@hammadj/better-auth 1.5.0-beta.10

package/dist/crypto/index.mjs

@@ -0,0 +1,38 @@
+import { constantTimeEqual } from "./buffer.mjs";
+import { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT } from "./jwt.mjs";
+import { hashPassword, verifyPassword } from "./password.mjs";
+import { generateRandomString } from "./random.mjs";
+import { getWebcryptoSubtle } from "@better-auth/utils";
+import { createHash } from "@better-auth/utils/hash";
+import { xchacha20poly1305 } from "@noble/ciphers/chacha.js";
+import { bytesToHex, hexToBytes, managedNonce, utf8ToBytes } from "@noble/ciphers/utils.js";
+
+//#region src/crypto/index.ts
+const algorithm = {
+	name: "HMAC",
+	hash: "SHA-256"
+};
+const symmetricEncrypt = async ({ key, data }) => {
+	const keyAsBytes = await createHash("SHA-256").digest(key);
+	const dataAsBytes = utf8ToBytes(data);
+	return bytesToHex(managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes)).encrypt(dataAsBytes));
+};
+const symmetricDecrypt = async ({ key, data }) => {
+	const keyAsBytes = await createHash("SHA-256").digest(key);
+	const dataAsBytes = hexToBytes(data);
+	const chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));
+	return new TextDecoder().decode(chacha.decrypt(dataAsBytes));
+};
+const getCryptoKey = async (secret) => {
+	const secretBuf = typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
+	return await getWebcryptoSubtle().importKey("raw", secretBuf, algorithm, false, ["sign", "verify"]);
+};
+const makeSignature = async (value, secret) => {
+	const key = await getCryptoKey(secret);
+	const signature = await getWebcryptoSubtle().sign(algorithm.name, key, new TextEncoder().encode(value));
+	return btoa(String.fromCharCode(...new Uint8Array(signature)));
+};
+
+//#endregion
+export { constantTimeEqual, generateRandomString, getCryptoKey, hashPassword, makeSignature, signJWT, symmetricDecodeJWT, symmetricDecrypt, symmetricEncodeJWT, symmetricEncrypt, verifyJWT, verifyPassword };
+//# sourceMappingURL=index.mjs.map

package/dist/crypto/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../src/crypto/index.ts"],"sourcesContent":["import { getWebcryptoSubtle } from \"@better-auth/utils\";\nimport { createHash } from \"@better-auth/utils/hash\";\nimport { xchacha20poly1305 } from \"@noble/ciphers/chacha.js\";\nimport {\n\tbytesToHex,\n\thexToBytes,\n\tmanagedNonce,\n\tutf8ToBytes,\n} from \"@noble/ciphers/utils.js\";\n\nconst algorithm = { name: \"HMAC\", hash: \"SHA-256\" };\n\nexport type SymmetricEncryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricEncrypt = async ({\n\tkey,\n\tdata,\n}: SymmetricEncryptOptions) => {\n\tconst keyAsBytes = await createHash(\"SHA-256\").digest(key);\n\tconst dataAsBytes = utf8ToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));\n\treturn bytesToHex(chacha.encrypt(dataAsBytes));\n};\n\nexport type SymmetricDecryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricDecrypt = async ({\n\tkey,\n\tdata,\n}: SymmetricDecryptOptions) => {\n\tconst keyAsBytes = await createHash(\"SHA-256\").digest(key);\n\tconst dataAsBytes = hexToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));\n\treturn new TextDecoder().decode(chacha.decrypt(dataAsBytes));\n};\n\nexport const getCryptoKey = async (secret: string | BufferSource) => {\n\tconst secretBuf =\n\t\ttypeof secret === \"string\" ? new TextEncoder().encode(secret) : secret;\n\treturn await getWebcryptoSubtle().importKey(\n\t\t\"raw\",\n\t\tsecretBuf,\n\t\talgorithm,\n\t\tfalse,\n\t\t[\"sign\", \"verify\"],\n\t);\n};\n\nexport const makeSignature = async (\n\tvalue: string,\n\tsecret: string | BufferSource,\n): Promise<string> => {\n\tconst key = await getCryptoKey(secret);\n\tconst signature = await getWebcryptoSubtle().sign(\n\t\talgorithm.name,\n\t\tkey,\n\t\tnew TextEncoder().encode(value),\n\t);\n\t// the returned base64 encoded signature will always be 44 characters long and end with one or two equal signs\n\treturn btoa(String.fromCharCode(...new Uint8Array(signature)));\n};\n\nexport * from \"./buffer\";\nexport * from \"./jwt\";\nexport * from \"./password\";\nexport * from \"./random\";\n"],"mappings":";;;;;;;;;;AAUA,MAAM,YAAY;CAAE,MAAM;CAAQ,MAAM;CAAW;AAOnD,MAAa,mBAAmB,OAAO,EACtC,KACA,WAC8B;CAC9B,MAAM,aAAa,MAAM,WAAW,UAAU,CAAC,OAAO,IAAI;CAC1D,MAAM,cAAc,YAAY,KAAK;AAErC,QAAO,WADQ,aAAa,kBAAkB,CAAC,IAAI,WAAW,WAAW,CAAC,CACjD,QAAQ,YAAY,CAAC;;AAQ/C,MAAa,mBAAmB,OAAO,EACtC,KACA,WAC8B;CAC9B,MAAM,aAAa,MAAM,WAAW,UAAU,CAAC,OAAO,IAAI;CAC1D,MAAM,cAAc,WAAW,KAAK;CACpC,MAAM,SAAS,aAAa,kBAAkB,CAAC,IAAI,WAAW,WAAW,CAAC;AAC1E,QAAO,IAAI,aAAa,CAAC,OAAO,OAAO,QAAQ,YAAY,CAAC;;AAG7D,MAAa,eAAe,OAAO,WAAkC;CACpE,MAAM,YACL,OAAO,WAAW,WAAW,IAAI,aAAa,CAAC,OAAO,OAAO,GAAG;AACjE,QAAO,MAAM,oBAAoB,CAAC,UACjC,OACA,WACA,WACA,OACA,CAAC,QAAQ,SAAS,CAClB;;AAGF,MAAa,gBAAgB,OAC5B,OACA,WACqB;CACrB,MAAM,MAAM,MAAM,aAAa,OAAO;CACtC,MAAM,YAAY,MAAM,oBAAoB,CAAC,KAC5C,UAAU,MACV,KACA,IAAI,aAAa,CAAC,OAAO,MAAM,CAC/B;AAED,QAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,UAAU,CAAC,CAAC"}

package/dist/crypto/jwt.d.mts

@@ -0,0 +1,8 @@
+//#region src/crypto/jwt.d.ts
+declare function signJWT(payload: any, secret: string, expiresIn?: number): Promise<string>;
+declare function verifyJWT<T = any>(token: string, secret: string): Promise<T | null>;
+declare function symmetricEncodeJWT<T extends Record<string, any>>(payload: T, secret: string, salt: string, expiresIn?: number): Promise<string>;
+declare function symmetricDecodeJWT<T = any>(token: string, secret: string, salt: string): Promise<T | null>;
+//#endregion
+export { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT };
+//# sourceMappingURL=jwt.d.mts.map

package/dist/crypto/jwt.mjs

@@ -0,0 +1,95 @@
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256 } from "@noble/hashes/sha2.js";
+import { EncryptJWT, SignJWT, base64url, calculateJwkThumbprint, jwtDecrypt, jwtVerify } from "jose";
+
+//#region src/crypto/jwt.ts
+async function signJWT(payload, secret, expiresIn = 3600) {
+	return await new SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(Math.floor(Date.now() / 1e3) + expiresIn).sign(new TextEncoder().encode(secret));
+}
+async function verifyJWT(token, secret) {
+	try {
+		return (await jwtVerify(token, new TextEncoder().encode(secret))).payload;
+	} catch {
+		return null;
+	}
+}
+const info = new Uint8Array([
+	66,
+	101,
+	116,
+	116,
+	101,
+	114,
+	65,
+	117,
+	116,
+	104,
+	46,
+	106,
+	115,
+	32,
+	71,
+	101,
+	110,
+	101,
+	114,
+	97,
+	116,
+	101,
+	100,
+	32,
+	69,
+	110,
+	99,
+	114,
+	121,
+	112,
+	116,
+	105,
+	111,
+	110,
+	32,
+	75,
+	101,
+	121
+]);
+const now = () => Date.now() / 1e3 | 0;
+const alg = "dir";
+const enc = "A256CBC-HS512";
+async function symmetricEncodeJWT(payload, secret, salt, expiresIn = 3600) {
+	const encryptionSecret = hkdf(sha256, new TextEncoder().encode(secret), new TextEncoder().encode(salt), info, 64);
+	const thumbprint = await calculateJwkThumbprint({
+		kty: "oct",
+		k: base64url.encode(encryptionSecret)
+	}, "sha256");
+	return await new EncryptJWT(payload).setProtectedHeader({
+		alg,
+		enc,
+		kid: thumbprint
+	}).setIssuedAt().setExpirationTime(now() + expiresIn).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
+}
+async function symmetricDecodeJWT(token, secret, salt) {
+	if (!token) return null;
+	try {
+		const { payload } = await jwtDecrypt(token, async ({ kid }) => {
+			const encryptionSecret = hkdf(sha256, new TextEncoder().encode(secret), new TextEncoder().encode(salt), info, 64);
+			if (kid === void 0) return encryptionSecret;
+			if (kid === await calculateJwkThumbprint({
+				kty: "oct",
+				k: base64url.encode(encryptionSecret)
+			}, "sha256")) return encryptionSecret;
+			throw new Error("no matching decryption secret");
+		}, {
+			clockTolerance: 15,
+			keyManagementAlgorithms: [alg],
+			contentEncryptionAlgorithms: [enc, "A256GCM"]
+		});
+		return payload;
+	} catch {
+		return null;
+	}
+}
+
+//#endregion
+export { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT };
+//# sourceMappingURL=jwt.mjs.map

package/dist/crypto/jwt.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.mjs","names":[],"sources":["../../src/crypto/jwt.ts"],"sourcesContent":["import { hkdf } from \"@noble/hashes/hkdf.js\";\nimport { sha256 } from \"@noble/hashes/sha2.js\";\nimport {\n\tbase64url,\n\tcalculateJwkThumbprint,\n\tEncryptJWT,\n\tjwtDecrypt,\n\tjwtVerify,\n\tSignJWT,\n} from \"jose\";\n\nexport async function signJWT(\n\tpayload: any,\n\tsecret: string,\n\texpiresIn: number = 3600,\n): Promise<string> {\n\tconst jwt = await new SignJWT(payload)\n\t\t.setProtectedHeader({ alg: \"HS256\" })\n\t\t.setIssuedAt()\n\t\t.setExpirationTime(Math.floor(Date.now() / 1000) + expiresIn)\n\t\t.sign(new TextEncoder().encode(secret));\n\n\treturn jwt;\n}\n\nexport async function verifyJWT<T = any>(\n\ttoken: string,\n\tsecret: string,\n): Promise<T | null> {\n\ttry {\n\t\tconst verified = await jwtVerify(token, new TextEncoder().encode(secret));\n\t\treturn verified.payload as T;\n\t} catch {\n\t\treturn null;\n\t}\n}\n\n// \"BetterAuth.js Generated Encryption Key\"\nconst info: Uint8Array = new Uint8Array([\n\t66, 101, 116, 116, 101, 114, 65, 117, 116, 104, 46, 106, 115, 32, 71, 101,\n\t110, 101, 114, 97, 116, 101, 100, 32, 69, 110, 99, 114, 121, 112, 116, 105,\n\t111, 110, 32, 75, 101, 121,\n]);\n\nconst now = () => (Date.now() / 1000) | 0;\n\nconst alg = \"dir\";\nconst enc = \"A256CBC-HS512\"; // 64 bytes key\n\nexport async function symmetricEncodeJWT<T extends Record<string, any>>(\n\tpayload: T,\n\tsecret: string,\n\tsalt: string,\n\texpiresIn: number = 3600,\n): Promise<string> {\n\tconst encryptionSecret = hkdf(\n\t\tsha256,\n\t\tnew TextEncoder().encode(secret),\n\t\tnew TextEncoder().encode(salt),\n\t\tinfo,\n\t\t64,\n\t);\n\n\tconst thumbprint = await calculateJwkThumbprint(\n\t\t{ kty: \"oct\", k: base64url.encode(encryptionSecret) },\n\t\t\"sha256\",\n\t);\n\n\treturn await new EncryptJWT(payload)\n\t\t.setProtectedHeader({ alg, enc, kid: thumbprint })\n\t\t.setIssuedAt()\n\t\t.setExpirationTime(now() + expiresIn)\n\t\t.setJti(crypto.randomUUID())\n\t\t.encrypt(encryptionSecret);\n}\n\nexport async function symmetricDecodeJWT<T = any>(\n\ttoken: string,\n\tsecret: string,\n\tsalt: string,\n): Promise<T | null> {\n\tif (!token) return null;\n\ttry {\n\t\tconst { payload } = await jwtDecrypt(\n\t\t\ttoken,\n\t\t\tasync ({ kid }) => {\n\t\t\t\tconst encryptionSecret = hkdf(\n\t\t\t\t\tsha256,\n\t\t\t\t\tnew TextEncoder().encode(secret),\n\t\t\t\t\tnew TextEncoder().encode(salt),\n\t\t\t\t\tinfo,\n\t\t\t\t\t64,\n\t\t\t\t);\n\t\t\t\tif (kid === undefined) return encryptionSecret;\n\n\t\t\t\tconst thumbprint = await calculateJwkThumbprint(\n\t\t\t\t\t{ kty: \"oct\", k: base64url.encode(encryptionSecret) },\n\t\t\t\t\t\"sha256\",\n\t\t\t\t);\n\t\t\t\tif (kid === thumbprint) return encryptionSecret;\n\n\t\t\t\tthrow new Error(\"no matching decryption secret\");\n\t\t\t},\n\t\t\t{\n\t\t\t\tclockTolerance: 15,\n\t\t\t\tkeyManagementAlgorithms: [alg],\n\t\t\t\tcontentEncryptionAlgorithms: [enc, \"A256GCM\"],\n\t\t\t},\n\t\t);\n\t\treturn payload as T;\n\t} catch {\n\t\treturn null;\n\t}\n}\n"],"mappings":";;;;;AAWA,eAAsB,QACrB,SACA,QACA,YAAoB,MACF;AAOlB,QANY,MAAM,IAAI,QAAQ,QAAQ,CACpC,mBAAmB,EAAE,KAAK,SAAS,CAAC,CACpC,aAAa,CACb,kBAAkB,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK,GAAG,UAAU,CAC5D,KAAK,IAAI,aAAa,CAAC,OAAO,OAAO,CAAC;;AAKzC,eAAsB,UACrB,OACA,QACoB;AACpB,KAAI;AAEH,UADiB,MAAM,UAAU,OAAO,IAAI,aAAa,CAAC,OAAO,OAAO,CAAC,EACzD;SACT;AACP,SAAO;;;AAKT,MAAM,OAAmB,IAAI,WAAW;CACvC;CAAI;CAAK;CAAK;CAAK;CAAK;CAAK;CAAI;CAAK;CAAK;CAAK;CAAI;CAAK;CAAK;CAAI;CAAI;CACtE;CAAK;CAAK;CAAK;CAAI;CAAK;CAAK;CAAK;CAAI;CAAI;CAAK;CAAI;CAAK;CAAK;CAAK;CAAK;CACvE;CAAK;CAAK;CAAI;CAAI;CAAK;CACvB,CAAC;AAEF,MAAM,YAAa,KAAK,KAAK,GAAG,MAAQ;AAExC,MAAM,MAAM;AACZ,MAAM,MAAM;AAEZ,eAAsB,mBACrB,SACA,QACA,MACA,YAAoB,MACF;CAClB,MAAM,mBAAmB,KACxB,QACA,IAAI,aAAa,CAAC,OAAO,OAAO,EAChC,IAAI,aAAa,CAAC,OAAO,KAAK,EAC9B,MACA,GACA;CAED,MAAM,aAAa,MAAM,uBACxB;EAAE,KAAK;EAAO,GAAG,UAAU,OAAO,iBAAiB;EAAE,EACrD,SACA;AAED,QAAO,MAAM,IAAI,WAAW,QAAQ,CAClC,mBAAmB;EAAE;EAAK;EAAK,KAAK;EAAY,CAAC,CACjD,aAAa,CACb,kBAAkB,KAAK,GAAG,UAAU,CACpC,OAAO,OAAO,YAAY,CAAC,CAC3B,QAAQ,iBAAiB;;AAG5B,eAAsB,mBACrB,OACA,QACA,MACoB;AACpB,KAAI,CAAC,MAAO,QAAO;AACnB,KAAI;EACH,MAAM,EAAE,YAAY,MAAM,WACzB,OACA,OAAO,EAAE,UAAU;GAClB,MAAM,mBAAmB,KACxB,QACA,IAAI,aAAa,CAAC,OAAO,OAAO,EAChC,IAAI,aAAa,CAAC,OAAO,KAAK,EAC9B,MACA,GACA;AACD,OAAI,QAAQ,OAAW,QAAO;AAM9B,OAAI,QAJe,MAAM,uBACxB;IAAE,KAAK;IAAO,GAAG,UAAU,OAAO,iBAAiB;IAAE,EACrD,SACA,CACuB,QAAO;AAE/B,SAAM,IAAI,MAAM,gCAAgC;KAEjD;GACC,gBAAgB;GAChB,yBAAyB,CAAC,IAAI;GAC9B,6BAA6B,CAAC,KAAK,UAAU;GAC7C,CACD;AACD,SAAO;SACA;AACP,SAAO"}

package/dist/crypto/password.d.mts

@@ -0,0 +1,12 @@
+//#region src/crypto/password.d.ts
+declare const hashPassword: (password: string) => Promise<string>;
+declare const verifyPassword: ({
+  hash,
+  password
+}: {
+  hash: string;
+  password: string;
+}) => Promise<boolean>;
+//#endregion
+export { hashPassword, verifyPassword };
+//# sourceMappingURL=password.d.mts.map

package/dist/crypto/password.mjs

@@ -0,0 +1,36 @@
+import { constantTimeEqual } from "./buffer.mjs";
+import { BetterAuthError } from "@better-auth/core/error";
+import { hex } from "@better-auth/utils/hex";
+import { scryptAsync } from "@noble/hashes/scrypt.js";
+import { hexToBytes } from "@noble/hashes/utils.js";
+
+//#region src/crypto/password.ts
+const config = {
+	N: 16384,
+	r: 16,
+	p: 1,
+	dkLen: 64
+};
+async function generateKey(password, salt) {
+	return await scryptAsync(password.normalize("NFKC"), salt, {
+		N: config.N,
+		p: config.p,
+		r: config.r,
+		dkLen: config.dkLen,
+		maxmem: 128 * config.N * config.r * 2
+	});
+}
+const hashPassword = async (password) => {
+	const salt = hex.encode(crypto.getRandomValues(new Uint8Array(16)));
+	const key = await generateKey(password, salt);
+	return `${salt}:${hex.encode(key)}`;
+};
+const verifyPassword = async ({ hash, password }) => {
+	const [salt, key] = hash.split(":");
+	if (!salt || !key) throw new BetterAuthError("Invalid password hash");
+	return constantTimeEqual(await generateKey(password, salt), hexToBytes(key));
+};
+
+//#endregion
+export { hashPassword, verifyPassword };
+//# sourceMappingURL=password.mjs.map

package/dist/crypto/password.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.mjs","names":[],"sources":["../../src/crypto/password.ts"],"sourcesContent":["import { BetterAuthError } from \"@better-auth/core/error\";\nimport { hex } from \"@better-auth/utils/hex\";\nimport { scryptAsync } from \"@noble/hashes/scrypt.js\";\nimport { hexToBytes } from \"@noble/hashes/utils.js\";\nimport { constantTimeEqual } from \"./buffer\";\n\nconst config = {\n\tN: 16384,\n\tr: 16,\n\tp: 1,\n\tdkLen: 64,\n};\n\nasync function generateKey(password: string, salt: string) {\n\treturn await scryptAsync(password.normalize(\"NFKC\"), salt, {\n\t\tN: config.N,\n\t\tp: config.p,\n\t\tr: config.r,\n\t\tdkLen: config.dkLen,\n\t\tmaxmem: 128 * config.N * config.r * 2,\n\t});\n}\n\nexport const hashPassword = async (password: string) => {\n\tconst salt = hex.encode(crypto.getRandomValues(new Uint8Array(16)));\n\tconst key = await generateKey(password, salt);\n\treturn `${salt}:${hex.encode(key)}`;\n};\n\nexport const verifyPassword = async ({\n\thash,\n\tpassword,\n}: {\n\thash: string;\n\tpassword: string;\n}) => {\n\tconst [salt, key] = hash.split(\":\");\n\tif (!salt || !key) {\n\t\tthrow new BetterAuthError(\"Invalid password hash\");\n\t}\n\tconst targetKey = await generateKey(password, salt!);\n\treturn constantTimeEqual(targetKey, hexToBytes(key));\n};\n"],"mappings":";;;;;;;AAMA,MAAM,SAAS;CACd,GAAG;CACH,GAAG;CACH,GAAG;CACH,OAAO;CACP;AAED,eAAe,YAAY,UAAkB,MAAc;AAC1D,QAAO,MAAM,YAAY,SAAS,UAAU,OAAO,EAAE,MAAM;EAC1D,GAAG,OAAO;EACV,GAAG,OAAO;EACV,GAAG,OAAO;EACV,OAAO,OAAO;EACd,QAAQ,MAAM,OAAO,IAAI,OAAO,IAAI;EACpC,CAAC;;AAGH,MAAa,eAAe,OAAO,aAAqB;CACvD,MAAM,OAAO,IAAI,OAAO,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC;CACnE,MAAM,MAAM,MAAM,YAAY,UAAU,KAAK;AAC7C,QAAO,GAAG,KAAK,GAAG,IAAI,OAAO,IAAI;;AAGlC,MAAa,iBAAiB,OAAO,EACpC,MACA,eAIK;CACL,MAAM,CAAC,MAAM,OAAO,KAAK,MAAM,IAAI;AACnC,KAAI,CAAC,QAAQ,CAAC,IACb,OAAM,IAAI,gBAAgB,wBAAwB;AAGnD,QAAO,kBADW,MAAM,YAAY,UAAU,KAAM,EAChB,WAAW,IAAI,CAAC"}

package/dist/crypto/random.d.mts

@@ -0,0 +1,5 @@
+//#region src/crypto/random.d.ts
+declare const generateRandomString: <SubA extends "a-z" | "A-Z" | "0-9" | "-_">(length: number, ...alphabets: SubA[]) => string;
+//#endregion
+export { generateRandomString };
+//# sourceMappingURL=random.d.mts.map

package/dist/crypto/random.mjs

@@ -0,0 +1,8 @@
+import { createRandomStringGenerator } from "@better-auth/utils/random";
+
+//#region src/crypto/random.ts
+const generateRandomString = createRandomStringGenerator("a-z", "0-9", "A-Z", "-_");
+
+//#endregion
+export { generateRandomString };
+//# sourceMappingURL=random.mjs.map

package/dist/crypto/random.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"random.mjs","names":[],"sources":["../../src/crypto/random.ts"],"sourcesContent":["import { createRandomStringGenerator } from \"@better-auth/utils/random\";\nexport const generateRandomString = createRandomStringGenerator(\n\t\"a-z\",\n\t\"0-9\",\n\t\"A-Z\",\n\t\"-_\",\n);\n"],"mappings":";;;AACA,MAAa,uBAAuB,4BACnC,OACA,OACA,OACA,KACA"}

package/dist/db/adapter-base.d.mts

@@ -0,0 +1,8 @@
+import { BetterAuthOptions } from "@better-auth/core";
+import { DBAdapter } from "@better-auth/core/db/adapter";
+
+//#region src/db/adapter-base.d.ts
+declare function getBaseAdapter(options: BetterAuthOptions, handleDirectDatabase: (options: BetterAuthOptions) => Promise<DBAdapter<BetterAuthOptions>>): Promise<DBAdapter<BetterAuthOptions>>;
+//#endregion
+export { getBaseAdapter };
+//# sourceMappingURL=adapter-base.d.mts.map

package/dist/db/adapter-base.mjs

@@ -0,0 +1,28 @@
+import { getAuthTables } from "@better-auth/core/db";
+import { logger } from "@better-auth/core/env";
+
+//#region src/db/adapter-base.ts
+async function getBaseAdapter(options, handleDirectDatabase) {
+	let adapter;
+	if (!options.database) {
+		const tables = getAuthTables(options);
+		const memoryDB = Object.keys(tables).reduce((acc, key) => {
+			acc[key] = [];
+			return acc;
+		}, {});
+		const { memoryAdapter } = await import("@better-auth/memory-adapter");
+		adapter = memoryAdapter(memoryDB)(options);
+	} else if (typeof options.database === "function") adapter = options.database(options);
+	else adapter = await handleDirectDatabase(options);
+	if (!adapter.transaction) {
+		logger.warn("Adapter does not correctly implement transaction function, patching it automatically. Please update your adapter implementation.");
+		adapter.transaction = async (cb) => {
+			return cb(adapter);
+		};
+	}
+	return adapter;
+}
+
+//#endregion
+export { getBaseAdapter };
+//# sourceMappingURL=adapter-base.mjs.map

package/dist/db/adapter-base.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter-base.mjs","names":[],"sources":["../../src/db/adapter-base.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport { getAuthTables } from \"@better-auth/core/db\";\nimport type { DBAdapter } from \"@better-auth/core/db/adapter\";\nimport { logger } from \"@better-auth/core/env\";\nimport type { MemoryDB } from \"@better-auth/memory-adapter\";\n\nexport async function getBaseAdapter(\n\toptions: BetterAuthOptions,\n\thandleDirectDatabase: (\n\t\toptions: BetterAuthOptions,\n\t) => Promise<DBAdapter<BetterAuthOptions>>,\n): Promise<DBAdapter<BetterAuthOptions>> {\n\tlet adapter: DBAdapter<BetterAuthOptions>;\n\n\tif (!options.database) {\n\t\tconst tables = getAuthTables(options);\n\t\tconst memoryDB = Object.keys(tables).reduce<MemoryDB>((acc, key) => {\n\t\t\tacc[key] = [];\n\t\t\treturn acc;\n\t\t}, {});\n\t\tconst { memoryAdapter } = await import(\"@better-auth/memory-adapter\");\n\t\tadapter = memoryAdapter(memoryDB)(options);\n\t} else if (typeof options.database === \"function\") {\n\t\tadapter = options.database(options);\n\t} else {\n\t\tadapter = await handleDirectDatabase(options);\n\t}\n\n\t// patch for 1.3.x to ensure we have a transaction function in the adapter\n\tif (!adapter.transaction) {\n\t\tlogger.warn(\n\t\t\t\"Adapter does not correctly implement transaction function, patching it automatically. Please update your adapter implementation.\",\n\t\t);\n\t\tadapter.transaction = async (cb) => {\n\t\t\treturn cb(adapter);\n\t\t};\n\t}\n\n\treturn adapter;\n}\n"],"mappings":";;;;AAMA,eAAsB,eACrB,SACA,sBAGwC;CACxC,IAAI;AAEJ,KAAI,CAAC,QAAQ,UAAU;EACtB,MAAM,SAAS,cAAc,QAAQ;EACrC,MAAM,WAAW,OAAO,KAAK,OAAO,CAAC,QAAkB,KAAK,QAAQ;AACnE,OAAI,OAAO,EAAE;AACb,UAAO;KACL,EAAE,CAAC;EACN,MAAM,EAAE,kBAAkB,MAAM,OAAO;AACvC,YAAU,cAAc,SAAS,CAAC,QAAQ;YAChC,OAAO,QAAQ,aAAa,WACtC,WAAU,QAAQ,SAAS,QAAQ;KAEnC,WAAU,MAAM,qBAAqB,QAAQ;AAI9C,KAAI,CAAC,QAAQ,aAAa;AACzB,SAAO,KACN,mIACA;AACD,UAAQ,cAAc,OAAO,OAAO;AACnC,UAAO,GAAG,QAAQ;;;AAIpB,QAAO"}

package/dist/db/adapter-kysely.d.mts

@@ -0,0 +1,8 @@
+import { BetterAuthOptions } from "@better-auth/core";
+import { DBAdapter } from "@better-auth/core/db/adapter";
+
+//#region src/db/adapter-kysely.d.ts
+declare function getAdapter(options: BetterAuthOptions): Promise<DBAdapter<BetterAuthOptions>>;
+//#endregion
+export { getAdapter };
+//# sourceMappingURL=adapter-kysely.d.mts.map

package/dist/db/adapter-kysely.mjs

@@ -0,0 +1,21 @@
+import { getBaseAdapter } from "./adapter-base.mjs";
+import { BetterAuthError } from "@better-auth/core/error";
+
+//#region src/db/adapter-kysely.ts
+async function getAdapter(options) {
+	return getBaseAdapter(options, async (opts) => {
+		const { createKyselyAdapter } = await import("../adapters/kysely-adapter/index.mjs");
+		const { kysely, databaseType, transaction } = await createKyselyAdapter(opts);
+		if (!kysely) throw new BetterAuthError("Failed to initialize database adapter");
+		const { kyselyAdapter } = await import("../adapters/kysely-adapter/index.mjs");
+		return kyselyAdapter(kysely, {
+			type: databaseType || "sqlite",
+			debugLogs: opts.database && "debugLogs" in opts.database ? opts.database.debugLogs : false,
+			transaction
+		})(opts);
+	});
+}
+
+//#endregion
+export { getAdapter };
+//# sourceMappingURL=adapter-kysely.mjs.map

package/dist/db/adapter-kysely.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"adapter-kysely.mjs","names":[],"sources":["../../src/db/adapter-kysely.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport type { DBAdapter } from \"@better-auth/core/db/adapter\";\nimport { BetterAuthError } from \"@better-auth/core/error\";\nimport { getBaseAdapter } from \"./adapter-base\";\n\nexport async function getAdapter(\n\toptions: BetterAuthOptions,\n): Promise<DBAdapter<BetterAuthOptions>> {\n\treturn getBaseAdapter(options, async (opts) => {\n\t\tconst { createKyselyAdapter } = await import(\"../adapters/kysely-adapter\");\n\t\tconst { kysely, databaseType, transaction } =\n\t\t\tawait createKyselyAdapter(opts);\n\t\tif (!kysely) {\n\t\t\tthrow new BetterAuthError(\"Failed to initialize database adapter\");\n\t\t}\n\t\tconst { kyselyAdapter } = await import(\"../adapters/kysely-adapter\");\n\t\treturn kyselyAdapter(kysely, {\n\t\t\ttype: databaseType || \"sqlite\",\n\t\t\tdebugLogs:\n\t\t\t\topts.database && \"debugLogs\" in opts.database\n\t\t\t\t\t? opts.database.debugLogs\n\t\t\t\t\t: false,\n\t\t\ttransaction: transaction,\n\t\t})(opts);\n\t});\n}\n"],"mappings":";;;;AAKA,eAAsB,WACrB,SACwC;AACxC,QAAO,eAAe,SAAS,OAAO,SAAS;EAC9C,MAAM,EAAE,wBAAwB,MAAM,OAAO;EAC7C,MAAM,EAAE,QAAQ,cAAc,gBAC7B,MAAM,oBAAoB,KAAK;AAChC,MAAI,CAAC,OACJ,OAAM,IAAI,gBAAgB,wCAAwC;EAEnE,MAAM,EAAE,kBAAkB,MAAM,OAAO;AACvC,SAAO,cAAc,QAAQ;GAC5B,MAAM,gBAAgB;GACtB,WACC,KAAK,YAAY,eAAe,KAAK,WAClC,KAAK,SAAS,YACd;GACS;GACb,CAAC,CAAC,KAAK;GACP"}

package/dist/db/field-converter.d.mts

@@ -0,0 +1,8 @@
+import { DBFieldAttribute } from "@better-auth/core/db";
+
+//#region src/db/field-converter.d.ts
+declare function convertToDB<T extends Record<string, any>>(fields: Record<string, DBFieldAttribute>, values: T): T;
+declare function convertFromDB<T extends Record<string, any>>(fields: Record<string, DBFieldAttribute>, values: T | null): T | null;
+//#endregion
+export { convertFromDB, convertToDB };
+//# sourceMappingURL=field-converter.d.mts.map

package/dist/db/field-converter.mjs

@@ -0,0 +1,21 @@
+//#region src/db/field-converter.ts
+function convertToDB(fields, values) {
+	const result = values.id ? { id: values.id } : {};
+	for (const key in fields) {
+		const field = fields[key];
+		const value = values[key];
+		if (value === void 0) continue;
+		result[field.fieldName || key] = value;
+	}
+	return result;
+}
+function convertFromDB(fields, values) {
+	if (!values) return null;
+	const result = { id: values.id };
+	for (const [key, value] of Object.entries(fields)) result[key] = values[value.fieldName || key];
+	return result;
+}
+
+//#endregion
+export { convertFromDB, convertToDB };
+//# sourceMappingURL=field-converter.mjs.map

package/dist/db/field-converter.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"field-converter.mjs","names":[],"sources":["../../src/db/field-converter.ts"],"sourcesContent":["import type { DBFieldAttribute } from \"@better-auth/core/db\";\n\nexport function convertToDB<T extends Record<string, any>>(\n\tfields: Record<string, DBFieldAttribute>,\n\tvalues: T,\n) {\n\tconst result: Record<string, any> = values.id\n\t\t? {\n\t\t\t\tid: values.id,\n\t\t\t}\n\t\t: {};\n\tfor (const key in fields) {\n\t\tconst field = fields[key]!;\n\t\tconst value = values[key];\n\t\tif (value === undefined) {\n\t\t\tcontinue;\n\t\t}\n\t\tresult[field.fieldName || key] = value;\n\t}\n\treturn result as T;\n}\n\nexport function convertFromDB<T extends Record<string, any>>(\n\tfields: Record<string, DBFieldAttribute>,\n\tvalues: T | null,\n) {\n\tif (!values) {\n\t\treturn null;\n\t}\n\tconst result: Record<string, any> = {\n\t\tid: values.id,\n\t};\n\tfor (const [key, value] of Object.entries(fields)) {\n\t\tresult[key] = values[value.fieldName || key];\n\t}\n\treturn result as T;\n}\n"],"mappings":";AAEA,SAAgB,YACf,QACA,QACC;CACD,MAAM,SAA8B,OAAO,KACxC,EACA,IAAI,OAAO,IACX,GACA,EAAE;AACL,MAAK,MAAM,OAAO,QAAQ;EACzB,MAAM,QAAQ,OAAO;EACrB,MAAM,QAAQ,OAAO;AACrB,MAAI,UAAU,OACb;AAED,SAAO,MAAM,aAAa,OAAO;;AAElC,QAAO;;AAGR,SAAgB,cACf,QACA,QACC;AACD,KAAI,CAAC,OACJ,QAAO;CAER,MAAM,SAA8B,EACnC,IAAI,OAAO,IACX;AACD,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,OAAO,CAChD,QAAO,OAAO,OAAO,MAAM,aAAa;AAEzC,QAAO"}

package/dist/db/field.d.mts

@@ -0,0 +1,55 @@
+import { BetterAuthOptions } from "@better-auth/core";
+import { DBFieldAttribute, DBFieldAttributeConfig, DBFieldType } from "@better-auth/core/db";
+
+//#region src/db/field.d.ts
+declare const createFieldAttribute: <T extends DBFieldType, C extends DBFieldAttributeConfig>(type: T, config?: C | undefined) => DBFieldAttribute<T>;
+type InferValueType<T extends DBFieldType> = T extends "string" ? string : T extends "number" ? number : T extends "boolean" ? boolean : T extends "date" ? Date : T extends "json" ? Record<string, any> : T extends `${infer U}[]` ? U extends "string" ? string[] : number[] : T extends Array<any> ? T[number] : never;
+type InferFieldsOutput<Field> = Field extends Record<infer Key, DBFieldAttribute> ? { [key in Key as Field[key]["returned"] extends false ? never : Field[key]["required"] extends false ? Field[key]["defaultValue"] extends boolean | string | number | Date ? key : never : key]: InferFieldOutput<Field[key]> } & { [key in Key as Field[key]["returned"] extends false ? never : Field[key]["required"] extends false ? Field[key]["defaultValue"] extends boolean | string | number | Date ? never : key : never]?: InferFieldOutput<Field[key]> | null } : {};
+type InferFieldsInput<Field> = Field extends Record<infer Key, DBFieldAttribute> ? { [key in Key as Field[key]["required"] extends false ? never : Field[key]["defaultValue"] extends string | number | boolean | Date ? never : Field[key]["input"] extends false ? never : key]: InferFieldInput<Field[key]> } & { [key in Key as Field[key]["input"] extends false ? never : key]?: InferFieldInput<Field[key]> | undefined | null } : {};
+/**
+ * For client will add "?" on optional fields
+ */
+type InferFieldsInputClient<Field> = Field extends Record<infer Key, DBFieldAttribute> ? { [key in Key as Field[key]["required"] extends false ? never : Field[key]["defaultValue"] extends string | number | boolean | Date ? never : Field[key]["input"] extends false ? never : key]: InferFieldInput<Field[key]> } & { [key in Key as Field[key]["input"] extends false ? never : Field[key]["required"] extends false ? key : Field[key]["defaultValue"] extends string | number | boolean | Date ? key : never]?: InferFieldInput<Field[key]> | undefined | null } : {};
+type InferFieldOutput<T extends DBFieldAttribute> = T["returned"] extends false ? never : T["required"] extends false ? InferValueType<T["type"]> | undefined | null : InferValueType<T["type"]>;
+/**
+ * Converts a Record<string, DBFieldAttribute> to an object type
+ * with keys and value types inferred from DBFieldAttribute["type"].
+ */
+type FieldAttributeToObject<Fields extends Record<string, DBFieldAttribute>> = AddOptionalFields<{ [K in keyof Fields]: InferValueType<Fields[K]["type"]> }, Fields>;
+type AddOptionalFields<T extends Record<string, any>, Fields extends Record<keyof T, DBFieldAttribute>> = { [K in keyof T as Fields[K] extends {
+  required: true;
+} ? K : never]: T[K] } & { [K in keyof T as Fields[K] extends {
+  required: true;
+} ? never : K]?: T[K] };
+/**
+ * Infer the additional fields from the plugin options.
+ * For example, you can infer the additional fields of the org plugin's organization schema like this:
+ * ```ts
+ * type AdditionalFields = InferAdditionalFieldsFromPluginOptions<"organization", OrganizationOptions>
+ * ```
+ *
+ * @param isClientSide - When `true` (default), filters out `input: false` fields (clients can't send these).
+ *   When `false`, includes all fields (for internal/server-side use).
+ */
+type InferAdditionalFieldsFromPluginOptions<SchemaName extends string, Options extends {
+  schema?: { [key in SchemaName]?: {
+    additionalFields?: Record<string, DBFieldAttribute>;
+  } } | undefined;
+}, isClientSide extends boolean = true> = Options["schema"] extends { [key in SchemaName]?: {
+  additionalFields: infer Field extends Record<string, DBFieldAttribute>;
+} } ? isClientSide extends true ? FieldAttributeToObject<RemoveFieldsWithInputFalse<Field>> : FieldAttributeToObject<Field> : {};
+type RemoveFieldsWithInputFalse<T extends Record<string, DBFieldAttribute>> = { [K in keyof T as T[K]["input"] extends false ? never : K]: T[K] };
+type RemoveFieldsWithReturnedFalse<T extends Record<string, DBFieldAttribute>> = { [K in keyof T as T[K]["returned"] extends false ? never : K]: T[K] };
+type InferFieldInput<T extends DBFieldAttribute> = InferValueType<T["type"]>;
+type PluginFieldAttribute = Omit<DBFieldAttribute, "transform" | "defaultValue" | "hashValue">;
+type InferFieldsFromPlugins<Options extends BetterAuthOptions, Key extends string, Format extends "output" | "input"> = Options["plugins"] extends [] ? {} : Options["plugins"] extends Array<infer T> ? T extends {
+  schema: { [key in Key]: {
+    fields: infer Field;
+  } };
+} ? Format extends "output" ? InferFieldsOutput<Field> : InferFieldsInput<Field> : {} : {};
+type InferFieldsFromOptions<Options extends BetterAuthOptions, Key extends "session" | "user", Format extends "output" | "input"> = Options[Key] extends {
+  additionalFields: infer Field;
+} ? Format extends "output" ? InferFieldsOutput<Field> : InferFieldsInput<Field> : {};
+//#endregion
+export { FieldAttributeToObject, InferAdditionalFieldsFromPluginOptions, InferFieldsFromOptions, InferFieldsFromPlugins, InferFieldsInput, InferFieldsInputClient, InferFieldsOutput, InferValueType, PluginFieldAttribute, RemoveFieldsWithReturnedFalse, createFieldAttribute };
+//# sourceMappingURL=field.d.mts.map

package/dist/db/field.mjs

@@ -0,0 +1,11 @@
+//#region src/db/field.ts
+const createFieldAttribute = (type, config) => {
+	return {
+		type,
+		...config
+	};
+};
+
+//#endregion
+export { createFieldAttribute };
+//# sourceMappingURL=field.mjs.map

package/dist/db/field.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"field.mjs","names":[],"sources":["../../src/db/field.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport type {\n\tDBFieldAttribute,\n\tDBFieldAttributeConfig,\n\tDBFieldType,\n} from \"@better-auth/core/db\";\n\nexport const createFieldAttribute = <\n\tT extends DBFieldType,\n\tC extends DBFieldAttributeConfig,\n>(\n\ttype: T,\n\tconfig?: C | undefined,\n) => {\n\treturn {\n\t\ttype,\n\t\t...config,\n\t} satisfies DBFieldAttribute<T>;\n};\n\nexport type InferValueType<T extends DBFieldType> = T extends \"string\"\n\t? string\n\t: T extends \"number\"\n\t\t? number\n\t\t: T extends \"boolean\"\n\t\t\t? boolean\n\t\t\t: T extends \"date\"\n\t\t\t\t? Date\n\t\t\t\t: T extends \"json\"\n\t\t\t\t\t? Record<string, any>\n\t\t\t\t\t: T extends `${infer U}[]`\n\t\t\t\t\t\t? U extends \"string\"\n\t\t\t\t\t\t\t? string[]\n\t\t\t\t\t\t\t: number[]\n\t\t\t\t\t\t: T extends Array<any>\n\t\t\t\t\t\t\t? T[number]\n\t\t\t\t\t\t\t: never;\n\nexport type InferFieldsOutput<Field> =\n\tField extends Record<infer Key, DBFieldAttribute>\n\t\t? {\n\t\t\t\t[key in Key as Field[key][\"returned\"] extends false\n\t\t\t\t\t? never\n\t\t\t\t\t: Field[key][\"required\"] extends false\n\t\t\t\t\t\t? Field[key][\"defaultValue\"] extends\n\t\t\t\t\t\t\t\t| boolean\n\t\t\t\t\t\t\t\t| string\n\t\t\t\t\t\t\t\t| number\n\t\t\t\t\t\t\t\t| Date\n\t\t\t\t\t\t\t? key\n\t\t\t\t\t\t\t: never\n\t\t\t\t\t\t: key]: InferFieldOutput<Field[key]>;\n\t\t\t} & {\n\t\t\t\t[key in Key as Field[key][\"returned\"] extends false\n\t\t\t\t\t? never\n\t\t\t\t\t: Field[key][\"required\"] extends false\n\t\t\t\t\t\t? Field[key][\"defaultValue\"] extends\n\t\t\t\t\t\t\t\t| boolean\n\t\t\t\t\t\t\t\t| string\n\t\t\t\t\t\t\t\t| number\n\t\t\t\t\t\t\t\t| Date\n\t\t\t\t\t\t\t? never\n\t\t\t\t\t\t\t: key\n\t\t\t\t\t\t: never]?: InferFieldOutput<Field[key]> | null;\n\t\t\t}\n\t\t: {};\n\nexport type InferFieldsInput<Field> =\n\tField extends Record<infer Key, DBFieldAttribute>\n\t\t? {\n\t\t\t\t[key in Key as Field[key][\"required\"] extends false\n\t\t\t\t\t? never\n\t\t\t\t\t: Field[key][\"defaultValue\"] extends string | number | boolean | Date\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: Field[key][\"input\"] extends false\n\t\t\t\t\t\t\t? never\n\t\t\t\t\t\t\t: key]: InferFieldInput<Field[key]>;\n\t\t\t} & {\n\t\t\t\t[key in Key as Field[key][\"input\"] extends false ? never : key]?:\n\t\t\t\t\t| InferFieldInput<Field[key]>\n\t\t\t\t\t| undefined\n\t\t\t\t\t| null;\n\t\t\t}\n\t\t: {};\n\n/**\n * For client will add \"?\" on optional fields\n */\nexport type InferFieldsInputClient<Field> =\n\tField extends Record<infer Key, DBFieldAttribute>\n\t\t? {\n\t\t\t\t[key in Key as Field[key][\"required\"] extends false\n\t\t\t\t\t? never\n\t\t\t\t\t: Field[key][\"defaultValue\"] extends string | number | boolean | Date\n\t\t\t\t\t\t? never\n\t\t\t\t\t\t: Field[key][\"input\"] extends false\n\t\t\t\t\t\t\t? never\n\t\t\t\t\t\t\t: key]: InferFieldInput<Field[key]>;\n\t\t\t} & {\n\t\t\t\t[key in Key as Field[key][\"input\"] extends false\n\t\t\t\t\t? never\n\t\t\t\t\t: Field[key][\"required\"] extends false\n\t\t\t\t\t\t? key\n\t\t\t\t\t\t: Field[key][\"defaultValue\"] extends\n\t\t\t\t\t\t\t\t\t| string\n\t\t\t\t\t\t\t\t\t| number\n\t\t\t\t\t\t\t\t\t| boolean\n\t\t\t\t\t\t\t\t\t| Date\n\t\t\t\t\t\t\t? key\n\t\t\t\t\t\t\t: never]?: InferFieldInput<Field[key]> | undefined | null;\n\t\t\t}\n\t\t: {};\n\ntype InferFieldOutput<T extends DBFieldAttribute> = T[\"returned\"] extends false\n\t? never\n\t: T[\"required\"] extends false\n\t\t? InferValueType<T[\"type\"]> | undefined | null\n\t\t: InferValueType<T[\"type\"]>;\n\n/**\n * Converts a Record<string, DBFieldAttribute> to an object type\n * with keys and value types inferred from DBFieldAttribute[\"type\"].\n */\nexport type FieldAttributeToObject<\n\tFields extends Record<string, DBFieldAttribute>,\n> = AddOptionalFields<\n\t{\n\t\t[K in keyof Fields]: InferValueType<Fields[K][\"type\"]>;\n\t},\n\tFields\n>;\n\ntype AddOptionalFields<\n\tT extends Record<string, any>,\n\tFields extends Record<keyof T, DBFieldAttribute>,\n> = {\n\t// Required fields: required === true\n\t[K in keyof T as Fields[K] extends { required: true } ? K : never]: T[K];\n} & {\n\t// Optional fields: required !== true\n\t[K in keyof T as Fields[K] extends { required: true } ? never : K]?: T[K];\n};\n\n/**\n * Infer the additional fields from the plugin options.\n * For example, you can infer the additional fields of the org plugin's organization schema like this:\n * ```ts\n * type AdditionalFields = InferAdditionalFieldsFromPluginOptions<\"organization\", OrganizationOptions>\n * ```\n *\n * @param isClientSide - When `true` (default), filters out `input: false` fields (clients can't send these).\n *   When `false`, includes all fields (for internal/server-side use).\n */\nexport type InferAdditionalFieldsFromPluginOptions<\n\tSchemaName extends string,\n\tOptions extends {\n\t\tschema?:\n\t\t\t| {\n\t\t\t\t\t[key in SchemaName]?: {\n\t\t\t\t\t\tadditionalFields?: Record<string, DBFieldAttribute>;\n\t\t\t\t\t};\n\t\t\t  }\n\t\t\t| undefined;\n\t},\n\tisClientSide extends boolean = true,\n> = Options[\"schema\"] extends {\n\t[key in SchemaName]?: {\n\t\tadditionalFields: infer Field extends Record<string, DBFieldAttribute>;\n\t};\n}\n\t? isClientSide extends true\n\t\t? FieldAttributeToObject<RemoveFieldsWithInputFalse<Field>>\n\t\t: FieldAttributeToObject<Field>\n\t: {};\n\ntype RemoveFieldsWithInputFalse<T extends Record<string, DBFieldAttribute>> = {\n\t[K in keyof T as T[K][\"input\"] extends false ? never : K]: T[K];\n};\n\nexport type RemoveFieldsWithReturnedFalse<\n\tT extends Record<string, DBFieldAttribute>,\n> = {\n\t[K in keyof T as T[K][\"returned\"] extends false ? never : K]: T[K];\n};\n\ntype InferFieldInput<T extends DBFieldAttribute> = InferValueType<T[\"type\"]>;\n\nexport type PluginFieldAttribute = Omit<\n\tDBFieldAttribute,\n\t\"transform\" | \"defaultValue\" | \"hashValue\"\n>;\n\nexport type InferFieldsFromPlugins<\n\tOptions extends BetterAuthOptions,\n\tKey extends string,\n\tFormat extends \"output\" | \"input\",\n> = Options[\"plugins\"] extends []\n\t? {}\n\t: Options[\"plugins\"] extends Array<infer T>\n\t\t? T extends {\n\t\t\t\tschema: {\n\t\t\t\t\t[key in Key]: {\n\t\t\t\t\t\tfields: infer Field;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t}\n\t\t\t? Format extends \"output\"\n\t\t\t\t? InferFieldsOutput<Field>\n\t\t\t\t: InferFieldsInput<Field>\n\t\t\t: {}\n\t\t: {};\n\nexport type InferFieldsFromOptions<\n\tOptions extends BetterAuthOptions,\n\tKey extends \"session\" | \"user\",\n\tFormat extends \"output\" | \"input\",\n> = Options[Key] extends {\n\tadditionalFields: infer Field;\n}\n\t? Format extends \"output\"\n\t\t? InferFieldsOutput<Field>\n\t\t: InferFieldsInput<Field>\n\t: {};\n"],"mappings":";AAOA,MAAa,wBAIZ,MACA,WACI;AACJ,QAAO;EACN;EACA,GAAG;EACH"}

package/dist/db/get-migration.d.mts

@@ -0,0 +1,23 @@
+import { BetterAuthOptions } from "@better-auth/core";
+import { DBFieldAttribute, DBFieldType } from "@better-auth/core/db";
+import { KyselyDatabaseType } from "@better-auth/kysely-adapter";
+
+//#region src/db/get-migration.d.ts
+declare function matchType(columnDataType: string, fieldType: DBFieldType, dbType: KyselyDatabaseType): any;
+declare function getMigrations(config: BetterAuthOptions): Promise<{
+  toBeCreated: {
+    table: string;
+    fields: Record<string, DBFieldAttribute>;
+    order: number;
+  }[];
+  toBeAdded: {
+    table: string;
+    fields: Record<string, DBFieldAttribute>;
+    order: number;
+  }[];
+  runMigrations: () => Promise<void>;
+  compileMigrations: () => Promise<string>;
+}>;
+//#endregion
+export { getMigrations, matchType };
+//# sourceMappingURL=get-migration.d.mts.map