npm - @next-safe-action/adapter-better-auth - Versions diffs - 0.0.0 → 0.1.1 - Mend

@next-safe-action/adapter-better-auth 0.0.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Edoardo Ranghieri
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,169 @@
+<div align="center">
+  <img src="https://raw.githubusercontent.com/next-safe-action/next-safe-action/main/assets/logo.png" alt="next-safe-action logo" width="36" height="36">
+  <a href="https://github.com/next-safe-action/next-safe-action/packages/adapter-better-auth"><h1>adapter-better-auth</h1></a>
+</div>
+This adapter offers a way to seamlessly integrate [next-safe-action](https://github.com/next-safe-action/next-safe-action) with [Better Auth](https://www.better-auth.com). It provides a `betterAuthMiddleware()` function that fetches the session, blocks unauthenticated requests, and injects fully-typed `{ user, session }` data into the action context.
+## Requirements
+- Next.js >= `15.1.0`
+- next-safe-action >= `8.4.0`
+- better-auth >= `1.5.0`
+## Installation
+```sh
+npm i next-safe-action better-auth @next-safe-action/adapter-better-auth
+```
+## Quick start
+### 1. Set up Better Auth
+Create your Better Auth server instance:
+```ts
+// src/lib/auth.ts
+import { betterAuth } from "better-auth";
+export const auth = betterAuth({
+	// ...your config (database, plugins, etc.)
+});
+```
+### 2. Create an authenticated action client
+```ts
+// src/lib/safe-action.ts
+import { createSafeActionClient } from "next-safe-action";
+import { betterAuthMiddleware } from "@next-safe-action/adapter-better-auth";
+import { auth } from "./auth";
+export const actionClient = createSafeActionClient();
+export const authClient = actionClient.use(betterAuthMiddleware(auth));
+```
+### 3. Use it in your actions
+```ts
+// src/app/actions.ts
+"use server";
+import { z } from "zod";
+import { authClient } from "@/lib/safe-action";
+export const updateProfile = authClient
+	.inputSchema(z.object({ name: z.string().min(1) }))
+	.action(async ({ parsedInput, ctx }) => {
+		// ctx.auth.user and ctx.auth.session are fully typed
+		const userId = ctx.auth.user.id;
+		await db.user.update({
+			where: { id: userId },
+			data: { name: parsedInput.name },
+		});
+		return { success: true };
+	});
+```
+## How it works
+`betterAuthMiddleware()` creates a pre-validation middleware for the safe action client's `.use()` chain:
+1. **Fetches the session** by calling `auth.api.getSession({ headers: await headers() })`
+2. **Blocks unauthenticated requests** by calling `unauthorized()` from `next/navigation` when no session exists
+3. **Injects typed context** by passing `{ auth: { user, session } }` to `next()`, merging it into the action context
+### `unauthorized()` and auth interrupts
+The default behavior uses `unauthorized()` from `next/navigation`, which requires `experimental.authInterrupts` in your Next.js configuration:
+```ts
+// next.config.ts
+import type { NextConfig } from "next";
+const nextConfig: NextConfig = {
+	experimental: {
+		authInterrupts: true,
+	},
+};
+export default nextConfig;
+```
+## Custom authorization
+Pass an `authorize` callback to customize the authorization flow. The session is pre-fetched and passed to the callback:
+```ts
+import { unauthorized } from "next/navigation";
+import { betterAuthMiddleware } from "@next-safe-action/adapter-better-auth";
+import { auth } from "./auth";
+// Role-based access
+export const adminClient = actionClient.use(
+	betterAuthMiddleware(auth, {
+		authorize: ({ sessionData, next }) => {
+			if (!sessionData || sessionData.user.role !== "admin") {
+				unauthorized();
+			}
+			return next({ ctx: { auth: sessionData } });
+		},
+	})
+);
+```
+### `authorize` callback parameters
+- `auth`: the Better Auth server instance
+- `sessionData`: the pre-fetched session data (`{ user, session } | null`)
+- `ctx`: the current action context from preceding middleware
+- `next`: call this to continue the middleware chain, pass `{ ctx }` to inject context
+## Server Action cookies
+If your actions call Better Auth functions that set cookies (e.g. `signInEmail`, `signUpEmail`), add the `nextCookies()` plugin to your Better Auth instance. Refer to the [Better Auth documentation](https://better-auth.com/docs/integrations/next#server-action-cookies) for more details.
+```ts
+// src/lib/auth.ts
+import { betterAuth } from "better-auth";
+import { nextCookies } from "better-auth/next-js";
+export const auth = betterAuth({
+	// ...your config
+	plugins: [
+		// ...other plugins
+		nextCookies(), // must be the last plugin in the array
+	],
+});
+```
+## API reference
+### `betterAuthMiddleware(auth, opts?)`
+Creates a middleware function for use with the safe action client's `.use()` method.
+**Parameters:**
+- `auth`: the Better Auth server instance (return value of `betterAuth()`)
+- `opts?`: optional object with an `authorize` callback for custom authorization logic
+**Returns:** a middleware function compatible with `.use()`
+### Exported types
+- `BetterAuthContext<Options>`: the context shape added by the middleware (`{ auth: { user, session } }`)
+- `AuthorizeFn<Options, NextCtx>`: the `authorize` callback signature
+- `BetterAuthMiddlewareOpts<Options, NextCtx>`: the options object type for `betterAuthMiddleware`
+## Documentation
+For full documentation, visit [next-safe-action.dev/docs/integrations/better-auth](https://next-safe-action.dev/docs/integrations/better-auth).
+## License
+MIT

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,62 @@
+import { MiddlewareFn, MiddlewareResult } from "next-safe-action";
+import { Auth, BetterAuthOptions } from "better-auth";
+//#region src/index.types.d.ts
+/**
+ * The default context shape added by `betterAuthMiddleware`.
+ * Contains `auth.user` and `auth.session`, fully typed from the better-auth instance.
+ */
+type BetterAuthContext<O extends BetterAuthOptions> = {
+  auth: Auth<O>["$Infer"]["Session"];
+};
+/**
+ * Authorize callback signature for custom authorization logic.
+ * Receives the pre-fetched session data, current context, and the `next` function.
+ */
+type AuthorizeFn<O extends BetterAuthOptions, NC extends object, Ctx extends object = object> = (args: {
+  sessionData: Auth<O>["$Infer"]["Session"] | null;
+  ctx: Ctx;
+  next: <C extends object>(opts?: {
+    ctx?: C;
+  }) => Promise<MiddlewareResult<any, C>>;
+}) => Promise<MiddlewareResult<any, NC>>;
+/**
+ * Options for `betterAuthMiddleware`.
+ */
+type BetterAuthMiddlewareOpts<O extends BetterAuthOptions, NC extends object, Ctx extends object = object> = {
+  authorize: AuthorizeFn<O, NC, Ctx>;
+};
+//#endregion
+//#region src/index.d.ts
+/**
+ * Creates a next-safe-action middleware that integrates with better-auth.
+ *
+ * Default behavior: fetches the session via `auth.api.getSession()`, calls `unauthorized()` if
+ * no session exists, and injects `{ auth: { user, session } }` into the action context.
+ *
+ * Pass an `authorize` callback to customize the authorization flow. The session is pre-fetched
+ * and passed to the callback, so common customizations (e.g. role checks) don't need to re-fetch.
+ *
+ * Note: `unauthorized()` requires `experimental.authInterrupts: true` in your `next.config.ts` file.
+ *
+ * @example
+ * ```ts
+ * // Default: fetch session, unauthorized() if absent
+ * actionClient.use(betterAuthMiddleware(auth));
+ *
+ * // Custom: check role
+ * actionClient.use(betterAuthMiddleware(auth, {
+ *   authorize: ({ sessionData, next }) => {
+ *     if (!sessionData || sessionData.user.role !== "admin") {
+ *       unauthorized();
+ *     }
+ *     return next({ ctx: { auth: sessionData } });
+ *   },
+ * }));
+ * ```
+ */
+declare function betterAuthMiddleware<O extends BetterAuthOptions>(auth: Auth<O>): MiddlewareFn<any, any, object, BetterAuthContext<O>>;
+declare function betterAuthMiddleware<O extends BetterAuthOptions, NC extends object, Ctx extends object>(auth: Auth<O>, opts: BetterAuthMiddlewareOpts<O, NC, Ctx>): MiddlewareFn<any, any, Ctx, NC>;
+//#endregion
+export { type AuthorizeFn, type BetterAuthContext, type BetterAuthMiddlewareOpts, betterAuthMiddleware };
+//# sourceMappingURL=index.d.mts.map

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,23 @@
+import { createMiddleware } from "next-safe-action";
+import { headers } from "next/headers.js";
+import { unauthorized } from "next/navigation.js";
+//#region src/index.ts
+function betterAuthMiddleware(auth, opts) {
+	return createMiddleware().define(async ({ ctx, next }) => {
+		const sessionData = await auth.api.getSession({ headers: await headers() });
+		if (opts?.authorize) return opts.authorize({
+			sessionData,
+			ctx,
+			next
+		});
+		if (!sessionData) unauthorized();
+		return next({ ctx: { auth: {
+			user: sessionData.user,
+			session: sessionData.session
+		} } });
+	});
+}
+//#endregion
+export { betterAuthMiddleware };
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.mjs","names":[],"sources":["../src/index.ts"],"sourcesContent":["import type { Auth, BetterAuthOptions } from \"better-auth\";\nimport { createMiddleware } from \"next-safe-action\";\nimport type { MiddlewareFn } from \"next-safe-action\";\nimport { headers } from \"next/headers\";\nimport { unauthorized } from \"next/navigation\";\nimport type { BetterAuthContext, BetterAuthMiddlewareOpts } from \"./index.types\";\n\n/**\n * Creates a next-safe-action middleware that integrates with better-auth.\n *\n * Default behavior: fetches the session via `auth.api.getSession()`, calls `unauthorized()` if\n * no session exists, and injects `{ auth: { user, session } }` into the action context.\n *\n * Pass an `authorize` callback to customize the authorization flow. The session is pre-fetched\n * and passed to the callback, so common customizations (e.g. role checks) don't need to re-fetch.\n *\n * Note: `unauthorized()` requires `experimental.authInterrupts: true` in your `next.config.ts` file.\n *\n * @example\n * ```ts\n * // Default: fetch session, unauthorized() if absent\n * actionClient.use(betterAuthMiddleware(auth));\n *\n * // Custom: check role\n * actionClient.use(betterAuthMiddleware(auth, {\n * authorize: ({ sessionData, next }) => {\n * if (!sessionData || sessionData.user.role !== \"admin\") {\n * unauthorized();\n * }\n * return next({ ctx: { auth: sessionData } });\n * },\n * }));\n * ```\n */\nexport function betterAuthMiddleware<O extends BetterAuthOptions>(\n\tauth: Auth<O>\n): MiddlewareFn<any, any, object, BetterAuthContext<O>>;\nexport function betterAuthMiddleware<O extends BetterAuthOptions, NC extends object, Ctx extends object>(\n\tauth: Auth<O>,\n\topts: BetterAuthMiddlewareOpts<O, NC, Ctx>\n): MiddlewareFn<any, any, Ctx, NC>;\nexport function betterAuthMiddleware<O extends BetterAuthOptions>(\n\tauth: Auth<O>,\n\topts?: BetterAuthMiddlewareOpts<O, any, any>\n) {\n\treturn createMiddleware().define(async ({ ctx, next }) => {\n\t\tconst sessionData = await auth.api.getSession({ headers: await headers() });\n\n\t\tif (opts?.authorize) {\n\t\t\treturn opts.authorize({ sessionData, ctx, next });\n\t\t}\n\n\t\tif (!sessionData) {\n\t\t\tunauthorized();\n\t\t}\n\n\t\treturn next({ ctx: { auth: { user: sessionData.user, session: sessionData.session } } });\n\t});\n}\n\nexport type { AuthorizeFn, BetterAuthContext, BetterAuthMiddlewareOpts } from \"./index.types\";\n"],"mappings":";;;;AAyCA,SAAgB,qBACf,MACA,MACC;AACD,QAAO,kBAAkB,CAAC,OAAO,OAAO,EAAE,KAAK,WAAW;EACzD,MAAM,cAAc,MAAM,KAAK,IAAI,WAAW,EAAE,SAAS,MAAM,SAAS,EAAE,CAAC;AAE3E,MAAI,MAAM,UACT,QAAO,KAAK,UAAU;GAAE;GAAa;GAAK;GAAM,CAAC;AAGlD,MAAI,CAAC,YACJ,eAAc;AAGf,SAAO,KAAK,EAAE,KAAK,EAAE,MAAM;GAAE,MAAM,YAAY;GAAM,SAAS,YAAY;GAAS,EAAE,EAAE,CAAC;GACvF"}

package/package.json CHANGED Viewed

@@ -1,15 +1,89 @@
 {
   "name": "@next-safe-action/adapter-better-auth",
-  "version": "0.0.0",
-  "description": "wip",
-  "main": "index.js",
-  "scripts": {},
-  "keywords": [],
+  "version": "0.1.1",
+  "private": false,
+  "description": "Better Auth adapter for next-safe-action.",
+  "main": "./dist/index.mjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "default": "./dist/index.mjs"
+    }
+  },
+  "typesVersions": {
+    "*": {
+      ".": [
+        "./dist/index.d.mts"
+      ]
+    }
+  },
+  "funding": [
+    {
+      "type": "github",
+      "url": "https://github.com/sponsors/TheEdoRan"
+    },
+    {
+      "type": "paypal",
+      "url": "https://www.paypal.com/donate/?hosted_button_id=ES9JRPSC66XKW"
+    }
+  ],
+  "keywords": [
+    "next",
+    "nextjs",
+    "react",
+    "rsc",
+    "react server components",
+    "mutation",
+    "action",
+    "actions",
+    "react actions",
+    "next actions",
+    "server actions",
+    "next-safe-action",
+    "next safe action",
+    "better-auth",
+    "better auth",
+    "auth",
+    "authentication"
+  ],
   "author": "Edoardo Ranghieri",
   "license": "MIT",
-  "packageManager": "pnpm@10.33.0",
-  "private": false,
+  "devDependencies": {
+    "@types/node": "^24",
+    "better-auth": "^1.5.6",
+    "next": "^16",
+    "oxlint": "^1.57.0",
+    "oxlint-tsgolint": "^0.15.0",
+    "tsdown": "^0.21.0",
+    "typescript": "^6.0.2",
+    "vitest": "^3.1.1",
+    "zod": "^4.3.6",
+    "next-safe-action": "8.4.0"
+  },
+  "peerDependencies": {
+    "better-auth": ">= 1.5.0",
+    "next": ">= 15.1.0",
+    "next-safe-action": ">= 8.4.0"
+  },
+  "engines": {
+    "node": ">=18.17"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/next-safe-action/next-safe-action.git",
+    "directory": "packages/adapter-better-auth"
+  },
   "publishConfig": {
     "access": "public"
+  },
+  "scripts": {
+    "test": "vitest run",
+    "lint": "tsc --noEmit && oxlint --type-aware .",
+    "build": "tsdown"
   }
-}
+}

package/index.js DELETED Viewed

	@@ -1 +0,0 @@
1	- export {}