@objectstack/plugin-auth 4.0.3 → 4.0.5

package/.turbo/turbo-build.log

@@ -1,78 +0,0 @@
-
-> @objectstack/plugin-auth@4.0.3 build /home/runner/work/framework/framework/packages/plugins/plugin-auth
-> tsup --config ../../../tsup.config.ts
-
-▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
-
-    package.json:13:6:
-      13 │       "types": "./dist/index.d.ts"
-         ╵       ~~~~~~~
-
-  The "import" condition comes earlier and will be used for all "import" statements:
-
-    package.json:11:6:
-      11 │       "import": "./dist/index.mjs",
-         ╵       ~~~~~~~~
-
-  The "require" condition comes earlier and will be used for all "require" calls:
-
-    package.json:12:6:
-      12 │       "require": "./dist/index.js",
-         ╵       ~~~~~~~~~
-
-CLI Building entry: src/index.ts
-CLI Using tsconfig: tsconfig.json
-CLI tsup v8.5.1
-CLI Using tsup config: /home/runner/work/framework/framework/tsup.config.ts
-CLI Target: es2020
-CLI Cleaning output folder
-ESM Build start
-CJS Build start
-[warn] ▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
-
-    package.json:13:6:
-      13 │       "types": "./dist/index.d.ts"
-         ╵       ~~~~~~~
-
-  The "import" condition comes earlier and will be used for all "import" statements:
-
-    package.json:11:6:
-      11 │       "import": "./dist/index.mjs",
-         ╵       ~~~~~~~~
-
-  The "require" condition comes earlier and will be used for all "require" calls:
-
-    package.json:12:6:
-      12 │       "require": "./dist/index.js",
-         ╵       ~~~~~~~~~
-
-
-[warn] ▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
-
-    package.json:13:6:
-      13 │       "types": "./dist/index.d.ts"
-         ╵       ~~~~~~~
-
-  The "import" condition comes earlier and will be used for all "import" statements:
-
-    package.json:11:6:
-      11 │       "import": "./dist/index.mjs",
-         ╵       ~~~~~~~~
-
-  The "require" condition comes earlier and will be used for all "require" calls:
-
-    package.json:12:6:
-      12 │       "require": "./dist/index.js",
-         ╵       ~~~~~~~~~
-
-
-CJS dist/index.js     48.18 KB
-CJS dist/index.js.map 99.34 KB
-CJS ⚡️ Build success in 86ms
-ESM dist/index.mjs     44.60 KB
-ESM dist/index.mjs.map 98.83 KB
-ESM ⚡️ Build success in 86ms
-DTS Build start
-DTS ⚡️ Build success in 5289ms
-DTS dist/index.d.mts 913.41 KB
-DTS dist/index.d.ts  913.41 KB

package/ARCHITECTURE.md

@@ -1,176 +0,0 @@
-# Better-Auth Integration: Direct Forwarding Approach
-
-## Decision Summary
-
-**Chosen Approach:** Direct Request Forwarding  
-**Implementation Date:** 2026-02-10  
-**Status:** ✅ Implemented and Tested
-
-## Problem Statement
-
-When integrating the better-auth library (v1.4.18) into `@objectstack/plugin-auth`, we needed to decide between two architectural approaches:
-
-1. **Direct Forwarding**: Forward all HTTP requests directly to better-auth's universal handler
-2. **Manual Implementation**: Implement wrapper methods for each authentication operation
-
-## Analysis
-
-### Better-Auth Architecture
-
-Better-auth v1.4.18 provides a **universal handler** pattern:
-
-```typescript
-type Auth = {
-  handler: (request: Request) => Promise<Response>;
-  api: InferAPI<...>;
-  // ...
-}
-```
-
-This handler:
-- Accepts Web standard `Request` objects
-- Returns Web standard `Response` objects  
-- Handles ALL authentication routes internally
-- Is framework-agnostic (works with Next.js, Hono, Express, etc.)
-
-### Hono Framework Compatibility
-
-Our HTTP server uses Hono, which already uses Web standard Request/Response:
-- Hono Context provides `c.req.raw` → Web `Request`
-- Hono accepts Web `Response` objects directly
-- **No conversion needed!**
-
-### Approach Comparison
-
-| Aspect | Direct Forwarding ✅ | Manual Implementation |
-|--------|---------------------|----------------------|
-| Code Size | ~100 lines | ~250 lines |
-| Maintenance | Minimal - better-auth handles it | High - must sync with better-auth updates |
-| Features | All better-auth features automatic | Must implement each feature manually |
-| Type Safety | Full TypeScript from better-auth | Custom types, may drift |
-| Bug Risk | Low - using library as designed | High - custom code, edge cases |
-| Updates | Get better-auth updates automatically | Must update wrapper code |
-| OAuth Support | Built-in, configured via options | Must implement OAuth flows |
-| 2FA Support | Built-in, configured via options | Must implement 2FA logic |
-| Passkeys | Built-in, configured via options | Must implement WebAuthn |
-| Magic Links | Built-in, configured via options | Must implement email flows |
-
-## Decision: Direct Forwarding
-
-### Rationale
-
-1. **Library Design Intent**: Better-auth's universal handler is the **recommended integration pattern**
-2. **Minimal Code**: ~150 lines removed, simpler to maintain
-3. **Full Feature Support**: All better-auth features work automatically
-4. **Future-Proof**: Better-auth updates require no code changes
-5. **Type Safety**: Full TypeScript support from better-auth
-6. **Standard Pattern**: Aligns with better-auth documentation examples
-
-### Implementation
-
-#### Before (Manual Approach)
-```typescript
-// Custom wrapper methods (200+ lines)
-httpServer.post('/auth/login', async (req, res) => {
-  const result = await authManager.login(req.body);
-  res.json(result);
-});
-
-httpServer.post('/auth/register', async (req, res) => {
-  const result = await authManager.register(req.body);
-  res.json(result);
-});
-
-// ... many more routes
-```
-
-#### After (Direct Forwarding)
-```typescript
-// Single wildcard route (~30 lines)
-rawApp.all('/api/v1/auth/*', async (c) => {
-  const request = c.req.raw; // Web Request
-  const authPath = url.pathname.replace(basePath, '');
-  const rewrittenRequest = new Request(authPath, { ... });
-  const response = await authManager.handleRequest(rewrittenRequest);
-  return response; // Web Response
-});
-```
-
-### Trade-offs
-
-**Given Up:**
-- Fine-grained control over individual routes
-- Ability to easily intercept/modify requests
-
-**Solutions:**
-- Use Hono middleware for request interception if needed
-- Use better-auth plugins for custom behavior
-- Access `authManager.api` for programmatic operations
-
-## Results
-
-### Metrics
-- **Lines of Code Removed**: 156 (261 → 105 in auth-manager.ts)
-- **Test Coverage**: 11/11 tests passing
-- **Build Status**: ✅ Success
-- **Type Safety**: ✅ Full TypeScript support
-
-### Features Enabled
-- ✅ Email/Password Authentication
-- ✅ OAuth Providers (Google, GitHub, etc.)
-- ✅ Session Management
-- ✅ Password Reset
-- ✅ Email Verification
-- ✅ 2FA (when enabled)
-- ✅ Passkeys (when enabled)
-- ✅ Magic Links (when enabled)
-- ✅ Organizations (when enabled)
-
-## Usage Example
-
-```typescript
-import { AuthPlugin } from '@objectstack/plugin-auth';
-
-const plugin = new AuthPlugin({
-  secret: process.env.AUTH_SECRET,
-  baseUrl: 'http://localhost:3000',
-  
-  // OAuth providers - just configuration, no implementation needed
-  providers: [
-    {
-      id: 'google',
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-    }
-  ],
-  
-  // Advanced features - just enable, no implementation needed
-  plugins: {
-    organization: true,  // Multi-tenant support
-    twoFactor: true,     // 2FA
-    passkeys: true,      // WebAuthn
-    magicLink: true,     // Passwordless
-  }
-});
-```
-
-All better-auth endpoints work immediately:
-- `/api/v1/auth/sign-up/email`
-- `/api/v1/auth/sign-in/email`
-- `/api/v1/auth/authorize/google`
-- `/api/v1/auth/two-factor/enable`
-- `/api/v1/auth/passkey/register`
-- And many more...
-
-## Lessons Learned
-
-1. **Use Libraries as Designed**: Better-auth provides a universal handler for a reason
-2. **Less Code = Less Bugs**: The simplest solution is often the best
-3. **Trust the Framework**: Better-auth has battle-tested auth logic
-4. **Embrace Standards**: Web standard Request/Response makes integration seamless
-
-## References
-
-- [Better-Auth Documentation](https://www.better-auth.com/docs)
-- [PR #580](https://github.com/objectstack-ai/spec/pull/580) - Initial better-auth integration
-- Analysis Document: `/tmp/better-auth-approach-analysis.md`

package/CHANGELOG.md

@@ -1,325 +0,0 @@
-# Changelog
-
-## 4.0.3
-
-### Patch Changes
-
-- @objectstack/spec@4.0.3
-- @objectstack/core@4.0.3
-
-## 4.0.2
-
-### Patch Changes
-
-- Updated dependencies [5f659e9]
-  - @objectstack/spec@4.0.2
-  - @objectstack/core@4.0.2
-
-## 4.0.0
-
-### Patch Changes
-
-- e0b0a78: Deprecate DataEngineQueryOptions in favor of QueryAST-aligned EngineQueryOptions.
-
-  Engine, Protocol, and Client now use standard QueryAST parameter names:
-
-  - `filter` → `where`
-  - `select` → `fields`
-  - `sort` → `orderBy`
-  - `skip` → `offset`
-  - `populate` → `expand`
-  - `top` → `limit`
-
-  The old DataEngine\* schemas and types are preserved with `@deprecated` markers for backward compatibility.
-
-- Updated dependencies [f08ffc3]
-- Updated dependencies [e0b0a78]
-  - @objectstack/spec@4.0.0
-  - @objectstack/core@4.0.0
-
-## 3.3.1
-
-### Patch Changes
-
-- @objectstack/spec@3.3.1
-- @objectstack/core@3.3.1
-
-## 3.3.0
-
-### Minor Changes
-
-- 814a6c4: sql driver
-
-### Patch Changes
-
-- @objectstack/spec@3.3.0
-- @objectstack/core@3.3.0
-
-## 3.2.9
-
-### Patch Changes
-
-- @objectstack/spec@3.2.9
-- @objectstack/core@3.2.9
-
-## 3.2.8
-
-### Patch Changes
-
-- 1fe5612: fix vercel
-  - @objectstack/spec@3.2.8
-  - @objectstack/core@3.2.8
-
-## 3.2.7
-
-### Patch Changes
-
-- 35a1ebb: fix auth
-  - @objectstack/spec@3.2.7
-  - @objectstack/core@3.2.7
-
-## 3.2.6
-
-### Patch Changes
-
-- @objectstack/spec@3.2.6
-- @objectstack/core@3.2.6
-
-## 3.2.5
-
-### Patch Changes
-
-- e854538: fix beyyer-auth
-  - @objectstack/spec@3.2.5
-  - @objectstack/core@3.2.5
-
-## 3.2.4
-
-### Patch Changes
-
-- f490991: fix better-auth
-  - @objectstack/spec@3.2.4
-  - @objectstack/core@3.2.4
-
-## 3.2.3
-
-### Patch Changes
-
-- 0b1d7c9: fix auth
-  - @objectstack/spec@3.2.3
-  - @objectstack/core@3.2.3
-
-## 3.2.2
-
-### Patch Changes
-
-- cfaabbb: fix: AuthPlugin error handling & database adapter config
-
-  - `AuthManager.handleRequest()` now inspects `response.status >= 500` and logs the error body via `console.error`, since better-auth catches internal errors and returns 500 Responses without throwing.
-  - `AuthPlugin.registerAuthRoutes()` also logs 500+ responses via `ctx.logger.error` for structured plugin logging.
-  - `createDatabaseConfig()` now wraps the ObjectQL adapter as a `DBAdapterInstance` factory function so better-auth's `getBaseAdapter()` correctly recognises it (via `typeof database === "function"` check) instead of falling through to the Kysely adapter path.
-
-- Updated dependencies [46defbb]
-  - @objectstack/spec@3.2.2
-  - @objectstack/core@3.2.2
-
-## 3.2.1
-
-### Patch Changes
-
-- Updated dependencies [850b546]
-  - @objectstack/spec@3.2.1
-  - @objectstack/core@3.2.1
-
-## 3.2.0
-
-### Patch Changes
-
-- Updated dependencies [5901c29]
-  - @objectstack/spec@3.2.0
-  - @objectstack/core@3.2.0
-
-## 3.1.1
-
-### Patch Changes
-
-- Updated dependencies [953d667]
-  - @objectstack/spec@3.1.1
-  - @objectstack/core@3.1.1
-
-## 3.1.0
-
-### Patch Changes
-
-- Updated dependencies [0088830]
-  - @objectstack/spec@3.1.0
-  - @objectstack/core@3.1.0
-
-## 3.0.11
-
-### Patch Changes
-
-- Updated dependencies [92d9d99]
-  - @objectstack/spec@3.0.11
-  - @objectstack/core@3.0.11
-
-## 3.0.10
-
-### Patch Changes
-
-- Updated dependencies [d1e5d31]
-  - @objectstack/spec@3.0.10
-  - @objectstack/core@3.0.10
-
-## 3.0.9
-
-### Patch Changes
-
-- Updated dependencies [15e0df6]
-  - @objectstack/spec@3.0.9
-  - @objectstack/core@3.0.9
-
-## 3.0.8
-
-### Patch Changes
-
-- Updated dependencies [5a968a2]
-  - @objectstack/spec@3.0.8
-  - @objectstack/core@3.0.8
-
-## 3.0.7
-
-### Patch Changes
-
-- Updated dependencies [0119bd7]
-- Updated dependencies [5426bdf]
-  - @objectstack/spec@3.0.7
-  - @objectstack/core@3.0.7
-
-## 3.0.6
-
-### Patch Changes
-
-- Updated dependencies [5df254c]
-  - @objectstack/spec@3.0.6
-  - @objectstack/core@3.0.6
-
-## 3.0.5
-
-### Patch Changes
-
-- Updated dependencies [23a4a68]
-  - @objectstack/spec@3.0.5
-  - @objectstack/core@3.0.5
-
-## 3.0.4
-
-### Patch Changes
-
-- Updated dependencies [d738987]
-  - @objectstack/spec@3.0.4
-  - @objectstack/core@3.0.4
-
-## 3.0.3
-
-### Patch Changes
-
-- c7267f6: Patch release for maintenance updates and improvements.
-- Updated dependencies [c7267f6]
-  - @objectstack/spec@3.0.3
-  - @objectstack/core@3.0.3
-
-## 3.0.2
-
-### Patch Changes
-
-- Updated dependencies [28985f5]
-  - @objectstack/spec@3.0.2
-  - @objectstack/core@3.0.2
-
-## 3.0.1
-
-### Patch Changes
-
-- Updated dependencies [389725a]
-  - @objectstack/spec@3.0.1
-  - @objectstack/core@3.0.1
-
-## 3.0.0
-
-### Major Changes
-
-- Release v3.0.0 — unified version bump for all ObjectStack packages.
-
-### Patch Changes
-
-- Updated dependencies
-  - @objectstack/spec@3.0.0
-  - @objectstack/core@3.0.0
-
-## 2.0.7
-
-### Patch Changes
-
-- Updated dependencies
-  - @objectstack/spec@2.0.7
-  - @objectstack/core@2.0.7
-
-## 2.0.6
-
-### Patch Changes
-
-- Patch release for maintenance and stability improvements
-- Updated dependencies
-  - @objectstack/spec@2.0.6
-  - @objectstack/core@2.0.6
-
-## 2.0.5
-
-### Patch Changes
-
-- Unify all package versions with a patch release
-- Updated dependencies
-  - @objectstack/spec@2.0.5
-  - @objectstack/core@2.0.5
-
-## 2.0.3
-
-### Patch Changes
-
-- Updated dependencies
-  - @objectstack/spec@2.0.4
-  - @objectstack/core@2.0.4
-
-All notable changes to `@objectstack/plugin-auth` will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [Unreleased]
-
-## [2.0.2] - 2026-02-10
-
-### Added
-
-- Initial release of Auth Plugin
-- Integration with better-auth library for robust authentication
-- Session management and user authentication
-- Support for OAuth providers (Google, GitHub, Microsoft, etc.)
-- Organization/team support for multi-tenant applications
-- Two-factor authentication (2FA)
-- Passkey support
-- Magic link authentication
-- Configurable session expiry and refresh
-- Automatic HTTP route registration
-- Comprehensive test coverage
-
-### Security
-
-- Secure session token management
-- Encrypted secrets support
-- Rate limiting capabilities
-- CSRF protection
-
-[Unreleased]: https://github.com/objectstack-ai/spec/compare/v2.0.2...HEAD
-[2.0.2]: https://github.com/objectstack-ai/spec/releases/tag/v2.0.2