@better-auth/sso 1.5.3 → 1.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.mjs +9 -1
  2. package/dist/index.mjs.map +1 -1
  3. package/package.json +6 -5
package/dist/index.mjs CHANGED
@@ -2,6 +2,7 @@ import { APIError, createAuthEndpoint, createAuthMiddleware, getSessionFromCtx,
2
2
  import { XMLParser, XMLValidator } from "fast-xml-parser";
3
3
  import saml from "samlify";
4
4
  import { X509Certificate } from "node:crypto";
5
+ import { getHostname } from "tldts";
5
6
  import { generateRandomString } from "better-auth/crypto";
6
7
  import * as z$1 from "zod/v4";
7
8
  import z from "zod/v4";
@@ -112,6 +113,9 @@ function parseCertificate(certPem) {
112
113
  publicKeyAlgorithm: cert.publicKey.asymmetricKeyType?.toUpperCase() || "UNKNOWN"
113
114
  };
114
115
  }
116
+ function getHostnameFromDomain(domain) {
117
+ return getHostname(domain) || null;
118
+ }
115
119
  function maskClientId(clientId) {
116
120
  if (clientId.length <= 4) return "****";
117
121
  return `****${clientId.slice(-4)}`;
@@ -354,8 +358,12 @@ const verifyDomain = (options) => {
354
358
  code: "DOMAIN_VERIFICATION_FAILED"
355
359
  });
356
360
  }
361
+ const hostname = getHostnameFromDomain(provider.domain);
362
+ if (!hostname) throw new APIError("BAD_REQUEST", {
363
+ message: "Invalid domain",
364
+ code: "INVALID_DOMAIN"
365
+ });
357
366
  try {
358
- const hostname = new URL(provider.domain).hostname;
359
367
  records = (await dns.resolveTxt(`${identifier}.${hostname}`)).flat();
360
368
  } catch (error) {
361
369
  ctx.context.logger.warn("DNS resolution failure while validating domain ownership", error);