@hammadj/better-auth 1.5.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -0
- package/dist/_virtual/rolldown_runtime.mjs +36 -0
- package/dist/adapters/drizzle-adapter/index.d.mts +1 -0
- package/dist/adapters/drizzle-adapter/index.mjs +3 -0
- package/dist/adapters/index.d.mts +23 -0
- package/dist/adapters/index.mjs +13 -0
- package/dist/adapters/index.mjs.map +1 -0
- package/dist/adapters/kysely-adapter/index.d.mts +1 -0
- package/dist/adapters/kysely-adapter/index.mjs +3 -0
- package/dist/adapters/memory-adapter/index.d.mts +1 -0
- package/dist/adapters/memory-adapter/index.mjs +3 -0
- package/dist/adapters/mongodb-adapter/index.d.mts +1 -0
- package/dist/adapters/mongodb-adapter/index.mjs +3 -0
- package/dist/adapters/prisma-adapter/index.d.mts +1 -0
- package/dist/adapters/prisma-adapter/index.mjs +3 -0
- package/dist/api/index.d.mts +40 -0
- package/dist/api/index.mjs +205 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +17 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +177 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +10 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +5 -0
- package/dist/api/routes/callback.mjs +178 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +29 -0
- package/dist/api/routes/email-verification.mjs +301 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +5 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +5 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +8 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +52 -0
- package/dist/api/routes/session.mjs +478 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +8 -0
- package/dist/api/routes/sign-in.mjs +262 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +5 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +7 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +12 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +5 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +44 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/full.d.mts +30 -0
- package/dist/auth/full.mjs +32 -0
- package/dist/auth/full.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +30 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/lynx/index.d.mts +62 -0
- package/dist/client/lynx/index.mjs +24 -0
- package/dist/client/lynx/index.mjs.map +1 -0
- package/dist/client/lynx/lynx-store.d.mts +47 -0
- package/dist/client/lynx/lynx-store.mjs +47 -0
- package/dist/client/lynx/lynx-store.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +57 -0
- package/dist/client/plugins/index.d.mts +58 -0
- package/dist/client/plugins/index.mjs +33 -0
- package/dist/client/plugins/infer-plugin.d.mts +9 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +63 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/solid/index.d.mts +57 -0
- package/dist/client/solid/index.mjs +22 -0
- package/dist/client/solid/index.mjs.map +1 -0
- package/dist/client/solid/solid-store.mjs +24 -0
- package/dist/client/solid/solid-store.mjs.map +1 -0
- package/dist/client/svelte/index.d.mts +63 -0
- package/dist/client/svelte/index.mjs +20 -0
- package/dist/client/svelte/index.mjs.map +1 -0
- package/dist/client/types.d.mts +58 -0
- package/dist/client/vanilla.d.mts +62 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/client/vue/index.d.mts +86 -0
- package/dist/client/vue/index.mjs +38 -0
- package/dist/client/vue/index.mjs.map +1 -0
- package/dist/client/vue/vue-store.mjs +26 -0
- package/dist/client/vue/vue-store.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +62 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init-minimal.mjs +20 -0
- package/dist/context/init-minimal.mjs.map +1 -0
- package/dist/context/init.mjs +22 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +67 -0
- package/dist/cookies/index.mjs +264 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +28 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/adapter-kysely.d.mts +8 -0
- package/dist/db/adapter-kysely.mjs +21 -0
- package/dist/db/adapter-kysely.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +55 -0
- package/dist/db/field.mjs +11 -0
- package/dist/db/field.mjs.map +1 -0
- package/dist/db/get-migration.d.mts +23 -0
- package/dist/db/get-migration.mjs +339 -0
- package/dist/db/get-migration.mjs.map +1 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +9 -0
- package/dist/db/index.mjs +36 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +26 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +52 -0
- package/dist/index.mjs +26 -0
- package/dist/integrations/next-js.d.mts +14 -0
- package/dist/integrations/next-js.mjs +78 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/integrations/node.d.mts +13 -0
- package/dist/integrations/node.mjs +16 -0
- package/dist/integrations/node.mjs.map +1 -0
- package/dist/integrations/solid-start.d.mts +23 -0
- package/dist/integrations/solid-start.mjs +17 -0
- package/dist/integrations/solid-start.mjs.map +1 -0
- package/dist/integrations/svelte-kit.d.mts +29 -0
- package/dist/integrations/svelte-kit.mjs +57 -0
- package/dist/integrations/svelte-kit.mjs.map +1 -0
- package/dist/integrations/tanstack-start-solid.d.mts +22 -0
- package/dist/integrations/tanstack-start-solid.mjs +61 -0
- package/dist/integrations/tanstack-start-solid.mjs.map +1 -0
- package/dist/integrations/tanstack-start.d.mts +22 -0
- package/dist/integrations/tanstack-start.mjs +61 -0
- package/dist/integrations/tanstack-start.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +31 -0
- package/dist/oauth2/link-account.mjs +144 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +14 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +14 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +14 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +5 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +855 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +6 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/anonymous/client.d.mts +9 -0
- package/dist/plugins/anonymous/client.mjs +22 -0
- package/dist/plugins/anonymous/client.mjs.map +1 -0
- package/dist/plugins/anonymous/error-codes.d.mts +5 -0
- package/dist/plugins/anonymous/error-codes.mjs +16 -0
- package/dist/plugins/anonymous/error-codes.mjs.map +1 -0
- package/dist/plugins/anonymous/index.d.mts +14 -0
- package/dist/plugins/anonymous/index.mjs +163 -0
- package/dist/plugins/anonymous/index.mjs.map +1 -0
- package/dist/plugins/anonymous/schema.d.mts +5 -0
- package/dist/plugins/anonymous/schema.mjs +11 -0
- package/dist/plugins/anonymous/schema.mjs.map +1 -0
- package/dist/plugins/anonymous/types.d.mts +68 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +9 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +5 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +17 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +223 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +11 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +25 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +14 -0
- package/dist/plugins/captcha/index.mjs +60 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +25 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +29 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +10 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +26 -0
- package/dist/plugins/custom-session/index.mjs +70 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +5 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +28 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +7 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +5 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +14 -0
- package/dist/plugins/email-otp/index.mjs +108 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +564 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +74 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +19 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +5 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +15 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +34 -0
- package/dist/plugins/generic-oauth/index.mjs +137 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +394 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +145 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +21 -0
- package/dist/plugins/haveibeenpwned/index.mjs +56 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +68 -0
- package/dist/plugins/index.mjs +51 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +18 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +17 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +5 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +18 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +52 -0
- package/dist/plugins/last-login-method/index.mjs +77 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +5 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +61 -0
- package/dist/plugins/magic-link/index.mjs +167 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +46 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +8 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +5 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +22 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +39 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +44 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +8 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +32 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +26 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +159 -0
- package/dist/plugins/one-tap/client.mjs +214 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +27 -0
- package/dist/plugins/one-tap/index.mjs +96 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +7 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +53 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +45 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +205 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +151 -0
- package/dist/plugins/organization/client.mjs +107 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +5 -0
- package/dist/plugins/organization/error-codes.mjs +65 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +252 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +26 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +11 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +656 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +16 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +555 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-members.mjs +473 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-org.mjs +447 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +15 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +733 -0
- package/dist/plugins/phone-number/client.d.mts +8 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +5 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +14 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +459 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +5 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/siwe/client.d.mts +5 -0
- package/dist/plugins/siwe/client.mjs +11 -0
- package/dist/plugins/siwe/client.mjs.map +1 -0
- package/dist/plugins/siwe/error-codes.mjs +13 -0
- package/dist/plugins/siwe/error-codes.mjs.map +1 -0
- package/dist/plugins/siwe/index.d.mts +26 -0
- package/dist/plugins/siwe/index.mjs +261 -0
- package/dist/plugins/siwe/index.mjs.map +1 -0
- package/dist/plugins/siwe/schema.d.mts +5 -0
- package/dist/plugins/siwe/schema.mjs +32 -0
- package/dist/plugins/siwe/schema.mjs.map +1 -0
- package/dist/plugins/siwe/types.d.mts +44 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +91 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +17 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +5 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +19 -0
- package/dist/plugins/two-factor/index.mjs +207 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +96 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +5 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +81 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +65 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +76 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +7 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +5 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +74 -0
- package/dist/plugins/username/index.mjs +237 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +9 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/social-providers/index.d.mts +1 -0
- package/dist/social-providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/test-utils/headers.d.mts +9 -0
- package/dist/test-utils/headers.mjs +24 -0
- package/dist/test-utils/headers.mjs.map +1 -0
- package/dist/test-utils/index.d.mts +3 -0
- package/dist/test-utils/index.mjs +4 -0
- package/dist/test-utils/test-instance.d.mts +181 -0
- package/dist/test-utils/test-instance.mjs +210 -0
- package/dist/test-utils/test-instance.mjs.map +1 -0
- package/dist/types/adapter.d.mts +24 -0
- package/dist/types/api.d.mts +62 -0
- package/dist/types/auth.d.mts +30 -0
- package/dist/types/helper.d.mts +21 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +17 -0
- package/dist/types/plugins.d.mts +16 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hashing.mjs +21 -0
- package/dist/utils/hashing.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +3 -0
- package/dist/utils/index.mjs +5 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +6 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +601 -0
|
@@ -0,0 +1,855 @@
|
|
|
1
|
+
import { parseSessionOutput, parseUserOutput } from "../../db/schema.mjs";
|
|
2
|
+
import { getDate } from "../../utils/date.mjs";
|
|
3
|
+
import { deleteSessionCookie, expireCookie, setSessionCookie } from "../../cookies/index.mjs";
|
|
4
|
+
import { getSessionFromCtx } from "../../api/routes/session.mjs";
|
|
5
|
+
import "../../api/index.mjs";
|
|
6
|
+
import { ADMIN_ERROR_CODES } from "./error-codes.mjs";
|
|
7
|
+
import { hasPermission } from "./has-permission.mjs";
|
|
8
|
+
import { APIError, BASE_ERROR_CODES } from "@better-auth/core/error";
|
|
9
|
+
import { createAuthEndpoint, createAuthMiddleware } from "@better-auth/core/api";
|
|
10
|
+
import * as z from "zod";
|
|
11
|
+
|
|
12
|
+
//#region src/plugins/admin/routes.ts
|
|
13
|
+
/**
|
|
14
|
+
* Ensures a valid session, if not will throw.
|
|
15
|
+
* Will also provide additional types on the user to include role types.
|
|
16
|
+
*/
|
|
17
|
+
const adminMiddleware = createAuthMiddleware(async (ctx) => {
|
|
18
|
+
const session = await getSessionFromCtx(ctx);
|
|
19
|
+
if (!session) throw APIError.fromStatus("UNAUTHORIZED");
|
|
20
|
+
return { session };
|
|
21
|
+
});
|
|
22
|
+
function parseRoles(roles) {
|
|
23
|
+
return Array.isArray(roles) ? roles.join(",") : roles;
|
|
24
|
+
}
|
|
25
|
+
const setRoleBodySchema = z.object({
|
|
26
|
+
userId: z.coerce.string().meta({ description: "The user id" }),
|
|
27
|
+
role: z.union([z.string().meta({ description: "The role to set. `admin` or `user` by default" }), z.array(z.string().meta({ description: "The roles to set. `admin` or `user` by default" }))]).meta({ description: "The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`" })
|
|
28
|
+
});
|
|
29
|
+
/**
|
|
30
|
+
* ### Endpoint
|
|
31
|
+
*
|
|
32
|
+
* POST `/admin/set-role`
|
|
33
|
+
*
|
|
34
|
+
* ### API Methods
|
|
35
|
+
*
|
|
36
|
+
* **server:**
|
|
37
|
+
* `auth.api.setRole`
|
|
38
|
+
*
|
|
39
|
+
* **client:**
|
|
40
|
+
* `authClient.admin.setRole`
|
|
41
|
+
*
|
|
42
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)
|
|
43
|
+
*/
|
|
44
|
+
const setRole = (opts) => createAuthEndpoint("/admin/set-role", {
|
|
45
|
+
method: "POST",
|
|
46
|
+
body: setRoleBodySchema,
|
|
47
|
+
requireHeaders: true,
|
|
48
|
+
use: [adminMiddleware],
|
|
49
|
+
metadata: {
|
|
50
|
+
openapi: {
|
|
51
|
+
operationId: "setUserRole",
|
|
52
|
+
summary: "Set the role of a user",
|
|
53
|
+
description: "Set the role of a user",
|
|
54
|
+
responses: { 200: {
|
|
55
|
+
description: "User role updated",
|
|
56
|
+
content: { "application/json": { schema: {
|
|
57
|
+
type: "object",
|
|
58
|
+
properties: { user: { $ref: "#/components/schemas/User" } }
|
|
59
|
+
} } }
|
|
60
|
+
} }
|
|
61
|
+
},
|
|
62
|
+
$Infer: { body: {} }
|
|
63
|
+
}
|
|
64
|
+
}, async (ctx) => {
|
|
65
|
+
if (!hasPermission({
|
|
66
|
+
userId: ctx.context.session.user.id,
|
|
67
|
+
role: ctx.context.session.user.role,
|
|
68
|
+
options: opts,
|
|
69
|
+
permissions: { user: ["set-role"] }
|
|
70
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE);
|
|
71
|
+
const roles = opts.roles;
|
|
72
|
+
if (roles) {
|
|
73
|
+
const inputRoles = Array.isArray(ctx.body.role) ? ctx.body.role : [ctx.body.role];
|
|
74
|
+
for (const role of inputRoles) if (!roles[role]) throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE);
|
|
75
|
+
}
|
|
76
|
+
const updatedUser = await ctx.context.internalAdapter.updateUser(ctx.body.userId, { role: parseRoles(ctx.body.role) });
|
|
77
|
+
return ctx.json({ user: parseUserOutput(ctx.context.options, updatedUser) });
|
|
78
|
+
});
|
|
79
|
+
const getUserQuerySchema = z.object({ id: z.string().meta({ description: "The id of the User" }) });
|
|
80
|
+
const getUser = (opts) => createAuthEndpoint("/admin/get-user", {
|
|
81
|
+
method: "GET",
|
|
82
|
+
query: getUserQuerySchema,
|
|
83
|
+
use: [adminMiddleware],
|
|
84
|
+
metadata: { openapi: {
|
|
85
|
+
operationId: "getUser",
|
|
86
|
+
summary: "Get an existing user",
|
|
87
|
+
description: "Get an existing user",
|
|
88
|
+
responses: { 200: {
|
|
89
|
+
description: "User",
|
|
90
|
+
content: { "application/json": { schema: {
|
|
91
|
+
type: "object",
|
|
92
|
+
properties: { user: { $ref: "#/components/schemas/User" } }
|
|
93
|
+
} } }
|
|
94
|
+
} }
|
|
95
|
+
} }
|
|
96
|
+
}, async (ctx) => {
|
|
97
|
+
const { id } = ctx.query;
|
|
98
|
+
if (!hasPermission({
|
|
99
|
+
userId: ctx.context.session.user.id,
|
|
100
|
+
role: ctx.context.session.user.role,
|
|
101
|
+
options: opts,
|
|
102
|
+
permissions: { user: ["get"] }
|
|
103
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER);
|
|
104
|
+
const user = await ctx.context.internalAdapter.findUserById(id);
|
|
105
|
+
if (!user) throw APIError.from("NOT_FOUND", BASE_ERROR_CODES.USER_NOT_FOUND);
|
|
106
|
+
return parseUserOutput(ctx.context.options, user);
|
|
107
|
+
});
|
|
108
|
+
const createUserBodySchema = z.object({
|
|
109
|
+
email: z.string().meta({ description: "The email of the user" }),
|
|
110
|
+
password: z.string().optional().meta({ description: "The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users)." }),
|
|
111
|
+
name: z.string().meta({ description: "The name of the user" }),
|
|
112
|
+
role: z.union([z.string().meta({ description: "The role of the user" }), z.array(z.string().meta({ description: "The roles of user" }))]).optional().meta({ description: `A string or array of strings representing the roles to apply to the new user. Eg: \"user\"` }),
|
|
113
|
+
data: z.record(z.string(), z.any()).optional().meta({ description: "Extra fields for the user. Including custom additional fields." })
|
|
114
|
+
});
|
|
115
|
+
/**
|
|
116
|
+
* ### Endpoint
|
|
117
|
+
*
|
|
118
|
+
* POST `/admin/create-user`
|
|
119
|
+
*
|
|
120
|
+
* ### API Methods
|
|
121
|
+
*
|
|
122
|
+
* **server:**
|
|
123
|
+
* `auth.api.createUser`
|
|
124
|
+
*
|
|
125
|
+
* **client:**
|
|
126
|
+
* `authClient.admin.createUser`
|
|
127
|
+
*
|
|
128
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)
|
|
129
|
+
*/
|
|
130
|
+
const createUser = (opts) => createAuthEndpoint("/admin/create-user", {
|
|
131
|
+
method: "POST",
|
|
132
|
+
body: createUserBodySchema,
|
|
133
|
+
metadata: {
|
|
134
|
+
openapi: {
|
|
135
|
+
operationId: "createUser",
|
|
136
|
+
summary: "Create a new user",
|
|
137
|
+
description: "Create a new user",
|
|
138
|
+
responses: { 200: {
|
|
139
|
+
description: "User created",
|
|
140
|
+
content: { "application/json": { schema: {
|
|
141
|
+
type: "object",
|
|
142
|
+
properties: { user: { $ref: "#/components/schemas/User" } }
|
|
143
|
+
} } }
|
|
144
|
+
} }
|
|
145
|
+
},
|
|
146
|
+
$Infer: { body: {} }
|
|
147
|
+
}
|
|
148
|
+
}, async (ctx) => {
|
|
149
|
+
const session = await getSessionFromCtx(ctx);
|
|
150
|
+
if (!session && (ctx.request || ctx.headers)) throw ctx.error("UNAUTHORIZED");
|
|
151
|
+
if (session) {
|
|
152
|
+
if (!hasPermission({
|
|
153
|
+
userId: session.user.id,
|
|
154
|
+
role: session.user.role,
|
|
155
|
+
options: opts,
|
|
156
|
+
permissions: { user: ["create"] }
|
|
157
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS);
|
|
158
|
+
}
|
|
159
|
+
const email = ctx.body.email.toLowerCase();
|
|
160
|
+
if (!z.email().safeParse(email).success) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.INVALID_EMAIL);
|
|
161
|
+
if (await ctx.context.internalAdapter.findUserByEmail(email)) throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL);
|
|
162
|
+
const user = await ctx.context.internalAdapter.createUser({
|
|
163
|
+
email,
|
|
164
|
+
name: ctx.body.name,
|
|
165
|
+
role: (ctx.body.role && parseRoles(ctx.body.role)) ?? opts?.defaultRole ?? "user",
|
|
166
|
+
...ctx.body.data
|
|
167
|
+
});
|
|
168
|
+
if (!user) throw APIError.from("INTERNAL_SERVER_ERROR", ADMIN_ERROR_CODES.FAILED_TO_CREATE_USER);
|
|
169
|
+
if (ctx.body.password) {
|
|
170
|
+
const hashedPassword = await ctx.context.password.hash(ctx.body.password);
|
|
171
|
+
await ctx.context.internalAdapter.linkAccount({
|
|
172
|
+
accountId: user.id,
|
|
173
|
+
providerId: "credential",
|
|
174
|
+
password: hashedPassword,
|
|
175
|
+
userId: user.id
|
|
176
|
+
});
|
|
177
|
+
}
|
|
178
|
+
return ctx.json({ user: parseUserOutput(ctx.context.options, user) });
|
|
179
|
+
});
|
|
180
|
+
const adminUpdateUserBodySchema = z.object({
|
|
181
|
+
userId: z.coerce.string().meta({ description: "The user id" }),
|
|
182
|
+
data: z.record(z.any(), z.any()).meta({ description: "The user data to update" })
|
|
183
|
+
});
|
|
184
|
+
/**
|
|
185
|
+
* ### Endpoint
|
|
186
|
+
*
|
|
187
|
+
* POST `/admin/update-user`
|
|
188
|
+
*
|
|
189
|
+
* ### API Methods
|
|
190
|
+
*
|
|
191
|
+
* **server:**
|
|
192
|
+
* `auth.api.adminUpdateUser`
|
|
193
|
+
*
|
|
194
|
+
* **client:**
|
|
195
|
+
* `authClient.admin.updateUser`
|
|
196
|
+
*
|
|
197
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)
|
|
198
|
+
*/
|
|
199
|
+
const adminUpdateUser = (opts) => createAuthEndpoint("/admin/update-user", {
|
|
200
|
+
method: "POST",
|
|
201
|
+
body: adminUpdateUserBodySchema,
|
|
202
|
+
use: [adminMiddleware],
|
|
203
|
+
metadata: { openapi: {
|
|
204
|
+
operationId: "updateUser",
|
|
205
|
+
summary: "Update a user",
|
|
206
|
+
description: "Update a user's details",
|
|
207
|
+
responses: { 200: {
|
|
208
|
+
description: "User updated",
|
|
209
|
+
content: { "application/json": { schema: {
|
|
210
|
+
type: "object",
|
|
211
|
+
properties: { user: { $ref: "#/components/schemas/User" } }
|
|
212
|
+
} } }
|
|
213
|
+
} }
|
|
214
|
+
} }
|
|
215
|
+
}, async (ctx) => {
|
|
216
|
+
if (!hasPermission({
|
|
217
|
+
userId: ctx.context.session.user.id,
|
|
218
|
+
role: ctx.context.session.user.role,
|
|
219
|
+
options: opts,
|
|
220
|
+
permissions: { user: ["update"] }
|
|
221
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS);
|
|
222
|
+
if (Object.keys(ctx.body.data).length === 0) throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);
|
|
223
|
+
if (Object.prototype.hasOwnProperty.call(ctx.body.data, "role")) {
|
|
224
|
+
if (!hasPermission({
|
|
225
|
+
userId: ctx.context.session.user.id,
|
|
226
|
+
role: ctx.context.session.user.role,
|
|
227
|
+
options: opts,
|
|
228
|
+
permissions: { user: ["set-role"] }
|
|
229
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE);
|
|
230
|
+
const roleValue = ctx.body.data.role;
|
|
231
|
+
const inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];
|
|
232
|
+
for (const role of inputRoles) {
|
|
233
|
+
if (typeof role !== "string") throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.INVALID_ROLE_TYPE);
|
|
234
|
+
if (opts.roles && !opts.roles[role]) throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE);
|
|
235
|
+
}
|
|
236
|
+
ctx.body.data.role = parseRoles(inputRoles);
|
|
237
|
+
}
|
|
238
|
+
const updatedUser = await ctx.context.internalAdapter.updateUser(ctx.body.userId, ctx.body.data);
|
|
239
|
+
return ctx.json(parseUserOutput(ctx.context.options, updatedUser));
|
|
240
|
+
});
|
|
241
|
+
const listUsersQuerySchema = z.object({
|
|
242
|
+
searchValue: z.string().optional().meta({ description: "The value to search for. Eg: \"some name\"" }),
|
|
243
|
+
searchField: z.enum(["email", "name"]).meta({ description: "The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"" }).optional(),
|
|
244
|
+
searchOperator: z.enum([
|
|
245
|
+
"contains",
|
|
246
|
+
"starts_with",
|
|
247
|
+
"ends_with"
|
|
248
|
+
]).meta({ description: "The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"" }).optional(),
|
|
249
|
+
limit: z.string().meta({ description: "The number of users to return" }).or(z.number()).optional(),
|
|
250
|
+
offset: z.string().meta({ description: "The offset to start from" }).or(z.number()).optional(),
|
|
251
|
+
sortBy: z.string().meta({ description: "The field to sort by" }).optional(),
|
|
252
|
+
sortDirection: z.enum(["asc", "desc"]).meta({ description: "The direction to sort by" }).optional(),
|
|
253
|
+
filterField: z.string().meta({ description: "The field to filter by" }).optional(),
|
|
254
|
+
filterValue: z.string().meta({ description: "The value to filter by" }).or(z.number()).or(z.boolean()).optional(),
|
|
255
|
+
filterOperator: z.enum([
|
|
256
|
+
"eq",
|
|
257
|
+
"ne",
|
|
258
|
+
"lt",
|
|
259
|
+
"lte",
|
|
260
|
+
"gt",
|
|
261
|
+
"gte",
|
|
262
|
+
"contains"
|
|
263
|
+
]).meta({ description: "The operator to use for the filter" }).optional()
|
|
264
|
+
});
|
|
265
|
+
const listUsers = (opts) => createAuthEndpoint("/admin/list-users", {
|
|
266
|
+
method: "GET",
|
|
267
|
+
use: [adminMiddleware],
|
|
268
|
+
query: listUsersQuerySchema,
|
|
269
|
+
metadata: { openapi: {
|
|
270
|
+
operationId: "listUsers",
|
|
271
|
+
summary: "List users",
|
|
272
|
+
description: "List users",
|
|
273
|
+
responses: { 200: {
|
|
274
|
+
description: "List of users",
|
|
275
|
+
content: { "application/json": { schema: {
|
|
276
|
+
type: "object",
|
|
277
|
+
properties: {
|
|
278
|
+
users: {
|
|
279
|
+
type: "array",
|
|
280
|
+
items: { $ref: "#/components/schemas/User" }
|
|
281
|
+
},
|
|
282
|
+
total: { type: "number" },
|
|
283
|
+
limit: { type: "number" },
|
|
284
|
+
offset: { type: "number" }
|
|
285
|
+
},
|
|
286
|
+
required: ["users", "total"]
|
|
287
|
+
} } }
|
|
288
|
+
} }
|
|
289
|
+
} }
|
|
290
|
+
}, async (ctx) => {
|
|
291
|
+
const session = ctx.context.session;
|
|
292
|
+
if (!hasPermission({
|
|
293
|
+
userId: ctx.context.session.user.id,
|
|
294
|
+
role: session.user.role,
|
|
295
|
+
options: opts,
|
|
296
|
+
permissions: { user: ["list"] }
|
|
297
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS);
|
|
298
|
+
const where = [];
|
|
299
|
+
if (ctx.query?.searchValue) where.push({
|
|
300
|
+
field: ctx.query.searchField || "email",
|
|
301
|
+
operator: ctx.query.searchOperator || "contains",
|
|
302
|
+
value: ctx.query.searchValue
|
|
303
|
+
});
|
|
304
|
+
if (ctx.query?.filterValue) where.push({
|
|
305
|
+
field: ctx.query.filterField || "email",
|
|
306
|
+
operator: ctx.query.filterOperator || "eq",
|
|
307
|
+
value: ctx.query.filterValue
|
|
308
|
+
});
|
|
309
|
+
try {
|
|
310
|
+
const users = await ctx.context.internalAdapter.listUsers(Number(ctx.query?.limit) || void 0, Number(ctx.query?.offset) || void 0, ctx.query?.sortBy ? {
|
|
311
|
+
field: ctx.query.sortBy,
|
|
312
|
+
direction: ctx.query.sortDirection || "asc"
|
|
313
|
+
} : void 0, where.length ? where : void 0);
|
|
314
|
+
const total = await ctx.context.internalAdapter.countTotalUsers(where.length ? where : void 0);
|
|
315
|
+
return ctx.json({
|
|
316
|
+
users: users.map((user) => parseUserOutput(ctx.context.options, user)),
|
|
317
|
+
total,
|
|
318
|
+
limit: Number(ctx.query?.limit) || void 0,
|
|
319
|
+
offset: Number(ctx.query?.offset) || void 0
|
|
320
|
+
});
|
|
321
|
+
} catch {
|
|
322
|
+
return ctx.json({
|
|
323
|
+
users: [],
|
|
324
|
+
total: 0
|
|
325
|
+
});
|
|
326
|
+
}
|
|
327
|
+
});
|
|
328
|
+
const listUserSessionsBodySchema = z.object({ userId: z.coerce.string().meta({ description: "The user id" }) });
|
|
329
|
+
/**
|
|
330
|
+
* ### Endpoint
|
|
331
|
+
*
|
|
332
|
+
* POST `/admin/list-user-sessions`
|
|
333
|
+
*
|
|
334
|
+
* ### API Methods
|
|
335
|
+
*
|
|
336
|
+
* **server:**
|
|
337
|
+
* `auth.api.listUserSessions`
|
|
338
|
+
*
|
|
339
|
+
* **client:**
|
|
340
|
+
* `authClient.admin.listUserSessions`
|
|
341
|
+
*
|
|
342
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)
|
|
343
|
+
*/
|
|
344
|
+
const listUserSessions = (opts) => createAuthEndpoint("/admin/list-user-sessions", {
|
|
345
|
+
method: "POST",
|
|
346
|
+
use: [adminMiddleware],
|
|
347
|
+
body: listUserSessionsBodySchema,
|
|
348
|
+
metadata: { openapi: {
|
|
349
|
+
operationId: "listUserSessions",
|
|
350
|
+
summary: "List user sessions",
|
|
351
|
+
description: "List user sessions",
|
|
352
|
+
responses: { 200: {
|
|
353
|
+
description: "List of user sessions",
|
|
354
|
+
content: { "application/json": { schema: {
|
|
355
|
+
type: "object",
|
|
356
|
+
properties: { sessions: {
|
|
357
|
+
type: "array",
|
|
358
|
+
items: { $ref: "#/components/schemas/Session" }
|
|
359
|
+
} }
|
|
360
|
+
} } }
|
|
361
|
+
} }
|
|
362
|
+
} }
|
|
363
|
+
}, async (ctx) => {
|
|
364
|
+
const session = ctx.context.session;
|
|
365
|
+
if (!hasPermission({
|
|
366
|
+
userId: ctx.context.session.user.id,
|
|
367
|
+
role: session.user.role,
|
|
368
|
+
options: opts,
|
|
369
|
+
permissions: { session: ["list"] }
|
|
370
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS);
|
|
371
|
+
const sessions = await ctx.context.internalAdapter.listSessions(ctx.body.userId);
|
|
372
|
+
return ctx.json({ sessions: sessions.map((s) => parseSessionOutput(ctx.context.options, s)) });
|
|
373
|
+
});
|
|
374
|
+
const unbanUserBodySchema = z.object({ userId: z.coerce.string().meta({ description: "The user id" }) });
|
|
375
|
+
/**
|
|
376
|
+
* ### Endpoint
|
|
377
|
+
*
|
|
378
|
+
* POST `/admin/unban-user`
|
|
379
|
+
*
|
|
380
|
+
* ### API Methods
|
|
381
|
+
*
|
|
382
|
+
* **server:**
|
|
383
|
+
* `auth.api.unbanUser`
|
|
384
|
+
*
|
|
385
|
+
* **client:**
|
|
386
|
+
* `authClient.admin.unbanUser`
|
|
387
|
+
*
|
|
388
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)
|
|
389
|
+
*/
|
|
390
|
+
const unbanUser = (opts) => createAuthEndpoint("/admin/unban-user", {
|
|
391
|
+
method: "POST",
|
|
392
|
+
body: unbanUserBodySchema,
|
|
393
|
+
use: [adminMiddleware],
|
|
394
|
+
metadata: { openapi: {
|
|
395
|
+
operationId: "unbanUser",
|
|
396
|
+
summary: "Unban a user",
|
|
397
|
+
description: "Unban a user",
|
|
398
|
+
responses: { 200: {
|
|
399
|
+
description: "User unbanned",
|
|
400
|
+
content: { "application/json": { schema: {
|
|
401
|
+
type: "object",
|
|
402
|
+
properties: { user: { $ref: "#/components/schemas/User" } }
|
|
403
|
+
} } }
|
|
404
|
+
} }
|
|
405
|
+
} }
|
|
406
|
+
}, async (ctx) => {
|
|
407
|
+
const session = ctx.context.session;
|
|
408
|
+
if (!hasPermission({
|
|
409
|
+
userId: ctx.context.session.user.id,
|
|
410
|
+
role: session.user.role,
|
|
411
|
+
options: opts,
|
|
412
|
+
permissions: { user: ["ban"] }
|
|
413
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS);
|
|
414
|
+
const user = await ctx.context.internalAdapter.updateUser(ctx.body.userId, {
|
|
415
|
+
banned: false,
|
|
416
|
+
banExpires: null,
|
|
417
|
+
banReason: null,
|
|
418
|
+
updatedAt: /* @__PURE__ */ new Date()
|
|
419
|
+
});
|
|
420
|
+
return ctx.json({ user: parseUserOutput(ctx.context.options, user) });
|
|
421
|
+
});
|
|
422
|
+
const banUserBodySchema = z.object({
|
|
423
|
+
userId: z.coerce.string().meta({ description: "The user id" }),
|
|
424
|
+
banReason: z.string().meta({ description: "The reason for the ban" }).optional(),
|
|
425
|
+
banExpiresIn: z.number().meta({ description: "The number of seconds until the ban expires" }).optional()
|
|
426
|
+
});
|
|
427
|
+
/**
|
|
428
|
+
* ### Endpoint
|
|
429
|
+
*
|
|
430
|
+
* POST `/admin/ban-user`
|
|
431
|
+
*
|
|
432
|
+
* ### API Methods
|
|
433
|
+
*
|
|
434
|
+
* **server:**
|
|
435
|
+
* `auth.api.banUser`
|
|
436
|
+
*
|
|
437
|
+
* **client:**
|
|
438
|
+
* `authClient.admin.banUser`
|
|
439
|
+
*
|
|
440
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)
|
|
441
|
+
*/
|
|
442
|
+
const banUser = (opts) => createAuthEndpoint("/admin/ban-user", {
|
|
443
|
+
method: "POST",
|
|
444
|
+
body: banUserBodySchema,
|
|
445
|
+
use: [adminMiddleware],
|
|
446
|
+
metadata: { openapi: {
|
|
447
|
+
operationId: "banUser",
|
|
448
|
+
summary: "Ban a user",
|
|
449
|
+
description: "Ban a user",
|
|
450
|
+
responses: { 200: {
|
|
451
|
+
description: "User banned",
|
|
452
|
+
content: { "application/json": { schema: {
|
|
453
|
+
type: "object",
|
|
454
|
+
properties: { user: { $ref: "#/components/schemas/User" } }
|
|
455
|
+
} } }
|
|
456
|
+
} }
|
|
457
|
+
} }
|
|
458
|
+
}, async (ctx) => {
|
|
459
|
+
const session = ctx.context.session;
|
|
460
|
+
if (!hasPermission({
|
|
461
|
+
userId: ctx.context.session.user.id,
|
|
462
|
+
role: session.user.role,
|
|
463
|
+
options: opts,
|
|
464
|
+
permissions: { user: ["ban"] }
|
|
465
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS);
|
|
466
|
+
if (!await ctx.context.internalAdapter.findUserById(ctx.body.userId)) throw APIError.from("NOT_FOUND", BASE_ERROR_CODES.USER_NOT_FOUND);
|
|
467
|
+
if (ctx.body.userId === ctx.context.session.user.id) throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF);
|
|
468
|
+
const user = await ctx.context.internalAdapter.updateUser(ctx.body.userId, {
|
|
469
|
+
banned: true,
|
|
470
|
+
banReason: ctx.body.banReason || opts?.defaultBanReason || "No reason",
|
|
471
|
+
banExpires: ctx.body.banExpiresIn ? getDate(ctx.body.banExpiresIn, "sec") : opts?.defaultBanExpiresIn ? getDate(opts.defaultBanExpiresIn, "sec") : void 0,
|
|
472
|
+
updatedAt: /* @__PURE__ */ new Date()
|
|
473
|
+
});
|
|
474
|
+
await ctx.context.internalAdapter.deleteSessions(ctx.body.userId);
|
|
475
|
+
return ctx.json({ user: parseUserOutput(ctx.context.options, user) });
|
|
476
|
+
});
|
|
477
|
+
const impersonateUserBodySchema = z.object({ userId: z.coerce.string().meta({ description: "The user id" }) });
|
|
478
|
+
/**
|
|
479
|
+
* ### Endpoint
|
|
480
|
+
*
|
|
481
|
+
* POST `/admin/impersonate-user`
|
|
482
|
+
*
|
|
483
|
+
* ### API Methods
|
|
484
|
+
*
|
|
485
|
+
* **server:**
|
|
486
|
+
* `auth.api.impersonateUser`
|
|
487
|
+
*
|
|
488
|
+
* **client:**
|
|
489
|
+
* `authClient.admin.impersonateUser`
|
|
490
|
+
*
|
|
491
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)
|
|
492
|
+
*/
|
|
493
|
+
const impersonateUser = (opts) => createAuthEndpoint("/admin/impersonate-user", {
|
|
494
|
+
method: "POST",
|
|
495
|
+
body: impersonateUserBodySchema,
|
|
496
|
+
use: [adminMiddleware],
|
|
497
|
+
metadata: { openapi: {
|
|
498
|
+
operationId: "impersonateUser",
|
|
499
|
+
summary: "Impersonate a user",
|
|
500
|
+
description: "Impersonate a user",
|
|
501
|
+
responses: { 200: {
|
|
502
|
+
description: "Impersonation session created",
|
|
503
|
+
content: { "application/json": { schema: {
|
|
504
|
+
type: "object",
|
|
505
|
+
properties: {
|
|
506
|
+
session: { $ref: "#/components/schemas/Session" },
|
|
507
|
+
user: { $ref: "#/components/schemas/User" }
|
|
508
|
+
}
|
|
509
|
+
} } }
|
|
510
|
+
} }
|
|
511
|
+
} }
|
|
512
|
+
}, async (ctx) => {
|
|
513
|
+
if (!hasPermission({
|
|
514
|
+
userId: ctx.context.session.user.id,
|
|
515
|
+
role: ctx.context.session.user.role,
|
|
516
|
+
options: opts,
|
|
517
|
+
permissions: { user: ["impersonate"] }
|
|
518
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS);
|
|
519
|
+
const targetUser = await ctx.context.internalAdapter.findUserById(ctx.body.userId);
|
|
520
|
+
if (!targetUser) throw APIError.from("NOT_FOUND", BASE_ERROR_CODES.USER_NOT_FOUND);
|
|
521
|
+
const adminRoles = (Array.isArray(opts.adminRoles) ? opts.adminRoles : opts.adminRoles?.split(",") || []).map((role) => role.trim());
|
|
522
|
+
const targetUserRole = (targetUser.role || opts.defaultRole || "user").split(",");
|
|
523
|
+
if (opts.allowImpersonatingAdmins !== true && (targetUserRole.some((role) => adminRoles.includes(role)) || opts.adminUserIds?.includes(targetUser.id))) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS);
|
|
524
|
+
const session = await ctx.context.internalAdapter.createSession(targetUser.id, true, {
|
|
525
|
+
impersonatedBy: ctx.context.session.user.id,
|
|
526
|
+
expiresAt: opts?.impersonationSessionDuration ? getDate(opts.impersonationSessionDuration, "sec") : getDate(3600, "sec")
|
|
527
|
+
}, true);
|
|
528
|
+
if (!session) throw APIError.from("INTERNAL_SERVER_ERROR", ADMIN_ERROR_CODES.FAILED_TO_CREATE_USER);
|
|
529
|
+
const authCookies = ctx.context.authCookies;
|
|
530
|
+
deleteSessionCookie(ctx);
|
|
531
|
+
const dontRememberMeCookie = await ctx.getSignedCookie(ctx.context.authCookies.dontRememberToken.name, ctx.context.secret);
|
|
532
|
+
const adminCookieProp = ctx.context.createAuthCookie("admin_session");
|
|
533
|
+
await ctx.setSignedCookie(adminCookieProp.name, `${ctx.context.session.session.token}:${dontRememberMeCookie || ""}`, ctx.context.secret, authCookies.sessionToken.attributes);
|
|
534
|
+
await setSessionCookie(ctx, {
|
|
535
|
+
session,
|
|
536
|
+
user: targetUser
|
|
537
|
+
}, true);
|
|
538
|
+
return ctx.json({
|
|
539
|
+
session,
|
|
540
|
+
user: parseUserOutput(ctx.context.options, targetUser)
|
|
541
|
+
});
|
|
542
|
+
});
|
|
543
|
+
/**
|
|
544
|
+
* ### Endpoint
|
|
545
|
+
*
|
|
546
|
+
* POST `/admin/stop-impersonating`
|
|
547
|
+
*
|
|
548
|
+
* ### API Methods
|
|
549
|
+
*
|
|
550
|
+
* **server:**
|
|
551
|
+
* `auth.api.stopImpersonating`
|
|
552
|
+
*
|
|
553
|
+
* **client:**
|
|
554
|
+
* `authClient.admin.stopImpersonating`
|
|
555
|
+
*
|
|
556
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)
|
|
557
|
+
*/
|
|
558
|
+
const stopImpersonating = () => createAuthEndpoint("/admin/stop-impersonating", {
|
|
559
|
+
method: "POST",
|
|
560
|
+
requireHeaders: true
|
|
561
|
+
}, async (ctx) => {
|
|
562
|
+
const session = await getSessionFromCtx(ctx);
|
|
563
|
+
if (!session) throw APIError.fromStatus("UNAUTHORIZED");
|
|
564
|
+
if (!session.session.impersonatedBy) throw APIError.fromStatus("BAD_REQUEST", { message: "You are not impersonating anyone" });
|
|
565
|
+
const user = await ctx.context.internalAdapter.findUserById(session.session.impersonatedBy);
|
|
566
|
+
if (!user) throw APIError.fromStatus("INTERNAL_SERVER_ERROR", { message: "Failed to find user" });
|
|
567
|
+
const adminSessionCookie = ctx.context.createAuthCookie("admin_session");
|
|
568
|
+
const adminCookie = await ctx.getSignedCookie(adminSessionCookie.name, ctx.context.secret);
|
|
569
|
+
if (!adminCookie) throw APIError.fromStatus("INTERNAL_SERVER_ERROR", { message: "Failed to find admin session" });
|
|
570
|
+
const [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(":");
|
|
571
|
+
const adminSession = await ctx.context.internalAdapter.findSession(adminSessionToken);
|
|
572
|
+
if (!adminSession || adminSession.session.userId !== user.id) throw APIError.fromStatus("INTERNAL_SERVER_ERROR", { message: "Failed to find admin session" });
|
|
573
|
+
await ctx.context.internalAdapter.deleteSession(session.session.token);
|
|
574
|
+
await setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);
|
|
575
|
+
expireCookie(ctx, adminSessionCookie);
|
|
576
|
+
return ctx.json({
|
|
577
|
+
session: parseSessionOutput(ctx.context.options, adminSession.session),
|
|
578
|
+
user: parseUserOutput(ctx.context.options, adminSession.user)
|
|
579
|
+
});
|
|
580
|
+
});
|
|
581
|
+
const revokeUserSessionBodySchema = z.object({ sessionToken: z.string().meta({ description: "The session token" }) });
|
|
582
|
+
/**
|
|
583
|
+
* ### Endpoint
|
|
584
|
+
*
|
|
585
|
+
* POST `/admin/revoke-user-session`
|
|
586
|
+
*
|
|
587
|
+
* ### API Methods
|
|
588
|
+
*
|
|
589
|
+
* **server:**
|
|
590
|
+
* `auth.api.revokeUserSession`
|
|
591
|
+
*
|
|
592
|
+
* **client:**
|
|
593
|
+
* `authClient.admin.revokeUserSession`
|
|
594
|
+
*
|
|
595
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)
|
|
596
|
+
*/
|
|
597
|
+
const revokeUserSession = (opts) => createAuthEndpoint("/admin/revoke-user-session", {
|
|
598
|
+
method: "POST",
|
|
599
|
+
body: revokeUserSessionBodySchema,
|
|
600
|
+
use: [adminMiddleware],
|
|
601
|
+
metadata: { openapi: {
|
|
602
|
+
operationId: "revokeUserSession",
|
|
603
|
+
summary: "Revoke a user session",
|
|
604
|
+
description: "Revoke a user session",
|
|
605
|
+
responses: { 200: {
|
|
606
|
+
description: "Session revoked",
|
|
607
|
+
content: { "application/json": { schema: {
|
|
608
|
+
type: "object",
|
|
609
|
+
properties: { success: { type: "boolean" } }
|
|
610
|
+
} } }
|
|
611
|
+
} }
|
|
612
|
+
} }
|
|
613
|
+
}, async (ctx) => {
|
|
614
|
+
const session = ctx.context.session;
|
|
615
|
+
if (!hasPermission({
|
|
616
|
+
userId: ctx.context.session.user.id,
|
|
617
|
+
role: session.user.role,
|
|
618
|
+
options: opts,
|
|
619
|
+
permissions: { session: ["revoke"] }
|
|
620
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS);
|
|
621
|
+
await ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);
|
|
622
|
+
return ctx.json({ success: true });
|
|
623
|
+
});
|
|
624
|
+
const revokeUserSessionsBodySchema = z.object({ userId: z.coerce.string().meta({ description: "The user id" }) });
|
|
625
|
+
/**
|
|
626
|
+
* ### Endpoint
|
|
627
|
+
*
|
|
628
|
+
* POST `/admin/revoke-user-sessions`
|
|
629
|
+
*
|
|
630
|
+
* ### API Methods
|
|
631
|
+
*
|
|
632
|
+
* **server:**
|
|
633
|
+
* `auth.api.revokeUserSessions`
|
|
634
|
+
*
|
|
635
|
+
* **client:**
|
|
636
|
+
* `authClient.admin.revokeUserSessions`
|
|
637
|
+
*
|
|
638
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)
|
|
639
|
+
*/
|
|
640
|
+
const revokeUserSessions = (opts) => createAuthEndpoint("/admin/revoke-user-sessions", {
|
|
641
|
+
method: "POST",
|
|
642
|
+
body: revokeUserSessionsBodySchema,
|
|
643
|
+
use: [adminMiddleware],
|
|
644
|
+
metadata: { openapi: {
|
|
645
|
+
operationId: "revokeUserSessions",
|
|
646
|
+
summary: "Revoke all user sessions",
|
|
647
|
+
description: "Revoke all user sessions",
|
|
648
|
+
responses: { 200: {
|
|
649
|
+
description: "Sessions revoked",
|
|
650
|
+
content: { "application/json": { schema: {
|
|
651
|
+
type: "object",
|
|
652
|
+
properties: { success: { type: "boolean" } }
|
|
653
|
+
} } }
|
|
654
|
+
} }
|
|
655
|
+
} }
|
|
656
|
+
}, async (ctx) => {
|
|
657
|
+
const session = ctx.context.session;
|
|
658
|
+
if (!hasPermission({
|
|
659
|
+
userId: ctx.context.session.user.id,
|
|
660
|
+
role: session.user.role,
|
|
661
|
+
options: opts,
|
|
662
|
+
permissions: { session: ["revoke"] }
|
|
663
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS);
|
|
664
|
+
await ctx.context.internalAdapter.deleteSessions(ctx.body.userId);
|
|
665
|
+
return ctx.json({ success: true });
|
|
666
|
+
});
|
|
667
|
+
const removeUserBodySchema = z.object({ userId: z.coerce.string().meta({ description: "The user id" }) });
|
|
668
|
+
/**
|
|
669
|
+
* ### Endpoint
|
|
670
|
+
*
|
|
671
|
+
* POST `/admin/remove-user`
|
|
672
|
+
*
|
|
673
|
+
* ### API Methods
|
|
674
|
+
*
|
|
675
|
+
* **server:**
|
|
676
|
+
* `auth.api.removeUser`
|
|
677
|
+
*
|
|
678
|
+
* **client:**
|
|
679
|
+
* `authClient.admin.removeUser`
|
|
680
|
+
*
|
|
681
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)
|
|
682
|
+
*/
|
|
683
|
+
const removeUser = (opts) => createAuthEndpoint("/admin/remove-user", {
|
|
684
|
+
method: "POST",
|
|
685
|
+
body: removeUserBodySchema,
|
|
686
|
+
use: [adminMiddleware],
|
|
687
|
+
metadata: { openapi: {
|
|
688
|
+
operationId: "removeUser",
|
|
689
|
+
summary: "Remove a user",
|
|
690
|
+
description: "Delete a user and all their sessions and accounts. Cannot be undone.",
|
|
691
|
+
responses: { 200: {
|
|
692
|
+
description: "User removed",
|
|
693
|
+
content: { "application/json": { schema: {
|
|
694
|
+
type: "object",
|
|
695
|
+
properties: { success: { type: "boolean" } }
|
|
696
|
+
} } }
|
|
697
|
+
} }
|
|
698
|
+
} }
|
|
699
|
+
}, async (ctx) => {
|
|
700
|
+
const session = ctx.context.session;
|
|
701
|
+
if (!hasPermission({
|
|
702
|
+
userId: ctx.context.session.user.id,
|
|
703
|
+
role: session.user.role,
|
|
704
|
+
options: opts,
|
|
705
|
+
permissions: { user: ["delete"] }
|
|
706
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS);
|
|
707
|
+
if (ctx.body.userId === ctx.context.session.user.id) throw APIError.from("BAD_REQUEST", ADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF);
|
|
708
|
+
if (!await ctx.context.internalAdapter.findUserById(ctx.body.userId)) throw APIError.from("NOT_FOUND", BASE_ERROR_CODES.USER_NOT_FOUND);
|
|
709
|
+
await ctx.context.internalAdapter.deleteUser(ctx.body.userId);
|
|
710
|
+
return ctx.json({ success: true });
|
|
711
|
+
});
|
|
712
|
+
const setUserPasswordBodySchema = z.object({
|
|
713
|
+
newPassword: z.string().nonempty("newPassword cannot be empty").meta({ description: "The new password" }),
|
|
714
|
+
userId: z.coerce.string().nonempty("userId cannot be empty").meta({ description: "The user id" })
|
|
715
|
+
});
|
|
716
|
+
/**
|
|
717
|
+
* ### Endpoint
|
|
718
|
+
*
|
|
719
|
+
* POST `/admin/set-user-password`
|
|
720
|
+
*
|
|
721
|
+
* ### API Methods
|
|
722
|
+
*
|
|
723
|
+
* **server:**
|
|
724
|
+
* `auth.api.setUserPassword`
|
|
725
|
+
*
|
|
726
|
+
* **client:**
|
|
727
|
+
* `authClient.admin.setUserPassword`
|
|
728
|
+
*
|
|
729
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)
|
|
730
|
+
*/
|
|
731
|
+
const setUserPassword = (opts) => createAuthEndpoint("/admin/set-user-password", {
|
|
732
|
+
method: "POST",
|
|
733
|
+
body: setUserPasswordBodySchema,
|
|
734
|
+
use: [adminMiddleware],
|
|
735
|
+
metadata: { openapi: {
|
|
736
|
+
operationId: "setUserPassword",
|
|
737
|
+
summary: "Set a user's password",
|
|
738
|
+
description: "Set a user's password",
|
|
739
|
+
responses: { 200: {
|
|
740
|
+
description: "Password set",
|
|
741
|
+
content: { "application/json": { schema: {
|
|
742
|
+
type: "object",
|
|
743
|
+
properties: { status: { type: "boolean" } }
|
|
744
|
+
} } }
|
|
745
|
+
} }
|
|
746
|
+
} }
|
|
747
|
+
}, async (ctx) => {
|
|
748
|
+
if (!hasPermission({
|
|
749
|
+
userId: ctx.context.session.user.id,
|
|
750
|
+
role: ctx.context.session.user.role,
|
|
751
|
+
options: opts,
|
|
752
|
+
permissions: { user: ["set-password"] }
|
|
753
|
+
})) throw APIError.from("FORBIDDEN", ADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD);
|
|
754
|
+
const { newPassword, userId } = ctx.body;
|
|
755
|
+
const minPasswordLength = ctx.context.password.config.minPasswordLength;
|
|
756
|
+
if (newPassword.length < minPasswordLength) {
|
|
757
|
+
ctx.context.logger.error("Password is too short");
|
|
758
|
+
throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);
|
|
759
|
+
}
|
|
760
|
+
const maxPasswordLength = ctx.context.password.config.maxPasswordLength;
|
|
761
|
+
if (newPassword.length > maxPasswordLength) {
|
|
762
|
+
ctx.context.logger.error("Password is too long");
|
|
763
|
+
throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.PASSWORD_TOO_LONG);
|
|
764
|
+
}
|
|
765
|
+
const hashedPassword = await ctx.context.password.hash(newPassword);
|
|
766
|
+
await ctx.context.internalAdapter.updatePassword(userId, hashedPassword);
|
|
767
|
+
return ctx.json({ status: true });
|
|
768
|
+
});
|
|
769
|
+
const userHasPermissionBodySchema = z.object({
|
|
770
|
+
userId: z.coerce.string().optional().meta({ description: `The user id. Eg: "user-id"` }),
|
|
771
|
+
role: z.string().optional().meta({ description: `The role to check permission for. Eg: "admin"` })
|
|
772
|
+
}).and(z.union([z.object({
|
|
773
|
+
permission: z.record(z.string(), z.array(z.string())),
|
|
774
|
+
permissions: z.undefined()
|
|
775
|
+
}), z.object({
|
|
776
|
+
permission: z.undefined(),
|
|
777
|
+
permissions: z.record(z.string(), z.array(z.string()))
|
|
778
|
+
})]));
|
|
779
|
+
/**
|
|
780
|
+
* ### Endpoint
|
|
781
|
+
*
|
|
782
|
+
* POST `/admin/has-permission`
|
|
783
|
+
*
|
|
784
|
+
* ### API Methods
|
|
785
|
+
*
|
|
786
|
+
* **server:**
|
|
787
|
+
* `auth.api.userHasPermission`
|
|
788
|
+
*
|
|
789
|
+
* **client:**
|
|
790
|
+
* `authClient.admin.hasPermission`
|
|
791
|
+
*
|
|
792
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)
|
|
793
|
+
*/
|
|
794
|
+
const userHasPermission = (opts) => {
|
|
795
|
+
return createAuthEndpoint("/admin/has-permission", {
|
|
796
|
+
method: "POST",
|
|
797
|
+
body: userHasPermissionBodySchema,
|
|
798
|
+
metadata: {
|
|
799
|
+
openapi: {
|
|
800
|
+
description: "Check if the user has permission",
|
|
801
|
+
requestBody: { content: { "application/json": { schema: {
|
|
802
|
+
type: "object",
|
|
803
|
+
properties: {
|
|
804
|
+
permission: {
|
|
805
|
+
type: "object",
|
|
806
|
+
description: "The permission to check",
|
|
807
|
+
deprecated: true
|
|
808
|
+
},
|
|
809
|
+
permissions: {
|
|
810
|
+
type: "object",
|
|
811
|
+
description: "The permission to check"
|
|
812
|
+
}
|
|
813
|
+
},
|
|
814
|
+
required: ["permissions"]
|
|
815
|
+
} } } },
|
|
816
|
+
responses: { "200": {
|
|
817
|
+
description: "Success",
|
|
818
|
+
content: { "application/json": { schema: {
|
|
819
|
+
type: "object",
|
|
820
|
+
properties: {
|
|
821
|
+
error: { type: "string" },
|
|
822
|
+
success: { type: "boolean" }
|
|
823
|
+
},
|
|
824
|
+
required: ["success"]
|
|
825
|
+
} } }
|
|
826
|
+
} }
|
|
827
|
+
},
|
|
828
|
+
$Infer: { body: {} }
|
|
829
|
+
}
|
|
830
|
+
}, async (ctx) => {
|
|
831
|
+
if (!ctx.body?.permission && !ctx.body?.permissions) throw new APIError("BAD_REQUEST", { message: "invalid permission check. no permission(s) were passed." });
|
|
832
|
+
const session = await getSessionFromCtx(ctx);
|
|
833
|
+
if (!session && (ctx.request || ctx.headers)) throw new APIError("UNAUTHORIZED");
|
|
834
|
+
if (!session && !ctx.body.userId && !ctx.body.role) throw new APIError("BAD_REQUEST", { message: "user id or role is required" });
|
|
835
|
+
const user = session?.user || (ctx.body.role ? {
|
|
836
|
+
id: ctx.body.userId || "",
|
|
837
|
+
role: ctx.body.role
|
|
838
|
+
} : null) || (ctx.body.userId ? await ctx.context.internalAdapter.findUserById(ctx.body.userId) : null);
|
|
839
|
+
if (!user) throw new APIError("BAD_REQUEST", { message: "user not found" });
|
|
840
|
+
const result = hasPermission({
|
|
841
|
+
userId: user.id,
|
|
842
|
+
role: user.role,
|
|
843
|
+
options: opts,
|
|
844
|
+
permissions: ctx.body.permissions ?? ctx.body.permission
|
|
845
|
+
});
|
|
846
|
+
return ctx.json({
|
|
847
|
+
error: null,
|
|
848
|
+
success: result
|
|
849
|
+
});
|
|
850
|
+
});
|
|
851
|
+
};
|
|
852
|
+
|
|
853
|
+
//#endregion
|
|
854
|
+
export { adminUpdateUser, banUser, createUser, getUser, impersonateUser, listUserSessions, listUsers, removeUser, revokeUserSession, revokeUserSessions, setRole, setUserPassword, stopImpersonating, unbanUser, userHasPermission };
|
|
855
|
+
//# sourceMappingURL=routes.mjs.map
|