@contentgrowth/content-auth 0.0.3 → 0.1.0

package/dist/backend/index.d.ts

@@ -1057,21 +1057,18 @@ interface AuthConfig {
      * Use 'postgres' or 'mysql' if passing a Drizzle instance for those DBs.
      */
     provider?: "sqlite" | "postgres" | "mysql";
+    /**
+     * Use Cloudflare native crypto.subtle for password hashing to avoid CPU limits.
+     * Defaults to true. Set to false to use Better Auth's default (Scrypt/Argon2).
+     */
+    useCloudflareNativeHashing?: boolean;
     [key: string]: any;
 }
-declare const createAuth: (config: AuthConfig) => better_auth.Auth<{
-    database: (options: better_auth.BetterAuthOptions) => better_auth.DBAdapter<better_auth.BetterAuthOptions>;
-    secret: string;
-    baseURL: string | undefined;
-}>;
+declare const createAuth: (config: AuthConfig) => better_auth.Auth<any>;
 declare const authMiddleware: (auth: any) => (c: Context) => Promise<any>;
 declare const createAuthApp: (config: AuthConfig) => {
     app: Hono<hono_types.BlankEnv, hono_types.BlankSchema, "/">;
-    auth: better_auth.Auth<{
-        database: (options: better_auth.BetterAuthOptions) => better_auth.DBAdapter<better_auth.BetterAuthOptions>;
-        secret: string;
-        baseURL: string | undefined;
-    }>;
+    auth: better_auth.Auth<any>;
 };
 
 export { type AuthConfig, authMiddleware, createAuth, createAuthApp, schema };

package/dist/backend/index.js

@@ -4,7 +4,7 @@ import {
   createAuth,
   createAuthApp,
   schema_exports
-} from "../chunk-526JE62U.js";
+} from "../chunk-HPPCUGKY.js";
 import "../chunk-R5U7XKVJ.js";
 export {
   Hono,

package/dist/{chunk-526JE62U.js → chunk-HPPCUGKY.js}

@@ -89,6 +89,80 @@ var invitations = sqliteTable("invitations", {
   inviterId: text("inviterId").notNull().references(() => users.id, { onDelete: "cascade" })
 });
 
+// src/backend/native-hashing.ts
+async function hashPassword(password) {
+  const salt = crypto.getRandomValues(new Uint8Array(16));
+  const enc = new TextEncoder();
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    enc.encode(password),
+    { name: "PBKDF2" },
+    false,
+    ["deriveBits", "deriveKey"]
+  );
+  const hashBuffer = await crypto.subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt,
+      iterations: 1e5,
+      hash: "SHA-256"
+    },
+    keyMaterial,
+    256
+    // 32 bytes
+  );
+  const saltB64 = btoa(String.fromCharCode(...new Uint8Array(salt)));
+  const hashB64 = btoa(String.fromCharCode(...new Uint8Array(hashBuffer)));
+  return `pbkdf2:100000:${saltB64}:${hashB64}`;
+}
+async function verifyPassword(passwordOrData, storedHash) {
+  let password;
+  let hash;
+  if (typeof passwordOrData === "object" && passwordOrData !== null) {
+    password = passwordOrData.password;
+    hash = passwordOrData.hash;
+  } else {
+    password = passwordOrData;
+    hash = storedHash;
+  }
+  if (!hash) {
+    console.error("[Auth] verifyPassword called with empty/undefined hash");
+    return false;
+  }
+  const parts = hash.split(":");
+  if (parts.length !== 4) return false;
+  const [alg, iterationsStr, saltB64, hashB64] = parts;
+  if (alg !== "pbkdf2") return false;
+  const iterations = parseInt(iterationsStr, 10);
+  const salt = Uint8Array.from(atob(saltB64), (c) => c.charCodeAt(0));
+  const originalHash = Uint8Array.from(atob(hashB64), (c) => c.charCodeAt(0));
+  const enc = new TextEncoder();
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    enc.encode(password),
+    { name: "PBKDF2" },
+    false,
+    ["deriveBits", "deriveKey"]
+  );
+  const hashBuffer = await crypto.subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt,
+      iterations,
+      hash: "SHA-256"
+    },
+    keyMaterial,
+    256
+  );
+  const newHash = new Uint8Array(hashBuffer);
+  if (newHash.length !== originalHash.length) return false;
+  let result = 0;
+  for (let i = 0; i < newHash.length; i++) {
+    result |= newHash[i] ^ originalHash[i];
+  }
+  return result === 0;
+}
+
 // src/backend/index.ts
 var createAuth = (config) => {
   let db;
@@ -98,7 +172,7 @@ var createAuth = (config) => {
   } else {
     db = config.database;
   }
-  const { database, secret, baseUrl, provider: _, ...rest } = config;
+  const { database, secret, baseUrl, provider: _, useCloudflareNativeHashing = true, ...rest } = config;
   let adapterOptions = {
     provider,
     schema: {
@@ -111,11 +185,23 @@ var createAuth = (config) => {
       invitation: invitations
     }
   };
+  const emailConfig = rest.emailAndPassword || { enabled: true };
+  const { emailAndPassword, ...otherOptions } = rest;
+  const emailPasswordOptions = {
+    ...emailConfig
+  };
+  if (useCloudflareNativeHashing) {
+    emailPasswordOptions.password = {
+      hash: hashPassword,
+      verify: verifyPassword
+    };
+  }
   const auth = betterAuth({
     database: drizzleAdapter(db, adapterOptions),
     secret,
     baseURL: baseUrl,
-    ...rest
+    emailAndPassword: emailPasswordOptions,
+    ...otherOptions
   });
   return auth;
 };

package/dist/index.js

@@ -4,7 +4,7 @@ import {
   createAuth,
   createAuthApp,
   schema_exports
-} from "./chunk-526JE62U.js";
+} from "./chunk-HPPCUGKY.js";
 import {
   AuthForm,
   CreateOrganizationForm,

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@contentgrowth/content-auth",
-    "version": "0.0.3",
+    "version": "0.1.0",
     "description": "Better Auth wrapper with UI components for Cloudflare Workers & Pages",
     "type": "module",
     "main": "./dist/index.js",