@better-auth/core 1.5.0-beta.9 → 1.5.0

package/dist/types/init-options.d.mts

@@ -1,32 +1,76 @@
 import { DBFieldAttribute, ModelNames, SecondaryStorage } from "../db/type.mjs";
-import { Account } from "../db/schema/account.mjs";
-import { RateLimit } from "../db/schema/rate-limit.mjs";
-import { Session } from "../db/schema/session.mjs";
-import { User } from "../db/schema/user.mjs";
-import { Verification } from "../db/schema/verification.mjs";
-import "../db/index.mjs";
-import { Awaitable, LiteralUnion } from "./helper.mjs";
 import { DBAdapterDebugLogOption, DBAdapterInstance } from "../db/adapter/index.mjs";
+import { BaseRateLimit, RateLimit } from "../db/schema/rate-limit.mjs";
+import { BaseSession, Session } from "../db/schema/session.mjs";
+import { BaseUser, User } from "../db/schema/user.mjs";
+import { BaseVerification, Verification } from "../db/schema/verification.mjs";
 import { Logger } from "../env/logger.mjs";
 import { SocialProviderList, SocialProviders } from "../social-providers/index.mjs";
+import { Awaitable, LiteralString, LiteralUnion } from "./helper.mjs";
 import { BetterAuthPlugin } from "./plugin.mjs";
+import { Account, BaseAccount } from "../db/schema/account.mjs";
+import "../db/index.mjs";
 import { AuthContext, GenericEndpointContext } from "./context.mjs";
 import { AuthMiddleware } from "../api/index.mjs";
 import { CookieOptions } from "better-call";
 import { Database } from "bun:sqlite";
 import { DatabaseSync } from "node:sqlite";
+import { D1Database } from "@cloudflare/workers-types";
 import { Dialect, Kysely, MysqlPool, PostgresPool, SqliteDatabase } from "kysely";
 
 //#region src/types/init-options.d.ts
 type KyselyDatabaseType = "postgres" | "mysql" | "sqlite" | "mssql";
-type OmitId<T extends {
-  id: unknown;
-}> = Omit<T, "id">;
 type Optional<T> = { [P in keyof T]?: T[P] | undefined };
+type StoreIdentifierOption = "plain" | "hashed" | {
+  hash: (identifier: string) => Promise<string>;
+};
 type GenerateIdFn = (options: {
   model: ModelNames;
   size?: number | undefined;
 }) => string | false;
+/**
+ * Configuration for dynamic base URL resolution.
+ * Allows Better Auth to work with multiple domains (e.g., Vercel preview deployments).
+ */
+type DynamicBaseURLConfig = {
+  /**
+   * List of allowed hostnames. Supports wildcard patterns.
+   *
+   * The derived host from the request will be validated against this list.
+   * Uses the same wildcard matching as `trustedOrigins`.
+   *
+   * @example
+   * ```ts
+   * allowedHosts: [
+   *   "myapp.com",           // Exact match
+   *   "*.vercel.app",        // Any Vercel preview
+   *   "preview-*.myapp.com"  // Pattern match
+   * ]
+   * ```
+   */
+  allowedHosts: string[];
+  /**
+   * Fallback URL to use if the derived host doesn't match any allowed host.
+   * If not set, Better Auth will throw an error when the host doesn't match.
+   *
+   * @example "https://myapp.com"
+   */
+  fallback?: string | undefined;
+  /**
+   * Protocol to use when constructing the URL.
+   * - `"https"`: Always use HTTPS (recommended for production)
+   * - `"http"`: Always use HTTP (for local development)
+   * - `"auto"`: Derive from `x-forwarded-proto` header or default to HTTPS
+   *
+   * @default "auto"
+   */
+  protocol?: "http" | "https" | "auto" | undefined;
+};
+/**
+ * Base URL configuration.
+ * Can be a static string or a dynamic config for multi-domain deployments.
+ */
+type BaseURLConfig = string | DynamicBaseURLConfig;
 interface BetterAuthRateLimitStorage {
   get: (key: string) => Promise<RateLimit | null | undefined>;
   set: (key: string, value: RateLimit, update?: boolean | undefined) => Promise<void>;
@@ -46,7 +90,21 @@ type BetterAuthRateLimitRule = {
    */
   max: number;
 };
-type BetterAuthRateLimitOptions = Optional<BetterAuthRateLimitRule> & {
+type BetterAuthDBOptions<ModelName extends string, Keys extends string = string> = {
+  /**
+   * The name of the model. Defaults to the model name.
+   */
+  modelName?: ModelName | LiteralString;
+  /**
+   * Map fields to database columns
+   */
+  fields?: Partial<Record<Exclude<Keys, "id">, string>>;
+  /**
+   * Additional fields for the model
+   */
+  additionalFields?: { [Key in Exclude<string, Keys | "id">]: DBFieldAttribute };
+};
+type BetterAuthRateLimitOptions = Optional<BetterAuthRateLimitRule> & Omit<BetterAuthDBOptions<"rateLimit", keyof BaseRateLimit>, "additionalFields"> & {
   /**
    * By default, rate limiting is only
    * enabled on production.
@@ -69,17 +127,6 @@ type BetterAuthRateLimitOptions = Optional<BetterAuthRateLimitRule> & {
    * @default "memory"
    */
   storage?: ("memory" | "database" | "secondary-storage") | undefined;
-  /**
-   * If database is used as storage, the name of the table to
-   * use for rate limiting.
-   *
-   * @default "rateLimit"
-   */
-  modelName?: string | undefined;
-  /**
-   * Custom field names for the rate limit table
-   */
-  fields?: Partial<Record<keyof RateLimit, string>> | undefined;
   /**
    * custom storage configuration.
    *
@@ -112,23 +159,11 @@ type BetterAuthAdvancedOptions = {
     disableIpTracking?: boolean;
     /**
      * IPv6 subnet prefix length for rate limiting.
+     * IPv6 addresses will be normalized to this subnet.
      *
-     * IPv6 addresses can be grouped by subnet to prevent attackers from
-     * bypassing rate limits by rotating through multiple addresses in
-     * their allocation.
-     *
-     * Common values:
-     * - 128 (default): Individual IPv6 address
-     * - 64: /64 subnet (typical home/business allocation)
-     * - 48: /48 subnet (larger network allocation)
-     * - 32: /32 subnet (ISP allocation)
-     *
-     * Note: This only affects IPv6 addresses. IPv4 addresses are always
-     * rate limited individually.
-     *
-     * @default 64 (/64 subnet)
+     * @default 64
      */
-    ipv6Subnet?: 128 | 64 | 48 | 32 | undefined;
+    ipv6Subnet?: 128 | 64 | 48 | 32;
   } | undefined;
   /**
    * Use secure cookies
@@ -213,17 +248,6 @@ type BetterAuthAdvancedOptions = {
      * @default 100
      */
     defaultFindManyLimit?: number;
-    /**
-     * If your database auto increments number ids, set this to `true`.
-     *
-     * Note: If enabled, we will not handle ID generation (including if you use `generateId`), and it would be expected that your database will provide the ID automatically.
-     *
-     * @default false
-     *
-     * @deprecated Please use `generateId` instead. This will be removed in future
-     * releases.
-     */
-    useNumberId?: boolean;
     /**
      * Custom generateId function.
      *
@@ -277,14 +301,17 @@ type BetterAuthAdvancedOptions = {
    * }
    */
   backgroundTasks?: {
-    handler: (promise: Promise<void>) => void;
+    handler: (promise: Promise<unknown>) => void;
   };
   /**
-   * Skip trailing slash validation in route matching
+   * Skip trailing slashes in API routes.
+   *
+   * When enabled, requests with trailing slashes (e.g., `/api/auth/session/`)
+   * will be handled the same as requests without (e.g., `/api/auth/session`).
    *
    * @default false
    */
-  skipTrailingSlashes?: boolean | undefined;
+  skipTrailingSlashes?: boolean;
 };
 type BetterAuthOptions = {
   /**
@@ -298,12 +325,27 @@ type BetterAuthOptions = {
   /**
    * Base URL for the Better Auth. This is typically the
    * root URL where your application server is hosted.
-   * If not explicitly set,
-   * the system will check the following environment variable:
    *
-   * process.env.BETTER_AUTH_URL
+   * Can be configured as:
+   * - A static string: `"https://myapp.com"`
+   * - A dynamic config with allowed hosts for multi-domain deployments
+   *
+   * If not explicitly set, the system will check environment variables:
+   * `BETTER_AUTH_URL`, `NEXT_PUBLIC_BETTER_AUTH_URL`, etc.
+   *
+   * @example
+   * ```ts
+   * // Static URL
+   * baseURL: "https://myapp.com"
+   *
+   * // Dynamic with allowed hosts (for Vercel, multi-domain, etc.)
+   * baseURL: {
+   *   allowedHosts: ["myapp.com", "*.vercel.app", "preview-*.myapp.com"],
+   *   fallback: "https://myapp.com"
+   * }
+   * ```
    */
-  baseURL?: string | undefined;
+  baseURL?: BaseURLConfig | undefined;
   /**
    * Base path for the Better Auth. This is typically
    * the path where the
@@ -336,10 +378,26 @@ type BetterAuthOptions = {
    * ```
    */
   secret?: string | undefined;
+  /**
+   * Versioned secrets for non-destructive secret rotation.
+   * When set, encryption uses an envelope format with key IDs.
+   * First entry is the current key used for new encryption.
+   * Remaining entries are decryption-only (previous rotations).
+   *
+   * Can also be set via BETTER_AUTH_SECRETS env var:
+   * `BETTER_AUTH_SECRETS=2:base64secret,1:base64secret`
+   *
+   * When set, `secret` is only used as legacy fallback
+   * for decrypting bare-hex payloads that predate the envelope format.
+   */
+  secrets?: Array<{
+    version: number;
+    value: string;
+  }> | undefined;
   /**
    * Database configuration
    */
-  database?: (PostgresPool | MysqlPool | SqliteDatabase | Dialect | DBAdapterInstance | Database | DatabaseSync | {
+  database?: (PostgresPool | MysqlPool | SqliteDatabase | Dialect | DBAdapterInstance | Database | DatabaseSync | D1Database | {
     dialect: Dialect;
     type: KyselyDatabaseType;
     /**
@@ -425,10 +483,13 @@ type BetterAuthOptions = {
      */
     request?: Request) => Promise<void>;
     /**
-     * Send a verification email automatically
-     * after sign up
+     * Send a verification email automatically after sign up.
      *
-     * @default false
+     * - `true`: Always send verification email on sign up
+     * - `false`: Never send verification email on sign up
+     * - `undefined`: Follows `requireEmailVerification` behavior
+     *
+     * @default undefined
      */
     sendOnSignUp?: boolean;
     /**
@@ -448,13 +509,6 @@ type BetterAuthOptions = {
      * @default 3600 seconds (1 hour)
      */
     expiresIn?: number;
-    /**
-     * A function that is called when a user verifies their email
-     * @param user the user that verified their email
-     * @param request the request object
-     * @deprecated Use `beforeEmailVerification` or `afterEmailVerification` instead. This will be removed in 1.5
-     */
-    onEmailVerification?: (user: User, request?: Request) => Promise<void>;
     /**
      * A function that is called before a user verifies their email
      * @param user the user that verified their email
@@ -563,6 +617,56 @@ type BetterAuthOptions = {
      * @default false
      */
     revokeSessionsOnPasswordReset?: boolean;
+    /**
+     * A callback function that is triggered when a user tries to sign up
+     * with an email that already exists. Useful for notifying the existing user
+     * that someone attempted to register with their email.
+     *
+     * This is only called when `requireEmailVerification: true` or `autoSignIn: false`.
+     */
+    onExistingUserSignUp?: (
+    /**
+     * @param user the existing user from the database
+     */
+    data: {
+      user: User;
+    }, request?: Request) => Promise<void>;
+    /**
+     * Build a custom synthetic user for email enumeration
+     * protection. When a sign-up attempt is made with an
+     * email that already exists, this function is called
+     * to build the fake user response.
+     *
+     * Use this when plugins add fields to the user table
+     * (e.g. admin plugin adds `role`, `banned`, etc.)
+     * to ensure the fake response is indistinguishable
+     * from a real sign-up.
+     *
+     * @example
+     * ```ts
+     * customSyntheticUser: ({ coreFields, additionalFields, id }) => ({
+     *   ...coreFields,
+     *   role: "user",
+     *   banned: false,
+     *   banReason: null,
+     *   banExpires: null,
+     *   ...additionalFields,
+     *   id,
+     * })
+     * ```
+     */
+    customSyntheticUser?: (params: {
+      /** Core user fields: name, email, emailVerified, image, createdAt, updatedAt */coreFields: {
+        name: string;
+        email: string;
+        emailVerified: boolean;
+        image: string | null;
+        createdAt: Date;
+        updatedAt: Date;
+      }; /** Processed additional fields from options.user.additionalFields (with defaults applied) */
+      additionalFields: Record<string, unknown>; /** Generated user ID */
+      id: string;
+    }) => Record<string, unknown>;
   } | undefined;
   /**
    * list of social providers
@@ -575,28 +679,7 @@ type BetterAuthOptions = {
   /**
    * User configuration
    */
-  user?: {
-    /**
-     * The model name for the user. Defaults to "user".
-     */
-    modelName?: string;
-    /**
-     * Map fields
-     *
-     * @example
-     * ```ts
-     * {
-     *  userId: "user_id"
-     * }
-     * ```
-     */
-    fields?: Partial<Record<keyof OmitId<User>, string>>;
-    /**
-     * Additional fields for the user
-     */
-    additionalFields?: {
-      [key: string]: DBFieldAttribute;
-    };
+  user?: (BetterAuthDBOptions<"user", keyof BaseUser> & {
     /**
      * Changing email configuration
      */
@@ -606,18 +689,6 @@ type BetterAuthOptions = {
        * @default false
        */
       enabled: boolean;
-      /**
-       * Send a verification email when the user changes their email.
-       * @param data the data object
-       * @param request the request object
-       * @deprecated Use `sendChangeEmailConfirmation` instead
-       */
-      sendChangeEmailVerification?: (data: {
-        user: User;
-        newEmail: string;
-        url: string;
-        token: string;
-      }, request?: Request) => Promise<void>;
       /**
        * Send a confirmation email to the old email address when the user changes their email.
        * @param data the data object
@@ -674,24 +745,8 @@ type BetterAuthOptions = {
        */
       deleteTokenExpiresIn?: number;
     };
-  } | undefined;
-  session?: {
-    /**
-     * The model name for the session.
-     *
-     * @default "session"
-     */
-    modelName?: string;
-    /**
-     * Map fields
-     *
-     * @example
-     * ```ts
-     * {
-     *  userId: "user_id"
-     * }
-     */
-    fields?: Partial<Record<keyof OmitId<Session>, string>>;
+  }) | undefined;
+  session?: (BetterAuthDBOptions<"session", keyof BaseSession> & {
     /**
      * Expiration time for the session token. The value
      * should be in seconds.
@@ -713,11 +768,13 @@ type BetterAuthOptions = {
      */
     disableSessionRefresh?: boolean;
     /**
-     * Additional fields for the session
+     * Defer session refresh writes to POST requests.
+     * When enabled, GET is read-only and POST performs refresh.
+     * Useful for read-replica database setups.
+     *
+     * @default false
      */
-    additionalFields?: {
-      [key: string]: DBFieldAttribute;
-    };
+    deferSessionRefresh?: boolean;
     /**
      * By default if secondary storage is provided
      * the session is stored in the secondary storage.
@@ -816,22 +873,8 @@ type BetterAuthOptions = {
      * @default 1 day (60 * 60 * 24)
      */
     freshAge?: number;
-  } | undefined;
-  account?: {
-    /**
-     * The model name for the account. Defaults to "account".
-     */
-    modelName?: string;
-    /**
-     * Map fields
-     */
-    fields?: Partial<Record<keyof OmitId<Account>, string>>;
-    /**
-     * Additional fields for the account
-     */
-    additionalFields?: {
-      [key: string]: DBFieldAttribute;
-    };
+  }) | undefined;
+  account?: (BetterAuthDBOptions<"account", keyof BaseAccount> & {
     /**
      * When enabled (true), the user account data (accessToken, idToken, refreshToken, etc.)
      * will be updated on sign in with the latest data from the provider.
@@ -850,9 +893,38 @@ type BetterAuthOptions = {
        */
       enabled?: boolean;
       /**
-       * List of trusted providers
+       * Disable implicit account linking on sign-in.
+       *
+       * When enabled, accounts will not be automatically linked
+       * during OAuth sign-in, even if the email is verified or
+       * the provider is trusted. Users must explicitly link
+       * accounts using `linkSocial()` while authenticated.
+       *
+       * @default false
+       */
+      disableImplicitLinking?: boolean;
+      /**
+       * List of trusted providers. Can be a static array or a function
+       * that returns providers dynamically. The function is called
+       * during context init (with `request` undefined) and again
+       * on each request (with the incoming Request). It must be
+       * resilient to `request` being undefined.
+       *
+       * @example
+       * ```ts
+       * trustedProviders: ["google", "github"]
+       * ```
+       *
+       * @example
+       * ```ts
+       * trustedProviders: async (request) => {
+       *   if (!request) return [];
+       *   const providers = await getTrustedProvidersForTenant(request);
+       *   return providers;
+       * }
+       * ```
        */
-      trustedProviders?: Array<LiteralUnion<SocialProviderList[number] | "email-password", string>>;
+      trustedProviders?: Array<LiteralUnion<SocialProviderList[number] | "email-password", string>> | ((request?: Request | undefined) => Awaitable<Array<LiteralUnion<SocialProviderList[number] | "email-password", string>>>);
       /**
        * If enabled (true), this will allow users to manually linking accounts with different email addresses than the main user.
        *
@@ -914,31 +986,30 @@ type BetterAuthOptions = {
      * @note This is automatically set to true if you haven't passed a database
      */
     storeAccountCookie?: boolean;
-  } | undefined;
-  /**
-   * Verification configuration
-   */
-  verification?: {
-    /**
-     * Change the modelName of the verification table
-     */
-    modelName?: string;
+  }) | undefined;
+  verification?: (BetterAuthDBOptions<"verification", keyof BaseVerification> & {
     /**
-     * Map verification fields
+     * disable cleaning up expired values when a verification value is
+     * fetched
      */
-    fields?: Partial<Record<keyof OmitId<Verification>, string>>;
+    disableCleanup?: boolean;
     /**
-     * Additional fields for the verification
+     * How to store verification identifiers (tokens, OTPs, etc.)
+     *
+     * @example "hashed"
+     *
+     * @default "plain"
      */
-    additionalFields?: {
-      [key: string]: DBFieldAttribute;
+    storeIdentifier?: StoreIdentifierOption | {
+      default: StoreIdentifierOption;
+      overrides?: Record<string, StoreIdentifierOption>;
     };
     /**
-     * disable cleaning up expired values when a verification value is
-     * fetched
+     * Store verification data in database even when secondary storage is configured.
+     * @default false
      */
-    disableCleanup?: boolean;
-  } | undefined;
+    storeInDatabase?: boolean;
+  }) | undefined;
   /**
    * List of trusted origins.
    *
@@ -1276,4 +1347,5 @@ type BetterAuthOptions = {
   };
 };
 //#endregion
-export { BetterAuthAdvancedOptions, BetterAuthOptions, BetterAuthRateLimitOptions, BetterAuthRateLimitRule, BetterAuthRateLimitStorage, GenerateIdFn };
+export { BaseURLConfig, BetterAuthAdvancedOptions, BetterAuthDBOptions, BetterAuthOptions, BetterAuthRateLimitOptions, BetterAuthRateLimitRule, BetterAuthRateLimitStorage, DynamicBaseURLConfig, GenerateIdFn, StoreIdentifierOption };
+//# sourceMappingURL=init-options.d.mts.map

package/dist/types/plugin-client.d.mts

@@ -13,6 +13,7 @@ interface ClientStore {
 type ClientAtomListener = {
   matcher: (path: string) => boolean;
   signal: "$sessionSignal" | Omit<string, "$sessionSignal">;
+  callback?: (path: string) => void;
 };
 /**
  * Better-Fetch options but with additional options for the auth-client.
@@ -77,6 +78,7 @@ interface BetterAuthClientPlugin {
   /**
    * better-auth client options
    */
+
   options: BetterAuthClientOptions | undefined) => Record<string, any>;
   /**
    * State atoms that'll be resolved by each framework
@@ -107,4 +109,5 @@ interface BetterAuthClientPlugin {
   }>;
 }
 //#endregion
-export { BetterAuthClientOptions, BetterAuthClientPlugin, ClientAtomListener, ClientFetchOption, ClientStore };
+export { BetterAuthClientOptions, BetterAuthClientPlugin, ClientAtomListener, ClientFetchOption, ClientStore };
+//# sourceMappingURL=plugin-client.d.mts.map

package/dist/types/plugin.d.mts

@@ -1,7 +1,8 @@
 import { BetterAuthPluginDBSchema } from "../db/plugin.mjs";
-import "../db/index.mjs";
 import { Awaitable, LiteralString } from "./helper.mjs";
+import { RawError } from "../utils/error-codes.mjs";
 import { BetterAuthOptions } from "./init-options.mjs";
+import "../db/index.mjs";
 import { AuthContext } from "./context.mjs";
 import { AuthMiddleware } from "../api/index.mjs";
 import { Endpoint, EndpointContext, InputContext, Middleware } from "better-call";
@@ -17,14 +18,20 @@ type HookEndpointContext = Partial<EndpointContext<string, any> & Omit<InputCont
   };
   headers?: Headers | undefined;
 };
-type BetterAuthPlugin = {
+type BetterAuthPluginErrorCodePart = {
+  /**
+   * The error codes returned by the plugin
+   */
+  $ERROR_CODES?: Record<string, RawError>;
+};
+type BetterAuthPlugin = BetterAuthPluginErrorCodePart & {
   id: LiteralString;
   /**
    * The init function is called when the plugin is initialized.
    * You can return a new context or modify the existing context.
    */
   init?: ((ctx: AuthContext) => Awaitable<{
-    context?: DeepPartial<Omit<AuthContext, "options">>;
+    context?: DeepPartial<Omit<AuthContext, "options">> & Record<string, unknown>;
     options?: Partial<BetterAuthOptions>;
   }> | void | Promise<void>) | undefined;
   endpoints?: {
@@ -104,13 +111,6 @@ type BetterAuthPlugin = {
     max: number;
     pathMatcher: (path: string) => boolean;
   }[] | undefined;
-  /**
-   * The error codes returned by the plugin
-   */
-  $ERROR_CODES?: Record<string, {
-    code: string;
-    message: string;
-  }> | undefined;
   /**
    * All database operations that are performed by the plugin
    *
@@ -121,4 +121,5 @@ type BetterAuthPlugin = {
   };
 };
 //#endregion
-export { BetterAuthPlugin, HookEndpointContext };
+export { BetterAuthPlugin, BetterAuthPluginErrorCodePart, HookEndpointContext };
+//# sourceMappingURL=plugin.d.mts.map

package/dist/types/secret.d.mts

@@ -0,0 +1,12 @@
+//#region src/types/secret.d.ts
+interface SecretConfig {
+  /** Map of version number → secret value */
+  keys: Map<number, string>;
+  /** Version to use for new encryption (first entry in secrets array) */
+  currentVersion: number;
+  /** Legacy secret for bare-hex fallback (from BETTER_AUTH_SECRET) */
+  legacySecret?: string;
+}
+//#endregion
+export { SecretConfig };
+//# sourceMappingURL=secret.d.mts.map

package/dist/utils/db.d.mts

@@ -0,0 +1,12 @@
+import { DBFieldAttribute } from "../db/type.mjs";
+import "../db/index.mjs";
+
+//#region src/utils/db.d.ts
+/**
+ * Filters output data by removing fields with the `returned: false` attribute.
+ * This ensures sensitive fields are not exposed in API responses.
+ */
+declare function filterOutputFields<T extends Record<string, unknown> | null>(data: T, additionalFields: Record<string, DBFieldAttribute> | undefined): T;
+//#endregion
+export { filterOutputFields };
+//# sourceMappingURL=db.d.mts.map

package/dist/utils/db.mjs

@@ -0,0 +1,17 @@
+//#region src/utils/db.ts
+/**
+* Filters output data by removing fields with the `returned: false` attribute.
+* This ensures sensitive fields are not exposed in API responses.
+*/
+function filterOutputFields(data, additionalFields) {
+	if (!data || !additionalFields) return data;
+	const returnFiltered = Object.entries(additionalFields).filter(([, { returned }]) => returned === false).map(([key]) => key);
+	return Object.entries(structuredClone(data)).filter(([key]) => !returnFiltered.includes(key)).reduce((acc, [key, value]) => ({
+		...acc,
+		[key]: value
+	}), {});
+}
+
+//#endregion
+export { filterOutputFields };
+//# sourceMappingURL=db.mjs.map

package/dist/utils/db.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.mjs","names":[],"sources":["../../src/utils/db.ts"],"sourcesContent":["import type { DBFieldAttribute } from \"../db\";\n\n/**\n * Filters output data by removing fields with the `returned: false` attribute.\n * This ensures sensitive fields are not exposed in API responses.\n */\nexport function filterOutputFields<T extends Record<string, unknown> | null>(\n\tdata: T,\n\tadditionalFields: Record<string, DBFieldAttribute> | undefined,\n): T {\n\tif (!data || !additionalFields) {\n\t\treturn data;\n\t}\n\tconst returnFiltered = Object.entries(additionalFields)\n\t\t.filter(([, { returned }]) => returned === false)\n\t\t.map(([key]) => key);\n\treturn Object.entries(structuredClone(data))\n\t\t.filter(([key]) => !returnFiltered.includes(key))\n\t\t.reduce((acc, [key, value]) => ({ ...acc, [key]: value }), {} as T);\n}\n"],"mappings":";;;;;AAMA,SAAgB,mBACf,MACA,kBACI;AACJ,KAAI,CAAC,QAAQ,CAAC,iBACb,QAAO;CAER,MAAM,iBAAiB,OAAO,QAAQ,iBAAiB,CACrD,QAAQ,GAAG,EAAE,gBAAgB,aAAa,MAAM,CAChD,KAAK,CAAC,SAAS,IAAI;AACrB,QAAO,OAAO,QAAQ,gBAAgB,KAAK,CAAC,CAC1C,QAAQ,CAAC,SAAS,CAAC,eAAe,SAAS,IAAI,CAAC,CAChD,QAAQ,KAAK,CAAC,KAAK,YAAY;EAAE,GAAG;GAAM,MAAM;EAAO,GAAG,EAAE,CAAM"}

package/dist/utils/deprecate.d.mts

@@ -1,10 +1,10 @@
 import { InternalLogger } from "../env/logger.mjs";
 
 //#region src/utils/deprecate.d.ts
-
 /**
  * Wraps a function to log a deprecation warning at once.
  */
 declare function deprecate<T extends (...args: any[]) => any>(fn: T, message: string, logger?: InternalLogger): T;
 //#endregion
-export { deprecate };
+export { deprecate };
+//# sourceMappingURL=deprecate.d.mts.map