@convex-dev/better-auth 0.6.0

package/src/client/index.ts

@@ -0,0 +1,381 @@
+import {
+  type Auth as ConvexAuth,
+  type DefaultFunctionArgs,
+  type Expand,
+  type FunctionReference,
+  GenericActionCtx,
+  type GenericDataModel,
+  GenericMutationCtx,
+  type GenericQueryCtx,
+  type HttpRouter,
+  httpActionGeneric,
+  internalMutationGeneric,
+  queryGeneric,
+} from "convex/server";
+import { type GenericId, Infer, v } from "convex/values";
+import type { api } from "../component/_generated/api";
+import schema from "../component/schema";
+import { convexAdapter } from "./adapter";
+import corsRouter from "./cors";
+import { getByArgsValidator, updateArgsInputValidator } from "../component/lib";
+import { betterAuth } from "better-auth";
+import { omit } from "convex-helpers";
+import { createCookieGetter } from "better-auth/cookies";
+import { fetchQuery } from "convex/nextjs";
+export { convexAdapter };
+
+const createUserFields = omit(schema.tables.user.validator.fields, ["userId"]);
+const createUserValidator = v.object(createUserFields);
+const createUserArgsValidator = v.object({
+  input: v.object({
+    ...createUserFields,
+    table: v.literal("user"),
+  }),
+});
+const updateUserArgsValidator = v.object({
+  input: updateArgsInputValidator("user"),
+});
+const deleteUserArgsValidator = v.object(getByArgsValidator);
+
+const createSessionArgsValidator = v.object({
+  input: v.object({
+    table: v.literal("session"),
+    ...schema.tables.session.validator.fields,
+  }),
+});
+
+export type EventFunction<T extends DefaultFunctionArgs> = FunctionReference<
+  "mutation",
+  "internal" | "public",
+  T
+>;
+
+export type AuthFunctions = {
+  createUser: FunctionReference<
+    "mutation",
+    "internal",
+    Infer<typeof createUserArgsValidator>
+  >;
+  deleteUser: FunctionReference<
+    "mutation",
+    "internal",
+    Infer<typeof deleteUserArgsValidator>
+  >;
+  updateUser: FunctionReference<
+    "mutation",
+    "internal",
+    Infer<typeof updateUserArgsValidator>
+  >;
+  createSession: FunctionReference<
+    "mutation",
+    "internal",
+    Infer<typeof createSessionArgsValidator>
+  >;
+};
+
+export type PublicAuthFunctions = {
+  isAuthenticated: FunctionReference<"query", "public">;
+};
+
+export class BetterAuth<UserId extends string = string> {
+  constructor(
+    public component: UseApi<typeof api>,
+    public config: {
+      authFunctions: AuthFunctions;
+      publicAuthFunctions?: PublicAuthFunctions;
+      verbose?: boolean;
+    }
+  ) {}
+
+  async isAuthenticated(token?: string | null) {
+    if (!this.config.publicAuthFunctions?.isAuthenticated) {
+      throw new Error(
+        "isAuthenticated function not found. It must be a named export in convex/auth.ts"
+      );
+    }
+    return fetchQuery(
+      this.config.publicAuthFunctions.isAuthenticated,
+      {},
+      { token: token ?? undefined }
+    );
+  }
+
+  async getHeaders(ctx: RunQueryCtx & { auth: ConvexAuth }) {
+    const identity = await ctx.auth.getUserIdentity();
+    if (!identity) {
+      return new Headers();
+    }
+    const session = await ctx.runQuery(this.component.lib.getCurrentSession);
+    return new Headers({
+      authorization: `Bearer ${session?.token}`,
+    });
+  }
+
+  // TODO: use the proper id type for auth functions
+  async getAuthUserId(ctx: RunQueryCtx & { auth: ConvexAuth }) {
+    const identity = await ctx.auth.getUserIdentity();
+    if (!identity) {
+      return null;
+    }
+    return identity.subject as UserId;
+  }
+
+  // Convenience function for getting the Better Auth user
+  async getAuthUser(ctx: RunQueryCtx & { auth: ConvexAuth }) {
+    const identity = await ctx.auth.getUserIdentity();
+    if (!identity) {
+      return null;
+    }
+    const doc = await ctx.runQuery(this.component.lib.getBy, {
+      table: "user",
+      field: "userId",
+      value: identity.subject,
+    });
+    if (!doc) {
+      return null;
+    }
+    // Type narrowing
+    if (!("emailVerified" in doc)) {
+      throw new Error("invalid user");
+    }
+    const { id: _id, ...user } = doc;
+    return user;
+  }
+
+  async getIdTokenCookieName(
+    createAuth: (ctx: GenericActionCtx<any>) => ReturnType<typeof betterAuth>
+  ) {
+    const auth = createAuth({} as any);
+    const createCookie = createCookieGetter(auth.options);
+    const cookie = createCookie("convex_jwt");
+    return cookie.name;
+  }
+
+  createAuthFunctions<DataModel extends GenericDataModel>(opts: {
+    onCreateUser: (
+      ctx: GenericMutationCtx<DataModel>,
+      user: Infer<typeof createUserValidator>
+    ) => Promise<UserId>;
+    onDeleteUser?: (
+      ctx: GenericMutationCtx<DataModel>,
+      id: UserId
+    ) => void | Promise<void>;
+    onUpdateUser?: (
+      ctx: GenericMutationCtx<DataModel>,
+      user: Infer<typeof schema.tables.user.validator>
+    ) => void | Promise<void>;
+    onCreateSession?: (
+      ctx: GenericMutationCtx<DataModel>,
+      session: Infer<typeof schema.tables.session.validator>
+    ) => void | Promise<void>;
+  }) {
+    return {
+      isAuthenticated: queryGeneric({
+        args: v.object({}),
+        handler: async (ctx) => {
+          const identity = await ctx.auth.getUserIdentity();
+          return identity !== null;
+        },
+      }),
+      createUser: internalMutationGeneric({
+        args: createUserArgsValidator,
+        handler: async (ctx, args) => {
+          const userId = await opts.onCreateUser(ctx, args.input);
+          const input = { ...args.input, table: "user", userId };
+          return ctx.runMutation(this.component.lib.create, {
+            input,
+          });
+        },
+      }),
+      deleteUser: internalMutationGeneric({
+        args: deleteUserArgsValidator,
+        handler: async (ctx, args) => {
+          const doc = await ctx.runMutation(this.component.lib.deleteBy, args);
+          if (opts.onDeleteUser) {
+            await opts.onDeleteUser(ctx, doc.userId as UserId);
+          }
+        },
+      }),
+      updateUser: internalMutationGeneric({
+        args: updateUserArgsValidator,
+        handler: async (ctx, args) => {
+          const updatedUser = await ctx.runMutation(
+            this.component.lib.update,
+            args
+          );
+          // Type narrowing
+          if (!("emailVerified" in updatedUser)) {
+            throw new Error("invalid user");
+          }
+          if (opts.onUpdateUser) {
+            await opts.onUpdateUser(ctx, omit(updatedUser, ["id"]));
+          }
+          return updatedUser;
+        },
+      }),
+      createSession: internalMutationGeneric({
+        args: createSessionArgsValidator,
+        handler: async (ctx, args) => {
+          const session = await ctx.runMutation(
+            this.component.lib.create,
+            args
+          );
+          // Type narrowing
+          if (!("ipAddress" in session)) {
+            throw new Error("invalid session");
+          }
+          await opts.onCreateSession?.(ctx, session);
+          return session;
+        },
+      }),
+    };
+  }
+
+  registerRoutes(
+    http: HttpRouter,
+    createAuth: (ctx: GenericActionCtx<any>) => ReturnType<typeof betterAuth>,
+    opts?: {
+      path?: string;
+      allowedOrigins?: string[];
+    }
+  ) {
+    const path = opts?.path ?? "/api/auth";
+    const options = createAuth({} as any).options;
+    const trustedOriginsOption: string[] = Array.isArray(options.trustedOrigins)
+      ? options.trustedOrigins
+      : [];
+
+    const trustedOrigins = createAuth({} as any).options.plugins?.reduce(
+      (acc, plugin) => {
+        if (plugin.options?.trustedOrigins) {
+          acc.push(...plugin.options.trustedOrigins);
+        }
+        return acc;
+      },
+      [...trustedOriginsOption, options.baseURL].filter(Boolean) as string[]
+    );
+    // Reuse trustedOrigins as default for allowedOrigins
+    const allowedOrigins =
+      opts?.allowedOrigins ??
+      trustedOrigins?.map((origin) =>
+        // Strip trailing wildcards, unsupported for allowedOrigins
+        origin.endsWith("*") && origin.length > 1 ? origin.slice(0, -1) : origin
+      );
+    const requireEnv = (name: string) => {
+      const value = process.env[name];
+      if (value === undefined) {
+        throw new Error(`Missing environment variable \`${name}\``);
+      }
+      return value;
+    };
+
+    const authRequestHandler = httpActionGeneric(async (ctx, request) => {
+      const auth = createAuth(ctx);
+      const response = await auth.handler(request);
+      if (this.config?.verbose) {
+        console.log("response headers", response.headers);
+      }
+      return response;
+    });
+
+    const cors = corsRouter(http, {
+      allowedOrigins,
+      allowCredentials: true,
+      allowedHeaders: ["Authorization", "Content-Type", "Better-Auth-Cookie"],
+      verbose: this.config?.verbose,
+      exposedHeaders: ["Set-Better-Auth-Cookie"],
+    });
+
+    http.route({
+      path: "/.well-known/openid-configuration",
+      method: "GET",
+      handler: httpActionGeneric(async () => {
+        const url = `${requireEnv("CONVEX_SITE_URL")}/api/auth/convex/.well-known/openid-configuration`;
+        return Response.redirect(url);
+      }),
+    });
+
+    http.route({
+      path: `${path}/convex/.well-known/openid-configuration`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    http.route({
+      path: `${path}/convex/jwks`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    http.route({
+      pathPrefix: `${path}/callback/`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    http.route({
+      path: `${path}/magic-link/verify`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    http.route({
+      path: `${path}/verify-email`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    http.route({
+      pathPrefix: `${path}/reset-password/`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    cors.route({
+      pathPrefix: `${path}/`,
+      method: "GET",
+      handler: authRequestHandler,
+    });
+
+    cors.route({
+      pathPrefix: `${path}/`,
+      method: "POST",
+      handler: authRequestHandler,
+    });
+  }
+}
+
+/* Type utils follow */
+
+type RunQueryCtx = {
+  runQuery: GenericQueryCtx<GenericDataModel>["runQuery"];
+};
+
+export type OpaqueIds<T> =
+  T extends GenericId<infer _T>
+    ? string
+    : T extends (infer U)[]
+      ? OpaqueIds<U>[]
+      : T extends ArrayBuffer
+        ? ArrayBuffer
+        : T extends object
+          ? { [K in keyof T]: OpaqueIds<T[K]> }
+          : T;
+
+export type UseApi<API> = Expand<{
+  [mod in keyof API]: API[mod] extends FunctionReference<
+    infer FType,
+    "public",
+    infer FArgs,
+    infer FReturnType,
+    infer FComponentPath
+  >
+    ? FunctionReference<
+        FType,
+        "internal",
+        OpaqueIds<FArgs>,
+        OpaqueIds<FReturnType>,
+        FComponentPath
+      >
+    : UseApi<API[mod]>;
+}>;

package/src/client/plugins/index.ts

@@ -0,0 +1,2 @@
+export * from "../../plugins/convex/client";
+export * from "../../plugins/cross-domain/client";

package/src/component/_generated/api.d.ts

@@ -0,0 +1,313 @@
+/* eslint-disable */
+/**
+ * Generated `api` utility.
+ *
+ * THIS CODE IS AUTOMATICALLY GENERATED.
+ *
+ * To regenerate, run `npx convex dev`.
+ * @module
+ */
+
+import type * as lib from "../lib.js";
+import type * as util from "../util.js";
+
+import type {
+  ApiFromModules,
+  FilterApi,
+  FunctionReference,
+} from "convex/server";
+
+/**
+ * A utility for referencing Convex functions in your app's API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = api.myModule.myFunction;
+ * ```
+ */
+declare const fullApi: ApiFromModules<{
+  lib: typeof lib;
+  util: typeof util;
+}>;
+export type Mounts = {
+  lib: {
+    create: FunctionReference<
+      "mutation",
+      "public",
+      {
+        input:
+          | {
+              createdAt: number;
+              email: string;
+              emailVerified: boolean;
+              image?: string;
+              name: string;
+              table: string;
+              twoFactorEnabled?: boolean;
+              updatedAt: number;
+              userId: string;
+            }
+          | {
+              createdAt: number;
+              expiresAt: number;
+              ipAddress?: string;
+              table: string;
+              token: string;
+              updatedAt: number;
+              userAgent?: string;
+              userId: string;
+            }
+          | {
+              accessToken?: string;
+              accessTokenExpiresAt?: number;
+              accountId: string;
+              createdAt: number;
+              idToken?: string;
+              password?: string;
+              providerId: string;
+              refreshToken?: string;
+              refreshTokenExpiresAt?: number;
+              scope?: string;
+              table: string;
+              updatedAt: number;
+              userId: string;
+            }
+          | {
+              backupCodes: string;
+              secret: string;
+              table: string;
+              userId: string;
+            }
+          | {
+              createdAt?: number;
+              expiresAt: number;
+              identifier: string;
+              table: string;
+              updatedAt?: number;
+              value: string;
+            }
+          | {
+              createdAt: number;
+              id?: string;
+              privateKey: string;
+              publicKey: string;
+              table: string;
+            };
+      },
+      any
+    >;
+    deleteAllForUser: FunctionReference<
+      "action",
+      "public",
+      { table: string; userId: string },
+      any
+    >;
+    deleteAllForUserPage: FunctionReference<
+      "mutation",
+      "public",
+      {
+        paginationOpts?: {
+          cursor: string | null;
+          endCursor?: string | null;
+          id?: number;
+          maximumBytesRead?: number;
+          maximumRowsRead?: number;
+          numItems: number;
+        };
+        table: string;
+        userId: string;
+      },
+      any
+    >;
+    deleteBy: FunctionReference<
+      "mutation",
+      "public",
+      {
+        field: string;
+        table: string;
+        unique?: boolean;
+        value: string | number | boolean | Array<string> | Array<number> | null;
+      },
+      any
+    >;
+    deleteOldVerifications: FunctionReference<
+      "action",
+      "public",
+      { currentTimestamp: number },
+      any
+    >;
+    deleteOldVerificationsPage: FunctionReference<
+      "mutation",
+      "public",
+      {
+        currentTimestamp: number;
+        paginationOpts?: {
+          cursor: string | null;
+          endCursor?: string | null;
+          id?: number;
+          maximumBytesRead?: number;
+          maximumRowsRead?: number;
+          numItems: number;
+        };
+      },
+      any
+    >;
+    getAccountByAccountIdAndProviderId: FunctionReference<
+      "query",
+      "public",
+      { accountId: string; providerId: string },
+      any
+    >;
+    getAccountsByUserId: FunctionReference<
+      "query",
+      "public",
+      { limit?: number; userId: string },
+      any
+    >;
+    getBy: FunctionReference<
+      "query",
+      "public",
+      {
+        field: string;
+        table: string;
+        unique?: boolean;
+        value: string | number | boolean | Array<string> | Array<number> | null;
+      },
+      any
+    >;
+    getByQuery: FunctionReference<
+      "query",
+      "public",
+      {
+        field: string;
+        table: string;
+        unique?: boolean;
+        value: string | number | boolean | Array<string> | Array<number> | null;
+      },
+      any
+    >;
+    getCurrentSession: FunctionReference<"query", "public", {}, any>;
+    getJwks: FunctionReference<"query", "public", { limit?: number }, any>;
+    listVerificationsByIdentifier: FunctionReference<
+      "query",
+      "public",
+      {
+        identifier: string;
+        limit?: number;
+        sortBy?: { direction: "asc" | "desc"; field: string };
+      },
+      any
+    >;
+    update: FunctionReference<
+      "mutation",
+      "public",
+      {
+        input:
+          | {
+              table: "account";
+              value: Record<string, any>;
+              where: {
+                field: string;
+                value:
+                  | string
+                  | number
+                  | boolean
+                  | Array<string>
+                  | Array<number>
+                  | null;
+              };
+            }
+          | {
+              table: "session";
+              value: Record<string, any>;
+              where: {
+                field: string;
+                value:
+                  | string
+                  | number
+                  | boolean
+                  | Array<string>
+                  | Array<number>
+                  | null;
+              };
+            }
+          | {
+              table: "verification";
+              value: Record<string, any>;
+              where: {
+                field: string;
+                value:
+                  | string
+                  | number
+                  | boolean
+                  | Array<string>
+                  | Array<number>
+                  | null;
+              };
+            }
+          | {
+              table: "user";
+              value: Record<string, any>;
+              where: {
+                field: string;
+                value:
+                  | string
+                  | number
+                  | boolean
+                  | Array<string>
+                  | Array<number>
+                  | null;
+              };
+            };
+      },
+      any
+    >;
+    updateTwoFactor: FunctionReference<
+      "mutation",
+      "public",
+      {
+        update: { backupCodes?: string; secret?: string; userId?: string };
+        userId: string;
+      },
+      any
+    >;
+    updateUserProviderAccounts: FunctionReference<
+      "mutation",
+      "public",
+      {
+        providerId: string;
+        update: {
+          accessToken?: string;
+          accessTokenExpiresAt?: number;
+          accountId?: string;
+          createdAt?: number;
+          idToken?: string;
+          password?: string;
+          providerId?: string;
+          refreshToken?: string;
+          refreshTokenExpiresAt?: number;
+          scope?: string;
+          updatedAt?: number;
+          userId?: string;
+        };
+        userId: string;
+      },
+      any
+    >;
+  };
+};
+// For now fullApiWithMounts is only fullApi which provides
+// jump-to-definition in component client code.
+// Use Mounts for the same type without the inference.
+declare const fullApiWithMounts: typeof fullApi;
+
+export declare const api: FilterApi<
+  typeof fullApiWithMounts,
+  FunctionReference<any, "public">
+>;
+export declare const internal: FilterApi<
+  typeof fullApiWithMounts,
+  FunctionReference<any, "internal">
+>;
+
+export declare const components: {};

package/src/component/_generated/api.js

@@ -0,0 +1,23 @@
+/* eslint-disable */
+/**
+ * Generated `api` utility.
+ *
+ * THIS CODE IS AUTOMATICALLY GENERATED.
+ *
+ * To regenerate, run `npx convex dev`.
+ * @module
+ */
+
+import { anyApi, componentsGeneric } from "convex/server";
+
+/**
+ * A utility for referencing Convex functions in your app's API.
+ *
+ * Usage:
+ * ```js
+ * const myFunctionReference = api.myModule.myFunction;
+ * ```
+ */
+export const api = anyApi;
+export const internal = anyApi;
+export const components = componentsGeneric();