@ccatto/react-auth 1.0.0 → 1.2.0

package/dist/{config-CvzbPvtw.d.cts → config-MuDc5UVc.d.cts}

@@ -9,6 +9,28 @@ interface CattoAuthSocialProvider {
     clientSecret: string;
     scope?: string[];
 }
+/** Phone-number + OTP auth config (Better Auth `phoneNumber` plugin). */
+interface CattoAuthPhoneConfig {
+    /** Master switch — when false/undefined the plugin is not registered. */
+    enabled?: boolean;
+    /**
+     * Deliver the OTP code via SMS. The app owns the transport (Telnyx, Twilio, etc.).
+     * Throw/reject to surface a send failure to the caller.
+     */
+    sendOtp: (args: {
+        phoneNumber: string;
+        code: string;
+    }) => Promise<void>;
+    /**
+     * Domain used to mint a synthetic email for phone-only users on first verify
+     * (Better Auth requires an email). Default: 'phone.catto.local'.
+     */
+    tempEmailDomain?: string;
+    /** Require phone verification before the number is trusted. Default: true. */
+    requireVerification?: boolean;
+    /** OTP lifetime in seconds. Default: Better Auth's default (300). */
+    otpExpiresInSeconds?: number;
+}
 /** Minimal database client interface — compatible with PrismaClient without version coupling */
 interface CattoAuthDatabaseClient {
     user: {
@@ -36,7 +58,14 @@ interface CattoAuthServerConfig {
         google?: CattoAuthSocialProvider;
         facebook?: CattoAuthSocialProvider;
         github?: CattoAuthSocialProvider;
+        apple?: CattoAuthSocialProvider;
     };
+    /**
+     * Phone-number + OTP authentication (Better Auth `phoneNumber` plugin).
+     * Optional — only enabled when `enabled` is true and a `sendOtp` transport
+     * is provided. The app owns the SMS transport (Telnyx, Twilio, etc.).
+     */
+    phoneAuth?: CattoAuthPhoneConfig;
     /** Session configuration */
     session?: {
         /** Session expiry in seconds (default: 69 days = 5961600) */
@@ -85,4 +114,4 @@ interface CattoSessionProviderConfig {
     enrichedSessionEndpoint?: string;
 }
 
-export type { CattoAuthClientConfig as C, CattoAuthDatabaseClient as a, CattoAuthServerConfig as b, CattoAuthSocialProvider as c, CattoSessionProviderConfig as d };
+export type { CattoAuthClientConfig as C, CattoAuthDatabaseClient as a, CattoAuthPhoneConfig as b, CattoAuthServerConfig as c, CattoAuthSocialProvider as d, CattoSessionProviderConfig as e };

package/dist/{config-CvzbPvtw.d.ts → config-MuDc5UVc.d.ts}

@@ -9,6 +9,28 @@ interface CattoAuthSocialProvider {
     clientSecret: string;
     scope?: string[];
 }
+/** Phone-number + OTP auth config (Better Auth `phoneNumber` plugin). */
+interface CattoAuthPhoneConfig {
+    /** Master switch — when false/undefined the plugin is not registered. */
+    enabled?: boolean;
+    /**
+     * Deliver the OTP code via SMS. The app owns the transport (Telnyx, Twilio, etc.).
+     * Throw/reject to surface a send failure to the caller.
+     */
+    sendOtp: (args: {
+        phoneNumber: string;
+        code: string;
+    }) => Promise<void>;
+    /**
+     * Domain used to mint a synthetic email for phone-only users on first verify
+     * (Better Auth requires an email). Default: 'phone.catto.local'.
+     */
+    tempEmailDomain?: string;
+    /** Require phone verification before the number is trusted. Default: true. */
+    requireVerification?: boolean;
+    /** OTP lifetime in seconds. Default: Better Auth's default (300). */
+    otpExpiresInSeconds?: number;
+}
 /** Minimal database client interface — compatible with PrismaClient without version coupling */
 interface CattoAuthDatabaseClient {
     user: {
@@ -36,7 +58,14 @@ interface CattoAuthServerConfig {
         google?: CattoAuthSocialProvider;
         facebook?: CattoAuthSocialProvider;
         github?: CattoAuthSocialProvider;
+        apple?: CattoAuthSocialProvider;
     };
+    /**
+     * Phone-number + OTP authentication (Better Auth `phoneNumber` plugin).
+     * Optional — only enabled when `enabled` is true and a `sendOtp` transport
+     * is provided. The app owns the SMS transport (Telnyx, Twilio, etc.).
+     */
+    phoneAuth?: CattoAuthPhoneConfig;
     /** Session configuration */
     session?: {
         /** Session expiry in seconds (default: 69 days = 5961600) */
@@ -85,4 +114,4 @@ interface CattoSessionProviderConfig {
     enrichedSessionEndpoint?: string;
 }
 
-export type { CattoAuthClientConfig as C, CattoAuthDatabaseClient as a, CattoAuthServerConfig as b, CattoAuthSocialProvider as c, CattoSessionProviderConfig as d };
+export type { CattoAuthClientConfig as C, CattoAuthDatabaseClient as a, CattoAuthPhoneConfig as b, CattoAuthServerConfig as c, CattoAuthSocialProvider as d, CattoSessionProviderConfig as e };

package/dist/index.d.cts

@@ -1,4 +1,4 @@
-export { C as CattoAuthClientConfig, a as CattoAuthDatabaseClient, b as CattoAuthServerConfig, c as CattoAuthSocialProvider, d as CattoSessionProviderConfig } from './config-CvzbPvtw.cjs';
+export { C as CattoAuthClientConfig, a as CattoAuthDatabaseClient, b as CattoAuthPhoneConfig, c as CattoAuthServerConfig, d as CattoAuthSocialProvider, e as CattoSessionProviderConfig } from './config-MuDc5UVc.cjs';
 
 /**
  * @ccatto/react-auth - Session Types
@@ -13,8 +13,13 @@ interface EnrichedUser {
     /** Custom fields added by enrichSession hook */
     playerID?: number;
     role: string;
-    organizationId: string | null;
-    organizations: Array<{
+    /**
+     * Optional multi-tenant fields. Apps that don't model organizations can omit
+     * them entirely; legacy callers that always set them (incl. to null / [])
+     * still typecheck.
+     */
+    organizationId?: string | null;
+    organizations?: Array<{
         id: string;
         name: string;
         slug: string;
@@ -42,8 +47,9 @@ interface CompatSessionUser {
     image: string | null;
     playerID?: number;
     role: string;
-    organizationId: string | null;
-    organizations: Array<{
+    /** See `EnrichedUser.organizationId` — optional multi-tenant field. */
+    organizationId?: string | null;
+    organizations?: Array<{
         id: string;
         name: string;
         slug: string;

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { C as CattoAuthClientConfig, a as CattoAuthDatabaseClient, b as CattoAuthServerConfig, c as CattoAuthSocialProvider, d as CattoSessionProviderConfig } from './config-CvzbPvtw.js';
+export { C as CattoAuthClientConfig, a as CattoAuthDatabaseClient, b as CattoAuthPhoneConfig, c as CattoAuthServerConfig, d as CattoAuthSocialProvider, e as CattoSessionProviderConfig } from './config-MuDc5UVc.js';
 
 /**
  * @ccatto/react-auth - Session Types
@@ -13,8 +13,13 @@ interface EnrichedUser {
     /** Custom fields added by enrichSession hook */
     playerID?: number;
     role: string;
-    organizationId: string | null;
-    organizations: Array<{
+    /**
+     * Optional multi-tenant fields. Apps that don't model organizations can omit
+     * them entirely; legacy callers that always set them (incl. to null / [])
+     * still typecheck.
+     */
+    organizationId?: string | null;
+    organizations?: Array<{
         id: string;
         name: string;
         slug: string;
@@ -42,8 +47,9 @@ interface CompatSessionUser {
     image: string | null;
     playerID?: number;
     role: string;
-    organizationId: string | null;
-    organizations: Array<{
+    /** See `EnrichedUser.organizationId` — optional multi-tenant field. */
+    organizationId?: string | null;
+    organizations?: Array<{
         id: string;
         name: string;
         slug: string;

package/dist/server.cjs

@@ -4,6 +4,7 @@ var betterAuth = require('better-auth');
 var prisma = require('better-auth/adapters/prisma');
 var api = require('better-auth/api');
 var nextJs = require('better-auth/next-js');
+var plugins = require('better-auth/plugins');
 
 // src/server/create-auth.ts
 var DEFAULT_TOKEN_EXPIRY_SECONDS = 69 * 24 * 60 * 60;
@@ -16,6 +17,9 @@ function createCattoAuth(config) {
   if (config.socialProviders?.github) {
     socialProviders.github = config.socialProviders.github;
   }
+  if (config.socialProviders?.apple) {
+    socialProviders.apple = config.socialProviders.apple;
+  }
   if (config.socialProviders?.facebook) {
     socialProviders.facebook = {
       ...config.socialProviders.facebook,
@@ -25,6 +29,27 @@ function createCattoAuth(config) {
       ]
     };
   }
+  const plugins$1 = [];
+  const phoneCfg = config.phoneAuth;
+  if (phoneCfg?.enabled && phoneCfg.sendOtp) {
+    const tempEmailDomain = phoneCfg.tempEmailDomain ?? "phone.catto.local";
+    plugins$1.push(
+      plugins.phoneNumber({
+        sendOTP: async ({ phoneNumber: toNumber, code }) => {
+          await phoneCfg.sendOtp({ phoneNumber: toNumber, code });
+        },
+        requireVerification: phoneCfg.requireVerification ?? true,
+        ...phoneCfg.otpExpiresInSeconds ? { expiresIn: phoneCfg.otpExpiresInSeconds } : {},
+        signUpOnVerification: {
+          getTempEmail: (toNumber) => `${toNumber}@${tempEmailDomain}`,
+          // Use the phone number as the initial display name; the app can
+          // prompt for a real name post-verify.
+          getTempName: (toNumber) => toNumber
+        }
+      })
+    );
+  }
+  plugins$1.push(nextJs.nextCookies());
   const auth = betterAuth.betterAuth({
     // Database
     // Cast needed: prismaAdapter expects PrismaClient but we use a minimal interface for package portability
@@ -76,8 +101,8 @@ function createCattoAuth(config) {
         enabled: false
       }
     },
-    // Plugins
-    plugins: [nextJs.nextCookies()],
+    // Plugins (phoneNumber when configured, then nextCookies last)
+    plugins: plugins$1,
     // Hooks
     hooks: {
       // Before hooks: email normalization

package/dist/server.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/server/create-auth.ts"],"names":["betterAuth","prismaAdapter","nextCookies","createAuthMiddleware"],"mappings":";;;;;;;;AAoCA,IAAM,4BAAA,GAA+B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA;AAa7C,SAAS,gBACd,MAAA,EACuB;AACvB,EAAA,MAAM,SAAA,GACJ,MAAA,CAAO,OAAA,EAAS,gBAAA,IAAoB,4BAAA;AAGtC,EAAA,MAAM,kBAGF,EAAC;AACL,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,QAAA,EAAU;AACpC,IAAA,eAAA,CAAgB,QAAA,GAAW;AAAA,MACzB,GAAG,OAAO,eAAA,CAAgB,QAAA;AAAA,MAC1B,KAAA,EAAO,MAAA,CAAO,eAAA,CAAgB,QAAA,CAAS,KAAA,IAAS;AAAA,QAC9C,OAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAOA,qBAAA,CAAW;AAAA;AAAA;AAAA,IAGtB,QAAA,EAAUC,oBAAA;AAAA,MACR,MAAA,CAAO,QAAA;AAAA,MACP;AAAA,QACE,UAAU,MAAA,CAAO;AAAA;AACnB,KACF;AAAA;AAAA,IAGA,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAS,MAAA,CAAO,OAAA;AAAA;AAAA,IAGhB,gBAAA,EAAkB;AAAA,MAChB,OAAA,EAAS,MAAA,CAAO,gBAAA,EAAkB,OAAA,IAAW,IAAA;AAAA,MAC7C,wBAAA,EACE,MAAA,CAAO,gBAAA,EAAkB,wBAAA,IAA4B;AAAA,KACzD;AAAA;AAAA,IAGA,eAAA;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,SAAA;AAAA,MACA,WAAA,EAAa;AAAA,QACX,OAAA,EAAS,IAAA;AAAA,QACT,MAAA,EAAQ;AAAA;AACV,KACF;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB;AAAA,QACd,OAAA,EAAS,IAAA;AAAA,QACT,gBAAA,EAAkB,MAAA,CAAO,IAAA,CAAK,eAAe;AAAA;AAC/C,KACF;AAAA;AAAA,IAGA,IAAA,EAAM;AAAA,MACJ,gBAAA,EAAkB;AAAA,QAChB,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,QAAA;AAAA,UACN,QAAA,EAAU,KAAA;AAAA,UACV,YAAA,EAAc;AAAA;AAChB;AACF,KACF;AAAA;AAAA,IAGA,QAAA,EAAU;AAAA,MACR,kBACE,MAAA,CAAO,QAAA,EAAU,gBAAA,IACjB,OAAA,CAAQ,IAAI,QAAA,KAAa,YAAA;AAAA,MAC3B,qBAAA,EAAuB;AAAA,QACrB,OAAA,EAAS;AAAA;AACX,KACF;AAAA;AAAA,IAGA,OAAA,EAAS,CAACC,kBAAA,EAAa,CAAA;AAAA;AAAA,IAGvB,KAAA,EAAO;AAAA;AAAA,MAEL,MAAA,EAAQC,wBAAA,CAAqB,OAAO,GAAA,KAAQ;AAC1C,QAAA,IAAI,GAAA,CAAI,SAAS,gBAAA,EAAkB;AACjC,UAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,UAAA,IAAI,IAAA,EAAM,KAAA,IAAS,OAAO,IAAA,CAAK,UAAU,QAAA,EAAU;AACjD,YAAC,GAAA,CAAI,IAAA,CAA2B,KAAA,GAAQ,IAAA,CAAK,MAAM,WAAA,EAAY;AAAA,UACjE;AAAA,QACF;AAAA,MACF,CAAC,CAAA;AAAA;AAAA,MAGD,KAAA,EAAOA,wBAAA,CAAqB,OAAO,GAAA,KAAQ;AACzC,QAAA,IACE,GAAA,CAAI,KAAK,UAAA,CAAW,UAAU,KAC9B,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,EAC9B;AACA,UAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,UAAA;AAC/B,UAAA,IAAI,YAAY,IAAA,EAAM;AACpB,YAAA,MAAM,OAAO,UAAA,CAAW,IAAA;AAGxB,YAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,KAAA,EAAO,WAAA,EAAY;AAChD,YAAA,IAAI,eAAA,IAAmB,IAAA,CAAK,KAAA,KAAU,eAAA,EAAiB;AACrD,cAAA,IAAI;AACF,gBAAA,MAAM,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,MAAA,CAAO;AAAA,kBAChC,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,kBACrB,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA;AAAgB,iBAChC,CAAA;AAAA,cACH,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,IAAA;AAAA,kBACb,wCAAA;AAAA,kBACA;AAAA,oBACE,QAAQ,IAAA,CAAK,EAAA;AAAA,oBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA;AACxB,iBACF;AAAA,cACF;AAAA,YACF;AAGA,YAAA,IAAI,MAAA,CAAO,OAAO,aAAA,EAAe;AAC/B,cAAA,IAAI;AACF,gBAAA,MAAM,OAAO,KAAA,CAAM,aAAA;AAAA,kBACjB;AAAA,oBACE,IAAI,IAAA,CAAK,EAAA;AAAA,oBACT,KAAA,EAAO,mBAAmB,IAAA,CAAK,KAAA;AAAA,oBAC/B,MAAM,IAAA,CAAK;AAAA,mBACb;AAAA,kBACA,MAAA,CAAO;AAAA,iBACT;AAAA,cACF,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,OAAO,uCAAA,EAAyC;AAAA,kBAC7D,QAAQ,IAAA,CAAK,EAAA;AAAA,kBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA,iBACvB,CAAA;AAAA,cACH;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAC;AAAA;AACH,GACD,CAAA;AAGD,EAAA,eAAe,mBAAmB,OAAA,EAAuC;AACvE,IAAA,IAAI;AACF,MAAA,MAAM,cAAc,MAAM,IAAA,CAAK,IAAI,UAAA,CAAW,EAAE,SAAS,CAAA;AACzD,MAAA,IAAI,CAAC,WAAA,EAAa,IAAA,EAAM,OAAO,IAAA;AAE/B,MAAA,MAAM,MAAA,GAAS,YAAY,IAAA,CAAK,EAAA;AAGhC,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,EAAO,aAAA,GAC7B,MAAM,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,CAAO,QAAQ,CAAA,GACxD,EAAC;AAEL,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,EAAA,EAAI,YAAY,IAAA,CAAK,EAAA;AAAA,UACrB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,IAAA,EAAM,YAAY,IAAA,CAAK,IAAA;AAAA,UACvB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,GAAG;AAAA,SACL;AAAA,QACA,SAAS,WAAA,CAAY;AAAA,OACvB;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,MAAM,kBAAA,EAAmB;AACpC","file":"server.cjs","sourcesContent":["/**\n * @ccatto/react-auth/server - createCattoAuth Factory\n *\n * Creates a configured Better Auth instance with sensible defaults,\n * automatic email normalization, and pluggable hooks for\n * session enrichment and user lifecycle events.\n *\n * @example\n * ```typescript\n * import { createCattoAuth } from '@ccatto/react-auth/server';\n * import { prisma } from '@myapp/database';\n *\n * export const { auth, getEnrichedSession } = createCattoAuth({\n *   database: prisma,\n *   databaseProvider: 'postgresql',\n *   secret: process.env.BETTER_AUTH_SECRET!,\n *   baseURL: process.env.BETTER_AUTH_URL!,\n *   hooks: {\n *     enrichSession: async (userId, db) => {\n *       // Return custom fields to merge into session.user\n *       return { role: 'admin', customField: 'value' };\n *     },\n *   },\n * });\n * ```\n */\nimport { betterAuth } from 'better-auth';\nimport { prismaAdapter } from 'better-auth/adapters/prisma';\nimport { createAuthMiddleware } from 'better-auth/api';\nimport { nextCookies } from 'better-auth/next-js';\nimport type {\n  CattoAuthServerConfig,\n  CattoAuthSocialProvider,\n} from '../types/config';\n\n// Default: 69 days (matches common long-lived session configs)\nconst DEFAULT_TOKEN_EXPIRY_SECONDS = 69 * 24 * 60 * 60;\n\nexport interface CreateCattoAuthResult {\n  /** The Better Auth instance (use for API routes) */\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  auth: any;\n  /**\n   * Get enriched session with custom fields from hooks.enrichSession.\n   * Call this instead of auth.api.getSession for full session data.\n   */\n  getEnrichedSession: (headers: Headers) => Promise<any | null>;\n}\n\nexport function createCattoAuth(\n  config: CattoAuthServerConfig,\n): CreateCattoAuthResult {\n  const expiresIn =\n    config.session?.expiresInSeconds ?? DEFAULT_TOKEN_EXPIRY_SECONDS;\n\n  // Build social providers config\n  const socialProviders: Record<\n    string,\n    CattoAuthSocialProvider & { scope?: string[] }\n  > = {};\n  if (config.socialProviders?.google) {\n    socialProviders.google = config.socialProviders.google;\n  }\n  if (config.socialProviders?.github) {\n    socialProviders.github = config.socialProviders.github;\n  }\n  if (config.socialProviders?.facebook) {\n    socialProviders.facebook = {\n      ...config.socialProviders.facebook,\n      scope: config.socialProviders.facebook.scope ?? [\n        'email',\n        'public_profile',\n      ],\n    };\n  }\n\n  const auth = betterAuth({\n    // Database\n    // Cast needed: prismaAdapter expects PrismaClient but we use a minimal interface for package portability\n    database: prismaAdapter(\n      config.database as Parameters<typeof prismaAdapter>[0],\n      {\n        provider: config.databaseProvider,\n      },\n    ),\n\n    // Secret & URL\n    secret: config.secret,\n    baseURL: config.baseURL,\n\n    // Email/password\n    emailAndPassword: {\n      enabled: config.emailAndPassword?.enabled ?? true,\n      requireEmailVerification:\n        config.emailAndPassword?.requireEmailVerification ?? false,\n    },\n\n    // Social providers\n    socialProviders,\n\n    // Session\n    session: {\n      expiresIn,\n      cookieCache: {\n        enabled: true,\n        maxAge: expiresIn,\n      },\n    },\n\n    // Account linking\n    account: {\n      accountLinking: {\n        enabled: true,\n        trustedProviders: Object.keys(socialProviders),\n      },\n    },\n\n    // User fields\n    user: {\n      additionalFields: {\n        role: {\n          type: 'string' as const,\n          required: false,\n          defaultValue: 'user',\n        },\n      },\n    },\n\n    // Advanced\n    advanced: {\n      useSecureCookies:\n        config.advanced?.useSecureCookies ??\n        process.env.NODE_ENV === 'production',\n      crossSubDomainCookies: {\n        enabled: false,\n      },\n    },\n\n    // Plugins\n    plugins: [nextCookies()],\n\n    // Hooks\n    hooks: {\n      // Before hooks: email normalization\n      before: createAuthMiddleware(async (ctx) => {\n        if (ctx.path === '/sign-up/email') {\n          const body = ctx.body as { email?: string } | undefined;\n          if (body?.email && typeof body.email === 'string') {\n            (ctx.body as { email: string }).email = body.email.toLowerCase();\n          }\n        }\n      }),\n\n      // After hooks: user lifecycle events\n      after: createAuthMiddleware(async (ctx) => {\n        if (\n          ctx.path.startsWith('/sign-in') ||\n          ctx.path.startsWith('/sign-up')\n        ) {\n          const newSession = ctx.context.newSession;\n          if (newSession?.user) {\n            const user = newSession.user;\n\n            // Normalize email in database if needed\n            const normalizedEmail = user.email?.toLowerCase();\n            if (normalizedEmail && user.email !== normalizedEmail) {\n              try {\n                await config.database.user.update({\n                  where: { id: user.id },\n                  data: { email: normalizedEmail },\n                });\n              } catch (hookError) {\n                config.logger?.warn?.(\n                  '[CattoAuth] Email normalization failed',\n                  {\n                    userId: user.id,\n                    error:\n                      hookError instanceof Error\n                        ? hookError.message\n                        : String(hookError),\n                  },\n                );\n              }\n            }\n\n            // Call onUserCreated hook\n            if (config.hooks?.onUserCreated) {\n              try {\n                await config.hooks.onUserCreated(\n                  {\n                    id: user.id,\n                    email: normalizedEmail || user.email,\n                    name: user.name,\n                  },\n                  config.database,\n                );\n              } catch (hookError) {\n                config.logger?.warn?.('[CattoAuth] onUserCreated hook failed', {\n                  userId: user.id,\n                  error:\n                    hookError instanceof Error\n                      ? hookError.message\n                      : String(hookError),\n                });\n              }\n            }\n          }\n        }\n      }),\n    },\n  });\n\n  // Enriched session factory\n  async function getEnrichedSession(headers: Headers): Promise<any | null> {\n    try {\n      const baseSession = await auth.api.getSession({ headers });\n      if (!baseSession?.user) return null;\n\n      const userId = baseSession.user.id;\n\n      // Call enrichSession hook if provided\n      const enrichment = config.hooks?.enrichSession\n        ? await config.hooks.enrichSession(userId, config.database)\n        : {};\n\n      return {\n        user: {\n          id: baseSession.user.id,\n          email: baseSession.user.email,\n          name: baseSession.user.name,\n          image: baseSession.user.image,\n          ...enrichment,\n        },\n        session: baseSession.session,\n      };\n    } catch {\n      return null;\n    }\n  }\n\n  return { auth, getEnrichedSession };\n}\n"]}
+{"version":3,"sources":["../src/server/create-auth.ts"],"names":["plugins","phoneNumber","nextCookies","betterAuth","prismaAdapter","createAuthMiddleware"],"mappings":";;;;;;;;;AAqCA,IAAM,4BAAA,GAA+B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA;AAa7C,SAAS,gBACd,MAAA,EACuB;AACvB,EAAA,MAAM,SAAA,GACJ,MAAA,CAAO,OAAA,EAAS,gBAAA,IAAoB,4BAAA;AAGtC,EAAA,MAAM,kBAGF,EAAC;AACL,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,KAAA,EAAO;AACjC,IAAA,eAAA,CAAgB,KAAA,GAAQ,OAAO,eAAA,CAAgB,KAAA;AAAA,EACjD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,QAAA,EAAU;AACpC,IAAA,eAAA,CAAgB,QAAA,GAAW;AAAA,MACzB,GAAG,OAAO,eAAA,CAAgB,QAAA;AAAA,MAC1B,KAAA,EAAO,MAAA,CAAO,eAAA,CAAgB,QAAA,CAAS,KAAA,IAAS;AAAA,QAC9C,OAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAKA,EAAA,MAAMA,YAAiB,EAAC;AACxB,EAAA,MAAM,WAAW,MAAA,CAAO,SAAA;AACxB,EAAA,IAAI,QAAA,EAAU,OAAA,IAAW,QAAA,CAAS,OAAA,EAAS;AACzC,IAAA,MAAM,eAAA,GAAkB,SAAS,eAAA,IAAmB,mBAAA;AACpD,IAAAA,SAAA,CAAQ,IAAA;AAAA,MACNC,mBAAA,CAAY;AAAA,QACV,SAAS,OAAO,EAAE,WAAA,EAAa,QAAA,EAAU,MAAK,KAAM;AAClD,UAAA,MAAM,SAAS,OAAA,CAAQ,EAAE,WAAA,EAAa,QAAA,EAAU,MAAM,CAAA;AAAA,QACxD,CAAA;AAAA,QACA,mBAAA,EAAqB,SAAS,mBAAA,IAAuB,IAAA;AAAA,QACrD,GAAI,SAAS,mBAAA,GACT,EAAE,WAAW,QAAA,CAAS,mBAAA,KACtB,EAAC;AAAA,QACL,oBAAA,EAAsB;AAAA,UACpB,cAAc,CAAC,QAAA,KAAqB,CAAA,EAAG,QAAQ,IAAI,eAAe,CAAA,CAAA;AAAA;AAAA;AAAA,UAGlE,WAAA,EAAa,CAAC,QAAA,KAAqB;AAAA;AACrC,OACD;AAAA,KACH;AAAA,EACF;AACA,EAAAD,SAAA,CAAQ,IAAA,CAAKE,oBAAa,CAAA;AAE1B,EAAA,MAAM,OAAOC,qBAAA,CAAW;AAAA;AAAA;AAAA,IAGtB,QAAA,EAAUC,oBAAA;AAAA,MACR,MAAA,CAAO,QAAA;AAAA,MACP;AAAA,QACE,UAAU,MAAA,CAAO;AAAA;AACnB,KACF;AAAA;AAAA,IAGA,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAS,MAAA,CAAO,OAAA;AAAA;AAAA,IAGhB,gBAAA,EAAkB;AAAA,MAChB,OAAA,EAAS,MAAA,CAAO,gBAAA,EAAkB,OAAA,IAAW,IAAA;AAAA,MAC7C,wBAAA,EACE,MAAA,CAAO,gBAAA,EAAkB,wBAAA,IAA4B;AAAA,KACzD;AAAA;AAAA,IAGA,eAAA;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,SAAA;AAAA,MACA,WAAA,EAAa;AAAA,QACX,OAAA,EAAS,IAAA;AAAA,QACT,MAAA,EAAQ;AAAA;AACV,KACF;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB;AAAA,QACd,OAAA,EAAS,IAAA;AAAA,QACT,gBAAA,EAAkB,MAAA,CAAO,IAAA,CAAK,eAAe;AAAA;AAC/C,KACF;AAAA;AAAA,IAGA,IAAA,EAAM;AAAA,MACJ,gBAAA,EAAkB;AAAA,QAChB,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,QAAA;AAAA,UACN,QAAA,EAAU,KAAA;AAAA,UACV,YAAA,EAAc;AAAA;AAChB;AACF,KACF;AAAA;AAAA,IAGA,QAAA,EAAU;AAAA,MACR,kBACE,MAAA,CAAO,QAAA,EAAU,gBAAA,IACjB,OAAA,CAAQ,IAAI,QAAA,KAAa,YAAA;AAAA,MAC3B,qBAAA,EAAuB;AAAA,QACrB,OAAA,EAAS;AAAA;AACX,KACF;AAAA;AAAA,aAGAJ,SAAA;AAAA;AAAA,IAGA,KAAA,EAAO;AAAA;AAAA,MAEL,MAAA,EAAQK,wBAAA,CAAqB,OAAO,GAAA,KAAQ;AAC1C,QAAA,IAAI,GAAA,CAAI,SAAS,gBAAA,EAAkB;AACjC,UAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,UAAA,IAAI,IAAA,EAAM,KAAA,IAAS,OAAO,IAAA,CAAK,UAAU,QAAA,EAAU;AACjD,YAAC,GAAA,CAAI,IAAA,CAA2B,KAAA,GAAQ,IAAA,CAAK,MAAM,WAAA,EAAY;AAAA,UACjE;AAAA,QACF;AAAA,MACF,CAAC,CAAA;AAAA;AAAA,MAGD,KAAA,EAAOA,wBAAA,CAAqB,OAAO,GAAA,KAAQ;AACzC,QAAA,IACE,GAAA,CAAI,KAAK,UAAA,CAAW,UAAU,KAC9B,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,EAC9B;AACA,UAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,UAAA;AAC/B,UAAA,IAAI,YAAY,IAAA,EAAM;AACpB,YAAA,MAAM,OAAO,UAAA,CAAW,IAAA;AAGxB,YAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,KAAA,EAAO,WAAA,EAAY;AAChD,YAAA,IAAI,eAAA,IAAmB,IAAA,CAAK,KAAA,KAAU,eAAA,EAAiB;AACrD,cAAA,IAAI;AACF,gBAAA,MAAM,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,MAAA,CAAO;AAAA,kBAChC,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,kBACrB,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA;AAAgB,iBAChC,CAAA;AAAA,cACH,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,IAAA;AAAA,kBACb,wCAAA;AAAA,kBACA;AAAA,oBACE,QAAQ,IAAA,CAAK,EAAA;AAAA,oBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA;AACxB,iBACF;AAAA,cACF;AAAA,YACF;AAGA,YAAA,IAAI,MAAA,CAAO,OAAO,aAAA,EAAe;AAC/B,cAAA,IAAI;AACF,gBAAA,MAAM,OAAO,KAAA,CAAM,aAAA;AAAA,kBACjB;AAAA,oBACE,IAAI,IAAA,CAAK,EAAA;AAAA,oBACT,KAAA,EAAO,mBAAmB,IAAA,CAAK,KAAA;AAAA,oBAC/B,MAAM,IAAA,CAAK;AAAA,mBACb;AAAA,kBACA,MAAA,CAAO;AAAA,iBACT;AAAA,cACF,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,OAAO,uCAAA,EAAyC;AAAA,kBAC7D,QAAQ,IAAA,CAAK,EAAA;AAAA,kBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA,iBACvB,CAAA;AAAA,cACH;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAC;AAAA;AACH,GACD,CAAA;AAGD,EAAA,eAAe,mBAAmB,OAAA,EAAuC;AACvE,IAAA,IAAI;AACF,MAAA,MAAM,cAAc,MAAM,IAAA,CAAK,IAAI,UAAA,CAAW,EAAE,SAAS,CAAA;AACzD,MAAA,IAAI,CAAC,WAAA,EAAa,IAAA,EAAM,OAAO,IAAA;AAE/B,MAAA,MAAM,MAAA,GAAS,YAAY,IAAA,CAAK,EAAA;AAGhC,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,EAAO,aAAA,GAC7B,MAAM,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,CAAO,QAAQ,CAAA,GACxD,EAAC;AAEL,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,EAAA,EAAI,YAAY,IAAA,CAAK,EAAA;AAAA,UACrB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,IAAA,EAAM,YAAY,IAAA,CAAK,IAAA;AAAA,UACvB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,GAAG;AAAA,SACL;AAAA,QACA,SAAS,WAAA,CAAY;AAAA,OACvB;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,MAAM,kBAAA,EAAmB;AACpC","file":"server.cjs","sourcesContent":["/**\n * @ccatto/react-auth/server - createCattoAuth Factory\n *\n * Creates a configured Better Auth instance with sensible defaults,\n * automatic email normalization, and pluggable hooks for\n * session enrichment and user lifecycle events.\n *\n * @example\n * ```typescript\n * import { createCattoAuth } from '@ccatto/react-auth/server';\n * import { prisma } from '@myapp/database';\n *\n * export const { auth, getEnrichedSession } = createCattoAuth({\n *   database: prisma,\n *   databaseProvider: 'postgresql',\n *   secret: process.env.BETTER_AUTH_SECRET!,\n *   baseURL: process.env.BETTER_AUTH_URL!,\n *   hooks: {\n *     enrichSession: async (userId, db) => {\n *       // Return custom fields to merge into session.user\n *       return { role: 'admin', customField: 'value' };\n *     },\n *   },\n * });\n * ```\n */\nimport { betterAuth } from 'better-auth';\nimport { prismaAdapter } from 'better-auth/adapters/prisma';\nimport { createAuthMiddleware } from 'better-auth/api';\nimport { nextCookies } from 'better-auth/next-js';\nimport { phoneNumber } from 'better-auth/plugins';\nimport type {\n  CattoAuthServerConfig,\n  CattoAuthSocialProvider,\n} from '../types/config';\n\n// Default: 69 days (matches common long-lived session configs)\nconst DEFAULT_TOKEN_EXPIRY_SECONDS = 69 * 24 * 60 * 60;\n\nexport interface CreateCattoAuthResult {\n  /** The Better Auth instance (use for API routes) */\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  auth: any;\n  /**\n   * Get enriched session with custom fields from hooks.enrichSession.\n   * Call this instead of auth.api.getSession for full session data.\n   */\n  getEnrichedSession: (headers: Headers) => Promise<any | null>;\n}\n\nexport function createCattoAuth(\n  config: CattoAuthServerConfig,\n): CreateCattoAuthResult {\n  const expiresIn =\n    config.session?.expiresInSeconds ?? DEFAULT_TOKEN_EXPIRY_SECONDS;\n\n  // Build social providers config\n  const socialProviders: Record<\n    string,\n    CattoAuthSocialProvider & { scope?: string[] }\n  > = {};\n  if (config.socialProviders?.google) {\n    socialProviders.google = config.socialProviders.google;\n  }\n  if (config.socialProviders?.github) {\n    socialProviders.github = config.socialProviders.github;\n  }\n  if (config.socialProviders?.apple) {\n    socialProviders.apple = config.socialProviders.apple;\n  }\n  if (config.socialProviders?.facebook) {\n    socialProviders.facebook = {\n      ...config.socialProviders.facebook,\n      scope: config.socialProviders.facebook.scope ?? [\n        'email',\n        'public_profile',\n      ],\n    };\n  }\n\n  // Build plugins list. nextCookies() must stay last so Set-Cookie headers\n  // from any preceding plugin/route are forwarded in Next.js server actions.\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const plugins: any[] = [];\n  const phoneCfg = config.phoneAuth;\n  if (phoneCfg?.enabled && phoneCfg.sendOtp) {\n    const tempEmailDomain = phoneCfg.tempEmailDomain ?? 'phone.catto.local';\n    plugins.push(\n      phoneNumber({\n        sendOTP: async ({ phoneNumber: toNumber, code }) => {\n          await phoneCfg.sendOtp({ phoneNumber: toNumber, code });\n        },\n        requireVerification: phoneCfg.requireVerification ?? true,\n        ...(phoneCfg.otpExpiresInSeconds\n          ? { expiresIn: phoneCfg.otpExpiresInSeconds }\n          : {}),\n        signUpOnVerification: {\n          getTempEmail: (toNumber: string) => `${toNumber}@${tempEmailDomain}`,\n          // Use the phone number as the initial display name; the app can\n          // prompt for a real name post-verify.\n          getTempName: (toNumber: string) => toNumber,\n        },\n      }),\n    );\n  }\n  plugins.push(nextCookies());\n\n  const auth = betterAuth({\n    // Database\n    // Cast needed: prismaAdapter expects PrismaClient but we use a minimal interface for package portability\n    database: prismaAdapter(\n      config.database as Parameters<typeof prismaAdapter>[0],\n      {\n        provider: config.databaseProvider,\n      },\n    ),\n\n    // Secret & URL\n    secret: config.secret,\n    baseURL: config.baseURL,\n\n    // Email/password\n    emailAndPassword: {\n      enabled: config.emailAndPassword?.enabled ?? true,\n      requireEmailVerification:\n        config.emailAndPassword?.requireEmailVerification ?? false,\n    },\n\n    // Social providers\n    socialProviders,\n\n    // Session\n    session: {\n      expiresIn,\n      cookieCache: {\n        enabled: true,\n        maxAge: expiresIn,\n      },\n    },\n\n    // Account linking\n    account: {\n      accountLinking: {\n        enabled: true,\n        trustedProviders: Object.keys(socialProviders),\n      },\n    },\n\n    // User fields\n    user: {\n      additionalFields: {\n        role: {\n          type: 'string' as const,\n          required: false,\n          defaultValue: 'user',\n        },\n      },\n    },\n\n    // Advanced\n    advanced: {\n      useSecureCookies:\n        config.advanced?.useSecureCookies ??\n        process.env.NODE_ENV === 'production',\n      crossSubDomainCookies: {\n        enabled: false,\n      },\n    },\n\n    // Plugins (phoneNumber when configured, then nextCookies last)\n    plugins,\n\n    // Hooks\n    hooks: {\n      // Before hooks: email normalization\n      before: createAuthMiddleware(async (ctx) => {\n        if (ctx.path === '/sign-up/email') {\n          const body = ctx.body as { email?: string } | undefined;\n          if (body?.email && typeof body.email === 'string') {\n            (ctx.body as { email: string }).email = body.email.toLowerCase();\n          }\n        }\n      }),\n\n      // After hooks: user lifecycle events\n      after: createAuthMiddleware(async (ctx) => {\n        if (\n          ctx.path.startsWith('/sign-in') ||\n          ctx.path.startsWith('/sign-up')\n        ) {\n          const newSession = ctx.context.newSession;\n          if (newSession?.user) {\n            const user = newSession.user;\n\n            // Normalize email in database if needed\n            const normalizedEmail = user.email?.toLowerCase();\n            if (normalizedEmail && user.email !== normalizedEmail) {\n              try {\n                await config.database.user.update({\n                  where: { id: user.id },\n                  data: { email: normalizedEmail },\n                });\n              } catch (hookError) {\n                config.logger?.warn?.(\n                  '[CattoAuth] Email normalization failed',\n                  {\n                    userId: user.id,\n                    error:\n                      hookError instanceof Error\n                        ? hookError.message\n                        : String(hookError),\n                  },\n                );\n              }\n            }\n\n            // Call onUserCreated hook\n            if (config.hooks?.onUserCreated) {\n              try {\n                await config.hooks.onUserCreated(\n                  {\n                    id: user.id,\n                    email: normalizedEmail || user.email,\n                    name: user.name,\n                  },\n                  config.database,\n                );\n              } catch (hookError) {\n                config.logger?.warn?.('[CattoAuth] onUserCreated hook failed', {\n                  userId: user.id,\n                  error:\n                    hookError instanceof Error\n                      ? hookError.message\n                      : String(hookError),\n                });\n              }\n            }\n          }\n        }\n      }),\n    },\n  });\n\n  // Enriched session factory\n  async function getEnrichedSession(headers: Headers): Promise<any | null> {\n    try {\n      const baseSession = await auth.api.getSession({ headers });\n      if (!baseSession?.user) return null;\n\n      const userId = baseSession.user.id;\n\n      // Call enrichSession hook if provided\n      const enrichment = config.hooks?.enrichSession\n        ? await config.hooks.enrichSession(userId, config.database)\n        : {};\n\n      return {\n        user: {\n          id: baseSession.user.id,\n          email: baseSession.user.email,\n          name: baseSession.user.name,\n          image: baseSession.user.image,\n          ...enrichment,\n        },\n        session: baseSession.session,\n      };\n    } catch {\n      return null;\n    }\n  }\n\n  return { auth, getEnrichedSession };\n}\n"]}

package/dist/server.d.cts

@@ -1,5 +1,5 @@
-import { b as CattoAuthServerConfig } from './config-CvzbPvtw.cjs';
-export { c as CattoAuthSocialProvider } from './config-CvzbPvtw.cjs';
+import { c as CattoAuthServerConfig } from './config-MuDc5UVc.cjs';
+export { b as CattoAuthPhoneConfig, d as CattoAuthSocialProvider } from './config-MuDc5UVc.cjs';
 
 interface CreateCattoAuthResult {
     /** The Better Auth instance (use for API routes) */

package/dist/server.d.ts

@@ -1,5 +1,5 @@
-import { b as CattoAuthServerConfig } from './config-CvzbPvtw.js';
-export { c as CattoAuthSocialProvider } from './config-CvzbPvtw.js';
+import { c as CattoAuthServerConfig } from './config-MuDc5UVc.js';
+export { b as CattoAuthPhoneConfig, d as CattoAuthSocialProvider } from './config-MuDc5UVc.js';
 
 interface CreateCattoAuthResult {
     /** The Better Auth instance (use for API routes) */

package/dist/server.js

@@ -2,6 +2,7 @@ import { betterAuth } from 'better-auth';
 import { prismaAdapter } from 'better-auth/adapters/prisma';
 import { createAuthMiddleware } from 'better-auth/api';
 import { nextCookies } from 'better-auth/next-js';
+import { phoneNumber } from 'better-auth/plugins';
 
 // src/server/create-auth.ts
 var DEFAULT_TOKEN_EXPIRY_SECONDS = 69 * 24 * 60 * 60;
@@ -14,6 +15,9 @@ function createCattoAuth(config) {
   if (config.socialProviders?.github) {
     socialProviders.github = config.socialProviders.github;
   }
+  if (config.socialProviders?.apple) {
+    socialProviders.apple = config.socialProviders.apple;
+  }
   if (config.socialProviders?.facebook) {
     socialProviders.facebook = {
       ...config.socialProviders.facebook,
@@ -23,6 +27,27 @@ function createCattoAuth(config) {
       ]
     };
   }
+  const plugins = [];
+  const phoneCfg = config.phoneAuth;
+  if (phoneCfg?.enabled && phoneCfg.sendOtp) {
+    const tempEmailDomain = phoneCfg.tempEmailDomain ?? "phone.catto.local";
+    plugins.push(
+      phoneNumber({
+        sendOTP: async ({ phoneNumber: toNumber, code }) => {
+          await phoneCfg.sendOtp({ phoneNumber: toNumber, code });
+        },
+        requireVerification: phoneCfg.requireVerification ?? true,
+        ...phoneCfg.otpExpiresInSeconds ? { expiresIn: phoneCfg.otpExpiresInSeconds } : {},
+        signUpOnVerification: {
+          getTempEmail: (toNumber) => `${toNumber}@${tempEmailDomain}`,
+          // Use the phone number as the initial display name; the app can
+          // prompt for a real name post-verify.
+          getTempName: (toNumber) => toNumber
+        }
+      })
+    );
+  }
+  plugins.push(nextCookies());
   const auth = betterAuth({
     // Database
     // Cast needed: prismaAdapter expects PrismaClient but we use a minimal interface for package portability
@@ -74,8 +99,8 @@ function createCattoAuth(config) {
         enabled: false
       }
     },
-    // Plugins
-    plugins: [nextCookies()],
+    // Plugins (phoneNumber when configured, then nextCookies last)
+    plugins,
     // Hooks
     hooks: {
       // Before hooks: email normalization

package/dist/server.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/server/create-auth.ts"],"names":[],"mappings":";;;;;;AAoCA,IAAM,4BAAA,GAA+B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA;AAa7C,SAAS,gBACd,MAAA,EACuB;AACvB,EAAA,MAAM,SAAA,GACJ,MAAA,CAAO,OAAA,EAAS,gBAAA,IAAoB,4BAAA;AAGtC,EAAA,MAAM,kBAGF,EAAC;AACL,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,QAAA,EAAU;AACpC,IAAA,eAAA,CAAgB,QAAA,GAAW;AAAA,MACzB,GAAG,OAAO,eAAA,CAAgB,QAAA;AAAA,MAC1B,KAAA,EAAO,MAAA,CAAO,eAAA,CAAgB,QAAA,CAAS,KAAA,IAAS;AAAA,QAC9C,OAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,UAAA,CAAW;AAAA;AAAA;AAAA,IAGtB,QAAA,EAAU,aAAA;AAAA,MACR,MAAA,CAAO,QAAA;AAAA,MACP;AAAA,QACE,UAAU,MAAA,CAAO;AAAA;AACnB,KACF;AAAA;AAAA,IAGA,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAS,MAAA,CAAO,OAAA;AAAA;AAAA,IAGhB,gBAAA,EAAkB;AAAA,MAChB,OAAA,EAAS,MAAA,CAAO,gBAAA,EAAkB,OAAA,IAAW,IAAA;AAAA,MAC7C,wBAAA,EACE,MAAA,CAAO,gBAAA,EAAkB,wBAAA,IAA4B;AAAA,KACzD;AAAA;AAAA,IAGA,eAAA;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,SAAA;AAAA,MACA,WAAA,EAAa;AAAA,QACX,OAAA,EAAS,IAAA;AAAA,QACT,MAAA,EAAQ;AAAA;AACV,KACF;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB;AAAA,QACd,OAAA,EAAS,IAAA;AAAA,QACT,gBAAA,EAAkB,MAAA,CAAO,IAAA,CAAK,eAAe;AAAA;AAC/C,KACF;AAAA;AAAA,IAGA,IAAA,EAAM;AAAA,MACJ,gBAAA,EAAkB;AAAA,QAChB,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,QAAA;AAAA,UACN,QAAA,EAAU,KAAA;AAAA,UACV,YAAA,EAAc;AAAA;AAChB;AACF,KACF;AAAA;AAAA,IAGA,QAAA,EAAU;AAAA,MACR,kBACE,MAAA,CAAO,QAAA,EAAU,gBAAA,IACjB,OAAA,CAAQ,IAAI,QAAA,KAAa,YAAA;AAAA,MAC3B,qBAAA,EAAuB;AAAA,QACrB,OAAA,EAAS;AAAA;AACX,KACF;AAAA;AAAA,IAGA,OAAA,EAAS,CAAC,WAAA,EAAa,CAAA;AAAA;AAAA,IAGvB,KAAA,EAAO;AAAA;AAAA,MAEL,MAAA,EAAQ,oBAAA,CAAqB,OAAO,GAAA,KAAQ;AAC1C,QAAA,IAAI,GAAA,CAAI,SAAS,gBAAA,EAAkB;AACjC,UAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,UAAA,IAAI,IAAA,EAAM,KAAA,IAAS,OAAO,IAAA,CAAK,UAAU,QAAA,EAAU;AACjD,YAAC,GAAA,CAAI,IAAA,CAA2B,KAAA,GAAQ,IAAA,CAAK,MAAM,WAAA,EAAY;AAAA,UACjE;AAAA,QACF;AAAA,MACF,CAAC,CAAA;AAAA;AAAA,MAGD,KAAA,EAAO,oBAAA,CAAqB,OAAO,GAAA,KAAQ;AACzC,QAAA,IACE,GAAA,CAAI,KAAK,UAAA,CAAW,UAAU,KAC9B,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,EAC9B;AACA,UAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,UAAA;AAC/B,UAAA,IAAI,YAAY,IAAA,EAAM;AACpB,YAAA,MAAM,OAAO,UAAA,CAAW,IAAA;AAGxB,YAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,KAAA,EAAO,WAAA,EAAY;AAChD,YAAA,IAAI,eAAA,IAAmB,IAAA,CAAK,KAAA,KAAU,eAAA,EAAiB;AACrD,cAAA,IAAI;AACF,gBAAA,MAAM,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,MAAA,CAAO;AAAA,kBAChC,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,kBACrB,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA;AAAgB,iBAChC,CAAA;AAAA,cACH,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,IAAA;AAAA,kBACb,wCAAA;AAAA,kBACA;AAAA,oBACE,QAAQ,IAAA,CAAK,EAAA;AAAA,oBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA;AACxB,iBACF;AAAA,cACF;AAAA,YACF;AAGA,YAAA,IAAI,MAAA,CAAO,OAAO,aAAA,EAAe;AAC/B,cAAA,IAAI;AACF,gBAAA,MAAM,OAAO,KAAA,CAAM,aAAA;AAAA,kBACjB;AAAA,oBACE,IAAI,IAAA,CAAK,EAAA;AAAA,oBACT,KAAA,EAAO,mBAAmB,IAAA,CAAK,KAAA;AAAA,oBAC/B,MAAM,IAAA,CAAK;AAAA,mBACb;AAAA,kBACA,MAAA,CAAO;AAAA,iBACT;AAAA,cACF,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,OAAO,uCAAA,EAAyC;AAAA,kBAC7D,QAAQ,IAAA,CAAK,EAAA;AAAA,kBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA,iBACvB,CAAA;AAAA,cACH;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAC;AAAA;AACH,GACD,CAAA;AAGD,EAAA,eAAe,mBAAmB,OAAA,EAAuC;AACvE,IAAA,IAAI;AACF,MAAA,MAAM,cAAc,MAAM,IAAA,CAAK,IAAI,UAAA,CAAW,EAAE,SAAS,CAAA;AACzD,MAAA,IAAI,CAAC,WAAA,EAAa,IAAA,EAAM,OAAO,IAAA;AAE/B,MAAA,MAAM,MAAA,GAAS,YAAY,IAAA,CAAK,EAAA;AAGhC,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,EAAO,aAAA,GAC7B,MAAM,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,CAAO,QAAQ,CAAA,GACxD,EAAC;AAEL,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,EAAA,EAAI,YAAY,IAAA,CAAK,EAAA;AAAA,UACrB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,IAAA,EAAM,YAAY,IAAA,CAAK,IAAA;AAAA,UACvB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,GAAG;AAAA,SACL;AAAA,QACA,SAAS,WAAA,CAAY;AAAA,OACvB;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,MAAM,kBAAA,EAAmB;AACpC","file":"server.js","sourcesContent":["/**\n * @ccatto/react-auth/server - createCattoAuth Factory\n *\n * Creates a configured Better Auth instance with sensible defaults,\n * automatic email normalization, and pluggable hooks for\n * session enrichment and user lifecycle events.\n *\n * @example\n * ```typescript\n * import { createCattoAuth } from '@ccatto/react-auth/server';\n * import { prisma } from '@myapp/database';\n *\n * export const { auth, getEnrichedSession } = createCattoAuth({\n *   database: prisma,\n *   databaseProvider: 'postgresql',\n *   secret: process.env.BETTER_AUTH_SECRET!,\n *   baseURL: process.env.BETTER_AUTH_URL!,\n *   hooks: {\n *     enrichSession: async (userId, db) => {\n *       // Return custom fields to merge into session.user\n *       return { role: 'admin', customField: 'value' };\n *     },\n *   },\n * });\n * ```\n */\nimport { betterAuth } from 'better-auth';\nimport { prismaAdapter } from 'better-auth/adapters/prisma';\nimport { createAuthMiddleware } from 'better-auth/api';\nimport { nextCookies } from 'better-auth/next-js';\nimport type {\n  CattoAuthServerConfig,\n  CattoAuthSocialProvider,\n} from '../types/config';\n\n// Default: 69 days (matches common long-lived session configs)\nconst DEFAULT_TOKEN_EXPIRY_SECONDS = 69 * 24 * 60 * 60;\n\nexport interface CreateCattoAuthResult {\n  /** The Better Auth instance (use for API routes) */\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  auth: any;\n  /**\n   * Get enriched session with custom fields from hooks.enrichSession.\n   * Call this instead of auth.api.getSession for full session data.\n   */\n  getEnrichedSession: (headers: Headers) => Promise<any | null>;\n}\n\nexport function createCattoAuth(\n  config: CattoAuthServerConfig,\n): CreateCattoAuthResult {\n  const expiresIn =\n    config.session?.expiresInSeconds ?? DEFAULT_TOKEN_EXPIRY_SECONDS;\n\n  // Build social providers config\n  const socialProviders: Record<\n    string,\n    CattoAuthSocialProvider & { scope?: string[] }\n  > = {};\n  if (config.socialProviders?.google) {\n    socialProviders.google = config.socialProviders.google;\n  }\n  if (config.socialProviders?.github) {\n    socialProviders.github = config.socialProviders.github;\n  }\n  if (config.socialProviders?.facebook) {\n    socialProviders.facebook = {\n      ...config.socialProviders.facebook,\n      scope: config.socialProviders.facebook.scope ?? [\n        'email',\n        'public_profile',\n      ],\n    };\n  }\n\n  const auth = betterAuth({\n    // Database\n    // Cast needed: prismaAdapter expects PrismaClient but we use a minimal interface for package portability\n    database: prismaAdapter(\n      config.database as Parameters<typeof prismaAdapter>[0],\n      {\n        provider: config.databaseProvider,\n      },\n    ),\n\n    // Secret & URL\n    secret: config.secret,\n    baseURL: config.baseURL,\n\n    // Email/password\n    emailAndPassword: {\n      enabled: config.emailAndPassword?.enabled ?? true,\n      requireEmailVerification:\n        config.emailAndPassword?.requireEmailVerification ?? false,\n    },\n\n    // Social providers\n    socialProviders,\n\n    // Session\n    session: {\n      expiresIn,\n      cookieCache: {\n        enabled: true,\n        maxAge: expiresIn,\n      },\n    },\n\n    // Account linking\n    account: {\n      accountLinking: {\n        enabled: true,\n        trustedProviders: Object.keys(socialProviders),\n      },\n    },\n\n    // User fields\n    user: {\n      additionalFields: {\n        role: {\n          type: 'string' as const,\n          required: false,\n          defaultValue: 'user',\n        },\n      },\n    },\n\n    // Advanced\n    advanced: {\n      useSecureCookies:\n        config.advanced?.useSecureCookies ??\n        process.env.NODE_ENV === 'production',\n      crossSubDomainCookies: {\n        enabled: false,\n      },\n    },\n\n    // Plugins\n    plugins: [nextCookies()],\n\n    // Hooks\n    hooks: {\n      // Before hooks: email normalization\n      before: createAuthMiddleware(async (ctx) => {\n        if (ctx.path === '/sign-up/email') {\n          const body = ctx.body as { email?: string } | undefined;\n          if (body?.email && typeof body.email === 'string') {\n            (ctx.body as { email: string }).email = body.email.toLowerCase();\n          }\n        }\n      }),\n\n      // After hooks: user lifecycle events\n      after: createAuthMiddleware(async (ctx) => {\n        if (\n          ctx.path.startsWith('/sign-in') ||\n          ctx.path.startsWith('/sign-up')\n        ) {\n          const newSession = ctx.context.newSession;\n          if (newSession?.user) {\n            const user = newSession.user;\n\n            // Normalize email in database if needed\n            const normalizedEmail = user.email?.toLowerCase();\n            if (normalizedEmail && user.email !== normalizedEmail) {\n              try {\n                await config.database.user.update({\n                  where: { id: user.id },\n                  data: { email: normalizedEmail },\n                });\n              } catch (hookError) {\n                config.logger?.warn?.(\n                  '[CattoAuth] Email normalization failed',\n                  {\n                    userId: user.id,\n                    error:\n                      hookError instanceof Error\n                        ? hookError.message\n                        : String(hookError),\n                  },\n                );\n              }\n            }\n\n            // Call onUserCreated hook\n            if (config.hooks?.onUserCreated) {\n              try {\n                await config.hooks.onUserCreated(\n                  {\n                    id: user.id,\n                    email: normalizedEmail || user.email,\n                    name: user.name,\n                  },\n                  config.database,\n                );\n              } catch (hookError) {\n                config.logger?.warn?.('[CattoAuth] onUserCreated hook failed', {\n                  userId: user.id,\n                  error:\n                    hookError instanceof Error\n                      ? hookError.message\n                      : String(hookError),\n                });\n              }\n            }\n          }\n        }\n      }),\n    },\n  });\n\n  // Enriched session factory\n  async function getEnrichedSession(headers: Headers): Promise<any | null> {\n    try {\n      const baseSession = await auth.api.getSession({ headers });\n      if (!baseSession?.user) return null;\n\n      const userId = baseSession.user.id;\n\n      // Call enrichSession hook if provided\n      const enrichment = config.hooks?.enrichSession\n        ? await config.hooks.enrichSession(userId, config.database)\n        : {};\n\n      return {\n        user: {\n          id: baseSession.user.id,\n          email: baseSession.user.email,\n          name: baseSession.user.name,\n          image: baseSession.user.image,\n          ...enrichment,\n        },\n        session: baseSession.session,\n      };\n    } catch {\n      return null;\n    }\n  }\n\n  return { auth, getEnrichedSession };\n}\n"]}
+{"version":3,"sources":["../src/server/create-auth.ts"],"names":[],"mappings":";;;;;;;AAqCA,IAAM,4BAAA,GAA+B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,EAAA;AAa7C,SAAS,gBACd,MAAA,EACuB;AACvB,EAAA,MAAM,SAAA,GACJ,MAAA,CAAO,OAAA,EAAS,gBAAA,IAAoB,4BAAA;AAGtC,EAAA,MAAM,kBAGF,EAAC;AACL,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,IAAA,eAAA,CAAgB,MAAA,GAAS,OAAO,eAAA,CAAgB,MAAA;AAAA,EAClD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,KAAA,EAAO;AACjC,IAAA,eAAA,CAAgB,KAAA,GAAQ,OAAO,eAAA,CAAgB,KAAA;AAAA,EACjD;AACA,EAAA,IAAI,MAAA,CAAO,iBAAiB,QAAA,EAAU;AACpC,IAAA,eAAA,CAAgB,QAAA,GAAW;AAAA,MACzB,GAAG,OAAO,eAAA,CAAgB,QAAA;AAAA,MAC1B,KAAA,EAAO,MAAA,CAAO,eAAA,CAAgB,QAAA,CAAS,KAAA,IAAS;AAAA,QAC9C,OAAA;AAAA,QACA;AAAA;AACF,KACF;AAAA,EACF;AAKA,EAAA,MAAM,UAAiB,EAAC;AACxB,EAAA,MAAM,WAAW,MAAA,CAAO,SAAA;AACxB,EAAA,IAAI,QAAA,EAAU,OAAA,IAAW,QAAA,CAAS,OAAA,EAAS;AACzC,IAAA,MAAM,eAAA,GAAkB,SAAS,eAAA,IAAmB,mBAAA;AACpD,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,WAAA,CAAY;AAAA,QACV,SAAS,OAAO,EAAE,WAAA,EAAa,QAAA,EAAU,MAAK,KAAM;AAClD,UAAA,MAAM,SAAS,OAAA,CAAQ,EAAE,WAAA,EAAa,QAAA,EAAU,MAAM,CAAA;AAAA,QACxD,CAAA;AAAA,QACA,mBAAA,EAAqB,SAAS,mBAAA,IAAuB,IAAA;AAAA,QACrD,GAAI,SAAS,mBAAA,GACT,EAAE,WAAW,QAAA,CAAS,mBAAA,KACtB,EAAC;AAAA,QACL,oBAAA,EAAsB;AAAA,UACpB,cAAc,CAAC,QAAA,KAAqB,CAAA,EAAG,QAAQ,IAAI,eAAe,CAAA,CAAA;AAAA;AAAA;AAAA,UAGlE,WAAA,EAAa,CAAC,QAAA,KAAqB;AAAA;AACrC,OACD;AAAA,KACH;AAAA,EACF;AACA,EAAA,OAAA,CAAQ,IAAA,CAAK,aAAa,CAAA;AAE1B,EAAA,MAAM,OAAO,UAAA,CAAW;AAAA;AAAA;AAAA,IAGtB,QAAA,EAAU,aAAA;AAAA,MACR,MAAA,CAAO,QAAA;AAAA,MACP;AAAA,QACE,UAAU,MAAA,CAAO;AAAA;AACnB,KACF;AAAA;AAAA,IAGA,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAS,MAAA,CAAO,OAAA;AAAA;AAAA,IAGhB,gBAAA,EAAkB;AAAA,MAChB,OAAA,EAAS,MAAA,CAAO,gBAAA,EAAkB,OAAA,IAAW,IAAA;AAAA,MAC7C,wBAAA,EACE,MAAA,CAAO,gBAAA,EAAkB,wBAAA,IAA4B;AAAA,KACzD;AAAA;AAAA,IAGA,eAAA;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,SAAA;AAAA,MACA,WAAA,EAAa;AAAA,QACX,OAAA,EAAS,IAAA;AAAA,QACT,MAAA,EAAQ;AAAA;AACV,KACF;AAAA;AAAA,IAGA,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB;AAAA,QACd,OAAA,EAAS,IAAA;AAAA,QACT,gBAAA,EAAkB,MAAA,CAAO,IAAA,CAAK,eAAe;AAAA;AAC/C,KACF;AAAA;AAAA,IAGA,IAAA,EAAM;AAAA,MACJ,gBAAA,EAAkB;AAAA,QAChB,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,QAAA;AAAA,UACN,QAAA,EAAU,KAAA;AAAA,UACV,YAAA,EAAc;AAAA;AAChB;AACF,KACF;AAAA;AAAA,IAGA,QAAA,EAAU;AAAA,MACR,kBACE,MAAA,CAAO,QAAA,EAAU,gBAAA,IACjB,OAAA,CAAQ,IAAI,QAAA,KAAa,YAAA;AAAA,MAC3B,qBAAA,EAAuB;AAAA,QACrB,OAAA,EAAS;AAAA;AACX,KACF;AAAA;AAAA,IAGA,OAAA;AAAA;AAAA,IAGA,KAAA,EAAO;AAAA;AAAA,MAEL,MAAA,EAAQ,oBAAA,CAAqB,OAAO,GAAA,KAAQ;AAC1C,QAAA,IAAI,GAAA,CAAI,SAAS,gBAAA,EAAkB;AACjC,UAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,UAAA,IAAI,IAAA,EAAM,KAAA,IAAS,OAAO,IAAA,CAAK,UAAU,QAAA,EAAU;AACjD,YAAC,GAAA,CAAI,IAAA,CAA2B,KAAA,GAAQ,IAAA,CAAK,MAAM,WAAA,EAAY;AAAA,UACjE;AAAA,QACF;AAAA,MACF,CAAC,CAAA;AAAA;AAAA,MAGD,KAAA,EAAO,oBAAA,CAAqB,OAAO,GAAA,KAAQ;AACzC,QAAA,IACE,GAAA,CAAI,KAAK,UAAA,CAAW,UAAU,KAC9B,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,UAAU,CAAA,EAC9B;AACA,UAAA,MAAM,UAAA,GAAa,IAAI,OAAA,CAAQ,UAAA;AAC/B,UAAA,IAAI,YAAY,IAAA,EAAM;AACpB,YAAA,MAAM,OAAO,UAAA,CAAW,IAAA;AAGxB,YAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,KAAA,EAAO,WAAA,EAAY;AAChD,YAAA,IAAI,eAAA,IAAmB,IAAA,CAAK,KAAA,KAAU,eAAA,EAAiB;AACrD,cAAA,IAAI;AACF,gBAAA,MAAM,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,MAAA,CAAO;AAAA,kBAChC,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,kBACrB,IAAA,EAAM,EAAE,KAAA,EAAO,eAAA;AAAgB,iBAChC,CAAA;AAAA,cACH,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,IAAA;AAAA,kBACb,wCAAA;AAAA,kBACA;AAAA,oBACE,QAAQ,IAAA,CAAK,EAAA;AAAA,oBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA;AACxB,iBACF;AAAA,cACF;AAAA,YACF;AAGA,YAAA,IAAI,MAAA,CAAO,OAAO,aAAA,EAAe;AAC/B,cAAA,IAAI;AACF,gBAAA,MAAM,OAAO,KAAA,CAAM,aAAA;AAAA,kBACjB;AAAA,oBACE,IAAI,IAAA,CAAK,EAAA;AAAA,oBACT,KAAA,EAAO,mBAAmB,IAAA,CAAK,KAAA;AAAA,oBAC/B,MAAM,IAAA,CAAK;AAAA,mBACb;AAAA,kBACA,MAAA,CAAO;AAAA,iBACT;AAAA,cACF,SAAS,SAAA,EAAW;AAClB,gBAAA,MAAA,CAAO,MAAA,EAAQ,OAAO,uCAAA,EAAyC;AAAA,kBAC7D,QAAQ,IAAA,CAAK,EAAA;AAAA,kBACb,OACE,SAAA,YAAqB,KAAA,GACjB,SAAA,CAAU,OAAA,GACV,OAAO,SAAS;AAAA,iBACvB,CAAA;AAAA,cACH;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF,CAAC;AAAA;AACH,GACD,CAAA;AAGD,EAAA,eAAe,mBAAmB,OAAA,EAAuC;AACvE,IAAA,IAAI;AACF,MAAA,MAAM,cAAc,MAAM,IAAA,CAAK,IAAI,UAAA,CAAW,EAAE,SAAS,CAAA;AACzD,MAAA,IAAI,CAAC,WAAA,EAAa,IAAA,EAAM,OAAO,IAAA;AAE/B,MAAA,MAAM,MAAA,GAAS,YAAY,IAAA,CAAK,EAAA;AAGhC,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,EAAO,aAAA,GAC7B,MAAM,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,CAAO,QAAQ,CAAA,GACxD,EAAC;AAEL,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,EAAA,EAAI,YAAY,IAAA,CAAK,EAAA;AAAA,UACrB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,IAAA,EAAM,YAAY,IAAA,CAAK,IAAA;AAAA,UACvB,KAAA,EAAO,YAAY,IAAA,CAAK,KAAA;AAAA,UACxB,GAAG;AAAA,SACL;AAAA,QACA,SAAS,WAAA,CAAY;AAAA,OACvB;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,MAAM,kBAAA,EAAmB;AACpC","file":"server.js","sourcesContent":["/**\n * @ccatto/react-auth/server - createCattoAuth Factory\n *\n * Creates a configured Better Auth instance with sensible defaults,\n * automatic email normalization, and pluggable hooks for\n * session enrichment and user lifecycle events.\n *\n * @example\n * ```typescript\n * import { createCattoAuth } from '@ccatto/react-auth/server';\n * import { prisma } from '@myapp/database';\n *\n * export const { auth, getEnrichedSession } = createCattoAuth({\n *   database: prisma,\n *   databaseProvider: 'postgresql',\n *   secret: process.env.BETTER_AUTH_SECRET!,\n *   baseURL: process.env.BETTER_AUTH_URL!,\n *   hooks: {\n *     enrichSession: async (userId, db) => {\n *       // Return custom fields to merge into session.user\n *       return { role: 'admin', customField: 'value' };\n *     },\n *   },\n * });\n * ```\n */\nimport { betterAuth } from 'better-auth';\nimport { prismaAdapter } from 'better-auth/adapters/prisma';\nimport { createAuthMiddleware } from 'better-auth/api';\nimport { nextCookies } from 'better-auth/next-js';\nimport { phoneNumber } from 'better-auth/plugins';\nimport type {\n  CattoAuthServerConfig,\n  CattoAuthSocialProvider,\n} from '../types/config';\n\n// Default: 69 days (matches common long-lived session configs)\nconst DEFAULT_TOKEN_EXPIRY_SECONDS = 69 * 24 * 60 * 60;\n\nexport interface CreateCattoAuthResult {\n  /** The Better Auth instance (use for API routes) */\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  auth: any;\n  /**\n   * Get enriched session with custom fields from hooks.enrichSession.\n   * Call this instead of auth.api.getSession for full session data.\n   */\n  getEnrichedSession: (headers: Headers) => Promise<any | null>;\n}\n\nexport function createCattoAuth(\n  config: CattoAuthServerConfig,\n): CreateCattoAuthResult {\n  const expiresIn =\n    config.session?.expiresInSeconds ?? DEFAULT_TOKEN_EXPIRY_SECONDS;\n\n  // Build social providers config\n  const socialProviders: Record<\n    string,\n    CattoAuthSocialProvider & { scope?: string[] }\n  > = {};\n  if (config.socialProviders?.google) {\n    socialProviders.google = config.socialProviders.google;\n  }\n  if (config.socialProviders?.github) {\n    socialProviders.github = config.socialProviders.github;\n  }\n  if (config.socialProviders?.apple) {\n    socialProviders.apple = config.socialProviders.apple;\n  }\n  if (config.socialProviders?.facebook) {\n    socialProviders.facebook = {\n      ...config.socialProviders.facebook,\n      scope: config.socialProviders.facebook.scope ?? [\n        'email',\n        'public_profile',\n      ],\n    };\n  }\n\n  // Build plugins list. nextCookies() must stay last so Set-Cookie headers\n  // from any preceding plugin/route are forwarded in Next.js server actions.\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  const plugins: any[] = [];\n  const phoneCfg = config.phoneAuth;\n  if (phoneCfg?.enabled && phoneCfg.sendOtp) {\n    const tempEmailDomain = phoneCfg.tempEmailDomain ?? 'phone.catto.local';\n    plugins.push(\n      phoneNumber({\n        sendOTP: async ({ phoneNumber: toNumber, code }) => {\n          await phoneCfg.sendOtp({ phoneNumber: toNumber, code });\n        },\n        requireVerification: phoneCfg.requireVerification ?? true,\n        ...(phoneCfg.otpExpiresInSeconds\n          ? { expiresIn: phoneCfg.otpExpiresInSeconds }\n          : {}),\n        signUpOnVerification: {\n          getTempEmail: (toNumber: string) => `${toNumber}@${tempEmailDomain}`,\n          // Use the phone number as the initial display name; the app can\n          // prompt for a real name post-verify.\n          getTempName: (toNumber: string) => toNumber,\n        },\n      }),\n    );\n  }\n  plugins.push(nextCookies());\n\n  const auth = betterAuth({\n    // Database\n    // Cast needed: prismaAdapter expects PrismaClient but we use a minimal interface for package portability\n    database: prismaAdapter(\n      config.database as Parameters<typeof prismaAdapter>[0],\n      {\n        provider: config.databaseProvider,\n      },\n    ),\n\n    // Secret & URL\n    secret: config.secret,\n    baseURL: config.baseURL,\n\n    // Email/password\n    emailAndPassword: {\n      enabled: config.emailAndPassword?.enabled ?? true,\n      requireEmailVerification:\n        config.emailAndPassword?.requireEmailVerification ?? false,\n    },\n\n    // Social providers\n    socialProviders,\n\n    // Session\n    session: {\n      expiresIn,\n      cookieCache: {\n        enabled: true,\n        maxAge: expiresIn,\n      },\n    },\n\n    // Account linking\n    account: {\n      accountLinking: {\n        enabled: true,\n        trustedProviders: Object.keys(socialProviders),\n      },\n    },\n\n    // User fields\n    user: {\n      additionalFields: {\n        role: {\n          type: 'string' as const,\n          required: false,\n          defaultValue: 'user',\n        },\n      },\n    },\n\n    // Advanced\n    advanced: {\n      useSecureCookies:\n        config.advanced?.useSecureCookies ??\n        process.env.NODE_ENV === 'production',\n      crossSubDomainCookies: {\n        enabled: false,\n      },\n    },\n\n    // Plugins (phoneNumber when configured, then nextCookies last)\n    plugins,\n\n    // Hooks\n    hooks: {\n      // Before hooks: email normalization\n      before: createAuthMiddleware(async (ctx) => {\n        if (ctx.path === '/sign-up/email') {\n          const body = ctx.body as { email?: string } | undefined;\n          if (body?.email && typeof body.email === 'string') {\n            (ctx.body as { email: string }).email = body.email.toLowerCase();\n          }\n        }\n      }),\n\n      // After hooks: user lifecycle events\n      after: createAuthMiddleware(async (ctx) => {\n        if (\n          ctx.path.startsWith('/sign-in') ||\n          ctx.path.startsWith('/sign-up')\n        ) {\n          const newSession = ctx.context.newSession;\n          if (newSession?.user) {\n            const user = newSession.user;\n\n            // Normalize email in database if needed\n            const normalizedEmail = user.email?.toLowerCase();\n            if (normalizedEmail && user.email !== normalizedEmail) {\n              try {\n                await config.database.user.update({\n                  where: { id: user.id },\n                  data: { email: normalizedEmail },\n                });\n              } catch (hookError) {\n                config.logger?.warn?.(\n                  '[CattoAuth] Email normalization failed',\n                  {\n                    userId: user.id,\n                    error:\n                      hookError instanceof Error\n                        ? hookError.message\n                        : String(hookError),\n                  },\n                );\n              }\n            }\n\n            // Call onUserCreated hook\n            if (config.hooks?.onUserCreated) {\n              try {\n                await config.hooks.onUserCreated(\n                  {\n                    id: user.id,\n                    email: normalizedEmail || user.email,\n                    name: user.name,\n                  },\n                  config.database,\n                );\n              } catch (hookError) {\n                config.logger?.warn?.('[CattoAuth] onUserCreated hook failed', {\n                  userId: user.id,\n                  error:\n                    hookError instanceof Error\n                      ? hookError.message\n                      : String(hookError),\n                });\n              }\n            }\n          }\n        }\n      }),\n    },\n  });\n\n  // Enriched session factory\n  async function getEnrichedSession(headers: Headers): Promise<any | null> {\n    try {\n      const baseSession = await auth.api.getSession({ headers });\n      if (!baseSession?.user) return null;\n\n      const userId = baseSession.user.id;\n\n      // Call enrichSession hook if provided\n      const enrichment = config.hooks?.enrichSession\n        ? await config.hooks.enrichSession(userId, config.database)\n        : {};\n\n      return {\n        user: {\n          id: baseSession.user.id,\n          email: baseSession.user.email,\n          name: baseSession.user.name,\n          image: baseSession.user.image,\n          ...enrichment,\n        },\n        session: baseSession.session,\n      };\n    } catch {\n      return null;\n    }\n  }\n\n  return { auth, getEnrichedSession };\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ccatto/react-auth",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "Catto Auth - React/Next.js authentication with Better Auth, JWT, and mobile support",
   "license": "MIT",
   "author": "Chris Catto",