@objectstack/plugin-auth 6.1.1 → 6.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +14 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +31 -0
- package/dist/index.mjs.map +1 -1
- package/package.json +5 -4
package/dist/index.d.mts
CHANGED
|
@@ -212,6 +212,20 @@ declare class AuthManager {
|
|
|
212
212
|
* Create a better-auth instance from configuration
|
|
213
213
|
*/
|
|
214
214
|
private createAuthInstance;
|
|
215
|
+
/**
|
|
216
|
+
* Detect WebContainer (StackBlitz) and swap in a pure-JS scrypt hasher.
|
|
217
|
+
*
|
|
218
|
+
* better-auth defaults to `@better-auth/utils/password.node`, which calls
|
|
219
|
+
* `node:crypto.scrypt`. WebContainer polyfills that API incompletely and
|
|
220
|
+
* signup throws `TypeError: y.run is not a function`. The pure-JS variant
|
|
221
|
+
* at `@better-auth/utils/password` uses `@noble/hashes/scrypt` with
|
|
222
|
+
* identical params (N=16384, r=16, p=1, dkLen=64) and emits the same
|
|
223
|
+
* `{salt}:{keyHex}` format, so existing hashes remain verifiable.
|
|
224
|
+
*
|
|
225
|
+
* Returns `undefined` outside WebContainer so production deployments keep
|
|
226
|
+
* the native (fast) hasher and never load the JS fallback.
|
|
227
|
+
*/
|
|
228
|
+
private resolvePasswordHasher;
|
|
215
229
|
/**
|
|
216
230
|
* Build the list of better-auth plugins based on AuthPluginConfig flags.
|
|
217
231
|
*
|
package/dist/index.d.ts
CHANGED
|
@@ -212,6 +212,20 @@ declare class AuthManager {
|
|
|
212
212
|
* Create a better-auth instance from configuration
|
|
213
213
|
*/
|
|
214
214
|
private createAuthInstance;
|
|
215
|
+
/**
|
|
216
|
+
* Detect WebContainer (StackBlitz) and swap in a pure-JS scrypt hasher.
|
|
217
|
+
*
|
|
218
|
+
* better-auth defaults to `@better-auth/utils/password.node`, which calls
|
|
219
|
+
* `node:crypto.scrypt`. WebContainer polyfills that API incompletely and
|
|
220
|
+
* signup throws `TypeError: y.run is not a function`. The pure-JS variant
|
|
221
|
+
* at `@better-auth/utils/password` uses `@noble/hashes/scrypt` with
|
|
222
|
+
* identical params (N=16384, r=16, p=1, dkLen=64) and emits the same
|
|
223
|
+
* `{salt}:{keyHex}` format, so existing hashes remain verifiable.
|
|
224
|
+
*
|
|
225
|
+
* Returns `undefined` outside WebContainer so production deployments keep
|
|
226
|
+
* the native (fast) hasher and never load the JS fallback.
|
|
227
|
+
*/
|
|
228
|
+
private resolvePasswordHasher;
|
|
215
229
|
/**
|
|
216
230
|
* Build the list of better-auth plugins based on AuthPluginConfig flags.
|
|
217
231
|
*
|
package/dist/index.js
CHANGED
|
@@ -547,6 +547,7 @@ var AuthManager = class {
|
|
|
547
547
|
async createAuthInstance() {
|
|
548
548
|
const { betterAuth } = await import("better-auth");
|
|
549
549
|
const plugins = await this.buildPluginList();
|
|
550
|
+
const passwordHasher = await this.resolvePasswordHasher();
|
|
550
551
|
const betterAuthConfig = {
|
|
551
552
|
// Base configuration
|
|
552
553
|
secret: this.config.secret || this.generateSecret(),
|
|
@@ -606,6 +607,7 @@ var AuthManager = class {
|
|
|
606
607
|
// Email and password configuration
|
|
607
608
|
emailAndPassword: {
|
|
608
609
|
enabled: this.config.emailAndPassword?.enabled ?? true,
|
|
610
|
+
...passwordHasher ? { password: passwordHasher } : {},
|
|
609
611
|
...this.config.emailAndPassword?.disableSignUp != null ? { disableSignUp: this.config.emailAndPassword.disableSignUp } : {},
|
|
610
612
|
...this.config.emailAndPassword?.requireEmailVerification != null ? { requireEmailVerification: this.config.emailAndPassword.requireEmailVerification } : {},
|
|
611
613
|
...this.config.emailAndPassword?.minPasswordLength != null ? { minPasswordLength: this.config.emailAndPassword.minPasswordLength } : {},
|
|
@@ -722,6 +724,35 @@ var AuthManager = class {
|
|
|
722
724
|
};
|
|
723
725
|
return betterAuth(betterAuthConfig);
|
|
724
726
|
}
|
|
727
|
+
/**
|
|
728
|
+
* Detect WebContainer (StackBlitz) and swap in a pure-JS scrypt hasher.
|
|
729
|
+
*
|
|
730
|
+
* better-auth defaults to `@better-auth/utils/password.node`, which calls
|
|
731
|
+
* `node:crypto.scrypt`. WebContainer polyfills that API incompletely and
|
|
732
|
+
* signup throws `TypeError: y.run is not a function`. The pure-JS variant
|
|
733
|
+
* at `@better-auth/utils/password` uses `@noble/hashes/scrypt` with
|
|
734
|
+
* identical params (N=16384, r=16, p=1, dkLen=64) and emits the same
|
|
735
|
+
* `{salt}:{keyHex}` format, so existing hashes remain verifiable.
|
|
736
|
+
*
|
|
737
|
+
* Returns `undefined` outside WebContainer so production deployments keep
|
|
738
|
+
* the native (fast) hasher and never load the JS fallback.
|
|
739
|
+
*/
|
|
740
|
+
async resolvePasswordHasher() {
|
|
741
|
+
const isWebContainer = typeof globalThis !== "undefined" && (Boolean(globalThis.process?.versions?.webcontainer) || Boolean(globalThis.process?.env?.SHELL?.includes?.("jsh")) || Boolean(globalThis.process?.env?.STACKBLITZ));
|
|
742
|
+
if (!isWebContainer) return void 0;
|
|
743
|
+
try {
|
|
744
|
+
const mod = await import("@better-auth/utils/password");
|
|
745
|
+
return {
|
|
746
|
+
hash: (password) => mod.hashPassword(password),
|
|
747
|
+
verify: ({ hash, password }) => mod.verifyPassword(hash, password)
|
|
748
|
+
};
|
|
749
|
+
} catch (err) {
|
|
750
|
+
console.warn(
|
|
751
|
+
`[AuthManager] WebContainer detected but pure-JS password hasher unavailable: ${err?.message ?? err}. Falling back to default.`
|
|
752
|
+
);
|
|
753
|
+
return void 0;
|
|
754
|
+
}
|
|
755
|
+
}
|
|
725
756
|
/**
|
|
726
757
|
* Build the list of better-auth plugins based on AuthPluginConfig flags.
|
|
727
758
|
*
|