@better-auth/infra 0.1.14 → 0.2.1

package/dist/index.mjs

@@ -1,5 +1,4 @@
 import { n as INFRA_KV_URL, r as KV_TIMEOUT_MS, t as INFRA_API_URL } from "./constants-DdWGfvz1.mjs";
-import { n as createIdentificationMiddleware, t as IDENTIFICATION_COOKIE_NAME } from "./identification-DF2nvmng.mjs";
 import { EMAIL_TEMPLATES, createEmailSender, sendBulkEmails, sendEmail } from "./email.mjs";
 import { APIError, generateId, getAuthTables, logger, parseState } from "better-auth";
 import { env } from "@better-auth/core/env";
@@ -10,7 +9,6 @@ import { isValidPhoneNumber, parsePhoneNumberFromString } from "libphonenumber-j
 import { createLocalJWKSet, jwtVerify } from "jose";
 import z$1, { z } from "zod";
 import { setSessionCookie } from "better-auth/cookies";
-import { DEFAULT_MAX_SAML_METADATA_SIZE, DigestAlgorithm, DiscoveryError, SignatureAlgorithm, discoverOIDCConfig } from "@better-auth/sso";
 //#region src/options.ts
 function resolveConnectionOptions(options) {
 	return {
@@ -853,6 +851,152 @@ const initTrackEvents = (options) => {
 	return { tracker: { trackEvent } };
 };
 //#endregion
+//#region src/identification.ts
+/**
+* Identification Service
+*
+* Fetches identification data from the durable-kv service
+* when a request includes an X-Request-Id header.
+*/
+const IDENTIFICATION_COOKIE_NAME = "__infra-rid";
+const identificationCache = /* @__PURE__ */ new Map();
+const CACHE_TTL_MS = 6e4;
+const CACHE_MAX_SIZE = 1e3;
+let lastCleanup = Date.now();
+function cleanupCache() {
+	const now = Date.now();
+	for (const [key, value] of identificationCache.entries()) if (now - value.timestamp > CACHE_TTL_MS) identificationCache.delete(key);
+	lastCleanup = now;
+}
+function maybeCleanup() {
+	if (Date.now() - lastCleanup > CACHE_TTL_MS || identificationCache.size > CACHE_MAX_SIZE) cleanupCache();
+}
+/**
+* Fetch identification data from durable-kv by requestId
+*/
+async function getIdentification(requestId, apiKey, kvUrl) {
+	maybeCleanup();
+	const cached = identificationCache.get(requestId);
+	if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) return cached.data;
+	const baseUrl = kvUrl || INFRA_KV_URL;
+	const maxRetries = 3;
+	const retryDelays = [
+		50,
+		100,
+		200
+	];
+	for (let attempt = 0; attempt <= maxRetries; attempt++) try {
+		const response = await fetch(`${baseUrl}/identify/${requestId}`, {
+			method: "GET",
+			headers: { "x-api-key": apiKey },
+			signal: AbortSignal.timeout(KV_TIMEOUT_MS)
+		});
+		if (response.ok) {
+			const data = await response.json();
+			identificationCache.set(requestId, {
+				data,
+				timestamp: Date.now()
+			});
+			return data;
+		}
+		if (response.status === 404 && attempt < maxRetries) {
+			await new Promise((resolve) => setTimeout(resolve, retryDelays[attempt]));
+			continue;
+		}
+		if (response.status !== 404) identificationCache.set(requestId, {
+			data: null,
+			timestamp: Date.now()
+		});
+		return null;
+	} catch (error) {
+		if (attempt === maxRetries) {
+			logger.error("[Dash] Failed to fetch identification:", error);
+			return null;
+		}
+		await new Promise((resolve) => setTimeout(resolve, retryDelays[attempt] || 50));
+	}
+	return null;
+}
+/**
+* Extract identification headers from a request
+*/
+function extractIdentificationHeaders(request) {
+	if (!request) return {
+		visitorId: null,
+		requestId: null
+	};
+	return {
+		visitorId: request.headers.get("X-Visitor-Id"),
+		requestId: request.headers.get("X-Request-Id")
+	};
+}
+/**
+* Early middleware that loads identification data
+*/
+function createIdentificationMiddleware(options) {
+	return createAuthMiddleware(async (ctx) => {
+		const { visitorId, requestId: headerRequestId } = extractIdentificationHeaders(ctx.request);
+		const requestId = headerRequestId ?? ctx.getCookie("__infra-rid") ?? null;
+		ctx.context.visitorId = visitorId;
+		ctx.context.requestId = requestId;
+		if (requestId) ctx.context.identification = ctx.context.identification ?? await getIdentification(requestId, options.apiKey, options.kvUrl) ?? null;
+		else ctx.context.identification = null;
+		const ipConfig = ctx.context.options?.advanced?.ipAddress;
+		if (ipConfig?.disableIpTracking === true) {
+			ctx.context.location = void 0;
+			return;
+		}
+		const identification = ctx.context.identification;
+		if (requestId && identification) {
+			const loc = getLocation(identification);
+			ctx.context.location = {
+				ipAddress: identification.ip || void 0,
+				city: loc?.city || void 0,
+				country: loc?.country?.name || void 0,
+				countryCode: loc?.country?.code || void 0
+			};
+			return;
+		}
+		const ipAddress = getClientIpFromRequest(ctx.request, ipConfig?.ipAddressHeaders || null);
+		const countryCode = getCountryCodeFromRequest(ctx.request);
+		if (ipAddress || countryCode) {
+			ctx.context.location = {
+				ipAddress,
+				countryCode
+			};
+			return;
+		}
+		ctx.context.location = void 0;
+	});
+}
+/**
+* Get the visitor's location
+*/
+function getLocation(identification) {
+	if (!identification) return null;
+	return identification.location;
+}
+function getClientIpFromRequest(request, ipAddressHeaders) {
+	if (!request) return void 0;
+	const headers = ipAddressHeaders?.length ? ipAddressHeaders : [
+		"cf-connecting-ip",
+		"x-forwarded-for",
+		"x-real-ip",
+		"x-vercel-forwarded-for"
+	];
+	for (const headerName of headers) {
+		const value = request.headers.get(headerName);
+		if (!value) continue;
+		const ip = value.split(",")[0]?.trim();
+		if (ip) return ip;
+	}
+}
+function getCountryCodeFromRequest(request) {
+	if (!request) return void 0;
+	const cc = request.headers.get("cf-ipcountry") ?? request.headers.get("x-vercel-ip-country");
+	return cc ? cc.toUpperCase() : void 0;
+}
+//#endregion
 //#region src/validation/matchers.ts
 const paths = [
 	"/sign-up/email",
@@ -2602,7 +2746,7 @@ const jwtValidateMiddleware = (options) => createAuthMiddleware(async (ctx) => {
 });
 //#endregion
 //#region src/version.ts
-const PLUGIN_VERSION = "0.1.14";
+const PLUGIN_VERSION = "0.2.1";
 //#endregion
 //#region src/routes/auth/config.ts
 const PLUGIN_OPTIONS_EXCLUDE_KEYS = { stripe: new Set(["stripeClient"]) };
@@ -2655,7 +2799,7 @@ const getConfig = (options) => {
 					version: plugin.version,
 					options: sanitizePluginOptions(plugin.id, plugin.options)
 				};
-				if (plugin.id === "dash") return {
+				if (plugin.id === "dash" && !plugin.version) return {
 					...base,
 					version: PLUGIN_VERSION
 				};
@@ -4089,11 +4233,13 @@ const listOrganizations = (options) => {
 				field: "name",
 				value: searchTerm,
 				operator: "starts_with",
+				mode: "insensitive",
 				connector: "OR"
 			}, {
 				field: "slug",
 				value: searchTerm,
 				operator: "starts_with",
+				mode: "insensitive",
 				connector: "OR"
 			});
 		}
@@ -4109,7 +4255,7 @@ const listOrganizations = (options) => {
 		});
 		const needsInMemoryProcessing = sortBy === "members" || !!filterMembers;
 		const dbSortBy = sortBy === "members" ? "createdAt" : sortBy;
-		const fetchLimit = needsInMemoryProcessing ? 1500 : limit;
+		const fetchLimit = needsInMemoryProcessing ? 2500 : limit;
 		const fetchOffset = needsInMemoryProcessing ? 0 : offset;
 		const [organizations, initialTotal] = await Promise.all([ctx.context.adapter.findMany({
 			model: "organization",
@@ -5254,8 +5400,16 @@ function getSSOPlugin(ctx) {
 }
 //#endregion
 //#region src/routes/sso-validation.ts
-const DEPRECATED_SIGNATURE_ALGORITHMS = [SignatureAlgorithm.RSA_SHA1];
-const DEPRECATED_DIGEST_ALGORITHMS = [DigestAlgorithm.SHA1];
+/**
+* SAML metadata limits and algorithm URIs aligned with @better-auth/sso
+* (see packages/sso dist constants). Inlined so consumers (e.g. Metro) never
+* statically pull @better-auth/sso for validation-only code paths.
+*/
+const DEFAULT_MAX_SAML_METADATA_SIZE = 100 * 1024;
+const RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+const SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
+const DEPRECATED_SIGNATURE_ALGORITHMS = [RSA_SHA1];
+const DEPRECATED_DIGEST_ALGORITHMS = [SHA1];
 function validateSAMLMetadataSize(metadataXml, maxSize = DEFAULT_MAX_SAML_METADATA_SIZE) {
 	if (new TextEncoder().encode(metadataXml).byteLength > maxSize) throw new Error(`IdP metadata exceeds maximum allowed size (${Math.round(maxSize / 1024)}KB)`);
 }
@@ -5283,6 +5437,10 @@ function validateSAMLMetadataAlgorithms(metadataXml) {
 }
 //#endregion
 //#region src/routes/sso/index.ts
+let ssoRuntimeModule;
+function loadSsoRuntime() {
+	return ssoRuntimeModule ??= import("@better-auth/sso");
+}
 function requireOrganizationAccess(ctx) {
 	const orgIdFromUrl = tryDecode(ctx.params.id);
 	const orgIdFromToken = ctx.context.payload?.organizationId;
@@ -5355,6 +5513,7 @@ async function resolveSAMLConfig(samlConfig, providerId, baseURL, ctx) {
 		}] } : {},
 		...samlConfig.cert ? { cert: samlConfig.cert } : {}
 	};
+	const m = samlConfig.mapping;
 	return {
 		config: {
 			issuer: samlConfig.entityId ?? `${baseURL}/sso/saml2/sp/metadata?providerId=${providerId}`,
@@ -5363,7 +5522,15 @@ async function resolveSAMLConfig(samlConfig, providerId, baseURL, ctx) {
 			spMetadata: {},
 			entryPoint: samlConfig.entryPoint ?? "",
 			cert: samlConfig.cert ?? "",
-			...samlConfig.mapping ? { mapping: samlConfig.mapping } : {}
+			...m ? { mapping: {
+				id: m.id ?? "nameID",
+				email: m.email ?? "email",
+				name: m.name ?? "name",
+				emailVerified: m.emailVerified,
+				firstName: m.firstName,
+				lastName: m.lastName,
+				extraFields: m.extraFields
+			} } : {}
 		},
 		...metadataAlgorithmWarnings.length > 0 ? { warnings: metadataAlgorithmWarnings } : {}
 	};
@@ -5377,8 +5544,9 @@ async function resolveOIDCConfig(oidcConfig, domain, ctx) {
 	}
 	const issuerHint = oidcConfig.issuer || `https://${normalizedDomain}`;
 	const issuer = issuerHint.startsWith("http") ? issuerHint : `https://${issuerHint}`;
+	const sso = await loadSsoRuntime();
 	try {
-		const hydratedConfig = await discoverOIDCConfig({
+		const hydratedConfig = await sso.discoverOIDCConfig({
 			issuer,
 			discoveryEndpoint: oidcConfig.discoveryUrl,
 			isTrustedOrigin: (url) => {
@@ -5390,6 +5558,7 @@ async function resolveOIDCConfig(oidcConfig, domain, ctx) {
 				}
 			}
 		});
+		const om = oidcConfig.mapping;
 		return {
 			config: {
 				clientId: oidcConfig.clientId,
@@ -5402,12 +5571,19 @@ async function resolveOIDCConfig(oidcConfig, domain, ctx) {
 				userInfoEndpoint: hydratedConfig.userInfoEndpoint,
 				tokenEndpointAuthentication: hydratedConfig.tokenEndpointAuthentication,
 				pkce: true,
-				...oidcConfig.mapping ? { mapping: oidcConfig.mapping } : {}
+				...om ? { mapping: {
+					id: om.id ?? "sub",
+					email: om.email ?? "email",
+					name: om.name ?? "name",
+					emailVerified: om.emailVerified,
+					image: om.image,
+					extraFields: om.extraFields
+				} } : {}
 			},
 			issuer: hydratedConfig.issuer
 		};
 	} catch (e) {
-		if (e instanceof DiscoveryError) {
+		if (e instanceof sso.DiscoveryError) {
 			ctx.context.logger.error("[Dash] OIDC discovery failed:", e);
 			throw ctx.error("BAD_REQUEST", {
 				message: `OIDC discovery failed: ${e.message}`,
@@ -5494,6 +5670,8 @@ const createSsoProvider = (options) => {
 					...buildSessionContext(userId)
 				}
 			});
+			let verificationToken = null;
+			if ("domainVerificationToken" in result && typeof result.domainVerificationToken === "string") verificationToken = result.domainVerificationToken;
 			return {
 				success: true,
 				provider: {
@@ -5503,7 +5681,7 @@ const createSsoProvider = (options) => {
 				},
 				domainVerification: {
 					txtRecordName: `better-auth-token-${providerId}`,
-					verificationToken: result.domainVerificationToken ?? null
+					verificationToken
 				}
 			};
 		} catch (e) {
@@ -5604,7 +5782,9 @@ const requestSsoVerificationToken = (options) => {
 		requireOrganizationPlugin(ctx);
 		requireOrganizationAccess(ctx);
 		const ssoPlugin = getSSOPlugin(ctx);
-		if (!ssoPlugin?.endpoints?.requestDomainVerification || !ssoPlugin.options?.domainVerification?.enabled) throw ctx.error("BAD_REQUEST", { message: "SSO plugin with domain verification is not enabled or feature is not supported in your plugin version" });
+		if (!ssoPlugin || !ssoPlugin.options?.domainVerification?.enabled) throw ctx.error("BAD_REQUEST", { message: "SSO plugin with domain verification is not enabled or feature is not supported in your plugin version" });
+		const endpoints = ssoPlugin.endpoints;
+		if (typeof endpoints.requestDomainVerification !== "function") throw ctx.error("BAD_REQUEST", { message: "SSO plugin with domain verification is not enabled or feature is not supported in your plugin version" });
 		const organizationId = tryDecode(ctx.params.id);
 		const { providerId } = ctx.body;
 		const provider = await ctx.context.adapter.findOne({
@@ -5620,7 +5800,7 @@ const requestSsoVerificationToken = (options) => {
 		if (!provider) throw ctx.error("NOT_FOUND", { message: "SSO provider not found" });
 		const txtRecordName = `${ssoPlugin.options?.domainVerification?.tokenPrefix || "better-auth-token"}-${provider.providerId}`;
 		try {
-			const result = await ssoPlugin.endpoints.requestDomainVerification({
+			const result = await endpoints.requestDomainVerification({
 				body: { providerId },
 				context: {
 					...ctx.context,
@@ -5650,7 +5830,9 @@ const verifySsoProviderDomain = (options) => {
 		requireOrganizationPlugin(ctx);
 		requireOrganizationAccess(ctx);
 		const ssoPlugin = getSSOPlugin(ctx);
-		if (!ssoPlugin?.endpoints?.verifyDomain || !ssoPlugin.options?.domainVerification?.enabled) throw ctx.error("BAD_REQUEST", { message: "SSO plugin with domain verification is not enabled or feature is not supported in your plugin version" });
+		if (!ssoPlugin || !ssoPlugin.options?.domainVerification?.enabled) throw ctx.error("BAD_REQUEST", { message: "SSO plugin with domain verification is not enabled or feature is not supported in your plugin version" });
+		const dvEndpoints = ssoPlugin.endpoints;
+		if (typeof dvEndpoints.verifyDomain !== "function") throw ctx.error("BAD_REQUEST", { message: "SSO plugin with domain verification is not enabled or feature is not supported in your plugin version" });
 		const organizationId = tryDecode(ctx.params.id);
 		const { providerId } = ctx.body;
 		const provider = await ctx.context.adapter.findOne({
@@ -5665,7 +5847,7 @@ const verifySsoProviderDomain = (options) => {
 		});
 		if (!provider) throw ctx.error("NOT_FOUND", { message: "SSO provider not found" });
 		try {
-			await ssoPlugin.endpoints.verifyDomain({
+			await dvEndpoints.verifyDomain({
 				body: { providerId },
 				context: {
 					...ctx.context,
@@ -6443,7 +6625,7 @@ async function countUniqueActiveUsers(ctx, range, options) {
 					break;
 				}
 			}
-		}, { concurrency: 50 });
+		}, { concurrency: 10 });
 		return activeUserIds.size;
 	}
 	const sessions = await ctx.context.adapter.findMany({
@@ -6453,6 +6635,34 @@ async function countUniqueActiveUsers(ctx, range, options) {
 	});
 	return new Set(sessions.map((s) => s.userId)).size;
 }
+function optionalQuery(ctx, label, getCount) {
+	return async function runQuery() {
+		try {
+			return {
+				ok: true,
+				value: await getCount()
+			};
+		} catch (error) {
+			ctx.context.logger.warn(`[Dash] User stats query "${label}" failed`, error);
+			return {
+				ok: false,
+				value: null
+			};
+		}
+	};
+}
+function signUpPeriod(current, previous, calculatePercentage) {
+	return {
+		signUps: current.ok ? current.value : null,
+		percentage: current.ok && previous.ok ? calculatePercentage(current.value, previous.value) : null
+	};
+}
+function activePeriod(current, previous, calculatePercentage) {
+	return {
+		active: current.ok ? current.value : null,
+		percentage: current.ok && previous.ok ? calculatePercentage(current.value, previous.value) : null
+	};
+}
 const getUserStats = (options) => createAuthEndpoint("/dash/user-stats", {
 	method: "GET",
 	use: [jwtMiddleware(options)]
@@ -6466,16 +6676,16 @@ const getUserStats = (options) => createAuthEndpoint("/dash/user-stats", {
 	const twoMonthsAgo = /* @__PURE__ */ new Date(now.getTime() - 1440 * 60 * 60 * 1e3);
 	const activityTrackingEnabled = !!options.activityTracking?.enabled;
 	const storeInSecondaryStorageOnly = isSessionInSecondaryStorageOnly(ctx.context);
-	const [dailyCount, previousDailyCount, weeklyCount, previousWeeklyCount, monthlyCount, previousMonthlyCount, totalCount, dailyActiveCount, previousDailyActiveCount, weeklyActiveCount, previousWeeklyActiveCount, monthlyActiveCount, previousMonthlyActiveCount] = await Promise.all([
-		ctx.context.adapter.count({
+	const [rDailySignups, rPrevDaySignups, rWeeklySignups, rPrevWeekSignups, rMonthlySignups, rPrevMonthSignups, rTotalUsers, rActiveDaily, rActivePrevDay, rActiveWeekly, rActivePrevWeek, rActiveMonthly, rActivePrevMonth] = await withConcurrency([
+		optionalQuery(ctx, "daily signups", () => ctx.context.adapter.count({
 			model: "user",
 			where: [{
 				field: "createdAt",
 				operator: "gte",
 				value: oneDayAgo
 			}]
-		}),
-		ctx.context.adapter.count({
+		})),
+		optionalQuery(ctx, "previous day signups", () => ctx.context.adapter.count({
 			model: "user",
 			where: [{
 				field: "createdAt",
@@ -6486,16 +6696,16 @@ const getUserStats = (options) => createAuthEndpoint("/dash/user-stats", {
 				operator: "lt",
 				value: oneDayAgo
 			}]
-		}),
-		ctx.context.adapter.count({
+		})),
+		optionalQuery(ctx, "weekly signups", () => ctx.context.adapter.count({
 			model: "user",
 			where: [{
 				field: "createdAt",
 				operator: "gte",
 				value: oneWeekAgo
 			}]
-		}),
-		ctx.context.adapter.count({
+		})),
+		optionalQuery(ctx, "previous week signups", () => ctx.context.adapter.count({
 			model: "user",
 			where: [{
 				field: "createdAt",
@@ -6506,16 +6716,16 @@ const getUserStats = (options) => createAuthEndpoint("/dash/user-stats", {
 				operator: "lt",
 				value: oneWeekAgo
 			}]
-		}),
-		ctx.context.adapter.count({
+		})),
+		optionalQuery(ctx, "monthly signups", () => ctx.context.adapter.count({
 			model: "user",
 			where: [{
 				field: "createdAt",
 				operator: "gte",
 				value: oneMonthAgo
 			}]
-		}),
-		ctx.context.adapter.count({
+		})),
+		optionalQuery(ctx, "previous month signups", () => ctx.context.adapter.count({
 			model: "user",
 			where: [{
 				field: "createdAt",
@@ -6526,75 +6736,74 @@ const getUserStats = (options) => createAuthEndpoint("/dash/user-stats", {
 				operator: "lt",
 				value: oneMonthAgo
 			}]
-		}),
-		ctx.context.adapter.count({ model: "user" }),
-		countUniqueActiveUsers(ctx, { from: oneDayAgo }, {
+		})),
+		optionalQuery(ctx, "total users", () => ctx.context.adapter.count({ model: "user" })),
+		optionalQuery(ctx, "active users (daily window)", () => countUniqueActiveUsers(ctx, { from: oneDayAgo }, {
 			storeInSecondaryStorageOnly,
 			activityTrackingEnabled
-		}),
-		countUniqueActiveUsers(ctx, {
+		})),
+		optionalQuery(ctx, "active users (previous day window)", () => countUniqueActiveUsers(ctx, {
 			from: twoDaysAgo,
 			to: oneDayAgo
 		}, {
 			storeInSecondaryStorageOnly,
 			activityTrackingEnabled
-		}),
-		countUniqueActiveUsers(ctx, { from: oneWeekAgo }, {
+		})),
+		optionalQuery(ctx, "active users (weekly window)", () => countUniqueActiveUsers(ctx, { from: oneWeekAgo }, {
 			storeInSecondaryStorageOnly,
 			activityTrackingEnabled
-		}),
-		countUniqueActiveUsers(ctx, {
+		})),
+		optionalQuery(ctx, "active users (previous week window)", () => countUniqueActiveUsers(ctx, {
 			from: twoWeeksAgo,
 			to: oneWeekAgo
 		}, {
 			storeInSecondaryStorageOnly,
 			activityTrackingEnabled
-		}),
-		countUniqueActiveUsers(ctx, { from: oneMonthAgo }, {
+		})),
+		optionalQuery(ctx, "active users (monthly window)", () => countUniqueActiveUsers(ctx, { from: oneMonthAgo }, {
 			storeInSecondaryStorageOnly,
 			activityTrackingEnabled
-		}),
-		countUniqueActiveUsers(ctx, {
+		})),
+		optionalQuery(ctx, "active users (previous month window)", () => countUniqueActiveUsers(ctx, {
 			from: twoMonthsAgo,
 			to: oneMonthAgo
 		}, {
 			storeInSecondaryStorageOnly,
 			activityTrackingEnabled
-		})
-	]);
+		}))
+	], (fn) => fn(), { concurrency: 5 });
 	const calculatePercentage = (current, previous) => {
 		if (previous === 0) return current > 0 ? 100 : 0;
 		return (current - previous) / previous * 100;
 	};
-	return {
-		daily: {
-			signUps: dailyCount,
-			percentage: calculatePercentage(dailyCount, previousDailyCount)
-		},
-		weekly: {
-			signUps: weeklyCount,
-			percentage: calculatePercentage(weeklyCount, previousWeeklyCount)
-		},
-		monthly: {
-			signUps: monthlyCount,
-			percentage: calculatePercentage(monthlyCount, previousMonthlyCount)
-		},
-		total: totalCount,
+	const degraded = [
+		rDailySignups,
+		rPrevDaySignups,
+		rWeeklySignups,
+		rPrevWeekSignups,
+		rMonthlySignups,
+		rPrevMonthSignups,
+		rTotalUsers,
+		rActiveDaily,
+		rActivePrevDay,
+		rActiveWeekly,
+		rActivePrevWeek,
+		rActiveMonthly,
+		rActivePrevMonth
+	].some((r) => !r.ok);
+	const body = {
+		daily: signUpPeriod(rDailySignups, rPrevDaySignups, calculatePercentage),
+		weekly: signUpPeriod(rWeeklySignups, rPrevWeekSignups, calculatePercentage),
+		monthly: signUpPeriod(rMonthlySignups, rPrevMonthSignups, calculatePercentage),
+		total: rTotalUsers.ok ? rTotalUsers.value : null,
 		activeUsers: {
-			daily: {
-				active: dailyActiveCount,
-				percentage: calculatePercentage(dailyActiveCount, previousDailyActiveCount)
-			},
-			weekly: {
-				active: weeklyActiveCount,
-				percentage: calculatePercentage(weeklyActiveCount, previousWeeklyActiveCount)
-			},
-			monthly: {
-				active: monthlyActiveCount,
-				percentage: calculatePercentage(monthlyActiveCount, previousMonthlyActiveCount)
-			}
+			daily: activePeriod(rActiveDaily, rActivePrevDay, calculatePercentage),
+			weekly: activePeriod(rActiveWeekly, rActivePrevWeek, calculatePercentage),
+			monthly: activePeriod(rActiveMonthly, rActivePrevMonth, calculatePercentage)
 		}
 	};
+	if (degraded) body.degraded = true;
+	return body;
 });
 const getUserGraphData = (options) => createAuthEndpoint("/dash/user-graph-data", {
 	method: "GET",
@@ -7188,6 +7397,7 @@ const dash = (options) => {
 	return {
 		id: "dash",
 		options: opts,
+		version: PLUGIN_VERSION,
 		init(ctx) {
 			const organizationPlugin = ctx.getPlugin("organization");
 			if (organizationPlugin) {

package/dist/native.d.mts

@@ -0,0 +1,18 @@
+import { a as dashClient, i as DashGetAuditLogsInput, n as DashAuditLogsResponse, r as DashClientOptions, t as DashAuditLog } from "./dash-client-hJHp7l_X.mjs";
+import { BetterAuthClientPlugin } from "better-auth";
+
+//#region src/sentinel/native/client.d.ts
+interface SentinelNativeClientOptions {
+  identifyUrl?: string;
+  autoSolveChallenge?: boolean;
+  onChallengeReceived?: (reason: string) => void;
+  onChallengeSolved?: (solveTimeMs: number) => void;
+  onChallengeFailed?: (error: Error) => void;
+  storage?: {
+    getItem: (key: string) => Promise<string | null>;
+    setItem: (key: string, value: string) => Promise<void>;
+  };
+}
+declare const sentinelNativeClient: (options?: SentinelNativeClientOptions) => BetterAuthClientPlugin;
+//#endregion
+export { type DashAuditLog, type DashAuditLogsResponse, type DashClientOptions, type DashGetAuditLogsInput, type SentinelNativeClientOptions, dashClient, sentinelNativeClient };