npm - @better-auth/expo - Versions diffs - 1.7.0-beta.1 → 1.7.0-beta.10 - Mend

@better-auth/expo 1.7.0-beta.1 → 1.7.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/client.d.ts +21 -7
package/dist/client.js +81 -23
package/dist/index.js +12 -4
package/dist/plugins/index.js +1 -1
package/dist/{version-CxmVFmt9.js → version-CXjBN8D3.js} +1 -1
package/package.json +13 -13

package/dist/client.d.ts CHANGED Viewed

@@ -84,10 +84,23 @@ declare function hasBetterAuthCookies(setCookieHeader: string, cookiePrefix: str
 declare function normalizeCookieName(name: string): string;
 declare function storageAdapter(storage: {
   getItem: (name: string) => string | null;
-  setItem: (name: string, value: string) => void;
+  setItem: (name: string, value: string) => unknown;
 }): {
+  /**
+   * Reads a value, reassembling it if it was split across chunk keys. A value
+   * that fit is returned as-is (values written before chunking still read
+   * back); a missing chunk returns `null` so a torn write fails closed.
+   */
   getItem: (name: string) => string | null;
-  setItem: (name: string, value: string) => void;
+  /**
+   * Stores `value`, splitting it across chunk keys when it exceeds the
+   * per-write limit. The base key is cleared before the chunks are rewritten
+   * and set to the marker last, as the commit point, so a write interrupted
+   * partway through reads as absent rather than a mix of old and new chunks.
+   * Failures are logged, not thrown: persistence is best-effort and must not
+   * break the request.
+   */
+  setItem: (name: string, value: string) => Promise<void>;
 };
 declare const expoClient: (opts: ExpoClientOptions) => {
   id: "expo";
@@ -119,11 +132,6 @@ declare const expoClient: (opts: ExpoClientOptions) => {
     init(url: string, options: ({
       priority?: RequestPriority | undefined;
       method?: string | undefined;
-      headers?: (HeadersInit & (HeadersInit | {
-        accept: "application/json" | "text/plain" | "application/octet-stream";
-        "content-type": "application/json" | "text/plain" | "application/x-www-form-urlencoded" | "multipart/form-data" | "application/octet-stream";
-        authorization: "Bearer" | "Basic";
-      })) | undefined;
       redirect?: RequestRedirect | undefined;
       window?: null | undefined;
       cache?: RequestCache | undefined;
@@ -159,6 +167,12 @@ declare const expoClient: (opts: ExpoClientOptions) => {
         prefix: string | (() => string | undefined) | undefined;
         value: string | (() => string | undefined) | undefined;
       }) | undefined;
+      headers?: {} | {
+        [x: string]: string | undefined;
+        accept?: ((string & {}) | "application/json" | "text/plain" | "application/octet-stream") | undefined;
+        "content-type"?: ((string & {}) | "application/json" | "text/plain" | "application/octet-stream" | "application/x-www-form-urlencoded" | "multipart/form-data") | undefined;
+        authorization?: ((string & {}) | `Bearer ${string}` | `Basic ${string}`) | undefined;
+      } | undefined;
       body?: any;
       query?: any;
       params?: any;

package/dist/client.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as PACKAGE_VERSION } from "./version-CxmVFmt9.js";
+import { t as PACKAGE_VERSION } from "./version-CXjBN8D3.js";
 import { safeJSONParse } from "@better-auth/core/utils/json";
 import { SECURE_COOKIE_PREFIX, parseSetCookieHeader, parseSetCookieHeader as parseSetCookieHeader$1, stripSecureCookiePrefix } from "better-auth/cookies";
 import Constants from "expo-constants";
@@ -195,13 +195,54 @@ function hasBetterAuthCookies(setCookieHeader, cookiePrefix) {
 function normalizeCookieName(name) {
 	return name.replace(/:/g, "_");
 }
+/**
+* Max characters written per `setItem`. Native secure stores silently reject
+* oversized writes (iOS Keychain refuses values above ~2KB), losing the cookie,
+* so a larger value is split across keys here. Mirrors the server's
+* `chunkCookie`/`joinChunks` in `session-store.ts`; keep the two in sync.
+*
+* @see https://github.com/better-auth/better-auth/issues/9151
+*/
+const STORAGE_VALUE_LIMIT = 1800;
+/**
+* Marks a base key whose value is split across `<key>.0..N` chunks. The leading
+* control char can't start a JSON value (so it never collides) and, unlike NUL,
+* survives the native storage bridge without C-string truncation.
+*/
+const CHUNK_MARKER = "ba-chunks:";
 function storageAdapter(storage) {
 	return {
 		getItem: (name) => {
-			return storage.getItem(normalizeCookieName(name));
+			const key = normalizeCookieName(name);
+			const stored = storage.getItem(key);
+			if (stored == null || !stored.startsWith(CHUNK_MARKER)) return stored;
+			const count = Number(stored.slice(11));
+			if (!Number.isInteger(count) || count < 1) return null;
+			let value = "";
+			for (let i = 0; i < count; i++) {
+				const chunk = storage.getItem(`${key}.${i}`);
+				if (chunk == null) return null;
+				value += chunk;
+			}
+			return value;
 		},
-		setItem: (name, value) => {
-			return storage.setItem(normalizeCookieName(name), value);
+		setItem: async (name, value) => {
+			const key = normalizeCookieName(name);
+			try {
+				if (value.length <= STORAGE_VALUE_LIMIT) {
+					await storage.setItem(key, value);
+					return;
+				}
+				await storage.setItem(key, "");
+				const count = Math.ceil(value.length / STORAGE_VALUE_LIMIT);
+				for (let i = 0; i < count; i++) {
+					const start = i * STORAGE_VALUE_LIMIT;
+					await storage.setItem(`${key}.${i}`, value.slice(start, start + STORAGE_VALUE_LIMIT));
+				}
+				await storage.setItem(key, `${CHUNK_MARKER}${count}`);
+			} catch (error) {
+				console.error(`[better-auth/expo] failed to persist "${key}" to storage`, error);
+			}
 		}
 	};
 }
@@ -213,6 +254,16 @@ const expoClient = (opts) => {
 	const storage = storageAdapter(opts?.storage);
 	const isWeb = Platform.OS === "web";
 	const cookiePrefix = opts?.cookiePrefix || "better-auth";
+	const clearSessionCache = async () => {
+		await storage.setItem(cookieName, "{}");
+		store?.atoms.session?.set({
+			...store.atoms.session.get(),
+			data: null,
+			error: null,
+			isPending: false
+		});
+		await storage.setItem(localCacheName, "{}");
+	};
 	const rawScheme = opts?.scheme || Constants.expoConfig?.scheme || Constants.platform?.scheme;
 	const scheme = Array.isArray(rawScheme) ? rawScheme[0] : rawScheme;
 	if (!scheme && !isWeb) throw new Error("Scheme not found in app.json. Please provide a scheme in the options.");
@@ -221,6 +272,18 @@ const expoClient = (opts) => {
 		version: PACKAGE_VERSION,
 		getActions(_, $store) {
 			store = $store;
+			const sessionAtom = $store.atoms.session;
+			if (!isWeb && !opts?.disableCache && sessionAtom) {
+				const raw = storage.getItem(localCacheName);
+				const cached = raw ? safeJSONParse(raw) : null;
+				const exp = cached?.session?.expiresAt;
+				const expMs = exp ? new Date(exp).getTime() : NaN;
+				if (!!cached?.user?.id && !!cached.session?.id && expMs > Date.now()) sessionAtom.set({
+					...sessionAtom.get(),
+					data: cached,
+					error: null
+				});
+			}
 			return { getCookie: () => {
 				return getCookie(storage.getItem(cookieName) || "{}");
 			} };
@@ -236,15 +299,16 @@ const expoClient = (opts) => {
 						const prevCookie = storage.getItem(cookieName);
 						const toSetCookie = getSetCookie(setCookie || "", prevCookie ?? void 0);
 						if (hasSessionCookieChanged(prevCookie, toSetCookie)) {
-							storage.setItem(cookieName, toSetCookie);
+							await storage.setItem(cookieName, toSetCookie);
 							store?.notify("$sessionSignal");
-						} else storage.setItem(cookieName, toSetCookie);
+						} else await storage.setItem(cookieName, toSetCookie);
 					}
 				}
 				if (context.request.url.toString().includes("/get-session") && !opts?.disableCache) {
 					const data = context.data;
-					storage.setItem(localCacheName, JSON.stringify(data));
+					await storage.setItem(localCacheName, JSON.stringify(data));
 				}
+				if (context.request.url.toString().includes("/sign-out")) await clearSessionCache();
 				if (context.data?.redirect && (context.request.url.toString().includes("/sign-in") || context.request.url.toString().includes("/link-social")) && !context.request?.body.includes("idToken")) {
 					const to = JSON.parse(context.request.body)?.callbackURL;
 					const signInURL = context.data?.url;
@@ -270,7 +334,7 @@ const expoClient = (opts) => {
 					const cookie = new URL(result.url).searchParams.get("cookie");
 					if (!cookie) return;
 					const toSetCookie = getSetCookie(cookie, storage.getItem(cookieName) ?? void 0);
-					storage.setItem(cookieName, toSetCookie);
+					await storage.setItem(cookieName, toSetCookie);
 					store?.notify("$sessionSignal");
 				}
 			} },
@@ -281,11 +345,14 @@ const expoClient = (opts) => {
 				};
 				options = options || {};
 				options.credentials = "omit";
-				if (options.body?.idToken !== void 0) options.headers = {
-					...options.headers,
-					"x-skip-oauth-proxy": "true"
-				};
-				else {
+				if (options.body?.idToken !== void 0) {
+					const cookie = url.includes("/link-social") ? getCookie(storage.getItem(cookieName) || "{}") : "";
+					options.headers = {
+						...options.headers,
+						...cookie ? { cookie } : {},
+						"x-skip-oauth-proxy": "true"
+					};
+				} else {
 					const cookie = getCookie(storage.getItem(cookieName) || "{}");
 					options.headers = {
 						...options.headers,
@@ -311,16 +378,7 @@ const expoClient = (opts) => {
 							options.body.errorCallbackURL = url;
 						}
 					}
-					if (url.includes("/sign-out")) {
-						storage.setItem(cookieName, "{}");
-						store?.atoms.session?.set({
-							...store.atoms.session.get(),
-							data: null,
-							error: null,
-							isPending: false
-						});
-						storage.setItem(localCacheName, "{}");
-					}
+					if (url.includes("/sign-out")) await clearSessionCache();
 				}
 				return {
 					url,

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as PACKAGE_VERSION } from "./version-CxmVFmt9.js";
+import { t as PACKAGE_VERSION } from "./version-CXjBN8D3.js";
 import { createAuthMiddleware } from "@better-auth/core/api";
 import { HIDE_METADATA } from "better-auth";
 import { APIError, createAuthEndpoint } from "better-auth/api";
@@ -12,14 +12,22 @@ const expoAuthorizationProxy = createAuthEndpoint("/expo-authorization-proxy", {
 	}),
 	metadata: HIDE_METADATA
 }, async (ctx) => {
+	const { authorizationURL } = ctx.query;
+	if (authorizationURL.includes("#")) throw new APIError("BAD_REQUEST", { message: "Invalid authorizationURL" });
+	let url;
+	try {
+		url = new URL(authorizationURL);
+	} catch {
+		throw new APIError("BAD_REQUEST", { message: "Invalid authorizationURL" });
+	}
+	if (url.protocol !== "https:" || url.origin === new URL(ctx.context.baseURL).origin) throw new APIError("BAD_REQUEST", { message: "Invalid authorizationURL" });
 	const { oauthState } = ctx.query;
 	if (oauthState) {
 		const oauthStateCookie = ctx.context.createAuthCookie("oauth_state", { maxAge: 600 });
 		ctx.setCookie(oauthStateCookie.name, oauthState, oauthStateCookie.attributes);
-		return ctx.redirect(ctx.query.authorizationURL);
+		return ctx.redirect(authorizationURL);
 	}
-	const { authorizationURL } = ctx.query;
-	const state = new URL(authorizationURL).searchParams.get("state");
+	const state = url.searchParams.get("state");
 	if (!state) throw new APIError("BAD_REQUEST", { message: "Unexpected error" });
 	const stateCookie = ctx.context.createAuthCookie("state", { maxAge: 300 });
 	await ctx.setSignedCookie(stateCookie.name, state, ctx.context.secret, stateCookie.attributes);

package/dist/plugins/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { t as PACKAGE_VERSION } from "../version-CxmVFmt9.js";
+import { t as PACKAGE_VERSION } from "../version-CXjBN8D3.js";
 //#region src/plugins/last-login-method.ts
 const paths = [
 	"/callback/",

package/dist/{version-CxmVFmt9.js → version-CXjBN8D3.js} RENAMED Viewed

@@ -1,5 +1,5 @@
 //#endregion
 //#region src/version.ts
-const PACKAGE_VERSION = "1.7.0-beta.1";
+const PACKAGE_VERSION = "1.7.0-beta.10";
 //#endregion
 export { PACKAGE_VERSION as t };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/expo",
-  "version": "1.7.0-beta.1",
+  "version": "1.7.0-beta.10",
   "description": "Better Auth integration for Expo and React Native applications.",
   "type": "module",
   "license": "MIT",
@@ -58,28 +58,28 @@
     }
   },
   "dependencies": {
-    "@better-fetch/fetch": "1.1.21",
-    "better-call": "1.3.5",
+    "@better-fetch/fetch": "1.3.1",
+    "better-call": "1.3.7",
     "zod": "^4.3.6"
   },
   "devDependencies": {
-    "@better-fetch/fetch": "1.1.21",
-    "expo-constants": "~55.0.7",
-    "expo-linking": "~55.0.7",
-    "expo-network": "~55.0.8",
-    "expo-web-browser": "~55.0.9",
-    "react-native": "~0.84.1",
+    "@better-fetch/fetch": "1.3.1",
+    "expo-constants": "~56.0.18",
+    "expo-linking": "~56.0.14",
+    "expo-network": "~56.0.5",
+    "expo-web-browser": "~56.0.5",
+    "react-native": "~0.86.0",
     "tsdown": "0.21.1",
-    "@better-auth/core": "1.7.0-beta.1",
-    "better-auth": "1.7.0-beta.1"
+    "@better-auth/core": "1.7.0-beta.10",
+    "better-auth": "1.7.0-beta.10"
   },
   "peerDependencies": {
     "expo-constants": ">=17.0.0",
     "expo-linking": ">=7.0.0",
     "expo-network": ">=8.0.7",
     "expo-web-browser": ">=14.0.0",
-    "@better-auth/core": "^1.7.0-beta.1",
-    "better-auth": "^1.7.0-beta.1"
+    "@better-auth/core": "^1.7.0-beta.10",
+    "better-auth": "^1.7.0-beta.10"
   },
   "peerDependenciesMeta": {
     "expo-constants": {