@better-auth/infra 0.1.14 → 0.2.0

package/README.md

@@ -6,6 +6,7 @@ Infra plugins for Better Auth:
 - `dashClient()` for dashboard client actions (including audit log queries).
 - `sentinel()` for security checks and abuse protection.
 - `sentinelClient()` for browser fingerprint headers + optional PoW auto-solving.
+- `sentinelNativeClient()` (from `@better-auth/infra/native`) for React Native / Expo.
 
 ## Installation
 
@@ -69,6 +70,45 @@ const auditLogs = await authClient.dash.getAuditLogs({
 });
 ```
 
+## Native client
+
+Use this plugin for your React Native / Expo app. This plugin is designed to work along with the server side sentinel and dash plugins and will ensure your app is protected from abuse and bot attacks.
+
+### Install peers
+
+```bash
+pnpm add react-native @react-native-async-storage/async-storage
+# Optional, for richer device metadata in the identify payload:
+pnpm add expo-constants expo-device
+```
+
+`@react-native-async-storage/async-storage` is optional; if it is not installed, a session-only in-memory visitor id is used. For production, install it or pass `storage` (for example secure storage).
+
+### Example
+
+```ts
+import { createAuthClient } from "better-auth/client";
+import { dashClient, sentinelNativeClient } from "@better-auth/infra/native";
+
+export const authClient = createAuthClient({
+  baseURL: "https://your-api.example.com",
+  plugins: [
+    dashClient(),
+    sentinelNativeClient({
+      identifyUrl: process.env.EXPO_PUBLIC_BETTER_AUTH_KV_URL,
+      autoSolveChallenge: true,
+    }),
+  ],
+});
+```
+
+### Options (`sentinelNativeClient`)
+
+- `identifyUrl?: string` — KV identify endpoint base (defaults to `BETTER_AUTH_KV_URL` from env, then `https://kv.better-auth.com`).
+- `autoSolveChallenge?: boolean` — When `true` (default), `423` responses that include `X-PoW-Challenge` are solved and the request is retried once with `X-PoW-Solution`.
+- `onChallengeReceived?` / `onChallengeSolved?` / `onChallengeFailed?` — PoW lifecycle hooks (reason string, solve time in ms, or error).
+- `storage?: { getItem, setItem }` — Async key/value storage for a stable per-install visitor id (recommended for production).
+
 ## Audit Log APIs
 
 ### `dashClient()` API
@@ -249,6 +289,10 @@ All security configuration now belongs in `sentinel()`.
 
 See `Audit Log APIs` above for full method details.
 
+### `SentinelNativeClientOptions`
+
+Exported from `@better-auth/infra/native`. See [React Native client](#native-client) for the full option list and usage.
+
 ## Migration
 
 If you previously passed security config to `dash()`, move it to `sentinel()`:

package/dist/client.d.mts

@@ -1,3 +1,4 @@
+import { a as dashClient, i as DashGetAuditLogsInput, n as DashAuditLogsResponse, r as DashClientOptions, t as DashAuditLog } from "./dash-client-hJHp7l_X.mjs";
 import * as _$_better_fetch_fetch0 from "@better-fetch/fetch";
 
 //#region src/sentinel/client.d.ts
@@ -43,73 +44,4 @@ declare const sentinelClient: (options?: SentinelClientOptions) => {
   })[];
 };
 //#endregion
-//#region src/client.d.ts
-interface DashAuditLog {
-  eventType: string;
-  eventData: Record<string, unknown>;
-  eventKey: string;
-  projectId: string;
-  createdAt: string;
-  updatedAt: string;
-  ageInMinutes?: number;
-  location?: {
-    ipAddress?: string | null;
-    city?: string | null;
-    country?: string | null;
-    countryCode?: string | null;
-  };
-}
-interface DashAuditLogsResponse {
-  events: DashAuditLog[];
-  total: number;
-  limit: number;
-  offset: number;
-}
-type SessionLike = {
-  user?: {
-    id?: string | null;
-  };
-};
-type UserLike = {
-  id?: string | null;
-};
-interface DashGetAuditLogsInput {
-  limit?: number;
-  offset?: number;
-  organizationId?: string;
-  identifier?: string;
-  eventType?: string;
-  userId?: string;
-  user?: UserLike | null;
-  session?: SessionLike | null;
-}
-interface DashClientOptions {
-  resolveUserId?: (input: {
-    userId?: string;
-    user?: UserLike | null;
-    session?: SessionLike | null;
-  }) => string | undefined;
-}
-declare const dashClient: (options?: DashClientOptions) => {
-  id: "dash";
-  getActions: ($fetch: _$_better_fetch_fetch0.BetterFetch) => {
-    dash: {
-      getAuditLogs: (input?: DashGetAuditLogsInput) => Promise<{
-        data: DashAuditLogsResponse;
-        error: null;
-      } | {
-        data: null;
-        error: {
-          message?: string | undefined;
-          status: number;
-          statusText: string;
-        };
-      }>;
-    };
-  };
-  pathMethods: {
-    "/events/audit-logs": "GET";
-  };
-};
-//#endregion
-export { DashAuditLog, DashAuditLogsResponse, DashClientOptions, DashGetAuditLogsInput, type SentinelClientOptions, dashClient, sentinelClient };
+export { type DashAuditLog, type DashAuditLogsResponse, type DashClientOptions, type DashGetAuditLogsInput, type SentinelClientOptions, dashClient, sentinelClient };

package/dist/client.mjs

@@ -1,5 +1,5 @@
 import { r as KV_TIMEOUT_MS } from "./constants-DdWGfvz1.mjs";
-import { a as hash, i as identify, r as generateRequestId } from "./identification-DF2nvmng.mjs";
+import { a as identify, c as dashClient, i as generateRequestId, n as encodePoWSolution, r as solvePoWChallenge, s as hash, t as decodePoWChallenge } from "./pow-BUuN_EKw.mjs";
 import { env } from "@better-auth/core/env";
 //#region src/sentinel/fingerprint.ts
 function murmurhash3(str, seed = 0) {
@@ -417,63 +417,6 @@ async function waitForIdentify(timeoutMs = 500) {
 	await Promise.race([identifyCompletePromise, new Promise((resolve) => setTimeout(resolve, timeoutMs))]);
 }
 //#endregion
-//#region src/sentinel/pow.ts
-function hasLeadingZeroBits(hash, bits) {
-	const fullHexChars = Math.floor(bits / 4);
-	const remainingBits = bits % 4;
-	for (let i = 0; i < fullHexChars; i++) if (hash[i] !== "0") return false;
-	if (remainingBits > 0 && fullHexChars < hash.length) {
-		if (parseInt(hash[fullHexChars], 16) > (1 << 4 - remainingBits) - 1) return false;
-	}
-	return true;
-}
-async function solvePoWChallenge(challenge) {
-	const { nonce, difficulty } = challenge;
-	let counter = 0;
-	while (true) {
-		if (hasLeadingZeroBits(await hash(`${nonce}:${counter}`), difficulty)) return {
-			nonce,
-			counter
-		};
-		counter++;
-		if (counter % 1e3 === 0) await new Promise((resolve) => setTimeout(resolve, 0));
-		if (counter > 1e8) throw new Error("PoW challenge took too long to solve");
-	}
-}
-function decodeBase64ToUtf8(encoded) {
-	if (typeof globalThis.atob === "function") return globalThis.atob(encoded);
-	throw new Error("[Sentinel] Base64 decode requires atob (browser, Hermes, or Bun)");
-}
-function encodeUtf8ToBase64(str) {
-	if (typeof globalThis.btoa === "function") return globalThis.btoa(str);
-	const bytes = new TextEncoder().encode(str);
-	const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-	let out = "";
-	for (let i = 0; i < bytes.length; i += 3) {
-		const b0 = bytes[i];
-		const b1 = bytes[i + 1] ?? 0;
-		const b2 = bytes[i + 2] ?? 0;
-		const triple = b0 << 16 | b1 << 8 | b2;
-		const pad = i + 2 >= bytes.length ? i + 1 >= bytes.length ? 2 : 1 : 0;
-		out += chars[triple >> 18 & 63];
-		out += chars[triple >> 12 & 63];
-		out += pad < 2 ? chars[triple >> 6 & 63] : "=";
-		out += pad < 1 ? chars[triple & 63] : "=";
-	}
-	return out;
-}
-function decodePoWChallenge(encoded) {
-	try {
-		const decoded = decodeBase64ToUtf8(encoded);
-		return JSON.parse(decoded);
-	} catch {
-		return null;
-	}
-}
-function encodePoWSolution(solution) {
-	return encodeUtf8ToBase64(JSON.stringify(solution));
-}
-//#endregion
 //#region src/sentinel/client.ts
 const DEFAULT_IDENTIFY_URL = "https://kv.better-auth.com";
 const sentinelClient = (options) => {
@@ -565,33 +508,4 @@ const sentinelClient = (options) => {
 	};
 };
 //#endregion
-//#region src/client.ts
-function resolveDashUserId(input, options) {
-	return input.userId || options?.resolveUserId?.({
-		userId: input.userId,
-		user: input.user,
-		session: input.session
-	}) || input.user?.id || input.session?.user?.id || void 0;
-}
-const dashClient = (options) => {
-	return {
-		id: "dash",
-		getActions: ($fetch) => ({ dash: { getAuditLogs: async (input = {}) => {
-			const userId = resolveDashUserId(input, options);
-			return $fetch("/events/audit-logs", {
-				method: "GET",
-				query: {
-					limit: input.limit,
-					offset: input.offset,
-					organizationId: input.organizationId,
-					identifier: input.identifier,
-					eventType: input.eventType,
-					userId
-				}
-			});
-		} } }),
-		pathMethods: { "/events/audit-logs": "GET" }
-	};
-};
-//#endregion
 export { dashClient, sentinelClient };

package/dist/dash-client-hJHp7l_X.d.mts

@@ -0,0 +1,72 @@
+import * as _$_better_fetch_fetch0 from "@better-fetch/fetch";
+
+//#region src/dash-client.d.ts
+interface DashAuditLog {
+  eventType: string;
+  eventData: Record<string, unknown>;
+  eventKey: string;
+  projectId: string;
+  createdAt: string;
+  updatedAt: string;
+  ageInMinutes?: number;
+  location?: {
+    ipAddress?: string | null;
+    city?: string | null;
+    country?: string | null;
+    countryCode?: string | null;
+  };
+}
+interface DashAuditLogsResponse {
+  events: DashAuditLog[];
+  total: number;
+  limit: number;
+  offset: number;
+}
+type SessionLike = {
+  user?: {
+    id?: string | null;
+  };
+};
+type UserLike = {
+  id?: string | null;
+};
+interface DashGetAuditLogsInput {
+  limit?: number;
+  offset?: number;
+  organizationId?: string;
+  identifier?: string;
+  eventType?: string;
+  userId?: string;
+  user?: UserLike | null;
+  session?: SessionLike | null;
+}
+interface DashClientOptions {
+  resolveUserId?: (input: {
+    userId?: string;
+    user?: UserLike | null;
+    session?: SessionLike | null;
+  }) => string | undefined;
+}
+declare const dashClient: (options?: DashClientOptions) => {
+  id: "dash";
+  getActions: ($fetch: _$_better_fetch_fetch0.BetterFetch) => {
+    dash: {
+      getAuditLogs: (input?: DashGetAuditLogsInput) => Promise<{
+        data: null;
+        error: {
+          message?: string | undefined;
+          status: number;
+          statusText: string;
+        };
+      } | {
+        data: DashAuditLogsResponse;
+        error: null;
+      }>;
+    };
+  };
+  pathMethods: {
+    "/events/audit-logs": "GET";
+  };
+};
+//#endregion
+export { dashClient as a, DashGetAuditLogsInput as i, DashAuditLogsResponse as n, DashClientOptions as r, DashAuditLog as t };