@glw907/cairn-cms 0.3.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/README.md +17 -9
  2. package/dist/adapter.d.ts +10 -1
  3. package/dist/adapter.d.ts.map +1 -1
  4. package/dist/auth/admins.d.ts +33 -0
  5. package/dist/auth/admins.d.ts.map +1 -0
  6. package/dist/auth/admins.js +90 -0
  7. package/dist/auth/config.d.ts +2097 -0
  8. package/dist/auth/config.d.ts.map +1 -0
  9. package/dist/auth/config.js +78 -0
  10. package/dist/auth/guard.d.ts +34 -0
  11. package/dist/auth/guard.d.ts.map +1 -0
  12. package/dist/auth/guard.js +47 -0
  13. package/dist/auth/index.d.ts +4 -0
  14. package/dist/auth/index.d.ts.map +1 -0
  15. package/dist/auth/index.js +6 -0
  16. package/dist/auth/schema.d.ts +750 -0
  17. package/dist/auth/schema.d.ts.map +1 -0
  18. package/dist/auth/schema.js +93 -0
  19. package/dist/carta.d.ts +1 -1
  20. package/dist/carta.d.ts.map +1 -1
  21. package/dist/components/AdminLayout.svelte +9 -9
  22. package/dist/components/AdminLayout.svelte.d.ts +2 -2
  23. package/dist/components/AdminLayout.svelte.d.ts.map +1 -1
  24. package/dist/components/AdminList.svelte +1 -1
  25. package/dist/components/ConfirmPage.svelte +31 -0
  26. package/dist/components/ConfirmPage.svelte.d.ts +11 -0
  27. package/dist/components/ConfirmPage.svelte.d.ts.map +1 -0
  28. package/dist/components/EditPage.svelte +5 -5
  29. package/dist/components/LoginPage.svelte +35 -18
  30. package/dist/components/LoginPage.svelte.d.ts +0 -2
  31. package/dist/components/LoginPage.svelte.d.ts.map +1 -1
  32. package/dist/components/ManageAdmins.svelte +1 -1
  33. package/dist/components/ManageAdmins.svelte.d.ts +1 -1
  34. package/dist/components/ManageAdmins.svelte.d.ts.map +1 -1
  35. package/dist/components/index.d.ts +1 -0
  36. package/dist/components/index.d.ts.map +1 -1
  37. package/dist/components/index.js +1 -0
  38. package/dist/email.d.ts.map +1 -1
  39. package/dist/email.js +19 -11
  40. package/dist/github.d.ts +22 -2
  41. package/dist/github.d.ts.map +1 -1
  42. package/dist/github.js +40 -5
  43. package/dist/index.d.ts +1 -1
  44. package/dist/index.d.ts.map +1 -1
  45. package/dist/index.js +3 -2
  46. package/dist/render/glyph.d.ts +6 -0
  47. package/dist/render/glyph.d.ts.map +1 -0
  48. package/dist/render/glyph.js +5 -0
  49. package/dist/render/index.d.ts +6 -0
  50. package/dist/render/index.d.ts.map +1 -0
  51. package/dist/render/index.js +8 -0
  52. package/dist/render/pipeline.d.ts +16 -0
  53. package/dist/render/pipeline.d.ts.map +1 -0
  54. package/dist/render/pipeline.js +29 -0
  55. package/dist/render/registry.d.ts +28 -0
  56. package/dist/render/registry.d.ts.map +1 -0
  57. package/dist/render/registry.js +11 -0
  58. package/dist/render/rehype-dispatch.d.ts +24 -0
  59. package/dist/render/rehype-dispatch.d.ts.map +1 -0
  60. package/dist/render/rehype-dispatch.js +86 -0
  61. package/dist/render/remark-directives.d.ts +4 -0
  62. package/dist/render/remark-directives.d.ts.map +1 -0
  63. package/dist/render/remark-directives.js +74 -0
  64. package/dist/sveltekit/index.d.ts +20 -58
  65. package/dist/sveltekit/index.d.ts.map +1 -1
  66. package/dist/sveltekit/index.js +35 -152
  67. package/dist/utils.d.ts +1 -1
  68. package/dist/utils.d.ts.map +1 -1
  69. package/dist/utils.js +2 -2
  70. package/package.json +48 -6
  71. package/src/lib/adapter.ts +12 -3
  72. package/src/lib/auth/admins.ts +106 -0
  73. package/src/lib/auth/config.ts +108 -0
  74. package/src/lib/auth/guard.ts +60 -0
  75. package/src/lib/auth/index.ts +6 -0
  76. package/src/lib/auth/schema.ts +112 -0
  77. package/src/lib/carta.ts +2 -2
  78. package/src/lib/components/AdminLayout.svelte +9 -9
  79. package/src/lib/components/AdminList.svelte +1 -1
  80. package/src/lib/components/ConfirmPage.svelte +31 -0
  81. package/src/lib/components/EditPage.svelte +5 -5
  82. package/src/lib/components/LoginPage.svelte +35 -18
  83. package/src/lib/components/ManageAdmins.svelte +1 -1
  84. package/src/lib/components/index.ts +1 -0
  85. package/src/lib/email.ts +18 -11
  86. package/src/lib/github.ts +38 -6
  87. package/src/lib/index.ts +3 -2
  88. package/src/lib/render/glyph.ts +14 -0
  89. package/src/lib/render/index.ts +8 -0
  90. package/src/lib/render/pipeline.ts +37 -0
  91. package/src/lib/render/registry.ts +36 -0
  92. package/src/lib/render/rehype-dispatch.ts +97 -0
  93. package/src/lib/render/remark-directives.ts +71 -0
  94. package/src/lib/sveltekit/index.ts +59 -227
  95. package/src/lib/utils.ts +2 -2
  96. package/dist/auth.d.ts +0 -25
  97. package/dist/auth.d.ts.map +0 -1
  98. package/dist/auth.js +0 -132
  99. package/src/lib/auth.ts +0 -185
package/dist/auth/config.d.ts ADDED
@@ -0,0 +1,2097 @@
1
+ import { drizzleAdapter } from 'better-auth/adapters/drizzle';
2
+ import type { D1Database } from '@cloudflare/workers-types';
3
+ import { type EmailSender } from '../email';
4
+ /** Worker bindings + vars the auth layer reads (a structural subset of `Platform.env`). */
5
+ export interface AuthEnv {
6
+ AUTH_DB?: D1Database;
7
+ AUTH_SECRET?: string;
8
+ /** Canonical origin; `BETTER_AUTH_URL` is accepted as a legacy alias. */
9
+ PUBLIC_ORIGIN?: string;
10
+ /** Legacy alias for `PUBLIC_ORIGIN`; `PUBLIC_ORIGIN` takes precedence when both are set. */
11
+ BETTER_AUTH_URL?: string;
12
+ EMAIL?: EmailSender;
13
+ }
14
+ /** Branding the magic-link email needs; threaded from the site adapter via hooks. */
15
+ export interface AuthBranding {
16
+ siteName: string;
17
+ /** The `From:` address used when sending magic-link emails. */
18
+ sender: string;
19
+ }
20
+ /** The drizzle adapter result `betterAuth` consumes (same provider/schema everywhere). */
21
+ type DrizzleDb = Parameters<typeof drizzleAdapter>[0];
22
+ /**
23
+ * The shared better-auth config. Kept separate from `createAuth` so the test harness can run
24
+ * the EXACT plugin set (allowlist semantics, expiry, POST-confirm send) over an in-memory
25
+ * SQLite instead of D1. `disableSignUp:true` makes the `user` table the editor allowlist:
26
+ * magic-link never auto-creates, so the only way in is the owner-gated admin `createUser`
27
+ * (see auth/admins.ts). `adminRoles:['owner']` lets owners (not the default `admin` role)
28
+ * drive the admin API. Tokens are stored hashed and consumed atomically on first verify
29
+ * (better-auth GHSA-hc7v-rggr-4hvx), single-use by construction (C1).
30
+ */
31
+ export declare function buildAuth(opts: {
32
+ database: DrizzleDb;
33
+ baseURL: string;
34
+ secret: string | undefined;
35
+ branding: AuthBranding;
36
+ sendLink: (email: string, token: string) => Promise<void>;
37
+ }): import("better-auth").Auth<{
38
+ appName: string;
39
+ secret: string | undefined;
40
+ baseURL: string;
41
+ trustedOrigins: string[];
42
+ database: import("better-auth/adapters/drizzle").DB;
43
+ plugins: [{
44
+ id: "magic-link";
45
+ version: string;
46
+ endpoints: {
47
+ signInMagicLink: import("better-auth").StrictEndpoint<"/sign-in/magic-link", {
48
+ method: "POST";
49
+ requireHeaders: true;
50
+ body: import("better-auth").ZodObject<{
51
+ email: import("better-auth").ZodEmail;
52
+ name: import("better-auth").ZodOptional<import("better-auth").ZodString>;
53
+ callbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
54
+ newUserCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
55
+ errorCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
56
+ metadata: import("better-auth").ZodOptional<import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodAny>>;
57
+ }, import("zod/v4/core").$strip>;
58
+ metadata: {
59
+ openapi: {
60
+ operationId: string;
61
+ description: string;
62
+ responses: {
63
+ 200: {
64
+ description: string;
65
+ content: {
66
+ "application/json": {
67
+ schema: {
68
+ type: "object";
69
+ properties: {
70
+ status: {
71
+ type: string;
72
+ };
73
+ };
74
+ };
75
+ };
76
+ };
77
+ };
78
+ };
79
+ };
80
+ };
81
+ }, {
82
+ status: boolean;
83
+ }>;
84
+ magicLinkVerify: import("better-auth").StrictEndpoint<"/magic-link/verify", {
85
+ method: "GET";
86
+ query: import("better-auth").ZodObject<{
87
+ token: import("better-auth").ZodString;
88
+ callbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
89
+ errorCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
90
+ newUserCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
91
+ }, import("zod/v4/core").$strip>;
92
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<void>)[];
93
+ requireHeaders: true;
94
+ metadata: {
95
+ openapi: {
96
+ operationId: string;
97
+ description: string;
98
+ responses: {
99
+ 200: {
100
+ description: string;
101
+ content: {
102
+ "application/json": {
103
+ schema: {
104
+ type: "object";
105
+ properties: {
106
+ session: {
107
+ $ref: string;
108
+ };
109
+ user: {
110
+ $ref: string;
111
+ };
112
+ };
113
+ };
114
+ };
115
+ };
116
+ };
117
+ };
118
+ };
119
+ };
120
+ }, {
121
+ token: string;
122
+ user: {
123
+ id: string;
124
+ createdAt: Date;
125
+ updatedAt: Date;
126
+ email: string;
127
+ emailVerified: boolean;
128
+ name: string;
129
+ image?: string | null | undefined;
130
+ };
131
+ session: {
132
+ id: string;
133
+ createdAt: Date;
134
+ updatedAt: Date;
135
+ userId: string;
136
+ expiresAt: Date;
137
+ token: string;
138
+ ipAddress?: string | null | undefined;
139
+ userAgent?: string | null | undefined;
140
+ };
141
+ }>;
142
+ };
143
+ rateLimit: {
144
+ pathMatcher(path: string): boolean;
145
+ window: number;
146
+ max: number;
147
+ }[];
148
+ options: import("better-auth/plugins").MagicLinkOptions;
149
+ }, {
150
+ id: "admin";
151
+ version: string;
152
+ init(): {
153
+ options: {
154
+ databaseHooks: {
155
+ user: {
156
+ create: {
157
+ before(user: {
158
+ id: string;
159
+ createdAt: Date;
160
+ updatedAt: Date;
161
+ email: string;
162
+ emailVerified: boolean;
163
+ name: string;
164
+ image?: string | null | undefined;
165
+ } & Record<string, unknown>): Promise<{
166
+ data: {
167
+ id: string;
168
+ createdAt: Date;
169
+ updatedAt: Date;
170
+ email: string;
171
+ emailVerified: boolean;
172
+ name: string;
173
+ image?: string | null | undefined;
174
+ role: string;
175
+ };
176
+ }>;
177
+ };
178
+ };
179
+ session: {
180
+ create: {
181
+ before(session: {
182
+ id: string;
183
+ createdAt: Date;
184
+ updatedAt: Date;
185
+ userId: string;
186
+ expiresAt: Date;
187
+ token: string;
188
+ ipAddress?: string | null | undefined;
189
+ userAgent?: string | null | undefined;
190
+ } & Record<string, unknown>, ctx: import("better-auth").GenericEndpointContext | null): Promise<void>;
191
+ };
192
+ };
193
+ };
194
+ };
195
+ };
196
+ hooks: {
197
+ after: {
198
+ matcher(context: import("better-auth").HookEndpointContext): boolean;
199
+ handler: (inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<import("better-auth/plugins").SessionWithImpersonatedBy[] | undefined>;
200
+ }[];
201
+ };
202
+ endpoints: {
203
+ setRole: import("better-auth").StrictEndpoint<"/admin/set-role", {
204
+ method: "POST";
205
+ body: import("better-auth").ZodObject<{
206
+ userId: import("better-auth").ZodCoercedString<unknown>;
207
+ role: import("better-auth").ZodUnion<readonly [import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>]>;
208
+ }, import("zod/v4/core").$strip>;
209
+ requireHeaders: true;
210
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
211
+ session: {
212
+ user: import("better-auth/plugins").UserWithRole;
213
+ session: {
214
+ id: string;
215
+ createdAt: Date;
216
+ updatedAt: Date;
217
+ userId: string;
218
+ expiresAt: Date;
219
+ token: string;
220
+ ipAddress?: string | null | undefined;
221
+ userAgent?: string | null | undefined;
222
+ };
223
+ };
224
+ }>)[];
225
+ metadata: {
226
+ openapi: {
227
+ operationId: string;
228
+ summary: string;
229
+ description: string;
230
+ responses: {
231
+ 200: {
232
+ description: string;
233
+ content: {
234
+ "application/json": {
235
+ schema: {
236
+ type: "object";
237
+ properties: {
238
+ user: {
239
+ $ref: string;
240
+ };
241
+ };
242
+ };
243
+ };
244
+ };
245
+ };
246
+ };
247
+ };
248
+ $Infer: {
249
+ body: {
250
+ userId: string;
251
+ role: "owner" | "editor" | ("owner" | "editor")[];
252
+ };
253
+ };
254
+ };
255
+ }, {
256
+ user: import("better-auth/plugins").UserWithRole;
257
+ }>;
258
+ getUser: import("better-auth").StrictEndpoint<"/admin/get-user", {
259
+ method: "GET";
260
+ query: import("better-auth").ZodObject<{
261
+ id: import("better-auth").ZodString;
262
+ }, import("zod/v4/core").$strip>;
263
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
264
+ session: {
265
+ user: import("better-auth/plugins").UserWithRole;
266
+ session: {
267
+ id: string;
268
+ createdAt: Date;
269
+ updatedAt: Date;
270
+ userId: string;
271
+ expiresAt: Date;
272
+ token: string;
273
+ ipAddress?: string | null | undefined;
274
+ userAgent?: string | null | undefined;
275
+ };
276
+ };
277
+ }>)[];
278
+ metadata: {
279
+ openapi: {
280
+ operationId: string;
281
+ summary: string;
282
+ description: string;
283
+ responses: {
284
+ 200: {
285
+ description: string;
286
+ content: {
287
+ "application/json": {
288
+ schema: {
289
+ type: "object";
290
+ properties: {
291
+ user: {
292
+ $ref: string;
293
+ };
294
+ };
295
+ };
296
+ };
297
+ };
298
+ };
299
+ };
300
+ };
301
+ };
302
+ }, import("better-auth/plugins").UserWithRole>;
303
+ createUser: import("better-auth").StrictEndpoint<"/admin/create-user", {
304
+ method: "POST";
305
+ body: import("better-auth").ZodObject<{
306
+ email: import("better-auth").ZodString;
307
+ password: import("better-auth").ZodOptional<import("better-auth").ZodString>;
308
+ name: import("better-auth").ZodString;
309
+ role: import("better-auth").ZodOptional<import("better-auth").ZodUnion<readonly [import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>]>>;
310
+ data: import("better-auth").ZodOptional<import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodAny>>;
311
+ }, import("zod/v4/core").$strip>;
312
+ metadata: {
313
+ openapi: {
314
+ operationId: string;
315
+ summary: string;
316
+ description: string;
317
+ responses: {
318
+ 200: {
319
+ description: string;
320
+ content: {
321
+ "application/json": {
322
+ schema: {
323
+ type: "object";
324
+ properties: {
325
+ user: {
326
+ $ref: string;
327
+ };
328
+ };
329
+ };
330
+ };
331
+ };
332
+ };
333
+ };
334
+ };
335
+ $Infer: {
336
+ body: {
337
+ email: string;
338
+ password?: string | undefined;
339
+ name: string;
340
+ role?: "owner" | "editor" | ("owner" | "editor")[] | undefined;
341
+ data?: Record<string, any> | undefined;
342
+ };
343
+ };
344
+ };
345
+ }, {
346
+ user: import("better-auth/plugins").UserWithRole;
347
+ }>;
348
+ adminUpdateUser: import("better-auth").StrictEndpoint<"/admin/update-user", {
349
+ method: "POST";
350
+ body: import("better-auth").ZodObject<{
351
+ userId: import("better-auth").ZodCoercedString<unknown>;
352
+ data: import("better-auth").ZodRecord<import("better-auth").ZodAny, import("better-auth").ZodAny>;
353
+ }, import("zod/v4/core").$strip>;
354
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
355
+ session: {
356
+ user: import("better-auth/plugins").UserWithRole;
357
+ session: {
358
+ id: string;
359
+ createdAt: Date;
360
+ updatedAt: Date;
361
+ userId: string;
362
+ expiresAt: Date;
363
+ token: string;
364
+ ipAddress?: string | null | undefined;
365
+ userAgent?: string | null | undefined;
366
+ };
367
+ };
368
+ }>)[];
369
+ metadata: {
370
+ openapi: {
371
+ operationId: string;
372
+ summary: string;
373
+ description: string;
374
+ responses: {
375
+ 200: {
376
+ description: string;
377
+ content: {
378
+ "application/json": {
379
+ schema: {
380
+ type: "object";
381
+ properties: {
382
+ user: {
383
+ $ref: string;
384
+ };
385
+ };
386
+ };
387
+ };
388
+ };
389
+ };
390
+ };
391
+ };
392
+ };
393
+ }, import("better-auth/plugins").UserWithRole>;
394
+ listUsers: import("better-auth").StrictEndpoint<"/admin/list-users", {
395
+ method: "GET";
396
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
397
+ session: {
398
+ user: import("better-auth/plugins").UserWithRole;
399
+ session: {
400
+ id: string;
401
+ createdAt: Date;
402
+ updatedAt: Date;
403
+ userId: string;
404
+ expiresAt: Date;
405
+ token: string;
406
+ ipAddress?: string | null | undefined;
407
+ userAgent?: string | null | undefined;
408
+ };
409
+ };
410
+ }>)[];
411
+ query: import("better-auth").ZodObject<{
412
+ searchValue: import("better-auth").ZodOptional<import("better-auth").ZodString>;
413
+ searchField: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
414
+ email: "email";
415
+ name: "name";
416
+ }>>;
417
+ searchOperator: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
418
+ contains: "contains";
419
+ starts_with: "starts_with";
420
+ ends_with: "ends_with";
421
+ }>>;
422
+ limit: import("better-auth").ZodOptional<import("better-auth").ZodUnion<[import("better-auth").ZodString, import("better-auth").ZodNumber]>>;
423
+ offset: import("better-auth").ZodOptional<import("better-auth").ZodUnion<[import("better-auth").ZodString, import("better-auth").ZodNumber]>>;
424
+ sortBy: import("better-auth").ZodOptional<import("better-auth").ZodString>;
425
+ sortDirection: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
426
+ asc: "asc";
427
+ desc: "desc";
428
+ }>>;
429
+ filterField: import("better-auth").ZodOptional<import("better-auth").ZodString>;
430
+ filterValue: import("better-auth").ZodOptional<import("better-auth").ZodUnion<[import("better-auth").ZodUnion<[import("better-auth").ZodUnion<[import("better-auth").ZodUnion<[import("better-auth").ZodString, import("better-auth").ZodNumber]>, import("better-auth").ZodBoolean]>, import("better-auth").ZodArray<import("better-auth").ZodString>]>, import("better-auth").ZodArray<import("better-auth").ZodNumber>]>>;
431
+ filterOperator: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
432
+ eq: "eq";
433
+ ne: "ne";
434
+ gt: "gt";
435
+ gte: "gte";
436
+ lt: "lt";
437
+ lte: "lte";
438
+ in: "in";
439
+ not_in: "not_in";
440
+ contains: "contains";
441
+ starts_with: "starts_with";
442
+ ends_with: "ends_with";
443
+ }>>;
444
+ }, import("zod/v4/core").$strip>;
445
+ metadata: {
446
+ openapi: {
447
+ operationId: string;
448
+ summary: string;
449
+ description: string;
450
+ responses: {
451
+ 200: {
452
+ description: string;
453
+ content: {
454
+ "application/json": {
455
+ schema: {
456
+ type: "object";
457
+ properties: {
458
+ users: {
459
+ type: string;
460
+ items: {
461
+ $ref: string;
462
+ };
463
+ };
464
+ total: {
465
+ type: string;
466
+ };
467
+ limit: {
468
+ type: string;
469
+ };
470
+ offset: {
471
+ type: string;
472
+ };
473
+ };
474
+ required: string[];
475
+ };
476
+ };
477
+ };
478
+ };
479
+ };
480
+ };
481
+ };
482
+ }, {
483
+ users: import("better-auth/plugins").UserWithRole[];
484
+ total: number;
485
+ }>;
486
+ listUserSessions: import("better-auth").StrictEndpoint<"/admin/list-user-sessions", {
487
+ method: "POST";
488
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
489
+ session: {
490
+ user: import("better-auth/plugins").UserWithRole;
491
+ session: {
492
+ id: string;
493
+ createdAt: Date;
494
+ updatedAt: Date;
495
+ userId: string;
496
+ expiresAt: Date;
497
+ token: string;
498
+ ipAddress?: string | null | undefined;
499
+ userAgent?: string | null | undefined;
500
+ };
501
+ };
502
+ }>)[];
503
+ body: import("better-auth").ZodObject<{
504
+ userId: import("better-auth").ZodCoercedString<unknown>;
505
+ }, import("zod/v4/core").$strip>;
506
+ metadata: {
507
+ openapi: {
508
+ operationId: string;
509
+ summary: string;
510
+ description: string;
511
+ responses: {
512
+ 200: {
513
+ description: string;
514
+ content: {
515
+ "application/json": {
516
+ schema: {
517
+ type: "object";
518
+ properties: {
519
+ sessions: {
520
+ type: string;
521
+ items: {
522
+ $ref: string;
523
+ };
524
+ };
525
+ };
526
+ };
527
+ };
528
+ };
529
+ };
530
+ };
531
+ };
532
+ };
533
+ }, {
534
+ sessions: import("better-auth/plugins").SessionWithImpersonatedBy[];
535
+ }>;
536
+ unbanUser: import("better-auth").StrictEndpoint<"/admin/unban-user", {
537
+ method: "POST";
538
+ body: import("better-auth").ZodObject<{
539
+ userId: import("better-auth").ZodCoercedString<unknown>;
540
+ }, import("zod/v4/core").$strip>;
541
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
542
+ session: {
543
+ user: import("better-auth/plugins").UserWithRole;
544
+ session: {
545
+ id: string;
546
+ createdAt: Date;
547
+ updatedAt: Date;
548
+ userId: string;
549
+ expiresAt: Date;
550
+ token: string;
551
+ ipAddress?: string | null | undefined;
552
+ userAgent?: string | null | undefined;
553
+ };
554
+ };
555
+ }>)[];
556
+ metadata: {
557
+ openapi: {
558
+ operationId: string;
559
+ summary: string;
560
+ description: string;
561
+ responses: {
562
+ 200: {
563
+ description: string;
564
+ content: {
565
+ "application/json": {
566
+ schema: {
567
+ type: "object";
568
+ properties: {
569
+ user: {
570
+ $ref: string;
571
+ };
572
+ };
573
+ };
574
+ };
575
+ };
576
+ };
577
+ };
578
+ };
579
+ };
580
+ }, {
581
+ user: import("better-auth/plugins").UserWithRole;
582
+ }>;
583
+ banUser: import("better-auth").StrictEndpoint<"/admin/ban-user", {
584
+ method: "POST";
585
+ body: import("better-auth").ZodObject<{
586
+ userId: import("better-auth").ZodCoercedString<unknown>;
587
+ banReason: import("better-auth").ZodOptional<import("better-auth").ZodString>;
588
+ banExpiresIn: import("better-auth").ZodOptional<import("better-auth").ZodNumber>;
589
+ }, import("zod/v4/core").$strip>;
590
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
591
+ session: {
592
+ user: import("better-auth/plugins").UserWithRole;
593
+ session: {
594
+ id: string;
595
+ createdAt: Date;
596
+ updatedAt: Date;
597
+ userId: string;
598
+ expiresAt: Date;
599
+ token: string;
600
+ ipAddress?: string | null | undefined;
601
+ userAgent?: string | null | undefined;
602
+ };
603
+ };
604
+ }>)[];
605
+ metadata: {
606
+ openapi: {
607
+ operationId: string;
608
+ summary: string;
609
+ description: string;
610
+ responses: {
611
+ 200: {
612
+ description: string;
613
+ content: {
614
+ "application/json": {
615
+ schema: {
616
+ type: "object";
617
+ properties: {
618
+ user: {
619
+ $ref: string;
620
+ };
621
+ };
622
+ };
623
+ };
624
+ };
625
+ };
626
+ };
627
+ };
628
+ };
629
+ }, {
630
+ user: import("better-auth/plugins").UserWithRole;
631
+ }>;
632
+ impersonateUser: import("better-auth").StrictEndpoint<"/admin/impersonate-user", {
633
+ method: "POST";
634
+ body: import("better-auth").ZodObject<{
635
+ userId: import("better-auth").ZodCoercedString<unknown>;
636
+ }, import("zod/v4/core").$strip>;
637
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
638
+ session: {
639
+ user: import("better-auth/plugins").UserWithRole;
640
+ session: {
641
+ id: string;
642
+ createdAt: Date;
643
+ updatedAt: Date;
644
+ userId: string;
645
+ expiresAt: Date;
646
+ token: string;
647
+ ipAddress?: string | null | undefined;
648
+ userAgent?: string | null | undefined;
649
+ };
650
+ };
651
+ }>)[];
652
+ metadata: {
653
+ openapi: {
654
+ operationId: string;
655
+ summary: string;
656
+ description: string;
657
+ responses: {
658
+ 200: {
659
+ description: string;
660
+ content: {
661
+ "application/json": {
662
+ schema: {
663
+ type: "object";
664
+ properties: {
665
+ session: {
666
+ $ref: string;
667
+ };
668
+ user: {
669
+ $ref: string;
670
+ };
671
+ };
672
+ };
673
+ };
674
+ };
675
+ };
676
+ };
677
+ };
678
+ };
679
+ }, {
680
+ session: {
681
+ id: string;
682
+ createdAt: Date;
683
+ updatedAt: Date;
684
+ userId: string;
685
+ expiresAt: Date;
686
+ token: string;
687
+ ipAddress?: string | null | undefined;
688
+ userAgent?: string | null | undefined;
689
+ };
690
+ user: import("better-auth/plugins").UserWithRole;
691
+ }>;
692
+ stopImpersonating: import("better-auth").StrictEndpoint<"/admin/stop-impersonating", {
693
+ method: "POST";
694
+ requireHeaders: true;
695
+ }, {
696
+ session: {
697
+ id: string;
698
+ createdAt: Date;
699
+ updatedAt: Date;
700
+ userId: string;
701
+ expiresAt: Date;
702
+ token: string;
703
+ ipAddress?: string | null | undefined;
704
+ userAgent?: string | null | undefined;
705
+ } & Record<string, any>;
706
+ user: {
707
+ id: string;
708
+ createdAt: Date;
709
+ updatedAt: Date;
710
+ email: string;
711
+ emailVerified: boolean;
712
+ name: string;
713
+ image?: string | null | undefined;
714
+ } & Record<string, any>;
715
+ }>;
716
+ revokeUserSession: import("better-auth").StrictEndpoint<"/admin/revoke-user-session", {
717
+ method: "POST";
718
+ body: import("better-auth").ZodObject<{
719
+ sessionToken: import("better-auth").ZodString;
720
+ }, import("zod/v4/core").$strip>;
721
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
722
+ session: {
723
+ user: import("better-auth/plugins").UserWithRole;
724
+ session: {
725
+ id: string;
726
+ createdAt: Date;
727
+ updatedAt: Date;
728
+ userId: string;
729
+ expiresAt: Date;
730
+ token: string;
731
+ ipAddress?: string | null | undefined;
732
+ userAgent?: string | null | undefined;
733
+ };
734
+ };
735
+ }>)[];
736
+ metadata: {
737
+ openapi: {
738
+ operationId: string;
739
+ summary: string;
740
+ description: string;
741
+ responses: {
742
+ 200: {
743
+ description: string;
744
+ content: {
745
+ "application/json": {
746
+ schema: {
747
+ type: "object";
748
+ properties: {
749
+ success: {
750
+ type: string;
751
+ };
752
+ };
753
+ };
754
+ };
755
+ };
756
+ };
757
+ };
758
+ };
759
+ };
760
+ }, {
761
+ success: boolean;
762
+ }>;
763
+ revokeUserSessions: import("better-auth").StrictEndpoint<"/admin/revoke-user-sessions", {
764
+ method: "POST";
765
+ body: import("better-auth").ZodObject<{
766
+ userId: import("better-auth").ZodCoercedString<unknown>;
767
+ }, import("zod/v4/core").$strip>;
768
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
769
+ session: {
770
+ user: import("better-auth/plugins").UserWithRole;
771
+ session: {
772
+ id: string;
773
+ createdAt: Date;
774
+ updatedAt: Date;
775
+ userId: string;
776
+ expiresAt: Date;
777
+ token: string;
778
+ ipAddress?: string | null | undefined;
779
+ userAgent?: string | null | undefined;
780
+ };
781
+ };
782
+ }>)[];
783
+ metadata: {
784
+ openapi: {
785
+ operationId: string;
786
+ summary: string;
787
+ description: string;
788
+ responses: {
789
+ 200: {
790
+ description: string;
791
+ content: {
792
+ "application/json": {
793
+ schema: {
794
+ type: "object";
795
+ properties: {
796
+ success: {
797
+ type: string;
798
+ };
799
+ };
800
+ };
801
+ };
802
+ };
803
+ };
804
+ };
805
+ };
806
+ };
807
+ }, {
808
+ success: boolean;
809
+ }>;
810
+ removeUser: import("better-auth").StrictEndpoint<"/admin/remove-user", {
811
+ method: "POST";
812
+ body: import("better-auth").ZodObject<{
813
+ userId: import("better-auth").ZodCoercedString<unknown>;
814
+ }, import("zod/v4/core").$strip>;
815
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
816
+ session: {
817
+ user: import("better-auth/plugins").UserWithRole;
818
+ session: {
819
+ id: string;
820
+ createdAt: Date;
821
+ updatedAt: Date;
822
+ userId: string;
823
+ expiresAt: Date;
824
+ token: string;
825
+ ipAddress?: string | null | undefined;
826
+ userAgent?: string | null | undefined;
827
+ };
828
+ };
829
+ }>)[];
830
+ metadata: {
831
+ openapi: {
832
+ operationId: string;
833
+ summary: string;
834
+ description: string;
835
+ responses: {
836
+ 200: {
837
+ description: string;
838
+ content: {
839
+ "application/json": {
840
+ schema: {
841
+ type: "object";
842
+ properties: {
843
+ success: {
844
+ type: string;
845
+ };
846
+ };
847
+ };
848
+ };
849
+ };
850
+ };
851
+ };
852
+ };
853
+ };
854
+ }, {
855
+ success: boolean;
856
+ }>;
857
+ setUserPassword: import("better-auth").StrictEndpoint<"/admin/set-user-password", {
858
+ method: "POST";
859
+ body: import("better-auth").ZodObject<{
860
+ newPassword: import("better-auth").ZodString;
861
+ userId: import("better-auth").ZodCoercedString<unknown>;
862
+ }, import("zod/v4/core").$strip>;
863
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
864
+ session: {
865
+ user: import("better-auth/plugins").UserWithRole;
866
+ session: {
867
+ id: string;
868
+ createdAt: Date;
869
+ updatedAt: Date;
870
+ userId: string;
871
+ expiresAt: Date;
872
+ token: string;
873
+ ipAddress?: string | null | undefined;
874
+ userAgent?: string | null | undefined;
875
+ };
876
+ };
877
+ }>)[];
878
+ metadata: {
879
+ openapi: {
880
+ operationId: string;
881
+ summary: string;
882
+ description: string;
883
+ responses: {
884
+ 200: {
885
+ description: string;
886
+ content: {
887
+ "application/json": {
888
+ schema: {
889
+ type: "object";
890
+ properties: {
891
+ status: {
892
+ type: string;
893
+ };
894
+ };
895
+ };
896
+ };
897
+ };
898
+ };
899
+ };
900
+ };
901
+ };
902
+ }, {
903
+ status: boolean;
904
+ }>;
905
+ userHasPermission: import("better-auth").StrictEndpoint<"/admin/has-permission", {
906
+ method: "POST";
907
+ body: import("better-auth").ZodIntersection<import("better-auth").ZodObject<{
908
+ userId: import("better-auth").ZodOptional<import("better-auth").ZodCoercedString<unknown>>;
909
+ role: import("better-auth").ZodOptional<import("better-auth").ZodString>;
910
+ }, import("zod/v4/core").$strip>, import("better-auth").ZodXor<readonly [import("better-auth").ZodObject<{
911
+ permission: import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>>;
912
+ }, import("zod/v4/core").$strip>, import("better-auth").ZodObject<{
913
+ permissions: import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>>;
914
+ }, import("zod/v4/core").$strip>]>>;
915
+ metadata: {
916
+ openapi: {
917
+ description: string;
918
+ requestBody: {
919
+ content: {
920
+ "application/json": {
921
+ schema: {
922
+ type: "object";
923
+ properties: {
924
+ permissions: {
925
+ type: string;
926
+ description: string;
927
+ };
928
+ };
929
+ required: string[];
930
+ };
931
+ };
932
+ };
933
+ };
934
+ responses: {
935
+ "200": {
936
+ description: string;
937
+ content: {
938
+ "application/json": {
939
+ schema: {
940
+ type: "object";
941
+ properties: {
942
+ error: {
943
+ type: string;
944
+ };
945
+ success: {
946
+ type: string;
947
+ };
948
+ };
949
+ required: string[];
950
+ };
951
+ };
952
+ };
953
+ };
954
+ };
955
+ };
956
+ $Infer: {
957
+ body: {
958
+ permissions: {
959
+ readonly user?: ("delete" | "list" | "create" | "set-role" | "ban" | "impersonate" | "impersonate-admins" | "set-password" | "get" | "update")[] | undefined;
960
+ readonly session?: ("delete" | "list" | "revoke")[] | undefined;
961
+ };
962
+ } & {
963
+ userId?: string | undefined;
964
+ role?: "owner" | "editor" | undefined;
965
+ };
966
+ };
967
+ };
968
+ }, {
969
+ error: null;
970
+ success: boolean;
971
+ }>;
972
+ };
973
+ $ERROR_CODES: {
974
+ USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: import("better-auth").RawError<"USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL">;
975
+ FAILED_TO_CREATE_USER: import("better-auth").RawError<"FAILED_TO_CREATE_USER">;
976
+ USER_ALREADY_EXISTS: import("better-auth").RawError<"USER_ALREADY_EXISTS">;
977
+ YOU_CANNOT_BAN_YOURSELF: import("better-auth").RawError<"YOU_CANNOT_BAN_YOURSELF">;
978
+ YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE">;
979
+ YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS">;
980
+ YOU_ARE_NOT_ALLOWED_TO_LIST_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_LIST_USERS">;
981
+ YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS">;
982
+ YOU_ARE_NOT_ALLOWED_TO_BAN_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_BAN_USERS">;
983
+ YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS">;
984
+ YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS">;
985
+ YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS">;
986
+ YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD">;
987
+ BANNED_USER: import("better-auth").RawError<"BANNED_USER">;
988
+ YOU_ARE_NOT_ALLOWED_TO_GET_USER: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_GET_USER">;
989
+ NO_DATA_TO_UPDATE: import("better-auth").RawError<"NO_DATA_TO_UPDATE">;
990
+ YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS">;
991
+ YOU_CANNOT_REMOVE_YOURSELF: import("better-auth").RawError<"YOU_CANNOT_REMOVE_YOURSELF">;
992
+ YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE">;
993
+ YOU_CANNOT_IMPERSONATE_ADMINS: import("better-auth").RawError<"YOU_CANNOT_IMPERSONATE_ADMINS">;
994
+ INVALID_ROLE_TYPE: import("better-auth").RawError<"INVALID_ROLE_TYPE">;
995
+ };
996
+ schema: {
997
+ user: {
998
+ fields: {
999
+ role: {
1000
+ type: "string";
1001
+ required: false;
1002
+ input: false;
1003
+ };
1004
+ banned: {
1005
+ type: "boolean";
1006
+ defaultValue: false;
1007
+ required: false;
1008
+ input: false;
1009
+ };
1010
+ banReason: {
1011
+ type: "string";
1012
+ required: false;
1013
+ input: false;
1014
+ };
1015
+ banExpires: {
1016
+ type: "date";
1017
+ required: false;
1018
+ input: false;
1019
+ };
1020
+ };
1021
+ };
1022
+ session: {
1023
+ fields: {
1024
+ impersonatedBy: {
1025
+ type: "string";
1026
+ required: false;
1027
+ };
1028
+ };
1029
+ };
1030
+ };
1031
+ options: NoInfer<{
1032
+ ac: {
1033
+ newRole<const TRoleStatements extends import("better-auth/plugins").Statements>(statements: import("better-auth/plugins").RoleInput<{
1034
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
1035
+ readonly session: readonly ["list", "revoke", "delete"];
1036
+ }, TRoleStatements>): import("better-auth/plugins").Role<import("better-auth/plugins").ExactRoleStatements<TRoleStatements>, {
1037
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
1038
+ readonly session: readonly ["list", "revoke", "delete"];
1039
+ }>;
1040
+ statements: {
1041
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
1042
+ readonly session: readonly ["list", "revoke", "delete"];
1043
+ };
1044
+ };
1045
+ roles: {
1046
+ owner: import("better-auth/plugins").Role<import("better-auth/plugins").ExactRoleStatements<{
1047
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
1048
+ readonly session: readonly ["list", "revoke", "delete"];
1049
+ }>, {
1050
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
1051
+ readonly session: readonly ["list", "revoke", "delete"];
1052
+ }>;
1053
+ editor: import("better-auth/plugins").Role<import("better-auth/plugins").ExactRoleStatements<{}>, {
1054
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
1055
+ readonly session: readonly ["list", "revoke", "delete"];
1056
+ }>;
1057
+ };
1058
+ defaultRole: string;
1059
+ adminRoles: string[];
1060
+ }>;
1061
+ }];
1062
+ }>;
1063
+ /**
1064
+ * Build the per-request better-auth instance over the site's D1 binding. The magic-link email
1065
+ * points at OUR confirm page carrying only the token; consumption happens when the user clicks
1066
+ * "Confirm sign-in" there (a POST), never on a scanner GET (C2 / POST-confirm). The origin is
1067
+ * config-derived (`PUBLIC_ORIGIN`/`BETTER_AUTH_URL`), never request-derived (H3).
1068
+ */
1069
+ export declare function createAuth(env: AuthEnv, branding: AuthBranding): import("better-auth").Auth<{
1070
+ appName: string;
1071
+ secret: string | undefined;
1072
+ baseURL: string;
1073
+ trustedOrigins: string[];
1074
+ database: import("better-auth/adapters/drizzle").DB;
1075
+ plugins: [{
1076
+ id: "magic-link";
1077
+ version: string;
1078
+ endpoints: {
1079
+ signInMagicLink: import("better-auth").StrictEndpoint<"/sign-in/magic-link", {
1080
+ method: "POST";
1081
+ requireHeaders: true;
1082
+ body: import("better-auth").ZodObject<{
1083
+ email: import("better-auth").ZodEmail;
1084
+ name: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1085
+ callbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1086
+ newUserCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1087
+ errorCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1088
+ metadata: import("better-auth").ZodOptional<import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodAny>>;
1089
+ }, import("zod/v4/core").$strip>;
1090
+ metadata: {
1091
+ openapi: {
1092
+ operationId: string;
1093
+ description: string;
1094
+ responses: {
1095
+ 200: {
1096
+ description: string;
1097
+ content: {
1098
+ "application/json": {
1099
+ schema: {
1100
+ type: "object";
1101
+ properties: {
1102
+ status: {
1103
+ type: string;
1104
+ };
1105
+ };
1106
+ };
1107
+ };
1108
+ };
1109
+ };
1110
+ };
1111
+ };
1112
+ };
1113
+ }, {
1114
+ status: boolean;
1115
+ }>;
1116
+ magicLinkVerify: import("better-auth").StrictEndpoint<"/magic-link/verify", {
1117
+ method: "GET";
1118
+ query: import("better-auth").ZodObject<{
1119
+ token: import("better-auth").ZodString;
1120
+ callbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1121
+ errorCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1122
+ newUserCallbackURL: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1123
+ }, import("zod/v4/core").$strip>;
1124
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<void>)[];
1125
+ requireHeaders: true;
1126
+ metadata: {
1127
+ openapi: {
1128
+ operationId: string;
1129
+ description: string;
1130
+ responses: {
1131
+ 200: {
1132
+ description: string;
1133
+ content: {
1134
+ "application/json": {
1135
+ schema: {
1136
+ type: "object";
1137
+ properties: {
1138
+ session: {
1139
+ $ref: string;
1140
+ };
1141
+ user: {
1142
+ $ref: string;
1143
+ };
1144
+ };
1145
+ };
1146
+ };
1147
+ };
1148
+ };
1149
+ };
1150
+ };
1151
+ };
1152
+ }, {
1153
+ token: string;
1154
+ user: {
1155
+ id: string;
1156
+ createdAt: Date;
1157
+ updatedAt: Date;
1158
+ email: string;
1159
+ emailVerified: boolean;
1160
+ name: string;
1161
+ image?: string | null | undefined;
1162
+ };
1163
+ session: {
1164
+ id: string;
1165
+ createdAt: Date;
1166
+ updatedAt: Date;
1167
+ userId: string;
1168
+ expiresAt: Date;
1169
+ token: string;
1170
+ ipAddress?: string | null | undefined;
1171
+ userAgent?: string | null | undefined;
1172
+ };
1173
+ }>;
1174
+ };
1175
+ rateLimit: {
1176
+ pathMatcher(path: string): boolean;
1177
+ window: number;
1178
+ max: number;
1179
+ }[];
1180
+ options: import("better-auth/plugins").MagicLinkOptions;
1181
+ }, {
1182
+ id: "admin";
1183
+ version: string;
1184
+ init(): {
1185
+ options: {
1186
+ databaseHooks: {
1187
+ user: {
1188
+ create: {
1189
+ before(user: {
1190
+ id: string;
1191
+ createdAt: Date;
1192
+ updatedAt: Date;
1193
+ email: string;
1194
+ emailVerified: boolean;
1195
+ name: string;
1196
+ image?: string | null | undefined;
1197
+ } & Record<string, unknown>): Promise<{
1198
+ data: {
1199
+ id: string;
1200
+ createdAt: Date;
1201
+ updatedAt: Date;
1202
+ email: string;
1203
+ emailVerified: boolean;
1204
+ name: string;
1205
+ image?: string | null | undefined;
1206
+ role: string;
1207
+ };
1208
+ }>;
1209
+ };
1210
+ };
1211
+ session: {
1212
+ create: {
1213
+ before(session: {
1214
+ id: string;
1215
+ createdAt: Date;
1216
+ updatedAt: Date;
1217
+ userId: string;
1218
+ expiresAt: Date;
1219
+ token: string;
1220
+ ipAddress?: string | null | undefined;
1221
+ userAgent?: string | null | undefined;
1222
+ } & Record<string, unknown>, ctx: import("better-auth").GenericEndpointContext | null): Promise<void>;
1223
+ };
1224
+ };
1225
+ };
1226
+ };
1227
+ };
1228
+ hooks: {
1229
+ after: {
1230
+ matcher(context: import("better-auth").HookEndpointContext): boolean;
1231
+ handler: (inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<import("better-auth/plugins").SessionWithImpersonatedBy[] | undefined>;
1232
+ }[];
1233
+ };
1234
+ endpoints: {
1235
+ setRole: import("better-auth").StrictEndpoint<"/admin/set-role", {
1236
+ method: "POST";
1237
+ body: import("better-auth").ZodObject<{
1238
+ userId: import("better-auth").ZodCoercedString<unknown>;
1239
+ role: import("better-auth").ZodUnion<readonly [import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>]>;
1240
+ }, import("zod/v4/core").$strip>;
1241
+ requireHeaders: true;
1242
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1243
+ session: {
1244
+ user: import("better-auth/plugins").UserWithRole;
1245
+ session: {
1246
+ id: string;
1247
+ createdAt: Date;
1248
+ updatedAt: Date;
1249
+ userId: string;
1250
+ expiresAt: Date;
1251
+ token: string;
1252
+ ipAddress?: string | null | undefined;
1253
+ userAgent?: string | null | undefined;
1254
+ };
1255
+ };
1256
+ }>)[];
1257
+ metadata: {
1258
+ openapi: {
1259
+ operationId: string;
1260
+ summary: string;
1261
+ description: string;
1262
+ responses: {
1263
+ 200: {
1264
+ description: string;
1265
+ content: {
1266
+ "application/json": {
1267
+ schema: {
1268
+ type: "object";
1269
+ properties: {
1270
+ user: {
1271
+ $ref: string;
1272
+ };
1273
+ };
1274
+ };
1275
+ };
1276
+ };
1277
+ };
1278
+ };
1279
+ };
1280
+ $Infer: {
1281
+ body: {
1282
+ userId: string;
1283
+ role: "owner" | "editor" | ("owner" | "editor")[];
1284
+ };
1285
+ };
1286
+ };
1287
+ }, {
1288
+ user: import("better-auth/plugins").UserWithRole;
1289
+ }>;
1290
+ getUser: import("better-auth").StrictEndpoint<"/admin/get-user", {
1291
+ method: "GET";
1292
+ query: import("better-auth").ZodObject<{
1293
+ id: import("better-auth").ZodString;
1294
+ }, import("zod/v4/core").$strip>;
1295
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1296
+ session: {
1297
+ user: import("better-auth/plugins").UserWithRole;
1298
+ session: {
1299
+ id: string;
1300
+ createdAt: Date;
1301
+ updatedAt: Date;
1302
+ userId: string;
1303
+ expiresAt: Date;
1304
+ token: string;
1305
+ ipAddress?: string | null | undefined;
1306
+ userAgent?: string | null | undefined;
1307
+ };
1308
+ };
1309
+ }>)[];
1310
+ metadata: {
1311
+ openapi: {
1312
+ operationId: string;
1313
+ summary: string;
1314
+ description: string;
1315
+ responses: {
1316
+ 200: {
1317
+ description: string;
1318
+ content: {
1319
+ "application/json": {
1320
+ schema: {
1321
+ type: "object";
1322
+ properties: {
1323
+ user: {
1324
+ $ref: string;
1325
+ };
1326
+ };
1327
+ };
1328
+ };
1329
+ };
1330
+ };
1331
+ };
1332
+ };
1333
+ };
1334
+ }, import("better-auth/plugins").UserWithRole>;
1335
+ createUser: import("better-auth").StrictEndpoint<"/admin/create-user", {
1336
+ method: "POST";
1337
+ body: import("better-auth").ZodObject<{
1338
+ email: import("better-auth").ZodString;
1339
+ password: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1340
+ name: import("better-auth").ZodString;
1341
+ role: import("better-auth").ZodOptional<import("better-auth").ZodUnion<readonly [import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>]>>;
1342
+ data: import("better-auth").ZodOptional<import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodAny>>;
1343
+ }, import("zod/v4/core").$strip>;
1344
+ metadata: {
1345
+ openapi: {
1346
+ operationId: string;
1347
+ summary: string;
1348
+ description: string;
1349
+ responses: {
1350
+ 200: {
1351
+ description: string;
1352
+ content: {
1353
+ "application/json": {
1354
+ schema: {
1355
+ type: "object";
1356
+ properties: {
1357
+ user: {
1358
+ $ref: string;
1359
+ };
1360
+ };
1361
+ };
1362
+ };
1363
+ };
1364
+ };
1365
+ };
1366
+ };
1367
+ $Infer: {
1368
+ body: {
1369
+ email: string;
1370
+ password?: string | undefined;
1371
+ name: string;
1372
+ role?: "owner" | "editor" | ("owner" | "editor")[] | undefined;
1373
+ data?: Record<string, any> | undefined;
1374
+ };
1375
+ };
1376
+ };
1377
+ }, {
1378
+ user: import("better-auth/plugins").UserWithRole;
1379
+ }>;
1380
+ adminUpdateUser: import("better-auth").StrictEndpoint<"/admin/update-user", {
1381
+ method: "POST";
1382
+ body: import("better-auth").ZodObject<{
1383
+ userId: import("better-auth").ZodCoercedString<unknown>;
1384
+ data: import("better-auth").ZodRecord<import("better-auth").ZodAny, import("better-auth").ZodAny>;
1385
+ }, import("zod/v4/core").$strip>;
1386
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1387
+ session: {
1388
+ user: import("better-auth/plugins").UserWithRole;
1389
+ session: {
1390
+ id: string;
1391
+ createdAt: Date;
1392
+ updatedAt: Date;
1393
+ userId: string;
1394
+ expiresAt: Date;
1395
+ token: string;
1396
+ ipAddress?: string | null | undefined;
1397
+ userAgent?: string | null | undefined;
1398
+ };
1399
+ };
1400
+ }>)[];
1401
+ metadata: {
1402
+ openapi: {
1403
+ operationId: string;
1404
+ summary: string;
1405
+ description: string;
1406
+ responses: {
1407
+ 200: {
1408
+ description: string;
1409
+ content: {
1410
+ "application/json": {
1411
+ schema: {
1412
+ type: "object";
1413
+ properties: {
1414
+ user: {
1415
+ $ref: string;
1416
+ };
1417
+ };
1418
+ };
1419
+ };
1420
+ };
1421
+ };
1422
+ };
1423
+ };
1424
+ };
1425
+ }, import("better-auth/plugins").UserWithRole>;
1426
+ listUsers: import("better-auth").StrictEndpoint<"/admin/list-users", {
1427
+ method: "GET";
1428
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1429
+ session: {
1430
+ user: import("better-auth/plugins").UserWithRole;
1431
+ session: {
1432
+ id: string;
1433
+ createdAt: Date;
1434
+ updatedAt: Date;
1435
+ userId: string;
1436
+ expiresAt: Date;
1437
+ token: string;
1438
+ ipAddress?: string | null | undefined;
1439
+ userAgent?: string | null | undefined;
1440
+ };
1441
+ };
1442
+ }>)[];
1443
+ query: import("better-auth").ZodObject<{
1444
+ searchValue: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1445
+ searchField: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
1446
+ email: "email";
1447
+ name: "name";
1448
+ }>>;
1449
+ searchOperator: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
1450
+ contains: "contains";
1451
+ starts_with: "starts_with";
1452
+ ends_with: "ends_with";
1453
+ }>>;
1454
+ limit: import("better-auth").ZodOptional<import("better-auth").ZodUnion<[import("better-auth").ZodString, import("better-auth").ZodNumber]>>;
1455
+ offset: import("better-auth").ZodOptional<import("better-auth").ZodUnion<[import("better-auth").ZodString, import("better-auth").ZodNumber]>>;
1456
+ sortBy: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1457
+ sortDirection: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
1458
+ asc: "asc";
1459
+ desc: "desc";
1460
+ }>>;
1461
+ filterField: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1462
+ filterValue: import("better-auth").ZodOptional<import("better-auth").ZodUnion<[import("better-auth").ZodUnion<[import("better-auth").ZodUnion<[import("better-auth").ZodUnion<[import("better-auth").ZodString, import("better-auth").ZodNumber]>, import("better-auth").ZodBoolean]>, import("better-auth").ZodArray<import("better-auth").ZodString>]>, import("better-auth").ZodArray<import("better-auth").ZodNumber>]>>;
1463
+ filterOperator: import("better-auth").ZodOptional<import("better-auth").ZodEnum<{
1464
+ eq: "eq";
1465
+ ne: "ne";
1466
+ gt: "gt";
1467
+ gte: "gte";
1468
+ lt: "lt";
1469
+ lte: "lte";
1470
+ in: "in";
1471
+ not_in: "not_in";
1472
+ contains: "contains";
1473
+ starts_with: "starts_with";
1474
+ ends_with: "ends_with";
1475
+ }>>;
1476
+ }, import("zod/v4/core").$strip>;
1477
+ metadata: {
1478
+ openapi: {
1479
+ operationId: string;
1480
+ summary: string;
1481
+ description: string;
1482
+ responses: {
1483
+ 200: {
1484
+ description: string;
1485
+ content: {
1486
+ "application/json": {
1487
+ schema: {
1488
+ type: "object";
1489
+ properties: {
1490
+ users: {
1491
+ type: string;
1492
+ items: {
1493
+ $ref: string;
1494
+ };
1495
+ };
1496
+ total: {
1497
+ type: string;
1498
+ };
1499
+ limit: {
1500
+ type: string;
1501
+ };
1502
+ offset: {
1503
+ type: string;
1504
+ };
1505
+ };
1506
+ required: string[];
1507
+ };
1508
+ };
1509
+ };
1510
+ };
1511
+ };
1512
+ };
1513
+ };
1514
+ }, {
1515
+ users: import("better-auth/plugins").UserWithRole[];
1516
+ total: number;
1517
+ }>;
1518
+ listUserSessions: import("better-auth").StrictEndpoint<"/admin/list-user-sessions", {
1519
+ method: "POST";
1520
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1521
+ session: {
1522
+ user: import("better-auth/plugins").UserWithRole;
1523
+ session: {
1524
+ id: string;
1525
+ createdAt: Date;
1526
+ updatedAt: Date;
1527
+ userId: string;
1528
+ expiresAt: Date;
1529
+ token: string;
1530
+ ipAddress?: string | null | undefined;
1531
+ userAgent?: string | null | undefined;
1532
+ };
1533
+ };
1534
+ }>)[];
1535
+ body: import("better-auth").ZodObject<{
1536
+ userId: import("better-auth").ZodCoercedString<unknown>;
1537
+ }, import("zod/v4/core").$strip>;
1538
+ metadata: {
1539
+ openapi: {
1540
+ operationId: string;
1541
+ summary: string;
1542
+ description: string;
1543
+ responses: {
1544
+ 200: {
1545
+ description: string;
1546
+ content: {
1547
+ "application/json": {
1548
+ schema: {
1549
+ type: "object";
1550
+ properties: {
1551
+ sessions: {
1552
+ type: string;
1553
+ items: {
1554
+ $ref: string;
1555
+ };
1556
+ };
1557
+ };
1558
+ };
1559
+ };
1560
+ };
1561
+ };
1562
+ };
1563
+ };
1564
+ };
1565
+ }, {
1566
+ sessions: import("better-auth/plugins").SessionWithImpersonatedBy[];
1567
+ }>;
1568
+ unbanUser: import("better-auth").StrictEndpoint<"/admin/unban-user", {
1569
+ method: "POST";
1570
+ body: import("better-auth").ZodObject<{
1571
+ userId: import("better-auth").ZodCoercedString<unknown>;
1572
+ }, import("zod/v4/core").$strip>;
1573
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1574
+ session: {
1575
+ user: import("better-auth/plugins").UserWithRole;
1576
+ session: {
1577
+ id: string;
1578
+ createdAt: Date;
1579
+ updatedAt: Date;
1580
+ userId: string;
1581
+ expiresAt: Date;
1582
+ token: string;
1583
+ ipAddress?: string | null | undefined;
1584
+ userAgent?: string | null | undefined;
1585
+ };
1586
+ };
1587
+ }>)[];
1588
+ metadata: {
1589
+ openapi: {
1590
+ operationId: string;
1591
+ summary: string;
1592
+ description: string;
1593
+ responses: {
1594
+ 200: {
1595
+ description: string;
1596
+ content: {
1597
+ "application/json": {
1598
+ schema: {
1599
+ type: "object";
1600
+ properties: {
1601
+ user: {
1602
+ $ref: string;
1603
+ };
1604
+ };
1605
+ };
1606
+ };
1607
+ };
1608
+ };
1609
+ };
1610
+ };
1611
+ };
1612
+ }, {
1613
+ user: import("better-auth/plugins").UserWithRole;
1614
+ }>;
1615
+ banUser: import("better-auth").StrictEndpoint<"/admin/ban-user", {
1616
+ method: "POST";
1617
+ body: import("better-auth").ZodObject<{
1618
+ userId: import("better-auth").ZodCoercedString<unknown>;
1619
+ banReason: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1620
+ banExpiresIn: import("better-auth").ZodOptional<import("better-auth").ZodNumber>;
1621
+ }, import("zod/v4/core").$strip>;
1622
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1623
+ session: {
1624
+ user: import("better-auth/plugins").UserWithRole;
1625
+ session: {
1626
+ id: string;
1627
+ createdAt: Date;
1628
+ updatedAt: Date;
1629
+ userId: string;
1630
+ expiresAt: Date;
1631
+ token: string;
1632
+ ipAddress?: string | null | undefined;
1633
+ userAgent?: string | null | undefined;
1634
+ };
1635
+ };
1636
+ }>)[];
1637
+ metadata: {
1638
+ openapi: {
1639
+ operationId: string;
1640
+ summary: string;
1641
+ description: string;
1642
+ responses: {
1643
+ 200: {
1644
+ description: string;
1645
+ content: {
1646
+ "application/json": {
1647
+ schema: {
1648
+ type: "object";
1649
+ properties: {
1650
+ user: {
1651
+ $ref: string;
1652
+ };
1653
+ };
1654
+ };
1655
+ };
1656
+ };
1657
+ };
1658
+ };
1659
+ };
1660
+ };
1661
+ }, {
1662
+ user: import("better-auth/plugins").UserWithRole;
1663
+ }>;
1664
+ impersonateUser: import("better-auth").StrictEndpoint<"/admin/impersonate-user", {
1665
+ method: "POST";
1666
+ body: import("better-auth").ZodObject<{
1667
+ userId: import("better-auth").ZodCoercedString<unknown>;
1668
+ }, import("zod/v4/core").$strip>;
1669
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1670
+ session: {
1671
+ user: import("better-auth/plugins").UserWithRole;
1672
+ session: {
1673
+ id: string;
1674
+ createdAt: Date;
1675
+ updatedAt: Date;
1676
+ userId: string;
1677
+ expiresAt: Date;
1678
+ token: string;
1679
+ ipAddress?: string | null | undefined;
1680
+ userAgent?: string | null | undefined;
1681
+ };
1682
+ };
1683
+ }>)[];
1684
+ metadata: {
1685
+ openapi: {
1686
+ operationId: string;
1687
+ summary: string;
1688
+ description: string;
1689
+ responses: {
1690
+ 200: {
1691
+ description: string;
1692
+ content: {
1693
+ "application/json": {
1694
+ schema: {
1695
+ type: "object";
1696
+ properties: {
1697
+ session: {
1698
+ $ref: string;
1699
+ };
1700
+ user: {
1701
+ $ref: string;
1702
+ };
1703
+ };
1704
+ };
1705
+ };
1706
+ };
1707
+ };
1708
+ };
1709
+ };
1710
+ };
1711
+ }, {
1712
+ session: {
1713
+ id: string;
1714
+ createdAt: Date;
1715
+ updatedAt: Date;
1716
+ userId: string;
1717
+ expiresAt: Date;
1718
+ token: string;
1719
+ ipAddress?: string | null | undefined;
1720
+ userAgent?: string | null | undefined;
1721
+ };
1722
+ user: import("better-auth/plugins").UserWithRole;
1723
+ }>;
1724
+ stopImpersonating: import("better-auth").StrictEndpoint<"/admin/stop-impersonating", {
1725
+ method: "POST";
1726
+ requireHeaders: true;
1727
+ }, {
1728
+ session: {
1729
+ id: string;
1730
+ createdAt: Date;
1731
+ updatedAt: Date;
1732
+ userId: string;
1733
+ expiresAt: Date;
1734
+ token: string;
1735
+ ipAddress?: string | null | undefined;
1736
+ userAgent?: string | null | undefined;
1737
+ } & Record<string, any>;
1738
+ user: {
1739
+ id: string;
1740
+ createdAt: Date;
1741
+ updatedAt: Date;
1742
+ email: string;
1743
+ emailVerified: boolean;
1744
+ name: string;
1745
+ image?: string | null | undefined;
1746
+ } & Record<string, any>;
1747
+ }>;
1748
+ revokeUserSession: import("better-auth").StrictEndpoint<"/admin/revoke-user-session", {
1749
+ method: "POST";
1750
+ body: import("better-auth").ZodObject<{
1751
+ sessionToken: import("better-auth").ZodString;
1752
+ }, import("zod/v4/core").$strip>;
1753
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1754
+ session: {
1755
+ user: import("better-auth/plugins").UserWithRole;
1756
+ session: {
1757
+ id: string;
1758
+ createdAt: Date;
1759
+ updatedAt: Date;
1760
+ userId: string;
1761
+ expiresAt: Date;
1762
+ token: string;
1763
+ ipAddress?: string | null | undefined;
1764
+ userAgent?: string | null | undefined;
1765
+ };
1766
+ };
1767
+ }>)[];
1768
+ metadata: {
1769
+ openapi: {
1770
+ operationId: string;
1771
+ summary: string;
1772
+ description: string;
1773
+ responses: {
1774
+ 200: {
1775
+ description: string;
1776
+ content: {
1777
+ "application/json": {
1778
+ schema: {
1779
+ type: "object";
1780
+ properties: {
1781
+ success: {
1782
+ type: string;
1783
+ };
1784
+ };
1785
+ };
1786
+ };
1787
+ };
1788
+ };
1789
+ };
1790
+ };
1791
+ };
1792
+ }, {
1793
+ success: boolean;
1794
+ }>;
1795
+ revokeUserSessions: import("better-auth").StrictEndpoint<"/admin/revoke-user-sessions", {
1796
+ method: "POST";
1797
+ body: import("better-auth").ZodObject<{
1798
+ userId: import("better-auth").ZodCoercedString<unknown>;
1799
+ }, import("zod/v4/core").$strip>;
1800
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1801
+ session: {
1802
+ user: import("better-auth/plugins").UserWithRole;
1803
+ session: {
1804
+ id: string;
1805
+ createdAt: Date;
1806
+ updatedAt: Date;
1807
+ userId: string;
1808
+ expiresAt: Date;
1809
+ token: string;
1810
+ ipAddress?: string | null | undefined;
1811
+ userAgent?: string | null | undefined;
1812
+ };
1813
+ };
1814
+ }>)[];
1815
+ metadata: {
1816
+ openapi: {
1817
+ operationId: string;
1818
+ summary: string;
1819
+ description: string;
1820
+ responses: {
1821
+ 200: {
1822
+ description: string;
1823
+ content: {
1824
+ "application/json": {
1825
+ schema: {
1826
+ type: "object";
1827
+ properties: {
1828
+ success: {
1829
+ type: string;
1830
+ };
1831
+ };
1832
+ };
1833
+ };
1834
+ };
1835
+ };
1836
+ };
1837
+ };
1838
+ };
1839
+ }, {
1840
+ success: boolean;
1841
+ }>;
1842
+ removeUser: import("better-auth").StrictEndpoint<"/admin/remove-user", {
1843
+ method: "POST";
1844
+ body: import("better-auth").ZodObject<{
1845
+ userId: import("better-auth").ZodCoercedString<unknown>;
1846
+ }, import("zod/v4/core").$strip>;
1847
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1848
+ session: {
1849
+ user: import("better-auth/plugins").UserWithRole;
1850
+ session: {
1851
+ id: string;
1852
+ createdAt: Date;
1853
+ updatedAt: Date;
1854
+ userId: string;
1855
+ expiresAt: Date;
1856
+ token: string;
1857
+ ipAddress?: string | null | undefined;
1858
+ userAgent?: string | null | undefined;
1859
+ };
1860
+ };
1861
+ }>)[];
1862
+ metadata: {
1863
+ openapi: {
1864
+ operationId: string;
1865
+ summary: string;
1866
+ description: string;
1867
+ responses: {
1868
+ 200: {
1869
+ description: string;
1870
+ content: {
1871
+ "application/json": {
1872
+ schema: {
1873
+ type: "object";
1874
+ properties: {
1875
+ success: {
1876
+ type: string;
1877
+ };
1878
+ };
1879
+ };
1880
+ };
1881
+ };
1882
+ };
1883
+ };
1884
+ };
1885
+ };
1886
+ }, {
1887
+ success: boolean;
1888
+ }>;
1889
+ setUserPassword: import("better-auth").StrictEndpoint<"/admin/set-user-password", {
1890
+ method: "POST";
1891
+ body: import("better-auth").ZodObject<{
1892
+ newPassword: import("better-auth").ZodString;
1893
+ userId: import("better-auth").ZodCoercedString<unknown>;
1894
+ }, import("zod/v4/core").$strip>;
1895
+ use: ((inputContext: import("better-auth").MiddlewareInputContext<import("better-auth").MiddlewareOptions>) => Promise<{
1896
+ session: {
1897
+ user: import("better-auth/plugins").UserWithRole;
1898
+ session: {
1899
+ id: string;
1900
+ createdAt: Date;
1901
+ updatedAt: Date;
1902
+ userId: string;
1903
+ expiresAt: Date;
1904
+ token: string;
1905
+ ipAddress?: string | null | undefined;
1906
+ userAgent?: string | null | undefined;
1907
+ };
1908
+ };
1909
+ }>)[];
1910
+ metadata: {
1911
+ openapi: {
1912
+ operationId: string;
1913
+ summary: string;
1914
+ description: string;
1915
+ responses: {
1916
+ 200: {
1917
+ description: string;
1918
+ content: {
1919
+ "application/json": {
1920
+ schema: {
1921
+ type: "object";
1922
+ properties: {
1923
+ status: {
1924
+ type: string;
1925
+ };
1926
+ };
1927
+ };
1928
+ };
1929
+ };
1930
+ };
1931
+ };
1932
+ };
1933
+ };
1934
+ }, {
1935
+ status: boolean;
1936
+ }>;
1937
+ userHasPermission: import("better-auth").StrictEndpoint<"/admin/has-permission", {
1938
+ method: "POST";
1939
+ body: import("better-auth").ZodIntersection<import("better-auth").ZodObject<{
1940
+ userId: import("better-auth").ZodOptional<import("better-auth").ZodCoercedString<unknown>>;
1941
+ role: import("better-auth").ZodOptional<import("better-auth").ZodString>;
1942
+ }, import("zod/v4/core").$strip>, import("better-auth").ZodXor<readonly [import("better-auth").ZodObject<{
1943
+ permission: import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>>;
1944
+ }, import("zod/v4/core").$strip>, import("better-auth").ZodObject<{
1945
+ permissions: import("better-auth").ZodRecord<import("better-auth").ZodString, import("better-auth").ZodArray<import("better-auth").ZodString>>;
1946
+ }, import("zod/v4/core").$strip>]>>;
1947
+ metadata: {
1948
+ openapi: {
1949
+ description: string;
1950
+ requestBody: {
1951
+ content: {
1952
+ "application/json": {
1953
+ schema: {
1954
+ type: "object";
1955
+ properties: {
1956
+ permissions: {
1957
+ type: string;
1958
+ description: string;
1959
+ };
1960
+ };
1961
+ required: string[];
1962
+ };
1963
+ };
1964
+ };
1965
+ };
1966
+ responses: {
1967
+ "200": {
1968
+ description: string;
1969
+ content: {
1970
+ "application/json": {
1971
+ schema: {
1972
+ type: "object";
1973
+ properties: {
1974
+ error: {
1975
+ type: string;
1976
+ };
1977
+ success: {
1978
+ type: string;
1979
+ };
1980
+ };
1981
+ required: string[];
1982
+ };
1983
+ };
1984
+ };
1985
+ };
1986
+ };
1987
+ };
1988
+ $Infer: {
1989
+ body: {
1990
+ permissions: {
1991
+ readonly user?: ("delete" | "list" | "create" | "set-role" | "ban" | "impersonate" | "impersonate-admins" | "set-password" | "get" | "update")[] | undefined;
1992
+ readonly session?: ("delete" | "list" | "revoke")[] | undefined;
1993
+ };
1994
+ } & {
1995
+ userId?: string | undefined;
1996
+ role?: "owner" | "editor" | undefined;
1997
+ };
1998
+ };
1999
+ };
2000
+ }, {
2001
+ error: null;
2002
+ success: boolean;
2003
+ }>;
2004
+ };
2005
+ $ERROR_CODES: {
2006
+ USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: import("better-auth").RawError<"USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL">;
2007
+ FAILED_TO_CREATE_USER: import("better-auth").RawError<"FAILED_TO_CREATE_USER">;
2008
+ USER_ALREADY_EXISTS: import("better-auth").RawError<"USER_ALREADY_EXISTS">;
2009
+ YOU_CANNOT_BAN_YOURSELF: import("better-auth").RawError<"YOU_CANNOT_BAN_YOURSELF">;
2010
+ YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE">;
2011
+ YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS">;
2012
+ YOU_ARE_NOT_ALLOWED_TO_LIST_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_LIST_USERS">;
2013
+ YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS">;
2014
+ YOU_ARE_NOT_ALLOWED_TO_BAN_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_BAN_USERS">;
2015
+ YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS">;
2016
+ YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS">;
2017
+ YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS">;
2018
+ YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD">;
2019
+ BANNED_USER: import("better-auth").RawError<"BANNED_USER">;
2020
+ YOU_ARE_NOT_ALLOWED_TO_GET_USER: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_GET_USER">;
2021
+ NO_DATA_TO_UPDATE: import("better-auth").RawError<"NO_DATA_TO_UPDATE">;
2022
+ YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS">;
2023
+ YOU_CANNOT_REMOVE_YOURSELF: import("better-auth").RawError<"YOU_CANNOT_REMOVE_YOURSELF">;
2024
+ YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE: import("better-auth").RawError<"YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE">;
2025
+ YOU_CANNOT_IMPERSONATE_ADMINS: import("better-auth").RawError<"YOU_CANNOT_IMPERSONATE_ADMINS">;
2026
+ INVALID_ROLE_TYPE: import("better-auth").RawError<"INVALID_ROLE_TYPE">;
2027
+ };
2028
+ schema: {
2029
+ user: {
2030
+ fields: {
2031
+ role: {
2032
+ type: "string";
2033
+ required: false;
2034
+ input: false;
2035
+ };
2036
+ banned: {
2037
+ type: "boolean";
2038
+ defaultValue: false;
2039
+ required: false;
2040
+ input: false;
2041
+ };
2042
+ banReason: {
2043
+ type: "string";
2044
+ required: false;
2045
+ input: false;
2046
+ };
2047
+ banExpires: {
2048
+ type: "date";
2049
+ required: false;
2050
+ input: false;
2051
+ };
2052
+ };
2053
+ };
2054
+ session: {
2055
+ fields: {
2056
+ impersonatedBy: {
2057
+ type: "string";
2058
+ required: false;
2059
+ };
2060
+ };
2061
+ };
2062
+ };
2063
+ options: NoInfer<{
2064
+ ac: {
2065
+ newRole<const TRoleStatements extends import("better-auth/plugins").Statements>(statements: import("better-auth/plugins").RoleInput<{
2066
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
2067
+ readonly session: readonly ["list", "revoke", "delete"];
2068
+ }, TRoleStatements>): import("better-auth/plugins").Role<import("better-auth/plugins").ExactRoleStatements<TRoleStatements>, {
2069
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
2070
+ readonly session: readonly ["list", "revoke", "delete"];
2071
+ }>;
2072
+ statements: {
2073
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
2074
+ readonly session: readonly ["list", "revoke", "delete"];
2075
+ };
2076
+ };
2077
+ roles: {
2078
+ owner: import("better-auth/plugins").Role<import("better-auth/plugins").ExactRoleStatements<{
2079
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
2080
+ readonly session: readonly ["list", "revoke", "delete"];
2081
+ }>, {
2082
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
2083
+ readonly session: readonly ["list", "revoke", "delete"];
2084
+ }>;
2085
+ editor: import("better-auth/plugins").Role<import("better-auth/plugins").ExactRoleStatements<{}>, {
2086
+ readonly user: readonly ["create", "list", "set-role", "ban", "impersonate", "impersonate-admins", "delete", "set-password", "get", "update"];
2087
+ readonly session: readonly ["list", "revoke", "delete"];
2088
+ }>;
2089
+ };
2090
+ defaultRole: string;
2091
+ adminRoles: string[];
2092
+ }>;
2093
+ }];
2094
+ }>;
2095
+ export type Auth = ReturnType<typeof createAuth>;
2096
+ export {};
2097
+ //# sourceMappingURL=config.d.ts.map