@delmaredigital/payload-better-auth 0.3.8 → 0.3.10

package/src/utils/firstUserAdmin.ts

@@ -1,164 +0,0 @@
-/**
- * First User Admin Hook Utility
- *
- * Provides a Better Auth databaseHooks configuration that automatically
- * makes the first registered user an admin.
- *
- * @packageDocumentation
- */
-
-import type { BetterAuthOptions } from 'better-auth'
-
-export type FirstUserAdminOptions = {
-  /**
-   * Role to assign to the first user
-   * @default 'admin'
-   */
-  adminRole?: string
-
-  /**
-   * Role to assign to subsequent users (if not already set)
-   * @default 'user'
-   */
-  defaultRole?: string
-
-  /**
-   * Field name for the role field
-   * @default 'role'
-   */
-  roleField?: string
-}
-
-/**
- * Creates Better Auth databaseHooks configuration that makes the first
- * registered user an admin.
- *
- * @example Basic usage
- * ```ts
- * import { betterAuth } from 'better-auth'
- * import { payloadAdapter } from '@delmaredigital/payload-better-auth/adapter'
- * import { firstUserAdminHooks } from '@delmaredigital/payload-better-auth'
- *
- * export const auth = betterAuth({
- *   database: payloadAdapter({ payloadClient: payload }),
- *   databaseHooks: firstUserAdminHooks(),
- * })
- * ```
- *
- * @example Custom roles
- * ```ts
- * export const auth = betterAuth({
- *   database: payloadAdapter({ payloadClient: payload }),
- *   databaseHooks: firstUserAdminHooks({
- *     adminRole: 'super-admin',
- *     defaultRole: 'member',
- *   }),
- * })
- * ```
- *
- * @example Merging with other hooks
- * ```ts
- * export const auth = betterAuth({
- *   database: payloadAdapter({ payloadClient: payload }),
- *   databaseHooks: {
- *     user: {
- *       create: {
- *         before: async (user, ctx) => {
- *           // First apply first-user-admin logic
- *           const result = await firstUserAdminHooks().user.create.before(user, ctx)
- *           const userData = result?.data ?? user
- *
- *           // Then apply your custom logic
- *           return {
- *             data: {
- *               ...userData,
- *               createdVia: 'custom-signup',
- *             },
- *           }
- *         },
- *         after: async (user) => {
- *           // Your after-create logic
- *           console.log('User created:', user.email)
- *         },
- *       },
- *     },
- *   },
- * })
- * ```
- */
-export function firstUserAdminHooks(
-  options?: FirstUserAdminOptions
-): NonNullable<BetterAuthOptions['databaseHooks']> {
-  const {
-    adminRole = 'admin',
-    defaultRole = 'user',
-    roleField = 'role',
-  } = options ?? {}
-
-  // Using explicit any for the context type because Better Auth's
-  // GenericEndpointContext type is complex and includes [x: string]: any.
-  // The runtime behavior is what matters here.
-  const beforeHook = async (
-    user: Record<string, unknown>,
-    ctx: unknown
-  ): Promise<{ data: Record<string, unknown> }> => {
-    try {
-      // Access the adapter from context
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const context = ctx as { context?: { adapter?: any } } | null
-      const adapter = context?.context?.adapter
-
-      if (!adapter?.count) {
-        // Adapter not available, fall back to default role
-        return {
-          data: {
-            ...user,
-            [roleField]: user[roleField] ?? defaultRole,
-          },
-        }
-      }
-
-      const userCount = await adapter.count({
-        model: 'user',
-        where: [],
-      })
-
-      if (userCount === 0) {
-        // First user becomes admin
-        return {
-          data: {
-            ...user,
-            [roleField]: adminRole,
-          },
-        }
-      }
-
-      // Subsequent users get default role if not already set
-      return {
-        data: {
-          ...user,
-          [roleField]: user[roleField] ?? defaultRole,
-        },
-      }
-    } catch (error) {
-      // On error, don't block user creation - just use provided or default role
-      console.warn('[firstUserAdminHooks] Failed to check user count:', error)
-      return {
-        data: {
-          ...user,
-          [roleField]: user[roleField] ?? defaultRole,
-        },
-      }
-    }
-  }
-
-  return {
-    user: {
-      create: {
-        // Cast needed because Better Auth's hook types are complex
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        before: beforeHook as any,
-      },
-    },
-  }
-}

package/src/utils/generateScopes.ts

@@ -1,150 +0,0 @@
-/**
- * Auto-generate API key scopes from Payload collections.
- */
-
-import type { CollectionConfig } from 'payload'
-import type {
-  ScopeDefinition,
-  ApiKeyScopesConfig,
-  AvailableScope,
-} from '../types/apiKey.js'
-
-/** Default collections to exclude from auto-generated scopes */
-const DEFAULT_EXCLUDED_COLLECTIONS = [
-  'sessions',
-  'verifications',
-  'accounts',
-  'twoFactors',
-  'apiKeys',
-]
-
-/**
- * Capitalize the first letter of a string.
- */
-function capitalize(str: string): string {
-  return str.charAt(0).toUpperCase() + str.slice(1)
-}
-
-/**
- * Convert slug to human-readable label.
- * e.g., 'blog-posts' -> 'Blog Posts'
- */
-function slugToLabel(slug: string): string {
-  return slug
-    .split('-')
-    .map(capitalize)
-    .join(' ')
-}
-
-/**
- * Generate scopes from Payload collections.
- * Creates {collection}:read, {collection}:write, {collection}:delete for each collection.
- */
-export function generateScopesFromCollections(
-  collections: CollectionConfig[],
-  excludeCollections: string[] = DEFAULT_EXCLUDED_COLLECTIONS
-): Record<string, ScopeDefinition> {
-  const scopes: Record<string, ScopeDefinition> = {}
-
-  for (const collection of collections) {
-    if (excludeCollections.includes(collection.slug)) continue
-
-    const slug = collection.slug
-    const singularLabel =
-      (typeof collection.labels?.singular === 'string'
-        ? collection.labels.singular
-        : null) ?? slugToLabel(slug)
-    const pluralLabel =
-      (typeof collection.labels?.plural === 'string'
-        ? collection.labels.plural
-        : null) ?? slugToLabel(slug) + 's'
-
-    scopes[`${slug}:read`] = {
-      label: `Read ${pluralLabel}`,
-      description: `View ${pluralLabel.toLowerCase()}`,
-      permissions: { [slug]: ['read'] },
-    }
-
-    scopes[`${slug}:write`] = {
-      label: `Write ${pluralLabel}`,
-      description: `Create and edit ${pluralLabel.toLowerCase()}`,
-      permissions: { [slug]: ['read', 'create', 'update'] },
-    }
-
-    scopes[`${slug}:delete`] = {
-      label: `Delete ${pluralLabel}`,
-      description: `Delete ${pluralLabel.toLowerCase()}`,
-      permissions: { [slug]: ['delete'] },
-    }
-  }
-
-  return scopes
-}
-
-/**
- * Build the final scopes configuration from plugin options and collections.
- * Handles merging custom scopes with auto-generated collection scopes.
- */
-export function buildAvailableScopes(
-  collections: CollectionConfig[],
-  config?: ApiKeyScopesConfig
-): AvailableScope[] {
-  const customScopes = config?.scopes ?? {}
-  const hasCustomScopes = Object.keys(customScopes).length > 0
-
-  // Determine if we should include collection scopes
-  // Default: true when no custom scopes, false when custom scopes provided
-  const includeCollectionScopes =
-    config?.includeCollectionScopes ?? !hasCustomScopes
-
-  const excludeCollections = config?.excludeCollections ?? DEFAULT_EXCLUDED_COLLECTIONS
-
-  // Build the combined scopes object
-  let allScopes: Record<string, ScopeDefinition> = {}
-
-  // Add collection scopes if enabled
-  if (includeCollectionScopes) {
-    allScopes = generateScopesFromCollections(collections, excludeCollections)
-  }
-
-  // Add custom scopes (they override collection scopes with same ID)
-  for (const [id, scope] of Object.entries(customScopes)) {
-    allScopes[id] = scope
-  }
-
-  // Convert to array format for the client
-  return Object.entries(allScopes).map(([id, scope]) => ({
-    id,
-    ...scope,
-  }))
-}
-
-/**
- * Convert selected scopes to Better Auth permission format.
- * Used when creating an API key.
- */
-export function scopesToPermissions(
-  selectedScopeIds: string[],
-  availableScopes: AvailableScope[]
-): Record<string, string[]> {
-  const permissions: Record<string, string[]> = {}
-
-  for (const scopeId of selectedScopeIds) {
-    const scope = availableScopes.find((s) => s.id === scopeId)
-    if (!scope) continue
-
-    for (const [resource, actions] of Object.entries(scope.permissions)) {
-      if (!permissions[resource]) {
-        permissions[resource] = []
-      }
-      // Add unique actions
-      for (const action of actions) {
-        if (!permissions[resource].includes(action)) {
-          permissions[resource].push(action)
-        }
-      }
-    }
-  }
-
-  return permissions
-}

package/src/utils/session.ts

@@ -1,91 +0,0 @@
-/**
- * Server-side session utilities
- *
- * @packageDocumentation
- */
-
-import type { BasePayload } from 'payload'
-import type { PayloadWithAuth } from '../plugin/index.js'
-
-export type Session = {
-  user: {
-    id: string
-    email: string
-    name?: string
-    image?: string
-    [key: string]: unknown
-  }
-  session: {
-    id: string
-    expiresAt: Date
-    [key: string]: unknown
-  }
-}
-
-/**
- * Get the current session from headers.
- *
- * @example
- * ```ts
- * import { headers } from 'next/headers'
- * import { getServerSession } from '@delmare/payload-better-auth'
- *
- * export default async function Page() {
- *   const headersList = await headers()
- *   const session = await getServerSession(payload, headersList)
- *
- *   if (!session) {
- *     redirect('/login')
- *   }
- *
- *   return <div>Hello {session.user.name}</div>
- * }
- * ```
- */
-export async function getServerSession(
-  payload: BasePayload,
-  headers: Headers
-): Promise<Session | null> {
-  try {
-    const payloadWithAuth = payload as PayloadWithAuth
-
-    if (!payloadWithAuth.betterAuth) {
-      console.error('[session] Better Auth not initialized')
-      return null
-    }
-
-    const session = await payloadWithAuth.betterAuth.api.getSession({ headers })
-    return session as Session | null
-  } catch (error) {
-    console.error('[session] Error getting session:', error)
-    return null
-  }
-}
-
-/**
- * Get the current user from the session.
- *
- * @example
- * ```ts
- * import { headers } from 'next/headers'
- * import { getServerUser } from '@delmare/payload-better-auth'
- *
- * export default async function Page() {
- *   const headersList = await headers()
- *   const user = await getServerUser(payload, headersList)
- *
- *   if (!user) {
- *     redirect('/login')
- *   }
- *
- *   return <div>Hello {user.name}</div>
- * }
- * ```
- */
-export async function getServerUser(
-  payload: BasePayload,
-  headers: Headers
-): Promise<Session['user'] | null> {
-  const session = await getServerSession(payload, headers)
-  return session?.user ?? null
-}