@lenne.tech/nest-server 11.11.1 → 11.13.0

package/dist/core/modules/better-auth/core-better-auth-email-verification.service.js

@@ -0,0 +1,241 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var CoreBetterAuthEmailVerificationService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CoreBetterAuthEmailVerificationService = void 0;
+const common_1 = require("@nestjs/common");
+const ejs = require("ejs");
+const fs = require("fs");
+const path = require("path");
+const logging_helper_1 = require("../../common/helpers/logging.helper");
+const brevo_service_1 = require("../../common/services/brevo.service");
+const config_service_1 = require("../../common/services/config.service");
+const email_service_1 = require("../../common/services/email.service");
+const template_service_1 = require("../../common/services/template.service");
+const better_auth_config_1 = require("./better-auth.config");
+const DEFAULT_CONFIG = {
+    autoSignInAfterVerification: true,
+    callbackURL: '/auth/verify-email',
+    enabled: true,
+    expiresIn: 86400,
+    locale: 'en',
+    resendCooldownSeconds: 60,
+    template: 'email-verification',
+};
+let CoreBetterAuthEmailVerificationService = CoreBetterAuthEmailVerificationService_1 = class CoreBetterAuthEmailVerificationService {
+    constructor(configService, emailService, templateService, brevoService) {
+        this.configService = configService;
+        this.emailService = emailService;
+        this.templateService = templateService;
+        this.brevoService = brevoService;
+        this.logger = new common_1.Logger(CoreBetterAuthEmailVerificationService_1.name);
+        this.config = DEFAULT_CONFIG;
+        this.lastSendTimes = new Map();
+        this.configure();
+    }
+    isEnabled() {
+        return this.config.enabled;
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+    getExpiresIn() {
+        return this.config.expiresIn;
+    }
+    shouldAutoSignIn() {
+        return this.config.autoSignInAfterVerification;
+    }
+    async sendVerificationEmail(options) {
+        const { token, user } = options;
+        let { url } = options;
+        if (this.isInCooldown(user.email)) {
+            this.logger.debug(`Resend cooldown active for ${this.maskEmail(user.email)}, skipping email send`);
+            return;
+        }
+        if (this.config.callbackURL) {
+            url = this.buildFrontendVerificationUrl(token);
+        }
+        console.log(`[EMAIL VERIFICATION] User: ${user.email}, URL: ${url}`);
+        if (this.config.brevoTemplateId && this.brevoService) {
+            try {
+                const appName = this.getAppName();
+                await this.brevoService.sendMail(user.email, this.config.brevoTemplateId, {
+                    appName,
+                    expiresIn: this.formatExpiresIn(this.config.expiresIn),
+                    link: url,
+                    name: user.name || user.email.split('@')[0],
+                });
+                this.trackSend(user.email);
+                this.logger.debug(`Verification email sent via Brevo to ${this.maskEmail(user.email)}`);
+                return;
+            }
+            catch (error) {
+                this.logger.error(`Failed to send verification email via Brevo to ${this.maskEmail(user.email)}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+                throw error;
+            }
+        }
+        if (!this.emailService) {
+            this.logger.warn('EmailService not available, cannot send verification email');
+            return;
+        }
+        try {
+            const resolved = await this.resolveTemplatePath(this.config.template, this.config.locale);
+            const appName = this.getAppName();
+            const templateData = {
+                appName,
+                expiresIn: this.formatExpiresIn(this.config.expiresIn),
+                link: url,
+                name: user.name || user.email.split('@')[0],
+            };
+            if (resolved.isAbsolute) {
+                const templateContent = fs.readFileSync(`${resolved.path}.ejs`, 'utf-8');
+                const html = ejs.render(templateContent, templateData);
+                await this.emailService.sendMail(user.email, this.getEmailSubject(appName), { html });
+            }
+            else {
+                await this.emailService.sendMail(user.email, this.getEmailSubject(appName), {
+                    htmlTemplate: resolved.path,
+                    templateData,
+                });
+            }
+            this.trackSend(user.email);
+            this.logger.debug(`Verification email sent to ${this.maskEmail(user.email)}`);
+        }
+        catch (error) {
+            this.logger.error(`Failed to send verification email to ${this.maskEmail(user.email)}: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            throw error;
+        }
+    }
+    configure() {
+        const rawConfig = this.configService.getFastButReadOnly('betterAuth.emailVerification');
+        if (rawConfig === false) {
+            this.config = { ...DEFAULT_CONFIG, enabled: false };
+            return;
+        }
+        if (!rawConfig || rawConfig === true) {
+            this.config = { ...DEFAULT_CONFIG, enabled: true };
+            return;
+        }
+        this.config = {
+            ...DEFAULT_CONFIG,
+            ...rawConfig,
+            enabled: rawConfig.enabled !== false,
+        };
+    }
+    buildFrontendVerificationUrl(token) {
+        let baseUrl = this.config.callbackURL;
+        if (baseUrl.startsWith('/')) {
+            const appUrl = this.configService.getFastButReadOnly('appUrl') || 'http://localhost:3001';
+            baseUrl = `${appUrl.replace(/\/$/, '')}${baseUrl}`;
+        }
+        const separator = baseUrl.includes('?') ? '&' : '?';
+        return `${baseUrl}${separator}token=${token}`;
+    }
+    async resolveTemplatePath(templateName, locale) {
+        const projectTemplatesPath = this.configService.getFastButReadOnly('templates.path');
+        const nestServerTemplatesPath = path.join(__dirname, '..', '..', '..', 'templates');
+        const candidates = [
+            { base: projectTemplatesPath, isNestServer: false, name: `${templateName}-${locale}` },
+            { base: projectTemplatesPath, isNestServer: false, name: templateName },
+            { base: nestServerTemplatesPath, isNestServer: true, name: `${templateName}-${locale}` },
+            { base: nestServerTemplatesPath, isNestServer: true, name: templateName },
+        ];
+        for (const candidate of candidates) {
+            if (!candidate.base)
+                continue;
+            const fullPath = path.join(candidate.base, `${candidate.name}.ejs`);
+            if (fs.existsSync(fullPath)) {
+                if (candidate.isNestServer) {
+                    return { isAbsolute: true, path: fullPath.replace('.ejs', '') };
+                }
+                return { isAbsolute: false, path: candidate.name };
+            }
+        }
+        this.logger.warn(`Template '${templateName}' not found in any location, using fallback`);
+        return { isAbsolute: false, path: templateName };
+    }
+    getAppName() {
+        try {
+            const packageJsonPath = path.join(process.cwd(), 'package.json');
+            const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+            if (packageJson.name) {
+                return this.formatProjectName(packageJson.name);
+            }
+        }
+        catch {
+        }
+        return 'Nest Server';
+    }
+    formatProjectName(name) {
+        return (0, better_auth_config_1.formatProjectName)(name);
+    }
+    getEmailSubject(appName) {
+        const locale = this.config.locale;
+        if (locale === 'de') {
+            return `${appName} - E-Mail-Adresse bestätigen`;
+        }
+        return `${appName} - Verify your email address`;
+    }
+    formatExpiresIn(seconds) {
+        const hours = Math.floor(seconds / 3600);
+        const locale = this.config.locale;
+        if (hours >= 24) {
+            const days = Math.floor(hours / 24);
+            if (locale === 'de') {
+                return days === 1 ? '1 Tag' : `${days} Tage`;
+            }
+            return days === 1 ? '1 day' : `${days} days`;
+        }
+        if (locale === 'de') {
+            return hours === 1 ? '1 Stunde' : `${hours} Stunden`;
+        }
+        return hours === 1 ? '1 hour' : `${hours} hours`;
+    }
+    isInCooldown(email) {
+        const cooldown = this.config.resendCooldownSeconds;
+        if (cooldown <= 0)
+            return false;
+        const key = email.toLowerCase();
+        const lastSend = this.lastSendTimes.get(key);
+        if (!lastSend)
+            return false;
+        const elapsed = (Date.now() - lastSend) / 1000;
+        return elapsed < cooldown;
+    }
+    trackSend(email) {
+        const key = email.toLowerCase();
+        this.lastSendTimes.set(key, Date.now());
+        const cooldown = this.config.resendCooldownSeconds;
+        if (cooldown > 0) {
+            setTimeout(() => this.lastSendTimes.delete(key), cooldown * 1000);
+        }
+    }
+    maskEmail(email) {
+        return (0, logging_helper_1.maskEmail)(email);
+    }
+};
+exports.CoreBetterAuthEmailVerificationService = CoreBetterAuthEmailVerificationService;
+CoreBetterAuthEmailVerificationService.BREVO_SERVICE_TOKEN = 'BETTER_AUTH_BREVO_SERVICE';
+exports.CoreBetterAuthEmailVerificationService = CoreBetterAuthEmailVerificationService = CoreBetterAuthEmailVerificationService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(1, (0, common_1.Optional)()),
+    __param(2, (0, common_1.Optional)()),
+    __param(3, (0, common_1.Optional)()),
+    __param(3, (0, common_1.Inject)(CoreBetterAuthEmailVerificationService.BREVO_SERVICE_TOKEN)),
+    __metadata("design:paramtypes", [config_service_1.ConfigService,
+        email_service_1.EmailService,
+        template_service_1.TemplateService,
+        brevo_service_1.BrevoService])
+], CoreBetterAuthEmailVerificationService);
+//# sourceMappingURL=core-better-auth-email-verification.service.js.map

package/dist/core/modules/better-auth/core-better-auth-email-verification.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core-better-auth-email-verification.service.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/core-better-auth-email-verification.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAsE;AACtE,2BAA2B;AAC3B,yBAAyB;AACzB,6BAA6B;AAE7B,wEAAgE;AAEhE,uEAAmE;AACnE,yEAAqE;AACrE,uEAAmE;AACnE,6EAAyE;AACzE,6DAAyD;AAazD,MAAM,cAAc,GAAoC;IACtD,2BAA2B,EAAE,IAAI;IACjC,WAAW,EAAE,oBAAoB;IACjC,OAAO,EAAE,IAAI;IACb,SAAS,EAAE,KAAK;IAChB,MAAM,EAAE,IAAI;IACZ,qBAAqB,EAAE,EAAE;IACzB,QAAQ,EAAE,oBAAoB;CAC/B,CAAC;AAyDK,IAAM,sCAAsC,8CAA5C,MAAM,sCAAsC;IAkBjD,YACqB,aAA4B,EACnC,YAA8C,EAC9C,eAAoD,EACgB,YAAqD;QAHlH,kBAAa,GAAb,aAAa,CAAe;QAChB,iBAAY,GAAZ,YAAY,CAAe;QAC3B,oBAAe,GAAf,eAAe,CAAkB;QACmC,iBAAY,GAAZ,YAAY,CAAsB;QArBpH,WAAM,GAAG,IAAI,eAAM,CAAC,wCAAsC,CAAC,IAAI,CAAC,CAAC;QAC1E,WAAM,GAAoC,cAAc,CAAC;QAMlD,kBAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;QAgBzD,IAAI,CAAC,SAAS,EAAE,CAAC;IACnB,CAAC;IAKD,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAKD,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAKD,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;IAC/B,CAAC;IAKD,gBAAgB;QACd,OAAO,IAAI,CAAC,MAAM,CAAC,2BAA2B,CAAC;IACjD,CAAC;IAUD,KAAK,CAAC,qBAAqB,CAAC,OAAqC;QAC/D,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QAChC,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAGtB,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACnG,OAAO;QACT,CAAC;QAGD,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,GAAG,GAAG,IAAI,CAAC,4BAA4B,CAAC,KAAK,CAAC,CAAC;QACjD,CAAC;QAMD,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,CAAC,KAAK,UAAU,GAAG,EAAE,CAAC,CAAC;QAGrE,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACrD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE;oBACxE,OAAO;oBACP,SAAS,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;oBACtD,IAAI,EAAE,GAAG;oBACT,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;iBAC5C,CAAC,CAAC;gBACH,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBACxF,OAAO;YACT,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kDAAkD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;gBAC/J,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;YAC/E,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC1F,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAElC,MAAM,YAAY,GAAG;gBACnB,OAAO;gBACP,SAAS,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;gBACtD,IAAI,EAAE,GAAG;gBACT,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC5C,CAAC;YAEF,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gBAExB,MAAM,eAAe,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,IAAI,MAAM,EAAE,OAAO,CAAC,CAAC;gBACzE,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;gBAEvD,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAC9B,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAC7B,EAAE,IAAI,EAAE,CACT,CAAC;YACJ,CAAC;iBAAM,CAAC;gBAEN,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAC9B,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAC7B;oBACE,YAAY,EAAE,QAAQ,CAAC,IAAI;oBAC3B,YAAY;iBACb,CACF,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;YACrJ,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAWS,SAAS;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAA+C,8BAA8B,CAAC,CAAC;QAGtI,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YACpD,OAAO;QACT,CAAC;QAGD,IAAI,CAAC,SAAS,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACrC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACnD,OAAO;QACT,CAAC;QAGD,IAAI,CAAC,MAAM,GAAG;YACZ,GAAG,cAAc;YACjB,GAAG,SAAS;YACZ,OAAO,EAAE,SAAS,CAAC,OAAO,KAAK,KAAK;SACrC,CAAC;IACJ,CAAC;IAUS,4BAA4B,CAAC,KAAa;QAClD,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,WAAY,CAAC;QAGvC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAS,QAAQ,CAAC,IAAI,uBAAuB,CAAC;YAClG,OAAO,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC;QACrD,CAAC;QAGD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACpD,OAAO,GAAG,OAAO,GAAG,SAAS,SAAS,KAAK,EAAE,CAAC;IAChD,CAAC;IAeS,KAAK,CAAC,mBAAmB,CAAC,YAAoB,EAAE,MAAc;QACtE,MAAM,oBAAoB,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAS,gBAAgB,CAAC,CAAC;QAC7F,MAAM,uBAAuB,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAEpF,MAAM,UAAU,GAAG;YAEjB,EAAE,IAAI,EAAE,oBAAoB,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,YAAY,IAAI,MAAM,EAAE,EAAE;YAEtF,EAAE,IAAI,EAAE,oBAAoB,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE;YAEvE,EAAE,IAAI,EAAE,uBAAuB,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,YAAY,IAAI,MAAM,EAAE,EAAE;YAExF,EAAE,IAAI,EAAE,uBAAuB,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE;SAC1E,CAAC;QAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC,SAAS,CAAC,IAAI;gBAAE,SAAS;YAE9B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,SAAS,CAAC,IAAI,MAAM,CAAC,CAAC;YACpE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;oBAE3B,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;gBAClE,CAAC;gBAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;YACrD,CAAC;QACH,CAAC;QAGD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,YAAY,6CAA6C,CAAC,CAAC;QACzF,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;IACnD,CAAC;IAKS,UAAU;QAElB,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;YACjE,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;YAC1E,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;gBACrB,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;QAET,CAAC;QACD,OAAO,aAAa,CAAC;IACvB,CAAC;IAMS,iBAAiB,CAAC,IAAY;QACtC,OAAO,IAAA,sCAAiB,EAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAKS,eAAe,CAAC,OAAe;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAClC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,GAAG,OAAO,8BAA8B,CAAC;QAClD,CAAC;QACD,OAAO,GAAG,OAAO,8BAA8B,CAAC;IAClD,CAAC;IAKS,eAAe,CAAC,OAAe;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;YACpC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;gBACpB,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC;YAC/C,CAAC;YACD,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC;QAC/C,CAAC;QAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,KAAK,UAAU,CAAC;QACvD,CAAC;QACD,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IACnD,CAAC;IAKS,YAAY,CAAC,KAAa;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;QACnD,IAAI,QAAQ,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QAEhC,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAE5B,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC;QAC/C,OAAO,OAAO,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAKS,SAAS,CAAC,KAAa;QAC/B,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAGxC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;QACnD,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjB,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAMS,SAAS,CAAC,KAAa;QAC/B,OAAO,IAAA,0BAAS,EAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;;AAtVU,wFAAsC;AAgBjC,0DAAmB,GAAG,2BAA2B,AAA9B,CAA+B;iDAhBvD,sCAAsC;IADlD,IAAA,mBAAU,GAAE;IAqBR,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,iBAAQ,GAAE,CAAA;IACV,WAAA,IAAA,iBAAQ,GAAE,CAAA;IAAE,WAAA,IAAA,eAAM,EAAC,sCAAsC,CAAC,mBAAmB,CAAC,CAAA;qCAH7C,8BAAa;QACD,4BAAY;QACT,kCAAe;QACkD,4BAAY;GAtBrH,sCAAsC,CAuVlD"}

package/dist/core/modules/better-auth/core-better-auth-models.d.ts

@@ -35,9 +35,10 @@ export declare class CoreBetterAuthPasskeyChallengeModel {
     error?: string;
 }
 export declare class CoreBetterAuthFeaturesModel {
+    emailVerification: boolean;
     enabled: boolean;
     jwt: boolean;
-    twoFactor: boolean;
     passkey: boolean;
     socialProviders: string[];
+    twoFactor: boolean;
 }

package/dist/core/modules/better-auth/core-better-auth-models.js

@@ -154,6 +154,10 @@ exports.CoreBetterAuthPasskeyChallengeModel = CoreBetterAuthPasskeyChallengeMode
 let CoreBetterAuthFeaturesModel = class CoreBetterAuthFeaturesModel {
 };
 exports.CoreBetterAuthFeaturesModel = CoreBetterAuthFeaturesModel;
+__decorate([
+    (0, graphql_1.Field)(() => Boolean, { description: 'Whether email verification is required on sign-up' }),
+    __metadata("design:type", Boolean)
+], CoreBetterAuthFeaturesModel.prototype, "emailVerification", void 0);
 __decorate([
     (0, graphql_1.Field)(() => Boolean, { description: 'Whether Better-Auth is enabled' }),
     __metadata("design:type", Boolean)
@@ -162,10 +166,6 @@ __decorate([
     (0, graphql_1.Field)(() => Boolean, { description: 'Whether JWT plugin is enabled' }),
     __metadata("design:type", Boolean)
 ], CoreBetterAuthFeaturesModel.prototype, "jwt", void 0);
-__decorate([
-    (0, graphql_1.Field)(() => Boolean, { description: 'Whether 2FA is enabled' }),
-    __metadata("design:type", Boolean)
-], CoreBetterAuthFeaturesModel.prototype, "twoFactor", void 0);
 __decorate([
     (0, graphql_1.Field)(() => Boolean, { description: 'Whether Passkey is enabled' }),
     __metadata("design:type", Boolean)
@@ -174,6 +174,10 @@ __decorate([
     (0, graphql_1.Field)(() => [String], { description: 'List of enabled social providers' }),
     __metadata("design:type", Array)
 ], CoreBetterAuthFeaturesModel.prototype, "socialProviders", void 0);
+__decorate([
+    (0, graphql_1.Field)(() => Boolean, { description: 'Whether 2FA is enabled' }),
+    __metadata("design:type", Boolean)
+], CoreBetterAuthFeaturesModel.prototype, "twoFactor", void 0);
 exports.CoreBetterAuthFeaturesModel = CoreBetterAuthFeaturesModel = __decorate([
     (0, graphql_1.ObjectType)({ description: 'Better-Auth features status' }),
     (0, restricted_decorator_1.Restricted)(role_enum_1.RoleEnum.S_EVERYONE)

package/dist/core/modules/better-auth/core-better-auth-models.js.map

@@ -1 +1 @@
-{"version":3,"file":"core-better-auth-models.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/core-better-auth-models.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAoD;AAEpD,uFAA0E;AAC1E,4DAAwD;AAOjD,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;CAqBnC,CAAA;AArBY,0DAAuB;AAElC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;;mDACrC;AAGX;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sDAClF;AAGf;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;;sDACxC;AAGd;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;qDACvD;AAGd;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8DACvD;AAGxB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yDAC3D;AAGnB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sDACpD;kCApBN,uBAAuB;IAFnC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAC/C,IAAA,iCAAU,EAAC,oBAAQ,CAAC,UAAU,CAAC;GACnB,uBAAuB,CAqBnC;AAOM,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;CAStC,CAAA;AATY,gEAA0B;AAErC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;;sDACxC;AAGX;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,CAAC;8BACnD,IAAI;6DAAC;AAGhB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,uBAAuB,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;8BAChE,uBAAuB;wDAAC;qCARnB,0BAA0B;IAFtC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IAClD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,0BAA0B,CAStC;AAOM,IAAM,8BAA8B,GAApC,MAAM,8BAA8B;CAS1C,CAAA;AATY,wEAA8B;AAEzC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0DACvD;AAGZ;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6DACvD;AAGf;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BAClE,IAAI;iEAAC;yCARN,8BAA8B;IAF1C,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,0BAA0B,EAAE,CAAC;IACvD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,UAAU,CAAC;GACnB,8BAA8B,CAS1C;AAOM,IAAM,2BAA2B,GAAjC,MAAM,2BAA2B;CAYvC,CAAA;AAZY,kEAA2B;AAEtC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sCAAsC,EAAE,CAAC;;4DAC7D;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;4DACvE;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,EAAE,mCAAmC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gEACrE;AAGvB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0DACjE;sCAXJ,2BAA2B;IAFvC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACzD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,2BAA2B,CAYvC;AAOM,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;CAYtC,CAAA;AAZY,gEAA0B;AAErC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;;sDACxC;AAGX;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;wDACvD;AAGd;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;;gEACjC;AAGrB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;8BACzC,IAAI;6DAAC;qCAXL,0BAA0B;IAFtC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IAClD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,0BAA0B,CAYtC;AAOM,IAAM,mCAAmC,GAAzC,MAAM,mCAAmC;CAS/C,CAAA;AATY,kFAAmC;AAE9C;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sCAAsC,EAAE,CAAC;;oEAC7D;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sEAC3D;AAGnB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;kEACjE;8CARJ,mCAAmC;IAF/C,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,4CAA4C,EAAE,CAAC;IACzE,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,mCAAmC,CAS/C;AAOM,IAAM,2BAA2B,GAAjC,MAAM,2BAA2B;CAevC,CAAA;AAfY,kEAA2B;AAEtC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,gCAAgC,EAAE,CAAC;;4DACvD;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC;;wDAC1D;AAGb;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;;8DAC7C;AAGnB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;;4DACnD;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,EAAE,kCAAkC,EAAE,CAAC;;oEACjD;sCAdf,2BAA2B;IAFvC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,6BAA6B,EAAE,CAAC;IAC1D,IAAA,iCAAU,EAAC,oBAAQ,CAAC,UAAU,CAAC;GACnB,2BAA2B,CAevC"}
+{"version":3,"file":"core-better-auth-models.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/core-better-auth-models.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAoD;AAEpD,uFAA0E;AAC1E,4DAAwD;AAOjD,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;CAqBnC,CAAA;AArBY,0DAAuB;AAElC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;;mDACrC;AAGX;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sDAClF;AAGf;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;;sDACxC;AAGd;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;qDACvD;AAGd;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8DACvD;AAGxB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;yDAC3D;AAGnB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sDACpD;kCApBN,uBAAuB;IAFnC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAC/C,IAAA,iCAAU,EAAC,oBAAQ,CAAC,UAAU,CAAC;GACnB,uBAAuB,CAqBnC;AAOM,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;CAStC,CAAA;AATY,gEAA0B;AAErC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;;sDACxC;AAGX;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,CAAC;8BACnD,IAAI;6DAAC;AAGhB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,uBAAuB,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;8BAChE,uBAAuB;wDAAC;qCARnB,0BAA0B;IAFtC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IAClD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,0BAA0B,CAStC;AAOM,IAAM,8BAA8B,GAApC,MAAM,8BAA8B;CAS1C,CAAA;AATY,wEAA8B;AAEzC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0DACvD;AAGZ;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6DACvD;AAGf;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;8BAClE,IAAI;iEAAC;yCARN,8BAA8B;IAF1C,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,0BAA0B,EAAE,CAAC;IACvD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,UAAU,CAAC;GACnB,8BAA8B,CAS1C;AAOM,IAAM,2BAA2B,GAAjC,MAAM,2BAA2B;CAYvC,CAAA;AAZY,kEAA2B;AAEtC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sCAAsC,EAAE,CAAC;;4DAC7D;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;4DACvE;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,EAAE,mCAAmC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;gEACrE;AAGvB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;0DACjE;sCAXJ,2BAA2B;IAFvC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACzD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,2BAA2B,CAYvC;AAOM,IAAM,0BAA0B,GAAhC,MAAM,0BAA0B;CAYtC,CAAA;AAZY,gEAA0B;AAErC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;;sDACxC;AAGX;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;wDACvD;AAGd;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;;gEACjC;AAGrB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;8BACzC,IAAI;6DAAC;qCAXL,0BAA0B;IAFtC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;IAClD,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,0BAA0B,CAYtC;AAOM,IAAM,mCAAmC,GAAzC,MAAM,mCAAmC;CAS/C,CAAA;AATY,kFAAmC;AAE9C;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sCAAsC,EAAE,CAAC;;oEAC7D;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;sEAC3D;AAGnB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;kEACjE;8CARJ,mCAAmC;IAF/C,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,4CAA4C,EAAE,CAAC;IACzE,IAAA,iCAAU,EAAC,oBAAQ,CAAC,MAAM,CAAC;GACf,mCAAmC,CAS/C;AAOM,IAAM,2BAA2B,GAAjC,MAAM,2BAA2B;CAkBvC,CAAA;AAlBY,kEAA2B;AAEtC;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,mDAAmD,EAAE,CAAC;;sEAChE;AAG3B;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,gCAAgC,EAAE,CAAC;;4DACvD;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC;;wDAC1D;AAGb;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;;4DACnD;AAGjB;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,WAAW,EAAE,kCAAkC,EAAE,CAAC;;oEACjD;AAG1B;IADC,IAAA,eAAK,EAAC,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;;8DAC7C;sCAjBR,2BAA2B;IAFvC,IAAA,oBAAU,EAAC,EAAE,WAAW,EAAE,6BAA6B,EAAE,CAAC;IAC1D,IAAA,iCAAU,EAAC,oBAAQ,CAAC,UAAU,CAAC;GACnB,2BAA2B,CAkBvC"}

package/dist/core/modules/better-auth/core-better-auth-signup-validator.service.d.ts

@@ -0,0 +1,18 @@
+import { Logger } from '@nestjs/common';
+import { IBetterAuthSignUpChecksConfig } from '../../common/interfaces/server-options.interface';
+import { ConfigService } from '../../common/services/config.service';
+export interface SignUpValidationInput {
+    [key: string]: unknown;
+    termsAndPrivacyAccepted?: boolean;
+}
+export declare class CoreBetterAuthSignUpValidatorService {
+    protected readonly configService: ConfigService;
+    protected readonly logger: Logger;
+    protected config: Required<IBetterAuthSignUpChecksConfig>;
+    constructor(configService: ConfigService);
+    isEnabled(): boolean;
+    getConfig(): Required<IBetterAuthSignUpChecksConfig>;
+    getRequiredFields(): string[];
+    validateSignUpInput(input: SignUpValidationInput): void;
+    protected configure(): void;
+}

package/dist/core/modules/better-auth/core-better-auth-signup-validator.service.js

@@ -0,0 +1,82 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var CoreBetterAuthSignUpValidatorService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CoreBetterAuthSignUpValidatorService = void 0;
+const common_1 = require("@nestjs/common");
+const config_service_1 = require("../../common/services/config.service");
+const error_codes_1 = require("../error-code/error-codes");
+const DEFAULT_CONFIG = {
+    enabled: true,
+    requiredFields: ['termsAndPrivacyAccepted'],
+};
+let CoreBetterAuthSignUpValidatorService = CoreBetterAuthSignUpValidatorService_1 = class CoreBetterAuthSignUpValidatorService {
+    constructor(configService) {
+        this.configService = configService;
+        this.logger = new common_1.Logger(CoreBetterAuthSignUpValidatorService_1.name);
+        this.config = DEFAULT_CONFIG;
+        this.configure();
+    }
+    isEnabled() {
+        return this.config.enabled;
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+    getRequiredFields() {
+        return [...this.config.requiredFields];
+    }
+    validateSignUpInput(input) {
+        if (!this.config.enabled) {
+            return;
+        }
+        const missingFields = [];
+        for (const field of this.config.requiredFields) {
+            const value = input[field];
+            if (value === undefined || value === null || value === false || value === '') {
+                missingFields.push(field);
+            }
+        }
+        if (missingFields.length > 0) {
+            this.logger.debug(`Sign-up validation failed: missing required fields: ${missingFields.join(', ')}`);
+            if (missingFields.includes('termsAndPrivacyAccepted')) {
+                throw new common_1.BadRequestException(error_codes_1.ErrorCode.SIGNUP_TERMS_NOT_ACCEPTED);
+            }
+            throw new common_1.BadRequestException(`${error_codes_1.ErrorCode.SIGNUP_MISSING_REQUIRED_FIELDS} - Missing: ${missingFields.join(', ')}`);
+        }
+    }
+    configure() {
+        const rawConfig = this.configService.getFastButReadOnly('betterAuth.signUpChecks');
+        if (rawConfig === undefined || rawConfig === null || rawConfig === true) {
+            this.config = { ...DEFAULT_CONFIG, enabled: true };
+            return;
+        }
+        if (rawConfig === false) {
+            this.config = { ...DEFAULT_CONFIG, enabled: false };
+            return;
+        }
+        const enabled = rawConfig.enabled !== false;
+        this.config = {
+            ...DEFAULT_CONFIG,
+            ...rawConfig,
+            enabled,
+        };
+        if (!Array.isArray(this.config.requiredFields)) {
+            this.config.requiredFields = DEFAULT_CONFIG.requiredFields;
+        }
+    }
+};
+exports.CoreBetterAuthSignUpValidatorService = CoreBetterAuthSignUpValidatorService;
+exports.CoreBetterAuthSignUpValidatorService = CoreBetterAuthSignUpValidatorService = CoreBetterAuthSignUpValidatorService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_service_1.ConfigService])
+], CoreBetterAuthSignUpValidatorService);
+//# sourceMappingURL=core-better-auth-signup-validator.service.js.map

package/dist/core/modules/better-auth/core-better-auth-signup-validator.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core-better-auth-signup-validator.service.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/core-better-auth-signup-validator.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAyE;AAGzE,yEAAqE;AACrE,2DAAsD;AAKtD,MAAM,cAAc,GAA4C;IAC9D,OAAO,EAAE,IAAI;IACb,cAAc,EAAE,CAAC,yBAAyB,CAAC;CAC5C,CAAC;AA+DK,IAAM,oCAAoC,4CAA1C,MAAM,oCAAoC;IAI/C,YAA+B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QAHxC,WAAM,GAAG,IAAI,eAAM,CAAC,sCAAoC,CAAC,IAAI,CAAC,CAAC;QACxE,WAAM,GAA4C,cAAc,CAAC;QAGzE,IAAI,CAAC,SAAS,EAAE,CAAC;IACnB,CAAC;IAKD,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAKD,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAKD,iBAAiB;QACf,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACzC,CAAC;IAQD,mBAAmB,CAAC,KAA4B;QAC9C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAa,EAAE,CAAC;QAEnC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;YAG3B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;gBAC7E,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAGrG,IAAI,aAAa,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,4BAAmB,CAAC,uBAAS,CAAC,yBAAyB,CAAC,CAAC;YACrE,CAAC;YAGD,MAAM,IAAI,4BAAmB,CAC3B,GAAG,uBAAS,CAAC,8BAA8B,eAAe,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACrF,CAAC;QACJ,CAAC;IACH,CAAC;IAWS,SAAS;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAA0C,yBAAyB,CAAC,CAAC;QAG5H,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxE,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACnD,OAAO;QACT,CAAC;QAED,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YACpD,OAAO;QACT,CAAC;QAGD,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,KAAK,KAAK,CAAC;QAC5C,IAAI,CAAC,MAAM,GAAG;YACZ,GAAG,cAAc;YACjB,GAAG,SAAS;YACZ,OAAO;SACR,CAAC;QAGF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC,cAAc,CAAC;QAC7D,CAAC;IACH,CAAC;CACF,CAAA;AAtGY,oFAAoC;+CAApC,oCAAoC;IADhD,IAAA,mBAAU,GAAE;qCAKmC,8BAAa;GAJhD,oCAAoC,CAsGhD"}

package/dist/core/modules/better-auth/core-better-auth-token.helper.d.ts

@@ -0,0 +1,16 @@
+export declare enum TokenType {
+    BETTER_AUTH_JWT = "better_auth_jwt",
+    LEGACY_JWT = "legacy_jwt",
+    SESSION_TOKEN = "session_token",
+    UNKNOWN = "unknown"
+}
+export interface TokenAnalysisResult {
+    payload?: Record<string, unknown>;
+    type: TokenType;
+}
+export declare function analyzeToken(token: string): TokenAnalysisResult;
+export declare function getUserIdFromToken(token: string): null | string;
+export declare function isBetterAuthJwt(token: string): boolean;
+export declare function isJwt(token: string): boolean;
+export declare function isLegacyJwt(token: string): boolean;
+export declare function isSessionToken(token: string): boolean;

package/dist/core/modules/better-auth/core-better-auth-token.helper.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenType = void 0;
+exports.analyzeToken = analyzeToken;
+exports.getUserIdFromToken = getUserIdFromToken;
+exports.isBetterAuthJwt = isBetterAuthJwt;
+exports.isJwt = isJwt;
+exports.isLegacyJwt = isLegacyJwt;
+exports.isSessionToken = isSessionToken;
+var TokenType;
+(function (TokenType) {
+    TokenType["BETTER_AUTH_JWT"] = "better_auth_jwt";
+    TokenType["LEGACY_JWT"] = "legacy_jwt";
+    TokenType["SESSION_TOKEN"] = "session_token";
+    TokenType["UNKNOWN"] = "unknown";
+})(TokenType || (exports.TokenType = TokenType = {}));
+function analyzeToken(token) {
+    if (!token || typeof token !== 'string') {
+        return { type: TokenType.UNKNOWN };
+    }
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        return { type: TokenType.SESSION_TOKEN };
+    }
+    try {
+        const payloadStr = Buffer.from(parts[1], 'base64url').toString('utf-8');
+        const payload = JSON.parse(payloadStr);
+        if (payload.id !== undefined && payload.sub === undefined) {
+            return { payload, type: TokenType.LEGACY_JWT };
+        }
+        if (payload.sub !== undefined) {
+            return { payload, type: TokenType.BETTER_AUTH_JWT };
+        }
+        return { payload, type: TokenType.UNKNOWN };
+    }
+    catch {
+        return { type: TokenType.SESSION_TOKEN };
+    }
+}
+function getUserIdFromToken(token) {
+    const result = analyzeToken(token);
+    if (!result.payload) {
+        return null;
+    }
+    if (result.type === TokenType.LEGACY_JWT) {
+        return result.payload.id;
+    }
+    if (result.type === TokenType.BETTER_AUTH_JWT) {
+        return result.payload.sub;
+    }
+    return null;
+}
+function isBetterAuthJwt(token) {
+    return analyzeToken(token).type === TokenType.BETTER_AUTH_JWT;
+}
+function isJwt(token) {
+    const result = analyzeToken(token);
+    return result.type === TokenType.LEGACY_JWT || result.type === TokenType.BETTER_AUTH_JWT;
+}
+function isLegacyJwt(token) {
+    return analyzeToken(token).type === TokenType.LEGACY_JWT;
+}
+function isSessionToken(token) {
+    return analyzeToken(token).type === TokenType.SESSION_TOKEN;
+}
+//# sourceMappingURL=core-better-auth-token.helper.js.map

package/dist/core/modules/better-auth/core-better-auth-token.helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core-better-auth-token.helper.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/core-better-auth-token.helper.ts"],"names":[],"mappings":";;;AAyDA,oCAkCC;AAgBD,gDAgBC;AAWD,0CAEC;AAiBD,sBAGC;AAoBD,kCAEC;AAmBD,wCAEC;AAxLD,IAAY,SASX;AATD,WAAY,SAAS;IAEnB,gDAAmC,CAAA;IAEnC,sCAAyB,CAAA;IAEzB,4CAA+B,CAAA;IAE/B,gCAAmB,CAAA;AACrB,CAAC,EATW,SAAS,yBAAT,SAAS,QASpB;AAiCD,SAAgB,YAAY,CAAC,KAAa;IACxC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAG/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC;IAC3C,CAAC;IAGD,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAA4B,CAAC;QAIlE,IAAI,OAAO,CAAC,EAAE,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC1D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;QACjD,CAAC;QAGD,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,eAAe,EAAE,CAAC;QACtD,CAAC;QAGD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QAEP,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC;IAC3C,CAAC;AACH,CAAC;AAgBD,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAEnC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,UAAU,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC,OAAO,CAAC,EAAmB,CAAC;IAC5C,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,eAAe,EAAE,CAAC;QAC9C,OAAO,MAAM,CAAC,OAAO,CAAC,GAAoB,CAAC;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAWD,SAAgB,eAAe,CAAC,KAAa;IAC3C,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,eAAe,CAAC;AAChE,CAAC;AAiBD,SAAgB,KAAK,CAAC,KAAa;IACjC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACnC,OAAO,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,eAAe,CAAC;AAC3F,CAAC;AAoBD,SAAgB,WAAW,CAAC,KAAa;IACvC,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,UAAU,CAAC;AAC3D,CAAC;AAmBD,SAAgB,cAAc,CAAC,KAAa;IAC1C,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,aAAa,CAAC;AAC9D,CAAC"}

package/dist/core/modules/better-auth/core-better-auth-user.mapper.d.ts

@@ -56,7 +56,6 @@ export declare class CoreBetterAuthUserMapper {
     private generateId;
     normalizePasswordForIam(password: string): string;
     private hashPasswordForBetterAuth;
-    private bytesToHex;
     linkOrCreateUser(sessionUser: BetterAuthSessionUser, additionalData?: Record<string, any>): Promise<null | SyncedUserDocument>;
     syncEmailChangeFromLegacy(oldEmail: string, newEmail: string): Promise<boolean>;
     syncEmailChangeFromIam(userId: string, newEmail: string): Promise<boolean>;

package/dist/core/modules/better-auth/core-better-auth-user.mapper.js

@@ -236,9 +236,10 @@ let CoreBetterAuthUserMapper = CoreBetterAuthUserMapper_1 = class CoreBetterAuth
     }
     generateId() {
         const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        const bytes = (0, crypto_1.randomBytes)(21);
         let result = '';
         for (let i = 0; i < 21; i++) {
-            result += chars.charAt(Math.floor(Math.random() * chars.length));
+            result += chars.charAt(bytes[i] % chars.length);
         }
         return result;
     }
@@ -262,11 +263,6 @@ let CoreBetterAuthUserMapper = CoreBetterAuthUserMapper_1 = class CoreBetterAuth
         const key = await scryptPromise(normalizedPassword.normalize('NFKC'), salt, keyLength, scryptOptions);
         return `${salt}:${key.toString('hex')}`;
     }
-    bytesToHex(bytes) {
-        return Array.from(bytes)
-            .map((b) => b.toString(16).padStart(2, '0'))
-            .join('');
-    }
     async linkOrCreateUser(sessionUser, additionalData) {
         if (!sessionUser?.email) {
             return null;
@@ -280,6 +276,14 @@ let CoreBetterAuthUserMapper = CoreBetterAuthUserMapper_1 = class CoreBetterAuth
             const existingUser = await userCollection.findOne({
                 $or: [{ email: sessionUser.email }, { iamId: sessionUser.id }],
             });
+            const processedAdditionalData = { ...additionalData };
+            if (processedAdditionalData?.termsAndPrivacyAccepted === true) {
+                processedAdditionalData.termsAndPrivacyAcceptedAt = new Date();
+                delete processedAdditionalData.termsAndPrivacyAccepted;
+            }
+            else {
+                delete processedAdditionalData?.termsAndPrivacyAccepted;
+            }
             const updateData = {
                 email: sessionUser.email,
                 ...(sessionUser.name && { firstName: sessionUser.name.split(' ')[0] }),
@@ -291,7 +295,7 @@ let CoreBetterAuthUserMapper = CoreBetterAuthUserMapper_1 = class CoreBetterAuth
                 ...(sessionUser.image && { avatar: sessionUser.image }),
                 iamId: sessionUser.id,
                 updatedAt: new Date(),
-                ...additionalData,
+                ...processedAdditionalData,
             };
             const updateQuery = {
                 $set: updateData,
@@ -323,12 +327,15 @@ let CoreBetterAuthUserMapper = CoreBetterAuthUserMapper_1 = class CoreBetterAuth
         try {
             const sessionCollection = this.connection.collection('session');
             const usersCollection = this.connection.collection('users');
-            const user = await usersCollection.findOne({ email: newEmail });
+            const user = await usersCollection.findOne({
+                $or: [{ email: newEmail }, { email: oldEmail }],
+            });
             if (!user) {
                 return false;
             }
             if (user._id) {
                 await sessionCollection.deleteMany({ userId: user._id });
+                this.logger.debug(`Invalidated sessions for email change: ${(0, logging_helper_1.maskEmail)(oldEmail)} → ${(0, logging_helper_1.maskEmail)(newEmail)}`);
             }
             return true;
         }