@better-auth/core 1.4.6-beta.2 → 1.4.6-beta.4

package/dist/social-providers/index.mjs

@@ -1,7 +1,7 @@
-import { i as logger } from "../env-8yWFh7b8.mjs";
-import { a as refreshAccessToken, c as getOAuth2Tokens, n as validateAuthorizationCode, o as createAuthorizationURL, s as generateCodeChallenge } from "../oauth2-B2XPHgx5.mjs";
-import "../utils-C5EN75oV.mjs";
-import { t as BetterAuthError } from "../error-BhAKg8LX.mjs";
+import { i as logger } from "../env-D6s-lvJz.mjs";
+import "../utils-BqQC77zO.mjs";
+import { t as BetterAuthError } from "../error-CMXuwPsa.mjs";
+import { a as refreshAccessToken, c as getOAuth2Tokens, n as validateAuthorizationCode, o as createAuthorizationURL, s as generateCodeChallenge } from "../oauth2-7k48hhcV.mjs";
 import * as z from "zod";
 import { base64 } from "@better-auth/utils/base64";
 import { betterFetch } from "@better-fetch/fetch";
@@ -836,9 +836,16 @@ const google = (options) => {
 		async verifyIdToken(token, nonce) {
 			if (options.disableIdTokenSignIn) return false;
 			if (options.verifyIdToken) return options.verifyIdToken(token, nonce);
-			const { data: tokenInfo } = await betterFetch(`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${token}`);
-			if (!tokenInfo) return false;
-			return tokenInfo.aud === options.clientId && (tokenInfo.iss === "https://accounts.google.com" || tokenInfo.iss === "accounts.google.com");
+			const { kid, alg: jwtAlg } = decodeProtectedHeader(token);
+			if (!kid || !jwtAlg) return false;
+			const { payload: jwtClaims } = await jwtVerify(token, await getGooglePublicKey(kid), {
+				algorithms: [jwtAlg],
+				issuer: ["https://accounts.google.com", "accounts.google.com"],
+				audience: options.clientId,
+				maxTokenAge: "1h"
+			});
+			if (nonce && jwtClaims.nonce !== nonce) return false;
+			return true;
 		},
 		async getUserInfo(token) {
 			if (options.getUserInfo) return options.getUserInfo(token);
@@ -860,6 +867,13 @@ const google = (options) => {
 		options
 	};
 };
+const getGooglePublicKey = async (kid) => {
+	const { data } = await betterFetch("https://www.googleapis.com/oauth2/v3/certs");
+	if (!data?.keys) throw new APIError("BAD_REQUEST", { message: "Keys not found" });
+	const jwk = data.keys.find((key) => key.kid === kid);
+	if (!jwk) throw new Error(`JWK with kid ${kid} not found`);
+	return await importJWK(jwk, jwk.alg);
+};
 
 //#endregion
 //#region src/social-providers/huggingface.ts
@@ -2577,4 +2591,4 @@ const socialProviderList = Object.keys(socialProviders);
 const SocialProviderListEnum = z.enum(socialProviderList).or(z.string());
 
 //#endregion
-export { SocialProviderListEnum, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, zoom };
+export { SocialProviderListEnum, apple, atlassian, cognito, discord, dropbox, facebook, figma, getApplePublicKey, getCognitoPublicKey, getGooglePublicKey, github, gitlab, google, huggingface, kakao, kick, line, linear, linkedin, microsoft, naver, notion, paybin, paypal, polar, reddit, roblox, salesforce, slack, socialProviderList, socialProviders, spotify, tiktok, twitch, twitter, vercel, vk, zoom };

package/dist/utils/index.d.mts

@@ -6,4 +6,13 @@ type InvalidKeyError<K$1 extends string> = `Invalid error code key: "${K$1}" - m
 type ValidateErrorCodes<T> = { [K in keyof T]: K extends string ? IsValidUpperSnakeCase<K> extends false ? InvalidKeyError<K> : T[K] : T[K] };
 declare function defineErrorCodes<const T extends Record<string, string>>(codes: ValidateErrorCodes<T>): T;
 //#endregion
-export { defineErrorCodes };
+//#region src/utils/id.d.ts
+declare const generateId: (size?: number) => string;
+//#endregion
+//#region src/utils/json.d.ts
+declare function safeJSONParse<T>(data: unknown): T | null;
+//#endregion
+//#region src/utils/string.d.ts
+declare function capitalizeFirstLetter(str: string): string;
+//#endregion
+export { capitalizeFirstLetter, defineErrorCodes, generateId, safeJSONParse };

package/dist/utils/index.mjs

@@ -1,3 +1,4 @@
-import { t as defineErrorCodes } from "../utils-C5EN75oV.mjs";
+import "../env-D6s-lvJz.mjs";
+import { i as defineErrorCodes, n as safeJSONParse, r as generateId, t as capitalizeFirstLetter } from "../utils-BqQC77zO.mjs";
 
-export { defineErrorCodes };
+export { capitalizeFirstLetter, defineErrorCodes, generateId, safeJSONParse };

package/dist/utils-BqQC77zO.mjs

@@ -0,0 +1,43 @@
+import { i as logger } from "./env-D6s-lvJz.mjs";
+import { createRandomStringGenerator } from "@better-auth/utils/random";
+
+//#region src/utils/error-codes.ts
+function defineErrorCodes(codes) {
+	return codes;
+}
+
+//#endregion
+//#region src/utils/id.ts
+const generateId = (size) => {
+	return createRandomStringGenerator("a-z", "A-Z", "0-9")(size || 32);
+};
+
+//#endregion
+//#region src/utils/json.ts
+function safeJSONParse(data) {
+	function reviver(_, value) {
+		if (typeof value === "string") {
+			if (/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?Z$/.test(value)) {
+				const date = new Date(value);
+				if (!isNaN(date.getTime())) return date;
+			}
+		}
+		return value;
+	}
+	try {
+		if (typeof data !== "string") return data;
+		return JSON.parse(data, reviver);
+	} catch (e) {
+		logger.error("Error parsing JSON", { error: e });
+		return null;
+	}
+}
+
+//#endregion
+//#region src/utils/string.ts
+function capitalizeFirstLetter(str) {
+	return str.charAt(0).toUpperCase() + str.slice(1);
+}
+
+//#endregion
+export { defineErrorCodes as i, safeJSONParse as n, generateId as r, capitalizeFirstLetter as t };

package/package.json

@@ -1,15 +1,16 @@
 {
   "name": "@better-auth/core",
-  "version": "1.4.6-beta.2",
+  "version": "1.4.6-beta.4",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "repository": {
     "type": "git",
-    "url": "https://github.com/better-auth/better-auth",
+    "url": "git+https://github.com/better-auth/better-auth.git",
     "directory": "packages/core"
   },
   "main": "./dist/index.mjs",
   "module": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
   "exports": {
     ".": {
       "dev-source": "./src/index.ts",
@@ -107,11 +108,11 @@
   "devDependencies": {
     "@better-auth/utils": "0.3.0",
     "@better-fetch/fetch": "1.1.18",
-    "better-call": "1.1.4",
+    "better-call": "1.1.5",
     "jose": "^6.1.0",
     "kysely": "^0.28.5",
     "nanostores": "^1.0.1",
-    "tsdown": "^0.16.0"
+    "tsdown": "^0.17.0"
   },
   "dependencies": {
     "@standard-schema/spec": "^1.0.0",
@@ -120,7 +121,7 @@
   "peerDependencies": {
     "@better-auth/utils": "0.3.0",
     "@better-fetch/fetch": "1.1.18",
-    "better-call": "1.1.4",
+    "better-call": "1.1.5",
     "jose": "^6.1.0",
     "kysely": "^0.28.5",
     "nanostores": "^1.0.1"
@@ -130,6 +131,7 @@
     "dev": "tsdown --watch",
     "lint:package": "publint run --strict",
     "typecheck": "tsc --project tsconfig.json",
-    "test": "vitest"
+    "test": "vitest",
+    "coverage": "vitest run --coverage"
   }
 }

package/src/async_hooks/convex.spec.ts

@@ -0,0 +1,12 @@
+import { expect, test, vi } from "vitest";
+
+vi.mock(import("node:async_hooks"), () => {
+	throw new Error("Doesn't work with convex");
+});
+
+test("should work with convex", async () => {
+	vi.stubEnv("CONVEX_CLOUD_URL", "https://convex.com");
+	vi.stubEnv("CONVEX_SITE_URL", "http://test.com");
+	const { getAsyncLocalStorage } = await import(".");
+	await expect(getAsyncLocalStorage()).to.resolves.toBeDefined();
+});

package/src/async_hooks/index.ts

@@ -1,35 +1,70 @@
-/**
- * AsyncLocalStorage will be import directly in 1.5.x
- */
 import type { AsyncLocalStorage } from "node:async_hooks";
+import { env } from "../env";
 
-// We only export the type here to avoid issues in environments where AsyncLocalStorage is not available.
 export type { AsyncLocalStorage };
 
-const AsyncLocalStoragePromise: Promise<typeof AsyncLocalStorage> = import(
-	/* @vite-ignore */
-	/* webpackIgnore: true */
-	"node:async_hooks"
-)
-	.then((mod) => mod.AsyncLocalStorage)
-	.catch((err) => {
-		if ("AsyncLocalStorage" in globalThis) {
-			return (globalThis as any).AsyncLocalStorage;
+/**
+ * Due to the lack of AsyncLocalStorage in some environments (like Convex),
+ *
+ * We assume serverless functions are short-lived and single-threaded, so we can use a simple polyfill.
+ */
+class AsyncLocalStoragePolyfill<T> {
+	#current: T | undefined = undefined;
+
+	run(store: T, fn: () => unknown): unknown {
+		const prev = this.#current;
+		this.#current = store;
+		const result = fn();
+		if (result instanceof Promise) {
+			return result.finally(() => {
+				this.#current = prev;
+			});
 		}
-		console.warn(
-			"[better-auth] Warning: AsyncLocalStorage is not available in this environment. Some features may not work as expected.",
-		);
-		console.warn(
-			"[better-auth] Please read more about this warning at https://better-auth.com/docs/installation#mount-handler",
-		);
-		console.warn(
-			"[better-auth] If you are using Cloudflare Workers, please see: https://developers.cloudflare.com/workers/configuration/compatibility-flags/#nodejs-compatibility-flag",
-		);
-		throw err;
-	});
+		this.#current = prev;
+		return result;
+	}
+
+	getStore(): T | undefined {
+		return this.#current;
+	}
+}
+
+const AsyncLocalStoragePromise: Promise<typeof AsyncLocalStorage | null> =
+	import(
+		/* @vite-ignore */
+		/* webpackIgnore: true */
+		"node:async_hooks"
+	)
+		.then((mod) => mod.AsyncLocalStorage)
+		.catch((err) => {
+			if ("AsyncLocalStorage" in globalThis) {
+				return (globalThis as any).AsyncLocalStorage;
+			}
+			if (typeof window !== "undefined") {
+				return null;
+			}
+			if (env["CONVEX_CLOUD_URL"] || env["CONVEX_SITE_URL"]) {
+				return AsyncLocalStoragePolyfill;
+			}
+			console.warn(
+				"[better-auth] Warning: AsyncLocalStorage is not available in this environment. Some features may not work as expected.",
+			);
+			console.warn(
+				"[better-auth] Please read more about this warning at https://better-auth.com/docs/installation#mount-handler",
+			);
+			console.warn(
+				"[better-auth] If you are using Cloudflare Workers, please see: https://developers.cloudflare.com/workers/configuration/compatibility-flags/#nodejs-compatibility-flag",
+			);
+			throw err;
+		});
 
 export async function getAsyncLocalStorage(): Promise<
 	typeof AsyncLocalStorage
 > {
-	return AsyncLocalStoragePromise;
+	const mod = await AsyncLocalStoragePromise;
+	if (mod === null) {
+		throw new Error("getAsyncLocalStorage is only available in server code");
+	} else {
+		return mod;
+	}
 }