@hammadj/better-auth 1.5.0-beta.9

package/dist/plugins/captcha/index.mjs

@@ -0,0 +1,60 @@
+import { getIp } from "../../utils/get-request-ip.mjs";
+import { middlewareResponse } from "../../utils/middleware-response.mjs";
+import { Providers, defaultEndpoints, siteVerifyMap } from "./constants.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "./error-codes.mjs";
+import { captchaFox } from "./verify-handlers/captchafox.mjs";
+import { cloudflareTurnstile } from "./verify-handlers/cloudflare-turnstile.mjs";
+import { googleRecaptcha } from "./verify-handlers/google-recaptcha.mjs";
+import { hCaptcha } from "./verify-handlers/h-captcha.mjs";
+import "./verify-handlers/index.mjs";
+
+//#region src/plugins/captcha/index.ts
+const captcha = (options) => ({
+	id: "captcha",
+	onRequest: async (request, ctx) => {
+		try {
+			if (!(options.endpoints?.length ? options.endpoints : defaultEndpoints).some((endpoint) => request.url.includes(endpoint))) return void 0;
+			if (!options.secretKey) throw new Error(INTERNAL_ERROR_CODES.MISSING_SECRET_KEY.message);
+			const captchaResponse = request.headers.get("x-captcha-response");
+			const remoteUserIP = getIp(request, ctx.options) ?? void 0;
+			if (!captchaResponse) return middlewareResponse({
+				message: EXTERNAL_ERROR_CODES.MISSING_RESPONSE.message,
+				status: 400
+			});
+			const handlerParams = {
+				siteVerifyURL: options.siteVerifyURLOverride || siteVerifyMap[options.provider],
+				captchaResponse,
+				secretKey: options.secretKey,
+				remoteIP: remoteUserIP
+			};
+			if (options.provider === Providers.CLOUDFLARE_TURNSTILE) return await cloudflareTurnstile(handlerParams);
+			if (options.provider === Providers.GOOGLE_RECAPTCHA) return await googleRecaptcha({
+				...handlerParams,
+				minScore: options.minScore
+			});
+			if (options.provider === Providers.HCAPTCHA) return await hCaptcha({
+				...handlerParams,
+				siteKey: options.siteKey
+			});
+			if (options.provider === Providers.CAPTCHAFOX) return await captchaFox({
+				...handlerParams,
+				siteKey: options.siteKey
+			});
+		} catch (_error) {
+			const errorMessage = _error instanceof Error ? _error.message : void 0;
+			ctx.logger.error(errorMessage ?? "Unknown error", {
+				endpoint: request.url,
+				message: _error
+			});
+			return middlewareResponse({
+				message: EXTERNAL_ERROR_CODES.UNKNOWN_ERROR.message,
+				status: 500
+			});
+		}
+	},
+	options
+});
+
+//#endregion
+export { captcha };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/captcha/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["verifyHandlers.cloudflareTurnstile","verifyHandlers.googleRecaptcha","verifyHandlers.hCaptcha","verifyHandlers.captchaFox"],"sources":["../../../src/plugins/captcha/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { getIp } from \"../../utils/get-request-ip\";\nimport { middlewareResponse } from \"../../utils/middleware-response\";\nimport { defaultEndpoints, Providers, siteVerifyMap } from \"./constants\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"./error-codes\";\nimport type { CaptchaOptions } from \"./types\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\tcaptcha: {\n\t\t\tcreator: typeof captcha;\n\t\t};\n\t}\n}\n\nimport * as verifyHandlers from \"./verify-handlers\";\n\nexport type * from \"./types\";\n\nexport const captcha = (options: CaptchaOptions) =>\n\t({\n\t\tid: \"captcha\",\n\t\tonRequest: async (request, ctx) => {\n\t\t\ttry {\n\t\t\t\tconst endpoints = options.endpoints?.length\n\t\t\t\t\t? options.endpoints\n\t\t\t\t\t: defaultEndpoints;\n\n\t\t\t\tif (!endpoints.some((endpoint) => request.url.includes(endpoint)))\n\t\t\t\t\treturn undefined;\n\n\t\t\t\tif (!options.secretKey) {\n\t\t\t\t\tthrow new Error(INTERNAL_ERROR_CODES.MISSING_SECRET_KEY.message);\n\t\t\t\t}\n\n\t\t\t\tconst captchaResponse = request.headers.get(\"x-captcha-response\");\n\t\t\t\tconst remoteUserIP = getIp(request, ctx.options) ?? undefined;\n\n\t\t\t\tif (!captchaResponse) {\n\t\t\t\t\treturn middlewareResponse({\n\t\t\t\t\t\tmessage: EXTERNAL_ERROR_CODES.MISSING_RESPONSE.message,\n\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tconst siteVerifyURL =\n\t\t\t\t\toptions.siteVerifyURLOverride || siteVerifyMap[options.provider];\n\n\t\t\t\tconst handlerParams = {\n\t\t\t\t\tsiteVerifyURL,\n\t\t\t\t\tcaptchaResponse,\n\t\t\t\t\tsecretKey: options.secretKey,\n\t\t\t\t\tremoteIP: remoteUserIP,\n\t\t\t\t};\n\n\t\t\t\tif (options.provider === Providers.CLOUDFLARE_TURNSTILE) {\n\t\t\t\t\treturn await verifyHandlers.cloudflareTurnstile(handlerParams);\n\t\t\t\t}\n\n\t\t\t\tif (options.provider === Providers.GOOGLE_RECAPTCHA) {\n\t\t\t\t\treturn await verifyHandlers.googleRecaptcha({\n\t\t\t\t\t\t...handlerParams,\n\t\t\t\t\t\tminScore: options.minScore,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tif (options.provider === Providers.HCAPTCHA) {\n\t\t\t\t\treturn await verifyHandlers.hCaptcha({\n\t\t\t\t\t\t...handlerParams,\n\t\t\t\t\t\tsiteKey: options.siteKey,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tif (options.provider === Providers.CAPTCHAFOX) {\n\t\t\t\t\treturn await verifyHandlers.captchaFox({\n\t\t\t\t\t\t...handlerParams,\n\t\t\t\t\t\tsiteKey: options.siteKey,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t} catch (_error) {\n\t\t\t\tconst errorMessage =\n\t\t\t\t\t_error instanceof Error ? _error.message : undefined;\n\n\t\t\t\tctx.logger.error(errorMessage ?? \"Unknown error\", {\n\t\t\t\t\tendpoint: request.url,\n\t\t\t\t\tmessage: _error,\n\t\t\t\t});\n\n\t\t\t\treturn middlewareResponse({\n\t\t\t\t\tmessage: EXTERNAL_ERROR_CODES.UNKNOWN_ERROR.message,\n\t\t\t\t\tstatus: 500,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\toptions,\n\t}) satisfies BetterAuthPlugin;\n"],"mappings":";;;;;;;;;;;AAmBA,MAAa,WAAW,aACtB;CACA,IAAI;CACJ,WAAW,OAAO,SAAS,QAAQ;AAClC,MAAI;AAKH,OAAI,EAJc,QAAQ,WAAW,SAClC,QAAQ,YACR,kBAEY,MAAM,aAAa,QAAQ,IAAI,SAAS,SAAS,CAAC,CAChE,QAAO;AAER,OAAI,CAAC,QAAQ,UACZ,OAAM,IAAI,MAAM,qBAAqB,mBAAmB,QAAQ;GAGjE,MAAM,kBAAkB,QAAQ,QAAQ,IAAI,qBAAqB;GACjE,MAAM,eAAe,MAAM,SAAS,IAAI,QAAQ,IAAI;AAEpD,OAAI,CAAC,gBACJ,QAAO,mBAAmB;IACzB,SAAS,qBAAqB,iBAAiB;IAC/C,QAAQ;IACR,CAAC;GAMH,MAAM,gBAAgB;IACrB,eAHA,QAAQ,yBAAyB,cAAc,QAAQ;IAIvD;IACA,WAAW,QAAQ;IACnB,UAAU;IACV;AAED,OAAI,QAAQ,aAAa,UAAU,qBAClC,QAAO,MAAMA,oBAAmC,cAAc;AAG/D,OAAI,QAAQ,aAAa,UAAU,iBAClC,QAAO,MAAMC,gBAA+B;IAC3C,GAAG;IACH,UAAU,QAAQ;IAClB,CAAC;AAGH,OAAI,QAAQ,aAAa,UAAU,SAClC,QAAO,MAAMC,SAAwB;IACpC,GAAG;IACH,SAAS,QAAQ;IACjB,CAAC;AAGH,OAAI,QAAQ,aAAa,UAAU,WAClC,QAAO,MAAMC,WAA0B;IACtC,GAAG;IACH,SAAS,QAAQ;IACjB,CAAC;WAEK,QAAQ;GAChB,MAAM,eACL,kBAAkB,QAAQ,OAAO,UAAU;AAE5C,OAAI,OAAO,MAAM,gBAAgB,iBAAiB;IACjD,UAAU,QAAQ;IAClB,SAAS;IACT,CAAC;AAEF,UAAO,mBAAmB;IACzB,SAAS,qBAAqB,cAAc;IAC5C,QAAQ;IACR,CAAC;;;CAGJ;CACA"}

package/dist/plugins/captcha/types.d.mts

@@ -0,0 +1,28 @@
+import { Providers } from "./constants.mjs";
+
+//#region src/plugins/captcha/types.d.ts
+type Provider = (typeof Providers)[keyof typeof Providers];
+interface BaseCaptchaOptions {
+  secretKey: string;
+  endpoints?: string[] | undefined;
+  siteVerifyURLOverride?: string | undefined;
+}
+interface GoogleRecaptchaOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.GOOGLE_RECAPTCHA;
+  minScore?: number | undefined;
+}
+interface CloudflareTurnstileOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.CLOUDFLARE_TURNSTILE;
+}
+interface HCaptchaOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.HCAPTCHA;
+  siteKey?: string | undefined;
+}
+interface CaptchaFoxOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.CAPTCHAFOX;
+  siteKey?: string | undefined;
+}
+type CaptchaOptions = GoogleRecaptchaOptions | CloudflareTurnstileOptions | HCaptchaOptions | CaptchaFoxOptions;
+//#endregion
+export { BaseCaptchaOptions, CaptchaFoxOptions, CaptchaOptions, CloudflareTurnstileOptions, GoogleRecaptchaOptions, HCaptchaOptions, Provider };
+//# sourceMappingURL=types.d.mts.map

package/dist/plugins/captcha/utils.mjs

@@ -0,0 +1,11 @@
+//#region src/plugins/captcha/utils.ts
+const encodeToURLParams = (obj) => {
+	if (typeof obj !== "object" || obj === null || Array.isArray(obj)) throw new Error("Input must be a non-null object.");
+	const params = new URLSearchParams();
+	for (const [key, value] of Object.entries(obj)) if (value !== void 0 && value !== null) params.append(key, String(value));
+	return params.toString();
+};
+
+//#endregion
+export { encodeToURLParams };
+//# sourceMappingURL=utils.mjs.map

package/dist/plugins/captcha/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.mjs","names":[],"sources":["../../../src/plugins/captcha/utils.ts"],"sourcesContent":["export const encodeToURLParams = (obj: Record<string, any>): string => {\n\tif (typeof obj !== \"object\" || obj === null || Array.isArray(obj)) {\n\t\tthrow new Error(\"Input must be a non-null object.\");\n\t}\n\n\tconst params = new URLSearchParams();\n\n\tfor (const [key, value] of Object.entries(obj)) {\n\t\tif (value !== undefined && value !== null) {\n\t\t\tparams.append(key, String(value));\n\t\t}\n\t}\n\n\treturn params.toString();\n};\n"],"mappings":";AAAA,MAAa,qBAAqB,QAAqC;AACtE,KAAI,OAAO,QAAQ,YAAY,QAAQ,QAAQ,MAAM,QAAQ,IAAI,CAChE,OAAM,IAAI,MAAM,mCAAmC;CAGpD,MAAM,SAAS,IAAI,iBAAiB;AAEpC,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,IAAI,CAC7C,KAAI,UAAU,UAAa,UAAU,KACpC,QAAO,OAAO,KAAK,OAAO,MAAM,CAAC;AAInC,QAAO,OAAO,UAAU"}

package/dist/plugins/captcha/verify-handlers/captchafox.mjs

@@ -0,0 +1,27 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { encodeToURLParams } from "../utils.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/captchafox.ts
+const captchaFox = async ({ siteVerifyURL, captchaResponse, secretKey, siteKey, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: encodeToURLParams({
+			secret: secretKey,
+			response: captchaResponse,
+			...siteKey && { sitekey: siteKey },
+			...remoteIP && { remoteIp: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		status: 403
+	});
+};
+
+//#endregion
+export { captchaFox };
+//# sourceMappingURL=captchafox.mjs.map

package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"captchafox.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/captchafox.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\nimport { encodeToURLParams } from \"../utils\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tsiteKey?: string | undefined;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\tchallenge_ts: number;\n\thostname: string;\n\t\"error-codes\":\n\t\t| Array<\n\t\t\t\t| \"missing-input-secret\"\n\t\t\t\t| \"invalid-input-secret\"\n\t\t\t\t| \"invalid-input-sitekey\"\n\t\t\t\t| \"missing-input-response\"\n\t\t\t\t| \"invalid-input-response\"\n\t\t\t\t| \"expired-input-response\"\n\t\t\t\t| \"timeout-or-duplicate\"\n\t\t\t\t| \"bad-request\"\n\t\t  >\n\t\t| undefined;\n\tinsights: Record<string, unknown> | undefined; // ENTERPRISE feature: insights into verification.\n};\n\nexport const captchaFox = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tsiteKey,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse>(siteVerifyURL, {\n\t\tmethod: \"POST\",\n\t\theaders: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n\t\tbody: encodeToURLParams({\n\t\t\tsecret: secretKey,\n\t\t\tresponse: captchaResponse,\n\t\t\t...(siteKey && { sitekey: siteKey }),\n\t\t\t...(remoteIP && { remoteIp: remoteIP }),\n\t\t}),\n\t});\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (!response.data.success) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;;AAgCA,MAAa,aAAa,OAAO,EAChC,eACA,iBACA,WACA,SACA,eACa;CACb,MAAM,WAAW,MAAM,YAAgC,eAAe;EACrE,QAAQ;EACR,SAAS,EAAE,gBAAgB,qCAAqC;EAChE,MAAM,kBAAkB;GACvB,QAAQ;GACR,UAAU;GACV,GAAI,WAAW,EAAE,SAAS,SAAS;GACnC,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CAAC;AAEF,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KAAI,CAAC,SAAS,KAAK,QAClB,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs

@@ -0,0 +1,25 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/cloudflare-turnstile.ts
+const cloudflareTurnstile = async ({ siteVerifyURL, captchaResponse, secretKey, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({
+			secret: secretKey,
+			response: captchaResponse,
+			...remoteIP && { remoteip: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		status: 403
+	});
+};
+
+//#endregion
+export { cloudflareTurnstile };
+//# sourceMappingURL=cloudflare-turnstile.mjs.map

package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-turnstile.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/cloudflare-turnstile.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\t\"error-codes\"?: string[] | undefined;\n\tchallenge_ts?: string | undefined;\n\thostname?: string | undefined;\n\taction?: string | undefined;\n\tcdata?: string | undefined;\n\tmetadata?:\n\t\t| {\n\t\t\t\tinteractive: boolean;\n\t\t  }\n\t\t| undefined;\n\tmessages?: string[] | undefined;\n};\n\nexport const cloudflareTurnstile = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse>(siteVerifyURL, {\n\t\tmethod: \"POST\",\n\t\theaders: { \"Content-Type\": \"application/json\" },\n\t\tbody: JSON.stringify({\n\t\t\tsecret: secretKey,\n\t\t\tresponse: captchaResponse,\n\t\t\t...(remoteIP && { remoteip: remoteIP }),\n\t\t}),\n\t});\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (!response.data.success) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;AA0BA,MAAa,sBAAsB,OAAO,EACzC,eACA,iBACA,WACA,eACa;CACb,MAAM,WAAW,MAAM,YAAgC,eAAe;EACrE,QAAQ;EACR,SAAS,EAAE,gBAAgB,oBAAoB;EAC/C,MAAM,KAAK,UAAU;GACpB,QAAQ;GACR,UAAU;GACV,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CAAC;AAEF,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KAAI,CAAC,SAAS,KAAK,QAClB,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs

@@ -0,0 +1,29 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { encodeToURLParams } from "../utils.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/google-recaptcha.ts
+const isV3 = (response) => {
+	return "score" in response && typeof response.score === "number";
+};
+const googleRecaptcha = async ({ siteVerifyURL, captchaResponse, secretKey, minScore = .5, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: encodeToURLParams({
+			secret: secretKey,
+			response: captchaResponse,
+			...remoteIP && { remoteip: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success || isV3(response.data) && response.data.score < minScore) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		status: 403
+	});
+};
+
+//#endregion
+export { googleRecaptcha };
+//# sourceMappingURL=google-recaptcha.mjs.map

package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-recaptcha.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/google-recaptcha.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\nimport { encodeToURLParams } from \"../utils\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tminScore?: number | undefined;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\tchallenge_ts: string;\n\thostname: string;\n\t\"error-codes\":\n\t\t| Array<\n\t\t\t\t| \"missing-input-secret\"\n\t\t\t\t| \"invalid-input-secret\"\n\t\t\t\t| \"missing-input-response\"\n\t\t\t\t| \"invalid-input-response\"\n\t\t\t\t| \"bad-request\"\n\t\t\t\t| \"timeout-or-duplicate\"\n\t\t  >\n\t\t| undefined;\n};\n\ntype SiteVerifyV3Response = SiteVerifyResponse & {\n\tscore: number;\n};\n\nconst isV3 = (\n\tresponse: SiteVerifyResponse | SiteVerifyV3Response,\n): response is SiteVerifyV3Response => {\n\treturn \"score\" in response && typeof response.score === \"number\";\n};\n\nexport const googleRecaptcha = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tminScore = 0.5,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse | SiteVerifyV3Response>(\n\t\tsiteVerifyURL,\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\theaders: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n\t\t\tbody: encodeToURLParams({\n\t\t\t\tsecret: secretKey,\n\t\t\t\tresponse: captchaResponse,\n\t\t\t\t...(remoteIP && { remoteip: remoteIP }),\n\t\t\t}),\n\t\t},\n\t);\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (\n\t\t!response.data.success ||\n\t\t(isV3(response.data) && response.data.score < minScore)\n\t) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;;AAiCA,MAAM,QACL,aACsC;AACtC,QAAO,WAAW,YAAY,OAAO,SAAS,UAAU;;AAGzD,MAAa,kBAAkB,OAAO,EACrC,eACA,iBACA,WACA,WAAW,IACX,eACa;CACb,MAAM,WAAW,MAAM,YACtB,eACA;EACC,QAAQ;EACR,SAAS,EAAE,gBAAgB,qCAAqC;EAChE,MAAM,kBAAkB;GACvB,QAAQ;GACR,UAAU;GACV,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CACD;AAED,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KACC,CAAC,SAAS,KAAK,WACd,KAAK,SAAS,KAAK,IAAI,SAAS,KAAK,QAAQ,SAE9C,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/h-captcha.mjs

@@ -0,0 +1,27 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { encodeToURLParams } from "../utils.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/h-captcha.ts
+const hCaptcha = async ({ siteVerifyURL, captchaResponse, secretKey, siteKey, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: encodeToURLParams({
+			secret: secretKey,
+			response: captchaResponse,
+			...siteKey && { sitekey: siteKey },
+			...remoteIP && { remoteip: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		status: 403
+	});
+};
+
+//#endregion
+export { hCaptcha };
+//# sourceMappingURL=h-captcha.mjs.map

package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"h-captcha.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/h-captcha.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\nimport { encodeToURLParams } from \"../utils\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tsiteKey?: string | undefined;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\tchallenge_ts: number;\n\thostname: string;\n\tcredit: true | false | undefined;\n\t\"error-codes\":\n\t\t| Array<\n\t\t\t\t| \"missing-input-secret\"\n\t\t\t\t| \"invalid-input-secret\"\n\t\t\t\t| \"missing-input-response\"\n\t\t\t\t| \"invalid-input-response\"\n\t\t\t\t| \"expired-input-response\"\n\t\t\t\t| \"already-seen-response\"\n\t\t\t\t| \"bad-request\"\n\t\t\t\t| \"missing-remoteip\"\n\t\t\t\t| \"invalid-remoteip\"\n\t\t\t\t| \"not-using-dummy-passcode\"\n\t\t\t\t| \"sitekey-secret-mismatch\"\n\t\t  >\n\t\t| undefined;\n\tscore: number | undefined; // ENTERPRISE feature: a score denoting malicious activity.\n\tscore_reason: Array<unknown> | undefined; // ENTERPRISE feature: reason(s) for score.\n};\n\nexport const hCaptcha = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tsiteKey,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse>(siteVerifyURL, {\n\t\tmethod: \"POST\",\n\t\theaders: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n\t\tbody: encodeToURLParams({\n\t\t\tsecret: secretKey,\n\t\t\tresponse: captchaResponse,\n\t\t\t...(siteKey && { sitekey: siteKey }),\n\t\t\t...(remoteIP && { remoteip: remoteIP }),\n\t\t}),\n\t});\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (!response.data.success) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;;AAqCA,MAAa,WAAW,OAAO,EAC9B,eACA,iBACA,WACA,SACA,eACa;CACb,MAAM,WAAW,MAAM,YAAgC,eAAe;EACrE,QAAQ;EACR,SAAS,EAAE,gBAAgB,qCAAqC;EAChE,MAAM,kBAAkB;GACvB,QAAQ;GACR,UAAU;GACV,GAAI,WAAW,EAAE,SAAS,SAAS;GACnC,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CAAC;AAEF,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KAAI,CAAC,SAAS,KAAK,QAClB,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/index.mjs

@@ -0,0 +1,6 @@
+import { captchaFox } from "./captchafox.mjs";
+import { cloudflareTurnstile } from "./cloudflare-turnstile.mjs";
+import { googleRecaptcha } from "./google-recaptcha.mjs";
+import { hCaptcha } from "./h-captcha.mjs";
+
+export {  };

package/dist/plugins/custom-session/client.d.mts

@@ -0,0 +1,10 @@
+import { BetterAuthOptions } from "../../types/index.mjs";
+import { Auth } from "better-auth";
+
+//#region src/plugins/custom-session/client.d.ts
+declare const customSessionClient: <A extends Auth | {
+  options: BetterAuthOptions;
+}>() => BetterAuthClientPlugin;
+//#endregion
+export { customSessionClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/custom-session/client.mjs

@@ -0,0 +1,11 @@
+import { InferServerPlugin } from "../../client/plugins/infer-plugin.mjs";
+import "../../client/plugins/index.mjs";
+
+//#region src/plugins/custom-session/client.ts
+const customSessionClient = () => {
+	return InferServerPlugin();
+};
+
+//#endregion
+export { customSessionClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/custom-session/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/custom-session/client.ts"],"sourcesContent":["import type { Auth } from \"better-auth\";\nimport { InferServerPlugin } from \"../../client/plugins\";\nimport type { BetterAuthOptions } from \"../../types\";\n\nexport const customSessionClient = <\n\tA extends\n\t\t| Auth\n\t\t| {\n\t\t\t\toptions: BetterAuthOptions;\n\t\t  },\n>() => {\n\treturn InferServerPlugin<A, \"custom-session\">();\n};\n"],"mappings":";;;;AAIA,MAAa,4BAMN;AACN,QAAO,mBAAwC"}

package/dist/plugins/custom-session/index.d.mts

@@ -0,0 +1,26 @@
+import { InferSession, InferUser } from "../../types/models.mjs";
+import "../../types/index.mjs";
+import { BetterAuthOptions, GenericEndpointContext } from "@better-auth/core";
+
+//#region src/plugins/custom-session/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    "custom-session": {
+      creator: typeof customSession;
+    };
+  }
+}
+type CustomSessionPluginOptions = {
+  /**
+   * This option is used to determine if the list-device-sessions endpoint should be mutated to the custom session data.
+   * @default false
+   */
+  shouldMutateListDeviceSessionsEndpoint?: boolean | undefined;
+};
+declare const customSession: <Returns extends Record<string, any>, O extends BetterAuthOptions = BetterAuthOptions>(fn: (session: {
+  user: InferUser<O>;
+  session: InferSession<O>;
+}, ctx: GenericEndpointContext) => Promise<Returns>, options?: O | undefined, pluginOptions?: CustomSessionPluginOptions | undefined) => BetterAuthPlugin;
+//#endregion
+export { CustomSessionPluginOptions, customSession };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/custom-session/index.mjs

@@ -0,0 +1,70 @@
+import { getSession } from "../../api/routes/session.mjs";
+import "../../api/index.mjs";
+import { getEndpointResponse } from "../../utils/plugin-helper.mjs";
+import { createAuthEndpoint, createAuthMiddleware } from "@better-auth/core/api";
+import * as z from "zod";
+
+//#region src/plugins/custom-session/index.ts
+const getSessionQuerySchema = z.optional(z.object({
+	disableCookieCache: z.boolean().meta({ description: "Disable cookie cache and fetch session from database" }).or(z.string().transform((v) => v === "true")).optional(),
+	disableRefresh: z.boolean().meta({ description: "Disable session refresh. Useful for checking session status, without updating the session" }).optional()
+}));
+const customSession = (fn, options, pluginOptions) => {
+	return {
+		id: "custom-session",
+		hooks: { after: [{
+			matcher: (ctx) => ctx.path === "/multi-session/list-device-sessions" && (pluginOptions?.shouldMutateListDeviceSessionsEndpoint ?? false),
+			handler: createAuthMiddleware(async (ctx) => {
+				const response = await getEndpointResponse(ctx);
+				if (!response) return;
+				const newResponse = await Promise.all(response.map(async (v) => await fn(v, ctx)));
+				return ctx.json(newResponse);
+			})
+		}] },
+		endpoints: { getSession: createAuthEndpoint("/get-session", {
+			method: "GET",
+			query: getSessionQuerySchema,
+			metadata: {
+				CUSTOM_SESSION: true,
+				openapi: {
+					description: "Get custom session data",
+					responses: { "200": {
+						description: "Success",
+						content: { "application/json": { schema: {
+							type: "array",
+							nullable: true,
+							items: { $ref: "#/components/schemas/Session" }
+						} } }
+					} }
+				}
+			},
+			requireHeaders: true
+		}, async (ctx) => {
+			const session = await getSession()({
+				...ctx,
+				asResponse: false,
+				headers: ctx.headers,
+				returnHeaders: true
+			}).catch((e) => {
+				return null;
+			});
+			if (!session?.response) return ctx.json(null);
+			const fnResult = await fn(session.response, ctx);
+			const setCookie = session.headers.get("set-cookie");
+			if (setCookie) {
+				ctx.setHeader("set-cookie", setCookie);
+				session.headers.delete("set-cookie");
+			}
+			session.headers.forEach((value, key) => {
+				ctx.setHeader(key, value);
+			});
+			return ctx.json(fnResult);
+		}) },
+		$Infer: { Session: {} },
+		options: pluginOptions
+	};
+};
+
+//#endregion
+export { customSession };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/custom-session/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/custom-session/index.ts"],"sourcesContent":["import type {\n\tBetterAuthOptions,\n\tBetterAuthPlugin,\n\tGenericEndpointContext,\n} from \"@better-auth/core\";\nimport {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport * as z from \"zod\";\nimport { getSession } from \"../../api\";\nimport type { InferSession, InferUser } from \"../../types\";\nimport { getEndpointResponse } from \"../../utils/plugin-helper\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\t\"custom-session\": {\n\t\t\tcreator: typeof customSession;\n\t\t};\n\t}\n}\n\nconst getSessionQuerySchema = z.optional(\n\tz.object({\n\t\t/**\n\t\t * If cookie cache is enabled, it will disable the cache\n\t\t * and fetch the session from the database\n\t\t */\n\t\tdisableCookieCache: z\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription: \"Disable cookie cache and fetch session from database\",\n\t\t\t})\n\t\t\t.or(z.string().transform((v) => v === \"true\"))\n\t\t\t.optional(),\n\t\tdisableRefresh: z\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"Disable session refresh. Useful for checking session status, without updating the session\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n\nexport type CustomSessionPluginOptions = {\n\t/**\n\t * This option is used to determine if the list-device-sessions endpoint should be mutated to the custom session data.\n\t * @default false\n\t */\n\tshouldMutateListDeviceSessionsEndpoint?: boolean | undefined;\n};\n\nexport const customSession = <\n\tReturns extends Record<string, any>,\n\tO extends BetterAuthOptions = BetterAuthOptions,\n>(\n\tfn: (\n\t\tsession: {\n\t\t\tuser: InferUser<O>;\n\t\t\tsession: InferSession<O>;\n\t\t},\n\t\tctx: GenericEndpointContext,\n\t) => Promise<Returns>,\n\toptions?: O | undefined,\n\tpluginOptions?: CustomSessionPluginOptions | undefined,\n) => {\n\treturn {\n\t\tid: \"custom-session\",\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher: (ctx) =>\n\t\t\t\t\t\tctx.path === \"/multi-session/list-device-sessions\" &&\n\t\t\t\t\t\t(pluginOptions?.shouldMutateListDeviceSessionsEndpoint ?? false),\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst response = await getEndpointResponse<[]>(ctx);\n\t\t\t\t\t\tif (!response) return;\n\t\t\t\t\t\tconst newResponse = await Promise.all(\n\t\t\t\t\t\t\tresponse.map(async (v) => await fn(v, ctx)),\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn ctx.json(newResponse);\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tendpoints: {\n\t\t\tgetSession: createAuthEndpoint(\n\t\t\t\t\"/get-session\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tquery: getSessionQuerySchema,\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\tCUSTOM_SESSION: true,\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tdescription: \"Get custom session data\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\trequireHeaders: true,\n\t\t\t\t},\n\t\t\t\tasync (ctx): Promise<Returns | null> => {\n\t\t\t\t\tconst session = await getSession()({\n\t\t\t\t\t\t...ctx,\n\t\t\t\t\t\tasResponse: false,\n\t\t\t\t\t\theaders: ctx.headers,\n\t\t\t\t\t\treturnHeaders: true,\n\t\t\t\t\t}).catch((e) => {\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t});\n\t\t\t\t\tif (!session?.response) {\n\t\t\t\t\t\treturn ctx.json(null);\n\t\t\t\t\t}\n\t\t\t\t\tconst fnResult = await fn(session.response as any, ctx);\n\n\t\t\t\t\tconst setCookie = session.headers.get(\"set-cookie\");\n\t\t\t\t\tif (setCookie) {\n\t\t\t\t\t\tctx.setHeader(\"set-cookie\", setCookie);\n\t\t\t\t\t\tsession.headers.delete(\"set-cookie\");\n\t\t\t\t\t}\n\n\t\t\t\t\tsession.headers.forEach((value, key) => {\n\t\t\t\t\t\tctx.setHeader(key, value);\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json(fnResult);\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\t$Infer: {\n\t\t\tSession: {} as Awaited<ReturnType<typeof fn>>,\n\t\t},\n\t\toptions: pluginOptions,\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;AAsBA,MAAM,wBAAwB,EAAE,SAC/B,EAAE,OAAO;CAKR,oBAAoB,EAClB,SAAS,CACT,KAAK,EACL,aAAa,wDACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,WAAW,MAAM,MAAM,OAAO,CAAC,CAC7C,UAAU;CACZ,gBAAgB,EACd,SAAS,CACT,KAAK,EACL,aACC,6FACD,CAAC,CACD,UAAU;CACZ,CAAC,CACF;AAUD,MAAa,iBAIZ,IAOA,SACA,kBACI;AACJ,QAAO;EACN,IAAI;EACJ,OAAO,EACN,OAAO,CACN;GACC,UAAU,QACT,IAAI,SAAS,0CACZ,eAAe,0CAA0C;GAC3D,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,WAAW,MAAM,oBAAwB,IAAI;AACnD,QAAI,CAAC,SAAU;IACf,MAAM,cAAc,MAAM,QAAQ,IACjC,SAAS,IAAI,OAAO,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,CAC3C;AACD,WAAO,IAAI,KAAK,YAAY;KAC3B;GACF,CACD,EACD;EACD,WAAW,EACV,YAAY,mBACX,gBACA;GACC,QAAQ;GACR,OAAO;GACP,UAAU;IACT,gBAAgB;IAChB,SAAS;KACR,aAAa;KACb,WAAW,EACV,OAAO;MACN,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,UAAU;OACV,OAAO,EACN,MAAM,gCACN;OACD,EACD,EACD;MACD,EACD;KACD;IACD;GACD,gBAAgB;GAChB,EACD,OAAO,QAAiC;GACvC,MAAM,UAAU,MAAM,YAAY,CAAC;IAClC,GAAG;IACH,YAAY;IACZ,SAAS,IAAI;IACb,eAAe;IACf,CAAC,CAAC,OAAO,MAAM;AACf,WAAO;KACN;AACF,OAAI,CAAC,SAAS,SACb,QAAO,IAAI,KAAK,KAAK;GAEtB,MAAM,WAAW,MAAM,GAAG,QAAQ,UAAiB,IAAI;GAEvD,MAAM,YAAY,QAAQ,QAAQ,IAAI,aAAa;AACnD,OAAI,WAAW;AACd,QAAI,UAAU,cAAc,UAAU;AACtC,YAAQ,QAAQ,OAAO,aAAa;;AAGrC,WAAQ,QAAQ,SAAS,OAAO,QAAQ;AACvC,QAAI,UAAU,KAAK,MAAM;KACxB;AACF,UAAO,IAAI,KAAK,SAAS;IAE1B,EACD;EACD,QAAQ,EACP,SAAS,EAAE,EACX;EACD,SAAS;EACT"}

package/dist/plugins/device-authorization/client.d.mts

@@ -0,0 +1,5 @@
+//#region src/plugins/device-authorization/client.d.ts
+declare const deviceAuthorizationClient: () => BetterAuthClientPlugin;
+//#endregion
+export { deviceAuthorizationClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/device-authorization/client.mjs

@@ -0,0 +1,18 @@
+//#region src/plugins/device-authorization/client.ts
+const deviceAuthorizationClient = () => {
+	return {
+		id: "device-authorization",
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/device/code": "POST",
+			"/device/token": "POST",
+			"/device": "GET",
+			"/device/approve": "POST",
+			"/device/deny": "POST"
+		}
+	};
+};
+
+//#endregion
+export { deviceAuthorizationClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/device-authorization/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/device-authorization/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { deviceAuthorization } from \".\";\n\nexport const deviceAuthorizationClient = () => {\n\treturn {\n\t\tid: \"device-authorization\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof deviceAuthorization>,\n\t\tpathMethods: {\n\t\t\t\"/device/code\": \"POST\",\n\t\t\t\"/device/token\": \"POST\",\n\t\t\t\"/device\": \"GET\",\n\t\t\t\"/device/approve\": \"POST\",\n\t\t\t\"/device/deny\": \"POST\",\n\t\t},\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAGA,MAAa,kCAAkC;AAC9C,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB,aAAa;GACZ,gBAAgB;GAChB,iBAAiB;GACjB,WAAW;GACX,mBAAmB;GACnB,gBAAgB;GAChB;EACD"}

package/dist/plugins/device-authorization/error-codes.mjs

@@ -0,0 +1,21 @@
+import { defineErrorCodes } from "@better-auth/core/utils/error-codes";
+
+//#region src/plugins/device-authorization/error-codes.ts
+const DEVICE_AUTHORIZATION_ERROR_CODES = defineErrorCodes({
+	INVALID_DEVICE_CODE: "Invalid device code",
+	EXPIRED_DEVICE_CODE: "Device code has expired",
+	EXPIRED_USER_CODE: "User code has expired",
+	AUTHORIZATION_PENDING: "Authorization pending",
+	ACCESS_DENIED: "Access denied",
+	INVALID_USER_CODE: "Invalid user code",
+	DEVICE_CODE_ALREADY_PROCESSED: "Device code already processed",
+	POLLING_TOO_FREQUENTLY: "Polling too frequently",
+	USER_NOT_FOUND: "User not found",
+	FAILED_TO_CREATE_SESSION: "Failed to create session",
+	INVALID_DEVICE_CODE_STATUS: "Invalid device code status",
+	AUTHENTICATION_REQUIRED: "Authentication required"
+});
+
+//#endregion
+export { DEVICE_AUTHORIZATION_ERROR_CODES };
+//# sourceMappingURL=error-codes.mjs.map

package/dist/plugins/device-authorization/error-codes.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-codes.mjs","names":[],"sources":["../../../src/plugins/device-authorization/error-codes.ts"],"sourcesContent":["import { defineErrorCodes } from \"@better-auth/core/utils/error-codes\";\n\nexport const DEVICE_AUTHORIZATION_ERROR_CODES = defineErrorCodes({\n\tINVALID_DEVICE_CODE: \"Invalid device code\",\n\tEXPIRED_DEVICE_CODE: \"Device code has expired\",\n\tEXPIRED_USER_CODE: \"User code has expired\",\n\tAUTHORIZATION_PENDING: \"Authorization pending\",\n\tACCESS_DENIED: \"Access denied\",\n\tINVALID_USER_CODE: \"Invalid user code\",\n\tDEVICE_CODE_ALREADY_PROCESSED: \"Device code already processed\",\n\tPOLLING_TOO_FREQUENTLY: \"Polling too frequently\",\n\tUSER_NOT_FOUND: \"User not found\",\n\tFAILED_TO_CREATE_SESSION: \"Failed to create session\",\n\tINVALID_DEVICE_CODE_STATUS: \"Invalid device code status\",\n\tAUTHENTICATION_REQUIRED: \"Authentication required\",\n});\n"],"mappings":";;;AAEA,MAAa,mCAAmC,iBAAiB;CAChE,qBAAqB;CACrB,qBAAqB;CACrB,mBAAmB;CACnB,uBAAuB;CACvB,eAAe;CACf,mBAAmB;CACnB,+BAA+B;CAC/B,wBAAwB;CACxB,gBAAgB;CAChB,0BAA0B;CAC1B,4BAA4B;CAC5B,yBAAyB;CACzB,CAAC"}

package/dist/plugins/device-authorization/index.d.mts

@@ -0,0 +1,28 @@
+import { TimeString, ms, sec } from "../../utils/time.mjs";
+import * as z from "zod";
+
+//#region src/plugins/device-authorization/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    "device-authorization": {
+      creator: typeof deviceAuthorization;
+    };
+  }
+}
+declare const deviceAuthorizationOptionsSchema: z.ZodObject<{
+  expiresIn: z.ZodDefault<z.ZodCustom<TimeString, TimeString>>;
+  interval: z.ZodDefault<z.ZodCustom<TimeString, TimeString>>;
+  deviceCodeLength: z.ZodDefault<z.ZodNumber>;
+  userCodeLength: z.ZodDefault<z.ZodNumber>;
+  generateDeviceCode: z.ZodOptional<z.ZodCustom<() => string | Promise<string>, () => string | Promise<string>>>;
+  generateUserCode: z.ZodOptional<z.ZodCustom<() => string | Promise<string>, () => string | Promise<string>>>;
+  validateClient: z.ZodOptional<z.ZodCustom<(clientId: string) => boolean | Promise<boolean>, (clientId: string) => boolean | Promise<boolean>>>;
+  onDeviceAuthRequest: z.ZodOptional<z.ZodCustom<(clientId: string, scope: string | undefined) => void | Promise<void>, (clientId: string, scope: string | undefined) => void | Promise<void>>>;
+  verificationUri: z.ZodOptional<z.ZodString>;
+  schema: z.ZodCustom<any, any>;
+}, z.core.$strip>;
+type DeviceAuthorizationOptions = z.infer<typeof deviceAuthorizationOptionsSchema>;
+declare const deviceAuthorization: (options?: Partial<DeviceAuthorizationOptions>) => BetterAuthPlugin;
+//#endregion
+export { DeviceAuthorizationOptions, TimeString, deviceAuthorization, deviceAuthorizationOptionsSchema, ms, sec };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/device-authorization/index.mjs

@@ -0,0 +1,50 @@
+import { mergeSchema } from "../../db/schema.mjs";
+import { ms } from "../../utils/time.mjs";
+import "../../db/index.mjs";
+import { DEVICE_AUTHORIZATION_ERROR_CODES } from "./error-codes.mjs";
+import { deviceApprove, deviceCode, deviceDeny, deviceToken, deviceVerify } from "./routes.mjs";
+import { schema } from "./schema.mjs";
+import * as z from "zod";
+
+//#region src/plugins/device-authorization/index.ts
+const timeStringSchema = z.custom((val) => {
+	if (typeof val !== "string") return false;
+	try {
+		ms(val);
+		return true;
+	} catch {
+		return false;
+	}
+}, { message: "Invalid time string format. Use formats like '30m', '5s', '1h', etc." });
+const deviceAuthorizationOptionsSchema = z.object({
+	expiresIn: timeStringSchema.default("30m").describe("Time in seconds until the device code expires. Use formats like '30m', '5s', '1h', etc."),
+	interval: timeStringSchema.default("5s").describe("Time in seconds between polling attempts. Use formats like '30m', '5s', '1h', etc."),
+	deviceCodeLength: z.number().int().positive().default(40).describe("Length of the device code to be generated. Default is 40 characters."),
+	userCodeLength: z.number().int().positive().default(8).describe("Length of the user code to be generated. Default is 8 characters."),
+	generateDeviceCode: z.custom((val) => typeof val === "function", { message: "generateDeviceCode must be a function that returns a string or a promise that resolves to a string." }).optional().describe("Function to generate a device code. If not provided, a default random string generator will be used."),
+	generateUserCode: z.custom((val) => typeof val === "function", { message: "generateUserCode must be a function that returns a string or a promise that resolves to a string." }).optional().describe("Function to generate a user code. If not provided, a default random string generator will be used."),
+	validateClient: z.custom((val) => typeof val === "function", { message: "validateClient must be a function that returns a boolean or a promise that resolves to a boolean." }).optional().describe("Function to validate the client ID. If not provided, no validation will be performed."),
+	onDeviceAuthRequest: z.custom((val) => typeof val === "function", { message: "onDeviceAuthRequest must be a function that returns void or a promise that resolves to void." }).optional().describe("Function to handle device authorization requests. If not provided, no additional actions will be taken."),
+	verificationUri: z.string().optional().describe("The URI where users verify their device code. Can be an absolute URL (https://example.com/device) or relative path (/custom-path). This will be returned as verification_uri in the device code response. If not provided, defaults to /device."),
+	schema: z.custom(() => true)
+});
+const deviceAuthorization = (options = {}) => {
+	const opts = deviceAuthorizationOptionsSchema.parse(options);
+	return {
+		id: "device-authorization",
+		schema: mergeSchema(schema, options?.schema),
+		endpoints: {
+			deviceCode: deviceCode(opts),
+			deviceToken: deviceToken(opts),
+			deviceVerify,
+			deviceApprove,
+			deviceDeny
+		},
+		$ERROR_CODES: DEVICE_AUTHORIZATION_ERROR_CODES,
+		options
+	};
+};
+
+//#endregion
+export { deviceAuthorization, deviceAuthorizationOptionsSchema };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/device-authorization/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/device-authorization/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport * as z from \"zod\";\nimport { mergeSchema } from \"../../db\";\nimport type { InferOptionSchema } from \"../../types/plugins\";\nimport type { TimeString } from \"../../utils/time\";\nimport { ms } from \"../../utils/time\";\nimport { DEVICE_AUTHORIZATION_ERROR_CODES } from \"./error-codes\";\nimport {\n\tdeviceApprove,\n\tdeviceCode,\n\tdeviceDeny,\n\tdeviceToken,\n\tdeviceVerify,\n} from \"./routes\";\nimport { schema } from \"./schema\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\t\"device-authorization\": {\n\t\t\tcreator: typeof deviceAuthorization;\n\t\t};\n\t}\n}\n\nconst timeStringSchema = z.custom<TimeString>(\n\t(val) => {\n\t\tif (typeof val !== \"string\") return false;\n\t\ttry {\n\t\t\tms(val as TimeString);\n\t\t\treturn true;\n\t\t} catch {\n\t\t\treturn false;\n\t\t}\n\t},\n\t{\n\t\tmessage:\n\t\t\t\"Invalid time string format. Use formats like '30m', '5s', '1h', etc.\",\n\t},\n);\n\nexport const deviceAuthorizationOptionsSchema = z.object({\n\texpiresIn: timeStringSchema\n\t\t.default(\"30m\")\n\t\t.describe(\n\t\t\t\"Time in seconds until the device code expires. Use formats like '30m', '5s', '1h', etc.\",\n\t\t),\n\tinterval: timeStringSchema\n\t\t.default(\"5s\")\n\t\t.describe(\n\t\t\t\"Time in seconds between polling attempts. Use formats like '30m', '5s', '1h', etc.\",\n\t\t),\n\tdeviceCodeLength: z\n\t\t.number()\n\t\t.int()\n\t\t.positive()\n\t\t.default(40)\n\t\t.describe(\n\t\t\t\"Length of the device code to be generated. Default is 40 characters.\",\n\t\t),\n\tuserCodeLength: z\n\t\t.number()\n\t\t.int()\n\t\t.positive()\n\t\t.default(8)\n\t\t.describe(\n\t\t\t\"Length of the user code to be generated. Default is 8 characters.\",\n\t\t),\n\tgenerateDeviceCode: z\n\t\t.custom<() => string | Promise<string>>(\n\t\t\t(val) => typeof val === \"function\",\n\t\t\t{\n\t\t\t\tmessage:\n\t\t\t\t\t\"generateDeviceCode must be a function that returns a string or a promise that resolves to a string.\",\n\t\t\t},\n\t\t)\n\t\t.optional()\n\t\t.describe(\n\t\t\t\"Function to generate a device code. If not provided, a default random string generator will be used.\",\n\t\t),\n\tgenerateUserCode: z\n\t\t.custom<() => string | Promise<string>>(\n\t\t\t(val) => typeof val === \"function\",\n\t\t\t{\n\t\t\t\tmessage:\n\t\t\t\t\t\"generateUserCode must be a function that returns a string or a promise that resolves to a string.\",\n\t\t\t},\n\t\t)\n\t\t.optional()\n\t\t.describe(\n\t\t\t\"Function to generate a user code. If not provided, a default random string generator will be used.\",\n\t\t),\n\tvalidateClient: z\n\t\t.custom<(clientId: string) => boolean | Promise<boolean>>(\n\t\t\t(val) => typeof val === \"function\",\n\t\t\t{\n\t\t\t\tmessage:\n\t\t\t\t\t\"validateClient must be a function that returns a boolean or a promise that resolves to a boolean.\",\n\t\t\t},\n\t\t)\n\t\t.optional()\n\t\t.describe(\n\t\t\t\"Function to validate the client ID. If not provided, no validation will be performed.\",\n\t\t),\n\tonDeviceAuthRequest: z\n\t\t.custom<\n\t\t\t(clientId: string, scope: string | undefined) => void | Promise<void>\n\t\t>((val) => typeof val === \"function\", {\n\t\t\tmessage:\n\t\t\t\t\"onDeviceAuthRequest must be a function that returns void or a promise that resolves to void.\",\n\t\t})\n\t\t.optional()\n\t\t.describe(\n\t\t\t\"Function to handle device authorization requests. If not provided, no additional actions will be taken.\",\n\t\t),\n\tverificationUri: z\n\t\t.string()\n\t\t.optional()\n\t\t.describe(\n\t\t\t\"The URI where users verify their device code. Can be an absolute URL (https://example.com/device) or relative path (/custom-path). This will be returned as verification_uri in the device code response. If not provided, defaults to /device.\",\n\t\t),\n\tschema: z.custom<InferOptionSchema<typeof schema>>(() => true),\n});\n\nexport type DeviceAuthorizationOptions = z.infer<\n\ttypeof deviceAuthorizationOptionsSchema\n>;\n\nexport const deviceAuthorization = (\n\toptions: Partial<DeviceAuthorizationOptions> = {},\n) => {\n\tconst opts = deviceAuthorizationOptionsSchema.parse(options);\n\n\treturn {\n\t\tid: \"device-authorization\",\n\t\tschema: mergeSchema(schema, options?.schema),\n\t\tendpoints: {\n\t\t\tdeviceCode: deviceCode(opts),\n\t\t\tdeviceToken: deviceToken(opts),\n\t\t\tdeviceVerify,\n\t\t\tdeviceApprove,\n\t\t\tdeviceDeny,\n\t\t},\n\t\t$ERROR_CODES: DEVICE_AUTHORIZATION_ERROR_CODES,\n\t\toptions,\n\t} satisfies BetterAuthPlugin;\n};\n\nexport type * from \"../../utils/time\";\n"],"mappings":";;;;;;;;;AAwBA,MAAM,mBAAmB,EAAE,QACzB,QAAQ;AACR,KAAI,OAAO,QAAQ,SAAU,QAAO;AACpC,KAAI;AACH,KAAG,IAAkB;AACrB,SAAO;SACA;AACP,SAAO;;GAGT,EACC,SACC,wEACD,CACD;AAED,MAAa,mCAAmC,EAAE,OAAO;CACxD,WAAW,iBACT,QAAQ,MAAM,CACd,SACA,0FACA;CACF,UAAU,iBACR,QAAQ,KAAK,CACb,SACA,qFACA;CACF,kBAAkB,EAChB,QAAQ,CACR,KAAK,CACL,UAAU,CACV,QAAQ,GAAG,CACX,SACA,uEACA;CACF,gBAAgB,EACd,QAAQ,CACR,KAAK,CACL,UAAU,CACV,QAAQ,EAAE,CACV,SACA,oEACA;CACF,oBAAoB,EAClB,QACC,QAAQ,OAAO,QAAQ,YACxB,EACC,SACC,uGACD,CACD,CACA,UAAU,CACV,SACA,uGACA;CACF,kBAAkB,EAChB,QACC,QAAQ,OAAO,QAAQ,YACxB,EACC,SACC,qGACD,CACD,CACA,UAAU,CACV,SACA,qGACA;CACF,gBAAgB,EACd,QACC,QAAQ,OAAO,QAAQ,YACxB,EACC,SACC,qGACD,CACD,CACA,UAAU,CACV,SACA,wFACA;CACF,qBAAqB,EACnB,QAEE,QAAQ,OAAO,QAAQ,YAAY,EACrC,SACC,gGACD,CAAC,CACD,UAAU,CACV,SACA,0GACA;CACF,iBAAiB,EACf,QAAQ,CACR,UAAU,CACV,SACA,kPACA;CACF,QAAQ,EAAE,aAA+C,KAAK;CAC9D,CAAC;AAMF,MAAa,uBACZ,UAA+C,EAAE,KAC7C;CACJ,MAAM,OAAO,iCAAiC,MAAM,QAAQ;AAE5D,QAAO;EACN,IAAI;EACJ,QAAQ,YAAY,QAAQ,SAAS,OAAO;EAC5C,WAAW;GACV,YAAY,WAAW,KAAK;GAC5B,aAAa,YAAY,KAAK;GAC9B;GACA;GACA;GACA;EACD,cAAc;EACd;EACA"}