npm - @convex-dev/better-auth - Versions diffs - 0.10.13 → 0.11.1 - Mend

@convex-dev/better-auth 0.10.13 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (185) hide show

package/src/plugins/convex/index.ts CHANGED Viewed

@@ -1,12 +1,11 @@
-import type {
-  BetterAuthPlugin,
-  Session,
-  User,
-} from "better-auth";
+import type { BetterAuthPlugin, Session, User } from "better-auth";
 import type { BetterAuthOptions } from "better-auth/minimal";
-import { createAuthMiddleware, sessionMiddleware } from "better-auth/api";
 import {
   createAuthEndpoint,
+  createAuthMiddleware,
+  sessionMiddleware,
+} from "better-auth/api";
+import {
   jwt as jwtPlugin,
   bearer as bearerPlugin,
   oidcProvider as oidcProviderPlugin,
@@ -17,6 +16,21 @@ import type { AuthConfig, AuthProvider } from "convex/server";
 export const JWT_COOKIE_NAME = "convex_jwt";
+type BetterAuthAfterHooks = NonNullable<
+  NonNullable<BetterAuthPlugin["hooks"]>["after"]
+>;
+type BetterAuthAfterHook = BetterAuthAfterHooks[number];
+type BetterAuthHookContext = Parameters<BetterAuthAfterHook["matcher"]>[0];
+const normalizeAfterHooks = <THook extends BetterAuthAfterHook>(
+  hooks: THook[]
+): BetterAuthAfterHooks => {
+  return hooks.map((hook) => ({
+    ...hook,
+    matcher: (ctx: BetterAuthHookContext) => Boolean(hook.matcher(ctx)),
+  }));
+};
 const getJwksAlg = (authProvider: AuthProvider) => {
   const isCustomJwt =
     "type" in authProvider && authProvider.type === "customJwt";
@@ -280,7 +294,7 @@ export const convex = (opts: {
             const knownSafePaths = ["/api-key/list", "/api-key/get"];
             const noopWrite = (method: string) => {
               return async (..._args: any[]) => {
-                if (!knownSafePaths.includes(ctx.path)) {
+                if (ctx.path && !knownSafePaths.includes(ctx.path)) {
                   // eslint-disable-next-line no-console
                   console.warn(
                     `[convex-better-auth] Write operation "${method}" skipped in query context for ${ctx.path}`
@@ -299,7 +313,7 @@ export const convex = (opts: {
         },
       ],
       after: [
-        ...oidcProvider.hooks.after,
+        ...normalizeAfterHooks(oidcProvider.hooks.after),
         {
           matcher: (ctx) => {
             return Boolean(
@@ -311,6 +325,7 @@ export const convex = (opts: {
                 ctx.path?.startsWith("/email-otp/verify-email") ||
                 ctx.path?.startsWith("/phone-number/verify") ||
                 ctx.path?.startsWith("/siwe/verify") ||
+                ctx.path?.startsWith("/update-session") ||
                 (ctx.path?.startsWith("/get-session") && ctx.context.session)
             );
           },
@@ -341,10 +356,10 @@ export const convex = (opts: {
         },
         {
           matcher: (ctx) => {
-            return (
+            return Boolean(
               ctx.path?.startsWith("/sign-out") ||
-              ctx.path?.startsWith("/delete-user") ||
-              (ctx.path?.startsWith("/get-session") && !ctx.context.session)
+                ctx.path?.startsWith("/delete-user") ||
+                (ctx.path?.startsWith("/get-session") && !ctx.context.session)
             );
           },
           handler: createAuthMiddleware(async (ctx) => {

package/src/plugins/cross-domain/index.test.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { describe, expect, it } from "vitest";
+import { crossDomain } from "./index.js";
+const getPostRewriteMatcher = () => {
+  const plugin = crossDomain({ siteUrl: "https://example.com" });
+  const matcher = plugin.hooks?.before?.[2]?.matcher;
+  if (!matcher) {
+    throw new Error("expected cross-domain POST rewrite matcher");
+  }
+  return matcher;
+};
+describe("crossDomain POST rewrite matcher", () => {
+  it("matches POST requests regardless of route", () => {
+    const matcher = getPostRewriteMatcher();
+    type MatcherContext = Parameters<typeof matcher>[0];
+    const knownPathCtx = {
+      method: "POST",
+      path: "/sign-in/email",
+      headers: new Headers(),
+    } satisfies Partial<MatcherContext>;
+    const unknownPathCtx = {
+      method: "POST",
+      path: "/custom-endpoint",
+      headers: new Headers(),
+    } satisfies Partial<MatcherContext>;
+    expect(matcher(knownPathCtx as MatcherContext)).toBe(true);
+    expect(matcher(unknownPathCtx as MatcherContext)).toBe(true);
+  });
+  it("rejects non-POST methods", () => {
+    const matcher = getPostRewriteMatcher();
+    type MatcherContext = Parameters<typeof matcher>[0];
+    const getSignInCtx = {
+      method: "GET",
+      path: "/sign-in/email",
+      headers: new Headers(),
+    } satisfies Partial<MatcherContext>;
+    const optionsLinkSocialCtx = {
+      method: "OPTIONS",
+      path: "/link-social",
+      headers: new Headers(),
+    } satisfies Partial<MatcherContext>;
+    expect(matcher(getSignInCtx as MatcherContext)).toBe(false);
+    expect(matcher(optionsLinkSocialCtx as MatcherContext)).toBe(false);
+  });
+  it("rejects expo-native requests", () => {
+    const matcher = getPostRewriteMatcher();
+    type MatcherContext = Parameters<typeof matcher>[0];
+    const headers = new Headers();
+    headers.set("expo-origin", "expo");
+    const expoCtx = {
+      method: "POST",
+      path: "/sign-in/social",
+      headers,
+    } satisfies Partial<MatcherContext>;
+    expect(matcher(expoCtx as MatcherContext)).toBe(false);
+  });
+});

package/src/plugins/cross-domain/index.ts CHANGED Viewed

@@ -1,11 +1,8 @@
 import type { BetterAuthPlugin } from "better-auth";
 import { setSessionCookie } from "better-auth/cookies";
 import { generateRandomString } from "better-auth/crypto";
-import {
-  createAuthEndpoint,
-  createAuthMiddleware,
-  oneTimeToken as oneTimeTokenPlugin,
-} from "better-auth/plugins";
+import { createAuthEndpoint, createAuthMiddleware } from "better-auth/api";
+import { oneTimeToken as oneTimeTokenPlugin } from "better-auth/plugins";
 import { z } from "zod";
 export const crossDomain = ({ siteUrl }: { siteUrl: string }) => {
@@ -86,7 +83,7 @@ export const crossDomain = ({ siteUrl }: { siteUrl: string }) => {
         },
         {
           matcher: (ctx) => {
-            return (
+            return Boolean(
               ctx.method === "GET" &&
               ctx.path?.startsWith("/verify-email") &&
               !isExpoNative(ctx)
@@ -101,26 +98,18 @@ export const crossDomain = ({ siteUrl }: { siteUrl: string }) => {
         },
         {
           matcher: (ctx) => {
-            return (
-              ((ctx.method === "POST" && ctx.path?.startsWith("/link-social")) ||
-                ctx.path?.startsWith("/send-verification-email") ||
-                ctx.path?.startsWith("/sign-in/email") ||
-                ctx.path?.startsWith("/sign-in/social") ||
-                ctx.path?.startsWith("/sign-in/magic-link") ||
-                ctx.path?.startsWith("/delete-user") ||
-                ctx.path?.startsWith("/change-email")) &&
-              !isExpoNative(ctx)
-            );
+            return Boolean(ctx.method === "POST" && !isExpoNative(ctx));
           },
           handler: createAuthMiddleware(async (ctx) => {
-            const isSignIn = ctx.path.startsWith("/sign-in");
-            ctx.body.callbackURL = rewriteCallbackURL(ctx.body.callbackURL);
-            if (isSignIn && ctx.body.newUserCallbackURL) {
+            if (ctx.body?.callbackURL) {
+              ctx.body.callbackURL = rewriteCallbackURL(ctx.body.callbackURL);
+            }
+            if (ctx.body?.newUserCallbackURL) {
               ctx.body.newUserCallbackURL = rewriteCallbackURL(
                 ctx.body.newUserCallbackURL
               );
             }
-            if (isSignIn && ctx.body.errorCallbackURL) {
+            if (ctx.body?.errorCallbackURL) {
               ctx.body.errorCallbackURL = rewriteCallbackURL(
                 ctx.body.errorCallbackURL
               );
@@ -151,7 +140,7 @@ export const crossDomain = ({ siteUrl }: { siteUrl: string }) => {
         },
         {
           matcher: (ctx) => {
-            return (
+            return Boolean(
               (ctx.path?.startsWith("/callback") ||
                 ctx.path?.startsWith("/oauth2/callback") ||
                 ctx.path?.startsWith("/magic-link/verify")) &&

package/src/react-start/index.ts CHANGED Viewed

@@ -89,6 +89,7 @@ export const convexBetterAuthReactStart = (
     const mutableHeaders = new Headers(headers);
     mutableHeaders.delete("content-length");
     mutableHeaders.delete("transfer-encoding");
+    mutableHeaders.set("accept-encoding", "identity");
     return getToken(siteUrl, mutableHeaders, opts);
   });

package/src/test/adapter-factory/auth-flow.ts ADDED Viewed

@@ -0,0 +1,170 @@
+import type { Session, User } from "@better-auth/core/db";
+import { createTestSuite } from "@better-auth/test-utils/adapter";
+import { setCookieToHeader } from "better-auth/cookies";
+import { expect } from "vitest";
+export const AUTH_FLOW_DEFAULT_BETTER_AUTH_OPTIONS = {
+	emailAndPassword: {
+		enabled: true,
+		password: {
+			hash: async (password: string) => password,
+			async verify(data: { hash: string; password: string }) {
+				return data.hash === data.password;
+			},
+		},
+	},
+};
+export const getAuthFlowSuiteTests = (
+	{
+		generate,
+		getAuth,
+		modifyBetterAuthOptions,
+		tryCatch,
+	}: Parameters<Parameters<typeof createTestSuite>[2]>[0],
+) => ({
+	"should successfully sign up": async () => {
+		const auth = await getAuth();
+		const user = await generate("user");
+		const result = await auth.api.signUpEmail({
+			body: {
+				email: user.email,
+				password: crypto.randomUUID(),
+				name: user.name,
+				image: user.image || "",
+			},
+		});
+		expect(result.user).toBeDefined();
+		expect(result.user.email).toBe(user.email);
+		expect(result.user.name).toBe(user.name);
+		expect(result.user.image).toBe(user.image || "");
+		expect(result.user.emailVerified).toBe(false);
+		expect(result.user.createdAt).toBeDefined();
+		expect(result.user.updatedAt).toBeDefined();
+	},
+	"should successfully sign in": async () => {
+		const auth = await getAuth();
+		const user = await generate("user");
+		const password = crypto.randomUUID();
+		const signUpResult = await auth.api.signUpEmail({
+			body: {
+				email: user.email,
+				password: password,
+				name: user.name,
+				image: user.image || "",
+			},
+		});
+		const result = await auth.api.signInEmail({
+			body: { email: user.email, password: password },
+		});
+		expect(result.user).toBeDefined();
+		expect(result.user.id).toBe(signUpResult.user.id);
+	},
+	"should successfully get session": async () => {
+		const auth = await getAuth();
+		const user = await generate("user");
+		const password = crypto.randomUUID();
+		const response = await auth.api.signUpEmail({
+			body: {
+				email: user.email,
+				password: password,
+				name: user.name,
+				image: user.image || "",
+			},
+			asResponse: true,
+		});
+		const headers = new Headers();
+		setCookieToHeader(headers)({ response });
+		const result = await auth.api.getSession({
+			headers,
+		});
+		const signUpResult = (await response.json()) as {
+			user: User;
+			session: Session;
+		};
+		signUpResult.user.createdAt = new Date(signUpResult.user.createdAt);
+		signUpResult.user.updatedAt = new Date(signUpResult.user.updatedAt);
+		expect(result?.user).toBeDefined();
+		expect(result?.user).toStrictEqual(signUpResult.user);
+		expect(result?.session).toBeDefined();
+	},
+	"should not sign in with invalid email": async () => {
+		const auth = await getAuth();
+		const user = await generate("user");
+		const { data, error } = await tryCatch(
+			auth.api.signInEmail({
+				body: { email: user.email, password: crypto.randomUUID() },
+			}),
+		);
+		expect(data).toBeNull();
+		expect(error).toBeDefined();
+	},
+	"should store and retrieve timestamps correctly across timezones": async () => {
+		using _ = recoverProcessTZ();
+		const auth = await getAuth();
+		const user = await generate("user");
+		const password = crypto.randomUUID();
+		const userSignUp = await auth.api.signUpEmail({
+			body: {
+				email: user.email,
+				password: password,
+				name: user.name,
+				image: user.image || "",
+			},
+		});
+		process.env.TZ = "Europe/London";
+		const userSignIn = await auth.api.signInEmail({
+			body: { email: user.email, password: password },
+		});
+		process.env.TZ = "America/Los_Angeles";
+		expect(userSignUp.user.createdAt.toISOString()).toStrictEqual(
+			userSignIn.user.createdAt.toISOString(),
+		);
+	},
+	"should sign up with additional fields": async () => {
+		await modifyBetterAuthOptions(
+			{ user: { additionalFields: { dateField: { type: "date" } } } },
+			true,
+		);
+		const auth = await getAuth();
+		const user = await generate("user");
+		const dateField = new Date();
+		const response = await auth.api.signUpEmail({
+			body: {
+				email: user.email,
+				name: user.name,
+				password: crypto.randomUUID(),
+				//@ts-expect-error - we are testing with additional fields
+				dateField: dateField.toISOString(), // using iso string to simulate client to server communication (this should be converted back to Date)
+			},
+			asResponse: true,
+		});
+		const headers = new Headers();
+		setCookieToHeader(headers)({ response });
+		const result = await auth.api.getSession({
+			headers,
+		});
+		//@ts-expect-error - we are testing with additional fields
+		expect(result?.user.dateField).toStrictEqual(dateField);
+	},
+});
+/**
+ * This test suite tests basic authentication flow using the adapter.
+ */
+export const authFlowTestSuite = createTestSuite(
+	"auth-flow",
+	{
+		defaultBetterAuthOptions: AUTH_FLOW_DEFAULT_BETTER_AUTH_OPTIONS,
+	},
+	(helpers) => getAuthFlowSuiteTests(helpers),
+);
+function recoverProcessTZ() {
+	const originalTZ = process.env.TZ;
+	return {
+		[Symbol.dispose]: () => {
+			process.env.TZ = originalTZ;
+		},
+	};
+}