@better-auth/electron 1.5.0-beta.13 → 1.5.0-beta.15

package/dist/index.d.mts

@@ -1,43 +1,10 @@
+import { n as ElectronSharedOptions, t as ElectronOptions } from "./options-DTTv7_dq.mjs";
 import * as better_auth0 from "better-auth";
 import * as z from "zod";
+import * as _better_auth_core0 from "@better-auth/core";
 import { HookEndpointContext } from "@better-auth/core";
 import * as better_call0 from "better-call";
 
-//#region src/types/options.d.ts
-interface ElectronOptions {
-  /**
-   * The duration (in seconds) for which the authorization code remains valid.
-   *
-   * @default 300 (5 minutes)
-   */
-  codeExpiresIn?: number | undefined;
-  /**
-   * The duration (in seconds) for which the redirect cookie remains valid.
-   *
-   * @default 120 (2 minutes)
-   */
-  redirectCookieExpiresIn?: number | undefined;
-  /**
-   * The prefix to use for cookies set by the plugin.
-   *
-   * @default "better-auth"
-   */
-  cookiePrefix?: string | undefined;
-  /**
-   * Client ID to use for identifying the Electron client during authorization.
-   *
-   * @default "electron"
-   */
-  clientID?: string | undefined;
-  /**
-   * Override the origin for Electron API routes.
-   * Enable this if you're facing cors origin issues with Electron API routes.
-   *
-   * @default false
-   */
-  disableOriginOverride?: boolean | undefined;
-}
-//#endregion
 //#region src/index.d.ts
 declare module "@better-auth/core" {
   interface BetterAuthPluginRegistry<AuthOptions, Options> {
@@ -170,7 +137,7 @@ declare const electron: (options?: ElectronOptions | undefined) => {
             minPasswordLength: number;
             maxPasswordLength: number;
           };
-          checkPassword: (userId: string, ctx: better_auth0.GenericEndpointContext<better_auth0.BetterAuthOptions>) => Promise<boolean>;
+          checkPassword: (userId: string, ctx: _better_auth_core0.GenericEndpointContext<better_auth0.BetterAuthOptions>) => Promise<boolean>;
         };
         tables: better_auth0.BetterAuthDBSchema;
         runMigrations: () => Promise<void>;
@@ -196,6 +163,32 @@ declare const electron: (options?: ElectronOptions | undefined) => {
       }, z.core.$strip>;
       metadata: {
         scope: "http";
+        openapi: {
+          description: string;
+          operationId: string;
+          responses: {
+            200: {
+              description: string;
+              content: {
+                "application/json": {
+                  schema: {
+                    type: "object";
+                    properties: {
+                      token: {
+                        type: string;
+                      };
+                      user: {
+                        type: string;
+                        $ref: string;
+                      };
+                    };
+                    required: string[];
+                  };
+                };
+              };
+            };
+          };
+        };
       };
     }, {
       token: string;
@@ -211,6 +204,39 @@ declare const electron: (options?: ElectronOptions | undefined) => {
       }, z.core.$strip>;
       metadata: {
         scope: "http";
+        openapi: {
+          description: string;
+          operationId: string;
+          responses: {
+            200: {
+              description: string;
+              content: {
+                "application/json": {
+                  schema: {
+                    type: "object";
+                    properties: {
+                      url: {
+                        type: string;
+                        nullable: boolean;
+                      };
+                      redirect: {
+                        type: string;
+                      };
+                      user: {
+                        type: string;
+                        $ref: string;
+                      };
+                      token: {
+                        type: string;
+                      };
+                    };
+                    required: string[];
+                  };
+                };
+              };
+            };
+          };
+        };
       };
     }, {
       url: string | undefined;
@@ -218,16 +244,84 @@ declare const electron: (options?: ElectronOptions | undefined) => {
       user?: better_auth0.User & Record<string, any>;
       token?: string;
     } | undefined>;
+    electronTransferUser: better_call0.StrictEndpoint<"/electron/transfer-user", {
+      method: "POST";
+      query: z.ZodObject<{
+        client_id: z.ZodString;
+        state: z.ZodString;
+        code_challenge: z.ZodString;
+        code_challenge_method: z.ZodOptional<z.ZodString>;
+      }, z.core.$strip>;
+      body: z.ZodObject<{
+        callbackURL: z.ZodOptional<z.ZodString>;
+      }, z.core.$strip>;
+      use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+        session: {
+          session: Record<string, any> & {
+            id: string;
+            createdAt: Date;
+            updatedAt: Date;
+            userId: string;
+            expiresAt: Date;
+            token: string;
+            ipAddress?: string | null | undefined;
+            userAgent?: string | null | undefined;
+          };
+          user: Record<string, any> & {
+            id: string;
+            createdAt: Date;
+            updatedAt: Date;
+            email: string;
+            emailVerified: boolean;
+            name: string;
+            image?: string | null | undefined;
+          };
+        };
+      }>)[];
+      requireHeaders: true;
+      metadata: {
+        openapi: {
+          description: string;
+          operationId: string;
+          responses: {
+            200: {
+              description: string;
+              content: {
+                "application/json": {
+                  schema: {
+                    type: "object";
+                    properties: {
+                      url: {
+                        type: string;
+                        nullable: boolean;
+                      };
+                      redirect: {
+                        type: string;
+                      };
+                    };
+                    required: string[];
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    }, {
+      url: string | null;
+      redirect: boolean;
+    }>;
   };
   options: {
     codeExpiresIn: number;
     redirectCookieExpiresIn: number;
     cookiePrefix: string;
-    clientID: string;
     disableOriginOverride?: boolean | undefined;
+    clientID: string;
   };
   $ERROR_CODES: {
     INVALID_TOKEN: better_auth0.RawError<"INVALID_TOKEN">;
+    INVALID_CLIENT_ID: better_auth0.RawError<"INVALID_CLIENT_ID">;
     STATE_MISMATCH: better_auth0.RawError<"STATE_MISMATCH">;
     MISSING_CODE_CHALLENGE: better_auth0.RawError<"MISSING_CODE_CHALLENGE">;
     INVALID_CODE_VERIFIER: better_auth0.RawError<"INVALID_CODE_VERIFIER">;
@@ -236,4 +330,4 @@ declare const electron: (options?: ElectronOptions | undefined) => {
   };
 };
 //#endregion
-export { ElectronOptions, electron };
+export { ElectronOptions, ElectronSharedOptions, electron };

package/dist/index.mjs

@@ -10,12 +10,13 @@ import { safeJSONParse as safeJSONParse$1 } from "@better-auth/core/utils/json";
 import { base64Url } from "@better-auth/utils/base64";
 import { createHash } from "@better-auth/utils/hash";
 import { betterFetch } from "@better-fetch/fetch";
-import { createAuthEndpoint } from "better-auth/api";
+import { createAuthEndpoint, sessionMiddleware } from "better-auth/api";
 import { setSessionCookie } from "better-auth/cookies";
 import { parseUserOutput } from "better-auth/db";
 
 //#region src/error-codes.ts
 const ELECTRON_ERROR_CODES = defineErrorCodes({
+	INVALID_CLIENT_ID: "Invalid client ID",
 	INVALID_TOKEN: "Invalid or expired token.",
 	STATE_MISMATCH: "state mismatch",
 	MISSING_CODE_CHALLENGE: "missing code challenge",
@@ -31,10 +32,30 @@ const electronTokenBodySchema = z.object({
 	state: z.string().nonempty(),
 	code_verifier: z.string().nonempty()
 });
-const electronToken = (opts) => createAuthEndpoint("/electron/token", {
+const electronToken = (_opts) => createAuthEndpoint("/electron/token", {
 	method: "POST",
 	body: electronTokenBodySchema,
-	metadata: { scope: "http" }
+	metadata: {
+		scope: "http",
+		openapi: {
+			description: "Exchange the electron token for a session",
+			operationId: "electronToken",
+			responses: { 200: {
+				description: "Returns the session token and user",
+				content: { "application/json": { schema: {
+					type: "object",
+					properties: {
+						token: { type: "string" },
+						user: {
+							type: "object",
+							$ref: "#/components/schemas/User"
+						}
+					},
+					required: ["token", "user"]
+				} } }
+			} }
+		}
+	}
 }, async (ctx) => {
 	const token = await ctx.context.internalAdapter.findVerificationValue(`electron:${ctx.body.token}`);
 	if (!token || token.expiresAt < /* @__PURE__ */ new Date()) throw APIError.from("NOT_FOUND", ELECTRON_ERROR_CODES.INVALID_TOKEN);
@@ -70,7 +91,32 @@ const electronInitOAuthProxyQuerySchema = z.object({
 const electronInitOAuthProxy = (opts) => createAuthEndpoint("/electron/init-oauth-proxy", {
 	method: "GET",
 	query: electronInitOAuthProxyQuerySchema,
-	metadata: { scope: "http" }
+	metadata: {
+		scope: "http",
+		openapi: {
+			description: "Initialize the OAuth proxy for the electron app",
+			operationId: "electronInitOAuthProxy",
+			responses: { 200: {
+				description: "Returns the URL to redirect to and if the redirect should be performed",
+				content: { "application/json": { schema: {
+					type: "object",
+					properties: {
+						url: {
+							type: "string",
+							nullable: true
+						},
+						redirect: { type: "boolean" },
+						user: {
+							type: "object",
+							$ref: "#/components/schemas/User"
+						},
+						token: { type: "string" }
+					},
+					required: ["url", "redirect"]
+				} } }
+			} }
+		}
+	}
 }, async (ctx) => {
 	const isSocialProvider = SocialProviderListEnum.safeParse(ctx.query.provider);
 	if (!isSocialProvider && !ctx.context.getPlugin("generic-oauth")) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);
@@ -103,6 +149,44 @@ const electronInitOAuthProxy = (opts) => createAuthEndpoint("/electron/init-oaut
 	}
 	return ctx.json(res.data);
 });
+const electronTransferUserQuerySchema = z.object({
+	client_id: z.string(),
+	state: z.string(),
+	code_challenge: z.string(),
+	code_challenge_method: z.string().optional()
+});
+const electronTransferUserBodySchema = z.object({ callbackURL: z.string().optional() });
+const electronTransferUser = (_opts, { handleTransfer }) => createAuthEndpoint("/electron/transfer-user", {
+	method: "POST",
+	query: electronTransferUserQuerySchema,
+	body: electronTransferUserBodySchema,
+	use: [sessionMiddleware],
+	requireHeaders: true,
+	metadata: { openapi: {
+		description: "Transfer the user to the electron app",
+		operationId: "electronTransferUser",
+		responses: { 200: {
+			description: "Returns the URL to redirect to and if the redirect should be performed",
+			content: { "application/json": { schema: {
+				type: "object",
+				properties: {
+					url: {
+						type: "string",
+						nullable: true
+					},
+					redirect: { type: "boolean" }
+				},
+				required: ["url", "redirect"]
+			} } }
+		} }
+	} }
+}, async (ctx) => {
+	if (!await handleTransfer(ctx, ctx.query)) throw APIError.from("BAD_REQUEST", ELECTRON_ERROR_CODES.INVALID_CLIENT_ID);
+	return ctx.json({
+		url: ctx.body.callbackURL ? ctx.body.callbackURL : null,
+		redirect: ctx.body.callbackURL ? true : false
+	});
+});
 
 //#endregion
 //#region src/index.ts
@@ -117,6 +201,33 @@ const electron = (options) => {
 	const hookMatcher = (ctx) => {
 		return !!(ctx.path?.startsWith("/sign-in") || ctx.path?.startsWith("/sign-up") || ctx.path?.startsWith("/callback") || ctx.path?.startsWith("/oauth2/callback") || ctx.path?.startsWith("/magic-link/verify") || ctx.path?.startsWith("/email-otp/verify-email") || ctx.path?.startsWith("/verify-email") || ctx.path?.startsWith("/one-tap/callback") || ctx.path?.startsWith("/passkey/verify-authentication") || ctx.path?.startsWith("/phone-number/verify"));
 	};
+	const handleTransfer = async (ctx, payload) => {
+		const { client_id, state, code_challenge, code_challenge_method = "plain" } = payload;
+		const userId = ctx.context.session?.user.id || ctx.context.newSession?.user.id;
+		if (!userId || client_id !== opts.clientID) return false;
+		if (!state) throw APIError.from("BAD_REQUEST", ELECTRON_ERROR_CODES.MISSING_STATE);
+		if (!code_challenge) throw APIError.from("BAD_REQUEST", ELECTRON_ERROR_CODES.MISSING_PKCE);
+		const redirectCookieName = `${opts.cookiePrefix}.${opts.clientID}`;
+		const identifier = generateRandomString(32, "a-z", "A-Z", "0-9");
+		const codeExpiresInMs = opts.codeExpiresIn * 1e3;
+		const expiresAt = new Date(Date.now() + codeExpiresInMs);
+		await ctx.context.internalAdapter.createVerificationValue({
+			identifier: `electron:${identifier}`,
+			value: JSON.stringify({
+				userId,
+				codeChallenge: code_challenge,
+				codeChallengeMethod: code_challenge_method.toLowerCase(),
+				state
+			}),
+			expiresAt
+		});
+		ctx.setCookie(redirectCookieName, identifier, {
+			...ctx.context.authCookies.sessionToken.attributes,
+			maxAge: opts.redirectCookieExpiresIn,
+			httpOnly: false
+		});
+		return true;
+	};
 	return {
 		id: "electron",
 		async onRequest(request, _ctx) {
@@ -162,35 +273,14 @@ const electron = (options) => {
 					if (query.success) transferPayload = query.data;
 				}
 				if (!transferPayload) return;
-				const { client_id, code_challenge, code_challenge_method, state } = transferPayload;
-				if (client_id !== opts.clientID) return;
-				if (!state) throw APIError.from("BAD_REQUEST", ELECTRON_ERROR_CODES.MISSING_STATE);
-				if (!code_challenge) throw APIError.from("BAD_REQUEST", ELECTRON_ERROR_CODES.MISSING_PKCE);
-				const redirectCookieName = `${opts.cookiePrefix}.${opts.clientID}`;
-				const identifier = generateRandomString(32, "a-z", "A-Z", "0-9");
-				const codeExpiresInMs = opts.codeExpiresIn * 1e3;
-				const expiresAt = new Date(Date.now() + codeExpiresInMs);
-				await ctx.context.internalAdapter.createVerificationValue({
-					identifier: `electron:${identifier}`,
-					value: JSON.stringify({
-						userId: ctx.context.newSession.user.id,
-						codeChallenge: code_challenge,
-						codeChallengeMethod: code_challenge_method.toLowerCase(),
-						state
-					}),
-					expiresAt
-				});
-				ctx.setCookie(redirectCookieName, identifier, {
-					...ctx.context.authCookies.sessionToken.attributes,
-					maxAge: opts.redirectCookieExpiresIn,
-					httpOnly: false
-				});
+				await handleTransfer(ctx, transferPayload);
 				return ctx;
 			})
 		}] },
 		endpoints: {
 			electronToken: electronToken(opts),
-			electronInitOAuthProxy: electronInitOAuthProxy(opts)
+			electronInitOAuthProxy: electronInitOAuthProxy(opts),
+			electronTransferUser: electronTransferUser(opts, { handleTransfer })
 		},
 		options: opts,
 		$ERROR_CODES: ELECTRON_ERROR_CODES

package/dist/options-DTTv7_dq.d.mts

@@ -0,0 +1,38 @@
+//#region src/types/options.d.ts
+interface ElectronSharedOptions {
+  /**
+   * Client ID to use for identifying the Electron client during authorization.
+   *
+   * @default "electron"
+   */
+  clientID?: string | undefined;
+}
+interface ElectronOptions extends ElectronSharedOptions {
+  /**
+   * The duration (in seconds) for which the authorization code remains valid.
+   *
+   * @default 300 (5 minutes)
+   */
+  codeExpiresIn?: number | undefined;
+  /**
+   * The duration (in seconds) for which the redirect cookie remains valid.
+   *
+   * @default 120 (2 minutes)
+   */
+  redirectCookieExpiresIn?: number | undefined;
+  /**
+   * The prefix to use for cookies set by the plugin.
+   *
+   * @default "better-auth"
+   */
+  cookiePrefix?: string | undefined;
+  /**
+   * Override the origin for Electron API routes.
+   * Enable this if you're facing cors origin issues with Electron API routes.
+   *
+   * @default false
+   */
+  disableOriginOverride?: boolean | undefined;
+}
+//#endregion
+export { ElectronSharedOptions as n, ElectronOptions as t };