@better-auth/core 1.4.0-beta.8 → 1.4.0

package/src/social-providers/zoom.ts

@@ -0,0 +1,233 @@
+import { betterFetch } from "@better-fetch/fetch";
+import type { OAuthProvider, ProviderOptions } from "../oauth2";
+import {
+	generateCodeChallenge,
+	refreshAccessToken,
+	validateAuthorizationCode,
+} from "../oauth2";
+
+export type LoginType =
+	| 0 /** Facebook OAuth */
+	| 1 /** Google OAuth */
+	| 24 /** Apple OAuth */
+	| 27 /** Microsoft OAuth */
+	| 97 /** Mobile device */
+	| 98 /** RingCentral OAuth */
+	| 99 /** API user */
+	| 100 /** Zoom Work email */
+	| 101; /** Single Sign-On (SSO) */
+
+export type AccountStatus = "pending" | "active" | "inactive";
+
+export type PronounOption =
+	| 1 /** Ask the user every time */
+	| 2 /** Always display */
+	| 3; /** Do not display */
+
+export interface PhoneNumber {
+	/** The country code of the phone number (Example: "+1") */
+	code: string;
+
+	/** The country of the phone number (Example: "US") */
+	country: string;
+
+	/** The label for the phone number (Example: "Mobile") */
+	label: string;
+
+	/** The phone number itself (Example: "800000000") */
+	number: string;
+
+	/** Whether the phone number has been verified (Example: true) */
+	verified: boolean;
+}
+
+/**
+ * See the full documentation below:
+ * https://developers.zoom.us/docs/api/users/#tag/users/GET/users/{userId}
+ */
+export interface ZoomProfile extends Record<string, any> {
+	/** The user's account ID (Example: "q6gBJVO5TzexKYTb_I2rpg") */
+	account_id: string;
+	/** The user's account number (Example: 10009239) */
+	account_number: number;
+	/** The user's cluster (Example: "us04") */
+	cluster: string;
+	/** The user's CMS ID. Only enabled for Kaltura integration (Example: "KDcuGIm1QgePTO8WbOqwIQ") */
+	cms_user_id: string;
+	/** The user's cost center (Example: "cost center") */
+	cost_center: string;
+	/** User create time (Example: "2018-10-31T04:32:37Z") */
+	created_at: string;
+	/** Department (Example: "Developers") */
+	dept: string;
+	/** User's display name (Example: "Jill Chill") */
+	display_name: string;
+	/** User's email address (Example: "jchill@example.com") */
+	email: string;
+	/** User's first name (Example: "Jill") */
+	first_name: string;
+	/** IDs of the web groups that the user belongs to (Example: ["RSMaSp8sTEGK0_oamiA2_w"]) */
+	group_ids: string[];
+	/** User ID (Example: "zJKyaiAyTNC-MWjiWC18KQ") */
+	id: string;
+	/** IM IDs of the groups that the user belongs to (Example: ["t-_-d56CSWG-7BF15LLrOw"]) */
+	im_group_ids: string[];
+	/** The user's JID (Example: "jchill@example.com") */
+	jid: string;
+	/** The user's job title (Example: "API Developer") */
+	job_title: string;
+	/** Default language for the Zoom Web Portal (Example: "en-US") */
+	language: string;
+	/** User last login client version (Example: "5.9.6.4993(mac)") */
+	last_client_version: string;
+	/** User last login time (Example: "2021-05-05T20:40:30Z") */
+	last_login_time: string;
+	/** User's last name (Example: "Chill") */
+	last_name: string;
+	/** The time zone of the user (Example: "Asia/Shanghai") */
+	timezone: string;
+	/** User's location (Example: "Paris") */
+	location: string;
+	/** The user's login method (Example: 101) */
+	login_types: LoginType[];
+	/** User's personal meeting URL (Example: "example.com") */
+	personal_meeting_url: string;
+	/** This field has been deprecated and will not be supported in the future.
+	 * Use the phone_numbers field instead of this field.
+	 * The user's phone number (Example: "+1 800000000") */
+	// @deprecated true
+	phone_number?: string | undefined;
+	/** The URL for user's profile picture (Example: "example.com") */
+	pic_url: string;
+	/** Personal Meeting ID (PMI) (Example: 3542471135) */
+	pmi: number;
+	/** Unique identifier of the user's assigned role (Example: "0") */
+	role_id: string;
+	/** User's role name (Example: "Admin") */
+	role_name: string;
+	/** Status of user's account (Example: "pending") */
+	status: AccountStatus;
+	/** Use the personal meeting ID (PMI) for instant meetings (Example: false) */
+	use_pmi: boolean;
+	/** The time and date when the user was created (Example: "2018-10-31T04:32:37Z") */
+	user_created_at: string;
+	/** Displays whether user is verified or not (Example: 1) */
+	verified: number;
+	/** The user's Zoom Workplace plan option (Example: 64) */
+	zoom_one_type: number;
+	/** The user's company (Example: "Jill") */
+	company?: string | undefined;
+	/** Custom attributes that have been assigned to the user (Example: [{ "key": "cbf_cywdkexrtqc73f97gd4w6g", "name": "A1", "value": "1" }]) */
+	custom_attributes?:
+		| { key: string; name: string; value: string }[]
+		| undefined;
+	/** The employee's unique ID. This field only returns when SAML single sign-on (SSO) is enabled.
+	 * The `login_type` value is `101` (SSO) (Example: "HqDyI037Qjili1kNsSIrIg") */
+	employee_unique_id?: string | undefined;
+	/** The manager for the user (Example: "thill@example.com") */
+	manager?: string | undefined;
+	/** The user's country for the company phone number (Example: "US")
+	 * @deprecated true */
+	phone_country?: string | undefined;
+	/** The phone number's ISO country code (Example: "+1") */
+	phone_numbers?: PhoneNumber[] | undefined;
+	/** The user's plan type (Example: "1") */
+	plan_united_type?: string | undefined;
+	/** The user's pronouns (Example: "3123") */
+	pronouns?: string | undefined;
+	/** The user's display pronouns setting (Example: 1) */
+	pronouns_option?: PronounOption | undefined;
+	/** Personal meeting room URL, if the user has one (Example: "example.com") */
+	vanity_url?: string | undefined;
+}
+
+export interface ZoomOptions extends ProviderOptions<ZoomProfile> {
+	clientId: string;
+	pkce?: boolean | undefined;
+}
+
+export const zoom = (userOptions: ZoomOptions) => {
+	const options = {
+		pkce: true,
+		...userOptions,
+	};
+
+	return {
+		id: "zoom",
+		name: "Zoom",
+		createAuthorizationURL: async ({ state, redirectURI, codeVerifier }) => {
+			const params = new URLSearchParams({
+				response_type: "code",
+				redirect_uri: options.redirectURI ? options.redirectURI : redirectURI,
+				client_id: options.clientId,
+				state,
+			});
+
+			if (options.pkce) {
+				const codeChallenge = await generateCodeChallenge(codeVerifier);
+				params.set("code_challenge_method", "S256");
+				params.set("code_challenge", codeChallenge);
+			}
+
+			const url = new URL("https://zoom.us/oauth/authorize");
+			url.search = params.toString();
+
+			return url;
+		},
+		validateAuthorizationCode: async ({ code, redirectURI, codeVerifier }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				codeVerifier,
+				options,
+				tokenEndpoint: "https://zoom.us/oauth/token",
+				authentication: "post",
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken
+			? options.refreshAccessToken
+			: async (refreshToken) =>
+					refreshAccessToken({
+						refreshToken,
+						options: {
+							clientId: options.clientId,
+							clientKey: options.clientKey,
+							clientSecret: options.clientSecret,
+						},
+						tokenEndpoint: "https://zoom.us/oauth/token",
+					}),
+		async getUserInfo(token) {
+			if (options.getUserInfo) {
+				return options.getUserInfo(token);
+			}
+			const { data: profile, error } = await betterFetch<ZoomProfile>(
+				"https://api.zoom.us/v2/users/me",
+				{
+					headers: {
+						authorization: `Bearer ${token.accessToken}`,
+					},
+				},
+			);
+
+			if (error) {
+				return null;
+			}
+
+			const userMap = await options.mapProfileToUser?.(profile);
+
+			return {
+				user: {
+					id: profile.id,
+					name: profile.display_name,
+					image: profile.pic_url,
+					email: profile.email,
+					emailVerified: Boolean(profile.verified),
+					...userMap,
+				},
+				data: {
+					...profile,
+				},
+			};
+		},
+	} satisfies OAuthProvider<ZoomProfile>;
+};

package/src/types/context.ts

@@ -0,0 +1,270 @@
+import type { CookieOptions, EndpointContext } from "better-call";
+import type {
+	Account,
+	BetterAuthDBSchema,
+	DBPreservedModels,
+	SecondaryStorage,
+	Session,
+	User,
+	Verification,
+} from "../db";
+import type { DBAdapter, Where } from "../db/adapter";
+import type { createLogger } from "../env";
+import type { OAuthProvider } from "../oauth2";
+import type { BetterAuthCookies } from "./cookie";
+import type { LiteralUnion } from "./helper";
+import type {
+	BetterAuthOptions,
+	BetterAuthRateLimitOptions,
+} from "./init-options";
+
+export type GenericEndpointContext<
+	Options extends BetterAuthOptions = BetterAuthOptions,
+> = EndpointContext<string, any> & {
+	context: AuthContext<Options>;
+};
+
+export interface InternalAdapter<
+	Options extends BetterAuthOptions = BetterAuthOptions,
+> {
+	createOAuthUser(
+		user: Omit<User, "id" | "createdAt" | "updatedAt">,
+		account: Omit<Account, "userId" | "id" | "createdAt" | "updatedAt"> &
+			Partial<Account>,
+	): Promise<{ user: User; account: Account }>;
+
+	createUser<T extends Record<string, any>>(
+		user: Omit<User, "id" | "createdAt" | "updatedAt" | "emailVerified"> &
+			Partial<User> &
+			Record<string, any>,
+	): Promise<T & User>;
+
+	createAccount<T extends Record<string, any>>(
+		account: Omit<Account, "id" | "createdAt" | "updatedAt"> &
+			Partial<Account> &
+			T,
+	): Promise<T & Account>;
+
+	listSessions(userId: string): Promise<Session[]>;
+
+	listUsers(
+		limit?: number | undefined,
+		offset?: number | undefined,
+		sortBy?: { field: string; direction: "asc" | "desc" } | undefined,
+		where?: Where[] | undefined,
+	): Promise<User[]>;
+
+	countTotalUsers(where?: Where[] | undefined): Promise<number>;
+
+	deleteUser(userId: string): Promise<void>;
+
+	createSession(
+		userId: string,
+		dontRememberMe?: boolean | undefined,
+		override?: (Partial<Session> & Record<string, any>) | undefined,
+		overrideAll?: boolean | undefined,
+	): Promise<Session>;
+
+	findSession(token: string): Promise<{
+		session: Session & Record<string, any>;
+		user: User & Record<string, any>;
+	} | null>;
+
+	findSessions(
+		sessionTokens: string[],
+	): Promise<{ session: Session; user: User }[]>;
+
+	updateSession(
+		sessionToken: string,
+		session: Partial<Session> & Record<string, any>,
+	): Promise<Session | null>;
+
+	deleteSession(token: string): Promise<void>;
+
+	deleteAccounts(userId: string): Promise<void>;
+
+	deleteAccount(accountId: string): Promise<void>;
+
+	deleteSessions(userIdOrSessionTokens: string | string[]): Promise<void>;
+
+	findOAuthUser(
+		email: string,
+		accountId: string,
+		providerId: string,
+	): Promise<{ user: User; accounts: Account[] } | null>;
+
+	findUserByEmail(
+		email: string,
+		options?: { includeAccounts: boolean } | undefined,
+	): Promise<{ user: User; accounts: Account[] } | null>;
+
+	findUserById(userId: string): Promise<User | null>;
+
+	linkAccount(
+		account: Omit<Account, "id" | "createdAt" | "updatedAt"> & Partial<Account>,
+	): Promise<Account>;
+
+	// Record<string, any> is to take into account additional fields or plugin-added fields
+	updateUser<T extends Record<string, any>>(
+		userId: string,
+		data: Partial<User> & Record<string, any>,
+	): Promise<User & T>;
+
+	updateUserByEmail<T extends Record<string, any>>(
+		email: string,
+		data: Partial<User & Record<string, any>>,
+	): Promise<User & T>;
+
+	updatePassword(userId: string, password: string): Promise<void>;
+
+	findAccounts(userId: string): Promise<Account[]>;
+
+	findAccount(accountId: string): Promise<Account | null>;
+
+	findAccountByProviderId(
+		accountId: string,
+		providerId: string,
+	): Promise<Account | null>;
+
+	findAccountByUserId(userId: string): Promise<Account[]>;
+
+	updateAccount(id: string, data: Partial<Account>): Promise<Account>;
+
+	createVerificationValue(
+		data: Omit<Verification, "createdAt" | "id" | "updatedAt"> &
+			Partial<Verification>,
+	): Promise<Verification>;
+
+	findVerificationValue(identifier: string): Promise<Verification | null>;
+
+	deleteVerificationValue(id: string): Promise<void>;
+
+	deleteVerificationByIdentifier(identifier: string): Promise<void>;
+
+	updateVerificationValue(
+		id: string,
+		data: Partial<Verification>,
+	): Promise<Verification>;
+}
+
+type CreateCookieGetterFn = (
+	cookieName: string,
+	overrideAttributes?: Partial<CookieOptions> | undefined,
+) => {
+	name: string;
+	attributes: CookieOptions;
+};
+
+type CheckPasswordFn<Options extends BetterAuthOptions = BetterAuthOptions> = (
+	userId: string,
+	ctx: GenericEndpointContext<Options>,
+) => Promise<boolean>;
+
+export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
+	{
+		options: Options;
+		appName: string;
+		baseURL: string;
+		trustedOrigins: string[];
+		oauthConfig: {
+			/**
+			 * This is dangerous and should only be used in dev or staging environments.
+			 */
+			skipStateCookieCheck?: boolean | undefined;
+			/**
+			 * Strategy for storing OAuth state
+			 *
+			 * - "cookie": Store state in an encrypted cookie (stateless)
+			 * - "database": Store state in the database
+			 *
+			 * @default "cookie"
+			 */
+			storeStateStrategy: "database" | "cookie";
+		};
+		/**
+		 * New session that will be set after the request
+		 * meaning: there is a `set-cookie` header that will set
+		 * the session cookie. This is the fetched session. And it's set
+		 * by `setNewSession` method.
+		 */
+		newSession: {
+			session: Session & Record<string, any>;
+			user: User & Record<string, any>;
+		} | null;
+		session: {
+			session: Session & Record<string, any>;
+			user: User & Record<string, any>;
+		} | null;
+		setNewSession: (
+			session: {
+				session: Session & Record<string, any>;
+				user: User & Record<string, any>;
+			} | null,
+		) => void;
+		socialProviders: OAuthProvider[];
+		authCookies: BetterAuthCookies;
+		logger: ReturnType<typeof createLogger>;
+		rateLimit: {
+			enabled: boolean;
+			window: number;
+			max: number;
+			storage: "memory" | "database" | "secondary-storage";
+		} & BetterAuthRateLimitOptions;
+		adapter: DBAdapter<Options>;
+		internalAdapter: InternalAdapter<Options>;
+		createAuthCookie: CreateCookieGetterFn;
+		secret: string;
+		sessionConfig: {
+			updateAge: number;
+			expiresIn: number;
+			freshAge: number;
+			cookieRefreshCache:
+				| false
+				| {
+						enabled: true;
+						updateAge: number;
+				  };
+		};
+		generateId: (options: {
+			model: LiteralUnion<DBPreservedModels, string>;
+			size?: number | undefined;
+		}) => string | false;
+		secondaryStorage: SecondaryStorage | undefined;
+		password: {
+			hash: (password: string) => Promise<string>;
+			verify: (data: { password: string; hash: string }) => Promise<boolean>;
+			config: {
+				minPasswordLength: number;
+				maxPasswordLength: number;
+			};
+			checkPassword: CheckPasswordFn<Options>;
+		};
+		tables: BetterAuthDBSchema;
+		runMigrations: () => Promise<void>;
+		publishTelemetry: (event: {
+			type: string;
+			anonymousId?: string | undefined;
+			payload: Record<string, any>;
+		}) => Promise<void>;
+		/**
+		 * This skips the origin check for all requests.
+		 *
+		 * set to true by default for `test` environments and `false`
+		 * for other environments.
+		 *
+		 * It's inferred from the `options.advanced?.disableCSRFCheck`
+		 * option or `options.advanced?.disableOriginCheck` option.
+		 *
+		 * @default false
+		 */
+		skipOriginCheck: boolean;
+		/**
+		 * This skips the CSRF check for all requests.
+		 *
+		 * This is inferred from the `options.advanced?.
+		 * disableCSRFCheck` option.
+		 *
+		 * @default false
+		 */
+		skipCSRFCheck: boolean;
+	};

package/src/types/cookie.ts

@@ -0,0 +1,8 @@
+import type { CookieOptions } from "better-call";
+
+export type BetterAuthCookies = {
+	sessionToken: { name: string; options: CookieOptions };
+	sessionData: { name: string; options: CookieOptions };
+	accountData: { name: string; options: CookieOptions };
+	dontRememberToken: { name: string; options: CookieOptions };
+};

package/src/types/index.ts

@@ -1,2 +1,22 @@
+export type { StandardSchemaV1 } from "@standard-schema/spec";
+export type {
+	AuthContext,
+	GenericEndpointContext,
+	InternalAdapter,
+} from "./context";
+export type { BetterAuthCookies } from "./cookie";
 export type * from "./helper";
-export type { BetterAuthAdvancedOptions, GenerateIdFn } from "./init-options";
+export type {
+	BetterAuthAdvancedOptions,
+	BetterAuthOptions,
+	BetterAuthRateLimitOptions,
+	GenerateIdFn,
+} from "./init-options";
+export type { BetterAuthPlugin, HookEndpointContext } from "./plugin";
+export type {
+	BetterAuthClientOptions,
+	BetterAuthClientPlugin,
+	ClientAtomListener,
+	ClientFetchOption,
+	ClientStore,
+} from "./plugin-client";