@better-auth/core 1.4.0-beta.7 → 1.4.0-beta.8

package/src/env/color-depth.ts

@@ -0,0 +1,171 @@
+// Source code copied & modified from node internals: https://github.com/nodejs/node/blob/5b32bb1573dace2dd058c05ac4fab1e4e446c775/lib/internal/tty.js#L123
+import { env, getEnvVar } from "./env-impl";
+
+const COLORS_2 = 1;
+const COLORS_16 = 4;
+const COLORS_256 = 8;
+const COLORS_16m = 24;
+
+const TERM_ENVS: Record<string, number> = {
+	eterm: COLORS_16,
+	cons25: COLORS_16,
+	console: COLORS_16,
+	cygwin: COLORS_16,
+	dtterm: COLORS_16,
+	gnome: COLORS_16,
+	hurd: COLORS_16,
+	jfbterm: COLORS_16,
+	konsole: COLORS_16,
+	kterm: COLORS_16,
+	mlterm: COLORS_16,
+	mosh: COLORS_16m,
+	putty: COLORS_16,
+	st: COLORS_16,
+	// http://lists.schmorp.de/pipermail/rxvt-unicode/2016q2/002261.html
+	"rxvt-unicode-24bit": COLORS_16m,
+	// https://bugs.launchpad.net/terminator/+bug/1030562
+	terminator: COLORS_16m,
+	"xterm-kitty": COLORS_16m,
+};
+
+const CI_ENVS_MAP = new Map(
+	Object.entries({
+		APPVEYOR: COLORS_256,
+		BUILDKITE: COLORS_256,
+		CIRCLECI: COLORS_16m,
+		DRONE: COLORS_256,
+		GITEA_ACTIONS: COLORS_16m,
+		GITHUB_ACTIONS: COLORS_16m,
+		GITLAB_CI: COLORS_256,
+		TRAVIS: COLORS_256,
+	}),
+);
+
+const TERM_ENVS_REG_EXP = [
+	/ansi/,
+	/color/,
+	/linux/,
+	/direct/,
+	/^con[0-9]*x[0-9]/,
+	/^rxvt/,
+	/^screen/,
+	/^xterm/,
+	/^vt100/,
+	/^vt220/,
+];
+
+// The `getColorDepth` API got inspired by multiple sources such as
+// https://github.com/chalk/supports-color,
+// https://github.com/isaacs/color-support.
+export function getColorDepth(): number {
+	// Use level 0-3 to support the same levels as `chalk` does. This is done for
+	// consistency throughout the ecosystem.
+	if (getEnvVar("FORCE_COLOR") !== undefined) {
+		switch (getEnvVar("FORCE_COLOR")) {
+			case "":
+			case "1":
+			case "true":
+				return COLORS_16;
+			case "2":
+				return COLORS_256;
+			case "3":
+				return COLORS_16m;
+			default:
+				return COLORS_2;
+		}
+	}
+
+	if (
+		(getEnvVar("NODE_DISABLE_COLORS") !== undefined &&
+			getEnvVar("NODE_DISABLE_COLORS") !== "") ||
+		// See https://no-color.org/
+		(getEnvVar("NO_COLOR") !== undefined && getEnvVar("NO_COLOR") !== "") ||
+		// The "dumb" special terminal, as defined by terminfo, doesn't support
+		// ANSI color control codes.
+		// See https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
+		getEnvVar("TERM") === "dumb"
+	) {
+		return COLORS_2;
+	}
+
+	if (typeof process !== "undefined" && process.platform === "win32") {
+		// Windows 10 build 14931 (from 2016) has true color support
+		return COLORS_16m;
+	}
+
+	if (getEnvVar("TMUX")) {
+		return COLORS_16m;
+	}
+
+	// Azure DevOps
+	if ("TF_BUILD" in env && "AGENT_NAME" in env) {
+		return COLORS_16;
+	}
+
+	if ("CI" in env) {
+		for (const { 0: envName, 1: colors } of CI_ENVS_MAP) {
+			if (envName in env) {
+				return colors;
+			}
+		}
+		if (getEnvVar("CI_NAME") === "codeship") {
+			return COLORS_256;
+		}
+		return COLORS_2;
+	}
+
+	if ("TEAMCITY_VERSION" in env) {
+		return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.exec(
+			getEnvVar("TEAMCITY_VERSION"),
+		) !== null
+			? COLORS_16
+			: COLORS_2;
+	}
+
+	switch (getEnvVar("TERM_PROGRAM")) {
+		case "iTerm.app":
+			if (
+				!getEnvVar("TERM_PROGRAM_VERSION") ||
+				/^[0-2]\./.exec(getEnvVar("TERM_PROGRAM_VERSION")) !== null
+			) {
+				return COLORS_256;
+			}
+			return COLORS_16m;
+		case "HyperTerm":
+		case "MacTerm":
+			return COLORS_16m;
+		case "Apple_Terminal":
+			return COLORS_256;
+	}
+
+	if (
+		getEnvVar("COLORTERM") === "truecolor" ||
+		getEnvVar("COLORTERM") === "24bit"
+	) {
+		return COLORS_16m;
+	}
+
+	if (getEnvVar("TERM")) {
+		if (/truecolor/.exec(getEnvVar("TERM")) !== null) {
+			return COLORS_16m;
+		}
+
+		if (/^xterm-256/.exec(getEnvVar("TERM")) !== null) {
+			return COLORS_256;
+		}
+
+		const termEnv = getEnvVar("TERM").toLowerCase();
+
+		if (TERM_ENVS[termEnv]) {
+			return TERM_ENVS[termEnv];
+		}
+		if (TERM_ENVS_REG_EXP.some((term) => term.exec(termEnv) !== null)) {
+			return COLORS_16;
+		}
+	}
+	// Move 16 color COLORTERM below 16m and 256
+	if (getEnvVar("COLORTERM")) {
+		return COLORS_16;
+	}
+	return COLORS_2;
+}

package/src/env/env-impl.ts

@@ -0,0 +1,123 @@
+/// <reference types="node" />
+/// <reference types="bun" />
+//https://github.com/unjs/std-env/blob/main/src/env.ts
+
+const _envShim = Object.create(null);
+
+export type EnvObject = Record<string, string | undefined>;
+
+const _getEnv = (useShim?: boolean) =>
+	globalThis.process?.env ||
+	//@ts-expect-error
+	globalThis.Deno?.env.toObject() ||
+	//@ts-expect-error
+	globalThis.__env__ ||
+	(useShim ? _envShim : globalThis);
+
+export const env = new Proxy<EnvObject>(_envShim, {
+	get(_, prop) {
+		const env = _getEnv();
+		return env[prop as any] ?? _envShim[prop];
+	},
+	has(_, prop) {
+		const env = _getEnv();
+		return prop in env || prop in _envShim;
+	},
+	set(_, prop, value) {
+		const env = _getEnv(true);
+		env[prop as any] = value;
+		return true;
+	},
+	deleteProperty(_, prop) {
+		if (!prop) {
+			return false;
+		}
+		const env = _getEnv(true);
+		delete env[prop as any];
+		return true;
+	},
+	ownKeys() {
+		const env = _getEnv(true);
+		return Object.keys(env);
+	},
+});
+
+function toBoolean(val: boolean | string | undefined) {
+	return val ? val !== "false" : false;
+}
+
+export const nodeENV =
+	(typeof process !== "undefined" && process.env && process.env.NODE_ENV) || "";
+
+/** Detect if `NODE_ENV` environment variable is `production` */
+export const isProduction = nodeENV === "production";
+
+/** Detect if `NODE_ENV` environment variable is `dev` or `development` */
+export const isDevelopment = nodeENV === "dev" || nodeENV === "development";
+
+/** Detect if `NODE_ENV` environment variable is `test` */
+export const isTest = () => nodeENV === "test" || toBoolean(env.TEST);
+
+/**
+ * Get environment variable with fallback
+ */
+export function getEnvVar<Fallback extends string>(
+	key: string,
+	fallback?: Fallback,
+): Fallback extends string ? string : string | undefined {
+	if (typeof process !== "undefined" && process.env) {
+		return process.env[key] ?? (fallback as any);
+	}
+
+	// @ts-expect-error deno
+	if (typeof Deno !== "undefined") {
+		// @ts-expect-error deno
+		return Deno.env.get(key) ?? (fallback as string);
+	}
+
+	// Handle Bun
+	if (typeof Bun !== "undefined") {
+		return Bun.env[key] ?? (fallback as string);
+	}
+
+	return fallback as any;
+}
+
+/**
+ * Get boolean environment variable
+ */
+export function getBooleanEnvVar(key: string, fallback = true): boolean {
+	const value = getEnvVar(key);
+	if (!value) return fallback;
+	return value !== "0" && value.toLowerCase() !== "false" && value !== "";
+}
+
+/**
+ * Common environment variables used in Better Auth
+ */
+export const ENV = Object.freeze({
+	get BETTER_AUTH_SECRET() {
+		return getEnvVar("BETTER_AUTH_SECRET");
+	},
+	get AUTH_SECRET() {
+		return getEnvVar("AUTH_SECRET");
+	},
+	get BETTER_AUTH_TELEMETRY() {
+		return getEnvVar("BETTER_AUTH_TELEMETRY");
+	},
+	get BETTER_AUTH_TELEMETRY_ID() {
+		return getEnvVar("BETTER_AUTH_TELEMETRY_ID");
+	},
+	get NODE_ENV() {
+		return getEnvVar("NODE_ENV", "development");
+	},
+	get PACKAGE_VERSION() {
+		return getEnvVar("PACKAGE_VERSION", "0.0.0");
+	},
+	get BETTER_AUTH_TELEMETRY_ENDPOINT() {
+		return getEnvVar(
+			"BETTER_AUTH_TELEMETRY_ENDPOINT",
+			"https://telemetry.better-auth.com/v1/track",
+		);
+	},
+});

package/src/env/index.ts

@@ -0,0 +1,23 @@
+export {
+	ENV,
+	getEnvVar,
+	env,
+	nodeENV,
+	isTest,
+	getBooleanEnvVar,
+	isDevelopment,
+	type EnvObject,
+	isProduction,
+} from "./env-impl";
+export { getColorDepth } from "./color-depth";
+export {
+	logger,
+	createLogger,
+	levels,
+	type Logger,
+	type LogLevel,
+	type LogHandlerParams,
+	type InternalLogger,
+	shouldPublishLog,
+	TTY_COLORS,
+} from "./logger";

package/src/env/logger.test.ts

@@ -0,0 +1,33 @@
+import { describe, it, expect } from "vitest";
+import { shouldPublishLog, type LogLevel } from "./logger";
+
+describe("shouldPublishLog", () => {
+	const testCases: {
+		currentLogLevel: LogLevel;
+		logLevel: LogLevel;
+		expected: boolean;
+	}[] = [
+		{ currentLogLevel: "info", logLevel: "info", expected: true },
+		{ currentLogLevel: "info", logLevel: "warn", expected: false },
+		{ currentLogLevel: "info", logLevel: "error", expected: false },
+		{ currentLogLevel: "info", logLevel: "debug", expected: false },
+		{ currentLogLevel: "warn", logLevel: "info", expected: true },
+		{ currentLogLevel: "warn", logLevel: "warn", expected: true },
+		{ currentLogLevel: "warn", logLevel: "error", expected: false },
+		{ currentLogLevel: "warn", logLevel: "debug", expected: false },
+		{ currentLogLevel: "error", logLevel: "info", expected: true },
+		{ currentLogLevel: "error", logLevel: "warn", expected: true },
+		{ currentLogLevel: "error", logLevel: "error", expected: true },
+		{ currentLogLevel: "error", logLevel: "debug", expected: false },
+		{ currentLogLevel: "debug", logLevel: "info", expected: true },
+		{ currentLogLevel: "debug", logLevel: "warn", expected: true },
+		{ currentLogLevel: "debug", logLevel: "error", expected: true },
+		{ currentLogLevel: "debug", logLevel: "debug", expected: true },
+	];
+
+	testCases.forEach(({ currentLogLevel, logLevel, expected }) => {
+		it(`should return "${expected}" when currentLogLevel is "${currentLogLevel}" and logLevel is "${logLevel}"`, () => {
+			expect(shouldPublishLog(currentLogLevel, logLevel)).toBe(expected);
+		});
+	});
+});

package/src/env/logger.ts

@@ -0,0 +1,145 @@
+import { getColorDepth } from "./color-depth";
+
+export const TTY_COLORS = {
+	reset: "\x1b[0m",
+	bright: "\x1b[1m",
+	dim: "\x1b[2m",
+	undim: "\x1b[22m",
+	underscore: "\x1b[4m",
+	blink: "\x1b[5m",
+	reverse: "\x1b[7m",
+	hidden: "\x1b[8m",
+	fg: {
+		black: "\x1b[30m",
+		red: "\x1b[31m",
+		green: "\x1b[32m",
+		yellow: "\x1b[33m",
+		blue: "\x1b[34m",
+		magenta: "\x1b[35m",
+		cyan: "\x1b[36m",
+		white: "\x1b[37m",
+	},
+	bg: {
+		black: "\x1b[40m",
+		red: "\x1b[41m",
+		green: "\x1b[42m",
+		yellow: "\x1b[43m",
+		blue: "\x1b[44m",
+		magenta: "\x1b[45m",
+		cyan: "\x1b[46m",
+		white: "\x1b[47m",
+	},
+} as const;
+
+export type LogLevel = "info" | "success" | "warn" | "error" | "debug";
+
+export const levels = ["info", "success", "warn", "error", "debug"] as const;
+
+export function shouldPublishLog(
+	currentLogLevel: LogLevel,
+	logLevel: LogLevel,
+): boolean {
+	return levels.indexOf(logLevel) <= levels.indexOf(currentLogLevel);
+}
+
+export interface Logger {
+	disabled?: boolean;
+	disableColors?: boolean;
+	level?: Exclude<LogLevel, "success">;
+	log?: (
+		level: Exclude<LogLevel, "success">,
+		message: string,
+		...args: any[]
+	) => void;
+}
+
+export type LogHandlerParams = Parameters<NonNullable<Logger["log"]>> extends [
+	LogLevel,
+	...infer Rest,
+]
+	? Rest
+	: never;
+
+const levelColors: Record<LogLevel, string> = {
+	info: TTY_COLORS.fg.blue,
+	success: TTY_COLORS.fg.green,
+	warn: TTY_COLORS.fg.yellow,
+	error: TTY_COLORS.fg.red,
+	debug: TTY_COLORS.fg.magenta,
+};
+
+const formatMessage = (
+	level: LogLevel,
+	message: string,
+	colorsEnabled: boolean,
+): string => {
+	const timestamp = new Date().toISOString();
+
+	if (colorsEnabled) {
+		return `${TTY_COLORS.dim}${timestamp}${TTY_COLORS.reset} ${
+			levelColors[level]
+		}${level.toUpperCase()}${TTY_COLORS.reset} ${TTY_COLORS.bright}[Better Auth]:${
+			TTY_COLORS.reset
+		} ${message}`;
+	}
+
+	return `${timestamp} ${level.toUpperCase()} [Better Auth]: ${message}`;
+};
+
+export type InternalLogger = {
+	[K in LogLevel]: (...params: LogHandlerParams) => void;
+} & {
+	get level(): LogLevel;
+};
+
+export const createLogger = (options?: Logger): InternalLogger => {
+	const enabled = options?.disabled !== true;
+	const logLevel = options?.level ?? "error";
+
+	const isDisableColorsSpecified = options?.disableColors !== undefined;
+	const colorsEnabled = isDisableColorsSpecified
+		? !options.disableColors
+		: getColorDepth() !== 1;
+
+	const LogFunc = (
+		level: LogLevel,
+		message: string,
+		args: any[] = [],
+	): void => {
+		if (!enabled || !shouldPublishLog(logLevel, level)) {
+			return;
+		}
+
+		const formattedMessage = formatMessage(level, message, colorsEnabled);
+
+		if (!options || typeof options.log !== "function") {
+			if (level === "error") {
+				console.error(formattedMessage, ...args);
+			} else if (level === "warn") {
+				console.warn(formattedMessage, ...args);
+			} else {
+				console.log(formattedMessage, ...args);
+			}
+			return;
+		}
+
+		options.log(level === "success" ? "info" : level, message, ...args);
+	};
+
+	const logger = Object.fromEntries(
+		levels.map((level) => [
+			level,
+			(...[message, ...args]: LogHandlerParams) =>
+				LogFunc(level, message, args),
+		]),
+	) as Record<LogLevel, (...params: LogHandlerParams) => void>;
+
+	return {
+		...logger,
+		get level() {
+			return logLevel;
+		},
+	};
+};
+
+export const logger = createLogger();

package/src/oauth2/client-credentials-token.ts

@@ -0,0 +1,102 @@
+import { betterFetch } from "@better-fetch/fetch";
+import { base64Url } from "@better-auth/utils/base64";
+import type { OAuth2Tokens, ProviderOptions } from "./oauth-provider";
+
+export function createClientCredentialsTokenRequest({
+	options,
+	scope,
+	authentication,
+	resource,
+}: {
+	options: ProviderOptions & { clientSecret: string };
+	scope?: string;
+	authentication?: "basic" | "post";
+	resource?: string | string[];
+}) {
+	const body = new URLSearchParams();
+	const headers: Record<string, any> = {
+		"content-type": "application/x-www-form-urlencoded",
+		accept: "application/json",
+	};
+
+	body.set("grant_type", "client_credentials");
+	scope && body.set("scope", scope);
+	if (resource) {
+		if (typeof resource === "string") {
+			body.append("resource", resource);
+		} else {
+			for (const _resource of resource) {
+				body.append("resource", _resource);
+			}
+		}
+	}
+	if (authentication === "basic") {
+		const primaryClientId = Array.isArray(options.clientId)
+			? options.clientId[0]
+			: options.clientId;
+		const encodedCredentials = base64Url.encode(
+			`${primaryClientId}:${options.clientSecret}`,
+		);
+		headers["authorization"] = `Basic ${encodedCredentials}`;
+	} else {
+		const primaryClientId = Array.isArray(options.clientId)
+			? options.clientId[0]
+			: options.clientId;
+		body.set("client_id", primaryClientId);
+		body.set("client_secret", options.clientSecret);
+	}
+
+	return {
+		body,
+		headers,
+	};
+}
+
+export async function clientCredentialsToken({
+	options,
+	tokenEndpoint,
+	scope,
+	authentication,
+	resource,
+}: {
+	options: ProviderOptions & { clientSecret: string };
+	tokenEndpoint: string;
+	scope: string;
+	authentication?: "basic" | "post";
+	resource?: string | string[];
+}): Promise<OAuth2Tokens> {
+	const { body, headers } = createClientCredentialsTokenRequest({
+		options,
+		scope,
+		authentication,
+		resource,
+	});
+
+	const { data, error } = await betterFetch<{
+		access_token: string;
+		expires_in?: number;
+		token_type?: string;
+		scope?: string;
+	}>(tokenEndpoint, {
+		method: "POST",
+		body,
+		headers,
+	});
+	if (error) {
+		throw error;
+	}
+	const tokens: OAuth2Tokens = {
+		accessToken: data.access_token,
+		tokenType: data.token_type,
+		scopes: data.scope?.split(" "),
+	};
+
+	if (data.expires_in) {
+		const now = new Date();
+		tokens.accessTokenExpiresAt = new Date(
+			now.getTime() + data.expires_in * 1000,
+		);
+	}
+
+	return tokens;
+}

package/src/oauth2/create-authorization-url.ts

@@ -0,0 +1,85 @@
+import type { ProviderOptions } from "./index";
+import { generateCodeChallenge } from "./utils";
+
+export async function createAuthorizationURL({
+	id,
+	options,
+	authorizationEndpoint,
+	state,
+	codeVerifier,
+	scopes,
+	claims,
+	redirectURI,
+	duration,
+	prompt,
+	accessType,
+	responseType,
+	display,
+	loginHint,
+	hd,
+	responseMode,
+	additionalParams,
+	scopeJoiner,
+}: {
+	id: string;
+	options: ProviderOptions;
+	redirectURI: string;
+	authorizationEndpoint: string;
+	state: string;
+	codeVerifier?: string;
+	scopes: string[];
+	claims?: string[];
+	duration?: string;
+	prompt?: string;
+	accessType?: string;
+	responseType?: string;
+	display?: string;
+	loginHint?: string;
+	hd?: string;
+	responseMode?: string;
+	additionalParams?: Record<string, string>;
+	scopeJoiner?: string;
+}) {
+	const url = new URL(authorizationEndpoint);
+	url.searchParams.set("response_type", responseType || "code");
+	const primaryClientId = Array.isArray(options.clientId)
+		? options.clientId[0]
+		: options.clientId;
+	url.searchParams.set("client_id", primaryClientId);
+	url.searchParams.set("state", state);
+	url.searchParams.set("scope", scopes.join(scopeJoiner || " "));
+	url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
+	duration && url.searchParams.set("duration", duration);
+	display && url.searchParams.set("display", display);
+	loginHint && url.searchParams.set("login_hint", loginHint);
+	prompt && url.searchParams.set("prompt", prompt);
+	hd && url.searchParams.set("hd", hd);
+	accessType && url.searchParams.set("access_type", accessType);
+	responseMode && url.searchParams.set("response_mode", responseMode);
+	if (codeVerifier) {
+		const codeChallenge = await generateCodeChallenge(codeVerifier);
+		url.searchParams.set("code_challenge_method", "S256");
+		url.searchParams.set("code_challenge", codeChallenge);
+	}
+	if (claims) {
+		const claimsObj = claims.reduce(
+			(acc, claim) => {
+				acc[claim] = null;
+				return acc;
+			},
+			{} as Record<string, null>,
+		);
+		url.searchParams.set(
+			"claims",
+			JSON.stringify({
+				id_token: { email: null, email_verified: null, ...claimsObj },
+			}),
+		);
+	}
+	if (additionalParams) {
+		Object.entries(additionalParams).forEach(([key, value]) => {
+			url.searchParams.set(key, value);
+		});
+	}
+	return url;
+}

package/src/oauth2/index.ts

@@ -0,0 +1,22 @@
+export type {
+	OAuth2Tokens,
+	OAuthProvider,
+	OAuth2UserInfo,
+	ProviderOptions,
+} from "./oauth-provider";
+
+export { generateCodeChallenge, getOAuth2Tokens } from "./utils";
+export { createAuthorizationURL } from "./create-authorization-url";
+export {
+	createAuthorizationCodeRequest,
+	validateAuthorizationCode,
+	validateToken,
+} from "./validate-authorization-code";
+export {
+	createRefreshAccessTokenRequest,
+	refreshAccessToken,
+} from "./refresh-access-token";
+export {
+	clientCredentialsToken,
+	createClientCredentialsTokenRequest,
+} from "./client-credentials-token";