@better-auth/core 1.4.12-beta.2 → 1.4.13

package/src/db/adapter/factory.ts

@@ -200,7 +200,7 @@ export const createAdapterFactory =
 				let value = data[field];
 				const fieldAttributes = fields[field];
 
-				let newFieldName: string =
+				const newFieldName: string =
 					newMappedKeys[field] || fields[field]!.fieldName || field;
 				if (
 					value === undefined &&
@@ -335,7 +335,7 @@ export const createAdapterFactory =
 							newValue = await field.transform.output(newValue);
 						}
 
-						let newFieldName: string = newMappedKeys[key] || key;
+						const newFieldName: string = newMappedKeys[key] || key;
 
 						if (originalKey === "id" || field.references?.field === "id") {
 							// Even if `useNumberId` is true, we must always return a string `id` output.
@@ -392,7 +392,7 @@ export const createAdapterFactory =
 			unsafe_model = getDefaultModelName(unsafe_model);
 			// for now we just transform the base model
 			// later we append the joined models to this object.
-			let transformedData: Record<string, any> = await transformSingleOutput(
+			const transformedData: Record<string, any> = await transformSingleOutput(
 				data,
 				unsafe_model,
 				select,
@@ -443,7 +443,7 @@ export const createAdapterFactory =
 					joinedData = [joinedData];
 				}
 
-				let transformed = [];
+				const transformed = [];
 
 				if (Array.isArray(joinedData)) {
 					for (const item of joinedData) {
@@ -822,7 +822,7 @@ export const createAdapterFactory =
 				forceAllowId?: boolean;
 			}): Promise<R> => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				unsafeModel = getDefaultModelName(unsafeModel);
 				if (
@@ -903,7 +903,7 @@ export const createAdapterFactory =
 				update: Record<string, any>;
 			}): Promise<T | null> => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				unsafeModel = getDefaultModelName(unsafeModel);
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
@@ -965,7 +965,7 @@ export const createAdapterFactory =
 				update: Record<string, any>;
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1021,7 +1021,7 @@ export const createAdapterFactory =
 				join?: JoinOption;
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1095,7 +1095,7 @@ export const createAdapterFactory =
 				join?: JoinOption;
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const limit =
 					unsafeLimit ??
 					options.advanced?.database?.defaultFindManyLimit ??
@@ -1173,7 +1173,7 @@ export const createAdapterFactory =
 				where: Where[];
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1206,7 +1206,7 @@ export const createAdapterFactory =
 				where: Where[];
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1240,7 +1240,7 @@ export const createAdapterFactory =
 				where?: Where[];
 			}) => {
 				transactionId++;
-				let thisTransactionId = transactionId;
+				const thisTransactionId = transactionId;
 				const model = getModelName(unsafeModel);
 				const where = transformWhereClause({
 					model: unsafeModel,
@@ -1350,7 +1350,7 @@ export const createAdapterFactory =
 								}
 
 								//`${colors.fg.blue}|${colors.reset} `,
-								let log: any[] = logs
+								const log: any[] = logs
 									.reverse()
 									.map((log) => {
 										log.args[0] = `\n${log.args[0]}`;

package/src/db/adapter/get-default-model-name.ts

@@ -23,7 +23,7 @@ export const initGetDefaultModelName = ({
 		// It's possible this `model` could had applied `usePlural`.
 		// Thus we'll try the search but without the trailing `s`.
 		if (usePlural && model.charAt(model.length - 1) === "s") {
-			let pluralessModel = model.slice(0, -1);
+			const pluralessModel = model.slice(0, -1);
 			let m = schema[pluralessModel] ? pluralessModel : undefined;
 			if (!m) {
 				m = Object.entries(schema).find(

package/src/db/adapter/get-id-field.ts

@@ -36,7 +36,7 @@ export const initGetIdField = ({
 			options.advanced?.database?.generateId === "serial";
 		const useUUIDs = options.advanced?.database?.generateId === "uuid";
 
-		let shouldGenerateId: boolean = (() => {
+		const shouldGenerateId: boolean = (() => {
 			if (disableIdGeneration) {
 				return false;
 			} else if (useNumberId && !forceAllowId) {
@@ -58,7 +58,7 @@ export const initGetIdField = ({
 				? {
 						defaultValue() {
 							if (disableIdGeneration) return undefined;
-							let generateId = options.advanced?.database?.generateId;
+							const generateId = options.advanced?.database?.generateId;
 							if (generateId === false || useNumberId) return undefined;
 							if (typeof generateId === "function") {
 								return generateId({

package/src/error/index.ts

@@ -1,9 +1,8 @@
 export class BetterAuthError extends Error {
-	constructor(message: string, cause?: string | undefined) {
-		super(message);
+	constructor(message: string, options?: { cause?: unknown | undefined }) {
+		super(message, options);
 		this.name = "BetterAuthError";
 		this.message = message;
-		this.cause = cause;
 		this.stack = "";
 	}
 }

package/src/social-providers/gitlab.ts

@@ -65,7 +65,7 @@ const cleanDoubleSlashes = (input: string = "") => {
 };
 
 const issuerToEndpoints = (issuer?: string | undefined) => {
-	let baseUrl = issuer || "https://gitlab.com";
+	const baseUrl = issuer || "https://gitlab.com";
 	return {
 		authorizationEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/authorize`),
 		tokenEndpoint: cleanDoubleSlashes(`${baseUrl}/oauth/token`),

package/src/types/context.ts

@@ -11,7 +11,7 @@ import type {
 import type { DBAdapter, Where } from "../db/adapter";
 import type { createLogger } from "../env";
 import type { OAuthProvider } from "../oauth2";
-import type { BetterAuthCookies } from "./cookie";
+import type { BetterAuthCookie, BetterAuthCookies } from "./cookie";
 import type {
 	BetterAuthOptions,
 	BetterAuthRateLimitOptions,
@@ -150,10 +150,7 @@ export interface InternalAdapter<
 type CreateCookieGetterFn = (
 	cookieName: string,
 	overrideAttributes?: Partial<CookieOptions> | undefined,
-) => {
-	name: string;
-	attributes: CookieOptions;
-};
+) => BetterAuthCookie;
 
 type CheckPasswordFn<Options extends BetterAuthOptions = BetterAuthOptions> = (
 	userId: string,
@@ -166,139 +163,148 @@ export type PluginContext = {
 	) => Plugin | null;
 };
 
+export type InfoContext = {
+	appName: string;
+	baseURL: string;
+	version: string;
+};
+
 export type AuthContext<Options extends BetterAuthOptions = BetterAuthOptions> =
-	PluginContext & {
-		options: Options;
-		appName: string;
-		baseURL: string;
-		trustedOrigins: string[];
-		/**
-		 * Verifies whether url is a trusted origin according to the "trustedOrigins" configuration
-		 * @param url The url to verify against the "trustedOrigins" configuration
-		 * @param settings Specify supported pattern matching settings
-		 * @returns {boolean} true if the URL matches the origin pattern, false otherwise.
-		 */
-		isTrustedOrigin: (
-			url: string,
-			settings?: { allowRelativePaths: boolean },
-		) => boolean;
-		oauthConfig: {
+	PluginContext &
+		InfoContext & {
+			options: Options;
+			trustedOrigins: string[];
 			/**
-			 * This is dangerous and should only be used in dev or staging environments.
+			 * Verifies whether url is a trusted origin according to the "trustedOrigins" configuration
+			 * @param url The url to verify against the "trustedOrigins" configuration
+			 * @param settings Specify supported pattern matching settings
+			 * @returns {boolean} true if the URL matches the origin pattern, false otherwise.
 			 */
-			skipStateCookieCheck?: boolean | undefined;
+			isTrustedOrigin: (
+				url: string,
+				settings?: { allowRelativePaths: boolean },
+			) => boolean;
+			oauthConfig: {
+				/**
+				 * This is dangerous and should only be used in dev or staging environments.
+				 */
+				skipStateCookieCheck?: boolean | undefined;
+				/**
+				 * Strategy for storing OAuth state
+				 *
+				 * - "cookie": Store state in an encrypted cookie (stateless)
+				 * - "database": Store state in the database
+				 *
+				 * @default "cookie"
+				 */
+				storeStateStrategy: "database" | "cookie";
+			};
 			/**
-			 * Strategy for storing OAuth state
-			 *
-			 * - "cookie": Store state in an encrypted cookie (stateless)
-			 * - "database": Store state in the database
-			 *
-			 * @default "cookie"
+			 * New session that will be set after the request
+			 * meaning: there is a `set-cookie` header that will set
+			 * the session cookie. This is the fetched session. And it's set
+			 * by `setNewSession` method.
 			 */
-			storeStateStrategy: "database" | "cookie";
-		};
-		/**
-		 * New session that will be set after the request
-		 * meaning: there is a `set-cookie` header that will set
-		 * the session cookie. This is the fetched session. And it's set
-		 * by `setNewSession` method.
-		 */
-		newSession: {
-			session: Session & Record<string, any>;
-			user: User & Record<string, any>;
-		} | null;
-		session: {
-			session: Session & Record<string, any>;
-			user: User & Record<string, any>;
-		} | null;
-		setNewSession: (
+			newSession: {
+				session: Session & Record<string, any>;
+				user: User & Record<string, any>;
+			} | null;
 			session: {
 				session: Session & Record<string, any>;
 				user: User & Record<string, any>;
-			} | null,
-		) => void;
-		socialProviders: OAuthProvider[];
-		authCookies: BetterAuthCookies;
-		logger: ReturnType<typeof createLogger>;
-		rateLimit: {
-			enabled: boolean;
-			window: number;
-			max: number;
-			storage: "memory" | "database" | "secondary-storage";
-		} & BetterAuthRateLimitOptions;
-		adapter: DBAdapter<Options>;
-		internalAdapter: InternalAdapter<Options>;
-		createAuthCookie: CreateCookieGetterFn;
-		secret: string;
-		sessionConfig: {
-			updateAge: number;
-			expiresIn: number;
-			freshAge: number;
-			cookieRefreshCache:
-				| false
-				| {
-						enabled: true;
-						updateAge: number;
-				  };
-		};
-		generateId: (options: {
-			model: ModelNames;
-			size?: number | undefined;
-		}) => string | false;
-		secondaryStorage: SecondaryStorage | undefined;
-		password: {
-			hash: (password: string) => Promise<string>;
-			verify: (data: { password: string; hash: string }) => Promise<boolean>;
-			config: {
-				minPasswordLength: number;
-				maxPasswordLength: number;
+			} | null;
+			setNewSession: (
+				session: {
+					session: Session & Record<string, any>;
+					user: User & Record<string, any>;
+				} | null,
+			) => void;
+			socialProviders: OAuthProvider[];
+			authCookies: BetterAuthCookies;
+			logger: ReturnType<typeof createLogger>;
+			rateLimit: {
+				enabled: boolean;
+				window: number;
+				max: number;
+				storage: "memory" | "database" | "secondary-storage";
+			} & Omit<
+				BetterAuthRateLimitOptions,
+				"enabled" | "window" | "max" | "storage"
+			>;
+			adapter: DBAdapter<Options>;
+			internalAdapter: InternalAdapter<Options>;
+			createAuthCookie: CreateCookieGetterFn;
+			secret: string;
+			sessionConfig: {
+				updateAge: number;
+				expiresIn: number;
+				freshAge: number;
+				cookieRefreshCache:
+					| false
+					| {
+							enabled: true;
+							updateAge: number;
+					  };
 			};
-			checkPassword: CheckPasswordFn<Options>;
+			generateId: (options: {
+				model: ModelNames;
+				size?: number | undefined;
+			}) => string | false;
+			secondaryStorage: SecondaryStorage | undefined;
+			password: {
+				hash: (password: string) => Promise<string>;
+				verify: (data: { password: string; hash: string }) => Promise<boolean>;
+				config: {
+					minPasswordLength: number;
+					maxPasswordLength: number;
+				};
+				checkPassword: CheckPasswordFn<Options>;
+			};
+			tables: BetterAuthDBSchema;
+			runMigrations: () => Promise<void>;
+			publishTelemetry: (event: {
+				type: string;
+				anonymousId?: string | undefined;
+				payload: Record<string, any>;
+			}) => Promise<void>;
+			/**
+			 * Skip origin check for requests.
+			 *
+			 * - `true`: Skip for ALL requests (DANGEROUS - disables CSRF protection)
+			 * - `string[]`: Skip only for specific paths (e.g., SAML callbacks)
+			 * - `false`: Enable origin check (default)
+			 *
+			 * Paths support prefix matching (e.g., "/sso/saml2/callback" matches
+			 * "/sso/saml2/callback/provider-name").
+			 *
+			 * @default false (true in test environments)
+			 */
+			skipOriginCheck: boolean | string[];
+			/**
+			 * This skips the CSRF check for all requests.
+			 *
+			 * This is inferred from the `options.advanced?.
+			 * disableCSRFCheck` option.
+			 *
+			 * @default false
+			 */
+			skipCSRFCheck: boolean;
+			/**
+			 * Background task handler for deferred operations.
+			 *
+			 * This is inferred from the `options.advanced?.backgroundTasks?.handler` option.
+			 * Defaults to a no-op that just runs the promise.
+			 */
+			runInBackground: (promise: Promise<void>) => void;
+			/**
+			 * Runs a task in the background if `runInBackground` is configured,
+			 * otherwise awaits the task directly.
+			 *
+			 * This is useful for operations like sending emails where we want
+			 * to avoid blocking the response when possible (for timing attack
+			 * mitigation), but still ensure the operation completes.
+			 */
+			runInBackgroundOrAwait: (
+				promise: Promise<unknown> | Promise<void> | void | unknown,
+			) => Promise<unknown>;
 		};
-		tables: BetterAuthDBSchema;
-		runMigrations: () => Promise<void>;
-		publishTelemetry: (event: {
-			type: string;
-			anonymousId?: string | undefined;
-			payload: Record<string, any>;
-		}) => Promise<void>;
-		/**
-		 * This skips the origin check for all requests.
-		 *
-		 * set to true by default for `test` environments and `false`
-		 * for other environments.
-		 *
-		 * It's inferred from the `options.advanced?.disableCSRFCheck`
-		 * option or `options.advanced?.disableOriginCheck` option.
-		 *
-		 * @default false
-		 */
-		skipOriginCheck: boolean;
-		/**
-		 * This skips the CSRF check for all requests.
-		 *
-		 * This is inferred from the `options.advanced?.
-		 * disableCSRFCheck` option.
-		 *
-		 * @default false
-		 */
-		skipCSRFCheck: boolean;
-		/**
-		 * Background task handler for deferred operations.
-		 *
-		 * This is inferred from the `options.advanced?.backgroundTasks?.handler` option.
-		 * Defaults to a no-op that just runs the promise.
-		 */
-		runInBackground: (promise: Promise<void>) => void;
-		/**
-		 * Runs a task in the background if `runInBackground` is configured,
-		 * otherwise awaits the task directly.
-		 *
-		 * This is useful for operations like sending emails where we want
-		 * to avoid blocking the response when possible (for timing attack
-		 * mitigation), but still ensure the operation completes.
-		 */
-		runInBackgroundOrAwait: (
-			promise: Promise<unknown> | Promise<void> | void | unknown,
-		) => Promise<unknown>;
-	};

package/src/types/cookie.ts

@@ -1,8 +1,10 @@
 import type { CookieOptions } from "better-call";
 
+export type BetterAuthCookie = { name: string; attributes: CookieOptions };
+
 export type BetterAuthCookies = {
-	sessionToken: { name: string; options: CookieOptions };
-	sessionData: { name: string; options: CookieOptions };
-	accountData: { name: string; options: CookieOptions };
-	dontRememberToken: { name: string; options: CookieOptions };
+	sessionToken: BetterAuthCookie;
+	sessionData: BetterAuthCookie;
+	accountData: BetterAuthCookie;
+	dontRememberToken: BetterAuthCookie;
 };

package/src/types/index.ts

@@ -2,10 +2,11 @@ export type { StandardSchemaV1 } from "@standard-schema/spec";
 export type {
 	AuthContext,
 	GenericEndpointContext,
+	InfoContext,
 	InternalAdapter,
 	PluginContext,
 } from "./context";
-export type { BetterAuthCookies } from "./cookie";
+export type { BetterAuthCookie, BetterAuthCookies } from "./cookie";
 export type * from "./helper";
 export type {
 	BetterAuthAdvancedOptions,

package/tsdown.config.ts

@@ -1,5 +1,10 @@
+import { readFile } from "node:fs/promises";
 import { defineConfig } from "tsdown";
 
+const packageJson = JSON.parse(
+	await readFile(new URL("./package.json", import.meta.url), "utf-8"),
+);
+
 export default defineConfig({
 	dts: { build: true, incremental: true },
 	format: ["esm"],
@@ -18,5 +23,9 @@ export default defineConfig({
 		"./src/error/index.ts",
 	],
 	external: ["@better-auth/core/async_hooks"],
+	env: {
+		BETTER_AUTH_VERSION: packageJson.version,
+	},
+	unbundle: true,
 	clean: true,
 });

package/dist/context-BGZ8V6DD.mjs

@@ -1,126 +0,0 @@
-import { getAsyncLocalStorage } from "@better-auth/core/async_hooks";
-
-//#region src/context/endpoint-context.ts
-const symbol$2 = Symbol.for("better-auth:endpoint-context-async-storage");
-let currentContextAsyncStorage = null;
-const ensureAsyncStorage$2 = async () => {
-	if (!currentContextAsyncStorage || globalThis[symbol$2] === void 0) {
-		currentContextAsyncStorage = new (await (getAsyncLocalStorage()))();
-		globalThis[symbol$2] = currentContextAsyncStorage;
-	}
-	return currentContextAsyncStorage || globalThis[symbol$2];
-};
-/**
-* This is for internal use only. Most users should use `getCurrentAuthContext` instead.
-*
-* It is exposed for advanced use cases where you need direct access to the AsyncLocalStorage instance.
-*/
-async function getCurrentAuthContextAsyncLocalStorage() {
-	return ensureAsyncStorage$2();
-}
-async function getCurrentAuthContext() {
-	const context = (await ensureAsyncStorage$2()).getStore();
-	if (!context) throw new Error("No auth context found. Please make sure you are calling this function within a `runWithEndpointContext` callback.");
-	return context;
-}
-async function runWithEndpointContext(context, fn) {
-	return (await ensureAsyncStorage$2()).run(context, fn);
-}
-
-//#endregion
-//#region src/context/request-state.ts
-const symbol$1 = Symbol.for("better-auth:request-state-async-storage");
-let requestStateAsyncStorage = null;
-const ensureAsyncStorage$1 = async () => {
-	if (!requestStateAsyncStorage || globalThis[symbol$1] === void 0) {
-		requestStateAsyncStorage = new (await (getAsyncLocalStorage()))();
-		globalThis[symbol$1] = requestStateAsyncStorage;
-	}
-	return requestStateAsyncStorage || globalThis[symbol$1];
-};
-async function getRequestStateAsyncLocalStorage() {
-	return ensureAsyncStorage$1();
-}
-async function hasRequestState() {
-	return (await ensureAsyncStorage$1()).getStore() !== void 0;
-}
-async function getCurrentRequestState() {
-	const store = (await ensureAsyncStorage$1()).getStore();
-	if (!store) throw new Error("No request state found. Please make sure you are calling this function within a `runWithRequestState` callback.");
-	return store;
-}
-async function runWithRequestState(store, fn) {
-	return (await ensureAsyncStorage$1()).run(store, fn);
-}
-function defineRequestState(initFn) {
-	const ref = Object.freeze({});
-	return {
-		get ref() {
-			return ref;
-		},
-		async get() {
-			const store = await getCurrentRequestState();
-			if (!store.has(ref)) {
-				const initialValue = await initFn();
-				store.set(ref, initialValue);
-				return initialValue;
-			}
-			return store.get(ref);
-		},
-		async set(value) {
-			(await getCurrentRequestState()).set(ref, value);
-		}
-	};
-}
-
-//#endregion
-//#region src/context/transaction.ts
-const symbol = Symbol.for("better-auth:transaction-adapter-async-storage");
-let currentAdapterAsyncStorage = null;
-const ensureAsyncStorage = async () => {
-	if (!currentAdapterAsyncStorage || globalThis[symbol] === void 0) {
-		currentAdapterAsyncStorage = new (await (getAsyncLocalStorage()))();
-		globalThis[symbol] = currentAdapterAsyncStorage;
-	}
-	return currentAdapterAsyncStorage || globalThis[symbol];
-};
-/**
-* This is for internal use only. Most users should use `getCurrentAdapter` instead.
-*
-* It is exposed for advanced use cases where you need direct access to the AsyncLocalStorage instance.
-*/
-const getCurrentDBAdapterAsyncLocalStorage = async () => {
-	return ensureAsyncStorage();
-};
-const getCurrentAdapter = async (fallback) => {
-	return ensureAsyncStorage().then((als) => {
-		return als.getStore() || fallback;
-	}).catch(() => {
-		return fallback;
-	});
-};
-const runWithAdapter = async (adapter, fn) => {
-	let called = true;
-	return ensureAsyncStorage().then((als) => {
-		called = true;
-		return als.run(adapter, fn);
-	}).catch((err) => {
-		if (!called) return fn();
-		throw err;
-	});
-};
-const runWithTransaction = async (adapter, fn) => {
-	let called = true;
-	return ensureAsyncStorage().then((als) => {
-		called = true;
-		return adapter.transaction(async (trx) => {
-			return als.run(trx, fn);
-		});
-	}).catch((err) => {
-		if (!called) return fn();
-		throw err;
-	});
-};
-
-//#endregion
-export { defineRequestState as a, hasRequestState as c, getCurrentAuthContextAsyncLocalStorage as d, runWithEndpointContext as f, runWithTransaction as i, runWithRequestState as l, getCurrentDBAdapterAsyncLocalStorage as n, getCurrentRequestState as o, runWithAdapter as r, getRequestStateAsyncLocalStorage as s, getCurrentAdapter as t, getCurrentAuthContext as u };