@nvwa-app/auth-plugins 1.0.0

package/dist/index.d.mts

@@ -0,0 +1,40 @@
+import { BetterAuthPlugin } from 'better-auth';
+
+interface WechatMiniProgramDirectOptions {
+    /** 小程序自身的 AppID（直连 jscode2session） */
+    appId: string;
+    /** 小程序自身的 AppSecret */
+    appSecret: string;
+    /** better-auth account.providerId，默认 "wechat-mp" */
+    providerId?: string;
+}
+declare function wechatMiniProgramDirectPlugin(options: WechatMiniProgramDirectOptions): BetterAuthPlugin;
+
+interface WechatMiniProgramThirdPartyOptions {
+    /** 第三方平台 component_appid */
+    componentAppId: string;
+    /** 第三方平台 component_appsecret */
+    componentAppSecret: string;
+    /**
+     * 获取最新的 component_verify_ticket。
+     * 调用方负责从自身存储中返回有效 ticket。
+     */
+    getComponentVerifyTicket: () => Promise<string>;
+    /**
+     * 读取已缓存的 component_access_token。
+     * 未命中时应返回 null。
+     */
+    getCachedComponentAccessToken?: () => Promise<string | null>;
+    /**
+     * 写入 component_access_token 缓存。
+     * 由调用方决定存储位置及失效策略。
+     */
+    setCachedComponentAccessToken?: (token: string, expiresIn: number) => Promise<void>;
+    /**
+     * better-auth account.providerId，默认 "wechat-mp"
+     */
+    providerId?: string;
+}
+declare function wechatMiniProgramThirdPartyPlugin(options: WechatMiniProgramThirdPartyOptions): BetterAuthPlugin;
+
+export { type WechatMiniProgramDirectOptions, type WechatMiniProgramThirdPartyOptions, wechatMiniProgramDirectPlugin, wechatMiniProgramThirdPartyPlugin };

package/dist/index.d.ts

@@ -0,0 +1,40 @@
+import { BetterAuthPlugin } from 'better-auth';
+
+interface WechatMiniProgramDirectOptions {
+    /** 小程序自身的 AppID（直连 jscode2session） */
+    appId: string;
+    /** 小程序自身的 AppSecret */
+    appSecret: string;
+    /** better-auth account.providerId，默认 "wechat-mp" */
+    providerId?: string;
+}
+declare function wechatMiniProgramDirectPlugin(options: WechatMiniProgramDirectOptions): BetterAuthPlugin;
+
+interface WechatMiniProgramThirdPartyOptions {
+    /** 第三方平台 component_appid */
+    componentAppId: string;
+    /** 第三方平台 component_appsecret */
+    componentAppSecret: string;
+    /**
+     * 获取最新的 component_verify_ticket。
+     * 调用方负责从自身存储中返回有效 ticket。
+     */
+    getComponentVerifyTicket: () => Promise<string>;
+    /**
+     * 读取已缓存的 component_access_token。
+     * 未命中时应返回 null。
+     */
+    getCachedComponentAccessToken?: () => Promise<string | null>;
+    /**
+     * 写入 component_access_token 缓存。
+     * 由调用方决定存储位置及失效策略。
+     */
+    setCachedComponentAccessToken?: (token: string, expiresIn: number) => Promise<void>;
+    /**
+     * better-auth account.providerId，默认 "wechat-mp"
+     */
+    providerId?: string;
+}
+declare function wechatMiniProgramThirdPartyPlugin(options: WechatMiniProgramThirdPartyOptions): BetterAuthPlugin;
+
+export { type WechatMiniProgramDirectOptions, type WechatMiniProgramThirdPartyOptions, wechatMiniProgramDirectPlugin, wechatMiniProgramThirdPartyPlugin };

package/dist/index.js

@@ -0,0 +1,252 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  wechatMiniProgramDirectPlugin: () => wechatMiniProgramDirectPlugin,
+  wechatMiniProgramThirdPartyPlugin: () => wechatMiniProgramThirdPartyPlugin
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/wechat-mini-program-direct.ts
+var import_api2 = require("better-auth/api");
+
+// src/wechat-mini-program-shared.ts
+var import_api = require("better-auth/api");
+async function ensureUserAndSession(ctx, providerId, openid) {
+  const { adapter, internalAdapter, logger } = ctx.context;
+  logger?.info?.("[wechat-mini-program] code2session success", {
+    openid: openid.substring(0, 10)
+  });
+  const accountTable = ctx.context.tables.account;
+  const userTable = ctx.context.tables.user;
+  const providerIdCol = accountTable.fields.providerId.name;
+  const accountIdCol = accountTable.fields.accountId.name;
+  const userIdCol = accountTable.fields.userId.name;
+  const existingAccounts = await adapter.selectFrom(accountTable.name).selectAll().where(providerIdCol, "=", providerId).where(accountIdCol, "=", openid).execute();
+  let userId;
+  if (existingAccounts.length > 0) {
+    userId = existingAccounts[0][userIdCol];
+  } else {
+    const email = `${openid}@wechat-mp.nvwa.app`;
+    const name = "\u5FAE\u4FE1\u7528\u6237";
+    const newUserId = crypto.randomUUID();
+    const idCol = userTable.fields.id.name;
+    const emailCol = userTable.fields.email.name;
+    const nameCol = userTable.fields.name.name;
+    await adapter.insertInto(userTable.name).values({
+      [idCol]: newUserId,
+      [emailCol]: email,
+      [nameCol]: name
+    }).execute();
+    userId = newUserId;
+    await adapter.insertInto(accountTable.name).values({
+      [accountTable.fields.id.name]: crypto.randomUUID(),
+      [accountTable.fields.userId.name]: userId,
+      [accountTable.fields.providerId.name]: providerId,
+      [accountTable.fields.accountId.name]: openid
+    }).execute();
+  }
+  const session = await internalAdapter.createSession({
+    userId,
+    ipAddress: ctx.request.ip ?? void 0,
+    userAgent: ctx.request.headers.get("user-agent") ?? void 0
+  });
+  return { userId, sessionToken: session.token };
+}
+function setSessionCookie(ctx, token) {
+  const cookie = ctx.context.createAuthCookie("sessionToken", {
+    value: token,
+    expiresIn: ctx.context.session.expiresIn
+  });
+  ctx.setCookie(cookie.name, cookie.value, cookie.options);
+}
+
+// src/wechat-mini-program-direct.ts
+async function code2SessionDirect(opts, code) {
+  const url = new URL("https://api.weixin.qq.com/sns/jscode2session");
+  url.searchParams.set("appid", opts.appId);
+  url.searchParams.set("secret", opts.appSecret);
+  url.searchParams.set("js_code", code);
+  url.searchParams.set("grant_type", "authorization_code");
+  const response = await fetch(url.toString(), { method: "GET" });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to call jscode2session: ${response.status} ${response.statusText}`
+    );
+  }
+  const json = await response.json();
+  if (!json.openid) {
+    throw new Error(
+      `jscode2session error: ${json.errcode ?? ""} ${json.errmsg ?? "unknown error"}`
+    );
+  }
+  return {
+    openid: json.openid,
+    unionid: json.unionid,
+    session_key: json.session_key
+  };
+}
+function wechatMiniProgramDirectPlugin(options) {
+  const providerId = options.providerId ?? "wechat-mp";
+  return {
+    id: "wechat-mini-program-direct",
+    endpoints: {
+      miniProgramLogin: (0, import_api2.createAuthEndpoint)(
+        "/wechat-mp/login",
+        {
+          method: "POST"
+        },
+        async (ctx) => {
+          if (!ctx.request) throw new import_api.APIError("BAD_REQUEST", { message: "Missing request" });
+          const body = await ctx.request.json().catch(() => null);
+          const code = body?.code;
+          if (!code) {
+            throw new import_api.APIError("BAD_REQUEST", {
+              message: "code is required"
+            });
+          }
+          const sessionData = await code2SessionDirect(options, code);
+          const { userId, sessionToken } = await ensureUserAndSession(
+            ctx,
+            providerId,
+            sessionData.openid
+          );
+          setSessionCookie(ctx, sessionToken);
+          return ctx.json({
+            success: true,
+            userId
+          });
+        }
+      )
+    }
+  };
+}
+
+// src/wechat-mini-program-thirdparty.ts
+var import_api3 = require("better-auth/api");
+async function fetchComponentAccessToken(opts) {
+  const cached = await opts.getCachedComponentAccessToken?.().catch(() => null) ?? null;
+  if (cached) return cached;
+  const ticket = await opts.getComponentVerifyTicket();
+  const response = await fetch(
+    "https://api.weixin.qq.com/cgi-bin/component/api_component_token",
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        component_appid: opts.componentAppId,
+        component_appsecret: opts.componentAppSecret,
+        component_verify_ticket: ticket
+      })
+    }
+  );
+  if (!response.ok) {
+    throw new Error(
+      `Failed to get component_access_token: ${response.status} ${response.statusText}`
+    );
+  }
+  const json = await response.json();
+  if (!json.component_access_token) {
+    throw new Error(
+      `Get component_access_token error: ${json.errcode ?? ""} ${json.errmsg ?? "unknown error"}`
+    );
+  }
+  if (opts.setCachedComponentAccessToken && json.expires_in) {
+    await opts.setCachedComponentAccessToken(
+      json.component_access_token,
+      json.expires_in
+    ).catch(() => {
+    });
+  }
+  return json.component_access_token;
+}
+async function code2Session(opts, code, appId) {
+  const componentAccessToken = await fetchComponentAccessToken(opts);
+  const miniAppId = appId ?? opts.componentAppId;
+  const url = new URL(
+    "https://api.weixin.qq.com/sns/component/jscode2session"
+  );
+  url.searchParams.set("appid", miniAppId);
+  url.searchParams.set("js_code", code);
+  url.searchParams.set("grant_type", "authorization_code");
+  url.searchParams.set("component_appid", opts.componentAppId);
+  url.searchParams.set("component_access_token", componentAccessToken);
+  const response = await fetch(url.toString(), { method: "GET" });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to call jscode2session: ${response.status} ${response.statusText}`
+    );
+  }
+  const json = await response.json();
+  if (!json.openid) {
+    throw new Error(
+      `jscode2session error: ${json.errcode ?? ""} ${json.errmsg ?? "unknown error"}`
+    );
+  }
+  return {
+    openid: json.openid,
+    unionid: json.unionid,
+    session_key: json.session_key
+  };
+}
+function wechatMiniProgramThirdPartyPlugin(options) {
+  const providerId = options.providerId ?? "wechat-mp";
+  return {
+    id: "wechat-mini-program-thirdparty",
+    endpoints: {
+      miniProgramThirdpartyLogin: (0, import_api3.createAuthEndpoint)(
+        "/wechat-mp/thirdparty-login",
+        {
+          method: "POST"
+        },
+        async (ctx) => {
+          if (!ctx.request) throw new import_api.APIError("BAD_REQUEST", { message: "Missing request" });
+          const body = await ctx.request.json().catch(() => null);
+          const code = body?.code;
+          const appId = body?.appId;
+          if (!code) {
+            throw new import_api.APIError("BAD_REQUEST", {
+              message: "code is required"
+            });
+          }
+          const sessionData = await code2Session(options, code, appId);
+          const { userId, sessionToken } = await ensureUserAndSession(
+            ctx,
+            providerId,
+            sessionData.openid
+          );
+          setSessionCookie(ctx, sessionToken);
+          return ctx.json({
+            success: true,
+            userId
+          });
+        }
+      )
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  wechatMiniProgramDirectPlugin,
+  wechatMiniProgramThirdPartyPlugin
+});

package/dist/index.mjs

@@ -0,0 +1,224 @@
+// src/wechat-mini-program-direct.ts
+import { createAuthEndpoint } from "better-auth/api";
+
+// src/wechat-mini-program-shared.ts
+import { APIError } from "better-auth/api";
+async function ensureUserAndSession(ctx, providerId, openid) {
+  const { adapter, internalAdapter, logger } = ctx.context;
+  logger?.info?.("[wechat-mini-program] code2session success", {
+    openid: openid.substring(0, 10)
+  });
+  const accountTable = ctx.context.tables.account;
+  const userTable = ctx.context.tables.user;
+  const providerIdCol = accountTable.fields.providerId.name;
+  const accountIdCol = accountTable.fields.accountId.name;
+  const userIdCol = accountTable.fields.userId.name;
+  const existingAccounts = await adapter.selectFrom(accountTable.name).selectAll().where(providerIdCol, "=", providerId).where(accountIdCol, "=", openid).execute();
+  let userId;
+  if (existingAccounts.length > 0) {
+    userId = existingAccounts[0][userIdCol];
+  } else {
+    const email = `${openid}@wechat-mp.nvwa.app`;
+    const name = "\u5FAE\u4FE1\u7528\u6237";
+    const newUserId = crypto.randomUUID();
+    const idCol = userTable.fields.id.name;
+    const emailCol = userTable.fields.email.name;
+    const nameCol = userTable.fields.name.name;
+    await adapter.insertInto(userTable.name).values({
+      [idCol]: newUserId,
+      [emailCol]: email,
+      [nameCol]: name
+    }).execute();
+    userId = newUserId;
+    await adapter.insertInto(accountTable.name).values({
+      [accountTable.fields.id.name]: crypto.randomUUID(),
+      [accountTable.fields.userId.name]: userId,
+      [accountTable.fields.providerId.name]: providerId,
+      [accountTable.fields.accountId.name]: openid
+    }).execute();
+  }
+  const session = await internalAdapter.createSession({
+    userId,
+    ipAddress: ctx.request.ip ?? void 0,
+    userAgent: ctx.request.headers.get("user-agent") ?? void 0
+  });
+  return { userId, sessionToken: session.token };
+}
+function setSessionCookie(ctx, token) {
+  const cookie = ctx.context.createAuthCookie("sessionToken", {
+    value: token,
+    expiresIn: ctx.context.session.expiresIn
+  });
+  ctx.setCookie(cookie.name, cookie.value, cookie.options);
+}
+
+// src/wechat-mini-program-direct.ts
+async function code2SessionDirect(opts, code) {
+  const url = new URL("https://api.weixin.qq.com/sns/jscode2session");
+  url.searchParams.set("appid", opts.appId);
+  url.searchParams.set("secret", opts.appSecret);
+  url.searchParams.set("js_code", code);
+  url.searchParams.set("grant_type", "authorization_code");
+  const response = await fetch(url.toString(), { method: "GET" });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to call jscode2session: ${response.status} ${response.statusText}`
+    );
+  }
+  const json = await response.json();
+  if (!json.openid) {
+    throw new Error(
+      `jscode2session error: ${json.errcode ?? ""} ${json.errmsg ?? "unknown error"}`
+    );
+  }
+  return {
+    openid: json.openid,
+    unionid: json.unionid,
+    session_key: json.session_key
+  };
+}
+function wechatMiniProgramDirectPlugin(options) {
+  const providerId = options.providerId ?? "wechat-mp";
+  return {
+    id: "wechat-mini-program-direct",
+    endpoints: {
+      miniProgramLogin: createAuthEndpoint(
+        "/wechat-mp/login",
+        {
+          method: "POST"
+        },
+        async (ctx) => {
+          if (!ctx.request) throw new APIError("BAD_REQUEST", { message: "Missing request" });
+          const body = await ctx.request.json().catch(() => null);
+          const code = body?.code;
+          if (!code) {
+            throw new APIError("BAD_REQUEST", {
+              message: "code is required"
+            });
+          }
+          const sessionData = await code2SessionDirect(options, code);
+          const { userId, sessionToken } = await ensureUserAndSession(
+            ctx,
+            providerId,
+            sessionData.openid
+          );
+          setSessionCookie(ctx, sessionToken);
+          return ctx.json({
+            success: true,
+            userId
+          });
+        }
+      )
+    }
+  };
+}
+
+// src/wechat-mini-program-thirdparty.ts
+import { createAuthEndpoint as createAuthEndpoint2 } from "better-auth/api";
+async function fetchComponentAccessToken(opts) {
+  const cached = await opts.getCachedComponentAccessToken?.().catch(() => null) ?? null;
+  if (cached) return cached;
+  const ticket = await opts.getComponentVerifyTicket();
+  const response = await fetch(
+    "https://api.weixin.qq.com/cgi-bin/component/api_component_token",
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        component_appid: opts.componentAppId,
+        component_appsecret: opts.componentAppSecret,
+        component_verify_ticket: ticket
+      })
+    }
+  );
+  if (!response.ok) {
+    throw new Error(
+      `Failed to get component_access_token: ${response.status} ${response.statusText}`
+    );
+  }
+  const json = await response.json();
+  if (!json.component_access_token) {
+    throw new Error(
+      `Get component_access_token error: ${json.errcode ?? ""} ${json.errmsg ?? "unknown error"}`
+    );
+  }
+  if (opts.setCachedComponentAccessToken && json.expires_in) {
+    await opts.setCachedComponentAccessToken(
+      json.component_access_token,
+      json.expires_in
+    ).catch(() => {
+    });
+  }
+  return json.component_access_token;
+}
+async function code2Session(opts, code, appId) {
+  const componentAccessToken = await fetchComponentAccessToken(opts);
+  const miniAppId = appId ?? opts.componentAppId;
+  const url = new URL(
+    "https://api.weixin.qq.com/sns/component/jscode2session"
+  );
+  url.searchParams.set("appid", miniAppId);
+  url.searchParams.set("js_code", code);
+  url.searchParams.set("grant_type", "authorization_code");
+  url.searchParams.set("component_appid", opts.componentAppId);
+  url.searchParams.set("component_access_token", componentAccessToken);
+  const response = await fetch(url.toString(), { method: "GET" });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to call jscode2session: ${response.status} ${response.statusText}`
+    );
+  }
+  const json = await response.json();
+  if (!json.openid) {
+    throw new Error(
+      `jscode2session error: ${json.errcode ?? ""} ${json.errmsg ?? "unknown error"}`
+    );
+  }
+  return {
+    openid: json.openid,
+    unionid: json.unionid,
+    session_key: json.session_key
+  };
+}
+function wechatMiniProgramThirdPartyPlugin(options) {
+  const providerId = options.providerId ?? "wechat-mp";
+  return {
+    id: "wechat-mini-program-thirdparty",
+    endpoints: {
+      miniProgramThirdpartyLogin: createAuthEndpoint2(
+        "/wechat-mp/thirdparty-login",
+        {
+          method: "POST"
+        },
+        async (ctx) => {
+          if (!ctx.request) throw new APIError("BAD_REQUEST", { message: "Missing request" });
+          const body = await ctx.request.json().catch(() => null);
+          const code = body?.code;
+          const appId = body?.appId;
+          if (!code) {
+            throw new APIError("BAD_REQUEST", {
+              message: "code is required"
+            });
+          }
+          const sessionData = await code2Session(options, code, appId);
+          const { userId, sessionToken } = await ensureUserAndSession(
+            ctx,
+            providerId,
+            sessionData.openid
+          );
+          setSessionCookie(ctx, sessionToken);
+          return ctx.json({
+            success: true,
+            userId
+          });
+        }
+      )
+    }
+  };
+}
+export {
+  wechatMiniProgramDirectPlugin,
+  wechatMiniProgramThirdPartyPlugin
+};

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "@nvwa-app/auth-plugins",
+  "version": "1.0.0",
+  "description": "Better-auth plugins for WeChat mini-program login (direct and third-party).",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "peerDependencies": {
+    "better-auth": ">=1.4.0"
+  },
+  "devDependencies": {
+    "better-auth": "1.4.4",
+    "tsup": "^8.1.0",
+    "typescript": "^5.6.0"
+  },
+  "tsup": {
+    "entry": ["src/index.ts"],
+    "outDir": "dist",
+    "clean": true,
+    "dts": true,
+    "format": ["esm", "cjs"],
+    "minify": false,
+    "splitting": false,
+    "external": ["better-auth", "better-auth/api"]
+  },
+  "keywords": [
+    "better-auth",
+    "wechat",
+    "miniprogram",
+    "auth",
+    "plugin"
+  ],
+  "license": "ISC"
+}