@inkeep/agents-core 0.72.2 → 0.73.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/auth-schema.d.ts +235 -235
- package/dist/auth/auth-schema.js +8 -8
- package/dist/auth/auth-types.d.ts +6 -1
- package/dist/auth/auth-validation-schemas.d.ts +154 -154
- package/dist/auth/auth.d.ts +74 -51
- package/dist/auth/auth.js +18 -4
- package/dist/auth/password-policy.d.ts +7 -3
- package/dist/auth/password-policy.js +6 -4
- package/dist/auth/permissions.d.ts +13 -13
- package/dist/client-exports.d.ts +2 -2
- package/dist/client-exports.js +2 -2
- package/dist/data-access/manage/agents.d.ts +25 -25
- package/dist/data-access/manage/artifactComponents.d.ts +6 -6
- package/dist/data-access/manage/contextConfigs.d.ts +8 -8
- package/dist/data-access/manage/dataComponents.d.ts +2 -2
- package/dist/data-access/manage/functionTools.d.ts +6 -6
- package/dist/data-access/manage/skills.d.ts +8 -8
- package/dist/data-access/manage/subAgentExternalAgentRelations.d.ts +12 -12
- package/dist/data-access/manage/subAgentRelations.d.ts +12 -12
- package/dist/data-access/manage/subAgentTeamAgentRelations.d.ts +12 -12
- package/dist/data-access/manage/subAgents.d.ts +15 -15
- package/dist/data-access/manage/tools.d.ts +24 -24
- package/dist/data-access/manage/triggers.d.ts +2 -2
- package/dist/data-access/manage/webhookDestinations.d.ts +1 -0
- package/dist/data-access/runtime/apiKeys.d.ts +8 -8
- package/dist/data-access/runtime/apps.d.ts +10 -10
- package/dist/data-access/runtime/conversations.d.ts +36 -36
- package/dist/data-access/runtime/events.d.ts +4 -4
- package/dist/data-access/runtime/feedback.d.ts +6 -6
- package/dist/data-access/runtime/messages.d.ts +27 -27
- package/dist/data-access/runtime/scheduledTriggerInvocations.d.ts +4 -4
- package/dist/data-access/runtime/scheduledTriggerUsers.d.ts +1 -1
- package/dist/data-access/runtime/tasks.d.ts +6 -6
- package/dist/db/manage/manage-schema.d.ts +497 -478
- package/dist/db/manage/manage-schema.js +1 -0
- package/dist/db/runtime/runtime-schema.d.ts +445 -445
- package/dist/index.d.ts +2 -2
- package/dist/index.js +2 -2
- package/dist/validation/drizzle-schema-helpers.d.ts +3 -3
- package/dist/validation/index.d.ts +2 -2
- package/dist/validation/index.js +2 -2
- package/dist/validation/schemas/skills.d.ts +31 -31
- package/dist/validation/schemas.d.ts +2134 -2086
- package/dist/validation/schemas.js +36 -12
- package/drizzle/manage/0020_typical_mandrill.sql +1 -0
- package/drizzle/manage/meta/0020_snapshot.json +4093 -0
- package/drizzle/manage/meta/_journal.json +7 -0
- package/drizzle/runtime/0042_long_magdalene.sql +8 -0
- package/drizzle/runtime/meta/0042_snapshot.json +6298 -0
- package/drizzle/runtime/meta/_journal.json +7 -0
- package/package.json +5 -5
package/dist/auth/auth.d.ts
CHANGED
|
@@ -4,7 +4,8 @@ import * as jose0 from "jose";
|
|
|
4
4
|
import * as zod0 from "zod";
|
|
5
5
|
import * as better_auth0 from "better-auth";
|
|
6
6
|
import * as _better_auth_oauth_provider0 from "@better-auth/oauth-provider";
|
|
7
|
-
import * as
|
|
7
|
+
import * as better_auth_plugins0 from "better-auth/plugins";
|
|
8
|
+
import * as zod_v4_core0 from "zod/v4/core";
|
|
8
9
|
|
|
9
10
|
//#region src/auth/auth.d.ts
|
|
10
11
|
|
|
@@ -26,6 +27,7 @@ import * as better_auth_plugins20 from "better-auth/plugins";
|
|
|
26
27
|
declare function _inferAuthType(): better_auth0.Auth<{
|
|
27
28
|
plugins: [{
|
|
28
29
|
id: "bearer";
|
|
30
|
+
version: string;
|
|
29
31
|
hooks: {
|
|
30
32
|
before: {
|
|
31
33
|
matcher(context: better_auth0.HookEndpointContext): boolean;
|
|
@@ -40,10 +42,11 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
40
42
|
handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<void>;
|
|
41
43
|
}[];
|
|
42
44
|
};
|
|
43
|
-
options:
|
|
45
|
+
options: better_auth_plugins0.BearerOptions | undefined;
|
|
44
46
|
}, {
|
|
45
47
|
id: "oauth-proxy";
|
|
46
|
-
|
|
48
|
+
version: string;
|
|
49
|
+
options: NoInfer<better_auth_plugins0.OAuthProxyOptions>;
|
|
47
50
|
endpoints: {
|
|
48
51
|
oAuthProxy: better_auth0.StrictEndpoint<"/oauth-proxy-callback", {
|
|
49
52
|
method: "GET";
|
|
@@ -51,7 +54,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
51
54
|
query: zod0.ZodObject<{
|
|
52
55
|
callbackURL: zod0.ZodString;
|
|
53
56
|
profile: zod0.ZodOptional<zod0.ZodString>;
|
|
54
|
-
},
|
|
57
|
+
}, zod_v4_core0.$strip>;
|
|
55
58
|
use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<void>)[];
|
|
56
59
|
metadata: {
|
|
57
60
|
openapi: {
|
|
@@ -97,7 +100,8 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
97
100
|
};
|
|
98
101
|
}, {
|
|
99
102
|
id: "jwt";
|
|
100
|
-
|
|
103
|
+
version: string;
|
|
104
|
+
options: NoInfer<better_auth_plugins0.JwtOptions>;
|
|
101
105
|
endpoints: {
|
|
102
106
|
getJwks: better_auth0.StrictEndpoint<string, {
|
|
103
107
|
method: "GET";
|
|
@@ -234,14 +238,14 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
234
238
|
$Infer: {
|
|
235
239
|
body: {
|
|
236
240
|
payload: jose0.JWTPayload;
|
|
237
|
-
overrideOptions?:
|
|
241
|
+
overrideOptions?: better_auth_plugins0.JwtOptions | undefined;
|
|
238
242
|
};
|
|
239
243
|
};
|
|
240
244
|
};
|
|
241
245
|
body: zod0.ZodObject<{
|
|
242
246
|
payload: zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>;
|
|
243
247
|
overrideOptions: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodAny>>;
|
|
244
|
-
},
|
|
248
|
+
}, zod_v4_core0.$strip>;
|
|
245
249
|
}, {
|
|
246
250
|
token: string;
|
|
247
251
|
}>;
|
|
@@ -265,7 +269,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
265
269
|
body: zod0.ZodObject<{
|
|
266
270
|
token: zod0.ZodString;
|
|
267
271
|
issuer: zod0.ZodOptional<zod0.ZodString>;
|
|
268
|
-
},
|
|
272
|
+
}, zod_v4_core0.$strip>;
|
|
269
273
|
}, {
|
|
270
274
|
payload: (jose0.JWTPayload & Required<Pick<jose0.JWTPayload, "sub" | "aud">>) | null;
|
|
271
275
|
}>;
|
|
@@ -300,6 +304,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
300
304
|
};
|
|
301
305
|
}, {
|
|
302
306
|
id: "oauth-provider";
|
|
307
|
+
version: string;
|
|
303
308
|
options: NoInfer<{
|
|
304
309
|
loginPage: string;
|
|
305
310
|
consentPage: string;
|
|
@@ -331,18 +336,19 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
331
336
|
SERVER_ONLY: true;
|
|
332
337
|
};
|
|
333
338
|
}, Omit<_better_auth_oauth_provider0.OIDCMetadata, "id_token_signing_alg_values_supported"> & {
|
|
334
|
-
id_token_signing_alg_values_supported:
|
|
339
|
+
id_token_signing_alg_values_supported: better_auth_plugins0.JWSAlgorithms[] | ["HS256"];
|
|
335
340
|
}>;
|
|
336
341
|
oauth2Authorize: better_auth0.StrictEndpoint<"/oauth2/authorize", {
|
|
337
342
|
method: "GET";
|
|
338
343
|
query: zod0.ZodObject<{
|
|
339
|
-
response_type: zod0.ZodEnum<{
|
|
344
|
+
response_type: zod0.ZodOptional<zod0.ZodEnum<{
|
|
340
345
|
code: "code";
|
|
341
|
-
}
|
|
346
|
+
}>>;
|
|
342
347
|
client_id: zod0.ZodString;
|
|
343
348
|
redirect_uri: zod0.ZodOptional<zod0.ZodURL>;
|
|
344
349
|
scope: zod0.ZodOptional<zod0.ZodString>;
|
|
345
350
|
state: zod0.ZodOptional<zod0.ZodString>;
|
|
351
|
+
request_uri: zod0.ZodOptional<zod0.ZodString>;
|
|
346
352
|
code_challenge: zod0.ZodOptional<zod0.ZodString>;
|
|
347
353
|
code_challenge_method: zod0.ZodOptional<zod0.ZodEnum<{
|
|
348
354
|
S256: "S256";
|
|
@@ -357,14 +363,14 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
357
363
|
"login consent": "login consent";
|
|
358
364
|
"select_account consent": "select_account consent";
|
|
359
365
|
}>>;
|
|
360
|
-
},
|
|
366
|
+
}, zod_v4_core0.$strip>;
|
|
361
367
|
metadata: {
|
|
362
368
|
openapi: {
|
|
363
369
|
description: string;
|
|
364
370
|
parameters: ({
|
|
365
371
|
name: string;
|
|
366
372
|
in: "query";
|
|
367
|
-
required:
|
|
373
|
+
required: false;
|
|
368
374
|
schema: {
|
|
369
375
|
type: "string";
|
|
370
376
|
format?: undefined;
|
|
@@ -373,10 +379,10 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
373
379
|
} | {
|
|
374
380
|
name: string;
|
|
375
381
|
in: "query";
|
|
376
|
-
required:
|
|
382
|
+
required: true;
|
|
377
383
|
schema: {
|
|
378
384
|
type: "string";
|
|
379
|
-
format
|
|
385
|
+
format?: undefined;
|
|
380
386
|
};
|
|
381
387
|
description: string;
|
|
382
388
|
} | {
|
|
@@ -385,7 +391,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
385
391
|
required: false;
|
|
386
392
|
schema: {
|
|
387
393
|
type: "string";
|
|
388
|
-
format
|
|
394
|
+
format: string;
|
|
389
395
|
};
|
|
390
396
|
description: string;
|
|
391
397
|
})[];
|
|
@@ -437,7 +443,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
437
443
|
accept: zod0.ZodBoolean;
|
|
438
444
|
scope: zod0.ZodOptional<zod0.ZodString>;
|
|
439
445
|
oauth_query: zod0.ZodOptional<zod0.ZodString>;
|
|
440
|
-
},
|
|
446
|
+
}, zod_v4_core0.$strip>;
|
|
441
447
|
use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
|
|
442
448
|
session: {
|
|
443
449
|
session: Record<string, any> & {
|
|
@@ -497,7 +503,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
497
503
|
created: zod0.ZodOptional<zod0.ZodBoolean>;
|
|
498
504
|
postLogin: zod0.ZodOptional<zod0.ZodBoolean>;
|
|
499
505
|
oauth_query: zod0.ZodOptional<zod0.ZodString>;
|
|
500
|
-
},
|
|
506
|
+
}, zod_v4_core0.$strip>;
|
|
501
507
|
use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
|
|
502
508
|
session: {
|
|
503
509
|
session: Record<string, any> & {
|
|
@@ -566,7 +572,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
566
572
|
refresh_token: zod0.ZodOptional<zod0.ZodString>;
|
|
567
573
|
resource: zod0.ZodOptional<zod0.ZodString>;
|
|
568
574
|
scope: zod0.ZodOptional<zod0.ZodString>;
|
|
569
|
-
},
|
|
575
|
+
}, zod_v4_core0.$strip>;
|
|
570
576
|
metadata: {
|
|
571
577
|
allowedMediaTypes: string[];
|
|
572
578
|
openapi: {
|
|
@@ -690,8 +696,10 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
690
696
|
access_token: string;
|
|
691
697
|
expires_in: number;
|
|
692
698
|
expires_at: number;
|
|
693
|
-
token_type:
|
|
699
|
+
token_type: "Bearer";
|
|
700
|
+
refresh_token: string | undefined;
|
|
694
701
|
scope: string;
|
|
702
|
+
id_token: string | undefined;
|
|
695
703
|
}>;
|
|
696
704
|
oauth2Introspect: better_auth0.StrictEndpoint<"/oauth2/introspect", {
|
|
697
705
|
method: "POST";
|
|
@@ -703,7 +711,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
703
711
|
refresh_token: "refresh_token";
|
|
704
712
|
access_token: "access_token";
|
|
705
713
|
}>>;
|
|
706
|
-
},
|
|
714
|
+
}, zod_v4_core0.$strip>;
|
|
707
715
|
metadata: {
|
|
708
716
|
allowedMediaTypes: string[];
|
|
709
717
|
openapi: {
|
|
@@ -840,7 +848,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
840
848
|
refresh_token: "refresh_token";
|
|
841
849
|
access_token: "access_token";
|
|
842
850
|
}>>;
|
|
843
|
-
},
|
|
851
|
+
}, zod_v4_core0.$strip>;
|
|
844
852
|
metadata: {
|
|
845
853
|
allowedMediaTypes: string[];
|
|
846
854
|
openapi: {
|
|
@@ -1041,7 +1049,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1041
1049
|
client_id: zod0.ZodOptional<zod0.ZodString>;
|
|
1042
1050
|
post_logout_redirect_uri: zod0.ZodOptional<zod0.ZodURL>;
|
|
1043
1051
|
state: zod0.ZodOptional<zod0.ZodString>;
|
|
1044
|
-
},
|
|
1052
|
+
}, zod_v4_core0.$strip>;
|
|
1045
1053
|
metadata: {
|
|
1046
1054
|
openapi: {
|
|
1047
1055
|
description: string;
|
|
@@ -1111,7 +1119,8 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1111
1119
|
public: "public";
|
|
1112
1120
|
pairwise: "pairwise";
|
|
1113
1121
|
}>>;
|
|
1114
|
-
|
|
1122
|
+
skip_consent: zod0.ZodOptional<zod0.ZodNever>;
|
|
1123
|
+
}, zod_v4_core0.$strip>;
|
|
1115
1124
|
metadata: {
|
|
1116
1125
|
openapi: {
|
|
1117
1126
|
description: string;
|
|
@@ -1288,7 +1297,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1288
1297
|
pairwise: "pairwise";
|
|
1289
1298
|
}>>;
|
|
1290
1299
|
metadata: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodUnknown>>;
|
|
1291
|
-
},
|
|
1300
|
+
}, zod_v4_core0.$strip>;
|
|
1292
1301
|
metadata: {
|
|
1293
1302
|
SERVER_ONLY: true;
|
|
1294
1303
|
openapi: {
|
|
@@ -1483,7 +1492,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1483
1492
|
native: "native";
|
|
1484
1493
|
"user-agent-based": "user-agent-based";
|
|
1485
1494
|
}>>;
|
|
1486
|
-
},
|
|
1495
|
+
}, zod_v4_core0.$strip>;
|
|
1487
1496
|
metadata: {
|
|
1488
1497
|
openapi: {
|
|
1489
1498
|
description: string;
|
|
@@ -1643,7 +1652,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1643
1652
|
}>)[];
|
|
1644
1653
|
query: zod0.ZodObject<{
|
|
1645
1654
|
client_id: zod0.ZodString;
|
|
1646
|
-
},
|
|
1655
|
+
}, zod_v4_core0.$strip>;
|
|
1647
1656
|
metadata: {
|
|
1648
1657
|
openapi: {
|
|
1649
1658
|
description: string;
|
|
@@ -1677,7 +1686,20 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1677
1686
|
}>)[];
|
|
1678
1687
|
query: zod0.ZodObject<{
|
|
1679
1688
|
client_id: zod0.ZodString;
|
|
1680
|
-
},
|
|
1689
|
+
}, zod_v4_core0.$strip>;
|
|
1690
|
+
metadata: {
|
|
1691
|
+
openapi: {
|
|
1692
|
+
description: string;
|
|
1693
|
+
};
|
|
1694
|
+
};
|
|
1695
|
+
}, _better_auth_oauth_provider0.OAuthClient>;
|
|
1696
|
+
getOAuthClientPublicPrelogin: better_auth0.StrictEndpoint<"/oauth2/public-client-prelogin", {
|
|
1697
|
+
method: "POST";
|
|
1698
|
+
use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<void>)[];
|
|
1699
|
+
body: zod0.ZodObject<{
|
|
1700
|
+
client_id: zod0.ZodString;
|
|
1701
|
+
oauth_query: zod0.ZodOptional<zod0.ZodString>;
|
|
1702
|
+
}, zod_v4_core0.$strip>;
|
|
1681
1703
|
metadata: {
|
|
1682
1704
|
openapi: {
|
|
1683
1705
|
description: string;
|
|
@@ -1749,8 +1771,8 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1749
1771
|
skip_consent: zod0.ZodOptional<zod0.ZodBoolean>;
|
|
1750
1772
|
enable_end_session: zod0.ZodOptional<zod0.ZodBoolean>;
|
|
1751
1773
|
metadata: zod0.ZodOptional<zod0.ZodRecord<zod0.ZodString, zod0.ZodUnknown>>;
|
|
1752
|
-
},
|
|
1753
|
-
},
|
|
1774
|
+
}, zod_v4_core0.$strip>;
|
|
1775
|
+
}, zod_v4_core0.$strip>;
|
|
1754
1776
|
metadata: {
|
|
1755
1777
|
SERVER_ONLY: true;
|
|
1756
1778
|
openapi: {
|
|
@@ -1811,8 +1833,8 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1811
1833
|
native: "native";
|
|
1812
1834
|
"user-agent-based": "user-agent-based";
|
|
1813
1835
|
}>>;
|
|
1814
|
-
},
|
|
1815
|
-
},
|
|
1836
|
+
}, zod_v4_core0.$strip>;
|
|
1837
|
+
}, zod_v4_core0.$strip>;
|
|
1816
1838
|
metadata: {
|
|
1817
1839
|
openapi: {
|
|
1818
1840
|
description: string;
|
|
@@ -1846,7 +1868,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1846
1868
|
}>)[];
|
|
1847
1869
|
body: zod0.ZodObject<{
|
|
1848
1870
|
client_id: zod0.ZodString;
|
|
1849
|
-
},
|
|
1871
|
+
}, zod_v4_core0.$strip>;
|
|
1850
1872
|
metadata: {
|
|
1851
1873
|
openapi: {
|
|
1852
1874
|
description: string;
|
|
@@ -1880,7 +1902,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1880
1902
|
}>)[];
|
|
1881
1903
|
body: zod0.ZodObject<{
|
|
1882
1904
|
client_id: zod0.ZodString;
|
|
1883
|
-
},
|
|
1905
|
+
}, zod_v4_core0.$strip>;
|
|
1884
1906
|
metadata: {
|
|
1885
1907
|
openapi: {
|
|
1886
1908
|
description: string;
|
|
@@ -1891,7 +1913,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1891
1913
|
method: "GET";
|
|
1892
1914
|
query: zod0.ZodObject<{
|
|
1893
1915
|
id: zod0.ZodString;
|
|
1894
|
-
},
|
|
1916
|
+
}, zod_v4_core0.$strip>;
|
|
1895
1917
|
use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
|
|
1896
1918
|
session: {
|
|
1897
1919
|
session: Record<string, any> & {
|
|
@@ -1981,8 +2003,8 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
1981
2003
|
id: zod0.ZodString;
|
|
1982
2004
|
update: zod0.ZodObject<{
|
|
1983
2005
|
scopes: zod0.ZodArray<zod0.ZodString>;
|
|
1984
|
-
},
|
|
1985
|
-
},
|
|
2006
|
+
}, zod_v4_core0.$strip>;
|
|
2007
|
+
}, zod_v4_core0.$strip>;
|
|
1986
2008
|
metadata: {
|
|
1987
2009
|
openapi: {
|
|
1988
2010
|
description: string;
|
|
@@ -2016,7 +2038,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2016
2038
|
}>)[];
|
|
2017
2039
|
body: zod0.ZodObject<{
|
|
2018
2040
|
id: zod0.ZodString;
|
|
2019
|
-
},
|
|
2041
|
+
}, zod_v4_core0.$strip>;
|
|
2020
2042
|
metadata: {
|
|
2021
2043
|
openapi: {
|
|
2022
2044
|
description: string;
|
|
@@ -2324,7 +2346,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2324
2346
|
window: number;
|
|
2325
2347
|
max: number;
|
|
2326
2348
|
})[];
|
|
2327
|
-
},
|
|
2349
|
+
}, better_auth_plugins0.DefaultOrganizationPlugin<{
|
|
2328
2350
|
schema: {
|
|
2329
2351
|
invitation: {
|
|
2330
2352
|
additionalFields: {
|
|
@@ -2351,6 +2373,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2351
2373
|
};
|
|
2352
2374
|
}>, {
|
|
2353
2375
|
id: "device-authorization";
|
|
2376
|
+
version: string;
|
|
2354
2377
|
schema: {
|
|
2355
2378
|
deviceCode: {
|
|
2356
2379
|
fields: {
|
|
@@ -2399,14 +2422,14 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2399
2422
|
body: zod0.ZodObject<{
|
|
2400
2423
|
client_id: zod0.ZodString;
|
|
2401
2424
|
scope: zod0.ZodOptional<zod0.ZodString>;
|
|
2402
|
-
},
|
|
2425
|
+
}, zod_v4_core0.$strip>;
|
|
2403
2426
|
error: zod0.ZodObject<{
|
|
2404
2427
|
error: zod0.ZodEnum<{
|
|
2405
2428
|
invalid_request: "invalid_request";
|
|
2406
2429
|
invalid_client: "invalid_client";
|
|
2407
2430
|
}>;
|
|
2408
2431
|
error_description: zod0.ZodString;
|
|
2409
|
-
},
|
|
2432
|
+
}, zod_v4_core0.$strip>;
|
|
2410
2433
|
metadata: {
|
|
2411
2434
|
openapi: {
|
|
2412
2435
|
description: string;
|
|
@@ -2485,7 +2508,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2485
2508
|
grant_type: zod0.ZodLiteral<"urn:ietf:params:oauth:grant-type:device_code">;
|
|
2486
2509
|
device_code: zod0.ZodString;
|
|
2487
2510
|
client_id: zod0.ZodString;
|
|
2488
|
-
},
|
|
2511
|
+
}, zod_v4_core0.$strip>;
|
|
2489
2512
|
error: zod0.ZodObject<{
|
|
2490
2513
|
error: zod0.ZodEnum<{
|
|
2491
2514
|
invalid_request: "invalid_request";
|
|
@@ -2496,7 +2519,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2496
2519
|
invalid_grant: "invalid_grant";
|
|
2497
2520
|
}>;
|
|
2498
2521
|
error_description: zod0.ZodString;
|
|
2499
|
-
},
|
|
2522
|
+
}, zod_v4_core0.$strip>;
|
|
2500
2523
|
metadata: {
|
|
2501
2524
|
openapi: {
|
|
2502
2525
|
description: string;
|
|
@@ -2551,13 +2574,13 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2551
2574
|
method: "GET";
|
|
2552
2575
|
query: zod0.ZodObject<{
|
|
2553
2576
|
user_code: zod0.ZodString;
|
|
2554
|
-
},
|
|
2577
|
+
}, zod_v4_core0.$strip>;
|
|
2555
2578
|
error: zod0.ZodObject<{
|
|
2556
2579
|
error: zod0.ZodEnum<{
|
|
2557
2580
|
invalid_request: "invalid_request";
|
|
2558
2581
|
}>;
|
|
2559
2582
|
error_description: zod0.ZodString;
|
|
2560
|
-
},
|
|
2583
|
+
}, zod_v4_core0.$strip>;
|
|
2561
2584
|
metadata: {
|
|
2562
2585
|
openapi: {
|
|
2563
2586
|
description: string;
|
|
@@ -2594,7 +2617,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2594
2617
|
method: "POST";
|
|
2595
2618
|
body: zod0.ZodObject<{
|
|
2596
2619
|
userCode: zod0.ZodString;
|
|
2597
|
-
},
|
|
2620
|
+
}, zod_v4_core0.$strip>;
|
|
2598
2621
|
error: zod0.ZodObject<{
|
|
2599
2622
|
error: zod0.ZodEnum<{
|
|
2600
2623
|
invalid_request: "invalid_request";
|
|
@@ -2604,7 +2627,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2604
2627
|
unauthorized: "unauthorized";
|
|
2605
2628
|
}>;
|
|
2606
2629
|
error_description: zod0.ZodString;
|
|
2607
|
-
},
|
|
2630
|
+
}, zod_v4_core0.$strip>;
|
|
2608
2631
|
requireHeaders: true;
|
|
2609
2632
|
metadata: {
|
|
2610
2633
|
openapi: {
|
|
@@ -2635,7 +2658,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2635
2658
|
method: "POST";
|
|
2636
2659
|
body: zod0.ZodObject<{
|
|
2637
2660
|
userCode: zod0.ZodString;
|
|
2638
|
-
},
|
|
2661
|
+
}, zod_v4_core0.$strip>;
|
|
2639
2662
|
error: zod0.ZodObject<{
|
|
2640
2663
|
error: zod0.ZodEnum<{
|
|
2641
2664
|
invalid_request: "invalid_request";
|
|
@@ -2644,7 +2667,7 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2644
2667
|
unauthorized: "unauthorized";
|
|
2645
2668
|
}>;
|
|
2646
2669
|
error_description: zod0.ZodString;
|
|
2647
|
-
},
|
|
2670
|
+
}, zod_v4_core0.$strip>;
|
|
2648
2671
|
requireHeaders: true;
|
|
2649
2672
|
metadata: {
|
|
2650
2673
|
openapi: {
|
|
@@ -2687,8 +2710,8 @@ declare function _inferAuthType(): better_auth0.Auth<{
|
|
|
2687
2710
|
AUTHENTICATION_REQUIRED: better_auth0.RawError<"AUTHENTICATION_REQUIRED">;
|
|
2688
2711
|
};
|
|
2689
2712
|
options: Partial<{
|
|
2690
|
-
expiresIn:
|
|
2691
|
-
interval:
|
|
2713
|
+
expiresIn: better_auth_plugins0.TimeString;
|
|
2714
|
+
interval: better_auth_plugins0.TimeString;
|
|
2692
2715
|
deviceCodeLength: number;
|
|
2693
2716
|
userCodeLength: number;
|
|
2694
2717
|
schema: {
|
package/dist/auth/auth.js
CHANGED
|
@@ -6,17 +6,23 @@ import { setPasswordResetLink } from "./password-reset-link-store.js";
|
|
|
6
6
|
import { createUserProfileIfNotExists } from "../data-access/runtime/userProfiles.js";
|
|
7
7
|
import { querySsoProviderIds } from "../data-access/runtime/auth.js";
|
|
8
8
|
import { extractCookieDomain, getInitialOrganization, getTrustedOrigins, hasCredentialAccount, shouldAutoProvision } from "./auth-config-utils.js";
|
|
9
|
-
import {
|
|
9
|
+
import { checkPasswordPolicy } from "./password-policy.js";
|
|
10
10
|
import { ac, adminRole, memberRole, ownerRole } from "./permissions.js";
|
|
11
11
|
import { logSessionDeletion } from "./session-hooks.js";
|
|
12
|
+
import { createAuthMiddleware } from "better-auth/api";
|
|
12
13
|
import { betterAuth } from "better-auth";
|
|
13
14
|
import { dash } from "@better-auth/infra";
|
|
14
15
|
import { oauthProvider } from "@better-auth/oauth-provider";
|
|
15
16
|
import { sso } from "@better-auth/sso";
|
|
16
17
|
import { drizzleAdapter } from "better-auth/adapters/drizzle";
|
|
17
|
-
import { bearer, deviceAuthorization, haveIBeenPwned, jwt, lastLoginMethod, oAuthProxy, organization } from "better-auth/plugins";
|
|
18
|
+
import { bearer, captcha, deviceAuthorization, haveIBeenPwned, jwt, lastLoginMethod, oAuthProxy, organization } from "better-auth/plugins";
|
|
18
19
|
|
|
19
20
|
//#region src/auth/auth.ts
|
|
21
|
+
const CAPTCHA_GUARDED_PATHS = [
|
|
22
|
+
"/sign-up/email",
|
|
23
|
+
"/sign-in/email",
|
|
24
|
+
"/request-password-reset"
|
|
25
|
+
];
|
|
20
26
|
function createAuth(config) {
|
|
21
27
|
const cookieDomain = extractCookieDomain(config.baseURL, config.cookieDomain);
|
|
22
28
|
const isSecure = config.baseURL.startsWith("https://");
|
|
@@ -129,7 +135,10 @@ function createAuth(config) {
|
|
|
129
135
|
...config.advanced
|
|
130
136
|
},
|
|
131
137
|
trustedOrigins: (request) => getTrustedOrigins(config.dbClient, request),
|
|
132
|
-
hooks: { before:
|
|
138
|
+
hooks: { before: createAuthMiddleware(async (ctx) => {
|
|
139
|
+
await checkPasswordPolicy(ctx);
|
|
140
|
+
if (config.recaptcha && CAPTCHA_GUARDED_PATHS.includes(ctx.path) && ctx.headers?.get("x-captcha-response")) console.log("[captcha] pass", { path: ctx.path });
|
|
141
|
+
}) },
|
|
133
142
|
plugins: [
|
|
134
143
|
bearer(),
|
|
135
144
|
dash(),
|
|
@@ -361,7 +370,12 @@ function createAuth(config) {
|
|
|
361
370
|
interval: "5s",
|
|
362
371
|
userCodeLength: 8
|
|
363
372
|
}),
|
|
364
|
-
haveIBeenPwned({ customPasswordCompromisedMessage: "Please choose a more secure password." })
|
|
373
|
+
haveIBeenPwned({ customPasswordCompromisedMessage: "Please choose a more secure password." }),
|
|
374
|
+
...config.recaptcha ? [captcha({
|
|
375
|
+
provider: "google-recaptcha",
|
|
376
|
+
secretKey: config.recaptcha.secretKey,
|
|
377
|
+
minScore: config.recaptcha.minScore ?? .5
|
|
378
|
+
})] : []
|
|
365
379
|
]
|
|
366
380
|
});
|
|
367
381
|
return instance;
|
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
import { MIN_PASSWORD_LENGTH, PASSWORD_REQUIREMENTS, PasswordPolicyContext, PasswordRequirement, PolicyViolation } from "./password-policy-rules.js";
|
|
2
|
-
import * as better_auth133 from "better-auth";
|
|
3
2
|
|
|
4
3
|
//#region src/auth/password-policy.d.ts
|
|
5
4
|
declare function validatePasswordPolicy(password: string, context?: PasswordPolicyContext): PolicyViolation[];
|
|
6
5
|
declare function enforcePasswordPolicy(password: string, context?: PasswordPolicyContext): void;
|
|
7
|
-
declare
|
|
6
|
+
declare function checkPasswordPolicy(ctx: {
|
|
7
|
+
path: string;
|
|
8
|
+
body: unknown;
|
|
9
|
+
}): Promise<void>;
|
|
10
|
+
/** @deprecated Renamed to `checkPasswordPolicy`. Will be removed in a future major version. */
|
|
11
|
+
declare const passwordPolicyHook: typeof checkPasswordPolicy;
|
|
8
12
|
declare function generateCompliantPassword(length?: number): string;
|
|
9
13
|
//#endregion
|
|
10
|
-
export { MIN_PASSWORD_LENGTH, PASSWORD_REQUIREMENTS, type PasswordPolicyContext, type PasswordRequirement, type PolicyViolation, enforcePasswordPolicy, generateCompliantPassword, passwordPolicyHook, validatePasswordPolicy };
|
|
14
|
+
export { MIN_PASSWORD_LENGTH, PASSWORD_REQUIREMENTS, type PasswordPolicyContext, type PasswordRequirement, type PolicyViolation, checkPasswordPolicy, enforcePasswordPolicy, generateCompliantPassword, passwordPolicyHook, validatePasswordPolicy };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MIN_PASSWORD_LENGTH, PASSWORD_REQUIREMENTS } from "./password-policy-rules.js";
|
|
2
|
-
import { APIError
|
|
2
|
+
import { APIError } from "better-auth/api";
|
|
3
3
|
import { randomInt } from "node:crypto";
|
|
4
4
|
|
|
5
5
|
//#region src/auth/password-policy.ts
|
|
@@ -46,7 +46,7 @@ function readString(body, key) {
|
|
|
46
46
|
const value = body[key];
|
|
47
47
|
return typeof value === "string" ? value : void 0;
|
|
48
48
|
}
|
|
49
|
-
|
|
49
|
+
async function checkPasswordPolicy(ctx) {
|
|
50
50
|
if (!PASSWORD_POLICY_PATHS.has(ctx.path)) return;
|
|
51
51
|
if (!isPlainObject(ctx.body)) return;
|
|
52
52
|
const pw = readString(ctx.body, "newPassword") ?? readString(ctx.body, "password");
|
|
@@ -55,7 +55,9 @@ const passwordPolicyHook = createAuthMiddleware(async (ctx) => {
|
|
|
55
55
|
userEmail: readString(ctx.body, "email"),
|
|
56
56
|
userName: readString(ctx.body, "name")
|
|
57
57
|
});
|
|
58
|
-
}
|
|
58
|
+
}
|
|
59
|
+
/** @deprecated Renamed to `checkPasswordPolicy`. Will be removed in a future major version. */
|
|
60
|
+
const passwordPolicyHook = checkPasswordPolicy;
|
|
59
61
|
const LOWERCASE = "abcdefghijklmnopqrstuvwxyz";
|
|
60
62
|
const UPPERCASE = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
|
61
63
|
const DIGITS = "0123456789";
|
|
@@ -85,4 +87,4 @@ function generateCompliantPassword(length = MIN_PASSWORD_LENGTH + 4) {
|
|
|
85
87
|
}
|
|
86
88
|
|
|
87
89
|
//#endregion
|
|
88
|
-
export { MIN_PASSWORD_LENGTH, PASSWORD_REQUIREMENTS, enforcePasswordPolicy, generateCompliantPassword, passwordPolicyHook, validatePasswordPolicy };
|
|
90
|
+
export { MIN_PASSWORD_LENGTH, PASSWORD_REQUIREMENTS, checkPasswordPolicy, enforcePasswordPolicy, generateCompliantPassword, passwordPolicyHook, validatePasswordPolicy };
|
|
@@ -1,29 +1,29 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as better_auth_plugins7 from "better-auth/plugins";
|
|
2
2
|
import { AccessControl } from "better-auth/plugins/access";
|
|
3
3
|
import { organizationClient } from "better-auth/client/plugins";
|
|
4
4
|
|
|
5
5
|
//#region src/auth/permissions.d.ts
|
|
6
6
|
declare const ac: AccessControl;
|
|
7
7
|
declare const memberRole: {
|
|
8
|
-
authorize<K_1 extends "project" | "organization" | "
|
|
9
|
-
actions:
|
|
8
|
+
authorize<K_1 extends "project" | "organization" | "invitation" | "member" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>[key] | {
|
|
9
|
+
actions: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>[key];
|
|
10
10
|
connector: "OR" | "AND";
|
|
11
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
12
|
-
statements:
|
|
11
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins7.AuthorizeResponse;
|
|
12
|
+
statements: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>;
|
|
13
13
|
};
|
|
14
14
|
declare const adminRole: {
|
|
15
|
-
authorize<K_1 extends "project" | "organization" | "
|
|
16
|
-
actions:
|
|
15
|
+
authorize<K_1 extends "project" | "organization" | "invitation" | "member" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>[key] | {
|
|
16
|
+
actions: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>[key];
|
|
17
17
|
connector: "OR" | "AND";
|
|
18
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
19
|
-
statements:
|
|
18
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins7.AuthorizeResponse;
|
|
19
|
+
statements: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>;
|
|
20
20
|
};
|
|
21
21
|
declare const ownerRole: {
|
|
22
|
-
authorize<K_1 extends "project" | "organization" | "
|
|
23
|
-
actions:
|
|
22
|
+
authorize<K_1 extends "project" | "organization" | "invitation" | "member" | "team" | "ac">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>[key] | {
|
|
23
|
+
actions: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>[key];
|
|
24
24
|
connector: "OR" | "AND";
|
|
25
|
-
} | undefined } : never, connector?: "OR" | "AND"):
|
|
26
|
-
statements:
|
|
25
|
+
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins7.AuthorizeResponse;
|
|
26
|
+
statements: better_auth_plugins7.Subset<"project" | "organization" | "invitation" | "member" | "team" | "ac", better_auth_plugins7.Statements>;
|
|
27
27
|
};
|
|
28
28
|
//#endregion
|
|
29
29
|
export { ac, adminRole, memberRole, organizationClient, ownerRole };
|