@better-auth/core 1.4.0-beta.9 → 1.4.0

package/dist/index-DgwIISs7.d.mts

@@ -0,0 +1,7 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+
+//#region src/async_hooks/index.d.ts
+
+declare function getAsyncLocalStorage(): Promise<typeof AsyncLocalStorage>;
+//#endregion
+export { getAsyncLocalStorage as n, AsyncLocalStorage as t };

package/dist/index.d.mts

@@ -1,180 +1,3 @@
-import { L as LiteralString } from './shared/core.MjcDoj7R.mjs';
-export { a as LiteralUnion } from './shared/core.MjcDoj7R.mjs';
-import { A as AuthContext, B as BetterAuthOptions, a as AuthMiddleware } from './shared/core.CErFRCOZ.mjs';
-export { b as BetterAuthAdvancedOptions, d as BetterAuthCookies, c as BetterAuthRateLimitOptions, G as GenerateIdFn, e as GenericEndpointContext, I as InternalAdapter } from './shared/core.CErFRCOZ.mjs';
-import { Migration } from 'kysely';
-import { Endpoint, Middleware, EndpointContext, InputContext } from 'better-call';
-import { B as BetterAuthPluginDBSchema } from './shared/core.g9ACQ8v2.mjs';
-import { BetterFetch, BetterFetchOption, BetterFetchPlugin } from '@better-fetch/fetch';
-import { WritableAtom, Atom } from 'nanostores';
-import 'better-sqlite3';
-import './shared/core.g2ZbxAEV.mjs';
-import 'zod';
-import 'bun:sqlite';
-import 'node:sqlite';
-import './social-providers/index.mjs';
-import '@better-auth/core/oauth2';
-import './shared/core.Bisb2Bdk.mjs';
-import './shared/core.BwoNUcJQ.mjs';
-import '@better-auth/core';
-
-type Awaitable<T> = T | Promise<T>;
-type DeepPartial<T> = T extends Function ? T : T extends object ? {
-    [K in keyof T]?: DeepPartial<T[K]>;
-} : T;
-type HookEndpointContext = EndpointContext<string, any> & Omit<InputContext<string, any>, "method"> & {
-    context: AuthContext & {
-        returned?: unknown;
-        responseHeaders?: Headers;
-    };
-    headers?: Headers;
-};
-type BetterAuthPlugin = {
-    id: LiteralString;
-    /**
-     * The init function is called when the plugin is initialized.
-     * You can return a new context or modify the existing context.
-     */
-    init?: (ctx: AuthContext) => Awaitable<{
-        context?: DeepPartial<Omit<AuthContext, "options">>;
-        options?: Partial<BetterAuthOptions>;
-    }> | void | Promise<void>;
-    endpoints?: {
-        [key: string]: Endpoint;
-    };
-    middlewares?: {
-        path: string;
-        middleware: Middleware;
-    }[];
-    onRequest?: (request: Request, ctx: AuthContext) => Promise<{
-        response: Response;
-    } | {
-        request: Request;
-    } | void>;
-    onResponse?: (response: Response, ctx: AuthContext) => Promise<{
-        response: Response;
-    } | void>;
-    hooks?: {
-        before?: {
-            matcher: (context: HookEndpointContext) => boolean;
-            handler: AuthMiddleware;
-        }[];
-        after?: {
-            matcher: (context: HookEndpointContext) => boolean;
-            handler: AuthMiddleware;
-        }[];
-    };
-    /**
-     * Schema the plugin needs
-     *
-     * This will also be used to migrate the database. If the fields are dynamic from the plugins
-     * configuration each time the configuration is changed a new migration will be created.
-     *
-     * NOTE: If you want to create migrations manually using
-     * migrations option or any other way you
-     * can disable migration per table basis.
-     *
-     * @example
-     * ```ts
-     * schema: {
-     * 	user: {
-     * 		fields: {
-     * 			email: {
-     * 				 type: "string",
-     * 			},
-     * 			emailVerified: {
-     * 				type: "boolean",
-     * 				defaultValue: false,
-     * 			},
-     * 		},
-     * 	}
-     * } as AuthPluginSchema
-     * ```
-     */
-    schema?: BetterAuthPluginDBSchema;
-    /**
-     * The migrations of the plugin. If you define schema that will automatically create
-     * migrations for you.
-     *
-     * ⚠️ Only uses this if you dont't want to use the schema option and you disabled migrations for
-     * the tables.
-     */
-    migrations?: Record<string, Migration>;
-    /**
-     * The options of the plugin
-     */
-    options?: Record<string, any> | undefined;
-    /**
-     * types to be inferred
-     */
-    $Infer?: Record<string, any>;
-    /**
-     * The rate limit rules to apply to specific paths.
-     */
-    rateLimit?: {
-        window: number;
-        max: number;
-        pathMatcher: (path: string) => boolean;
-    }[];
-    /**
-     * The error codes returned by the plugin
-     */
-    $ERROR_CODES?: Record<string, string>;
-};
-
-interface ClientStore {
-    notify: (signal: string) => void;
-    listen: (signal: string, listener: () => void) => void;
-    atoms: Record<string, WritableAtom<any>>;
-}
-type ClientAtomListener = {
-    matcher: (path: string) => boolean;
-    signal: "$sessionSignal" | Omit<string, "$sessionSignal">;
-};
-interface BetterAuthClientOptions {
-    fetchOptions?: BetterFetchOption;
-    plugins?: BetterAuthClientPlugin[];
-    baseURL?: string;
-    basePath?: string;
-    disableDefaultFetchPlugins?: boolean;
-    $InferAuth?: BetterAuthOptions;
-}
-interface BetterAuthClientPlugin {
-    id: LiteralString;
-    /**
-     * only used for type inference. don't pass the
-     * actual plugin
-     */
-    $InferServerPlugin?: BetterAuthPlugin;
-    /**
-     * Custom actions
-     */
-    getActions?: ($fetch: BetterFetch, $store: ClientStore, 
-    /**
-     * better-auth client options
-     */
-    options: BetterAuthClientOptions | undefined) => Record<string, any>;
-    /**
-     * State atoms that'll be resolved by each framework
-     * auth store.
-     */
-    getAtoms?: ($fetch: BetterFetch) => Record<string, Atom<any>>;
-    /**
-     * specify path methods for server plugin inferred
-     * endpoints to force a specific method.
-     */
-    pathMethods?: Record<string, "POST" | "GET">;
-    /**
-     * Better fetch plugins
-     */
-    fetchPlugins?: BetterFetchPlugin[];
-    /**
-     * a list of recaller based on a matcher function.
-     * The signal name needs to match a signal in this
-     * plugin or any plugin the user might have added.
-     */
-    atomListeners?: ClientAtomListener[];
-}
-
-export { AuthContext, BetterAuthOptions, LiteralString };
-export type { BetterAuthClientOptions, BetterAuthClientPlugin, BetterAuthPlugin, ClientAtomListener, ClientStore };
+import { Dn as BetterAuthCookies, En as LiteralUnion, Tn as LiteralString, _ as BetterAuthRateLimitOptions, b as HookEndpointContext, c as BetterAuthClientPlugin, d as ClientStore, f as AuthContext, g as BetterAuthOptions, h as BetterAuthAdvancedOptions, l as ClientAtomListener, m as InternalAdapter, o as StandardSchemaV1, p as GenericEndpointContext, s as BetterAuthClientOptions, u as ClientFetchOption, v as GenerateIdFn, y as BetterAuthPlugin } from "./index-CkAWdKH8.mjs";
+import "./index-CdubV7uy.mjs";
+export { AuthContext, BetterAuthAdvancedOptions, BetterAuthClientOptions, BetterAuthClientPlugin, BetterAuthCookies, BetterAuthOptions, BetterAuthPlugin, BetterAuthRateLimitOptions, ClientAtomListener, ClientFetchOption, ClientStore, GenerateIdFn, GenericEndpointContext, HookEndpointContext, InternalAdapter, LiteralString, LiteralUnion, StandardSchemaV1 };

package/dist/index.mjs

@@ -1 +1 @@
-
+export {  };

package/dist/oauth2/index.d.mts

@@ -1,99 +1,3 @@
-import { O as OAuth2Tokens, P as ProviderOptions } from '../shared/core.Bisb2Bdk.mjs';
-export { b as OAuth2UserInfo, a as OAuthProvider } from '../shared/core.Bisb2Bdk.mjs';
-import * as jose from 'jose';
-import '../shared/core.MjcDoj7R.mjs';
-
-declare function getOAuth2Tokens(data: Record<string, any>): OAuth2Tokens;
-declare function generateCodeChallenge(codeVerifier: string): Promise<string>;
-
-declare function createAuthorizationURL({ id, options, authorizationEndpoint, state, codeVerifier, scopes, claims, redirectURI, duration, prompt, accessType, responseType, display, loginHint, hd, responseMode, additionalParams, scopeJoiner, }: {
-    id: string;
-    options: ProviderOptions;
-    redirectURI: string;
-    authorizationEndpoint: string;
-    state: string;
-    codeVerifier?: string;
-    scopes: string[];
-    claims?: string[];
-    duration?: string;
-    prompt?: string;
-    accessType?: string;
-    responseType?: string;
-    display?: string;
-    loginHint?: string;
-    hd?: string;
-    responseMode?: string;
-    additionalParams?: Record<string, string>;
-    scopeJoiner?: string;
-}): Promise<URL>;
-
-declare function createAuthorizationCodeRequest({ code, codeVerifier, redirectURI, options, authentication, deviceId, headers, additionalParams, resource, }: {
-    code: string;
-    redirectURI: string;
-    options: Partial<ProviderOptions>;
-    codeVerifier?: string;
-    deviceId?: string;
-    authentication?: "basic" | "post";
-    headers?: Record<string, string>;
-    additionalParams?: Record<string, string>;
-    resource?: string | string[];
-}): {
-    body: URLSearchParams;
-    headers: Record<string, any>;
-};
-declare function validateAuthorizationCode({ code, codeVerifier, redirectURI, options, tokenEndpoint, authentication, deviceId, headers, additionalParams, resource, }: {
-    code: string;
-    redirectURI: string;
-    options: Partial<ProviderOptions>;
-    codeVerifier?: string;
-    deviceId?: string;
-    tokenEndpoint: string;
-    authentication?: "basic" | "post";
-    headers?: Record<string, string>;
-    additionalParams?: Record<string, string>;
-    resource?: string | string[];
-}): Promise<OAuth2Tokens>;
-declare function validateToken(token: string, jwksEndpoint: string): Promise<jose.JWTVerifyResult<jose.JWTPayload>>;
-
-declare function createRefreshAccessTokenRequest({ refreshToken, options, authentication, extraParams, resource, }: {
-    refreshToken: string;
-    options: Partial<ProviderOptions>;
-    authentication?: "basic" | "post";
-    extraParams?: Record<string, string>;
-    resource?: string | string[];
-}): {
-    body: URLSearchParams;
-    headers: Record<string, any>;
-};
-declare function refreshAccessToken({ refreshToken, options, tokenEndpoint, authentication, extraParams, }: {
-    refreshToken: string;
-    options: Partial<ProviderOptions>;
-    tokenEndpoint: string;
-    authentication?: "basic" | "post";
-    extraParams?: Record<string, string>;
-    /** @deprecated always "refresh_token" */
-    grantType?: string;
-}): Promise<OAuth2Tokens>;
-
-declare function createClientCredentialsTokenRequest({ options, scope, authentication, resource, }: {
-    options: ProviderOptions & {
-        clientSecret: string;
-    };
-    scope?: string;
-    authentication?: "basic" | "post";
-    resource?: string | string[];
-}): {
-    body: URLSearchParams;
-    headers: Record<string, any>;
-};
-declare function clientCredentialsToken({ options, tokenEndpoint, scope, authentication, resource, }: {
-    options: ProviderOptions & {
-        clientSecret: string;
-    };
-    tokenEndpoint: string;
-    scope: string;
-    authentication?: "basic" | "post";
-    resource?: string | string[];
-}): Promise<OAuth2Tokens>;
-
-export { OAuth2Tokens, ProviderOptions, clientCredentialsToken, createAuthorizationCodeRequest, createAuthorizationURL, createClientCredentialsTokenRequest, createRefreshAccessTokenRequest, generateCodeChallenge, getOAuth2Tokens, refreshAccessToken, validateAuthorizationCode, validateToken };
+import { An as validateToken, Bn as OAuthProvider, Fn as createAuthorizationURL, In as clientCredentialsToken, Ln as createClientCredentialsTokenRequest, Mn as getOAuth2Tokens, Nn as createRefreshAccessTokenRequest, On as createAuthorizationCodeRequest, Pn as refreshAccessToken, Rn as OAuth2Tokens, Vn as ProviderOptions, jn as generateCodeChallenge, kn as validateAuthorizationCode, zn as OAuth2UserInfo } from "../index-CkAWdKH8.mjs";
+import "../index-CdubV7uy.mjs";
+export { OAuth2Tokens, OAuth2UserInfo, OAuthProvider, ProviderOptions, clientCredentialsToken, createAuthorizationCodeRequest, createAuthorizationURL, createClientCredentialsTokenRequest, createRefreshAccessTokenRequest, generateCodeChallenge, getOAuth2Tokens, refreshAccessToken, validateAuthorizationCode, validateToken };

package/dist/oauth2/index.mjs

@@ -1,357 +1,3 @@
-import { base64Url, base64 } from '@better-auth/utils/base64';
-import { betterFetch } from '@better-fetch/fetch';
-import { jwtVerify } from 'jose';
+import { a as refreshAccessToken, c as getOAuth2Tokens, i as createRefreshAccessTokenRequest, l as clientCredentialsToken, n as validateAuthorizationCode, o as createAuthorizationURL, r as validateToken, s as generateCodeChallenge, t as createAuthorizationCodeRequest, u as createClientCredentialsTokenRequest } from "../oauth2-DmgZmPEg.mjs";
 
-function getOAuth2Tokens(data) {
-  const getDate = (seconds) => {
-    const now = /* @__PURE__ */ new Date();
-    return new Date(now.getTime() + seconds * 1e3);
-  };
-  return {
-    tokenType: data.token_type,
-    accessToken: data.access_token,
-    refreshToken: data.refresh_token,
-    accessTokenExpiresAt: data.expires_in ? getDate(data.expires_in) : void 0,
-    refreshTokenExpiresAt: data.refresh_token_expires_in ? getDate(data.refresh_token_expires_in) : void 0,
-    scopes: data?.scope ? typeof data.scope === "string" ? data.scope.split(" ") : data.scope : [],
-    idToken: data.id_token
-  };
-}
-async function generateCodeChallenge(codeVerifier) {
-  const encoder = new TextEncoder();
-  const data = encoder.encode(codeVerifier);
-  const hash = await crypto.subtle.digest("SHA-256", data);
-  return base64Url.encode(new Uint8Array(hash), {
-    padding: false
-  });
-}
-
-async function createAuthorizationURL({
-  id,
-  options,
-  authorizationEndpoint,
-  state,
-  codeVerifier,
-  scopes,
-  claims,
-  redirectURI,
-  duration,
-  prompt,
-  accessType,
-  responseType,
-  display,
-  loginHint,
-  hd,
-  responseMode,
-  additionalParams,
-  scopeJoiner
-}) {
-  const url = new URL(authorizationEndpoint);
-  url.searchParams.set("response_type", responseType || "code");
-  const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-  url.searchParams.set("client_id", primaryClientId);
-  url.searchParams.set("state", state);
-  url.searchParams.set("scope", scopes.join(scopeJoiner || " "));
-  url.searchParams.set("redirect_uri", options.redirectURI || redirectURI);
-  duration && url.searchParams.set("duration", duration);
-  display && url.searchParams.set("display", display);
-  loginHint && url.searchParams.set("login_hint", loginHint);
-  prompt && url.searchParams.set("prompt", prompt);
-  hd && url.searchParams.set("hd", hd);
-  accessType && url.searchParams.set("access_type", accessType);
-  responseMode && url.searchParams.set("response_mode", responseMode);
-  if (codeVerifier) {
-    const codeChallenge = await generateCodeChallenge(codeVerifier);
-    url.searchParams.set("code_challenge_method", "S256");
-    url.searchParams.set("code_challenge", codeChallenge);
-  }
-  if (claims) {
-    const claimsObj = claims.reduce(
-      (acc, claim) => {
-        acc[claim] = null;
-        return acc;
-      },
-      {}
-    );
-    url.searchParams.set(
-      "claims",
-      JSON.stringify({
-        id_token: { email: null, email_verified: null, ...claimsObj }
-      })
-    );
-  }
-  if (additionalParams) {
-    Object.entries(additionalParams).forEach(([key, value]) => {
-      url.searchParams.set(key, value);
-    });
-  }
-  return url;
-}
-
-function createAuthorizationCodeRequest({
-  code,
-  codeVerifier,
-  redirectURI,
-  options,
-  authentication,
-  deviceId,
-  headers,
-  additionalParams = {},
-  resource
-}) {
-  const body = new URLSearchParams();
-  const requestHeaders = {
-    "content-type": "application/x-www-form-urlencoded",
-    accept: "application/json",
-    "user-agent": "better-auth",
-    ...headers
-  };
-  body.set("grant_type", "authorization_code");
-  body.set("code", code);
-  codeVerifier && body.set("code_verifier", codeVerifier);
-  options.clientKey && body.set("client_key", options.clientKey);
-  deviceId && body.set("device_id", deviceId);
-  body.set("redirect_uri", options.redirectURI || redirectURI);
-  if (resource) {
-    if (typeof resource === "string") {
-      body.append("resource", resource);
-    } else {
-      for (const _resource of resource) {
-        body.append("resource", _resource);
-      }
-    }
-  }
-  if (authentication === "basic") {
-    const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-    const encodedCredentials = base64.encode(
-      `${primaryClientId}:${options.clientSecret ?? ""}`
-    );
-    requestHeaders["authorization"] = `Basic ${encodedCredentials}`;
-  } else {
-    const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-    body.set("client_id", primaryClientId);
-    if (options.clientSecret) {
-      body.set("client_secret", options.clientSecret);
-    }
-  }
-  for (const [key, value] of Object.entries(additionalParams)) {
-    if (!body.has(key)) body.append(key, value);
-  }
-  return {
-    body,
-    headers: requestHeaders
-  };
-}
-async function validateAuthorizationCode({
-  code,
-  codeVerifier,
-  redirectURI,
-  options,
-  tokenEndpoint,
-  authentication,
-  deviceId,
-  headers,
-  additionalParams = {},
-  resource
-}) {
-  const { body, headers: requestHeaders } = createAuthorizationCodeRequest({
-    code,
-    codeVerifier,
-    redirectURI,
-    options,
-    authentication,
-    deviceId,
-    headers,
-    additionalParams,
-    resource
-  });
-  const { data, error } = await betterFetch(tokenEndpoint, {
-    method: "POST",
-    body,
-    headers: requestHeaders
-  });
-  if (error) {
-    throw error;
-  }
-  const tokens = getOAuth2Tokens(data);
-  return tokens;
-}
-async function validateToken(token, jwksEndpoint) {
-  const { data, error } = await betterFetch(jwksEndpoint, {
-    method: "GET",
-    headers: {
-      accept: "application/json",
-      "user-agent": "better-auth"
-    }
-  });
-  if (error) {
-    throw error;
-  }
-  const keys = data["keys"];
-  const header = JSON.parse(atob(token.split(".")[0]));
-  const key = keys.find((key2) => key2.kid === header.kid);
-  if (!key) {
-    throw new Error("Key not found");
-  }
-  const verified = await jwtVerify(token, key);
-  return verified;
-}
-
-function createRefreshAccessTokenRequest({
-  refreshToken,
-  options,
-  authentication,
-  extraParams,
-  resource
-}) {
-  const body = new URLSearchParams();
-  const headers = {
-    "content-type": "application/x-www-form-urlencoded",
-    accept: "application/json"
-  };
-  body.set("grant_type", "refresh_token");
-  body.set("refresh_token", refreshToken);
-  if (authentication === "basic") {
-    const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-    if (primaryClientId) {
-      headers["authorization"] = "Basic " + base64.encode(`${primaryClientId}:${options.clientSecret ?? ""}`);
-    } else {
-      headers["authorization"] = "Basic " + base64.encode(`:${options.clientSecret ?? ""}`);
-    }
-  } else {
-    const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-    body.set("client_id", primaryClientId);
-    if (options.clientSecret) {
-      body.set("client_secret", options.clientSecret);
-    }
-  }
-  if (resource) {
-    if (typeof resource === "string") {
-      body.append("resource", resource);
-    } else {
-      for (const _resource of resource) {
-        body.append("resource", _resource);
-      }
-    }
-  }
-  if (extraParams) {
-    for (const [key, value] of Object.entries(extraParams)) {
-      body.set(key, value);
-    }
-  }
-  return {
-    body,
-    headers
-  };
-}
-async function refreshAccessToken({
-  refreshToken,
-  options,
-  tokenEndpoint,
-  authentication,
-  extraParams
-}) {
-  const { body, headers } = createRefreshAccessTokenRequest({
-    refreshToken,
-    options,
-    authentication,
-    extraParams
-  });
-  const { data, error } = await betterFetch(tokenEndpoint, {
-    method: "POST",
-    body,
-    headers
-  });
-  if (error) {
-    throw error;
-  }
-  const tokens = {
-    accessToken: data.access_token,
-    refreshToken: data.refresh_token,
-    tokenType: data.token_type,
-    scopes: data.scope?.split(" "),
-    idToken: data.id_token
-  };
-  if (data.expires_in) {
-    const now = /* @__PURE__ */ new Date();
-    tokens.accessTokenExpiresAt = new Date(
-      now.getTime() + data.expires_in * 1e3
-    );
-  }
-  return tokens;
-}
-
-function createClientCredentialsTokenRequest({
-  options,
-  scope,
-  authentication,
-  resource
-}) {
-  const body = new URLSearchParams();
-  const headers = {
-    "content-type": "application/x-www-form-urlencoded",
-    accept: "application/json"
-  };
-  body.set("grant_type", "client_credentials");
-  scope && body.set("scope", scope);
-  if (resource) {
-    if (typeof resource === "string") {
-      body.append("resource", resource);
-    } else {
-      for (const _resource of resource) {
-        body.append("resource", _resource);
-      }
-    }
-  }
-  if (authentication === "basic") {
-    const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-    const encodedCredentials = base64Url.encode(
-      `${primaryClientId}:${options.clientSecret}`
-    );
-    headers["authorization"] = `Basic ${encodedCredentials}`;
-  } else {
-    const primaryClientId = Array.isArray(options.clientId) ? options.clientId[0] : options.clientId;
-    body.set("client_id", primaryClientId);
-    body.set("client_secret", options.clientSecret);
-  }
-  return {
-    body,
-    headers
-  };
-}
-async function clientCredentialsToken({
-  options,
-  tokenEndpoint,
-  scope,
-  authentication,
-  resource
-}) {
-  const { body, headers } = createClientCredentialsTokenRequest({
-    options,
-    scope,
-    authentication,
-    resource
-  });
-  const { data, error } = await betterFetch(tokenEndpoint, {
-    method: "POST",
-    body,
-    headers
-  });
-  if (error) {
-    throw error;
-  }
-  const tokens = {
-    accessToken: data.access_token,
-    tokenType: data.token_type,
-    scopes: data.scope?.split(" ")
-  };
-  if (data.expires_in) {
-    const now = /* @__PURE__ */ new Date();
-    tokens.accessTokenExpiresAt = new Date(
-      now.getTime() + data.expires_in * 1e3
-    );
-  }
-  return tokens;
-}
-
-export { clientCredentialsToken, createAuthorizationCodeRequest, createAuthorizationURL, createClientCredentialsTokenRequest, createRefreshAccessTokenRequest, generateCodeChallenge, getOAuth2Tokens, refreshAccessToken, validateAuthorizationCode, validateToken };
+export { clientCredentialsToken, createAuthorizationCodeRequest, createAuthorizationURL, createClientCredentialsTokenRequest, createRefreshAccessTokenRequest, generateCodeChallenge, getOAuth2Tokens, refreshAccessToken, validateAuthorizationCode, validateToken };