@hammadj/better-auth 1.5.0-beta.10

package/dist/plugins/admin/routes.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/admin/routes.ts"],"sourcesContent":["import {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport type { Session } from \"@better-auth/core/db\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { parseSessionOutput, parseUserOutput } from \"../../db/schema\";\nimport { getDate } from \"../../utils/date\";\nimport type { AccessControl } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport type {\n\tAdminOptions,\n\tInferAdminRolesFromOption,\n\tSessionWithImpersonatedBy,\n\tUserWithRole,\n} from \"./types\";\n\n/**\n * Ensures a valid session, if not will throw.\n * Will also provide additional types on the user to include role types.\n */\nconst adminMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t} as {\n\t\tsession: {\n\t\t\tuser: UserWithRole;\n\t\t\tsession: Session;\n\t\t};\n\t};\n});\n\nfunction parseRoles(roles: string | string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nconst setRoleBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role to set. `admin` or `user` by default\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles to set. `admin` or `user` by default\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`\",\n\t\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-role`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setRole`\n *\n * **client:**\n * `authClient.admin.setRole`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)\n */\nexport const setRole = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserRole\",\n\t\t\t\t\tsummary: \"Set the role of a user\",\n\t\t\t\t\tdescription: \"Set the role of a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User role updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tuserId: string;\n\t\t\t\t\t\trole: InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[];\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetRole = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetRole) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst roles = opts.roles;\n\t\t\tif (roles) {\n\t\t\t\tconst inputRoles = Array.isArray(ctx.body.role)\n\t\t\t\t\t? ctx.body.role\n\t\t\t\t\t: [ctx.body.role];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (!roles[role as keyof typeof roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\trole: parseRoles(ctx.body.role),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst getUserQuerySchema = z.object({\n\tid: z.string().meta({\n\t\tdescription: \"The id of the User\",\n\t}),\n});\n\nexport const getUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/get-user\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: getUserQuerySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"getUser\",\n\t\t\t\t\tsummary: \"Get an existing user\",\n\t\t\t\t\tdescription: \"Get an existing user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { id } = ctx.query;\n\n\t\t\tconst canGetUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"get\"],\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!canGetUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(id);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\treturn parseUserOutput(ctx.context.options, user) as UserWithRole;\n\t\t},\n\t);\n\nconst createUserBodySchema = z.object({\n\temail: z.string().meta({\n\t\tdescription: \"The email of the user\",\n\t}),\n\tpassword: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users).\",\n\t}),\n\tname: z.string().meta({\n\t\tdescription: \"The name of the user\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role of the user\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles of user\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.optional()\n\t\t.meta({\n\t\t\tdescription: `A string or array of strings representing the roles to apply to the new user. Eg: \\\"user\\\"`,\n\t\t}),\n\t/**\n\t * extra fields for user\n\t */\n\tdata: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription:\n\t\t\t\"Extra fields for the user. Including custom additional fields.\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/create-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.createUser`\n *\n * **client:**\n * `authClient.admin.createUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)\n */\nexport const createUser = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/create-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: createUserBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"createUser\",\n\t\t\t\t\tsummary: \"Create a new user\",\n\t\t\t\t\tdescription: \"Create a new user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword?: string | undefined;\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\trole?:\n\t\t\t\t\t\t\t| (InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[])\n\t\t\t\t\t\t\t| undefined;\n\t\t\t\t\t\tdata?: Record<string, any> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<{ role: string }>(ctx);\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (session) {\n\t\t\t\tconst canCreateUser = hasPermission({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\trole: session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canCreateUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst email = ctx.body.email.toLowerCase();\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\n\t\t\tconst existUser =\n\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (existUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.createUser<UserWithRole>({\n\t\t\t\temail: email,\n\t\t\t\tname: ctx.body.name,\n\t\t\t\trole:\n\t\t\t\t\t(ctx.body.role && parseRoles(ctx.body.role)) ??\n\t\t\t\t\topts?.defaultRole ??\n\t\t\t\t\t\"user\",\n\t\t\t\t...ctx.body.data,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\t// Only create credential account if password is provided\n\t\t\tif (ctx.body.password) {\n\t\t\t\tconst hashedPassword = await ctx.context.password.hash(\n\t\t\t\t\tctx.body.password,\n\t\t\t\t);\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tuserId: user.id,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst adminUpdateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\tdata: z.record(z.any(), z.any()).meta({\n\t\tdescription: \"The user data to update\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/update-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.adminUpdateUser`\n *\n * **client:**\n * `authClient.admin.updateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)\n */\nexport const adminUpdateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/update-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: adminUpdateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"updateUser\",\n\t\t\t\t\tsummary: \"Update a user\",\n\t\t\t\t\tdescription: \"Update a user's details\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canUpdateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"update\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canUpdateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (Object.keys(ctx.body.data).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);\n\t\t\t}\n\n\t\t\t// Role changes must be guarded by `user:set-role` and validated against the role allow-list.\n\t\t\tif (Object.prototype.hasOwnProperty.call(ctx.body.data, \"role\")) {\n\t\t\t\tconst canSetRole = hasPermission({\n\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canSetRole) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst roleValue = (ctx.body.data as Record<string, any>).role;\n\t\t\t\tconst inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (typeof role !== \"string\") {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.INVALID_ROLE_TYPE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tif (opts.roles && !opts.roles[role as keyof typeof opts.roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t(ctx.body.data as Record<string, any>).role = parseRoles(\n\t\t\t\t\tinputRoles as string[],\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\tctx.body.data,\n\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\tparseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t);\n\t\t},\n\t);\n\nconst listUsersQuerySchema = z.object({\n\tsearchValue: z.string().optional().meta({\n\t\tdescription: 'The value to search for. Eg: \"some name\"',\n\t}),\n\tsearchField: z\n\t\t.enum([\"email\", \"name\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"',\n\t\t})\n\t\t.optional(),\n\tsearchOperator: z\n\t\t.enum([\"contains\", \"starts_with\", \"ends_with\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"',\n\t\t})\n\t\t.optional(),\n\tlimit: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The number of users to return\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\toffset: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The offset to start from\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\tsortBy: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to sort by\",\n\t\t})\n\t\t.optional(),\n\tsortDirection: z\n\t\t.enum([\"asc\", \"desc\"])\n\t\t.meta({\n\t\t\tdescription: \"The direction to sort by\",\n\t\t})\n\t\t.optional(),\n\tfilterField: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to filter by\",\n\t\t})\n\t\t.optional(),\n\tfilterValue: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The value to filter by\",\n\t\t})\n\t\t.or(z.number())\n\t\t.or(z.boolean())\n\t\t.optional(),\n\tfilterOperator: z\n\t\t.enum([\"eq\", \"ne\", \"lt\", \"lte\", \"gt\", \"gte\", \"contains\"])\n\t\t.meta({\n\t\t\tdescription: \"The operator to use for the filter\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const listUsers = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-users\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tquery: listUsersQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUsers\",\n\t\t\t\t\tsummary: \"List users\",\n\t\t\t\t\tdescription: \"List users\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of users\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tusers: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttotal: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlimit: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\toffset: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"users\", \"total\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListUsers = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListUsers) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst where: Where[] = [];\n\n\t\t\tif (ctx.query?.searchValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.searchField || \"email\",\n\t\t\t\t\toperator: ctx.query.searchOperator || \"contains\",\n\t\t\t\t\tvalue: ctx.query.searchValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (ctx.query?.filterValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.filterField || \"email\",\n\t\t\t\t\toperator: ctx.query.filterOperator || \"eq\",\n\t\t\t\t\tvalue: ctx.query.filterValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst users = await ctx.context.internalAdapter.listUsers(\n\t\t\t\t\tNumber(ctx.query?.limit) || undefined,\n\t\t\t\t\tNumber(ctx.query?.offset) || undefined,\n\t\t\t\t\tctx.query?.sortBy\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tfield: ctx.query.sortBy,\n\t\t\t\t\t\t\t\tdirection: ctx.query.sortDirection || \"asc\",\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\tconst total = await ctx.context.internalAdapter.countTotalUsers(\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: users.map((user) =>\n\t\t\t\t\t\tparseUserOutput(ctx.context.options, user),\n\t\t\t\t\t) as UserWithRole[],\n\t\t\t\t\ttotal: total,\n\t\t\t\t\tlimit: Number(ctx.query?.limit) || undefined,\n\t\t\t\t\toffset: Number(ctx.query?.offset) || undefined,\n\t\t\t\t});\n\t\t\t} catch {\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: [],\n\t\t\t\t\ttotal: 0,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t);\n\nconst listUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/list-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.listUserSessions`\n *\n * **client:**\n * `authClient.admin.listUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)\n */\nexport const listUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tbody: listUserSessionsBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUserSessions\",\n\t\t\t\t\tsummary: \"List user sessions\",\n\t\t\t\t\tdescription: \"List user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of user sessions\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsessions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListSessions = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListSessions) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst sessions: SessionWithImpersonatedBy[] =\n\t\t\t\tawait ctx.context.internalAdapter.listSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsessions: sessions.map((s) =>\n\t\t\t\t\tparseSessionOutput(ctx.context.options, s),\n\t\t\t\t),\n\t\t\t});\n\t\t},\n\t);\n\nconst unbanUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/unban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.unbanUser`\n *\n * **client:**\n * `authClient.admin.unbanUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)\n */\nexport const unbanUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/unban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: unbanUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"unbanUser\",\n\t\t\t\t\tsummary: \"Unban a user\",\n\t\t\t\t\tdescription: \"Unban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User unbanned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: false,\n\t\t\t\t\tbanExpires: null,\n\t\t\t\t\tbanReason: null,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst banUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\t/**\n\t * Reason for the ban\n\t */\n\tbanReason: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The reason for the ban\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Number of seconds until the ban expires\n\t */\n\tbanExpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of seconds until the ban expires\",\n\t\t})\n\t\t.optional(),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/ban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.banUser`\n *\n * **client:**\n * `authClient.admin.banUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)\n */\nexport const banUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/ban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: banUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"banUser\",\n\t\t\t\t\tsummary: \"Ban a user\",\n\t\t\t\t\tdescription: \"Ban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User banned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst foundUser = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!foundUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: true,\n\t\t\t\t\tbanReason:\n\t\t\t\t\t\tctx.body.banReason || opts?.defaultBanReason || \"No reason\",\n\t\t\t\t\tbanExpires: ctx.body.banExpiresIn\n\t\t\t\t\t\t? getDate(ctx.body.banExpiresIn, \"sec\")\n\t\t\t\t\t\t: opts?.defaultBanExpiresIn\n\t\t\t\t\t\t\t? getDate(opts.defaultBanExpiresIn, \"sec\")\n\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\t//revoke all sessions\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst impersonateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/impersonate-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.impersonateUser`\n *\n * **client:**\n * `authClient.admin.impersonateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)\n */\nexport const impersonateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/impersonate-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: impersonateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"impersonateUser\",\n\t\t\t\t\tsummary: \"Impersonate a user\",\n\t\t\t\t\tdescription: \"Impersonate a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Impersonation session created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canImpersonateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"impersonate\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canImpersonateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst targetUser = (await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t)) as UserWithRole | null;\n\n\t\t\tif (!targetUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst adminRoles = (\n\t\t\t\tArray.isArray(opts.adminRoles)\n\t\t\t\t\t? opts.adminRoles\n\t\t\t\t\t: opts.adminRoles?.split(\",\") || []\n\t\t\t).map((role) => role.trim());\n\t\t\tconst targetUserRole = (\n\t\t\t\ttargetUser.role ||\n\t\t\t\topts.defaultRole ||\n\t\t\t\t\"user\"\n\t\t\t).split(\",\");\n\t\t\tif (\n\t\t\t\topts.allowImpersonatingAdmins !== true &&\n\t\t\t\t(targetUserRole.some((role) => adminRoles.includes(role)) ||\n\t\t\t\t\topts.adminUserIds?.includes(targetUser.id))\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\ttargetUser.id,\n\t\t\t\ttrue,\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: ctx.context.session.user.id,\n\t\t\t\t\texpiresAt: opts?.impersonationSessionDuration\n\t\t\t\t\t\t? getDate(opts.impersonationSessionDuration, \"sec\")\n\t\t\t\t\t\t: getDate(60 * 60, \"sec\"), // 1 hour\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authCookies = ctx.context.authCookies;\n\t\t\tdeleteSessionCookie(ctx);\n\t\t\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tconst adminCookieProp = ctx.context.createAuthCookie(\"admin_session\");\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tadminCookieProp.name,\n\t\t\t\t`${ctx.context.session.session.token}:${dontRememberMeCookie || \"\"}`,\n\t\t\t\tctx.context.secret,\n\t\t\t\tauthCookies.sessionToken.attributes,\n\t\t\t);\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession: session,\n\t\t\t\t\tuser: targetUser,\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: session,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, targetUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/stop-impersonating`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.stopImpersonating`\n *\n * **client:**\n * `authClient.admin.stopImpersonating`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)\n */\nexport const stopImpersonating = () =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/stop-impersonating\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<\n\t\t\t\t{},\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: string;\n\t\t\t\t}\n\t\t\t>(ctx);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session.session.impersonatedBy) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"You are not impersonating anyone\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tsession.session.impersonatedBy,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find user\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst adminSessionCookie = ctx.context.createAuthCookie(\"admin_session\");\n\n\t\t\tconst adminCookie = await ctx.getSignedCookie(\n\t\t\t\tadminSessionCookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\n\t\t\tif (!adminCookie) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(\":\");\n\t\t\tconst adminSession = await ctx.context.internalAdapter.findSession(\n\t\t\t\tadminSessionToken!,\n\t\t\t);\n\t\t\tif (!adminSession || adminSession.session.userId !== user.id) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\tawait setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);\n\t\t\texpireCookie(ctx, adminSessionCookie);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: parseSessionOutput(ctx.context.options, adminSession.session),\n\t\t\t\tuser: parseUserOutput(ctx.context.options, adminSession.user),\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionBodySchema = z.object({\n\tsessionToken: z.string().meta({\n\t\tdescription: \"The session token\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-session`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSession`\n *\n * **client:**\n * `authClient.admin.revokeUserSession`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)\n */\nexport const revokeUserSession = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-session\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSession\",\n\t\t\t\t\tsummary: \"Revoke a user session\",\n\t\t\t\t\tdescription: \"Revoke a user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Session revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSessions`\n *\n * **client:**\n * `authClient.admin.revokeUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)\n */\nexport const revokeUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionsBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSessions\",\n\t\t\t\t\tsummary: \"Revoke all user sessions\",\n\t\t\t\t\tdescription: \"Revoke all user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sessions revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst removeUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/remove-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.removeUser`\n *\n * **client:**\n * `authClient.admin.removeUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)\n */\nexport const removeUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/remove-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: removeUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"removeUser\",\n\t\t\t\t\tsummary: \"Remove a user\",\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Delete a user and all their sessions and accounts. Cannot be undone.\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User removed\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canDeleteUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"delete\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canDeleteUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteUser(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst setUserPasswordBodySchema = z.object({\n\tnewPassword: z.string().nonempty(\"newPassword cannot be empty\").meta({\n\t\tdescription: \"The new password\",\n\t}),\n\tuserId: z.coerce.string().nonempty(\"userId cannot be empty\").meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-user-password`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setUserPassword`\n *\n * **client:**\n * `authClient.admin.setUserPassword`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)\n */\nexport const setUserPassword = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-user-password\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setUserPasswordBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserPassword\",\n\t\t\t\t\tsummary: \"Set a user's password\",\n\t\t\t\t\tdescription: \"Set a user's password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Password set\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetUserPassword = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-password\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetUserPassword) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { newPassword, userId } = ctx.body;\n\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\tif (newPassword.length < minPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t\t}\n\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\tif (newPassword.length > maxPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t\t}\n\t\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst userHasPermissionBodySchema = z\n\t.object({\n\t\tuserId: z.coerce.string().optional().meta({\n\t\t\tdescription: `The user id. Eg: \"user-id\"`,\n\t\t}),\n\t\trole: z.string().optional().meta({\n\t\t\tdescription: `The role to check permission for. Eg: \"admin\"`,\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/has-permission`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.userHasPermission`\n *\n * **client:**\n * `authClient.admin.hasPermission`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)\n */\nexport const userHasPermission = <O extends AdminOptions>(opts: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive =\n\t\t| {\n\t\t\t\t/**\n\t\t\t\t * @deprecated Use `permissions` instead\n\t\t\t\t */\n\t\t\t\tpermission: PermissionType;\n\t\t\t\tpermissions?: never | undefined;\n\t\t  }\n\t\t| {\n\t\t\t\tpermissions: PermissionType;\n\t\t\t\tpermission?: never | undefined;\n\t\t  };\n\n\treturn createAuthEndpoint(\n\t\t\"/admin/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: userHasPermissionBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermission: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t\tdeprecated: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\tuserId?: string | undefined;\n\t\t\t\t\t\trole?: InferAdminRolesFromOption<O> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!ctx.body?.permission && !ctx.body?.permissions) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"invalid permission check. no permission(s) were passed.\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session && !ctx.body.userId && !ctx.body.role) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user id or role is required\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user =\n\t\t\t\tsession?.user ||\n\t\t\t\t(ctx.body.role\n\t\t\t\t\t? { id: ctx.body.userId || \"\", role: ctx.body.role }\n\t\t\t\t\t: null) ||\n\t\t\t\t(ctx.body.userId\n\t\t\t\t\t? ((await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\t\t\tctx.body.userId as string,\n\t\t\t\t\t\t)) as { role?: string | undefined; id: string })\n\t\t\t\t\t: null);\n\t\t\tif (!user) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user not found\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst result = hasPermission({\n\t\t\t\tuserId: user.id,\n\t\t\t\trole: user.role,\n\t\t\t\toptions: opts as AdminOptions,\n\t\t\t\tpermissions: (ctx.body.permissions ?? ctx.body.permission) as any,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n"],"mappings":";;;;;;;;;;;;;;;;AA+BA,MAAM,kBAAkB,qBAAqB,OAAO,QAAQ;CAC3D,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,QAAO,EACN,SACA;EAMA;AAEF,SAAS,WAAW,OAAkC;AACrD,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAGjD,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,iDACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,kDACb,CAAC,CACF,CACD,CAAC,CACD,KAAK,EACL,aACC,gGACD,CAAC;CACH,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAmC,SAC/C,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,gBAAgB;CAChB,KAAK,CAAC,gBAAgB;CACtB,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EAIR;EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAEF,MAAM,QAAQ,KAAK;AACnB,KAAI,OAAO;EACV,MAAM,aAAa,MAAM,QAAQ,IAAI,KAAK,KAAK,GAC5C,IAAI,KAAK,OACT,CAAC,IAAI,KAAK,KAAK;AAClB,OAAK,MAAM,QAAQ,WAClB,KAAI,CAAC,MAAM,MACV,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;CAIJ,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,EACC,MAAM,WAAW,IAAI,KAAK,KAAK,EAC/B,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY,EACvD,CAAC;EAEH;AAEF,MAAM,qBAAqB,EAAE,OAAO,EACnC,IAAI,EAAE,QAAQ,CAAC,KAAK,EACnB,aAAa,sBACb,CAAC,EACF,CAAC;AAEF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,OAAO;CACP,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,OAAO,IAAI;AAWnB,KAAI,CATe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAGD,OAAM,SAAS,KACd,aACA,kBAAkB,gCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,GAAG;AAE/D,KAAI,CAAC,KACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,QAAO,gBAAgB,IAAI,QAAQ,SAAS,KAAK;EAElD;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aACC,wJACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,wBACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,wBACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,qBACb,CAAC,CACF,CACD,CAAC,CACD,UAAU,CACV,KAAK,EACL,aAAa,8FACb,CAAC;CAIH,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EACnD,aACC,kEACD,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAsC,SAClD,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EASR;EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAoC,IAAI;AAC9D,KAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,SASH;MAAI,CARkB,cAAc;GACnC,QAAQ,QAAQ,KAAK;GACrB,MAAM,QAAQ,KAAK;GACnB,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;;CAIH,MAAM,QAAQ,IAAI,KAAK,MAAM,aAAa;AAE1C,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAKnE,KADC,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM,CAExD,OAAM,SAAS,KACd,eACA,kBAAkB,sCAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAAyB;EAChE;EACP,MAAM,IAAI,KAAK;EACf,OACE,IAAI,KAAK,QAAQ,WAAW,IAAI,KAAK,KAAK,KAC3C,MAAM,eACN;EACD,GAAG,IAAI,KAAK;EACZ,CAAC;AAEF,KAAI,CAAC,KACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;AAGF,KAAI,IAAI,KAAK,UAAU;EACtB,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KACjD,IAAI,KAAK,SACT;AACD,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,WAAW,KAAK;GAChB,YAAY;GACZ,UAAU;GACV,QAAQ,KAAK;GACb,CAAC;;AAEH,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,EACrC,aAAa,2BACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,OAAO,KAAK,IAAI,KAAK,KAAK,CAAC,WAAW,EACzC,OAAM,SAAS,KAAK,eAAe,kBAAkB,kBAAkB;AAIxE,KAAI,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,MAAM,OAAO,EAAE;AAShE,MAAI,CARe,cAAc;GAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;EAGF,MAAM,YAAa,IAAI,KAAK,KAA6B;EACzD,MAAM,aAAa,MAAM,QAAQ,UAAU,GAAG,YAAY,CAAC,UAAU;AACrE,OAAK,MAAM,QAAQ,YAAY;AAC9B,OAAI,OAAO,SAAS,SACnB,OAAM,SAAS,KACd,eACA,kBAAkB,kBAClB;AAEF,OAAI,KAAK,SAAS,CAAC,KAAK,MAAM,MAC7B,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;AAGH,EAAC,IAAI,KAAK,KAA6B,OAAO,WAC7C,WACA;;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,IAAI,KAAK,KACT;AAED,QAAO,IAAI,KACV,gBAAgB,IAAI,QAAQ,SAAS,YAAY,CACjD;EAEF;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACvC,aAAa,8CACb,CAAC;CACF,aAAa,EACX,KAAK,CAAC,SAAS,OAAO,CAAC,CACvB,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAY;EAAe;EAAY,CAAC,CAC9C,KAAK,EACL,aACC,yGACD,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,wBACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,KAAK,CAAC,OAAO,OAAO,CAAC,CACrB,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,GAAG,EAAE,SAAS,CAAC,CACf,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAM;EAAM;EAAM;EAAO;EAAM;EAAO;EAAW,CAAC,CACxD,KAAK,EACL,aAAa,sCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,OAAO;MACN,MAAM;MACN,OAAO,EACN,MAAM,6BACN;MACD;KACD,OAAO,EACN,MAAM,UACN;KACD,OAAO,EACN,MAAM,UACN;KACD,QAAQ,EACP,MAAM,UACN;KACD;IACD,UAAU,CAAC,SAAS,QAAQ;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARiB,cAAc;EAClC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,OAAO,EACd;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,kCAClB;CAGF,MAAM,QAAiB,EAAE;AAEzB,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI;EACH,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,UAC/C,OAAO,IAAI,OAAO,MAAM,IAAI,QAC5B,OAAO,IAAI,OAAO,OAAO,IAAI,QAC7B,IAAI,OAAO,SACR;GACA,OAAO,IAAI,MAAM;GACjB,WAAW,IAAI,MAAM,iBAAiB;GACtC,GACA,QACH,MAAM,SAAS,QAAQ,OACvB;EACD,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,gBAC/C,MAAM,SAAS,QAAQ,OACvB;AACD,SAAO,IAAI,KAAK;GACf,OAAO,MAAM,KAAK,SACjB,gBAAgB,IAAI,QAAQ,SAAS,KAAK,CAC1C;GACM;GACP,OAAO,OAAO,IAAI,OAAO,MAAM,IAAI;GACnC,QAAQ,OAAO,IAAI,OAAO,OAAO,IAAI;GACrC,CAAC;SACK;AACP,SAAO,IAAI,KAAK;GACf,OAAO,EAAE;GACT,OAAO;GACP,CAAC;;EAGJ;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,SAChC,mBACC,6BACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,UAAU;KACT,MAAM;KACN,OAAO,EACN,MAAM,gCACN;KACD,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARoB,cAAc;EACrC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,OAAO,EACjB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,2CAClB;CAGF,MAAM,WACL,MAAM,IAAI,QAAQ,gBAAgB,aAAa,IAAI,KAAK,OAAO;AAChE,QAAO,IAAI,KAAK,EACf,UAAU,SAAS,KAAK,MACvB,mBAAmB,IAAI,QAAQ,SAAS,EAAE,CAC1C,EACD,CAAC;EAEH;AAEF,MAAM,sBAAsB,EAAE,OAAO,EACpC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,YAAY;EACZ,WAAW;EACX,2BAAW,IAAI,MAAM;EACrB,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CAIF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;AAOF,KAAI,CAJc,MAAM,IAAI,QAAQ,gBAAgB,aACnD,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,wBAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,WACC,IAAI,KAAK,aAAa,MAAM,oBAAoB;EACjD,YAAY,IAAI,KAAK,eAClB,QAAQ,IAAI,KAAK,cAAc,MAAM,GACrC,MAAM,sBACL,QAAQ,KAAK,qBAAqB,MAAM,GACxC;EACJ,2BAAW,IAAI,MAAM;EACrB,CACD;AAED,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,mBAAmB,SAC/B,mBACC,2BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,SAAS,EACR,MAAM,gCACN;KACD,MAAM,EACL,MAAM,6BACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,cAAc,EACrB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAGF,MAAM,aAAc,MAAM,IAAI,QAAQ,gBAAgB,aACrD,IAAI,KAAK,OACT;AAED,KAAI,CAAC,WACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;CAGlE,MAAM,cACL,MAAM,QAAQ,KAAK,WAAW,GAC3B,KAAK,aACL,KAAK,YAAY,MAAM,IAAI,IAAI,EAAE,EACnC,KAAK,SAAS,KAAK,MAAM,CAAC;CAC5B,MAAM,kBACL,WAAW,QACX,KAAK,eACL,QACC,MAAM,IAAI;AACZ,KACC,KAAK,6BAA6B,SACjC,eAAe,MAAM,SAAS,WAAW,SAAS,KAAK,CAAC,IACxD,KAAK,cAAc,SAAS,WAAW,GAAG,EAE3C,OAAM,SAAS,KACd,aACA,kBAAkB,8BAClB;CAGF,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,WAAW,IACX,MACA;EACC,gBAAgB,IAAI,QAAQ,QAAQ,KAAK;EACzC,WAAW,MAAM,+BACd,QAAQ,KAAK,8BAA8B,MAAM,GACjD,QAAQ,MAAS,MAAM;EAC1B,EACD,KACA;AACD,KAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;CAEF,MAAM,cAAc,IAAI,QAAQ;AAChC,qBAAoB,IAAI;CACxB,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;CACD,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,gBAAgB;AACrE,OAAM,IAAI,gBACT,gBAAgB,MAChB,GAAG,IAAI,QAAQ,QAAQ,QAAQ,MAAM,GAAG,wBAAwB,MAChE,IAAI,QAAQ,QACZ,YAAY,aAAa,WACzB;AACD,OAAM,iBACL,KACA;EACU;EACT,MAAM;EACN,EACD,KACA;AACD,QAAO,IAAI,KAAK;EACN;EACT,MAAM,gBAAgB,IAAI,QAAQ,SAAS,WAAW;EACtD,CAAC;EAEH;;;;;;;;;;;;;;;;AAiBF,MAAa,0BACZ,mBACC,6BACA;CACC,QAAQ;CACR,gBAAgB;CAChB,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAKpB,IAAI;AACN,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,KAAI,CAAC,QAAQ,QAAQ,eACpB,OAAM,SAAS,WAAW,eAAe,EACxC,SAAS,oCACT,CAAC;CAEH,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,QAAQ,QAAQ,eAChB;AACD,KAAI,CAAC,KACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,uBACT,CAAC;CAEH,MAAM,qBAAqB,IAAI,QAAQ,iBAAiB,gBAAgB;CAExE,MAAM,cAAc,MAAM,IAAI,gBAC7B,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AAED,KAAI,CAAC,YACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;CAEH,MAAM,CAAC,mBAAmB,wBAAwB,aAAa,MAAM,IAAI;CACzE,MAAM,eAAe,MAAM,IAAI,QAAQ,gBAAgB,YACtD,kBACA;AACD,KAAI,CAAC,gBAAgB,aAAa,QAAQ,WAAW,KAAK,GACzD,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;AAEH,OAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,OAAM,iBAAiB,KAAK,cAAc,CAAC,CAAC,qBAAqB;AACjE,cAAa,KAAK,mBAAmB;AACrC,QAAO,IAAI,KAAK;EACf,SAAS,mBAAmB,IAAI,QAAQ,SAAS,aAAa,QAAQ;EACtE,MAAM,gBAAgB,IAAI,QAAQ,SAAS,aAAa,KAAK;EAC7D,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAAE,OAAO,EAC5C,cAAc,EAAE,QAAQ,CAAC,KAAK,EAC7B,aAAa,qBACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,SACjC,mBACC,8BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,cAAc,IAAI,KAAK,aAAa;AACtE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,+BAA+B,EAAE,OAAO,EAC7C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,sBAAsB,SAClC,mBACC,+BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAc,SAC1B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aACC;EACD,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,2BAClB;AAOF,KAAI,CAJS,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,OAAM,IAAI,QAAQ,gBAAgB,WAAW,IAAI,KAAK,OAAO;AAC7D,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,aAAa,EAAE,QAAQ,CAAC,SAAS,8BAA8B,CAAC,KAAK,EACpE,aAAa,oBACb,CAAC;CACF,QAAQ,EAAE,OAAO,QAAQ,CAAC,SAAS,yBAAyB,CAAC,KAAK,EACjE,aAAa,eACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,4BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,eAAe,EACtB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,0CAClB;CAGF,MAAM,EAAE,aAAa,WAAW,IAAI;CACpC,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,QAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;;CAExE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,QAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;;CAEvE,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AACnE,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AACxE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAClC,OAAO;CACP,QAAQ,EAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,EACzC,aAAa,8BACb,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAChC,aAAa,iDACb,CAAC;CACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;;;;;;;;;;;;;;;;AAiBF,MAAa,qBAA6C,SAAY;AAyBrE,QAAO,mBACN,yBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU;GACT,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,YAAY;OACX,MAAM;OACN,aAAa;OACb,YAAY;OACZ;MACD,aAAa;OACZ,MAAM;OACN,aAAa;OACb;MACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD,QAAQ,EACP,MAAM,EAAE,EAIR;GACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,CAAC,IAAI,MAAM,cAAc,CAAC,IAAI,MAAM,YACvC,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,2DACT,CAAC;EAEH,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAE5C,MAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,SAAS,eAAe;AAEnC,MAAI,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,KAAK,KAC7C,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,+BACT,CAAC;EAEH,MAAM,OACL,SAAS,SACR,IAAI,KAAK,OACP;GAAE,IAAI,IAAI,KAAK,UAAU;GAAI,MAAM,IAAI,KAAK;GAAM,GAClD,UACF,IAAI,KAAK,SACL,MAAM,IAAI,QAAQ,gBAAgB,aACpC,IAAI,KAAK,OACT,GACA;AACJ,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;EAEH,MAAM,SAAS,cAAc;GAC5B,QAAQ,KAAK;GACb,MAAM,KAAK;GACX,SAAS;GACT,aAAc,IAAI,KAAK,eAAe,IAAI,KAAK;GAC/C,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH"}

package/dist/plugins/admin/schema.d.mts

@@ -0,0 +1,6 @@
+//#region src/plugins/admin/schema.d.ts
+declare const schema: BetterAuthPluginDBSchema;
+type AdminSchema = typeof schema;
+//#endregion
+export { AdminSchema };
+//# sourceMappingURL=schema.d.mts.map

package/dist/plugins/admin/schema.mjs

@@ -0,0 +1,34 @@
+//#region src/plugins/admin/schema.ts
+const schema = {
+	user: { fields: {
+		role: {
+			type: "string",
+			required: false,
+			input: false
+		},
+		banned: {
+			type: "boolean",
+			defaultValue: false,
+			required: false,
+			input: false
+		},
+		banReason: {
+			type: "string",
+			required: false,
+			input: false
+		},
+		banExpires: {
+			type: "date",
+			required: false,
+			input: false
+		}
+	} },
+	session: { fields: { impersonatedBy: {
+		type: "string",
+		required: false
+	} } }
+};
+
+//#endregion
+export { schema };
+//# sourceMappingURL=schema.mjs.map

package/dist/plugins/admin/schema.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.mjs","names":[],"sources":["../../../src/plugins/admin/schema.ts"],"sourcesContent":["import type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\n\nexport const schema = {\n\tuser: {\n\t\tfields: {\n\t\t\trole: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t\tbanned: {\n\t\t\t\ttype: \"boolean\",\n\t\t\t\tdefaultValue: false,\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t\tbanReason: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t\tbanExpires: {\n\t\t\t\ttype: \"date\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t},\n\t},\n\tsession: {\n\t\tfields: {\n\t\t\timpersonatedBy: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t},\n\t},\n} satisfies BetterAuthPluginDBSchema;\n\nexport type AdminSchema = typeof schema;\n"],"mappings":";AAEA,MAAa,SAAS;CACrB,MAAM,EACL,QAAQ;EACP,MAAM;GACL,MAAM;GACN,UAAU;GACV,OAAO;GACP;EACD,QAAQ;GACP,MAAM;GACN,cAAc;GACd,UAAU;GACV,OAAO;GACP;EACD,WAAW;GACV,MAAM;GACN,UAAU;GACV,OAAO;GACP;EACD,YAAY;GACX,MAAM;GACN,UAAU;GACV,OAAO;GACP;EACD,EACD;CACD,SAAS,EACR,QAAQ,EACP,gBAAgB;EACf,MAAM;EACN,UAAU;EACV,EACD,EACD;CACD"}

package/dist/plugins/admin/types.d.mts

@@ -0,0 +1,89 @@
+import { Session, User } from "../../types/models.mjs";
+import { InferOptionSchema } from "../../types/plugins.mjs";
+import "../../types/index.mjs";
+import { AccessControl, Role } from "../access/types.mjs";
+import "../access/index.mjs";
+import { AdminSchema } from "./schema.mjs";
+
+//#region src/plugins/admin/types.d.ts
+interface UserWithRole extends User {
+  role?: string | undefined;
+  banned: boolean | null;
+  banReason?: (string | null) | undefined;
+  banExpires?: (Date | null) | undefined;
+}
+interface SessionWithImpersonatedBy extends Session {
+  impersonatedBy?: string | undefined;
+}
+interface AdminOptions {
+  /**
+   * The default role for a user
+   *
+   * @default "user"
+   */
+  defaultRole?: string | undefined;
+  /**
+   * Roles that are considered admin roles.
+   *
+   * Any user role that isn't in this list, even if they have the permission,
+   * will not be considered an admin.
+   *
+   * @default ["admin"]
+   */
+  adminRoles?: (string | string[]) | undefined;
+  /**
+   * A default ban reason
+   *
+   * By default, no reason is provided
+   */
+  defaultBanReason?: string | undefined;
+  /**
+   * Number of seconds until the ban expires
+   *
+   * By default, the ban never expires
+   */
+  defaultBanExpiresIn?: number | undefined;
+  /**
+   * Duration of the impersonation session in seconds
+   *
+   * By default, the impersonation session lasts 1 hour
+   */
+  impersonationSessionDuration?: number | undefined;
+  /**
+   * Custom schema for the admin plugin
+   */
+  schema?: InferOptionSchema<AdminSchema> | undefined;
+  /**
+   * Configure the roles and permissions for the admin
+   * plugin.
+   */
+  ac?: AccessControl | undefined;
+  /**
+   * Custom permissions for roles.
+   */
+  roles?: { [key in string]?: Role } | undefined;
+  /**
+   * List of user ids that should have admin access
+   *
+   * If this is set, the `adminRole` option is ignored
+   */
+  adminUserIds?: string[] | undefined;
+  /**
+   * Message to show when a user is banned
+   *
+   * By default, the message is "You have been banned from this application"
+   */
+  bannedUserMessage?: string | undefined;
+  /**
+   * Whether to allow impersonating other admins
+   *
+   * @default false
+   */
+  allowImpersonatingAdmins?: boolean | undefined;
+}
+type InferAdminRolesFromOption<O extends AdminOptions | undefined> = O extends {
+  roles: Record<string, unknown>;
+} ? keyof O["roles"] : "user" | "admin";
+//#endregion
+export { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole };
+//# sourceMappingURL=types.d.mts.map

package/dist/plugins/anonymous/client.d.mts

@@ -0,0 +1,9 @@
+import { ANONYMOUS_ERROR_CODES } from "./error-codes.mjs";
+import { schema } from "./schema.mjs";
+import { AnonymousOptions, AnonymousSession, UserWithAnonymous } from "./types.mjs";
+
+//#region src/plugins/anonymous/client.d.ts
+declare const anonymousClient: () => BetterAuthClientPlugin;
+//#endregion
+export { anonymousClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/anonymous/client.mjs

@@ -0,0 +1,22 @@
+import { ANONYMOUS_ERROR_CODES } from "./error-codes.mjs";
+
+//#region src/plugins/anonymous/client.ts
+const anonymousClient = () => {
+	return {
+		id: "anonymous",
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/sign-in/anonymous": "POST",
+			"/delete-anonymous-user": "POST"
+		},
+		atomListeners: [{
+			matcher: (path) => path === "/sign-in/anonymous",
+			signal: "$sessionSignal"
+		}],
+		$ERROR_CODES: ANONYMOUS_ERROR_CODES
+	};
+};
+
+//#endregion
+export { anonymousClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/anonymous/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/anonymous/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { anonymous } from \".\";\nimport { ANONYMOUS_ERROR_CODES } from \"./error-codes\";\n\nexport const anonymousClient = () => {\n\treturn {\n\t\tid: \"anonymous\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof anonymous>,\n\t\tpathMethods: {\n\t\t\t\"/sign-in/anonymous\": \"POST\",\n\t\t\t\"/delete-anonymous-user\": \"POST\",\n\t\t},\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher: (path) => path === \"/sign-in/anonymous\",\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: ANONYMOUS_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport * from \"./error-codes\";\nexport type * from \"./schema\";\nexport type * from \"./types\";\n"],"mappings":";;;AAIA,MAAa,wBAAwB;AACpC,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB,aAAa;GACZ,sBAAsB;GACtB,0BAA0B;GAC1B;EACD,eAAe,CACd;GACC,UAAU,SAAS,SAAS;GAC5B,QAAQ;GACR,CACD;EACD,cAAc;EACd"}

package/dist/plugins/anonymous/error-codes.d.mts

@@ -0,0 +1,5 @@
+//#region src/plugins/anonymous/error-codes.d.ts
+declare const ANONYMOUS_ERROR_CODES: any;
+//#endregion
+export { ANONYMOUS_ERROR_CODES };
+//# sourceMappingURL=error-codes.d.mts.map

package/dist/plugins/anonymous/error-codes.mjs

@@ -0,0 +1,16 @@
+import { defineErrorCodes } from "@better-auth/core/utils/error-codes";
+
+//#region src/plugins/anonymous/error-codes.ts
+const ANONYMOUS_ERROR_CODES = defineErrorCodes({
+	INVALID_EMAIL_FORMAT: "Email was not generated in a valid format",
+	FAILED_TO_CREATE_USER: "Failed to create user",
+	COULD_NOT_CREATE_SESSION: "Could not create session",
+	ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY: "Anonymous users cannot sign in again anonymously",
+	FAILED_TO_DELETE_ANONYMOUS_USER: "Failed to delete anonymous user",
+	USER_IS_NOT_ANONYMOUS: "User is not anonymous",
+	DELETE_ANONYMOUS_USER_DISABLED: "Deleting anonymous users is disabled"
+});
+
+//#endregion
+export { ANONYMOUS_ERROR_CODES };
+//# sourceMappingURL=error-codes.mjs.map

package/dist/plugins/anonymous/error-codes.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-codes.mjs","names":[],"sources":["../../../src/plugins/anonymous/error-codes.ts"],"sourcesContent":["import { defineErrorCodes } from \"@better-auth/core/utils/error-codes\";\n\nexport const ANONYMOUS_ERROR_CODES = defineErrorCodes({\n\tINVALID_EMAIL_FORMAT: \"Email was not generated in a valid format\",\n\tFAILED_TO_CREATE_USER: \"Failed to create user\",\n\tCOULD_NOT_CREATE_SESSION: \"Could not create session\",\n\tANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY:\n\t\t\"Anonymous users cannot sign in again anonymously\",\n\tFAILED_TO_DELETE_ANONYMOUS_USER: \"Failed to delete anonymous user\",\n\tUSER_IS_NOT_ANONYMOUS: \"User is not anonymous\",\n\tDELETE_ANONYMOUS_USER_DISABLED: \"Deleting anonymous users is disabled\",\n});\n"],"mappings":";;;AAEA,MAAa,wBAAwB,iBAAiB;CACrD,sBAAsB;CACtB,uBAAuB;CACvB,0BAA0B;CAC1B,kDACC;CACD,iCAAiC;CACjC,uBAAuB;CACvB,gCAAgC;CAChC,CAAC"}

package/dist/plugins/anonymous/index.d.mts

@@ -0,0 +1,14 @@
+import { AnonymousOptions } from "./types.mjs";
+
+//#region src/plugins/anonymous/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    anonymous: {
+      creator: typeof anonymous;
+    };
+  }
+}
+declare const anonymous: (options?: AnonymousOptions | undefined) => BetterAuthPlugin;
+//#endregion
+export { anonymous };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/anonymous/index.mjs

@@ -0,0 +1,163 @@
+import { mergeSchema, parseUserOutput } from "../../db/schema.mjs";
+import { parseSetCookieHeader } from "../../cookies/cookie-utils.mjs";
+import { deleteSessionCookie, setSessionCookie } from "../../cookies/index.mjs";
+import { getSessionFromCtx, sensitiveSessionMiddleware } from "../../api/routes/session.mjs";
+import { APIError } from "../../api/index.mjs";
+import { ANONYMOUS_ERROR_CODES } from "./error-codes.mjs";
+import { schema } from "./schema.mjs";
+import { generateId } from "@better-auth/core/utils/id";
+import { createAuthEndpoint, createAuthMiddleware } from "@better-auth/core/api";
+import * as z from "zod";
+
+//#region src/plugins/anonymous/index.ts
+async function getAnonUserEmail(options) {
+	const customEmail = await options?.generateRandomEmail?.();
+	if (customEmail) {
+		if (!z.email().safeParse(customEmail).success) throw APIError.from("BAD_REQUEST", ANONYMOUS_ERROR_CODES.INVALID_EMAIL_FORMAT);
+		return customEmail;
+	}
+	const id = generateId();
+	if (options?.emailDomainName) return `temp-${id}@${options.emailDomainName}`;
+	return `temp@${id}.com`;
+}
+const anonymous = (options) => {
+	return {
+		id: "anonymous",
+		endpoints: {
+			signInAnonymous: createAuthEndpoint("/sign-in/anonymous", {
+				method: "POST",
+				metadata: { openapi: {
+					description: "Sign in anonymously",
+					responses: { 200: {
+						description: "Sign in anonymously",
+						content: { "application/json": { schema: {
+							type: "object",
+							properties: {
+								user: { $ref: "#/components/schemas/User" },
+								session: { $ref: "#/components/schemas/Session" }
+							}
+						} } }
+					} }
+				} }
+			}, async (ctx) => {
+				if ((await getSessionFromCtx(ctx, { disableRefresh: true }))?.user.isAnonymous) throw APIError.from("BAD_REQUEST", ANONYMOUS_ERROR_CODES.ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY);
+				const email = await getAnonUserEmail(options);
+				const name = await options?.generateName?.(ctx) || "Anonymous";
+				const newUser = await ctx.context.internalAdapter.createUser({
+					email,
+					emailVerified: false,
+					isAnonymous: true,
+					name,
+					createdAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				});
+				if (!newUser) throw APIError.from("INTERNAL_SERVER_ERROR", ANONYMOUS_ERROR_CODES.FAILED_TO_CREATE_USER);
+				const session = await ctx.context.internalAdapter.createSession(newUser.id);
+				if (!session) return ctx.json(null, {
+					status: 400,
+					body: { message: ANONYMOUS_ERROR_CODES.COULD_NOT_CREATE_SESSION.message }
+				});
+				await setSessionCookie(ctx, {
+					session,
+					user: newUser
+				});
+				return ctx.json({
+					token: session.token,
+					user: parseUserOutput(ctx.context.options, newUser)
+				});
+			}),
+			deleteAnonymousUser: createAuthEndpoint("/delete-anonymous-user", {
+				method: "POST",
+				use: [sensitiveSessionMiddleware],
+				metadata: { openapi: {
+					description: "Delete an anonymous user",
+					responses: {
+						200: {
+							description: "Anonymous user deleted",
+							content: { "application/json": { schema: {
+								type: "object",
+								properties: { success: { type: "boolean" } }
+							} } }
+						},
+						"400": {
+							description: "Anonymous user deletion is disabled",
+							content: { "application/json": {
+								schema: {
+									type: "object",
+									properties: { message: { type: "string" } }
+								},
+								required: ["message"]
+							} }
+						},
+						"500": {
+							description: "Internal server error",
+							content: { "application/json": { schema: {
+								type: "object",
+								properties: { message: { type: "string" } },
+								required: ["message"]
+							} } }
+						}
+					}
+				} }
+			}, async (ctx) => {
+				const session = ctx.context.session;
+				if (options?.disableDeleteAnonymousUser) throw APIError.from("BAD_REQUEST", ANONYMOUS_ERROR_CODES.DELETE_ANONYMOUS_USER_DISABLED);
+				if (!session.user.isAnonymous) throw APIError.from("FORBIDDEN", ANONYMOUS_ERROR_CODES.USER_IS_NOT_ANONYMOUS);
+				try {
+					await ctx.context.internalAdapter.deleteUser(session.user.id);
+				} catch (error) {
+					ctx.context.logger.error("Failed to delete anonymous user", error);
+					throw APIError.from("INTERNAL_SERVER_ERROR", ANONYMOUS_ERROR_CODES.FAILED_TO_DELETE_ANONYMOUS_USER);
+				}
+				deleteSessionCookie(ctx);
+				return ctx.json({ success: true });
+			})
+		},
+		hooks: { after: [{
+			matcher(ctx) {
+				return ctx.path?.startsWith("/sign-in") || ctx.path?.startsWith("/sign-up") || ctx.path?.startsWith("/callback") || ctx.path?.startsWith("/oauth2/callback") || ctx.path?.startsWith("/magic-link/verify") || ctx.path?.startsWith("/email-otp/verify-email") || ctx.path?.startsWith("/one-tap/callback") || ctx.path?.startsWith("/passkey/verify-authentication") || ctx.path?.startsWith("/phone-number/verify") || false;
+			},
+			handler: createAuthMiddleware(async (ctx) => {
+				const setCookie = ctx.context.responseHeaders?.get("set-cookie");
+				/**
+				* We can consider the user is about to sign in or sign up
+				* if the response contains a session token.
+				*/
+				const sessionTokenName = ctx.context.authCookies.sessionToken.name;
+				if (!parseSetCookieHeader(setCookie || "").get(sessionTokenName)?.value.split(".")[0]) return;
+				/**
+				* Make sure the user had an anonymous session.
+				*/
+				const session = await getSessionFromCtx(ctx, { disableRefresh: true });
+				if (!session || !session.user.isAnonymous) return;
+				if (ctx.path === "/sign-in/anonymous" && !ctx.context.newSession) throw APIError.from("BAD_REQUEST", ANONYMOUS_ERROR_CODES.ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY);
+				const newSession = ctx.context.newSession;
+				if (!newSession) return;
+				const user = {
+					...session.user,
+					isAnonymous: session.user.isAnonymous
+				};
+				if (options?.onLinkAccount) await options?.onLinkAccount?.({
+					anonymousUser: {
+						session: session.session,
+						user
+					},
+					newUser: newSession,
+					ctx
+				});
+				const newSessionUser = newSession.user;
+				const isSameUser = newSessionUser?.id === session.user.id;
+				const newSessionIsAnonymous = Boolean(newSessionUser?.isAnonymous);
+				if (options?.disableDeleteAnonymousUser || isSameUser || newSessionIsAnonymous) return;
+				await ctx.context.internalAdapter.deleteUser(session.user.id);
+			})
+		}] },
+		options,
+		schema: mergeSchema(schema, options?.schema),
+		$ERROR_CODES: ANONYMOUS_ERROR_CODES
+	};
+};
+
+//#endregion
+export { anonymous };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/anonymous/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/anonymous/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport { generateId } from \"@better-auth/core/utils/id\";\nimport * as z from \"zod\";\nimport {\n\tAPIError,\n\tgetSessionFromCtx,\n\tsensitiveSessionMiddleware,\n} from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\tparseSetCookieHeader,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { mergeSchema, parseUserOutput } from \"../../db/schema\";\nimport { ANONYMOUS_ERROR_CODES } from \"./error-codes\";\nimport { schema } from \"./schema\";\nimport type {\n\tAnonymousOptions,\n\tAnonymousSession,\n\tUserWithAnonymous,\n} from \"./types\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\tanonymous: {\n\t\t\tcreator: typeof anonymous;\n\t\t};\n\t}\n}\n\nasync function getAnonUserEmail(\n\toptions: AnonymousOptions | undefined,\n): Promise<string> {\n\tconst customEmail = await options?.generateRandomEmail?.();\n\tif (customEmail) {\n\t\tconst validation = z.email().safeParse(customEmail);\n\t\tif (!validation.success) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\tANONYMOUS_ERROR_CODES.INVALID_EMAIL_FORMAT,\n\t\t\t);\n\t\t}\n\t\treturn customEmail;\n\t}\n\n\tconst id = generateId();\n\tif (options?.emailDomainName) {\n\t\treturn `temp-${id}@${options.emailDomainName}`;\n\t}\n\n\treturn `temp@${id}.com`;\n}\n\nexport const anonymous = (options?: AnonymousOptions | undefined) => {\n\treturn {\n\t\tid: \"anonymous\",\n\t\tendpoints: {\n\t\t\tsignInAnonymous: createAuthEndpoint(\n\t\t\t\t\"/sign-in/anonymous\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription: \"Sign in anonymously\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\t\t\tdescription: \"Sign in anonymously\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\t// If the current request already has a valid anonymous session, we should\n\t\t\t\t\t// reject any further attempts to create another anonymous user. This\n\t\t\t\t\t// prevents an anonymous user from signing in anonymously again while they\n\t\t\t\t\t// are already authenticated.\n\t\t\t\t\tconst existingSession = await getSessionFromCtx<{\n\t\t\t\t\t\tisAnonymous: boolean | null;\n\t\t\t\t\t}>(ctx, { disableRefresh: true });\n\t\t\t\t\tif (existingSession?.user.isAnonymous) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tANONYMOUS_ERROR_CODES.ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst email = await getAnonUserEmail(options);\n\t\t\t\t\tconst name = (await options?.generateName?.(ctx)) || \"Anonymous\";\n\t\t\t\t\tconst newUser = await ctx.context.internalAdapter.createUser({\n\t\t\t\t\t\temail,\n\t\t\t\t\t\temailVerified: false,\n\t\t\t\t\t\tisAnonymous: true,\n\t\t\t\t\t\tname,\n\t\t\t\t\t\tcreatedAt: new Date(),\n\t\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t\t});\n\t\t\t\t\tif (!newUser) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\t\t\tANONYMOUS_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\tnewUser.id,\n\t\t\t\t\t);\n\t\t\t\t\tif (!session) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: ANONYMOUS_ERROR_CODES.COULD_NOT_CREATE_SESSION.message,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\t\tsession,\n\t\t\t\t\t\tuser: newUser,\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\ttoken: session.token,\n\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, newUser),\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tdeleteAnonymousUser: createAuthEndpoint(\n\t\t\t\t\"/delete-anonymous-user\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sensitiveSessionMiddleware],\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription: \"Delete an anonymous user\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\t\t\tdescription: \"Anonymous user deleted\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\"400\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Anonymous user deletion is disabled\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\"500\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Internal server error\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst session = ctx.context.session as AnonymousSession;\n\n\t\t\t\t\tif (options?.disableDeleteAnonymousUser) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tANONYMOUS_ERROR_CODES.DELETE_ANONYMOUS_USER_DISABLED,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!session.user.isAnonymous) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\t\tANONYMOUS_ERROR_CODES.USER_IS_NOT_ANONYMOUS,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\ttry {\n\t\t\t\t\t\tawait ctx.context.internalAdapter.deleteUser(session.user.id);\n\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\tctx.context.logger.error(\"Failed to delete anonymous user\", error);\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\t\t\tANONYMOUS_ERROR_CODES.FAILED_TO_DELETE_ANONYMOUS_USER,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tdeleteSessionCookie(ctx);\n\t\t\t\t\treturn ctx.json({ success: true });\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(ctx) {\n\t\t\t\t\t\treturn (\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/sign-in\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/sign-up\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/callback\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/oauth2/callback\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/magic-link/verify\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/email-otp/verify-email\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/one-tap/callback\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/passkey/verify-authentication\") ||\n\t\t\t\t\t\t\tctx.path?.startsWith(\"/phone-number/verify\") ||\n\t\t\t\t\t\t\tfalse\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst setCookie = ctx.context.responseHeaders?.get(\"set-cookie\");\n\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * We can consider the user is about to sign in or sign up\n\t\t\t\t\t\t * if the response contains a session token.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tconst sessionTokenName = ctx.context.authCookies.sessionToken.name;\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * The user is about to link their account.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tconst sessionCookie = parseSetCookieHeader(setCookie || \"\")\n\t\t\t\t\t\t\t.get(sessionTokenName)\n\t\t\t\t\t\t\t?.value.split(\".\")[0]!;\n\n\t\t\t\t\t\tif (!sessionCookie) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * Make sure the user had an anonymous session.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tconst session = await getSessionFromCtx<{\n\t\t\t\t\t\t\tisAnonymous: boolean | null;\n\t\t\t\t\t\t}>(ctx, {\n\t\t\t\t\t\t\tdisableRefresh: true,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif (!session || !session.user.isAnonymous) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif (ctx.path === \"/sign-in/anonymous\" && !ctx.context.newSession) {\n\t\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\t\tANONYMOUS_ERROR_CODES.ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst newSession = ctx.context.newSession;\n\t\t\t\t\t\tif (!newSession) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst user = {\n\t\t\t\t\t\t\t...session.user,\n\t\t\t\t\t\t\t// Type hack to ensure `isAnonymous` is correctly inferred as true.\n\t\t\t\t\t\t\t// Without this, `isAnonymous` is inferred as `boolean | null` despite\n\t\t\t\t\t\t\t// the conditional checks above suggesting otherwise.\n\t\t\t\t\t\t\tisAnonymous: session.user.isAnonymous,\n\t\t\t\t\t\t};\n\n\t\t\t\t\t\t// At this point the user is linking their previous anonymous account with a\n\t\t\t\t\t\t// new credential (email / social). Invoke the provided callback so that the\n\t\t\t\t\t\t// integrator can perform any additional logic such as transferring data\n\t\t\t\t\t\t// from the anonymous user to the new user.\n\t\t\t\t\t\tif (options?.onLinkAccount) {\n\t\t\t\t\t\t\tawait options?.onLinkAccount?.({\n\t\t\t\t\t\t\t\tanonymousUser: { session: session.session, user },\n\t\t\t\t\t\t\t\tnewUser: newSession,\n\t\t\t\t\t\t\t\tctx,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst newSessionUser = newSession.user as\n\t\t\t\t\t\t\t| (UserWithAnonymous & Record<string, any>)\n\t\t\t\t\t\t\t| undefined;\n\t\t\t\t\t\tconst isSameUser = newSessionUser?.id === session.user.id;\n\t\t\t\t\t\tconst newSessionIsAnonymous = Boolean(newSessionUser?.isAnonymous);\n\t\t\t\t\t\tif (\n\t\t\t\t\t\t\toptions?.disableDeleteAnonymousUser ||\n\t\t\t\t\t\t\tisSameUser ||\n\t\t\t\t\t\t\tnewSessionIsAnonymous\n\t\t\t\t\t\t) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tawait ctx.context.internalAdapter.deleteUser(session.user.id);\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\toptions,\n\t\tschema: mergeSchema(schema, options?.schema),\n\t\t$ERROR_CODES: ANONYMOUS_ERROR_CODES,\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;;;AAkCA,eAAe,iBACd,SACkB;CAClB,MAAM,cAAc,MAAM,SAAS,uBAAuB;AAC1D,KAAI,aAAa;AAEhB,MAAI,CADe,EAAE,OAAO,CAAC,UAAU,YAAY,CACnC,QACf,OAAM,SAAS,KACd,eACA,sBAAsB,qBACtB;AAEF,SAAO;;CAGR,MAAM,KAAK,YAAY;AACvB,KAAI,SAAS,gBACZ,QAAO,QAAQ,GAAG,GAAG,QAAQ;AAG9B,QAAO,QAAQ,GAAG;;AAGnB,MAAa,aAAa,YAA2C;AACpE,QAAO;EACN,IAAI;EACJ,WAAW;GACV,iBAAiB,mBAChB,sBACA;IACC,QAAQ;IACR,UAAU,EACT,SAAS;KACR,aAAa;KACb,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY;QACX,MAAM,EACL,MAAM,6BACN;QACD,SAAS,EACR,MAAM,gCACN;QACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;AAQd,SAHwB,MAAM,kBAE3B,KAAK,EAAE,gBAAgB,MAAM,CAAC,GACZ,KAAK,YACzB,OAAM,SAAS,KACd,eACA,sBAAsB,iDACtB;IAGF,MAAM,QAAQ,MAAM,iBAAiB,QAAQ;IAC7C,MAAM,OAAQ,MAAM,SAAS,eAAe,IAAI,IAAK;IACrD,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,WAAW;KAC5D;KACA,eAAe;KACf,aAAa;KACb;KACA,2BAAW,IAAI,MAAM;KACrB,2BAAW,IAAI,MAAM;KACrB,CAAC;AACF,QAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,sBAAsB,sBACtB;IAEF,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,QAAQ,GACR;AACD,QAAI,CAAC,QACJ,QAAO,IAAI,KAAK,MAAM;KACrB,QAAQ;KACR,MAAM,EACL,SAAS,sBAAsB,yBAAyB,SACxD;KACD,CAAC;AAEH,UAAM,iBAAiB,KAAK;KAC3B;KACA,MAAM;KACN,CAAC;AACF,WAAO,IAAI,KAAK;KACf,OAAO,QAAQ;KACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,QAAQ;KACnD,CAAC;KAEH;GACD,qBAAqB,mBACpB,0BACA;IACC,QAAQ;IACR,KAAK,CAAC,2BAA2B;IACjC,UAAU,EACT,SAAS;KACR,aAAa;KACb,WAAW;MACV,KAAK;OACJ,aAAa;OACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;QACP,MAAM;QACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;QACD,EACD,EACD;OACD;MACD,OAAO;OACN,aAAa;OACb,SAAS,EACR,oBAAoB;QACnB,QAAQ;SACP,MAAM;SACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;SACD;QACD,UAAU,CAAC,UAAU;QACrB,EACD;OACD;MACD,OAAO;OACN,aAAa;OACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;QACP,MAAM;QACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;QACD,UAAU,CAAC,UAAU;QACrB,EACD,EACD;OACD;MACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;IACd,MAAM,UAAU,IAAI,QAAQ;AAE5B,QAAI,SAAS,2BACZ,OAAM,SAAS,KACd,eACA,sBAAsB,+BACtB;AAGF,QAAI,CAAC,QAAQ,KAAK,YACjB,OAAM,SAAS,KACd,aACA,sBAAsB,sBACtB;AAGF,QAAI;AACH,WAAM,IAAI,QAAQ,gBAAgB,WAAW,QAAQ,KAAK,GAAG;aACrD,OAAO;AACf,SAAI,QAAQ,OAAO,MAAM,mCAAmC,MAAM;AAClE,WAAM,SAAS,KACd,yBACA,sBAAsB,gCACtB;;AAEF,wBAAoB,IAAI;AACxB,WAAO,IAAI,KAAK,EAAE,SAAS,MAAM,CAAC;KAEnC;GACD;EACD,OAAO,EACN,OAAO,CACN;GACC,QAAQ,KAAK;AACZ,WACC,IAAI,MAAM,WAAW,WAAW,IAChC,IAAI,MAAM,WAAW,WAAW,IAChC,IAAI,MAAM,WAAW,YAAY,IACjC,IAAI,MAAM,WAAW,mBAAmB,IACxC,IAAI,MAAM,WAAW,qBAAqB,IAC1C,IAAI,MAAM,WAAW,0BAA0B,IAC/C,IAAI,MAAM,WAAW,oBAAoB,IACzC,IAAI,MAAM,WAAW,iCAAiC,IACtD,IAAI,MAAM,WAAW,uBAAuB,IAC5C;;GAGF,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,YAAY,IAAI,QAAQ,iBAAiB,IAAI,aAAa;;;;;IAMhE,MAAM,mBAAmB,IAAI,QAAQ,YAAY,aAAa;AAQ9D,QAAI,CAJkB,qBAAqB,aAAa,GAAG,CACzD,IAAI,iBAAiB,EACpB,MAAM,MAAM,IAAI,CAAC,GAGnB;;;;IAKD,MAAM,UAAU,MAAM,kBAEnB,KAAK,EACP,gBAAgB,MAChB,CAAC;AAEF,QAAI,CAAC,WAAW,CAAC,QAAQ,KAAK,YAC7B;AAGD,QAAI,IAAI,SAAS,wBAAwB,CAAC,IAAI,QAAQ,WACrD,OAAM,SAAS,KACd,eACA,sBAAsB,iDACtB;IAEF,MAAM,aAAa,IAAI,QAAQ;AAC/B,QAAI,CAAC,WACJ;IAGD,MAAM,OAAO;KACZ,GAAG,QAAQ;KAIX,aAAa,QAAQ,KAAK;KAC1B;AAMD,QAAI,SAAS,cACZ,OAAM,SAAS,gBAAgB;KAC9B,eAAe;MAAE,SAAS,QAAQ;MAAS;MAAM;KACjD,SAAS;KACT;KACA,CAAC;IAEH,MAAM,iBAAiB,WAAW;IAGlC,MAAM,aAAa,gBAAgB,OAAO,QAAQ,KAAK;IACvD,MAAM,wBAAwB,QAAQ,gBAAgB,YAAY;AAClE,QACC,SAAS,8BACT,cACA,sBAEA;AAED,UAAM,IAAI,QAAQ,gBAAgB,WAAW,QAAQ,KAAK,GAAG;KAC5D;GACF,CACD,EACD;EACD;EACA,QAAQ,YAAY,QAAQ,SAAS,OAAO;EAC5C,cAAc;EACd"}

package/dist/plugins/anonymous/schema.d.mts

@@ -0,0 +1,5 @@
+//#region src/plugins/anonymous/schema.d.ts
+declare const schema: BetterAuthPluginDBSchema;
+//#endregion
+export { schema };
+//# sourceMappingURL=schema.d.mts.map

package/dist/plugins/anonymous/schema.mjs

@@ -0,0 +1,11 @@
+//#region src/plugins/anonymous/schema.ts
+const schema = { user: { fields: { isAnonymous: {
+	type: "boolean",
+	required: false,
+	input: false,
+	defaultValue: false
+} } } };
+
+//#endregion
+export { schema };
+//# sourceMappingURL=schema.mjs.map

package/dist/plugins/anonymous/schema.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.mjs","names":[],"sources":["../../../src/plugins/anonymous/schema.ts"],"sourcesContent":["import type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\n\nexport const schema = {\n\tuser: {\n\t\tfields: {\n\t\t\tisAnonymous: {\n\t\t\t\ttype: \"boolean\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t\tdefaultValue: false,\n\t\t\t},\n\t\t},\n\t},\n} satisfies BetterAuthPluginDBSchema;\n"],"mappings":";AAEA,MAAa,SAAS,EACrB,MAAM,EACL,QAAQ,EACP,aAAa;CACZ,MAAM;CACN,UAAU;CACV,OAAO;CACP,cAAc;CACd,EACD,EACD,EACD"}