@better-auth/infra 0.1.14 → 0.2.0

package/dist/pow-BUuN_EKw.mjs

@@ -0,0 +1,131 @@
+import "./constants-DdWGfvz1.mjs";
+//#region src/dash-client.ts
+function resolveDashUserId(input, options) {
+	return input.userId || options?.resolveUserId?.({
+		userId: input.userId,
+		user: input.user,
+		session: input.session
+	}) || input.user?.id || input.session?.user?.id || void 0;
+}
+const dashClient = (options) => {
+	return {
+		id: "dash",
+		getActions: ($fetch) => ({ dash: { getAuditLogs: async (input = {}) => {
+			const userId = resolveDashUserId(input, options);
+			return $fetch("/events/audit-logs", {
+				method: "GET",
+				query: {
+					limit: input.limit,
+					offset: input.offset,
+					organizationId: input.organizationId,
+					identifier: input.identifier,
+					eventType: input.eventType,
+					userId
+				}
+			});
+		} } }),
+		pathMethods: { "/events/audit-logs": "GET" }
+	};
+};
+//#endregion
+//#region src/crypto.ts
+function randomBytes(length) {
+	const bytes = new Uint8Array(length);
+	crypto.getRandomValues(bytes);
+	return bytes;
+}
+function bytesToHex(bytes) {
+	return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function hash(message) {
+	const msgBuffer = new TextEncoder().encode(message);
+	const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
+	return bytesToHex(new Uint8Array(hashBuffer));
+}
+//#endregion
+//#region src/abort-signal.ts
+/**
+* Returns an AbortSignal that aborts after `ms`.
+* Uses `AbortSignal.timeout` when present; otherwise `AbortController` + `setTimeout`
+* for React Native / older runtimes where `.timeout` is missing.
+*/
+function timeout(ms) {
+	if (typeof AbortSignal.timeout === "function") return AbortSignal.timeout(ms);
+	const controller = new AbortController();
+	setTimeout(() => controller.abort(), ms);
+	return controller.signal;
+}
+//#endregion
+//#region src/identification-client.ts
+function generateRequestId() {
+	const hex = bytesToHex(randomBytes(16));
+	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`;
+}
+async function identify(baseURL, payload, signal) {
+	const base = baseURL.replace(/\/$/, "");
+	await fetch(`${base}/identify`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify(payload),
+		signal: signal ?? timeout(5e3)
+	});
+}
+//#endregion
+//#region src/sentinel/pow.ts
+function hasLeadingZeroBits(hash, bits) {
+	const fullHexChars = Math.floor(bits / 4);
+	const remainingBits = bits % 4;
+	for (let i = 0; i < fullHexChars; i++) if (hash[i] !== "0") return false;
+	if (remainingBits > 0 && fullHexChars < hash.length) {
+		if (parseInt(hash[fullHexChars], 16) > (1 << 4 - remainingBits) - 1) return false;
+	}
+	return true;
+}
+async function solvePoWChallenge(challenge) {
+	const { nonce, difficulty } = challenge;
+	let counter = 0;
+	while (true) {
+		if (hasLeadingZeroBits(await hash(`${nonce}:${counter}`), difficulty)) return {
+			nonce,
+			counter
+		};
+		counter++;
+		if (counter % 1e3 === 0) await new Promise((resolve) => setTimeout(resolve, 0));
+		if (counter > 1e8) throw new Error("PoW challenge took too long to solve");
+	}
+}
+function decodeBase64ToUtf8(encoded) {
+	if (typeof globalThis.atob === "function") return globalThis.atob(encoded);
+	throw new Error("[Sentinel] Base64 decode requires atob (browser, Hermes, or Bun)");
+}
+function encodeUtf8ToBase64(str) {
+	if (typeof globalThis.btoa === "function") return globalThis.btoa(str);
+	const bytes = new TextEncoder().encode(str);
+	const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+	let out = "";
+	for (let i = 0; i < bytes.length; i += 3) {
+		const b0 = bytes[i];
+		const b1 = bytes[i + 1] ?? 0;
+		const b2 = bytes[i + 2] ?? 0;
+		const triple = b0 << 16 | b1 << 8 | b2;
+		const pad = i + 2 >= bytes.length ? i + 1 >= bytes.length ? 2 : 1 : 0;
+		out += chars[triple >> 18 & 63];
+		out += chars[triple >> 12 & 63];
+		out += pad < 2 ? chars[triple >> 6 & 63] : "=";
+		out += pad < 1 ? chars[triple & 63] : "=";
+	}
+	return out;
+}
+function decodePoWChallenge(encoded) {
+	try {
+		const decoded = decodeBase64ToUtf8(encoded);
+		return JSON.parse(decoded);
+	} catch {
+		return null;
+	}
+}
+function encodePoWSolution(solution) {
+	return encodeUtf8ToBase64(JSON.stringify(solution));
+}
+//#endregion
+export { identify as a, dashClient as c, generateRequestId as i, encodePoWSolution as n, bytesToHex as o, solvePoWChallenge as r, hash as s, decodePoWChallenge as t };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/infra",
-  "version": "0.1.14",
+  "version": "0.2.0",
   "description": "Dashboard and analytics plugin for Better Auth",
   "type": "module",
   "main": "dist/index.mjs",
@@ -30,6 +30,11 @@
       "types": "./dist/email.d.mts",
       "import": "./dist/email.mjs",
       "default": "./dist/email.mjs"
+    },
+    "./native": {
+      "types": "./dist/native.d.mts",
+      "import": "./dist/native.mjs",
+      "default": "./dist/native.mjs"
     }
   },
   "files": [
@@ -62,8 +67,9 @@
     "@types/bun": "latest",
     "@types/node": "catalog:",
     "better-auth": "catalog:",
+    "expo-crypto": "^14.0.2",
     "happy-dom": "^20.8.9",
-    "msw": "^2.12.14",
+    "msw": "^2.13.0",
     "tsdown": "^0.21.1",
     "typescript": "catalog:",
     "zod": "catalog:"
@@ -78,6 +84,25 @@
     "better-auth": ">=1.4.0",
     "zod": ">=4.1.12",
     "@better-auth/core": ">=1.4.0",
-    "@better-auth/sso": ">=1.4.0"
+    "@better-auth/sso": ">=1.4.0",
+    "react-native": ">=0.74.0",
+    "@react-native-async-storage/async-storage": ">=1.21.0",
+    "expo-constants": ">=16.0.0",
+    "expo-crypto": ">=13.0.0",
+    "expo-device": ">=6.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@react-native-async-storage/async-storage": {
+      "optional": true
+    },
+    "expo-constants": {
+      "optional": true
+    },
+    "expo-crypto": {
+      "optional": true
+    },
+    "expo-device": {
+      "optional": true
+    }
   }
 }

package/dist/identification-DF2nvmng.mjs

@@ -1,178 +0,0 @@
-import { n as INFRA_KV_URL, r as KV_TIMEOUT_MS } from "./constants-DdWGfvz1.mjs";
-import { logger } from "better-auth";
-import { createAuthMiddleware } from "better-auth/api";
-//#region src/crypto.ts
-function randomBytes(length) {
-	const bytes = new Uint8Array(length);
-	crypto.getRandomValues(bytes);
-	return bytes;
-}
-function bytesToHex(bytes) {
-	return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-async function hash(message) {
-	const msgBuffer = new TextEncoder().encode(message);
-	const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
-	return bytesToHex(new Uint8Array(hashBuffer));
-}
-//#endregion
-//#region src/identification.ts
-/**
-* Identification Service
-*
-* Fetches identification data from the durable-kv service
-* when a request includes an X-Request-Id header.
-*/
-const IDENTIFICATION_COOKIE_NAME = "__infra-rid";
-const identificationCache = /* @__PURE__ */ new Map();
-const CACHE_TTL_MS = 6e4;
-const CACHE_MAX_SIZE = 1e3;
-let lastCleanup = Date.now();
-function cleanupCache() {
-	const now = Date.now();
-	for (const [key, value] of identificationCache.entries()) if (now - value.timestamp > CACHE_TTL_MS) identificationCache.delete(key);
-	lastCleanup = now;
-}
-function maybeCleanup() {
-	if (Date.now() - lastCleanup > CACHE_TTL_MS || identificationCache.size > CACHE_MAX_SIZE) cleanupCache();
-}
-/**
-* Fetch identification data from durable-kv by requestId
-*/
-async function getIdentification(requestId, apiKey, kvUrl) {
-	maybeCleanup();
-	const cached = identificationCache.get(requestId);
-	if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) return cached.data;
-	const baseUrl = kvUrl || INFRA_KV_URL;
-	const maxRetries = 3;
-	const retryDelays = [
-		50,
-		100,
-		200
-	];
-	for (let attempt = 0; attempt <= maxRetries; attempt++) try {
-		const response = await fetch(`${baseUrl}/identify/${requestId}`, {
-			method: "GET",
-			headers: { "x-api-key": apiKey },
-			signal: AbortSignal.timeout(KV_TIMEOUT_MS)
-		});
-		if (response.ok) {
-			const data = await response.json();
-			identificationCache.set(requestId, {
-				data,
-				timestamp: Date.now()
-			});
-			return data;
-		}
-		if (response.status === 404 && attempt < maxRetries) {
-			await new Promise((resolve) => setTimeout(resolve, retryDelays[attempt]));
-			continue;
-		}
-		if (response.status !== 404) identificationCache.set(requestId, {
-			data: null,
-			timestamp: Date.now()
-		});
-		return null;
-	} catch (error) {
-		if (attempt === maxRetries) {
-			logger.error("[Dash] Failed to fetch identification:", error);
-			return null;
-		}
-		await new Promise((resolve) => setTimeout(resolve, retryDelays[attempt] || 50));
-	}
-	return null;
-}
-function generateRequestId() {
-	const hex = bytesToHex(randomBytes(16));
-	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`;
-}
-async function identify(baseURL, payload, signal) {
-	const base = baseURL.replace(/\/$/, "");
-	await fetch(`${base}/identify`, {
-		method: "POST",
-		headers: { "Content-Type": "application/json" },
-		body: JSON.stringify(payload),
-		signal: signal ?? AbortSignal.timeout(5e3)
-	});
-}
-/**
-* Extract identification headers from a request
-*/
-function extractIdentificationHeaders(request) {
-	if (!request) return {
-		visitorId: null,
-		requestId: null
-	};
-	return {
-		visitorId: request.headers.get("X-Visitor-Id"),
-		requestId: request.headers.get("X-Request-Id")
-	};
-}
-/**
-* Early middleware that loads identification data
-*/
-function createIdentificationMiddleware(options) {
-	return createAuthMiddleware(async (ctx) => {
-		const { visitorId, requestId: headerRequestId } = extractIdentificationHeaders(ctx.request);
-		const requestId = headerRequestId ?? ctx.getCookie("__infra-rid") ?? null;
-		ctx.context.visitorId = visitorId;
-		ctx.context.requestId = requestId;
-		if (requestId) ctx.context.identification = ctx.context.identification ?? await getIdentification(requestId, options.apiKey, options.kvUrl) ?? null;
-		else ctx.context.identification = null;
-		const ipConfig = ctx.context.options?.advanced?.ipAddress;
-		if (ipConfig?.disableIpTracking === true) {
-			ctx.context.location = void 0;
-			return;
-		}
-		const identification = ctx.context.identification;
-		if (requestId && identification) {
-			const loc = getLocation(identification);
-			ctx.context.location = {
-				ipAddress: identification.ip || void 0,
-				city: loc?.city || void 0,
-				country: loc?.country?.name || void 0,
-				countryCode: loc?.country?.code || void 0
-			};
-			return;
-		}
-		const ipAddress = getClientIpFromRequest(ctx.request, ipConfig?.ipAddressHeaders || null);
-		const countryCode = getCountryCodeFromRequest(ctx.request);
-		if (ipAddress || countryCode) {
-			ctx.context.location = {
-				ipAddress,
-				countryCode
-			};
-			return;
-		}
-		ctx.context.location = void 0;
-	});
-}
-/**
-* Get the visitor's location
-*/
-function getLocation(identification) {
-	if (!identification) return null;
-	return identification.location;
-}
-function getClientIpFromRequest(request, ipAddressHeaders) {
-	if (!request) return void 0;
-	const headers = ipAddressHeaders?.length ? ipAddressHeaders : [
-		"cf-connecting-ip",
-		"x-forwarded-for",
-		"x-real-ip",
-		"x-vercel-forwarded-for"
-	];
-	for (const headerName of headers) {
-		const value = request.headers.get(headerName);
-		if (!value) continue;
-		const ip = value.split(",")[0]?.trim();
-		if (ip) return ip;
-	}
-}
-function getCountryCodeFromRequest(request) {
-	if (!request) return void 0;
-	const cc = request.headers.get("cf-ipcountry") ?? request.headers.get("x-vercel-ip-country");
-	return cc ? cc.toUpperCase() : void 0;
-}
-//#endregion
-export { hash as a, identify as i, createIdentificationMiddleware as n, generateRequestId as r, IDENTIFICATION_COOKIE_NAME as t };