@lenne.tech/nest-server 11.8.0 → 11.10.0

package/dist/core/modules/better-auth/core-better-auth-web.helper.js

@@ -0,0 +1,152 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_BODY_SIZE = exports.BETTER_AUTH_COOKIE_NAMES = void 0;
+exports.extractSessionToken = extractSessionToken;
+exports.parseCookieHeader = parseCookieHeader;
+exports.sendWebResponse = sendWebResponse;
+exports.signCookieValue = signCookieValue;
+exports.toWebRequest = toWebRequest;
+const crypto = require("crypto");
+exports.BETTER_AUTH_COOKIE_NAMES = {
+    BETTER_AUTH_SESSION: 'better-auth.session_token',
+    TOKEN: 'token',
+};
+exports.MAX_BODY_SIZE = 1024 * 1024;
+function extractSessionToken(req, basePath = 'iam') {
+    const authHeader = req.headers.authorization;
+    if (authHeader?.startsWith('Bearer ')) {
+        return authHeader.substring(7);
+    }
+    const normalizedBasePath = basePath.replace(/^\//, '').replace(/\//g, '.');
+    const cookieNames = [
+        `${normalizedBasePath}.session_token`,
+        exports.BETTER_AUTH_COOKIE_NAMES.BETTER_AUTH_SESSION,
+        exports.BETTER_AUTH_COOKIE_NAMES.TOKEN,
+    ];
+    const cookies = req.cookies || parseCookieHeader(req.headers.cookie);
+    for (const name of cookieNames) {
+        const token = cookies?.[name];
+        if (token && typeof token === 'string') {
+            return token;
+        }
+    }
+    return null;
+}
+function parseCookieHeader(cookieHeader) {
+    if (!cookieHeader) {
+        return {};
+    }
+    const cookies = {};
+    const pairs = cookieHeader.split(';');
+    for (const pair of pairs) {
+        const [name, ...valueParts] = pair.trim().split('=');
+        if (name && valueParts.length > 0) {
+            cookies[name.trim()] = valueParts.join('=').trim();
+        }
+    }
+    return cookies;
+}
+async function sendWebResponse(res, webResponse) {
+    res.status(webResponse.status);
+    webResponse.headers.forEach((value, key) => {
+        const lowerKey = key.toLowerCase();
+        if (lowerKey === 'content-encoding' || lowerKey === 'transfer-encoding') {
+            return;
+        }
+        res.setHeader(key, value);
+    });
+    if (webResponse.body) {
+        const reader = webResponse.body.getReader();
+        try {
+            while (true) {
+                const { done, value } = await reader.read();
+                if (done)
+                    break;
+                res.write(value);
+            }
+        }
+        finally {
+            reader.releaseLock();
+        }
+    }
+    res.end();
+}
+function signCookieValue(value, secret) {
+    if (!secret) {
+        throw new Error('Cannot sign cookie: Better Auth secret is not configured');
+    }
+    const signature = crypto
+        .createHmac('sha256', secret)
+        .update(value)
+        .digest('base64');
+    const signedValue = `${value}.${signature}`;
+    return encodeURIComponent(signedValue);
+}
+async function toWebRequest(req, options) {
+    const { basePath, baseUrl, logger, secret, sessionToken } = options;
+    const url = new URL(req.originalUrl || req.url, baseUrl);
+    const headers = new Headers();
+    for (const [key, value] of Object.entries(req.headers)) {
+        if (typeof value === 'string') {
+            headers.set(key, value);
+        }
+        else if (Array.isArray(value)) {
+            headers.set(key, value.join(', '));
+        }
+    }
+    if (sessionToken) {
+        headers.set('authorization', `Bearer ${sessionToken}`);
+        const normalizedBasePath = basePath?.replace(/^\//, '').replace(/\//g, '.') || 'iam';
+        const existingCookieString = headers.get('cookie') || '';
+        let signedToken;
+        if (secret) {
+            signedToken = signCookieValue(sessionToken, secret);
+        }
+        else {
+            logger?.warn('No Better Auth secret configured - cookies will not be signed');
+            signedToken = sessionToken;
+        }
+        const primaryCookieName = `${normalizedBasePath}.session_token`;
+        const sessionCookieNames = [
+            primaryCookieName,
+            exports.BETTER_AUTH_COOKIE_NAMES.BETTER_AUTH_SESSION,
+        ];
+        const existingCookies = parseCookieHeader(existingCookieString);
+        for (const cookieName of sessionCookieNames) {
+            existingCookies[cookieName] = signedToken;
+        }
+        if (!existingCookies[exports.BETTER_AUTH_COOKIE_NAMES.TOKEN]) {
+            existingCookies[exports.BETTER_AUTH_COOKIE_NAMES.TOKEN] = sessionToken;
+        }
+        const newCookieString = Object.entries(existingCookies)
+            .map(([name, value]) => `${name}=${value}`)
+            .join('; ');
+        headers.set('cookie', newCookieString);
+    }
+    const init = {
+        headers,
+        method: req.method,
+    };
+    if (req.method !== 'GET' && req.method !== 'HEAD') {
+        if (req.body && typeof req.body === 'object' && Object.keys(req.body).length > 0) {
+            init.body = JSON.stringify(req.body);
+            headers.set('content-type', 'application/json');
+        }
+        else if (req.readable) {
+            const chunks = [];
+            let totalSize = 0;
+            for await (const chunk of req) {
+                totalSize += chunk.length;
+                if (totalSize > exports.MAX_BODY_SIZE) {
+                    throw new Error(`Request body too large (max ${exports.MAX_BODY_SIZE} bytes)`);
+                }
+                chunks.push(chunk);
+            }
+            if (chunks.length > 0) {
+                init.body = Buffer.concat(chunks);
+            }
+        }
+    }
+    return new globalThis.Request(url.toString(), init);
+}
+//# sourceMappingURL=core-better-auth-web.helper.js.map

package/dist/core/modules/better-auth/core-better-auth-web.helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core-better-auth-web.helper.js","sourceRoot":"","sources":["../../../../src/core/modules/better-auth/core-better-auth-web.helper.ts"],"names":[],"mappings":";;;AAiDA,kDA4BC;AAQD,8CAgBC;AAWD,0CA6BC;AAaD,0CAWC;AAaD,oCA6FC;AA9QD,iCAAiC;AAMpB,QAAA,wBAAwB,GAAG;IAEtC,mBAAmB,EAAE,2BAA2B;IAEhD,KAAK,EAAE,OAAO;CACN,CAAC;AAME,QAAA,aAAa,GAAG,IAAI,GAAG,IAAI,CAAC;AA+BzC,SAAgB,mBAAmB,CAAC,GAAY,EAAE,WAAmB,KAAK;IAExE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAGD,MAAM,kBAAkB,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAG3E,MAAM,WAAW,GAAG;QAClB,GAAG,kBAAkB,gBAAgB;QACrC,gCAAwB,CAAC,mBAAmB;QAC5C,gCAAwB,CAAC,KAAK;KAC/B,CAAC;IAGF,MAAM,OAAO,GAAI,GAAW,CAAC,OAAO,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9E,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAQD,SAAgB,iBAAiB,CAAC,YAAgC;IAChE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEtC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,IAAI,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAWM,KAAK,UAAU,eAAe,CAAC,GAAa,EAAE,WAAgC;IAEnF,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAG/B,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAEzC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO;QACT,CAAC;QACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAGH,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC5C,IAAI,CAAC;YACH,OAAO,IAAI,EAAE,CAAC;gBACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,IAAI;oBAAE,MAAM;gBAChB,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAG,EAAE,CAAC;AACZ,CAAC;AAaD,SAAgB,eAAe,CAAC,KAAa,EAAE,MAAc;IAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC5B,MAAM,CAAC,KAAK,CAAC;SACb,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpB,MAAM,WAAW,GAAG,GAAG,KAAK,IAAI,SAAS,EAAE,CAAC;IAC5C,OAAO,kBAAkB,CAAC,WAAW,CAAC,CAAC;AACzC,CAAC;AAaM,KAAK,UAAU,YAAY,CAAC,GAAY,EAAE,OAA4B;IAC3E,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAGzD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1B,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAID,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,YAAY,EAAE,CAAC,CAAC;QAIvD,MAAM,kBAAkB,GAAG,QAAQ,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC;QACrF,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAGzD,IAAI,WAAmB,CAAC;QACxB,IAAI,MAAM,EAAE,CAAC;YACX,WAAW,GAAG,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,IAAI,CAAC,+DAA+D,CAAC,CAAC;YAC9E,WAAW,GAAG,YAAY,CAAC;QAC7B,CAAC;QAGD,MAAM,iBAAiB,GAAG,GAAG,kBAAkB,gBAAgB,CAAC;QAChE,MAAM,kBAAkB,GAAG;YACzB,iBAAiB;YACjB,gCAAwB,CAAC,mBAAmB;SAC7C,CAAC;QAGF,MAAM,eAAe,GAAG,iBAAiB,CAAC,oBAAoB,CAAC,CAAC;QAGhE,KAAK,MAAM,UAAU,IAAI,kBAAkB,EAAE,CAAC;YAC5C,eAAe,CAAC,UAAU,CAAC,GAAG,WAAW,CAAC;QAC5C,CAAC;QAGD,IAAI,CAAC,eAAe,CAAC,gCAAwB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,eAAe,CAAC,gCAAwB,CAAC,KAAK,CAAC,GAAG,YAAY,CAAC;QACjE,CAAC;QAGD,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;aAC1C,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACzC,CAAC;IAGD,MAAM,IAAI,GAAgB;QACxB,OAAO;QACP,MAAM,EAAE,GAAG,CAAC,MAAM;KACnB,CAAC;IAGF,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAElD,IAAI,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAEjF,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAGxB,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,EAAE,CAAC;gBAC9B,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC1B,IAAI,SAAS,GAAG,qBAAa,EAAE,CAAC;oBAC9B,MAAM,IAAI,KAAK,CAAC,+BAA+B,qBAAa,SAAS,CAAC,CAAC;gBACzE,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;YACD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,CAAC;AACtD,CAAC"}

package/dist/core/modules/better-auth/core-better-auth.controller.d.ts

@@ -1,67 +1,58 @@
 import { Logger } from '@nestjs/common';
 import { Request, Response } from 'express';
 import { ConfigService } from '../../common/services/config.service';
-import { BetterAuthSessionUser, BetterAuthUserMapper } from './better-auth-user.mapper';
-import { BetterAuthService } from './better-auth.service';
-export declare class BetterAuthSessionInfo {
+import { BetterAuthSessionUser, CoreBetterAuthUserMapper } from './core-better-auth-user.mapper';
+import { CoreBetterAuthService } from './core-better-auth.service';
+export declare class CoreBetterAuthSessionInfo {
     expiresAt: string;
     id: string;
 }
-export declare class BetterAuthUserResponse {
+export declare class CoreBetterAuthUserResponse {
     email: string;
     emailVerified: boolean;
     id: string;
     name: string;
     twoFactorEnabled?: boolean;
 }
-export declare class BetterAuthResponse {
+export declare class CoreBetterAuthResponse {
     error?: string;
     requiresTwoFactor?: boolean;
-    session?: BetterAuthSessionInfo;
+    session?: CoreBetterAuthSessionInfo;
     success: boolean;
     token?: string;
-    user?: BetterAuthUserResponse;
+    user?: CoreBetterAuthUserResponse;
 }
-export declare class BetterAuthSignInInput {
+export declare class CoreBetterAuthSignInInput {
     email: string;
     password: string;
 }
-export declare class BetterAuthSignUpInput {
+export declare class CoreBetterAuthSignUpInput {
     email: string;
     name?: string;
     password: string;
 }
-export declare class BetterAuthTwoFactorInput {
-    code: string;
-}
-export declare class BetterAuthTwoFactorSetupResponse {
-    backupCodes: string[];
-    success: boolean;
-    totpSecret: string;
-    totpUri: string;
-}
 export declare class CoreBetterAuthController {
-    protected readonly betterAuthService: BetterAuthService;
-    protected readonly userMapper: BetterAuthUserMapper;
+    protected readonly betterAuthService: CoreBetterAuthService;
+    protected readonly userMapper: CoreBetterAuthUserMapper;
     protected readonly configService: ConfigService;
     protected readonly logger: Logger;
-    constructor(betterAuthService: BetterAuthService, userMapper: BetterAuthUserMapper, configService: ConfigService);
-    signIn(res: Response, input: BetterAuthSignInInput): Promise<BetterAuthResponse>;
-    private attemptSignIn;
-    signUp(res: Response, input: BetterAuthSignUpInput): Promise<BetterAuthResponse>;
-    signOut(req: Request, res: Response): Promise<BetterAuthResponse>;
-    getSession(req: Request): Promise<BetterAuthResponse>;
-    enableTwoFactor(req: Request): Promise<BetterAuthResponse | BetterAuthTwoFactorSetupResponse>;
-    verifyTwoFactor(req: Request, res: Response, input: BetterAuthTwoFactorInput): Promise<BetterAuthResponse>;
-    disableTwoFactor(req: Request): Promise<BetterAuthResponse>;
+    constructor(betterAuthService: CoreBetterAuthService, userMapper: CoreBetterAuthUserMapper, configService: ConfigService);
+    signIn(req: Request, res: Response, input: CoreBetterAuthSignInInput): Promise<CoreBetterAuthResponse>;
+    signUp(res: Response, input: CoreBetterAuthSignUpInput): Promise<CoreBetterAuthResponse>;
+    signOut(req: Request, res: Response): Promise<CoreBetterAuthResponse>;
+    getSession(req: Request): Promise<CoreBetterAuthResponse>;
+    handlePluginRoutes(req: Request, res: Response): Promise<void>;
     protected ensureEnabled(): void;
     protected extractSessionToken(req: Request): null | string;
     protected extractHeaders(req: Request): Headers;
     protected mapSession(session: null | undefined | {
         expiresAt: Date;
         id: string;
-    }): BetterAuthSessionInfo | undefined;
-    protected mapUser(sessionUser: BetterAuthSessionUser, _mappedUser: any): BetterAuthUserResponse;
-    protected processCookies(res: Response, result: BetterAuthResponse): BetterAuthResponse;
+        token?: string;
+    }): CoreBetterAuthSessionInfo | undefined;
+    protected mapUser(sessionUser: BetterAuthSessionUser, _mappedUser: any): CoreBetterAuthUserResponse;
+    protected processCookies(res: Response, result: CoreBetterAuthResponse, sessionToken?: string): CoreBetterAuthResponse;
     protected clearAuthCookies(res: Response): void;
+    protected handleBetterAuthPlugins(req: Request, res: Response): Promise<void>;
+    private getSessionTokenFromRequest;
 }