npm - @hammadj/better-auth - Versions diffs - 1.5.0-beta.10 - Mend

@hammadj/better-auth 1.5.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (687) hide show

package/README.md +33 -0
package/dist/_virtual/rolldown_runtime.mjs +36 -0
package/dist/adapters/drizzle-adapter/index.d.mts +1 -0
package/dist/adapters/drizzle-adapter/index.mjs +3 -0
package/dist/adapters/index.d.mts +23 -0
package/dist/adapters/index.mjs +13 -0
package/dist/adapters/index.mjs.map +1 -0
package/dist/adapters/kysely-adapter/index.d.mts +1 -0
package/dist/adapters/kysely-adapter/index.mjs +3 -0
package/dist/adapters/memory-adapter/index.d.mts +1 -0
package/dist/adapters/memory-adapter/index.mjs +3 -0
package/dist/adapters/mongodb-adapter/index.d.mts +1 -0
package/dist/adapters/mongodb-adapter/index.mjs +3 -0
package/dist/adapters/prisma-adapter/index.d.mts +1 -0
package/dist/adapters/prisma-adapter/index.mjs +3 -0
package/dist/api/index.d.mts +40 -0
package/dist/api/index.mjs +205 -0
package/dist/api/index.mjs.map +1 -0
package/dist/api/middlewares/index.d.mts +1 -0
package/dist/api/middlewares/index.mjs +3 -0
package/dist/api/middlewares/origin-check.d.mts +17 -0
package/dist/api/middlewares/origin-check.mjs +140 -0
package/dist/api/middlewares/origin-check.mjs.map +1 -0
package/dist/api/rate-limiter/index.mjs +177 -0
package/dist/api/rate-limiter/index.mjs.map +1 -0
package/dist/api/routes/account.d.mts +10 -0
package/dist/api/routes/account.mjs +493 -0
package/dist/api/routes/account.mjs.map +1 -0
package/dist/api/routes/callback.d.mts +5 -0
package/dist/api/routes/callback.mjs +178 -0
package/dist/api/routes/callback.mjs.map +1 -0
package/dist/api/routes/email-verification.d.mts +29 -0
package/dist/api/routes/email-verification.mjs +301 -0
package/dist/api/routes/email-verification.mjs.map +1 -0
package/dist/api/routes/error.d.mts +5 -0
package/dist/api/routes/error.mjs +386 -0
package/dist/api/routes/error.mjs.map +1 -0
package/dist/api/routes/index.d.mts +11 -0
package/dist/api/routes/index.mjs +13 -0
package/dist/api/routes/ok.d.mts +5 -0
package/dist/api/routes/ok.mjs +30 -0
package/dist/api/routes/ok.mjs.map +1 -0
package/dist/api/routes/password.d.mts +8 -0
package/dist/api/routes/password.mjs +198 -0
package/dist/api/routes/password.mjs.map +1 -0
package/dist/api/routes/session.d.mts +52 -0
package/dist/api/routes/session.mjs +478 -0
package/dist/api/routes/session.mjs.map +1 -0
package/dist/api/routes/sign-in.d.mts +8 -0
package/dist/api/routes/sign-in.mjs +262 -0
package/dist/api/routes/sign-in.mjs.map +1 -0
package/dist/api/routes/sign-out.d.mts +5 -0
package/dist/api/routes/sign-out.mjs +33 -0
package/dist/api/routes/sign-out.mjs.map +1 -0
package/dist/api/routes/sign-up.d.mts +7 -0
package/dist/api/routes/sign-up.mjs +227 -0
package/dist/api/routes/sign-up.mjs.map +1 -0
package/dist/api/routes/update-user.d.mts +12 -0
package/dist/api/routes/update-user.mjs +493 -0
package/dist/api/routes/update-user.mjs.map +1 -0
package/dist/api/state/oauth.d.mts +5 -0
package/dist/api/state/oauth.mjs +8 -0
package/dist/api/state/oauth.mjs.map +1 -0
package/dist/api/state/should-session-refresh.d.mts +13 -0
package/dist/api/state/should-session-refresh.mjs +16 -0
package/dist/api/state/should-session-refresh.mjs.map +1 -0
package/dist/api/to-auth-endpoints.mjs +197 -0
package/dist/api/to-auth-endpoints.mjs.map +1 -0
package/dist/auth/base.mjs +44 -0
package/dist/auth/base.mjs.map +1 -0
package/dist/auth/full.d.mts +30 -0
package/dist/auth/full.mjs +32 -0
package/dist/auth/full.mjs.map +1 -0
package/dist/auth/minimal.d.mts +12 -0
package/dist/auth/minimal.mjs +14 -0
package/dist/auth/minimal.mjs.map +1 -0
package/dist/auth/trusted-origins.mjs +31 -0
package/dist/auth/trusted-origins.mjs.map +1 -0
package/dist/client/broadcast-channel.d.mts +20 -0
package/dist/client/broadcast-channel.mjs +46 -0
package/dist/client/broadcast-channel.mjs.map +1 -0
package/dist/client/config.mjs +90 -0
package/dist/client/config.mjs.map +1 -0
package/dist/client/fetch-plugins.mjs +18 -0
package/dist/client/fetch-plugins.mjs.map +1 -0
package/dist/client/focus-manager.d.mts +11 -0
package/dist/client/focus-manager.mjs +32 -0
package/dist/client/focus-manager.mjs.map +1 -0
package/dist/client/index.d.mts +30 -0
package/dist/client/index.mjs +21 -0
package/dist/client/index.mjs.map +1 -0
package/dist/client/lynx/index.d.mts +62 -0
package/dist/client/lynx/index.mjs +24 -0
package/dist/client/lynx/index.mjs.map +1 -0
package/dist/client/lynx/lynx-store.d.mts +47 -0
package/dist/client/lynx/lynx-store.mjs +47 -0
package/dist/client/lynx/lynx-store.mjs.map +1 -0
package/dist/client/online-manager.d.mts +12 -0
package/dist/client/online-manager.mjs +35 -0
package/dist/client/online-manager.mjs.map +1 -0
package/dist/client/parser.mjs +73 -0
package/dist/client/parser.mjs.map +1 -0
package/dist/client/path-to-object.d.mts +57 -0
package/dist/client/plugins/index.d.mts +58 -0
package/dist/client/plugins/index.mjs +33 -0
package/dist/client/plugins/infer-plugin.d.mts +9 -0
package/dist/client/plugins/infer-plugin.mjs +11 -0
package/dist/client/plugins/infer-plugin.mjs.map +1 -0
package/dist/client/proxy.mjs +79 -0
package/dist/client/proxy.mjs.map +1 -0
package/dist/client/query.d.mts +23 -0
package/dist/client/query.mjs +98 -0
package/dist/client/query.mjs.map +1 -0
package/dist/client/react/index.d.mts +63 -0
package/dist/client/react/index.mjs +24 -0
package/dist/client/react/index.mjs.map +1 -0
package/dist/client/react/react-store.d.mts +47 -0
package/dist/client/react/react-store.mjs +47 -0
package/dist/client/react/react-store.mjs.map +1 -0
package/dist/client/session-atom.mjs +29 -0
package/dist/client/session-atom.mjs.map +1 -0
package/dist/client/session-refresh.d.mts +28 -0
package/dist/client/session-refresh.mjs +140 -0
package/dist/client/session-refresh.mjs.map +1 -0
package/dist/client/solid/index.d.mts +57 -0
package/dist/client/solid/index.mjs +22 -0
package/dist/client/solid/index.mjs.map +1 -0
package/dist/client/solid/solid-store.mjs +24 -0
package/dist/client/solid/solid-store.mjs.map +1 -0
package/dist/client/svelte/index.d.mts +63 -0
package/dist/client/svelte/index.mjs +20 -0
package/dist/client/svelte/index.mjs.map +1 -0
package/dist/client/types.d.mts +58 -0
package/dist/client/vanilla.d.mts +62 -0
package/dist/client/vanilla.mjs +20 -0
package/dist/client/vanilla.mjs.map +1 -0
package/dist/client/vue/index.d.mts +86 -0
package/dist/client/vue/index.mjs +38 -0
package/dist/client/vue/index.mjs.map +1 -0
package/dist/client/vue/vue-store.mjs +26 -0
package/dist/client/vue/vue-store.mjs.map +1 -0
package/dist/context/create-context.mjs +211 -0
package/dist/context/create-context.mjs.map +1 -0
package/dist/context/helpers.mjs +62 -0
package/dist/context/helpers.mjs.map +1 -0
package/dist/context/init-minimal.mjs +20 -0
package/dist/context/init-minimal.mjs.map +1 -0
package/dist/context/init.mjs +22 -0
package/dist/context/init.mjs.map +1 -0
package/dist/cookies/cookie-utils.d.mts +29 -0
package/dist/cookies/cookie-utils.mjs +105 -0
package/dist/cookies/cookie-utils.mjs.map +1 -0
package/dist/cookies/index.d.mts +67 -0
package/dist/cookies/index.mjs +264 -0
package/dist/cookies/index.mjs.map +1 -0
package/dist/cookies/session-store.d.mts +36 -0
package/dist/cookies/session-store.mjs +200 -0
package/dist/cookies/session-store.mjs.map +1 -0
package/dist/crypto/buffer.d.mts +8 -0
package/dist/crypto/buffer.mjs +18 -0
package/dist/crypto/buffer.mjs.map +1 -0
package/dist/crypto/index.d.mts +27 -0
package/dist/crypto/index.mjs +38 -0
package/dist/crypto/index.mjs.map +1 -0
package/dist/crypto/jwt.d.mts +8 -0
package/dist/crypto/jwt.mjs +95 -0
package/dist/crypto/jwt.mjs.map +1 -0
package/dist/crypto/password.d.mts +12 -0
package/dist/crypto/password.mjs +36 -0
package/dist/crypto/password.mjs.map +1 -0
package/dist/crypto/random.d.mts +5 -0
package/dist/crypto/random.mjs +8 -0
package/dist/crypto/random.mjs.map +1 -0
package/dist/db/adapter-base.d.mts +8 -0
package/dist/db/adapter-base.mjs +28 -0
package/dist/db/adapter-base.mjs.map +1 -0
package/dist/db/adapter-kysely.d.mts +8 -0
package/dist/db/adapter-kysely.mjs +21 -0
package/dist/db/adapter-kysely.mjs.map +1 -0
package/dist/db/field-converter.d.mts +8 -0
package/dist/db/field-converter.mjs +21 -0
package/dist/db/field-converter.mjs.map +1 -0
package/dist/db/field.d.mts +55 -0
package/dist/db/field.mjs +11 -0
package/dist/db/field.mjs.map +1 -0
package/dist/db/get-migration.d.mts +23 -0
package/dist/db/get-migration.mjs +339 -0
package/dist/db/get-migration.mjs.map +1 -0
package/dist/db/get-schema.d.mts +11 -0
package/dist/db/get-schema.mjs +39 -0
package/dist/db/get-schema.mjs.map +1 -0
package/dist/db/index.d.mts +9 -0
package/dist/db/index.mjs +36 -0
package/dist/db/index.mjs.map +1 -0
package/dist/db/internal-adapter.d.mts +14 -0
package/dist/db/internal-adapter.mjs +616 -0
package/dist/db/internal-adapter.mjs.map +1 -0
package/dist/db/schema.d.mts +26 -0
package/dist/db/schema.mjs +118 -0
package/dist/db/schema.mjs.map +1 -0
package/dist/db/to-zod.d.mts +36 -0
package/dist/db/to-zod.mjs +26 -0
package/dist/db/to-zod.mjs.map +1 -0
package/dist/db/verification-token-storage.mjs +28 -0
package/dist/db/verification-token-storage.mjs.map +1 -0
package/dist/db/with-hooks.d.mts +33 -0
package/dist/db/with-hooks.mjs +159 -0
package/dist/db/with-hooks.mjs.map +1 -0
package/dist/index.d.mts +52 -0
package/dist/index.mjs +26 -0
package/dist/integrations/next-js.d.mts +14 -0
package/dist/integrations/next-js.mjs +78 -0
package/dist/integrations/next-js.mjs.map +1 -0
package/dist/integrations/node.d.mts +13 -0
package/dist/integrations/node.mjs +16 -0
package/dist/integrations/node.mjs.map +1 -0
package/dist/integrations/solid-start.d.mts +23 -0
package/dist/integrations/solid-start.mjs +17 -0
package/dist/integrations/solid-start.mjs.map +1 -0
package/dist/integrations/svelte-kit.d.mts +29 -0
package/dist/integrations/svelte-kit.mjs +57 -0
package/dist/integrations/svelte-kit.mjs.map +1 -0
package/dist/integrations/tanstack-start-solid.d.mts +22 -0
package/dist/integrations/tanstack-start-solid.mjs +61 -0
package/dist/integrations/tanstack-start-solid.mjs.map +1 -0
package/dist/integrations/tanstack-start.d.mts +22 -0
package/dist/integrations/tanstack-start.mjs +61 -0
package/dist/integrations/tanstack-start.mjs.map +1 -0
package/dist/oauth2/index.d.mts +5 -0
package/dist/oauth2/index.mjs +7 -0
package/dist/oauth2/link-account.d.mts +31 -0
package/dist/oauth2/link-account.mjs +144 -0
package/dist/oauth2/link-account.mjs.map +1 -0
package/dist/oauth2/state.d.mts +26 -0
package/dist/oauth2/state.mjs +51 -0
package/dist/oauth2/state.mjs.map +1 -0
package/dist/oauth2/utils.d.mts +8 -0
package/dist/oauth2/utils.mjs +31 -0
package/dist/oauth2/utils.mjs.map +1 -0
package/dist/plugins/access/access.d.mts +30 -0
package/dist/plugins/access/access.mjs +46 -0
package/dist/plugins/access/access.mjs.map +1 -0
package/dist/plugins/access/index.d.mts +3 -0
package/dist/plugins/access/index.mjs +3 -0
package/dist/plugins/access/types.d.mts +17 -0
package/dist/plugins/additional-fields/client.d.mts +14 -0
package/dist/plugins/additional-fields/client.mjs +11 -0
package/dist/plugins/additional-fields/client.mjs.map +1 -0
package/dist/plugins/admin/access/index.d.mts +2 -0
package/dist/plugins/admin/access/index.mjs +3 -0
package/dist/plugins/admin/access/statement.d.mts +118 -0
package/dist/plugins/admin/access/statement.mjs +53 -0
package/dist/plugins/admin/access/statement.mjs.map +1 -0
package/dist/plugins/admin/admin.d.mts +14 -0
package/dist/plugins/admin/admin.mjs +95 -0
package/dist/plugins/admin/admin.mjs.map +1 -0
package/dist/plugins/admin/client.d.mts +14 -0
package/dist/plugins/admin/client.mjs +36 -0
package/dist/plugins/admin/client.mjs.map +1 -0
package/dist/plugins/admin/error-codes.d.mts +5 -0
package/dist/plugins/admin/error-codes.mjs +30 -0
package/dist/plugins/admin/error-codes.mjs.map +1 -0
package/dist/plugins/admin/has-permission.mjs +16 -0
package/dist/plugins/admin/has-permission.mjs.map +1 -0
package/dist/plugins/admin/index.d.mts +3 -0
package/dist/plugins/admin/index.mjs +3 -0
package/dist/plugins/admin/routes.mjs +855 -0
package/dist/plugins/admin/routes.mjs.map +1 -0
package/dist/plugins/admin/schema.d.mts +6 -0
package/dist/plugins/admin/schema.mjs +34 -0
package/dist/plugins/admin/schema.mjs.map +1 -0
package/dist/plugins/admin/types.d.mts +89 -0
package/dist/plugins/anonymous/client.d.mts +9 -0
package/dist/plugins/anonymous/client.mjs +22 -0
package/dist/plugins/anonymous/client.mjs.map +1 -0
package/dist/plugins/anonymous/error-codes.d.mts +5 -0
package/dist/plugins/anonymous/error-codes.mjs +16 -0
package/dist/plugins/anonymous/error-codes.mjs.map +1 -0
package/dist/plugins/anonymous/index.d.mts +14 -0
package/dist/plugins/anonymous/index.mjs +163 -0
package/dist/plugins/anonymous/index.mjs.map +1 -0
package/dist/plugins/anonymous/schema.d.mts +5 -0
package/dist/plugins/anonymous/schema.mjs +11 -0
package/dist/plugins/anonymous/schema.mjs.map +1 -0
package/dist/plugins/anonymous/types.d.mts +68 -0
package/dist/plugins/api-key/adapter.mjs +468 -0
package/dist/plugins/api-key/adapter.mjs.map +1 -0
package/dist/plugins/api-key/client.d.mts +9 -0
package/dist/plugins/api-key/client.mjs +19 -0
package/dist/plugins/api-key/client.mjs.map +1 -0
package/dist/plugins/api-key/error-codes.d.mts +5 -0
package/dist/plugins/api-key/error-codes.mjs +34 -0
package/dist/plugins/api-key/error-codes.mjs.map +1 -0
package/dist/plugins/api-key/index.d.mts +17 -0
package/dist/plugins/api-key/index.mjs +134 -0
package/dist/plugins/api-key/index.mjs.map +1 -0
package/dist/plugins/api-key/rate-limit.mjs +74 -0
package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/index.mjs +71 -0
package/dist/plugins/api-key/routes/index.mjs.map +1 -0
package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/verify-api-key.mjs +223 -0
package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
package/dist/plugins/api-key/schema.d.mts +11 -0
package/dist/plugins/api-key/schema.mjs +130 -0
package/dist/plugins/api-key/schema.mjs.map +1 -0
package/dist/plugins/api-key/types.d.mts +346 -0
package/dist/plugins/bearer/index.d.mts +25 -0
package/dist/plugins/bearer/index.mjs +66 -0
package/dist/plugins/bearer/index.mjs.map +1 -0
package/dist/plugins/captcha/constants.d.mts +10 -0
package/dist/plugins/captcha/constants.mjs +22 -0
package/dist/plugins/captcha/constants.mjs.map +1 -0
package/dist/plugins/captcha/error-codes.mjs +16 -0
package/dist/plugins/captcha/error-codes.mjs.map +1 -0
package/dist/plugins/captcha/index.d.mts +14 -0
package/dist/plugins/captcha/index.mjs +60 -0
package/dist/plugins/captcha/index.mjs.map +1 -0
package/dist/plugins/captcha/types.d.mts +28 -0
package/dist/plugins/captcha/utils.mjs +11 -0
package/dist/plugins/captcha/utils.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/captchafox.mjs +27 -0
package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +25 -0
package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +29 -0
package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +27 -0
package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
package/dist/plugins/custom-session/client.d.mts +10 -0
package/dist/plugins/custom-session/client.mjs +11 -0
package/dist/plugins/custom-session/client.mjs.map +1 -0
package/dist/plugins/custom-session/index.d.mts +26 -0
package/dist/plugins/custom-session/index.mjs +70 -0
package/dist/plugins/custom-session/index.mjs.map +1 -0
package/dist/plugins/device-authorization/client.d.mts +5 -0
package/dist/plugins/device-authorization/client.mjs +18 -0
package/dist/plugins/device-authorization/client.mjs.map +1 -0
package/dist/plugins/device-authorization/error-codes.mjs +21 -0
package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
package/dist/plugins/device-authorization/index.d.mts +28 -0
package/dist/plugins/device-authorization/index.mjs +50 -0
package/dist/plugins/device-authorization/index.mjs.map +1 -0
package/dist/plugins/device-authorization/routes.mjs +510 -0
package/dist/plugins/device-authorization/routes.mjs.map +1 -0
package/dist/plugins/device-authorization/schema.mjs +57 -0
package/dist/plugins/device-authorization/schema.mjs.map +1 -0
package/dist/plugins/email-otp/client.d.mts +7 -0
package/dist/plugins/email-otp/client.mjs +18 -0
package/dist/plugins/email-otp/client.mjs.map +1 -0
package/dist/plugins/email-otp/error-codes.d.mts +5 -0
package/dist/plugins/email-otp/error-codes.mjs +12 -0
package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
package/dist/plugins/email-otp/index.d.mts +14 -0
package/dist/plugins/email-otp/index.mjs +108 -0
package/dist/plugins/email-otp/index.mjs.map +1 -0
package/dist/plugins/email-otp/otp-token.mjs +29 -0
package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
package/dist/plugins/email-otp/routes.mjs +564 -0
package/dist/plugins/email-otp/routes.mjs.map +1 -0
package/dist/plugins/email-otp/types.d.mts +74 -0
package/dist/plugins/email-otp/utils.mjs +17 -0
package/dist/plugins/email-otp/utils.mjs.map +1 -0
package/dist/plugins/generic-oauth/client.d.mts +19 -0
package/dist/plugins/generic-oauth/client.mjs +14 -0
package/dist/plugins/generic-oauth/client.mjs.map +1 -0
package/dist/plugins/generic-oauth/error-codes.d.mts +5 -0
package/dist/plugins/generic-oauth/error-codes.mjs +15 -0
package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
package/dist/plugins/generic-oauth/index.d.mts +34 -0
package/dist/plugins/generic-oauth/index.mjs +137 -0
package/dist/plugins/generic-oauth/index.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
package/dist/plugins/generic-oauth/routes.mjs +394 -0
package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
package/dist/plugins/generic-oauth/types.d.mts +145 -0
package/dist/plugins/haveibeenpwned/index.d.mts +21 -0
package/dist/plugins/haveibeenpwned/index.mjs +56 -0
package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
package/dist/plugins/index.d.mts +68 -0
package/dist/plugins/index.mjs +51 -0
package/dist/plugins/jwt/adapter.mjs +27 -0
package/dist/plugins/jwt/adapter.mjs.map +1 -0
package/dist/plugins/jwt/client.d.mts +18 -0
package/dist/plugins/jwt/client.mjs +19 -0
package/dist/plugins/jwt/client.mjs.map +1 -0
package/dist/plugins/jwt/index.d.mts +17 -0
package/dist/plugins/jwt/index.mjs +202 -0
package/dist/plugins/jwt/index.mjs.map +1 -0
package/dist/plugins/jwt/schema.d.mts +5 -0
package/dist/plugins/jwt/schema.mjs +23 -0
package/dist/plugins/jwt/schema.mjs.map +1 -0
package/dist/plugins/jwt/sign.d.mts +57 -0
package/dist/plugins/jwt/sign.mjs +66 -0
package/dist/plugins/jwt/sign.mjs.map +1 -0
package/dist/plugins/jwt/types.d.mts +194 -0
package/dist/plugins/jwt/utils.d.mts +42 -0
package/dist/plugins/jwt/utils.mjs +64 -0
package/dist/plugins/jwt/utils.mjs.map +1 -0
package/dist/plugins/jwt/verify.d.mts +12 -0
package/dist/plugins/jwt/verify.mjs +46 -0
package/dist/plugins/jwt/verify.mjs.map +1 -0
package/dist/plugins/last-login-method/client.d.mts +18 -0
package/dist/plugins/last-login-method/client.mjs +32 -0
package/dist/plugins/last-login-method/client.mjs.map +1 -0
package/dist/plugins/last-login-method/index.d.mts +52 -0
package/dist/plugins/last-login-method/index.mjs +77 -0
package/dist/plugins/last-login-method/index.mjs.map +1 -0
package/dist/plugins/magic-link/client.d.mts +5 -0
package/dist/plugins/magic-link/client.mjs +11 -0
package/dist/plugins/magic-link/client.mjs.map +1 -0
package/dist/plugins/magic-link/index.d.mts +61 -0
package/dist/plugins/magic-link/index.mjs +167 -0
package/dist/plugins/magic-link/index.mjs.map +1 -0
package/dist/plugins/magic-link/utils.mjs +12 -0
package/dist/plugins/magic-link/utils.mjs.map +1 -0
package/dist/plugins/mcp/authorize.mjs +133 -0
package/dist/plugins/mcp/authorize.mjs.map +1 -0
package/dist/plugins/mcp/index.d.mts +46 -0
package/dist/plugins/mcp/index.mjs +717 -0
package/dist/plugins/mcp/index.mjs.map +1 -0
package/dist/plugins/multi-session/client.d.mts +8 -0
package/dist/plugins/multi-session/client.mjs +20 -0
package/dist/plugins/multi-session/client.mjs.map +1 -0
package/dist/plugins/multi-session/error-codes.d.mts +5 -0
package/dist/plugins/multi-session/error-codes.mjs +8 -0
package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
package/dist/plugins/multi-session/index.d.mts +22 -0
package/dist/plugins/multi-session/index.mjs +172 -0
package/dist/plugins/multi-session/index.mjs.map +1 -0
package/dist/plugins/oauth-proxy/index.d.mts +39 -0
package/dist/plugins/oauth-proxy/index.mjs +305 -0
package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
package/dist/plugins/oauth-proxy/utils.mjs +44 -0
package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
package/dist/plugins/oidc-provider/authorize.mjs +194 -0
package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
package/dist/plugins/oidc-provider/client.d.mts +8 -0
package/dist/plugins/oidc-provider/client.mjs +11 -0
package/dist/plugins/oidc-provider/client.mjs.map +1 -0
package/dist/plugins/oidc-provider/error.mjs +17 -0
package/dist/plugins/oidc-provider/error.mjs.map +1 -0
package/dist/plugins/oidc-provider/index.d.mts +32 -0
package/dist/plugins/oidc-provider/index.mjs +1093 -0
package/dist/plugins/oidc-provider/index.mjs.map +1 -0
package/dist/plugins/oidc-provider/schema.d.mts +26 -0
package/dist/plugins/oidc-provider/schema.mjs +132 -0
package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
package/dist/plugins/oidc-provider/types.d.mts +517 -0
package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
package/dist/plugins/oidc-provider/utils.mjs +15 -0
package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
package/dist/plugins/one-tap/client.d.mts +159 -0
package/dist/plugins/one-tap/client.mjs +214 -0
package/dist/plugins/one-tap/client.mjs.map +1 -0
package/dist/plugins/one-tap/index.d.mts +27 -0
package/dist/plugins/one-tap/index.mjs +96 -0
package/dist/plugins/one-tap/index.mjs.map +1 -0
package/dist/plugins/one-time-token/client.d.mts +7 -0
package/dist/plugins/one-time-token/client.mjs +11 -0
package/dist/plugins/one-time-token/client.mjs.map +1 -0
package/dist/plugins/one-time-token/index.d.mts +53 -0
package/dist/plugins/one-time-token/index.mjs +82 -0
package/dist/plugins/one-time-token/index.mjs.map +1 -0
package/dist/plugins/one-time-token/utils.mjs +12 -0
package/dist/plugins/one-time-token/utils.mjs.map +1 -0
package/dist/plugins/open-api/generator.d.mts +115 -0
package/dist/plugins/open-api/generator.mjs +315 -0
package/dist/plugins/open-api/generator.mjs.map +1 -0
package/dist/plugins/open-api/index.d.mts +45 -0
package/dist/plugins/open-api/index.mjs +67 -0
package/dist/plugins/open-api/index.mjs.map +1 -0
package/dist/plugins/open-api/logo.mjs +15 -0
package/dist/plugins/open-api/logo.mjs.map +1 -0
package/dist/plugins/organization/access/index.d.mts +2 -0
package/dist/plugins/organization/access/index.mjs +3 -0
package/dist/plugins/organization/access/statement.d.mts +249 -0
package/dist/plugins/organization/access/statement.mjs +81 -0
package/dist/plugins/organization/access/statement.mjs.map +1 -0
package/dist/plugins/organization/adapter.d.mts +205 -0
package/dist/plugins/organization/adapter.mjs +624 -0
package/dist/plugins/organization/adapter.mjs.map +1 -0
package/dist/plugins/organization/call.mjs +19 -0
package/dist/plugins/organization/call.mjs.map +1 -0
package/dist/plugins/organization/client.d.mts +151 -0
package/dist/plugins/organization/client.mjs +107 -0
package/dist/plugins/organization/client.mjs.map +1 -0
package/dist/plugins/organization/error-codes.d.mts +5 -0
package/dist/plugins/organization/error-codes.mjs +65 -0
package/dist/plugins/organization/error-codes.mjs.map +1 -0
package/dist/plugins/organization/has-permission.mjs +35 -0
package/dist/plugins/organization/has-permission.mjs.map +1 -0
package/dist/plugins/organization/index.d.mts +5 -0
package/dist/plugins/organization/index.mjs +4 -0
package/dist/plugins/organization/organization.d.mts +252 -0
package/dist/plugins/organization/organization.mjs +428 -0
package/dist/plugins/organization/organization.mjs.map +1 -0
package/dist/plugins/organization/permission.d.mts +26 -0
package/dist/plugins/organization/permission.mjs +16 -0
package/dist/plugins/organization/permission.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-access-control.d.mts +11 -0
package/dist/plugins/organization/routes/crud-access-control.mjs +656 -0
package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-invites.d.mts +16 -0
package/dist/plugins/organization/routes/crud-invites.mjs +555 -0
package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-members.d.mts +13 -0
package/dist/plugins/organization/routes/crud-members.mjs +473 -0
package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-org.d.mts +13 -0
package/dist/plugins/organization/routes/crud-org.mjs +447 -0
package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-team.d.mts +15 -0
package/dist/plugins/organization/routes/crud-team.mjs +676 -0
package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
package/dist/plugins/organization/schema.d.mts +376 -0
package/dist/plugins/organization/schema.mjs +68 -0
package/dist/plugins/organization/schema.mjs.map +1 -0
package/dist/plugins/organization/types.d.mts +733 -0
package/dist/plugins/phone-number/client.d.mts +8 -0
package/dist/plugins/phone-number/client.mjs +20 -0
package/dist/plugins/phone-number/client.mjs.map +1 -0
package/dist/plugins/phone-number/error-codes.d.mts +5 -0
package/dist/plugins/phone-number/error-codes.mjs +21 -0
package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
package/dist/plugins/phone-number/index.d.mts +14 -0
package/dist/plugins/phone-number/index.mjs +49 -0
package/dist/plugins/phone-number/index.mjs.map +1 -0
package/dist/plugins/phone-number/routes.mjs +459 -0
package/dist/plugins/phone-number/routes.mjs.map +1 -0
package/dist/plugins/phone-number/schema.d.mts +5 -0
package/dist/plugins/phone-number/schema.mjs +20 -0
package/dist/plugins/phone-number/schema.mjs.map +1 -0
package/dist/plugins/phone-number/types.d.mts +118 -0
package/dist/plugins/siwe/client.d.mts +5 -0
package/dist/plugins/siwe/client.mjs +11 -0
package/dist/plugins/siwe/client.mjs.map +1 -0
package/dist/plugins/siwe/error-codes.mjs +13 -0
package/dist/plugins/siwe/error-codes.mjs.map +1 -0
package/dist/plugins/siwe/index.d.mts +26 -0
package/dist/plugins/siwe/index.mjs +261 -0
package/dist/plugins/siwe/index.mjs.map +1 -0
package/dist/plugins/siwe/schema.d.mts +5 -0
package/dist/plugins/siwe/schema.mjs +32 -0
package/dist/plugins/siwe/schema.mjs.map +1 -0
package/dist/plugins/siwe/types.d.mts +44 -0
package/dist/plugins/two-factor/backup-codes/index.d.mts +91 -0
package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
package/dist/plugins/two-factor/client.d.mts +17 -0
package/dist/plugins/two-factor/client.mjs +37 -0
package/dist/plugins/two-factor/client.mjs.map +1 -0
package/dist/plugins/two-factor/constant.mjs +8 -0
package/dist/plugins/two-factor/constant.mjs.map +1 -0
package/dist/plugins/two-factor/error-code.d.mts +5 -0
package/dist/plugins/two-factor/error-code.mjs +18 -0
package/dist/plugins/two-factor/error-code.mjs.map +1 -0
package/dist/plugins/two-factor/index.d.mts +19 -0
package/dist/plugins/two-factor/index.mjs +207 -0
package/dist/plugins/two-factor/index.mjs.map +1 -0
package/dist/plugins/two-factor/otp/index.d.mts +96 -0
package/dist/plugins/two-factor/otp/index.mjs +199 -0
package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
package/dist/plugins/two-factor/schema.d.mts +5 -0
package/dist/plugins/two-factor/schema.mjs +36 -0
package/dist/plugins/two-factor/schema.mjs.map +1 -0
package/dist/plugins/two-factor/totp/index.d.mts +81 -0
package/dist/plugins/two-factor/totp/index.mjs +157 -0
package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
package/dist/plugins/two-factor/types.d.mts +65 -0
package/dist/plugins/two-factor/utils.mjs +12 -0
package/dist/plugins/two-factor/utils.mjs.map +1 -0
package/dist/plugins/two-factor/verify-two-factor.mjs +76 -0
package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
package/dist/plugins/username/client.d.mts +7 -0
package/dist/plugins/username/client.mjs +18 -0
package/dist/plugins/username/client.mjs.map +1 -0
package/dist/plugins/username/error-codes.d.mts +5 -0
package/dist/plugins/username/error-codes.mjs +17 -0
package/dist/plugins/username/error-codes.mjs.map +1 -0
package/dist/plugins/username/index.d.mts +74 -0
package/dist/plugins/username/index.mjs +237 -0
package/dist/plugins/username/index.mjs.map +1 -0
package/dist/plugins/username/schema.d.mts +9 -0
package/dist/plugins/username/schema.mjs +26 -0
package/dist/plugins/username/schema.mjs.map +1 -0
package/dist/social-providers/index.d.mts +1 -0
package/dist/social-providers/index.mjs +3 -0
package/dist/state.d.mts +42 -0
package/dist/state.mjs +107 -0
package/dist/state.mjs.map +1 -0
package/dist/test-utils/headers.d.mts +9 -0
package/dist/test-utils/headers.mjs +24 -0
package/dist/test-utils/headers.mjs.map +1 -0
package/dist/test-utils/index.d.mts +3 -0
package/dist/test-utils/index.mjs +4 -0
package/dist/test-utils/test-instance.d.mts +181 -0
package/dist/test-utils/test-instance.mjs +210 -0
package/dist/test-utils/test-instance.mjs.map +1 -0
package/dist/types/adapter.d.mts +24 -0
package/dist/types/api.d.mts +62 -0
package/dist/types/auth.d.mts +30 -0
package/dist/types/helper.d.mts +21 -0
package/dist/types/index.d.mts +11 -0
package/dist/types/index.mjs +1 -0
package/dist/types/models.d.mts +17 -0
package/dist/types/plugins.d.mts +16 -0
package/dist/utils/boolean.mjs +8 -0
package/dist/utils/boolean.mjs.map +1 -0
package/dist/utils/constants.mjs +6 -0
package/dist/utils/constants.mjs.map +1 -0
package/dist/utils/date.mjs +8 -0
package/dist/utils/date.mjs.map +1 -0
package/dist/utils/get-request-ip.d.mts +7 -0
package/dist/utils/get-request-ip.mjs +23 -0
package/dist/utils/get-request-ip.mjs.map +1 -0
package/dist/utils/hashing.mjs +21 -0
package/dist/utils/hashing.mjs.map +1 -0
package/dist/utils/hide-metadata.d.mts +7 -0
package/dist/utils/hide-metadata.mjs +6 -0
package/dist/utils/hide-metadata.mjs.map +1 -0
package/dist/utils/index.d.mts +3 -0
package/dist/utils/index.mjs +5 -0
package/dist/utils/is-api-error.d.mts +7 -0
package/dist/utils/is-api-error.mjs +11 -0
package/dist/utils/is-api-error.mjs.map +1 -0
package/dist/utils/is-atom.mjs +8 -0
package/dist/utils/is-atom.mjs.map +1 -0
package/dist/utils/is-promise.mjs +8 -0
package/dist/utils/is-promise.mjs.map +1 -0
package/dist/utils/middleware-response.mjs +6 -0
package/dist/utils/middleware-response.mjs.map +1 -0
package/dist/utils/password.mjs +26 -0
package/dist/utils/password.mjs.map +1 -0
package/dist/utils/plugin-helper.mjs +17 -0
package/dist/utils/plugin-helper.mjs.map +1 -0
package/dist/utils/shim.mjs +24 -0
package/dist/utils/shim.mjs.map +1 -0
package/dist/utils/time.d.mts +49 -0
package/dist/utils/time.mjs +100 -0
package/dist/utils/time.mjs.map +1 -0
package/dist/utils/url.mjs +92 -0
package/dist/utils/url.mjs.map +1 -0
package/dist/utils/wildcard.mjs +108 -0
package/dist/utils/wildcard.mjs.map +1 -0
package/package.json +601 -0

package/dist/plugins/two-factor/totp/index.d.mts ADDED Viewed

@@ -0,0 +1,81 @@
+import { BackupCodeOptions } from "../backup-codes/index.mjs";
+//#region src/plugins/two-factor/totp/index.d.ts
+type TOTPOptions = {
+  /**
+   * Issuer
+   */
+  issuer?: string | undefined;
+  /**
+   * How many digits the otp to be
+   *
+   * @default 6
+   */
+  digits?: (6 | 8) | undefined;
+  /**
+   * Period for otp in seconds.
+   * @default 30
+   */
+  period?: number | undefined;
+  /**
+   * Backup codes configuration
+   */
+  backupCodes?: BackupCodeOptions | undefined;
+  /**
+   * Disable totp
+   */
+  disable?: boolean | undefined;
+};
+declare const totp2fa: (options?: TOTPOptions | undefined) => {
+  id: string;
+  endpoints: {
+    /**
+     * ### Endpoint
+     *
+     * POST `/totp/generate`
+     *
+     * ### API Methods
+     *
+     * **server:**
+     * `auth.api.generateTOTP`
+     *
+     * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#totp)
+     */
+    generateTOTP: any;
+    /**
+     * ### Endpoint
+     *
+     * POST `/two-factor/get-totp-uri`
+     *
+     * ### API Methods
+     *
+     * **server:**
+     * `auth.api.getTOTPURI`
+     *
+     * **client:**
+     * `authClient.twoFactor.getTotpUri`
+     *
+     * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#getting-totp-uri)
+     */
+    getTOTPURI: any;
+    /**
+     * ### Endpoint
+     *
+     * POST `/two-factor/verify-totp`
+     *
+     * ### API Methods
+     *
+     * **server:**
+     * `auth.api.verifyTOTP`
+     *
+     * **client:**
+     * `authClient.twoFactor.verifyTotp`
+     *
+     * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#verifying-totp)
+     */
+    verifyTOTP: any;
+  };
+};
+//#endregion
+export { TOTPOptions, totp2fa };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/two-factor/totp/index.mjs ADDED Viewed

@@ -0,0 +1,157 @@
+import { symmetricDecrypt } from "../../../crypto/index.mjs";
+import { setSessionCookie } from "../../../cookies/index.mjs";
+import { sessionMiddleware } from "../../../api/routes/session.mjs";
+import "../../../api/index.mjs";
+import { TWO_FACTOR_ERROR_CODES } from "../error-code.mjs";
+import { verifyTwoFactor } from "../verify-two-factor.mjs";
+import { APIError, BASE_ERROR_CODES } from "@better-auth/core/error";
+import { createAuthEndpoint } from "@better-auth/core/api";
+import * as z from "zod";
+import { createOTP } from "@better-auth/utils/otp";
+//#region src/plugins/two-factor/totp/index.ts
+const generateTOTPBodySchema = z.object({ secret: z.string().meta({ description: "The secret to generate the TOTP code" }) });
+const getTOTPURIBodySchema = z.object({ password: z.string().meta({ description: "User password" }) });
+const verifyTOTPBodySchema = z.object({
+	code: z.string().meta({ description: "The otp code to verify. Eg: \"012345\"" }),
+	trustDevice: z.boolean().meta({ description: "If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true" }).optional()
+});
+const totp2fa = (options) => {
+	const opts = {
+		...options,
+		digits: options?.digits || 6,
+		period: options?.period || 30
+	};
+	const twoFactorTable = "twoFactor";
+	return {
+		id: "totp",
+		endpoints: {
+			generateTOTP: createAuthEndpoint({
+				method: "POST",
+				body: generateTOTPBodySchema,
+				metadata: { openapi: {
+					summary: "Generate TOTP code",
+					description: "Use this endpoint to generate a TOTP code",
+					responses: { 200: {
+						description: "Successful response",
+						content: { "application/json": { schema: {
+							type: "object",
+							properties: { code: { type: "string" } }
+						} } }
+					} }
+				} }
+			}, async (ctx) => {
+				if (options?.disable) {
+					ctx.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp");
+					throw APIError.from("BAD_REQUEST", {
+						message: "totp isn't configured",
+						code: "TOTP_NOT_CONFIGURED"
+					});
+				}
+				return { code: await createOTP(ctx.body.secret, {
+					period: opts.period,
+					digits: opts.digits
+				}).totp() };
+			}),
+			getTOTPURI: createAuthEndpoint("/two-factor/get-totp-uri", {
+				method: "POST",
+				use: [sessionMiddleware],
+				body: getTOTPURIBodySchema,
+				metadata: { openapi: {
+					summary: "Get TOTP URI",
+					description: "Use this endpoint to get the TOTP URI",
+					responses: { 200: {
+						description: "Successful response",
+						content: { "application/json": { schema: {
+							type: "object",
+							properties: { totpURI: { type: "string" } }
+						} } }
+					} }
+				} }
+			}, async (ctx) => {
+				if (options?.disable) {
+					ctx.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp");
+					throw APIError.from("BAD_REQUEST", {
+						message: "totp isn't configured",
+						code: "TOTP_NOT_CONFIGURED"
+					});
+				}
+				const user = ctx.context.session.user;
+				const twoFactor = await ctx.context.adapter.findOne({
+					model: twoFactorTable,
+					where: [{
+						field: "userId",
+						value: user.id
+					}]
+				});
+				if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TOTP_NOT_ENABLED);
+				const secret = await symmetricDecrypt({
+					key: ctx.context.secret,
+					data: twoFactor.secret
+				});
+				await ctx.context.password.checkPassword(user.id, ctx);
+				return { totpURI: createOTP(secret, {
+					digits: opts.digits,
+					period: opts.period
+				}).url(options?.issuer || ctx.context.appName, user.email) };
+			}),
+			verifyTOTP: createAuthEndpoint("/two-factor/verify-totp", {
+				method: "POST",
+				body: verifyTOTPBodySchema,
+				metadata: { openapi: {
+					summary: "Verify two factor TOTP",
+					description: "Verify two factor TOTP",
+					responses: { 200: {
+						description: "Successful response",
+						content: { "application/json": { schema: {
+							type: "object",
+							properties: { status: { type: "boolean" } }
+						} } }
+					} }
+				} }
+			}, async (ctx) => {
+				if (options?.disable) {
+					ctx.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp");
+					throw APIError.from("BAD_REQUEST", {
+						message: "totp isn't configured",
+						code: "TOTP_NOT_CONFIGURED"
+					});
+				}
+				const { session, valid, invalid } = await verifyTwoFactor(ctx);
+				const user = session.user;
+				const twoFactor = await ctx.context.adapter.findOne({
+					model: twoFactorTable,
+					where: [{
+						field: "userId",
+						value: user.id
+					}]
+				});
+				if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TOTP_NOT_ENABLED);
+				if (!await createOTP(await symmetricDecrypt({
+					key: ctx.context.secret,
+					data: twoFactor.secret
+				}), {
+					period: opts.period,
+					digits: opts.digits
+				}).verify(ctx.body.code)) return invalid("INVALID_CODE");
+				if (!user.twoFactorEnabled) {
+					if (!session.session) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);
+					const updatedUser = await ctx.context.internalAdapter.updateUser(user.id, { twoFactorEnabled: true });
+					const newSession = await ctx.context.internalAdapter.createSession(user.id, false, session.session).catch((e) => {
+						throw e;
+					});
+					await ctx.context.internalAdapter.deleteSession(session.session.token);
+					await setSessionCookie(ctx, {
+						session: newSession,
+						user: updatedUser
+					});
+				}
+				return valid(ctx);
+			})
+		}
+	};
+};
+//#endregion
+export { totp2fa };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/two-factor/totp/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.mjs","names":[],"sources":["../../../../src/plugins/two-factor/totp/index.ts"],"sourcesContent":["import { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { createOTP } from \"@better-auth/utils/otp\";\nimport * as z from \"zod\";\nimport { sessionMiddleware } from \"../../../api\";\nimport { setSessionCookie } from \"../../../cookies\";\nimport { symmetricDecrypt } from \"../../../crypto\";\nimport type { BackupCodeOptions } from \"../backup-codes\";\nimport { TWO_FACTOR_ERROR_CODES } from \"../error-code\";\nimport type {\n\tTwoFactorProvider,\n\tTwoFactorTable,\n\tUserWithTwoFactor,\n} from \"../types\";\nimport { verifyTwoFactor } from \"../verify-two-factor\";\n\nexport type TOTPOptions = {\n\t/**\n\t * Issuer\n\t */\n\tissuer?: string | undefined;\n\t/**\n\t * How many digits the otp to be\n\t *\n\t * @default 6\n\t */\n\tdigits?: (6 | 8) | undefined;\n\t/**\n\t * Period for otp in seconds.\n\t * @default 30\n\t */\n\tperiod?: number | undefined;\n\t/**\n\t * Backup codes configuration\n\t */\n\tbackupCodes?: BackupCodeOptions | undefined;\n\t/**\n\t * Disable totp\n\t */\n\tdisable?: boolean | undefined;\n};\n\nconst generateTOTPBodySchema = z.object({\n\tsecret: z.string().meta({\n\t\tdescription: \"The secret to generate the TOTP code\",\n\t}),\n});\n\nconst getTOTPURIBodySchema = z.object({\n\tpassword: z.string().meta({\n\t\tdescription: \"User password\",\n\t}),\n});\n\nconst verifyTOTPBodySchema = z.object({\n\tcode: z.string().meta({\n\t\tdescription: 'The otp code to verify. Eg: \"012345\"',\n\t}),\n\t/**\n\t * if true, the device will be trusted\n\t * for 30 days. It'll be refreshed on\n\t * every sign in request within this time.\n\t */\n\ttrustDevice: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const totp2fa = (options?: TOTPOptions | undefined) => {\n\tconst opts = {\n\t\t...options,\n\t\tdigits: options?.digits || 6,\n\t\tperiod: options?.period || 30,\n\t};\n\n\tconst twoFactorTable = \"twoFactor\";\n\n\tconst generateTOTP = createAuthEndpoint(\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: generateTOTPBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tsummary: \"Generate TOTP code\",\n\t\t\t\t\tdescription: \"Use this endpoint to generate a TOTP code\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tcode: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (options?.disable) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t\tcode: \"TOTP_NOT_CONFIGURED\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst code = await createOTP(ctx.body.secret, {\n\t\t\t\tperiod: opts.period,\n\t\t\t\tdigits: opts.digits,\n\t\t\t}).totp();\n\t\t\treturn { code };\n\t\t},\n\t);\n\n\tconst getTOTPURI = createAuthEndpoint(\n\t\t\"/two-factor/get-totp-uri\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [sessionMiddleware],\n\t\t\tbody: getTOTPURIBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tsummary: \"Get TOTP URI\",\n\t\t\t\t\tdescription: \"Use this endpoint to get the TOTP URI\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\ttotpURI: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (options?.disable) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t\tcode: \"TOTP_NOT_CONFIGURED\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\tconst twoFactor = await ctx.context.adapter.findOne<TwoFactorTable>({\n\t\t\t\tmodel: twoFactorTable,\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!twoFactor) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tTWO_FACTOR_ERROR_CODES.TOTP_NOT_ENABLED,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst secret = await symmetricDecrypt({\n\t\t\t\tkey: ctx.context.secret,\n\t\t\t\tdata: twoFactor.secret,\n\t\t\t});\n\t\t\tawait ctx.context.password.checkPassword(user.id, ctx);\n\t\t\tconst totpURI = createOTP(secret, {\n\t\t\t\tdigits: opts.digits,\n\t\t\t\tperiod: opts.period,\n\t\t\t}).url(options?.issuer || ctx.context.appName, user.email);\n\t\t\treturn {\n\t\t\t\ttotpURI,\n\t\t\t};\n\t\t},\n\t);\n\n\tconst verifyTOTP = createAuthEndpoint(\n\t\t\"/two-factor/verify-totp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: verifyTOTPBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tsummary: \"Verify two factor TOTP\",\n\t\t\t\t\tdescription: \"Verify two factor TOTP\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (options?.disable) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t\tcode: \"TOTP_NOT_CONFIGURED\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst { session, valid, invalid } = await verifyTwoFactor(ctx);\n\t\t\tconst user = session.user as UserWithTwoFactor;\n\t\t\tconst twoFactor = await ctx.context.adapter.findOne<TwoFactorTable>({\n\t\t\t\tmodel: twoFactorTable,\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\n\t\t\tif (!twoFactor) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tTWO_FACTOR_ERROR_CODES.TOTP_NOT_ENABLED,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst decrypted = await symmetricDecrypt({\n\t\t\t\tkey: ctx.context.secret,\n\t\t\t\tdata: twoFactor.secret,\n\t\t\t});\n\t\t\tconst status = await createOTP(decrypted, {\n\t\t\t\tperiod: opts.period,\n\t\t\t\tdigits: opts.digits,\n\t\t\t}).verify(ctx.body.code);\n\t\t\tif (!status) {\n\t\t\t\treturn invalid(\"INVALID_CODE\");\n\t\t\t}\n\n\t\t\tif (!user.twoFactorEnabled) {\n\t\t\t\tif (!session.session) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\t\tuser.id,\n\t\t\t\t\t{\n\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tconst newSession = await ctx.context.internalAdapter\n\t\t\t\t\t.createSession(user.id, false, session.session)\n\t\t\t\t\t.catch((e) => {\n\t\t\t\t\t\tthrow e;\n\t\t\t\t\t});\n\n\t\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\tsession: newSession,\n\t\t\t\t\tuser: updatedUser,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn valid(ctx);\n\t\t},\n\t);\n\n\treturn {\n\t\tid: \"totp\",\n\t\tendpoints: {\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/totp/generate`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.generateTOTP`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#totp)\n\t\t\t */\n\t\t\tgenerateTOTP: generateTOTP,\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/get-totp-uri`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.getTOTPURI`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.getTotpUri`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#getting-totp-uri)\n\t\t\t */\n\t\t\tgetTOTPURI: getTOTPURI,\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/verify-totp`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.verifyTOTP`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.verifyTotp`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#verifying-totp)\n\t\t\t */\n\t\t\tverifyTOTP,\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n"],"mappings":";;;;;;;;;;;;AA0CA,MAAM,yBAAyB,EAAE,OAAO,EACvC,QAAQ,EAAE,QAAQ,CAAC,KAAK,EACvB,aAAa,wCACb,CAAC,EACF,CAAC;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,iBACb,CAAC,EACF,CAAC;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,0CACb,CAAC;CAMF,aAAa,EACX,SAAS,CACT,KAAK,EACL,aACC,2HACD,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,WAAW,YAAsC;CAC7D,MAAM,OAAO;EACZ,GAAG;EACH,QAAQ,SAAS,UAAU;EAC3B,QAAQ,SAAS,UAAU;EAC3B;CAED,MAAM,iBAAiB;AAyNvB,QAAO;EACN,IAAI;EACJ,WAAW;GAaV,cAtOmB,mBACpB;IACC,QAAQ;IACR,MAAM;IACN,UAAU,EACT,SAAS;KACR,SAAS;KACT,aAAa;KACb,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY,EACX,MAAM,EACL,MAAM,UACN,EACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;AACd,QAAI,SAAS,SAAS;AACrB,SAAI,QAAQ,OAAO,MAClB,qFACA;AACD,WAAM,SAAS,KAAK,eAAe;MAClC,SAAS;MACT,MAAM;MACN,CAAC;;AAMH,WAAO,EAAE,MAJI,MAAM,UAAU,IAAI,KAAK,QAAQ;KAC7C,QAAQ,KAAK;KACb,QAAQ,KAAK;KACb,CAAC,CAAC,MAAM,EACM;KAEhB;GA0MC,YAxMiB,mBAClB,4BACA;IACC,QAAQ;IACR,KAAK,CAAC,kBAAkB;IACxB,MAAM;IACN,UAAU,EACT,SAAS;KACR,SAAS;KACT,aAAa;KACb,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;AACd,QAAI,SAAS,SAAS;AACrB,SAAI,QAAQ,OAAO,MAClB,qFACA;AACD,WAAM,SAAS,KAAK,eAAe;MAClC,SAAS;MACT,MAAM;MACN,CAAC;;IAEH,MAAM,OAAO,IAAI,QAAQ,QAAQ;IACjC,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,QAAwB;KACnE,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,KAAK;MACZ,CACD;KACD,CAAC;AACF,QAAI,CAAC,UACJ,OAAM,SAAS,KACd,eACA,uBAAuB,iBACvB;IAEF,MAAM,SAAS,MAAM,iBAAiB;KACrC,KAAK,IAAI,QAAQ;KACjB,MAAM,UAAU;KAChB,CAAC;AACF,UAAM,IAAI,QAAQ,SAAS,cAAc,KAAK,IAAI,IAAI;AAKtD,WAAO,EACN,SALe,UAAU,QAAQ;KACjC,QAAQ,KAAK;KACb,QAAQ,KAAK;KACb,CAAC,CAAC,IAAI,SAAS,UAAU,IAAI,QAAQ,SAAS,KAAK,MAAM,EAGzD;KAEF;GAmJC,YAjJiB,mBAClB,2BACA;IACC,QAAQ;IACR,MAAM;IACN,UAAU,EACT,SAAS;KACR,SAAS;KACT,aAAa;KACb,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;AACd,QAAI,SAAS,SAAS;AACrB,SAAI,QAAQ,OAAO,MAClB,qFACA;AACD,WAAM,SAAS,KAAK,eAAe;MAClC,SAAS;MACT,MAAM;MACN,CAAC;;IAEH,MAAM,EAAE,SAAS,OAAO,YAAY,MAAM,gBAAgB,IAAI;IAC9D,MAAM,OAAO,QAAQ;IACrB,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,QAAwB;KACnE,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,KAAK;MACZ,CACD;KACD,CAAC;AAEF,QAAI,CAAC,UACJ,OAAM,SAAS,KACd,eACA,uBAAuB,iBACvB;AAUF,QAAI,CAJW,MAAM,UAJH,MAAM,iBAAiB;KACxC,KAAK,IAAI,QAAQ;KACjB,MAAM,UAAU;KAChB,CAAC,EACwC;KACzC,QAAQ,KAAK;KACb,QAAQ,KAAK;KACb,CAAC,CAAC,OAAO,IAAI,KAAK,KAAK,CAEvB,QAAO,QAAQ,eAAe;AAG/B,QAAI,CAAC,KAAK,kBAAkB;AAC3B,SAAI,CAAC,QAAQ,QACZ,OAAM,SAAS,KACd,eACA,iBAAiB,yBACjB;KAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,KAAK,IACL,EACC,kBAAkB,MAClB,CACD;KACD,MAAM,aAAa,MAAM,IAAI,QAAQ,gBACnC,cAAc,KAAK,IAAI,OAAO,QAAQ,QAAQ,CAC9C,OAAO,MAAM;AACb,YAAM;OACL;AAEH,WAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,WAAM,iBAAiB,KAAK;MAC3B,SAAS;MACT,MAAM;MACN,CAAC;;AAEH,WAAO,MAAM,IAAI;KAElB;GAkDC;EACD"}

package/dist/plugins/two-factor/types.d.mts ADDED Viewed

@@ -0,0 +1,65 @@
+import { User } from "../../types/models.mjs";
+import { InferOptionSchema } from "../../types/plugins.mjs";
+import "../../types/index.mjs";
+import { BackupCodeOptions } from "./backup-codes/index.mjs";
+import { schema } from "./schema.mjs";
+import { TOTPOptions } from "./totp/index.mjs";
+import { OTPOptions } from "./otp/index.mjs";
+import { BetterAuthPlugin, LiteralString } from "@better-auth/core";
+//#region src/plugins/two-factor/types.d.ts
+interface TwoFactorOptions {
+  /**
+   * Application Name
+   */
+  issuer?: string | undefined;
+  /**
+   * TOTP OPtions
+   */
+  totpOptions?: Omit<TOTPOptions, "issuer"> | undefined;
+  /**
+   * OTP Options
+   */
+  otpOptions?: OTPOptions | undefined;
+  /**
+   * Backup code options
+   */
+  backupCodeOptions?: BackupCodeOptions | undefined;
+  /**
+   * Skip verification on enabling two factor authentication.
+   * @default false
+   */
+  skipVerificationOnEnable?: boolean | undefined;
+  /**
+   * Custom schema for the two factor plugin
+   */
+  schema?: InferOptionSchema<typeof schema> | undefined;
+  /**
+   * Maximum age (in seconds) for the two-factor verification cookie.
+   * This controls how long users have to complete the 2FA flow
+   * after signing in.
+   *
+   * @default 600 (10 minutes)
+   */
+  twoFactorCookieMaxAge?: number | undefined;
+}
+interface UserWithTwoFactor extends User {
+  /**
+   * If the user has enabled two factor authentication.
+   */
+  twoFactorEnabled: boolean;
+}
+interface TwoFactorProvider {
+  id: LiteralString;
+  endpoints?: BetterAuthPlugin["endpoints"] | undefined;
+}
+interface TwoFactorTable {
+  id: string;
+  userId: string;
+  secret: string;
+  backupCodes: string;
+  enabled: boolean;
+}
+//#endregion
+export { TwoFactorOptions, TwoFactorProvider, TwoFactorTable, UserWithTwoFactor };
+//# sourceMappingURL=types.d.mts.map

package/dist/plugins/two-factor/utils.mjs ADDED Viewed

@@ -0,0 +1,12 @@
+import { createHash } from "@better-auth/utils/hash";
+import { base64Url } from "@better-auth/utils/base64";
+//#region src/plugins/two-factor/utils.ts
+const defaultKeyHasher = async (token) => {
+	const hash = await createHash("SHA-256").digest(new TextEncoder().encode(token));
+	return base64Url.encode(new Uint8Array(hash), { padding: false });
+};
+//#endregion
+export { defaultKeyHasher };
+//# sourceMappingURL=utils.mjs.map

package/dist/plugins/two-factor/utils.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.mjs","names":[],"sources":["../../../src/plugins/two-factor/utils.ts"],"sourcesContent":["import { base64Url } from \"@better-auth/utils/base64\";\nimport { createHash } from \"@better-auth/utils/hash\";\n\nexport const defaultKeyHasher = async (token: string) => {\n\tconst hash = await createHash(\"SHA-256\").digest(\n\t\tnew TextEncoder().encode(token),\n\t);\n\tconst hashed = base64Url.encode(new Uint8Array(hash), {\n\t\tpadding: false,\n\t});\n\treturn hashed;\n};\n"],"mappings":";;;;AAGA,MAAa,mBAAmB,OAAO,UAAkB;CACxD,MAAM,OAAO,MAAM,WAAW,UAAU,CAAC,OACxC,IAAI,aAAa,CAAC,OAAO,MAAM,CAC/B;AAID,QAHe,UAAU,OAAO,IAAI,WAAW,KAAK,EAAE,EACrD,SAAS,OACT,CAAC"}

package/dist/plugins/two-factor/verify-two-factor.mjs ADDED Viewed

@@ -0,0 +1,76 @@
+import { parseUserOutput } from "../../db/schema.mjs";
+import { expireCookie, setSessionCookie } from "../../cookies/index.mjs";
+import { getSessionFromCtx } from "../../api/routes/session.mjs";
+import "../../api/index.mjs";
+import { TWO_FACTOR_ERROR_CODES } from "./error-code.mjs";
+import { TRUST_DEVICE_COOKIE_MAX_AGE, TRUST_DEVICE_COOKIE_NAME, TWO_FACTOR_COOKIE_NAME } from "./constant.mjs";
+import { APIError } from "@better-auth/core/error";
+import { createHMAC } from "@better-auth/utils/hmac";
+//#region src/plugins/two-factor/verify-two-factor.ts
+async function verifyTwoFactor(ctx) {
+	const invalid = (errorKey) => {
+		throw APIError.from("UNAUTHORIZED", TWO_FACTOR_ERROR_CODES[errorKey]);
+	};
+	const session = await getSessionFromCtx(ctx);
+	if (!session) {
+		const twoFactorCookie = ctx.context.createAuthCookie(TWO_FACTOR_COOKIE_NAME);
+		const signedTwoFactorCookie = await ctx.getSignedCookie(twoFactorCookie.name, ctx.context.secret);
+		if (!signedTwoFactorCookie) throw APIError.from("UNAUTHORIZED", TWO_FACTOR_ERROR_CODES.INVALID_TWO_FACTOR_COOKIE);
+		const verificationToken = await ctx.context.internalAdapter.findVerificationValue(signedTwoFactorCookie);
+		if (!verificationToken) throw APIError.from("UNAUTHORIZED", TWO_FACTOR_ERROR_CODES.INVALID_TWO_FACTOR_COOKIE);
+		const user = await ctx.context.internalAdapter.findUserById(verificationToken.value);
+		if (!user) throw APIError.from("UNAUTHORIZED", TWO_FACTOR_ERROR_CODES.INVALID_TWO_FACTOR_COOKIE);
+		const dontRememberMe = await ctx.getSignedCookie(ctx.context.authCookies.dontRememberToken.name, ctx.context.secret);
+		return {
+			valid: async (ctx) => {
+				const session = await ctx.context.internalAdapter.createSession(verificationToken.value, !!dontRememberMe);
+				if (!session) throw APIError.from("INTERNAL_SERVER_ERROR", {
+					message: "failed to create session",
+					code: "FAILED_TO_CREATE_SESSION"
+				});
+				await ctx.context.internalAdapter.deleteVerificationValue(verificationToken.id);
+				await setSessionCookie(ctx, {
+					session,
+					user
+				});
+				expireCookie(ctx, twoFactorCookie);
+				if (ctx.body.trustDevice) {
+					const trustDeviceCookie = ctx.context.createAuthCookie(TRUST_DEVICE_COOKIE_NAME, { maxAge: TRUST_DEVICE_COOKIE_MAX_AGE });
+					/**
+					* create a token that will be used to
+					* verify the device
+					*/
+					const token = await createHMAC("SHA-256", "base64urlnopad").sign(ctx.context.secret, `${user.id}!${session.token}`);
+					await ctx.setSignedCookie(trustDeviceCookie.name, `${token}!${session.token}`, ctx.context.secret, trustDeviceCookie.attributes);
+					expireCookie(ctx, ctx.context.authCookies.dontRememberToken);
+				}
+				return ctx.json({
+					token: session.token,
+					user: parseUserOutput(ctx.context.options, user)
+				});
+			},
+			invalid,
+			session: {
+				session: null,
+				user
+			},
+			key: signedTwoFactorCookie
+		};
+	}
+	return {
+		valid: async (ctx) => {
+			return ctx.json({
+				token: session.session.token,
+				user: parseUserOutput(ctx.context.options, session.user)
+			});
+		},
+		invalid,
+		session,
+		key: `${session.user.id}!${session.session.id}`
+	};
+}
+//#endregion
+export { verifyTwoFactor };
+//# sourceMappingURL=verify-two-factor.mjs.map

package/dist/plugins/two-factor/verify-two-factor.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify-two-factor.mjs","names":[],"sources":["../../../src/plugins/two-factor/verify-two-factor.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { APIError } from \"@better-auth/core/error\";\nimport { createHMAC } from \"@better-auth/utils/hmac\";\nimport { getSessionFromCtx } from \"../../api\";\nimport { expireCookie, setSessionCookie } from \"../../cookies\";\nimport { parseUserOutput } from \"../../db/schema\";\nimport {\n\tTRUST_DEVICE_COOKIE_MAX_AGE,\n\tTRUST_DEVICE_COOKIE_NAME,\n\tTWO_FACTOR_COOKIE_NAME,\n} from \"./constant\";\nimport { TWO_FACTOR_ERROR_CODES } from \"./error-code\";\nimport type { UserWithTwoFactor } from \"./types\";\n\nexport async function verifyTwoFactor(ctx: GenericEndpointContext) {\n\tconst invalid = (errorKey: keyof typeof TWO_FACTOR_ERROR_CODES) => {\n\t\tthrow APIError.from(\"UNAUTHORIZED\", TWO_FACTOR_ERROR_CODES[errorKey]);\n\t};\n\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tconst twoFactorCookie = ctx.context.createAuthCookie(\n\t\t\tTWO_FACTOR_COOKIE_NAME,\n\t\t);\n\t\tconst signedTwoFactorCookie = await ctx.getSignedCookie(\n\t\t\ttwoFactorCookie.name,\n\t\t\tctx.context.secret,\n\t\t);\n\t\tif (!signedTwoFactorCookie) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\tTWO_FACTOR_ERROR_CODES.INVALID_TWO_FACTOR_COOKIE,\n\t\t\t);\n\t\t}\n\t\tconst verificationToken =\n\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\tsignedTwoFactorCookie,\n\t\t\t);\n\t\tif (!verificationToken) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\tTWO_FACTOR_ERROR_CODES.INVALID_TWO_FACTOR_COOKIE,\n\t\t\t);\n\t\t}\n\t\tconst user = (await ctx.context.internalAdapter.findUserById(\n\t\t\tverificationToken.value,\n\t\t)) as UserWithTwoFactor;\n\t\tif (!user) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\tTWO_FACTOR_ERROR_CODES.INVALID_TWO_FACTOR_COOKIE,\n\t\t\t);\n\t\t}\n\t\tconst dontRememberMe = await ctx.getSignedCookie(\n\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\tctx.context.secret,\n\t\t);\n\t\treturn {\n\t\t\tvalid: async (ctx: GenericEndpointContext) => {\n\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\tverificationToken.value,\n\t\t\t\t\t!!dontRememberMe,\n\t\t\t\t);\n\t\t\t\tif (!session) {\n\t\t\t\t\tthrow APIError.from(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\t\tmessage: \"failed to create session\",\n\t\t\t\t\t\tcode: \"FAILED_TO_CREATE_SESSION\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\t// Delete the verification token from the database after successful verification\n\t\t\t\tawait ctx.context.internalAdapter.deleteVerificationValue(\n\t\t\t\t\tverificationToken.id,\n\t\t\t\t);\n\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\tsession,\n\t\t\t\t\tuser,\n\t\t\t\t});\n\t\t\t\t// Always clear the two factor cookie after successful verification\n\t\t\t\texpireCookie(ctx, twoFactorCookie);\n\t\t\t\tif (ctx.body.trustDevice) {\n\t\t\t\t\tconst trustDeviceCookie = ctx.context.createAuthCookie(\n\t\t\t\t\t\tTRUST_DEVICE_COOKIE_NAME,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tmaxAge: TRUST_DEVICE_COOKIE_MAX_AGE,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\t/**\n\t\t\t\t\t * create a token that will be used to\n\t\t\t\t\t * verify the device\n\t\t\t\t\t */\n\t\t\t\t\tconst token = await createHMAC(\"SHA-256\", \"base64urlnopad\").sign(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t`${user.id}!${session.token}`,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\ttrustDeviceCookie.name,\n\t\t\t\t\t\t`${token}!${session.token}`,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\ttrustDeviceCookie.attributes,\n\t\t\t\t\t);\n\t\t\t\t\t// delete the dont remember me cookie\n\t\t\t\t\texpireCookie(ctx, ctx.context.authCookies.dontRememberToken);\n\t\t\t\t}\n\t\t\t\treturn ctx.json({\n\t\t\t\t\ttoken: session.token,\n\t\t\t\t\tuser: parseUserOutput(ctx.context.options, user),\n\t\t\t\t});\n\t\t\t},\n\t\t\tinvalid,\n\t\t\tsession: {\n\t\t\t\tsession: null,\n\t\t\t\tuser,\n\t\t\t},\n\t\t\tkey: signedTwoFactorCookie,\n\t\t};\n\t}\n\treturn {\n\t\tvalid: async (ctx: GenericEndpointContext) => {\n\t\t\treturn ctx.json({\n\t\t\t\ttoken: session.session.token,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, session.user),\n\t\t\t});\n\t\t},\n\t\tinvalid,\n\t\tsession,\n\t\tkey: `${session.user.id}!${session.session.id}`,\n\t};\n}\n"],"mappings":";;;;;;;;;;AAcA,eAAsB,gBAAgB,KAA6B;CAClE,MAAM,WAAW,aAAkD;AAClE,QAAM,SAAS,KAAK,gBAAgB,uBAAuB,UAAU;;CAGtE,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,SAAS;EACb,MAAM,kBAAkB,IAAI,QAAQ,iBACnC,uBACA;EACD,MAAM,wBAAwB,MAAM,IAAI,gBACvC,gBAAgB,MAChB,IAAI,QAAQ,OACZ;AACD,MAAI,CAAC,sBACJ,OAAM,SAAS,KACd,gBACA,uBAAuB,0BACvB;EAEF,MAAM,oBACL,MAAM,IAAI,QAAQ,gBAAgB,sBACjC,sBACA;AACF,MAAI,CAAC,kBACJ,OAAM,SAAS,KACd,gBACA,uBAAuB,0BACvB;EAEF,MAAM,OAAQ,MAAM,IAAI,QAAQ,gBAAgB,aAC/C,kBAAkB,MAClB;AACD,MAAI,CAAC,KACJ,OAAM,SAAS,KACd,gBACA,uBAAuB,0BACvB;EAEF,MAAM,iBAAiB,MAAM,IAAI,gBAChC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;AACD,SAAO;GACN,OAAO,OAAO,QAAgC;IAC7C,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,kBAAkB,OAClB,CAAC,CAAC,eACF;AACD,QAAI,CAAC,QACJ,OAAM,SAAS,KAAK,yBAAyB;KAC5C,SAAS;KACT,MAAM;KACN,CAAC;AAGH,UAAM,IAAI,QAAQ,gBAAgB,wBACjC,kBAAkB,GAClB;AACD,UAAM,iBAAiB,KAAK;KAC3B;KACA;KACA,CAAC;AAEF,iBAAa,KAAK,gBAAgB;AAClC,QAAI,IAAI,KAAK,aAAa;KACzB,MAAM,oBAAoB,IAAI,QAAQ,iBACrC,0BACA,EACC,QAAQ,6BACR,CACD;;;;;KAKD,MAAM,QAAQ,MAAM,WAAW,WAAW,iBAAiB,CAAC,KAC3D,IAAI,QAAQ,QACZ,GAAG,KAAK,GAAG,GAAG,QAAQ,QACtB;AACD,WAAM,IAAI,gBACT,kBAAkB,MAClB,GAAG,MAAM,GAAG,QAAQ,SACpB,IAAI,QAAQ,QACZ,kBAAkB,WAClB;AAED,kBAAa,KAAK,IAAI,QAAQ,YAAY,kBAAkB;;AAE7D,WAAO,IAAI,KAAK;KACf,OAAO,QAAQ;KACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK;KAChD,CAAC;;GAEH;GACA,SAAS;IACR,SAAS;IACT;IACA;GACD,KAAK;GACL;;AAEF,QAAO;EACN,OAAO,OAAO,QAAgC;AAC7C,UAAO,IAAI,KAAK;IACf,OAAO,QAAQ,QAAQ;IACvB,MAAM,gBAAgB,IAAI,QAAQ,SAAS,QAAQ,KAAK;IACxD,CAAC;;EAEH;EACA;EACA,KAAK,GAAG,QAAQ,KAAK,GAAG,GAAG,QAAQ,QAAQ;EAC3C"}

package/dist/plugins/username/client.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { USERNAME_ERROR_CODES } from "./error-codes.mjs";
+//#region src/plugins/username/client.d.ts
+declare const usernameClient: () => BetterAuthClientPlugin;
+//#endregion
+export { usernameClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/username/client.mjs ADDED Viewed

@@ -0,0 +1,18 @@
+import { USERNAME_ERROR_CODES } from "./error-codes.mjs";
+//#region src/plugins/username/client.ts
+const usernameClient = () => {
+	return {
+		id: "username",
+		$InferServerPlugin: {},
+		atomListeners: [{
+			matcher: (path) => path === "/sign-in/username",
+			signal: "$sessionSignal"
+		}],
+		$ERROR_CODES: USERNAME_ERROR_CODES
+	};
+};
+//#endregion
+export { usernameClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/username/client.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/username/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { username } from \".\";\n\nimport { USERNAME_ERROR_CODES } from \"./error-codes\";\n\nexport * from \"./error-codes\";\n\nexport const usernameClient = () => {\n\treturn {\n\t\tid: \"username\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof username>,\n\t\tatomListeners: [\n\t\t\t{\n\t\t\t\tmatcher: (path) => path === \"/sign-in/username\",\n\t\t\t\tsignal: \"$sessionSignal\",\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: USERNAME_ERROR_CODES,\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";;;AAOA,MAAa,uBAAuB;AACnC,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB,eAAe,CACd;GACC,UAAU,SAAS,SAAS;GAC5B,QAAQ;GACR,CACD;EACD,cAAc;EACd"}

package/dist/plugins/username/error-codes.d.mts ADDED Viewed

@@ -0,0 +1,5 @@
+//#region src/plugins/username/error-codes.d.ts
+declare const USERNAME_ERROR_CODES: any;
+//#endregion
+export { USERNAME_ERROR_CODES };
+//# sourceMappingURL=error-codes.d.mts.map

package/dist/plugins/username/error-codes.mjs ADDED Viewed

@@ -0,0 +1,17 @@
+import { defineErrorCodes } from "@better-auth/core/utils/error-codes";
+//#region src/plugins/username/error-codes.ts
+const USERNAME_ERROR_CODES = defineErrorCodes({
+	INVALID_USERNAME_OR_PASSWORD: "Invalid username or password",
+	EMAIL_NOT_VERIFIED: "Email not verified",
+	UNEXPECTED_ERROR: "Unexpected error",
+	USERNAME_IS_ALREADY_TAKEN: "Username is already taken. Please try another.",
+	USERNAME_TOO_SHORT: "Username is too short",
+	USERNAME_TOO_LONG: "Username is too long",
+	INVALID_USERNAME: "Username is invalid",
+	INVALID_DISPLAY_USERNAME: "Display username is invalid"
+});
+//#endregion
+export { USERNAME_ERROR_CODES };
+//# sourceMappingURL=error-codes.mjs.map

package/dist/plugins/username/error-codes.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"error-codes.mjs","names":[],"sources":["../../../src/plugins/username/error-codes.ts"],"sourcesContent":["import { defineErrorCodes } from \"@better-auth/core/utils/error-codes\";\n\nexport const USERNAME_ERROR_CODES = defineErrorCodes({\n\tINVALID_USERNAME_OR_PASSWORD: \"Invalid username or password\",\n\tEMAIL_NOT_VERIFIED: \"Email not verified\",\n\tUNEXPECTED_ERROR: \"Unexpected error\",\n\tUSERNAME_IS_ALREADY_TAKEN: \"Username is already taken. Please try another.\",\n\tUSERNAME_TOO_SHORT: \"Username is too short\",\n\tUSERNAME_TOO_LONG: \"Username is too long\",\n\tINVALID_USERNAME: \"Username is invalid\",\n\tINVALID_DISPLAY_USERNAME: \"Display username is invalid\",\n});\n"],"mappings":";;;AAEA,MAAa,uBAAuB,iBAAiB;CACpD,8BAA8B;CAC9B,oBAAoB;CACpB,kBAAkB;CAClB,2BAA2B;CAC3B,oBAAoB;CACpB,mBAAmB;CACnB,kBAAkB;CAClB,0BAA0B;CAC1B,CAAC"}

package/dist/plugins/username/index.d.mts ADDED Viewed

@@ -0,0 +1,74 @@
+import { InferOptionSchema } from "../../types/plugins.mjs";
+import { USERNAME_ERROR_CODES } from "./error-codes.mjs";
+import { UsernameSchema } from "./schema.mjs";
+//#region src/plugins/username/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    username: {
+      creator: typeof username;
+    };
+  }
+}
+type UsernameOptions = {
+  schema?: InferOptionSchema<UsernameSchema> | undefined;
+  /**
+   * The minimum length of the username
+   *
+   * @default 3
+   */
+  minUsernameLength?: number | undefined;
+  /**
+   * The maximum length of the username
+   *
+   * @default 30
+   */
+  maxUsernameLength?: number | undefined;
+  /**
+   * A function to validate the username
+   *
+   * By default, the username should only contain alphanumeric characters and underscores
+   */
+  usernameValidator?: ((username: string) => boolean | Promise<boolean>) | undefined;
+  /**
+   * A function to validate the display username
+   *
+   * By default, no validation is applied to display username
+   */
+  displayUsernameValidator?: ((displayUsername: string) => boolean | Promise<boolean>) | undefined;
+  /**
+   * A function to normalize the username
+   *
+   * @default (username) => username.toLowerCase()
+   */
+  usernameNormalization?: (((username: string) => string) | false) | undefined;
+  /**
+   * A function to normalize the display username
+   *
+   * @default false
+   */
+  displayUsernameNormalization?: (((displayUsername: string) => string) | false) | undefined;
+  /**
+   * The order of validation
+   *
+   * @default { username: "pre-normalization", displayUsername: "pre-normalization" }
+   */
+  validationOrder?: {
+    /**
+     * The order of username validation
+     *
+     * @default "pre-normalization"
+     */
+    username?: "pre-normalization" | "post-normalization";
+    /**
+     * The order of display username validation
+     *
+     * @default "pre-normalization"
+     */
+    displayUsername?: "pre-normalization" | "post-normalization";
+  } | undefined;
+};
+declare const username: (options?: UsernameOptions | undefined) => BetterAuthPlugin;
+//#endregion
+export { USERNAME_ERROR_CODES, UsernameOptions, username };
+//# sourceMappingURL=index.d.mts.map