@mastra/auth-better-auth 0.0.0-alternative-angelfish-f7665c-20260119080902 → 0.0.0-auth-and-authz-20260130180831
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -1
- package/dist/index.cjs +170 -135
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +76 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +169 -134
- package/dist/index.js.map +1 -1
- package/package.json +9 -6
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# @mastra/auth-better-auth
|
|
2
2
|
|
|
3
|
-
## 0.0.0-
|
|
3
|
+
## 0.0.0-auth-and-authz-20260130180831
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [[`47eba72`](https://github.com/mastra-ai/mastra/commit/47eba72f0397d0d14fbe324b97940c3d55e5a525)]:
|
|
8
|
+
- @mastra/core@0.0.0-auth-and-authz-20260130180831
|
|
9
|
+
|
|
10
|
+
## 1.0.0
|
|
4
11
|
|
|
5
12
|
### Minor Changes
|
|
6
13
|
|
package/dist/index.cjs
CHANGED
|
@@ -1,143 +1,24 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
var RegisteredLogger = {
|
|
5
|
-
LLM: "LLM"};
|
|
6
|
-
var LogLevel = {
|
|
7
|
-
DEBUG: "debug",
|
|
8
|
-
INFO: "info",
|
|
9
|
-
WARN: "warn",
|
|
10
|
-
ERROR: "error"};
|
|
11
|
-
var MastraLogger = class {
|
|
12
|
-
name;
|
|
13
|
-
level;
|
|
14
|
-
transports;
|
|
15
|
-
constructor(options = {}) {
|
|
16
|
-
this.name = options.name || "Mastra";
|
|
17
|
-
this.level = options.level || LogLevel.ERROR;
|
|
18
|
-
this.transports = new Map(Object.entries(options.transports || {}));
|
|
19
|
-
}
|
|
20
|
-
getTransports() {
|
|
21
|
-
return this.transports;
|
|
22
|
-
}
|
|
23
|
-
trackException(_error) {
|
|
24
|
-
}
|
|
25
|
-
async listLogs(transportId, params) {
|
|
26
|
-
if (!transportId || !this.transports.has(transportId)) {
|
|
27
|
-
return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
|
|
28
|
-
}
|
|
29
|
-
return this.transports.get(transportId).listLogs(params) ?? {
|
|
30
|
-
logs: [],
|
|
31
|
-
total: 0,
|
|
32
|
-
page: params?.page ?? 1,
|
|
33
|
-
perPage: params?.perPage ?? 100,
|
|
34
|
-
hasMore: false
|
|
35
|
-
};
|
|
36
|
-
}
|
|
37
|
-
async listLogsByRunId({
|
|
38
|
-
transportId,
|
|
39
|
-
runId,
|
|
40
|
-
fromDate,
|
|
41
|
-
toDate,
|
|
42
|
-
logLevel,
|
|
43
|
-
filters,
|
|
44
|
-
page,
|
|
45
|
-
perPage
|
|
46
|
-
}) {
|
|
47
|
-
if (!transportId || !this.transports.has(transportId) || !runId) {
|
|
48
|
-
return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
|
|
49
|
-
}
|
|
50
|
-
return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
|
|
51
|
-
logs: [],
|
|
52
|
-
total: 0,
|
|
53
|
-
page: page ?? 1,
|
|
54
|
-
perPage: perPage ?? 100,
|
|
55
|
-
hasMore: false
|
|
56
|
-
};
|
|
57
|
-
}
|
|
58
|
-
};
|
|
59
|
-
var ConsoleLogger = class extends MastraLogger {
|
|
60
|
-
constructor(options = {}) {
|
|
61
|
-
super(options);
|
|
62
|
-
}
|
|
63
|
-
debug(message, ...args) {
|
|
64
|
-
if (this.level === LogLevel.DEBUG) {
|
|
65
|
-
console.info(message, ...args);
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
|
-
info(message, ...args) {
|
|
69
|
-
if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
|
|
70
|
-
console.info(message, ...args);
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
warn(message, ...args) {
|
|
74
|
-
if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
|
|
75
|
-
console.info(message, ...args);
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
|
-
error(message, ...args) {
|
|
79
|
-
if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
|
|
80
|
-
console.error(message, ...args);
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
|
-
async listLogs(_transportId, _params) {
|
|
84
|
-
return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
|
|
85
|
-
}
|
|
86
|
-
async listLogsByRunId(_args) {
|
|
87
|
-
return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
|
|
88
|
-
}
|
|
89
|
-
};
|
|
90
|
-
|
|
91
|
-
// ../../packages/core/dist/chunk-LSHPJWM5.js
|
|
92
|
-
var MastraBase = class {
|
|
93
|
-
component = RegisteredLogger.LLM;
|
|
94
|
-
logger;
|
|
95
|
-
name;
|
|
96
|
-
constructor({ component, name }) {
|
|
97
|
-
this.component = component || RegisteredLogger.LLM;
|
|
98
|
-
this.name = name;
|
|
99
|
-
this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
|
|
100
|
-
}
|
|
101
|
-
/**
|
|
102
|
-
* Set the logger for the agent
|
|
103
|
-
* @param logger
|
|
104
|
-
*/
|
|
105
|
-
__setLogger(logger) {
|
|
106
|
-
this.logger = logger;
|
|
107
|
-
if (this.component !== RegisteredLogger.LLM) {
|
|
108
|
-
this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
|
-
};
|
|
112
|
-
|
|
113
|
-
// ../../packages/core/dist/server/index.js
|
|
114
|
-
var MastraAuthProvider = class extends MastraBase {
|
|
115
|
-
protected;
|
|
116
|
-
public;
|
|
117
|
-
constructor(options) {
|
|
118
|
-
super({ component: "AUTH", name: options?.name });
|
|
119
|
-
if (options?.authorizeUser) {
|
|
120
|
-
this.authorizeUser = options.authorizeUser.bind(this);
|
|
121
|
-
}
|
|
122
|
-
this.protected = options?.protected;
|
|
123
|
-
this.public = options?.public;
|
|
124
|
-
}
|
|
125
|
-
registerOptions(opts) {
|
|
126
|
-
if (opts?.authorizeUser) {
|
|
127
|
-
this.authorizeUser = opts.authorizeUser.bind(this);
|
|
128
|
-
}
|
|
129
|
-
if (opts?.protected) {
|
|
130
|
-
this.protected = opts.protected;
|
|
131
|
-
}
|
|
132
|
-
if (opts?.public) {
|
|
133
|
-
this.public = opts.public;
|
|
134
|
-
}
|
|
135
|
-
}
|
|
136
|
-
};
|
|
3
|
+
var server = require('@mastra/core/server');
|
|
137
4
|
|
|
138
5
|
// src/index.ts
|
|
139
|
-
|
|
6
|
+
function mapBetterAuthUserToEEUser(user) {
|
|
7
|
+
return {
|
|
8
|
+
id: user.id,
|
|
9
|
+
email: user.email,
|
|
10
|
+
name: user.name,
|
|
11
|
+
avatarUrl: user.image ?? void 0,
|
|
12
|
+
metadata: {
|
|
13
|
+
emailVerified: user.emailVerified,
|
|
14
|
+
createdAt: user.createdAt,
|
|
15
|
+
updatedAt: user.updatedAt
|
|
16
|
+
}
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
var MastraAuthBetterAuth = class extends server.MastraAuthProvider {
|
|
140
20
|
auth;
|
|
21
|
+
signUpEnabledConfig;
|
|
141
22
|
constructor(options) {
|
|
142
23
|
super({ name: options?.name ?? "better-auth" });
|
|
143
24
|
if (!options.auth) {
|
|
@@ -146,8 +27,62 @@ var MastraAuthBetterAuth = class extends MastraAuthProvider {
|
|
|
146
27
|
);
|
|
147
28
|
}
|
|
148
29
|
this.auth = options.auth;
|
|
30
|
+
this.signUpEnabledConfig = options.signUpEnabled ?? true;
|
|
149
31
|
this.registerOptions(options);
|
|
150
32
|
}
|
|
33
|
+
/**
|
|
34
|
+
* Check if sign-up is enabled.
|
|
35
|
+
* Implements ICredentialsProvider.isSignUpEnabled.
|
|
36
|
+
*/
|
|
37
|
+
isSignUpEnabled() {
|
|
38
|
+
return this.signUpEnabledConfig;
|
|
39
|
+
}
|
|
40
|
+
// ============================================
|
|
41
|
+
// IUserProvider implementation (EE capability)
|
|
42
|
+
// License check happens in buildCapabilities()
|
|
43
|
+
// ============================================
|
|
44
|
+
/**
|
|
45
|
+
* Get current user from request.
|
|
46
|
+
* Implements IUserProvider for EE user awareness in Studio.
|
|
47
|
+
*
|
|
48
|
+
* @param request - Incoming HTTP request
|
|
49
|
+
* @returns EE User object or null if not authenticated
|
|
50
|
+
*/
|
|
51
|
+
async getCurrentUser(request) {
|
|
52
|
+
try {
|
|
53
|
+
const result = await this.auth.api.getSession({
|
|
54
|
+
headers: request.headers
|
|
55
|
+
});
|
|
56
|
+
if (!result?.user) return null;
|
|
57
|
+
return mapBetterAuthUserToEEUser(result.user);
|
|
58
|
+
} catch {
|
|
59
|
+
return null;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Get user by ID.
|
|
64
|
+
* Implements IUserProvider for EE user awareness.
|
|
65
|
+
*
|
|
66
|
+
* Note: Better Auth doesn't expose a direct getUser API.
|
|
67
|
+
* For full functionality, you may need to implement this using
|
|
68
|
+
* direct database access in a subclass.
|
|
69
|
+
*
|
|
70
|
+
* @param userId - User identifier
|
|
71
|
+
* @returns EE User object or null if not found
|
|
72
|
+
*/
|
|
73
|
+
async getUser(_userId) {
|
|
74
|
+
console.warn(
|
|
75
|
+
"[MastraAuthBetterAuth] getUser() requires direct database access. Override this method in a subclass for full user lookup support."
|
|
76
|
+
);
|
|
77
|
+
return null;
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Get URL to user's profile page.
|
|
81
|
+
* Optional IUserProvider method.
|
|
82
|
+
*/
|
|
83
|
+
getUserProfileUrl(user) {
|
|
84
|
+
return `/profile/${user.id}`;
|
|
85
|
+
}
|
|
151
86
|
/**
|
|
152
87
|
* Authenticate a bearer token by verifying the session with Better Auth.
|
|
153
88
|
*
|
|
@@ -198,6 +133,106 @@ var MastraAuthBetterAuth = class extends MastraAuthProvider {
|
|
|
198
133
|
async authorizeUser(user) {
|
|
199
134
|
return !!user?.session?.id && !!user?.user?.id;
|
|
200
135
|
}
|
|
136
|
+
// ============================================
|
|
137
|
+
// ICredentialsProvider implementation (EE capability)
|
|
138
|
+
// License check happens in buildCapabilities()
|
|
139
|
+
// ============================================
|
|
140
|
+
/**
|
|
141
|
+
* Sign in with email and password.
|
|
142
|
+
* Implements ICredentialsProvider for EE credentials auth.
|
|
143
|
+
*
|
|
144
|
+
* @param email - User email
|
|
145
|
+
* @param password - User password
|
|
146
|
+
* @param request - Incoming HTTP request
|
|
147
|
+
* @returns Result with user and session cookies
|
|
148
|
+
* @throws Error if credentials are invalid
|
|
149
|
+
*/
|
|
150
|
+
async signIn(email, password, request) {
|
|
151
|
+
const headers = request?.headers ?? new Headers();
|
|
152
|
+
const response = await this.auth.api.signInEmail({
|
|
153
|
+
body: { email, password },
|
|
154
|
+
headers,
|
|
155
|
+
asResponse: true
|
|
156
|
+
});
|
|
157
|
+
if (!response.ok) {
|
|
158
|
+
const errorData = await response.json().catch(() => ({}));
|
|
159
|
+
throw new Error(errorData.message || "Invalid email or password");
|
|
160
|
+
}
|
|
161
|
+
const result = await response.json();
|
|
162
|
+
if (!result?.user) {
|
|
163
|
+
throw new Error("Invalid email or password");
|
|
164
|
+
}
|
|
165
|
+
const cookies = [];
|
|
166
|
+
const setCookieHeader = response.headers.get("set-cookie");
|
|
167
|
+
if (setCookieHeader) {
|
|
168
|
+
cookies.push(...setCookieHeader.split(/,(?=\s*\w+=)/));
|
|
169
|
+
}
|
|
170
|
+
return {
|
|
171
|
+
user: mapBetterAuthUserToEEUser(result.user),
|
|
172
|
+
token: result.token ?? void 0,
|
|
173
|
+
cookies
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
/**
|
|
177
|
+
* Sign up with email and password.
|
|
178
|
+
* Implements ICredentialsProvider for EE credentials auth.
|
|
179
|
+
*
|
|
180
|
+
* @param email - User email
|
|
181
|
+
* @param password - User password
|
|
182
|
+
* @param name - Optional display name
|
|
183
|
+
* @param request - Incoming HTTP request
|
|
184
|
+
* @returns Result with new user and session cookies
|
|
185
|
+
* @throws Error if sign up fails
|
|
186
|
+
*/
|
|
187
|
+
async signUp(email, password, name, request) {
|
|
188
|
+
const displayName = name ?? email.split("@")[0] ?? "User";
|
|
189
|
+
const headers = request?.headers ?? new Headers();
|
|
190
|
+
const response = await this.auth.api.signUpEmail({
|
|
191
|
+
body: { email, password, name: displayName },
|
|
192
|
+
headers,
|
|
193
|
+
asResponse: true
|
|
194
|
+
});
|
|
195
|
+
if (!response.ok) {
|
|
196
|
+
const errorData = await response.json().catch(() => ({}));
|
|
197
|
+
throw new Error(errorData.message || "Failed to create account");
|
|
198
|
+
}
|
|
199
|
+
const result = await response.json();
|
|
200
|
+
if (!result?.user) {
|
|
201
|
+
throw new Error("Failed to create account");
|
|
202
|
+
}
|
|
203
|
+
const cookies = [];
|
|
204
|
+
const setCookieHeader = response.headers.get("set-cookie");
|
|
205
|
+
if (setCookieHeader) {
|
|
206
|
+
cookies.push(...setCookieHeader.split(/,(?=\s*\w+=)/));
|
|
207
|
+
}
|
|
208
|
+
return {
|
|
209
|
+
user: mapBetterAuthUserToEEUser(result.user),
|
|
210
|
+
token: result.token ?? void 0,
|
|
211
|
+
cookies
|
|
212
|
+
};
|
|
213
|
+
}
|
|
214
|
+
/**
|
|
215
|
+
* Get the underlying Better Auth instance.
|
|
216
|
+
* Useful for accessing Better Auth APIs directly.
|
|
217
|
+
*/
|
|
218
|
+
getAuth() {
|
|
219
|
+
return this.auth;
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* Get headers to clear the session cookies on logout.
|
|
223
|
+
* Partial ISessionProvider implementation for logout support.
|
|
224
|
+
*
|
|
225
|
+
* Clears Better Auth's default session cookies.
|
|
226
|
+
*/
|
|
227
|
+
getClearSessionHeaders() {
|
|
228
|
+
const cookies = [
|
|
229
|
+
"better-auth.session_token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0",
|
|
230
|
+
"better-auth.session_token_sig=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0"
|
|
231
|
+
];
|
|
232
|
+
return {
|
|
233
|
+
"Set-Cookie": cookies.join(", ")
|
|
234
|
+
};
|
|
235
|
+
}
|
|
201
236
|
};
|
|
202
237
|
|
|
203
238
|
exports.MastraAuthBetterAuth = MastraAuthBetterAuth;
|
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../packages/core/src/logger/constants.ts","../../../packages/core/src/logger/logger.ts","../../../packages/core/src/logger/default-logger.ts","../../../packages/core/src/base.ts","../../../packages/core/src/server/auth.ts","../src/index.ts"],"names":[],"mappings":";;;AACO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAYP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACMO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;EAEA,WAAA,CAAY,EAAE,SAAA,EAAW,IAAA,EAAA,EAAyD;AAChF,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACTO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;;;ACAO,IAAM,oBAAA,GAAN,cAAmC,kBAAA,CAAmC;AAAA,EACjE,IAAA;AAAA,EAEV,YAAY,OAAA,EAAsC;AAChD,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,eAAe,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AAEpB,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAA,CAAkB,KAAA,EAAe,OAAA,EAAsD;AAC3F,IAAA,IAAI;AAGF,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAG5B,MAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,MAAA,CAAO,eAAe,CAAA;AACjD,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAA,CAAQ,GAAA,CAAI,iBAAiB,UAAU,CAAA;AAAA,MACzC,WAAW,KAAA,EAAO;AAEhB,QAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,MAChD;AAGA,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAC5C,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,OAAA,CAAQ,GAAA,CAAI,UAAU,YAAY,CAAA;AAAA,MACpC;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,QAC5C;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,MAAA,IAAU,CAAC,OAAO,OAAA,IAAW,CAAC,OAAO,IAAA,EAAM;AAC9C,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO;AAAA,QACL,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,MAAM,MAAA,CAAO;AAAA,OACf;AAAA,IACF,CAAA,CAAA,MAAQ;AAEN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,cAAc,IAAA,EAAwC;AAE1D,IAAA,OAAO,CAAC,CAAC,IAAA,EAAM,OAAA,EAAS,MAAM,CAAC,CAAC,MAAM,IAAA,EAAM,EAAA;AAAA,EAC9C;AACF","file":"index.cjs","sourcesContent":["// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name || 'Mastra';\n this.level = options.level || LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports || {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId || !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId || !this.transports.has(transportId) || !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR ||\n this.level === LogLevel.WARN ||\n this.level === LogLevel.INFO ||\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n\n constructor({ component, name }: { component?: RegisteredLogger; name?: string }) {\n this.component = component || RegisteredLogger.LLM;\n this.name = name;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /**\n * Set the logger for the agent\n * @param logger\n */\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport * from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n /**\n * Protected paths for the auth provider\n */\n protected?: MastraAuthConfig['protected'];\n /**\n * Public paths for the auth provider\n */\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /**\n * Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n */\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n /**\n * Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { MastraAuthProviderOptions } from '@mastra/core/server';\nimport { MastraAuthProvider } from '@mastra/core/server';\n\nimport type { Auth, Session, User } from 'better-auth';\nimport type { HonoRequest } from 'hono';\n\n/**\n * User type returned by Better Auth session verification\n */\nexport interface BetterAuthUser {\n session: Session;\n user: User;\n}\n\ninterface MastraAuthBetterAuthOptions extends MastraAuthProviderOptions<BetterAuthUser> {\n /**\n * The Better Auth instance to use for authentication.\n * This should be the result of calling `betterAuth({ ... })`.\n */\n auth: Auth;\n}\n\n/**\n * Mastra authentication provider for Better Auth.\n *\n * Better Auth is a self-hosted, open-source authentication framework\n * that gives you full control over your authentication system.\n *\n * @example\n * ```typescript\n * import { betterAuth } from 'better-auth';\n * import { MastraAuthBetterAuth } from '@mastra/auth-better-auth';\n *\n * // Create your Better Auth instance\n * const auth = betterAuth({\n * database: {\n * provider: 'postgresql',\n * url: process.env.DATABASE_URL!,\n * },\n * emailAndPassword: {\n * enabled: true,\n * },\n * });\n *\n * // Create the Mastra auth provider\n * const mastraAuth = new MastraAuthBetterAuth({\n * auth,\n * });\n *\n * // Use with Mastra\n * const mastra = new Mastra({\n * server: {\n * auth: mastraAuth,\n * },\n * });\n * ```\n *\n * @see https://better-auth.com for Better Auth documentation\n */\nexport class MastraAuthBetterAuth extends MastraAuthProvider<BetterAuthUser> {\n protected auth: Auth;\n\n constructor(options: MastraAuthBetterAuthOptions) {\n super({ name: options?.name ?? 'better-auth' });\n\n if (!options.auth) {\n throw new Error(\n 'Better Auth instance is required. Please provide the auth option with your Better Auth instance created via betterAuth({ ... })',\n );\n }\n\n this.auth = options.auth;\n\n this.registerOptions(options);\n }\n\n /**\n * Authenticate a bearer token by verifying the session with Better Auth.\n *\n * This method extracts the session from the request headers using\n * Better Auth's `api.getSession()` endpoint.\n *\n * @param token - The bearer token (session token) to authenticate\n * @param request - The Hono request object containing headers\n * @returns The authenticated user and session, or null if authentication fails\n */\n async authenticateToken(token: string, request: HonoRequest): Promise<BetterAuthUser | null> {\n try {\n // Better Auth expects the token to be passed via headers\n // We need to construct headers with the Authorization bearer token\n const headers = new Headers();\n\n // Copy relevant headers from the request\n const authHeader = request.header('Authorization');\n if (authHeader) {\n headers.set('Authorization', authHeader);\n } else if (token) {\n // If no auth header but token is provided, set it\n headers.set('Authorization', `Bearer ${token}`);\n }\n\n // Copy cookie header if present (Better Auth can use cookies for sessions)\n const cookieHeader = request.header('Cookie');\n if (cookieHeader) {\n headers.set('Cookie', cookieHeader);\n }\n\n // Use Better Auth's API to get the session\n const result = await this.auth.api.getSession({\n headers,\n });\n\n if (!result || !result.session || !result.user) {\n return null;\n }\n\n return {\n session: result.session,\n user: result.user,\n };\n } catch {\n // Session verification failed\n return null;\n }\n }\n\n /**\n * Authorize a user for access.\n *\n * By default, any authenticated user with a valid session is authorized.\n * You can override this behavior by providing a custom `authorizeUser` function\n * in the constructor options.\n *\n * @param user - The authenticated user and session\n * @returns True if the user is authorized, false otherwise\n */\n async authorizeUser(user: BetterAuthUser): Promise<boolean> {\n // By default, any authenticated user with a valid session is authorized\n return !!user?.session?.id && !!user?.user?.id;\n }\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"names":["MastraAuthProvider"],"mappings":";;;;;AAmBA,SAAS,0BAA0B,IAAA,EAAoB;AACrD,EAAA,OAAO;AAAA,IACL,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,SAAA,EAAW,KAAK,KAAA,IAAS,MAAA;AAAA,IACzB,QAAA,EAAU;AAAA,MACR,eAAe,IAAA,CAAK,aAAA;AAAA,MACpB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK;AAAA;AAClB,GACF;AACF;AAsDO,IAAM,oBAAA,GAAN,cACGA,yBAAA,CAEV;AAAA,EACY,IAAA;AAAA,EACA,mBAAA;AAAA,EAEV,YAAY,OAAA,EAAsC;AAChD,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,eAAe,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AACpB,IAAA,IAAA,CAAK,mBAAA,GAAsB,QAAQ,aAAA,IAAiB,IAAA;AAEpD,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,mBAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,eAAe,OAAA,EAA0C;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,QAC5C,SAAS,OAAA,CAAQ;AAAA,OAClB,CAAA;AAED,MAAA,IAAI,CAAC,MAAA,EAAQ,IAAA,EAAM,OAAO,IAAA;AAC1B,MAAA,OAAO,yBAAA,CAA0B,OAAO,IAAI,CAAA;AAAA,IAC9C,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,QAAQ,OAAA,EAAyC;AAIrD,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN;AAAA,KAEF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAAkB,IAAA,EAAsB;AACtC,IAAA,OAAO,CAAA,SAAA,EAAY,KAAK,EAAE,CAAA,CAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAA,CAAkB,KAAA,EAAe,OAAA,EAAsD;AAC3F,IAAA,IAAI;AAGF,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAG5B,MAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,MAAA,CAAO,eAAe,CAAA;AACjD,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAA,CAAQ,GAAA,CAAI,iBAAiB,UAAU,CAAA;AAAA,MACzC,WAAW,KAAA,EAAO;AAEhB,QAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,MAChD;AAGA,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAC5C,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,OAAA,CAAQ,GAAA,CAAI,UAAU,YAAY,CAAA;AAAA,MACpC;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,QAC5C;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,MAAA,IAAU,CAAC,OAAO,OAAA,IAAW,CAAC,OAAO,IAAA,EAAM;AAC9C,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO;AAAA,QACL,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,MAAM,MAAA,CAAO;AAAA,OACf;AAAA,IACF,CAAA,CAAA,MAAQ;AAEN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,cAAc,IAAA,EAAwC;AAE1D,IAAA,OAAO,CAAC,CAAC,IAAA,EAAM,OAAA,EAAS,MAAM,CAAC,CAAC,MAAM,IAAA,EAAM,EAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,MAAA,CAAO,KAAA,EAAe,QAAA,EAAkB,OAAA,EAAsD;AAClG,IAAA,MAAM,OAAA,GAAU,OAAA,EAAS,OAAA,IAAW,IAAI,OAAA,EAAQ;AAGhD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,WAAA,CAAY;AAAA,MAC/C,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA,EAAS;AAAA,MACxB,OAAA;AAAA,MACA,UAAA,EAAY;AAAA,KACb,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACzD,MAAA,MAAM,IAAI,KAAA,CAAM,SAAA,CAAU,OAAA,IAAW,2BAA2B,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,MAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAEpC,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,MAAM,eAAA,GAAkB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AACzD,IAAA,IAAI,eAAA,EAAiB;AAEnB,MAAA,OAAA,CAAQ,IAAA,CAAK,GAAG,eAAA,CAAgB,KAAA,CAAM,cAAc,CAAC,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,yBAAA,CAA0B,MAAA,CAAO,IAAI,CAAA;AAAA,MAC3C,KAAA,EAAO,OAAO,KAAA,IAAS,MAAA;AAAA,MACvB;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,MAAA,CACJ,KAAA,EACA,QAAA,EACA,MACA,OAAA,EACoC;AACpC,IAAA,MAAM,cAAc,IAAA,IAAQ,KAAA,CAAM,MAAM,GAAG,CAAA,CAAE,CAAC,CAAA,IAAK,MAAA;AACnD,IAAA,MAAM,OAAA,GAAU,OAAA,EAAS,OAAA,IAAW,IAAI,OAAA,EAAQ;AAGhD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,WAAA,CAAY;AAAA,MAC/C,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA,EAAU,MAAM,WAAA,EAAY;AAAA,MAC3C,OAAA;AAAA,MACA,UAAA,EAAY;AAAA,KACb,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACzD,MAAA,MAAM,IAAI,KAAA,CAAM,SAAA,CAAU,OAAA,IAAW,0BAA0B,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,MAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAEpC,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,MAAM,0BAA0B,CAAA;AAAA,IAC5C;AAGA,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,MAAM,eAAA,GAAkB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AACzD,IAAA,IAAI,eAAA,EAAiB;AAEnB,MAAA,OAAA,CAAQ,IAAA,CAAK,GAAG,eAAA,CAAgB,KAAA,CAAM,cAAc,CAAC,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,yBAAA,CAA0B,MAAA,CAAO,IAAI,CAAA;AAAA,MAC3C,KAAA,EAAO,OAAO,KAAA,IAAS,MAAA;AAAA,MACvB;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,sBAAA,GAAiD;AAG/C,IAAA,MAAM,OAAA,GAAU;AAAA,MACd,uEAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,OAAO;AAAA,MACL,YAAA,EAAc,OAAA,CAAQ,IAAA,CAAK,IAAI;AAAA,KACjC;AAAA,EACF;AACF","file":"index.cjs","sourcesContent":["import type { IUserProvider, ICredentialsProvider, EEUser, CredentialsResult } from '@mastra/core/ee';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\nimport { MastraAuthProvider } from '@mastra/core/server';\n\nimport type { Auth, Session, User } from 'better-auth';\nimport type { HonoRequest } from 'hono';\n\n/**\n * User type returned by Better Auth session verification.\n * Used internally for authentication token verification.\n */\nexport interface BetterAuthUser {\n session: Session;\n user: User;\n}\n\n/**\n * Maps Better Auth User to EE User format.\n */\nfunction mapBetterAuthUserToEEUser(user: User): EEUser {\n return {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.image ?? undefined,\n metadata: {\n emailVerified: user.emailVerified,\n createdAt: user.createdAt,\n updatedAt: user.updatedAt,\n },\n };\n}\n\ninterface MastraAuthBetterAuthOptions extends MastraAuthProviderOptions<BetterAuthUser> {\n /**\n * The Better Auth instance to use for authentication.\n * This should be the result of calling `betterAuth({ ... })`.\n */\n auth: Auth;\n\n /**\n * Whether to allow new user registration via sign-up.\n * Set to false to disable public registration.\n * @default true\n */\n signUpEnabled?: boolean;\n}\n\n/**\n * Mastra authentication provider for Better Auth.\n *\n * Better Auth is a self-hosted, open-source authentication framework\n * that gives you full control over your authentication system.\n *\n * @example\n * ```typescript\n * import { betterAuth } from 'better-auth';\n * import { MastraAuthBetterAuth } from '@mastra/auth-better-auth';\n *\n * // Create your Better Auth instance\n * const auth = betterAuth({\n * database: {\n * provider: 'postgresql',\n * url: process.env.DATABASE_URL!,\n * },\n * emailAndPassword: {\n * enabled: true,\n * },\n * });\n *\n * // Create the Mastra auth provider\n * const mastraAuth = new MastraAuthBetterAuth({\n * auth,\n * });\n *\n * // Use with Mastra\n * const mastra = new Mastra({\n * server: {\n * auth: mastraAuth,\n * },\n * });\n * ```\n *\n * @see https://better-auth.com for Better Auth documentation\n */\nexport class MastraAuthBetterAuth\n extends MastraAuthProvider<BetterAuthUser>\n implements IUserProvider<EEUser>, ICredentialsProvider<EEUser>\n{\n protected auth: Auth;\n protected signUpEnabledConfig: boolean;\n\n constructor(options: MastraAuthBetterAuthOptions) {\n super({ name: options?.name ?? 'better-auth' });\n\n if (!options.auth) {\n throw new Error(\n 'Better Auth instance is required. Please provide the auth option with your Better Auth instance created via betterAuth({ ... })',\n );\n }\n\n this.auth = options.auth;\n this.signUpEnabledConfig = options.signUpEnabled ?? true;\n\n this.registerOptions(options);\n }\n\n /**\n * Check if sign-up is enabled.\n * Implements ICredentialsProvider.isSignUpEnabled.\n */\n isSignUpEnabled(): boolean {\n return this.signUpEnabledConfig;\n }\n\n // ============================================\n // IUserProvider implementation (EE capability)\n // License check happens in buildCapabilities()\n // ============================================\n\n /**\n * Get current user from request.\n * Implements IUserProvider for EE user awareness in Studio.\n *\n * @param request - Incoming HTTP request\n * @returns EE User object or null if not authenticated\n */\n async getCurrentUser(request: Request): Promise<EEUser | null> {\n try {\n const result = await this.auth.api.getSession({\n headers: request.headers,\n });\n\n if (!result?.user) return null;\n return mapBetterAuthUserToEEUser(result.user);\n } catch {\n return null;\n }\n }\n\n /**\n * Get user by ID.\n * Implements IUserProvider for EE user awareness.\n *\n * Note: Better Auth doesn't expose a direct getUser API.\n * For full functionality, you may need to implement this using\n * direct database access in a subclass.\n *\n * @param userId - User identifier\n * @returns EE User object or null if not found\n */\n async getUser(_userId: string): Promise<EEUser | null> {\n // Better Auth doesn't have a direct getUser API\n // Users can override this method with their own implementation\n // that queries the database directly\n console.warn(\n '[MastraAuthBetterAuth] getUser() requires direct database access. ' +\n 'Override this method in a subclass for full user lookup support.',\n );\n return null;\n }\n\n /**\n * Get URL to user's profile page.\n * Optional IUserProvider method.\n */\n getUserProfileUrl(user: EEUser): string {\n return `/profile/${user.id}`;\n }\n\n /**\n * Authenticate a bearer token by verifying the session with Better Auth.\n *\n * This method extracts the session from the request headers using\n * Better Auth's `api.getSession()` endpoint.\n *\n * @param token - The bearer token (session token) to authenticate\n * @param request - The Hono request object containing headers\n * @returns The authenticated user and session, or null if authentication fails\n */\n async authenticateToken(token: string, request: HonoRequest): Promise<BetterAuthUser | null> {\n try {\n // Better Auth expects the token to be passed via headers\n // We need to construct headers with the Authorization bearer token\n const headers = new Headers();\n\n // Copy relevant headers from the request\n const authHeader = request.header('Authorization');\n if (authHeader) {\n headers.set('Authorization', authHeader);\n } else if (token) {\n // If no auth header but token is provided, set it\n headers.set('Authorization', `Bearer ${token}`);\n }\n\n // Copy cookie header if present (Better Auth can use cookies for sessions)\n const cookieHeader = request.header('Cookie');\n if (cookieHeader) {\n headers.set('Cookie', cookieHeader);\n }\n\n // Use Better Auth's API to get the session\n const result = await this.auth.api.getSession({\n headers,\n });\n\n if (!result || !result.session || !result.user) {\n return null;\n }\n\n return {\n session: result.session,\n user: result.user,\n };\n } catch {\n // Session verification failed\n return null;\n }\n }\n\n /**\n * Authorize a user for access.\n *\n * By default, any authenticated user with a valid session is authorized.\n * You can override this behavior by providing a custom `authorizeUser` function\n * in the constructor options.\n *\n * @param user - The authenticated user and session\n * @returns True if the user is authorized, false otherwise\n */\n async authorizeUser(user: BetterAuthUser): Promise<boolean> {\n // By default, any authenticated user with a valid session is authorized\n return !!user?.session?.id && !!user?.user?.id;\n }\n\n // ============================================\n // ICredentialsProvider implementation (EE capability)\n // License check happens in buildCapabilities()\n // ============================================\n\n /**\n * Sign in with email and password.\n * Implements ICredentialsProvider for EE credentials auth.\n *\n * @param email - User email\n * @param password - User password\n * @param request - Incoming HTTP request\n * @returns Result with user and session cookies\n * @throws Error if credentials are invalid\n */\n async signIn(email: string, password: string, request: Request): Promise<CredentialsResult<EEUser>> {\n const headers = request?.headers ?? new Headers();\n\n // Use asResponse: true to get the full response with Set-Cookie headers\n const response = await this.auth.api.signInEmail({\n body: { email, password },\n headers,\n asResponse: true,\n });\n\n if (!response.ok) {\n const errorData = (await response.json().catch(() => ({}))) as { message?: string };\n throw new Error(errorData.message || 'Invalid email or password');\n }\n\n const result = (await response.json()) as { user?: User; token?: string | null };\n\n if (!result?.user) {\n throw new Error('Invalid email or password');\n }\n\n // Extract Set-Cookie headers from Better Auth response\n const cookies: string[] = [];\n const setCookieHeader = response.headers.get('set-cookie');\n if (setCookieHeader) {\n // Split multiple cookies (they may be comma-separated or in multiple headers)\n cookies.push(...setCookieHeader.split(/,(?=\\s*\\w+=)/));\n }\n\n return {\n user: mapBetterAuthUserToEEUser(result.user),\n token: result.token ?? undefined,\n cookies,\n };\n }\n\n /**\n * Sign up with email and password.\n * Implements ICredentialsProvider for EE credentials auth.\n *\n * @param email - User email\n * @param password - User password\n * @param name - Optional display name\n * @param request - Incoming HTTP request\n * @returns Result with new user and session cookies\n * @throws Error if sign up fails\n */\n async signUp(\n email: string,\n password: string,\n name: string | undefined,\n request: Request,\n ): Promise<CredentialsResult<EEUser>> {\n const displayName = name ?? email.split('@')[0] ?? 'User';\n const headers = request?.headers ?? new Headers();\n\n // Use asResponse: true to get the full response with Set-Cookie headers\n const response = await this.auth.api.signUpEmail({\n body: { email, password, name: displayName },\n headers,\n asResponse: true,\n });\n\n if (!response.ok) {\n const errorData = (await response.json().catch(() => ({}))) as { message?: string };\n throw new Error(errorData.message || 'Failed to create account');\n }\n\n const result = (await response.json()) as { user?: User; token?: string | null };\n\n if (!result?.user) {\n throw new Error('Failed to create account');\n }\n\n // Extract Set-Cookie headers from Better Auth response\n const cookies: string[] = [];\n const setCookieHeader = response.headers.get('set-cookie');\n if (setCookieHeader) {\n // Split multiple cookies (they may be comma-separated or in multiple headers)\n cookies.push(...setCookieHeader.split(/,(?=\\s*\\w+=)/));\n }\n\n return {\n user: mapBetterAuthUserToEEUser(result.user),\n token: result.token ?? undefined,\n cookies,\n };\n }\n\n /**\n * Get the underlying Better Auth instance.\n * Useful for accessing Better Auth APIs directly.\n */\n getAuth(): Auth {\n return this.auth;\n }\n\n /**\n * Get headers to clear the session cookies on logout.\n * Partial ISessionProvider implementation for logout support.\n *\n * Clears Better Auth's default session cookies.\n */\n getClearSessionHeaders(): Record<string, string> {\n // Better Auth uses these cookie names by default\n // Clear both the session token and its signature cookie\n const cookies = [\n 'better-auth.session_token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',\n 'better-auth.session_token_sig=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',\n ];\n return {\n 'Set-Cookie': cookies.join(', '),\n };\n }\n}\n"]}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
import type { IUserProvider, ICredentialsProvider, EEUser, CredentialsResult } from '@mastra/core/ee';
|
|
1
2
|
import type { MastraAuthProviderOptions } from '@mastra/core/server';
|
|
2
3
|
import { MastraAuthProvider } from '@mastra/core/server';
|
|
3
4
|
import type { Auth, Session, User } from 'better-auth';
|
|
4
5
|
import type { HonoRequest } from 'hono';
|
|
5
6
|
/**
|
|
6
|
-
* User type returned by Better Auth session verification
|
|
7
|
+
* User type returned by Better Auth session verification.
|
|
8
|
+
* Used internally for authentication token verification.
|
|
7
9
|
*/
|
|
8
10
|
export interface BetterAuthUser {
|
|
9
11
|
session: Session;
|
|
@@ -15,6 +17,12 @@ interface MastraAuthBetterAuthOptions extends MastraAuthProviderOptions<BetterAu
|
|
|
15
17
|
* This should be the result of calling `betterAuth({ ... })`.
|
|
16
18
|
*/
|
|
17
19
|
auth: Auth;
|
|
20
|
+
/**
|
|
21
|
+
* Whether to allow new user registration via sign-up.
|
|
22
|
+
* Set to false to disable public registration.
|
|
23
|
+
* @default true
|
|
24
|
+
*/
|
|
25
|
+
signUpEnabled?: boolean;
|
|
18
26
|
}
|
|
19
27
|
/**
|
|
20
28
|
* Mastra authentication provider for Better Auth.
|
|
@@ -53,9 +61,40 @@ interface MastraAuthBetterAuthOptions extends MastraAuthProviderOptions<BetterAu
|
|
|
53
61
|
*
|
|
54
62
|
* @see https://better-auth.com for Better Auth documentation
|
|
55
63
|
*/
|
|
56
|
-
export declare class MastraAuthBetterAuth extends MastraAuthProvider<BetterAuthUser> {
|
|
64
|
+
export declare class MastraAuthBetterAuth extends MastraAuthProvider<BetterAuthUser> implements IUserProvider<EEUser>, ICredentialsProvider<EEUser> {
|
|
57
65
|
protected auth: Auth;
|
|
66
|
+
protected signUpEnabledConfig: boolean;
|
|
58
67
|
constructor(options: MastraAuthBetterAuthOptions);
|
|
68
|
+
/**
|
|
69
|
+
* Check if sign-up is enabled.
|
|
70
|
+
* Implements ICredentialsProvider.isSignUpEnabled.
|
|
71
|
+
*/
|
|
72
|
+
isSignUpEnabled(): boolean;
|
|
73
|
+
/**
|
|
74
|
+
* Get current user from request.
|
|
75
|
+
* Implements IUserProvider for EE user awareness in Studio.
|
|
76
|
+
*
|
|
77
|
+
* @param request - Incoming HTTP request
|
|
78
|
+
* @returns EE User object or null if not authenticated
|
|
79
|
+
*/
|
|
80
|
+
getCurrentUser(request: Request): Promise<EEUser | null>;
|
|
81
|
+
/**
|
|
82
|
+
* Get user by ID.
|
|
83
|
+
* Implements IUserProvider for EE user awareness.
|
|
84
|
+
*
|
|
85
|
+
* Note: Better Auth doesn't expose a direct getUser API.
|
|
86
|
+
* For full functionality, you may need to implement this using
|
|
87
|
+
* direct database access in a subclass.
|
|
88
|
+
*
|
|
89
|
+
* @param userId - User identifier
|
|
90
|
+
* @returns EE User object or null if not found
|
|
91
|
+
*/
|
|
92
|
+
getUser(_userId: string): Promise<EEUser | null>;
|
|
93
|
+
/**
|
|
94
|
+
* Get URL to user's profile page.
|
|
95
|
+
* Optional IUserProvider method.
|
|
96
|
+
*/
|
|
97
|
+
getUserProfileUrl(user: EEUser): string;
|
|
59
98
|
/**
|
|
60
99
|
* Authenticate a bearer token by verifying the session with Better Auth.
|
|
61
100
|
*
|
|
@@ -78,6 +117,41 @@ export declare class MastraAuthBetterAuth extends MastraAuthProvider<BetterAuthU
|
|
|
78
117
|
* @returns True if the user is authorized, false otherwise
|
|
79
118
|
*/
|
|
80
119
|
authorizeUser(user: BetterAuthUser): Promise<boolean>;
|
|
120
|
+
/**
|
|
121
|
+
* Sign in with email and password.
|
|
122
|
+
* Implements ICredentialsProvider for EE credentials auth.
|
|
123
|
+
*
|
|
124
|
+
* @param email - User email
|
|
125
|
+
* @param password - User password
|
|
126
|
+
* @param request - Incoming HTTP request
|
|
127
|
+
* @returns Result with user and session cookies
|
|
128
|
+
* @throws Error if credentials are invalid
|
|
129
|
+
*/
|
|
130
|
+
signIn(email: string, password: string, request: Request): Promise<CredentialsResult<EEUser>>;
|
|
131
|
+
/**
|
|
132
|
+
* Sign up with email and password.
|
|
133
|
+
* Implements ICredentialsProvider for EE credentials auth.
|
|
134
|
+
*
|
|
135
|
+
* @param email - User email
|
|
136
|
+
* @param password - User password
|
|
137
|
+
* @param name - Optional display name
|
|
138
|
+
* @param request - Incoming HTTP request
|
|
139
|
+
* @returns Result with new user and session cookies
|
|
140
|
+
* @throws Error if sign up fails
|
|
141
|
+
*/
|
|
142
|
+
signUp(email: string, password: string, name: string | undefined, request: Request): Promise<CredentialsResult<EEUser>>;
|
|
143
|
+
/**
|
|
144
|
+
* Get the underlying Better Auth instance.
|
|
145
|
+
* Useful for accessing Better Auth APIs directly.
|
|
146
|
+
*/
|
|
147
|
+
getAuth(): Auth;
|
|
148
|
+
/**
|
|
149
|
+
* Get headers to clear the session cookies on logout.
|
|
150
|
+
* Partial ISessionProvider implementation for logout support.
|
|
151
|
+
*
|
|
152
|
+
* Clears Better Auth's default session cookies.
|
|
153
|
+
*/
|
|
154
|
+
getClearSessionHeaders(): Record<string, string>;
|
|
81
155
|
}
|
|
82
156
|
export {};
|
|
83
157
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAExC
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACtG,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzD,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAExC;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;CACZ;AAmBD,UAAU,2BAA4B,SAAQ,yBAAyB,CAAC,cAAc,CAAC;IACrF;;;OAGG;IACH,IAAI,EAAE,IAAI,CAAC;IAEX;;;;OAIG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,qBAAa,oBACX,SAAQ,kBAAkB,CAAC,cAAc,CACzC,YAAW,aAAa,CAAC,MAAM,CAAC,EAAE,oBAAoB,CAAC,MAAM,CAAC;IAE9D,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC;IACrB,SAAS,CAAC,mBAAmB,EAAE,OAAO,CAAC;gBAE3B,OAAO,EAAE,2BAA2B;IAehD;;;OAGG;IACH,eAAe,IAAI,OAAO;IAS1B;;;;;;OAMG;IACG,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAa9D;;;;;;;;;;OAUG;IACG,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAWtD;;;OAGG;IACH,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAIvC;;;;;;;;;OASG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAwC5F;;;;;;;;;OASG;IACG,aAAa,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IAU3D;;;;;;;;;OASG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAoCnG;;;;;;;;;;OAUG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAqCrC;;;OAGG;IACH,OAAO,IAAI,IAAI;IAIf;;;;;OAKG;IACH,sBAAsB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;CAWjD"}
|
package/dist/index.js
CHANGED
|
@@ -1,141 +1,22 @@
|
|
|
1
|
-
|
|
2
|
-
var RegisteredLogger = {
|
|
3
|
-
LLM: "LLM"};
|
|
4
|
-
var LogLevel = {
|
|
5
|
-
DEBUG: "debug",
|
|
6
|
-
INFO: "info",
|
|
7
|
-
WARN: "warn",
|
|
8
|
-
ERROR: "error"};
|
|
9
|
-
var MastraLogger = class {
|
|
10
|
-
name;
|
|
11
|
-
level;
|
|
12
|
-
transports;
|
|
13
|
-
constructor(options = {}) {
|
|
14
|
-
this.name = options.name || "Mastra";
|
|
15
|
-
this.level = options.level || LogLevel.ERROR;
|
|
16
|
-
this.transports = new Map(Object.entries(options.transports || {}));
|
|
17
|
-
}
|
|
18
|
-
getTransports() {
|
|
19
|
-
return this.transports;
|
|
20
|
-
}
|
|
21
|
-
trackException(_error) {
|
|
22
|
-
}
|
|
23
|
-
async listLogs(transportId, params) {
|
|
24
|
-
if (!transportId || !this.transports.has(transportId)) {
|
|
25
|
-
return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
|
|
26
|
-
}
|
|
27
|
-
return this.transports.get(transportId).listLogs(params) ?? {
|
|
28
|
-
logs: [],
|
|
29
|
-
total: 0,
|
|
30
|
-
page: params?.page ?? 1,
|
|
31
|
-
perPage: params?.perPage ?? 100,
|
|
32
|
-
hasMore: false
|
|
33
|
-
};
|
|
34
|
-
}
|
|
35
|
-
async listLogsByRunId({
|
|
36
|
-
transportId,
|
|
37
|
-
runId,
|
|
38
|
-
fromDate,
|
|
39
|
-
toDate,
|
|
40
|
-
logLevel,
|
|
41
|
-
filters,
|
|
42
|
-
page,
|
|
43
|
-
perPage
|
|
44
|
-
}) {
|
|
45
|
-
if (!transportId || !this.transports.has(transportId) || !runId) {
|
|
46
|
-
return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
|
|
47
|
-
}
|
|
48
|
-
return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
|
|
49
|
-
logs: [],
|
|
50
|
-
total: 0,
|
|
51
|
-
page: page ?? 1,
|
|
52
|
-
perPage: perPage ?? 100,
|
|
53
|
-
hasMore: false
|
|
54
|
-
};
|
|
55
|
-
}
|
|
56
|
-
};
|
|
57
|
-
var ConsoleLogger = class extends MastraLogger {
|
|
58
|
-
constructor(options = {}) {
|
|
59
|
-
super(options);
|
|
60
|
-
}
|
|
61
|
-
debug(message, ...args) {
|
|
62
|
-
if (this.level === LogLevel.DEBUG) {
|
|
63
|
-
console.info(message, ...args);
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
info(message, ...args) {
|
|
67
|
-
if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
|
|
68
|
-
console.info(message, ...args);
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
warn(message, ...args) {
|
|
72
|
-
if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
|
|
73
|
-
console.info(message, ...args);
|
|
74
|
-
}
|
|
75
|
-
}
|
|
76
|
-
error(message, ...args) {
|
|
77
|
-
if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
|
|
78
|
-
console.error(message, ...args);
|
|
79
|
-
}
|
|
80
|
-
}
|
|
81
|
-
async listLogs(_transportId, _params) {
|
|
82
|
-
return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
|
|
83
|
-
}
|
|
84
|
-
async listLogsByRunId(_args) {
|
|
85
|
-
return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
|
|
86
|
-
}
|
|
87
|
-
};
|
|
88
|
-
|
|
89
|
-
// ../../packages/core/dist/chunk-LSHPJWM5.js
|
|
90
|
-
var MastraBase = class {
|
|
91
|
-
component = RegisteredLogger.LLM;
|
|
92
|
-
logger;
|
|
93
|
-
name;
|
|
94
|
-
constructor({ component, name }) {
|
|
95
|
-
this.component = component || RegisteredLogger.LLM;
|
|
96
|
-
this.name = name;
|
|
97
|
-
this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
|
|
98
|
-
}
|
|
99
|
-
/**
|
|
100
|
-
* Set the logger for the agent
|
|
101
|
-
* @param logger
|
|
102
|
-
*/
|
|
103
|
-
__setLogger(logger) {
|
|
104
|
-
this.logger = logger;
|
|
105
|
-
if (this.component !== RegisteredLogger.LLM) {
|
|
106
|
-
this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
|
|
107
|
-
}
|
|
108
|
-
}
|
|
109
|
-
};
|
|
110
|
-
|
|
111
|
-
// ../../packages/core/dist/server/index.js
|
|
112
|
-
var MastraAuthProvider = class extends MastraBase {
|
|
113
|
-
protected;
|
|
114
|
-
public;
|
|
115
|
-
constructor(options) {
|
|
116
|
-
super({ component: "AUTH", name: options?.name });
|
|
117
|
-
if (options?.authorizeUser) {
|
|
118
|
-
this.authorizeUser = options.authorizeUser.bind(this);
|
|
119
|
-
}
|
|
120
|
-
this.protected = options?.protected;
|
|
121
|
-
this.public = options?.public;
|
|
122
|
-
}
|
|
123
|
-
registerOptions(opts) {
|
|
124
|
-
if (opts?.authorizeUser) {
|
|
125
|
-
this.authorizeUser = opts.authorizeUser.bind(this);
|
|
126
|
-
}
|
|
127
|
-
if (opts?.protected) {
|
|
128
|
-
this.protected = opts.protected;
|
|
129
|
-
}
|
|
130
|
-
if (opts?.public) {
|
|
131
|
-
this.public = opts.public;
|
|
132
|
-
}
|
|
133
|
-
}
|
|
134
|
-
};
|
|
1
|
+
import { MastraAuthProvider } from '@mastra/core/server';
|
|
135
2
|
|
|
136
3
|
// src/index.ts
|
|
4
|
+
function mapBetterAuthUserToEEUser(user) {
|
|
5
|
+
return {
|
|
6
|
+
id: user.id,
|
|
7
|
+
email: user.email,
|
|
8
|
+
name: user.name,
|
|
9
|
+
avatarUrl: user.image ?? void 0,
|
|
10
|
+
metadata: {
|
|
11
|
+
emailVerified: user.emailVerified,
|
|
12
|
+
createdAt: user.createdAt,
|
|
13
|
+
updatedAt: user.updatedAt
|
|
14
|
+
}
|
|
15
|
+
};
|
|
16
|
+
}
|
|
137
17
|
var MastraAuthBetterAuth = class extends MastraAuthProvider {
|
|
138
18
|
auth;
|
|
19
|
+
signUpEnabledConfig;
|
|
139
20
|
constructor(options) {
|
|
140
21
|
super({ name: options?.name ?? "better-auth" });
|
|
141
22
|
if (!options.auth) {
|
|
@@ -144,8 +25,62 @@ var MastraAuthBetterAuth = class extends MastraAuthProvider {
|
|
|
144
25
|
);
|
|
145
26
|
}
|
|
146
27
|
this.auth = options.auth;
|
|
28
|
+
this.signUpEnabledConfig = options.signUpEnabled ?? true;
|
|
147
29
|
this.registerOptions(options);
|
|
148
30
|
}
|
|
31
|
+
/**
|
|
32
|
+
* Check if sign-up is enabled.
|
|
33
|
+
* Implements ICredentialsProvider.isSignUpEnabled.
|
|
34
|
+
*/
|
|
35
|
+
isSignUpEnabled() {
|
|
36
|
+
return this.signUpEnabledConfig;
|
|
37
|
+
}
|
|
38
|
+
// ============================================
|
|
39
|
+
// IUserProvider implementation (EE capability)
|
|
40
|
+
// License check happens in buildCapabilities()
|
|
41
|
+
// ============================================
|
|
42
|
+
/**
|
|
43
|
+
* Get current user from request.
|
|
44
|
+
* Implements IUserProvider for EE user awareness in Studio.
|
|
45
|
+
*
|
|
46
|
+
* @param request - Incoming HTTP request
|
|
47
|
+
* @returns EE User object or null if not authenticated
|
|
48
|
+
*/
|
|
49
|
+
async getCurrentUser(request) {
|
|
50
|
+
try {
|
|
51
|
+
const result = await this.auth.api.getSession({
|
|
52
|
+
headers: request.headers
|
|
53
|
+
});
|
|
54
|
+
if (!result?.user) return null;
|
|
55
|
+
return mapBetterAuthUserToEEUser(result.user);
|
|
56
|
+
} catch {
|
|
57
|
+
return null;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Get user by ID.
|
|
62
|
+
* Implements IUserProvider for EE user awareness.
|
|
63
|
+
*
|
|
64
|
+
* Note: Better Auth doesn't expose a direct getUser API.
|
|
65
|
+
* For full functionality, you may need to implement this using
|
|
66
|
+
* direct database access in a subclass.
|
|
67
|
+
*
|
|
68
|
+
* @param userId - User identifier
|
|
69
|
+
* @returns EE User object or null if not found
|
|
70
|
+
*/
|
|
71
|
+
async getUser(_userId) {
|
|
72
|
+
console.warn(
|
|
73
|
+
"[MastraAuthBetterAuth] getUser() requires direct database access. Override this method in a subclass for full user lookup support."
|
|
74
|
+
);
|
|
75
|
+
return null;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Get URL to user's profile page.
|
|
79
|
+
* Optional IUserProvider method.
|
|
80
|
+
*/
|
|
81
|
+
getUserProfileUrl(user) {
|
|
82
|
+
return `/profile/${user.id}`;
|
|
83
|
+
}
|
|
149
84
|
/**
|
|
150
85
|
* Authenticate a bearer token by verifying the session with Better Auth.
|
|
151
86
|
*
|
|
@@ -196,6 +131,106 @@ var MastraAuthBetterAuth = class extends MastraAuthProvider {
|
|
|
196
131
|
async authorizeUser(user) {
|
|
197
132
|
return !!user?.session?.id && !!user?.user?.id;
|
|
198
133
|
}
|
|
134
|
+
// ============================================
|
|
135
|
+
// ICredentialsProvider implementation (EE capability)
|
|
136
|
+
// License check happens in buildCapabilities()
|
|
137
|
+
// ============================================
|
|
138
|
+
/**
|
|
139
|
+
* Sign in with email and password.
|
|
140
|
+
* Implements ICredentialsProvider for EE credentials auth.
|
|
141
|
+
*
|
|
142
|
+
* @param email - User email
|
|
143
|
+
* @param password - User password
|
|
144
|
+
* @param request - Incoming HTTP request
|
|
145
|
+
* @returns Result with user and session cookies
|
|
146
|
+
* @throws Error if credentials are invalid
|
|
147
|
+
*/
|
|
148
|
+
async signIn(email, password, request) {
|
|
149
|
+
const headers = request?.headers ?? new Headers();
|
|
150
|
+
const response = await this.auth.api.signInEmail({
|
|
151
|
+
body: { email, password },
|
|
152
|
+
headers,
|
|
153
|
+
asResponse: true
|
|
154
|
+
});
|
|
155
|
+
if (!response.ok) {
|
|
156
|
+
const errorData = await response.json().catch(() => ({}));
|
|
157
|
+
throw new Error(errorData.message || "Invalid email or password");
|
|
158
|
+
}
|
|
159
|
+
const result = await response.json();
|
|
160
|
+
if (!result?.user) {
|
|
161
|
+
throw new Error("Invalid email or password");
|
|
162
|
+
}
|
|
163
|
+
const cookies = [];
|
|
164
|
+
const setCookieHeader = response.headers.get("set-cookie");
|
|
165
|
+
if (setCookieHeader) {
|
|
166
|
+
cookies.push(...setCookieHeader.split(/,(?=\s*\w+=)/));
|
|
167
|
+
}
|
|
168
|
+
return {
|
|
169
|
+
user: mapBetterAuthUserToEEUser(result.user),
|
|
170
|
+
token: result.token ?? void 0,
|
|
171
|
+
cookies
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
/**
|
|
175
|
+
* Sign up with email and password.
|
|
176
|
+
* Implements ICredentialsProvider for EE credentials auth.
|
|
177
|
+
*
|
|
178
|
+
* @param email - User email
|
|
179
|
+
* @param password - User password
|
|
180
|
+
* @param name - Optional display name
|
|
181
|
+
* @param request - Incoming HTTP request
|
|
182
|
+
* @returns Result with new user and session cookies
|
|
183
|
+
* @throws Error if sign up fails
|
|
184
|
+
*/
|
|
185
|
+
async signUp(email, password, name, request) {
|
|
186
|
+
const displayName = name ?? email.split("@")[0] ?? "User";
|
|
187
|
+
const headers = request?.headers ?? new Headers();
|
|
188
|
+
const response = await this.auth.api.signUpEmail({
|
|
189
|
+
body: { email, password, name: displayName },
|
|
190
|
+
headers,
|
|
191
|
+
asResponse: true
|
|
192
|
+
});
|
|
193
|
+
if (!response.ok) {
|
|
194
|
+
const errorData = await response.json().catch(() => ({}));
|
|
195
|
+
throw new Error(errorData.message || "Failed to create account");
|
|
196
|
+
}
|
|
197
|
+
const result = await response.json();
|
|
198
|
+
if (!result?.user) {
|
|
199
|
+
throw new Error("Failed to create account");
|
|
200
|
+
}
|
|
201
|
+
const cookies = [];
|
|
202
|
+
const setCookieHeader = response.headers.get("set-cookie");
|
|
203
|
+
if (setCookieHeader) {
|
|
204
|
+
cookies.push(...setCookieHeader.split(/,(?=\s*\w+=)/));
|
|
205
|
+
}
|
|
206
|
+
return {
|
|
207
|
+
user: mapBetterAuthUserToEEUser(result.user),
|
|
208
|
+
token: result.token ?? void 0,
|
|
209
|
+
cookies
|
|
210
|
+
};
|
|
211
|
+
}
|
|
212
|
+
/**
|
|
213
|
+
* Get the underlying Better Auth instance.
|
|
214
|
+
* Useful for accessing Better Auth APIs directly.
|
|
215
|
+
*/
|
|
216
|
+
getAuth() {
|
|
217
|
+
return this.auth;
|
|
218
|
+
}
|
|
219
|
+
/**
|
|
220
|
+
* Get headers to clear the session cookies on logout.
|
|
221
|
+
* Partial ISessionProvider implementation for logout support.
|
|
222
|
+
*
|
|
223
|
+
* Clears Better Auth's default session cookies.
|
|
224
|
+
*/
|
|
225
|
+
getClearSessionHeaders() {
|
|
226
|
+
const cookies = [
|
|
227
|
+
"better-auth.session_token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0",
|
|
228
|
+
"better-auth.session_token_sig=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0"
|
|
229
|
+
];
|
|
230
|
+
return {
|
|
231
|
+
"Set-Cookie": cookies.join(", ")
|
|
232
|
+
};
|
|
233
|
+
}
|
|
199
234
|
};
|
|
200
235
|
|
|
201
236
|
export { MastraAuthBetterAuth };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../packages/core/src/logger/constants.ts","../../../packages/core/src/logger/logger.ts","../../../packages/core/src/logger/default-logger.ts","../../../packages/core/src/base.ts","../../../packages/core/src/server/auth.ts","../src/index.ts"],"names":[],"mappings":";AACO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAYP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACMO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;EAEA,WAAA,CAAY,EAAE,SAAA,EAAW,IAAA,EAAA,EAAyD;AAChF,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACTO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;;;ACAO,IAAM,oBAAA,GAAN,cAAmC,kBAAA,CAAmC;AAAA,EACjE,IAAA;AAAA,EAEV,YAAY,OAAA,EAAsC;AAChD,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,eAAe,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AAEpB,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAA,CAAkB,KAAA,EAAe,OAAA,EAAsD;AAC3F,IAAA,IAAI;AAGF,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAG5B,MAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,MAAA,CAAO,eAAe,CAAA;AACjD,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAA,CAAQ,GAAA,CAAI,iBAAiB,UAAU,CAAA;AAAA,MACzC,WAAW,KAAA,EAAO;AAEhB,QAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,MAChD;AAGA,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAC5C,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,OAAA,CAAQ,GAAA,CAAI,UAAU,YAAY,CAAA;AAAA,MACpC;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,QAC5C;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,MAAA,IAAU,CAAC,OAAO,OAAA,IAAW,CAAC,OAAO,IAAA,EAAM;AAC9C,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO;AAAA,QACL,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,MAAM,MAAA,CAAO;AAAA,OACf;AAAA,IACF,CAAA,CAAA,MAAQ;AAEN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,cAAc,IAAA,EAAwC;AAE1D,IAAA,OAAO,CAAC,CAAC,IAAA,EAAM,OAAA,EAAS,MAAM,CAAC,CAAC,MAAM,IAAA,EAAM,EAAA;AAAA,EAC9C;AACF","file":"index.js","sourcesContent":["// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name || 'Mastra';\n this.level = options.level || LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports || {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId || !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId || !this.transports.has(transportId) || !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR ||\n this.level === LogLevel.WARN ||\n this.level === LogLevel.INFO ||\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n\n constructor({ component, name }: { component?: RegisteredLogger; name?: string }) {\n this.component = component || RegisteredLogger.LLM;\n this.name = name;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /**\n * Set the logger for the agent\n * @param logger\n */\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport * from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> | boolean;\n /**\n * Protected paths for the auth provider\n */\n protected?: MastraAuthConfig['protected'];\n /**\n * Public paths for the auth provider\n */\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /**\n * Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n */\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser | null>;\n\n /**\n * Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> | boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { MastraAuthProviderOptions } from '@mastra/core/server';\nimport { MastraAuthProvider } from '@mastra/core/server';\n\nimport type { Auth, Session, User } from 'better-auth';\nimport type { HonoRequest } from 'hono';\n\n/**\n * User type returned by Better Auth session verification\n */\nexport interface BetterAuthUser {\n session: Session;\n user: User;\n}\n\ninterface MastraAuthBetterAuthOptions extends MastraAuthProviderOptions<BetterAuthUser> {\n /**\n * The Better Auth instance to use for authentication.\n * This should be the result of calling `betterAuth({ ... })`.\n */\n auth: Auth;\n}\n\n/**\n * Mastra authentication provider for Better Auth.\n *\n * Better Auth is a self-hosted, open-source authentication framework\n * that gives you full control over your authentication system.\n *\n * @example\n * ```typescript\n * import { betterAuth } from 'better-auth';\n * import { MastraAuthBetterAuth } from '@mastra/auth-better-auth';\n *\n * // Create your Better Auth instance\n * const auth = betterAuth({\n * database: {\n * provider: 'postgresql',\n * url: process.env.DATABASE_URL!,\n * },\n * emailAndPassword: {\n * enabled: true,\n * },\n * });\n *\n * // Create the Mastra auth provider\n * const mastraAuth = new MastraAuthBetterAuth({\n * auth,\n * });\n *\n * // Use with Mastra\n * const mastra = new Mastra({\n * server: {\n * auth: mastraAuth,\n * },\n * });\n * ```\n *\n * @see https://better-auth.com for Better Auth documentation\n */\nexport class MastraAuthBetterAuth extends MastraAuthProvider<BetterAuthUser> {\n protected auth: Auth;\n\n constructor(options: MastraAuthBetterAuthOptions) {\n super({ name: options?.name ?? 'better-auth' });\n\n if (!options.auth) {\n throw new Error(\n 'Better Auth instance is required. Please provide the auth option with your Better Auth instance created via betterAuth({ ... })',\n );\n }\n\n this.auth = options.auth;\n\n this.registerOptions(options);\n }\n\n /**\n * Authenticate a bearer token by verifying the session with Better Auth.\n *\n * This method extracts the session from the request headers using\n * Better Auth's `api.getSession()` endpoint.\n *\n * @param token - The bearer token (session token) to authenticate\n * @param request - The Hono request object containing headers\n * @returns The authenticated user and session, or null if authentication fails\n */\n async authenticateToken(token: string, request: HonoRequest): Promise<BetterAuthUser | null> {\n try {\n // Better Auth expects the token to be passed via headers\n // We need to construct headers with the Authorization bearer token\n const headers = new Headers();\n\n // Copy relevant headers from the request\n const authHeader = request.header('Authorization');\n if (authHeader) {\n headers.set('Authorization', authHeader);\n } else if (token) {\n // If no auth header but token is provided, set it\n headers.set('Authorization', `Bearer ${token}`);\n }\n\n // Copy cookie header if present (Better Auth can use cookies for sessions)\n const cookieHeader = request.header('Cookie');\n if (cookieHeader) {\n headers.set('Cookie', cookieHeader);\n }\n\n // Use Better Auth's API to get the session\n const result = await this.auth.api.getSession({\n headers,\n });\n\n if (!result || !result.session || !result.user) {\n return null;\n }\n\n return {\n session: result.session,\n user: result.user,\n };\n } catch {\n // Session verification failed\n return null;\n }\n }\n\n /**\n * Authorize a user for access.\n *\n * By default, any authenticated user with a valid session is authorized.\n * You can override this behavior by providing a custom `authorizeUser` function\n * in the constructor options.\n *\n * @param user - The authenticated user and session\n * @returns True if the user is authorized, false otherwise\n */\n async authorizeUser(user: BetterAuthUser): Promise<boolean> {\n // By default, any authenticated user with a valid session is authorized\n return !!user?.session?.id && !!user?.user?.id;\n }\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;AAmBA,SAAS,0BAA0B,IAAA,EAAoB;AACrD,EAAA,OAAO;AAAA,IACL,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,SAAA,EAAW,KAAK,KAAA,IAAS,MAAA;AAAA,IACzB,QAAA,EAAU;AAAA,MACR,eAAe,IAAA,CAAK,aAAA;AAAA,MACpB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK;AAAA;AAClB,GACF;AACF;AAsDO,IAAM,oBAAA,GAAN,cACG,kBAAA,CAEV;AAAA,EACY,IAAA;AAAA,EACA,mBAAA;AAAA,EAEV,YAAY,OAAA,EAAsC;AAChD,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,eAAe,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AACpB,IAAA,IAAA,CAAK,mBAAA,GAAsB,QAAQ,aAAA,IAAiB,IAAA;AAEpD,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,mBAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,eAAe,OAAA,EAA0C;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,QAC5C,SAAS,OAAA,CAAQ;AAAA,OAClB,CAAA;AAED,MAAA,IAAI,CAAC,MAAA,EAAQ,IAAA,EAAM,OAAO,IAAA;AAC1B,MAAA,OAAO,yBAAA,CAA0B,OAAO,IAAI,CAAA;AAAA,IAC9C,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,QAAQ,OAAA,EAAyC;AAIrD,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN;AAAA,KAEF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBAAkB,IAAA,EAAsB;AACtC,IAAA,OAAO,CAAA,SAAA,EAAY,KAAK,EAAE,CAAA,CAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAA,CAAkB,KAAA,EAAe,OAAA,EAAsD;AAC3F,IAAA,IAAI;AAGF,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAG5B,MAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,MAAA,CAAO,eAAe,CAAA;AACjD,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,OAAA,CAAQ,GAAA,CAAI,iBAAiB,UAAU,CAAA;AAAA,MACzC,WAAW,KAAA,EAAO;AAEhB,QAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,MAChD;AAGA,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAC5C,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,OAAA,CAAQ,GAAA,CAAI,UAAU,YAAY,CAAA;AAAA,MACpC;AAGA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,QAC5C;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,MAAA,IAAU,CAAC,OAAO,OAAA,IAAW,CAAC,OAAO,IAAA,EAAM;AAC9C,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO;AAAA,QACL,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,MAAM,MAAA,CAAO;AAAA,OACf;AAAA,IACF,CAAA,CAAA,MAAQ;AAEN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,cAAc,IAAA,EAAwC;AAE1D,IAAA,OAAO,CAAC,CAAC,IAAA,EAAM,OAAA,EAAS,MAAM,CAAC,CAAC,MAAM,IAAA,EAAM,EAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,MAAA,CAAO,KAAA,EAAe,QAAA,EAAkB,OAAA,EAAsD;AAClG,IAAA,MAAM,OAAA,GAAU,OAAA,EAAS,OAAA,IAAW,IAAI,OAAA,EAAQ;AAGhD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,WAAA,CAAY;AAAA,MAC/C,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA,EAAS;AAAA,MACxB,OAAA;AAAA,MACA,UAAA,EAAY;AAAA,KACb,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACzD,MAAA,MAAM,IAAI,KAAA,CAAM,SAAA,CAAU,OAAA,IAAW,2BAA2B,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,MAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAEpC,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,MAAM,eAAA,GAAkB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AACzD,IAAA,IAAI,eAAA,EAAiB;AAEnB,MAAA,OAAA,CAAQ,IAAA,CAAK,GAAG,eAAA,CAAgB,KAAA,CAAM,cAAc,CAAC,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,yBAAA,CAA0B,MAAA,CAAO,IAAI,CAAA;AAAA,MAC3C,KAAA,EAAO,OAAO,KAAA,IAAS,MAAA;AAAA,MACvB;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,MAAA,CACJ,KAAA,EACA,QAAA,EACA,MACA,OAAA,EACoC;AACpC,IAAA,MAAM,cAAc,IAAA,IAAQ,KAAA,CAAM,MAAM,GAAG,CAAA,CAAE,CAAC,CAAA,IAAK,MAAA;AACnD,IAAA,MAAM,OAAA,GAAU,OAAA,EAAS,OAAA,IAAW,IAAI,OAAA,EAAQ;AAGhD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,IAAA,CAAK,IAAI,WAAA,CAAY;AAAA,MAC/C,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA,EAAU,MAAM,WAAA,EAAY;AAAA,MAC3C,OAAA;AAAA,MACA,UAAA,EAAY;AAAA,KACb,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,SAAA,GAAa,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACzD,MAAA,MAAM,IAAI,KAAA,CAAM,SAAA,CAAU,OAAA,IAAW,0BAA0B,CAAA;AAAA,IACjE;AAEA,IAAA,MAAM,MAAA,GAAU,MAAM,QAAA,CAAS,IAAA,EAAK;AAEpC,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,MAAM,0BAA0B,CAAA;AAAA,IAC5C;AAGA,IAAA,MAAM,UAAoB,EAAC;AAC3B,IAAA,MAAM,eAAA,GAAkB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,YAAY,CAAA;AACzD,IAAA,IAAI,eAAA,EAAiB;AAEnB,MAAA,OAAA,CAAQ,IAAA,CAAK,GAAG,eAAA,CAAgB,KAAA,CAAM,cAAc,CAAC,CAAA;AAAA,IACvD;AAEA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,yBAAA,CAA0B,MAAA,CAAO,IAAI,CAAA;AAAA,MAC3C,KAAA,EAAO,OAAO,KAAA,IAAS,MAAA;AAAA,MACvB;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,sBAAA,GAAiD;AAG/C,IAAA,MAAM,OAAA,GAAU;AAAA,MACd,uEAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,OAAO;AAAA,MACL,YAAA,EAAc,OAAA,CAAQ,IAAA,CAAK,IAAI;AAAA,KACjC;AAAA,EACF;AACF","file":"index.js","sourcesContent":["import type { IUserProvider, ICredentialsProvider, EEUser, CredentialsResult } from '@mastra/core/ee';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\nimport { MastraAuthProvider } from '@mastra/core/server';\n\nimport type { Auth, Session, User } from 'better-auth';\nimport type { HonoRequest } from 'hono';\n\n/**\n * User type returned by Better Auth session verification.\n * Used internally for authentication token verification.\n */\nexport interface BetterAuthUser {\n session: Session;\n user: User;\n}\n\n/**\n * Maps Better Auth User to EE User format.\n */\nfunction mapBetterAuthUserToEEUser(user: User): EEUser {\n return {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.image ?? undefined,\n metadata: {\n emailVerified: user.emailVerified,\n createdAt: user.createdAt,\n updatedAt: user.updatedAt,\n },\n };\n}\n\ninterface MastraAuthBetterAuthOptions extends MastraAuthProviderOptions<BetterAuthUser> {\n /**\n * The Better Auth instance to use for authentication.\n * This should be the result of calling `betterAuth({ ... })`.\n */\n auth: Auth;\n\n /**\n * Whether to allow new user registration via sign-up.\n * Set to false to disable public registration.\n * @default true\n */\n signUpEnabled?: boolean;\n}\n\n/**\n * Mastra authentication provider for Better Auth.\n *\n * Better Auth is a self-hosted, open-source authentication framework\n * that gives you full control over your authentication system.\n *\n * @example\n * ```typescript\n * import { betterAuth } from 'better-auth';\n * import { MastraAuthBetterAuth } from '@mastra/auth-better-auth';\n *\n * // Create your Better Auth instance\n * const auth = betterAuth({\n * database: {\n * provider: 'postgresql',\n * url: process.env.DATABASE_URL!,\n * },\n * emailAndPassword: {\n * enabled: true,\n * },\n * });\n *\n * // Create the Mastra auth provider\n * const mastraAuth = new MastraAuthBetterAuth({\n * auth,\n * });\n *\n * // Use with Mastra\n * const mastra = new Mastra({\n * server: {\n * auth: mastraAuth,\n * },\n * });\n * ```\n *\n * @see https://better-auth.com for Better Auth documentation\n */\nexport class MastraAuthBetterAuth\n extends MastraAuthProvider<BetterAuthUser>\n implements IUserProvider<EEUser>, ICredentialsProvider<EEUser>\n{\n protected auth: Auth;\n protected signUpEnabledConfig: boolean;\n\n constructor(options: MastraAuthBetterAuthOptions) {\n super({ name: options?.name ?? 'better-auth' });\n\n if (!options.auth) {\n throw new Error(\n 'Better Auth instance is required. Please provide the auth option with your Better Auth instance created via betterAuth({ ... })',\n );\n }\n\n this.auth = options.auth;\n this.signUpEnabledConfig = options.signUpEnabled ?? true;\n\n this.registerOptions(options);\n }\n\n /**\n * Check if sign-up is enabled.\n * Implements ICredentialsProvider.isSignUpEnabled.\n */\n isSignUpEnabled(): boolean {\n return this.signUpEnabledConfig;\n }\n\n // ============================================\n // IUserProvider implementation (EE capability)\n // License check happens in buildCapabilities()\n // ============================================\n\n /**\n * Get current user from request.\n * Implements IUserProvider for EE user awareness in Studio.\n *\n * @param request - Incoming HTTP request\n * @returns EE User object or null if not authenticated\n */\n async getCurrentUser(request: Request): Promise<EEUser | null> {\n try {\n const result = await this.auth.api.getSession({\n headers: request.headers,\n });\n\n if (!result?.user) return null;\n return mapBetterAuthUserToEEUser(result.user);\n } catch {\n return null;\n }\n }\n\n /**\n * Get user by ID.\n * Implements IUserProvider for EE user awareness.\n *\n * Note: Better Auth doesn't expose a direct getUser API.\n * For full functionality, you may need to implement this using\n * direct database access in a subclass.\n *\n * @param userId - User identifier\n * @returns EE User object or null if not found\n */\n async getUser(_userId: string): Promise<EEUser | null> {\n // Better Auth doesn't have a direct getUser API\n // Users can override this method with their own implementation\n // that queries the database directly\n console.warn(\n '[MastraAuthBetterAuth] getUser() requires direct database access. ' +\n 'Override this method in a subclass for full user lookup support.',\n );\n return null;\n }\n\n /**\n * Get URL to user's profile page.\n * Optional IUserProvider method.\n */\n getUserProfileUrl(user: EEUser): string {\n return `/profile/${user.id}`;\n }\n\n /**\n * Authenticate a bearer token by verifying the session with Better Auth.\n *\n * This method extracts the session from the request headers using\n * Better Auth's `api.getSession()` endpoint.\n *\n * @param token - The bearer token (session token) to authenticate\n * @param request - The Hono request object containing headers\n * @returns The authenticated user and session, or null if authentication fails\n */\n async authenticateToken(token: string, request: HonoRequest): Promise<BetterAuthUser | null> {\n try {\n // Better Auth expects the token to be passed via headers\n // We need to construct headers with the Authorization bearer token\n const headers = new Headers();\n\n // Copy relevant headers from the request\n const authHeader = request.header('Authorization');\n if (authHeader) {\n headers.set('Authorization', authHeader);\n } else if (token) {\n // If no auth header but token is provided, set it\n headers.set('Authorization', `Bearer ${token}`);\n }\n\n // Copy cookie header if present (Better Auth can use cookies for sessions)\n const cookieHeader = request.header('Cookie');\n if (cookieHeader) {\n headers.set('Cookie', cookieHeader);\n }\n\n // Use Better Auth's API to get the session\n const result = await this.auth.api.getSession({\n headers,\n });\n\n if (!result || !result.session || !result.user) {\n return null;\n }\n\n return {\n session: result.session,\n user: result.user,\n };\n } catch {\n // Session verification failed\n return null;\n }\n }\n\n /**\n * Authorize a user for access.\n *\n * By default, any authenticated user with a valid session is authorized.\n * You can override this behavior by providing a custom `authorizeUser` function\n * in the constructor options.\n *\n * @param user - The authenticated user and session\n * @returns True if the user is authorized, false otherwise\n */\n async authorizeUser(user: BetterAuthUser): Promise<boolean> {\n // By default, any authenticated user with a valid session is authorized\n return !!user?.session?.id && !!user?.user?.id;\n }\n\n // ============================================\n // ICredentialsProvider implementation (EE capability)\n // License check happens in buildCapabilities()\n // ============================================\n\n /**\n * Sign in with email and password.\n * Implements ICredentialsProvider for EE credentials auth.\n *\n * @param email - User email\n * @param password - User password\n * @param request - Incoming HTTP request\n * @returns Result with user and session cookies\n * @throws Error if credentials are invalid\n */\n async signIn(email: string, password: string, request: Request): Promise<CredentialsResult<EEUser>> {\n const headers = request?.headers ?? new Headers();\n\n // Use asResponse: true to get the full response with Set-Cookie headers\n const response = await this.auth.api.signInEmail({\n body: { email, password },\n headers,\n asResponse: true,\n });\n\n if (!response.ok) {\n const errorData = (await response.json().catch(() => ({}))) as { message?: string };\n throw new Error(errorData.message || 'Invalid email or password');\n }\n\n const result = (await response.json()) as { user?: User; token?: string | null };\n\n if (!result?.user) {\n throw new Error('Invalid email or password');\n }\n\n // Extract Set-Cookie headers from Better Auth response\n const cookies: string[] = [];\n const setCookieHeader = response.headers.get('set-cookie');\n if (setCookieHeader) {\n // Split multiple cookies (they may be comma-separated or in multiple headers)\n cookies.push(...setCookieHeader.split(/,(?=\\s*\\w+=)/));\n }\n\n return {\n user: mapBetterAuthUserToEEUser(result.user),\n token: result.token ?? undefined,\n cookies,\n };\n }\n\n /**\n * Sign up with email and password.\n * Implements ICredentialsProvider for EE credentials auth.\n *\n * @param email - User email\n * @param password - User password\n * @param name - Optional display name\n * @param request - Incoming HTTP request\n * @returns Result with new user and session cookies\n * @throws Error if sign up fails\n */\n async signUp(\n email: string,\n password: string,\n name: string | undefined,\n request: Request,\n ): Promise<CredentialsResult<EEUser>> {\n const displayName = name ?? email.split('@')[0] ?? 'User';\n const headers = request?.headers ?? new Headers();\n\n // Use asResponse: true to get the full response with Set-Cookie headers\n const response = await this.auth.api.signUpEmail({\n body: { email, password, name: displayName },\n headers,\n asResponse: true,\n });\n\n if (!response.ok) {\n const errorData = (await response.json().catch(() => ({}))) as { message?: string };\n throw new Error(errorData.message || 'Failed to create account');\n }\n\n const result = (await response.json()) as { user?: User; token?: string | null };\n\n if (!result?.user) {\n throw new Error('Failed to create account');\n }\n\n // Extract Set-Cookie headers from Better Auth response\n const cookies: string[] = [];\n const setCookieHeader = response.headers.get('set-cookie');\n if (setCookieHeader) {\n // Split multiple cookies (they may be comma-separated or in multiple headers)\n cookies.push(...setCookieHeader.split(/,(?=\\s*\\w+=)/));\n }\n\n return {\n user: mapBetterAuthUserToEEUser(result.user),\n token: result.token ?? undefined,\n cookies,\n };\n }\n\n /**\n * Get the underlying Better Auth instance.\n * Useful for accessing Better Auth APIs directly.\n */\n getAuth(): Auth {\n return this.auth;\n }\n\n /**\n * Get headers to clear the session cookies on logout.\n * Partial ISessionProvider implementation for logout support.\n *\n * Clears Better Auth's default session cookies.\n */\n getClearSessionHeaders(): Record<string, string> {\n // Better Auth uses these cookie names by default\n // Clear both the session token and its signature cookie\n const cookies = [\n 'better-auth.session_token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',\n 'better-auth.session_token_sig=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0',\n ];\n return {\n 'Set-Cookie': cookies.join(', '),\n };\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mastra/auth-better-auth",
|
|
3
|
-
"version": "0.0.0-
|
|
3
|
+
"version": "0.0.0-auth-and-authz-20260130180831",
|
|
4
4
|
"description": "Mastra Better Auth integration - self-hosted authentication",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -22,18 +22,21 @@
|
|
|
22
22
|
"dependencies": {
|
|
23
23
|
"better-auth": "^1.4.5"
|
|
24
24
|
},
|
|
25
|
+
"peerDependencies": {
|
|
26
|
+
"@mastra/core": "0.0.0-auth-and-authz-20260130180831"
|
|
27
|
+
},
|
|
25
28
|
"devDependencies": {
|
|
26
|
-
"@types/node": "22.
|
|
29
|
+
"@types/node": "22.19.7",
|
|
27
30
|
"hono": "^4.11.3",
|
|
28
31
|
"@vitest/coverage-v8": "4.0.12",
|
|
29
32
|
"@vitest/ui": "4.0.12",
|
|
30
33
|
"eslint": "^9.37.0",
|
|
31
|
-
"tsup": "^8.5.
|
|
34
|
+
"tsup": "^8.5.1",
|
|
32
35
|
"typescript": "^5.9.3",
|
|
33
36
|
"vitest": "4.0.16",
|
|
34
|
-
"@internal/
|
|
35
|
-
"@internal/
|
|
36
|
-
"@mastra/core": "0.0.0-
|
|
37
|
+
"@internal/lint": "0.0.0-auth-and-authz-20260130180831",
|
|
38
|
+
"@internal/types-builder": "0.0.0-auth-and-authz-20260130180831",
|
|
39
|
+
"@mastra/core": "0.0.0-auth-and-authz-20260130180831"
|
|
37
40
|
},
|
|
38
41
|
"files": [
|
|
39
42
|
"dist",
|