@convex-dev/better-auth 0.12.0 → 0.12.2

package/src/client/adapter.test.ts

@@ -2,8 +2,28 @@
 
 import { describe, it } from "vitest";
 import { convexTest } from "convex-test";
-import { api } from "../component/_generated/api.js";
+import {
+  testAdapter,
+  transactionsTestSuite,
+} from "@better-auth/test-utils/adapter";
+import type { BetterAuthOptions } from "better-auth";
+import { internal } from "../component/_generated/api.js";
 import schema from "../component/testProfiles/schema.profile-plugin-table.js";
+import { createClient } from "./index.js";
+import type { DataModel } from "../component/_generated/dataModel.js";
+import type { ComponentApi } from "../component/_generated/component.js";
+import {
+  additionalFieldsAuthFlowTestSuite,
+  additionalFieldsNormalTestSuite,
+  convexCustomTestSuite,
+  coreAuthFlowTestSuite,
+  coreNormalTestSuite,
+  multiJoinsMissingRowsTestSuite,
+  pluginTableNormalTestSuite,
+  renameFieldAndJoinTestSuite,
+  renameModelUserCustomTestSuite,
+  renameModelUserTableTestSuite,
+} from "../test/adapter-factory/index.js";
 
 const MIN_NODE_MAJOR = 24;
 const currentNodeMajor = Number.parseInt(
@@ -11,16 +31,205 @@ const currentNodeMajor = Number.parseInt(
   10
 );
 
+const NORMAL_DISABLED_TESTS = [
+  // dynamic-schema-plugin-table/dynamic-schema-additional-fields:
+  // Convex validators are static in this harness, so runtime schema mutation
+  // tests are validated in dedicated profiles instead.
+  "create - should apply default values to fields",
+  "create - should return null for nullable foreign keys",
+  "create - should support arrays",
+  "create - should support json",
+  // convex-id-generation:
+  // Convex controls generated IDs at write time.
+  "create - should use generateId if provided",
+  // offset-unsupported:
+  // Convex adapter rejects offset pagination.
+  "findMany - should be able to perform a complex limited join",
+  "findMany - should find many models with limit and offset",
+  "findMany - should find many models with offset",
+  "findMany - should find many models with sortBy and limit and offset",
+  "findMany - should find many models with sortBy and limit and offset and where",
+  "findMany - should find many models with sortBy and offset",
+  "findMany - should find many with both one-to-one and one-to-many joins",
+  "findMany - should find many with join and offset",
+  "findMany - should find many with join, where, limit, and offset",
+  "findMany - should find many with one-to-one join",
+  "findMany - should handle mixed joins correctly when some are missing",
+  "findMany - should return empty array when base records don't exist with joins",
+  "findMany - should return null for one-to-one join when joined records don't exist",
+  "findMany - should select fields with one-to-one join",
+  // profile-specific coverage:
+  // These are intentionally exercised in dedicated profile suites.
+  "findOne - backwards join with modified field name (session base, users-table join)",
+  "findOne - multiple joins should return result even when some joined tables have no matching rows",
+  "findOne - should find a model with modified field name",
+  "findOne - should find a model with modified model name",
+  "findOne - should join a model with modified field name",
+  "findOne - should not apply defaultValue if value not found",
+  "findOne - should return an object for one-to-one joins",
+  "findOne - should return null for failed base model lookup that has joins",
+  "findOne - should return null for one-to-one join when joined record doesn't exist",
+  "findOne - should select fields with one-to-one join",
+  "findOne - should work with both one-to-one and one-to-many joins",
+] as const;
+
+const toDisableMap = (testNames: readonly string[]) =>
+  Object.fromEntries(testNames.map((testName) => [testName, true]));
+
+const getOverrideBetterAuthOptions = (
+  opts: BetterAuthOptions
+): BetterAuthOptions => ({
+  ...opts,
+  advanced: {
+    ...opts.advanced,
+    database: {
+      ...opts.advanced?.database,
+      generateId: "uuid",
+    },
+  },
+});
+
+type AdapterModule = ComponentApi["adapter"];
+type TestProfileName =
+  | "adapterAdditionalFields"
+  | "adapterPluginTable"
+  | "adapterRenameField"
+  | "adapterRenameUserCustom"
+  | "adapterRenameUserTable"
+  | "adapterOrganizationJoins";
+
+type InternalWithTestProfiles = {
+  adapter: AdapterModule;
+  testProfiles: Record<TestProfileName, AdapterModule>;
+};
+
 if (currentNodeMajor < MIN_NODE_MAJOR) {
   describe("Better Auth Adapter Tests", () => {
-    it.skip(
-      `requires Node ${MIN_NODE_MAJOR}+ (adapter test-utils uses explicit resource management syntax)`,
-      () => {}
-    );
+    it.skip(`requires Node ${MIN_NODE_MAJOR}+ (adapter test-utils uses explicit resource management syntax)`, () => {});
   });
 } else {
   describe("Better Auth Adapter Tests", async () => {
     const t = convexTest(schema, import.meta.glob("../component/**/*.*s"));
-    await t.action(api.adapterTest.runTests, {});
+
+    // Bridge `convexAdapter`'s ctx surface to `convexTest`. Each adapter call
+    // re-enters convex-test's AsyncLocalStorage frame via t.query / t.mutation,
+    // which is required by convex-test ≥0.0.45. State persists across calls
+    // because the test database lives on `t`, not in ALS.
+    const wrappedCtx = {
+      runQuery: t.query.bind(t),
+      runMutation: t.mutation.bind(t),
+    } as any;
+
+    const internalWithTestProfiles =
+      internal as unknown as InternalWithTestProfiles;
+    const profileApi = (name: TestProfileName): { adapter: AdapterModule } => ({
+      adapter: internalWithTestProfiles.testProfiles[name],
+    });
+
+    const baseProfileClient = createClient<DataModel>(
+      { adapter: internalWithTestProfiles.adapter },
+      { verbose: false }
+    );
+    const additionalFieldsProfileClient = createClient<DataModel>(
+      profileApi("adapterAdditionalFields"),
+      { verbose: false }
+    );
+    const pluginTableProfileClient = createClient<DataModel>(
+      profileApi("adapterPluginTable"),
+      { verbose: false }
+    );
+    const renameFieldProfileClient = createClient<DataModel>(
+      profileApi("adapterRenameField"),
+      { verbose: false }
+    );
+    const renameUserCustomProfileClient = createClient<DataModel>(
+      profileApi("adapterRenameUserCustom"),
+      { verbose: false }
+    );
+    const renameUserTableProfileClient = createClient<DataModel>(
+      profileApi("adapterRenameUserTable"),
+      { verbose: false }
+    );
+    const organizationJoinsProfileClient = createClient<DataModel>(
+      profileApi("adapterOrganizationJoins"),
+      { verbose: false }
+    );
+
+    const noMigrations = () => {
+      // Convex schema is static — no migrations needed.
+    };
+
+    const { execute: executeBaseProfile } = await testAdapter({
+      adapter: () => baseProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      tests: [
+        coreNormalTestSuite({
+          disableTests: toDisableMap(NORMAL_DISABLED_TESTS),
+        }),
+        transactionsTestSuite({ disableTests: { ALL: true } }),
+        coreAuthFlowTestSuite(),
+        convexCustomTestSuite(),
+      ],
+    });
+
+    const { execute: executeAdditionalFieldsProfile } = await testAdapter({
+      adapter: () => additionalFieldsProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      prefixTests: "profile:additional-fields",
+      tests: [
+        additionalFieldsNormalTestSuite(),
+        additionalFieldsAuthFlowTestSuite(),
+      ],
+    });
+
+    const { execute: executePluginTableProfile } = await testAdapter({
+      adapter: () => pluginTableProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      prefixTests: "profile:plugin-table",
+      tests: [pluginTableNormalTestSuite()],
+    });
+
+    const { execute: executeRenameFieldProfile } = await testAdapter({
+      adapter: () => renameFieldProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      prefixTests: "profile:rename-field-join",
+      tests: [renameFieldAndJoinTestSuite()],
+    });
+
+    const { execute: executeRenameUserCustomProfile } = await testAdapter({
+      adapter: () => renameUserCustomProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      prefixTests: "profile:rename-user-custom",
+      tests: [renameModelUserCustomTestSuite()],
+    });
+
+    const { execute: executeRenameUserTableProfile } = await testAdapter({
+      adapter: () => renameUserTableProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      prefixTests: "profile:rename-user-table",
+      tests: [renameModelUserTableTestSuite()],
+    });
+
+    const { execute: executeOrganizationJoinsProfile } = await testAdapter({
+      adapter: () => organizationJoinsProfileClient.adapter(wrappedCtx),
+      runMigrations: noMigrations,
+      overrideBetterAuthOptions: getOverrideBetterAuthOptions,
+      prefixTests: "profile:organization-joins",
+      tests: [multiJoinsMissingRowsTestSuite()],
+    });
+
+    executeBaseProfile();
+    executeAdditionalFieldsProfile();
+    executePluginTableProfile();
+    executeRenameFieldProfile();
+    executeRenameUserCustomProfile();
+    executeRenameUserTableProfile();
+    executeOrganizationJoinsProfile();
   });
 }

package/src/client/adapter.ts

@@ -171,7 +171,6 @@ export const convexAdapter = <
   ctx: Ctx,
   api: {
     adapter: ComponentApi["adapter"];
-    adapterTest?: ComponentApi["adapterTest"];
   },
   config: {
     debugLogs?: DBAdapterDebugLogOption;

package/src/client/create-api.ts

@@ -55,9 +55,7 @@ const whereValidator = (
       v.null()
     ),
     connector: v.optional(v.union(v.literal("AND"), v.literal("OR"))),
-    mode: v.optional(
-      v.union(v.literal("sensitive"), v.literal("insensitive"))
-    ),
+    mode: v.optional(v.union(v.literal("sensitive"), v.literal("insensitive"))),
   });
 
 export const createApi = <Schema extends SchemaDefinition<any, any>>(
@@ -91,7 +89,7 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
           args.input.model as any,
           args.input.data
         );
-        const doc = await ctx.db.get(id);
+        const doc = await ctx.db.get(args.input.model, id);
         if (!doc) {
           throw new Error(`Failed to create ${args.input.model}`);
         }
@@ -104,6 +102,13 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
               doc,
             }
           );
+          const updatedDoc = await ctx.db.get(args.input.model, id);
+          if (!updatedDoc) {
+            throw new Error(
+              `Failed to create ${args.input.model} (deleted by onCreate trigger?)`
+            );
+          }
+          return selectFields(updatedDoc, args.select);
         }
         return result;
       },
@@ -174,10 +179,14 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
           doc
         );
         await ctx.db.patch(
-          doc._id as GenericId<string>,
+          args.input.model,
+          doc._id as GenericId<TableNames>,
           args.input.update as any
         );
-        const updatedDoc = await ctx.db.get(doc._id as GenericId<string>);
+        const updatedDoc = await ctx.db.get(
+          args.input.model,
+          doc._id as GenericId<TableNames>
+        );
         if (!updatedDoc) {
           throw new Error(`Failed to update ${args.input.model}`);
         }
@@ -190,6 +199,16 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
               oldDoc: doc,
             }
           );
+          const innerUpdatedDoc = await ctx.db.get(
+            args.input.model,
+            doc._id as GenericId<TableNames>
+          );
+          if (!innerUpdatedDoc) {
+            throw new Error(
+              `Failed to update ${args.input.model} (deleted by onUpdate trigger?)`
+            );
+          }
+          return innerUpdatedDoc;
         }
         return updatedDoc;
       },
@@ -245,7 +264,8 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
               doc
             );
             await ctx.db.patch(
-              doc._id as GenericId<string>,
+              args.input.model,
+              doc._id as GenericId<TableNames>,
               args.input.update as any
             );
 
@@ -254,7 +274,10 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
                 args.onUpdateHandle as FunctionHandle<"mutation">,
                 {
                   model: args.input.model,
-                  newDoc: await ctx.db.get(doc._id as GenericId<string>),
+                  newDoc: await ctx.db.get(
+                    args.input.model,
+                    doc._id as GenericId<TableNames>
+                  ),
                   oldDoc: doc,
                 }
               );
@@ -286,7 +309,7 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
         if (!doc) {
           return;
         }
-        await ctx.db.delete(doc._id as GenericId<string>);
+        await ctx.db.delete(args.input.model, doc._id as GenericId<TableNames>);
         if (args.onDeleteHandle) {
           await ctx.runMutation(
             args.onDeleteHandle as FunctionHandle<"mutation">,
@@ -330,7 +353,10 @@ export const createApi = <Schema extends SchemaDefinition<any, any>>(
               }
             );
           }
-          await ctx.db.delete(doc._id as GenericId<string>);
+          await ctx.db.delete(
+            args.input.model,
+            doc._id as GenericId<TableNames>
+          );
         });
         return {
           ...result,

package/src/client/create-client.ts

@@ -17,7 +17,6 @@ import type { Infer } from "convex/values";
 import { convexAdapter } from "./adapter.js";
 import { corsRouter } from "convex-helpers/server/cors";
 import type defaultSchema from "../component/schema.js";
-import type { ComponentApi } from "../component/_generated/component.js";
 import type { CreateAuth, GenericCtx } from "./index.js";
 import type { TrustedOriginsOption } from "../utils/index.js";
 
@@ -70,7 +69,6 @@ type SlimComponentApi = {
     deleteOne: FunctionReference<"mutation", "internal">;
     deleteMany: FunctionReference<"mutation", "internal">;
   };
-  adapterTest?: ComponentApi["adapterTest"];
 };
 
 type RouteCorsOptions =

package/src/client/triggers.test.ts

@@ -0,0 +1,58 @@
+/// <reference types="vite/client" />
+
+import { describe, expect, it } from "vitest";
+import { convexTest } from "convex-test";
+import { createFunctionHandle } from "convex/server";
+import schema from "../component/schema.js";
+import { api, internal } from "../component/_generated/api.js";
+
+const baseSessionData = () => ({
+  expiresAt: Date.now() + 60_000,
+  createdAt: Date.now(),
+  updatedAt: Date.now(),
+  userId: "user-1",
+  userAgent: "original",
+});
+
+describe("trigger result propagation", () => {
+  it("api.adapter.create returns the doc reflecting onCreateHandle writes", async () => {
+    const t = convexTest(schema, import.meta.glob("../component/**/*.*s"));
+    const result = await t.run(async (ctx) => {
+      const handle = await createFunctionHandle(
+        internal.testTriggerHandlers.sessionOnCreateUpdater
+      );
+      return await ctx.runMutation(api.adapter.create, {
+        input: {
+          model: "session",
+          data: { ...baseSessionData(), token: "create-token-1" },
+        },
+        onCreateHandle: handle,
+      });
+    });
+    expect(result.userAgent).toBe("trigger-ran-on-create");
+  });
+
+  it("api.adapter.updateOne returns the doc reflecting onUpdateHandle writes", async () => {
+    const t = convexTest(schema, import.meta.glob("../component/**/*.*s"));
+    const result = await t.run(async (ctx) => {
+      await ctx.runMutation(api.adapter.create, {
+        input: {
+          model: "session",
+          data: { ...baseSessionData(), token: "update-token-1" },
+        },
+      });
+      const handle = await createFunctionHandle(
+        internal.testTriggerHandlers.sessionOnUpdateUpdater
+      );
+      return await ctx.runMutation(api.adapter.updateOne, {
+        input: {
+          model: "session",
+          update: { userAgent: "set-by-update" },
+          where: [{ field: "token", operator: "eq", value: "update-token-1" }],
+        },
+        onUpdateHandle: handle,
+      });
+    });
+    expect(result.userAgent).toBe("trigger-ran-on-update");
+  });
+});

package/src/component/_generated/api.ts

@@ -9,13 +9,13 @@
  */
 
 import type * as adapter from "../adapter.js";
-import type * as adapterTest from "../adapterTest.js";
 import type * as testProfiles_adapterAdditionalFields from "../testProfiles/adapterAdditionalFields.js";
 import type * as testProfiles_adapterOrganizationJoins from "../testProfiles/adapterOrganizationJoins.js";
 import type * as testProfiles_adapterPluginTable from "../testProfiles/adapterPluginTable.js";
 import type * as testProfiles_adapterRenameField from "../testProfiles/adapterRenameField.js";
 import type * as testProfiles_adapterRenameUserCustom from "../testProfiles/adapterRenameUserCustom.js";
 import type * as testProfiles_adapterRenameUserTable from "../testProfiles/adapterRenameUserTable.js";
+import type * as testTriggerHandlers from "../testTriggerHandlers.js";
 
 import type {
   ApiFromModules,
@@ -26,13 +26,13 @@ import { anyApi, componentsGeneric } from "convex/server";
 
 const fullApi: ApiFromModules<{
   adapter: typeof adapter;
-  adapterTest: typeof adapterTest;
   "testProfiles/adapterAdditionalFields": typeof testProfiles_adapterAdditionalFields;
   "testProfiles/adapterOrganizationJoins": typeof testProfiles_adapterOrganizationJoins;
   "testProfiles/adapterPluginTable": typeof testProfiles_adapterPluginTable;
   "testProfiles/adapterRenameField": typeof testProfiles_adapterRenameField;
   "testProfiles/adapterRenameUserCustom": typeof testProfiles_adapterRenameUserCustom;
   "testProfiles/adapterRenameUserTable": typeof testProfiles_adapterRenameUserTable;
+  testTriggerHandlers: typeof testTriggerHandlers;
 }> = anyApi as any;
 
 /**

package/src/component/_generated/component.ts

@@ -1893,9 +1893,6 @@ export type ComponentApi<Name extends string | undefined = string | undefined> =
         Name
       >;
     };
-    adapterTest: {
-      runTests: FunctionReference<"action", "internal", any, any, Name>;
-    };
     testProfiles: {
       adapterAdditionalFields: {
         create: FunctionReference<

package/src/component/testTriggerHandlers.ts

@@ -0,0 +1,27 @@
+// Stub trigger handles for tests that need a real FunctionReference to pass
+// as onCreateHandle / onUpdateHandle on adapter writes.
+
+import { internalMutationGeneric } from "convex/server";
+import { v } from "convex/values";
+
+export const sessionOnCreateUpdater = internalMutationGeneric({
+  args: { doc: v.any(), model: v.string() },
+  handler: async (ctx, args) => {
+    if (args.model === "session") {
+      await ctx.db.patch("session", args.doc._id, {
+        userAgent: "trigger-ran-on-create",
+      });
+    }
+  },
+});
+
+export const sessionOnUpdateUpdater = internalMutationGeneric({
+  args: { newDoc: v.any(), oldDoc: v.any(), model: v.string() },
+  handler: async (ctx, args) => {
+    if (args.model === "session") {
+      await ctx.db.patch("session", args.newDoc._id, {
+        userAgent: "trigger-ran-on-update",
+      });
+    }
+  },
+});

package/src/nextjs/index.test.ts

@@ -0,0 +1,109 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { convexBetterAuthNextJs } from "./index.js";
+
+const SITE_URL = "https://test.convex.site";
+const CONVEX_URL = "https://test.convex.cloud";
+
+const setup = () => {
+  const { handler } = convexBetterAuthNextJs({
+    convexUrl: CONVEX_URL,
+    convexSiteUrl: SITE_URL,
+  });
+  const fetchSpy = vi
+    .spyOn(globalThis, "fetch")
+    .mockResolvedValue(new Response());
+  return { handler, fetchSpy };
+};
+
+const initOf = (spy: ReturnType<typeof vi.spyOn>): RequestInit =>
+  (spy.mock.calls[0]?.[1] as RequestInit) ?? {};
+
+const headersOf = (spy: ReturnType<typeof vi.spyOn>): Headers =>
+  new Headers(initOf(spy).headers);
+
+describe("convexBetterAuthNextJs handler", () => {
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("strips hop-by-hop headers from the forwarded request", async () => {
+    const { handler, fetchSpy } = setup();
+    const request = new Request(
+      "https://app.example.com/api/auth/sign-in/email",
+      {
+        method: "POST",
+        headers: {
+          "transfer-encoding": "chunked",
+          "content-length": "42",
+          connection: "keep-alive",
+          "content-type": "application/json",
+        },
+        body: JSON.stringify({ email: "test@example.com" }),
+      }
+    );
+    await handler.POST(request);
+    const headers = headersOf(fetchSpy);
+    expect(headers.get("transfer-encoding")).toBeNull();
+    expect(headers.get("content-length")).toBeNull();
+    expect(headers.get("connection")).toBeNull();
+  });
+
+  it("forwards to upstream URL preserving path and query", async () => {
+    const { handler, fetchSpy } = setup();
+    const request = new Request(
+      "https://app.example.com/api/auth/sign-in/email?foo=bar",
+      { method: "POST", body: "{}" }
+    );
+    await handler.POST(request);
+    expect(fetchSpy.mock.calls[0]?.[0]).toBe(
+      `${SITE_URL}/api/auth/sign-in/email?foo=bar`
+    );
+  });
+
+  it("sets host and forwarding headers", async () => {
+    const { handler, fetchSpy } = setup();
+    const request = new Request(
+      "https://app.example.com/api/auth/sign-in/email",
+      { method: "POST", body: "{}" }
+    );
+    await handler.POST(request);
+    const headers = headersOf(fetchSpy);
+    expect(headers.get("host")).toBe(new URL(SITE_URL).host);
+    expect(headers.get("x-forwarded-host")).toBe("app.example.com");
+    expect(headers.get("x-forwarded-proto")).toBe("https");
+    expect(headers.get("x-better-auth-forwarded-host")).toBe("app.example.com");
+    expect(headers.get("x-better-auth-forwarded-proto")).toBe("https");
+  });
+
+  it("buffers POST body and forwards as ArrayBuffer", async () => {
+    const { handler, fetchSpy } = setup();
+    const body = JSON.stringify({ email: "test@example.com" });
+    const request = new Request(
+      "https://app.example.com/api/auth/sign-in/email",
+      { method: "POST", body }
+    );
+    await handler.POST(request);
+    const init = initOf(fetchSpy);
+    expect(init.body).toBeInstanceOf(ArrayBuffer);
+    expect(new TextDecoder().decode(init.body as ArrayBuffer)).toBe(body);
+  });
+
+  it("does not set body for GET requests", async () => {
+    const { handler, fetchSpy } = setup();
+    const request = new Request(
+      "https://app.example.com/api/auth/get-session",
+      { method: "GET" }
+    );
+    await handler.GET(request);
+    expect(initOf(fetchSpy).body).toBeUndefined();
+  });
+
+  it("does not set body for empty POST", async () => {
+    const { handler, fetchSpy } = setup();
+    const request = new Request("https://app.example.com/api/auth/sign-out", {
+      method: "POST",
+    });
+    await handler.POST(request);
+    expect(initOf(fetchSpy).body).toBeUndefined();
+  });
+});

package/src/nextjs/index.ts

@@ -40,17 +40,36 @@ const parseConvexSiteUrl = (url: string) => {
   return url;
 };
 
-const handler = (request: Request, siteUrl: string) => {
+const handler = async (request: Request, siteUrl: string) => {
   const requestUrl = new URL(request.url);
   const nextUrl = `${siteUrl}${requestUrl.pathname}${requestUrl.search}`;
-  const newRequest = new Request(nextUrl, request);
-  newRequest.headers.set("accept-encoding", "application/json");
-  newRequest.headers.set("host", new URL(siteUrl).host);
-  newRequest.headers.set("x-forwarded-host", requestUrl.host);
-  newRequest.headers.set("x-forwarded-proto", requestUrl.protocol.replace(/:$/, ""));
-  newRequest.headers.set("x-better-auth-forwarded-host", requestUrl.host);
-  newRequest.headers.set("x-better-auth-forwarded-proto", requestUrl.protocol.replace(/:$/, ""));
-  return fetch(newRequest, { method: request.method, redirect: "manual" });
+
+  const headers = new Headers(request.headers);
+  // Strip hop-by-hop headers; undici rejects outbound `transfer-encoding: chunked`.
+  headers.delete("transfer-encoding");
+  headers.delete("content-length");
+  headers.delete("connection");
+  headers.set("accept-encoding", "application/json");
+  headers.set("host", new URL(siteUrl).host);
+  headers.set("x-forwarded-host", requestUrl.host);
+  headers.set("x-forwarded-proto", requestUrl.protocol.replace(/:$/, ""));
+  headers.set("x-better-auth-forwarded-host", requestUrl.host);
+  headers.set("x-better-auth-forwarded-proto", requestUrl.protocol.replace(/:$/, ""));
+
+  const init: RequestInit = {
+    headers,
+    method: request.method,
+    redirect: "manual",
+  };
+
+  if (request.method !== "GET" && request.method !== "HEAD") {
+    const body = await request.arrayBuffer();
+    if (body.byteLength > 0) {
+      init.body = body;
+    }
+  }
+
+  return fetch(nextUrl, init);
 };
 
 const nextJsHandler = (siteUrl: string) => ({