@hammadj/better-auth 1.5.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -0
- package/dist/_virtual/rolldown_runtime.mjs +36 -0
- package/dist/adapters/drizzle-adapter/index.d.mts +1 -0
- package/dist/adapters/drizzle-adapter/index.mjs +3 -0
- package/dist/adapters/index.d.mts +23 -0
- package/dist/adapters/index.mjs +13 -0
- package/dist/adapters/index.mjs.map +1 -0
- package/dist/adapters/kysely-adapter/index.d.mts +1 -0
- package/dist/adapters/kysely-adapter/index.mjs +3 -0
- package/dist/adapters/memory-adapter/index.d.mts +1 -0
- package/dist/adapters/memory-adapter/index.mjs +3 -0
- package/dist/adapters/mongodb-adapter/index.d.mts +1 -0
- package/dist/adapters/mongodb-adapter/index.mjs +3 -0
- package/dist/adapters/prisma-adapter/index.d.mts +1 -0
- package/dist/adapters/prisma-adapter/index.mjs +3 -0
- package/dist/api/index.d.mts +40 -0
- package/dist/api/index.mjs +205 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +17 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +177 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +10 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +5 -0
- package/dist/api/routes/callback.mjs +178 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +29 -0
- package/dist/api/routes/email-verification.mjs +301 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +5 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +5 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +8 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +52 -0
- package/dist/api/routes/session.mjs +478 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +8 -0
- package/dist/api/routes/sign-in.mjs +262 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +5 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +7 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +12 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +5 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +44 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/full.d.mts +30 -0
- package/dist/auth/full.mjs +32 -0
- package/dist/auth/full.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +30 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/lynx/index.d.mts +62 -0
- package/dist/client/lynx/index.mjs +24 -0
- package/dist/client/lynx/index.mjs.map +1 -0
- package/dist/client/lynx/lynx-store.d.mts +47 -0
- package/dist/client/lynx/lynx-store.mjs +47 -0
- package/dist/client/lynx/lynx-store.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +57 -0
- package/dist/client/plugins/index.d.mts +58 -0
- package/dist/client/plugins/index.mjs +33 -0
- package/dist/client/plugins/infer-plugin.d.mts +9 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +63 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/solid/index.d.mts +57 -0
- package/dist/client/solid/index.mjs +22 -0
- package/dist/client/solid/index.mjs.map +1 -0
- package/dist/client/solid/solid-store.mjs +24 -0
- package/dist/client/solid/solid-store.mjs.map +1 -0
- package/dist/client/svelte/index.d.mts +63 -0
- package/dist/client/svelte/index.mjs +20 -0
- package/dist/client/svelte/index.mjs.map +1 -0
- package/dist/client/types.d.mts +58 -0
- package/dist/client/vanilla.d.mts +62 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/client/vue/index.d.mts +86 -0
- package/dist/client/vue/index.mjs +38 -0
- package/dist/client/vue/index.mjs.map +1 -0
- package/dist/client/vue/vue-store.mjs +26 -0
- package/dist/client/vue/vue-store.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +62 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init-minimal.mjs +20 -0
- package/dist/context/init-minimal.mjs.map +1 -0
- package/dist/context/init.mjs +22 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +67 -0
- package/dist/cookies/index.mjs +264 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +28 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/adapter-kysely.d.mts +8 -0
- package/dist/db/adapter-kysely.mjs +21 -0
- package/dist/db/adapter-kysely.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +55 -0
- package/dist/db/field.mjs +11 -0
- package/dist/db/field.mjs.map +1 -0
- package/dist/db/get-migration.d.mts +23 -0
- package/dist/db/get-migration.mjs +339 -0
- package/dist/db/get-migration.mjs.map +1 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +9 -0
- package/dist/db/index.mjs +36 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +26 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +52 -0
- package/dist/index.mjs +26 -0
- package/dist/integrations/next-js.d.mts +14 -0
- package/dist/integrations/next-js.mjs +78 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/integrations/node.d.mts +13 -0
- package/dist/integrations/node.mjs +16 -0
- package/dist/integrations/node.mjs.map +1 -0
- package/dist/integrations/solid-start.d.mts +23 -0
- package/dist/integrations/solid-start.mjs +17 -0
- package/dist/integrations/solid-start.mjs.map +1 -0
- package/dist/integrations/svelte-kit.d.mts +29 -0
- package/dist/integrations/svelte-kit.mjs +57 -0
- package/dist/integrations/svelte-kit.mjs.map +1 -0
- package/dist/integrations/tanstack-start-solid.d.mts +22 -0
- package/dist/integrations/tanstack-start-solid.mjs +61 -0
- package/dist/integrations/tanstack-start-solid.mjs.map +1 -0
- package/dist/integrations/tanstack-start.d.mts +22 -0
- package/dist/integrations/tanstack-start.mjs +61 -0
- package/dist/integrations/tanstack-start.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +31 -0
- package/dist/oauth2/link-account.mjs +144 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +14 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +14 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +14 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +5 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +855 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +6 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/anonymous/client.d.mts +9 -0
- package/dist/plugins/anonymous/client.mjs +22 -0
- package/dist/plugins/anonymous/client.mjs.map +1 -0
- package/dist/plugins/anonymous/error-codes.d.mts +5 -0
- package/dist/plugins/anonymous/error-codes.mjs +16 -0
- package/dist/plugins/anonymous/error-codes.mjs.map +1 -0
- package/dist/plugins/anonymous/index.d.mts +14 -0
- package/dist/plugins/anonymous/index.mjs +163 -0
- package/dist/plugins/anonymous/index.mjs.map +1 -0
- package/dist/plugins/anonymous/schema.d.mts +5 -0
- package/dist/plugins/anonymous/schema.mjs +11 -0
- package/dist/plugins/anonymous/schema.mjs.map +1 -0
- package/dist/plugins/anonymous/types.d.mts +68 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +9 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +5 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +17 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +223 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +11 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +25 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +14 -0
- package/dist/plugins/captcha/index.mjs +60 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +25 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +29 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +10 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +26 -0
- package/dist/plugins/custom-session/index.mjs +70 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +5 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +28 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +7 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +5 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +14 -0
- package/dist/plugins/email-otp/index.mjs +108 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +564 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +74 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +19 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +5 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +15 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +34 -0
- package/dist/plugins/generic-oauth/index.mjs +137 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +394 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +145 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +21 -0
- package/dist/plugins/haveibeenpwned/index.mjs +56 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +68 -0
- package/dist/plugins/index.mjs +51 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +18 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +17 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +5 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +18 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +52 -0
- package/dist/plugins/last-login-method/index.mjs +77 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +5 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +61 -0
- package/dist/plugins/magic-link/index.mjs +167 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +46 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +8 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +5 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +22 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +39 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +44 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +8 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +32 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +26 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +159 -0
- package/dist/plugins/one-tap/client.mjs +214 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +27 -0
- package/dist/plugins/one-tap/index.mjs +96 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +7 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +53 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +45 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +205 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +151 -0
- package/dist/plugins/organization/client.mjs +107 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +5 -0
- package/dist/plugins/organization/error-codes.mjs +65 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +252 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +26 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +11 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +656 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +16 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +555 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-members.mjs +473 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-org.mjs +447 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +15 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +733 -0
- package/dist/plugins/phone-number/client.d.mts +8 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +5 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +14 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +459 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +5 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/siwe/client.d.mts +5 -0
- package/dist/plugins/siwe/client.mjs +11 -0
- package/dist/plugins/siwe/client.mjs.map +1 -0
- package/dist/plugins/siwe/error-codes.mjs +13 -0
- package/dist/plugins/siwe/error-codes.mjs.map +1 -0
- package/dist/plugins/siwe/index.d.mts +26 -0
- package/dist/plugins/siwe/index.mjs +261 -0
- package/dist/plugins/siwe/index.mjs.map +1 -0
- package/dist/plugins/siwe/schema.d.mts +5 -0
- package/dist/plugins/siwe/schema.mjs +32 -0
- package/dist/plugins/siwe/schema.mjs.map +1 -0
- package/dist/plugins/siwe/types.d.mts +44 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +91 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +17 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +5 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +19 -0
- package/dist/plugins/two-factor/index.mjs +207 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +96 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +5 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +81 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +65 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +76 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +7 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +5 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +74 -0
- package/dist/plugins/username/index.mjs +237 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +9 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/social-providers/index.d.mts +1 -0
- package/dist/social-providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/test-utils/headers.d.mts +9 -0
- package/dist/test-utils/headers.mjs +24 -0
- package/dist/test-utils/headers.mjs.map +1 -0
- package/dist/test-utils/index.d.mts +3 -0
- package/dist/test-utils/index.mjs +4 -0
- package/dist/test-utils/test-instance.d.mts +181 -0
- package/dist/test-utils/test-instance.mjs +210 -0
- package/dist/test-utils/test-instance.mjs.map +1 -0
- package/dist/types/adapter.d.mts +24 -0
- package/dist/types/api.d.mts +62 -0
- package/dist/types/auth.d.mts +30 -0
- package/dist/types/helper.d.mts +21 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +17 -0
- package/dist/types/plugins.d.mts +16 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hashing.mjs +21 -0
- package/dist/utils/hashing.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +3 -0
- package/dist/utils/index.mjs +5 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +6 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +601 -0
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
//#region src/plugins/siwe/types.d.ts
|
|
2
|
+
interface CacaoHeader {
|
|
3
|
+
t: "caip122";
|
|
4
|
+
}
|
|
5
|
+
interface CacaoPayload {
|
|
6
|
+
domain: string;
|
|
7
|
+
aud: string;
|
|
8
|
+
nonce: string;
|
|
9
|
+
iss: string;
|
|
10
|
+
version?: string | undefined;
|
|
11
|
+
iat?: string | undefined;
|
|
12
|
+
nbf?: string | undefined;
|
|
13
|
+
exp?: string | undefined;
|
|
14
|
+
statement?: string | undefined;
|
|
15
|
+
requestId?: string | undefined;
|
|
16
|
+
resources?: string[] | undefined;
|
|
17
|
+
type?: string | undefined;
|
|
18
|
+
}
|
|
19
|
+
interface Cacao {
|
|
20
|
+
h: CacaoHeader;
|
|
21
|
+
p: CacaoPayload;
|
|
22
|
+
s: {
|
|
23
|
+
t: "eip191" | "eip1271";
|
|
24
|
+
s: string;
|
|
25
|
+
m?: string | undefined;
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
interface SIWEVerifyMessageArgs {
|
|
29
|
+
message: string;
|
|
30
|
+
signature: string;
|
|
31
|
+
address: string;
|
|
32
|
+
chainId: number;
|
|
33
|
+
cacao?: Cacao | undefined;
|
|
34
|
+
}
|
|
35
|
+
interface ENSLookupArgs {
|
|
36
|
+
walletAddress: string;
|
|
37
|
+
}
|
|
38
|
+
interface ENSLookupResult {
|
|
39
|
+
name: string;
|
|
40
|
+
avatar: string;
|
|
41
|
+
}
|
|
42
|
+
//#endregion
|
|
43
|
+
export { ENSLookupArgs, ENSLookupResult, SIWEVerifyMessageArgs };
|
|
44
|
+
//# sourceMappingURL=types.d.mts.map
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
//#region src/plugins/two-factor/backup-codes/index.d.ts
|
|
2
|
+
interface BackupCodeOptions {
|
|
3
|
+
/**
|
|
4
|
+
* The amount of backup codes to generate
|
|
5
|
+
*
|
|
6
|
+
* @default 10
|
|
7
|
+
*/
|
|
8
|
+
amount?: number | undefined;
|
|
9
|
+
/**
|
|
10
|
+
* The length of the backup codes
|
|
11
|
+
*
|
|
12
|
+
* @default 10
|
|
13
|
+
*/
|
|
14
|
+
length?: number | undefined;
|
|
15
|
+
/**
|
|
16
|
+
* An optional custom function to generate backup codes
|
|
17
|
+
*/
|
|
18
|
+
customBackupCodesGenerate?: (() => string[]) | undefined;
|
|
19
|
+
/**
|
|
20
|
+
* How to store the backup codes in the database, whether encrypted or plain.
|
|
21
|
+
*/
|
|
22
|
+
storeBackupCodes?: ("plain" | "encrypted" | {
|
|
23
|
+
encrypt: (token: string) => Promise<string>;
|
|
24
|
+
decrypt: (token: string) => Promise<string>;
|
|
25
|
+
}) | undefined;
|
|
26
|
+
}
|
|
27
|
+
declare function generateBackupCodes(secret: string, options?: BackupCodeOptions | undefined): Promise<{
|
|
28
|
+
backupCodes: string[];
|
|
29
|
+
encryptedBackupCodes: string;
|
|
30
|
+
}>;
|
|
31
|
+
declare function verifyBackupCode(data: {
|
|
32
|
+
backupCodes: string;
|
|
33
|
+
code: string;
|
|
34
|
+
}, key: string, options?: BackupCodeOptions | undefined): Promise<{
|
|
35
|
+
status: any;
|
|
36
|
+
updated: any;
|
|
37
|
+
}>;
|
|
38
|
+
declare function getBackupCodes(backupCodes: string, key: string, options?: BackupCodeOptions | undefined): Promise<any>;
|
|
39
|
+
declare const backupCode2fa: (opts: BackupCodeOptions) => {
|
|
40
|
+
id: string;
|
|
41
|
+
endpoints: {
|
|
42
|
+
/**
|
|
43
|
+
* ### Endpoint
|
|
44
|
+
*
|
|
45
|
+
* POST `/two-factor/verify-backup-code`
|
|
46
|
+
*
|
|
47
|
+
* ### API Methods
|
|
48
|
+
*
|
|
49
|
+
* **server:**
|
|
50
|
+
* `auth.api.verifyBackupCode`
|
|
51
|
+
*
|
|
52
|
+
* **client:**
|
|
53
|
+
* `authClient.twoFactor.verifyBackupCode`
|
|
54
|
+
*
|
|
55
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-verify-backup-code)
|
|
56
|
+
*/
|
|
57
|
+
verifyBackupCode: any;
|
|
58
|
+
/**
|
|
59
|
+
* ### Endpoint
|
|
60
|
+
*
|
|
61
|
+
* POST `/two-factor/generate-backup-codes`
|
|
62
|
+
*
|
|
63
|
+
* ### API Methods
|
|
64
|
+
*
|
|
65
|
+
* **server:**
|
|
66
|
+
* `auth.api.generateBackupCodes`
|
|
67
|
+
*
|
|
68
|
+
* **client:**
|
|
69
|
+
* `authClient.twoFactor.generateBackupCodes`
|
|
70
|
+
*
|
|
71
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-generate-backup-codes)
|
|
72
|
+
*/
|
|
73
|
+
generateBackupCodes: any;
|
|
74
|
+
/**
|
|
75
|
+
* ### Endpoint
|
|
76
|
+
*
|
|
77
|
+
* POST `/two-factor/view-backup-codes`
|
|
78
|
+
*
|
|
79
|
+
* ### API Methods
|
|
80
|
+
*
|
|
81
|
+
* **server:**
|
|
82
|
+
* `auth.api.viewBackupCodes`
|
|
83
|
+
*
|
|
84
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-view-backup-codes)
|
|
85
|
+
*/
|
|
86
|
+
viewBackupCodes: any;
|
|
87
|
+
};
|
|
88
|
+
};
|
|
89
|
+
//#endregion
|
|
90
|
+
export { BackupCodeOptions, backupCode2fa, generateBackupCodes, getBackupCodes, verifyBackupCode };
|
|
91
|
+
//# sourceMappingURL=index.d.mts.map
|
|
@@ -0,0 +1,277 @@
|
|
|
1
|
+
import { generateRandomString } from "../../../crypto/random.mjs";
|
|
2
|
+
import { symmetricDecrypt, symmetricEncrypt } from "../../../crypto/index.mjs";
|
|
3
|
+
import { parseUserOutput } from "../../../db/schema.mjs";
|
|
4
|
+
import { sessionMiddleware } from "../../../api/routes/session.mjs";
|
|
5
|
+
import "../../../api/index.mjs";
|
|
6
|
+
import { TWO_FACTOR_ERROR_CODES } from "../error-code.mjs";
|
|
7
|
+
import { verifyTwoFactor } from "../verify-two-factor.mjs";
|
|
8
|
+
import { APIError } from "@better-auth/core/error";
|
|
9
|
+
import { safeJSONParse } from "@better-auth/core/utils/json";
|
|
10
|
+
import { createAuthEndpoint } from "@better-auth/core/api";
|
|
11
|
+
import * as z from "zod";
|
|
12
|
+
|
|
13
|
+
//#region src/plugins/two-factor/backup-codes/index.ts
|
|
14
|
+
function generateBackupCodesFn(options) {
|
|
15
|
+
return Array.from({ length: options?.amount ?? 10 }).fill(null).map(() => generateRandomString(options?.length ?? 10, "a-z", "0-9", "A-Z")).map((code) => `${code.slice(0, 5)}-${code.slice(5)}`);
|
|
16
|
+
}
|
|
17
|
+
async function generateBackupCodes(secret, options) {
|
|
18
|
+
const backupCodes = options?.customBackupCodesGenerate ? options.customBackupCodesGenerate() : generateBackupCodesFn(options);
|
|
19
|
+
if (options?.storeBackupCodes === "encrypted") return {
|
|
20
|
+
backupCodes,
|
|
21
|
+
encryptedBackupCodes: await symmetricEncrypt({
|
|
22
|
+
data: JSON.stringify(backupCodes),
|
|
23
|
+
key: secret
|
|
24
|
+
})
|
|
25
|
+
};
|
|
26
|
+
if (typeof options?.storeBackupCodes === "object" && "encrypt" in options?.storeBackupCodes) return {
|
|
27
|
+
backupCodes,
|
|
28
|
+
encryptedBackupCodes: await options?.storeBackupCodes.encrypt(JSON.stringify(backupCodes))
|
|
29
|
+
};
|
|
30
|
+
return {
|
|
31
|
+
backupCodes,
|
|
32
|
+
encryptedBackupCodes: JSON.stringify(backupCodes)
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
async function verifyBackupCode(data, key, options) {
|
|
36
|
+
const codes = await getBackupCodes(data.backupCodes, key, options);
|
|
37
|
+
if (!codes) return {
|
|
38
|
+
status: false,
|
|
39
|
+
updated: null
|
|
40
|
+
};
|
|
41
|
+
return {
|
|
42
|
+
status: codes.includes(data.code),
|
|
43
|
+
updated: codes.filter((code) => code !== data.code)
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
async function getBackupCodes(backupCodes, key, options) {
|
|
47
|
+
if (options?.storeBackupCodes === "encrypted") return safeJSONParse(await symmetricDecrypt({
|
|
48
|
+
key,
|
|
49
|
+
data: backupCodes
|
|
50
|
+
}));
|
|
51
|
+
if (typeof options?.storeBackupCodes === "object" && "decrypt" in options?.storeBackupCodes) return safeJSONParse(await options?.storeBackupCodes.decrypt(backupCodes));
|
|
52
|
+
return safeJSONParse(backupCodes);
|
|
53
|
+
}
|
|
54
|
+
const verifyBackupCodeBodySchema = z.object({
|
|
55
|
+
code: z.string().meta({ description: `A backup code to verify. Eg: "123456"` }),
|
|
56
|
+
disableSession: z.boolean().meta({ description: "If true, the session cookie will not be set." }).optional(),
|
|
57
|
+
trustDevice: z.boolean().meta({ description: "If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true" }).optional()
|
|
58
|
+
});
|
|
59
|
+
const viewBackupCodesBodySchema = z.object({ userId: z.coerce.string().meta({ description: `The user ID to view all backup codes. Eg: "user-id"` }) });
|
|
60
|
+
const generateBackupCodesBodySchema = z.object({ password: z.string().meta({ description: "The users password." }) });
|
|
61
|
+
const backupCode2fa = (opts) => {
|
|
62
|
+
const twoFactorTable = "twoFactor";
|
|
63
|
+
return {
|
|
64
|
+
id: "backup_code",
|
|
65
|
+
endpoints: {
|
|
66
|
+
verifyBackupCode: createAuthEndpoint("/two-factor/verify-backup-code", {
|
|
67
|
+
method: "POST",
|
|
68
|
+
body: verifyBackupCodeBodySchema,
|
|
69
|
+
metadata: { openapi: {
|
|
70
|
+
description: "Verify a backup code for two-factor authentication",
|
|
71
|
+
responses: { "200": {
|
|
72
|
+
description: "Backup code verified successfully",
|
|
73
|
+
content: { "application/json": { schema: {
|
|
74
|
+
type: "object",
|
|
75
|
+
properties: {
|
|
76
|
+
user: {
|
|
77
|
+
type: "object",
|
|
78
|
+
properties: {
|
|
79
|
+
id: {
|
|
80
|
+
type: "string",
|
|
81
|
+
description: "Unique identifier of the user"
|
|
82
|
+
},
|
|
83
|
+
email: {
|
|
84
|
+
type: "string",
|
|
85
|
+
format: "email",
|
|
86
|
+
nullable: true,
|
|
87
|
+
description: "User's email address"
|
|
88
|
+
},
|
|
89
|
+
emailVerified: {
|
|
90
|
+
type: "boolean",
|
|
91
|
+
nullable: true,
|
|
92
|
+
description: "Whether the email is verified"
|
|
93
|
+
},
|
|
94
|
+
name: {
|
|
95
|
+
type: "string",
|
|
96
|
+
nullable: true,
|
|
97
|
+
description: "User's name"
|
|
98
|
+
},
|
|
99
|
+
image: {
|
|
100
|
+
type: "string",
|
|
101
|
+
format: "uri",
|
|
102
|
+
nullable: true,
|
|
103
|
+
description: "User's profile image URL"
|
|
104
|
+
},
|
|
105
|
+
twoFactorEnabled: {
|
|
106
|
+
type: "boolean",
|
|
107
|
+
description: "Whether two-factor authentication is enabled for the user"
|
|
108
|
+
},
|
|
109
|
+
createdAt: {
|
|
110
|
+
type: "string",
|
|
111
|
+
format: "date-time",
|
|
112
|
+
description: "Timestamp when the user was created"
|
|
113
|
+
},
|
|
114
|
+
updatedAt: {
|
|
115
|
+
type: "string",
|
|
116
|
+
format: "date-time",
|
|
117
|
+
description: "Timestamp when the user was last updated"
|
|
118
|
+
}
|
|
119
|
+
},
|
|
120
|
+
required: [
|
|
121
|
+
"id",
|
|
122
|
+
"twoFactorEnabled",
|
|
123
|
+
"createdAt",
|
|
124
|
+
"updatedAt"
|
|
125
|
+
],
|
|
126
|
+
description: "The authenticated user object with two-factor details"
|
|
127
|
+
},
|
|
128
|
+
session: {
|
|
129
|
+
type: "object",
|
|
130
|
+
properties: {
|
|
131
|
+
token: {
|
|
132
|
+
type: "string",
|
|
133
|
+
description: "Session token"
|
|
134
|
+
},
|
|
135
|
+
userId: {
|
|
136
|
+
type: "string",
|
|
137
|
+
description: "ID of the user associated with the session"
|
|
138
|
+
},
|
|
139
|
+
createdAt: {
|
|
140
|
+
type: "string",
|
|
141
|
+
format: "date-time",
|
|
142
|
+
description: "Timestamp when the session was created"
|
|
143
|
+
},
|
|
144
|
+
expiresAt: {
|
|
145
|
+
type: "string",
|
|
146
|
+
format: "date-time",
|
|
147
|
+
description: "Timestamp when the session expires"
|
|
148
|
+
}
|
|
149
|
+
},
|
|
150
|
+
required: [
|
|
151
|
+
"token",
|
|
152
|
+
"userId",
|
|
153
|
+
"createdAt",
|
|
154
|
+
"expiresAt"
|
|
155
|
+
],
|
|
156
|
+
description: "The current session object, included unless disableSession is true"
|
|
157
|
+
}
|
|
158
|
+
},
|
|
159
|
+
required: ["user", "session"]
|
|
160
|
+
} } }
|
|
161
|
+
} }
|
|
162
|
+
} }
|
|
163
|
+
}, async (ctx) => {
|
|
164
|
+
const { session, valid } = await verifyTwoFactor(ctx);
|
|
165
|
+
const user = session.user;
|
|
166
|
+
const twoFactor = await ctx.context.adapter.findOne({
|
|
167
|
+
model: twoFactorTable,
|
|
168
|
+
where: [{
|
|
169
|
+
field: "userId",
|
|
170
|
+
value: user.id
|
|
171
|
+
}]
|
|
172
|
+
});
|
|
173
|
+
if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.BACKUP_CODES_NOT_ENABLED);
|
|
174
|
+
const validate = await verifyBackupCode({
|
|
175
|
+
backupCodes: twoFactor.backupCodes,
|
|
176
|
+
code: ctx.body.code
|
|
177
|
+
}, ctx.context.secret, opts);
|
|
178
|
+
if (!validate.status) throw APIError.from("UNAUTHORIZED", TWO_FACTOR_ERROR_CODES.INVALID_BACKUP_CODE);
|
|
179
|
+
const updatedBackupCodes = await symmetricEncrypt({
|
|
180
|
+
key: ctx.context.secret,
|
|
181
|
+
data: JSON.stringify(validate.updated)
|
|
182
|
+
});
|
|
183
|
+
if (!await ctx.context.adapter.update({
|
|
184
|
+
model: twoFactorTable,
|
|
185
|
+
update: { backupCodes: updatedBackupCodes },
|
|
186
|
+
where: [{
|
|
187
|
+
field: "id",
|
|
188
|
+
value: twoFactor.id
|
|
189
|
+
}, {
|
|
190
|
+
field: "backupCodes",
|
|
191
|
+
value: twoFactor.backupCodes
|
|
192
|
+
}]
|
|
193
|
+
})) throw APIError.fromStatus("CONFLICT", { message: "Failed to verify backup code. Please try again." });
|
|
194
|
+
if (!ctx.body.disableSession) return valid(ctx);
|
|
195
|
+
return ctx.json({
|
|
196
|
+
token: session.session?.token,
|
|
197
|
+
user: parseUserOutput(ctx.context.options, session.user)
|
|
198
|
+
});
|
|
199
|
+
}),
|
|
200
|
+
generateBackupCodes: createAuthEndpoint("/two-factor/generate-backup-codes", {
|
|
201
|
+
method: "POST",
|
|
202
|
+
body: generateBackupCodesBodySchema,
|
|
203
|
+
use: [sessionMiddleware],
|
|
204
|
+
metadata: { openapi: {
|
|
205
|
+
description: "Generate new backup codes for two-factor authentication",
|
|
206
|
+
responses: { "200": {
|
|
207
|
+
description: "Backup codes generated successfully",
|
|
208
|
+
content: { "application/json": { schema: {
|
|
209
|
+
type: "object",
|
|
210
|
+
properties: {
|
|
211
|
+
status: {
|
|
212
|
+
type: "boolean",
|
|
213
|
+
description: "Indicates if the backup codes were generated successfully",
|
|
214
|
+
enum: [true]
|
|
215
|
+
},
|
|
216
|
+
backupCodes: {
|
|
217
|
+
type: "array",
|
|
218
|
+
items: { type: "string" },
|
|
219
|
+
description: "Array of generated backup codes in plain text"
|
|
220
|
+
}
|
|
221
|
+
},
|
|
222
|
+
required: ["status", "backupCodes"]
|
|
223
|
+
} } }
|
|
224
|
+
} }
|
|
225
|
+
} }
|
|
226
|
+
}, async (ctx) => {
|
|
227
|
+
const user = ctx.context.session.user;
|
|
228
|
+
if (!user.twoFactorEnabled) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TWO_FACTOR_NOT_ENABLED);
|
|
229
|
+
await ctx.context.password.checkPassword(user.id, ctx);
|
|
230
|
+
const twoFactor = await ctx.context.adapter.findOne({
|
|
231
|
+
model: twoFactorTable,
|
|
232
|
+
where: [{
|
|
233
|
+
field: "userId",
|
|
234
|
+
value: user.id
|
|
235
|
+
}]
|
|
236
|
+
});
|
|
237
|
+
if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TWO_FACTOR_NOT_ENABLED);
|
|
238
|
+
const backupCodes = await generateBackupCodes(ctx.context.secret, opts);
|
|
239
|
+
await ctx.context.adapter.update({
|
|
240
|
+
model: twoFactorTable,
|
|
241
|
+
update: { backupCodes: backupCodes.encryptedBackupCodes },
|
|
242
|
+
where: [{
|
|
243
|
+
field: "id",
|
|
244
|
+
value: twoFactor.id
|
|
245
|
+
}]
|
|
246
|
+
});
|
|
247
|
+
return ctx.json({
|
|
248
|
+
status: true,
|
|
249
|
+
backupCodes: backupCodes.backupCodes
|
|
250
|
+
});
|
|
251
|
+
}),
|
|
252
|
+
viewBackupCodes: createAuthEndpoint({
|
|
253
|
+
method: "POST",
|
|
254
|
+
body: viewBackupCodesBodySchema
|
|
255
|
+
}, async (ctx) => {
|
|
256
|
+
const twoFactor = await ctx.context.adapter.findOne({
|
|
257
|
+
model: twoFactorTable,
|
|
258
|
+
where: [{
|
|
259
|
+
field: "userId",
|
|
260
|
+
value: ctx.body.userId
|
|
261
|
+
}]
|
|
262
|
+
});
|
|
263
|
+
if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.BACKUP_CODES_NOT_ENABLED);
|
|
264
|
+
const decryptedBackupCodes = await getBackupCodes(twoFactor.backupCodes, ctx.context.secret, opts);
|
|
265
|
+
if (!decryptedBackupCodes) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.INVALID_BACKUP_CODE);
|
|
266
|
+
return ctx.json({
|
|
267
|
+
status: true,
|
|
268
|
+
backupCodes: decryptedBackupCodes
|
|
269
|
+
});
|
|
270
|
+
})
|
|
271
|
+
}
|
|
272
|
+
};
|
|
273
|
+
};
|
|
274
|
+
|
|
275
|
+
//#endregion
|
|
276
|
+
export { backupCode2fa, generateBackupCodes };
|
|
277
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","names":[],"sources":["../../../../src/plugins/two-factor/backup-codes/index.ts"],"sourcesContent":["import { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError } from \"@better-auth/core/error\";\nimport { safeJSONParse } from \"@better-auth/core/utils/json\";\nimport * as z from \"zod\";\nimport { sessionMiddleware } from \"../../../api\";\nimport { symmetricDecrypt, symmetricEncrypt } from \"../../../crypto\";\nimport { generateRandomString } from \"../../../crypto/random\";\nimport { parseUserOutput } from \"../../../db/schema\";\nimport { TWO_FACTOR_ERROR_CODES } from \"../error-code\";\nimport type {\n\tTwoFactorProvider,\n\tTwoFactorTable,\n\tUserWithTwoFactor,\n} from \"../types\";\nimport { verifyTwoFactor } from \"../verify-two-factor\";\n\nexport interface BackupCodeOptions {\n\t/**\n\t * The amount of backup codes to generate\n\t *\n\t * @default 10\n\t */\n\tamount?: number | undefined;\n\t/**\n\t * The length of the backup codes\n\t *\n\t * @default 10\n\t */\n\tlength?: number | undefined;\n\t/**\n\t * An optional custom function to generate backup codes\n\t */\n\tcustomBackupCodesGenerate?: (() => string[]) | undefined;\n\t/**\n\t * How to store the backup codes in the database, whether encrypted or plain.\n\t */\n\tstoreBackupCodes?:\n\t\t| (\n\t\t\t\t| \"plain\"\n\t\t\t\t| \"encrypted\"\n\t\t\t\t| {\n\t\t\t\t\t\tencrypt: (token: string) => Promise<string>;\n\t\t\t\t\t\tdecrypt: (token: string) => Promise<string>;\n\t\t\t\t }\n\t\t )\n\t\t| undefined;\n}\n\nfunction generateBackupCodesFn(options?: BackupCodeOptions | undefined) {\n\treturn Array.from({ length: options?.amount ?? 10 })\n\t\t.fill(null)\n\t\t.map(() => generateRandomString(options?.length ?? 10, \"a-z\", \"0-9\", \"A-Z\"))\n\t\t.map((code) => `${code.slice(0, 5)}-${code.slice(5)}`);\n}\n\nexport async function generateBackupCodes(\n\tsecret: string,\n\toptions?: BackupCodeOptions | undefined,\n) {\n\tconst backupCodes = options?.customBackupCodesGenerate\n\t\t? options.customBackupCodesGenerate()\n\t\t: generateBackupCodesFn(options);\n\tif (options?.storeBackupCodes === \"encrypted\") {\n\t\tconst encCodes = await symmetricEncrypt({\n\t\t\tdata: JSON.stringify(backupCodes),\n\t\t\tkey: secret,\n\t\t});\n\t\treturn {\n\t\t\tbackupCodes,\n\t\t\tencryptedBackupCodes: encCodes,\n\t\t};\n\t}\n\tif (\n\t\ttypeof options?.storeBackupCodes === \"object\" &&\n\t\t\"encrypt\" in options?.storeBackupCodes\n\t) {\n\t\treturn {\n\t\t\tbackupCodes,\n\t\t\tencryptedBackupCodes: await options?.storeBackupCodes.encrypt(\n\t\t\t\tJSON.stringify(backupCodes),\n\t\t\t),\n\t\t};\n\t}\n\treturn {\n\t\tbackupCodes,\n\t\tencryptedBackupCodes: JSON.stringify(backupCodes),\n\t};\n}\n\nexport async function verifyBackupCode(\n\tdata: {\n\t\tbackupCodes: string;\n\t\tcode: string;\n\t},\n\tkey: string,\n\toptions?: BackupCodeOptions | undefined,\n) {\n\tconst codes = await getBackupCodes(data.backupCodes, key, options);\n\tif (!codes) {\n\t\treturn {\n\t\t\tstatus: false,\n\t\t\tupdated: null,\n\t\t};\n\t}\n\treturn {\n\t\tstatus: codes.includes(data.code),\n\t\tupdated: codes.filter((code) => code !== data.code),\n\t};\n}\n\nexport async function getBackupCodes(\n\tbackupCodes: string,\n\tkey: string,\n\toptions?: BackupCodeOptions | undefined,\n) {\n\tif (options?.storeBackupCodes === \"encrypted\") {\n\t\tconst decrypted = await symmetricDecrypt({ key, data: backupCodes });\n\t\treturn safeJSONParse<string[]>(decrypted);\n\t}\n\tif (\n\t\ttypeof options?.storeBackupCodes === \"object\" &&\n\t\t\"decrypt\" in options?.storeBackupCodes\n\t) {\n\t\tconst decrypted = await options?.storeBackupCodes.decrypt(backupCodes);\n\t\treturn safeJSONParse<string[]>(decrypted);\n\t}\n\n\treturn safeJSONParse<string[]>(backupCodes);\n}\n\nconst verifyBackupCodeBodySchema = z.object({\n\tcode: z.string().meta({\n\t\tdescription: `A backup code to verify. Eg: \"123456\"`,\n\t}),\n\t/**\n\t * Disable setting the session cookie\n\t */\n\tdisableSession: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription: \"If true, the session cookie will not be set.\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * if true, the device will be trusted\n\t * for 30 days. It'll be refreshed on\n\t * every sign in request within this time.\n\t */\n\ttrustDevice: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true\",\n\t\t})\n\t\t.optional(),\n});\n\nconst viewBackupCodesBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: `The user ID to view all backup codes. Eg: \"user-id\"`,\n\t}),\n});\n\nconst generateBackupCodesBodySchema = z.object({\n\tpassword: z.string().meta({\n\t\tdescription: \"The users password.\",\n\t}),\n});\n\nexport const backupCode2fa = (opts: BackupCodeOptions) => {\n\tconst twoFactorTable = \"twoFactor\";\n\n\treturn {\n\t\tid: \"backup_code\",\n\t\tendpoints: {\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/verify-backup-code`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.verifyBackupCode`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.verifyBackupCode`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-verify-backup-code)\n\t\t\t */\n\t\t\tverifyBackupCode: createAuthEndpoint(\n\t\t\t\t\"/two-factor/verify-backup-code\",\n\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: verifyBackupCodeBodySchema,\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription: \"Verify a backup code for two-factor authentication\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Backup code verified successfully\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Unique identifier of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"email\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"User's email address\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Whether the email is verified\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"User's name\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"User's profile image URL\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttwoFactorEnabled: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Whether two-factor authentication is enabled for the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Timestamp when the user was created\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Timestamp when the user was last updated\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"twoFactorEnabled\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"The authenticated user object with two-factor details\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Session token\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"ID of the user associated with the session\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Timestamp when the session was created\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Timestamp when the session expires\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"token\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"userId\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"expiresAt\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"The current session object, included unless disableSession is true\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\trequired: [\"user\", \"session\"],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst { session, valid } = await verifyTwoFactor(ctx);\n\t\t\t\t\tconst user = session.user as UserWithTwoFactor;\n\t\t\t\t\tconst twoFactor = await ctx.context.adapter.findOne<TwoFactorTable>({\n\t\t\t\t\t\tmodel: twoFactorTable,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!twoFactor) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tTWO_FACTOR_ERROR_CODES.BACKUP_CODES_NOT_ENABLED,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst validate = await verifyBackupCode(\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbackupCodes: twoFactor.backupCodes,\n\t\t\t\t\t\t\tcode: ctx.body.code,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\topts,\n\t\t\t\t\t);\n\t\t\t\t\tif (!validate.status) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\t\t\tTWO_FACTOR_ERROR_CODES.INVALID_BACKUP_CODE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst updatedBackupCodes = await symmetricEncrypt({\n\t\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\t\tdata: JSON.stringify(validate.updated),\n\t\t\t\t\t});\n\n\t\t\t\t\tconst updated = await ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: twoFactorTable,\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\tbackupCodes: updatedBackupCodes,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: twoFactor.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"backupCodes\",\n\t\t\t\t\t\t\t\tvalue: twoFactor.backupCodes,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!updated) {\n\t\t\t\t\t\tthrow APIError.fromStatus(\"CONFLICT\", {\n\t\t\t\t\t\t\tmessage: \"Failed to verify backup code. Please try again.\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!ctx.body.disableSession) {\n\t\t\t\t\t\treturn valid(ctx);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\ttoken: session.session?.token,\n\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, session.user),\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/generate-backup-codes`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.generateBackupCodes`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.generateBackupCodes`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-generate-backup-codes)\n\t\t\t */\n\t\t\tgenerateBackupCodes: createAuthEndpoint(\n\t\t\t\t\"/two-factor/generate-backup-codes\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: generateBackupCodesBodySchema,\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Generate new backup codes for two-factor authentication\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Backup codes generated successfully\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates if the backup codes were generated successfully\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tenum: [true],\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tbackupCodes: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\titems: { type: \"string\" },\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Array of generated backup codes in plain text\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\trequired: [\"status\", \"backupCodes\"],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tif (!user.twoFactorEnabled) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tTWO_FACTOR_ERROR_CODES.TWO_FACTOR_NOT_ENABLED,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tawait ctx.context.password.checkPassword(user.id, ctx);\n\n\t\t\t\t\t// First, find the twoFactor record to get its id\n\t\t\t\t\tconst twoFactor = await ctx.context.adapter.findOne<TwoFactorTable>({\n\t\t\t\t\t\tmodel: twoFactorTable,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\n\t\t\t\t\tif (!twoFactor) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tTWO_FACTOR_ERROR_CODES.TWO_FACTOR_NOT_ENABLED,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst backupCodes = await generateBackupCodes(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\topts,\n\t\t\t\t\t);\n\n\t\t\t\t\t// Use the id to update the record\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: twoFactorTable,\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\tbackupCodes: backupCodes.encryptedBackupCodes,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: twoFactor.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\tbackupCodes: backupCodes.backupCodes,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/view-backup-codes`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.viewBackupCodes`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-view-backup-codes)\n\t\t\t */\n\t\t\tviewBackupCodes: createAuthEndpoint(\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: viewBackupCodesBodySchema,\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst twoFactor = await ctx.context.adapter.findOne<TwoFactorTable>({\n\t\t\t\t\t\tmodel: twoFactorTable,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: ctx.body.userId,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!twoFactor) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tTWO_FACTOR_ERROR_CODES.BACKUP_CODES_NOT_ENABLED,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst decryptedBackupCodes = await getBackupCodes(\n\t\t\t\t\t\ttwoFactor.backupCodes,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\topts,\n\t\t\t\t\t);\n\n\t\t\t\t\tif (!decryptedBackupCodes) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tTWO_FACTOR_ERROR_CODES.INVALID_BACKUP_CODE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\tbackupCodes: decryptedBackupCodes,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n"],"mappings":";;;;;;;;;;;;;AAgDA,SAAS,sBAAsB,SAAyC;AACvE,QAAO,MAAM,KAAK,EAAE,QAAQ,SAAS,UAAU,IAAI,CAAC,CAClD,KAAK,KAAK,CACV,UAAU,qBAAqB,SAAS,UAAU,IAAI,OAAO,OAAO,MAAM,CAAC,CAC3E,KAAK,SAAS,GAAG,KAAK,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,MAAM,EAAE,GAAG;;AAGxD,eAAsB,oBACrB,QACA,SACC;CACD,MAAM,cAAc,SAAS,4BAC1B,QAAQ,2BAA2B,GACnC,sBAAsB,QAAQ;AACjC,KAAI,SAAS,qBAAqB,YAKjC,QAAO;EACN;EACA,sBANgB,MAAM,iBAAiB;GACvC,MAAM,KAAK,UAAU,YAAY;GACjC,KAAK;GACL,CAAC;EAID;AAEF,KACC,OAAO,SAAS,qBAAqB,YACrC,aAAa,SAAS,iBAEtB,QAAO;EACN;EACA,sBAAsB,MAAM,SAAS,iBAAiB,QACrD,KAAK,UAAU,YAAY,CAC3B;EACD;AAEF,QAAO;EACN;EACA,sBAAsB,KAAK,UAAU,YAAY;EACjD;;AAGF,eAAsB,iBACrB,MAIA,KACA,SACC;CACD,MAAM,QAAQ,MAAM,eAAe,KAAK,aAAa,KAAK,QAAQ;AAClE,KAAI,CAAC,MACJ,QAAO;EACN,QAAQ;EACR,SAAS;EACT;AAEF,QAAO;EACN,QAAQ,MAAM,SAAS,KAAK,KAAK;EACjC,SAAS,MAAM,QAAQ,SAAS,SAAS,KAAK,KAAK;EACnD;;AAGF,eAAsB,eACrB,aACA,KACA,SACC;AACD,KAAI,SAAS,qBAAqB,YAEjC,QAAO,cADW,MAAM,iBAAiB;EAAE;EAAK,MAAM;EAAa,CAAC,CAC3B;AAE1C,KACC,OAAO,SAAS,qBAAqB,YACrC,aAAa,SAAS,iBAGtB,QAAO,cADW,MAAM,SAAS,iBAAiB,QAAQ,YAAY,CAC7B;AAG1C,QAAO,cAAwB,YAAY;;AAG5C,MAAM,6BAA6B,EAAE,OAAO;CAC3C,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,yCACb,CAAC;CAIF,gBAAgB,EACd,SAAS,CACT,KAAK,EACL,aAAa,gDACb,CAAC,CACD,UAAU;CAMZ,aAAa,EACX,SAAS,CACT,KAAK,EACL,aACC,2HACD,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,uDACb,CAAC,EACF,CAAC;AAEF,MAAM,gCAAgC,EAAE,OAAO,EAC9C,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,uBACb,CAAC,EACF,CAAC;AAEF,MAAa,iBAAiB,SAA4B;CACzD,MAAM,iBAAiB;AAEvB,QAAO;EACN,IAAI;EACJ,WAAW;GAgBV,kBAAkB,mBACjB,kCAEA;IACC,QAAQ;IACR,MAAM;IACN,UAAU,EACT,SAAS;KACR,aAAa;KACb,WAAW,EACV,OAAO;MACN,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY;QACX,MAAM;SACL,MAAM;SACN,YAAY;UACX,IAAI;WACH,MAAM;WACN,aAAa;WACb;UACD,OAAO;WACN,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACb;UACD,eAAe;WACd,MAAM;WACN,UAAU;WACV,aAAa;WACb;UACD,MAAM;WACL,MAAM;WACN,UAAU;WACV,aAAa;WACb;UACD,OAAO;WACN,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACb;UACD,kBAAkB;WACjB,MAAM;WACN,aACC;WACD;UACD,WAAW;WACV,MAAM;WACN,QAAQ;WACR,aACC;WACD;UACD,WAAW;WACV,MAAM;WACN,QAAQ;WACR,aACC;WACD;UACD;SACD,UAAU;UACT;UACA;UACA;UACA;UACA;SACD,aACC;SACD;QACD,SAAS;SACR,MAAM;SACN,YAAY;UACX,OAAO;WACN,MAAM;WACN,aAAa;WACb;UACD,QAAQ;WACP,MAAM;WACN,aACC;WACD;UACD,WAAW;WACV,MAAM;WACN,QAAQ;WACR,aACC;WACD;UACD,WAAW;WACV,MAAM;WACN,QAAQ;WACR,aACC;WACD;UACD;SACD,UAAU;UACT;UACA;UACA;UACA;UACA;SACD,aACC;SACD;QACD;OACD,UAAU,CAAC,QAAQ,UAAU;OAC7B,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;IACd,MAAM,EAAE,SAAS,UAAU,MAAM,gBAAgB,IAAI;IACrD,MAAM,OAAO,QAAQ;IACrB,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,QAAwB;KACnE,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,KAAK;MACZ,CACD;KACD,CAAC;AACF,QAAI,CAAC,UACJ,OAAM,SAAS,KACd,eACA,uBAAuB,yBACvB;IAEF,MAAM,WAAW,MAAM,iBACtB;KACC,aAAa,UAAU;KACvB,MAAM,IAAI,KAAK;KACf,EACD,IAAI,QAAQ,QACZ,KACA;AACD,QAAI,CAAC,SAAS,OACb,OAAM,SAAS,KACd,gBACA,uBAAuB,oBACvB;IAEF,MAAM,qBAAqB,MAAM,iBAAiB;KACjD,KAAK,IAAI,QAAQ;KACjB,MAAM,KAAK,UAAU,SAAS,QAAQ;KACtC,CAAC;AAkBF,QAAI,CAhBY,MAAM,IAAI,QAAQ,QAAQ,OAAO;KAChD,OAAO;KACP,QAAQ,EACP,aAAa,oBACb;KACD,OAAO,CACN;MACC,OAAO;MACP,OAAO,UAAU;MACjB,EACD;MACC,OAAO;MACP,OAAO,UAAU;MACjB,CACD;KACD,CAAC,CAED,OAAM,SAAS,WAAW,YAAY,EACrC,SAAS,mDACT,CAAC;AAGH,QAAI,CAAC,IAAI,KAAK,eACb,QAAO,MAAM,IAAI;AAElB,WAAO,IAAI,KAAK;KACf,OAAO,QAAQ,SAAS;KACxB,MAAM,gBAAgB,IAAI,QAAQ,SAAS,QAAQ,KAAK;KACxD,CAAC;KAEH;GAgBD,qBAAqB,mBACpB,qCACA;IACC,QAAQ;IACR,MAAM;IACN,KAAK,CAAC,kBAAkB;IACxB,UAAU,EACT,SAAS;KACR,aACC;KACD,WAAW,EACV,OAAO;MACN,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY;QACX,QAAQ;SACP,MAAM;SACN,aACC;SACD,MAAM,CAAC,KAAK;SACZ;QACD,aAAa;SACZ,MAAM;SACN,OAAO,EAAE,MAAM,UAAU;SACzB,aACC;SACD;QACD;OACD,UAAU,CAAC,UAAU,cAAc;OACnC,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;IACd,MAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,QAAI,CAAC,KAAK,iBACT,OAAM,SAAS,KACd,eACA,uBAAuB,uBACvB;AAEF,UAAM,IAAI,QAAQ,SAAS,cAAc,KAAK,IAAI,IAAI;IAGtD,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,QAAwB;KACnE,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,KAAK;MACZ,CACD;KACD,CAAC;AAEF,QAAI,CAAC,UACJ,OAAM,SAAS,KACd,eACA,uBAAuB,uBACvB;IAGF,MAAM,cAAc,MAAM,oBACzB,IAAI,QAAQ,QACZ,KACA;AAGD,UAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,QAAQ,EACP,aAAa,YAAY,sBACzB;KACD,OAAO,CACN;MACC,OAAO;MACP,OAAO,UAAU;MACjB,CACD;KACD,CAAC;AACF,WAAO,IAAI,KAAK;KACf,QAAQ;KACR,aAAa,YAAY;KACzB,CAAC;KAEH;GAaD,iBAAiB,mBAChB;IACC,QAAQ;IACR,MAAM;IACN,EACD,OAAO,QAAQ;IACd,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,QAAwB;KACnE,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,IAAI,KAAK;MAChB,CACD;KACD,CAAC;AACF,QAAI,CAAC,UACJ,OAAM,SAAS,KACd,eACA,uBAAuB,yBACvB;IAEF,MAAM,uBAAuB,MAAM,eAClC,UAAU,aACV,IAAI,QAAQ,QACZ,KACA;AAED,QAAI,CAAC,qBACJ,OAAM,SAAS,KACd,eACA,uBAAuB,oBACvB;AAEF,WAAO,IAAI,KAAK;KACf,QAAQ;KACR,aAAa;KACb,CAAC;KAEH;GACD;EACD"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { TWO_FACTOR_ERROR_CODES } from "./error-code.mjs";
|
|
2
|
+
import { BackupCodeOptions, backupCode2fa, generateBackupCodes, getBackupCodes, verifyBackupCode } from "./backup-codes/index.mjs";
|
|
3
|
+
import { TOTPOptions, totp2fa } from "./totp/index.mjs";
|
|
4
|
+
import { TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor } from "./types.mjs";
|
|
5
|
+
import { OTPOptions, otp2fa } from "./otp/index.mjs";
|
|
6
|
+
|
|
7
|
+
//#region src/plugins/two-factor/client.d.ts
|
|
8
|
+
declare const twoFactorClient: (options?: {
|
|
9
|
+
/**
|
|
10
|
+
* a redirect function to call if a user needs to verify
|
|
11
|
+
* their two factor
|
|
12
|
+
*/
|
|
13
|
+
onTwoFactorRedirect?: () => void | Promise<void>;
|
|
14
|
+
} | undefined) => BetterAuthClientPlugin;
|
|
15
|
+
//#endregion
|
|
16
|
+
export { twoFactorClient };
|
|
17
|
+
//# sourceMappingURL=client.d.mts.map
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { TWO_FACTOR_ERROR_CODES } from "./error-code.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/plugins/two-factor/client.ts
|
|
4
|
+
const twoFactorClient = (options) => {
|
|
5
|
+
return {
|
|
6
|
+
id: "two-factor",
|
|
7
|
+
$InferServerPlugin: {},
|
|
8
|
+
atomListeners: [{
|
|
9
|
+
matcher: (path) => path.startsWith("/two-factor/"),
|
|
10
|
+
signal: "$sessionSignal"
|
|
11
|
+
}],
|
|
12
|
+
pathMethods: {
|
|
13
|
+
"/two-factor/disable": "POST",
|
|
14
|
+
"/two-factor/enable": "POST",
|
|
15
|
+
"/two-factor/send-otp": "POST",
|
|
16
|
+
"/two-factor/generate-backup-codes": "POST",
|
|
17
|
+
"/two-factor/get-totp-uri": "POST",
|
|
18
|
+
"/two-factor/verify-totp": "POST",
|
|
19
|
+
"/two-factor/verify-otp": "POST",
|
|
20
|
+
"/two-factor/verify-backup-code": "POST"
|
|
21
|
+
},
|
|
22
|
+
fetchPlugins: [{
|
|
23
|
+
id: "two-factor",
|
|
24
|
+
name: "two-factor",
|
|
25
|
+
hooks: { async onSuccess(context) {
|
|
26
|
+
if (context.data?.twoFactorRedirect) {
|
|
27
|
+
if (options?.onTwoFactorRedirect) await options.onTwoFactorRedirect();
|
|
28
|
+
}
|
|
29
|
+
} }
|
|
30
|
+
}],
|
|
31
|
+
$ERROR_CODES: TWO_FACTOR_ERROR_CODES
|
|
32
|
+
};
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
//#endregion
|
|
36
|
+
export { twoFactorClient };
|
|
37
|
+
//# sourceMappingURL=client.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/two-factor/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { twoFactor as twoFa } from \".\";\nimport { TWO_FACTOR_ERROR_CODES } from \"./error-code\";\n\nexport * from \"./error-code\";\n\nexport const twoFactorClient = (\n\toptions?:\n\t\t| {\n\t\t\t\t/**\n\t\t\t\t * a redirect function to call if a user needs to verify\n\t\t\t\t * their two factor\n\t\t\t\t */\n\t\t\t\tonTwoFactorRedirect?: () => void | Promise<void>;\n\t\t }\n\t\t| undefined,\n) => {\n\treturn {\n\t\tid: \"two-factor\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof twoFa>,\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher: (path) => path.startsWith(\"/two-factor/\"),\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t],\n\t\tpathMethods: {\n\t\t\t\"/two-factor/disable\": \"POST\",\n\t\t\t\"/two-factor/enable\": \"POST\",\n\t\t\t\"/two-factor/send-otp\": \"POST\",\n\t\t\t\"/two-factor/generate-backup-codes\": \"POST\",\n\t\t\t\"/two-factor/get-totp-uri\": \"POST\",\n\t\t\t\"/two-factor/verify-totp\": \"POST\",\n\t\t\t\"/two-factor/verify-otp\": \"POST\",\n\t\t\t\"/two-factor/verify-backup-code\": \"POST\",\n\t\t},\n\t\tfetchPlugins: [\n\t\t\t{\n\t\t\t\tid: \"two-factor\",\n\t\t\t\tname: \"two-factor\",\n\t\t\t\thooks: {\n\t\t\t\t\tasync onSuccess(context) {\n\t\t\t\t\t\tif (context.data?.twoFactorRedirect) {\n\t\t\t\t\t\t\tif (options?.onTwoFactorRedirect) {\n\t\t\t\t\t\t\t\tawait options.onTwoFactorRedirect();\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: TWO_FACTOR_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n\nexport type * from \"./backup-codes\";\nexport type * from \"./otp\";\nexport type * from \"./totp\";\nexport type * from \"./types\";\n"],"mappings":";;;AAMA,MAAa,mBACZ,YASI;AACJ,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB,eAAe,CACd;GACC,UAAU,SAAS,KAAK,WAAW,eAAe;GAClD,QAAQ;GACR,CACD;EACD,aAAa;GACZ,uBAAuB;GACvB,sBAAsB;GACtB,wBAAwB;GACxB,qCAAqC;GACrC,4BAA4B;GAC5B,2BAA2B;GAC3B,0BAA0B;GAC1B,kCAAkC;GAClC;EACD,cAAc,CACb;GACC,IAAI;GACJ,MAAM;GACN,OAAO,EACN,MAAM,UAAU,SAAS;AACxB,QAAI,QAAQ,MAAM,mBACjB;SAAI,SAAS,oBACZ,OAAM,QAAQ,qBAAqB;;MAItC;GACD,CACD;EACD,cAAc;EACd"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
//#region src/plugins/two-factor/constant.ts
|
|
2
|
+
const TWO_FACTOR_COOKIE_NAME = "two_factor";
|
|
3
|
+
const TRUST_DEVICE_COOKIE_NAME = "trust_device";
|
|
4
|
+
const TRUST_DEVICE_COOKIE_MAX_AGE = 720 * 60 * 60;
|
|
5
|
+
|
|
6
|
+
//#endregion
|
|
7
|
+
export { TRUST_DEVICE_COOKIE_MAX_AGE, TRUST_DEVICE_COOKIE_NAME, TWO_FACTOR_COOKIE_NAME };
|
|
8
|
+
//# sourceMappingURL=constant.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constant.mjs","names":[],"sources":["../../../src/plugins/two-factor/constant.ts"],"sourcesContent":["export const TWO_FACTOR_COOKIE_NAME = \"two_factor\";\nexport const TRUST_DEVICE_COOKIE_NAME = \"trust_device\";\nexport const TRUST_DEVICE_COOKIE_MAX_AGE = 30 * 24 * 60 * 60; // 30 days\n"],"mappings":";AAAA,MAAa,yBAAyB;AACtC,MAAa,2BAA2B;AACxC,MAAa,8BAA8B,MAAU,KAAK"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { defineErrorCodes } from "@better-auth/core/utils/error-codes";
|
|
2
|
+
|
|
3
|
+
//#region src/plugins/two-factor/error-code.ts
|
|
4
|
+
const TWO_FACTOR_ERROR_CODES = defineErrorCodes({
|
|
5
|
+
OTP_NOT_ENABLED: "OTP not enabled",
|
|
6
|
+
OTP_HAS_EXPIRED: "OTP has expired",
|
|
7
|
+
TOTP_NOT_ENABLED: "TOTP not enabled",
|
|
8
|
+
TWO_FACTOR_NOT_ENABLED: "Two factor isn't enabled",
|
|
9
|
+
BACKUP_CODES_NOT_ENABLED: "Backup codes aren't enabled",
|
|
10
|
+
INVALID_BACKUP_CODE: "Invalid backup code",
|
|
11
|
+
INVALID_CODE: "Invalid code",
|
|
12
|
+
TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE: "Too many attempts. Please request a new code.",
|
|
13
|
+
INVALID_TWO_FACTOR_COOKIE: "Invalid two factor cookie"
|
|
14
|
+
});
|
|
15
|
+
|
|
16
|
+
//#endregion
|
|
17
|
+
export { TWO_FACTOR_ERROR_CODES };
|
|
18
|
+
//# sourceMappingURL=error-code.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"error-code.mjs","names":[],"sources":["../../../src/plugins/two-factor/error-code.ts"],"sourcesContent":["import { defineErrorCodes } from \"@better-auth/core/utils/error-codes\";\n\nexport const TWO_FACTOR_ERROR_CODES = defineErrorCodes({\n\tOTP_NOT_ENABLED: \"OTP not enabled\",\n\tOTP_HAS_EXPIRED: \"OTP has expired\",\n\tTOTP_NOT_ENABLED: \"TOTP not enabled\",\n\tTWO_FACTOR_NOT_ENABLED: \"Two factor isn't enabled\",\n\tBACKUP_CODES_NOT_ENABLED: \"Backup codes aren't enabled\",\n\tINVALID_BACKUP_CODE: \"Invalid backup code\",\n\tINVALID_CODE: \"Invalid code\",\n\tTOO_MANY_ATTEMPTS_REQUEST_NEW_CODE:\n\t\t\"Too many attempts. Please request a new code.\",\n\tINVALID_TWO_FACTOR_COOKIE: \"Invalid two factor cookie\",\n});\n"],"mappings":";;;AAEA,MAAa,yBAAyB,iBAAiB;CACtD,iBAAiB;CACjB,iBAAiB;CACjB,kBAAkB;CAClB,wBAAwB;CACxB,0BAA0B;CAC1B,qBAAqB;CACrB,cAAc;CACd,oCACC;CACD,2BAA2B;CAC3B,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { TWO_FACTOR_ERROR_CODES } from "./error-code.mjs";
|
|
2
|
+
import { BackupCodeOptions, backupCode2fa, generateBackupCodes, getBackupCodes, verifyBackupCode } from "./backup-codes/index.mjs";
|
|
3
|
+
import { TOTPOptions, totp2fa } from "./totp/index.mjs";
|
|
4
|
+
import { TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor } from "./types.mjs";
|
|
5
|
+
import { OTPOptions, otp2fa } from "./otp/index.mjs";
|
|
6
|
+
import { twoFactorClient } from "./client.mjs";
|
|
7
|
+
|
|
8
|
+
//#region src/plugins/two-factor/index.d.ts
|
|
9
|
+
declare module "@better-auth/core" {
|
|
10
|
+
interface BetterAuthPluginRegistry<AuthOptions, Options> {
|
|
11
|
+
"two-factor": {
|
|
12
|
+
creator: typeof twoFactor;
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
declare const twoFactor: <O extends TwoFactorOptions>(options?: O) => BetterAuthPlugin;
|
|
17
|
+
//#endregion
|
|
18
|
+
export { BackupCodeOptions, OTPOptions, TOTPOptions, TWO_FACTOR_ERROR_CODES, TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor, backupCode2fa, generateBackupCodes, getBackupCodes, otp2fa, totp2fa, twoFactor, twoFactorClient, verifyBackupCode };
|
|
19
|
+
//# sourceMappingURL=index.d.mts.map
|