetch/fetch";
+import type { Atom, WritableAtom } from "nanostores";
 import type { LiteralString } from "./helper";
 import type { BetterAuthOptions } from "./init-options";
-import type { WritableAtom, Atom } from "nanostores";
+import type { BetterAuthPlugin } from "./plugin";
 
 export interface ClientStore {
 	notify: (signal: string) => void;
@@ -19,13 +19,44 @@ export type ClientAtomListener = {
 	signal: "$sessionSignal" | Omit<string, "$sessionSignal">;
 };
 
+export interface RevalidateOptions {
+	/**
+	 * A time interval (in seconds) after which the session will be re-fetched.
+	 * If set to `0` (default), the session is not polled.
+	 *
+	 * This helps prevent session expiry during idle periods by periodically
+	 * refreshing the session.
+	 *
+	 * @default 0
+	 */
+	refetchInterval?: number | undefined;
+	/**
+	 * Automatically refetch the session when the user switches back to the window/tab.
+	 * This option activates this behavior if set to `true` (default).
+	 *
+	 * Prevents expired sessions when users switch tabs and come back later.
+	 *
+	 * @default true
+	 */
+	refetchOnWindowFocus?: boolean | undefined;
+	/**
+	 * Set to `false` to stop polling when the device has no internet access
+	 * (determined by `navigator.onLine`).
+	 *
+	 * @default false
+	 * @see https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine
+	 */
+	refetchWhenOffline?: boolean | undefined;
+}
+
 export interface BetterAuthClientOptions {
-	fetchOptions?: BetterFetchOption;
-	plugins?: BetterAuthClientPlugin[];
-	baseURL?: string;
-	basePath?: string;
-	disableDefaultFetchPlugins?: boolean;
-	$InferAuth?: BetterAuthOptions;
+	fetchOptions?: BetterFetchOption | undefined;
+	plugins?: BetterAuthClientPlugin[] | undefined;
+	baseURL?: string | undefined;
+	basePath?: string | undefined;
+	disableDefaultFetchPlugins?: boolean | undefined;
+	$InferAuth?: BetterAuthOptions | undefined;
+	sessionOptions?: RevalidateOptions | undefined;
 }
 
 export interface BetterAuthClientPlugin {
@@ -34,7 +65,7 @@ export interface BetterAuthClientPlugin {
 	 * only used for type inference. don't pass the
 	 * actual plugin
 	 */
-	$InferServerPlugin?: BetterAuthPlugin;
+	$InferServerPlugin?: BetterAuthPlugin | undefined;
 	/**
 	 * Custom actions
 	 */
@@ -50,20 +81,20 @@ export interface BetterAuthClientPlugin {
 	 * State atoms that'll be resolved by each framework
 	 * auth store.
 	 */
-	getAtoms?: ($fetch: BetterFetch) => Record<string, Atom<any>>;
+	getAtoms?: (($fetch: BetterFetch) => Record<string, Atom<any>>) | undefined;
 	/**
 	 * specify path methods for server plugin inferred
 	 * endpoints to force a specific method.
 	 */
-	pathMethods?: Record<string, "POST" | "GET">;
+	pathMethods?: Record<string, "POST" | "GET"> | undefined;
 	/**
 	 * Better fetch plugins
 	 */
-	fetchPlugins?: BetterFetchPlugin[];
+	fetchPlugins?: BetterFetchPlugin[] | undefined;
 	/**
 	 * a list of recaller based on a matcher function.
 	 * The signal name needs to match a signal in this
 	 * plugin or any plugin the user might have added.
 	 */
-	atomListeners?: ClientAtomListener[];
+	atomListeners?: ClientAtomListener[] | undefined;
 }

package/src/types/plugin.ts

@@ -1,15 +1,15 @@
-import type { Migration } from "kysely";
-import type { AuthContext } from "./context";
 import type {
 	Endpoint,
 	EndpointContext,
 	InputContext,
 	Middleware,
 } from "better-call";
+import type { Migration } from "kysely";
+import type { AuthMiddleware } from "../api";
 import type { BetterAuthPluginDBSchema } from "../db";
+import type { AuthContext } from "./context";
 import type { LiteralString } from "./helper";
 import type { BetterAuthOptions } from "./init-options";
-import type { AuthMiddleware } from "../api";
 
 type Awaitable<T> = T | Promise<T>;
 type DeepPartial<T> = T extends Function
@@ -23,8 +23,8 @@ export type HookEndpointContext = Partial<
 > & {
 	path: string;
 	context: AuthContext & {
-		returned?: unknown;
-		responseHeaders?: Headers;
+		returned?: unknown | undefined;
+		responseHeaders?: Headers | undefined;
 	};
 	headers?: Headers | undefined;
 };
@@ -35,48 +35,60 @@ export type BetterAuthPlugin = {
 	 * The init function is called when the plugin is initialized.
 	 * You can return a new context or modify the existing context.
 	 */
-	init?: (ctx: AuthContext) =>
-		| Awaitable<{
-				context?: DeepPartial<Omit<AuthContext, "options">>;
-				options?: Partial<BetterAuthOptions>;
-		  }>
-		| void
-		| Promise<void>;
-	endpoints?: {
-		[key: string]: Endpoint;
-	};
-	middlewares?: {
-		path: string;
-		middleware: Middleware;
-	}[];
-	onRequest?: (
-		request: Request,
-		ctx: AuthContext,
-	) => Promise<
+	init?:
+		| ((ctx: AuthContext) =>
+				| Awaitable<{
+						context?: DeepPartial<Omit<AuthContext, "options">>;
+						options?: Partial<BetterAuthOptions>;
+				  }>
+				| void
+				| Promise<void>)
+		| undefined;
+	endpoints?:
 		| {
-				response: Response;
+				[key: string]: Endpoint;
 		  }
+		| undefined;
+	middlewares?:
+		| {
+				path: string;
+				middleware: Middleware;
+		  }[]
+		| undefined;
+	onRequest?:
+		| ((
+				request: Request,
+				ctx: AuthContext,
+		  ) => Promise<
+				| {
+						response: Response;
+				  }
+				| {
+						request: Request;
+				  }
+				| void
+		  >)
+		| undefined;
+	onResponse?:
+		| ((
+				response: Response,
+				ctx: AuthContext,
+		  ) => Promise<{
+				response: Response;
+		  } | void>)
+		| undefined;
+	hooks?:
 		| {
-				request: Request;
+				before?: {
+					matcher: (context: HookEndpointContext) => boolean;
+					handler: AuthMiddleware;
+				}[];
+				after?: {
+					matcher: (context: HookEndpointContext) => boolean;
+					handler: AuthMiddleware;
+				}[];
 		  }
-		| void
-	>;
-	onResponse?: (
-		response: Response,
-		ctx: AuthContext,
-	) => Promise<{
-		response: Response;
-	} | void>;
-	hooks?: {
-		before?: {
-			matcher: (context: HookEndpointContext) => boolean;
-			handler: AuthMiddleware;
-		}[];
-		after?: {
-			matcher: (context: HookEndpointContext) => boolean;
-			handler: AuthMiddleware;
-		}[];
-	};
+		| undefined;
 	/**
 	 * Schema the plugin needs
 	 *
@@ -104,7 +116,7 @@ export type BetterAuthPlugin = {
 	 * } as AuthPluginSchema
 	 * ```
 	 */
-	schema?: BetterAuthPluginDBSchema;
+	schema?: BetterAuthPluginDBSchema | undefined;
 	/**
 	 * The migrations of the plugin. If you define schema that will automatically create
 	 * migrations for you.
@@ -112,7 +124,7 @@ export type BetterAuthPlugin = {
 	 * ⚠️ Only uses this if you dont't want to use the schema option and you disabled migrations for
 	 * the tables.
 	 */
-	migrations?: Record<string, Migration>;
+	migrations?: Record<string, Migration> | undefined;
 	/**
 	 * The options of the plugin
 	 */
@@ -120,17 +132,19 @@ export type BetterAuthPlugin = {
 	/**
 	 * types to be inferred
 	 */
-	$Infer?: Record<string, any>;
+	$Infer?: Record<string, any> | undefined;
 	/**
 	 * The rate limit rules to apply to specific paths.
 	 */
-	rateLimit?: {
-		window: number;
-		max: number;
-		pathMatcher: (path: string) => boolean;
-	}[];
+	rateLimit?:
+		| {
+				window: number;
+				max: number;
+				pathMatcher: (path: string) => boolean;
+		  }[]
+		| undefined;
 	/**
 	 * The error codes returned by the plugin
 	 */
-	$ERROR_CODES?: Record<string, string>;
+	$ERROR_CODES?: Record<string, string> | undefined;
 };

package/dist/helper-BH5srn6K.d.ts

@@ -1,6 +0,0 @@
-//#region src/types/helper.d.ts
-type Primitive = string | number | symbol | bigint | boolean | null | undefined;
-type LiteralString = "" | (string & Record<never, never>);
-type LiteralUnion<LiteralType, BaseType extends Primitive> = LiteralType | (BaseType & Record<never, never>);
-//#endregion
-export { LiteralUnion as n, LiteralString as t };

package/dist/helper-ChPUVnMr.d.cts

@@ -1,6 +0,0 @@
-//#region src/types/helper.d.ts
-type Primitive = string | number | symbol | bigint | boolean | null | undefined;
-type LiteralString = "" | (string & Record<never, never>);
-type LiteralUnion<LiteralType, BaseType extends Primitive> = LiteralType | (BaseType & Record<never, never>);
-//#endregion
-export { LiteralUnion as n, LiteralString as t };

package/dist/index-BCxkjvux.d.cts

@@ -1,344 +0,0 @@
-import { t as LiteralString } from "./helper-ChPUVnMr.cjs";
-import * as jose0 from "jose";
-
-//#region src/oauth2/oauth-provider.d.ts
-interface OAuth2Tokens {
-  tokenType?: string;
-  accessToken?: string;
-  refreshToken?: string;
-  accessTokenExpiresAt?: Date;
-  refreshTokenExpiresAt?: Date;
-  scopes?: string[];
-  idToken?: string;
-}
-type OAuth2UserInfo = {
-  id: string | number;
-  name?: string;
-  email?: string | null;
-  image?: string;
-  emailVerified: boolean;
-};
-interface OAuthProvider<T extends Record<string, any> = Record<string, any>, O extends Record<string, any> = Partial<ProviderOptions>> {
-  id: LiteralString;
-  createAuthorizationURL: (data: {
-    state: string;
-    codeVerifier: string;
-    scopes?: string[];
-    redirectURI: string;
-    display?: string;
-    loginHint?: string;
-  }) => Promise<URL> | URL;
-  name: string;
-  validateAuthorizationCode: (data: {
-    code: string;
-    redirectURI: string;
-    codeVerifier?: string;
-    deviceId?: string;
-  }) => Promise<OAuth2Tokens>;
-  getUserInfo: (token: OAuth2Tokens & {
-    /**
-     * The user object from the provider
-     * This is only available for some providers like Apple
-     */
-    user?: {
-      name?: {
-        firstName?: string;
-        lastName?: string;
-      };
-      email?: string;
-    };
-  }) => Promise<{
-    user: OAuth2UserInfo;
-    data: T;
-  } | null>;
-  /**
-   * Custom function to refresh a token
-   */
-  refreshAccessToken?: (refreshToken: string) => Promise<OAuth2Tokens>;
-  revokeToken?: (token: string) => Promise<void>;
-  /**
-   * Verify the id token
-   * @param token - The id token
-   * @param nonce - The nonce
-   * @returns True if the id token is valid, false otherwise
-   */
-  verifyIdToken?: (token: string, nonce?: string) => Promise<boolean>;
-  /**
-   * Disable implicit sign up for new users. When set to true for the provider,
-   * sign-in need to be called with with requestSignUp as true to create new users.
-   */
-  disableImplicitSignUp?: boolean;
-  /**
-   * Disable sign up for new users.
-   */
-  disableSignUp?: boolean;
-  /**
-   * Options for the provider
-   */
-  options?: O;
-}
-type ProviderOptions<Profile extends Record<string, any> = any> = {
-  /**
-   * The client ID of your application.
-   *
-   * This is usually a string but can be any type depending on the provider.
-   */
-  clientId?: unknown;
-  /**
-   * The client secret of your application
-   */
-  clientSecret?: string;
-  /**
-   * The scopes you want to request from the provider
-   */
-  scope?: string[];
-  /**
-   * Remove default scopes of the provider
-   */
-  disableDefaultScope?: boolean;
-  /**
-   * The redirect URL for your application. This is where the provider will
-   * redirect the user after the sign in process. Make sure this URL is
-   * whitelisted in the provider's dashboard.
-   */
-  redirectURI?: string;
-  /**
-   * The client key of your application
-   * Tiktok Social Provider uses this field instead of clientId
-   */
-  clientKey?: string;
-  /**
-   * Disable provider from allowing users to sign in
-   * with this provider with an id token sent from the
-   * client.
-   */
-  disableIdTokenSignIn?: boolean;
-  /**
-   * verifyIdToken function to verify the id token
-   */
-  verifyIdToken?: (token: string, nonce?: string) => Promise<boolean>;
-  /**
-   * Custom function to get user info from the provider
-   */
-  getUserInfo?: (token: OAuth2Tokens) => Promise<{
-    user: {
-      id: string;
-      name?: string;
-      email?: string | null;
-      image?: string;
-      emailVerified: boolean;
-      [key: string]: any;
-    };
-    data: any;
-  }>;
-  /**
-   * Custom function to refresh a token
-   */
-  refreshAccessToken?: (refreshToken: string) => Promise<OAuth2Tokens>;
-  /**
-   * Custom function to map the provider profile to a
-   * user.
-   */
-  mapProfileToUser?: (profile: Profile) => {
-    id?: string;
-    name?: string;
-    email?: string | null;
-    image?: string;
-    emailVerified?: boolean;
-    [key: string]: any;
-  } | Promise<{
-    id?: string;
-    name?: string;
-    email?: string | null;
-    image?: string;
-    emailVerified?: boolean;
-    [key: string]: any;
-  }>;
-  /**
-   * Disable implicit sign up for new users. When set to true for the provider,
-   * sign-in need to be called with with requestSignUp as true to create new users.
-   */
-  disableImplicitSignUp?: boolean;
-  /**
-   * Disable sign up for new users.
-   */
-  disableSignUp?: boolean;
-  /**
-   * The prompt to use for the authorization code request
-   */
-  prompt?: "select_account" | "consent" | "login" | "none" | "select_account consent";
-  /**
-   * The response mode to use for the authorization code request
-   */
-  responseMode?: "query" | "form_post";
-  /**
-   * If enabled, the user info will be overridden with the provider user info
-   * This is useful if you want to use the provider user info to update the user info
-   *
-   * @default false
-   */
-  overrideUserInfoOnSignIn?: boolean;
-};
-//#endregion
-//#region src/oauth2/utils.d.ts
-declare function getOAuth2Tokens(data: Record<string, any>): OAuth2Tokens;
-declare function generateCodeChallenge(codeVerifier: string): Promise<string>;
-//#endregion
-//#region src/oauth2/create-authorization-url.d.ts
-declare function createAuthorizationURL({
-  id,
-  options,
-  authorizationEndpoint,
-  state,
-  codeVerifier,
-  scopes,
-  claims,
-  redirectURI,
-  duration,
-  prompt,
-  accessType,
-  responseType,
-  display,
-  loginHint,
-  hd,
-  responseMode,
-  additionalParams,
-  scopeJoiner
-}: {
-  id: string;
-  options: ProviderOptions;
-  redirectURI: string;
-  authorizationEndpoint: string;
-  state: string;
-  codeVerifier?: string;
-  scopes: string[];
-  claims?: string[];
-  duration?: string;
-  prompt?: string;
-  accessType?: string;
-  responseType?: string;
-  display?: string;
-  loginHint?: string;
-  hd?: string;
-  responseMode?: string;
-  additionalParams?: Record<string, string>;
-  scopeJoiner?: string;
-}): Promise<URL>;
-//#endregion
-//#region src/oauth2/validate-authorization-code.d.ts
-declare function createAuthorizationCodeRequest({
-  code,
-  codeVerifier,
-  redirectURI,
-  options,
-  authentication,
-  deviceId,
-  headers,
-  additionalParams,
-  resource
-}: {
-  code: string;
-  redirectURI: string;
-  options: Partial<ProviderOptions>;
-  codeVerifier?: string;
-  deviceId?: string;
-  authentication?: "basic" | "post";
-  headers?: Record<string, string>;
-  additionalParams?: Record<string, string>;
-  resource?: string | string[];
-}): {
-  body: URLSearchParams;
-  headers: Record<string, any>;
-};
-declare function validateAuthorizationCode({
-  code,
-  codeVerifier,
-  redirectURI,
-  options,
-  tokenEndpoint,
-  authentication,
-  deviceId,
-  headers,
-  additionalParams,
-  resource
-}: {
-  code: string;
-  redirectURI: string;
-  options: Partial<ProviderOptions>;
-  codeVerifier?: string;
-  deviceId?: string;
-  tokenEndpoint: string;
-  authentication?: "basic" | "post";
-  headers?: Record<string, string>;
-  additionalParams?: Record<string, string>;
-  resource?: string | string[];
-}): Promise<OAuth2Tokens>;
-declare function validateToken(token: string, jwksEndpoint: string): Promise<jose0.JWTVerifyResult<jose0.JWTPayload>>;
-//#endregion
-//#region src/oauth2/refresh-access-token.d.ts
-declare function createRefreshAccessTokenRequest({
-  refreshToken,
-  options,
-  authentication,
-  extraParams,
-  resource
-}: {
-  refreshToken: string;
-  options: Partial<ProviderOptions>;
-  authentication?: "basic" | "post";
-  extraParams?: Record<string, string>;
-  resource?: string | string[];
-}): {
-  body: URLSearchParams;
-  headers: Record<string, any>;
-};
-declare function refreshAccessToken({
-  refreshToken,
-  options,
-  tokenEndpoint,
-  authentication,
-  extraParams
-}: {
-  refreshToken: string;
-  options: Partial<ProviderOptions>;
-  tokenEndpoint: string;
-  authentication?: "basic" | "post";
-  extraParams?: Record<string, string>;
-  /** @deprecated always "refresh_token" */
-  grantType?: string;
-}): Promise<OAuth2Tokens>;
-//#endregion
-//#region src/oauth2/client-credentials-token.d.ts
-declare function createClientCredentialsTokenRequest({
-  options,
-  scope,
-  authentication,
-  resource
-}: {
-  options: ProviderOptions & {
-    clientSecret: string;
-  };
-  scope?: string;
-  authentication?: "basic" | "post";
-  resource?: string | string[];
-}): {
-  body: URLSearchParams;
-  headers: Record<string, any>;
-};
-declare function clientCredentialsToken({
-  options,
-  tokenEndpoint,
-  scope,
-  authentication,
-  resource
-}: {
-  options: ProviderOptions & {
-    clientSecret: string;
-  };
-  tokenEndpoint: string;
-  scope: string;
-  authentication?: "basic" | "post";
-  resource?: string | string[];
-}): Promise<OAuth2Tokens>;
-//#endregion
-export { createAuthorizationCodeRequest as a, createAuthorizationURL as c, OAuth2Tokens as d, OAuth2UserInfo as f, refreshAccessToken as i, generateCodeChallenge as l, ProviderOptions as m, createClientCredentialsTokenRequest as n, validateAuthorizationCode as o, OAuthProvider as p, createRefreshAccessTokenRequest as r, validateToken as s, clientCredentialsToken as t, getOAuth2Tokens as u };