@kuckit/auth 2.0.0 → 2.0.1

package/dist/config-BViah4xX.d.ts

@@ -0,0 +1,42 @@
+//#region src/config.d.ts
+/**
+ * Pure config exports for @kuckit/auth
+ *
+ * This entrypoint is GUARANTEED to be side-effect-free:
+ * - No better-auth instantiation
+ * - No database connections
+ * - No process.env reads at module scope
+ *
+ * Safe for CLI tools, build scripts, and config files.
+ */
+/**
+ * Auth configuration options
+ */
+interface AuthConfig {
+  /** List of trusted origins for CORS */
+  trustedOrigins?: string[];
+  /** Base URL for auth endpoints (e.g., http://localhost:3000) */
+  baseUrl?: string;
+  /** Cookie name prefix (default: better-auth) */
+  cookiePrefix?: string;
+  /** Session max age in seconds (default: 7 days) */
+  sessionMaxAge?: number;
+}
+/**
+ * Define auth configuration with type safety
+ */
+declare function defineAuthConfig(config: AuthConfig): AuthConfig;
+/**
+ * Get cookie attributes for auth cookies
+ *
+ * @param secure - Whether to use secure cookies (true in production)
+ */
+declare function getCookieAttributes(secure: boolean): {
+  secure: boolean;
+  sameSite: "lax";
+  path: string;
+  httpOnly: boolean;
+};
+//#endregion
+export { defineAuthConfig as n, getCookieAttributes as r, AuthConfig as t };
+//# sourceMappingURL=config-BViah4xX.d.ts.map

package/dist/config-BViah4xX.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-BViah4xX.d.ts","names":[],"sources":["../src/config.ts"],"sourcesContent":[],"mappings":";;AAcA;AAcA;AASA;;;;;;;;;;UAvBiB,UAAA;;;;;;;;;;;;;iBAcD,gBAAA,SAAyB,aAAa;;;;;;iBAStC,mBAAA"}

package/dist/config-BZZEHPCg.js

@@ -0,0 +1,24 @@
+//#region src/config.ts
+/**
+* Define auth configuration with type safety
+*/
+function defineAuthConfig(config) {
+	return config;
+}
+/**
+* Get cookie attributes for auth cookies
+*
+* @param secure - Whether to use secure cookies (true in production)
+*/
+function getCookieAttributes(secure) {
+	return {
+		secure,
+		sameSite: "lax",
+		path: "/",
+		httpOnly: true
+	};
+}
+
+//#endregion
+export { getCookieAttributes as n, defineAuthConfig as t };
+//# sourceMappingURL=config-BZZEHPCg.js.map

package/dist/config-BZZEHPCg.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-BZZEHPCg.js","names":[],"sources":["../src/config.ts"],"sourcesContent":["/**\n * Pure config exports for @kuckit/auth\n *\n * This entrypoint is GUARANTEED to be side-effect-free:\n * - No better-auth instantiation\n * - No database connections\n * - No process.env reads at module scope\n *\n * Safe for CLI tools, build scripts, and config files.\n */\n\n/**\n * Auth configuration options\n */\nexport interface AuthConfig {\n\t/** List of trusted origins for CORS */\n\ttrustedOrigins?: string[]\n\t/** Base URL for auth endpoints (e.g., http://localhost:3000) */\n\tbaseUrl?: string\n\t/** Cookie name prefix (default: better-auth) */\n\tcookiePrefix?: string\n\t/** Session max age in seconds (default: 7 days) */\n\tsessionMaxAge?: number\n}\n\n/**\n * Define auth configuration with type safety\n */\nexport function defineAuthConfig(config: AuthConfig): AuthConfig {\n\treturn config\n}\n\n/**\n * Get cookie attributes for auth cookies\n *\n * @param secure - Whether to use secure cookies (true in production)\n */\nexport function getCookieAttributes(secure: boolean) {\n\treturn {\n\t\tsecure,\n\t\tsameSite: 'lax' as const,\n\t\tpath: '/',\n\t\thttpOnly: true,\n\t}\n}\n"],"mappings":";;;;AA4BA,SAAgB,iBAAiB,QAAgC;AAChE,QAAO;;;;;;;AAQR,SAAgB,oBAAoB,QAAiB;AACpD,QAAO;EACN;EACA,UAAU;EACV,MAAM;EACN,UAAU;EACV"}

package/dist/config.d.ts

@@ -0,0 +1,2 @@
+import { n as defineAuthConfig, r as getCookieAttributes, t as AuthConfig } from "./config-BViah4xX.js";
+export { AuthConfig, defineAuthConfig, getCookieAttributes };

package/dist/config.js

@@ -0,0 +1,3 @@
+import { n as getCookieAttributes, t as defineAuthConfig } from "./config-BZZEHPCg.js";
+
+export { defineAuthConfig, getCookieAttributes };

package/dist/index.d.ts

@@ -1,8 +1,47 @@
-import * as better_auth0 from "better-auth";
-import { BetterAuthOptions } from "better-auth";
+import { n as defineAuthConfig, r as getCookieAttributes, t as AuthConfig } from "./config-BViah4xX.js";
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
 
 //#region src/index.d.ts
-declare const auth: better_auth0.Auth<BetterAuthOptions>;
+
+/**
+ * Auth instance type (inferred from betterAuth)
+ */
+type Auth = ReturnType<typeof betterAuth>;
+/**
+ * Database type accepted by createAuth
+ * This matches the Drizzle database type from @kuckit/db
+ */
+type AuthDbClient = Parameters<typeof drizzleAdapter>[0];
+interface CreateAuthOptions {
+  /** Drizzle database instance */
+  db: AuthDbClient;
+  /** Auth configuration */
+  config?: AuthConfig;
+}
+/**
+ * Create a Better-Auth instance
+ *
+ * This is a factory function that creates the auth instance at runtime,
+ * avoiding module-level side effects.
+ *
+ * @param options - Database and configuration options
+ * @returns Better-Auth instance
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({
+ *   db,
+ *   config: {
+ *     trustedOrigins: ['http://localhost:5173'],
+ *   },
+ * })
+ * ```
+ */
+declare function createAuth({
+  db,
+  config
+}: CreateAuthOptions): Auth;
 //#endregion
-export { auth };
+export { Auth, type AuthConfig, AuthDbClient, CreateAuthOptions, createAuth, defineAuthConfig, getCookieAttributes };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"sourcesContent":[],"mappings":";;;;cAKa,MAAI,YAAA,CAAA,KAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;AAQA;AAMY,KANA,IAAA,GAAO,UAMK,CAAqB,OANR,UAMV,CAAA;AAE3B;AA0BA;;;AAAgD,KA5BpC,YAAA,GAAe,UA4BqB,CAAA,OA5BH,cA4BG,CAAA,CAAA,CAAA,CAAA;AAAoB,UA1BnD,iBAAA,CA0BmD;EAAI;MAxBnE;;WAEK;;;;;;;;;;;;;;;;;;;;;iBAsBM,UAAA;;;GAAgC,oBAAoB"}

package/dist/index.js

@@ -1,23 +1,45 @@
+import { n as getCookieAttributes, t as defineAuthConfig } from "./config-BZZEHPCg.js";
 import { betterAuth } from "better-auth";
 import { drizzleAdapter } from "better-auth/adapters/drizzle";
-import { db } from "@kuckit/db";
 import * as schema from "@kuckit/db/schema/auth";
 
 //#region src/index.ts
-const auth = betterAuth({
-	database: drizzleAdapter(db, {
-		provider: "pg",
-		schema
-	}),
-	trustedOrigins: [process.env.CORS_ORIGIN || ""],
-	emailAndPassword: { enabled: true },
-	advanced: { defaultCookieAttributes: {
-		sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
-		secure: process.env.NODE_ENV === "production",
-		httpOnly: true
-	} }
-});
+/**
+* Create a Better-Auth instance
+*
+* This is a factory function that creates the auth instance at runtime,
+* avoiding module-level side effects.
+*
+* @param options - Database and configuration options
+* @returns Better-Auth instance
+*
+* @example
+* ```ts
+* const auth = createAuth({
+*   db,
+*   config: {
+*     trustedOrigins: ['http://localhost:5173'],
+*   },
+* })
+* ```
+*/
+function createAuth({ db, config = {} }) {
+	const isProduction = process.env.NODE_ENV === "production";
+	return betterAuth({
+		database: drizzleAdapter(db, {
+			provider: "pg",
+			schema
+		}),
+		trustedOrigins: config.trustedOrigins ?? [process.env.CORS_ORIGIN || ""],
+		emailAndPassword: { enabled: true },
+		advanced: { defaultCookieAttributes: {
+			sameSite: isProduction ? "none" : "lax",
+			secure: isProduction,
+			httpOnly: true
+		} }
+	});
+}
 
 //#endregion
-export { auth };
+export { createAuth, defineAuthConfig, getCookieAttributes };
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../src/index.ts"],"sourcesContent":["import { betterAuth, type BetterAuthOptions } from 'better-auth'\nimport { drizzleAdapter } from 'better-auth/adapters/drizzle'\nimport { db } from '@kuckit/db'\nimport * as schema from '@kuckit/db/schema/auth'\n\nexport const auth = betterAuth<BetterAuthOptions>({\n\tdatabase: drizzleAdapter(db, {\n\t\tprovider: 'pg',\n\n\t\tschema: schema,\n\t}),\n\ttrustedOrigins: [process.env.CORS_ORIGIN || ''],\n\temailAndPassword: {\n\t\tenabled: true,\n\t},\n\tadvanced: {\n\t\tdefaultCookieAttributes: {\n\t\t\tsameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',\n\t\t\tsecure: process.env.NODE_ENV === 'production',\n\t\t\thttpOnly: true,\n\t\t},\n\t},\n})\n"],"mappings":";;;;;;AAKA,MAAa,OAAO,WAA8B;CACjD,UAAU,eAAe,IAAI;EAC5B,UAAU;EAEF;EACR,CAAC;CACF,gBAAgB,CAAC,QAAQ,IAAI,eAAe,GAAG;CAC/C,kBAAkB,EACjB,SAAS,MACT;CACD,UAAU,EACT,yBAAyB;EACxB,UAAU,QAAQ,IAAI,aAAa,eAAe,SAAS;EAC3D,QAAQ,QAAQ,IAAI,aAAa;EACjC,UAAU;EACV,EACD;CACD,CAAC"}
+{"version":3,"file":"index.js","names":[],"sources":["../src/index.ts"],"sourcesContent":["import { betterAuth, type BetterAuthOptions } from 'better-auth'\nimport { drizzleAdapter } from 'better-auth/adapters/drizzle'\nimport * as schema from '@kuckit/db/schema/auth'\nimport type { AuthConfig } from './config'\n\n/**\n * Auth instance type (inferred from betterAuth)\n */\nexport type Auth = ReturnType<typeof betterAuth>\n\n/**\n * Database type accepted by createAuth\n * This matches the Drizzle database type from @kuckit/db\n */\nexport type AuthDbClient = Parameters<typeof drizzleAdapter>[0]\n\nexport interface CreateAuthOptions {\n\t/** Drizzle database instance */\n\tdb: AuthDbClient\n\t/** Auth configuration */\n\tconfig?: AuthConfig\n}\n\n/**\n * Create a Better-Auth instance\n *\n * This is a factory function that creates the auth instance at runtime,\n * avoiding module-level side effects.\n *\n * @param options - Database and configuration options\n * @returns Better-Auth instance\n *\n * @example\n * ```ts\n * const auth = createAuth({\n *   db,\n *   config: {\n *     trustedOrigins: ['http://localhost:5173'],\n *   },\n * })\n * ```\n */\nexport function createAuth({ db, config = {} }: CreateAuthOptions): Auth {\n\tconst isProduction = process.env.NODE_ENV === 'production'\n\n\treturn betterAuth<BetterAuthOptions>({\n\t\tdatabase: drizzleAdapter(db, {\n\t\t\tprovider: 'pg',\n\t\t\tschema: schema,\n\t\t}),\n\t\ttrustedOrigins: config.trustedOrigins ?? [process.env.CORS_ORIGIN || ''],\n\t\temailAndPassword: {\n\t\t\tenabled: true,\n\t\t},\n\t\tadvanced: {\n\t\t\tdefaultCookieAttributes: {\n\t\t\t\tsameSite: isProduction ? 'none' : 'lax',\n\t\t\t\tsecure: isProduction,\n\t\t\t\thttpOnly: true,\n\t\t\t},\n\t\t},\n\t})\n}\n\n// Re-export config types\nexport type { AuthConfig } from './config'\nexport { defineAuthConfig, getCookieAttributes } from './config'\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA0CA,SAAgB,WAAW,EAAE,IAAI,SAAS,EAAE,IAA6B;CACxE,MAAM,eAAe,QAAQ,IAAI,aAAa;AAE9C,QAAO,WAA8B;EACpC,UAAU,eAAe,IAAI;GAC5B,UAAU;GACF;GACR,CAAC;EACF,gBAAgB,OAAO,kBAAkB,CAAC,QAAQ,IAAI,eAAe,GAAG;EACxE,kBAAkB,EACjB,SAAS,MACT;EACD,UAAU,EACT,yBAAyB;GACxB,UAAU,eAAe,SAAS;GAClC,QAAQ;GACR,UAAU;GACV,EACD;EACD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@kuckit/auth",
-	"version": "2.0.0",
+	"version": "2.0.1",
 	"type": "module",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",
@@ -12,6 +12,10 @@
 			"types": "./dist/index.d.ts",
 			"default": "./dist/index.js"
 		},
+		"./config": {
+			"types": "./dist/config.d.ts",
+			"default": "./dist/config.js"
+		},
 		"./*": {
 			"types": "./dist/*.d.ts",
 			"default": "./dist/*.js"
@@ -31,6 +35,6 @@
 		"better-auth": "^1.3.28",
 		"dotenv": "^17.2.2",
 		"zod": "^4.1.11",
-		"@kuckit/db": "^2.0.0"
+		"@kuckit/db": "^2.0.1"
 	}
 }