@delmaredigital/payload-better-auth 0.3.8 → 0.3.10

package/dist/exports/client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/exports/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AACpD,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAA;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AAE3D;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;qCAkBf,CAAC;qCAAkD,CAAC;;;;;;;;;iCAS3C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAoBwnC,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAA65I,CAAC;;;;;;;;;;;;;;;;;qCAAmnB,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAAu2J,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAyuC,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAAsxD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAhuZ,CAAC;;;;;;;;;;;;;;gCAA4Z,CAAC;uCAAgD,CAAC;;;;+DAA0P,CAAC;;;;gDAA+H,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;iFAAi5C,CAAC;;;;;;;;;;;;;gCAA0d,CAAC;;;;;;;;;;;;;;;;;;;uCAAgzB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA84Q,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAkyX,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAi5D,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAh93B,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAi2P,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAivD,CAAC;6BAA8C,CAAC;;;;;;;;;;;;;;qCAAwf,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA0pC,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAgxC,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;0BAAj3d,CAAC;wBAAoB,CAAC;4BAA+B,CAAC;kCAAiD,CAAC;;;2BAAoG,CAAC;;;;;;;;;;;;;;;;;;;;;6BAAoe,CAAC;4BAAwB,CAAC;oBAAwJ,CAAC;uCAA8M,CAAC;+BAA8N,CAAC;oCAAyC,CAAC;;;2BAAoG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA3C/6C,CAAA;AAEV,MAAM,WAAW,wBAAwB;IACvC,uEAAuE;IACvE,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,CAAC,EAAE,wBAAwB;;;;;;6BAxDtC,CAAC;iBAAa,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAkEiv5F,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAAn7tF,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAA6xL,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAAk0G,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAAt+H,CAAC;yBAA8C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAtgW,CAAC;oBAAoB,CAAC;wBAA+B,CAAC;8BAAiD,CAAC;;;uBAAoG,CAAC;;;;;;;;;;;;;;;;;;;;;yBAAoe,CAAC;wBAAwB,CAAC;gBAAwJ,CAAC;mCAA8M,CAAC;2BAA8N,CAAC;gCAAyC,CAAC;;;uBAAoG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAzB/2C,CAAC;iBAE1E,CAAD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aAuBimB,CAAC;;cAA0D,CAAC;eAA+B,CAAC;;;;;gBAA8U,CAAC;mBAA8C,CAAC;iBAAmC,CAAC;iBAAmC,CAAC;YAA+B,CAAC;gBAAuC,CAAC;gBAA2C,CAAC;sBAAwC,CAAC;cAAwC,CAAC;eAA+C,CAAC;mBAA0G,CAAC;yBAAuB,CAAC;;eAAyC,CAAC;;;aAA2G,CAAC;YAA+B,CAAC;;;;;;;;;;;;YAA+e,CAAC;aAAgB,CAAC;cAAiB,CAAC;cAAiB,CAAC;;aAA8F,CAAC;oBAAkE,CAAC;cAAgC,CAAC;mBAAmG,CAAC;yBAA2E,CAAC;qBAAwC,CAAC;;;uBAAkF,CAAC;+GAAuL,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAH73F;AAED,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAA"}

package/dist/exports/client.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/exports/client.ts"],"sourcesContent":["/**\n * Client-side auth utilities\n * Re-exports createAuthClient from better-auth/react and common plugins\n */\n\nimport { createAuthClient } from 'better-auth/react'\nimport { twoFactorClient, apiKeyClient } from 'better-auth/client/plugins'\nimport { passkeyClient } from '@better-auth/passkey/client'\n\n// Re-export createAuthClient and common plugins\nexport { createAuthClient } from 'better-auth/react'\nexport { twoFactorClient, apiKeyClient } from 'better-auth/client/plugins'\nexport { passkeyClient } from '@better-auth/passkey/client'\n\n/**\n * Default plugins included with Payload Better Auth.\n * Use this with createAuthClient when you need custom plugins with full type safety.\n *\n * @example With custom plugins (full type safety)\n * ```typescript\n * import { createAuthClient, payloadAuthPlugins } from '@delmaredigital/payload-better-auth/client'\n * import { stripeClient } from '@better-auth/stripe/client'\n *\n * export const authClient = createAuthClient({\n *   plugins: [...payloadAuthPlugins, stripeClient({ subscription: true })],\n * })\n *\n * // authClient.subscription is fully typed!\n * ```\n */\nexport const payloadAuthPlugins = [\n  twoFactorClient(),\n  apiKeyClient(),\n  passkeyClient(),\n] as const\n\nexport interface PayloadAuthClientOptions {\n  /** Base URL for auth endpoints (defaults to window.location.origin) */\n  baseURL?: string\n}\n\n/**\n * Create a pre-configured auth client with default plugins (twoFactor, apiKey, passkey).\n *\n * This is a convenience wrapper for simple setups. For custom plugins with full type\n * safety, use `createAuthClient` with `payloadAuthPlugins` instead.\n *\n * @param options - Optional configuration\n * @param options.baseURL - Base URL for auth endpoints (defaults to window.location.origin)\n *\n * @example Basic usage (no custom plugins)\n * ```typescript\n * import { createPayloadAuthClient } from '@delmaredigital/payload-better-auth/client'\n *\n * export const authClient = createPayloadAuthClient()\n * ```\n *\n * @example With custom plugins (use createAuthClient for full type safety)\n * ```typescript\n * import { createAuthClient, payloadAuthPlugins } from '@delmaredigital/payload-better-auth/client'\n * import { stripeClient } from '@better-auth/stripe/client'\n *\n * export const authClient = createAuthClient({\n *   plugins: [...payloadAuthPlugins, stripeClient({ subscription: true })],\n * })\n * ```\n */\nexport function createPayloadAuthClient(options?: PayloadAuthClientOptions) {\n  return createAuthClient({\n    baseURL:\n      options?.baseURL ??\n      (typeof window !== 'undefined' ? window.location.origin : ''),\n    plugins: [...payloadAuthPlugins],\n  })\n}\n\nexport type PayloadAuthClient = ReturnType<typeof createPayloadAuthClient>\n"],"names":["createAuthClient","twoFactorClient","apiKeyClient","passkeyClient","payloadAuthPlugins","createPayloadAuthClient","options","baseURL","window","location","origin","plugins"],"mappings":"AAAA;;;CAGC,GAED,SAASA,gBAAgB,QAAQ,oBAAmB;AACpD,SAASC,eAAe,EAAEC,YAAY,QAAQ,6BAA4B;AAC1E,SAASC,aAAa,QAAQ,8BAA6B;AAE3D,gDAAgD;AAChD,SAASH,gBAAgB,QAAQ,oBAAmB;AACpD,SAASC,eAAe,EAAEC,YAAY,QAAQ,6BAA4B;AAC1E,SAASC,aAAa,QAAQ,8BAA6B;AAE3D;;;;;;;;;;;;;;;CAeC,GACD,OAAO,MAAMC,qBAAqB;IAChCH;IACAC;IACAC;CACD,CAAS;AAOV;;;;;;;;;;;;;;;;;;;;;;;;;CAyBC,GACD,OAAO,SAASE,wBAAwBC,OAAkC;IACxE,OAAON,iBAAiB;QACtBO,SACED,SAASC,WACR,CAAA,OAAOC,WAAW,cAAcA,OAAOC,QAAQ,CAACC,MAAM,GAAG,EAAC;QAC7DC,SAAS;eAAIP;SAAmB;IAClC;AACF"}

package/dist/exports/components.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"components.d.ts","sourceRoot":"","sources":["../../src/exports/components.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAA;AAC5D,YAAY,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAA;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAA;AAC1D,YAAY,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAA;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAA;AAGtD,YAAY,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAA;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAA;AAC7E,YAAY,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAA;AACrF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAA;AAG3E,YAAY,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAA;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,+CAA+C,CAAA;AAClF,YAAY,EAAE,wBAAwB,EAAE,MAAM,gDAAgD,CAAA;AAC9F,OAAO,EAAE,mBAAmB,EAAE,MAAM,gDAAgD,CAAA;AAGpF,YAAY,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAA;AACpF,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAA;AAC1E,YAAY,EAAE,0BAA0B,EAAE,MAAM,wCAAwC,CAAA;AACxF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAA"}

package/dist/exports/components.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/exports/components.ts"],"sourcesContent":["/**\n * Admin Components for Better Auth\n *\n * These components are auto-injected when disableLocalStrategy is detected.\n * They can also be used standalone or customized.\n */\n\nexport { LogoutButton } from '../components/LogoutButton.js'\nexport type { BeforeLoginProps } from '../components/BeforeLogin.js'\nexport { BeforeLogin } from '../components/BeforeLogin.js'\nexport type { LoginViewProps } from '../components/LoginView.js'\nexport { LoginView } from '../components/LoginView.js'\n\n// Password reset components\nexport type { ForgotPasswordViewProps } from '../components/auth/ForgotPasswordView.js'\nexport { ForgotPasswordView } from '../components/auth/ForgotPasswordView.js'\nexport type { ResetPasswordViewProps } from '../components/auth/ResetPasswordView.js'\nexport { ResetPasswordView } from '../components/auth/ResetPasswordView.js'\n\n// Two-factor authentication components\nexport type { TwoFactorSetupViewProps } from '../components/twoFactor/TwoFactorSetupView.js'\nexport { TwoFactorSetupView } from '../components/twoFactor/TwoFactorSetupView.js'\nexport type { TwoFactorVerifyViewProps } from '../components/twoFactor/TwoFactorVerifyView.js'\nexport { TwoFactorVerifyView } from '../components/twoFactor/TwoFactorVerifyView.js'\n\n// Passkey authentication\nexport type { PasskeySignInButtonProps } from '../components/PasskeySignInButton.js'\nexport { PasskeySignInButton } from '../components/PasskeySignInButton.js'\nexport type { PasskeyRegisterButtonProps } from '../components/PasskeyRegisterButton.js'\nexport { PasskeyRegisterButton } from '../components/PasskeyRegisterButton.js'\n"],"names":["LogoutButton","BeforeLogin","LoginView","ForgotPasswordView","ResetPasswordView","TwoFactorSetupView","TwoFactorVerifyView","PasskeySignInButton","PasskeyRegisterButton"],"mappings":"AAAA;;;;;CAKC,GAED,SAASA,YAAY,QAAQ,gCAA+B;AAE5D,SAASC,WAAW,QAAQ,+BAA8B;AAE1D,SAASC,SAAS,QAAQ,6BAA4B;AAItD,SAASC,kBAAkB,QAAQ,2CAA0C;AAE7E,SAASC,iBAAiB,QAAQ,0CAAyC;AAI3E,SAASC,kBAAkB,QAAQ,gDAA+C;AAElF,SAASC,mBAAmB,QAAQ,iDAAgD;AAIpF,SAASC,mBAAmB,QAAQ,uCAAsC;AAE1E,SAASC,qBAAqB,QAAQ,yCAAwC"}

package/dist/exports/management.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"management.d.ts","sourceRoot":"","sources":["../../src/exports/management.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,gBAAgB,EAChB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,mCAAmC,CAAA;AAE1C,YAAY,EACV,qBAAqB,EACrB,8BAA8B,EAC9B,4BAA4B,EAC5B,6BAA6B,GAC9B,MAAM,mCAAmC,CAAA;AAG1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAA;AACvE,YAAY,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAA"}

package/dist/exports/management.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/exports/management.ts"],"sourcesContent":["/**\n * Management UI Components Export\n *\n * Client components for managing security features in the Payload admin panel.\n * For server component views, use the './rsc' export.\n */\n\n// Client components\nexport {\n  SecurityNavLinks,\n  TwoFactorManagementClient,\n  ApiKeysManagementClient,\n  PasskeysManagementClient,\n} from '../components/management/index.js'\n\nexport type {\n  SecurityNavLinksProps,\n  TwoFactorManagementClientProps,\n  ApiKeysManagementClientProps,\n  PasskeysManagementClientProps,\n} from '../components/management/index.js'\n\n// Re-export plugin detection utility\nexport { detectEnabledPlugins } from '../utils/detectEnabledPlugins.js'\nexport type { EnabledPluginsResult } from '../utils/detectEnabledPlugins.js'\n"],"names":["SecurityNavLinks","TwoFactorManagementClient","ApiKeysManagementClient","PasskeysManagementClient","detectEnabledPlugins"],"mappings":"AAAA;;;;;CAKC,GAED,oBAAoB;AACpB,SACEA,gBAAgB,EAChBC,yBAAyB,EACzBC,uBAAuB,EACvBC,wBAAwB,QACnB,oCAAmC;AAS1C,qCAAqC;AACrC,SAASC,oBAAoB,QAAQ,mCAAkC"}

package/dist/exports/rsc.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsc.d.ts","sourceRoot":"","sources":["../../src/exports/rsc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAA;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,iDAAiD,CAAA;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,+CAA+C,CAAA;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,gDAAgD,CAAA"}

package/dist/exports/rsc.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/exports/rsc.ts"],"sourcesContent":["/**\n * React Server Component Views for Better Auth\n *\n * These async server components use DefaultTemplate for proper\n * integration with Payload's admin panel layout.\n */\n\nexport { LoginViewWrapper } from '../components/LoginViewWrapper.js'\nexport { TwoFactorView } from '../components/management/views/TwoFactorView.js'\nexport { ApiKeysView } from '../components/management/views/ApiKeysView.js'\nexport { PasskeysView } from '../components/management/views/PasskeysView.js'\n"],"names":["LoginViewWrapper","TwoFactorView","ApiKeysView","PasskeysView"],"mappings":"AAAA;;;;;CAKC,GAED,SAASA,gBAAgB,QAAQ,oCAAmC;AACpE,SAASC,aAAa,QAAQ,kDAAiD;AAC/E,SAASC,WAAW,QAAQ,gDAA+C;AAC3E,SAASC,YAAY,QAAQ,iDAAgD"}

package/dist/generated-types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"generated-types.d.ts","sourceRoot":"","sources":["../src/generated-types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,aAAa,EAAE,OAAO,CAAA;IACtB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;CACd,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE;QACV,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,eAAe,CAAC,EAAE,MAAM,CAAA;KACzB,CAAA;IACD,OAAO,EAAE;QACP,MAAM,CAAC,EAAE,OAAO,CAAA;QAChB,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,UAAU,CAAC,EAAE,IAAI,CAAA;KAClB,CAAA;IACD,cAAc,EAAE;QACd,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,mBAAmB,CAAC,EAAE,OAAO,CAAA;KAC9B,CAAA;IACD,WAAW,EAAE;QACX,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB,CAAA;IACD,YAAY,EAAE;QACZ,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAC3B,CAAA;CACF,CAAA;AAED,MAAM,MAAM,IAAI,GAAG,cAAc,GAAG,gBAAgB,CAAC,UAAU,CAAC,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,gBAAgB,CAAC,cAAc,CAAC,GAAG,gBAAgB,CAAC,WAAW,CAAC,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAA;AAEhM,MAAM,MAAM,iBAAiB,GAAG;IAC9B,SAAS,EAAE,IAAI,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE;QACP,cAAc,CAAC,EAAE,MAAM,CAAA;KACxB,CAAA;IACD,cAAc,EAAE;QACd,oBAAoB,CAAC,EAAE,MAAM,CAAA;QAC7B,YAAY,CAAC,EAAE,MAAM,CAAA;KACtB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,OAAO,GAAG,iBAAiB,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAA;AAE5G,MAAM,MAAM,iBAAiB,GAAG;IAC9B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,oBAAoB,CAAC,EAAE,IAAI,CAAA;IAC3B,qBAAqB,CAAC,EAAE,IAAI,CAAA;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG,iBAAiB,CAAA;AAEvC,MAAM,MAAM,sBAAsB,GAAG;IACnC,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,sBAAsB,CAAA;AAEjD,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,IAAI,CAAA;IACnB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,WAAW,CAAC,EAAE,IAAI,CAAA;IAClB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,YAAY,CAAA;AAEjC,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,OAAO,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG,aAAa,CAAA;AAEnC,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,sBAAsB,CAAA;AAErD,MAAM,MAAM,sBAAsB,GAAG;IACnC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,oBAAoB,CAAC,EAAE,IAAI,CAAA;IAC3B,qBAAqB,CAAC,EAAE,IAAI,CAAA;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,sBAAsB,CAAA;AAErD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,kBAAkB,CAAA;AAE7C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG,kBAAkB,CAAA;AAE7C,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,IAAI,GAAG,UAAU,CAAA;AAE7B,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,gBAAgB,CAAA;AAEzC,MAAM,MAAM,YAAY,GAAG;IACzB,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,IAAI,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,YAAY,CAAA;AAEjC,MAAM,MAAM,gBAAgB,GAAG;IAC7B,cAAc,EAAE,MAAM,CAAA;IACtB,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,gBAAgB,CAAA;AAEzC,MAAM,MAAM,UAAU,GAAG;IACvB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,IAAI,GAAG,UAAU,CAAA;AAE7B,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,SAAS,GAAG,eAAe,CAAA;AAEvC;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,cAAc,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,GAAG,gBAAgB,GAAG,MAAM,GAAG,eAAe,GAAG,UAAU,GAAG,cAAc,GAAG,KAAK,GAAG,YAAY,CAAA;AAE3Q;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,MAAM,EAAE,IAAI,CAAA;IACZ,SAAS,EAAE,OAAO,CAAA;IAClB,SAAS,EAAE,OAAO,CAAA;IAClB,cAAc,EAAE,YAAY,CAAA;IAC5B,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,OAAO,CAAA;IAClB,kBAAkB,EAAE,gBAAgB,CAAA;IACpC,kBAAkB,EAAE,gBAAgB,CAAA;IACpC,cAAc,EAAE,YAAY,CAAA;IAC5B,cAAc,EAAE,YAAY,CAAA;IAC5B,MAAM,EAAE,IAAI,CAAA;IACZ,YAAY,EAAE,UAAU,CAAA;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,UAAU,CAAA;IACxB,MAAM,EAAE,IAAI,CAAA;IACZ,WAAW,EAAE,SAAS,CAAA;CACvB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAA"}

package/dist/generated-types.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/generated-types.ts"],"sourcesContent":["/**\n * Auto-generated Better Auth types.\n * DO NOT EDIT - Run `pnpm generate:types` to regenerate.\n *\n * Generated from Better Auth schema introspection.\n * Contains types for all supported plugins and their field additions.\n */\n\nexport type BaseUserFields = {\n  name: string\n  email: string\n  emailVerified: boolean\n  image?: string\n  createdAt: Date\n  updatedAt: Date\n  role?: string\n}\n\nexport type UserPluginFields = {\n  \"username\": {\n    username?: string\n    displayUsername?: string\n  }\n  \"admin\": {\n    banned?: boolean\n    banReason?: string\n    banExpires?: Date\n  }\n  \"phone-number\": {\n    phoneNumber?: string\n    phoneNumberVerified?: boolean\n  }\n  \"anonymous\": {\n    isAnonymous?: boolean\n  }\n  \"two-factor\": {\n    twoFactorEnabled?: boolean\n  }\n}\n\nexport type User = BaseUserFields & UserPluginFields[\"username\"] & UserPluginFields[\"admin\"] & UserPluginFields[\"phone-number\"] & UserPluginFields[\"anonymous\"] & UserPluginFields[\"two-factor\"]\n\nexport type BaseSessionFields = {\n  expiresAt: Date\n  token: string\n  createdAt: Date\n  updatedAt: Date\n  ipAddress?: string\n  userAgent?: string\n  userId: string\n}\n\nexport type SessionPluginFields = {\n  \"admin\": {\n    impersonatedBy?: string\n  }\n  \"organization\": {\n    activeOrganizationId?: string\n    activeTeamId?: string\n  }\n}\n\nexport type Session = BaseSessionFields & SessionPluginFields[\"admin\"] & SessionPluginFields[\"organization\"]\n\nexport type BaseAccountFields = {\n  accountId: string\n  providerId: string\n  userId: string\n  accessToken?: string\n  refreshToken?: string\n  idToken?: string\n  accessTokenExpiresAt?: Date\n  refreshTokenExpiresAt?: Date\n  scope?: string\n  password?: string\n  createdAt: Date\n  updatedAt: Date\n}\n\nexport type Account = BaseAccountFields\n\nexport type BaseVerificationFields = {\n  identifier: string\n  value: string\n  expiresAt: Date\n  createdAt: Date\n  updatedAt: Date\n}\n\nexport type Verification = BaseVerificationFields\n\nexport type ApikeyFields = {\n  name?: string\n  start?: string\n  prefix?: string\n  key: string\n  userId: string\n  refillInterval?: number\n  refillAmount?: number\n  lastRefillAt?: Date\n  enabled?: boolean\n  rateLimitEnabled?: boolean\n  rateLimitTimeWindow?: number\n  rateLimitMax?: number\n  requestCount?: number\n  remaining?: number\n  lastRequest?: Date\n  expiresAt?: Date\n  createdAt: Date\n  updatedAt: Date\n  permissions?: string\n  metadata?: string\n}\n\nexport type Apikey = ApikeyFields\n\nexport type PasskeyFields = {\n  name?: string\n  publicKey: string\n  userId: string\n  credentialID: string\n  counter: number\n  deviceType: string\n  backedUp: boolean\n  transports?: string\n  createdAt?: Date\n  aaguid?: string\n}\n\nexport type Passkey = PasskeyFields\n\nexport type OauthApplicationFields = {\n  name?: string\n  icon?: string\n  metadata?: string\n  clientId?: string\n  clientSecret?: string\n  redirectUrls?: string\n  type?: string\n  disabled?: boolean\n  userId?: string\n  createdAt?: Date\n  updatedAt?: Date\n}\n\nexport type OauthApplication = OauthApplicationFields\n\nexport type OauthAccessTokenFields = {\n  accessToken?: string\n  refreshToken?: string\n  accessTokenExpiresAt?: Date\n  refreshTokenExpiresAt?: Date\n  clientId?: string\n  userId?: string\n  scopes?: string\n  createdAt?: Date\n  updatedAt?: Date\n}\n\nexport type OauthAccessToken = OauthAccessTokenFields\n\nexport type OauthConsentFields = {\n  clientId?: string\n  userId?: string\n  scopes?: string\n  createdAt?: Date\n  updatedAt?: Date\n  consentGiven?: boolean\n}\n\nexport type OauthConsent = OauthConsentFields\n\nexport type OrganizationFields = {\n  name: string\n  slug: string\n  logo?: string\n  createdAt: Date\n  metadata?: string\n}\n\nexport type Organization = OrganizationFields\n\nexport type TeamFields = {\n  name: string\n  organizationId: string\n  createdAt: Date\n  updatedAt?: Date\n}\n\nexport type Team = TeamFields\n\nexport type TeamMemberFields = {\n  teamId: string\n  userId: string\n  createdAt?: Date\n}\n\nexport type TeamMember = TeamMemberFields\n\nexport type MemberFields = {\n  organizationId: string\n  userId: string\n  role: string\n  createdAt: Date\n}\n\nexport type Member = MemberFields\n\nexport type InvitationFields = {\n  organizationId: string\n  email: string\n  role?: string\n  teamId?: string\n  status: string\n  expiresAt: Date\n  createdAt: Date\n  inviterId: string\n}\n\nexport type Invitation = InvitationFields\n\nexport type JwksFields = {\n  publicKey: string\n  privateKey: string\n  createdAt: Date\n  expiresAt?: Date\n}\n\nexport type Jwks = JwksFields\n\nexport type TwoFactorFields = {\n  secret: string\n  backupCodes: string\n  userId: string\n}\n\nexport type TwoFactor = TwoFactorFields\n\n/**\n * Union of all supported plugin identifiers.\n */\nexport type PluginId = \"username\" | \"admin\" | \"api-key\" | \"passkey\" | \"bearer\" | \"email-otp\" | \"magic-link\" | \"phone-number\" | \"one-tap\" | \"anonymous\" | \"multi-session\" | \"one-time-token\" | \"oidc\" | \"generic-oauth\" | \"open-api\" | \"organization\" | \"jwt\" | \"two-factor\"\n\n/**\n * Complete schema mapping of all models to their types.\n */\nexport type BetterAuthFullSchema = {\n  \"user\": User\n  \"session\": Session\n  \"account\": Account\n  \"verification\": Verification\n  \"apikey\": Apikey\n  \"passkey\": Passkey\n  \"oauthApplication\": OauthApplication\n  \"oauthAccessToken\": OauthAccessToken\n  \"oauthConsent\": OauthConsent\n  \"organization\": Organization\n  \"team\": Team\n  \"teamMember\": TeamMember\n  \"member\": Member\n  \"invitation\": Invitation\n  \"jwks\": Jwks\n  \"twoFactor\": TwoFactor\n}\n\n/**\n * Union of all model names in the schema.\n */\nexport type ModelKey = keyof BetterAuthFullSchema\n"],"names":[],"mappings":"AAAA;;;;;;CAMC,GAmQD;;CAEC,GACD,WAAiD"}

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,YAAY,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AAG9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAA;AAChE,YAAY,EAAE,4BAA4B,EAAE,MAAM,0BAA0B,CAAA;AAG5E,OAAO,EACL,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,IAAI,EACJ,kBAAkB,EAClB,uBAAuB,EACvB,4BAA4B,EAC5B,yBAAyB,GAC1B,MAAM,mBAAmB,CAAA;AAG1B,YAAY,EACV,gBAAgB,EAChB,eAAe,EACf,4BAA4B,EAC5B,4BAA4B,EAC5B,sBAAsB,EACtB,SAAS,GACV,MAAM,uBAAuB,CAAA;AAG9B,YAAY,EACV,IAAI,EACJ,OAAO,IAAI,iBAAiB,EAC5B,OAAO,EACP,YAAY,EACZ,MAAM,EACN,OAAO,EACP,YAAY,EACZ,MAAM,EACN,UAAU,EACV,IAAI,EACJ,UAAU,EACV,SAAS,EACT,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,QAAQ,EACR,QAAQ,GACT,MAAM,sBAAsB,CAAA;AAG7B,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EACL,6BAA6B,EAC7B,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,2BAA2B,CAAA;AAGlC,OAAO,EACL,cAAc,EACd,UAAU,EACV,WAAW,EACX,aAAa,EACb,OAAO,EACP,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,oBAAoB,EACpB,OAAO,EACP,YAAY,EACZ,eAAe,GAChB,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EACL,wBAAwB,EACxB,aAAa,EACb,QAAQ,EACR,WAAW,IAAI,cAAc,EAC7B,YAAY,IAAI,eAAe,EAC/B,YAAY,EACZ,eAAe,EACf,gBAAgB,IAAI,mBAAmB,EACvC,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,GACf,MAAM,yBAAyB,CAAA;AAChC,YAAY,EACV,UAAU,EACV,kBAAkB,GACnB,MAAM,yBAAyB,CAAA;AAGhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,YAAY,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAGtE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AACpE,YAAY,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAGjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAA;AAC/D,YAAY,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAGtE,OAAO,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA"}

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * @delmare/payload-better-auth\n *\n * Better Auth adapter and plugins for Payload CMS.\n * Enables seamless integration between Better Auth and Payload.\n *\n * @packageDocumentation\n */\n\n// Adapter\nexport { payloadAdapter } from './adapter/index.js'\nexport type { PayloadAdapterConfig } from './adapter/index.js'\n\n// Collection generator plugin\nexport { betterAuthCollections } from './adapter/collections.js'\nexport type { BetterAuthCollectionsOptions } from './adapter/collections.js'\n\n// Payload plugin and strategy\nexport {\n  createBetterAuthPlugin,\n  betterAuthStrategy,\n  resetAuthInstance,\n  getApiKeyScopesConfig,\n} from './plugin/index.js'\nexport type {\n  Auth,\n  CreateAuthFunction,\n  BetterAuthPluginOptions,\n  BetterAuthPluginAdminOptions,\n  BetterAuthStrategyOptions,\n} from './plugin/index.js'\n\n// Enhanced Better Auth types with inference\nexport type {\n  BetterAuthReturn,\n  PayloadWithAuth,\n  PayloadRequestWithBetterAuth,\n  CollectionHookWithBetterAuth,\n  EndpointWithBetterAuth,\n  RoleArray,\n} from './types/betterAuth.js'\n\n// Generated schema types\nexport type {\n  User,\n  Session as BetterAuthSession,\n  Account,\n  Verification,\n  Apikey,\n  Passkey,\n  Organization,\n  Member,\n  Invitation,\n  Team,\n  TeamMember,\n  TwoFactor,\n  BaseUserFields,\n  BaseSessionFields,\n  BaseAccountFields,\n  UserPluginFields,\n  SessionPluginFields,\n  BetterAuthFullSchema,\n  ModelKey,\n  PluginId,\n} from './generated-types.js'\n\n// API key scope types\nexport type {\n  ScopeDefinition,\n  ApiKeyScopesConfig,\n  AvailableScope,\n} from './types/apiKey.js'\n\n// Scope utilities\nexport {\n  generateScopesFromCollections,\n  buildAvailableScopes,\n  scopesToPermissions,\n} from './utils/generateScopes.js'\n\n// Access control utilities\nexport {\n  normalizeRoles,\n  hasAnyRole,\n  hasAllRoles,\n  hasAdminRoles,\n  isAdmin,\n  isAdminField,\n  isAdminOrSelf,\n  canUpdateOwnFields,\n  isAuthenticated,\n  isAuthenticatedField,\n  hasRole,\n  hasRoleField,\n  requireAllRoles,\n} from './utils/access.js'\nexport type {\n  RoleCheckConfig,\n  SelfAccessConfig,\n  FieldUpdateConfig,\n} from './utils/access.js'\n\n// API key scope enforcement utilities\nexport {\n  extractApiKeyFromRequest,\n  getApiKeyInfo,\n  hasScope,\n  hasAnyScope as hasAnyScopeKey,\n  hasAllScopes as hasAllScopesKey,\n  requireScope,\n  requireAnyScope,\n  requireAllScopes as requireAllScopesKey,\n  allowSessionOrScope,\n  allowSessionOrAnyScope,\n  validateApiKey,\n} from './utils/apiKeyAccess.js'\nexport type {\n  ApiKeyInfo,\n  ApiKeyAccessConfig,\n} from './utils/apiKeyAccess.js'\n\n// Auth config detection utility\nexport { detectAuthConfig } from './utils/detectAuthConfig.js'\nexport type { AuthDetectionResult } from './utils/detectAuthConfig.js'\n\n// Session utilities\nexport { getServerSession, getServerUser } from './utils/session.js'\nexport type { Session } from './utils/session.js'\n\n// First user admin hook utility\nexport { firstUserAdminHooks } from './utils/firstUserAdmin.js'\nexport type { FirstUserAdminOptions } from './utils/firstUserAdmin.js'\n\n// Better Auth defaults utility\nexport { withBetterAuthDefaults, apiKeyWithDefaults } from './utils/betterAuthDefaults.js'\n"],"names":["payloadAdapter","betterAuthCollections","createBetterAuthPlugin","betterAuthStrategy","resetAuthInstance","getApiKeyScopesConfig","generateScopesFromCollections","buildAvailableScopes","scopesToPermissions","normalizeRoles","hasAnyRole","hasAllRoles","hasAdminRoles","isAdmin","isAdminField","isAdminOrSelf","canUpdateOwnFields","isAuthenticated","isAuthenticatedField","hasRole","hasRoleField","requireAllRoles","extractApiKeyFromRequest","getApiKeyInfo","hasScope","hasAnyScope","hasAnyScopeKey","hasAllScopes","hasAllScopesKey","requireScope","requireAnyScope","requireAllScopes","requireAllScopesKey","allowSessionOrScope","allowSessionOrAnyScope","validateApiKey","detectAuthConfig","getServerSession","getServerUser","firstUserAdminHooks","withBetterAuthDefaults","apiKeyWithDefaults"],"mappings":"AAAA;;;;;;;CAOC,GAED,UAAU;AACV,SAASA,cAAc,QAAQ,qBAAoB;AAGnD,8BAA8B;AAC9B,SAASC,qBAAqB,QAAQ,2BAA0B;AAGhE,8BAA8B;AAC9B,SACEC,sBAAsB,EACtBC,kBAAkB,EAClBC,iBAAiB,EACjBC,qBAAqB,QAChB,oBAAmB;AAkD1B,kBAAkB;AAClB,SACEC,6BAA6B,EAC7BC,oBAAoB,EACpBC,mBAAmB,QACd,4BAA2B;AAElC,2BAA2B;AAC3B,SACEC,cAAc,EACdC,UAAU,EACVC,WAAW,EACXC,aAAa,EACbC,OAAO,EACPC,YAAY,EACZC,aAAa,EACbC,kBAAkB,EAClBC,eAAe,EACfC,oBAAoB,EACpBC,OAAO,EACPC,YAAY,EACZC,eAAe,QACV,oBAAmB;AAO1B,sCAAsC;AACtC,SACEC,wBAAwB,EACxBC,aAAa,EACbC,QAAQ,EACRC,eAAeC,cAAc,EAC7BC,gBAAgBC,eAAe,EAC/BC,YAAY,EACZC,eAAe,EACfC,oBAAoBC,mBAAmB,EACvCC,mBAAmB,EACnBC,sBAAsB,EACtBC,cAAc,QACT,0BAAyB;AAMhC,gCAAgC;AAChC,SAASC,gBAAgB,QAAQ,8BAA6B;AAG9D,oBAAoB;AACpB,SAASC,gBAAgB,EAAEC,aAAa,QAAQ,qBAAoB;AAGpE,gCAAgC;AAChC,SAASC,mBAAmB,QAAQ,4BAA2B;AAG/D,+BAA+B;AAC/B,SAASC,sBAAsB,EAAEC,kBAAkB,QAAQ,gCAA+B"}

package/dist/plugin/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/plugin/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,MAAM,EACN,YAAY,EAEZ,WAAW,EAIZ,MAAM,SAAS,CAAA;AAChB,OAAO,KAAK,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAMhE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AAM5D,MAAM,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAA;AAGhD,YAAY,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAE7D,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,IAAI,CAAA;AAE/D,MAAM,MAAM,4BAA4B,GAAG;IACzC,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,qDAAqD;IACrD,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,+BAA+B;IAC/B,KAAK,CAAC,EAAE;QACN,kCAAkC;QAClC,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,iEAAiE;QACjE,cAAc,CAAC,EAAE,MAAM,CAAA;QACvB;;;;;WAKG;QACH,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAAA;QACvC;;;WAGG;QACH,eAAe,CAAC,EAAE,OAAO,CAAA;QACzB;;;;;;WAMG;QACH,aAAa,CAAC,EAAE,OAAO,GAAG,MAAM,CAAA;QAChC;;;;;;WAMG;QACH,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAA;QAC/B;;;;WAIG;QACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;QAC1B;;;;;;WAMG;QACH,oBAAoB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAA;QACvC;;;WAGG;QACH,gBAAgB,CAAC,EAAE,MAAM,CAAA;KAC1B,CAAA;IACD,iEAAiE;IACjE,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,+DAA+D;IAC/D,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAC7B,8DAA8D;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAE3B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAC9C,wCAAwC;IACxC,eAAe,CAAC,EAAE;QAChB,uEAAuE;QACvE,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,mEAAmE;QACnE,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,mEAAmE;QACnE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAClB,CAAA;IACD;;;;OAIG;IACH,MAAM,CAAC,EAAE,kBAAkB,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC;;;OAGG;IACH,UAAU,EAAE,kBAAkB,CAAA;IAE9B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IAErB;;;;;;OAMG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B;;;OAGG;IACH,yBAAyB,CAAC,EAAE,OAAO,CAAA;IAEnC;;OAEG;IACH,KAAK,CAAC,EAAE,4BAA4B,CAAA;CACrC,CAAA;AAQD;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,kBAAkB,GAAG,SAAS,CAEtE;AA+ZD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,uBAAuB,GAC/B,MAAM,CAiER;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,GAAE,yBAA8B,GACtC,YAAY,CAsFd;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAExC"}

package/dist/plugin/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/plugin/index.ts"],"sourcesContent":["/**\n * Payload Plugins for Better Auth\n *\n * @packageDocumentation\n */\n\nimport type {\n  Plugin,\n  AuthStrategy,\n  Payload,\n  BasePayload,\n  Endpoint,\n  PayloadHandler,\n  Config,\n} from 'payload'\nimport type { betterAuth, BetterAuthOptions } from 'better-auth'\nimport { detectAuthConfig } from '../utils/detectAuthConfig.js'\nimport {\n  detectEnabledPlugins,\n  type EnabledPluginsResult,\n} from '../utils/detectEnabledPlugins.js'\nimport type { ApiKeyScopesConfig } from '../types/apiKey.js'\nimport {\n  buildAvailableScopes,\n  scopesToPermissions,\n} from '../utils/generateScopes.js'\n\nexport type Auth = ReturnType<typeof betterAuth>\n// PayloadWithAuth from types\nimport type { PayloadWithAuth } from '../types/betterAuth.js'\nexport type { PayloadWithAuth } from '../types/betterAuth.js'\n\nexport type CreateAuthFunction = (payload: BasePayload) => Auth\n\nexport type BetterAuthPluginAdminOptions = {\n  /** Disable auto-injection of logout button */\n  disableLogoutButton?: boolean\n  /** Disable auto-injection of BeforeLogin redirect */\n  disableBeforeLogin?: boolean\n  /** Disable auto-injection of login view */\n  disableLoginView?: boolean\n  /** Login page customization */\n  login?: {\n    /** Custom title for login page */\n    title?: string\n    /** Path to redirect after successful login. Default: '/admin' */\n    afterLoginPath?: string\n    /**\n     * Required role(s) for admin access.\n     * - string: Single role required (default: 'admin')\n     * - string[]: Multiple roles (behavior depends on requireAllRoles)\n     * - null: Disable role checking\n     */\n    requiredRole?: string | string[] | null\n    /**\n     * When requiredRole is an array, require ALL roles (true) or ANY role (false).\n     * Default: false (any matching role grants access)\n     */\n    requireAllRoles?: boolean\n    /**\n     * Enable passkey (WebAuthn) sign-in option.\n     * - true: Always show passkey button\n     * - false: Never show passkey button\n     * - 'auto': Auto-detect if passkey plugin is available (default for LoginView)\n     * Default: false (for backwards compatibility)\n     */\n    enablePasskey?: boolean | 'auto'\n    /**\n     * Enable user registration (sign up) option.\n     * - true: Always show \"Create account\" link\n     * - false: Never show registration option\n     * - 'auto': Auto-detect if sign-up endpoint is available\n     * Default: 'auto' - LoginView automatically detects if Better Auth has signup enabled\n     */\n    enableSignUp?: boolean | 'auto'\n    /**\n     * Default role to assign to new users during registration.\n     * Only used when enableSignUp is enabled.\n     * Default: 'user'\n     */\n    defaultSignUpRole?: string\n    /**\n     * Enable forgot password option.\n     * - true: Always show \"Forgot password?\" link\n     * - false: Never show forgot password option\n     * - 'auto': Auto-detect if password reset endpoint is available\n     * Default: 'auto' - LoginView automatically detects if Better Auth has password reset enabled\n     */\n    enableForgotPassword?: boolean | 'auto'\n    /**\n     * Custom URL for password reset page. If provided, users will be redirected here\n     * instead of showing the inline password reset form.\n     */\n    resetPasswordUrl?: string\n  }\n  /** Path to custom logout button component (import map format) */\n  logoutButtonComponent?: string\n  /** Path to custom BeforeLogin component (import map format) */\n  beforeLoginComponent?: string\n  /** Path to custom login view component (import map format) */\n  loginViewComponent?: string\n\n  /**\n   * Enable management UI for security features (2FA, API keys).\n   * Management views are auto-injected based on which Better Auth plugins are enabled.\n   * @default true\n   */\n  enableManagementUI?: boolean\n  /**\n   * Better Auth options - used to detect which plugins are enabled.\n   * Required for management UI to auto-detect enabled features.\n   */\n  betterAuthOptions?: Partial<BetterAuthOptions>\n  /** Custom paths for management views */\n  managementPaths?: {\n    /** Two-factor management view path. Default: '/security/two-factor' */\n    twoFactor?: string\n    /** API keys management view path. Default: '/security/api-keys' */\n    apiKeys?: string\n    /** Passkeys management view path. Default: '/security/passkeys' */\n    passkeys?: string\n  }\n  /**\n   * API key scopes configuration.\n   * Controls which permission scopes are available when creating API keys.\n   * When not provided, scopes are auto-generated from Payload collections.\n   */\n  apiKey?: ApiKeyScopesConfig\n}\n\nexport type BetterAuthPluginOptions = {\n  /**\n   * Function that creates the Better Auth instance.\n   * Called during Payload's onInit lifecycle.\n   */\n  createAuth: CreateAuthFunction\n\n  /**\n   * Base path for auth API endpoints (registered via Payload endpoints).\n   * @default '/auth'\n   */\n  authBasePath?: string\n\n  /**\n   * Auto-register auth API endpoints via Payload's endpoint system.\n   * Set to false if you need custom route-level handling (rare).\n   * Note: All Better Auth customization (hooks, plugins, callbacks)\n   * is done in createAuth - the route handler is just a passthrough.\n   * @default true\n   */\n  autoRegisterEndpoints?: boolean\n\n  /**\n   * Auto-inject admin components when disableLocalStrategy is detected.\n   * @default true\n   */\n  autoInjectAdminComponents?: boolean\n\n  /**\n   * Admin UI customization options.\n   */\n  admin?: BetterAuthPluginAdminOptions\n}\n\n// Track auth instance for HMR\nlet authInstance: Auth | null = null\n\n// Store API key scopes config for access by management views\nlet apiKeyScopesConfig: ApiKeyScopesConfig | undefined = undefined\n\n/**\n * Get the configured API key scopes config.\n * Used by the ApiKeysView to build available scopes.\n */\nexport function getApiKeyScopesConfig(): ApiKeyScopesConfig | undefined {\n  return apiKeyScopesConfig\n}\n\n// Type for auth api methods we need\ntype AuthApi = {\n  getSession: (options: { headers: Headers }) => Promise<{\n    user?: { id: string } | null\n    session?: Record<string, unknown> | null\n  } | null>\n  createApiKey?: (options: {\n    body: {\n      name?: string\n      expiresIn?: number\n      userId: string\n      prefix?: string\n      metadata?: Record<string, unknown>\n      permissions?: Record<string, string[]>\n    }\n  }) => Promise<{\n    key: string\n    id: string\n    name: string | null\n    userId: string\n    expiresAt: Date | null\n    createdAt: Date\n    metadata: Record<string, unknown> | null\n  }>\n}\n\n/**\n * Handle API key creation with scopes server-side.\n * Converts scopes to permissions and calls Better Auth's server API.\n */\nasync function handleApiKeyCreateWithScopes(\n  authApi: AuthApi,\n  payload: Payload,\n  headers: Headers,\n  body: Record<string, unknown>\n): Promise<Response> {\n  try {\n    // Get the current session to find the user\n    const session = await authApi.getSession({ headers })\n    if (!session?.user?.id) {\n      return new Response(\n        JSON.stringify({ error: 'Unauthorized' }),\n        { status: 401, headers: { 'Content-Type': 'application/json' } }\n      )\n    }\n\n    // Extract scopes from the request body\n    const scopes = (body.scopes as string[] | undefined) ?? []\n\n    // Build permissions from scopes if any are provided\n    let permissions: Record<string, string[]> | undefined\n    if (scopes.length > 0) {\n      const scopesConfig = getApiKeyScopesConfig()\n      const availableScopes = buildAvailableScopes(\n        payload.config.collections,\n        scopesConfig\n      )\n      permissions = scopesToPermissions(scopes, availableScopes)\n    }\n\n    // Build the API key creation options\n    const createOptions = {\n      body: {\n        name: body.name as string | undefined,\n        userId: session.user.id,\n        expiresIn: body.expiresIn as number | undefined,\n        prefix: body.prefix as string | undefined,\n        permissions: permissions && Object.keys(permissions).length > 0 ? permissions : undefined,\n        metadata: scopes.length > 0\n          ? { ...(body.metadata as Record<string, unknown> | undefined), scopes }\n          : (body.metadata as Record<string, unknown> | undefined),\n      },\n    }\n\n    // Call Better Auth's server-side API\n    if (typeof authApi.createApiKey !== 'function') {\n      return new Response(\n        JSON.stringify({ error: 'API key plugin not enabled' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } }\n      )\n    }\n\n    try {\n      const result = await authApi.createApiKey(createOptions)\n      return new Response(JSON.stringify(result), {\n        status: 200,\n        headers: { 'Content-Type': 'application/json' },\n      })\n    } catch (createError) {\n      // Check if error is due to metadata being disabled\n      const errorMessage = createError instanceof Error ? createError.message : String(createError)\n      const isMetadataDisabled = errorMessage.toLowerCase().includes('metadata') &&\n        errorMessage.toLowerCase().includes('disabled')\n\n      if (isMetadataDisabled && createOptions.body.metadata) {\n        // Retry without metadata - key will still work, just won't show scopes in UI\n        console.warn('[better-auth] Metadata disabled, creating API key without scope metadata. Enable metadata with apiKeyWithDefaults() for better UX.')\n        const optionsWithoutMetadata = {\n          body: {\n            ...createOptions.body,\n            metadata: undefined,\n          },\n        }\n        const result = await authApi.createApiKey(optionsWithoutMetadata)\n        return new Response(JSON.stringify(result), {\n          status: 200,\n          headers: { 'Content-Type': 'application/json' },\n        })\n      }\n\n      // Re-throw other errors\n      throw createError\n    }\n  } catch (error) {\n    console.error('[better-auth] API key creation error:', error)\n    const message = error instanceof Error ? error.message : 'Failed to create API key'\n    return new Response(\n      JSON.stringify({ error: message }),\n      { status: 500, headers: { 'Content-Type': 'application/json' } }\n    )\n  }\n}\n\n/**\n * Creates the auth endpoint handler that proxies requests to Better Auth.\n */\nfunction createAuthEndpointHandler(): PayloadHandler {\n  return async (req) => {\n    const payloadWithAuth = req.payload as PayloadWithAuth\n    const auth = payloadWithAuth.betterAuth\n\n    if (!auth) {\n      return new Response(\n        JSON.stringify({ error: 'Better Auth not initialized' }),\n        { status: 500, headers: { 'Content-Type': 'application/json' } }\n      )\n    }\n\n    try {\n      // Construct the full URL for Better Auth\n      // PayloadRequest provides these properties\n      const protocol = req.headers.get('x-forwarded-proto') || 'http'\n      const host = req.headers.get('host') || 'localhost'\n      const pathname = (req as unknown as { pathname?: string }).pathname || ''\n      const search =\n        (req as unknown as { search?: string }).search ||\n        (req as unknown as { url?: string }).url?.split('?')[1] ||\n        ''\n\n      const url = new URL(pathname, `${protocol}://${host}`)\n      if (search) {\n        url.search = search.startsWith('?') ? search : `?${search}`\n      }\n\n      // Get request body for non-GET methods\n      let body: string | undefined\n      let parsedBody: Record<string, unknown> | undefined\n      if (req.method && !['GET', 'HEAD'].includes(req.method)) {\n        try {\n          // Try to get body from request\n          if (typeof (req as unknown as { text?: () => Promise<string> }).text === 'function') {\n            body = await (req as unknown as { text: () => Promise<string> }).text()\n            if (body) {\n              try {\n                parsedBody = JSON.parse(body)\n              } catch {\n                // Not JSON, that's okay\n              }\n            }\n          } else if ((req as unknown as { data?: unknown }).data) {\n            parsedBody = (req as unknown as { data: Record<string, unknown> }).data\n            body = JSON.stringify(parsedBody)\n          }\n        } catch {\n          // Body might already be consumed, try data property\n          if ((req as unknown as { data?: unknown }).data) {\n            parsedBody = (req as unknown as { data: Record<string, unknown> }).data\n            body = JSON.stringify(parsedBody)\n          }\n        }\n      }\n\n      // Intercept API key creation requests with scopes\n      // Better Auth's API key create endpoint is POST /api-key/create\n      const isApiKeyCreate =\n        req.method === 'POST' &&\n        pathname.endsWith('/api-key/create') &&\n        parsedBody?.scopes &&\n        Array.isArray(parsedBody.scopes)\n\n      if (isApiKeyCreate && parsedBody) {\n        return handleApiKeyCreateWithScopes(\n          auth.api as unknown as AuthApi,\n          req.payload,\n          req.headers,\n          parsedBody\n        )\n      }\n\n      // Create a new Request for Better Auth\n      const request = new Request(url.toString(), {\n        method: req.method || 'GET',\n        headers: req.headers,\n        body,\n      })\n\n      const response = await auth.handler(request)\n\n      return response\n    } catch (error) {\n      console.error('[better-auth] Endpoint handler error:', error)\n      return new Response(\n        JSON.stringify({ error: 'Internal server error' }),\n        { status: 500, headers: { 'Content-Type': 'application/json' } }\n      )\n    }\n  }\n}\n\n/**\n * Generates Payload endpoints for Better Auth.\n */\nfunction generateAuthEndpoints(basePath: string): Endpoint[] {\n  const handler = createAuthEndpointHandler()\n  const methods = ['get', 'post', 'patch', 'put', 'delete'] as const\n\n  return methods.map((method) => ({\n    path: `${basePath}/:path*`,\n    method,\n    handler,\n  }))\n}\n\n/**\n * Injects admin components into the Payload config when disableLocalStrategy is detected.\n */\nfunction injectAdminComponents(\n  config: Config,\n  options: BetterAuthPluginOptions\n): Config {\n  const authDetection = detectAuthConfig(config)\n\n  // Skip if not using disableLocalStrategy or auto-injection is disabled\n  if (\n    !authDetection.hasDisableLocalStrategy ||\n    options.autoInjectAdminComponents === false\n  ) {\n    return config\n  }\n\n  const adminOptions = options.admin ?? {}\n  const existingComponents = config.admin?.components ?? {}\n\n  // Build logout button config\n  const logoutButton = adminOptions.disableLogoutButton\n    ? (existingComponents.logout as { Button?: string })?.Button\n    : adminOptions.logoutButtonComponent ??\n      '@delmaredigital/payload-better-auth/components#LogoutButton'\n\n  // Build beforeLogin config\n  const existingBeforeLogin = existingComponents.beforeLogin ?? []\n  const beforeLogin = adminOptions.disableBeforeLogin\n    ? existingBeforeLogin\n    : [\n        ...(Array.isArray(existingBeforeLogin)\n          ? existingBeforeLogin\n          : [existingBeforeLogin]),\n        adminOptions.beforeLoginComponent ??\n          '@delmaredigital/payload-better-auth/components#BeforeLogin',\n      ]\n\n  // Build login view config\n  const existingViews =\n    (existingComponents.views as Record<string, unknown> | undefined) ?? {}\n  const newLoginView = adminOptions.disableLoginView\n    ? undefined\n    : {\n        Component:\n          adminOptions.loginViewComponent ??\n          '@delmaredigital/payload-better-auth/rsc#LoginViewWrapper',\n        path: '/login' as const,\n      }\n\n  const views = {\n    ...existingViews,\n    ...(newLoginView ? { login: newLoginView } : {}),\n  }\n\n  // Store login config in config.custom for the RSC wrapper to read\n  const loginConfig = adminOptions.login ?? {}\n\n  // Note: enabledPlugins will be added by injectManagementComponents\n  return {\n    ...config,\n    custom: {\n      ...config.custom,\n      betterAuth: {\n        ...(config.custom?.betterAuth as Record<string, unknown> | undefined),\n        login: loginConfig,\n      },\n    },\n    admin: {\n      ...config.admin,\n      components: {\n        ...existingComponents,\n        logout: logoutButton\n          ? {\n              ...(typeof existingComponents.logout === 'object'\n                ? existingComponents.logout\n                : {}),\n              Button: logoutButton,\n            }\n          : existingComponents.logout,\n        beforeLogin,\n        views,\n      },\n    },\n  } as Config\n}\n\n/**\n * Injects management UI components into the Payload config based on enabled plugins.\n */\nfunction injectManagementComponents(\n  config: Config,\n  options: BetterAuthPluginOptions\n): Config {\n  const adminOptions = options.admin ?? {}\n\n  // Skip if management UI is disabled\n  if (adminOptions.enableManagementUI === false) {\n    return config\n  }\n\n  // Detect which plugins are enabled\n  const enabledPlugins = detectEnabledPlugins(adminOptions.betterAuthOptions)\n\n  // Get custom paths or use defaults\n  const paths = {\n    twoFactor: adminOptions.managementPaths?.twoFactor ?? '/security/two-factor',\n    apiKeys: adminOptions.managementPaths?.apiKeys ?? '/security/api-keys',\n    passkeys: adminOptions.managementPaths?.passkeys ?? '/security/passkeys',\n  }\n\n  const existingComponents = config.admin?.components ?? {}\n  const existingViews =\n    (existingComponents.views as Record<string, unknown> | undefined) ?? {}\n  const existingAfterNavLinks = existingComponents.afterNavLinks ?? []\n\n  // Build management views based on enabled plugins\n  // Note: Sessions and passkeys use Payload's default collection views\n  const managementViews: Record<string, { Component: string; path: string }> = {}\n\n  // Two-factor (if enabled)\n  if (enabledPlugins.hasTwoFactor) {\n    managementViews.securityTwoFactor = {\n      Component: '@delmaredigital/payload-better-auth/rsc#TwoFactorView',\n      path: paths.twoFactor,\n    }\n  }\n\n  // API keys (if enabled)\n  if (enabledPlugins.hasApiKey) {\n    managementViews.securityApiKeys = {\n      Component: '@delmaredigital/payload-better-auth/rsc#ApiKeysView',\n      path: paths.apiKeys,\n    }\n  }\n\n  // Passkeys (if enabled)\n  if (enabledPlugins.hasPasskey) {\n    managementViews.securityPasskeys = {\n      Component: '@delmaredigital/payload-better-auth/rsc#PasskeysView',\n      path: paths.passkeys,\n    }\n  }\n\n  // Only add nav links if at least one plugin is enabled\n  const hasAnyPlugin = enabledPlugins.hasTwoFactor || enabledPlugins.hasApiKey || enabledPlugins.hasPasskey\n\n  // Add SecurityNavLinks to afterNavLinks with clientProps for enabled plugins\n  const afterNavLinks = hasAnyPlugin\n    ? [\n        ...(Array.isArray(existingAfterNavLinks)\n          ? existingAfterNavLinks\n          : [existingAfterNavLinks]),\n        {\n          path: '@delmaredigital/payload-better-auth/components/management#SecurityNavLinks',\n          clientProps: {\n            showTwoFactor: enabledPlugins.hasTwoFactor,\n            showApiKeys: enabledPlugins.hasApiKey,\n            showPasskeys: enabledPlugins.hasPasskey,\n          },\n        },\n      ]\n    : existingAfterNavLinks\n\n  return {\n    ...config,\n    admin: {\n      ...config.admin,\n      components: {\n        ...existingComponents,\n        views: {\n          ...existingViews,\n          ...managementViews,\n        },\n        afterNavLinks,\n      },\n    },\n  } as Config\n}\n\n/**\n * Payload plugin that initializes Better Auth.\n *\n * Better Auth is created in onInit (after Payload is ready) to avoid\n * circular dependency issues. The auth instance is then attached to\n * payload.betterAuth for access throughout the app.\n *\n * Features:\n * - Auto-registers auth API endpoints (configurable)\n * - Auto-injects admin components when disableLocalStrategy is detected\n * - Auto-injects management UI for security features based on enabled plugins\n * - Handles HMR gracefully\n *\n * @example\n * ```ts\n * import { createBetterAuthPlugin } from '@delmaredigital/payload-better-auth/plugin'\n *\n * export default buildConfig({\n *   plugins: [\n *     createBetterAuthPlugin({\n *       createAuth: (payload) => betterAuth({\n *         database: payloadAdapter({ payloadClient: payload, ... }),\n *         // ... other options\n *       }),\n *     }),\n *   ],\n * })\n * ```\n */\nexport function createBetterAuthPlugin(\n  options: BetterAuthPluginOptions\n): Plugin {\n  const {\n    createAuth,\n    authBasePath = '/auth',\n    autoRegisterEndpoints = true,\n    autoInjectAdminComponents = true,\n  } = options\n\n  // Store API key scopes config for access by management views\n  apiKeyScopesConfig = options.admin?.apiKey\n\n  return (incomingConfig) => {\n    // Inject admin components if enabled\n    let config =\n      autoInjectAdminComponents\n        ? injectAdminComponents(incomingConfig, options)\n        : incomingConfig\n\n    // Inject management UI components\n    config = injectManagementComponents(config, options)\n\n    // Generate auth endpoints if enabled\n    const authEndpoints = autoRegisterEndpoints\n      ? generateAuthEndpoints(authBasePath)\n      : []\n\n    // Merge endpoints\n    const existingEndpoints = config.endpoints ?? []\n\n    // Get existing onInit\n    const existingOnInit = config.onInit\n\n    return {\n      ...config,\n      endpoints: [...existingEndpoints, ...authEndpoints],\n      onInit: async (payload) => {\n        if (existingOnInit) {\n          await existingOnInit(payload)\n        }\n\n        // Check if already attached (HMR scenario)\n        if ('betterAuth' in payload) {\n          return\n        }\n\n        // Reuse or create auth instance\n        if (!authInstance) {\n          try {\n            authInstance = createAuth(payload)\n          } catch (error) {\n            console.error('[better-auth] Failed to create auth:', error)\n            throw error\n          }\n        }\n\n        // Attach to payload for global access\n        Object.defineProperty(payload, 'betterAuth', {\n          value: authInstance,\n          writable: false,\n          enumerable: false,\n          configurable: false,\n        })\n      },\n    }\n  }\n}\n\nexport type BetterAuthStrategyOptions = {\n  /**\n   * The collection slug for users\n   * @default 'users'\n   */\n  usersCollection?: string\n  /**\n   * The collection slug for organization members (used for organization role lookup)\n   * @default 'members'\n   */\n  membersCollection?: string\n}\n\n/**\n * Payload auth strategy that uses Better Auth for authentication.\n *\n * Use this in your Users collection to authenticate via Better Auth sessions.\n *\n * Session fields (like `activeOrganizationId` from the organization plugin) are\n * automatically merged onto `req.user`, making them available in access control functions.\n *\n * If an active organization is set, the user's role in that organization is also\n * fetched and available as `req.user.organizationRole`.\n *\n * @example\n * ```ts\n * import { betterAuthStrategy } from '@delmaredigital/payload-better-auth/plugin'\n *\n * export const Users: CollectionConfig = {\n *   slug: 'users',\n *   auth: {\n *     disableLocalStrategy: true,\n *     strategies: [betterAuthStrategy()],\n *   },\n *   // ...\n * }\n * ```\n *\n * @example Access control with organization data\n * ```ts\n * // In your access control:\n * export const orgReadAccess: Access = ({ req }) => {\n *   if (!req.user?.activeOrganizationId) return false\n *   return {\n *     organization: { equals: req.user.activeOrganizationId }\n *   }\n * }\n * ```\n */\nexport function betterAuthStrategy(\n  options: BetterAuthStrategyOptions = {}\n): AuthStrategy {\n  const { usersCollection = 'users', membersCollection = 'members' } = options\n\n  return {\n    name: 'better-auth',\n    authenticate: async ({\n      payload,\n      headers,\n    }: {\n      payload: Payload\n      headers: Headers\n    }) => {\n      try {\n        const payloadWithAuth = payload as PayloadWithAuth\n        const auth = payloadWithAuth.betterAuth\n\n        if (!auth) {\n          console.error('Better Auth not initialized on payload instance')\n          return { user: null }\n        }\n\n        const sessionData = await auth.api.getSession({ headers })\n\n        if (!sessionData?.user?.id) {\n          return { user: null }\n        }\n\n        const users = await payload.find({\n          collection: usersCollection,\n          where: { id: { equals: sessionData.user.id } },\n          limit: 1,\n          depth: 0,\n        })\n\n        if (users.docs.length === 0) {\n          return { user: null }\n        }\n\n        // Extract session fields to merge onto user (e.g., activeOrganizationId from org plugin)\n        // Exclude fields that might conflict with user fields\n        const {\n          id: _sessionId,\n          userId: _userId,\n          expiresAt: _expiresAt,\n          token: _token,\n          ...sessionFields\n        } = (sessionData.session as Record<string, unknown>) || {}\n\n        // If there's an active organization, fetch the user's role in that org\n        let organizationRole: string | undefined\n        if (sessionFields.activeOrganizationId) {\n          try {\n            const memberships = await payload.find({\n              collection: membersCollection,\n              where: {\n                and: [\n                  { user: { equals: sessionData.user.id } },\n                  { organization: { equals: sessionFields.activeOrganizationId } },\n                ],\n              },\n              limit: 1,\n              depth: 0,\n            })\n            if (memberships.docs.length > 0) {\n              organizationRole = (memberships.docs[0] as { role?: string }).role\n            }\n          } catch {\n            // Members collection might not exist (org plugin not used), silently ignore\n          }\n        }\n\n        return {\n          user: {\n            ...users.docs[0],\n            ...sessionFields, // Merge session fields (activeOrganizationId, etc.)\n            ...(organizationRole && { organizationRole }), // Add org role if found\n            collection: usersCollection,\n            _strategy: 'better-auth',\n          },\n        }\n      } catch (error) {\n        console.error('Better Auth strategy error:', error)\n        return { user: null }\n      }\n    },\n  }\n}\n\n/**\n * Reset the auth instance (useful for testing)\n */\nexport function resetAuthInstance(): void {\n  authInstance = null\n}\n"],"names":["detectAuthConfig","detectEnabledPlugins","buildAvailableScopes","scopesToPermissions","authInstance","apiKeyScopesConfig","undefined","getApiKeyScopesConfig","handleApiKeyCreateWithScopes","authApi","payload","headers","body","session","getSession","user","id","Response","JSON","stringify","error","status","scopes","permissions","length","scopesConfig","availableScopes","config","collections","createOptions","name","userId","expiresIn","prefix","Object","keys","metadata","createApiKey","result","createError","errorMessage","Error","message","String","isMetadataDisabled","toLowerCase","includes","console","warn","optionsWithoutMetadata","createAuthEndpointHandler","req","payloadWithAuth","auth","betterAuth","protocol","get","host","pathname","search","url","split","URL","startsWith","parsedBody","method","text","parse","data","isApiKeyCreate","endsWith","Array","isArray","api","request","Request","toString","response","handler","generateAuthEndpoints","basePath","methods","map","path","injectAdminComponents","options","authDetection","hasDisableLocalStrategy","autoInjectAdminComponents","adminOptions","admin","existingComponents","components","logoutButton","disableLogoutButton","logout","Button","logoutButtonComponent","existingBeforeLogin","beforeLogin","disableBeforeLogin","beforeLoginComponent","existingViews","views","newLoginView","disableLoginView","Component","loginViewComponent","login","loginConfig","custom","injectManagementComponents","enableManagementUI","enabledPlugins","betterAuthOptions","paths","twoFactor","managementPaths","apiKeys","passkeys","existingAfterNavLinks","afterNavLinks","managementViews","hasTwoFactor","securityTwoFactor","hasApiKey","securityApiKeys","hasPasskey","securityPasskeys","hasAnyPlugin","clientProps","showTwoFactor","showApiKeys","showPasskeys","createBetterAuthPlugin","createAuth","authBasePath","autoRegisterEndpoints","apiKey","incomingConfig","authEndpoints","existingEndpoints","endpoints","existingOnInit","onInit","defineProperty","value","writable","enumerable","configurable","betterAuthStrategy","usersCollection","membersCollection","authenticate","sessionData","users","find","collection","where","equals","limit","depth","docs","_sessionId","_userId","expiresAt","_expiresAt","token","_token","sessionFields","organizationRole","activeOrganizationId","memberships","and","organization","role","_strategy","resetAuthInstance"],"mappings":"AAAA;;;;CAIC,GAYD,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SACEC,oBAAoB,QAEf,mCAAkC;AAEzC,SACEC,oBAAoB,EACpBC,mBAAmB,QACd,6BAA4B;AA2InC,8BAA8B;AAC9B,IAAIC,eAA4B;AAEhC,6DAA6D;AAC7D,IAAIC,qBAAqDC;AAEzD;;;CAGC,GACD,OAAO,SAASC;IACd,OAAOF;AACT;AA4BA;;;CAGC,GACD,eAAeG,6BACbC,OAAgB,EAChBC,OAAgB,EAChBC,OAAgB,EAChBC,IAA6B;IAE7B,IAAI;QACF,2CAA2C;QAC3C,MAAMC,UAAU,MAAMJ,QAAQK,UAAU,CAAC;YAAEH;QAAQ;QACnD,IAAI,CAACE,SAASE,MAAMC,IAAI;YACtB,OAAO,IAAIC,SACTC,KAAKC,SAAS,CAAC;gBAAEC,OAAO;YAAe,IACvC;gBAAEC,QAAQ;gBAAKV,SAAS;oBAAE,gBAAgB;gBAAmB;YAAE;QAEnE;QAEA,uCAAuC;QACvC,MAAMW,SAAS,AAACV,KAAKU,MAAM,IAA6B,EAAE;QAE1D,oDAAoD;QACpD,IAAIC;QACJ,IAAID,OAAOE,MAAM,GAAG,GAAG;YACrB,MAAMC,eAAelB;YACrB,MAAMmB,kBAAkBxB,qBACtBQ,QAAQiB,MAAM,CAACC,WAAW,EAC1BH;YAEFF,cAAcpB,oBAAoBmB,QAAQI;QAC5C;QAEA,qCAAqC;QACrC,MAAMG,gBAAgB;YACpBjB,MAAM;gBACJkB,MAAMlB,KAAKkB,IAAI;gBACfC,QAAQlB,QAAQE,IAAI,CAACC,EAAE;gBACvBgB,WAAWpB,KAAKoB,SAAS;gBACzBC,QAAQrB,KAAKqB,MAAM;gBACnBV,aAAaA,eAAeW,OAAOC,IAAI,CAACZ,aAAaC,MAAM,GAAG,IAAID,cAAcjB;gBAChF8B,UAAUd,OAAOE,MAAM,GAAG,IACtB;oBAAE,GAAIZ,KAAKwB,QAAQ;oBAA0Cd;gBAAO,IACnEV,KAAKwB,QAAQ;YACpB;QACF;QAEA,qCAAqC;QACrC,IAAI,OAAO3B,QAAQ4B,YAAY,KAAK,YAAY;YAC9C,OAAO,IAAIpB,SACTC,KAAKC,SAAS,CAAC;gBAAEC,OAAO;YAA6B,IACrD;gBAAEC,QAAQ;gBAAKV,SAAS;oBAAE,gBAAgB;gBAAmB;YAAE;QAEnE;QAEA,IAAI;YACF,MAAM2B,SAAS,MAAM7B,QAAQ4B,YAAY,CAACR;YAC1C,OAAO,IAAIZ,SAASC,KAAKC,SAAS,CAACmB,SAAS;gBAC1CjB,QAAQ;gBACRV,SAAS;oBAAE,gBAAgB;gBAAmB;YAChD;QACF,EAAE,OAAO4B,aAAa;YACpB,mDAAmD;YACnD,MAAMC,eAAeD,uBAAuBE,QAAQF,YAAYG,OAAO,GAAGC,OAAOJ;YACjF,MAAMK,qBAAqBJ,aAAaK,WAAW,GAAGC,QAAQ,CAAC,eAC7DN,aAAaK,WAAW,GAAGC,QAAQ,CAAC;YAEtC,IAAIF,sBAAsBf,cAAcjB,IAAI,CAACwB,QAAQ,EAAE;gBACrD,6EAA6E;gBAC7EW,QAAQC,IAAI,CAAC;gBACb,MAAMC,yBAAyB;oBAC7BrC,MAAM;wBACJ,GAAGiB,cAAcjB,IAAI;wBACrBwB,UAAU9B;oBACZ;gBACF;gBACA,MAAMgC,SAAS,MAAM7B,QAAQ4B,YAAY,CAACY;gBAC1C,OAAO,IAAIhC,SAASC,KAAKC,SAAS,CAACmB,SAAS;oBAC1CjB,QAAQ;oBACRV,SAAS;wBAAE,gBAAgB;oBAAmB;gBAChD;YACF;YAEA,wBAAwB;YACxB,MAAM4B;QACR;IACF,EAAE,OAAOnB,OAAO;QACd2B,QAAQ3B,KAAK,CAAC,yCAAyCA;QACvD,MAAMsB,UAAUtB,iBAAiBqB,QAAQrB,MAAMsB,OAAO,GAAG;QACzD,OAAO,IAAIzB,SACTC,KAAKC,SAAS,CAAC;YAAEC,OAAOsB;QAAQ,IAChC;YAAErB,QAAQ;YAAKV,SAAS;gBAAE,gBAAgB;YAAmB;QAAE;IAEnE;AACF;AAEA;;CAEC,GACD,SAASuC;IACP,OAAO,OAAOC;QACZ,MAAMC,kBAAkBD,IAAIzC,OAAO;QACnC,MAAM2C,OAAOD,gBAAgBE,UAAU;QAEvC,IAAI,CAACD,MAAM;YACT,OAAO,IAAIpC,SACTC,KAAKC,SAAS,CAAC;gBAAEC,OAAO;YAA8B,IACtD;gBAAEC,QAAQ;gBAAKV,SAAS;oBAAE,gBAAgB;gBAAmB;YAAE;QAEnE;QAEA,IAAI;YACF,yCAAyC;YACzC,2CAA2C;YAC3C,MAAM4C,WAAWJ,IAAIxC,OAAO,CAAC6C,GAAG,CAAC,wBAAwB;YACzD,MAAMC,OAAON,IAAIxC,OAAO,CAAC6C,GAAG,CAAC,WAAW;YACxC,MAAME,WAAW,AAACP,IAAyCO,QAAQ,IAAI;YACvE,MAAMC,SACJ,AAACR,IAAuCQ,MAAM,IAC9C,AAACR,IAAoCS,GAAG,EAAEC,MAAM,IAAI,CAAC,EAAE,IACvD;YAEF,MAAMD,MAAM,IAAIE,IAAIJ,UAAU,GAAGH,SAAS,GAAG,EAAEE,MAAM;YACrD,IAAIE,QAAQ;gBACVC,IAAID,MAAM,GAAGA,OAAOI,UAAU,CAAC,OAAOJ,SAAS,CAAC,CAAC,EAAEA,QAAQ;YAC7D;YAEA,uCAAuC;YACvC,IAAI/C;YACJ,IAAIoD;YACJ,IAAIb,IAAIc,MAAM,IAAI,CAAC;gBAAC;gBAAO;aAAO,CAACnB,QAAQ,CAACK,IAAIc,MAAM,GAAG;gBACvD,IAAI;oBACF,+BAA+B;oBAC/B,IAAI,OAAO,AAACd,IAAoDe,IAAI,KAAK,YAAY;wBACnFtD,OAAO,MAAM,AAACuC,IAAmDe,IAAI;wBACrE,IAAItD,MAAM;4BACR,IAAI;gCACFoD,aAAa9C,KAAKiD,KAAK,CAACvD;4BAC1B,EAAE,OAAM;4BACN,wBAAwB;4BAC1B;wBACF;oBACF,OAAO,IAAI,AAACuC,IAAsCiB,IAAI,EAAE;wBACtDJ,aAAa,AAACb,IAAqDiB,IAAI;wBACvExD,OAAOM,KAAKC,SAAS,CAAC6C;oBACxB;gBACF,EAAE,OAAM;oBACN,oDAAoD;oBACpD,IAAI,AAACb,IAAsCiB,IAAI,EAAE;wBAC/CJ,aAAa,AAACb,IAAqDiB,IAAI;wBACvExD,OAAOM,KAAKC,SAAS,CAAC6C;oBACxB;gBACF;YACF;YAEA,kDAAkD;YAClD,gEAAgE;YAChE,MAAMK,iBACJlB,IAAIc,MAAM,KAAK,UACfP,SAASY,QAAQ,CAAC,sBAClBN,YAAY1C,UACZiD,MAAMC,OAAO,CAACR,WAAW1C,MAAM;YAEjC,IAAI+C,kBAAkBL,YAAY;gBAChC,OAAOxD,6BACL6C,KAAKoB,GAAG,EACRtB,IAAIzC,OAAO,EACXyC,IAAIxC,OAAO,EACXqD;YAEJ;YAEA,uCAAuC;YACvC,MAAMU,UAAU,IAAIC,QAAQf,IAAIgB,QAAQ,IAAI;gBAC1CX,QAAQd,IAAIc,MAAM,IAAI;gBACtBtD,SAASwC,IAAIxC,OAAO;gBACpBC;YACF;YAEA,MAAMiE,WAAW,MAAMxB,KAAKyB,OAAO,CAACJ;YAEpC,OAAOG;QACT,EAAE,OAAOzD,OAAO;YACd2B,QAAQ3B,KAAK,CAAC,yCAAyCA;YACvD,OAAO,IAAIH,SACTC,KAAKC,SAAS,CAAC;gBAAEC,OAAO;YAAwB,IAChD;gBAAEC,QAAQ;gBAAKV,SAAS;oBAAE,gBAAgB;gBAAmB;YAAE;QAEnE;IACF;AACF;AAEA;;CAEC,GACD,SAASoE,sBAAsBC,QAAgB;IAC7C,MAAMF,UAAU5B;IAChB,MAAM+B,UAAU;QAAC;QAAO;QAAQ;QAAS;QAAO;KAAS;IAEzD,OAAOA,QAAQC,GAAG,CAAC,CAACjB,SAAY,CAAA;YAC9BkB,MAAM,GAAGH,SAAS,OAAO,CAAC;YAC1Bf;YACAa;QACF,CAAA;AACF;AAEA;;CAEC,GACD,SAASM,sBACPzD,MAAc,EACd0D,OAAgC;IAEhC,MAAMC,gBAAgBtF,iBAAiB2B;IAEvC,uEAAuE;IACvE,IACE,CAAC2D,cAAcC,uBAAuB,IACtCF,QAAQG,yBAAyB,KAAK,OACtC;QACA,OAAO7D;IACT;IAEA,MAAM8D,eAAeJ,QAAQK,KAAK,IAAI,CAAC;IACvC,MAAMC,qBAAqBhE,OAAO+D,KAAK,EAAEE,cAAc,CAAC;IAExD,6BAA6B;IAC7B,MAAMC,eAAeJ,aAAaK,mBAAmB,GAChDH,mBAAmBI,MAAM,EAA0BC,SACpDP,aAAaQ,qBAAqB,IAClC;IAEJ,2BAA2B;IAC3B,MAAMC,sBAAsBP,mBAAmBQ,WAAW,IAAI,EAAE;IAChE,MAAMA,cAAcV,aAAaW,kBAAkB,GAC/CF,sBACA;WACM3B,MAAMC,OAAO,CAAC0B,uBACdA,sBACA;YAACA;SAAoB;QACzBT,aAAaY,oBAAoB,IAC/B;KACH;IAEL,0BAA0B;IAC1B,MAAMC,gBACJ,AAACX,mBAAmBY,KAAK,IAA4C,CAAC;IACxE,MAAMC,eAAef,aAAagB,gBAAgB,GAC9CnG,YACA;QACEoG,WACEjB,aAAakB,kBAAkB,IAC/B;QACFxB,MAAM;IACR;IAEJ,MAAMoB,QAAQ;QACZ,GAAGD,aAAa;QAChB,GAAIE,eAAe;YAAEI,OAAOJ;QAAa,IAAI,CAAC,CAAC;IACjD;IAEA,kEAAkE;IAClE,MAAMK,cAAcpB,aAAamB,KAAK,IAAI,CAAC;IAE3C,mEAAmE;IACnE,OAAO;QACL,GAAGjF,MAAM;QACTmF,QAAQ;YACN,GAAGnF,OAAOmF,MAAM;YAChBxD,YAAY;gBACV,GAAI3B,OAAOmF,MAAM,EAAExD,UAAU;gBAC7BsD,OAAOC;YACT;QACF;QACAnB,OAAO;YACL,GAAG/D,OAAO+D,KAAK;YACfE,YAAY;gBACV,GAAGD,kBAAkB;gBACrBI,QAAQF,eACJ;oBACE,GAAI,OAAOF,mBAAmBI,MAAM,KAAK,WACrCJ,mBAAmBI,MAAM,GACzB,CAAC,CAAC;oBACNC,QAAQH;gBACV,IACAF,mBAAmBI,MAAM;gBAC7BI;gBACAI;YACF;QACF;IACF;AACF;AAEA;;CAEC,GACD,SAASQ,2BACPpF,MAAc,EACd0D,OAAgC;IAEhC,MAAMI,eAAeJ,QAAQK,KAAK,IAAI,CAAC;IAEvC,oCAAoC;IACpC,IAAID,aAAauB,kBAAkB,KAAK,OAAO;QAC7C,OAAOrF;IACT;IAEA,mCAAmC;IACnC,MAAMsF,iBAAiBhH,qBAAqBwF,aAAayB,iBAAiB;IAE1E,mCAAmC;IACnC,MAAMC,QAAQ;QACZC,WAAW3B,aAAa4B,eAAe,EAAED,aAAa;QACtDE,SAAS7B,aAAa4B,eAAe,EAAEC,WAAW;QAClDC,UAAU9B,aAAa4B,eAAe,EAAEE,YAAY;IACtD;IAEA,MAAM5B,qBAAqBhE,OAAO+D,KAAK,EAAEE,cAAc,CAAC;IACxD,MAAMU,gBACJ,AAACX,mBAAmBY,KAAK,IAA4C,CAAC;IACxE,MAAMiB,wBAAwB7B,mBAAmB8B,aAAa,IAAI,EAAE;IAEpE,kDAAkD;IAClD,qEAAqE;IACrE,MAAMC,kBAAuE,CAAC;IAE9E,0BAA0B;IAC1B,IAAIT,eAAeU,YAAY,EAAE;QAC/BD,gBAAgBE,iBAAiB,GAAG;YAClClB,WAAW;YACXvB,MAAMgC,MAAMC,SAAS;QACvB;IACF;IAEA,wBAAwB;IACxB,IAAIH,eAAeY,SAAS,EAAE;QAC5BH,gBAAgBI,eAAe,GAAG;YAChCpB,WAAW;YACXvB,MAAMgC,MAAMG,OAAO;QACrB;IACF;IAEA,wBAAwB;IACxB,IAAIL,eAAec,UAAU,EAAE;QAC7BL,gBAAgBM,gBAAgB,GAAG;YACjCtB,WAAW;YACXvB,MAAMgC,MAAMI,QAAQ;QACtB;IACF;IAEA,uDAAuD;IACvD,MAAMU,eAAehB,eAAeU,YAAY,IAAIV,eAAeY,SAAS,IAAIZ,eAAec,UAAU;IAEzG,6EAA6E;IAC7E,MAAMN,gBAAgBQ,eAClB;WACM1D,MAAMC,OAAO,CAACgD,yBACdA,wBACA;YAACA;SAAsB;QAC3B;YACErC,MAAM;YACN+C,aAAa;gBACXC,eAAelB,eAAeU,YAAY;gBAC1CS,aAAanB,eAAeY,SAAS;gBACrCQ,cAAcpB,eAAec,UAAU;YACzC;QACF;KACD,GACDP;IAEJ,OAAO;QACL,GAAG7F,MAAM;QACT+D,OAAO;YACL,GAAG/D,OAAO+D,KAAK;YACfE,YAAY;gBACV,GAAGD,kBAAkB;gBACrBY,OAAO;oBACL,GAAGD,aAAa;oBAChB,GAAGoB,eAAe;gBACpB;gBACAD;YACF;QACF;IACF;AACF;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4BC,GACD,OAAO,SAASa,uBACdjD,OAAgC;IAEhC,MAAM,EACJkD,UAAU,EACVC,eAAe,OAAO,EACtBC,wBAAwB,IAAI,EAC5BjD,4BAA4B,IAAI,EACjC,GAAGH;IAEJ,6DAA6D;IAC7DhF,qBAAqBgF,QAAQK,KAAK,EAAEgD;IAEpC,OAAO,CAACC;QACN,qCAAqC;QACrC,IAAIhH,SACF6D,4BACIJ,sBAAsBuD,gBAAgBtD,WACtCsD;QAEN,kCAAkC;QAClChH,SAASoF,2BAA2BpF,QAAQ0D;QAE5C,qCAAqC;QACrC,MAAMuD,gBAAgBH,wBAClB1D,sBAAsByD,gBACtB,EAAE;QAEN,kBAAkB;QAClB,MAAMK,oBAAoBlH,OAAOmH,SAAS,IAAI,EAAE;QAEhD,sBAAsB;QACtB,MAAMC,iBAAiBpH,OAAOqH,MAAM;QAEpC,OAAO;YACL,GAAGrH,MAAM;YACTmH,WAAW;mBAAID;mBAAsBD;aAAc;YACnDI,QAAQ,OAAOtI;gBACb,IAAIqI,gBAAgB;oBAClB,MAAMA,eAAerI;gBACvB;gBAEA,2CAA2C;gBAC3C,IAAI,gBAAgBA,SAAS;oBAC3B;gBACF;gBAEA,gCAAgC;gBAChC,IAAI,CAACN,cAAc;oBACjB,IAAI;wBACFA,eAAemI,WAAW7H;oBAC5B,EAAE,OAAOU,OAAO;wBACd2B,QAAQ3B,KAAK,CAAC,wCAAwCA;wBACtD,MAAMA;oBACR;gBACF;gBAEA,sCAAsC;gBACtCc,OAAO+G,cAAc,CAACvI,SAAS,cAAc;oBAC3CwI,OAAO9I;oBACP+I,UAAU;oBACVC,YAAY;oBACZC,cAAc;gBAChB;YACF;QACF;IACF;AACF;AAeA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCC,GACD,OAAO,SAASC,mBACdjE,UAAqC,CAAC,CAAC;IAEvC,MAAM,EAAEkE,kBAAkB,OAAO,EAAEC,oBAAoB,SAAS,EAAE,GAAGnE;IAErE,OAAO;QACLvD,MAAM;QACN2H,cAAc,OAAO,EACnB/I,OAAO,EACPC,OAAO,EAIR;YACC,IAAI;gBACF,MAAMyC,kBAAkB1C;gBACxB,MAAM2C,OAAOD,gBAAgBE,UAAU;gBAEvC,IAAI,CAACD,MAAM;oBACTN,QAAQ3B,KAAK,CAAC;oBACd,OAAO;wBAAEL,MAAM;oBAAK;gBACtB;gBAEA,MAAM2I,cAAc,MAAMrG,KAAKoB,GAAG,CAAC3D,UAAU,CAAC;oBAAEH;gBAAQ;gBAExD,IAAI,CAAC+I,aAAa3I,MAAMC,IAAI;oBAC1B,OAAO;wBAAED,MAAM;oBAAK;gBACtB;gBAEA,MAAM4I,QAAQ,MAAMjJ,QAAQkJ,IAAI,CAAC;oBAC/BC,YAAYN;oBACZO,OAAO;wBAAE9I,IAAI;4BAAE+I,QAAQL,YAAY3I,IAAI,CAACC,EAAE;wBAAC;oBAAE;oBAC7CgJ,OAAO;oBACPC,OAAO;gBACT;gBAEA,IAAIN,MAAMO,IAAI,CAAC1I,MAAM,KAAK,GAAG;oBAC3B,OAAO;wBAAET,MAAM;oBAAK;gBACtB;gBAEA,yFAAyF;gBACzF,sDAAsD;gBACtD,MAAM,EACJC,IAAImJ,UAAU,EACdpI,QAAQqI,OAAO,EACfC,WAAWC,UAAU,EACrBC,OAAOC,MAAM,EACb,GAAGC,eACJ,GAAG,AAACf,YAAY7I,OAAO,IAAgC,CAAC;gBAEzD,uEAAuE;gBACvE,IAAI6J;gBACJ,IAAID,cAAcE,oBAAoB,EAAE;oBACtC,IAAI;wBACF,MAAMC,cAAc,MAAMlK,QAAQkJ,IAAI,CAAC;4BACrCC,YAAYL;4BACZM,OAAO;gCACLe,KAAK;oCACH;wCAAE9J,MAAM;4CAAEgJ,QAAQL,YAAY3I,IAAI,CAACC,EAAE;wCAAC;oCAAE;oCACxC;wCAAE8J,cAAc;4CAAEf,QAAQU,cAAcE,oBAAoB;wCAAC;oCAAE;iCAChE;4BACH;4BACAX,OAAO;4BACPC,OAAO;wBACT;wBACA,IAAIW,YAAYV,IAAI,CAAC1I,MAAM,GAAG,GAAG;4BAC/BkJ,mBAAmB,AAACE,YAAYV,IAAI,CAAC,EAAE,CAAuBa,IAAI;wBACpE;oBACF,EAAE,OAAM;oBACN,4EAA4E;oBAC9E;gBACF;gBAEA,OAAO;oBACLhK,MAAM;wBACJ,GAAG4I,MAAMO,IAAI,CAAC,EAAE;wBAChB,GAAGO,aAAa;wBAChB,GAAIC,oBAAoB;4BAAEA;wBAAiB,CAAC;wBAC5Cb,YAAYN;wBACZyB,WAAW;oBACb;gBACF;YACF,EAAE,OAAO5J,OAAO;gBACd2B,QAAQ3B,KAAK,CAAC,+BAA+BA;gBAC7C,OAAO;oBAAEL,MAAM;gBAAK;YACtB;QACF;IACF;AACF;AAEA;;CAEC,GACD,OAAO,SAASkK;IACd7K,eAAe;AACjB"}

package/dist/scripts/generate-types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"generate-types.d.ts","sourceRoot":"","sources":["../../src/scripts/generate-types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/dist/scripts/generate-types.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/scripts/generate-types.ts"],"sourcesContent":["/**\n * Type generation script for Better Auth schema.\n *\n * Generates TypeScript types by introspecting Better Auth's schema\n * and diffing plugin additions against the base schema.\n *\n * Run with: pnpm generate:types\n */\n\nimport { passkey } from '@better-auth/passkey'\nimport type { DBFieldAttribute } from 'better-auth/db'\nimport { getSchema } from 'better-auth/db'\nimport {\n  admin,\n  anonymous,\n  apiKey,\n  bearer,\n  emailOTP,\n  genericOAuth,\n  jwt,\n  magicLink,\n  multiSession,\n  oidcProvider,\n  oneTap,\n  oneTimeToken,\n  openAPI,\n  organization,\n  phoneNumber,\n  twoFactor,\n  username,\n} from 'better-auth/plugins'\nimport fs from 'node:fs/promises'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\ntype Schema = Record<string, { fields: Record<string, DBFieldAttribute> }>\n\n// Plugins to include in type generation\n// Add new plugins here as they become supported\nconst plugins = [\n  username(),\n  admin(),\n  apiKey(),\n  passkey(),\n  bearer(),\n  emailOTP({ sendVerificationOTP: async () => {} }),\n  magicLink({ sendMagicLink: async () => {} }),\n  phoneNumber({ sendOTP: async () => {} }),\n  oneTap(),\n  anonymous(),\n  multiSession(),\n  oneTimeToken(),\n  oidcProvider({ loginPage: '' }),\n  genericOAuth({\n    config: [\n      {\n        providerId: 'generic',\n        clientId: 'generic',\n        clientSecret: 'generic',\n      },\n    ],\n  }),\n  openAPI(),\n  organization({\n    teams: { enabled: true },\n  }),\n  jwt(),\n  twoFactor(),\n]\n\nconst betterAuthConfig = {\n  emailAndPassword: { enabled: true },\n  user: {\n    additionalFields: {\n      role: { type: 'string' as const, defaultValue: 'user', input: false },\n    },\n  },\n  plugins,\n}\n\nconst baseSchema = getSchema({ ...betterAuthConfig, plugins: [] })\n\n/**\n * Map Better Auth field types to TypeScript types\n */\nfunction mapType(t: string): string {\n  switch (t) {\n    case 'boolean':\n      return 'boolean'\n    case 'date':\n      return 'Date'\n    case 'number':\n      return 'number'\n    case 'string':\n      return 'string'\n    case 'number[]':\n      return 'number[]'\n    case 'string[]':\n      return 'string[]'\n    default:\n      return 'unknown'\n  }\n}\n\n/**\n * Convert string to PascalCase\n */\nfunction pascal(s: string): string {\n  return s\n    .split(/[-_]/g)\n    .map((p) => p.charAt(0).toUpperCase() + p.slice(1))\n    .join('')\n}\n\n/**\n * Find fields added by a plugin compared to base schema\n */\nfunction diff(\n  base: Schema,\n  target: Schema\n): Record<string, Record<string, DBFieldAttribute>> {\n  const d: Record<string, Record<string, DBFieldAttribute>> = {}\n  for (const [m, { fields }] of Object.entries(target)) {\n    const added = Object.entries(fields).filter(\n      ([k]) => !(k in (base[m]?.fields ?? {}))\n    )\n    if (added.length) d[m] = Object.fromEntries(added)\n  }\n  return d\n}\n\n/**\n * Generate TypeScript type definitions\n */\nfunction generate(): string {\n  let out = `/**\n * Auto-generated Better Auth types.\n * DO NOT EDIT - Run \\`pnpm generate:types\\` to regenerate.\n *\n * Generated from Better Auth schema introspection.\n * Contains types for all supported plugins and their field additions.\n */\n\n`\n\n  const pluginAdds: Record<\n    string,\n    Record<string, Record<string, DBFieldAttribute>>\n  > = {}\n  const seen = new Set<string>()\n\n  // Diff each plugin's schema against base to find additions\n  for (const pl of plugins) {\n    const id = (pl as { id?: string }).id\n    if (!id || seen.has(id)) continue\n    seen.add(id)\n    const adds = diff(\n      baseSchema,\n      getSchema({ ...betterAuthConfig, plugins: [pl] })\n    )\n    for (const [m, f] of Object.entries(adds)) {\n      pluginAdds[m] ??= {}\n      pluginAdds[m][id] = f\n    }\n  }\n\n  // Collect all models from base and plugins\n  const models = new Set<string>([\n    ...Object.keys(baseSchema),\n    ...Object.keys(pluginAdds),\n  ])\n\n  // Generate types for each model\n  for (const model of models) {\n    const P = pascal(model)\n    const base = baseSchema[model]?.fields ?? {}\n    const pluginsForModel = pluginAdds[model] ?? {}\n    const pluginIds = Object.keys(pluginsForModel)\n\n    // Base fields type\n    if (Object.keys(base).length) {\n      out += `export type Base${P}Fields = {\\n`\n      for (const [k, f] of Object.entries(base)) {\n        const fieldName = f.fieldName ?? k\n        const optional = f.required ? '' : '?'\n        out += `  ${fieldName}${optional}: ${mapType(f.type as string)}\\n`\n      }\n      out += '}\\n\\n'\n    }\n\n    // Plugin fields mapping\n    const needPluginMap = pluginIds.length > 1 || Object.keys(base).length\n    if (needPluginMap && pluginIds.length) {\n      out += `export type ${P}PluginFields = {\\n`\n      for (const [pid, flds] of Object.entries(pluginsForModel)) {\n        out += `  ${JSON.stringify(pid)}: {\\n`\n        for (const [k, f] of Object.entries(flds)) {\n          const fieldName = f.fieldName ?? k\n          const optional = f.required ? '' : '?'\n          out += `    ${fieldName}${optional}: ${mapType(f.type as string)}\\n`\n        }\n        out += '  }\\n'\n      }\n      out += '}\\n\\n'\n    }\n\n    // Handle single-plugin-only models\n    if (!Object.keys(base).length && pluginIds.length === 1) {\n      const only = pluginIds[0]\n      out += `export type ${P}Fields = {\\n`\n      for (const [k, f] of Object.entries(pluginsForModel[only])) {\n        const fieldName = f.fieldName ?? k\n        const optional = f.required ? '' : '?'\n        out += `  ${fieldName}${optional}: ${mapType(f.type as string)}\\n`\n      }\n      out += '}\\n\\n'\n      out += `export type ${P} = ${P}Fields\\n\\n`\n      continue\n    }\n\n    // Combined type as intersection\n    const parts: string[] = []\n    if (Object.keys(base).length) parts.push(`Base${P}Fields`)\n    if (pluginIds.length) {\n      const mapName = needPluginMap ? `${P}PluginFields` : undefined\n      parts.push(\n        ...pluginIds.map((id) =>\n          mapName ? `${mapName}[${JSON.stringify(id)}]` : 'never'\n        )\n      )\n    }\n    out += `export type ${P} = ${parts.join(' & ')}\\n\\n`\n  }\n\n  // Plugin ID union type\n  const pluginIdUnion = [...seen].map((id) => JSON.stringify(id)).join(' | ')\n  out += `/**\n * Union of all supported plugin identifiers.\n */\nexport type PluginId = ${pluginIdUnion}\\n\\n`\n\n  // Full schema mapping\n  out += `/**\n * Complete schema mapping of all models to their types.\n */\nexport type BetterAuthFullSchema = {\\n`\n  for (const model of models) {\n    const P = pascal(model)\n    out += `  ${JSON.stringify(model)}: ${P}\\n`\n  }\n  out += '}\\n\\n'\n\n  // Model key union\n  out += `/**\n * Union of all model names in the schema.\n */\nexport type ModelKey = keyof BetterAuthFullSchema\\n`\n\n  return out\n}\n\n// Generate and write types\nconst generated = generate()\n\nconst __dirname = path.dirname(fileURLToPath(import.meta.url))\nconst outputFile = path.resolve(__dirname, '../generated-types.ts')\n\nawait fs.writeFile(outputFile, generated, 'utf8')\nconsole.log(`Generated types written to ${outputFile}`)\n"],"names":["passkey","getSchema","admin","anonymous","apiKey","bearer","emailOTP","genericOAuth","jwt","magicLink","multiSession","oidcProvider","oneTap","oneTimeToken","openAPI","organization","phoneNumber","twoFactor","username","fs","path","fileURLToPath","plugins","sendVerificationOTP","sendMagicLink","sendOTP","loginPage","config","providerId","clientId","clientSecret","teams","enabled","betterAuthConfig","emailAndPassword","user","additionalFields","role","type","defaultValue","input","baseSchema","mapType","t","pascal","s","split","map","p","charAt","toUpperCase","slice","join","diff","base","target","d","m","fields","Object","entries","added","filter","k","length","fromEntries","generate","out","pluginAdds","seen","Set","pl","id","has","add","adds","f","models","keys","model","P","pluginsForModel","pluginIds","fieldName","optional","required","needPluginMap","pid","flds","JSON","stringify","only","parts","push","mapName","undefined","pluginIdUnion","generated","__dirname","dirname","url","outputFile","resolve","writeFile","console","log"],"mappings":"AAAA;;;;;;;CAOC,GAED,SAASA,OAAO,QAAQ,uBAAsB;AAE9C,SAASC,SAAS,QAAQ,iBAAgB;AAC1C,SACEC,KAAK,EACLC,SAAS,EACTC,MAAM,EACNC,MAAM,EACNC,QAAQ,EACRC,YAAY,EACZC,GAAG,EACHC,SAAS,EACTC,YAAY,EACZC,YAAY,EACZC,MAAM,EACNC,YAAY,EACZC,OAAO,EACPC,YAAY,EACZC,WAAW,EACXC,SAAS,EACTC,QAAQ,QACH,sBAAqB;AAC5B,OAAOC,QAAQ,mBAAkB;AACjC,OAAOC,UAAU,YAAW;AAC5B,SAASC,aAAa,QAAQ,WAAU;AAIxC,wCAAwC;AACxC,gDAAgD;AAChD,MAAMC,UAAU;IACdJ;IACAhB;IACAE;IACAJ;IACAK;IACAC,SAAS;QAAEiB,qBAAqB,WAAa;IAAE;IAC/Cd,UAAU;QAAEe,eAAe,WAAa;IAAE;IAC1CR,YAAY;QAAES,SAAS,WAAa;IAAE;IACtCb;IACAT;IACAO;IACAG;IACAF,aAAa;QAAEe,WAAW;IAAG;IAC7BnB,aAAa;QACXoB,QAAQ;YACN;gBACEC,YAAY;gBACZC,UAAU;gBACVC,cAAc;YAChB;SACD;IACH;IACAhB;IACAC,aAAa;QACXgB,OAAO;YAAEC,SAAS;QAAK;IACzB;IACAxB;IACAS;CACD;AAED,MAAMgB,mBAAmB;IACvBC,kBAAkB;QAAEF,SAAS;IAAK;IAClCG,MAAM;QACJC,kBAAkB;YAChBC,MAAM;gBAAEC,MAAM;gBAAmBC,cAAc;gBAAQC,OAAO;YAAM;QACtE;IACF;IACAlB;AACF;AAEA,MAAMmB,aAAaxC,UAAU;IAAE,GAAGgC,gBAAgB;IAAEX,SAAS,EAAE;AAAC;AAEhE;;CAEC,GACD,SAASoB,QAAQC,CAAS;IACxB,OAAQA;QACN,KAAK;YACH,OAAO;QACT,KAAK;YACH,OAAO;QACT,KAAK;YACH,OAAO;QACT,KAAK;YACH,OAAO;QACT,KAAK;YACH,OAAO;QACT,KAAK;YACH,OAAO;QACT;YACE,OAAO;IACX;AACF;AAEA;;CAEC,GACD,SAASC,OAAOC,CAAS;IACvB,OAAOA,EACJC,KAAK,CAAC,SACNC,GAAG,CAAC,CAACC,IAAMA,EAAEC,MAAM,CAAC,GAAGC,WAAW,KAAKF,EAAEG,KAAK,CAAC,IAC/CC,IAAI,CAAC;AACV;AAEA;;CAEC,GACD,SAASC,KACPC,IAAY,EACZC,MAAc;IAEd,MAAMC,IAAsD,CAAC;IAC7D,KAAK,MAAM,CAACC,GAAG,EAAEC,MAAM,EAAE,CAAC,IAAIC,OAAOC,OAAO,CAACL,QAAS;QACpD,MAAMM,QAAQF,OAAOC,OAAO,CAACF,QAAQI,MAAM,CACzC,CAAC,CAACC,EAAE,GAAK,CAAEA,CAAAA,KAAMT,CAAAA,IAAI,CAACG,EAAE,EAAEC,UAAU,CAAC,CAAA,CAAC;QAExC,IAAIG,MAAMG,MAAM,EAAER,CAAC,CAACC,EAAE,GAAGE,OAAOM,WAAW,CAACJ;IAC9C;IACA,OAAOL;AACT;AAEA;;CAEC,GACD,SAASU;IACP,IAAIC,MAAM,CAAC;;;;;;;;AAQb,CAAC;IAEC,MAAMC,aAGF,CAAC;IACL,MAAMC,OAAO,IAAIC;IAEjB,2DAA2D;IAC3D,KAAK,MAAMC,MAAMjD,QAAS;QACxB,MAAMkD,KAAK,AAACD,GAAuBC,EAAE;QACrC,IAAI,CAACA,MAAMH,KAAKI,GAAG,CAACD,KAAK;QACzBH,KAAKK,GAAG,CAACF;QACT,MAAMG,OAAOtB,KACXZ,YACAxC,UAAU;YAAE,GAAGgC,gBAAgB;YAAEX,SAAS;gBAACiD;aAAG;QAAC;QAEjD,KAAK,MAAM,CAACd,GAAGmB,EAAE,IAAIjB,OAAOC,OAAO,CAACe,MAAO;YACzCP,UAAU,CAACX,EAAE,KAAK,CAAC;YACnBW,UAAU,CAACX,EAAE,CAACe,GAAG,GAAGI;QACtB;IACF;IAEA,2CAA2C;IAC3C,MAAMC,SAAS,IAAIP,IAAY;WAC1BX,OAAOmB,IAAI,CAACrC;WACZkB,OAAOmB,IAAI,CAACV;KAChB;IAED,gCAAgC;IAChC,KAAK,MAAMW,SAASF,OAAQ;QAC1B,MAAMG,IAAIpC,OAAOmC;QACjB,MAAMzB,OAAOb,UAAU,CAACsC,MAAM,EAAErB,UAAU,CAAC;QAC3C,MAAMuB,kBAAkBb,UAAU,CAACW,MAAM,IAAI,CAAC;QAC9C,MAAMG,YAAYvB,OAAOmB,IAAI,CAACG;QAE9B,mBAAmB;QACnB,IAAItB,OAAOmB,IAAI,CAACxB,MAAMU,MAAM,EAAE;YAC5BG,OAAO,CAAC,gBAAgB,EAAEa,EAAE,YAAY,CAAC;YACzC,KAAK,MAAM,CAACjB,GAAGa,EAAE,IAAIjB,OAAOC,OAAO,CAACN,MAAO;gBACzC,MAAM6B,YAAYP,EAAEO,SAAS,IAAIpB;gBACjC,MAAMqB,WAAWR,EAAES,QAAQ,GAAG,KAAK;gBACnClB,OAAO,CAAC,EAAE,EAAEgB,YAAYC,SAAS,EAAE,EAAE1C,QAAQkC,EAAEtC,IAAI,EAAY,EAAE,CAAC;YACpE;YACA6B,OAAO;QACT;QAEA,wBAAwB;QACxB,MAAMmB,gBAAgBJ,UAAUlB,MAAM,GAAG,KAAKL,OAAOmB,IAAI,CAACxB,MAAMU,MAAM;QACtE,IAAIsB,iBAAiBJ,UAAUlB,MAAM,EAAE;YACrCG,OAAO,CAAC,YAAY,EAAEa,EAAE,kBAAkB,CAAC;YAC3C,KAAK,MAAM,CAACO,KAAKC,KAAK,IAAI7B,OAAOC,OAAO,CAACqB,iBAAkB;gBACzDd,OAAO,CAAC,EAAE,EAAEsB,KAAKC,SAAS,CAACH,KAAK,KAAK,CAAC;gBACtC,KAAK,MAAM,CAACxB,GAAGa,EAAE,IAAIjB,OAAOC,OAAO,CAAC4B,MAAO;oBACzC,MAAML,YAAYP,EAAEO,SAAS,IAAIpB;oBACjC,MAAMqB,WAAWR,EAAES,QAAQ,GAAG,KAAK;oBACnClB,OAAO,CAAC,IAAI,EAAEgB,YAAYC,SAAS,EAAE,EAAE1C,QAAQkC,EAAEtC,IAAI,EAAY,EAAE,CAAC;gBACtE;gBACA6B,OAAO;YACT;YACAA,OAAO;QACT;QAEA,mCAAmC;QACnC,IAAI,CAACR,OAAOmB,IAAI,CAACxB,MAAMU,MAAM,IAAIkB,UAAUlB,MAAM,KAAK,GAAG;YACvD,MAAM2B,OAAOT,SAAS,CAAC,EAAE;YACzBf,OAAO,CAAC,YAAY,EAAEa,EAAE,YAAY,CAAC;YACrC,KAAK,MAAM,CAACjB,GAAGa,EAAE,IAAIjB,OAAOC,OAAO,CAACqB,eAAe,CAACU,KAAK,EAAG;gBAC1D,MAAMR,YAAYP,EAAEO,SAAS,IAAIpB;gBACjC,MAAMqB,WAAWR,EAAES,QAAQ,GAAG,KAAK;gBACnClB,OAAO,CAAC,EAAE,EAAEgB,YAAYC,SAAS,EAAE,EAAE1C,QAAQkC,EAAEtC,IAAI,EAAY,EAAE,CAAC;YACpE;YACA6B,OAAO;YACPA,OAAO,CAAC,YAAY,EAAEa,EAAE,GAAG,EAAEA,EAAE,UAAU,CAAC;YAC1C;QACF;QAEA,gCAAgC;QAChC,MAAMY,QAAkB,EAAE;QAC1B,IAAIjC,OAAOmB,IAAI,CAACxB,MAAMU,MAAM,EAAE4B,MAAMC,IAAI,CAAC,CAAC,IAAI,EAAEb,EAAE,MAAM,CAAC;QACzD,IAAIE,UAAUlB,MAAM,EAAE;YACpB,MAAM8B,UAAUR,gBAAgB,GAAGN,EAAE,YAAY,CAAC,GAAGe;YACrDH,MAAMC,IAAI,IACLX,UAAUnC,GAAG,CAAC,CAACyB,KAChBsB,UAAU,GAAGA,QAAQ,CAAC,EAAEL,KAAKC,SAAS,CAAClB,IAAI,CAAC,CAAC,GAAG;QAGtD;QACAL,OAAO,CAAC,YAAY,EAAEa,EAAE,GAAG,EAAEY,MAAMxC,IAAI,CAAC,OAAO,IAAI,CAAC;IACtD;IAEA,uBAAuB;IACvB,MAAM4C,gBAAgB;WAAI3B;KAAK,CAACtB,GAAG,CAAC,CAACyB,KAAOiB,KAAKC,SAAS,CAAClB,KAAKpB,IAAI,CAAC;IACrEe,OAAO,CAAC;;;uBAGa,EAAE6B,cAAc,IAAI,CAAC;IAE1C,sBAAsB;IACtB7B,OAAO,CAAC;;;sCAG4B,CAAC;IACrC,KAAK,MAAMY,SAASF,OAAQ;QAC1B,MAAMG,IAAIpC,OAAOmC;QACjBZ,OAAO,CAAC,EAAE,EAAEsB,KAAKC,SAAS,CAACX,OAAO,EAAE,EAAEC,EAAE,EAAE,CAAC;IAC7C;IACAb,OAAO;IAEP,kBAAkB;IAClBA,OAAO,CAAC;;;mDAGyC,CAAC;IAElD,OAAOA;AACT;AAEA,2BAA2B;AAC3B,MAAM8B,YAAY/B;AAElB,MAAMgC,YAAY9E,KAAK+E,OAAO,CAAC9E,cAAc,YAAY+E,GAAG;AAC5D,MAAMC,aAAajF,KAAKkF,OAAO,CAACJ,WAAW;AAE3C,MAAM/E,GAAGoF,SAAS,CAACF,YAAYJ,WAAW;AAC1CO,QAAQC,GAAG,CAAC,CAAC,2BAA2B,EAAEJ,YAAY"}

package/dist/types/apiKey.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"apiKey.d.ts","sourceRoot":"","sources":["../../src/types/apiKey.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAA;IACb,sFAAsF;IACtF,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;IACrC,gEAAgE;IAChE,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACxC;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC7B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,eAAe,GAAG;IAC7C,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAA;CACX,CAAA"}

package/dist/types/apiKey.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/types/apiKey.ts"],"sourcesContent":["/**\n * API Key Scope Types\n *\n * Provides typed configuration for API key permission scopes.\n */\n\n/**\n * A single permission scope definition.\n * Scopes are human-readable permission groups (like GitHub OAuth scopes).\n */\nexport type ScopeDefinition = {\n  /** Human-readable label for the scope (e.g., \"Read Content\") */\n  label: string\n  /** Description of what this scope allows (e.g., \"View posts, pages, and comments\") */\n  description: string\n  /**\n   * Permission mapping: { resourceType: ['action1', 'action2'] }\n   * Maps to Better Auth's permission format.\n   * Use '*' for resource to match all resources.\n   * Use '*' in actions array to grant all actions on a resource.\n   */\n  permissions: Record<string, string[]>\n  /** If true, only admin users can create keys with this scope */\n  adminOnly?: boolean\n}\n\n/**\n * Configuration options for API key scopes.\n * Can be used in plugin options to customize available scopes.\n */\nexport type ApiKeyScopesConfig = {\n  /**\n   * Custom scope definitions.\n   * Key is the scope ID (e.g., 'content:read'), value is the scope definition.\n   */\n  scopes?: Record<string, ScopeDefinition>\n  /**\n   * Include auto-generated collection scopes.\n   * When true (default), generates {collection}:read, {collection}:write, {collection}:delete\n   * for each Payload collection.\n   * @default true when no custom scopes provided, false when custom scopes provided\n   */\n  includeCollectionScopes?: boolean\n  /**\n   * Collections to exclude from auto-generated scopes.\n   * Useful for hiding sensitive collections like 'sessions' or 'verifications'.\n   * @default ['sessions', 'verifications', 'accounts', 'twoFactors']\n   */\n  excludeCollections?: string[]\n  /**\n   * Default scopes assigned to new API keys when user doesn't select any.\n   * If not provided, keys without scopes will have no permissions.\n   */\n  defaultScopes?: string[]\n}\n\n/**\n * Scope data passed to the API keys management client component.\n */\nexport type AvailableScope = ScopeDefinition & {\n  /** The scope ID (e.g., 'content:read') */\n  id: string\n}\n"],"names":[],"mappings":"AAAA;;;;CAIC,GAED;;;CAGC,GA+CD;;CAEC,GACD,WAGC"}

package/dist/types/betterAuth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"betterAuth.d.ts","sourceRoot":"","sources":["../../src/types/betterAuth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,EACR,gBAAgB,EAChB,YAAY,EACZ,SAAS,EACV,MAAM,mBAAmB,CAAA;AAC1B,OAAO,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAEpE;;GAEG;AACH,KAAK,cAAc,GAAG;IACpB,uBAAuB,EAAE,MAAM,CAAA;IAC/B,mBAAmB,EAAE,MAAM,CAAA;IAC3B,gBAAgB,EAAE,MAAM,CAAA;IACxB,qBAAqB,EAAE,MAAM,CAAA;IAC7B,wBAAwB,EAAE,MAAM,CAAA;IAChC,qBAAqB,EAAE,MAAM,CAAA;IAC7B,qBAAqB,EAAE,MAAM,CAAA;IAC7B,yBAAyB,EAAE,MAAM,CAAA;IACjC,6BAA6B,EAAE,MAAM,CAAA;IACrC,kBAAkB,EAAE,MAAM,CAAA;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,sBAAsB,EAAE,MAAM,CAAA;IAC9B,8BAA8B,EAAE,MAAM,CAAA;IACtC,4BAA4B,EAAE,MAAM,CAAA;IACpC,oBAAoB,EAAE,MAAM,CAAA;IAC5B,gBAAgB,EAAE,MAAM,CAAA;IACxB,iBAAiB,EAAE,MAAM,CAAA;IACzB,eAAe,EAAE,MAAM,CAAA;IACvB,qBAAqB,EAAE,MAAM,CAAA;IAC7B,gBAAgB,EAAE,MAAM,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,KAAK,mBAAmB,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI,GAAG,KAAK,CAAC,SAAS,CACjF,CAAC,EAAE,MAAM,CAAC,KACP,IAAI,GACL,CAAC,GACD,KAAK,CAAA;AAET;;;GAGG;AACH,KAAK,YAAY,CAAC,CAAC,IAAI;KACpB,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GACxD,CAAC,CAAC,CAAC,CAAC,GACJ,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GACjB,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,CAAC,OAAO,CAAC,GACzB,CAAC,CAAC,CAAC,CAAC,GACJ,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,GACf,CAAC,CAAC,CAAC,CAAC,GACJ,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GACtB,CAAC,CAAC,CAAC,CAAC;CACX,GAAG,EAAE,CAAA;AAEN;;GAEG;AACH,KAAK,qBAAqB,CAAC,CAAC,SAAS,iBAAiB,IACpD,CAAC,CAAC,SAAS,CAAC,SAAS,KAAK,CAAC,MAAM,CAAC,CAAC,GAC/B,mBAAmB,CACjB,CAAC,SAAS,gBAAgB,GACtB,CAAC,CAAC,cAAc,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/C,CAAC,CAAC,cAAc,CAAC,GACjB,KAAK,GACP,KAAK,CACV,SAAS,MAAM,CAAC,GACf,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GACjB,MAAM,GACN,CAAC,GACH,MAAM,GACR,MAAM,CAAA;AAEZ;;GAEG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,IACjE,CAAC,CAAC,MAAM,CAAC,EAAE,GACX,IAAI,CAAA;AASR;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,iBAAiB,GAAG,iBAAiB,IAAI;IAC9E,6CAA6C;IAC7C,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;IAChD,4BAA4B;IAC5B,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;IACxD,2BAA2B;IAC3B,OAAO,EAAE,CAAC,CAAA;IACV,2CAA2C;IAC3C,YAAY,EAAE,qBAAqB,CAAC,CAAC,CAAC,GAAG,cAAc,CAAA;IACvD,kDAAkD;IAClD,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC,CAAA;IAC9B,0CAA0C;IAC1C,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,GACpD,gBAAgB,CAAC,CAAC,CAAC,GACnB;QACE,OAAO,EAAE;YACP,OAAO,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAA;YACtC,IAAI,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;SACjC,CAAA;KACF,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;CAC5B,CAAA;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,MAAM,eAAe,CAAC,CAAC,SAAS,iBAAiB,GAAG,iBAAiB,IACzE,WAAW,GAAG;IACZ,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAA;CAChC,CAAA;AAEH;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,4BAA4B,CAC3C,CAAC,SAAS,iBAAiB,GAAG,iBAAiB,CAC/C,SAAQ,cAAc;IACtB,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,CAAA;CAC5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,4BAA4B,CACtC,CAAC,SAAS,iBAAiB,EAC3B,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,IAClD,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,GACpC,CACE,IAAI,EAAE,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG;IAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAC,CAAA;CAAE,KAC5D,CAAC,GACN,KAAK,CAAA;AAET;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,MAAM,sBAAsB,CAAC,CAAC,SAAS,iBAAiB,IAAI,IAAI,CACpE,QAAQ,EACR,SAAS,CACV,GAAG;IACF,OAAO,EAAE,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAA;CAChF,CAAA"}

package/dist/types/betterAuth.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/types/betterAuth.ts"],"sourcesContent":["/**\n * Enhanced TypeScript types for Better Auth integration.\n *\n * Provides improved type inference for the Better Auth instance,\n * including session/user types, API methods, and error codes.\n */\n\nimport type { AuthContext } from 'better-auth'\nimport { router } from 'better-auth/api'\nimport type {\n  BetterAuthOptions,\n  BetterAuthPlugin,\n  InferAPI,\n  InferPluginTypes,\n  InferSession,\n  InferUser,\n} from 'better-auth/types'\nimport type { BasePayload, Endpoint, PayloadRequest } from 'payload'\n\n/**\n * Base error codes from Better Auth core.\n */\ntype BaseErrorCodes = {\n  FAILED_TO_GET_USER_INFO: string\n  USER_ALREADY_EXISTS: string\n  INVALID_PASSWORD: string\n  FAILED_TO_CREATE_USER: string\n  FAILED_TO_CREATE_SESSION: string\n  FAILED_TO_UPDATE_USER: string\n  FAILED_TO_GET_SESSION: string\n  INVALID_EMAIL_OR_PASSWORD: string\n  SOCIAL_ACCOUNT_ALREADY_LINKED: string\n  PROVIDER_NOT_FOUND: string\n  INVALID_TOKEN: string\n  ID_TOKEN_NOT_SUPPORTED: string\n  FAILED_TO_GET_USER_INFO_OPENID: string\n  UNEXPECTED_PROVIDER_RESPONSE: string\n  TOKEN_REFRESH_FAILED: string\n  FAILED_TO_UNLINK: string\n  ACCOUNT_NOT_FOUND: string\n  SESSION_EXPIRED: string\n  INTERNAL_SERVER_ERROR: string\n  VALIDATION_ERROR: string\n}\n\n/**\n * Union to intersection utility type.\n */\ntype UnionToIntersection<U> = (U extends unknown ? (k: U) => void : never) extends (\n  k: infer I\n) => void\n  ? I\n  : never\n\n/**\n * Deeply prettify a type for better IDE display.\n * Flattens intersections and preserves functions/arrays/dates.\n */\ntype PrettifyDeep<T> = {\n  [K in keyof T]: T[K] extends (...args: unknown[]) => unknown\n    ? T[K]\n    : T[K] extends object\n      ? T[K] extends Array<unknown>\n        ? T[K]\n        : T[K] extends Date\n          ? T[K]\n          : PrettifyDeep<T[K]>\n      : T[K]\n} & {}\n\n/**\n * Infer error codes from enabled plugins.\n */\ntype InferPluginErrorCodes<O extends BetterAuthOptions> =\n  O['plugins'] extends Array<infer P>\n    ? UnionToIntersection<\n        P extends BetterAuthPlugin\n          ? P['$ERROR_CODES'] extends Record<string, unknown>\n            ? P['$ERROR_CODES']\n            : never\n          : never\n      > extends infer R\n      ? [R] extends [never]\n        ? object\n        : R\n      : object\n    : object\n\n/**\n * Role array type with configurable roles.\n */\nexport type RoleArray<O extends readonly string[] = readonly ['user']> =\n  | O[number][]\n  | null\n\n/**\n * Override role field in a type with configured roles.\n */\ntype OverrideRole<T, O extends readonly string[]> = T extends object\n  ? Omit<T, 'role'> & { role: RoleArray<O> }\n  : T\n\n/**\n * The return type of a Better Auth instance.\n *\n * This provides full type inference for:\n * - API endpoints and their return types\n * - Session/user types based on enabled plugins\n * - Error codes from all enabled plugins\n * - Auth context for advanced use cases\n *\n * @template O - Better Auth options type for inference\n *\n * @example\n * ```ts\n * // Access inferred types\n * type MySession = typeof payload.betterAuth.$Infer.Session\n *\n * // Type-safe API calls\n * const result = await payload.betterAuth.api.getSession({ headers })\n * ```\n */\nexport type BetterAuthReturn<O extends BetterAuthOptions = BetterAuthOptions> = {\n  /** The request handler for auth endpoints */\n  handler: (request: Request) => Promise<Response>\n  /** Type-safe API methods */\n  api: InferAPI<ReturnType<typeof router<O>>>['endpoints']\n  /** The resolved options */\n  options: O\n  /** All error codes from enabled plugins */\n  $ERROR_CODES: InferPluginErrorCodes<O> & BaseErrorCodes\n  /** Auth context (async) for advanced use cases */\n  $context: Promise<AuthContext>\n  /** Inferred types for Session and User */\n  $Infer: InferPluginTypes<O> extends { Session: unknown }\n    ? InferPluginTypes<O>\n    : {\n        Session: {\n          session: PrettifyDeep<InferSession<O>>\n          user: PrettifyDeep<InferUser<O>>\n        }\n      } & InferPluginTypes<O>\n}\n\n/**\n * Payload instance with Better Auth attached.\n *\n * After initialization, the Payload instance is extended with\n * the `betterAuth` property containing the auth instance.\n *\n * @template O - Better Auth options type for inference\n *\n * @example\n * ```ts\n * // In a server action or API route\n * const payload = await getPayload({ config })\n * const payloadWithAuth = payload as PayloadWithAuth\n *\n * const session = await payloadWithAuth.betterAuth.api.getSession({ headers })\n * ```\n */\nexport type PayloadWithAuth<O extends BetterAuthOptions = BetterAuthOptions> =\n  BasePayload & {\n    betterAuth: BetterAuthReturn<O>\n  }\n\n/**\n * Extended Payload request with Better Auth instance.\n *\n * Use this type in hooks and endpoints to get type-safe\n * access to the Better Auth instance.\n *\n * @template O - Better Auth options type for inference\n *\n * @example\n * ```ts\n * const myHook: CollectionBeforeChangeHook = async ({ req }) => {\n *   const typedReq = req as PayloadRequestWithBetterAuth<typeof myBetterAuthOptions>\n *   const session = await typedReq.payload.betterAuth.api.getSession({\n *     headers: req.headers,\n *   })\n *   // ...\n * }\n * ```\n */\nexport interface PayloadRequestWithBetterAuth<\n  O extends BetterAuthOptions = BetterAuthOptions,\n> extends PayloadRequest {\n  payload: PayloadWithAuth<O>\n}\n\n/**\n * Type utility for collection hooks with Better Auth context.\n *\n * Transforms a standard Payload hook type to include Better Auth\n * on the request's payload instance.\n *\n * @template O - Better Auth options type for inference\n * @template T - The original hook function type\n *\n * @example\n * ```ts\n * import type { CollectionBeforeChangeHook } from 'payload'\n *\n * const beforeChange: CollectionHookWithBetterAuth<\n *   typeof myOptions,\n *   CollectionBeforeChangeHook\n * > = async ({ req, data }) => {\n *   // req.payload.betterAuth is fully typed\n *   const session = await req.payload.betterAuth.api.getSession({\n *     headers: req.headers,\n *   })\n *   return data\n * }\n * ```\n */\nexport type CollectionHookWithBetterAuth<\n  O extends BetterAuthOptions,\n  T extends (args: Record<string, unknown>) => unknown,\n> = T extends (args: infer A) => infer R\n  ? (\n      args: Omit<A, 'req'> & { req: PayloadRequestWithBetterAuth<O> }\n    ) => R\n  : never\n\n/**\n * Payload endpoint type with Better Auth context.\n *\n * Use this for custom endpoints that need access to Better Auth.\n *\n * @template O - Better Auth options type for inference\n *\n * @example\n * ```ts\n * const myEndpoint: EndpointWithBetterAuth<typeof myOptions> = {\n *   path: '/custom-auth',\n *   method: 'post',\n *   handler: async (req) => {\n *     // req.payload.betterAuth is fully typed\n *     const session = await req.payload.betterAuth.api.getSession({\n *       headers: req.headers,\n *     })\n *     return Response.json({ session })\n *   },\n * }\n * ```\n */\nexport type EndpointWithBetterAuth<O extends BetterAuthOptions> = Omit<\n  Endpoint,\n  'handler'\n> & {\n  handler: (req: PayloadRequestWithBetterAuth<O>) => Promise<Response> | Response\n}\n"],"names":[],"mappings":"AAAA;;;;;CAKC,GA4ND;;;;;;;;;;;;;;;;;;;;;CAqBC,GACD,WAKC"}

package/dist/utils/access.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/utils/access.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAMlE,MAAM,MAAM,eAAe,GAAG;IAC5B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,eAAe,GAAG;IAC/C;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG,gBAAgB,GAAG;IACjD;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAMD;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,EAAE,CAgBtD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,UAAU,CACxB,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,EAC3C,KAAK,EAAE,MAAM,EAAE,GACd,OAAO,CAIT;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,EAC3C,KAAK,EAAE,MAAM,EAAE,GACd,OAAO,CAIT;AAMD;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,MAAM,GAAE,eAAoB,GAC3B,CAAC,IAAI,EAAE;IAAE,GAAG,EAAE,cAAc,CAAA;CAAE,KAAK,OAAO,CAM5C;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,OAAO,CAAC,MAAM,GAAE,eAAoB,GAAG,MAAM,CAM5D;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,CAAC,MAAM,GAAE,eAAoB,GAAG,WAAW,CAMtE;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,aAAa,CAAC,MAAM,GAAE,gBAAqB,GAAG,MAAM,CAkBnE;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,GAAE,iBAAsB,GAAG,MAAM,CAuDzE;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAIxC;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,WAAW,CAIlD;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAI/C;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,WAAW,CAIzD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAIvD"}

package/dist/utils/access.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/access.ts"],"sourcesContent":["/**\n * Access control utilities for Payload collections.\n *\n * These helpers simplify common access control patterns when using\n * Better Auth with Payload CMS. They handle role checking, self-access\n * patterns, and field-level permissions.\n *\n * @example\n * ```ts\n * import { isAdmin, isAdminOrSelf } from '@delmaredigital/payload-better-auth'\n *\n * export const Users: CollectionConfig = {\n *   slug: 'users',\n *   access: {\n *     read: isAdminOrSelf({ adminRoles: ['admin', 'editor'] }),\n *     update: isAdminOrSelf({ adminRoles: ['admin'] }),\n *     delete: isAdmin({ adminRoles: ['admin'] }),\n *   },\n * }\n * ```\n */\n\nimport type { Access, FieldAccess, PayloadRequest } from 'payload'\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Types\n// ─────────────────────────────────────────────────────────────────────────────\n\nexport type RoleCheckConfig = {\n  /**\n   * Roles considered admin roles.\n   * @default ['admin']\n   */\n  adminRoles?: string[]\n}\n\nexport type SelfAccessConfig = RoleCheckConfig & {\n  /**\n   * The field to use for user ID comparison.\n   * @default 'id'\n   */\n  idField?: string\n}\n\nexport type FieldUpdateConfig = SelfAccessConfig & {\n  /**\n   * Fields the user is allowed to update on their own record.\n   * Password is handled specially and requires currentPassword.\n   * @default ['name']\n   */\n  allowedFields?: string[]\n  /**\n   * The user collection slug for password verification.\n   */\n  userSlug?: string\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Role Checking Utilities\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Normalize a user's role to an array.\n *\n * Handles various role formats:\n * - Array of roles\n * - Comma-separated string\n * - Single role string\n *\n * @param role - The role value from the user object\n * @returns Array of role strings\n */\nexport function normalizeRoles(role: unknown): string[] {\n  if (Array.isArray(role)) {\n    return role.filter((r): r is string => typeof r === 'string')\n  }\n\n  if (typeof role === 'string') {\n    if (role.includes(',')) {\n      return role\n        .split(',')\n        .map((r) => r.trim())\n        .filter(Boolean)\n    }\n    return role ? [role] : []\n  }\n\n  return []\n}\n\n/**\n * Check if a user has any of the specified roles.\n *\n * @param user - The user object\n * @param roles - Roles to check for\n * @returns True if user has at least one matching role\n *\n * @example\n * ```ts\n * const user = { role: ['admin', 'editor'] }\n * hasAnyRole(user, ['admin']) // true\n * hasAnyRole(user, ['superadmin']) // false\n * ```\n */\nexport function hasAnyRole(\n  user: { role?: unknown } | null | undefined,\n  roles: string[]\n): boolean {\n  if (!user?.role) return false\n  const userRoles = normalizeRoles(user.role)\n  return userRoles.some((role) => roles.includes(role))\n}\n\n/**\n * Check if a user has all of the specified roles.\n *\n * @param user - The user object\n * @param roles - Roles to check for\n * @returns True if user has all matching roles\n *\n * @example\n * ```ts\n * const user = { role: ['admin', 'editor'] }\n * hasAllRoles(user, ['admin', 'editor']) // true\n * hasAllRoles(user, ['admin', 'superadmin']) // false\n * ```\n */\nexport function hasAllRoles(\n  user: { role?: unknown } | null | undefined,\n  roles: string[]\n): boolean {\n  if (!user?.role) return false\n  const userRoles = normalizeRoles(user.role)\n  return roles.every((role) => userRoles.includes(role))\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Access Control Functions\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Check if the current request user has admin roles.\n *\n * Use this as a reusable check within access functions.\n *\n * @param config - Configuration with admin roles\n * @returns Access check function\n */\nexport function hasAdminRoles(\n  config: RoleCheckConfig = {}\n): (args: { req: PayloadRequest }) => boolean {\n  const { adminRoles = ['admin'] } = config\n\n  return ({ req }) => {\n    return hasAnyRole(req.user as { role?: unknown } | null, adminRoles)\n  }\n}\n\n/**\n * Access control: Only allow users with admin roles.\n *\n * @param config - Configuration with admin roles\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   delete: isAdmin({ adminRoles: ['admin', 'superadmin'] }),\n * }\n * ```\n */\nexport function isAdmin(config: RoleCheckConfig = {}): Access {\n  const checkAdmin = hasAdminRoles(config)\n\n  return ({ req }) => {\n    return checkAdmin({ req })\n  }\n}\n\n/**\n * Field access control: Only allow users with admin roles.\n *\n * @param config - Configuration with admin roles\n * @returns Payload field access function\n *\n * @example\n * ```ts\n * fields: [\n *   {\n *     name: 'role',\n *     type: 'select',\n *     access: {\n *       update: isAdminField({ adminRoles: ['admin'] }),\n *     },\n *   },\n * ]\n * ```\n */\nexport function isAdminField(config: RoleCheckConfig = {}): FieldAccess {\n  const checkAdmin = hasAdminRoles(config)\n\n  return ({ req }) => {\n    return checkAdmin({ req })\n  }\n}\n\n/**\n * Access control: Allow admin OR the user accessing their own record.\n *\n * Returns a query constraint for non-admin users to limit access\n * to their own records only.\n *\n * @param config - Configuration with admin roles and ID field\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   read: isAdminOrSelf({ adminRoles: ['admin'] }),\n *   update: isAdminOrSelf({ adminRoles: ['admin'] }),\n * }\n * ```\n */\nexport function isAdminOrSelf(config: SelfAccessConfig = {}): Access {\n  const { adminRoles = ['admin'], idField = 'id' } = config\n  const checkAdmin = hasAdminRoles({ adminRoles })\n\n  return ({ req }) => {\n    // Admins can access everything\n    if (checkAdmin({ req })) return true\n\n    // Non-authenticated users have no access\n    if (!req.user) return false\n\n    // Restrict to own record\n    return {\n      [idField]: {\n        equals: req.user.id,\n      },\n    }\n  }\n}\n\n/**\n * Access control: Allow admin OR user updating allowed fields on own record.\n *\n * This is useful for allowing users to update specific fields (like name)\n * on their own profile while preventing them from changing sensitive fields\n * like role.\n *\n * Password changes require `currentPassword` to be provided and validated.\n *\n * @param config - Configuration with admin roles, allowed fields, and user slug\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   update: canUpdateOwnFields({\n *     adminRoles: ['admin'],\n *     allowedFields: ['name', 'image'],\n *     userSlug: 'users',\n *   }),\n * }\n * ```\n */\nexport function canUpdateOwnFields(config: FieldUpdateConfig = {}): Access {\n  const {\n    adminRoles = ['admin'],\n    allowedFields = ['name'],\n    idField = 'id',\n    userSlug = 'users',\n  } = config\n  const checkAdmin = hasAdminRoles({ adminRoles })\n\n  return async ({ req, id, data }) => {\n    // Admins can update everything\n    if (checkAdmin({ req })) return true\n\n    // Must be authenticated\n    if (!req.user) return false\n\n    // Must be updating own record\n    const userId = req.user[idField]\n    if (userId !== id || !data) return false\n\n    const dataKeys = Object.keys(data)\n    const effectiveAllowed = [...allowedFields]\n\n    // Handle password changes specially\n    const hasCurrentPassword = dataKeys.includes('currentPassword')\n    const hasPassword = dataKeys.includes('password')\n\n    if (hasPassword || hasCurrentPassword) {\n      // Both must be provided for password change\n      if (!(hasCurrentPassword && hasPassword)) return false\n\n      try {\n        // Verify current password\n        if (!req.user.email) return false\n\n        const result = await req.payload.login({\n          collection: userSlug,\n          data: {\n            email: req.user.email as string,\n            password: data.currentPassword as string,\n          },\n        })\n\n        if (!result) return false\n\n        effectiveAllowed.push('password', 'currentPassword')\n      } catch {\n        return false\n      }\n    }\n\n    // Check all fields are allowed\n    const hasDisallowed = dataKeys.some((key) => !effectiveAllowed.includes(key))\n    return !hasDisallowed\n  }\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Authenticated Access\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Access control: Allow any authenticated user.\n *\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   read: isAuthenticated(),\n * }\n * ```\n */\nexport function isAuthenticated(): Access {\n  return ({ req }) => {\n    return !!req.user\n  }\n}\n\n/**\n * Field access control: Allow any authenticated user.\n *\n * @returns Payload field access function\n */\nexport function isAuthenticatedField(): FieldAccess {\n  return ({ req }) => {\n    return !!req.user\n  }\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Role-Based Access\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Access control: Allow users with any of the specified roles.\n *\n * @param roles - Roles that have access\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   read: hasRole(['admin', 'editor', 'viewer']),\n *   update: hasRole(['admin', 'editor']),\n * }\n * ```\n */\nexport function hasRole(roles: string[]): Access {\n  return ({ req }) => {\n    return hasAnyRole(req.user as { role?: unknown } | null, roles)\n  }\n}\n\n/**\n * Field access control: Allow users with any of the specified roles.\n *\n * @param roles - Roles that have access\n * @returns Payload field access function\n */\nexport function hasRoleField(roles: string[]): FieldAccess {\n  return ({ req }) => {\n    return hasAnyRole(req.user as { role?: unknown } | null, roles)\n  }\n}\n\n/**\n * Access control: Allow users with all of the specified roles.\n *\n * @param roles - All roles required for access\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   delete: requireAllRoles(['admin', 'verified']),\n * }\n * ```\n */\nexport function requireAllRoles(roles: string[]): Access {\n  return ({ req }) => {\n    return hasAllRoles(req.user as { role?: unknown } | null, roles)\n  }\n}\n"],"names":["normalizeRoles","role","Array","isArray","filter","r","includes","split","map","trim","Boolean","hasAnyRole","user","roles","userRoles","some","hasAllRoles","every","hasAdminRoles","config","adminRoles","req","isAdmin","checkAdmin","isAdminField","isAdminOrSelf","idField","equals","id","canUpdateOwnFields","allowedFields","userSlug","data","userId","dataKeys","Object","keys","effectiveAllowed","hasCurrentPassword","hasPassword","email","result","payload","login","collection","password","currentPassword","push","hasDisallowed","key","isAuthenticated","isAuthenticatedField","hasRole","hasRoleField","requireAllRoles"],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;CAoBC,GAqCD,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;;;;;;;;;CAUC,GACD,OAAO,SAASA,eAAeC,IAAa;IAC1C,IAAIC,MAAMC,OAAO,CAACF,OAAO;QACvB,OAAOA,KAAKG,MAAM,CAAC,CAACC,IAAmB,OAAOA,MAAM;IACtD;IAEA,IAAI,OAAOJ,SAAS,UAAU;QAC5B,IAAIA,KAAKK,QAAQ,CAAC,MAAM;YACtB,OAAOL,KACJM,KAAK,CAAC,KACNC,GAAG,CAAC,CAACH,IAAMA,EAAEI,IAAI,IACjBL,MAAM,CAACM;QACZ;QACA,OAAOT,OAAO;YAACA;SAAK,GAAG,EAAE;IAC3B;IAEA,OAAO,EAAE;AACX;AAEA;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASU,WACdC,IAA2C,EAC3CC,KAAe;IAEf,IAAI,CAACD,MAAMX,MAAM,OAAO;IACxB,MAAMa,YAAYd,eAAeY,KAAKX,IAAI;IAC1C,OAAOa,UAAUC,IAAI,CAAC,CAACd,OAASY,MAAMP,QAAQ,CAACL;AACjD;AAEA;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASe,YACdJ,IAA2C,EAC3CC,KAAe;IAEf,IAAI,CAACD,MAAMX,MAAM,OAAO;IACxB,MAAMa,YAAYd,eAAeY,KAAKX,IAAI;IAC1C,OAAOY,MAAMI,KAAK,CAAC,CAAChB,OAASa,UAAUR,QAAQ,CAACL;AAClD;AAEA,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;;;;;;CAOC,GACD,OAAO,SAASiB,cACdC,SAA0B,CAAC,CAAC;IAE5B,MAAM,EAAEC,aAAa;QAAC;KAAQ,EAAE,GAAGD;IAEnC,OAAO,CAAC,EAAEE,GAAG,EAAE;QACb,OAAOV,WAAWU,IAAIT,IAAI,EAA+BQ;IAC3D;AACF;AAEA;;;;;;;;;;;;CAYC,GACD,OAAO,SAASE,QAAQH,SAA0B,CAAC,CAAC;IAClD,MAAMI,aAAaL,cAAcC;IAEjC,OAAO,CAAC,EAAEE,GAAG,EAAE;QACb,OAAOE,WAAW;YAAEF;QAAI;IAC1B;AACF;AAEA;;;;;;;;;;;;;;;;;;CAkBC,GACD,OAAO,SAASG,aAAaL,SAA0B,CAAC,CAAC;IACvD,MAAMI,aAAaL,cAAcC;IAEjC,OAAO,CAAC,EAAEE,GAAG,EAAE;QACb,OAAOE,WAAW;YAAEF;QAAI;IAC1B;AACF;AAEA;;;;;;;;;;;;;;;;CAgBC,GACD,OAAO,SAASI,cAAcN,SAA2B,CAAC,CAAC;IACzD,MAAM,EAAEC,aAAa;QAAC;KAAQ,EAAEM,UAAU,IAAI,EAAE,GAAGP;IACnD,MAAMI,aAAaL,cAAc;QAAEE;IAAW;IAE9C,OAAO,CAAC,EAAEC,GAAG,EAAE;QACb,+BAA+B;QAC/B,IAAIE,WAAW;YAAEF;QAAI,IAAI,OAAO;QAEhC,yCAAyC;QACzC,IAAI,CAACA,IAAIT,IAAI,EAAE,OAAO;QAEtB,yBAAyB;QACzB,OAAO;YACL,CAACc,QAAQ,EAAE;gBACTC,QAAQN,IAAIT,IAAI,CAACgB,EAAE;YACrB;QACF;IACF;AACF;AAEA;;;;;;;;;;;;;;;;;;;;;;CAsBC,GACD,OAAO,SAASC,mBAAmBV,SAA4B,CAAC,CAAC;IAC/D,MAAM,EACJC,aAAa;QAAC;KAAQ,EACtBU,gBAAgB;QAAC;KAAO,EACxBJ,UAAU,IAAI,EACdK,WAAW,OAAO,EACnB,GAAGZ;IACJ,MAAMI,aAAaL,cAAc;QAAEE;IAAW;IAE9C,OAAO,OAAO,EAAEC,GAAG,EAAEO,EAAE,EAAEI,IAAI,EAAE;QAC7B,+BAA+B;QAC/B,IAAIT,WAAW;YAAEF;QAAI,IAAI,OAAO;QAEhC,wBAAwB;QACxB,IAAI,CAACA,IAAIT,IAAI,EAAE,OAAO;QAEtB,8BAA8B;QAC9B,MAAMqB,SAASZ,IAAIT,IAAI,CAACc,QAAQ;QAChC,IAAIO,WAAWL,MAAM,CAACI,MAAM,OAAO;QAEnC,MAAME,WAAWC,OAAOC,IAAI,CAACJ;QAC7B,MAAMK,mBAAmB;eAAIP;SAAc;QAE3C,oCAAoC;QACpC,MAAMQ,qBAAqBJ,SAAS5B,QAAQ,CAAC;QAC7C,MAAMiC,cAAcL,SAAS5B,QAAQ,CAAC;QAEtC,IAAIiC,eAAeD,oBAAoB;YACrC,4CAA4C;YAC5C,IAAI,CAAEA,CAAAA,sBAAsBC,WAAU,GAAI,OAAO;YAEjD,IAAI;gBACF,0BAA0B;gBAC1B,IAAI,CAAClB,IAAIT,IAAI,CAAC4B,KAAK,EAAE,OAAO;gBAE5B,MAAMC,SAAS,MAAMpB,IAAIqB,OAAO,CAACC,KAAK,CAAC;oBACrCC,YAAYb;oBACZC,MAAM;wBACJQ,OAAOnB,IAAIT,IAAI,CAAC4B,KAAK;wBACrBK,UAAUb,KAAKc,eAAe;oBAChC;gBACF;gBAEA,IAAI,CAACL,QAAQ,OAAO;gBAEpBJ,iBAAiBU,IAAI,CAAC,YAAY;YACpC,EAAE,OAAM;gBACN,OAAO;YACT;QACF;QAEA,+BAA+B;QAC/B,MAAMC,gBAAgBd,SAASnB,IAAI,CAAC,CAACkC,MAAQ,CAACZ,iBAAiB/B,QAAQ,CAAC2C;QACxE,OAAO,CAACD;IACV;AACF;AAEA,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAEhF;;;;;;;;;;;CAWC,GACD,OAAO,SAASE;IACd,OAAO,CAAC,EAAE7B,GAAG,EAAE;QACb,OAAO,CAAC,CAACA,IAAIT,IAAI;IACnB;AACF;AAEA;;;;CAIC,GACD,OAAO,SAASuC;IACd,OAAO,CAAC,EAAE9B,GAAG,EAAE;QACb,OAAO,CAAC,CAACA,IAAIT,IAAI;IACnB;AACF;AAEA,gFAAgF;AAChF,oBAAoB;AACpB,gFAAgF;AAEhF;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASwC,QAAQvC,KAAe;IACrC,OAAO,CAAC,EAAEQ,GAAG,EAAE;QACb,OAAOV,WAAWU,IAAIT,IAAI,EAA+BC;IAC3D;AACF;AAEA;;;;;CAKC,GACD,OAAO,SAASwC,aAAaxC,KAAe;IAC1C,OAAO,CAAC,EAAEQ,GAAG,EAAE;QACb,OAAOV,WAAWU,IAAIT,IAAI,EAA+BC;IAC3D;AACF;AAEA;;;;;;;;;;;;CAYC,GACD,OAAO,SAASyC,gBAAgBzC,KAAe;IAC7C,OAAO,CAAC,EAAEQ,GAAG,EAAE;QACb,OAAOL,YAAYK,IAAIT,IAAI,EAA+BC;IAC5D;AACF"}

package/dist/utils/apiKeyAccess.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"apiKeyAccess.d.ts","sourceRoot":"","sources":["../../src/utils/apiKeyAccess.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAMrD,MAAM,MAAM,UAAU,GAAG;IACvB,qBAAqB;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,qCAAqC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,kDAAkD;IAClD,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC;;;OAGG;IACH,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,MAAM,GAAG,IAAI,CAAA;CACvD,CAAA;AAMD;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI,CAW3E;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,EACd,iBAAiB,SAAY,GAC5B,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CA8F5B;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAgB5E;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAElF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAEnF;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,EACb,MAAM,GAAE,kBAAuB,GAC9B,MAAM,CA+BR;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,GAAE,kBAAuB,GAC9B,MAAM,CA4BR;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,GAAE,kBAAuB,GAC9B,MAAM,CA4BR;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,GAAE,IAAI,CAAC,kBAAkB,EAAE,yBAAyB,CAAM,GAC/D,MAAM,CAER;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,GAAE,IAAI,CAAC,kBAAkB,EAAE,yBAAyB,CAAM,GAC/D,MAAM,CAER;AAMD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,cAAc,EACnB,iBAAiB,SAAY,GAC5B,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAI5B"}

package/dist/utils/apiKeyAccess.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/apiKeyAccess.ts"],"sourcesContent":["/**\n * API Key Scope Enforcement Utilities\n *\n * These utilities help enforce API key scopes in Payload access control.\n * They extract the API key from requests, validate scopes, and provide\n * type-safe access control functions.\n *\n * @example\n * ```ts\n * import { requireScope, requireAnyScope } from '@delmaredigital/payload-better-auth'\n *\n * export const Posts: CollectionConfig = {\n *   slug: 'posts',\n *   access: {\n *     read: requireAnyScope(['posts:read', 'content:read']),\n *     create: requireScope('posts:write'),\n *     update: requireScope('posts:write'),\n *     delete: requireScope('posts:delete'),\n *   },\n * }\n * ```\n */\n\nimport type { Access, PayloadRequest } from 'payload'\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Types\n// ─────────────────────────────────────────────────────────────────────────────\n\nexport type ApiKeyInfo = {\n  /** The API key ID */\n  id: string\n  /** User ID who owns this key */\n  userId: string\n  /** Array of granted scope strings */\n  scopes: string[]\n  /** The raw key (only first/last chars visible) */\n  keyPrefix?: string\n  /** Optional metadata */\n  metadata?: Record<string, unknown>\n}\n\nexport type ApiKeyAccessConfig = {\n  /**\n   * API keys collection slug.\n   * @default 'apiKeys' or 'api-keys' (auto-detected)\n   */\n  apiKeysCollection?: string\n  /**\n   * Allow access if user is authenticated (non-API key session).\n   * Useful for allowing both API keys and regular sessions.\n   * @default false\n   */\n  allowAuthenticatedUsers?: boolean\n  /**\n   * Custom function to extract API key from request.\n   * By default, extracts from Authorization: Bearer <key> header.\n   */\n  extractApiKey?: (req: PayloadRequest) => string | null\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Helpers\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Extract API key from request headers.\n * Supports Bearer token format: Authorization: Bearer <api-key>\n */\nexport function extractApiKeyFromRequest(req: PayloadRequest): string | null {\n  const authHeader = req.headers?.get('authorization')\n  if (!authHeader) return null\n\n  // Support \"Bearer <key>\" format\n  if (authHeader.startsWith('Bearer ')) {\n    return authHeader.slice(7).trim()\n  }\n\n  // Support raw key in Authorization header\n  return authHeader.trim()\n}\n\n/**\n * Look up API key info from the database.\n * Returns null if key not found or disabled.\n */\nexport async function getApiKeyInfo(\n  req: PayloadRequest,\n  apiKey: string,\n  apiKeysCollection = 'apiKeys'\n): Promise<ApiKeyInfo | null> {\n  try {\n    // Try the provided collection name first\n    let results = await req.payload.find({\n      collection: apiKeysCollection,\n      where: {\n        key: { equals: apiKey },\n        enabled: { not_equals: false },\n      },\n      limit: 1,\n      depth: 0,\n    }).catch(() => null)\n\n    // If not found, try alternative slug\n    if (!results || results.docs.length === 0) {\n      const altSlug = apiKeysCollection === 'apiKeys' ? 'api-keys' : 'apiKeys'\n      results = await req.payload.find({\n        collection: altSlug,\n        where: {\n          key: { equals: apiKey },\n          enabled: { not_equals: false },\n        },\n        limit: 1,\n        depth: 0,\n      }).catch(() => null)\n    }\n\n    if (!results || results.docs.length === 0) {\n      return null\n    }\n\n    const doc = results.docs[0] as {\n      id: string | number\n      user?: string | number | { id: string | number }\n      userId?: string | number\n      permissions?: string\n      scopes?: string[]\n      start?: string\n      metadata?: string | Record<string, unknown>\n    }\n\n    // Parse scopes from permissions field (Better Auth format) or scopes array\n    let scopes: string[] = []\n    if (doc.permissions) {\n      try {\n        const parsed = JSON.parse(doc.permissions)\n        if (Array.isArray(parsed)) {\n          scopes = parsed\n        } else if (typeof parsed === 'object') {\n          // If it's an object, extract keys or flatten\n          scopes = Object.keys(parsed)\n        }\n      } catch {\n        // If not JSON, treat as comma-separated\n        scopes = doc.permissions.split(',').map((s) => s.trim()).filter(Boolean)\n      }\n    } else if (Array.isArray(doc.scopes)) {\n      scopes = doc.scopes\n    }\n\n    // Get user ID (handle both direct field and relationship)\n    let userId: string\n    if (doc.userId) {\n      userId = String(doc.userId)\n    } else if (doc.user) {\n      userId = typeof doc.user === 'object' ? String(doc.user.id) : String(doc.user)\n    } else {\n      return null\n    }\n\n    // Parse metadata\n    let metadata: Record<string, unknown> | undefined\n    if (doc.metadata) {\n      if (typeof doc.metadata === 'string') {\n        try {\n          metadata = JSON.parse(doc.metadata)\n        } catch {\n          // Ignore parse errors\n        }\n      } else {\n        metadata = doc.metadata\n      }\n    }\n\n    return {\n      id: String(doc.id),\n      userId,\n      scopes,\n      keyPrefix: doc.start,\n      metadata,\n    }\n  } catch {\n    return null\n  }\n}\n\n/**\n * Check if an API key has a specific scope.\n * Supports wildcard patterns like 'posts:*' matching 'posts:read', 'posts:write', etc.\n */\nexport function hasScope(keyScopes: string[], requiredScope: string): boolean {\n  return keyScopes.some((scope) => {\n    // Exact match\n    if (scope === requiredScope) return true\n\n    // Wildcard match: 'posts:*' matches 'posts:read'\n    if (scope.endsWith(':*')) {\n      const prefix = scope.slice(0, -1) // Remove '*', keep ':'\n      return requiredScope.startsWith(prefix)\n    }\n\n    // Global wildcard\n    if (scope === '*') return true\n\n    return false\n  })\n}\n\n/**\n * Check if an API key has any of the specified scopes.\n */\nexport function hasAnyScope(keyScopes: string[], requiredScopes: string[]): boolean {\n  return requiredScopes.some((scope) => hasScope(keyScopes, scope))\n}\n\n/**\n * Check if an API key has all of the specified scopes.\n */\nexport function hasAllScopes(keyScopes: string[], requiredScopes: string[]): boolean {\n  return requiredScopes.every((scope) => hasScope(keyScopes, scope))\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Access Control Functions\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Create an access control function that requires a specific scope.\n *\n * @param scope - The required scope string (e.g., 'posts:read')\n * @param config - Configuration options\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   read: requireScope('posts:read'),\n *   create: requireScope('posts:write'),\n * }\n * ```\n */\nexport function requireScope(\n  scope: string,\n  config: ApiKeyAccessConfig = {}\n): Access {\n  const {\n    apiKeysCollection = 'apiKeys',\n    allowAuthenticatedUsers = false,\n    extractApiKey = extractApiKeyFromRequest,\n  } = config\n\n  return async ({ req }) => {\n    // If authenticated users are allowed and user is logged in without API key\n    if (allowAuthenticatedUsers && req.user) {\n      const apiKey = extractApiKey(req)\n      if (!apiKey) {\n        return true // User authenticated via session, no API key = allow\n      }\n    }\n\n    // Extract API key from request\n    const apiKey = extractApiKey(req)\n    if (!apiKey) {\n      return false\n    }\n\n    // Look up API key\n    const keyInfo = await getApiKeyInfo(req, apiKey, apiKeysCollection)\n    if (!keyInfo) {\n      return false\n    }\n\n    // Check scope\n    return hasScope(keyInfo.scopes, scope)\n  }\n}\n\n/**\n * Create an access control function that requires any of the specified scopes.\n *\n * @param scopes - Array of acceptable scopes (at least one must match)\n * @param config - Configuration options\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   read: requireAnyScope(['posts:read', 'content:read', 'admin:*']),\n * }\n * ```\n */\nexport function requireAnyScope(\n  scopes: string[],\n  config: ApiKeyAccessConfig = {}\n): Access {\n  const {\n    apiKeysCollection = 'apiKeys',\n    allowAuthenticatedUsers = false,\n    extractApiKey = extractApiKeyFromRequest,\n  } = config\n\n  return async ({ req }) => {\n    // If authenticated users are allowed and user is logged in without API key\n    if (allowAuthenticatedUsers && req.user) {\n      const apiKey = extractApiKey(req)\n      if (!apiKey) {\n        return true\n      }\n    }\n\n    const apiKey = extractApiKey(req)\n    if (!apiKey) {\n      return false\n    }\n\n    const keyInfo = await getApiKeyInfo(req, apiKey, apiKeysCollection)\n    if (!keyInfo) {\n      return false\n    }\n\n    return hasAnyScope(keyInfo.scopes, scopes)\n  }\n}\n\n/**\n * Create an access control function that requires all specified scopes.\n *\n * @param scopes - Array of required scopes (all must be present)\n * @param config - Configuration options\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   delete: requireAllScopes(['posts:delete', 'admin:write']),\n * }\n * ```\n */\nexport function requireAllScopes(\n  scopes: string[],\n  config: ApiKeyAccessConfig = {}\n): Access {\n  const {\n    apiKeysCollection = 'apiKeys',\n    allowAuthenticatedUsers = false,\n    extractApiKey = extractApiKeyFromRequest,\n  } = config\n\n  return async ({ req }) => {\n    // If authenticated users are allowed and user is logged in without API key\n    if (allowAuthenticatedUsers && req.user) {\n      const apiKey = extractApiKey(req)\n      if (!apiKey) {\n        return true\n      }\n    }\n\n    const apiKey = extractApiKey(req)\n    if (!apiKey) {\n      return false\n    }\n\n    const keyInfo = await getApiKeyInfo(req, apiKey, apiKeysCollection)\n    if (!keyInfo) {\n      return false\n    }\n\n    return hasAllScopes(keyInfo.scopes, scopes)\n  }\n}\n\n/**\n * Create an access control function that allows either:\n * 1. Authenticated users (via session)\n * 2. API key with required scope\n *\n * This is useful for endpoints that should work with both auth methods.\n *\n * @param scope - The required scope for API key access\n * @param config - Configuration options\n * @returns Payload access function\n *\n * @example\n * ```ts\n * access: {\n *   read: allowSessionOrScope('posts:read'),\n * }\n * ```\n */\nexport function allowSessionOrScope(\n  scope: string,\n  config: Omit<ApiKeyAccessConfig, 'allowAuthenticatedUsers'> = {}\n): Access {\n  return requireScope(scope, { ...config, allowAuthenticatedUsers: true })\n}\n\n/**\n * Create an access control function that allows either:\n * 1. Authenticated users (via session)\n * 2. API key with any of the required scopes\n *\n * @param scopes - Array of acceptable scopes for API key access\n * @param config - Configuration options\n * @returns Payload access function\n */\nexport function allowSessionOrAnyScope(\n  scopes: string[],\n  config: Omit<ApiKeyAccessConfig, 'allowAuthenticatedUsers'> = {}\n): Access {\n  return requireAnyScope(scopes, { ...config, allowAuthenticatedUsers: true })\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Better Auth Integration\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Validate an API key and get its info.\n *\n * This performs a database lookup to validate the key and retrieve\n * its associated scopes and user.\n *\n * @param req - Payload request\n * @param apiKeysCollection - The API keys collection slug\n * @returns API key info if valid, null otherwise\n *\n * @example\n * ```ts\n * const keyInfo = await validateApiKey(req)\n * if (keyInfo) {\n *   console.log('Valid API key for user:', keyInfo.userId)\n *   console.log('Scopes:', keyInfo.scopes)\n * }\n * ```\n */\nexport async function validateApiKey(\n  req: PayloadRequest,\n  apiKeysCollection = 'apiKeys'\n): Promise<ApiKeyInfo | null> {\n  const apiKey = extractApiKeyFromRequest(req)\n  if (!apiKey) return null\n  return getApiKeyInfo(req, apiKey, apiKeysCollection)\n}\n"],"names":["extractApiKeyFromRequest","req","authHeader","headers","get","startsWith","slice","trim","getApiKeyInfo","apiKey","apiKeysCollection","results","payload","find","collection","where","key","equals","enabled","not_equals","limit","depth","catch","docs","length","altSlug","doc","scopes","permissions","parsed","JSON","parse","Array","isArray","Object","keys","split","map","s","filter","Boolean","userId","String","user","id","metadata","keyPrefix","start","hasScope","keyScopes","requiredScope","some","scope","endsWith","prefix","hasAnyScope","requiredScopes","hasAllScopes","every","requireScope","config","allowAuthenticatedUsers","extractApiKey","keyInfo","requireAnyScope","requireAllScopes","allowSessionOrScope","allowSessionOrAnyScope","validateApiKey"],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;CAqBC,GAwCD,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;CAGC,GACD,OAAO,SAASA,yBAAyBC,GAAmB;IAC1D,MAAMC,aAAaD,IAAIE,OAAO,EAAEC,IAAI;IACpC,IAAI,CAACF,YAAY,OAAO;IAExB,gCAAgC;IAChC,IAAIA,WAAWG,UAAU,CAAC,YAAY;QACpC,OAAOH,WAAWI,KAAK,CAAC,GAAGC,IAAI;IACjC;IAEA,0CAA0C;IAC1C,OAAOL,WAAWK,IAAI;AACxB;AAEA;;;CAGC,GACD,OAAO,eAAeC,cACpBP,GAAmB,EACnBQ,MAAc,EACdC,oBAAoB,SAAS;IAE7B,IAAI;QACF,yCAAyC;QACzC,IAAIC,UAAU,MAAMV,IAAIW,OAAO,CAACC,IAAI,CAAC;YACnCC,YAAYJ;YACZK,OAAO;gBACLC,KAAK;oBAAEC,QAAQR;gBAAO;gBACtBS,SAAS;oBAAEC,YAAY;gBAAM;YAC/B;YACAC,OAAO;YACPC,OAAO;QACT,GAAGC,KAAK,CAAC,IAAM;QAEf,qCAAqC;QACrC,IAAI,CAACX,WAAWA,QAAQY,IAAI,CAACC,MAAM,KAAK,GAAG;YACzC,MAAMC,UAAUf,sBAAsB,YAAY,aAAa;YAC/DC,UAAU,MAAMV,IAAIW,OAAO,CAACC,IAAI,CAAC;gBAC/BC,YAAYW;gBACZV,OAAO;oBACLC,KAAK;wBAAEC,QAAQR;oBAAO;oBACtBS,SAAS;wBAAEC,YAAY;oBAAM;gBAC/B;gBACAC,OAAO;gBACPC,OAAO;YACT,GAAGC,KAAK,CAAC,IAAM;QACjB;QAEA,IAAI,CAACX,WAAWA,QAAQY,IAAI,CAACC,MAAM,KAAK,GAAG;YACzC,OAAO;QACT;QAEA,MAAME,MAAMf,QAAQY,IAAI,CAAC,EAAE;QAU3B,2EAA2E;QAC3E,IAAII,SAAmB,EAAE;QACzB,IAAID,IAAIE,WAAW,EAAE;YACnB,IAAI;gBACF,MAAMC,SAASC,KAAKC,KAAK,CAACL,IAAIE,WAAW;gBACzC,IAAII,MAAMC,OAAO,CAACJ,SAAS;oBACzBF,SAASE;gBACX,OAAO,IAAI,OAAOA,WAAW,UAAU;oBACrC,6CAA6C;oBAC7CF,SAASO,OAAOC,IAAI,CAACN;gBACvB;YACF,EAAE,OAAM;gBACN,wCAAwC;gBACxCF,SAASD,IAAIE,WAAW,CAACQ,KAAK,CAAC,KAAKC,GAAG,CAAC,CAACC,IAAMA,EAAE/B,IAAI,IAAIgC,MAAM,CAACC;YAClE;QACF,OAAO,IAAIR,MAAMC,OAAO,CAACP,IAAIC,MAAM,GAAG;YACpCA,SAASD,IAAIC,MAAM;QACrB;QAEA,0DAA0D;QAC1D,IAAIc;QACJ,IAAIf,IAAIe,MAAM,EAAE;YACdA,SAASC,OAAOhB,IAAIe,MAAM;QAC5B,OAAO,IAAIf,IAAIiB,IAAI,EAAE;YACnBF,SAAS,OAAOf,IAAIiB,IAAI,KAAK,WAAWD,OAAOhB,IAAIiB,IAAI,CAACC,EAAE,IAAIF,OAAOhB,IAAIiB,IAAI;QAC/E,OAAO;YACL,OAAO;QACT;QAEA,iBAAiB;QACjB,IAAIE;QACJ,IAAInB,IAAImB,QAAQ,EAAE;YAChB,IAAI,OAAOnB,IAAImB,QAAQ,KAAK,UAAU;gBACpC,IAAI;oBACFA,WAAWf,KAAKC,KAAK,CAACL,IAAImB,QAAQ;gBACpC,EAAE,OAAM;gBACN,sBAAsB;gBACxB;YACF,OAAO;gBACLA,WAAWnB,IAAImB,QAAQ;YACzB;QACF;QAEA,OAAO;YACLD,IAAIF,OAAOhB,IAAIkB,EAAE;YACjBH;YACAd;YACAmB,WAAWpB,IAAIqB,KAAK;YACpBF;QACF;IACF,EAAE,OAAM;QACN,OAAO;IACT;AACF;AAEA;;;CAGC,GACD,OAAO,SAASG,SAASC,SAAmB,EAAEC,aAAqB;IACjE,OAAOD,UAAUE,IAAI,CAAC,CAACC;QACrB,cAAc;QACd,IAAIA,UAAUF,eAAe,OAAO;QAEpC,iDAAiD;QACjD,IAAIE,MAAMC,QAAQ,CAAC,OAAO;YACxB,MAAMC,SAASF,MAAM9C,KAAK,CAAC,GAAG,CAAC,GAAG,uBAAuB;;YACzD,OAAO4C,cAAc7C,UAAU,CAACiD;QAClC;QAEA,kBAAkB;QAClB,IAAIF,UAAU,KAAK,OAAO;QAE1B,OAAO;IACT;AACF;AAEA;;CAEC,GACD,OAAO,SAASG,YAAYN,SAAmB,EAAEO,cAAwB;IACvE,OAAOA,eAAeL,IAAI,CAAC,CAACC,QAAUJ,SAASC,WAAWG;AAC5D;AAEA;;CAEC,GACD,OAAO,SAASK,aAAaR,SAAmB,EAAEO,cAAwB;IACxE,OAAOA,eAAeE,KAAK,CAAC,CAACN,QAAUJ,SAASC,WAAWG;AAC7D;AAEA,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;;;;;;;;;;;;;CAcC,GACD,OAAO,SAASO,aACdP,KAAa,EACbQ,SAA6B,CAAC,CAAC;IAE/B,MAAM,EACJlD,oBAAoB,SAAS,EAC7BmD,0BAA0B,KAAK,EAC/BC,gBAAgB9D,wBAAwB,EACzC,GAAG4D;IAEJ,OAAO,OAAO,EAAE3D,GAAG,EAAE;QACnB,2EAA2E;QAC3E,IAAI4D,2BAA2B5D,IAAI0C,IAAI,EAAE;YACvC,MAAMlC,SAASqD,cAAc7D;YAC7B,IAAI,CAACQ,QAAQ;gBACX,OAAO,KAAK,qDAAqD;;YACnE;QACF;QAEA,+BAA+B;QAC/B,MAAMA,SAASqD,cAAc7D;QAC7B,IAAI,CAACQ,QAAQ;YACX,OAAO;QACT;QAEA,kBAAkB;QAClB,MAAMsD,UAAU,MAAMvD,cAAcP,KAAKQ,QAAQC;QACjD,IAAI,CAACqD,SAAS;YACZ,OAAO;QACT;QAEA,cAAc;QACd,OAAOf,SAASe,QAAQpC,MAAM,EAAEyB;IAClC;AACF;AAEA;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASY,gBACdrC,MAAgB,EAChBiC,SAA6B,CAAC,CAAC;IAE/B,MAAM,EACJlD,oBAAoB,SAAS,EAC7BmD,0BAA0B,KAAK,EAC/BC,gBAAgB9D,wBAAwB,EACzC,GAAG4D;IAEJ,OAAO,OAAO,EAAE3D,GAAG,EAAE;QACnB,2EAA2E;QAC3E,IAAI4D,2BAA2B5D,IAAI0C,IAAI,EAAE;YACvC,MAAMlC,SAASqD,cAAc7D;YAC7B,IAAI,CAACQ,QAAQ;gBACX,OAAO;YACT;QACF;QAEA,MAAMA,SAASqD,cAAc7D;QAC7B,IAAI,CAACQ,QAAQ;YACX,OAAO;QACT;QAEA,MAAMsD,UAAU,MAAMvD,cAAcP,KAAKQ,QAAQC;QACjD,IAAI,CAACqD,SAAS;YACZ,OAAO;QACT;QAEA,OAAOR,YAAYQ,QAAQpC,MAAM,EAAEA;IACrC;AACF;AAEA;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASsC,iBACdtC,MAAgB,EAChBiC,SAA6B,CAAC,CAAC;IAE/B,MAAM,EACJlD,oBAAoB,SAAS,EAC7BmD,0BAA0B,KAAK,EAC/BC,gBAAgB9D,wBAAwB,EACzC,GAAG4D;IAEJ,OAAO,OAAO,EAAE3D,GAAG,EAAE;QACnB,2EAA2E;QAC3E,IAAI4D,2BAA2B5D,IAAI0C,IAAI,EAAE;YACvC,MAAMlC,SAASqD,cAAc7D;YAC7B,IAAI,CAACQ,QAAQ;gBACX,OAAO;YACT;QACF;QAEA,MAAMA,SAASqD,cAAc7D;QAC7B,IAAI,CAACQ,QAAQ;YACX,OAAO;QACT;QAEA,MAAMsD,UAAU,MAAMvD,cAAcP,KAAKQ,QAAQC;QACjD,IAAI,CAACqD,SAAS;YACZ,OAAO;QACT;QAEA,OAAON,aAAaM,QAAQpC,MAAM,EAAEA;IACtC;AACF;AAEA;;;;;;;;;;;;;;;;;CAiBC,GACD,OAAO,SAASuC,oBACdd,KAAa,EACbQ,SAA8D,CAAC,CAAC;IAEhE,OAAOD,aAAaP,OAAO;QAAE,GAAGQ,MAAM;QAAEC,yBAAyB;IAAK;AACxE;AAEA;;;;;;;;CAQC,GACD,OAAO,SAASM,uBACdxC,MAAgB,EAChBiC,SAA8D,CAAC,CAAC;IAEhE,OAAOI,gBAAgBrC,QAAQ;QAAE,GAAGiC,MAAM;QAAEC,yBAAyB;IAAK;AAC5E;AAEA,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;CAkBC,GACD,OAAO,eAAeO,eACpBnE,GAAmB,EACnBS,oBAAoB,SAAS;IAE7B,MAAMD,SAAST,yBAAyBC;IACxC,IAAI,CAACQ,QAAQ,OAAO;IACpB,OAAOD,cAAcP,KAAKQ,QAAQC;AACpC"}

package/dist/utils/betterAuthDefaults.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"betterAuthDefaults.d.ts","sourceRoot":"","sources":["../../src/utils/betterAuthDefaults.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAEhE,KAAK,mBAAmB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;AAEjE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAkE2mE,CAAC;;;;;;;;;;;;;;4BAA4Z,CAAC;mCAAgD,CAAC;;;;2DAA0P,CAAC;;;;4CAA+H,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;6EAAi5C,CAAC;;;;;;;;;;;;;4BAA0d,CAAC;;;;;;;;;;;;;;;;;;;mCAAgzB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAA84Q,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAkyX,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAi5D,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA7D5p5B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,wBAAgB,sBAAsB,CAAC,CAAC,SAAS,iBAAiB,EAChE,OAAO,EAAE,CAAC,GACT,CAAC,CAgBH"}

package/dist/utils/betterAuthDefaults.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/betterAuthDefaults.ts"],"sourcesContent":["/**\n * Utility to apply sensible defaults to Better Auth options.\n *\n * @packageDocumentation\n */\n\nimport type { BetterAuthOptions } from 'better-auth'\nimport { apiKey as betterAuthApiKey } from 'better-auth/plugins'\n\ntype ApiKeyPluginOptions = Parameters<typeof betterAuthApiKey>[0]\n\n/**\n * API Key plugin with sensible defaults for use with this package.\n *\n * Enables metadata storage by default so that scopes can be displayed\n * in the admin UI after key creation.\n *\n * @example\n * ```ts\n * import { apiKeyWithDefaults } from '@delmaredigital/payload-better-auth'\n *\n * export const betterAuthOptions = {\n *   plugins: [\n *     apiKeyWithDefaults(),  // metadata enabled by default\n *   ],\n * }\n * ```\n *\n * @example With custom options\n * ```ts\n * apiKeyWithDefaults({\n *   rateLimit: { max: 100, window: 60 },\n *   // enableMetadata is already true\n * })\n * ```\n */\nexport function apiKeyWithDefaults(options?: ApiKeyPluginOptions) {\n  return betterAuthApiKey({\n    enableMetadata: true,\n    ...options,\n  })\n}\n\n/**\n * Applies sensible defaults to Better Auth options.\n *\n * Currently applies the following defaults:\n * - `trustedOrigins`: If not explicitly provided but `baseURL` is set,\n *   defaults to `[baseURL]`. This handles the common single-domain case\n *   where the app's origin should be trusted for auth requests.\n *\n * Multi-domain setups can still explicitly set `trustedOrigins` to include\n * multiple origins.\n *\n * @example Simple case - trustedOrigins defaults to [baseURL]\n * ```ts\n * import { withBetterAuthDefaults } from '@delmaredigital/payload-better-auth'\n *\n * const auth = betterAuth(withBetterAuthDefaults({\n *   baseURL: 'https://myapp.com',\n *   // trustedOrigins automatically becomes ['https://myapp.com']\n * }))\n * ```\n *\n * @example Multi-domain case - explicit trustedOrigins respected\n * ```ts\n * const auth = betterAuth(withBetterAuthDefaults({\n *   baseURL: 'https://myapp.com',\n *   trustedOrigins: ['https://myapp.com', 'https://other-domain.com'],\n *   // trustedOrigins stays as explicitly provided\n * }))\n * ```\n *\n * @example With createBetterAuthPlugin\n * ```ts\n * createBetterAuthPlugin({\n *   createAuth: (payload) => betterAuth(withBetterAuthDefaults({\n *     database: payloadAdapter({ payloadClient: payload }),\n *     baseURL: process.env.BETTER_AUTH_URL,\n *   })),\n * })\n * ```\n */\nexport function withBetterAuthDefaults<T extends BetterAuthOptions>(\n  options: T\n): T {\n  // If trustedOrigins is explicitly provided, use it as-is\n  if (options.trustedOrigins !== undefined) {\n    return options\n  }\n\n  // If baseURL is set, default trustedOrigins to [baseURL]\n  if (options.baseURL) {\n    return {\n      ...options,\n      trustedOrigins: [options.baseURL],\n    }\n  }\n\n  // No defaults to apply\n  return options\n}\n"],"names":["apiKey","betterAuthApiKey","apiKeyWithDefaults","options","enableMetadata","withBetterAuthDefaults","trustedOrigins","undefined","baseURL"],"mappings":"AAAA;;;;CAIC,GAGD,SAASA,UAAUC,gBAAgB,QAAQ,sBAAqB;AAIhE;;;;;;;;;;;;;;;;;;;;;;;;CAwBC,GACD,OAAO,SAASC,mBAAmBC,OAA6B;IAC9D,OAAOF,iBAAiB;QACtBG,gBAAgB;QAChB,GAAGD,OAAO;IACZ;AACF;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuCC,GACD,OAAO,SAASE,uBACdF,OAAU;IAEV,yDAAyD;IACzD,IAAIA,QAAQG,cAAc,KAAKC,WAAW;QACxC,OAAOJ;IACT;IAEA,yDAAyD;IACzD,IAAIA,QAAQK,OAAO,EAAE;QACnB,OAAO;YACL,GAAGL,OAAO;YACVG,gBAAgB;gBAACH,QAAQK,OAAO;aAAC;QACnC;IACF;IAEA,uBAAuB;IACvB,OAAOL;AACT"}

package/dist/utils/detectAuthConfig.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detectAuthConfig.d.ts","sourceRoot":"","sources":["../../src/utils/detectAuthConfig.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAEvD,MAAM,MAAM,mBAAmB,GAAG;IAChC,4DAA4D;IAC5D,uBAAuB,EAAE,OAAO,CAAA;IAChC,iDAAiD;IACjD,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAA;IACjC,4CAA4C;IAC5C,oBAAoB,EAAE,gBAAgB,GAAG,IAAI,CAAA;CAC9C,CAAA;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,mBAAmB,CA2BpE"}

package/dist/utils/detectAuthConfig.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/detectAuthConfig.ts"],"sourcesContent":["/**\n * Utility to detect auth configuration in Payload config\n */\n\nimport type { Config, CollectionConfig } from 'payload'\n\nexport type AuthDetectionResult = {\n  /** Whether any collection has disableLocalStrategy: true */\n  hasDisableLocalStrategy: boolean\n  /** The slug of the auth collection (if found) */\n  authCollectionSlug: string | null\n  /** The auth collection config (if found) */\n  authCollectionConfig: CollectionConfig | null\n}\n\n/**\n * Scans Payload config to detect if any collection uses disableLocalStrategy.\n * Used to determine whether to auto-inject admin components.\n */\nexport function detectAuthConfig(config: Config): AuthDetectionResult {\n  const collections = config.collections ?? []\n\n  for (const collection of collections) {\n    if (collection.auth) {\n      const auth = collection.auth\n      // disableLocalStrategy can be `true` or an object with options\n      if (\n        auth === true ||\n        (typeof auth === 'object' && auth.disableLocalStrategy)\n      ) {\n        return {\n          hasDisableLocalStrategy:\n            auth === true ||\n            (typeof auth === 'object' && !!auth.disableLocalStrategy),\n          authCollectionSlug: collection.slug,\n          authCollectionConfig: collection,\n        }\n      }\n    }\n  }\n\n  return {\n    hasDisableLocalStrategy: false,\n    authCollectionSlug: null,\n    authCollectionConfig: null,\n  }\n}\n"],"names":["detectAuthConfig","config","collections","collection","auth","disableLocalStrategy","hasDisableLocalStrategy","authCollectionSlug","slug","authCollectionConfig"],"mappings":"AAAA;;CAEC,GAaD;;;CAGC,GACD,OAAO,SAASA,iBAAiBC,MAAc;IAC7C,MAAMC,cAAcD,OAAOC,WAAW,IAAI,EAAE;IAE5C,KAAK,MAAMC,cAAcD,YAAa;QACpC,IAAIC,WAAWC,IAAI,EAAE;YACnB,MAAMA,OAAOD,WAAWC,IAAI;YAC5B,+DAA+D;YAC/D,IACEA,SAAS,QACR,OAAOA,SAAS,YAAYA,KAAKC,oBAAoB,EACtD;gBACA,OAAO;oBACLC,yBACEF,SAAS,QACR,OAAOA,SAAS,YAAY,CAAC,CAACA,KAAKC,oBAAoB;oBAC1DE,oBAAoBJ,WAAWK,IAAI;oBACnCC,sBAAsBN;gBACxB;YACF;QACF;IACF;IAEA,OAAO;QACLG,yBAAyB;QACzBC,oBAAoB;QACpBE,sBAAsB;IACxB;AACF"}

package/dist/utils/detectEnabledPlugins.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detectEnabledPlugins.d.ts","sourceRoot":"","sources":["../../src/utils/detectEnabledPlugins.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAEpD,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,OAAO,CAAA;IACjB,SAAS,EAAE,OAAO,CAAA;IAClB,YAAY,EAAE,OAAO,CAAA;IACrB,UAAU,EAAE,OAAO,CAAA;IACnB,YAAY,EAAE,OAAO,CAAA;IACrB,eAAe,EAAE,OAAO,CAAA;IACxB,eAAe,EAAE,OAAO,CAAA;CACzB,CAAA;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACnC,oBAAoB,CA2CtB"}

package/dist/utils/detectEnabledPlugins.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/detectEnabledPlugins.ts"],"sourcesContent":["/**\n * Utility to detect which Better Auth plugins are enabled\n */\n\nimport type { BetterAuthOptions } from 'better-auth'\n\nexport type EnabledPluginsResult = {\n  hasAdmin: boolean\n  hasApiKey: boolean\n  hasTwoFactor: boolean\n  hasPasskey: boolean\n  hasMagicLink: boolean\n  hasMultiSession: boolean\n  hasOrganization: boolean\n}\n\n/**\n * Detects which Better Auth plugins are enabled from the options.\n * Inspects the plugins array by checking plugin identifiers.\n *\n * @param options - Better Auth options containing plugins array\n * @returns Object with boolean flags for each supported plugin\n */\nexport function detectEnabledPlugins(\n  options?: Partial<BetterAuthOptions>\n): EnabledPluginsResult {\n  const plugins = options?.plugins ?? []\n\n  const result: EnabledPluginsResult = {\n    hasAdmin: false,\n    hasApiKey: false,\n    hasTwoFactor: false,\n    hasPasskey: false,\n    hasMagicLink: false,\n    hasMultiSession: false,\n    hasOrganization: false,\n  }\n\n  for (const plugin of plugins) {\n    // Better Auth plugins have an id property\n    const id = (plugin as { id?: string }).id\n\n    switch (id) {\n      case 'admin':\n        result.hasAdmin = true\n        break\n      case 'api-key':\n        result.hasApiKey = true\n        break\n      case 'two-factor':\n        result.hasTwoFactor = true\n        break\n      case 'passkey':\n        result.hasPasskey = true\n        break\n      case 'magic-link':\n        result.hasMagicLink = true\n        break\n      case 'multi-session':\n        result.hasMultiSession = true\n        break\n      case 'organization':\n        result.hasOrganization = true\n        break\n    }\n  }\n\n  return result\n}\n"],"names":["detectEnabledPlugins","options","plugins","result","hasAdmin","hasApiKey","hasTwoFactor","hasPasskey","hasMagicLink","hasMultiSession","hasOrganization","plugin","id"],"mappings":"AAAA;;CAEC,GAcD;;;;;;CAMC,GACD,OAAO,SAASA,qBACdC,OAAoC;IAEpC,MAAMC,UAAUD,SAASC,WAAW,EAAE;IAEtC,MAAMC,SAA+B;QACnCC,UAAU;QACVC,WAAW;QACXC,cAAc;QACdC,YAAY;QACZC,cAAc;QACdC,iBAAiB;QACjBC,iBAAiB;IACnB;IAEA,KAAK,MAAMC,UAAUT,QAAS;QAC5B,0CAA0C;QAC1C,MAAMU,KAAK,AAACD,OAA2BC,EAAE;QAEzC,OAAQA;YACN,KAAK;gBACHT,OAAOC,QAAQ,GAAG;gBAClB;YACF,KAAK;gBACHD,OAAOE,SAAS,GAAG;gBACnB;YACF,KAAK;gBACHF,OAAOG,YAAY,GAAG;gBACtB;YACF,KAAK;gBACHH,OAAOI,UAAU,GAAG;gBACpB;YACF,KAAK;gBACHJ,OAAOK,YAAY,GAAG;gBACtB;YACF,KAAK;gBACHL,OAAOM,eAAe,GAAG;gBACzB;YACF,KAAK;gBACHN,OAAOO,eAAe,GAAG;gBACzB;QACJ;IACF;IAEA,OAAOP;AACT"}

package/dist/utils/firstUserAdmin.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"firstUserAdmin.d.ts","sourceRoot":"","sources":["../../src/utils/firstUserAdmin.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAEpD,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,CAAC,EAAE,qBAAqB,GAC9B,WAAW,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAyEjD"}

package/dist/utils/firstUserAdmin.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/firstUserAdmin.ts"],"sourcesContent":["/**\n * First User Admin Hook Utility\n *\n * Provides a Better Auth databaseHooks configuration that automatically\n * makes the first registered user an admin.\n *\n * @packageDocumentation\n */\n\nimport type { BetterAuthOptions } from 'better-auth'\n\nexport type FirstUserAdminOptions = {\n  /**\n   * Role to assign to the first user\n   * @default 'admin'\n   */\n  adminRole?: string\n\n  /**\n   * Role to assign to subsequent users (if not already set)\n   * @default 'user'\n   */\n  defaultRole?: string\n\n  /**\n   * Field name for the role field\n   * @default 'role'\n   */\n  roleField?: string\n}\n\n/**\n * Creates Better Auth databaseHooks configuration that makes the first\n * registered user an admin.\n *\n * @example Basic usage\n * ```ts\n * import { betterAuth } from 'better-auth'\n * import { payloadAdapter } from '@delmaredigital/payload-better-auth/adapter'\n * import { firstUserAdminHooks } from '@delmaredigital/payload-better-auth'\n *\n * export const auth = betterAuth({\n *   database: payloadAdapter({ payloadClient: payload }),\n *   databaseHooks: firstUserAdminHooks(),\n * })\n * ```\n *\n * @example Custom roles\n * ```ts\n * export const auth = betterAuth({\n *   database: payloadAdapter({ payloadClient: payload }),\n *   databaseHooks: firstUserAdminHooks({\n *     adminRole: 'super-admin',\n *     defaultRole: 'member',\n *   }),\n * })\n * ```\n *\n * @example Merging with other hooks\n * ```ts\n * export const auth = betterAuth({\n *   database: payloadAdapter({ payloadClient: payload }),\n *   databaseHooks: {\n *     user: {\n *       create: {\n *         before: async (user, ctx) => {\n *           // First apply first-user-admin logic\n *           const result = await firstUserAdminHooks().user.create.before(user, ctx)\n *           const userData = result?.data ?? user\n *\n *           // Then apply your custom logic\n *           return {\n *             data: {\n *               ...userData,\n *               createdVia: 'custom-signup',\n *             },\n *           }\n *         },\n *         after: async (user) => {\n *           // Your after-create logic\n *           console.log('User created:', user.email)\n *         },\n *       },\n *     },\n *   },\n * })\n * ```\n */\nexport function firstUserAdminHooks(\n  options?: FirstUserAdminOptions\n): NonNullable<BetterAuthOptions['databaseHooks']> {\n  const {\n    adminRole = 'admin',\n    defaultRole = 'user',\n    roleField = 'role',\n  } = options ?? {}\n\n  // Using explicit any for the context type because Better Auth's\n  // GenericEndpointContext type is complex and includes [x: string]: any.\n  // The runtime behavior is what matters here.\n  const beforeHook = async (\n    user: Record<string, unknown>,\n    ctx: unknown\n  ): Promise<{ data: Record<string, unknown> }> => {\n    try {\n      // Access the adapter from context\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      const context = ctx as { context?: { adapter?: any } } | null\n      const adapter = context?.context?.adapter\n\n      if (!adapter?.count) {\n        // Adapter not available, fall back to default role\n        return {\n          data: {\n            ...user,\n            [roleField]: user[roleField] ?? defaultRole,\n          },\n        }\n      }\n\n      const userCount = await adapter.count({\n        model: 'user',\n        where: [],\n      })\n\n      if (userCount === 0) {\n        // First user becomes admin\n        return {\n          data: {\n            ...user,\n            [roleField]: adminRole,\n          },\n        }\n      }\n\n      // Subsequent users get default role if not already set\n      return {\n        data: {\n          ...user,\n          [roleField]: user[roleField] ?? defaultRole,\n        },\n      }\n    } catch (error) {\n      // On error, don't block user creation - just use provided or default role\n      console.warn('[firstUserAdminHooks] Failed to check user count:', error)\n      return {\n        data: {\n          ...user,\n          [roleField]: user[roleField] ?? defaultRole,\n        },\n      }\n    }\n  }\n\n  return {\n    user: {\n      create: {\n        // Cast needed because Better Auth's hook types are complex\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        before: beforeHook as any,\n      },\n    },\n  }\n}\n"],"names":["firstUserAdminHooks","options","adminRole","defaultRole","roleField","beforeHook","user","ctx","context","adapter","count","data","userCount","model","where","error","console","warn","create","before"],"mappings":"AAAA;;;;;;;CAOC,GAwBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwDC,GACD,OAAO,SAASA,oBACdC,OAA+B;IAE/B,MAAM,EACJC,YAAY,OAAO,EACnBC,cAAc,MAAM,EACpBC,YAAY,MAAM,EACnB,GAAGH,WAAW,CAAC;IAEhB,gEAAgE;IAChE,wEAAwE;IACxE,6CAA6C;IAC7C,MAAMI,aAAa,OACjBC,MACAC;QAEA,IAAI;YACF,kCAAkC;YAClC,8DAA8D;YAC9D,MAAMC,UAAUD;YAChB,MAAME,UAAUD,SAASA,SAASC;YAElC,IAAI,CAACA,SAASC,OAAO;gBACnB,mDAAmD;gBACnD,OAAO;oBACLC,MAAM;wBACJ,GAAGL,IAAI;wBACP,CAACF,UAAU,EAAEE,IAAI,CAACF,UAAU,IAAID;oBAClC;gBACF;YACF;YAEA,MAAMS,YAAY,MAAMH,QAAQC,KAAK,CAAC;gBACpCG,OAAO;gBACPC,OAAO,EAAE;YACX;YAEA,IAAIF,cAAc,GAAG;gBACnB,2BAA2B;gBAC3B,OAAO;oBACLD,MAAM;wBACJ,GAAGL,IAAI;wBACP,CAACF,UAAU,EAAEF;oBACf;gBACF;YACF;YAEA,uDAAuD;YACvD,OAAO;gBACLS,MAAM;oBACJ,GAAGL,IAAI;oBACP,CAACF,UAAU,EAAEE,IAAI,CAACF,UAAU,IAAID;gBAClC;YACF;QACF,EAAE,OAAOY,OAAO;YACd,0EAA0E;YAC1EC,QAAQC,IAAI,CAAC,qDAAqDF;YAClE,OAAO;gBACLJ,MAAM;oBACJ,GAAGL,IAAI;oBACP,CAACF,UAAU,EAAEE,IAAI,CAACF,UAAU,IAAID;gBAClC;YACF;QACF;IACF;IAEA,OAAO;QACLG,MAAM;YACJY,QAAQ;gBACN,2DAA2D;gBAC3D,8DAA8D;gBAC9DC,QAAQd;YACV;QACF;IACF;AACF"}

package/dist/utils/generateScopes.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"generateScopes.d.ts","sourceRoot":"","sources":["../../src/utils/generateScopes.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAA;AAC/C,OAAO,KAAK,EACV,eAAe,EACf,kBAAkB,EAClB,cAAc,EACf,MAAM,oBAAoB,CAAA;AA6B3B;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,WAAW,EAAE,gBAAgB,EAAE,EAC/B,kBAAkB,GAAE,MAAM,EAAiC,GAC1D,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAoCjC;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,gBAAgB,EAAE,EAC/B,MAAM,CAAC,EAAE,kBAAkB,GAC1B,cAAc,EAAE,CA6BlB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,EAAE,MAAM,EAAE,EAC1B,eAAe,EAAE,cAAc,EAAE,GAChC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAqB1B"}

package/dist/utils/generateScopes.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/generateScopes.ts"],"sourcesContent":["/**\n * Auto-generate API key scopes from Payload collections.\n */\n\nimport type { CollectionConfig } from 'payload'\nimport type {\n  ScopeDefinition,\n  ApiKeyScopesConfig,\n  AvailableScope,\n} from '../types/apiKey.js'\n\n/** Default collections to exclude from auto-generated scopes */\nconst DEFAULT_EXCLUDED_COLLECTIONS = [\n  'sessions',\n  'verifications',\n  'accounts',\n  'twoFactors',\n  'apiKeys',\n]\n\n/**\n * Capitalize the first letter of a string.\n */\nfunction capitalize(str: string): string {\n  return str.charAt(0).toUpperCase() + str.slice(1)\n}\n\n/**\n * Convert slug to human-readable label.\n * e.g., 'blog-posts' -> 'Blog Posts'\n */\nfunction slugToLabel(slug: string): string {\n  return slug\n    .split('-')\n    .map(capitalize)\n    .join(' ')\n}\n\n/**\n * Generate scopes from Payload collections.\n * Creates {collection}:read, {collection}:write, {collection}:delete for each collection.\n */\nexport function generateScopesFromCollections(\n  collections: CollectionConfig[],\n  excludeCollections: string[] = DEFAULT_EXCLUDED_COLLECTIONS\n): Record<string, ScopeDefinition> {\n  const scopes: Record<string, ScopeDefinition> = {}\n\n  for (const collection of collections) {\n    if (excludeCollections.includes(collection.slug)) continue\n\n    const slug = collection.slug\n    const singularLabel =\n      (typeof collection.labels?.singular === 'string'\n        ? collection.labels.singular\n        : null) ?? slugToLabel(slug)\n    const pluralLabel =\n      (typeof collection.labels?.plural === 'string'\n        ? collection.labels.plural\n        : null) ?? slugToLabel(slug) + 's'\n\n    scopes[`${slug}:read`] = {\n      label: `Read ${pluralLabel}`,\n      description: `View ${pluralLabel.toLowerCase()}`,\n      permissions: { [slug]: ['read'] },\n    }\n\n    scopes[`${slug}:write`] = {\n      label: `Write ${pluralLabel}`,\n      description: `Create and edit ${pluralLabel.toLowerCase()}`,\n      permissions: { [slug]: ['read', 'create', 'update'] },\n    }\n\n    scopes[`${slug}:delete`] = {\n      label: `Delete ${pluralLabel}`,\n      description: `Delete ${pluralLabel.toLowerCase()}`,\n      permissions: { [slug]: ['delete'] },\n    }\n  }\n\n  return scopes\n}\n\n/**\n * Build the final scopes configuration from plugin options and collections.\n * Handles merging custom scopes with auto-generated collection scopes.\n */\nexport function buildAvailableScopes(\n  collections: CollectionConfig[],\n  config?: ApiKeyScopesConfig\n): AvailableScope[] {\n  const customScopes = config?.scopes ?? {}\n  const hasCustomScopes = Object.keys(customScopes).length > 0\n\n  // Determine if we should include collection scopes\n  // Default: true when no custom scopes, false when custom scopes provided\n  const includeCollectionScopes =\n    config?.includeCollectionScopes ?? !hasCustomScopes\n\n  const excludeCollections = config?.excludeCollections ?? DEFAULT_EXCLUDED_COLLECTIONS\n\n  // Build the combined scopes object\n  let allScopes: Record<string, ScopeDefinition> = {}\n\n  // Add collection scopes if enabled\n  if (includeCollectionScopes) {\n    allScopes = generateScopesFromCollections(collections, excludeCollections)\n  }\n\n  // Add custom scopes (they override collection scopes with same ID)\n  for (const [id, scope] of Object.entries(customScopes)) {\n    allScopes[id] = scope\n  }\n\n  // Convert to array format for the client\n  return Object.entries(allScopes).map(([id, scope]) => ({\n    id,\n    ...scope,\n  }))\n}\n\n/**\n * Convert selected scopes to Better Auth permission format.\n * Used when creating an API key.\n */\nexport function scopesToPermissions(\n  selectedScopeIds: string[],\n  availableScopes: AvailableScope[]\n): Record<string, string[]> {\n  const permissions: Record<string, string[]> = {}\n\n  for (const scopeId of selectedScopeIds) {\n    const scope = availableScopes.find((s) => s.id === scopeId)\n    if (!scope) continue\n\n    for (const [resource, actions] of Object.entries(scope.permissions)) {\n      if (!permissions[resource]) {\n        permissions[resource] = []\n      }\n      // Add unique actions\n      for (const action of actions) {\n        if (!permissions[resource].includes(action)) {\n          permissions[resource].push(action)\n        }\n      }\n    }\n  }\n\n  return permissions\n}\n"],"names":["DEFAULT_EXCLUDED_COLLECTIONS","capitalize","str","charAt","toUpperCase","slice","slugToLabel","slug","split","map","join","generateScopesFromCollections","collections","excludeCollections","scopes","collection","includes","singularLabel","labels","singular","pluralLabel","plural","label","description","toLowerCase","permissions","buildAvailableScopes","config","customScopes","hasCustomScopes","Object","keys","length","includeCollectionScopes","allScopes","id","scope","entries","scopesToPermissions","selectedScopeIds","availableScopes","scopeId","find","s","resource","actions","action","push"],"mappings":"AAAA;;CAEC,GASD,8DAA8D,GAC9D,MAAMA,+BAA+B;IACnC;IACA;IACA;IACA;IACA;CACD;AAED;;CAEC,GACD,SAASC,WAAWC,GAAW;IAC7B,OAAOA,IAAIC,MAAM,CAAC,GAAGC,WAAW,KAAKF,IAAIG,KAAK,CAAC;AACjD;AAEA;;;CAGC,GACD,SAASC,YAAYC,IAAY;IAC/B,OAAOA,KACJC,KAAK,CAAC,KACNC,GAAG,CAACR,YACJS,IAAI,CAAC;AACV;AAEA;;;CAGC,GACD,OAAO,SAASC,8BACdC,WAA+B,EAC/BC,qBAA+Bb,4BAA4B;IAE3D,MAAMc,SAA0C,CAAC;IAEjD,KAAK,MAAMC,cAAcH,YAAa;QACpC,IAAIC,mBAAmBG,QAAQ,CAACD,WAAWR,IAAI,GAAG;QAElD,MAAMA,OAAOQ,WAAWR,IAAI;QAC5B,MAAMU,gBACJ,AAAC,CAAA,OAAOF,WAAWG,MAAM,EAAEC,aAAa,WACpCJ,WAAWG,MAAM,CAACC,QAAQ,GAC1B,IAAG,KAAMb,YAAYC;QAC3B,MAAMa,cACJ,AAAC,CAAA,OAAOL,WAAWG,MAAM,EAAEG,WAAW,WAClCN,WAAWG,MAAM,CAACG,MAAM,GACxB,IAAG,KAAMf,YAAYC,QAAQ;QAEnCO,MAAM,CAAC,GAAGP,KAAK,KAAK,CAAC,CAAC,GAAG;YACvBe,OAAO,CAAC,KAAK,EAAEF,aAAa;YAC5BG,aAAa,CAAC,KAAK,EAAEH,YAAYI,WAAW,IAAI;YAChDC,aAAa;gBAAE,CAAClB,KAAK,EAAE;oBAAC;iBAAO;YAAC;QAClC;QAEAO,MAAM,CAAC,GAAGP,KAAK,MAAM,CAAC,CAAC,GAAG;YACxBe,OAAO,CAAC,MAAM,EAAEF,aAAa;YAC7BG,aAAa,CAAC,gBAAgB,EAAEH,YAAYI,WAAW,IAAI;YAC3DC,aAAa;gBAAE,CAAClB,KAAK,EAAE;oBAAC;oBAAQ;oBAAU;iBAAS;YAAC;QACtD;QAEAO,MAAM,CAAC,GAAGP,KAAK,OAAO,CAAC,CAAC,GAAG;YACzBe,OAAO,CAAC,OAAO,EAAEF,aAAa;YAC9BG,aAAa,CAAC,OAAO,EAAEH,YAAYI,WAAW,IAAI;YAClDC,aAAa;gBAAE,CAAClB,KAAK,EAAE;oBAAC;iBAAS;YAAC;QACpC;IACF;IAEA,OAAOO;AACT;AAEA;;;CAGC,GACD,OAAO,SAASY,qBACdd,WAA+B,EAC/Be,MAA2B;IAE3B,MAAMC,eAAeD,QAAQb,UAAU,CAAC;IACxC,MAAMe,kBAAkBC,OAAOC,IAAI,CAACH,cAAcI,MAAM,GAAG;IAE3D,mDAAmD;IACnD,yEAAyE;IACzE,MAAMC,0BACJN,QAAQM,2BAA2B,CAACJ;IAEtC,MAAMhB,qBAAqBc,QAAQd,sBAAsBb;IAEzD,mCAAmC;IACnC,IAAIkC,YAA6C,CAAC;IAElD,mCAAmC;IACnC,IAAID,yBAAyB;QAC3BC,YAAYvB,8BAA8BC,aAAaC;IACzD;IAEA,mEAAmE;IACnE,KAAK,MAAM,CAACsB,IAAIC,MAAM,IAAIN,OAAOO,OAAO,CAACT,cAAe;QACtDM,SAAS,CAACC,GAAG,GAAGC;IAClB;IAEA,yCAAyC;IACzC,OAAON,OAAOO,OAAO,CAACH,WAAWzB,GAAG,CAAC,CAAC,CAAC0B,IAAIC,MAAM,GAAM,CAAA;YACrDD;YACA,GAAGC,KAAK;QACV,CAAA;AACF;AAEA;;;CAGC,GACD,OAAO,SAASE,oBACdC,gBAA0B,EAC1BC,eAAiC;IAEjC,MAAMf,cAAwC,CAAC;IAE/C,KAAK,MAAMgB,WAAWF,iBAAkB;QACtC,MAAMH,QAAQI,gBAAgBE,IAAI,CAAC,CAACC,IAAMA,EAAER,EAAE,KAAKM;QACnD,IAAI,CAACL,OAAO;QAEZ,KAAK,MAAM,CAACQ,UAAUC,QAAQ,IAAIf,OAAOO,OAAO,CAACD,MAAMX,WAAW,EAAG;YACnE,IAAI,CAACA,WAAW,CAACmB,SAAS,EAAE;gBAC1BnB,WAAW,CAACmB,SAAS,GAAG,EAAE;YAC5B;YACA,qBAAqB;YACrB,KAAK,MAAME,UAAUD,QAAS;gBAC5B,IAAI,CAACpB,WAAW,CAACmB,SAAS,CAAC5B,QAAQ,CAAC8B,SAAS;oBAC3CrB,WAAW,CAACmB,SAAS,CAACG,IAAI,CAACD;gBAC7B;YACF;QACF;IACF;IAEA,OAAOrB;AACT"}

package/dist/utils/session.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/utils/session.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAG1C,MAAM,MAAM,OAAO,GAAG;IACpB,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAA;QACV,KAAK,EAAE,MAAM,CAAA;QACb,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KACvB,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,SAAS,EAAE,IAAI,CAAA;QACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KACvB,CAAA;CACF,CAAA;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAezB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAGjC"}

package/dist/utils/session.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/utils/session.ts"],"sourcesContent":["/**\n * Server-side session utilities\n *\n * @packageDocumentation\n */\n\nimport type { BasePayload } from 'payload'\nimport type { PayloadWithAuth } from '../plugin/index.js'\n\nexport type Session = {\n  user: {\n    id: string\n    email: string\n    name?: string\n    image?: string\n    [key: string]: unknown\n  }\n  session: {\n    id: string\n    expiresAt: Date\n    [key: string]: unknown\n  }\n}\n\n/**\n * Get the current session from headers.\n *\n * @example\n * ```ts\n * import { headers } from 'next/headers'\n * import { getServerSession } from '@delmare/payload-better-auth'\n *\n * export default async function Page() {\n *   const headersList = await headers()\n *   const session = await getServerSession(payload, headersList)\n *\n *   if (!session) {\n *     redirect('/login')\n *   }\n *\n *   return <div>Hello {session.user.name}</div>\n * }\n * ```\n */\nexport async function getServerSession(\n  payload: BasePayload,\n  headers: Headers\n): Promise<Session | null> {\n  try {\n    const payloadWithAuth = payload as PayloadWithAuth\n\n    if (!payloadWithAuth.betterAuth) {\n      console.error('[session] Better Auth not initialized')\n      return null\n    }\n\n    const session = await payloadWithAuth.betterAuth.api.getSession({ headers })\n    return session as Session | null\n  } catch (error) {\n    console.error('[session] Error getting session:', error)\n    return null\n  }\n}\n\n/**\n * Get the current user from the session.\n *\n * @example\n * ```ts\n * import { headers } from 'next/headers'\n * import { getServerUser } from '@delmare/payload-better-auth'\n *\n * export default async function Page() {\n *   const headersList = await headers()\n *   const user = await getServerUser(payload, headersList)\n *\n *   if (!user) {\n *     redirect('/login')\n *   }\n *\n *   return <div>Hello {user.name}</div>\n * }\n * ```\n */\nexport async function getServerUser(\n  payload: BasePayload,\n  headers: Headers\n): Promise<Session['user'] | null> {\n  const session = await getServerSession(payload, headers)\n  return session?.user ?? null\n}\n"],"names":["getServerSession","payload","headers","payloadWithAuth","betterAuth","console","error","session","api","getSession","getServerUser","user"],"mappings":"AAAA;;;;CAIC,GAoBD;;;;;;;;;;;;;;;;;;;CAmBC,GACD,OAAO,eAAeA,iBACpBC,OAAoB,EACpBC,OAAgB;IAEhB,IAAI;QACF,MAAMC,kBAAkBF;QAExB,IAAI,CAACE,gBAAgBC,UAAU,EAAE;YAC/BC,QAAQC,KAAK,CAAC;YACd,OAAO;QACT;QAEA,MAAMC,UAAU,MAAMJ,gBAAgBC,UAAU,CAACI,GAAG,CAACC,UAAU,CAAC;YAAEP;QAAQ;QAC1E,OAAOK;IACT,EAAE,OAAOD,OAAO;QACdD,QAAQC,KAAK,CAAC,oCAAoCA;QAClD,OAAO;IACT;AACF;AAEA;;;;;;;;;;;;;;;;;;;CAmBC,GACD,OAAO,eAAeI,cACpBT,OAAoB,EACpBC,OAAgB;IAEhB,MAAMK,UAAU,MAAMP,iBAAiBC,SAASC;IAChD,OAAOK,SAASI,QAAQ;AAC1B"}