@better-auth/electron 1.5.0-beta.13 → 1.5.0-beta.16

package/dist/preload.mjs

@@ -0,0 +1,257 @@
+import electron, { contextBridge } from "electron";
+
+//#region ../core/dist/utils/error-codes.mjs
+function defineErrorCodes(codes) {
+	return Object.fromEntries(Object.entries(codes).map(([key, value]) => [key, {
+		code: key,
+		message: value,
+		toString: () => key
+	}]));
+}
+
+//#endregion
+//#region ../core/dist/error/codes.mjs
+const BASE_ERROR_CODES = defineErrorCodes({
+	USER_NOT_FOUND: "User not found",
+	FAILED_TO_CREATE_USER: "Failed to create user",
+	FAILED_TO_CREATE_SESSION: "Failed to create session",
+	FAILED_TO_UPDATE_USER: "Failed to update user",
+	FAILED_TO_GET_SESSION: "Failed to get session",
+	INVALID_PASSWORD: "Invalid password",
+	INVALID_EMAIL: "Invalid email",
+	INVALID_EMAIL_OR_PASSWORD: "Invalid email or password",
+	INVALID_USER: "Invalid user",
+	SOCIAL_ACCOUNT_ALREADY_LINKED: "Social account already linked",
+	PROVIDER_NOT_FOUND: "Provider not found",
+	INVALID_TOKEN: "Invalid token",
+	TOKEN_EXPIRED: "Token expired",
+	ID_TOKEN_NOT_SUPPORTED: "id_token not supported",
+	FAILED_TO_GET_USER_INFO: "Failed to get user info",
+	USER_EMAIL_NOT_FOUND: "User email not found",
+	EMAIL_NOT_VERIFIED: "Email not verified",
+	PASSWORD_TOO_SHORT: "Password too short",
+	PASSWORD_TOO_LONG: "Password too long",
+	USER_ALREADY_EXISTS: "User already exists.",
+	USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: "User already exists. Use another email.",
+	EMAIL_CAN_NOT_BE_UPDATED: "Email can not be updated",
+	CREDENTIAL_ACCOUNT_NOT_FOUND: "Credential account not found",
+	SESSION_EXPIRED: "Session expired. Re-authenticate to perform this action.",
+	FAILED_TO_UNLINK_LAST_ACCOUNT: "You can't unlink your last account",
+	ACCOUNT_NOT_FOUND: "Account not found",
+	USER_ALREADY_HAS_PASSWORD: "User already has a password. Provide that to delete the account.",
+	CROSS_SITE_NAVIGATION_LOGIN_BLOCKED: "Cross-site navigation login blocked. This request appears to be a CSRF attack.",
+	VERIFICATION_EMAIL_NOT_ENABLED: "Verification email isn't enabled",
+	EMAIL_ALREADY_VERIFIED: "Email is already verified",
+	EMAIL_MISMATCH: "Email mismatch",
+	SESSION_NOT_FRESH: "Session is not fresh",
+	LINKED_ACCOUNT_ALREADY_EXISTS: "Linked account already exists",
+	INVALID_ORIGIN: "Invalid origin",
+	INVALID_CALLBACK_URL: "Invalid callbackURL",
+	INVALID_REDIRECT_URL: "Invalid redirectURL",
+	INVALID_ERROR_CALLBACK_URL: "Invalid errorCallbackURL",
+	INVALID_NEW_USER_CALLBACK_URL: "Invalid newUserCallbackURL",
+	MISSING_OR_NULL_ORIGIN: "Missing or null Origin",
+	CALLBACK_URL_REQUIRED: "callbackURL is required",
+	FAILED_TO_CREATE_VERIFICATION: "Unable to create verification",
+	FIELD_NOT_ALLOWED: "Field not allowed to be set",
+	ASYNC_VALIDATION_NOT_SUPPORTED: "Async validation is not supported",
+	VALIDATION_ERROR: "Validation Error",
+	MISSING_FIELD: "Field is required",
+	METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED: "POST method requires deferSessionRefresh to be enabled in session config",
+	BODY_MUST_BE_AN_OBJECT: "Body must be an object",
+	PASSWORD_ALREADY_SET: "User already has a password set"
+});
+
+//#endregion
+//#region ../../node_modules/.pnpm/better-call@1.3.2_zod@4.3.6/node_modules/better-call/dist/error.mjs
+function isErrorStackTraceLimitWritable() {
+	const desc = Object.getOwnPropertyDescriptor(Error, "stackTraceLimit");
+	if (desc === void 0) return Object.isExtensible(Error);
+	return Object.prototype.hasOwnProperty.call(desc, "writable") ? desc.writable : desc.set !== void 0;
+}
+/**
+* Hide internal stack frames from the error stack trace.
+*/
+function hideInternalStackFrames(stack) {
+	const lines = stack.split("\n    at ");
+	if (lines.length <= 1) return stack;
+	lines.splice(1, 1);
+	return lines.join("\n    at ");
+}
+/**
+* Creates a custom error class that hides stack frames.
+*/
+function makeErrorForHideStackFrame(Base, clazz) {
+	class HideStackFramesError extends Base {
+		#hiddenStack;
+		constructor(...args) {
+			if (isErrorStackTraceLimitWritable()) {
+				const limit = Error.stackTraceLimit;
+				Error.stackTraceLimit = 0;
+				super(...args);
+				Error.stackTraceLimit = limit;
+			} else super(...args);
+			const stack = (/* @__PURE__ */ new Error()).stack;
+			if (stack) this.#hiddenStack = hideInternalStackFrames(stack.replace(/^Error/, this.name));
+		}
+		get errorStack() {
+			return this.#hiddenStack;
+		}
+	}
+	Object.defineProperty(HideStackFramesError.prototype, "constructor", {
+		get() {
+			return clazz;
+		},
+		enumerable: false,
+		configurable: true
+	});
+	return HideStackFramesError;
+}
+const statusCodes = {
+	OK: 200,
+	CREATED: 201,
+	ACCEPTED: 202,
+	NO_CONTENT: 204,
+	MULTIPLE_CHOICES: 300,
+	MOVED_PERMANENTLY: 301,
+	FOUND: 302,
+	SEE_OTHER: 303,
+	NOT_MODIFIED: 304,
+	TEMPORARY_REDIRECT: 307,
+	BAD_REQUEST: 400,
+	UNAUTHORIZED: 401,
+	PAYMENT_REQUIRED: 402,
+	FORBIDDEN: 403,
+	NOT_FOUND: 404,
+	METHOD_NOT_ALLOWED: 405,
+	NOT_ACCEPTABLE: 406,
+	PROXY_AUTHENTICATION_REQUIRED: 407,
+	REQUEST_TIMEOUT: 408,
+	CONFLICT: 409,
+	GONE: 410,
+	LENGTH_REQUIRED: 411,
+	PRECONDITION_FAILED: 412,
+	PAYLOAD_TOO_LARGE: 413,
+	URI_TOO_LONG: 414,
+	UNSUPPORTED_MEDIA_TYPE: 415,
+	RANGE_NOT_SATISFIABLE: 416,
+	EXPECTATION_FAILED: 417,
+	"I'M_A_TEAPOT": 418,
+	MISDIRECTED_REQUEST: 421,
+	UNPROCESSABLE_ENTITY: 422,
+	LOCKED: 423,
+	FAILED_DEPENDENCY: 424,
+	TOO_EARLY: 425,
+	UPGRADE_REQUIRED: 426,
+	PRECONDITION_REQUIRED: 428,
+	TOO_MANY_REQUESTS: 429,
+	REQUEST_HEADER_FIELDS_TOO_LARGE: 431,
+	UNAVAILABLE_FOR_LEGAL_REASONS: 451,
+	INTERNAL_SERVER_ERROR: 500,
+	NOT_IMPLEMENTED: 501,
+	BAD_GATEWAY: 502,
+	SERVICE_UNAVAILABLE: 503,
+	GATEWAY_TIMEOUT: 504,
+	HTTP_VERSION_NOT_SUPPORTED: 505,
+	VARIANT_ALSO_NEGOTIATES: 506,
+	INSUFFICIENT_STORAGE: 507,
+	LOOP_DETECTED: 508,
+	NOT_EXTENDED: 510,
+	NETWORK_AUTHENTICATION_REQUIRED: 511
+};
+var InternalAPIError = class extends Error {
+	constructor(status = "INTERNAL_SERVER_ERROR", body = void 0, headers = {}, statusCode = typeof status === "number" ? status : statusCodes[status]) {
+		super(body?.message, body?.cause ? { cause: body.cause } : void 0);
+		this.status = status;
+		this.body = body;
+		this.headers = headers;
+		this.statusCode = statusCode;
+		this.name = "APIError";
+		this.status = status;
+		this.headers = headers;
+		this.statusCode = statusCode;
+		this.body = body;
+	}
+};
+const kAPIErrorHeaderSymbol = Symbol.for("better-call:api-error-headers");
+const APIError = makeErrorForHideStackFrame(InternalAPIError, Error);
+
+//#endregion
+//#region ../core/dist/error/index.mjs
+var BetterAuthError = class extends Error {
+	constructor(message, options) {
+		super(message, options);
+		this.name = "BetterAuthError";
+		this.message = message;
+		this.stack = "";
+	}
+};
+
+//#endregion
+//#region src/utils.ts
+function isProcessType(type) {
+	return typeof process !== "undefined" && process.type === type;
+}
+function getChannelPrefixWithDelimiter(ns = "better-auth") {
+	return ns.length > 0 ? ns + ":" : ns;
+}
+
+//#endregion
+//#region src/preload.ts
+const { ipcRenderer } = electron;
+function listenerFactory(channel, listener) {
+	ipcRenderer.on(channel, listener);
+	return () => {
+		ipcRenderer.off(channel, listener);
+	};
+}
+/**
+* Exposes IPC bridges to the renderer process.
+*/
+function exposeBridges(opts) {
+	if (!process.contextIsolated) throw new BetterAuthError("Context isolation must be enabled to use IPC bridges securely.");
+	const prefix = getChannelPrefixWithDelimiter(opts.channelPrefix);
+	const bridges = {
+		getUser: async () => {
+			return await ipcRenderer.invoke(`${prefix}getUser`);
+		},
+		requestAuth: async (options) => {
+			await ipcRenderer.invoke(`${prefix}requestAuth`, options);
+		},
+		signOut: async () => {
+			await ipcRenderer.invoke(`${prefix}signOut`);
+		},
+		authenticate: async (data) => {
+			await ipcRenderer.invoke(`${prefix}authenticate`, data);
+		},
+		onAuthenticated: (callback) => {
+			return listenerFactory(`${prefix}authenticated`, async (_evt, user) => {
+				await callback(user);
+			});
+		},
+		onUserUpdated: (callback) => {
+			return listenerFactory(`${prefix}user-updated`, async (_evt, user) => {
+				await callback(user);
+			});
+		},
+		onAuthError: (callback) => {
+			return listenerFactory(`${prefix}error`, async (_evt, context) => {
+				await callback(context);
+			});
+		}
+	};
+	for (const [key, value] of Object.entries(bridges)) contextBridge.exposeInMainWorld(key, value);
+	return {};
+}
+/**
+* Sets up the renderer process.
+*
+* - Exposes IPC bridges to the renderer process.
+*/
+function setupRenderer(options = {}) {
+	if (!isProcessType("renderer")) throw new BetterAuthError("setupRenderer can only be called in the renderer process.");
+	exposeBridges(options);
+}
+
+//#endregion
+export { setupRenderer };

package/dist/proxy.d.mts

@@ -1,9 +1,16 @@
-import { r as ElectronProxyClientOptions } from "./authenticate-CWAVJ4W8.mjs";
+import { c as ElectronProxyClientOptions } from "./browser-CCZQ2aoV.mjs";
+import { electron } from "./index.mjs";
 
 //#region src/proxy.d.ts
 declare const electronProxyClient: (options: ElectronProxyClientOptions) => {
   id: "electron-proxy";
   getActions: () => {
+    electron: {
+      /**
+       * Gets the current authorization code from the cookie.
+       */
+      getAuthorizationCode: () => string | null;
+    };
     /**
      * Ensures redirecting to the Electron app.
      *
@@ -22,6 +29,10 @@ declare const electronProxyClient: (options: ElectronProxyClientOptions) => {
       interval?: number | undefined;
     } | undefined) => NodeJS.Timeout;
   };
+  pathMethods: {
+    "/electron/transfer-user": "POST";
+  };
+  $InferServerPlugin: ReturnType<typeof electron>;
 };
 //#endregion
 export { electronProxyClient };

package/dist/proxy.mjs

@@ -1,4 +1,4 @@
-import { n as parseProtocolScheme } from "./utils-C3fLmbAT.mjs";
+import { r as parseProtocolScheme } from "./utils-DecLU66o.mjs";
 import { parseCookies } from "better-auth/cookies";
 
 //#region src/proxy.ts
@@ -14,24 +14,32 @@ const electronProxyClient = (options) => {
 	return {
 		id: "electron-proxy",
 		getActions: () => {
-			return { ensureElectronRedirect: (cfg) => {
-				const timeout = cfg?.timeout || 1e4;
-				const interval = cfg?.interval || 100;
-				const handleRedirect = () => {
-					if (typeof document === "undefined") return false;
-					const authorizationCode = parseCookies(document.cookie).get(redirectCookieName);
-					if (!authorizationCode) return false;
-					document.cookie = `${redirectCookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;
-					window.location.replace(`${scheme}:/${opts.callbackPath}#token=${authorizationCode}`);
-					return true;
-				};
-				const start = Date.now();
-				const id = setInterval(() => {
-					if (handleRedirect() || Date.now() - start > timeout) clearInterval(id);
-				}, interval);
-				return id;
-			} };
-		}
+			const getAuthorizationCode = () => {
+				if (typeof document === "undefined") return null;
+				return parseCookies(document.cookie).get(redirectCookieName) ?? null;
+			};
+			return {
+				electron: { getAuthorizationCode },
+				ensureElectronRedirect: (cfg) => {
+					const timeout = cfg?.timeout || 1e4;
+					const interval = cfg?.interval || 100;
+					const handleRedirect = () => {
+						const authorizationCode = getAuthorizationCode();
+						if (!authorizationCode) return false;
+						document.cookie = `${redirectCookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;
+						window.location.replace(`${scheme}:/${opts.callbackPath}#token=${authorizationCode}`);
+						return true;
+					};
+					const start = Date.now();
+					const id = setInterval(() => {
+						if (handleRedirect() || Date.now() - start > timeout) clearInterval(id);
+					}, interval);
+					return id;
+				}
+			};
+		},
+		pathMethods: { "/electron/transfer-user": "POST" },
+		$InferServerPlugin: {}
 	};
 };
 

package/dist/storage.d.mts

@@ -1,5 +1,5 @@
-import { i as Storage } from "./authenticate-CWAVJ4W8.mjs";
-import "./client-BBp9yCmE.mjs";
+import { u as Storage } from "./browser-CCZQ2aoV.mjs";
+import "./client.mjs";
 import { Options } from "conf";
 
 //#region src/storage.d.ts

package/dist/{utils-C3fLmbAT.mjs → utils-DecLU66o.mjs}

@@ -12,6 +12,9 @@ function parseProtocolScheme(protocolOption) {
 		privileges: protocolOption.privileges || {}
 	};
 }
+function getChannelPrefixWithDelimiter(ns = "better-auth") {
+	return ns.length > 0 ? ns + ":" : ns;
+}
 
 //#endregion
-export { parseProtocolScheme as n, isProcessType as t };
+export { isProcessType as n, parseProtocolScheme as r, getChannelPrefixWithDelimiter as t };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/electron",
-  "version": "1.5.0-beta.13",
+  "version": "1.5.0-beta.16",
   "type": "module",
   "description": "Better Auth integration for Electron applications.",
   "main": "dist/index.mjs",
@@ -38,6 +38,11 @@
       "types": "./dist/proxy.d.mts",
       "default": "./dist/proxy.mjs"
     },
+    "./preload": {
+      "dev-source": "./src/preload.ts",
+      "types": "./dist/preload.d.mts",
+      "default": "./dist/preload.mjs"
+    },
     "./storage": {
       "dev-source": "./src/storage.ts",
       "types": "./dist/storage.d.mts",
@@ -55,6 +60,9 @@
       "proxy": [
         "./dist/proxy.d.mts"
       ],
+      "preload": [
+        "./dist/preload.d.mts"
+      ],
       "storage": [
         "./dist/storage.d.mts"
       ]
@@ -71,20 +79,22 @@
   "peerDependencies": {
     "@better-auth/utils": "0.3.1",
     "@better-fetch/fetch": "1.1.21",
-    "better-call": "1.2.1",
+    "better-call": "1.3.2",
+    "electron": ">=36.0.0",
     "conf": "^15.0.2",
-    "@better-auth/core": "1.5.0-beta.13",
-    "better-auth": "1.5.0-beta.13"
+    "@better-auth/core": "1.5.0-beta.16",
+    "better-auth": "1.5.0-beta.16"
   },
   "dependencies": {
     "zod": "^4.3.5"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.13",
+    "electron": "^38.8.0",
     "better-sqlite3": "^12.6.2",
-    "tsdown": "^0.20.1",
-    "@better-auth/core": "1.5.0-beta.13",
-    "better-auth": "1.5.0-beta.13"
+    "tsdown": "^0.20.3",
+    "@better-auth/core": "1.5.0-beta.16",
+    "better-auth": "1.5.0-beta.16"
   },
   "engines": {
     "node": ">=22.0.0"

package/dist/authenticate-CWAVJ4W8.d.mts

@@ -1,129 +0,0 @@
-import * as z from "zod";
-import { BetterFetch } from "@better-fetch/fetch";
-
-//#region src/types/client.d.ts
-interface Storage {
-  getItem: (name: string) => unknown | null;
-  setItem: (name: string, value: unknown) => void;
-}
-interface ElectronClientOptions {
-  /**
-   * The URL to redirect to for authentication.
-   *
-   * @example "http://localhost:3000/sign-in"
-   */
-  signInURL: string | URL;
-  /**
-   * The protocol scheme to use for deep linking in Electron.
-   *
-   * Should follow the reverse domain name notation to ensure uniqueness.
-   *
-   * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-7.1}
-   * @example "com.example.app"
-   */
-  protocol: string | {
-    scheme: string;
-    privileges?: Electron.Privileges | undefined;
-  };
-  /**
-   * The callback path to use for authentication redirects.
-   *
-   * @default "/auth/callback"
-   */
-  callbackPath?: string;
-  /**
-   * An instance of a storage solution (e.g., `electron-store`)
-   * to store session and cookie data.
-   *
-   * @example
-   * ```ts
-   * electronClient({
-   *   storage: window.localStorage,
-   * });
-   * ```
-   */
-  storage: Storage;
-  /**
-   * Prefix for local storage keys (e.g., "my-app_cookie", "my-app_session_data")
-   * @default "better-auth"
-   */
-  storagePrefix?: string | undefined;
-  /**
-   * Prefix(es) for server cookie names to filter (e.g., "better-auth.session_token")
-   * This is used to identify which cookies belong to better-auth to prevent
-   * infinite refetching when third-party cookies are set.
-   *
-   * Can be a single string or an array of strings to match multiple prefixes.
-   *
-   * @default "better-auth"
-   * @example "better-auth"
-   * @example ["better-auth", "my-app"]
-   */
-  cookiePrefix?: string | string[] | undefined;
-  /**
-   * Channel prefix for IPC bridges (e.g., "better-auth:request-auth")
-   *
-   * @default "better-auth"
-   */
-  channelPrefix?: string | undefined;
-  /**
-   * Client ID to use for identifying the Electron client during authorization.
-   *
-   * @default "electron"
-   */
-  clientID?: string | undefined;
-  /**
-   * Whether to disable caching the session data locally.
-   *
-   * @default false
-   */
-  disableCache?: boolean | undefined;
-}
-interface ElectronProxyClientOptions {
-  /**
-   * The protocol scheme to use for deep linking in Electron.
-   *
-   * Should follow the reverse domain name notation to ensure uniqueness.
-   *
-   * Note that this must match the protocol scheme registered in the server plugin.
-   *
-   * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-7.1}
-   * @example "com.example.app"
-   */
-  protocol: string | {
-    scheme: string;
-  };
-  /**
-   * The callback path to use for authentication redirects.
-   *
-   * @default "/auth/callback"
-   */
-  callbackPath?: string;
-  /**
-   * Client ID to use for identifying the Electron client during authorization.
-   *
-   * @default "electron"
-   */
-  clientID?: string | undefined;
-  /**
-   * The prefix to use for cookies set by the plugin.
-   *
-   * @default "better-auth"
-   */
-  cookiePrefix?: string | undefined;
-}
-//#endregion
-//#region src/authenticate.d.ts
-declare const requestAuthOptionsSchema: z.ZodObject<{
-  provider: z.ZodOptional<z.ZodString>;
-  callbackURL: z.ZodOptional<z.ZodString>;
-  newUserCallbackURL: z.ZodOptional<z.ZodString>;
-  errorCallbackURL: z.ZodOptional<z.ZodString>;
-  disableRedirect: z.ZodOptional<z.ZodBoolean>;
-  scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
-  requestSignUp: z.ZodOptional<z.ZodBoolean>;
-  additionalData: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
-}, z.core.$strip>;
-type ElectronRequestAuthOptions = z.infer<typeof requestAuthOptionsSchema>;
-//#endregion
-export { Storage as i, ElectronClientOptions as n, ElectronProxyClientOptions as r, ElectronRequestAuthOptions as t };