@better-auth/expo 0.6.3-beta.4

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@better-auth/expo",
+  "version": "0.6.3-beta.4",
+  "description": "",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    },
+    "./client": {
+      "types": "./dist/client.d.ts",
+      "import": "./dist/client.mjs",
+      "require": "./dist/client.js"
+    }
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "better-sqlite3": "^11.5.0",
+    "expo-constants": "~16.0.2",
+    "expo-linking": "~6.3.1",
+    "expo-secure-store": "~13.0.2",
+    "expo-web-browser": "~13.0.3",
+    "vitest": "^1.6.0",
+    "better-auth": "0.6.3-beta.4"
+  },
+  "dependencies": {
+    "nanostores": "^0.11.2"
+  },
+  "peerDependencies": {
+    "better-auth": "0.6.3-beta.4"
+  },
+  "scripts": {
+    "test": "vitest",
+    "build": "tsup --dts --minify --clean",
+    "dev": "tsup --watch --sourcemap --dts"
+  }
+}

package/src/client.ts

@@ -0,0 +1,198 @@
+import type { BetterAuthClientPlugin, Store } from "better-auth";
+import * as Browser from "expo-web-browser";
+import * as Linking from "expo-linking";
+import { Platform } from "react-native";
+import * as SecureStore from "expo-secure-store";
+import Constants from "expo-constants";
+
+interface CookieAttributes {
+	value: string;
+	expires?: Date;
+	"max-age"?: number;
+	domain?: string;
+	path?: string;
+	secure?: boolean;
+	httpOnly?: boolean;
+	sameSite?: "Strict" | "Lax" | "None";
+}
+
+function parseSetCookieHeader(header: string): Map<string, CookieAttributes> {
+	const cookieMap = new Map<string, CookieAttributes>();
+	const cookies = header.split(", ");
+	cookies.forEach((cookie) => {
+		const [nameValue, ...attributes] = cookie.split("; ");
+		const [name, value] = nameValue.split("=");
+
+		const cookieObj: CookieAttributes = { value };
+
+		attributes.forEach((attr) => {
+			const [attrName, attrValue] = attr.split("=");
+			cookieObj[attrName.toLowerCase() as "value"] = attrValue;
+		});
+
+		cookieMap.set(name, cookieObj);
+	});
+
+	return cookieMap;
+}
+
+interface ExpoClientOptions {
+	scheme?: string;
+	storage?: {
+		setItem: (key: string, value: string) => any;
+		getItem: (key: string) => string | null;
+	};
+	storagePrefix?: string;
+	disableCache?: boolean;
+}
+
+interface StoredCookie {
+	value: string;
+	expires: Date | null;
+}
+
+function getSetCookie(header: string) {
+	const parsed = parseSetCookieHeader(header);
+	const toSetCookie: Record<string, StoredCookie> = {};
+	parsed.forEach((cookie, key) => {
+		const expiresAt = cookie["expires"];
+		const maxAge = cookie["max-age"];
+		const expires = expiresAt
+			? new Date(String(expiresAt))
+			: maxAge
+				? new Date(Date.now() + Number(maxAge))
+				: null;
+		toSetCookie[key] = {
+			value: cookie["value"],
+			expires,
+		};
+	});
+	return JSON.stringify(toSetCookie);
+}
+
+function getCookie(cookie: string) {
+	let parsed = {} as Record<string, StoredCookie>;
+	try {
+		parsed = JSON.parse(cookie) as Record<string, StoredCookie>;
+	} catch (e) {}
+	const toSend = Object.entries(parsed).reduce((acc, [key, value]) => {
+		if (value.expires && value.expires < new Date()) {
+			return acc;
+		}
+		return `${acc}; ${key}=${value.value}`;
+	}, "");
+	return toSend;
+}
+
+function getOrigin(scheme: string) {
+	const schemeURI = Linking.createURL("", { scheme });
+	return schemeURI;
+}
+
+export const expoClient = (opts: ExpoClientOptions) => {
+	let store: Store | null = null;
+	const cookieName = `${opts.storagePrefix || "better-auth"}_cookie`;
+	const localCacheName = `${opts.storagePrefix || "better-auth"}_session_data`;
+	const storage = opts.storage || SecureStore;
+	const scheme = opts.scheme || Constants.platform?.scheme;
+	const isWeb = Platform.OS === "web";
+	if (!scheme && !isWeb) {
+		throw new Error(
+			"Scheme not found in app.json. Please provide a scheme in the options.",
+		);
+	}
+	return {
+		id: "expo",
+		getActions(_, $store) {
+			if (Platform.OS === "web") return {};
+			store = $store;
+			const localSession = storage.getItem(cookieName);
+			localSession &&
+				$store.atoms.session.set({
+					data: JSON.parse(localSession),
+					error: null,
+					isPending: false,
+				});
+			return {};
+		},
+		fetchPlugins: [
+			{
+				id: "expo",
+				name: "Expo",
+				hooks: {
+					async onSuccess(context) {
+						if (isWeb) return;
+						const setCookie = context.response.headers.get("set-cookie");
+						if (setCookie) {
+							const toSetCookie = getSetCookie(setCookie || "");
+							await storage.setItem(cookieName, toSetCookie);
+							store?.notify("$sessionSignal");
+						}
+
+						if (
+							context.request.url.toString().includes("/get-session") &&
+							!opts.disableCache
+						) {
+							const data = context.data;
+							storage.setItem(localCacheName, JSON.stringify(data));
+						}
+
+						if (
+							context.data.redirect &&
+							context.request.url.toString().includes("/sign-in")
+						) {
+							const callbackURL = JSON.parse(context.request.body)?.callbackURL;
+							const to = callbackURL;
+							const signInURL = context.data?.url;
+							const result = await Browser.openAuthSessionAsync(signInURL, to);
+							if (result.type !== "success") return;
+							const url = new URL(result.url);
+							const cookie = String(url.searchParams.get("cookie"));
+							if (!cookie) return;
+							storage.setItem(cookieName, getSetCookie(cookie));
+							store?.notify("$sessionSignal");
+						}
+					},
+				},
+				async init(url, options) {
+					if (isWeb) {
+						return {
+							url,
+							options,
+						};
+					}
+					options = options || {};
+					const storedCookie = storage.getItem(cookieName);
+					const cookie = getCookie(storedCookie || "{}");
+					options.credentials = "omit";
+					options.headers = {
+						...options.headers,
+						cookie,
+						origin: getOrigin(scheme!),
+					};
+					if (options.body?.callbackURL) {
+						if (options.body.callbackURL.startsWith("/")) {
+							const url = Linking.createURL(options.body.callbackURL, {
+								scheme,
+							});
+							options.body.callbackURL = url;
+						}
+					}
+					if (url.includes("/sign-out")) {
+						await storage.setItem(cookieName, "{}");
+						store?.atoms.session?.set({
+							data: null,
+							error: null,
+							isPending: false,
+						});
+						storage.setItem(localCacheName, "{}");
+					}
+					return {
+						url,
+						options,
+					};
+				},
+			},
+		],
+	} satisfies BetterAuthClientPlugin;
+};

package/src/expo.test.ts

@@ -0,0 +1,133 @@
+import { createAuthClient } from "better-auth/client";
+import Database from "better-sqlite3";
+import { beforeAll, describe, expect, it, vi } from "vitest";
+import { expo } from ".";
+import { expoClient } from "./client";
+import { betterAuth } from "better-auth";
+import { getMigrations } from "better-auth/db";
+
+vi.mock("expo-web-browser", async () => {
+	return {
+		openAuthSessionAsync: vi.fn(async (...args) => {
+			fn(...args);
+			return {
+				type: "success",
+				url: "better-auth://?cookie=better-auth.session_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYxMzQwZj",
+			};
+		}),
+	};
+});
+
+vi.mock("react-native", async () => {
+	return {
+		Platform: {
+			OS: "android",
+		},
+	};
+});
+
+vi.mock("expo-constants", async () => {
+	return {
+		default: {
+			platform: {
+				scheme: "better-auth",
+			},
+		},
+	};
+});
+
+vi.mock("expo-linking", async () => {
+	return {
+		createURL: vi.fn((url) => `better-auth://${url}`),
+	};
+});
+
+vi.mock("expo-secure-store", async () => {
+	return {
+		getItemAsync: vi.fn(async (key) => null),
+		setItemAsync: vi.fn(),
+		deleteItemAsync: vi.fn(),
+	};
+});
+
+const fn = vi.fn();
+
+describe("expo", async () => {
+	const storage = new Map<string, string>();
+
+	const auth = betterAuth({
+		baseURL: "http://localhost:3000",
+		database: new Database(":memory:"),
+		emailAndPassword: {
+			enabled: true,
+		},
+		socialProviders: {
+			google: {
+				clientId: "test",
+				clientSecret: "test",
+			},
+		},
+		plugins: [expo()],
+		trustedOrigins: ["better-auth://"],
+	});
+
+	const client = createAuthClient({
+		baseURL: "http://localhost:3000",
+		fetchOptions: {
+			customFetchImpl: (url, init) => {
+				const req = new Request(url.toString(), init);
+				return auth.handler(req);
+			},
+		},
+		plugins: [
+			expoClient({
+				storage: {
+					getItem: (key) => storage.get(key) || null,
+					setItem: async (key, value) => storage.set(key, value),
+				},
+			}),
+		],
+	});
+	beforeAll(async () => {
+		const { runMigrations } = await getMigrations(auth.options);
+		await runMigrations();
+	});
+
+	it("should store cookie with expires date", async () => {
+		const testUser = {
+			email: "test@test.com",
+			password: "password",
+			name: "Test User",
+		};
+		await client.signUp.email(testUser);
+		const storedCookie = storage.get("better-auth_cookie");
+		expect(storedCookie).toBeDefined();
+		const parsedCookie = JSON.parse(storedCookie || "");
+		expect(parsedCookie["better-auth.session_token"]).toMatchObject({
+			value: expect.any(String),
+			expires: expect.any(String),
+		});
+	});
+
+	it("should send cookie and get session", async () => {
+		const { data } = await client.getSession();
+		expect(data).toMatchObject({
+			session: expect.any(Object),
+			user: expect.any(Object),
+		});
+	});
+
+	it("should use the scheme to open the browser", async () => {
+		const { data: res } = await client.signIn.social({
+			provider: "google",
+			callbackURL: "/dashboard",
+		});
+		expect(res).toMatchObject({
+			url: expect.stringContaining("accounts.google"),
+		});
+		expect(fn).toHaveBeenCalledWith(
+			expect.stringContaining("accounts.google"),
+			"better-auth:///dashboard",
+		);
+	});
+});

package/src/index.ts

@@ -0,0 +1,55 @@
+import type { BetterAuthPlugin } from "better-auth";
+
+export const expo = () => {
+	return {
+		id: "expo",
+		init: (ctx) => {
+			const trustedOrigins =
+				process.env.NODE_ENV === "development"
+					? [...(ctx.options.trustedOrigins || []), "exp://"]
+					: ctx.options.trustedOrigins;
+			return {
+				options: {
+					trustedOrigins,
+				},
+			};
+		},
+		hooks: {
+			after: [
+				{
+					matcher(context) {
+						return context.path?.startsWith("/callback");
+					},
+					handler: async (ctx) => {
+						const response = ctx.context.returned as Response;
+						if (response.status === 302) {
+							const location = response.headers.get("location");
+							if (!location) {
+								return;
+							}
+							const trustedOrigins = ctx.context.trustedOrigins.filter(
+								(origin) => !origin.startsWith("http"),
+							);
+							const isTrustedOrigin = trustedOrigins.some((origin) =>
+								location?.startsWith(origin),
+							);
+							if (!isTrustedOrigin) {
+								return;
+							}
+							const cookie = response.headers.get("set-cookie");
+							if (!cookie) {
+								return;
+							}
+							const url = new URL(location);
+							url.searchParams.set("cookie", cookie);
+							response.headers.set("location", url.toString());
+							return {
+								response,
+							};
+						}
+					},
+				},
+			],
+		},
+	} satisfies BetterAuthPlugin;
+};

package/tsconfig.json

@@ -0,0 +1,20 @@
+{
+	"compilerOptions": {
+		"esModuleInterop": true,
+		"skipLibCheck": true,
+		"target": "es2022",
+		"allowJs": true,
+		"resolveJsonModule": true,
+		"module": "ESNext",
+		"noEmit": true,
+		"moduleResolution": "Bundler",
+		"moduleDetection": "force",
+		"isolatedModules": true,
+		"verbatimModuleSyntax": true,
+		"strict": true,
+		"noImplicitOverride": true,
+		"noFallthroughCasesInSwitch": true
+	},
+	"exclude": ["node_modules"],
+	"include": ["src"]
+}

package/tsup.config.ts

@@ -0,0 +1,13 @@
+import { defineConfig } from "tsup";
+
+export default defineConfig((env) => {
+	return {
+		entry: {
+			index: "src/index.ts",
+			client: "src/client.ts",
+		},
+		format: ["esm", "cjs"],
+		bundle: true,
+		skipNodeModulesBundle: true,
+	};
+});