@hammadj/better-auth 1.5.0-beta.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +20 -0
- package/README.md +33 -0
- package/dist/_virtual/rolldown_runtime.mjs +36 -0
- package/dist/adapters/drizzle-adapter/index.d.mts +1 -0
- package/dist/adapters/drizzle-adapter/index.mjs +3 -0
- package/dist/adapters/index.d.mts +23 -0
- package/dist/adapters/index.mjs +13 -0
- package/dist/adapters/index.mjs.map +1 -0
- package/dist/adapters/kysely-adapter/index.d.mts +1 -0
- package/dist/adapters/kysely-adapter/index.mjs +3 -0
- package/dist/adapters/memory-adapter/index.d.mts +1 -0
- package/dist/adapters/memory-adapter/index.mjs +3 -0
- package/dist/adapters/mongodb-adapter/index.d.mts +1 -0
- package/dist/adapters/mongodb-adapter/index.mjs +3 -0
- package/dist/adapters/prisma-adapter/index.d.mts +1 -0
- package/dist/adapters/prisma-adapter/index.mjs +3 -0
- package/dist/api/index.d.mts +40 -0
- package/dist/api/index.mjs +205 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +17 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +177 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +10 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +5 -0
- package/dist/api/routes/callback.mjs +178 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +29 -0
- package/dist/api/routes/email-verification.mjs +301 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +5 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +5 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +8 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +52 -0
- package/dist/api/routes/session.mjs +478 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +8 -0
- package/dist/api/routes/sign-in.mjs +262 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +5 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +7 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +12 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +5 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +44 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/full.d.mts +30 -0
- package/dist/auth/full.mjs +32 -0
- package/dist/auth/full.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +30 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/lynx/index.d.mts +62 -0
- package/dist/client/lynx/index.mjs +24 -0
- package/dist/client/lynx/index.mjs.map +1 -0
- package/dist/client/lynx/lynx-store.d.mts +47 -0
- package/dist/client/lynx/lynx-store.mjs +47 -0
- package/dist/client/lynx/lynx-store.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +57 -0
- package/dist/client/plugins/index.d.mts +58 -0
- package/dist/client/plugins/index.mjs +33 -0
- package/dist/client/plugins/infer-plugin.d.mts +9 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +63 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/solid/index.d.mts +57 -0
- package/dist/client/solid/index.mjs +22 -0
- package/dist/client/solid/index.mjs.map +1 -0
- package/dist/client/solid/solid-store.mjs +24 -0
- package/dist/client/solid/solid-store.mjs.map +1 -0
- package/dist/client/svelte/index.d.mts +63 -0
- package/dist/client/svelte/index.mjs +20 -0
- package/dist/client/svelte/index.mjs.map +1 -0
- package/dist/client/types.d.mts +58 -0
- package/dist/client/vanilla.d.mts +62 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/client/vue/index.d.mts +86 -0
- package/dist/client/vue/index.mjs +38 -0
- package/dist/client/vue/index.mjs.map +1 -0
- package/dist/client/vue/vue-store.mjs +26 -0
- package/dist/client/vue/vue-store.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +62 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init-minimal.mjs +20 -0
- package/dist/context/init-minimal.mjs.map +1 -0
- package/dist/context/init.mjs +22 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +67 -0
- package/dist/cookies/index.mjs +264 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +28 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/adapter-kysely.d.mts +8 -0
- package/dist/db/adapter-kysely.mjs +21 -0
- package/dist/db/adapter-kysely.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +55 -0
- package/dist/db/field.mjs +11 -0
- package/dist/db/field.mjs.map +1 -0
- package/dist/db/get-migration.d.mts +23 -0
- package/dist/db/get-migration.mjs +339 -0
- package/dist/db/get-migration.mjs.map +1 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +9 -0
- package/dist/db/index.mjs +36 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +26 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +52 -0
- package/dist/index.mjs +26 -0
- package/dist/integrations/next-js.d.mts +14 -0
- package/dist/integrations/next-js.mjs +78 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/integrations/node.d.mts +13 -0
- package/dist/integrations/node.mjs +16 -0
- package/dist/integrations/node.mjs.map +1 -0
- package/dist/integrations/solid-start.d.mts +23 -0
- package/dist/integrations/solid-start.mjs +17 -0
- package/dist/integrations/solid-start.mjs.map +1 -0
- package/dist/integrations/svelte-kit.d.mts +29 -0
- package/dist/integrations/svelte-kit.mjs +57 -0
- package/dist/integrations/svelte-kit.mjs.map +1 -0
- package/dist/integrations/tanstack-start-solid.d.mts +22 -0
- package/dist/integrations/tanstack-start-solid.mjs +61 -0
- package/dist/integrations/tanstack-start-solid.mjs.map +1 -0
- package/dist/integrations/tanstack-start.d.mts +22 -0
- package/dist/integrations/tanstack-start.mjs +61 -0
- package/dist/integrations/tanstack-start.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +31 -0
- package/dist/oauth2/link-account.mjs +144 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +14 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +14 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +14 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +5 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +855 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +6 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/anonymous/client.d.mts +9 -0
- package/dist/plugins/anonymous/client.mjs +22 -0
- package/dist/plugins/anonymous/client.mjs.map +1 -0
- package/dist/plugins/anonymous/error-codes.d.mts +5 -0
- package/dist/plugins/anonymous/error-codes.mjs +16 -0
- package/dist/plugins/anonymous/error-codes.mjs.map +1 -0
- package/dist/plugins/anonymous/index.d.mts +14 -0
- package/dist/plugins/anonymous/index.mjs +163 -0
- package/dist/plugins/anonymous/index.mjs.map +1 -0
- package/dist/plugins/anonymous/schema.d.mts +5 -0
- package/dist/plugins/anonymous/schema.mjs +11 -0
- package/dist/plugins/anonymous/schema.mjs.map +1 -0
- package/dist/plugins/anonymous/types.d.mts +68 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +9 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +5 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +17 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +223 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +11 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +25 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +14 -0
- package/dist/plugins/captcha/index.mjs +60 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +25 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +29 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +10 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +26 -0
- package/dist/plugins/custom-session/index.mjs +70 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +5 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +28 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +7 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +5 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +14 -0
- package/dist/plugins/email-otp/index.mjs +108 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +564 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +74 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +19 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +5 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +15 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +34 -0
- package/dist/plugins/generic-oauth/index.mjs +137 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +394 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +145 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +21 -0
- package/dist/plugins/haveibeenpwned/index.mjs +56 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +68 -0
- package/dist/plugins/index.mjs +51 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +18 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +17 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +5 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +18 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +52 -0
- package/dist/plugins/last-login-method/index.mjs +77 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +5 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +61 -0
- package/dist/plugins/magic-link/index.mjs +167 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +46 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +8 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +5 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +22 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +39 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +44 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +8 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +32 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +26 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +159 -0
- package/dist/plugins/one-tap/client.mjs +214 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +27 -0
- package/dist/plugins/one-tap/index.mjs +96 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +7 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +53 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +45 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +205 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +151 -0
- package/dist/plugins/organization/client.mjs +107 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +5 -0
- package/dist/plugins/organization/error-codes.mjs +65 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +252 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +26 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +11 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +656 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +16 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +555 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-members.mjs +473 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-org.mjs +447 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +15 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +733 -0
- package/dist/plugins/phone-number/client.d.mts +8 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +5 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +14 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +459 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +5 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/siwe/client.d.mts +5 -0
- package/dist/plugins/siwe/client.mjs +11 -0
- package/dist/plugins/siwe/client.mjs.map +1 -0
- package/dist/plugins/siwe/error-codes.mjs +13 -0
- package/dist/plugins/siwe/error-codes.mjs.map +1 -0
- package/dist/plugins/siwe/index.d.mts +26 -0
- package/dist/plugins/siwe/index.mjs +261 -0
- package/dist/plugins/siwe/index.mjs.map +1 -0
- package/dist/plugins/siwe/schema.d.mts +5 -0
- package/dist/plugins/siwe/schema.mjs +32 -0
- package/dist/plugins/siwe/schema.mjs.map +1 -0
- package/dist/plugins/siwe/types.d.mts +44 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +91 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +17 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +5 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +19 -0
- package/dist/plugins/two-factor/index.mjs +207 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +96 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +5 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +81 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +65 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +76 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +7 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +5 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +74 -0
- package/dist/plugins/username/index.mjs +237 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +9 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/social-providers/index.d.mts +1 -0
- package/dist/social-providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/test-utils/headers.d.mts +9 -0
- package/dist/test-utils/headers.mjs +24 -0
- package/dist/test-utils/headers.mjs.map +1 -0
- package/dist/test-utils/index.d.mts +3 -0
- package/dist/test-utils/index.mjs +4 -0
- package/dist/test-utils/test-instance.d.mts +181 -0
- package/dist/test-utils/test-instance.mjs +210 -0
- package/dist/test-utils/test-instance.mjs.map +1 -0
- package/dist/types/adapter.d.mts +24 -0
- package/dist/types/api.d.mts +29 -0
- package/dist/types/auth.d.mts +30 -0
- package/dist/types/helper.d.mts +21 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +17 -0
- package/dist/types/plugins.d.mts +16 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hashing.mjs +21 -0
- package/dist/utils/hashing.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +3 -0
- package/dist/utils/index.mjs +5 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +6 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +601 -0
|
@@ -0,0 +1,510 @@
|
|
|
1
|
+
import { generateRandomString } from "../../crypto/random.mjs";
|
|
2
|
+
import "../../crypto/index.mjs";
|
|
3
|
+
import { ms } from "../../utils/time.mjs";
|
|
4
|
+
import { getSessionFromCtx } from "../../api/routes/session.mjs";
|
|
5
|
+
import { DEVICE_AUTHORIZATION_ERROR_CODES } from "./error-codes.mjs";
|
|
6
|
+
import { APIError } from "@better-auth/core/error";
|
|
7
|
+
import { createAuthEndpoint } from "@better-auth/core/api";
|
|
8
|
+
import * as z from "zod";
|
|
9
|
+
|
|
10
|
+
//#region src/plugins/device-authorization/routes.ts
|
|
11
|
+
const defaultCharset = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
|
|
12
|
+
const deviceCodeBodySchema = z.object({
|
|
13
|
+
client_id: z.string().meta({ description: "The client ID of the application" }),
|
|
14
|
+
scope: z.string().meta({ description: "Space-separated list of scopes" }).optional()
|
|
15
|
+
});
|
|
16
|
+
const deviceCodeErrorSchema = z.object({
|
|
17
|
+
error: z.enum(["invalid_request", "invalid_client"]).meta({ description: "Error code" }),
|
|
18
|
+
error_description: z.string().meta({ description: "Detailed error description" })
|
|
19
|
+
});
|
|
20
|
+
const deviceCode = (opts) => {
|
|
21
|
+
const generateDeviceCode = async () => {
|
|
22
|
+
if (opts.generateDeviceCode) return opts.generateDeviceCode();
|
|
23
|
+
return defaultGenerateDeviceCode(opts.deviceCodeLength);
|
|
24
|
+
};
|
|
25
|
+
const generateUserCode = async () => {
|
|
26
|
+
if (opts.generateUserCode) return opts.generateUserCode();
|
|
27
|
+
return defaultGenerateUserCode(opts.userCodeLength);
|
|
28
|
+
};
|
|
29
|
+
return createAuthEndpoint("/device/code", {
|
|
30
|
+
method: "POST",
|
|
31
|
+
body: deviceCodeBodySchema,
|
|
32
|
+
error: deviceCodeErrorSchema,
|
|
33
|
+
metadata: { openapi: {
|
|
34
|
+
description: `Request a device and user code
|
|
35
|
+
|
|
36
|
+
Follow [rfc8628#section-3.2](https://datatracker.ietf.org/doc/html/rfc8628#section-3.2)`,
|
|
37
|
+
responses: {
|
|
38
|
+
200: {
|
|
39
|
+
description: "Success",
|
|
40
|
+
content: { "application/json": { schema: {
|
|
41
|
+
type: "object",
|
|
42
|
+
properties: {
|
|
43
|
+
device_code: {
|
|
44
|
+
type: "string",
|
|
45
|
+
description: "The device verification code"
|
|
46
|
+
},
|
|
47
|
+
user_code: {
|
|
48
|
+
type: "string",
|
|
49
|
+
description: "The user code to display"
|
|
50
|
+
},
|
|
51
|
+
verification_uri: {
|
|
52
|
+
type: "string",
|
|
53
|
+
format: "uri",
|
|
54
|
+
description: "The URL for user verification. Defaults to /device if not configured."
|
|
55
|
+
},
|
|
56
|
+
verification_uri_complete: {
|
|
57
|
+
type: "string",
|
|
58
|
+
format: "uri",
|
|
59
|
+
description: "The complete URL with user code as query parameter."
|
|
60
|
+
},
|
|
61
|
+
expires_in: {
|
|
62
|
+
type: "number",
|
|
63
|
+
description: "Lifetime in seconds of the device code"
|
|
64
|
+
},
|
|
65
|
+
interval: {
|
|
66
|
+
type: "number",
|
|
67
|
+
description: "Minimum polling interval in seconds"
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
} } }
|
|
71
|
+
},
|
|
72
|
+
400: {
|
|
73
|
+
description: "Error response",
|
|
74
|
+
content: { "application/json": { schema: {
|
|
75
|
+
type: "object",
|
|
76
|
+
properties: {
|
|
77
|
+
error: {
|
|
78
|
+
type: "string",
|
|
79
|
+
enum: ["invalid_request", "invalid_client"]
|
|
80
|
+
},
|
|
81
|
+
error_description: { type: "string" }
|
|
82
|
+
}
|
|
83
|
+
} } }
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
} }
|
|
87
|
+
}, async (ctx) => {
|
|
88
|
+
if (opts.validateClient) {
|
|
89
|
+
if (!await opts.validateClient(ctx.body.client_id)) throw new APIError("BAD_REQUEST", {
|
|
90
|
+
error: "invalid_client",
|
|
91
|
+
error_description: "Invalid client ID"
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
if (opts.onDeviceAuthRequest) await opts.onDeviceAuthRequest(ctx.body.client_id, ctx.body.scope);
|
|
95
|
+
const deviceCode = await generateDeviceCode();
|
|
96
|
+
const userCode = await generateUserCode();
|
|
97
|
+
const expiresIn = ms(opts.expiresIn);
|
|
98
|
+
const expiresAt = new Date(Date.now() + expiresIn);
|
|
99
|
+
await ctx.context.adapter.create({
|
|
100
|
+
model: "deviceCode",
|
|
101
|
+
data: {
|
|
102
|
+
deviceCode,
|
|
103
|
+
userCode,
|
|
104
|
+
expiresAt,
|
|
105
|
+
status: "pending",
|
|
106
|
+
pollingInterval: ms(opts.interval),
|
|
107
|
+
clientId: ctx.body.client_id,
|
|
108
|
+
scope: ctx.body.scope
|
|
109
|
+
}
|
|
110
|
+
});
|
|
111
|
+
const { verificationUri, verificationUriComplete } = buildVerificationUris(opts.verificationUri, ctx.context.baseURL, userCode);
|
|
112
|
+
return ctx.json({
|
|
113
|
+
device_code: deviceCode,
|
|
114
|
+
user_code: userCode,
|
|
115
|
+
verification_uri: verificationUri,
|
|
116
|
+
verification_uri_complete: verificationUriComplete,
|
|
117
|
+
expires_in: Math.floor(expiresIn / 1e3),
|
|
118
|
+
interval: Math.floor(ms(opts.interval) / 1e3)
|
|
119
|
+
}, { headers: { "Cache-Control": "no-store" } });
|
|
120
|
+
});
|
|
121
|
+
};
|
|
122
|
+
const deviceTokenBodySchema = z.object({
|
|
123
|
+
grant_type: z.literal("urn:ietf:params:oauth:grant-type:device_code").meta({ description: "The grant type for device flow" }),
|
|
124
|
+
device_code: z.string().meta({ description: "The device verification code" }),
|
|
125
|
+
client_id: z.string().meta({ description: "The client ID of the application" })
|
|
126
|
+
});
|
|
127
|
+
const deviceTokenErrorSchema = z.object({
|
|
128
|
+
error: z.enum([
|
|
129
|
+
"authorization_pending",
|
|
130
|
+
"slow_down",
|
|
131
|
+
"expired_token",
|
|
132
|
+
"access_denied",
|
|
133
|
+
"invalid_request",
|
|
134
|
+
"invalid_grant"
|
|
135
|
+
]).meta({ description: "Error code" }),
|
|
136
|
+
error_description: z.string().meta({ description: "Detailed error description" })
|
|
137
|
+
});
|
|
138
|
+
const deviceToken = (opts) => createAuthEndpoint("/device/token", {
|
|
139
|
+
method: "POST",
|
|
140
|
+
body: deviceTokenBodySchema,
|
|
141
|
+
error: deviceTokenErrorSchema,
|
|
142
|
+
metadata: { openapi: {
|
|
143
|
+
description: `Exchange device code for access token
|
|
144
|
+
|
|
145
|
+
Follow [rfc8628#section-3.4](https://datatracker.ietf.org/doc/html/rfc8628#section-3.4)`,
|
|
146
|
+
responses: {
|
|
147
|
+
200: {
|
|
148
|
+
description: "Success",
|
|
149
|
+
content: { "application/json": { schema: {
|
|
150
|
+
type: "object",
|
|
151
|
+
properties: {
|
|
152
|
+
session: { $ref: "#/components/schemas/Session" },
|
|
153
|
+
user: { $ref: "#/components/schemas/User" }
|
|
154
|
+
}
|
|
155
|
+
} } }
|
|
156
|
+
},
|
|
157
|
+
400: {
|
|
158
|
+
description: "Error response",
|
|
159
|
+
content: { "application/json": { schema: {
|
|
160
|
+
type: "object",
|
|
161
|
+
properties: {
|
|
162
|
+
error: {
|
|
163
|
+
type: "string",
|
|
164
|
+
enum: [
|
|
165
|
+
"authorization_pending",
|
|
166
|
+
"slow_down",
|
|
167
|
+
"expired_token",
|
|
168
|
+
"access_denied",
|
|
169
|
+
"invalid_request",
|
|
170
|
+
"invalid_grant"
|
|
171
|
+
]
|
|
172
|
+
},
|
|
173
|
+
error_description: { type: "string" }
|
|
174
|
+
}
|
|
175
|
+
} } }
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
} }
|
|
179
|
+
}, async (ctx) => {
|
|
180
|
+
const { device_code, client_id } = ctx.body;
|
|
181
|
+
if (opts.validateClient) {
|
|
182
|
+
if (!await opts.validateClient(client_id)) throw new APIError("BAD_REQUEST", {
|
|
183
|
+
error: "invalid_grant",
|
|
184
|
+
error_description: "Invalid client ID"
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
const deviceCodeRecord = await ctx.context.adapter.findOne({
|
|
188
|
+
model: "deviceCode",
|
|
189
|
+
where: [{
|
|
190
|
+
field: "deviceCode",
|
|
191
|
+
value: device_code
|
|
192
|
+
}]
|
|
193
|
+
});
|
|
194
|
+
if (!deviceCodeRecord) throw new APIError("BAD_REQUEST", {
|
|
195
|
+
error: "invalid_grant",
|
|
196
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.INVALID_DEVICE_CODE.message
|
|
197
|
+
});
|
|
198
|
+
if (deviceCodeRecord.clientId && deviceCodeRecord.clientId !== client_id) throw new APIError("BAD_REQUEST", {
|
|
199
|
+
error: "invalid_grant",
|
|
200
|
+
error_description: "Client ID mismatch"
|
|
201
|
+
});
|
|
202
|
+
if (deviceCodeRecord.lastPolledAt && deviceCodeRecord.pollingInterval) {
|
|
203
|
+
if (Date.now() - new Date(deviceCodeRecord.lastPolledAt).getTime() < deviceCodeRecord.pollingInterval) throw new APIError("BAD_REQUEST", {
|
|
204
|
+
error: "slow_down",
|
|
205
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.POLLING_TOO_FREQUENTLY.message
|
|
206
|
+
});
|
|
207
|
+
}
|
|
208
|
+
await ctx.context.adapter.update({
|
|
209
|
+
model: "deviceCode",
|
|
210
|
+
where: [{
|
|
211
|
+
field: "id",
|
|
212
|
+
value: deviceCodeRecord.id
|
|
213
|
+
}],
|
|
214
|
+
update: { lastPolledAt: /* @__PURE__ */ new Date() }
|
|
215
|
+
});
|
|
216
|
+
if (deviceCodeRecord.expiresAt < /* @__PURE__ */ new Date()) {
|
|
217
|
+
await ctx.context.adapter.delete({
|
|
218
|
+
model: "deviceCode",
|
|
219
|
+
where: [{
|
|
220
|
+
field: "id",
|
|
221
|
+
value: deviceCodeRecord.id
|
|
222
|
+
}]
|
|
223
|
+
});
|
|
224
|
+
throw new APIError("BAD_REQUEST", {
|
|
225
|
+
error: "expired_token",
|
|
226
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_DEVICE_CODE.message
|
|
227
|
+
});
|
|
228
|
+
}
|
|
229
|
+
if (deviceCodeRecord.status === "pending") throw new APIError("BAD_REQUEST", {
|
|
230
|
+
error: "authorization_pending",
|
|
231
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.AUTHORIZATION_PENDING.message
|
|
232
|
+
});
|
|
233
|
+
if (deviceCodeRecord.status === "denied") {
|
|
234
|
+
await ctx.context.adapter.delete({
|
|
235
|
+
model: "deviceCode",
|
|
236
|
+
where: [{
|
|
237
|
+
field: "id",
|
|
238
|
+
value: deviceCodeRecord.id
|
|
239
|
+
}]
|
|
240
|
+
});
|
|
241
|
+
throw new APIError("BAD_REQUEST", {
|
|
242
|
+
error: "access_denied",
|
|
243
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.ACCESS_DENIED.message
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
if (deviceCodeRecord.status === "approved" && deviceCodeRecord.userId) {
|
|
247
|
+
const user = await ctx.context.internalAdapter.findUserById(deviceCodeRecord.userId);
|
|
248
|
+
if (!user) throw new APIError("INTERNAL_SERVER_ERROR", {
|
|
249
|
+
error: "server_error",
|
|
250
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.USER_NOT_FOUND.message
|
|
251
|
+
});
|
|
252
|
+
const session = await ctx.context.internalAdapter.createSession(user.id);
|
|
253
|
+
if (!session) throw new APIError("INTERNAL_SERVER_ERROR", {
|
|
254
|
+
error: "server_error",
|
|
255
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.FAILED_TO_CREATE_SESSION.message
|
|
256
|
+
});
|
|
257
|
+
ctx.context.setNewSession({
|
|
258
|
+
session,
|
|
259
|
+
user
|
|
260
|
+
});
|
|
261
|
+
if (ctx.context.options.secondaryStorage) await ctx.context.secondaryStorage?.set(session.token, JSON.stringify({
|
|
262
|
+
user,
|
|
263
|
+
session
|
|
264
|
+
}), Math.floor((new Date(session.expiresAt).getTime() - Date.now()) / 1e3));
|
|
265
|
+
await ctx.context.adapter.delete({
|
|
266
|
+
model: "deviceCode",
|
|
267
|
+
where: [{
|
|
268
|
+
field: "id",
|
|
269
|
+
value: deviceCodeRecord.id
|
|
270
|
+
}]
|
|
271
|
+
});
|
|
272
|
+
return ctx.json({
|
|
273
|
+
access_token: session.token,
|
|
274
|
+
token_type: "Bearer",
|
|
275
|
+
expires_in: Math.floor((new Date(session.expiresAt).getTime() - Date.now()) / 1e3),
|
|
276
|
+
scope: deviceCodeRecord.scope || ""
|
|
277
|
+
}, { headers: {
|
|
278
|
+
"Cache-Control": "no-store",
|
|
279
|
+
Pragma: "no-cache"
|
|
280
|
+
} });
|
|
281
|
+
}
|
|
282
|
+
throw new APIError("INTERNAL_SERVER_ERROR", {
|
|
283
|
+
error: "server_error",
|
|
284
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.INVALID_DEVICE_CODE_STATUS.message
|
|
285
|
+
});
|
|
286
|
+
});
|
|
287
|
+
const deviceVerify = createAuthEndpoint("/device", {
|
|
288
|
+
method: "GET",
|
|
289
|
+
query: z.object({ user_code: z.string().meta({ description: "The user code to verify" }) }),
|
|
290
|
+
error: z.object({
|
|
291
|
+
error: z.enum(["invalid_request"]).meta({ description: "Error code" }),
|
|
292
|
+
error_description: z.string().meta({ description: "Detailed error description" })
|
|
293
|
+
}),
|
|
294
|
+
metadata: { openapi: {
|
|
295
|
+
description: "Verify user code and get device authorization status",
|
|
296
|
+
responses: { 200: {
|
|
297
|
+
description: "Device authorization status",
|
|
298
|
+
content: { "application/json": { schema: {
|
|
299
|
+
type: "object",
|
|
300
|
+
properties: {
|
|
301
|
+
user_code: {
|
|
302
|
+
type: "string",
|
|
303
|
+
description: "The user code to verify"
|
|
304
|
+
},
|
|
305
|
+
status: {
|
|
306
|
+
type: "string",
|
|
307
|
+
enum: [
|
|
308
|
+
"pending",
|
|
309
|
+
"approved",
|
|
310
|
+
"denied"
|
|
311
|
+
],
|
|
312
|
+
description: "Current status of the device authorization"
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
} } }
|
|
316
|
+
} }
|
|
317
|
+
} }
|
|
318
|
+
}, async (ctx) => {
|
|
319
|
+
const { user_code } = ctx.query;
|
|
320
|
+
const cleanUserCode = user_code.replace(/-/g, "");
|
|
321
|
+
const deviceCodeRecord = await ctx.context.adapter.findOne({
|
|
322
|
+
model: "deviceCode",
|
|
323
|
+
where: [{
|
|
324
|
+
field: "userCode",
|
|
325
|
+
value: cleanUserCode
|
|
326
|
+
}]
|
|
327
|
+
});
|
|
328
|
+
if (!deviceCodeRecord) throw new APIError("BAD_REQUEST", {
|
|
329
|
+
error: "invalid_request",
|
|
330
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.INVALID_USER_CODE.message
|
|
331
|
+
});
|
|
332
|
+
if (deviceCodeRecord.expiresAt < /* @__PURE__ */ new Date()) throw new APIError("BAD_REQUEST", {
|
|
333
|
+
error: "expired_token",
|
|
334
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_USER_CODE.message
|
|
335
|
+
});
|
|
336
|
+
return ctx.json({
|
|
337
|
+
user_code,
|
|
338
|
+
status: deviceCodeRecord.status
|
|
339
|
+
});
|
|
340
|
+
});
|
|
341
|
+
const deviceApprove = createAuthEndpoint("/device/approve", {
|
|
342
|
+
method: "POST",
|
|
343
|
+
body: z.object({ userCode: z.string().meta({ description: "The user code to approve" }) }),
|
|
344
|
+
error: z.object({
|
|
345
|
+
error: z.enum([
|
|
346
|
+
"invalid_request",
|
|
347
|
+
"expired_token",
|
|
348
|
+
"device_code_already_processed",
|
|
349
|
+
"unauthorized",
|
|
350
|
+
"access_denied"
|
|
351
|
+
]).meta({ description: "Error code" }),
|
|
352
|
+
error_description: z.string().meta({ description: "Detailed error description" })
|
|
353
|
+
}),
|
|
354
|
+
requireHeaders: true,
|
|
355
|
+
metadata: { openapi: {
|
|
356
|
+
description: "Approve device authorization",
|
|
357
|
+
responses: { 200: {
|
|
358
|
+
description: "Success",
|
|
359
|
+
content: { "application/json": { schema: {
|
|
360
|
+
type: "object",
|
|
361
|
+
properties: { success: { type: "boolean" } }
|
|
362
|
+
} } }
|
|
363
|
+
} }
|
|
364
|
+
} }
|
|
365
|
+
}, async (ctx) => {
|
|
366
|
+
const session = await getSessionFromCtx(ctx);
|
|
367
|
+
if (!session) throw new APIError("UNAUTHORIZED", {
|
|
368
|
+
error: "unauthorized",
|
|
369
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.AUTHENTICATION_REQUIRED.message
|
|
370
|
+
});
|
|
371
|
+
const { userCode } = ctx.body;
|
|
372
|
+
const cleanUserCode = userCode.replace(/-/g, "");
|
|
373
|
+
const deviceCodeRecord = await ctx.context.adapter.findOne({
|
|
374
|
+
model: "deviceCode",
|
|
375
|
+
where: [{
|
|
376
|
+
field: "userCode",
|
|
377
|
+
value: cleanUserCode
|
|
378
|
+
}]
|
|
379
|
+
});
|
|
380
|
+
if (!deviceCodeRecord) throw new APIError("BAD_REQUEST", {
|
|
381
|
+
error: "invalid_request",
|
|
382
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.INVALID_USER_CODE.message
|
|
383
|
+
});
|
|
384
|
+
if (deviceCodeRecord.expiresAt < /* @__PURE__ */ new Date()) throw new APIError("BAD_REQUEST", {
|
|
385
|
+
error: "expired_token",
|
|
386
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_USER_CODE.message
|
|
387
|
+
});
|
|
388
|
+
if (deviceCodeRecord.status !== "pending") throw new APIError("BAD_REQUEST", {
|
|
389
|
+
error: "invalid_request",
|
|
390
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.DEVICE_CODE_ALREADY_PROCESSED.message
|
|
391
|
+
});
|
|
392
|
+
if (deviceCodeRecord.userId && deviceCodeRecord.userId !== session.user.id) throw new APIError("FORBIDDEN", {
|
|
393
|
+
error: "access_denied",
|
|
394
|
+
error_description: "You are not authorized to approve this device authorization"
|
|
395
|
+
});
|
|
396
|
+
await ctx.context.adapter.update({
|
|
397
|
+
model: "deviceCode",
|
|
398
|
+
where: [{
|
|
399
|
+
field: "id",
|
|
400
|
+
value: deviceCodeRecord.id
|
|
401
|
+
}],
|
|
402
|
+
update: {
|
|
403
|
+
status: "approved",
|
|
404
|
+
userId: session.user.id
|
|
405
|
+
}
|
|
406
|
+
});
|
|
407
|
+
return ctx.json({ success: true });
|
|
408
|
+
});
|
|
409
|
+
const deviceDeny = createAuthEndpoint("/device/deny", {
|
|
410
|
+
method: "POST",
|
|
411
|
+
body: z.object({ userCode: z.string().meta({ description: "The user code to deny" }) }),
|
|
412
|
+
error: z.object({
|
|
413
|
+
error: z.enum([
|
|
414
|
+
"invalid_request",
|
|
415
|
+
"expired_token",
|
|
416
|
+
"unauthorized",
|
|
417
|
+
"access_denied"
|
|
418
|
+
]).meta({ description: "Error code" }),
|
|
419
|
+
error_description: z.string().meta({ description: "Detailed error description" })
|
|
420
|
+
}),
|
|
421
|
+
requireHeaders: true,
|
|
422
|
+
metadata: { openapi: {
|
|
423
|
+
description: "Deny device authorization",
|
|
424
|
+
responses: { 200: {
|
|
425
|
+
description: "Success",
|
|
426
|
+
content: { "application/json": { schema: {
|
|
427
|
+
type: "object",
|
|
428
|
+
properties: { success: { type: "boolean" } }
|
|
429
|
+
} } }
|
|
430
|
+
} }
|
|
431
|
+
} }
|
|
432
|
+
}, async (ctx) => {
|
|
433
|
+
const session = await getSessionFromCtx(ctx);
|
|
434
|
+
if (!session) throw new APIError("UNAUTHORIZED", {
|
|
435
|
+
error: "unauthorized",
|
|
436
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.AUTHENTICATION_REQUIRED.message
|
|
437
|
+
});
|
|
438
|
+
const { userCode } = ctx.body;
|
|
439
|
+
const cleanUserCode = userCode.replace(/-/g, "");
|
|
440
|
+
const deviceCodeRecord = await ctx.context.adapter.findOne({
|
|
441
|
+
model: "deviceCode",
|
|
442
|
+
where: [{
|
|
443
|
+
field: "userCode",
|
|
444
|
+
value: cleanUserCode
|
|
445
|
+
}]
|
|
446
|
+
});
|
|
447
|
+
if (!deviceCodeRecord) throw new APIError("BAD_REQUEST", {
|
|
448
|
+
error: "invalid_request",
|
|
449
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.INVALID_USER_CODE.message
|
|
450
|
+
});
|
|
451
|
+
if (deviceCodeRecord.expiresAt < /* @__PURE__ */ new Date()) throw new APIError("BAD_REQUEST", {
|
|
452
|
+
error: "expired_token",
|
|
453
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_USER_CODE.message
|
|
454
|
+
});
|
|
455
|
+
if (deviceCodeRecord.status !== "pending") throw new APIError("BAD_REQUEST", {
|
|
456
|
+
error: "invalid_request",
|
|
457
|
+
error_description: DEVICE_AUTHORIZATION_ERROR_CODES.DEVICE_CODE_ALREADY_PROCESSED.message
|
|
458
|
+
});
|
|
459
|
+
if (deviceCodeRecord.userId && deviceCodeRecord.userId !== session.user.id) throw new APIError("FORBIDDEN", {
|
|
460
|
+
error: "access_denied",
|
|
461
|
+
error_description: "You are not authorized to deny this device authorization"
|
|
462
|
+
});
|
|
463
|
+
await ctx.context.adapter.update({
|
|
464
|
+
model: "deviceCode",
|
|
465
|
+
where: [{
|
|
466
|
+
field: "id",
|
|
467
|
+
value: deviceCodeRecord.id
|
|
468
|
+
}],
|
|
469
|
+
update: {
|
|
470
|
+
status: "denied",
|
|
471
|
+
userId: deviceCodeRecord.userId || session.user.id
|
|
472
|
+
}
|
|
473
|
+
});
|
|
474
|
+
return ctx.json({ success: true });
|
|
475
|
+
});
|
|
476
|
+
/**
|
|
477
|
+
* @internal
|
|
478
|
+
*/
|
|
479
|
+
const buildVerificationUris = (verificationUri, baseURL, userCode) => {
|
|
480
|
+
const uri = verificationUri || "/device";
|
|
481
|
+
let verificationUrl;
|
|
482
|
+
try {
|
|
483
|
+
verificationUrl = new URL(uri);
|
|
484
|
+
} catch {
|
|
485
|
+
verificationUrl = new URL(uri, baseURL);
|
|
486
|
+
}
|
|
487
|
+
const verificationUriCompleteUrl = new URL(verificationUrl);
|
|
488
|
+
verificationUriCompleteUrl.searchParams.set("user_code", userCode);
|
|
489
|
+
return {
|
|
490
|
+
verificationUri: verificationUrl.toString(),
|
|
491
|
+
verificationUriComplete: verificationUriCompleteUrl.toString()
|
|
492
|
+
};
|
|
493
|
+
};
|
|
494
|
+
/**
|
|
495
|
+
* @internal
|
|
496
|
+
*/
|
|
497
|
+
const defaultGenerateDeviceCode = (length) => {
|
|
498
|
+
return generateRandomString(length, "a-z", "A-Z", "0-9");
|
|
499
|
+
};
|
|
500
|
+
/**
|
|
501
|
+
* @internal
|
|
502
|
+
*/
|
|
503
|
+
const defaultGenerateUserCode = (length) => {
|
|
504
|
+
const chars = new Uint8Array(length);
|
|
505
|
+
return Array.from(crypto.getRandomValues(chars)).map((byte) => defaultCharset[byte % 32]).join("");
|
|
506
|
+
};
|
|
507
|
+
|
|
508
|
+
//#endregion
|
|
509
|
+
export { deviceApprove, deviceCode, deviceDeny, deviceToken, deviceVerify };
|
|
510
|
+
//# sourceMappingURL=routes.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/device-authorization/routes.ts"],"sourcesContent":["import { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api/routes/session\";\nimport { generateRandomString } from \"../../crypto\";\nimport { ms } from \"../../utils/time\";\nimport type { DeviceAuthorizationOptions } from \".\";\nimport { DEVICE_AUTHORIZATION_ERROR_CODES } from \"./error-codes\";\nimport type { DeviceCode } from \"./schema\";\n\n/* cspell:disable-next-line */\nconst defaultCharset = \"ABCDEFGHJKLMNPQRSTUVWXYZ23456789\";\n\nconst deviceCodeBodySchema = z.object({\n\tclient_id: z.string().meta({\n\t\tdescription: \"The client ID of the application\",\n\t}),\n\tscope: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"Space-separated list of scopes\",\n\t\t})\n\t\t.optional(),\n});\n\nconst deviceCodeErrorSchema = z.object({\n\terror: z.enum([\"invalid_request\", \"invalid_client\"]).meta({\n\t\tdescription: \"Error code\",\n\t}),\n\terror_description: z.string().meta({\n\t\tdescription: \"Detailed error description\",\n\t}),\n});\n\nexport const deviceCode = (opts: DeviceAuthorizationOptions) => {\n\tconst generateDeviceCode = async () => {\n\t\tif (opts.generateDeviceCode) {\n\t\t\treturn opts.generateDeviceCode();\n\t\t}\n\t\treturn defaultGenerateDeviceCode(opts.deviceCodeLength);\n\t};\n\n\tconst generateUserCode = async () => {\n\t\tif (opts.generateUserCode) {\n\t\t\treturn opts.generateUserCode();\n\t\t}\n\t\treturn defaultGenerateUserCode(opts.userCodeLength);\n\t};\n\treturn createAuthEndpoint(\n\t\t\"/device/code\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: deviceCodeBodySchema,\n\t\t\terror: deviceCodeErrorSchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: `Request a device and user code\n\nFollow [rfc8628#section-3.2](https://datatracker.ietf.org/doc/html/rfc8628#section-3.2)`,\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tdevice_code: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The device verification code\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser_code: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The user code to display\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tverification_uri: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"The URL for user verification. Defaults to /device if not configured.\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tverification_uri_complete: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"The complete URL with user code as query parameter.\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\texpires_in: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Lifetime in seconds of the device code\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tinterval: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Minimum polling interval in seconds\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t400: {\n\t\t\t\t\t\t\tdescription: \"Error response\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [\"invalid_request\", \"invalid_client\"],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\terror_description: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (opts.validateClient) {\n\t\t\t\tconst isValid = await opts.validateClient(ctx.body.client_id);\n\t\t\t\tif (!isValid) {\n\t\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\t\terror: \"invalid_client\",\n\t\t\t\t\t\terror_description: \"Invalid client ID\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif (opts.onDeviceAuthRequest) {\n\t\t\t\tawait opts.onDeviceAuthRequest(ctx.body.client_id, ctx.body.scope);\n\t\t\t}\n\n\t\t\tconst deviceCode = await generateDeviceCode();\n\t\t\tconst userCode = await generateUserCode();\n\t\t\tconst expiresIn = ms(opts.expiresIn);\n\t\t\tconst expiresAt = new Date(Date.now() + expiresIn);\n\n\t\t\tawait ctx.context.adapter.create({\n\t\t\t\tmodel: \"deviceCode\",\n\t\t\t\tdata: {\n\t\t\t\t\tdeviceCode,\n\t\t\t\t\tuserCode,\n\t\t\t\t\texpiresAt,\n\t\t\t\t\tstatus: \"pending\",\n\t\t\t\t\tpollingInterval: ms(opts.interval),\n\t\t\t\t\tclientId: ctx.body.client_id,\n\t\t\t\t\tscope: ctx.body.scope,\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tconst { verificationUri, verificationUriComplete } =\n\t\t\t\tbuildVerificationUris(\n\t\t\t\t\topts.verificationUri,\n\t\t\t\t\tctx.context.baseURL,\n\t\t\t\t\tuserCode,\n\t\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\t{\n\t\t\t\t\tdevice_code: deviceCode,\n\t\t\t\t\tuser_code: userCode,\n\t\t\t\t\tverification_uri: verificationUri,\n\t\t\t\t\tverification_uri_complete: verificationUriComplete,\n\t\t\t\t\texpires_in: Math.floor(expiresIn / 1000),\n\t\t\t\t\tinterval: Math.floor(ms(opts.interval) / 1000),\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t\"Cache-Control\": \"no-store\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t},\n\t);\n};\n\nconst deviceTokenBodySchema = z.object({\n\tgrant_type: z.literal(\"urn:ietf:params:oauth:grant-type:device_code\").meta({\n\t\tdescription: \"The grant type for device flow\",\n\t}),\n\tdevice_code: z.string().meta({\n\t\tdescription: \"The device verification code\",\n\t}),\n\tclient_id: z.string().meta({\n\t\tdescription: \"The client ID of the application\",\n\t}),\n});\n\nconst deviceTokenErrorSchema = z.object({\n\terror: z\n\t\t.enum([\n\t\t\t\"authorization_pending\",\n\t\t\t\"slow_down\",\n\t\t\t\"expired_token\",\n\t\t\t\"access_denied\",\n\t\t\t\"invalid_request\",\n\t\t\t\"invalid_grant\",\n\t\t])\n\t\t.meta({\n\t\t\tdescription: \"Error code\",\n\t\t}),\n\terror_description: z.string().meta({\n\t\tdescription: \"Detailed error description\",\n\t}),\n});\n\nexport const deviceToken = (opts: DeviceAuthorizationOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/device/token\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: deviceTokenBodySchema,\n\t\t\terror: deviceTokenErrorSchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: `Exchange device code for access token\n\nFollow [rfc8628#section-3.4](https://datatracker.ietf.org/doc/html/rfc8628#section-3.4)`,\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t400: {\n\t\t\t\t\t\t\tdescription: \"Error response\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tenum: [\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"authorization_pending\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"slow_down\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"expired_token\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"access_denied\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"invalid_request\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"invalid_grant\",\n\t\t\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\terror_description: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { device_code, client_id } = ctx.body;\n\n\t\t\tif (opts.validateClient) {\n\t\t\t\tconst isValid = await opts.validateClient(client_id);\n\t\t\t\tif (!isValid) {\n\t\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\t\terror: \"invalid_grant\",\n\t\t\t\t\t\terror_description: \"Invalid client ID\",\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst deviceCodeRecord = await ctx.context.adapter.findOne<{\n\t\t\t\tid: string;\n\t\t\t\tdeviceCode: string;\n\t\t\t\tuserCode: string;\n\t\t\t\tuserId?: string | undefined;\n\t\t\t\texpiresAt: Date;\n\t\t\t\tstatus: string;\n\t\t\t\tlastPolledAt?: Date | undefined;\n\t\t\t\tpollingInterval?: number | undefined;\n\t\t\t\tclientId?: string | undefined;\n\t\t\t\tscope?: string | undefined;\n\t\t\t}>({\n\t\t\t\tmodel: \"deviceCode\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"deviceCode\",\n\t\t\t\t\t\tvalue: device_code,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\n\t\t\tif (!deviceCodeRecord) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\terror: \"invalid_grant\",\n\t\t\t\t\terror_description:\n\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.INVALID_DEVICE_CODE.message,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tdeviceCodeRecord.clientId &&\n\t\t\t\tdeviceCodeRecord.clientId !== client_id\n\t\t\t) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\terror: \"invalid_grant\",\n\t\t\t\t\terror_description: \"Client ID mismatch\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\t// Check for rate limiting\n\t\t\tif (deviceCodeRecord.lastPolledAt && deviceCodeRecord.pollingInterval) {\n\t\t\t\tconst timeSinceLastPoll =\n\t\t\t\t\tDate.now() - new Date(deviceCodeRecord.lastPolledAt).getTime();\n\t\t\t\tconst minInterval = deviceCodeRecord.pollingInterval;\n\n\t\t\t\tif (timeSinceLastPoll < minInterval) {\n\t\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\t\terror: \"slow_down\",\n\t\t\t\t\t\terror_description:\n\t\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.POLLING_TOO_FREQUENTLY.message,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Update last polled time\n\t\t\tawait ctx.context.adapter.update({\n\t\t\t\tmodel: \"deviceCode\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: deviceCodeRecord.id,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\tlastPolledAt: new Date(),\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (deviceCodeRecord.expiresAt < new Date()) {\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: \"deviceCode\",\n\t\t\t\t\twhere: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\tvalue: deviceCodeRecord.id,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t});\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\terror: \"expired_token\",\n\t\t\t\t\terror_description:\n\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_DEVICE_CODE.message,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (deviceCodeRecord.status === \"pending\") {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\terror: \"authorization_pending\",\n\t\t\t\t\terror_description:\n\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.AUTHORIZATION_PENDING.message,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (deviceCodeRecord.status === \"denied\") {\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: \"deviceCode\",\n\t\t\t\t\twhere: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\tvalue: deviceCodeRecord.id,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t});\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\terror: \"access_denied\",\n\t\t\t\t\terror_description:\n\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.ACCESS_DENIED.message,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (deviceCodeRecord.status === \"approved\" && deviceCodeRecord.userId) {\n\t\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\tdeviceCodeRecord.userId,\n\t\t\t\t);\n\n\t\t\t\tif (!user) {\n\t\t\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\t\terror: \"server_error\",\n\t\t\t\t\t\terror_description:\n\t\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.USER_NOT_FOUND.message,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\tuser.id,\n\t\t\t\t);\n\n\t\t\t\tif (!session) {\n\t\t\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\t\terror: \"server_error\",\n\t\t\t\t\t\terror_description:\n\t\t\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.FAILED_TO_CREATE_SESSION.message,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\t// Set new session context for hooks and plugins\n\t\t\t\t// (matches setSessionCookie logic)\n\t\t\t\tctx.context.setNewSession({\n\t\t\t\t\tsession,\n\t\t\t\t\tuser,\n\t\t\t\t});\n\n\t\t\t\t// If secondary storage is enabled, store the session data in the secondary storage\n\t\t\t\t// (matches setSessionCookie logic)\n\t\t\t\tif (ctx.context.options.secondaryStorage) {\n\t\t\t\t\tawait ctx.context.secondaryStorage?.set(\n\t\t\t\t\t\tsession.token,\n\t\t\t\t\t\tJSON.stringify({\n\t\t\t\t\t\t\tuser,\n\t\t\t\t\t\t\tsession,\n\t\t\t\t\t\t}),\n\t\t\t\t\t\tMath.floor(\n\t\t\t\t\t\t\t(new Date(session.expiresAt).getTime() - Date.now()) / 1000,\n\t\t\t\t\t\t),\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\t// Delete the device code after successful authorization\n\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\tmodel: \"deviceCode\",\n\t\t\t\t\twhere: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\tvalue: deviceCodeRecord.id,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t});\n\n\t\t\t\t// Return OAuth 2.0 compliant token response\n\t\t\t\treturn ctx.json(\n\t\t\t\t\t{\n\t\t\t\t\t\taccess_token: session.token,\n\t\t\t\t\t\ttoken_type: \"Bearer\",\n\t\t\t\t\t\texpires_in: Math.floor(\n\t\t\t\t\t\t\t(new Date(session.expiresAt).getTime() - Date.now()) / 1000,\n\t\t\t\t\t\t),\n\t\t\t\t\t\tscope: deviceCodeRecord.scope || \"\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t\"Cache-Control\": \"no-store\",\n\t\t\t\t\t\t\tPragma: \"no-cache\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\terror: \"server_error\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.INVALID_DEVICE_CODE_STATUS.message,\n\t\t\t});\n\t\t},\n\t);\n\nexport const deviceVerify = createAuthEndpoint(\n\t\"/device\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\tuser_code: z.string().meta({\n\t\t\t\tdescription: \"The user code to verify\",\n\t\t\t}),\n\t\t}),\n\t\terror: z.object({\n\t\t\terror: z.enum([\"invalid_request\"]).meta({\n\t\t\t\tdescription: \"Error code\",\n\t\t\t}),\n\t\t\terror_description: z.string().meta({\n\t\t\t\tdescription: \"Detailed error description\",\n\t\t\t}),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Verify user code and get device authorization status\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"Device authorization status\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tuser_code: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The user code to verify\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tenum: [\"pending\", \"approved\", \"denied\"],\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"Current status of the device authorization\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { user_code } = ctx.query;\n\t\tconst cleanUserCode = user_code.replace(/-/g, \"\");\n\n\t\tconst deviceCodeRecord = await ctx.context.adapter.findOne<DeviceCode>({\n\t\t\tmodel: \"deviceCode\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"userCode\",\n\t\t\t\t\tvalue: cleanUserCode,\n\t\t\t\t},\n\t\t\t],\n\t\t});\n\n\t\tif (!deviceCodeRecord) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"invalid_request\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.INVALID_USER_CODE.message,\n\t\t\t});\n\t\t}\n\n\t\tif (deviceCodeRecord.expiresAt < new Date()) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"expired_token\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_USER_CODE.message,\n\t\t\t});\n\t\t}\n\n\t\treturn ctx.json({\n\t\t\tuser_code: user_code,\n\t\t\tstatus: deviceCodeRecord.status,\n\t\t});\n\t},\n);\n\nexport const deviceApprove = createAuthEndpoint(\n\t\"/device/approve\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tuserCode: z.string().meta({\n\t\t\t\tdescription: \"The user code to approve\",\n\t\t\t}),\n\t\t}),\n\t\terror: z.object({\n\t\t\terror: z\n\t\t\t\t.enum([\n\t\t\t\t\t\"invalid_request\",\n\t\t\t\t\t\"expired_token\",\n\t\t\t\t\t\"device_code_already_processed\",\n\t\t\t\t\t\"unauthorized\",\n\t\t\t\t\t\"access_denied\",\n\t\t\t\t])\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Error code\",\n\t\t\t\t}),\n\t\t\terror_description: z.string().meta({\n\t\t\t\tdescription: \"Detailed error description\",\n\t\t\t}),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Approve device authorization\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (!session) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\terror: \"unauthorized\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.AUTHENTICATION_REQUIRED.message,\n\t\t\t});\n\t\t}\n\n\t\tconst { userCode } = ctx.body;\n\t\tconst cleanUserCode = userCode.replace(/-/g, \"\");\n\n\t\tconst deviceCodeRecord = await ctx.context.adapter.findOne<DeviceCode>({\n\t\t\tmodel: \"deviceCode\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"userCode\",\n\t\t\t\t\tvalue: cleanUserCode,\n\t\t\t\t},\n\t\t\t],\n\t\t});\n\n\t\tif (!deviceCodeRecord) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"invalid_request\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.INVALID_USER_CODE.message,\n\t\t\t});\n\t\t}\n\n\t\tif (deviceCodeRecord.expiresAt < new Date()) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"expired_token\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_USER_CODE.message,\n\t\t\t});\n\t\t}\n\n\t\tif (deviceCodeRecord.status !== \"pending\") {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"invalid_request\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.DEVICE_CODE_ALREADY_PROCESSED\n\t\t\t\t\t\t.message,\n\t\t\t});\n\t\t}\n\n\t\t// Check if userId is set and matches the current user\n\t\tif (\n\t\t\tdeviceCodeRecord.userId &&\n\t\t\tdeviceCodeRecord.userId !== session.user.id\n\t\t) {\n\t\t\tthrow new APIError(\"FORBIDDEN\", {\n\t\t\t\terror: \"access_denied\",\n\t\t\t\terror_description:\n\t\t\t\t\t\"You are not authorized to approve this device authorization\",\n\t\t\t});\n\t\t}\n\n\t\t// Update device code with approved status and user ID\n\t\tawait ctx.context.adapter.update({\n\t\t\tmodel: \"deviceCode\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: deviceCodeRecord.id,\n\t\t\t\t},\n\t\t\t],\n\t\t\tupdate: {\n\t\t\t\tstatus: \"approved\",\n\t\t\t\tuserId: session.user.id,\n\t\t\t},\n\t\t});\n\n\t\treturn ctx.json({\n\t\t\tsuccess: true,\n\t\t});\n\t},\n);\n\nexport const deviceDeny = createAuthEndpoint(\n\t\"/device/deny\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tuserCode: z.string().meta({\n\t\t\t\tdescription: \"The user code to deny\",\n\t\t\t}),\n\t\t}),\n\t\terror: z.object({\n\t\t\terror: z\n\t\t\t\t.enum([\n\t\t\t\t\t\"invalid_request\",\n\t\t\t\t\t\"expired_token\",\n\t\t\t\t\t\"unauthorized\",\n\t\t\t\t\t\"access_denied\",\n\t\t\t\t])\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Error code\",\n\t\t\t\t}),\n\t\t\terror_description: z.string().meta({\n\t\t\t\tdescription: \"Detailed error description\",\n\t\t\t}),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Deny device authorization\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (!session) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\terror: \"unauthorized\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.AUTHENTICATION_REQUIRED.message,\n\t\t\t});\n\t\t}\n\n\t\tconst { userCode } = ctx.body;\n\t\tconst cleanUserCode = userCode.replace(/-/g, \"\");\n\n\t\tconst deviceCodeRecord = await ctx.context.adapter.findOne<DeviceCode>({\n\t\t\tmodel: \"deviceCode\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"userCode\",\n\t\t\t\t\tvalue: cleanUserCode,\n\t\t\t\t},\n\t\t\t],\n\t\t});\n\n\t\tif (!deviceCodeRecord) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"invalid_request\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.INVALID_USER_CODE.message,\n\t\t\t});\n\t\t}\n\n\t\tif (deviceCodeRecord.expiresAt < new Date()) {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"expired_token\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.EXPIRED_USER_CODE.message,\n\t\t\t});\n\t\t}\n\n\t\tif (deviceCodeRecord.status !== \"pending\") {\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\terror: \"invalid_request\",\n\t\t\t\terror_description:\n\t\t\t\t\tDEVICE_AUTHORIZATION_ERROR_CODES.DEVICE_CODE_ALREADY_PROCESSED\n\t\t\t\t\t\t.message,\n\t\t\t});\n\t\t}\n\n\t\t// Check if userId is set and matches the current user\n\t\tif (\n\t\t\tdeviceCodeRecord.userId &&\n\t\t\tdeviceCodeRecord.userId !== session.user.id\n\t\t) {\n\t\t\tthrow new APIError(\"FORBIDDEN\", {\n\t\t\t\terror: \"access_denied\",\n\t\t\t\terror_description:\n\t\t\t\t\t\"You are not authorized to deny this device authorization\",\n\t\t\t});\n\t\t}\n\n\t\t// Update device code with denied status and userId if not already set\n\t\tawait ctx.context.adapter.update({\n\t\t\tmodel: \"deviceCode\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: deviceCodeRecord.id,\n\t\t\t\t},\n\t\t\t],\n\t\t\tupdate: {\n\t\t\t\tstatus: \"denied\",\n\t\t\t\tuserId: deviceCodeRecord.userId || session.user.id,\n\t\t\t},\n\t\t});\n\n\t\treturn ctx.json({\n\t\t\tsuccess: true,\n\t\t});\n\t},\n);\n\n/**\n * @internal\n */\nconst buildVerificationUris = (\n\tverificationUri: string | undefined,\n\tbaseURL: string,\n\tuserCode: string,\n): {\n\tverificationUri: string;\n\tverificationUriComplete: string;\n} => {\n\tconst uri = verificationUri || \"/device\";\n\n\tlet verificationUrl: URL;\n\ttry {\n\t\tverificationUrl = new URL(uri);\n\t} catch {\n\t\tverificationUrl = new URL(uri, baseURL);\n\t}\n\n\tconst verificationUriCompleteUrl = new URL(verificationUrl);\n\tverificationUriCompleteUrl.searchParams.set(\"user_code\", userCode);\n\n\tconst verificationUriString = verificationUrl.toString();\n\tconst verificationUriCompleteString = verificationUriCompleteUrl.toString();\n\n\treturn {\n\t\tverificationUri: verificationUriString,\n\t\tverificationUriComplete: verificationUriCompleteString,\n\t};\n};\n\n/**\n * @internal\n */\nconst defaultGenerateDeviceCode = (length: number) => {\n\treturn generateRandomString(length, \"a-z\", \"A-Z\", \"0-9\");\n};\n\n/**\n * @internal\n */\nconst defaultGenerateUserCode = (length: number) => {\n\tconst chars = new Uint8Array(length);\n\treturn Array.from(crypto.getRandomValues(chars))\n\t\t.map((byte) => defaultCharset[byte % defaultCharset.length])\n\t\t.join(\"\");\n};\n"],"mappings":";;;;;;;;;;AAWA,MAAM,iBAAiB;AAEvB,MAAM,uBAAuB,EAAE,OAAO;CACrC,WAAW,EAAE,QAAQ,CAAC,KAAK,EAC1B,aAAa,oCACb,CAAC;CACF,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,kCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAM,wBAAwB,EAAE,OAAO;CACtC,OAAO,EAAE,KAAK,CAAC,mBAAmB,iBAAiB,CAAC,CAAC,KAAK,EACzD,aAAa,cACb,CAAC;CACF,mBAAmB,EAAE,QAAQ,CAAC,KAAK,EAClC,aAAa,8BACb,CAAC;CACF,CAAC;AAEF,MAAa,cAAc,SAAqC;CAC/D,MAAM,qBAAqB,YAAY;AACtC,MAAI,KAAK,mBACR,QAAO,KAAK,oBAAoB;AAEjC,SAAO,0BAA0B,KAAK,iBAAiB;;CAGxD,MAAM,mBAAmB,YAAY;AACpC,MAAI,KAAK,iBACR,QAAO,KAAK,kBAAkB;AAE/B,SAAO,wBAAwB,KAAK,eAAe;;AAEpD,QAAO,mBACN,gBACA;EACC,QAAQ;EACR,MAAM;EACN,OAAO;EACP,UAAU,EACT,SAAS;GACR,aAAa;;;GAGb,WAAW;IACV,KAAK;KACJ,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,aAAa;QACZ,MAAM;QACN,aAAa;QACb;OACD,WAAW;QACV,MAAM;QACN,aAAa;QACb;OACD,kBAAkB;QACjB,MAAM;QACN,QAAQ;QACR,aACC;QACD;OACD,2BAA2B;QAC1B,MAAM;QACN,QAAQ;QACR,aACC;QACD;OACD,YAAY;QACX,MAAM;QACN,aAAa;QACb;OACD,UAAU;QACT,MAAM;QACN,aAAa;QACb;OACD;MACD,EACD,EACD;KACD;IACD,KAAK;KACJ,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO;QACN,MAAM;QACN,MAAM,CAAC,mBAAmB,iBAAiB;QAC3C;OACD,mBAAmB,EAClB,MAAM,UACN;OACD;MACD,EACD,EACD;KACD;IACD;GACD,EACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,KAAK,gBAER;OAAI,CADY,MAAM,KAAK,eAAe,IAAI,KAAK,UAAU,CAE5D,OAAM,IAAI,SAAS,eAAe;IACjC,OAAO;IACP,mBAAmB;IACnB,CAAC;;AAIJ,MAAI,KAAK,oBACR,OAAM,KAAK,oBAAoB,IAAI,KAAK,WAAW,IAAI,KAAK,MAAM;EAGnE,MAAM,aAAa,MAAM,oBAAoB;EAC7C,MAAM,WAAW,MAAM,kBAAkB;EACzC,MAAM,YAAY,GAAG,KAAK,UAAU;EACpC,MAAM,YAAY,IAAI,KAAK,KAAK,KAAK,GAAG,UAAU;AAElD,QAAM,IAAI,QAAQ,QAAQ,OAAO;GAChC,OAAO;GACP,MAAM;IACL;IACA;IACA;IACA,QAAQ;IACR,iBAAiB,GAAG,KAAK,SAAS;IAClC,UAAU,IAAI,KAAK;IACnB,OAAO,IAAI,KAAK;IAChB;GACD,CAAC;EAEF,MAAM,EAAE,iBAAiB,4BACxB,sBACC,KAAK,iBACL,IAAI,QAAQ,SACZ,SACA;AAEF,SAAO,IAAI,KACV;GACC,aAAa;GACb,WAAW;GACX,kBAAkB;GAClB,2BAA2B;GAC3B,YAAY,KAAK,MAAM,YAAY,IAAK;GACxC,UAAU,KAAK,MAAM,GAAG,KAAK,SAAS,GAAG,IAAK;GAC9C,EACD,EACC,SAAS,EACR,iBAAiB,YACjB,EACD,CACD;GAEF;;AAGF,MAAM,wBAAwB,EAAE,OAAO;CACtC,YAAY,EAAE,QAAQ,+CAA+C,CAAC,KAAK,EAC1E,aAAa,kCACb,CAAC;CACF,aAAa,EAAE,QAAQ,CAAC,KAAK,EAC5B,aAAa,gCACb,CAAC;CACF,WAAW,EAAE,QAAQ,CAAC,KAAK,EAC1B,aAAa,oCACb,CAAC;CACF,CAAC;AAEF,MAAM,yBAAyB,EAAE,OAAO;CACvC,OAAO,EACL,KAAK;EACL;EACA;EACA;EACA;EACA;EACA;EACA,CAAC,CACD,KAAK,EACL,aAAa,cACb,CAAC;CACH,mBAAmB,EAAE,QAAQ,CAAC,KAAK,EAClC,aAAa,8BACb,CAAC;CACF,CAAC;AAEF,MAAa,eAAe,SAC3B,mBACC,iBACA;CACC,QAAQ;CACR,MAAM;CACN,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;;;EAGb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,SAAS,EACR,MAAM,gCACN;MACD,MAAM,EACL,MAAM,6BACN;MACD;KACD,EACD,EACD;IACD;GACD,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,OAAO;OACN,MAAM;OACN,MAAM;QACL;QACA;QACA;QACA;QACA;QACA;QACA;OACD;MACD,mBAAmB,EAClB,MAAM,UACN;MACD;KACD,EACD,EACD;IACD;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,aAAa,cAAc,IAAI;AAEvC,KAAI,KAAK,gBAER;MAAI,CADY,MAAM,KAAK,eAAe,UAAU,CAEnD,OAAM,IAAI,SAAS,eAAe;GACjC,OAAO;GACP,mBAAmB;GACnB,CAAC;;CAIJ,MAAM,mBAAmB,MAAM,IAAI,QAAQ,QAAQ,QAWhD;EACF,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO;GACP,CACD;EACD,CAAC;AAEF,KAAI,CAAC,iBACJ,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,oBAAoB;EACtD,CAAC;AAGH,KACC,iBAAiB,YACjB,iBAAiB,aAAa,UAE9B,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBAAmB;EACnB,CAAC;AAIH,KAAI,iBAAiB,gBAAgB,iBAAiB,iBAKrD;MAHC,KAAK,KAAK,GAAG,IAAI,KAAK,iBAAiB,aAAa,CAAC,SAAS,GAC3C,iBAAiB,gBAGpC,OAAM,IAAI,SAAS,eAAe;GACjC,OAAO;GACP,mBACC,iCAAiC,uBAAuB;GACzD,CAAC;;AAKJ,OAAM,IAAI,QAAQ,QAAQ,OAAO;EAChC,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO,iBAAiB;GACxB,CACD;EACD,QAAQ,EACP,8BAAc,IAAI,MAAM,EACxB;EACD,CAAC;AAEF,KAAI,iBAAiB,4BAAY,IAAI,MAAM,EAAE;AAC5C,QAAM,IAAI,QAAQ,QAAQ,OAAO;GAChC,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO,iBAAiB;IACxB,CACD;GACD,CAAC;AACF,QAAM,IAAI,SAAS,eAAe;GACjC,OAAO;GACP,mBACC,iCAAiC,oBAAoB;GACtD,CAAC;;AAGH,KAAI,iBAAiB,WAAW,UAC/B,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,sBAAsB;EACxD,CAAC;AAGH,KAAI,iBAAiB,WAAW,UAAU;AACzC,QAAM,IAAI,QAAQ,QAAQ,OAAO;GAChC,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO,iBAAiB;IACxB,CACD;GACD,CAAC;AACF,QAAM,IAAI,SAAS,eAAe;GACjC,OAAO;GACP,mBACC,iCAAiC,cAAc;GAChD,CAAC;;AAGH,KAAI,iBAAiB,WAAW,cAAc,iBAAiB,QAAQ;EACtE,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,iBAAiB,OACjB;AAED,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,yBAAyB;GAC3C,OAAO;GACP,mBACC,iCAAiC,eAAe;GACjD,CAAC;EAGH,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,KAAK,GACL;AAED,MAAI,CAAC,QACJ,OAAM,IAAI,SAAS,yBAAyB;GAC3C,OAAO;GACP,mBACC,iCAAiC,yBAAyB;GAC3D,CAAC;AAKH,MAAI,QAAQ,cAAc;GACzB;GACA;GACA,CAAC;AAIF,MAAI,IAAI,QAAQ,QAAQ,iBACvB,OAAM,IAAI,QAAQ,kBAAkB,IACnC,QAAQ,OACR,KAAK,UAAU;GACd;GACA;GACA,CAAC,EACF,KAAK,OACH,IAAI,KAAK,QAAQ,UAAU,CAAC,SAAS,GAAG,KAAK,KAAK,IAAI,IACvD,CACD;AAIF,QAAM,IAAI,QAAQ,QAAQ,OAAO;GAChC,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO,iBAAiB;IACxB,CACD;GACD,CAAC;AAGF,SAAO,IAAI,KACV;GACC,cAAc,QAAQ;GACtB,YAAY;GACZ,YAAY,KAAK,OACf,IAAI,KAAK,QAAQ,UAAU,CAAC,SAAS,GAAG,KAAK,KAAK,IAAI,IACvD;GACD,OAAO,iBAAiB,SAAS;GACjC,EACD,EACC,SAAS;GACR,iBAAiB;GACjB,QAAQ;GACR,EACD,CACD;;AAGF,OAAM,IAAI,SAAS,yBAAyB;EAC3C,OAAO;EACP,mBACC,iCAAiC,2BAA2B;EAC7D,CAAC;EAEH;AAEF,MAAa,eAAe,mBAC3B,WACA;CACC,QAAQ;CACR,OAAO,EAAE,OAAO,EACf,WAAW,EAAE,QAAQ,CAAC,KAAK,EAC1B,aAAa,2BACb,CAAC,EACF,CAAC;CACF,OAAO,EAAE,OAAO;EACf,OAAO,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC,KAAK,EACvC,aAAa,cACb,CAAC;EACF,mBAAmB,EAAE,QAAQ,CAAC,KAAK,EAClC,aAAa,8BACb,CAAC;EACF,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,WAAW;MACV,MAAM;MACN,aAAa;MACb;KACD,QAAQ;MACP,MAAM;MACN,MAAM;OAAC;OAAW;OAAY;OAAS;MACvC,aAAa;MACb;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,cAAc,IAAI;CAC1B,MAAM,gBAAgB,UAAU,QAAQ,MAAM,GAAG;CAEjD,MAAM,mBAAmB,MAAM,IAAI,QAAQ,QAAQ,QAAoB;EACtE,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO;GACP,CACD;EACD,CAAC;AAEF,KAAI,CAAC,iBACJ,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,kBAAkB;EACpD,CAAC;AAGH,KAAI,iBAAiB,4BAAY,IAAI,MAAM,CAC1C,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,kBAAkB;EACpD,CAAC;AAGH,QAAO,IAAI,KAAK;EACJ;EACX,QAAQ,iBAAiB;EACzB,CAAC;EAEH;AAED,MAAa,gBAAgB,mBAC5B,mBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO,EACd,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,4BACb,CAAC,EACF,CAAC;CACF,OAAO,EAAE,OAAO;EACf,OAAO,EACL,KAAK;GACL;GACA;GACA;GACA;GACA;GACA,CAAC,CACD,KAAK,EACL,aAAa,cACb,CAAC;EACH,mBAAmB,EAAE,QAAQ,CAAC,KAAK,EAClC,aAAa,8BACb,CAAC;EACF,CAAC;CACF,gBAAgB;CAChB,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,IAAI,SAAS,gBAAgB;EAClC,OAAO;EACP,mBACC,iCAAiC,wBAAwB;EAC1D,CAAC;CAGH,MAAM,EAAE,aAAa,IAAI;CACzB,MAAM,gBAAgB,SAAS,QAAQ,MAAM,GAAG;CAEhD,MAAM,mBAAmB,MAAM,IAAI,QAAQ,QAAQ,QAAoB;EACtE,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO;GACP,CACD;EACD,CAAC;AAEF,KAAI,CAAC,iBACJ,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,kBAAkB;EACpD,CAAC;AAGH,KAAI,iBAAiB,4BAAY,IAAI,MAAM,CAC1C,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,kBAAkB;EACpD,CAAC;AAGH,KAAI,iBAAiB,WAAW,UAC/B,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,8BAC/B;EACH,CAAC;AAIH,KACC,iBAAiB,UACjB,iBAAiB,WAAW,QAAQ,KAAK,GAEzC,OAAM,IAAI,SAAS,aAAa;EAC/B,OAAO;EACP,mBACC;EACD,CAAC;AAIH,OAAM,IAAI,QAAQ,QAAQ,OAAO;EAChC,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO,iBAAiB;GACxB,CACD;EACD,QAAQ;GACP,QAAQ;GACR,QAAQ,QAAQ,KAAK;GACrB;EACD,CAAC;AAEF,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAED,MAAa,aAAa,mBACzB,gBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO,EACd,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,yBACb,CAAC,EACF,CAAC;CACF,OAAO,EAAE,OAAO;EACf,OAAO,EACL,KAAK;GACL;GACA;GACA;GACA;GACA,CAAC,CACD,KAAK,EACL,aAAa,cACb,CAAC;EACH,mBAAmB,EAAE,QAAQ,CAAC,KAAK,EAClC,aAAa,8BACb,CAAC;EACF,CAAC;CACF,gBAAgB;CAChB,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,IAAI,SAAS,gBAAgB;EAClC,OAAO;EACP,mBACC,iCAAiC,wBAAwB;EAC1D,CAAC;CAGH,MAAM,EAAE,aAAa,IAAI;CACzB,MAAM,gBAAgB,SAAS,QAAQ,MAAM,GAAG;CAEhD,MAAM,mBAAmB,MAAM,IAAI,QAAQ,QAAQ,QAAoB;EACtE,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO;GACP,CACD;EACD,CAAC;AAEF,KAAI,CAAC,iBACJ,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,kBAAkB;EACpD,CAAC;AAGH,KAAI,iBAAiB,4BAAY,IAAI,MAAM,CAC1C,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,kBAAkB;EACpD,CAAC;AAGH,KAAI,iBAAiB,WAAW,UAC/B,OAAM,IAAI,SAAS,eAAe;EACjC,OAAO;EACP,mBACC,iCAAiC,8BAC/B;EACH,CAAC;AAIH,KACC,iBAAiB,UACjB,iBAAiB,WAAW,QAAQ,KAAK,GAEzC,OAAM,IAAI,SAAS,aAAa;EAC/B,OAAO;EACP,mBACC;EACD,CAAC;AAIH,OAAM,IAAI,QAAQ,QAAQ,OAAO;EAChC,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO,iBAAiB;GACxB,CACD;EACD,QAAQ;GACP,QAAQ;GACR,QAAQ,iBAAiB,UAAU,QAAQ,KAAK;GAChD;EACD,CAAC;AAEF,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;;;;AAKD,MAAM,yBACL,iBACA,SACA,aAII;CACJ,MAAM,MAAM,mBAAmB;CAE/B,IAAI;AACJ,KAAI;AACH,oBAAkB,IAAI,IAAI,IAAI;SACvB;AACP,oBAAkB,IAAI,IAAI,KAAK,QAAQ;;CAGxC,MAAM,6BAA6B,IAAI,IAAI,gBAAgB;AAC3D,4BAA2B,aAAa,IAAI,aAAa,SAAS;AAKlE,QAAO;EACN,iBAJ6B,gBAAgB,UAAU;EAKvD,yBAJqC,2BAA2B,UAAU;EAK1E;;;;;AAMF,MAAM,6BAA6B,WAAmB;AACrD,QAAO,qBAAqB,QAAQ,OAAO,OAAO,MAAM;;;;;AAMzD,MAAM,2BAA2B,WAAmB;CACnD,MAAM,QAAQ,IAAI,WAAW,OAAO;AACpC,QAAO,MAAM,KAAK,OAAO,gBAAgB,MAAM,CAAC,CAC9C,KAAK,SAAS,eAAe,OAAO,IAAuB,CAC3D,KAAK,GAAG"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import * as z from "zod";
|
|
2
|
+
|
|
3
|
+
//#region src/plugins/device-authorization/schema.ts
|
|
4
|
+
const schema = { deviceCode: { fields: {
|
|
5
|
+
deviceCode: {
|
|
6
|
+
type: "string",
|
|
7
|
+
required: true
|
|
8
|
+
},
|
|
9
|
+
userCode: {
|
|
10
|
+
type: "string",
|
|
11
|
+
required: true
|
|
12
|
+
},
|
|
13
|
+
userId: {
|
|
14
|
+
type: "string",
|
|
15
|
+
required: false
|
|
16
|
+
},
|
|
17
|
+
expiresAt: {
|
|
18
|
+
type: "date",
|
|
19
|
+
required: true
|
|
20
|
+
},
|
|
21
|
+
status: {
|
|
22
|
+
type: "string",
|
|
23
|
+
required: true
|
|
24
|
+
},
|
|
25
|
+
lastPolledAt: {
|
|
26
|
+
type: "date",
|
|
27
|
+
required: false
|
|
28
|
+
},
|
|
29
|
+
pollingInterval: {
|
|
30
|
+
type: "number",
|
|
31
|
+
required: false
|
|
32
|
+
},
|
|
33
|
+
clientId: {
|
|
34
|
+
type: "string",
|
|
35
|
+
required: false
|
|
36
|
+
},
|
|
37
|
+
scope: {
|
|
38
|
+
type: "string",
|
|
39
|
+
required: false
|
|
40
|
+
}
|
|
41
|
+
} } };
|
|
42
|
+
z.object({
|
|
43
|
+
id: z.string(),
|
|
44
|
+
deviceCode: z.string(),
|
|
45
|
+
userCode: z.string(),
|
|
46
|
+
userId: z.string().optional(),
|
|
47
|
+
expiresAt: z.date(),
|
|
48
|
+
status: z.string(),
|
|
49
|
+
lastPolledAt: z.date().optional(),
|
|
50
|
+
pollingInterval: z.number().optional(),
|
|
51
|
+
clientId: z.string().optional(),
|
|
52
|
+
scope: z.string().optional()
|
|
53
|
+
});
|
|
54
|
+
|
|
55
|
+
//#endregion
|
|
56
|
+
export { schema };
|
|
57
|
+
//# sourceMappingURL=schema.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.mjs","names":[],"sources":["../../../src/plugins/device-authorization/schema.ts"],"sourcesContent":["import type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\nimport * as z from \"zod\";\n\nexport const schema = {\n\tdeviceCode: {\n\t\tfields: {\n\t\t\tdeviceCode: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: true,\n\t\t\t},\n\t\t\tuserCode: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: true,\n\t\t\t},\n\t\t\tuserId: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t\texpiresAt: {\n\t\t\t\ttype: \"date\",\n\t\t\t\trequired: true,\n\t\t\t},\n\t\t\tstatus: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: true,\n\t\t\t},\n\t\t\tlastPolledAt: {\n\t\t\t\ttype: \"date\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t\tpollingInterval: {\n\t\t\t\ttype: \"number\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t\tclientId: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t\tscope: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t},\n\t},\n} satisfies BetterAuthPluginDBSchema;\n\nconst deviceCode = z.object({\n\tid: z.string(),\n\tdeviceCode: z.string(),\n\tuserCode: z.string(),\n\tuserId: z.string().optional(),\n\texpiresAt: z.date(),\n\tstatus: z.string(),\n\tlastPolledAt: z.date().optional(),\n\tpollingInterval: z.number().optional(),\n\tclientId: z.string().optional(),\n\tscope: z.string().optional(),\n});\n\nexport type DeviceCode = z.infer<typeof deviceCode>;\n"],"mappings":";;;AAGA,MAAa,SAAS,EACrB,YAAY,EACX,QAAQ;CACP,YAAY;EACX,MAAM;EACN,UAAU;EACV;CACD,UAAU;EACT,MAAM;EACN,UAAU;EACV;CACD,QAAQ;EACP,MAAM;EACN,UAAU;EACV;CACD,WAAW;EACV,MAAM;EACN,UAAU;EACV;CACD,QAAQ;EACP,MAAM;EACN,UAAU;EACV;CACD,cAAc;EACb,MAAM;EACN,UAAU;EACV;CACD,iBAAiB;EAChB,MAAM;EACN,UAAU;EACV;CACD,UAAU;EACT,MAAM;EACN,UAAU;EACV;CACD,OAAO;EACN,MAAM;EACN,UAAU;EACV;CACD,EACD,EACD;AAEkB,EAAE,OAAO;CAC3B,IAAI,EAAE,QAAQ;CACd,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,QAAQ;CACpB,QAAQ,EAAE,QAAQ,CAAC,UAAU;CAC7B,WAAW,EAAE,MAAM;CACnB,QAAQ,EAAE,QAAQ;CAClB,cAAc,EAAE,MAAM,CAAC,UAAU;CACjC,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC5B,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { EMAIL_OTP_ERROR_CODES } from "./error-codes.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/plugins/email-otp/client.ts
|
|
4
|
+
const emailOTPClient = () => {
|
|
5
|
+
return {
|
|
6
|
+
id: "email-otp",
|
|
7
|
+
$InferServerPlugin: {},
|
|
8
|
+
atomListeners: [{
|
|
9
|
+
matcher: (path) => path === "/email-otp/verify-email" || path === "/sign-in/email-otp",
|
|
10
|
+
signal: "$sessionSignal"
|
|
11
|
+
}],
|
|
12
|
+
$ERROR_CODES: EMAIL_OTP_ERROR_CODES
|
|
13
|
+
};
|
|
14
|
+
};
|
|
15
|
+
|
|
16
|
+
//#endregion
|
|
17
|
+
export { emailOTPClient };
|
|
18
|
+
//# sourceMappingURL=client.mjs.map
|