@delmaredigital/payload-better-auth 0.3.6 → 0.3.8

package/dist/plugin/index.js

@@ -2,10 +2,9 @@
  * Payload Plugins for Better Auth
  *
  * @packageDocumentation
- */
-import { detectAuthConfig } from '../utils/detectAuthConfig.js';
-import { detectEnabledPlugins, } from '../utils/detectEnabledPlugins.js';
-import { buildAvailableScopes, scopesToPermissions, } from '../utils/generateScopes.js';
+ */ import { detectAuthConfig } from '../utils/detectAuthConfig.js';
+import { detectEnabledPlugins } from '../utils/detectEnabledPlugins.js';
+import { buildAvailableScopes, scopesToPermissions } from '../utils/generateScopes.js';
 // Track auth instance for HMR
 let authInstance = null;
 // Store API key scopes config for access by management views
@@ -13,20 +12,27 @@ let apiKeyScopesConfig = undefined;
 /**
  * Get the configured API key scopes config.
  * Used by the ApiKeysView to build available scopes.
- */
-export function getApiKeyScopesConfig() {
+ */ export function getApiKeyScopesConfig() {
     return apiKeyScopesConfig;
 }
 /**
  * Handle API key creation with scopes server-side.
  * Converts scopes to permissions and calls Better Auth's server API.
- */
-async function handleApiKeyCreateWithScopes(authApi, payload, headers, body) {
+ */ async function handleApiKeyCreateWithScopes(authApi, payload, headers, body) {
     try {
         // Get the current session to find the user
-        const session = await authApi.getSession({ headers });
+        const session = await authApi.getSession({
+            headers
+        });
         if (!session?.user?.id) {
-            return new Response(JSON.stringify({ error: 'Unauthorized' }), { status: 401, headers: { 'Content-Type': 'application/json' } });
+            return new Response(JSON.stringify({
+                error: 'Unauthorized'
+            }), {
+                status: 401,
+                headers: {
+                    'Content-Type': 'application/json'
+                }
+            });
         }
         // Extract scopes from the request body
         const scopes = body.scopes ?? [];
@@ -45,61 +51,83 @@ async function handleApiKeyCreateWithScopes(authApi, payload, headers, body) {
                 expiresIn: body.expiresIn,
                 prefix: body.prefix,
                 permissions: permissions && Object.keys(permissions).length > 0 ? permissions : undefined,
-                metadata: scopes.length > 0
-                    ? { ...body.metadata, scopes }
-                    : body.metadata,
-            },
+                metadata: scopes.length > 0 ? {
+                    ...body.metadata,
+                    scopes
+                } : body.metadata
+            }
         };
         // Call Better Auth's server-side API
         if (typeof authApi.createApiKey !== 'function') {
-            return new Response(JSON.stringify({ error: 'API key plugin not enabled' }), { status: 400, headers: { 'Content-Type': 'application/json' } });
+            return new Response(JSON.stringify({
+                error: 'API key plugin not enabled'
+            }), {
+                status: 400,
+                headers: {
+                    'Content-Type': 'application/json'
+                }
+            });
         }
         try {
             const result = await authApi.createApiKey(createOptions);
             return new Response(JSON.stringify(result), {
                 status: 200,
-                headers: { 'Content-Type': 'application/json' },
+                headers: {
+                    'Content-Type': 'application/json'
+                }
             });
-        }
-        catch (createError) {
+        } catch (createError) {
             // Check if error is due to metadata being disabled
             const errorMessage = createError instanceof Error ? createError.message : String(createError);
-            const isMetadataDisabled = errorMessage.toLowerCase().includes('metadata') &&
-                errorMessage.toLowerCase().includes('disabled');
+            const isMetadataDisabled = errorMessage.toLowerCase().includes('metadata') && errorMessage.toLowerCase().includes('disabled');
             if (isMetadataDisabled && createOptions.body.metadata) {
                 // Retry without metadata - key will still work, just won't show scopes in UI
                 console.warn('[better-auth] Metadata disabled, creating API key without scope metadata. Enable metadata with apiKeyWithDefaults() for better UX.');
                 const optionsWithoutMetadata = {
                     body: {
                         ...createOptions.body,
-                        metadata: undefined,
-                    },
+                        metadata: undefined
+                    }
                 };
                 const result = await authApi.createApiKey(optionsWithoutMetadata);
                 return new Response(JSON.stringify(result), {
                     status: 200,
-                    headers: { 'Content-Type': 'application/json' },
+                    headers: {
+                        'Content-Type': 'application/json'
+                    }
                 });
             }
             // Re-throw other errors
             throw createError;
         }
-    }
-    catch (error) {
+    } catch (error) {
         console.error('[better-auth] API key creation error:', error);
         const message = error instanceof Error ? error.message : 'Failed to create API key';
-        return new Response(JSON.stringify({ error: message }), { status: 500, headers: { 'Content-Type': 'application/json' } });
+        return new Response(JSON.stringify({
+            error: message
+        }), {
+            status: 500,
+            headers: {
+                'Content-Type': 'application/json'
+            }
+        });
     }
 }
 /**
  * Creates the auth endpoint handler that proxies requests to Better Auth.
- */
-function createAuthEndpointHandler() {
-    return async (req) => {
+ */ function createAuthEndpointHandler() {
+    return async (req)=>{
         const payloadWithAuth = req.payload;
         const auth = payloadWithAuth.betterAuth;
         if (!auth) {
-            return new Response(JSON.stringify({ error: 'Better Auth not initialized' }), { status: 500, headers: { 'Content-Type': 'application/json' } });
+            return new Response(JSON.stringify({
+                error: 'Better Auth not initialized'
+            }), {
+                status: 500,
+                headers: {
+                    'Content-Type': 'application/json'
+                }
+            });
         }
         try {
             // Construct the full URL for Better Auth
@@ -107,9 +135,7 @@ function createAuthEndpointHandler() {
             const protocol = req.headers.get('x-forwarded-proto') || 'http';
             const host = req.headers.get('host') || 'localhost';
             const pathname = req.pathname || '';
-            const search = req.search ||
-                req.url?.split('?')[1] ||
-                '';
+            const search = req.search || req.url?.split('?')[1] || '';
             const url = new URL(pathname, `${protocol}://${host}`);
             if (search) {
                 url.search = search.startsWith('?') ? search : `?${search}`;
@@ -117,7 +143,10 @@ function createAuthEndpointHandler() {
             // Get request body for non-GET methods
             let body;
             let parsedBody;
-            if (req.method && !['GET', 'HEAD'].includes(req.method)) {
+            if (req.method && ![
+                'GET',
+                'HEAD'
+            ].includes(req.method)) {
                 try {
                     // Try to get body from request
                     if (typeof req.text === 'function') {
@@ -125,18 +154,15 @@ function createAuthEndpointHandler() {
                         if (body) {
                             try {
                                 parsedBody = JSON.parse(body);
-                            }
-                            catch {
-                                // Not JSON, that's okay
+                            } catch  {
+                            // Not JSON, that's okay
                             }
                         }
-                    }
-                    else if (req.data) {
+                    } else if (req.data) {
                         parsedBody = req.data;
                         body = JSON.stringify(parsedBody);
                     }
-                }
-                catch {
+                } catch  {
                     // Body might already be consumed, try data property
                     if (req.data) {
                         parsedBody = req.data;
@@ -146,10 +172,7 @@ function createAuthEndpointHandler() {
             }
             // Intercept API key creation requests with scopes
             // Better Auth's API key create endpoint is POST /api-key/create
-            const isApiKeyCreate = req.method === 'POST' &&
-                pathname.endsWith('/api-key/create') &&
-                parsedBody?.scopes &&
-                Array.isArray(parsedBody.scopes);
+            const isApiKeyCreate = req.method === 'POST' && pathname.endsWith('/api-key/create') && parsedBody?.scopes && Array.isArray(parsedBody.scopes);
             if (isApiKeyCreate && parsedBody) {
                 return handleApiKeyCreateWithScopes(auth.api, req.payload, req.headers, parsedBody);
             }
@@ -157,69 +180,71 @@ function createAuthEndpointHandler() {
             const request = new Request(url.toString(), {
                 method: req.method || 'GET',
                 headers: req.headers,
-                body,
+                body
             });
             const response = await auth.handler(request);
             return response;
-        }
-        catch (error) {
+        } catch (error) {
             console.error('[better-auth] Endpoint handler error:', error);
-            return new Response(JSON.stringify({ error: 'Internal server error' }), { status: 500, headers: { 'Content-Type': 'application/json' } });
+            return new Response(JSON.stringify({
+                error: 'Internal server error'
+            }), {
+                status: 500,
+                headers: {
+                    'Content-Type': 'application/json'
+                }
+            });
         }
     };
 }
 /**
  * Generates Payload endpoints for Better Auth.
- */
-function generateAuthEndpoints(basePath) {
+ */ function generateAuthEndpoints(basePath) {
     const handler = createAuthEndpointHandler();
-    const methods = ['get', 'post', 'patch', 'put', 'delete'];
-    return methods.map((method) => ({
-        path: `${basePath}/:path*`,
-        method,
-        handler,
-    }));
+    const methods = [
+        'get',
+        'post',
+        'patch',
+        'put',
+        'delete'
+    ];
+    return methods.map((method)=>({
+            path: `${basePath}/:path*`,
+            method,
+            handler
+        }));
 }
 /**
  * Injects admin components into the Payload config when disableLocalStrategy is detected.
- */
-function injectAdminComponents(config, options) {
+ */ function injectAdminComponents(config, options) {
     const authDetection = detectAuthConfig(config);
     // Skip if not using disableLocalStrategy or auto-injection is disabled
-    if (!authDetection.hasDisableLocalStrategy ||
-        options.autoInjectAdminComponents === false) {
+    if (!authDetection.hasDisableLocalStrategy || options.autoInjectAdminComponents === false) {
         return config;
     }
     const adminOptions = options.admin ?? {};
     const existingComponents = config.admin?.components ?? {};
     // Build logout button config
-    const logoutButton = adminOptions.disableLogoutButton
-        ? existingComponents.logout?.Button
-        : adminOptions.logoutButtonComponent ??
-            '@delmaredigital/payload-better-auth/components#LogoutButton';
+    const logoutButton = adminOptions.disableLogoutButton ? existingComponents.logout?.Button : adminOptions.logoutButtonComponent ?? '@delmaredigital/payload-better-auth/components#LogoutButton';
     // Build beforeLogin config
     const existingBeforeLogin = existingComponents.beforeLogin ?? [];
-    const beforeLogin = adminOptions.disableBeforeLogin
-        ? existingBeforeLogin
-        : [
-            ...(Array.isArray(existingBeforeLogin)
-                ? existingBeforeLogin
-                : [existingBeforeLogin]),
-            adminOptions.beforeLoginComponent ??
-                '@delmaredigital/payload-better-auth/components#BeforeLogin',
-        ];
+    const beforeLogin = adminOptions.disableBeforeLogin ? existingBeforeLogin : [
+        ...Array.isArray(existingBeforeLogin) ? existingBeforeLogin : [
+            existingBeforeLogin
+        ],
+        adminOptions.beforeLoginComponent ?? '@delmaredigital/payload-better-auth/components#BeforeLogin'
+    ];
     // Build login view config
     const existingViews = existingComponents.views ?? {};
-    const newLoginView = adminOptions.disableLoginView
-        ? undefined
-        : {
-            Component: adminOptions.loginViewComponent ??
-                '@delmaredigital/payload-better-auth/rsc#LoginViewWrapper',
-            path: '/login',
-        };
+    const newLoginView = adminOptions.disableLoginView ? undefined : {
+        Component: adminOptions.loginViewComponent ?? '@delmaredigital/payload-better-auth/rsc#LoginViewWrapper',
+        path: '/login'
+    };
     const views = {
         ...existingViews,
-        ...(newLoginView ? { login: newLoginView } : {}),
+        ...newLoginView ? {
+            login: newLoginView
+        } : {}
     };
     // Store login config in config.custom for the RSC wrapper to read
     const loginConfig = adminOptions.login ?? {};
@@ -230,31 +255,26 @@ function injectAdminComponents(config, options) {
             ...config.custom,
             betterAuth: {
                 ...config.custom?.betterAuth,
-                login: loginConfig,
-            },
+                login: loginConfig
+            }
         },
         admin: {
             ...config.admin,
             components: {
                 ...existingComponents,
-                logout: logoutButton
-                    ? {
-                        ...(typeof existingComponents.logout === 'object'
-                            ? existingComponents.logout
-                            : {}),
-                        Button: logoutButton,
-                    }
-                    : existingComponents.logout,
+                logout: logoutButton ? {
+                    ...typeof existingComponents.logout === 'object' ? existingComponents.logout : {},
+                    Button: logoutButton
+                } : existingComponents.logout,
                 beforeLogin,
-                views,
-            },
-        },
+                views
+            }
+        }
     };
 }
 /**
  * Injects management UI components into the Payload config based on enabled plugins.
- */
-function injectManagementComponents(config, options) {
+ */ function injectManagementComponents(config, options) {
     const adminOptions = options.admin ?? {};
     // Skip if management UI is disabled
     if (adminOptions.enableManagementUI === false) {
@@ -266,7 +286,7 @@ function injectManagementComponents(config, options) {
     const paths = {
         twoFactor: adminOptions.managementPaths?.twoFactor ?? '/security/two-factor',
         apiKeys: adminOptions.managementPaths?.apiKeys ?? '/security/api-keys',
-        passkeys: adminOptions.managementPaths?.passkeys ?? '/security/passkeys',
+        passkeys: adminOptions.managementPaths?.passkeys ?? '/security/passkeys'
     };
     const existingComponents = config.admin?.components ?? {};
     const existingViews = existingComponents.views ?? {};
@@ -278,41 +298,39 @@ function injectManagementComponents(config, options) {
     if (enabledPlugins.hasTwoFactor) {
         managementViews.securityTwoFactor = {
             Component: '@delmaredigital/payload-better-auth/rsc#TwoFactorView',
-            path: paths.twoFactor,
+            path: paths.twoFactor
         };
     }
     // API keys (if enabled)
     if (enabledPlugins.hasApiKey) {
         managementViews.securityApiKeys = {
             Component: '@delmaredigital/payload-better-auth/rsc#ApiKeysView',
-            path: paths.apiKeys,
+            path: paths.apiKeys
         };
     }
     // Passkeys (if enabled)
     if (enabledPlugins.hasPasskey) {
         managementViews.securityPasskeys = {
             Component: '@delmaredigital/payload-better-auth/rsc#PasskeysView',
-            path: paths.passkeys,
+            path: paths.passkeys
         };
     }
     // Only add nav links if at least one plugin is enabled
     const hasAnyPlugin = enabledPlugins.hasTwoFactor || enabledPlugins.hasApiKey || enabledPlugins.hasPasskey;
     // Add SecurityNavLinks to afterNavLinks with clientProps for enabled plugins
-    const afterNavLinks = hasAnyPlugin
-        ? [
-            ...(Array.isArray(existingAfterNavLinks)
-                ? existingAfterNavLinks
-                : [existingAfterNavLinks]),
-            {
-                path: '@delmaredigital/payload-better-auth/components/management#SecurityNavLinks',
-                clientProps: {
-                    showTwoFactor: enabledPlugins.hasTwoFactor,
-                    showApiKeys: enabledPlugins.hasApiKey,
-                    showPasskeys: enabledPlugins.hasPasskey,
-                },
-            },
-        ]
-        : existingAfterNavLinks;
+    const afterNavLinks = hasAnyPlugin ? [
+        ...Array.isArray(existingAfterNavLinks) ? existingAfterNavLinks : [
+            existingAfterNavLinks
+        ],
+        {
+            path: '@delmaredigital/payload-better-auth/components/management#SecurityNavLinks',
+            clientProps: {
+                showTwoFactor: enabledPlugins.hasTwoFactor,
+                showApiKeys: enabledPlugins.hasApiKey,
+                showPasskeys: enabledPlugins.hasPasskey
+            }
+        }
+    ] : existingAfterNavLinks;
     return {
         ...config,
         admin: {
@@ -321,11 +339,11 @@ function injectManagementComponents(config, options) {
                 ...existingComponents,
                 views: {
                     ...existingViews,
-                    ...managementViews,
+                    ...managementViews
                 },
-                afterNavLinks,
-            },
-        },
+                afterNavLinks
+            }
+        }
     };
 }
 /**
@@ -356,30 +374,28 @@ function injectManagementComponents(config, options) {
  *   ],
  * })
  * ```
- */
-export function createBetterAuthPlugin(options) {
-    const { createAuth, authBasePath = '/auth', autoRegisterEndpoints = true, autoInjectAdminComponents = true, } = options;
+ */ export function createBetterAuthPlugin(options) {
+    const { createAuth, authBasePath = '/auth', autoRegisterEndpoints = true, autoInjectAdminComponents = true } = options;
     // Store API key scopes config for access by management views
     apiKeyScopesConfig = options.admin?.apiKey;
-    return (incomingConfig) => {
+    return (incomingConfig)=>{
         // Inject admin components if enabled
-        let config = autoInjectAdminComponents
-            ? injectAdminComponents(incomingConfig, options)
-            : incomingConfig;
+        let config = autoInjectAdminComponents ? injectAdminComponents(incomingConfig, options) : incomingConfig;
         // Inject management UI components
         config = injectManagementComponents(config, options);
         // Generate auth endpoints if enabled
-        const authEndpoints = autoRegisterEndpoints
-            ? generateAuthEndpoints(authBasePath)
-            : [];
+        const authEndpoints = autoRegisterEndpoints ? generateAuthEndpoints(authBasePath) : [];
         // Merge endpoints
         const existingEndpoints = config.endpoints ?? [];
         // Get existing onInit
         const existingOnInit = config.onInit;
         return {
             ...config,
-            endpoints: [...existingEndpoints, ...authEndpoints],
-            onInit: async (payload) => {
+            endpoints: [
+                ...existingEndpoints,
+                ...authEndpoints
+            ],
+            onInit: async (payload)=>{
                 if (existingOnInit) {
                     await existingOnInit(payload);
                 }
@@ -391,8 +407,7 @@ export function createBetterAuthPlugin(options) {
                 if (!authInstance) {
                     try {
                         authInstance = createAuth(payload);
-                    }
-                    catch (error) {
+                    } catch (error) {
                         console.error('[better-auth] Failed to create auth:', error);
                         throw error;
                     }
@@ -402,9 +417,9 @@ export function createBetterAuthPlugin(options) {
                     value: authInstance,
                     writable: false,
                     enumerable: false,
-                    configurable: false,
+                    configurable: false
                 });
-            },
+            }
         };
     };
 }
@@ -443,31 +458,42 @@ export function createBetterAuthPlugin(options) {
  *   }
  * }
  * ```
- */
-export function betterAuthStrategy(options = {}) {
+ */ export function betterAuthStrategy(options = {}) {
     const { usersCollection = 'users', membersCollection = 'members' } = options;
     return {
         name: 'better-auth',
-        authenticate: async ({ payload, headers, }) => {
+        authenticate: async ({ payload, headers })=>{
             try {
                 const payloadWithAuth = payload;
                 const auth = payloadWithAuth.betterAuth;
                 if (!auth) {
                     console.error('Better Auth not initialized on payload instance');
-                    return { user: null };
+                    return {
+                        user: null
+                    };
                 }
-                const sessionData = await auth.api.getSession({ headers });
+                const sessionData = await auth.api.getSession({
+                    headers
+                });
                 if (!sessionData?.user?.id) {
-                    return { user: null };
+                    return {
+                        user: null
+                    };
                 }
                 const users = await payload.find({
                     collection: usersCollection,
-                    where: { id: { equals: sessionData.user.id } },
+                    where: {
+                        id: {
+                            equals: sessionData.user.id
+                        }
+                    },
                     limit: 1,
-                    depth: 0,
+                    depth: 0
                 });
                 if (users.docs.length === 0) {
-                    return { user: null };
+                    return {
+                        user: null
+                    };
                 }
                 // Extract session fields to merge onto user (e.g., activeOrganizationId from org plugin)
                 // Exclude fields that might conflict with user fields
@@ -480,42 +506,52 @@ export function betterAuthStrategy(options = {}) {
                             collection: membersCollection,
                             where: {
                                 and: [
-                                    { user: { equals: sessionData.user.id } },
-                                    { organization: { equals: sessionFields.activeOrganizationId } },
-                                ],
+                                    {
+                                        user: {
+                                            equals: sessionData.user.id
+                                        }
+                                    },
+                                    {
+                                        organization: {
+                                            equals: sessionFields.activeOrganizationId
+                                        }
+                                    }
+                                ]
                             },
                             limit: 1,
-                            depth: 0,
+                            depth: 0
                         });
                         if (memberships.docs.length > 0) {
                             organizationRole = memberships.docs[0].role;
                         }
-                    }
-                    catch {
-                        // Members collection might not exist (org plugin not used), silently ignore
+                    } catch  {
+                    // Members collection might not exist (org plugin not used), silently ignore
                     }
                 }
                 return {
                     user: {
                         ...users.docs[0],
-                        ...sessionFields, // Merge session fields (activeOrganizationId, etc.)
-                        ...(organizationRole && { organizationRole }), // Add org role if found
+                        ...sessionFields,
+                        ...organizationRole && {
+                            organizationRole
+                        },
                         collection: usersCollection,
-                        _strategy: 'better-auth',
-                    },
+                        _strategy: 'better-auth'
+                    }
                 };
-            }
-            catch (error) {
+            } catch (error) {
                 console.error('Better Auth strategy error:', error);
-                return { user: null };
+                return {
+                    user: null
+                };
             }
-        },
+        }
     };
 }
 /**
  * Reset the auth instance (useful for testing)
- */
-export function resetAuthInstance() {
+ */ export function resetAuthInstance() {
     authInstance = null;
 }
+
 //# sourceMappingURL=index.js.map