@murumets-ee/auth 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/package.json +9 -13
  2. package/dist/admin/index.cjs +0 -1
  3. package/dist/admin/index.d.cts +0 -72
  4. package/dist/client.cjs +0 -1
  5. package/dist/client.d.cts +0 -2064
  6. package/dist/index.cjs +0 -1
  7. package/dist/index.d.cts +0 -114
  8. package/dist/plugin-C-MA3A5U.d.cts +0 -993
  9. package/dist/plugin.cjs +0 -1
  10. package/dist/plugin.d.cts +0 -6
package/dist/plugin-C-MA3A5U.d.cts DELETED
@@ -1,993 +0,0 @@
1
- import { ToolkitApp, Plugin } from '@murumets-ee/core';
2
- import * as better_auth_plugins from 'better-auth/plugins';
3
- import * as better_auth from 'better-auth';
4
- import { BetterAuthPlugin } from 'better-auth';
5
- import { AuditLogger } from '@murumets-ee/logging';
6
- import { Role } from 'better-auth/plugins/access';
7
-
8
- /**
9
- * Auth plugin configuration
10
- */
11
- interface AuthConfig {
12
- /** Auth providers to enable. Default: ['email'] */
13
- providers?: ('email' | 'google' | 'github')[];
14
- /** OAuth credentials (required when using social providers) */
15
- social?: {
16
- google?: {
17
- clientId: string;
18
- clientSecret: string;
19
- };
20
- github?: {
21
- clientId: string;
22
- clientSecret: string;
23
- };
24
- };
25
- /** Session configuration */
26
- session?: {
27
- /** Session lifetime in seconds. Default: 7200 (2 hours) */
28
- expiresIn?: number;
29
- /** How often to refresh the session in seconds. Default: 3600 (1 hour) */
30
- updateAge?: number;
31
- };
32
- /** Enable organization/multi-tenant support (maps to entity scope: 'team') */
33
- organizations?: boolean;
34
- /**
35
- * Drizzle schema objects for the auth tables.
36
- * Generated by: npx @better-auth/cli generate --config auth.config.ts --output ./generated/auth-schema.ts
37
- * Then import and pass: import * as authSchema from './generated/auth-schema'
38
- */
39
- schema?: Record<string, unknown>;
40
- /**
41
- * Additional better-auth plugins to include.
42
- * Use this for plugins not managed by the toolkit (e.g., twoFactor, magicLink).
43
- */
44
- betterAuthPlugins?: BetterAuthPlugin[];
45
- /**
46
- * Audit logging for auth events (login, signup, user update, ban, etc.).
47
- * Enabled by default — writes to the toolkit_audit_logs table.
48
- * Set to `false` to disable.
49
- */
50
- audit?: false;
51
- }
52
-
53
- /**
54
- * Create a better-auth server instance wired to the toolkit.
55
- *
56
- * Called during plugin init — the returned instance powers:
57
- * - `auth.api.getSession()` for session resolution
58
- * - `auth.api.listUsers()` for admin user management
59
- * - Route handler via `toNextJsHandler(auth)`
60
- *
61
- * IMPORTANT: Plugins are inlined in the `betterAuth()` call so TypeScript
62
- * preserves the literal plugin types. Extracting them into a `BetterAuthPlugin[]`
63
- * variable erases specific endpoint types (admin, organization, etc.).
64
- */
65
- declare function createAuthServer(config: AuthConfig, app: ToolkitApp, auditLogger?: AuditLogger): better_auth.Auth<{
66
- database: (options: better_auth.BetterAuthOptions) => better_auth.DBAdapter<better_auth.BetterAuthOptions>;
67
- emailAndPassword: {
68
- enabled: boolean;
69
- };
70
- socialProviders: Record<string, {
71
- clientId: string;
72
- clientSecret: string;
73
- }>;
74
- session: {
75
- expiresIn: number;
76
- updateAge: number;
77
- };
78
- rateLimit: {
79
- enabled: true;
80
- window: number;
81
- max: number;
82
- storage: "memory";
83
- customRules: {
84
- '/sign-in/email': {
85
- window: number;
86
- max: number;
87
- };
88
- '/sign-in/social': {
89
- window: number;
90
- max: number;
91
- };
92
- '/sign-up/email': {
93
- window: number;
94
- max: number;
95
- };
96
- '/forget-password': {
97
- window: number;
98
- max: number;
99
- };
100
- '/reset-password': {
101
- window: number;
102
- max: number;
103
- };
104
- '/admin/*': {
105
- window: number;
106
- max: number;
107
- };
108
- };
109
- };
110
- databaseHooks: {
111
- user: {
112
- create: {
113
- after: (user: Record<string, unknown>) => Promise<void>;
114
- };
115
- update: {
116
- before: (userData: Record<string, unknown>) => Promise<void>;
117
- after: (user: Record<string, unknown>, ctx: unknown) => Promise<void>;
118
- };
119
- delete: {
120
- after: (user: Record<string, unknown>, ctx: unknown) => Promise<void>;
121
- };
122
- };
123
- };
124
- hooks: {
125
- after?: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<void>) | undefined;
126
- before: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<void>;
127
- };
128
- plugins: [{
129
- id: "admin";
130
- init(): {
131
- options: {
132
- databaseHooks: {
133
- user: {
134
- create: {
135
- before(user: {
136
- id: string;
137
- createdAt: Date;
138
- updatedAt: Date;
139
- email: string;
140
- emailVerified: boolean;
141
- name: string;
142
- image?: string | null | undefined;
143
- } & Record<string, unknown>): Promise<{
144
- data: {
145
- id: string;
146
- createdAt: Date;
147
- updatedAt: Date;
148
- email: string;
149
- emailVerified: boolean;
150
- name: string;
151
- image?: string | null | undefined;
152
- role: string;
153
- };
154
- }>;
155
- };
156
- };
157
- session: {
158
- create: {
159
- before(session: {
160
- id: string;
161
- createdAt: Date;
162
- updatedAt: Date;
163
- userId: string;
164
- expiresAt: Date;
165
- token: string;
166
- ipAddress?: string | null | undefined;
167
- userAgent?: string | null | undefined;
168
- } & Record<string, unknown>, ctx: better_auth.GenericEndpointContext | null): Promise<void>;
169
- };
170
- };
171
- };
172
- };
173
- };
174
- hooks: {
175
- after: {
176
- matcher(context: better_auth.HookEndpointContext): boolean;
177
- handler: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<better_auth_plugins.SessionWithImpersonatedBy[] | undefined>;
178
- }[];
179
- };
180
- endpoints: {
181
- setRole: better_auth.StrictEndpoint<"/admin/set-role", {
182
- method: "POST";
183
- body: better_auth.ZodObject<{
184
- userId: better_auth.ZodCoercedString<unknown>;
185
- role: better_auth.ZodUnion<readonly [better_auth.ZodString, better_auth.ZodArray<better_auth.ZodString>]>;
186
- }, better_auth.$strip>;
187
- requireHeaders: true;
188
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
189
- session: {
190
- user: better_auth_plugins.UserWithRole;
191
- session: better_auth.Session;
192
- };
193
- }>)[];
194
- metadata: {
195
- openapi: {
196
- operationId: string;
197
- summary: string;
198
- description: string;
199
- responses: {
200
- 200: {
201
- description: string;
202
- content: {
203
- "application/json": {
204
- schema: {
205
- type: "object";
206
- properties: {
207
- user: {
208
- $ref: string;
209
- };
210
- };
211
- };
212
- };
213
- };
214
- };
215
- };
216
- };
217
- $Infer: {
218
- body: {
219
- userId: string;
220
- role: string | string[];
221
- };
222
- };
223
- };
224
- }, {
225
- user: better_auth_plugins.UserWithRole;
226
- }>;
227
- getUser: better_auth.StrictEndpoint<"/admin/get-user", {
228
- method: "GET";
229
- query: better_auth.ZodObject<{
230
- id: better_auth.ZodString;
231
- }, better_auth.$strip>;
232
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
233
- session: {
234
- user: better_auth_plugins.UserWithRole;
235
- session: better_auth.Session;
236
- };
237
- }>)[];
238
- metadata: {
239
- openapi: {
240
- operationId: string;
241
- summary: string;
242
- description: string;
243
- responses: {
244
- 200: {
245
- description: string;
246
- content: {
247
- "application/json": {
248
- schema: {
249
- type: "object";
250
- properties: {
251
- user: {
252
- $ref: string;
253
- };
254
- };
255
- };
256
- };
257
- };
258
- };
259
- };
260
- };
261
- };
262
- }, better_auth_plugins.UserWithRole>;
263
- createUser: better_auth.StrictEndpoint<"/admin/create-user", {
264
- method: "POST";
265
- body: better_auth.ZodObject<{
266
- email: better_auth.ZodString;
267
- password: better_auth.ZodOptional<better_auth.ZodString>;
268
- name: better_auth.ZodString;
269
- role: better_auth.ZodOptional<better_auth.ZodUnion<readonly [better_auth.ZodString, better_auth.ZodArray<better_auth.ZodString>]>>;
270
- data: better_auth.ZodOptional<better_auth.ZodRecord<better_auth.ZodString, better_auth.ZodAny>>;
271
- }, better_auth.$strip>;
272
- metadata: {
273
- openapi: {
274
- operationId: string;
275
- summary: string;
276
- description: string;
277
- responses: {
278
- 200: {
279
- description: string;
280
- content: {
281
- "application/json": {
282
- schema: {
283
- type: "object";
284
- properties: {
285
- user: {
286
- $ref: string;
287
- };
288
- };
289
- };
290
- };
291
- };
292
- };
293
- };
294
- };
295
- $Infer: {
296
- body: {
297
- email: string;
298
- password?: string | undefined;
299
- name: string;
300
- role?: string | string[] | undefined;
301
- data?: Record<string, any> | undefined;
302
- };
303
- };
304
- };
305
- }, {
306
- user: better_auth_plugins.UserWithRole;
307
- }>;
308
- adminUpdateUser: better_auth.StrictEndpoint<"/admin/update-user", {
309
- method: "POST";
310
- body: better_auth.ZodObject<{
311
- userId: better_auth.ZodCoercedString<unknown>;
312
- data: better_auth.ZodRecord<better_auth.ZodAny, better_auth.ZodAny>;
313
- }, better_auth.$strip>;
314
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
315
- session: {
316
- user: better_auth_plugins.UserWithRole;
317
- session: better_auth.Session;
318
- };
319
- }>)[];
320
- metadata: {
321
- openapi: {
322
- operationId: string;
323
- summary: string;
324
- description: string;
325
- responses: {
326
- 200: {
327
- description: string;
328
- content: {
329
- "application/json": {
330
- schema: {
331
- type: "object";
332
- properties: {
333
- user: {
334
- $ref: string;
335
- };
336
- };
337
- };
338
- };
339
- };
340
- };
341
- };
342
- };
343
- };
344
- }, better_auth_plugins.UserWithRole>;
345
- listUsers: better_auth.StrictEndpoint<"/admin/list-users", {
346
- method: "GET";
347
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
348
- session: {
349
- user: better_auth_plugins.UserWithRole;
350
- session: better_auth.Session;
351
- };
352
- }>)[];
353
- query: better_auth.ZodObject<{
354
- searchValue: better_auth.ZodOptional<better_auth.ZodString>;
355
- searchField: better_auth.ZodOptional<better_auth.ZodEnum<{
356
- name: "name";
357
- email: "email";
358
- }>>;
359
- searchOperator: better_auth.ZodOptional<better_auth.ZodEnum<{
360
- contains: "contains";
361
- starts_with: "starts_with";
362
- ends_with: "ends_with";
363
- }>>;
364
- limit: better_auth.ZodOptional<better_auth.ZodUnion<[better_auth.ZodString, better_auth.ZodNumber]>>;
365
- offset: better_auth.ZodOptional<better_auth.ZodUnion<[better_auth.ZodString, better_auth.ZodNumber]>>;
366
- sortBy: better_auth.ZodOptional<better_auth.ZodString>;
367
- sortDirection: better_auth.ZodOptional<better_auth.ZodEnum<{
368
- asc: "asc";
369
- desc: "desc";
370
- }>>;
371
- filterField: better_auth.ZodOptional<better_auth.ZodString>;
372
- filterValue: better_auth.ZodOptional<better_auth.ZodUnion<[better_auth.ZodUnion<[better_auth.ZodString, better_auth.ZodNumber]>, better_auth.ZodBoolean]>>;
373
- filterOperator: better_auth.ZodOptional<better_auth.ZodEnum<{
374
- eq: "eq";
375
- ne: "ne";
376
- lt: "lt";
377
- lte: "lte";
378
- gt: "gt";
379
- gte: "gte";
380
- contains: "contains";
381
- }>>;
382
- }, better_auth.$strip>;
383
- metadata: {
384
- openapi: {
385
- operationId: string;
386
- summary: string;
387
- description: string;
388
- responses: {
389
- 200: {
390
- description: string;
391
- content: {
392
- "application/json": {
393
- schema: {
394
- type: "object";
395
- properties: {
396
- users: {
397
- type: string;
398
- items: {
399
- $ref: string;
400
- };
401
- };
402
- total: {
403
- type: string;
404
- };
405
- limit: {
406
- type: string;
407
- };
408
- offset: {
409
- type: string;
410
- };
411
- };
412
- required: string[];
413
- };
414
- };
415
- };
416
- };
417
- };
418
- };
419
- };
420
- }, {
421
- users: better_auth_plugins.UserWithRole[];
422
- total: number;
423
- limit: number | undefined;
424
- offset: number | undefined;
425
- } | {
426
- users: never[];
427
- total: number;
428
- }>;
429
- listUserSessions: better_auth.StrictEndpoint<"/admin/list-user-sessions", {
430
- method: "POST";
431
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
432
- session: {
433
- user: better_auth_plugins.UserWithRole;
434
- session: better_auth.Session;
435
- };
436
- }>)[];
437
- body: better_auth.ZodObject<{
438
- userId: better_auth.ZodCoercedString<unknown>;
439
- }, better_auth.$strip>;
440
- metadata: {
441
- openapi: {
442
- operationId: string;
443
- summary: string;
444
- description: string;
445
- responses: {
446
- 200: {
447
- description: string;
448
- content: {
449
- "application/json": {
450
- schema: {
451
- type: "object";
452
- properties: {
453
- sessions: {
454
- type: string;
455
- items: {
456
- $ref: string;
457
- };
458
- };
459
- };
460
- };
461
- };
462
- };
463
- };
464
- };
465
- };
466
- };
467
- }, {
468
- sessions: better_auth_plugins.SessionWithImpersonatedBy[];
469
- }>;
470
- unbanUser: better_auth.StrictEndpoint<"/admin/unban-user", {
471
- method: "POST";
472
- body: better_auth.ZodObject<{
473
- userId: better_auth.ZodCoercedString<unknown>;
474
- }, better_auth.$strip>;
475
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
476
- session: {
477
- user: better_auth_plugins.UserWithRole;
478
- session: better_auth.Session;
479
- };
480
- }>)[];
481
- metadata: {
482
- openapi: {
483
- operationId: string;
484
- summary: string;
485
- description: string;
486
- responses: {
487
- 200: {
488
- description: string;
489
- content: {
490
- "application/json": {
491
- schema: {
492
- type: "object";
493
- properties: {
494
- user: {
495
- $ref: string;
496
- };
497
- };
498
- };
499
- };
500
- };
501
- };
502
- };
503
- };
504
- };
505
- }, {
506
- user: better_auth_plugins.UserWithRole;
507
- }>;
508
- banUser: better_auth.StrictEndpoint<"/admin/ban-user", {
509
- method: "POST";
510
- body: better_auth.ZodObject<{
511
- userId: better_auth.ZodCoercedString<unknown>;
512
- banReason: better_auth.ZodOptional<better_auth.ZodString>;
513
- banExpiresIn: better_auth.ZodOptional<better_auth.ZodNumber>;
514
- }, better_auth.$strip>;
515
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
516
- session: {
517
- user: better_auth_plugins.UserWithRole;
518
- session: better_auth.Session;
519
- };
520
- }>)[];
521
- metadata: {
522
- openapi: {
523
- operationId: string;
524
- summary: string;
525
- description: string;
526
- responses: {
527
- 200: {
528
- description: string;
529
- content: {
530
- "application/json": {
531
- schema: {
532
- type: "object";
533
- properties: {
534
- user: {
535
- $ref: string;
536
- };
537
- };
538
- };
539
- };
540
- };
541
- };
542
- };
543
- };
544
- };
545
- }, {
546
- user: better_auth_plugins.UserWithRole;
547
- }>;
548
- impersonateUser: better_auth.StrictEndpoint<"/admin/impersonate-user", {
549
- method: "POST";
550
- body: better_auth.ZodObject<{
551
- userId: better_auth.ZodCoercedString<unknown>;
552
- }, better_auth.$strip>;
553
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
554
- session: {
555
- user: better_auth_plugins.UserWithRole;
556
- session: better_auth.Session;
557
- };
558
- }>)[];
559
- metadata: {
560
- openapi: {
561
- operationId: string;
562
- summary: string;
563
- description: string;
564
- responses: {
565
- 200: {
566
- description: string;
567
- content: {
568
- "application/json": {
569
- schema: {
570
- type: "object";
571
- properties: {
572
- session: {
573
- $ref: string;
574
- };
575
- user: {
576
- $ref: string;
577
- };
578
- };
579
- };
580
- };
581
- };
582
- };
583
- };
584
- };
585
- };
586
- }, {
587
- session: {
588
- id: string;
589
- createdAt: Date;
590
- updatedAt: Date;
591
- userId: string;
592
- expiresAt: Date;
593
- token: string;
594
- ipAddress?: string | null | undefined;
595
- userAgent?: string | null | undefined;
596
- };
597
- user: better_auth_plugins.UserWithRole;
598
- }>;
599
- stopImpersonating: better_auth.StrictEndpoint<"/admin/stop-impersonating", {
600
- method: "POST";
601
- requireHeaders: true;
602
- }, {
603
- session: {
604
- id: string;
605
- createdAt: Date;
606
- updatedAt: Date;
607
- userId: string;
608
- expiresAt: Date;
609
- token: string;
610
- ipAddress?: string | null | undefined;
611
- userAgent?: string | null | undefined;
612
- } & Record<string, any>;
613
- user: {
614
- id: string;
615
- createdAt: Date;
616
- updatedAt: Date;
617
- email: string;
618
- emailVerified: boolean;
619
- name: string;
620
- image?: string | null | undefined;
621
- } & Record<string, any>;
622
- }>;
623
- revokeUserSession: better_auth.StrictEndpoint<"/admin/revoke-user-session", {
624
- method: "POST";
625
- body: better_auth.ZodObject<{
626
- sessionToken: better_auth.ZodString;
627
- }, better_auth.$strip>;
628
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
629
- session: {
630
- user: better_auth_plugins.UserWithRole;
631
- session: better_auth.Session;
632
- };
633
- }>)[];
634
- metadata: {
635
- openapi: {
636
- operationId: string;
637
- summary: string;
638
- description: string;
639
- responses: {
640
- 200: {
641
- description: string;
642
- content: {
643
- "application/json": {
644
- schema: {
645
- type: "object";
646
- properties: {
647
- success: {
648
- type: string;
649
- };
650
- };
651
- };
652
- };
653
- };
654
- };
655
- };
656
- };
657
- };
658
- }, {
659
- success: boolean;
660
- }>;
661
- revokeUserSessions: better_auth.StrictEndpoint<"/admin/revoke-user-sessions", {
662
- method: "POST";
663
- body: better_auth.ZodObject<{
664
- userId: better_auth.ZodCoercedString<unknown>;
665
- }, better_auth.$strip>;
666
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
667
- session: {
668
- user: better_auth_plugins.UserWithRole;
669
- session: better_auth.Session;
670
- };
671
- }>)[];
672
- metadata: {
673
- openapi: {
674
- operationId: string;
675
- summary: string;
676
- description: string;
677
- responses: {
678
- 200: {
679
- description: string;
680
- content: {
681
- "application/json": {
682
- schema: {
683
- type: "object";
684
- properties: {
685
- success: {
686
- type: string;
687
- };
688
- };
689
- };
690
- };
691
- };
692
- };
693
- };
694
- };
695
- };
696
- }, {
697
- success: boolean;
698
- }>;
699
- removeUser: better_auth.StrictEndpoint<"/admin/remove-user", {
700
- method: "POST";
701
- body: better_auth.ZodObject<{
702
- userId: better_auth.ZodCoercedString<unknown>;
703
- }, better_auth.$strip>;
704
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
705
- session: {
706
- user: better_auth_plugins.UserWithRole;
707
- session: better_auth.Session;
708
- };
709
- }>)[];
710
- metadata: {
711
- openapi: {
712
- operationId: string;
713
- summary: string;
714
- description: string;
715
- responses: {
716
- 200: {
717
- description: string;
718
- content: {
719
- "application/json": {
720
- schema: {
721
- type: "object";
722
- properties: {
723
- success: {
724
- type: string;
725
- };
726
- };
727
- };
728
- };
729
- };
730
- };
731
- };
732
- };
733
- };
734
- }, {
735
- success: boolean;
736
- }>;
737
- setUserPassword: better_auth.StrictEndpoint<"/admin/set-user-password", {
738
- method: "POST";
739
- body: better_auth.ZodObject<{
740
- newPassword: better_auth.ZodString;
741
- userId: better_auth.ZodCoercedString<unknown>;
742
- }, better_auth.$strip>;
743
- use: ((inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<{
744
- session: {
745
- user: better_auth_plugins.UserWithRole;
746
- session: better_auth.Session;
747
- };
748
- }>)[];
749
- metadata: {
750
- openapi: {
751
- operationId: string;
752
- summary: string;
753
- description: string;
754
- responses: {
755
- 200: {
756
- description: string;
757
- content: {
758
- "application/json": {
759
- schema: {
760
- type: "object";
761
- properties: {
762
- status: {
763
- type: string;
764
- };
765
- };
766
- };
767
- };
768
- };
769
- };
770
- };
771
- };
772
- };
773
- }, {
774
- status: boolean;
775
- }>;
776
- userHasPermission: better_auth.StrictEndpoint<"/admin/has-permission", {
777
- method: "POST";
778
- body: better_auth.ZodIntersection<better_auth.ZodObject<{
779
- userId: better_auth.ZodOptional<better_auth.ZodCoercedString<unknown>>;
780
- role: better_auth.ZodOptional<better_auth.ZodString>;
781
- }, better_auth.$strip>, better_auth.ZodUnion<readonly [better_auth.ZodObject<{
782
- permission: better_auth.ZodRecord<better_auth.ZodString, better_auth.ZodArray<better_auth.ZodString>>;
783
- permissions: better_auth.ZodUndefined;
784
- }, better_auth.$strip>, better_auth.ZodObject<{
785
- permission: better_auth.ZodUndefined;
786
- permissions: better_auth.ZodRecord<better_auth.ZodString, better_auth.ZodArray<better_auth.ZodString>>;
787
- }, better_auth.$strip>]>>;
788
- metadata: {
789
- openapi: {
790
- description: string;
791
- requestBody: {
792
- content: {
793
- "application/json": {
794
- schema: {
795
- type: "object";
796
- properties: {
797
- permission: {
798
- type: string;
799
- description: string;
800
- deprecated: boolean;
801
- };
802
- permissions: {
803
- type: string;
804
- description: string;
805
- };
806
- };
807
- required: string[];
808
- };
809
- };
810
- };
811
- };
812
- responses: {
813
- "200": {
814
- description: string;
815
- content: {
816
- "application/json": {
817
- schema: {
818
- type: "object";
819
- properties: {
820
- error: {
821
- type: string;
822
- };
823
- success: {
824
- type: string;
825
- };
826
- };
827
- required: string[];
828
- };
829
- };
830
- };
831
- };
832
- };
833
- };
834
- $Infer: {
835
- body: ({
836
- permission: {
837
- [x: string]: string[] | undefined;
838
- };
839
- permissions?: never | undefined;
840
- } | {
841
- permissions: {
842
- [x: string]: string[] | undefined;
843
- };
844
- permission?: never | undefined;
845
- }) & {
846
- userId?: string | undefined;
847
- role?: string | undefined;
848
- };
849
- };
850
- };
851
- }, {
852
- error: null;
853
- success: boolean;
854
- }>;
855
- };
856
- $ERROR_CODES: {
857
- readonly FAILED_TO_CREATE_USER: "Failed to create user";
858
- readonly USER_ALREADY_EXISTS: "User already exists.";
859
- readonly USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: "User already exists. Use another email.";
860
- readonly YOU_CANNOT_BAN_YOURSELF: "You cannot ban yourself";
861
- readonly YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE: "You are not allowed to change users role";
862
- readonly YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS: "You are not allowed to create users";
863
- readonly YOU_ARE_NOT_ALLOWED_TO_LIST_USERS: "You are not allowed to list users";
864
- readonly YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS: "You are not allowed to list users sessions";
865
- readonly YOU_ARE_NOT_ALLOWED_TO_BAN_USERS: "You are not allowed to ban users";
866
- readonly YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS: "You are not allowed to impersonate users";
867
- readonly YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS: "You are not allowed to revoke users sessions";
868
- readonly YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS: "You are not allowed to delete users";
869
- readonly YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD: "You are not allowed to set users password";
870
- readonly BANNED_USER: "You have been banned from this application";
871
- readonly YOU_ARE_NOT_ALLOWED_TO_GET_USER: "You are not allowed to get user";
872
- readonly NO_DATA_TO_UPDATE: "No data to update";
873
- readonly YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS: "You are not allowed to update users";
874
- readonly YOU_CANNOT_REMOVE_YOURSELF: "You cannot remove yourself";
875
- readonly YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE: "You are not allowed to set a non-existent role value";
876
- readonly YOU_CANNOT_IMPERSONATE_ADMINS: "You cannot impersonate admins";
877
- readonly INVALID_ROLE_TYPE: "Invalid role type";
878
- };
879
- schema: {
880
- user: {
881
- fields: {
882
- role: {
883
- type: "string";
884
- required: false;
885
- input: false;
886
- };
887
- banned: {
888
- type: "boolean";
889
- defaultValue: false;
890
- required: false;
891
- input: false;
892
- };
893
- banReason: {
894
- type: "string";
895
- required: false;
896
- input: false;
897
- };
898
- banExpires: {
899
- type: "date";
900
- required: false;
901
- input: false;
902
- };
903
- };
904
- };
905
- session: {
906
- fields: {
907
- impersonatedBy: {
908
- type: "string";
909
- required: false;
910
- };
911
- };
912
- };
913
- };
914
- options: NoInfer<{
915
- ac: {
916
- newRole<K extends string>(statements: better_auth_plugins.Subset<K, Record<string, readonly string[]>>): {
917
- authorize<K_1 extends K>(request: K_1 extends infer T extends K_2 ? { [key in T]?: better_auth_plugins.Subset<K, Record<string, readonly string[]>>[key] | {
918
- actions: better_auth_plugins.Subset<K, Record<string, readonly string[]>>[key];
919
- connector: "OR" | "AND";
920
- } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
921
- statements: better_auth_plugins.Subset<K, Record<string, readonly string[]>>;
922
- };
923
- statements: Record<string, readonly string[]>;
924
- };
925
- roles: Record<string, Role>;
926
- defaultRole: string;
927
- }>;
928
- }, ...(better_auth.BetterAuthPlugin | better_auth_plugins.DefaultOrganizationPlugin<{
929
- ac: {
930
- newRole<K extends string>(statements: better_auth_plugins.Subset<K, Record<string, readonly string[]>>): {
931
- authorize<K_1 extends K>(request: K_1 extends infer T extends K_2 ? { [key in T]?: better_auth_plugins.Subset<K, Record<string, readonly string[]>>[key] | {
932
- actions: better_auth_plugins.Subset<K, Record<string, readonly string[]>>[key];
933
- connector: "OR" | "AND";
934
- } | undefined; } : never, connector?: "OR" | "AND"): better_auth_plugins.AuthorizeResponse;
935
- statements: better_auth_plugins.Subset<K, Record<string, readonly string[]>>;
936
- };
937
- statements: Record<string, readonly string[]>;
938
- };
939
- roles: Record<string, Role>;
940
- }>)[], {
941
- id: "next-cookies";
942
- hooks: {
943
- after: {
944
- matcher(ctx: better_auth.HookEndpointContext): true;
945
- handler: (inputContext: better_auth.MiddlewareInputContext<better_auth.MiddlewareOptions>) => Promise<void>;
946
- }[];
947
- };
948
- }];
949
- }>;
950
- /** Type of the auth server instance */
951
- type Auth = ReturnType<typeof createAuthServer>;
952
-
953
- /**
954
- * Toolkit plugin implementation for @murumets-ee/auth.
955
- *
956
- * Implements the Plugin interface from @murumets-ee/core.
957
- * Creates and stores the better-auth server instance during init.
958
- */
959
-
960
- /**
961
- * Get the auth server instance.
962
- * Throws if the auth plugin hasn't been initialized yet.
963
- *
964
- * @example
965
- * ```typescript
966
- * // app/api/auth/[...all]/route.ts (user writes this)
967
- * import { toNextJsHandler } from 'better-auth/next-js'
968
- * import { getAuth } from '@murumets-ee/auth'
969
- *
970
- * export const { GET, POST } = toNextJsHandler(getAuth())
971
- * ```
972
- */
973
- declare function getAuth(): Auth;
974
- /**
975
- * Create the auth toolkit plugin.
976
- *
977
- * @example
978
- * ```typescript
979
- * import { defineConfig } from '@murumets-ee/core'
980
- * import { auth } from '@murumets-ee/auth'
981
- *
982
- * export default defineConfig({
983
- * db: { url: process.env.DATABASE_URL! },
984
- * entities: [Article, Category],
985
- * plugins: [
986
- * auth({ providers: ['email'] }),
987
- * ],
988
- * })
989
- * ```
990
- */
991
- declare function auth(config?: AuthConfig): Plugin;
992
-
993
- export { type Auth as A, type AuthConfig as a, auth as b, getAuth as g };