@meistrari/auth-core 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.mts +778 -210
  2. package/dist/index.d.ts +778 -210
  3. package/dist/index.mjs +88 -36
  4. package/package.json +30 -29
package/dist/index.d.ts CHANGED
@@ -1,42 +1,198 @@
1
+ import * as better_auth_client from 'better-auth/client';
2
+ import { BetterFetchOption } from 'better-auth/client';
3
+ export { BetterFetchError as APIError } from 'better-auth/client';
1
4
  import * as better_auth from 'better-auth';
5
+ import { JWTPayload } from 'better-auth';
2
6
  import * as better_auth_plugins from 'better-auth/plugins';
3
7
  import * as jose from 'jose';
4
8
  import * as _better_auth_sso from '@better-auth/sso';
5
- import * as _better_fetch_fetch from '@better-fetch/fetch';
6
9
  import * as nanostores from 'nanostores';
10
+ import * as _better_fetch_fetch from '@better-fetch/fetch';
7
11
  import * as better_auth_client_plugins from 'better-auth/client/plugins';
8
- import * as better_auth_client from 'better-auth/client';
9
- import { BetterFetchError } from 'better-auth/client';
10
- export { BetterFetchError as APIError } from 'better-auth/client';
11
12
 
12
- declare class BaseError extends Error {
13
- code: string;
14
- constructor(code: string, message: string, options?: ErrorOptions);
15
- }
16
-
17
- /**
18
- * Error thrown when an invalid social provider is specified.
19
- */
20
- declare class InvalidSocialProvider extends BaseError {
21
- constructor(message: string);
22
- }
13
+ declare const ac: {
14
+ newRole<K extends "member" | "access" | "organization" | "invitation" | "team" | "ac">(statements: better_auth_client.Subset<K, {
15
+ access: string[];
16
+ organization: readonly ["update", "delete"];
17
+ member: readonly ["create", "update", "delete"];
18
+ invitation: readonly ["create", "cancel"];
19
+ team: readonly ["create", "update", "delete"];
20
+ ac: readonly ["create", "read", "update", "delete"];
21
+ }>): {
22
+ authorize<K_1 extends K>(request: K_1 extends infer T extends K_2 ? { [key in T]?: better_auth_client.Subset<K, {
23
+ access: string[];
24
+ organization: readonly ["update", "delete"];
25
+ member: readonly ["create", "update", "delete"];
26
+ invitation: readonly ["create", "cancel"];
27
+ team: readonly ["create", "update", "delete"];
28
+ ac: readonly ["create", "read", "update", "delete"];
29
+ }>[key] | {
30
+ actions: better_auth_client.Subset<K, {
31
+ access: string[];
32
+ organization: readonly ["update", "delete"];
33
+ member: readonly ["create", "update", "delete"];
34
+ invitation: readonly ["create", "cancel"];
35
+ team: readonly ["create", "update", "delete"];
36
+ ac: readonly ["create", "read", "update", "delete"];
37
+ }>[key];
38
+ connector: "OR" | "AND";
39
+ } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
40
+ statements: better_auth_client.Subset<K, {
41
+ access: string[];
42
+ organization: readonly ["update", "delete"];
43
+ member: readonly ["create", "update", "delete"];
44
+ invitation: readonly ["create", "cancel"];
45
+ team: readonly ["create", "update", "delete"];
46
+ ac: readonly ["create", "read", "update", "delete"];
47
+ }>;
48
+ };
49
+ statements: {
50
+ access: string[];
51
+ organization: readonly ["update", "delete"];
52
+ member: readonly ["create", "update", "delete"];
53
+ invitation: readonly ["create", "cancel"];
54
+ team: readonly ["create", "update", "delete"];
55
+ ac: readonly ["create", "read", "update", "delete"];
56
+ };
57
+ };
23
58
  /**
24
- * Error thrown when an invalid callback URL is provided.
59
+ * Predefined organization roles.
25
60
  *
26
- * This error occurs when the callback URL or error callback URL
27
- * is malformed or not a valid URL.
61
+ * @example
62
+ * ```typescript
63
+ * import { Roles } from '@meistrari/auth-core'
64
+ *
65
+ * // Invite user with specific role
66
+ * await authClient.organization.inviteUserToOrganization({
67
+ * userEmail: 'user@example.com',
68
+ * role: Roles.ORG_ADMIN
69
+ * })
70
+ * ```
28
71
  */
29
- declare class InvalidCallbackURL extends BaseError {
30
- constructor(message: string);
31
- }
72
+ declare const Roles: {
73
+ readonly ORG_ADMIN: "org:admin";
74
+ readonly ORG_MEMBER: "org:member";
75
+ readonly ORG_REVIEWER: "org:reviewer";
76
+ };
32
77
  /**
33
- * Error thrown when an email is required but not provided.
78
+ * Type representing a valid organization role.
34
79
  */
35
- declare class EmailRequired extends BaseError {
36
- constructor(message: string);
37
- }
80
+ type Role = typeof Roles[keyof typeof Roles];
81
+ declare const rolesAccessControl: {
82
+ "org:admin": {
83
+ authorize<K_1 extends "member" | "access" | "organization" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_client.Subset<"member" | "access" | "organization" | "invitation" | "team", {
84
+ access: string[];
85
+ organization: readonly ["update", "delete"];
86
+ member: readonly ["create", "update", "delete"];
87
+ invitation: readonly ["create", "cancel"];
88
+ team: readonly ["create", "update", "delete"];
89
+ ac: readonly ["create", "read", "update", "delete"];
90
+ }>[key] | {
91
+ actions: better_auth_client.Subset<"member" | "access" | "organization" | "invitation" | "team", {
92
+ access: string[];
93
+ organization: readonly ["update", "delete"];
94
+ member: readonly ["create", "update", "delete"];
95
+ invitation: readonly ["create", "cancel"];
96
+ team: readonly ["create", "update", "delete"];
97
+ ac: readonly ["create", "read", "update", "delete"];
98
+ }>[key];
99
+ connector: "OR" | "AND";
100
+ } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
101
+ statements: better_auth_client.Subset<"member" | "access" | "organization" | "invitation" | "team", {
102
+ access: string[];
103
+ organization: readonly ["update", "delete"];
104
+ member: readonly ["create", "update", "delete"];
105
+ invitation: readonly ["create", "cancel"];
106
+ team: readonly ["create", "update", "delete"];
107
+ ac: readonly ["create", "read", "update", "delete"];
108
+ }>;
109
+ };
110
+ "org:member": {
111
+ authorize<K_1 extends "access">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_client.Subset<"access", {
112
+ access: string[];
113
+ organization: readonly ["update", "delete"];
114
+ member: readonly ["create", "update", "delete"];
115
+ invitation: readonly ["create", "cancel"];
116
+ team: readonly ["create", "update", "delete"];
117
+ ac: readonly ["create", "read", "update", "delete"];
118
+ }>[key] | {
119
+ actions: better_auth_client.Subset<"access", {
120
+ access: string[];
121
+ organization: readonly ["update", "delete"];
122
+ member: readonly ["create", "update", "delete"];
123
+ invitation: readonly ["create", "cancel"];
124
+ team: readonly ["create", "update", "delete"];
125
+ ac: readonly ["create", "read", "update", "delete"];
126
+ }>[key];
127
+ connector: "OR" | "AND";
128
+ } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
129
+ statements: better_auth_client.Subset<"access", {
130
+ access: string[];
131
+ organization: readonly ["update", "delete"];
132
+ member: readonly ["create", "update", "delete"];
133
+ invitation: readonly ["create", "cancel"];
134
+ team: readonly ["create", "update", "delete"];
135
+ ac: readonly ["create", "read", "update", "delete"];
136
+ }>;
137
+ };
138
+ "org:reviewer": {
139
+ authorize<K_1 extends "access">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_client.Subset<"access", {
140
+ access: string[];
141
+ organization: readonly ["update", "delete"];
142
+ member: readonly ["create", "update", "delete"];
143
+ invitation: readonly ["create", "cancel"];
144
+ team: readonly ["create", "update", "delete"];
145
+ ac: readonly ["create", "read", "update", "delete"];
146
+ }>[key] | {
147
+ actions: better_auth_client.Subset<"access", {
148
+ access: string[];
149
+ organization: readonly ["update", "delete"];
150
+ member: readonly ["create", "update", "delete"];
151
+ invitation: readonly ["create", "cancel"];
152
+ team: readonly ["create", "update", "delete"];
153
+ ac: readonly ["create", "read", "update", "delete"];
154
+ }>[key];
155
+ connector: "OR" | "AND";
156
+ } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
157
+ statements: better_auth_client.Subset<"access", {
158
+ access: string[];
159
+ organization: readonly ["update", "delete"];
160
+ member: readonly ["create", "update", "delete"];
161
+ invitation: readonly ["create", "cancel"];
162
+ team: readonly ["create", "update", "delete"];
163
+ ac: readonly ["create", "read", "update", "delete"];
164
+ }>;
165
+ };
166
+ };
167
+ declare const userAdditionalFields: {
168
+ lastActiveAt: {
169
+ type: "date";
170
+ required: false;
171
+ defaultValue: null;
172
+ };
173
+ };
174
+ declare const organizationAdditionalFields: {
175
+ settings: {
176
+ type: "json";
177
+ input: true;
178
+ required: false;
179
+ };
180
+ };
181
+ type JWTTokenPayload = JWTPayload & {
182
+ email: string;
183
+ user: {
184
+ id: string;
185
+ name: string;
186
+ image: string | null | undefined;
187
+ role: string | null;
188
+ };
189
+ workspace: {
190
+ id: string;
191
+ title: string;
192
+ };
193
+ };
38
194
 
39
- declare function createAPIClient(apiUrl: string, headers?: Record<string, string>): {
195
+ declare function createAPIClient(apiUrl: string, fetchOptions?: BetterFetchOption): {
40
196
  useActiveOrganization: nanostores.PreinitializedWritableAtom<{
41
197
  data: better_auth_client_plugins.Prettify<{
42
198
  id: string;
@@ -72,7 +228,7 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
72
228
  teamId?: string | undefined | undefined;
73
229
  }[];
74
230
  }> | null;
75
- error: null | BetterFetchError;
231
+ error: null | _better_fetch_fetch.BetterFetchError;
76
232
  isPending: boolean;
77
233
  isRefetching: boolean;
78
234
  refetch: (queryParams?: {
@@ -88,7 +244,7 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
88
244
  logo?: string | null | undefined | undefined;
89
245
  metadata?: any;
90
246
  }[] | null;
91
- error: null | BetterFetchError;
247
+ error: null | _better_fetch_fetch.BetterFetchError;
92
248
  isPending: boolean;
93
249
  isRefetching: boolean;
94
250
  refetch: (queryParams?: {
@@ -103,7 +259,7 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
103
259
  role: string;
104
260
  createdAt: Date;
105
261
  } | null;
106
- error: null | BetterFetchError;
262
+ error: null | _better_fetch_fetch.BetterFetchError;
107
263
  isPending: boolean;
108
264
  isRefetching: boolean;
109
265
  refetch: (queryParams?: {
@@ -114,7 +270,7 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
114
270
  data: {
115
271
  role: string;
116
272
  } | null;
117
- error: null | BetterFetchError;
273
+ error: null | _better_fetch_fetch.BetterFetchError;
118
274
  isPending: boolean;
119
275
  isRefetching: boolean;
120
276
  refetch: (queryParams?: {
@@ -144,6 +300,43 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
144
300
  };
145
301
  };
146
302
  };
303
+ } & {
304
+ handshake: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: better_auth_client_plugins.Prettify<{
305
+ query?: Record<string, any> | undefined;
306
+ fetchOptions?: FetchOptions | undefined;
307
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
308
+ status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_auth.Status;
309
+ body: ({
310
+ message?: string;
311
+ code?: string;
312
+ cause?: unknown;
313
+ } & Record<string, any>) | undefined;
314
+ headers: HeadersInit;
315
+ statusCode: number;
316
+ name: string;
317
+ message: string;
318
+ stack?: string;
319
+ cause?: unknown;
320
+ }, {
321
+ code?: string | undefined;
322
+ message?: string | undefined;
323
+ }, FetchOptions["throw"] extends true ? true : true>>;
324
+ } & {
325
+ handshake: {
326
+ noncePayload: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<{
327
+ nonce: string;
328
+ }> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
329
+ query: {
330
+ nonce: string;
331
+ };
332
+ fetchOptions?: FetchOptions | undefined;
333
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
334
+ token: string;
335
+ }, {
336
+ code?: string | undefined;
337
+ message?: string | undefined;
338
+ }, FetchOptions["throw"] extends true ? true : true>>;
339
+ };
147
340
  } & {
148
341
  organization: {
149
342
  create: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
@@ -1395,6 +1588,208 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
1395
1588
  code?: string | undefined;
1396
1589
  message?: string | undefined;
1397
1590
  }, FetchOptions["throw"] extends true ? true : true>>;
1591
+ } & {
1592
+ apiKey: {
1593
+ create: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
1594
+ name?: string | undefined;
1595
+ expiresIn?: number | null | undefined;
1596
+ userId?: unknown;
1597
+ prefix?: string | undefined;
1598
+ remaining?: number | null | undefined;
1599
+ metadata?: any;
1600
+ refillAmount?: number | undefined;
1601
+ refillInterval?: number | undefined;
1602
+ rateLimitTimeWindow?: number | undefined;
1603
+ rateLimitMax?: number | undefined;
1604
+ rateLimitEnabled?: boolean | undefined;
1605
+ permissions?: Record<string, string[]> | undefined;
1606
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: better_auth_client_plugins.Prettify<{
1607
+ name?: string | undefined;
1608
+ expiresIn?: number | null | undefined;
1609
+ userId?: unknown;
1610
+ prefix?: string | undefined;
1611
+ remaining?: number | null | undefined;
1612
+ metadata?: any;
1613
+ refillAmount?: number | undefined;
1614
+ refillInterval?: number | undefined;
1615
+ rateLimitTimeWindow?: number | undefined;
1616
+ rateLimitMax?: number | undefined;
1617
+ rateLimitEnabled?: boolean | undefined;
1618
+ permissions?: Record<string, string[]> | undefined;
1619
+ } & {
1620
+ fetchOptions?: FetchOptions | undefined;
1621
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
1622
+ key: string;
1623
+ metadata: any;
1624
+ permissions: any;
1625
+ id: string;
1626
+ name: string | null;
1627
+ start: string | null;
1628
+ prefix: string | null;
1629
+ userId: string;
1630
+ refillInterval: number | null;
1631
+ refillAmount: number | null;
1632
+ lastRefillAt: Date | null;
1633
+ enabled: boolean;
1634
+ rateLimitEnabled: boolean;
1635
+ rateLimitTimeWindow: number | null;
1636
+ rateLimitMax: number | null;
1637
+ requestCount: number;
1638
+ remaining: number | null;
1639
+ lastRequest: Date | null;
1640
+ expiresAt: Date | null;
1641
+ createdAt: Date;
1642
+ updatedAt: Date;
1643
+ }, {
1644
+ code?: string | undefined;
1645
+ message?: string | undefined;
1646
+ }, FetchOptions["throw"] extends true ? true : true>>;
1647
+ };
1648
+ } & {
1649
+ apiKey: {
1650
+ get: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<{
1651
+ id: string;
1652
+ }> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
1653
+ query: {
1654
+ id: string;
1655
+ };
1656
+ fetchOptions?: FetchOptions | undefined;
1657
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
1658
+ permissions: {
1659
+ [key: string]: string[];
1660
+ } | null;
1661
+ id: string;
1662
+ name: string | null;
1663
+ start: string | null;
1664
+ prefix: string | null;
1665
+ userId: string;
1666
+ refillInterval: number | null;
1667
+ refillAmount: number | null;
1668
+ lastRefillAt: Date | null;
1669
+ enabled: boolean;
1670
+ rateLimitEnabled: boolean;
1671
+ rateLimitTimeWindow: number | null;
1672
+ rateLimitMax: number | null;
1673
+ requestCount: number;
1674
+ remaining: number | null;
1675
+ lastRequest: Date | null;
1676
+ expiresAt: Date | null;
1677
+ createdAt: Date;
1678
+ updatedAt: Date;
1679
+ metadata: Record<string, any> | null;
1680
+ }, {
1681
+ code?: string | undefined;
1682
+ message?: string | undefined;
1683
+ }, FetchOptions["throw"] extends true ? true : true>>;
1684
+ };
1685
+ } & {
1686
+ apiKey: {
1687
+ update: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
1688
+ keyId: string;
1689
+ userId?: unknown;
1690
+ name?: string | undefined;
1691
+ enabled?: boolean | undefined;
1692
+ remaining?: number | undefined;
1693
+ refillAmount?: number | undefined;
1694
+ refillInterval?: number | undefined;
1695
+ metadata?: any;
1696
+ expiresIn?: number | null | undefined;
1697
+ rateLimitEnabled?: boolean | undefined;
1698
+ rateLimitTimeWindow?: number | undefined;
1699
+ rateLimitMax?: number | undefined;
1700
+ permissions?: Record<string, string[]> | null | undefined;
1701
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
1702
+ keyId: string;
1703
+ userId?: unknown;
1704
+ name?: string | undefined;
1705
+ enabled?: boolean | undefined;
1706
+ remaining?: number | undefined;
1707
+ refillAmount?: number | undefined;
1708
+ refillInterval?: number | undefined;
1709
+ metadata?: any;
1710
+ expiresIn?: number | null | undefined;
1711
+ rateLimitEnabled?: boolean | undefined;
1712
+ rateLimitTimeWindow?: number | undefined;
1713
+ rateLimitMax?: number | undefined;
1714
+ permissions?: Record<string, string[]> | null | undefined;
1715
+ } & {
1716
+ fetchOptions?: FetchOptions | undefined;
1717
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
1718
+ permissions: {
1719
+ [key: string]: string[];
1720
+ } | null;
1721
+ id: string;
1722
+ name: string | null;
1723
+ start: string | null;
1724
+ prefix: string | null;
1725
+ userId: string;
1726
+ refillInterval: number | null;
1727
+ refillAmount: number | null;
1728
+ lastRefillAt: Date | null;
1729
+ enabled: boolean;
1730
+ rateLimitEnabled: boolean;
1731
+ rateLimitTimeWindow: number | null;
1732
+ rateLimitMax: number | null;
1733
+ requestCount: number;
1734
+ remaining: number | null;
1735
+ lastRequest: Date | null;
1736
+ expiresAt: Date | null;
1737
+ createdAt: Date;
1738
+ updatedAt: Date;
1739
+ metadata: Record<string, any> | null;
1740
+ }, {
1741
+ code?: string | undefined;
1742
+ message?: string | undefined;
1743
+ }, FetchOptions["throw"] extends true ? true : true>>;
1744
+ };
1745
+ } & {
1746
+ apiKey: {
1747
+ delete: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
1748
+ keyId: string;
1749
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
1750
+ keyId: string;
1751
+ } & {
1752
+ fetchOptions?: FetchOptions | undefined;
1753
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
1754
+ success: boolean;
1755
+ }, {
1756
+ code?: string | undefined;
1757
+ message?: string | undefined;
1758
+ }, FetchOptions["throw"] extends true ? true : true>>;
1759
+ };
1760
+ } & {
1761
+ apiKey: {
1762
+ list: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: better_auth_client_plugins.Prettify<{
1763
+ query?: Record<string, any> | undefined;
1764
+ fetchOptions?: FetchOptions | undefined;
1765
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
1766
+ permissions: {
1767
+ [key: string]: string[];
1768
+ } | null;
1769
+ id: string;
1770
+ name: string | null;
1771
+ start: string | null;
1772
+ prefix: string | null;
1773
+ userId: string;
1774
+ refillInterval: number | null;
1775
+ refillAmount: number | null;
1776
+ lastRefillAt: Date | null;
1777
+ enabled: boolean;
1778
+ rateLimitEnabled: boolean;
1779
+ rateLimitTimeWindow: number | null;
1780
+ rateLimitMax: number | null;
1781
+ requestCount: number;
1782
+ remaining: number | null;
1783
+ lastRequest: Date | null;
1784
+ expiresAt: Date | null;
1785
+ createdAt: Date;
1786
+ updatedAt: Date;
1787
+ metadata: Record<string, any> | null;
1788
+ }[], {
1789
+ code?: string | undefined;
1790
+ message?: string | undefined;
1791
+ }, FetchOptions["throw"] extends true ? true : true>>;
1792
+ };
1398
1793
  } & {
1399
1794
  admin: {
1400
1795
  setRole: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
@@ -2429,7 +2824,7 @@ declare function createAPIClient(apiUrl: string, headers?: Record<string, string
2429
2824
  impersonatedBy?: string | null | undefined;
2430
2825
  };
2431
2826
  };
2432
- error: BetterFetchError | null;
2827
+ error: _better_fetch_fetch.BetterFetchError | null;
2433
2828
  isPending: boolean;
2434
2829
  }>;
2435
2830
  $fetch: _better_fetch_fetch.BetterFetch<{
@@ -2606,7 +3001,7 @@ declare const stub: {
2606
3001
  teamId?: string | undefined | undefined;
2607
3002
  }[];
2608
3003
  }> | null;
2609
- error: null | BetterFetchError;
3004
+ error: null | _better_fetch_fetch.BetterFetchError;
2610
3005
  isPending: boolean;
2611
3006
  isRefetching: boolean;
2612
3007
  refetch: (queryParams?: {
@@ -2622,7 +3017,7 @@ declare const stub: {
2622
3017
  logo?: string | null | undefined | undefined;
2623
3018
  metadata?: any;
2624
3019
  }[] | null;
2625
- error: null | BetterFetchError;
3020
+ error: null | _better_fetch_fetch.BetterFetchError;
2626
3021
  isPending: boolean;
2627
3022
  isRefetching: boolean;
2628
3023
  refetch: (queryParams?: {
@@ -2637,7 +3032,7 @@ declare const stub: {
2637
3032
  role: string;
2638
3033
  createdAt: Date;
2639
3034
  } | null;
2640
- error: null | BetterFetchError;
3035
+ error: null | _better_fetch_fetch.BetterFetchError;
2641
3036
  isPending: boolean;
2642
3037
  isRefetching: boolean;
2643
3038
  refetch: (queryParams?: {
@@ -2648,7 +3043,7 @@ declare const stub: {
2648
3043
  data: {
2649
3044
  role: string;
2650
3045
  } | null;
2651
- error: null | BetterFetchError;
3046
+ error: null | _better_fetch_fetch.BetterFetchError;
2652
3047
  isPending: boolean;
2653
3048
  isRefetching: boolean;
2654
3049
  refetch: (queryParams?: {
@@ -2678,6 +3073,43 @@ declare const stub: {
2678
3073
  };
2679
3074
  };
2680
3075
  };
3076
+ } & {
3077
+ handshake: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: better_auth_client_plugins.Prettify<{
3078
+ query?: Record<string, any> | undefined;
3079
+ fetchOptions?: FetchOptions | undefined;
3080
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
3081
+ status: ("OK" | "CREATED" | "ACCEPTED" | "NO_CONTENT" | "MULTIPLE_CHOICES" | "MOVED_PERMANENTLY" | "FOUND" | "SEE_OTHER" | "NOT_MODIFIED" | "TEMPORARY_REDIRECT" | "BAD_REQUEST" | "UNAUTHORIZED" | "PAYMENT_REQUIRED" | "FORBIDDEN" | "NOT_FOUND" | "METHOD_NOT_ALLOWED" | "NOT_ACCEPTABLE" | "PROXY_AUTHENTICATION_REQUIRED" | "REQUEST_TIMEOUT" | "CONFLICT" | "GONE" | "LENGTH_REQUIRED" | "PRECONDITION_FAILED" | "PAYLOAD_TOO_LARGE" | "URI_TOO_LONG" | "UNSUPPORTED_MEDIA_TYPE" | "RANGE_NOT_SATISFIABLE" | "EXPECTATION_FAILED" | "I'M_A_TEAPOT" | "MISDIRECTED_REQUEST" | "UNPROCESSABLE_ENTITY" | "LOCKED" | "FAILED_DEPENDENCY" | "TOO_EARLY" | "UPGRADE_REQUIRED" | "PRECONDITION_REQUIRED" | "TOO_MANY_REQUESTS" | "REQUEST_HEADER_FIELDS_TOO_LARGE" | "UNAVAILABLE_FOR_LEGAL_REASONS" | "INTERNAL_SERVER_ERROR" | "NOT_IMPLEMENTED" | "BAD_GATEWAY" | "SERVICE_UNAVAILABLE" | "GATEWAY_TIMEOUT" | "HTTP_VERSION_NOT_SUPPORTED" | "VARIANT_ALSO_NEGOTIATES" | "INSUFFICIENT_STORAGE" | "LOOP_DETECTED" | "NOT_EXTENDED" | "NETWORK_AUTHENTICATION_REQUIRED") | better_auth.Status;
3082
+ body: ({
3083
+ message?: string;
3084
+ code?: string;
3085
+ cause?: unknown;
3086
+ } & Record<string, any>) | undefined;
3087
+ headers: HeadersInit;
3088
+ statusCode: number;
3089
+ name: string;
3090
+ message: string;
3091
+ stack?: string;
3092
+ cause?: unknown;
3093
+ }, {
3094
+ code?: string | undefined;
3095
+ message?: string | undefined;
3096
+ }, FetchOptions["throw"] extends true ? true : true>>;
3097
+ } & {
3098
+ handshake: {
3099
+ noncePayload: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<{
3100
+ nonce: string;
3101
+ }> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
3102
+ query: {
3103
+ nonce: string;
3104
+ };
3105
+ fetchOptions?: FetchOptions | undefined;
3106
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
3107
+ token: string;
3108
+ }, {
3109
+ code?: string | undefined;
3110
+ message?: string | undefined;
3111
+ }, FetchOptions["throw"] extends true ? true : true>>;
3112
+ };
2681
3113
  } & {
2682
3114
  organization: {
2683
3115
  create: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
@@ -3929,6 +4361,208 @@ declare const stub: {
3929
4361
  code?: string | undefined;
3930
4362
  message?: string | undefined;
3931
4363
  }, FetchOptions["throw"] extends true ? true : true>>;
4364
+ } & {
4365
+ apiKey: {
4366
+ create: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
4367
+ name?: string | undefined;
4368
+ expiresIn?: number | null | undefined;
4369
+ userId?: unknown;
4370
+ prefix?: string | undefined;
4371
+ remaining?: number | null | undefined;
4372
+ metadata?: any;
4373
+ refillAmount?: number | undefined;
4374
+ refillInterval?: number | undefined;
4375
+ rateLimitTimeWindow?: number | undefined;
4376
+ rateLimitMax?: number | undefined;
4377
+ rateLimitEnabled?: boolean | undefined;
4378
+ permissions?: Record<string, string[]> | undefined;
4379
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: better_auth_client_plugins.Prettify<{
4380
+ name?: string | undefined;
4381
+ expiresIn?: number | null | undefined;
4382
+ userId?: unknown;
4383
+ prefix?: string | undefined;
4384
+ remaining?: number | null | undefined;
4385
+ metadata?: any;
4386
+ refillAmount?: number | undefined;
4387
+ refillInterval?: number | undefined;
4388
+ rateLimitTimeWindow?: number | undefined;
4389
+ rateLimitMax?: number | undefined;
4390
+ rateLimitEnabled?: boolean | undefined;
4391
+ permissions?: Record<string, string[]> | undefined;
4392
+ } & {
4393
+ fetchOptions?: FetchOptions | undefined;
4394
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
4395
+ key: string;
4396
+ metadata: any;
4397
+ permissions: any;
4398
+ id: string;
4399
+ name: string | null;
4400
+ start: string | null;
4401
+ prefix: string | null;
4402
+ userId: string;
4403
+ refillInterval: number | null;
4404
+ refillAmount: number | null;
4405
+ lastRefillAt: Date | null;
4406
+ enabled: boolean;
4407
+ rateLimitEnabled: boolean;
4408
+ rateLimitTimeWindow: number | null;
4409
+ rateLimitMax: number | null;
4410
+ requestCount: number;
4411
+ remaining: number | null;
4412
+ lastRequest: Date | null;
4413
+ expiresAt: Date | null;
4414
+ createdAt: Date;
4415
+ updatedAt: Date;
4416
+ }, {
4417
+ code?: string | undefined;
4418
+ message?: string | undefined;
4419
+ }, FetchOptions["throw"] extends true ? true : true>>;
4420
+ };
4421
+ } & {
4422
+ apiKey: {
4423
+ get: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<{
4424
+ id: string;
4425
+ }> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
4426
+ query: {
4427
+ id: string;
4428
+ };
4429
+ fetchOptions?: FetchOptions | undefined;
4430
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
4431
+ permissions: {
4432
+ [key: string]: string[];
4433
+ } | null;
4434
+ id: string;
4435
+ name: string | null;
4436
+ start: string | null;
4437
+ prefix: string | null;
4438
+ userId: string;
4439
+ refillInterval: number | null;
4440
+ refillAmount: number | null;
4441
+ lastRefillAt: Date | null;
4442
+ enabled: boolean;
4443
+ rateLimitEnabled: boolean;
4444
+ rateLimitTimeWindow: number | null;
4445
+ rateLimitMax: number | null;
4446
+ requestCount: number;
4447
+ remaining: number | null;
4448
+ lastRequest: Date | null;
4449
+ expiresAt: Date | null;
4450
+ createdAt: Date;
4451
+ updatedAt: Date;
4452
+ metadata: Record<string, any> | null;
4453
+ }, {
4454
+ code?: string | undefined;
4455
+ message?: string | undefined;
4456
+ }, FetchOptions["throw"] extends true ? true : true>>;
4457
+ };
4458
+ } & {
4459
+ apiKey: {
4460
+ update: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
4461
+ keyId: string;
4462
+ userId?: unknown;
4463
+ name?: string | undefined;
4464
+ enabled?: boolean | undefined;
4465
+ remaining?: number | undefined;
4466
+ refillAmount?: number | undefined;
4467
+ refillInterval?: number | undefined;
4468
+ metadata?: any;
4469
+ expiresIn?: number | null | undefined;
4470
+ rateLimitEnabled?: boolean | undefined;
4471
+ rateLimitTimeWindow?: number | undefined;
4472
+ rateLimitMax?: number | undefined;
4473
+ permissions?: Record<string, string[]> | null | undefined;
4474
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
4475
+ keyId: string;
4476
+ userId?: unknown;
4477
+ name?: string | undefined;
4478
+ enabled?: boolean | undefined;
4479
+ remaining?: number | undefined;
4480
+ refillAmount?: number | undefined;
4481
+ refillInterval?: number | undefined;
4482
+ metadata?: any;
4483
+ expiresIn?: number | null | undefined;
4484
+ rateLimitEnabled?: boolean | undefined;
4485
+ rateLimitTimeWindow?: number | undefined;
4486
+ rateLimitMax?: number | undefined;
4487
+ permissions?: Record<string, string[]> | null | undefined;
4488
+ } & {
4489
+ fetchOptions?: FetchOptions | undefined;
4490
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
4491
+ permissions: {
4492
+ [key: string]: string[];
4493
+ } | null;
4494
+ id: string;
4495
+ name: string | null;
4496
+ start: string | null;
4497
+ prefix: string | null;
4498
+ userId: string;
4499
+ refillInterval: number | null;
4500
+ refillAmount: number | null;
4501
+ lastRefillAt: Date | null;
4502
+ enabled: boolean;
4503
+ rateLimitEnabled: boolean;
4504
+ rateLimitTimeWindow: number | null;
4505
+ rateLimitMax: number | null;
4506
+ requestCount: number;
4507
+ remaining: number | null;
4508
+ lastRequest: Date | null;
4509
+ expiresAt: Date | null;
4510
+ createdAt: Date;
4511
+ updatedAt: Date;
4512
+ metadata: Record<string, any> | null;
4513
+ }, {
4514
+ code?: string | undefined;
4515
+ message?: string | undefined;
4516
+ }, FetchOptions["throw"] extends true ? true : true>>;
4517
+ };
4518
+ } & {
4519
+ apiKey: {
4520
+ delete: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
4521
+ keyId: string;
4522
+ }> & Record<string, any>, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0: better_auth_client_plugins.Prettify<{
4523
+ keyId: string;
4524
+ } & {
4525
+ fetchOptions?: FetchOptions | undefined;
4526
+ }>, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
4527
+ success: boolean;
4528
+ }, {
4529
+ code?: string | undefined;
4530
+ message?: string | undefined;
4531
+ }, FetchOptions["throw"] extends true ? true : true>>;
4532
+ };
4533
+ } & {
4534
+ apiKey: {
4535
+ list: <FetchOptions extends better_auth.ClientFetchOption<never, Partial<Record<string, any>> & Record<string, any>, Record<string, any> | undefined>>(data_0?: better_auth_client_plugins.Prettify<{
4536
+ query?: Record<string, any> | undefined;
4537
+ fetchOptions?: FetchOptions | undefined;
4538
+ }> | undefined, data_1?: FetchOptions | undefined) => Promise<_better_fetch_fetch.BetterFetchResponse<{
4539
+ permissions: {
4540
+ [key: string]: string[];
4541
+ } | null;
4542
+ id: string;
4543
+ name: string | null;
4544
+ start: string | null;
4545
+ prefix: string | null;
4546
+ userId: string;
4547
+ refillInterval: number | null;
4548
+ refillAmount: number | null;
4549
+ lastRefillAt: Date | null;
4550
+ enabled: boolean;
4551
+ rateLimitEnabled: boolean;
4552
+ rateLimitTimeWindow: number | null;
4553
+ rateLimitMax: number | null;
4554
+ requestCount: number;
4555
+ remaining: number | null;
4556
+ lastRequest: Date | null;
4557
+ expiresAt: Date | null;
4558
+ createdAt: Date;
4559
+ updatedAt: Date;
4560
+ metadata: Record<string, any> | null;
4561
+ }[], {
4562
+ code?: string | undefined;
4563
+ message?: string | undefined;
4564
+ }, FetchOptions["throw"] extends true ? true : true>>;
4565
+ };
3932
4566
  } & {
3933
4567
  admin: {
3934
4568
  setRole: <FetchOptions extends better_auth.ClientFetchOption<Partial<{
@@ -4963,7 +5597,7 @@ declare const stub: {
4963
5597
  impersonatedBy?: string | null | undefined;
4964
5598
  };
4965
5599
  };
4966
- error: BetterFetchError | null;
5600
+ error: _better_fetch_fetch.BetterFetchError | null;
4967
5601
  isPending: boolean;
4968
5602
  }>;
4969
5603
  $fetch: _better_fetch_fetch.BetterFetch<{
@@ -5133,175 +5767,6 @@ type TeamMember = {
5133
5767
  createdAt: Date;
5134
5768
  };
5135
5769
 
5136
- declare const ac: {
5137
- newRole<K extends "member" | "access" | "organization" | "invitation" | "team" | "ac">(statements: better_auth_client.Subset<K, {
5138
- access: string[];
5139
- organization: readonly ["update", "delete"];
5140
- member: readonly ["create", "update", "delete"];
5141
- invitation: readonly ["create", "cancel"];
5142
- team: readonly ["create", "update", "delete"];
5143
- ac: readonly ["create", "read", "update", "delete"];
5144
- }>): {
5145
- authorize<K_1 extends K>(request: K_1 extends infer T extends K_2 ? { [key in T]?: better_auth_client.Subset<K, {
5146
- access: string[];
5147
- organization: readonly ["update", "delete"];
5148
- member: readonly ["create", "update", "delete"];
5149
- invitation: readonly ["create", "cancel"];
5150
- team: readonly ["create", "update", "delete"];
5151
- ac: readonly ["create", "read", "update", "delete"];
5152
- }>[key] | {
5153
- actions: better_auth_client.Subset<K, {
5154
- access: string[];
5155
- organization: readonly ["update", "delete"];
5156
- member: readonly ["create", "update", "delete"];
5157
- invitation: readonly ["create", "cancel"];
5158
- team: readonly ["create", "update", "delete"];
5159
- ac: readonly ["create", "read", "update", "delete"];
5160
- }>[key];
5161
- connector: "OR" | "AND";
5162
- } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
5163
- statements: better_auth_client.Subset<K, {
5164
- access: string[];
5165
- organization: readonly ["update", "delete"];
5166
- member: readonly ["create", "update", "delete"];
5167
- invitation: readonly ["create", "cancel"];
5168
- team: readonly ["create", "update", "delete"];
5169
- ac: readonly ["create", "read", "update", "delete"];
5170
- }>;
5171
- };
5172
- statements: {
5173
- access: string[];
5174
- organization: readonly ["update", "delete"];
5175
- member: readonly ["create", "update", "delete"];
5176
- invitation: readonly ["create", "cancel"];
5177
- team: readonly ["create", "update", "delete"];
5178
- ac: readonly ["create", "read", "update", "delete"];
5179
- };
5180
- };
5181
- /**
5182
- * Predefined organization roles.
5183
- *
5184
- * @example
5185
- * ```typescript
5186
- * import { Roles } from '@meistrari/auth-core'
5187
- *
5188
- * // Invite user with specific role
5189
- * await authClient.organization.inviteUserToOrganization({
5190
- * userEmail: 'user@example.com',
5191
- * role: Roles.ORG_ADMIN
5192
- * })
5193
- * ```
5194
- */
5195
- declare const Roles: {
5196
- readonly ORG_ADMIN: "org:admin";
5197
- readonly ORG_MEMBER: "org:member";
5198
- readonly ORG_REVIEWER: "org:reviewer";
5199
- };
5200
- /**
5201
- * Type representing a valid organization role.
5202
- */
5203
- type Role = typeof Roles[keyof typeof Roles];
5204
- declare const rolesAccessControl: {
5205
- "org:admin": {
5206
- authorize<K_1 extends "member" | "access" | "organization" | "invitation" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_client.Subset<"member" | "access" | "organization" | "invitation" | "team", {
5207
- access: string[];
5208
- organization: readonly ["update", "delete"];
5209
- member: readonly ["create", "update", "delete"];
5210
- invitation: readonly ["create", "cancel"];
5211
- team: readonly ["create", "update", "delete"];
5212
- ac: readonly ["create", "read", "update", "delete"];
5213
- }>[key] | {
5214
- actions: better_auth_client.Subset<"member" | "access" | "organization" | "invitation" | "team", {
5215
- access: string[];
5216
- organization: readonly ["update", "delete"];
5217
- member: readonly ["create", "update", "delete"];
5218
- invitation: readonly ["create", "cancel"];
5219
- team: readonly ["create", "update", "delete"];
5220
- ac: readonly ["create", "read", "update", "delete"];
5221
- }>[key];
5222
- connector: "OR" | "AND";
5223
- } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
5224
- statements: better_auth_client.Subset<"member" | "access" | "organization" | "invitation" | "team", {
5225
- access: string[];
5226
- organization: readonly ["update", "delete"];
5227
- member: readonly ["create", "update", "delete"];
5228
- invitation: readonly ["create", "cancel"];
5229
- team: readonly ["create", "update", "delete"];
5230
- ac: readonly ["create", "read", "update", "delete"];
5231
- }>;
5232
- };
5233
- "org:member": {
5234
- authorize<K_1 extends "access">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_client.Subset<"access", {
5235
- access: string[];
5236
- organization: readonly ["update", "delete"];
5237
- member: readonly ["create", "update", "delete"];
5238
- invitation: readonly ["create", "cancel"];
5239
- team: readonly ["create", "update", "delete"];
5240
- ac: readonly ["create", "read", "update", "delete"];
5241
- }>[key] | {
5242
- actions: better_auth_client.Subset<"access", {
5243
- access: string[];
5244
- organization: readonly ["update", "delete"];
5245
- member: readonly ["create", "update", "delete"];
5246
- invitation: readonly ["create", "cancel"];
5247
- team: readonly ["create", "update", "delete"];
5248
- ac: readonly ["create", "read", "update", "delete"];
5249
- }>[key];
5250
- connector: "OR" | "AND";
5251
- } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
5252
- statements: better_auth_client.Subset<"access", {
5253
- access: string[];
5254
- organization: readonly ["update", "delete"];
5255
- member: readonly ["create", "update", "delete"];
5256
- invitation: readonly ["create", "cancel"];
5257
- team: readonly ["create", "update", "delete"];
5258
- ac: readonly ["create", "read", "update", "delete"];
5259
- }>;
5260
- };
5261
- "org:reviewer": {
5262
- authorize<K_1 extends "access">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_client.Subset<"access", {
5263
- access: string[];
5264
- organization: readonly ["update", "delete"];
5265
- member: readonly ["create", "update", "delete"];
5266
- invitation: readonly ["create", "cancel"];
5267
- team: readonly ["create", "update", "delete"];
5268
- ac: readonly ["create", "read", "update", "delete"];
5269
- }>[key] | {
5270
- actions: better_auth_client.Subset<"access", {
5271
- access: string[];
5272
- organization: readonly ["update", "delete"];
5273
- member: readonly ["create", "update", "delete"];
5274
- invitation: readonly ["create", "cancel"];
5275
- team: readonly ["create", "update", "delete"];
5276
- ac: readonly ["create", "read", "update", "delete"];
5277
- }>[key];
5278
- connector: "OR" | "AND";
5279
- } | undefined; } : never, connector?: "OR" | "AND"): better_auth_client.AuthorizeResponse;
5280
- statements: better_auth_client.Subset<"access", {
5281
- access: string[];
5282
- organization: readonly ["update", "delete"];
5283
- member: readonly ["create", "update", "delete"];
5284
- invitation: readonly ["create", "cancel"];
5285
- team: readonly ["create", "update", "delete"];
5286
- ac: readonly ["create", "read", "update", "delete"];
5287
- }>;
5288
- };
5289
- };
5290
- declare const userAdditionalFields: {
5291
- lastActiveAt: {
5292
- type: "date";
5293
- required: false;
5294
- defaultValue: null;
5295
- };
5296
- };
5297
- declare const organizationAdditionalFields: {
5298
- settings: {
5299
- type: "json";
5300
- input: true;
5301
- required: false;
5302
- };
5303
- };
5304
-
5305
5770
  type GetOrganizationOptions = {
5306
5771
  includeMembers?: boolean;
5307
5772
  includeInvitations?: boolean;
@@ -5604,7 +6069,12 @@ declare class OrganizationService {
5604
6069
  * @param teamId - The team ID
5605
6070
  * @param userId - The user ID to add
5606
6071
  */
5607
- addTeamMember(teamId: string, userId: string): Promise<void>;
6072
+ addTeamMember(teamId: string, userId: string): Promise<{
6073
+ id: string;
6074
+ teamId: string;
6075
+ userId: string;
6076
+ createdAt: Date;
6077
+ }>;
5608
6078
  /**
5609
6079
  * Removes a user from a team.
5610
6080
  *
@@ -5647,6 +6117,49 @@ declare class SessionService {
5647
6117
  * @param apiUrl - The base URL of the authentication API
5648
6118
  */
5649
6119
  constructor(client: APIClient, apiUrl: string);
6120
+ /**
6121
+ * Retrieves the current user session.
6122
+ *
6123
+ * @returns The current user session
6124
+ */
6125
+ getSession(token?: string): Promise<{
6126
+ user: {
6127
+ id: string;
6128
+ createdAt: Date;
6129
+ updatedAt: Date;
6130
+ email: string;
6131
+ emailVerified: boolean;
6132
+ name: string;
6133
+ image?: string | null | undefined;
6134
+ twoFactorEnabled: boolean | null | undefined;
6135
+ banned: boolean | null | undefined;
6136
+ role?: string | null | undefined;
6137
+ banReason?: string | null | undefined;
6138
+ banExpires?: Date | null | undefined;
6139
+ lastActiveAt?: Date | null | undefined;
6140
+ };
6141
+ session: {
6142
+ id: string;
6143
+ createdAt: Date;
6144
+ updatedAt: Date;
6145
+ userId: string;
6146
+ expiresAt: Date;
6147
+ token: string;
6148
+ ipAddress?: string | null | undefined;
6149
+ userAgent?: string | null | undefined;
6150
+ activeOrganizationId?: string | null | undefined;
6151
+ activeTeamId?: string | null | undefined;
6152
+ impersonatedBy?: string | null | undefined;
6153
+ };
6154
+ } | null>;
6155
+ /**
6156
+ * Retrieves a valid JWT token.
6157
+ *
6158
+ * @returns The JWT token
6159
+ */
6160
+ getToken(): Promise<{
6161
+ token: string;
6162
+ }>;
5650
6163
  /**
5651
6164
  * Initiates social authentication flow with Google or Microsoft.
5652
6165
  *
@@ -5699,6 +6212,42 @@ declare class SessionService {
5699
6212
  * @param password - The new password to set
5700
6213
  */
5701
6214
  resetPassword(token: string, password: string): Promise<void>;
6215
+ /**
6216
+ * Retrieves the JWT token for a nonce.
6217
+ *
6218
+ * @param nonce - The nonce to retrieve the token for
6219
+ * @returns The JWT token for the nonce
6220
+ */
6221
+ getNoncePayload(nonce: string): Promise<{
6222
+ token: string;
6223
+ }>;
6224
+ }
6225
+
6226
+ declare class BaseError extends Error {
6227
+ code: string;
6228
+ constructor(code: string, message: string, options?: ErrorOptions);
6229
+ }
6230
+
6231
+ /**
6232
+ * Error thrown when an invalid social provider is specified.
6233
+ */
6234
+ declare class InvalidSocialProvider extends BaseError {
6235
+ constructor(message: string);
6236
+ }
6237
+ /**
6238
+ * Error thrown when an invalid callback URL is provided.
6239
+ *
6240
+ * This error occurs when the callback URL or error callback URL
6241
+ * is malformed or not a valid URL.
6242
+ */
6243
+ declare class InvalidCallbackURL extends BaseError {
6244
+ constructor(message: string);
6245
+ }
6246
+ /**
6247
+ * Error thrown when an email is required but not provided.
6248
+ */
6249
+ declare class EmailRequired extends BaseError {
6250
+ constructor(message: string);
5702
6251
  }
5703
6252
 
5704
6253
  /**
@@ -5735,9 +6284,9 @@ declare class AuthClient {
5735
6284
  * Creates a new AuthClient instance.
5736
6285
  *
5737
6286
  * @param apiUrl - The base URL of the authentication API
5738
- * @param headers - Custom headers to include in all API requests
6287
+ * @param fetchOptions - Custom fetch options to include in all API requests
5739
6288
  */
5740
- constructor(apiUrl: string, headers?: Record<string, string>);
6289
+ constructor(apiUrl: string, fetchOptions?: BetterFetchOption);
5741
6290
  }
5742
6291
 
5743
6292
  /**
@@ -5773,6 +6322,25 @@ declare function isTokenExpired(token: string): any;
5773
6322
  * ```
5774
6323
  */
5775
6324
  declare function validateToken(token: string, apiUrl: string): Promise<boolean>;
6325
+ /**
6326
+ * Extracts and decodes the payload from a JWT token.
6327
+ *
6328
+ * **Warning:** This function does NOT validate the token's signature or check
6329
+ * if the token is valid. It only decodes the payload. Use `validateToken` if
6330
+ * you need to verify the token's authenticity.
6331
+ *
6332
+ * @param token - The JWT token string to extract the payload from
6333
+ * @returns The decoded payload as a key-value object
6334
+ *
6335
+ * @example
6336
+ * ```typescript
6337
+ * const token = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...'
6338
+ * const payload = extractTokenPayload(token)
6339
+ * console.log(payload.sub) // user ID
6340
+ * console.log(payload.exp) // expiration timestamp
6341
+ * ```
6342
+ */
6343
+ declare function extractTokenPayload(token: string): JWTTokenPayload;
5776
6344
 
5777
- export { AuthClient, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, Roles, ac, createAPIClient, isTokenExpired, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
5778
- export type { APIClient, FullOrganization, Invitation, ExtendedMember as Member, ExtendedOrganization as Organization, Role, Session, Team, TeamMember, User };
6345
+ export { AuthClient, EmailRequired, InvalidCallbackURL, InvalidSocialProvider, Roles, ac, createAPIClient, extractTokenPayload, isTokenExpired, organizationAdditionalFields, rolesAccessControl, userAdditionalFields, validateToken };
6346
+ export type { APIClient, CreateTeamPayload, FullOrganization, GetOrganizationOptions, Invitation, InviteUserToOrganizationOptions, JWTTokenPayload, ListMembersOptions, ExtendedMember as Member, ExtendedOrganization as Organization, RemoveUserFromOrganizationOptions, Role, Session, SignInWithEmailAndPasswordOptions, SignInWithSamlOptions, SocialSignInOptions, Team, TeamMember, UpdateMemberRoleOptions, UpdateOrganizationPayload, UpdateTeamPayload, User };