@hammadj/better-auth 1.5.0-beta.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (688) hide show
  1. package/LICENSE.md +20 -0
  2. package/README.md +33 -0
  3. package/dist/_virtual/rolldown_runtime.mjs +36 -0
  4. package/dist/adapters/drizzle-adapter/index.d.mts +1 -0
  5. package/dist/adapters/drizzle-adapter/index.mjs +3 -0
  6. package/dist/adapters/index.d.mts +23 -0
  7. package/dist/adapters/index.mjs +13 -0
  8. package/dist/adapters/index.mjs.map +1 -0
  9. package/dist/adapters/kysely-adapter/index.d.mts +1 -0
  10. package/dist/adapters/kysely-adapter/index.mjs +3 -0
  11. package/dist/adapters/memory-adapter/index.d.mts +1 -0
  12. package/dist/adapters/memory-adapter/index.mjs +3 -0
  13. package/dist/adapters/mongodb-adapter/index.d.mts +1 -0
  14. package/dist/adapters/mongodb-adapter/index.mjs +3 -0
  15. package/dist/adapters/prisma-adapter/index.d.mts +1 -0
  16. package/dist/adapters/prisma-adapter/index.mjs +3 -0
  17. package/dist/api/index.d.mts +40 -0
  18. package/dist/api/index.mjs +205 -0
  19. package/dist/api/index.mjs.map +1 -0
  20. package/dist/api/middlewares/index.d.mts +1 -0
  21. package/dist/api/middlewares/index.mjs +3 -0
  22. package/dist/api/middlewares/origin-check.d.mts +17 -0
  23. package/dist/api/middlewares/origin-check.mjs +140 -0
  24. package/dist/api/middlewares/origin-check.mjs.map +1 -0
  25. package/dist/api/rate-limiter/index.mjs +177 -0
  26. package/dist/api/rate-limiter/index.mjs.map +1 -0
  27. package/dist/api/routes/account.d.mts +10 -0
  28. package/dist/api/routes/account.mjs +493 -0
  29. package/dist/api/routes/account.mjs.map +1 -0
  30. package/dist/api/routes/callback.d.mts +5 -0
  31. package/dist/api/routes/callback.mjs +178 -0
  32. package/dist/api/routes/callback.mjs.map +1 -0
  33. package/dist/api/routes/email-verification.d.mts +29 -0
  34. package/dist/api/routes/email-verification.mjs +301 -0
  35. package/dist/api/routes/email-verification.mjs.map +1 -0
  36. package/dist/api/routes/error.d.mts +5 -0
  37. package/dist/api/routes/error.mjs +386 -0
  38. package/dist/api/routes/error.mjs.map +1 -0
  39. package/dist/api/routes/index.d.mts +11 -0
  40. package/dist/api/routes/index.mjs +13 -0
  41. package/dist/api/routes/ok.d.mts +5 -0
  42. package/dist/api/routes/ok.mjs +30 -0
  43. package/dist/api/routes/ok.mjs.map +1 -0
  44. package/dist/api/routes/password.d.mts +8 -0
  45. package/dist/api/routes/password.mjs +198 -0
  46. package/dist/api/routes/password.mjs.map +1 -0
  47. package/dist/api/routes/session.d.mts +52 -0
  48. package/dist/api/routes/session.mjs +478 -0
  49. package/dist/api/routes/session.mjs.map +1 -0
  50. package/dist/api/routes/sign-in.d.mts +8 -0
  51. package/dist/api/routes/sign-in.mjs +262 -0
  52. package/dist/api/routes/sign-in.mjs.map +1 -0
  53. package/dist/api/routes/sign-out.d.mts +5 -0
  54. package/dist/api/routes/sign-out.mjs +33 -0
  55. package/dist/api/routes/sign-out.mjs.map +1 -0
  56. package/dist/api/routes/sign-up.d.mts +7 -0
  57. package/dist/api/routes/sign-up.mjs +227 -0
  58. package/dist/api/routes/sign-up.mjs.map +1 -0
  59. package/dist/api/routes/update-user.d.mts +12 -0
  60. package/dist/api/routes/update-user.mjs +493 -0
  61. package/dist/api/routes/update-user.mjs.map +1 -0
  62. package/dist/api/state/oauth.d.mts +5 -0
  63. package/dist/api/state/oauth.mjs +8 -0
  64. package/dist/api/state/oauth.mjs.map +1 -0
  65. package/dist/api/state/should-session-refresh.d.mts +13 -0
  66. package/dist/api/state/should-session-refresh.mjs +16 -0
  67. package/dist/api/state/should-session-refresh.mjs.map +1 -0
  68. package/dist/api/to-auth-endpoints.mjs +197 -0
  69. package/dist/api/to-auth-endpoints.mjs.map +1 -0
  70. package/dist/auth/base.mjs +44 -0
  71. package/dist/auth/base.mjs.map +1 -0
  72. package/dist/auth/full.d.mts +30 -0
  73. package/dist/auth/full.mjs +32 -0
  74. package/dist/auth/full.mjs.map +1 -0
  75. package/dist/auth/minimal.d.mts +12 -0
  76. package/dist/auth/minimal.mjs +14 -0
  77. package/dist/auth/minimal.mjs.map +1 -0
  78. package/dist/auth/trusted-origins.mjs +31 -0
  79. package/dist/auth/trusted-origins.mjs.map +1 -0
  80. package/dist/client/broadcast-channel.d.mts +20 -0
  81. package/dist/client/broadcast-channel.mjs +46 -0
  82. package/dist/client/broadcast-channel.mjs.map +1 -0
  83. package/dist/client/config.mjs +90 -0
  84. package/dist/client/config.mjs.map +1 -0
  85. package/dist/client/fetch-plugins.mjs +18 -0
  86. package/dist/client/fetch-plugins.mjs.map +1 -0
  87. package/dist/client/focus-manager.d.mts +11 -0
  88. package/dist/client/focus-manager.mjs +32 -0
  89. package/dist/client/focus-manager.mjs.map +1 -0
  90. package/dist/client/index.d.mts +30 -0
  91. package/dist/client/index.mjs +21 -0
  92. package/dist/client/index.mjs.map +1 -0
  93. package/dist/client/lynx/index.d.mts +62 -0
  94. package/dist/client/lynx/index.mjs +24 -0
  95. package/dist/client/lynx/index.mjs.map +1 -0
  96. package/dist/client/lynx/lynx-store.d.mts +47 -0
  97. package/dist/client/lynx/lynx-store.mjs +47 -0
  98. package/dist/client/lynx/lynx-store.mjs.map +1 -0
  99. package/dist/client/online-manager.d.mts +12 -0
  100. package/dist/client/online-manager.mjs +35 -0
  101. package/dist/client/online-manager.mjs.map +1 -0
  102. package/dist/client/parser.mjs +73 -0
  103. package/dist/client/parser.mjs.map +1 -0
  104. package/dist/client/path-to-object.d.mts +57 -0
  105. package/dist/client/plugins/index.d.mts +58 -0
  106. package/dist/client/plugins/index.mjs +33 -0
  107. package/dist/client/plugins/infer-plugin.d.mts +9 -0
  108. package/dist/client/plugins/infer-plugin.mjs +11 -0
  109. package/dist/client/plugins/infer-plugin.mjs.map +1 -0
  110. package/dist/client/proxy.mjs +79 -0
  111. package/dist/client/proxy.mjs.map +1 -0
  112. package/dist/client/query.d.mts +23 -0
  113. package/dist/client/query.mjs +98 -0
  114. package/dist/client/query.mjs.map +1 -0
  115. package/dist/client/react/index.d.mts +63 -0
  116. package/dist/client/react/index.mjs +24 -0
  117. package/dist/client/react/index.mjs.map +1 -0
  118. package/dist/client/react/react-store.d.mts +47 -0
  119. package/dist/client/react/react-store.mjs +47 -0
  120. package/dist/client/react/react-store.mjs.map +1 -0
  121. package/dist/client/session-atom.mjs +29 -0
  122. package/dist/client/session-atom.mjs.map +1 -0
  123. package/dist/client/session-refresh.d.mts +28 -0
  124. package/dist/client/session-refresh.mjs +140 -0
  125. package/dist/client/session-refresh.mjs.map +1 -0
  126. package/dist/client/solid/index.d.mts +57 -0
  127. package/dist/client/solid/index.mjs +22 -0
  128. package/dist/client/solid/index.mjs.map +1 -0
  129. package/dist/client/solid/solid-store.mjs +24 -0
  130. package/dist/client/solid/solid-store.mjs.map +1 -0
  131. package/dist/client/svelte/index.d.mts +63 -0
  132. package/dist/client/svelte/index.mjs +20 -0
  133. package/dist/client/svelte/index.mjs.map +1 -0
  134. package/dist/client/types.d.mts +58 -0
  135. package/dist/client/vanilla.d.mts +62 -0
  136. package/dist/client/vanilla.mjs +20 -0
  137. package/dist/client/vanilla.mjs.map +1 -0
  138. package/dist/client/vue/index.d.mts +86 -0
  139. package/dist/client/vue/index.mjs +38 -0
  140. package/dist/client/vue/index.mjs.map +1 -0
  141. package/dist/client/vue/vue-store.mjs +26 -0
  142. package/dist/client/vue/vue-store.mjs.map +1 -0
  143. package/dist/context/create-context.mjs +211 -0
  144. package/dist/context/create-context.mjs.map +1 -0
  145. package/dist/context/helpers.mjs +62 -0
  146. package/dist/context/helpers.mjs.map +1 -0
  147. package/dist/context/init-minimal.mjs +20 -0
  148. package/dist/context/init-minimal.mjs.map +1 -0
  149. package/dist/context/init.mjs +22 -0
  150. package/dist/context/init.mjs.map +1 -0
  151. package/dist/cookies/cookie-utils.d.mts +29 -0
  152. package/dist/cookies/cookie-utils.mjs +105 -0
  153. package/dist/cookies/cookie-utils.mjs.map +1 -0
  154. package/dist/cookies/index.d.mts +67 -0
  155. package/dist/cookies/index.mjs +264 -0
  156. package/dist/cookies/index.mjs.map +1 -0
  157. package/dist/cookies/session-store.d.mts +36 -0
  158. package/dist/cookies/session-store.mjs +200 -0
  159. package/dist/cookies/session-store.mjs.map +1 -0
  160. package/dist/crypto/buffer.d.mts +8 -0
  161. package/dist/crypto/buffer.mjs +18 -0
  162. package/dist/crypto/buffer.mjs.map +1 -0
  163. package/dist/crypto/index.d.mts +27 -0
  164. package/dist/crypto/index.mjs +38 -0
  165. package/dist/crypto/index.mjs.map +1 -0
  166. package/dist/crypto/jwt.d.mts +8 -0
  167. package/dist/crypto/jwt.mjs +95 -0
  168. package/dist/crypto/jwt.mjs.map +1 -0
  169. package/dist/crypto/password.d.mts +12 -0
  170. package/dist/crypto/password.mjs +36 -0
  171. package/dist/crypto/password.mjs.map +1 -0
  172. package/dist/crypto/random.d.mts +5 -0
  173. package/dist/crypto/random.mjs +8 -0
  174. package/dist/crypto/random.mjs.map +1 -0
  175. package/dist/db/adapter-base.d.mts +8 -0
  176. package/dist/db/adapter-base.mjs +28 -0
  177. package/dist/db/adapter-base.mjs.map +1 -0
  178. package/dist/db/adapter-kysely.d.mts +8 -0
  179. package/dist/db/adapter-kysely.mjs +21 -0
  180. package/dist/db/adapter-kysely.mjs.map +1 -0
  181. package/dist/db/field-converter.d.mts +8 -0
  182. package/dist/db/field-converter.mjs +21 -0
  183. package/dist/db/field-converter.mjs.map +1 -0
  184. package/dist/db/field.d.mts +55 -0
  185. package/dist/db/field.mjs +11 -0
  186. package/dist/db/field.mjs.map +1 -0
  187. package/dist/db/get-migration.d.mts +23 -0
  188. package/dist/db/get-migration.mjs +339 -0
  189. package/dist/db/get-migration.mjs.map +1 -0
  190. package/dist/db/get-schema.d.mts +11 -0
  191. package/dist/db/get-schema.mjs +39 -0
  192. package/dist/db/get-schema.mjs.map +1 -0
  193. package/dist/db/index.d.mts +9 -0
  194. package/dist/db/index.mjs +36 -0
  195. package/dist/db/index.mjs.map +1 -0
  196. package/dist/db/internal-adapter.d.mts +14 -0
  197. package/dist/db/internal-adapter.mjs +616 -0
  198. package/dist/db/internal-adapter.mjs.map +1 -0
  199. package/dist/db/schema.d.mts +26 -0
  200. package/dist/db/schema.mjs +118 -0
  201. package/dist/db/schema.mjs.map +1 -0
  202. package/dist/db/to-zod.d.mts +36 -0
  203. package/dist/db/to-zod.mjs +26 -0
  204. package/dist/db/to-zod.mjs.map +1 -0
  205. package/dist/db/verification-token-storage.mjs +28 -0
  206. package/dist/db/verification-token-storage.mjs.map +1 -0
  207. package/dist/db/with-hooks.d.mts +33 -0
  208. package/dist/db/with-hooks.mjs +159 -0
  209. package/dist/db/with-hooks.mjs.map +1 -0
  210. package/dist/index.d.mts +52 -0
  211. package/dist/index.mjs +26 -0
  212. package/dist/integrations/next-js.d.mts +14 -0
  213. package/dist/integrations/next-js.mjs +78 -0
  214. package/dist/integrations/next-js.mjs.map +1 -0
  215. package/dist/integrations/node.d.mts +13 -0
  216. package/dist/integrations/node.mjs +16 -0
  217. package/dist/integrations/node.mjs.map +1 -0
  218. package/dist/integrations/solid-start.d.mts +23 -0
  219. package/dist/integrations/solid-start.mjs +17 -0
  220. package/dist/integrations/solid-start.mjs.map +1 -0
  221. package/dist/integrations/svelte-kit.d.mts +29 -0
  222. package/dist/integrations/svelte-kit.mjs +57 -0
  223. package/dist/integrations/svelte-kit.mjs.map +1 -0
  224. package/dist/integrations/tanstack-start-solid.d.mts +22 -0
  225. package/dist/integrations/tanstack-start-solid.mjs +61 -0
  226. package/dist/integrations/tanstack-start-solid.mjs.map +1 -0
  227. package/dist/integrations/tanstack-start.d.mts +22 -0
  228. package/dist/integrations/tanstack-start.mjs +61 -0
  229. package/dist/integrations/tanstack-start.mjs.map +1 -0
  230. package/dist/oauth2/index.d.mts +5 -0
  231. package/dist/oauth2/index.mjs +7 -0
  232. package/dist/oauth2/link-account.d.mts +31 -0
  233. package/dist/oauth2/link-account.mjs +144 -0
  234. package/dist/oauth2/link-account.mjs.map +1 -0
  235. package/dist/oauth2/state.d.mts +26 -0
  236. package/dist/oauth2/state.mjs +51 -0
  237. package/dist/oauth2/state.mjs.map +1 -0
  238. package/dist/oauth2/utils.d.mts +8 -0
  239. package/dist/oauth2/utils.mjs +31 -0
  240. package/dist/oauth2/utils.mjs.map +1 -0
  241. package/dist/plugins/access/access.d.mts +30 -0
  242. package/dist/plugins/access/access.mjs +46 -0
  243. package/dist/plugins/access/access.mjs.map +1 -0
  244. package/dist/plugins/access/index.d.mts +3 -0
  245. package/dist/plugins/access/index.mjs +3 -0
  246. package/dist/plugins/access/types.d.mts +17 -0
  247. package/dist/plugins/additional-fields/client.d.mts +14 -0
  248. package/dist/plugins/additional-fields/client.mjs +11 -0
  249. package/dist/plugins/additional-fields/client.mjs.map +1 -0
  250. package/dist/plugins/admin/access/index.d.mts +2 -0
  251. package/dist/plugins/admin/access/index.mjs +3 -0
  252. package/dist/plugins/admin/access/statement.d.mts +118 -0
  253. package/dist/plugins/admin/access/statement.mjs +53 -0
  254. package/dist/plugins/admin/access/statement.mjs.map +1 -0
  255. package/dist/plugins/admin/admin.d.mts +14 -0
  256. package/dist/plugins/admin/admin.mjs +95 -0
  257. package/dist/plugins/admin/admin.mjs.map +1 -0
  258. package/dist/plugins/admin/client.d.mts +14 -0
  259. package/dist/plugins/admin/client.mjs +36 -0
  260. package/dist/plugins/admin/client.mjs.map +1 -0
  261. package/dist/plugins/admin/error-codes.d.mts +5 -0
  262. package/dist/plugins/admin/error-codes.mjs +30 -0
  263. package/dist/plugins/admin/error-codes.mjs.map +1 -0
  264. package/dist/plugins/admin/has-permission.mjs +16 -0
  265. package/dist/plugins/admin/has-permission.mjs.map +1 -0
  266. package/dist/plugins/admin/index.d.mts +3 -0
  267. package/dist/plugins/admin/index.mjs +3 -0
  268. package/dist/plugins/admin/routes.mjs +855 -0
  269. package/dist/plugins/admin/routes.mjs.map +1 -0
  270. package/dist/plugins/admin/schema.d.mts +6 -0
  271. package/dist/plugins/admin/schema.mjs +34 -0
  272. package/dist/plugins/admin/schema.mjs.map +1 -0
  273. package/dist/plugins/admin/types.d.mts +89 -0
  274. package/dist/plugins/anonymous/client.d.mts +9 -0
  275. package/dist/plugins/anonymous/client.mjs +22 -0
  276. package/dist/plugins/anonymous/client.mjs.map +1 -0
  277. package/dist/plugins/anonymous/error-codes.d.mts +5 -0
  278. package/dist/plugins/anonymous/error-codes.mjs +16 -0
  279. package/dist/plugins/anonymous/error-codes.mjs.map +1 -0
  280. package/dist/plugins/anonymous/index.d.mts +14 -0
  281. package/dist/plugins/anonymous/index.mjs +163 -0
  282. package/dist/plugins/anonymous/index.mjs.map +1 -0
  283. package/dist/plugins/anonymous/schema.d.mts +5 -0
  284. package/dist/plugins/anonymous/schema.mjs +11 -0
  285. package/dist/plugins/anonymous/schema.mjs.map +1 -0
  286. package/dist/plugins/anonymous/types.d.mts +68 -0
  287. package/dist/plugins/api-key/adapter.mjs +468 -0
  288. package/dist/plugins/api-key/adapter.mjs.map +1 -0
  289. package/dist/plugins/api-key/client.d.mts +9 -0
  290. package/dist/plugins/api-key/client.mjs +19 -0
  291. package/dist/plugins/api-key/client.mjs.map +1 -0
  292. package/dist/plugins/api-key/error-codes.d.mts +5 -0
  293. package/dist/plugins/api-key/error-codes.mjs +34 -0
  294. package/dist/plugins/api-key/error-codes.mjs.map +1 -0
  295. package/dist/plugins/api-key/index.d.mts +17 -0
  296. package/dist/plugins/api-key/index.mjs +134 -0
  297. package/dist/plugins/api-key/index.mjs.map +1 -0
  298. package/dist/plugins/api-key/rate-limit.mjs +74 -0
  299. package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
  300. package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
  301. package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
  302. package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
  303. package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
  304. package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
  305. package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
  306. package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
  307. package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
  308. package/dist/plugins/api-key/routes/index.mjs +71 -0
  309. package/dist/plugins/api-key/routes/index.mjs.map +1 -0
  310. package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
  311. package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
  312. package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
  313. package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
  314. package/dist/plugins/api-key/routes/verify-api-key.mjs +223 -0
  315. package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
  316. package/dist/plugins/api-key/schema.d.mts +11 -0
  317. package/dist/plugins/api-key/schema.mjs +130 -0
  318. package/dist/plugins/api-key/schema.mjs.map +1 -0
  319. package/dist/plugins/api-key/types.d.mts +346 -0
  320. package/dist/plugins/bearer/index.d.mts +25 -0
  321. package/dist/plugins/bearer/index.mjs +66 -0
  322. package/dist/plugins/bearer/index.mjs.map +1 -0
  323. package/dist/plugins/captcha/constants.d.mts +10 -0
  324. package/dist/plugins/captcha/constants.mjs +22 -0
  325. package/dist/plugins/captcha/constants.mjs.map +1 -0
  326. package/dist/plugins/captcha/error-codes.mjs +16 -0
  327. package/dist/plugins/captcha/error-codes.mjs.map +1 -0
  328. package/dist/plugins/captcha/index.d.mts +14 -0
  329. package/dist/plugins/captcha/index.mjs +60 -0
  330. package/dist/plugins/captcha/index.mjs.map +1 -0
  331. package/dist/plugins/captcha/types.d.mts +28 -0
  332. package/dist/plugins/captcha/utils.mjs +11 -0
  333. package/dist/plugins/captcha/utils.mjs.map +1 -0
  334. package/dist/plugins/captcha/verify-handlers/captchafox.mjs +27 -0
  335. package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
  336. package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +25 -0
  337. package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
  338. package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +29 -0
  339. package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
  340. package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +27 -0
  341. package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
  342. package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
  343. package/dist/plugins/custom-session/client.d.mts +10 -0
  344. package/dist/plugins/custom-session/client.mjs +11 -0
  345. package/dist/plugins/custom-session/client.mjs.map +1 -0
  346. package/dist/plugins/custom-session/index.d.mts +26 -0
  347. package/dist/plugins/custom-session/index.mjs +70 -0
  348. package/dist/plugins/custom-session/index.mjs.map +1 -0
  349. package/dist/plugins/device-authorization/client.d.mts +5 -0
  350. package/dist/plugins/device-authorization/client.mjs +18 -0
  351. package/dist/plugins/device-authorization/client.mjs.map +1 -0
  352. package/dist/plugins/device-authorization/error-codes.mjs +21 -0
  353. package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
  354. package/dist/plugins/device-authorization/index.d.mts +28 -0
  355. package/dist/plugins/device-authorization/index.mjs +50 -0
  356. package/dist/plugins/device-authorization/index.mjs.map +1 -0
  357. package/dist/plugins/device-authorization/routes.mjs +510 -0
  358. package/dist/plugins/device-authorization/routes.mjs.map +1 -0
  359. package/dist/plugins/device-authorization/schema.mjs +57 -0
  360. package/dist/plugins/device-authorization/schema.mjs.map +1 -0
  361. package/dist/plugins/email-otp/client.d.mts +7 -0
  362. package/dist/plugins/email-otp/client.mjs +18 -0
  363. package/dist/plugins/email-otp/client.mjs.map +1 -0
  364. package/dist/plugins/email-otp/error-codes.d.mts +5 -0
  365. package/dist/plugins/email-otp/error-codes.mjs +12 -0
  366. package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
  367. package/dist/plugins/email-otp/index.d.mts +14 -0
  368. package/dist/plugins/email-otp/index.mjs +108 -0
  369. package/dist/plugins/email-otp/index.mjs.map +1 -0
  370. package/dist/plugins/email-otp/otp-token.mjs +29 -0
  371. package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
  372. package/dist/plugins/email-otp/routes.mjs +564 -0
  373. package/dist/plugins/email-otp/routes.mjs.map +1 -0
  374. package/dist/plugins/email-otp/types.d.mts +74 -0
  375. package/dist/plugins/email-otp/utils.mjs +17 -0
  376. package/dist/plugins/email-otp/utils.mjs.map +1 -0
  377. package/dist/plugins/generic-oauth/client.d.mts +19 -0
  378. package/dist/plugins/generic-oauth/client.mjs +14 -0
  379. package/dist/plugins/generic-oauth/client.mjs.map +1 -0
  380. package/dist/plugins/generic-oauth/error-codes.d.mts +5 -0
  381. package/dist/plugins/generic-oauth/error-codes.mjs +15 -0
  382. package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
  383. package/dist/plugins/generic-oauth/index.d.mts +34 -0
  384. package/dist/plugins/generic-oauth/index.mjs +137 -0
  385. package/dist/plugins/generic-oauth/index.mjs.map +1 -0
  386. package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
  387. package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
  388. package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
  389. package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
  390. package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
  391. package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
  392. package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
  393. package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
  394. package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
  395. package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
  396. package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
  397. package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
  398. package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
  399. package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
  400. package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
  401. package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
  402. package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
  403. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
  404. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
  405. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
  406. package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
  407. package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
  408. package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
  409. package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
  410. package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
  411. package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
  412. package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
  413. package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
  414. package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
  415. package/dist/plugins/generic-oauth/routes.mjs +394 -0
  416. package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
  417. package/dist/plugins/generic-oauth/types.d.mts +145 -0
  418. package/dist/plugins/haveibeenpwned/index.d.mts +21 -0
  419. package/dist/plugins/haveibeenpwned/index.mjs +56 -0
  420. package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
  421. package/dist/plugins/index.d.mts +68 -0
  422. package/dist/plugins/index.mjs +51 -0
  423. package/dist/plugins/jwt/adapter.mjs +27 -0
  424. package/dist/plugins/jwt/adapter.mjs.map +1 -0
  425. package/dist/plugins/jwt/client.d.mts +18 -0
  426. package/dist/plugins/jwt/client.mjs +19 -0
  427. package/dist/plugins/jwt/client.mjs.map +1 -0
  428. package/dist/plugins/jwt/index.d.mts +17 -0
  429. package/dist/plugins/jwt/index.mjs +202 -0
  430. package/dist/plugins/jwt/index.mjs.map +1 -0
  431. package/dist/plugins/jwt/schema.d.mts +5 -0
  432. package/dist/plugins/jwt/schema.mjs +23 -0
  433. package/dist/plugins/jwt/schema.mjs.map +1 -0
  434. package/dist/plugins/jwt/sign.d.mts +57 -0
  435. package/dist/plugins/jwt/sign.mjs +66 -0
  436. package/dist/plugins/jwt/sign.mjs.map +1 -0
  437. package/dist/plugins/jwt/types.d.mts +194 -0
  438. package/dist/plugins/jwt/utils.d.mts +42 -0
  439. package/dist/plugins/jwt/utils.mjs +64 -0
  440. package/dist/plugins/jwt/utils.mjs.map +1 -0
  441. package/dist/plugins/jwt/verify.d.mts +12 -0
  442. package/dist/plugins/jwt/verify.mjs +46 -0
  443. package/dist/plugins/jwt/verify.mjs.map +1 -0
  444. package/dist/plugins/last-login-method/client.d.mts +18 -0
  445. package/dist/plugins/last-login-method/client.mjs +32 -0
  446. package/dist/plugins/last-login-method/client.mjs.map +1 -0
  447. package/dist/plugins/last-login-method/index.d.mts +52 -0
  448. package/dist/plugins/last-login-method/index.mjs +77 -0
  449. package/dist/plugins/last-login-method/index.mjs.map +1 -0
  450. package/dist/plugins/magic-link/client.d.mts +5 -0
  451. package/dist/plugins/magic-link/client.mjs +11 -0
  452. package/dist/plugins/magic-link/client.mjs.map +1 -0
  453. package/dist/plugins/magic-link/index.d.mts +61 -0
  454. package/dist/plugins/magic-link/index.mjs +167 -0
  455. package/dist/plugins/magic-link/index.mjs.map +1 -0
  456. package/dist/plugins/magic-link/utils.mjs +12 -0
  457. package/dist/plugins/magic-link/utils.mjs.map +1 -0
  458. package/dist/plugins/mcp/authorize.mjs +133 -0
  459. package/dist/plugins/mcp/authorize.mjs.map +1 -0
  460. package/dist/plugins/mcp/index.d.mts +46 -0
  461. package/dist/plugins/mcp/index.mjs +717 -0
  462. package/dist/plugins/mcp/index.mjs.map +1 -0
  463. package/dist/plugins/multi-session/client.d.mts +8 -0
  464. package/dist/plugins/multi-session/client.mjs +20 -0
  465. package/dist/plugins/multi-session/client.mjs.map +1 -0
  466. package/dist/plugins/multi-session/error-codes.d.mts +5 -0
  467. package/dist/plugins/multi-session/error-codes.mjs +8 -0
  468. package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
  469. package/dist/plugins/multi-session/index.d.mts +22 -0
  470. package/dist/plugins/multi-session/index.mjs +172 -0
  471. package/dist/plugins/multi-session/index.mjs.map +1 -0
  472. package/dist/plugins/oauth-proxy/index.d.mts +39 -0
  473. package/dist/plugins/oauth-proxy/index.mjs +305 -0
  474. package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
  475. package/dist/plugins/oauth-proxy/utils.mjs +44 -0
  476. package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
  477. package/dist/plugins/oidc-provider/authorize.mjs +194 -0
  478. package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
  479. package/dist/plugins/oidc-provider/client.d.mts +8 -0
  480. package/dist/plugins/oidc-provider/client.mjs +11 -0
  481. package/dist/plugins/oidc-provider/client.mjs.map +1 -0
  482. package/dist/plugins/oidc-provider/error.mjs +17 -0
  483. package/dist/plugins/oidc-provider/error.mjs.map +1 -0
  484. package/dist/plugins/oidc-provider/index.d.mts +32 -0
  485. package/dist/plugins/oidc-provider/index.mjs +1093 -0
  486. package/dist/plugins/oidc-provider/index.mjs.map +1 -0
  487. package/dist/plugins/oidc-provider/schema.d.mts +26 -0
  488. package/dist/plugins/oidc-provider/schema.mjs +132 -0
  489. package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
  490. package/dist/plugins/oidc-provider/types.d.mts +517 -0
  491. package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
  492. package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
  493. package/dist/plugins/oidc-provider/utils.mjs +15 -0
  494. package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
  495. package/dist/plugins/one-tap/client.d.mts +159 -0
  496. package/dist/plugins/one-tap/client.mjs +214 -0
  497. package/dist/plugins/one-tap/client.mjs.map +1 -0
  498. package/dist/plugins/one-tap/index.d.mts +27 -0
  499. package/dist/plugins/one-tap/index.mjs +96 -0
  500. package/dist/plugins/one-tap/index.mjs.map +1 -0
  501. package/dist/plugins/one-time-token/client.d.mts +7 -0
  502. package/dist/plugins/one-time-token/client.mjs +11 -0
  503. package/dist/plugins/one-time-token/client.mjs.map +1 -0
  504. package/dist/plugins/one-time-token/index.d.mts +53 -0
  505. package/dist/plugins/one-time-token/index.mjs +82 -0
  506. package/dist/plugins/one-time-token/index.mjs.map +1 -0
  507. package/dist/plugins/one-time-token/utils.mjs +12 -0
  508. package/dist/plugins/one-time-token/utils.mjs.map +1 -0
  509. package/dist/plugins/open-api/generator.d.mts +115 -0
  510. package/dist/plugins/open-api/generator.mjs +315 -0
  511. package/dist/plugins/open-api/generator.mjs.map +1 -0
  512. package/dist/plugins/open-api/index.d.mts +45 -0
  513. package/dist/plugins/open-api/index.mjs +67 -0
  514. package/dist/plugins/open-api/index.mjs.map +1 -0
  515. package/dist/plugins/open-api/logo.mjs +15 -0
  516. package/dist/plugins/open-api/logo.mjs.map +1 -0
  517. package/dist/plugins/organization/access/index.d.mts +2 -0
  518. package/dist/plugins/organization/access/index.mjs +3 -0
  519. package/dist/plugins/organization/access/statement.d.mts +249 -0
  520. package/dist/plugins/organization/access/statement.mjs +81 -0
  521. package/dist/plugins/organization/access/statement.mjs.map +1 -0
  522. package/dist/plugins/organization/adapter.d.mts +205 -0
  523. package/dist/plugins/organization/adapter.mjs +624 -0
  524. package/dist/plugins/organization/adapter.mjs.map +1 -0
  525. package/dist/plugins/organization/call.mjs +19 -0
  526. package/dist/plugins/organization/call.mjs.map +1 -0
  527. package/dist/plugins/organization/client.d.mts +151 -0
  528. package/dist/plugins/organization/client.mjs +107 -0
  529. package/dist/plugins/organization/client.mjs.map +1 -0
  530. package/dist/plugins/organization/error-codes.d.mts +5 -0
  531. package/dist/plugins/organization/error-codes.mjs +65 -0
  532. package/dist/plugins/organization/error-codes.mjs.map +1 -0
  533. package/dist/plugins/organization/has-permission.mjs +35 -0
  534. package/dist/plugins/organization/has-permission.mjs.map +1 -0
  535. package/dist/plugins/organization/index.d.mts +5 -0
  536. package/dist/plugins/organization/index.mjs +4 -0
  537. package/dist/plugins/organization/organization.d.mts +252 -0
  538. package/dist/plugins/organization/organization.mjs +428 -0
  539. package/dist/plugins/organization/organization.mjs.map +1 -0
  540. package/dist/plugins/organization/permission.d.mts +26 -0
  541. package/dist/plugins/organization/permission.mjs +16 -0
  542. package/dist/plugins/organization/permission.mjs.map +1 -0
  543. package/dist/plugins/organization/routes/crud-access-control.d.mts +11 -0
  544. package/dist/plugins/organization/routes/crud-access-control.mjs +656 -0
  545. package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
  546. package/dist/plugins/organization/routes/crud-invites.d.mts +16 -0
  547. package/dist/plugins/organization/routes/crud-invites.mjs +555 -0
  548. package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
  549. package/dist/plugins/organization/routes/crud-members.d.mts +13 -0
  550. package/dist/plugins/organization/routes/crud-members.mjs +473 -0
  551. package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
  552. package/dist/plugins/organization/routes/crud-org.d.mts +13 -0
  553. package/dist/plugins/organization/routes/crud-org.mjs +447 -0
  554. package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
  555. package/dist/plugins/organization/routes/crud-team.d.mts +15 -0
  556. package/dist/plugins/organization/routes/crud-team.mjs +676 -0
  557. package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
  558. package/dist/plugins/organization/schema.d.mts +376 -0
  559. package/dist/plugins/organization/schema.mjs +68 -0
  560. package/dist/plugins/organization/schema.mjs.map +1 -0
  561. package/dist/plugins/organization/types.d.mts +733 -0
  562. package/dist/plugins/phone-number/client.d.mts +8 -0
  563. package/dist/plugins/phone-number/client.mjs +20 -0
  564. package/dist/plugins/phone-number/client.mjs.map +1 -0
  565. package/dist/plugins/phone-number/error-codes.d.mts +5 -0
  566. package/dist/plugins/phone-number/error-codes.mjs +21 -0
  567. package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
  568. package/dist/plugins/phone-number/index.d.mts +14 -0
  569. package/dist/plugins/phone-number/index.mjs +49 -0
  570. package/dist/plugins/phone-number/index.mjs.map +1 -0
  571. package/dist/plugins/phone-number/routes.mjs +459 -0
  572. package/dist/plugins/phone-number/routes.mjs.map +1 -0
  573. package/dist/plugins/phone-number/schema.d.mts +5 -0
  574. package/dist/plugins/phone-number/schema.mjs +20 -0
  575. package/dist/plugins/phone-number/schema.mjs.map +1 -0
  576. package/dist/plugins/phone-number/types.d.mts +118 -0
  577. package/dist/plugins/siwe/client.d.mts +5 -0
  578. package/dist/plugins/siwe/client.mjs +11 -0
  579. package/dist/plugins/siwe/client.mjs.map +1 -0
  580. package/dist/plugins/siwe/error-codes.mjs +13 -0
  581. package/dist/plugins/siwe/error-codes.mjs.map +1 -0
  582. package/dist/plugins/siwe/index.d.mts +26 -0
  583. package/dist/plugins/siwe/index.mjs +261 -0
  584. package/dist/plugins/siwe/index.mjs.map +1 -0
  585. package/dist/plugins/siwe/schema.d.mts +5 -0
  586. package/dist/plugins/siwe/schema.mjs +32 -0
  587. package/dist/plugins/siwe/schema.mjs.map +1 -0
  588. package/dist/plugins/siwe/types.d.mts +44 -0
  589. package/dist/plugins/two-factor/backup-codes/index.d.mts +91 -0
  590. package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
  591. package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
  592. package/dist/plugins/two-factor/client.d.mts +17 -0
  593. package/dist/plugins/two-factor/client.mjs +37 -0
  594. package/dist/plugins/two-factor/client.mjs.map +1 -0
  595. package/dist/plugins/two-factor/constant.mjs +8 -0
  596. package/dist/plugins/two-factor/constant.mjs.map +1 -0
  597. package/dist/plugins/two-factor/error-code.d.mts +5 -0
  598. package/dist/plugins/two-factor/error-code.mjs +18 -0
  599. package/dist/plugins/two-factor/error-code.mjs.map +1 -0
  600. package/dist/plugins/two-factor/index.d.mts +19 -0
  601. package/dist/plugins/two-factor/index.mjs +207 -0
  602. package/dist/plugins/two-factor/index.mjs.map +1 -0
  603. package/dist/plugins/two-factor/otp/index.d.mts +96 -0
  604. package/dist/plugins/two-factor/otp/index.mjs +199 -0
  605. package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
  606. package/dist/plugins/two-factor/schema.d.mts +5 -0
  607. package/dist/plugins/two-factor/schema.mjs +36 -0
  608. package/dist/plugins/two-factor/schema.mjs.map +1 -0
  609. package/dist/plugins/two-factor/totp/index.d.mts +81 -0
  610. package/dist/plugins/two-factor/totp/index.mjs +157 -0
  611. package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
  612. package/dist/plugins/two-factor/types.d.mts +65 -0
  613. package/dist/plugins/two-factor/utils.mjs +12 -0
  614. package/dist/plugins/two-factor/utils.mjs.map +1 -0
  615. package/dist/plugins/two-factor/verify-two-factor.mjs +76 -0
  616. package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
  617. package/dist/plugins/username/client.d.mts +7 -0
  618. package/dist/plugins/username/client.mjs +18 -0
  619. package/dist/plugins/username/client.mjs.map +1 -0
  620. package/dist/plugins/username/error-codes.d.mts +5 -0
  621. package/dist/plugins/username/error-codes.mjs +17 -0
  622. package/dist/plugins/username/error-codes.mjs.map +1 -0
  623. package/dist/plugins/username/index.d.mts +74 -0
  624. package/dist/plugins/username/index.mjs +237 -0
  625. package/dist/plugins/username/index.mjs.map +1 -0
  626. package/dist/plugins/username/schema.d.mts +9 -0
  627. package/dist/plugins/username/schema.mjs +26 -0
  628. package/dist/plugins/username/schema.mjs.map +1 -0
  629. package/dist/social-providers/index.d.mts +1 -0
  630. package/dist/social-providers/index.mjs +3 -0
  631. package/dist/state.d.mts +42 -0
  632. package/dist/state.mjs +107 -0
  633. package/dist/state.mjs.map +1 -0
  634. package/dist/test-utils/headers.d.mts +9 -0
  635. package/dist/test-utils/headers.mjs +24 -0
  636. package/dist/test-utils/headers.mjs.map +1 -0
  637. package/dist/test-utils/index.d.mts +3 -0
  638. package/dist/test-utils/index.mjs +4 -0
  639. package/dist/test-utils/test-instance.d.mts +181 -0
  640. package/dist/test-utils/test-instance.mjs +210 -0
  641. package/dist/test-utils/test-instance.mjs.map +1 -0
  642. package/dist/types/adapter.d.mts +24 -0
  643. package/dist/types/api.d.mts +29 -0
  644. package/dist/types/auth.d.mts +30 -0
  645. package/dist/types/helper.d.mts +21 -0
  646. package/dist/types/index.d.mts +11 -0
  647. package/dist/types/index.mjs +1 -0
  648. package/dist/types/models.d.mts +17 -0
  649. package/dist/types/plugins.d.mts +16 -0
  650. package/dist/utils/boolean.mjs +8 -0
  651. package/dist/utils/boolean.mjs.map +1 -0
  652. package/dist/utils/constants.mjs +6 -0
  653. package/dist/utils/constants.mjs.map +1 -0
  654. package/dist/utils/date.mjs +8 -0
  655. package/dist/utils/date.mjs.map +1 -0
  656. package/dist/utils/get-request-ip.d.mts +7 -0
  657. package/dist/utils/get-request-ip.mjs +23 -0
  658. package/dist/utils/get-request-ip.mjs.map +1 -0
  659. package/dist/utils/hashing.mjs +21 -0
  660. package/dist/utils/hashing.mjs.map +1 -0
  661. package/dist/utils/hide-metadata.d.mts +7 -0
  662. package/dist/utils/hide-metadata.mjs +6 -0
  663. package/dist/utils/hide-metadata.mjs.map +1 -0
  664. package/dist/utils/index.d.mts +3 -0
  665. package/dist/utils/index.mjs +5 -0
  666. package/dist/utils/is-api-error.d.mts +7 -0
  667. package/dist/utils/is-api-error.mjs +11 -0
  668. package/dist/utils/is-api-error.mjs.map +1 -0
  669. package/dist/utils/is-atom.mjs +8 -0
  670. package/dist/utils/is-atom.mjs.map +1 -0
  671. package/dist/utils/is-promise.mjs +8 -0
  672. package/dist/utils/is-promise.mjs.map +1 -0
  673. package/dist/utils/middleware-response.mjs +6 -0
  674. package/dist/utils/middleware-response.mjs.map +1 -0
  675. package/dist/utils/password.mjs +26 -0
  676. package/dist/utils/password.mjs.map +1 -0
  677. package/dist/utils/plugin-helper.mjs +17 -0
  678. package/dist/utils/plugin-helper.mjs.map +1 -0
  679. package/dist/utils/shim.mjs +24 -0
  680. package/dist/utils/shim.mjs.map +1 -0
  681. package/dist/utils/time.d.mts +49 -0
  682. package/dist/utils/time.mjs +100 -0
  683. package/dist/utils/time.mjs.map +1 -0
  684. package/dist/utils/url.mjs +92 -0
  685. package/dist/utils/url.mjs.map +1 -0
  686. package/dist/utils/wildcard.mjs +108 -0
  687. package/dist/utils/wildcard.mjs.map +1 -0
  688. package/package.json +601 -0
package/dist/plugins/api-key/routes/update-api-key.mjs ADDED
@@ -0,0 +1,248 @@
1
+ import { getDate } from "../../../utils/date.mjs";
2
+ import { getSessionFromCtx } from "../../../api/routes/session.mjs";
3
+ import "../../../api/index.mjs";
4
+ import { API_KEY_ERROR_CODES } from "../error-codes.mjs";
5
+ import { getApiKeyById, migrateDoubleStringifiedMetadata, setApiKey } from "../adapter.mjs";
6
+ import { API_KEY_TABLE_NAME } from "../index.mjs";
7
+ import { APIError } from "@better-auth/core/error";
8
+ import { safeJSONParse } from "@better-auth/core/utils/json";
9
+ import { createAuthEndpoint } from "@better-auth/core/api";
10
+ import * as z from "zod";
11
+
12
+ //#region src/plugins/api-key/routes/update-api-key.ts
13
+ const updateApiKeyBodySchema = z.object({
14
+ keyId: z.string().meta({ description: "The id of the Api Key" }),
15
+ userId: z.coerce.string().meta({ description: "The id of the user which the api key belongs to. server-only. Eg: \"some-user-id\"" }).optional(),
16
+ name: z.string().meta({ description: "The name of the key" }).optional(),
17
+ enabled: z.boolean().meta({ description: "Whether the Api Key is enabled or not" }).optional(),
18
+ remaining: z.number().meta({ description: "The number of remaining requests" }).min(1).optional(),
19
+ refillAmount: z.number().meta({ description: "The refill amount" }).optional(),
20
+ refillInterval: z.number().meta({ description: "The refill interval" }).optional(),
21
+ metadata: z.any().optional(),
22
+ expiresIn: z.number().meta({ description: "Expiration time of the Api Key in seconds" }).min(1).optional().nullable(),
23
+ rateLimitEnabled: z.boolean().meta({ description: "Whether the key has rate limiting enabled." }).optional(),
24
+ rateLimitTimeWindow: z.number().meta({ description: "The duration in milliseconds where each request is counted. server-only. Eg: 1000" }).optional(),
25
+ rateLimitMax: z.number().meta({ description: "Maximum amount of requests allowed within a window. Once the `maxRequests` is reached, the request will be rejected until the `timeWindow` has passed, at which point the `timeWindow` will be reset. server-only. Eg: 100" }).optional(),
26
+ permissions: z.record(z.string(), z.array(z.string())).meta({ description: "Update the permissions on the API Key. server-only." }).optional().nullable()
27
+ });
28
+ function updateApiKey({ opts, schema, deleteAllExpiredApiKeys }) {
29
+ return createAuthEndpoint("/api-key/update", {
30
+ method: "POST",
31
+ body: updateApiKeyBodySchema,
32
+ metadata: { openapi: {
33
+ description: "Update an existing API key by ID",
34
+ responses: { "200": {
35
+ description: "API key updated successfully",
36
+ content: { "application/json": { schema: {
37
+ type: "object",
38
+ properties: {
39
+ id: {
40
+ type: "string",
41
+ description: "ID"
42
+ },
43
+ name: {
44
+ type: "string",
45
+ nullable: true,
46
+ description: "The name of the key"
47
+ },
48
+ start: {
49
+ type: "string",
50
+ nullable: true,
51
+ description: "Shows the first few characters of the API key, including the prefix. This allows you to show those few characters in the UI to make it easier for users to identify the API key."
52
+ },
53
+ prefix: {
54
+ type: "string",
55
+ nullable: true,
56
+ description: "The API Key prefix. Stored as plain text."
57
+ },
58
+ userId: {
59
+ type: "string",
60
+ description: "The owner of the user id"
61
+ },
62
+ refillInterval: {
63
+ type: "number",
64
+ nullable: true,
65
+ description: "The interval in milliseconds between refills of the `remaining` count. Example: 3600000 // refill every hour (3600000ms = 1h)"
66
+ },
67
+ refillAmount: {
68
+ type: "number",
69
+ nullable: true,
70
+ description: "The amount to refill"
71
+ },
72
+ lastRefillAt: {
73
+ type: "string",
74
+ format: "date-time",
75
+ nullable: true,
76
+ description: "The last refill date"
77
+ },
78
+ enabled: {
79
+ type: "boolean",
80
+ description: "Sets if key is enabled or disabled",
81
+ default: true
82
+ },
83
+ rateLimitEnabled: {
84
+ type: "boolean",
85
+ description: "Whether the key has rate limiting enabled"
86
+ },
87
+ rateLimitTimeWindow: {
88
+ type: "number",
89
+ nullable: true,
90
+ description: "The duration in milliseconds"
91
+ },
92
+ rateLimitMax: {
93
+ type: "number",
94
+ nullable: true,
95
+ description: "Maximum amount of requests allowed within a window"
96
+ },
97
+ requestCount: {
98
+ type: "number",
99
+ description: "The number of requests made within the rate limit time window"
100
+ },
101
+ remaining: {
102
+ type: "number",
103
+ nullable: true,
104
+ description: "Remaining requests (every time api key is used this should updated and should be updated on refill as well)"
105
+ },
106
+ lastRequest: {
107
+ type: "string",
108
+ format: "date-time",
109
+ nullable: true,
110
+ description: "When last request occurred"
111
+ },
112
+ expiresAt: {
113
+ type: "string",
114
+ format: "date-time",
115
+ nullable: true,
116
+ description: "Expiry date of a key"
117
+ },
118
+ createdAt: {
119
+ type: "string",
120
+ format: "date-time",
121
+ description: "created at"
122
+ },
123
+ updatedAt: {
124
+ type: "string",
125
+ format: "date-time",
126
+ description: "updated at"
127
+ },
128
+ metadata: {
129
+ type: "object",
130
+ nullable: true,
131
+ additionalProperties: true,
132
+ description: "Extra metadata about the apiKey"
133
+ },
134
+ permissions: {
135
+ type: "string",
136
+ nullable: true,
137
+ description: "Permissions for the api key (stored as JSON string)"
138
+ }
139
+ },
140
+ required: [
141
+ "id",
142
+ "userId",
143
+ "enabled",
144
+ "rateLimitEnabled",
145
+ "requestCount",
146
+ "createdAt",
147
+ "updatedAt"
148
+ ]
149
+ } } }
150
+ } }
151
+ } }
152
+ }, async (ctx) => {
153
+ const { keyId, expiresIn, enabled, metadata, refillAmount, refillInterval, remaining, name, permissions, rateLimitEnabled, rateLimitTimeWindow, rateLimitMax } = ctx.body;
154
+ const session = await getSessionFromCtx(ctx);
155
+ const authRequired = ctx.request || ctx.headers;
156
+ const user = authRequired && !session ? null : session?.user || { id: ctx.body.userId };
157
+ if (!user?.id) throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.UNAUTHORIZED_SESSION);
158
+ if (session && ctx.body.userId && session?.user.id !== ctx.body.userId) throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.UNAUTHORIZED_SESSION);
159
+ if (authRequired) {
160
+ if (refillAmount !== void 0 || refillInterval !== void 0 || rateLimitMax !== void 0 || rateLimitTimeWindow !== void 0 || rateLimitEnabled !== void 0 || remaining !== void 0 || permissions !== void 0) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.SERVER_ONLY_PROPERTY);
161
+ }
162
+ let apiKey = null;
163
+ apiKey = await getApiKeyById(ctx, keyId, opts);
164
+ if (apiKey && apiKey.userId !== user.id) apiKey = null;
165
+ if (!apiKey) throw APIError.from("NOT_FOUND", API_KEY_ERROR_CODES.KEY_NOT_FOUND);
166
+ const newValues = {};
167
+ if (name !== void 0) {
168
+ if (name.length < opts.minimumNameLength) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.INVALID_NAME_LENGTH);
169
+ else if (name.length > opts.maximumNameLength) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.INVALID_NAME_LENGTH);
170
+ newValues.name = name;
171
+ }
172
+ if (enabled !== void 0) newValues.enabled = enabled;
173
+ if (expiresIn !== void 0) {
174
+ if (opts.keyExpiration.disableCustomExpiresTime === true) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.KEY_DISABLED_EXPIRATION);
175
+ if (expiresIn !== null) {
176
+ const expiresIn_in_days = expiresIn / (3600 * 24);
177
+ if (expiresIn_in_days < opts.keyExpiration.minExpiresIn) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.EXPIRES_IN_IS_TOO_SMALL);
178
+ else if (expiresIn_in_days > opts.keyExpiration.maxExpiresIn) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.EXPIRES_IN_IS_TOO_LARGE);
179
+ }
180
+ newValues.expiresAt = expiresIn ? getDate(expiresIn, "sec") : null;
181
+ }
182
+ if (metadata !== void 0 && opts.enableMetadata === true) {
183
+ if (typeof metadata !== "object") throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.INVALID_METADATA_TYPE);
184
+ newValues.metadata = metadata;
185
+ }
186
+ if (remaining !== void 0) newValues.remaining = remaining;
187
+ if (refillAmount !== void 0 || refillInterval !== void 0) {
188
+ if (refillAmount !== void 0 && refillInterval === void 0) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.REFILL_AMOUNT_AND_INTERVAL_REQUIRED);
189
+ else if (refillInterval !== void 0 && refillAmount === void 0) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.REFILL_INTERVAL_AND_AMOUNT_REQUIRED);
190
+ newValues.refillAmount = refillAmount;
191
+ newValues.refillInterval = refillInterval;
192
+ }
193
+ if (rateLimitEnabled !== void 0) newValues.rateLimitEnabled = rateLimitEnabled;
194
+ if (rateLimitTimeWindow !== void 0) newValues.rateLimitTimeWindow = rateLimitTimeWindow;
195
+ if (rateLimitMax !== void 0) newValues.rateLimitMax = rateLimitMax;
196
+ if (permissions !== void 0) newValues.permissions = JSON.stringify(permissions);
197
+ if (Object.keys(newValues).length === 0) throw APIError.from("BAD_REQUEST", API_KEY_ERROR_CODES.NO_VALUES_TO_UPDATE);
198
+ let newApiKey = apiKey;
199
+ try {
200
+ if (opts.storage === "secondary-storage" && opts.fallbackToDatabase) {
201
+ const dbUpdated = await ctx.context.adapter.update({
202
+ model: API_KEY_TABLE_NAME,
203
+ where: [{
204
+ field: "id",
205
+ value: apiKey.id
206
+ }],
207
+ update: newValues
208
+ });
209
+ if (dbUpdated) {
210
+ await setApiKey(ctx, dbUpdated, opts);
211
+ newApiKey = dbUpdated;
212
+ }
213
+ } else if (opts.storage === "database") {
214
+ const result = await ctx.context.adapter.update({
215
+ model: API_KEY_TABLE_NAME,
216
+ where: [{
217
+ field: "id",
218
+ value: apiKey.id
219
+ }],
220
+ update: newValues
221
+ });
222
+ if (result) newApiKey = result;
223
+ } else {
224
+ const updated = {
225
+ ...apiKey,
226
+ ...newValues,
227
+ updatedAt: /* @__PURE__ */ new Date()
228
+ };
229
+ await setApiKey(ctx, updated, opts);
230
+ newApiKey = updated;
231
+ }
232
+ } catch (error) {
233
+ throw APIError.fromStatus("INTERNAL_SERVER_ERROR", { message: error?.message });
234
+ }
235
+ deleteAllExpiredApiKeys(ctx.context);
236
+ const migratedMetadata = await migrateDoubleStringifiedMetadata(ctx, newApiKey, opts);
237
+ const { key: _key, ...returningApiKey } = newApiKey;
238
+ return ctx.json({
239
+ ...returningApiKey,
240
+ metadata: migratedMetadata,
241
+ permissions: returningApiKey.permissions ? safeJSONParse(returningApiKey.permissions) : null
242
+ });
243
+ });
244
+ }
245
+
246
+ //#endregion
247
+ export { updateApiKey };
248
+ //# sourceMappingURL=update-api-key.mjs.map
package/dist/plugins/api-key/routes/update-api-key.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"update-api-key.mjs","names":["ERROR_CODES"],"sources":["../../../../src/plugins/api-key/routes/update-api-key.ts"],"sourcesContent":["import type { AuthContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError } from \"@better-auth/core/error\";\nimport { safeJSONParse } from \"@better-auth/core/utils/json\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../../api\";\nimport { getDate } from \"../../../utils/date\";\nimport { API_KEY_TABLE_NAME, API_KEY_ERROR_CODES as ERROR_CODES } from \"..\";\nimport {\n\tgetApiKeyById,\n\tmigrateDoubleStringifiedMetadata,\n\tsetApiKey,\n} from \"../adapter\";\nimport type { apiKeySchema } from \"../schema\";\nimport type { ApiKey } from \"../types\";\nimport type { PredefinedApiKeyOptions } from \".\";\n\nconst updateApiKeyBodySchema = z.object({\n\tkeyId: z.string().meta({\n\t\tdescription: \"The id of the Api Key\",\n\t}),\n\tuserId: z.coerce\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The id of the user which the api key belongs to. server-only. Eg: \"some-user-id\"',\n\t\t})\n\t\t.optional(),\n\tname: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The name of the key\",\n\t\t})\n\t\t.optional(),\n\tenabled: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription: \"Whether the Api Key is enabled or not\",\n\t\t})\n\t\t.optional(),\n\tremaining: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of remaining requests\",\n\t\t})\n\t\t.min(1)\n\t\t.optional(),\n\trefillAmount: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The refill amount\",\n\t\t})\n\t\t.optional(),\n\trefillInterval: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The refill interval\",\n\t\t})\n\t\t.optional(),\n\tmetadata: z.any().optional(),\n\texpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"Expiration time of the Api Key in seconds\",\n\t\t})\n\t\t.min(1)\n\t\t.optional()\n\t\t.nullable(),\n\trateLimitEnabled: z\n\t\t.boolean()\n\t\t.meta({\n\t\t\tdescription: \"Whether the key has rate limiting enabled.\",\n\t\t})\n\t\t.optional(),\n\trateLimitTimeWindow: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The duration in milliseconds where each request is counted. server-only. Eg: 1000\",\n\t\t})\n\t\t.optional(),\n\trateLimitMax: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"Maximum amount of requests allowed within a window. Once the `maxRequests` is reached, the request will be rejected until the `timeWindow` has passed, at which point the `timeWindow` will be reset. server-only. Eg: 100\",\n\t\t})\n\t\t.optional(),\n\tpermissions: z\n\t\t.record(z.string(), z.array(z.string()))\n\t\t.meta({\n\t\t\tdescription: \"Update the permissions on the API Key. server-only.\",\n\t\t})\n\t\t.optional()\n\t\t.nullable(),\n});\n\nexport function updateApiKey({\n\topts,\n\tschema,\n\tdeleteAllExpiredApiKeys,\n}: {\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tdeleteAllExpiredApiKeys(\n\t\tctx: AuthContext,\n\t\tbyPassLastCheckTime?: boolean | undefined,\n\t): void;\n}) {\n\treturn createAuthEndpoint(\n\t\t\"/api-key/update\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: updateApiKeyBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Update an existing API key by ID\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"API key updated successfully\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"ID\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The name of the key\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tstart: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Shows the first few characters of the API key, including the prefix. This allows you to show those few characters in the UI to make it easier for users to identify the API key.\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tprefix: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"The API Key prefix. Stored as plain text.\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The owner of the user id\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trefillInterval: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"The interval in milliseconds between refills of the `remaining` count. Example: 3600000 // refill every hour (3600000ms = 1h)\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trefillAmount: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The amount to refill\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlastRefillAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The last refill date\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tenabled: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Sets if key is enabled or disabled\",\n\t\t\t\t\t\t\t\t\t\t\t\tdefault: true,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trateLimitEnabled: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Whether the key has rate limiting enabled\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trateLimitTimeWindow: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The duration in milliseconds\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trateLimitMax: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Maximum amount of requests allowed within a window\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trequestCount: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"The number of requests made within the rate limit time window\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tremaining: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Remaining requests (every time api key is used this should updated and should be updated on refill as well)\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlastRequest: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"When last request occurred\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Expiry date of a key\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"created at\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"updated at\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tmetadata: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tadditionalProperties: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Extra metadata about the apiKey\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Permissions for the api key (stored as JSON string)\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\"userId\",\n\t\t\t\t\t\t\t\t\t\t\t\"enabled\",\n\t\t\t\t\t\t\t\t\t\t\t\"rateLimitEnabled\",\n\t\t\t\t\t\t\t\t\t\t\t\"requestCount\",\n\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst {\n\t\t\t\tkeyId,\n\t\t\t\texpiresIn,\n\t\t\t\tenabled,\n\t\t\t\tmetadata,\n\t\t\t\trefillAmount,\n\t\t\t\trefillInterval,\n\t\t\t\tremaining,\n\t\t\t\tname,\n\t\t\t\tpermissions,\n\t\t\t\trateLimitEnabled,\n\t\t\t\trateLimitTimeWindow,\n\t\t\t\trateLimitMax,\n\t\t\t} = ctx.body;\n\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\t\t\tconst authRequired = ctx.request || ctx.headers;\n\t\t\tconst user =\n\t\t\t\tauthRequired && !session\n\t\t\t\t\t? null\n\t\t\t\t\t: session?.user || { id: ctx.body.userId };\n\n\t\t\tif (!user?.id) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.UNAUTHORIZED_SESSION);\n\t\t\t}\n\n\t\t\tif (session && ctx.body.userId && session?.user.id !== ctx.body.userId) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.UNAUTHORIZED_SESSION);\n\t\t\t}\n\n\t\t\tif (authRequired) {\n\t\t\t\t// if this endpoint was being called from the client,\n\t\t\t\t// we must make sure they can't use server-only properties.\n\t\t\t\tif (\n\t\t\t\t\trefillAmount !== undefined ||\n\t\t\t\t\trefillInterval !== undefined ||\n\t\t\t\t\trateLimitMax !== undefined ||\n\t\t\t\t\trateLimitTimeWindow !== undefined ||\n\t\t\t\t\trateLimitEnabled !== undefined ||\n\t\t\t\t\tremaining !== undefined ||\n\t\t\t\t\tpermissions !== undefined\n\t\t\t\t) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ERROR_CODES.SERVER_ONLY_PROPERTY);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tlet apiKey: ApiKey | null = null;\n\n\t\t\tapiKey = await getApiKeyById(ctx, keyId, opts);\n\n\t\t\t// Verify ownership\n\t\t\tif (apiKey && apiKey.userId !== user.id) {\n\t\t\t\tapiKey = null;\n\t\t\t}\n\n\t\t\tif (!apiKey) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", ERROR_CODES.KEY_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst newValues: Partial<ApiKey> = {};\n\n\t\t\tif (name !== undefined) {\n\t\t\t\tif (name.length < opts.minimumNameLength) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ERROR_CODES.INVALID_NAME_LENGTH);\n\t\t\t\t} else if (name.length > opts.maximumNameLength) {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ERROR_CODES.INVALID_NAME_LENGTH);\n\t\t\t\t}\n\t\t\t\tnewValues.name = name;\n\t\t\t}\n\n\t\t\tif (enabled !== undefined) {\n\t\t\t\tnewValues.enabled = enabled;\n\t\t\t}\n\t\t\tif (expiresIn !== undefined) {\n\t\t\t\tif (opts.keyExpiration.disableCustomExpiresTime === true) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tERROR_CODES.KEY_DISABLED_EXPIRATION,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (expiresIn !== null) {\n\t\t\t\t\t// if expires is not null, check if it's under the valid range\n\t\t\t\t\t// if it IS null, this means the user wants to disable expiration time on the key\n\t\t\t\t\tconst expiresIn_in_days = expiresIn / (60 * 60 * 24);\n\n\t\t\t\t\tif (expiresIn_in_days < opts.keyExpiration.minExpiresIn) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tERROR_CODES.EXPIRES_IN_IS_TOO_SMALL,\n\t\t\t\t\t\t);\n\t\t\t\t\t} else if (expiresIn_in_days > opts.keyExpiration.maxExpiresIn) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tERROR_CODES.EXPIRES_IN_IS_TOO_LARGE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tnewValues.expiresAt = expiresIn ? getDate(expiresIn, \"sec\") : null;\n\t\t\t}\n\n\t\t\tif (metadata !== undefined && opts.enableMetadata === true) {\n\t\t\t\tif (typeof metadata !== \"object\") {\n\t\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ERROR_CODES.INVALID_METADATA_TYPE);\n\t\t\t\t}\n\t\t\t\t// The adapter will automatically apply the schema transform to stringify\n\t\t\t\tnewValues.metadata = metadata;\n\t\t\t}\n\t\t\tif (remaining !== undefined) {\n\t\t\t\tnewValues.remaining = remaining;\n\t\t\t}\n\t\t\tif (refillAmount !== undefined || refillInterval !== undefined) {\n\t\t\t\tif (refillAmount !== undefined && refillInterval === undefined) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tERROR_CODES.REFILL_AMOUNT_AND_INTERVAL_REQUIRED,\n\t\t\t\t\t);\n\t\t\t\t} else if (refillInterval !== undefined && refillAmount === undefined) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tERROR_CODES.REFILL_INTERVAL_AND_AMOUNT_REQUIRED,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tnewValues.refillAmount = refillAmount;\n\t\t\t\tnewValues.refillInterval = refillInterval;\n\t\t\t}\n\n\t\t\tif (rateLimitEnabled !== undefined) {\n\t\t\t\tnewValues.rateLimitEnabled = rateLimitEnabled;\n\t\t\t}\n\t\t\tif (rateLimitTimeWindow !== undefined) {\n\t\t\t\tnewValues.rateLimitTimeWindow = rateLimitTimeWindow;\n\t\t\t}\n\t\t\tif (rateLimitMax !== undefined) {\n\t\t\t\tnewValues.rateLimitMax = rateLimitMax;\n\t\t\t}\n\n\t\t\tif (permissions !== undefined) {\n\t\t\t\t//@ts-expect-error - we need this to be a string to save into DB.\n\t\t\t\tnewValues.permissions = JSON.stringify(permissions);\n\t\t\t}\n\n\t\t\tif (Object.keys(newValues).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ERROR_CODES.NO_VALUES_TO_UPDATE);\n\t\t\t}\n\n\t\t\tlet newApiKey: ApiKey = apiKey;\n\t\t\ttry {\n\t\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\t\tconst dbUpdated = await ctx.context.adapter.update<ApiKey>({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: apiKey.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t\tupdate: newValues,\n\t\t\t\t\t});\n\t\t\t\t\tif (dbUpdated) {\n\t\t\t\t\t\tawait setApiKey(ctx, dbUpdated, opts);\n\t\t\t\t\t\tnewApiKey = dbUpdated;\n\t\t\t\t\t}\n\t\t\t\t} else if (opts.storage === \"database\") {\n\t\t\t\t\tconst result = await ctx.context.adapter.update<ApiKey>({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: apiKey.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t\tupdate: newValues,\n\t\t\t\t\t});\n\t\t\t\t\tif (result) newApiKey = result;\n\t\t\t\t} else {\n\t\t\t\t\tconst updated: ApiKey = {\n\t\t\t\t\t\t...apiKey,\n\t\t\t\t\t\t...newValues,\n\t\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t\t};\n\t\t\t\t\tawait setApiKey(ctx, updated, opts);\n\t\t\t\t\tnewApiKey = updated;\n\t\t\t\t}\n\t\t\t} catch (error: any) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: error?.message,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tdeleteAllExpiredApiKeys(ctx.context);\n\n\t\t\t// Migrate legacy double-stringified metadata if needed\n\t\t\tconst migratedMetadata = await migrateDoubleStringifiedMetadata(\n\t\t\t\tctx,\n\t\t\t\tnewApiKey,\n\t\t\t\topts,\n\t\t\t);\n\n\t\t\tconst { key: _key, ...returningApiKey } = newApiKey;\n\n\t\t\treturn ctx.json({\n\t\t\t\t...returningApiKey,\n\t\t\t\tmetadata: migratedMetadata,\n\t\t\t\tpermissions: returningApiKey.permissions\n\t\t\t\t\t? safeJSONParse<{\n\t\t\t\t\t\t\t[key: string]: string[];\n\t\t\t\t\t\t}>(returningApiKey.permissions)\n\t\t\t\t\t: null,\n\t\t\t});\n\t\t},\n\t);\n}\n"],"mappings":";;;;;;;;;;;;AAiBA,MAAM,yBAAyB,EAAE,OAAO;CACvC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,QAAQ,EAAE,OACR,QAAQ,CACR,KAAK,EACL,aACC,sFACD,CAAC,CACD,UAAU;CACZ,MAAM,EACJ,QAAQ,CACR,KAAK,EACL,aAAa,uBACb,CAAC,CACD,UAAU;CACZ,SAAS,EACP,SAAS,CACT,KAAK,EACL,aAAa,yCACb,CAAC,CACD,UAAU;CACZ,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oCACb,CAAC,CACD,IAAI,EAAE,CACN,UAAU;CACZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,qBACb,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,QAAQ,CACR,KAAK,EACL,aAAa,uBACb,CAAC,CACD,UAAU;CACZ,UAAU,EAAE,KAAK,CAAC,UAAU;CAC5B,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,6CACb,CAAC,CACD,IAAI,EAAE,CACN,UAAU,CACV,UAAU;CACZ,kBAAkB,EAChB,SAAS,CACT,KAAK,EACL,aAAa,8CACb,CAAC,CACD,UAAU;CACZ,qBAAqB,EACnB,QAAQ,CACR,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aACC,8NACD,CAAC,CACD,UAAU;CACZ,aAAa,EACX,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvC,KAAK,EACL,aAAa,uDACb,CAAC,CACD,UAAU,CACV,UAAU;CACZ,CAAC;AAEF,SAAgB,aAAa,EAC5B,MACA,QACA,2BAQE;AACF,QAAO,mBACN,mBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU,EACT,SAAS;GACR,aAAa;GACb,WAAW,EACV,OAAO;IACN,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,IAAI;OACH,MAAM;OACN,aAAa;OACb;MACD,MAAM;OACL,MAAM;OACN,UAAU;OACV,aAAa;OACb;MACD,OAAO;OACN,MAAM;OACN,UAAU;OACV,aACC;OACD;MACD,QAAQ;OACP,MAAM;OACN,UAAU;OACV,aACC;OACD;MACD,QAAQ;OACP,MAAM;OACN,aAAa;OACb;MACD,gBAAgB;OACf,MAAM;OACN,UAAU;OACV,aACC;OACD;MACD,cAAc;OACb,MAAM;OACN,UAAU;OACV,aAAa;OACb;MACD,cAAc;OACb,MAAM;OACN,QAAQ;OACR,UAAU;OACV,aAAa;OACb;MACD,SAAS;OACR,MAAM;OACN,aAAa;OACb,SAAS;OACT;MACD,kBAAkB;OACjB,MAAM;OACN,aACC;OACD;MACD,qBAAqB;OACpB,MAAM;OACN,UAAU;OACV,aAAa;OACb;MACD,cAAc;OACb,MAAM;OACN,UAAU;OACV,aACC;OACD;MACD,cAAc;OACb,MAAM;OACN,aACC;OACD;MACD,WAAW;OACV,MAAM;OACN,UAAU;OACV,aACC;OACD;MACD,aAAa;OACZ,MAAM;OACN,QAAQ;OACR,UAAU;OACV,aAAa;OACb;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR,UAAU;OACV,aAAa;OACb;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR,aAAa;OACb;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR,aAAa;OACb;MACD,UAAU;OACT,MAAM;OACN,UAAU;OACV,sBAAsB;OACtB,aAAa;OACb;MACD,aAAa;OACZ,MAAM;OACN,UAAU;OACV,aACC;OACD;MACD;KACD,UAAU;MACT;MACA;MACA;MACA;MACA;MACA;MACA;MACA;KACD,EACD,EACD;IACD,EACD;GACD,EACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,EACL,OACA,WACA,SACA,UACA,cACA,gBACA,WACA,MACA,aACA,kBACA,qBACA,iBACG,IAAI;EAER,MAAM,UAAU,MAAM,kBAAkB,IAAI;EAC5C,MAAM,eAAe,IAAI,WAAW,IAAI;EACxC,MAAM,OACL,gBAAgB,CAAC,UACd,OACA,SAAS,QAAQ,EAAE,IAAI,IAAI,KAAK,QAAQ;AAE5C,MAAI,CAAC,MAAM,GACV,OAAM,SAAS,KAAK,gBAAgBA,oBAAY,qBAAqB;AAGtE,MAAI,WAAW,IAAI,KAAK,UAAU,SAAS,KAAK,OAAO,IAAI,KAAK,OAC/D,OAAM,SAAS,KAAK,gBAAgBA,oBAAY,qBAAqB;AAGtE,MAAI,cAGH;OACC,iBAAiB,UACjB,mBAAmB,UACnB,iBAAiB,UACjB,wBAAwB,UACxB,qBAAqB,UACrB,cAAc,UACd,gBAAgB,OAEhB,OAAM,SAAS,KAAK,eAAeA,oBAAY,qBAAqB;;EAItE,IAAI,SAAwB;AAE5B,WAAS,MAAM,cAAc,KAAK,OAAO,KAAK;AAG9C,MAAI,UAAU,OAAO,WAAW,KAAK,GACpC,UAAS;AAGV,MAAI,CAAC,OACJ,OAAM,SAAS,KAAK,aAAaA,oBAAY,cAAc;EAG5D,MAAM,YAA6B,EAAE;AAErC,MAAI,SAAS,QAAW;AACvB,OAAI,KAAK,SAAS,KAAK,kBACtB,OAAM,SAAS,KAAK,eAAeA,oBAAY,oBAAoB;YACzD,KAAK,SAAS,KAAK,kBAC7B,OAAM,SAAS,KAAK,eAAeA,oBAAY,oBAAoB;AAEpE,aAAU,OAAO;;AAGlB,MAAI,YAAY,OACf,WAAU,UAAU;AAErB,MAAI,cAAc,QAAW;AAC5B,OAAI,KAAK,cAAc,6BAA6B,KACnD,OAAM,SAAS,KACd,eACAA,oBAAY,wBACZ;AAEF,OAAI,cAAc,MAAM;IAGvB,MAAM,oBAAoB,aAAa,OAAU;AAEjD,QAAI,oBAAoB,KAAK,cAAc,aAC1C,OAAM,SAAS,KACd,eACAA,oBAAY,wBACZ;aACS,oBAAoB,KAAK,cAAc,aACjD,OAAM,SAAS,KACd,eACAA,oBAAY,wBACZ;;AAGH,aAAU,YAAY,YAAY,QAAQ,WAAW,MAAM,GAAG;;AAG/D,MAAI,aAAa,UAAa,KAAK,mBAAmB,MAAM;AAC3D,OAAI,OAAO,aAAa,SACvB,OAAM,SAAS,KAAK,eAAeA,oBAAY,sBAAsB;AAGtE,aAAU,WAAW;;AAEtB,MAAI,cAAc,OACjB,WAAU,YAAY;AAEvB,MAAI,iBAAiB,UAAa,mBAAmB,QAAW;AAC/D,OAAI,iBAAiB,UAAa,mBAAmB,OACpD,OAAM,SAAS,KACd,eACAA,oBAAY,oCACZ;YACS,mBAAmB,UAAa,iBAAiB,OAC3D,OAAM,SAAS,KACd,eACAA,oBAAY,oCACZ;AAEF,aAAU,eAAe;AACzB,aAAU,iBAAiB;;AAG5B,MAAI,qBAAqB,OACxB,WAAU,mBAAmB;AAE9B,MAAI,wBAAwB,OAC3B,WAAU,sBAAsB;AAEjC,MAAI,iBAAiB,OACpB,WAAU,eAAe;AAG1B,MAAI,gBAAgB,OAEnB,WAAU,cAAc,KAAK,UAAU,YAAY;AAGpD,MAAI,OAAO,KAAK,UAAU,CAAC,WAAW,EACrC,OAAM,SAAS,KAAK,eAAeA,oBAAY,oBAAoB;EAGpE,IAAI,YAAoB;AACxB,MAAI;AACH,OAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;IACpE,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,OAAe;KAC1D,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,OAAO;MACd,CACD;KACD,QAAQ;KACR,CAAC;AACF,QAAI,WAAW;AACd,WAAM,UAAU,KAAK,WAAW,KAAK;AACrC,iBAAY;;cAEH,KAAK,YAAY,YAAY;IACvC,MAAM,SAAS,MAAM,IAAI,QAAQ,QAAQ,OAAe;KACvD,OAAO;KACP,OAAO,CACN;MACC,OAAO;MACP,OAAO,OAAO;MACd,CACD;KACD,QAAQ;KACR,CAAC;AACF,QAAI,OAAQ,aAAY;UAClB;IACN,MAAM,UAAkB;KACvB,GAAG;KACH,GAAG;KACH,2BAAW,IAAI,MAAM;KACrB;AACD,UAAM,UAAU,KAAK,SAAS,KAAK;AACnC,gBAAY;;WAEL,OAAY;AACpB,SAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,OAAO,SAChB,CAAC;;AAGH,0BAAwB,IAAI,QAAQ;EAGpC,MAAM,mBAAmB,MAAM,iCAC9B,KACA,WACA,KACA;EAED,MAAM,EAAE,KAAK,MAAM,GAAG,oBAAoB;AAE1C,SAAO,IAAI,KAAK;GACf,GAAG;GACH,UAAU;GACV,aAAa,gBAAgB,cAC1B,cAEE,gBAAgB,YAAY,GAC9B;GACH,CAAC;GAEH"}
package/dist/plugins/api-key/routes/verify-api-key.mjs ADDED
@@ -0,0 +1,223 @@
1
+ import { isAPIError } from "../../../utils/is-api-error.mjs";
2
+ import { role } from "../../access/access.mjs";
3
+ import "../../access/index.mjs";
4
+ import { API_KEY_ERROR_CODES } from "../error-codes.mjs";
5
+ import { deleteApiKey, getApiKey, migrateDoubleStringifiedMetadata, setApiKey } from "../adapter.mjs";
6
+ import { isRateLimited } from "../rate-limit.mjs";
7
+ import { API_KEY_TABLE_NAME, defaultKeyHasher } from "../index.mjs";
8
+ import { APIError } from "@better-auth/core/error";
9
+ import { safeJSONParse } from "@better-auth/core/utils/json";
10
+ import { createAuthEndpoint } from "@better-auth/core/api";
11
+ import * as z from "zod";
12
+
13
+ //#region src/plugins/api-key/routes/verify-api-key.ts
14
+ async function validateApiKey({ hashedKey, ctx, opts, schema, permissions }) {
15
+ const apiKey = await getApiKey(ctx, hashedKey, opts);
16
+ if (!apiKey) throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.INVALID_API_KEY);
17
+ if (apiKey.enabled === false) throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.KEY_DISABLED);
18
+ if (apiKey.expiresAt) {
19
+ if (Date.now() > new Date(apiKey.expiresAt).getTime()) {
20
+ const deleteExpiredKey = async () => {
21
+ if (opts.storage === "secondary-storage" && opts.fallbackToDatabase) {
22
+ await deleteApiKey(ctx, apiKey, opts);
23
+ await ctx.context.adapter.delete({
24
+ model: API_KEY_TABLE_NAME,
25
+ where: [{
26
+ field: "id",
27
+ value: apiKey.id
28
+ }]
29
+ });
30
+ } else if (opts.storage === "secondary-storage") await deleteApiKey(ctx, apiKey, opts);
31
+ else await ctx.context.adapter.delete({
32
+ model: API_KEY_TABLE_NAME,
33
+ where: [{
34
+ field: "id",
35
+ value: apiKey.id
36
+ }]
37
+ });
38
+ };
39
+ if (opts.deferUpdates) ctx.context.runInBackground(deleteExpiredKey().catch((error) => {
40
+ ctx.context.logger.error("Deferred update failed:", error);
41
+ }));
42
+ else await deleteExpiredKey();
43
+ throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.KEY_EXPIRED);
44
+ }
45
+ }
46
+ if (permissions) {
47
+ const apiKeyPermissions = apiKey.permissions ? safeJSONParse(apiKey.permissions) : null;
48
+ if (!apiKeyPermissions) throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.KEY_NOT_FOUND);
49
+ if (!role(apiKeyPermissions).authorize(permissions).success) throw APIError.from("UNAUTHORIZED", API_KEY_ERROR_CODES.KEY_NOT_FOUND);
50
+ }
51
+ let remaining = apiKey.remaining;
52
+ let lastRefillAt = apiKey.lastRefillAt;
53
+ if (apiKey.remaining === 0 && apiKey.refillAmount === null) {
54
+ const deleteExhaustedKey = async () => {
55
+ if (opts.storage === "secondary-storage" && opts.fallbackToDatabase) {
56
+ await deleteApiKey(ctx, apiKey, opts);
57
+ await ctx.context.adapter.delete({
58
+ model: API_KEY_TABLE_NAME,
59
+ where: [{
60
+ field: "id",
61
+ value: apiKey.id
62
+ }]
63
+ });
64
+ } else if (opts.storage === "secondary-storage") await deleteApiKey(ctx, apiKey, opts);
65
+ else await ctx.context.adapter.delete({
66
+ model: API_KEY_TABLE_NAME,
67
+ where: [{
68
+ field: "id",
69
+ value: apiKey.id
70
+ }]
71
+ });
72
+ };
73
+ if (opts.deferUpdates) ctx.context.runInBackground(deleteExhaustedKey().catch((error) => {
74
+ ctx.context.logger.error("Deferred update failed:", error);
75
+ }));
76
+ else await deleteExhaustedKey();
77
+ throw APIError.from("TOO_MANY_REQUESTS", API_KEY_ERROR_CODES.USAGE_EXCEEDED);
78
+ } else if (remaining !== null) {
79
+ const now = Date.now();
80
+ const refillInterval = apiKey.refillInterval;
81
+ const refillAmount = apiKey.refillAmount;
82
+ const lastTime = new Date(lastRefillAt ?? apiKey.createdAt).getTime();
83
+ if (refillInterval && refillAmount) {
84
+ if (now - lastTime > refillInterval) {
85
+ remaining = refillAmount;
86
+ lastRefillAt = /* @__PURE__ */ new Date();
87
+ }
88
+ }
89
+ if (remaining === 0) throw APIError.from("TOO_MANY_REQUESTS", API_KEY_ERROR_CODES.USAGE_EXCEEDED);
90
+ else remaining--;
91
+ }
92
+ const { message, success, update, tryAgainIn } = isRateLimited(apiKey, opts);
93
+ if (success === false) throw new APIError("UNAUTHORIZED", {
94
+ message: message ?? void 0,
95
+ code: "RATE_LIMITED",
96
+ details: { tryAgainIn }
97
+ });
98
+ const updated = {
99
+ ...apiKey,
100
+ ...update,
101
+ remaining,
102
+ lastRefillAt,
103
+ updatedAt: /* @__PURE__ */ new Date()
104
+ };
105
+ const performUpdate = async () => {
106
+ if (opts.storage === "database") return ctx.context.adapter.update({
107
+ model: API_KEY_TABLE_NAME,
108
+ where: [{
109
+ field: "id",
110
+ value: apiKey.id
111
+ }],
112
+ update: {
113
+ ...updated,
114
+ id: void 0
115
+ }
116
+ });
117
+ else if (opts.storage === "secondary-storage" && opts.fallbackToDatabase) {
118
+ const dbUpdated = await ctx.context.adapter.update({
119
+ model: API_KEY_TABLE_NAME,
120
+ where: [{
121
+ field: "id",
122
+ value: apiKey.id
123
+ }],
124
+ update: {
125
+ ...updated,
126
+ id: void 0
127
+ }
128
+ });
129
+ if (dbUpdated) await setApiKey(ctx, dbUpdated, opts);
130
+ return dbUpdated;
131
+ } else {
132
+ await setApiKey(ctx, updated, opts);
133
+ return updated;
134
+ }
135
+ };
136
+ let newApiKey = null;
137
+ if (opts.deferUpdates) {
138
+ ctx.context.runInBackground(performUpdate().catch((error) => {
139
+ ctx.context.logger.error("Failed to update API key:", error);
140
+ }));
141
+ newApiKey = updated;
142
+ } else {
143
+ newApiKey = await performUpdate();
144
+ if (!newApiKey) throw APIError.from("INTERNAL_SERVER_ERROR", API_KEY_ERROR_CODES.FAILED_TO_UPDATE_API_KEY);
145
+ }
146
+ return newApiKey;
147
+ }
148
+ const verifyApiKeyBodySchema = z.object({
149
+ key: z.string().meta({ description: "The key to verify" }),
150
+ permissions: z.record(z.string(), z.array(z.string())).meta({ description: "The permissions to verify." }).optional()
151
+ });
152
+ function verifyApiKey({ opts, schema, deleteAllExpiredApiKeys }) {
153
+ return createAuthEndpoint({
154
+ method: "POST",
155
+ body: verifyApiKeyBodySchema
156
+ }, async (ctx) => {
157
+ const { key } = ctx.body;
158
+ if (opts.customAPIKeyValidator) {
159
+ if (!await opts.customAPIKeyValidator({
160
+ ctx,
161
+ key
162
+ })) return ctx.json({
163
+ valid: false,
164
+ error: {
165
+ message: API_KEY_ERROR_CODES.INVALID_API_KEY,
166
+ code: "KEY_NOT_FOUND"
167
+ },
168
+ key: null
169
+ });
170
+ }
171
+ const hashed = opts.disableKeyHashing ? key : await defaultKeyHasher(key);
172
+ let apiKey = null;
173
+ try {
174
+ apiKey = await validateApiKey({
175
+ hashedKey: hashed,
176
+ permissions: ctx.body.permissions,
177
+ ctx,
178
+ opts,
179
+ schema
180
+ });
181
+ if (opts.deferUpdates) ctx.context.runInBackground(deleteAllExpiredApiKeys(ctx.context).catch((err) => {
182
+ ctx.context.logger.error("Failed to delete expired API keys:", err);
183
+ }));
184
+ } catch (error) {
185
+ ctx.context.logger.error("Failed to validate API key:", error);
186
+ if (isAPIError(error)) return ctx.json({
187
+ valid: false,
188
+ error: {
189
+ message: error.body?.message,
190
+ code: error.body?.code
191
+ },
192
+ key: null
193
+ });
194
+ return ctx.json({
195
+ valid: false,
196
+ error: {
197
+ message: API_KEY_ERROR_CODES.INVALID_API_KEY,
198
+ code: "INVALID_API_KEY"
199
+ },
200
+ key: null
201
+ });
202
+ }
203
+ const { key: _, ...returningApiKey } = apiKey ?? {
204
+ key: 1,
205
+ permissions: void 0
206
+ };
207
+ let migratedMetadata = null;
208
+ if (apiKey) migratedMetadata = await migrateDoubleStringifiedMetadata(ctx, apiKey, opts);
209
+ returningApiKey.permissions = returningApiKey.permissions ? safeJSONParse(returningApiKey.permissions) : null;
210
+ return ctx.json({
211
+ valid: true,
212
+ error: null,
213
+ key: apiKey === null ? null : {
214
+ ...returningApiKey,
215
+ metadata: migratedMetadata
216
+ }
217
+ });
218
+ });
219
+ }
220
+
221
+ //#endregion
222
+ export { validateApiKey, verifyApiKey };
223
+ //# sourceMappingURL=verify-api-key.mjs.map
package/dist/plugins/api-key/routes/verify-api-key.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verify-api-key.mjs","names":["ERROR_CODES"],"sources":["../../../../src/plugins/api-key/routes/verify-api-key.ts"],"sourcesContent":["import type { AuthContext, GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError } from \"@better-auth/core/error\";\nimport { safeJSONParse } from \"@better-auth/core/utils/json\";\nimport * as z from \"zod\";\nimport { isAPIError } from \"../../../utils/is-api-error\";\nimport { role } from \"../../access\";\nimport { API_KEY_TABLE_NAME, API_KEY_ERROR_CODES as ERROR_CODES } from \"..\";\nimport { defaultKeyHasher } from \"../\";\nimport {\n\tdeleteApiKey,\n\tgetApiKey,\n\tmigrateDoubleStringifiedMetadata,\n\tsetApiKey,\n} from \"../adapter\";\nimport { isRateLimited } from \"../rate-limit\";\nimport type { apiKeySchema } from \"../schema\";\nimport type { ApiKey } from \"../types\";\nimport type { PredefinedApiKeyOptions } from \".\";\n\nexport async function validateApiKey({\n\thashedKey,\n\tctx,\n\topts,\n\tschema,\n\tpermissions,\n}: {\n\thashedKey: string;\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tpermissions?: Record<string, string[]> | undefined;\n\tctx: GenericEndpointContext;\n}) {\n\tconst apiKey = await getApiKey(ctx, hashedKey, opts);\n\n\tif (!apiKey) {\n\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.INVALID_API_KEY);\n\t}\n\n\tif (apiKey.enabled === false) {\n\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.KEY_DISABLED);\n\t}\n\n\tif (apiKey.expiresAt) {\n\t\tconst now = Date.now();\n\t\tconst expiresAt = new Date(apiKey.expiresAt).getTime();\n\t\tif (now > expiresAt) {\n\t\t\tconst deleteExpiredKey = async () => {\n\t\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t\t});\n\t\t\t\t} else if (opts.storage === \"secondary-storage\") {\n\t\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\t} else {\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t};\n\n\t\t\tif (opts.deferUpdates) {\n\t\t\t\tctx.context.runInBackground(\n\t\t\t\t\tdeleteExpiredKey().catch((error) => {\n\t\t\t\t\t\tctx.context.logger.error(\"Deferred update failed:\", error);\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\tawait deleteExpiredKey();\n\t\t\t}\n\n\t\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.KEY_EXPIRED);\n\t\t}\n\t}\n\n\tif (permissions) {\n\t\tconst apiKeyPermissions = apiKey.permissions\n\t\t\t? safeJSONParse<{\n\t\t\t\t\t[key: string]: string[];\n\t\t\t\t}>(apiKey.permissions)\n\t\t\t: null;\n\n\t\tif (!apiKeyPermissions) {\n\t\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.KEY_NOT_FOUND);\n\t\t}\n\t\tconst r = role(apiKeyPermissions as any);\n\t\tconst result = r.authorize(permissions);\n\t\tif (!result.success) {\n\t\t\tthrow APIError.from(\"UNAUTHORIZED\", ERROR_CODES.KEY_NOT_FOUND);\n\t\t}\n\t}\n\n\tlet remaining = apiKey.remaining;\n\tlet lastRefillAt = apiKey.lastRefillAt;\n\n\tif (apiKey.remaining === 0 && apiKey.refillAmount === null) {\n\t\tconst deleteExhaustedKey = async () => {\n\t\t\tif (opts.storage === \"secondary-storage\" && opts.fallbackToDatabase) {\n\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t});\n\t\t\t} else if (opts.storage === \"secondary-storage\") {\n\t\t\t\tawait deleteApiKey(ctx, apiKey, opts);\n\t\t\t} else {\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\t});\n\t\t\t}\n\t\t};\n\n\t\tif (opts.deferUpdates) {\n\t\t\tctx.context.runInBackground(\n\t\t\t\tdeleteExhaustedKey().catch((error) => {\n\t\t\t\t\tctx.context.logger.error(\"Deferred update failed:\", error);\n\t\t\t\t}),\n\t\t\t);\n\t\t} else {\n\t\t\tawait deleteExhaustedKey();\n\t\t}\n\n\t\tthrow APIError.from(\"TOO_MANY_REQUESTS\", ERROR_CODES.USAGE_EXCEEDED);\n\t} else if (remaining !== null) {\n\t\tconst now = Date.now();\n\t\tconst refillInterval = apiKey.refillInterval;\n\t\tconst refillAmount = apiKey.refillAmount;\n\t\tconst lastTime = new Date(lastRefillAt ?? apiKey.createdAt).getTime();\n\n\t\tif (refillInterval && refillAmount) {\n\t\t\t// if they provide refill info, then we should refill once the interval is reached.\n\n\t\t\tconst timeSinceLastRequest = now - lastTime;\n\t\t\tif (timeSinceLastRequest > refillInterval) {\n\t\t\t\tremaining = refillAmount;\n\t\t\t\tlastRefillAt = new Date();\n\t\t\t}\n\t\t}\n\n\t\tif (remaining === 0) {\n\t\t\t// if there are no more remaining requests, than the key is invalid\n\t\t\tthrow APIError.from(\"TOO_MANY_REQUESTS\", ERROR_CODES.USAGE_EXCEEDED);\n\t\t} else {\n\t\t\tremaining--;\n\t\t}\n\t}\n\n\tconst { message, success, update, tryAgainIn } = isRateLimited(apiKey, opts);\n\n\tif (success === false) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: message ?? undefined,\n\t\t\tcode: \"RATE_LIMITED\" as const,\n\t\t\tdetails: {\n\t\t\t\ttryAgainIn,\n\t\t\t},\n\t\t});\n\t}\n\n\tconst updated: ApiKey = {\n\t\t...apiKey,\n\t\t...update,\n\t\tremaining,\n\t\tlastRefillAt,\n\t\tupdatedAt: new Date(),\n\t};\n\n\tconst performUpdate = async (): Promise<ApiKey | null> => {\n\t\tif (opts.storage === \"database\") {\n\t\t\treturn ctx.context.adapter.update<ApiKey>({\n\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\tupdate: { ...updated, id: undefined },\n\t\t\t});\n\t\t} else if (\n\t\t\topts.storage === \"secondary-storage\" &&\n\t\t\topts.fallbackToDatabase\n\t\t) {\n\t\t\tconst dbUpdated = await ctx.context.adapter.update<ApiKey>({\n\t\t\t\tmodel: API_KEY_TABLE_NAME,\n\t\t\t\twhere: [{ field: \"id\", value: apiKey.id }],\n\t\t\t\tupdate: { ...updated, id: undefined },\n\t\t\t});\n\t\t\tif (dbUpdated) {\n\t\t\t\tawait setApiKey(ctx, dbUpdated, opts);\n\t\t\t}\n\t\t\treturn dbUpdated;\n\t\t} else {\n\t\t\tawait setApiKey(ctx, updated, opts);\n\t\t\treturn updated;\n\t\t}\n\t};\n\n\tlet newApiKey: ApiKey | null = null;\n\n\tif (opts.deferUpdates) {\n\t\tctx.context.runInBackground(\n\t\t\tperformUpdate().catch((error) => {\n\t\t\t\tctx.context.logger.error(\"Failed to update API key:\", error);\n\t\t\t}),\n\t\t);\n\t\tnewApiKey = updated;\n\t} else {\n\t\tnewApiKey = await performUpdate();\n\t\tif (!newApiKey) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\tERROR_CODES.FAILED_TO_UPDATE_API_KEY,\n\t\t\t);\n\t\t}\n\t}\n\n\treturn newApiKey;\n}\n\nconst verifyApiKeyBodySchema = z.object({\n\tkey: z.string().meta({\n\t\tdescription: \"The key to verify\",\n\t}),\n\tpermissions: z\n\t\t.record(z.string(), z.array(z.string()))\n\t\t.meta({\n\t\t\tdescription: \"The permissions to verify.\",\n\t\t})\n\t\t.optional(),\n});\n\nexport function verifyApiKey({\n\topts,\n\tschema,\n\tdeleteAllExpiredApiKeys,\n}: {\n\topts: PredefinedApiKeyOptions;\n\tschema: ReturnType<typeof apiKeySchema>;\n\tdeleteAllExpiredApiKeys(\n\t\tctx: AuthContext,\n\t\tbyPassLastCheckTime?: boolean | undefined,\n\t): Promise<void>;\n}) {\n\treturn createAuthEndpoint(\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: verifyApiKeyBodySchema,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { key } = ctx.body;\n\n\t\t\tif (opts.customAPIKeyValidator) {\n\t\t\t\tconst isValid = await opts.customAPIKeyValidator({ ctx, key });\n\t\t\t\tif (!isValid) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tvalid: false,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t\t\t\t\t\tcode: \"KEY_NOT_FOUND\" as const,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tkey: null,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst hashed = opts.disableKeyHashing ? key : await defaultKeyHasher(key);\n\n\t\t\tlet apiKey: ApiKey | null = null;\n\n\t\t\ttry {\n\t\t\t\tapiKey = await validateApiKey({\n\t\t\t\t\thashedKey: hashed,\n\t\t\t\t\tpermissions: ctx.body.permissions,\n\t\t\t\t\tctx,\n\t\t\t\t\topts,\n\t\t\t\t\tschema,\n\t\t\t\t});\n\n\t\t\t\tif (opts.deferUpdates) {\n\t\t\t\t\tctx.context.runInBackground(\n\t\t\t\t\t\tdeleteAllExpiredApiKeys(ctx.context).catch((err) => {\n\t\t\t\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\t\t\t\"Failed to delete expired API keys:\",\n\t\t\t\t\t\t\t\terr,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tctx.context.logger.error(\"Failed to validate API key:\", error);\n\t\t\t\tif (isAPIError(error)) {\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tvalid: false,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: error.body?.message,\n\t\t\t\t\t\t\tcode: error.body?.code as string,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tkey: null,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tvalid: false,\n\t\t\t\t\terror: {\n\t\t\t\t\t\tmessage: ERROR_CODES.INVALID_API_KEY,\n\t\t\t\t\t\tcode: \"INVALID_API_KEY\" as const,\n\t\t\t\t\t},\n\t\t\t\t\tkey: null,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst { key: _, ...returningApiKey } = apiKey ?? {\n\t\t\t\tkey: 1,\n\t\t\t\tpermissions: undefined,\n\t\t\t};\n\n\t\t\t// Migrate legacy double-stringified metadata if needed\n\t\t\tlet migratedMetadata: Record<string, any> | null = null;\n\t\t\tif (apiKey) {\n\t\t\t\tmigratedMetadata = await migrateDoubleStringifiedMetadata(\n\t\t\t\t\tctx,\n\t\t\t\t\tapiKey,\n\t\t\t\t\topts,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\treturningApiKey.permissions = returningApiKey.permissions\n\t\t\t\t? safeJSONParse<{\n\t\t\t\t\t\t[key: string]: string[];\n\t\t\t\t\t}>(returningApiKey.permissions)\n\t\t\t\t: null;\n\n\t\t\treturn ctx.json({\n\t\t\t\tvalid: true,\n\t\t\t\terror: null,\n\t\t\t\tkey:\n\t\t\t\t\tapiKey === null\n\t\t\t\t\t\t? null\n\t\t\t\t\t\t: ({\n\t\t\t\t\t\t\t\t...returningApiKey,\n\t\t\t\t\t\t\t\tmetadata: migratedMetadata,\n\t\t\t\t\t\t\t} as Omit<ApiKey, \"key\">),\n\t\t\t});\n\t\t},\n\t);\n}\n"],"mappings":";;;;;;;;;;;;;AAoBA,eAAsB,eAAe,EACpC,WACA,KACA,MACA,QACA,eAOE;CACF,MAAM,SAAS,MAAM,UAAU,KAAK,WAAW,KAAK;AAEpD,KAAI,CAAC,OACJ,OAAM,SAAS,KAAK,gBAAgBA,oBAAY,gBAAgB;AAGjE,KAAI,OAAO,YAAY,MACtB,OAAM,SAAS,KAAK,gBAAgBA,oBAAY,aAAa;AAG9D,KAAI,OAAO,WAGV;MAFY,KAAK,KAAK,GACJ,IAAI,KAAK,OAAO,UAAU,CAAC,SAAS,EACjC;GACpB,MAAM,mBAAmB,YAAY;AACpC,QAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;AACpE,WAAM,aAAa,KAAK,QAAQ,KAAK;AACrC,WAAM,IAAI,QAAQ,QAAQ,OAAO;MAChC,OAAO;MACP,OAAO,CAAC;OAAE,OAAO;OAAM,OAAO,OAAO;OAAI,CAAC;MAC1C,CAAC;eACQ,KAAK,YAAY,oBAC3B,OAAM,aAAa,KAAK,QAAQ,KAAK;QAErC,OAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAM,OAAO,OAAO;MAAI,CAAC;KAC1C,CAAC;;AAIJ,OAAI,KAAK,aACR,KAAI,QAAQ,gBACX,kBAAkB,CAAC,OAAO,UAAU;AACnC,QAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;KACzD,CACF;OAED,OAAM,kBAAkB;AAGzB,SAAM,SAAS,KAAK,gBAAgBA,oBAAY,YAAY;;;AAI9D,KAAI,aAAa;EAChB,MAAM,oBAAoB,OAAO,cAC9B,cAEE,OAAO,YAAY,GACrB;AAEH,MAAI,CAAC,kBACJ,OAAM,SAAS,KAAK,gBAAgBA,oBAAY,cAAc;AAI/D,MAAI,CAFM,KAAK,kBAAyB,CACvB,UAAU,YAAY,CAC3B,QACX,OAAM,SAAS,KAAK,gBAAgBA,oBAAY,cAAc;;CAIhE,IAAI,YAAY,OAAO;CACvB,IAAI,eAAe,OAAO;AAE1B,KAAI,OAAO,cAAc,KAAK,OAAO,iBAAiB,MAAM;EAC3D,MAAM,qBAAqB,YAAY;AACtC,OAAI,KAAK,YAAY,uBAAuB,KAAK,oBAAoB;AACpE,UAAM,aAAa,KAAK,QAAQ,KAAK;AACrC,UAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAM,OAAO,OAAO;MAAI,CAAC;KAC1C,CAAC;cACQ,KAAK,YAAY,oBAC3B,OAAM,aAAa,KAAK,QAAQ,KAAK;OAErC,OAAM,IAAI,QAAQ,QAAQ,OAAO;IAChC,OAAO;IACP,OAAO,CAAC;KAAE,OAAO;KAAM,OAAO,OAAO;KAAI,CAAC;IAC1C,CAAC;;AAIJ,MAAI,KAAK,aACR,KAAI,QAAQ,gBACX,oBAAoB,CAAC,OAAO,UAAU;AACrC,OAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;IACzD,CACF;MAED,OAAM,oBAAoB;AAG3B,QAAM,SAAS,KAAK,qBAAqBA,oBAAY,eAAe;YAC1D,cAAc,MAAM;EAC9B,MAAM,MAAM,KAAK,KAAK;EACtB,MAAM,iBAAiB,OAAO;EAC9B,MAAM,eAAe,OAAO;EAC5B,MAAM,WAAW,IAAI,KAAK,gBAAgB,OAAO,UAAU,CAAC,SAAS;AAErE,MAAI,kBAAkB,cAIrB;OAD6B,MAAM,WACR,gBAAgB;AAC1C,gBAAY;AACZ,mCAAe,IAAI,MAAM;;;AAI3B,MAAI,cAAc,EAEjB,OAAM,SAAS,KAAK,qBAAqBA,oBAAY,eAAe;MAEpE;;CAIF,MAAM,EAAE,SAAS,SAAS,QAAQ,eAAe,cAAc,QAAQ,KAAK;AAE5E,KAAI,YAAY,MACf,OAAM,IAAI,SAAS,gBAAgB;EAClC,SAAS,WAAW;EACpB,MAAM;EACN,SAAS,EACR,YACA;EACD,CAAC;CAGH,MAAM,UAAkB;EACvB,GAAG;EACH,GAAG;EACH;EACA;EACA,2BAAW,IAAI,MAAM;EACrB;CAED,MAAM,gBAAgB,YAAoC;AACzD,MAAI,KAAK,YAAY,WACpB,QAAO,IAAI,QAAQ,QAAQ,OAAe;GACzC,OAAO;GACP,OAAO,CAAC;IAAE,OAAO;IAAM,OAAO,OAAO;IAAI,CAAC;GAC1C,QAAQ;IAAE,GAAG;IAAS,IAAI;IAAW;GACrC,CAAC;WAEF,KAAK,YAAY,uBACjB,KAAK,oBACJ;GACD,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,OAAe;IAC1D,OAAO;IACP,OAAO,CAAC;KAAE,OAAO;KAAM,OAAO,OAAO;KAAI,CAAC;IAC1C,QAAQ;KAAE,GAAG;KAAS,IAAI;KAAW;IACrC,CAAC;AACF,OAAI,UACH,OAAM,UAAU,KAAK,WAAW,KAAK;AAEtC,UAAO;SACD;AACN,SAAM,UAAU,KAAK,SAAS,KAAK;AACnC,UAAO;;;CAIT,IAAI,YAA2B;AAE/B,KAAI,KAAK,cAAc;AACtB,MAAI,QAAQ,gBACX,eAAe,CAAC,OAAO,UAAU;AAChC,OAAI,QAAQ,OAAO,MAAM,6BAA6B,MAAM;IAC3D,CACF;AACD,cAAY;QACN;AACN,cAAY,MAAM,eAAe;AACjC,MAAI,CAAC,UACJ,OAAM,SAAS,KACd,yBACAA,oBAAY,yBACZ;;AAIH,QAAO;;AAGR,MAAM,yBAAyB,EAAE,OAAO;CACvC,KAAK,EAAE,QAAQ,CAAC,KAAK,EACpB,aAAa,qBACb,CAAC;CACF,aAAa,EACX,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvC,KAAK,EACL,aAAa,8BACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,SAAgB,aAAa,EAC5B,MACA,QACA,2BAQE;AACF,QAAO,mBACN;EACC,QAAQ;EACR,MAAM;EACN,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,QAAQ,IAAI;AAEpB,MAAI,KAAK,uBAER;OAAI,CADY,MAAM,KAAK,sBAAsB;IAAE;IAAK;IAAK,CAAC,CAE7D,QAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAASA,oBAAY;KACrB,MAAM;KACN;IACD,KAAK;IACL,CAAC;;EAIJ,MAAM,SAAS,KAAK,oBAAoB,MAAM,MAAM,iBAAiB,IAAI;EAEzE,IAAI,SAAwB;AAE5B,MAAI;AACH,YAAS,MAAM,eAAe;IAC7B,WAAW;IACX,aAAa,IAAI,KAAK;IACtB;IACA;IACA;IACA,CAAC;AAEF,OAAI,KAAK,aACR,KAAI,QAAQ,gBACX,wBAAwB,IAAI,QAAQ,CAAC,OAAO,QAAQ;AACnD,QAAI,QAAQ,OAAO,MAClB,sCACA,IACA;KACA,CACF;WAEM,OAAO;AACf,OAAI,QAAQ,OAAO,MAAM,+BAA+B,MAAM;AAC9D,OAAI,WAAW,MAAM,CACpB,QAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAAS,MAAM,MAAM;KACrB,MAAM,MAAM,MAAM;KAClB;IACD,KAAK;IACL,CAAC;AAGH,UAAO,IAAI,KAAK;IACf,OAAO;IACP,OAAO;KACN,SAASA,oBAAY;KACrB,MAAM;KACN;IACD,KAAK;IACL,CAAC;;EAGH,MAAM,EAAE,KAAK,GAAG,GAAG,oBAAoB,UAAU;GAChD,KAAK;GACL,aAAa;GACb;EAGD,IAAI,mBAA+C;AACnD,MAAI,OACH,oBAAmB,MAAM,iCACxB,KACA,QACA,KACA;AAGF,kBAAgB,cAAc,gBAAgB,cAC3C,cAEE,gBAAgB,YAAY,GAC9B;AAEH,SAAO,IAAI,KAAK;GACf,OAAO;GACP,OAAO;GACP,KACC,WAAW,OACR,OACC;IACD,GAAG;IACH,UAAU;IACV;GACJ,CAAC;GAEH"}
package/dist/plugins/api-key/schema.d.mts ADDED
@@ -0,0 +1,11 @@
1
+ //#region src/plugins/api-key/schema.d.ts
2
+ declare const apiKeySchema: ({
3
+ timeWindow,
4
+ rateLimitMax
5
+ }: {
6
+ timeWindow: number;
7
+ rateLimitMax: number;
8
+ }) => BetterAuthPluginDBSchema;
9
+ //#endregion
10
+ export { apiKeySchema };
11
+ //# sourceMappingURL=schema.d.mts.map