@delmaredigital/payload-better-auth 0.3.4 → 0.3.6

package/dist/utils/betterAuthDefaults.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"betterAuthDefaults.d.ts","sourceRoot":"","sources":["../../src/utils/betterAuthDefaults.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAEhE,KAAK,mBAAmB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;AAEjE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAkE2mE,CAAC;;;;;;;;;;;;;;4BAA4Z,CAAC;mCAAgD,CAAC;;;;2DAA0P,CAAC;;;;4CAA+H,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;6EAAi5C,CAAC;;;;;;;;;;;;;4BAA0d,CAAC;;;;;;;;;;;;;;;;;;;mCAAgzB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAA84Q,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAkyX,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAi5D,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA7D5p5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,wBAAgB,sBAAsB,CAAC,CAAC,SAAS,iBAAiB,EAChE,OAAO,EAAE,CAAC,GACT,CAAC,CAgBH"}

package/dist/utils/betterAuthDefaults.js

@@ -0,0 +1,93 @@
+/**
+ * Utility to apply sensible defaults to Better Auth options.
+ *
+ * @packageDocumentation
+ */
+import { apiKey as betterAuthApiKey } from 'better-auth/plugins';
+/**
+ * API Key plugin with sensible defaults for use with this package.
+ *
+ * Enables metadata storage by default so that scopes can be displayed
+ * in the admin UI after key creation.
+ *
+ * @example
+ * ```ts
+ * import { apiKeyWithDefaults } from '@delmaredigital/payload-better-auth'
+ *
+ * export const betterAuthOptions = {
+ *   plugins: [
+ *     apiKeyWithDefaults(),  // metadata enabled by default
+ *   ],
+ * }
+ * ```
+ *
+ * @example With custom options
+ * ```ts
+ * apiKeyWithDefaults({
+ *   rateLimit: { max: 100, window: 60 },
+ *   // enableMetadata is already true
+ * })
+ * ```
+ */
+export function apiKeyWithDefaults(options) {
+    return betterAuthApiKey({
+        enableMetadata: true,
+        ...options,
+    });
+}
+/**
+ * Applies sensible defaults to Better Auth options.
+ *
+ * Currently applies the following defaults:
+ * - `trustedOrigins`: If not explicitly provided but `baseURL` is set,
+ *   defaults to `[baseURL]`. This handles the common single-domain case
+ *   where the app's origin should be trusted for auth requests.
+ *
+ * Multi-domain setups can still explicitly set `trustedOrigins` to include
+ * multiple origins.
+ *
+ * @example Simple case - trustedOrigins defaults to [baseURL]
+ * ```ts
+ * import { withBetterAuthDefaults } from '@delmaredigital/payload-better-auth'
+ *
+ * const auth = betterAuth(withBetterAuthDefaults({
+ *   baseURL: 'https://myapp.com',
+ *   // trustedOrigins automatically becomes ['https://myapp.com']
+ * }))
+ * ```
+ *
+ * @example Multi-domain case - explicit trustedOrigins respected
+ * ```ts
+ * const auth = betterAuth(withBetterAuthDefaults({
+ *   baseURL: 'https://myapp.com',
+ *   trustedOrigins: ['https://myapp.com', 'https://other-domain.com'],
+ *   // trustedOrigins stays as explicitly provided
+ * }))
+ * ```
+ *
+ * @example With createBetterAuthPlugin
+ * ```ts
+ * createBetterAuthPlugin({
+ *   createAuth: (payload) => betterAuth(withBetterAuthDefaults({
+ *     database: payloadAdapter({ payloadClient: payload }),
+ *     baseURL: process.env.BETTER_AUTH_URL,
+ *   })),
+ * })
+ * ```
+ */
+export function withBetterAuthDefaults(options) {
+    // If trustedOrigins is explicitly provided, use it as-is
+    if (options.trustedOrigins !== undefined) {
+        return options;
+    }
+    // If baseURL is set, default trustedOrigins to [baseURL]
+    if (options.baseURL) {
+        return {
+            ...options,
+            trustedOrigins: [options.baseURL],
+        };
+    }
+    // No defaults to apply
+    return options;
+}
+//# sourceMappingURL=betterAuthDefaults.js.map

package/dist/utils/betterAuthDefaults.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"betterAuthDefaults.js","sourceRoot":"","sources":["../../src/utils/betterAuthDefaults.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAIhE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAA6B;IAC9D,OAAO,gBAAgB,CAAC;QACtB,cAAc,EAAE,IAAI;QACpB,GAAG,OAAO;KACX,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAU;IAEV,yDAAyD;IACzD,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACzC,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,yDAAyD;IACzD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO;YACL,GAAG,OAAO;YACV,cAAc,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;SAClC,CAAA;IACH,CAAC;IAED,uBAAuB;IACvB,OAAO,OAAO,CAAA;AAChB,CAAC"}

package/dist/utils/firstUserAdmin.d.ts

@@ -0,0 +1,85 @@
+/**
+ * First User Admin Hook Utility
+ *
+ * Provides a Better Auth databaseHooks configuration that automatically
+ * makes the first registered user an admin.
+ *
+ * @packageDocumentation
+ */
+import type { BetterAuthOptions } from 'better-auth';
+export type FirstUserAdminOptions = {
+    /**
+     * Role to assign to the first user
+     * @default 'admin'
+     */
+    adminRole?: string;
+    /**
+     * Role to assign to subsequent users (if not already set)
+     * @default 'user'
+     */
+    defaultRole?: string;
+    /**
+     * Field name for the role field
+     * @default 'role'
+     */
+    roleField?: string;
+};
+/**
+ * Creates Better Auth databaseHooks configuration that makes the first
+ * registered user an admin.
+ *
+ * @example Basic usage
+ * ```ts
+ * import { betterAuth } from 'better-auth'
+ * import { payloadAdapter } from '@delmaredigital/payload-better-auth/adapter'
+ * import { firstUserAdminHooks } from '@delmaredigital/payload-better-auth'
+ *
+ * export const auth = betterAuth({
+ *   database: payloadAdapter({ payloadClient: payload }),
+ *   databaseHooks: firstUserAdminHooks(),
+ * })
+ * ```
+ *
+ * @example Custom roles
+ * ```ts
+ * export const auth = betterAuth({
+ *   database: payloadAdapter({ payloadClient: payload }),
+ *   databaseHooks: firstUserAdminHooks({
+ *     adminRole: 'super-admin',
+ *     defaultRole: 'member',
+ *   }),
+ * })
+ * ```
+ *
+ * @example Merging with other hooks
+ * ```ts
+ * export const auth = betterAuth({
+ *   database: payloadAdapter({ payloadClient: payload }),
+ *   databaseHooks: {
+ *     user: {
+ *       create: {
+ *         before: async (user, ctx) => {
+ *           // First apply first-user-admin logic
+ *           const result = await firstUserAdminHooks().user.create.before(user, ctx)
+ *           const userData = result?.data ?? user
+ *
+ *           // Then apply your custom logic
+ *           return {
+ *             data: {
+ *               ...userData,
+ *               createdVia: 'custom-signup',
+ *             },
+ *           }
+ *         },
+ *         after: async (user) => {
+ *           // Your after-create logic
+ *           console.log('User created:', user.email)
+ *         },
+ *       },
+ *     },
+ *   },
+ * })
+ * ```
+ */
+export declare function firstUserAdminHooks(options?: FirstUserAdminOptions): NonNullable<BetterAuthOptions['databaseHooks']>;
+//# sourceMappingURL=firstUserAdmin.d.ts.map

package/dist/utils/firstUserAdmin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"firstUserAdmin.d.ts","sourceRoot":"","sources":["../../src/utils/firstUserAdmin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAEpD,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,WAAW,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAyEjD"}

package/dist/utils/firstUserAdmin.js

@@ -0,0 +1,128 @@
+/**
+ * First User Admin Hook Utility
+ *
+ * Provides a Better Auth databaseHooks configuration that automatically
+ * makes the first registered user an admin.
+ *
+ * @packageDocumentation
+ */
+/**
+ * Creates Better Auth databaseHooks configuration that makes the first
+ * registered user an admin.
+ *
+ * @example Basic usage
+ * ```ts
+ * import { betterAuth } from 'better-auth'
+ * import { payloadAdapter } from '@delmaredigital/payload-better-auth/adapter'
+ * import { firstUserAdminHooks } from '@delmaredigital/payload-better-auth'
+ *
+ * export const auth = betterAuth({
+ *   database: payloadAdapter({ payloadClient: payload }),
+ *   databaseHooks: firstUserAdminHooks(),
+ * })
+ * ```
+ *
+ * @example Custom roles
+ * ```ts
+ * export const auth = betterAuth({
+ *   database: payloadAdapter({ payloadClient: payload }),
+ *   databaseHooks: firstUserAdminHooks({
+ *     adminRole: 'super-admin',
+ *     defaultRole: 'member',
+ *   }),
+ * })
+ * ```
+ *
+ * @example Merging with other hooks
+ * ```ts
+ * export const auth = betterAuth({
+ *   database: payloadAdapter({ payloadClient: payload }),
+ *   databaseHooks: {
+ *     user: {
+ *       create: {
+ *         before: async (user, ctx) => {
+ *           // First apply first-user-admin logic
+ *           const result = await firstUserAdminHooks().user.create.before(user, ctx)
+ *           const userData = result?.data ?? user
+ *
+ *           // Then apply your custom logic
+ *           return {
+ *             data: {
+ *               ...userData,
+ *               createdVia: 'custom-signup',
+ *             },
+ *           }
+ *         },
+ *         after: async (user) => {
+ *           // Your after-create logic
+ *           console.log('User created:', user.email)
+ *         },
+ *       },
+ *     },
+ *   },
+ * })
+ * ```
+ */
+export function firstUserAdminHooks(options) {
+    const { adminRole = 'admin', defaultRole = 'user', roleField = 'role', } = options ?? {};
+    // Using explicit any for the context type because Better Auth's
+    // GenericEndpointContext type is complex and includes [x: string]: any.
+    // The runtime behavior is what matters here.
+    const beforeHook = async (user, ctx) => {
+        try {
+            // Access the adapter from context
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const context = ctx;
+            const adapter = context?.context?.adapter;
+            if (!adapter?.count) {
+                // Adapter not available, fall back to default role
+                return {
+                    data: {
+                        ...user,
+                        [roleField]: user[roleField] ?? defaultRole,
+                    },
+                };
+            }
+            const userCount = await adapter.count({
+                model: 'user',
+                where: [],
+            });
+            if (userCount === 0) {
+                // First user becomes admin
+                return {
+                    data: {
+                        ...user,
+                        [roleField]: adminRole,
+                    },
+                };
+            }
+            // Subsequent users get default role if not already set
+            return {
+                data: {
+                    ...user,
+                    [roleField]: user[roleField] ?? defaultRole,
+                },
+            };
+        }
+        catch (error) {
+            // On error, don't block user creation - just use provided or default role
+            console.warn('[firstUserAdminHooks] Failed to check user count:', error);
+            return {
+                data: {
+                    ...user,
+                    [roleField]: user[roleField] ?? defaultRole,
+                },
+            };
+        }
+    };
+    return {
+        user: {
+            create: {
+                // Cast needed because Better Auth's hook types are complex
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                before: beforeHook,
+            },
+        },
+    };
+}
+//# sourceMappingURL=firstUserAdmin.js.map

package/dist/utils/firstUserAdmin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"firstUserAdmin.js","sourceRoot":"","sources":["../../src/utils/firstUserAdmin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAwBH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAA+B;IAE/B,MAAM,EACJ,SAAS,GAAG,OAAO,EACnB,WAAW,GAAG,MAAM,EACpB,SAAS,GAAG,MAAM,GACnB,GAAG,OAAO,IAAI,EAAE,CAAA;IAEjB,gEAAgE;IAChE,wEAAwE;IACxE,6CAA6C;IAC7C,MAAM,UAAU,GAAG,KAAK,EACtB,IAA6B,EAC7B,GAAY,EACgC,EAAE;QAC9C,IAAI,CAAC;YACH,kCAAkC;YAClC,8DAA8D;YAC9D,MAAM,OAAO,GAAG,GAA6C,CAAA;YAC7D,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,EAAE,OAAO,CAAA;YAEzC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;gBACpB,mDAAmD;gBACnD,OAAO;oBACL,IAAI,EAAE;wBACJ,GAAG,IAAI;wBACP,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,WAAW;qBAC5C;iBACF,CAAA;YACH,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;gBACpC,KAAK,EAAE,MAAM;gBACb,KAAK,EAAE,EAAE;aACV,CAAC,CAAA;YAEF,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;gBACpB,2BAA2B;gBAC3B,OAAO;oBACL,IAAI,EAAE;wBACJ,GAAG,IAAI;wBACP,CAAC,SAAS,CAAC,EAAE,SAAS;qBACvB;iBACF,CAAA;YACH,CAAC;YAED,uDAAuD;YACvD,OAAO;gBACL,IAAI,EAAE;oBACJ,GAAG,IAAI;oBACP,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,WAAW;iBAC5C;aACF,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,0EAA0E;YAC1E,OAAO,CAAC,IAAI,CAAC,mDAAmD,EAAE,KAAK,CAAC,CAAA;YACxE,OAAO;gBACL,IAAI,EAAE;oBACJ,GAAG,IAAI;oBACP,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,WAAW;iBAC5C;aACF,CAAA;QACH,CAAC;IACH,CAAC,CAAA;IAED,OAAO;QACL,IAAI,EAAE;YACJ,MAAM,EAAE;gBACN,2DAA2D;gBAC3D,8DAA8D;gBAC9D,MAAM,EAAE,UAAiB;aAC1B;SACF;KACF,CAAA;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delmaredigital/payload-better-auth",
-  "version": "0.3.4",
+  "version": "0.3.6",
   "description": "Better Auth adapter and plugins for Payload CMS",
   "type": "module",
   "license": "MIT",
@@ -54,7 +54,7 @@
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
-    "dev-publish": "pnpm build && pnpm version prerelease --preid=dev && pnpm publish --registry http://localhost:4873",
+    "dev-publish": "pnpm build && pnpm version prerelease --preid=dev --no-git-tag-version && pnpm publish --registry http://localhost:4873 --no-git-checks",
     "clean": "rm -rf dist",
     "generate:types": "tsx src/scripts/generate-types.ts",
     "test": "vitest run",
@@ -82,7 +82,7 @@
     "better-auth": "^1.4.17",
     "next": "^16.1.4",
     "payload": "^3.73.0",
-    "react": "^19.2.3",
+    "react": "^19.2.4",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^2.1.9"