@onmax/nuxt-better-auth 0.0.2-alpha.3 → 0.0.2-alpha.31

package/dist/runtime/app/components/BetterAuthState.vue

@@ -1,4 +1,5 @@
 <script setup>
+import { useUserSession } from "#imports";
 const { loggedIn, user, session, signOut, ready } = useUserSession();
 </script>
 

package/dist/runtime/app/composables/useAction.d.ts

@@ -0,0 +1,2 @@
+import type { UserAuthActionHandle } from '../internal/auth-action-handles.js';
+export declare function useAction<TArgs extends unknown[], TResult>(runner: (...args: TArgs) => Promise<TResult>): UserAuthActionHandle<TArgs, TResult>;

package/dist/runtime/app/composables/useAction.js

@@ -0,0 +1,6 @@
+import { createActionHandle } from "../internal/auth-action-handles.js";
+export function useAction(runner) {
+  if (typeof runner !== "function")
+    throw new TypeError("useAction(runner) requires an async function");
+  return createActionHandle(() => runner);
+}

package/dist/runtime/app/composables/useAuthAsyncData.d.ts

@@ -0,0 +1,6 @@
+import type { AsyncDataOptions } from '#app';
+import { useAuthRequestFetch } from './useAuthRequestFetch.js';
+export interface UseAuthAsyncDataOptions<T> extends Omit<AsyncDataOptions<T | null>, 'default'> {
+    requireAuth?: boolean;
+}
+export declare function useAuthAsyncData<T>(key: string, fetcher: (requestFetch: ReturnType<typeof useAuthRequestFetch>) => Promise<T>, options?: UseAuthAsyncDataOptions<T>): any;

package/dist/runtime/app/composables/useAuthAsyncData.js

@@ -0,0 +1,16 @@
+import { useAsyncData } from "#imports";
+import { useAuthRequestFetch } from "./useAuthRequestFetch.js";
+import { useUserSession } from "./useUserSession.js";
+export function useAuthAsyncData(key, fetcher, options = {}) {
+  const requestFetch = useAuthRequestFetch();
+  const { loggedIn } = useUserSession();
+  const { requireAuth = true, ...asyncDataOptions } = options;
+  return useAsyncData(key, async () => {
+    if (requireAuth && !loggedIn.value)
+      return null;
+    return await fetcher(requestFetch);
+  }, {
+    default: () => null,
+    ...asyncDataOptions
+  });
+}

package/dist/runtime/app/composables/useAuthClientAction.d.ts

@@ -0,0 +1,5 @@
+import type { UserAuthActionHandle } from '../internal/auth-action-handles.js';
+import type { UseUserSessionReturn } from './useUserSession.js';
+type AppAuthClient = NonNullable<UseUserSessionReturn['client']>;
+export declare function useAuthClientAction<TArgs extends unknown[], TResult>(select: (client: AppAuthClient) => (...args: TArgs) => Promise<TResult>): UserAuthActionHandle<TArgs, TResult>;
+export {};

package/dist/runtime/app/composables/useAuthClientAction.js

@@ -0,0 +1,15 @@
+import { useUserSession } from "#imports";
+import { useAction } from "./useAction.js";
+export function useAuthClientAction(select) {
+  if (typeof select !== "function")
+    throw new TypeError("useAuthClientAction(select) requires a selector function");
+  return useAction(async (...args) => {
+    const { client } = useUserSession();
+    if (!client)
+      throw new Error("Auth client is unavailable. This action can only run on client-side.");
+    const method = select(client);
+    if (typeof method !== "function")
+      throw new TypeError("useAuthClientAction(select) must resolve to a function");
+    return method(...args);
+  });
+}

package/dist/runtime/app/composables/useAuthRequestFetch.d.ts

@@ -0,0 +1,11 @@
+import type { AuthApiEndpointMethod, AuthApiEndpointPath, AuthApiEndpointResponse } from '#nuxt-better-auth';
+import type { NitroFetchOptions } from 'nitropack/types';
+import { useRequestFetch } from '#imports';
+type AuthRequestFetchExtractedMethod<Options> = Options extends undefined ? 'get' : Lowercase<Extract<Exclude<Options extends {
+    method?: infer Method;
+} ? Method : never, undefined>, string>> extends infer NormalizedMethod extends string ? NormalizedMethod : 'get';
+type AuthRequestFetchMethodFromOptions<Path extends AuthApiEndpointPath, Options> = NitroFetchOptions<Path> extends Options ? 'get' : AuthRequestFetchExtractedMethod<Options>;
+type AuthRequestFetchResolvedMethod<Path extends AuthApiEndpointPath, Options> = Extract<AuthRequestFetchMethodFromOptions<Path, Options>, AuthApiEndpointMethod<Path>> extends infer Method extends string ? Method : never;
+type AuthRequestFetch = <Path extends AuthApiEndpointPath, Options extends NitroFetchOptions<Path> = NitroFetchOptions<Path>>(request: Path, opts?: Options) => Promise<AuthApiEndpointResponse<Path, Extract<AuthRequestFetchResolvedMethod<Path, Options>, AuthApiEndpointMethod<Path>>>>;
+export declare function useAuthRequestFetch(): AuthRequestFetch & ReturnType<typeof useRequestFetch>;
+export {};

package/dist/runtime/app/composables/useAuthRequestFetch.js

@@ -0,0 +1,4 @@
+import { useRequestFetch } from "#imports";
+export function useAuthRequestFetch() {
+  return useRequestFetch();
+}

package/dist/runtime/app/composables/useSignIn.d.ts

@@ -0,0 +1,16 @@
+import type { AppAuthClient, AuthSocialProviderRegistry } from '#nuxt-better-auth';
+import type { ActionHandleFor } from '../internal/auth-action-handles.js';
+type SignIn = NonNullable<AppAuthClient>['signIn'];
+type AuthSocialProviderId = AuthSocialProviderRegistry extends {
+    ids: infer T;
+} ? Extract<T, string> : never;
+type TypedSocialMethod<Method> = Method extends (data: infer Data, ...rest: infer Rest) => Promise<infer Result> ? (data: Omit<Extract<Data, Record<string, unknown>>, 'provider'> & {
+    provider: AuthSocialProviderId;
+}, ...rest: Rest) => Promise<Result> : Method;
+type SignInWithTypedSocial = Omit<SignIn, 'social'> & (SignIn extends {
+    social: infer SocialMethod;
+} ? {
+    social: TypedSocialMethod<SocialMethod>;
+} : unknown);
+export declare function useSignIn<MethodKey extends keyof SignInWithTypedSocial>(method: MethodKey): ActionHandleFor<SignInWithTypedSocial[MethodKey]>;
+export {};

package/dist/runtime/app/composables/useSignIn.js

@@ -0,0 +1,8 @@
+import { useUserSession } from "#imports";
+import { createActionHandles } from "../internal/auth-action-handles.js";
+export function useSignIn(method) {
+  if (method === void 0 || method === null)
+    throw new TypeError("useSignIn(method) requires a sign-in method key");
+  const handles = createActionHandles(() => useUserSession().signIn, "signIn");
+  return handles[method];
+}

package/dist/runtime/app/composables/useSignUp.d.ts

@@ -0,0 +1,5 @@
+import type { AppAuthClient } from '#nuxt-better-auth';
+import type { ActionHandleFor } from '../internal/auth-action-handles.js';
+type SignUp = NonNullable<AppAuthClient>['signUp'];
+export declare function useSignUp<MethodKey extends keyof SignUp>(method: MethodKey): ActionHandleFor<SignUp[MethodKey]>;
+export {};

package/dist/runtime/app/composables/useSignUp.js

@@ -0,0 +1,8 @@
+import { useUserSession } from "#imports";
+import { createActionHandles } from "../internal/auth-action-handles.js";
+export function useSignUp(method) {
+  if (method === void 0 || method === null)
+    throw new TypeError("useSignUp(method) requires a sign-up method key");
+  const handles = createActionHandles(() => useUserSession().signUp, "signUp");
+  return handles[method];
+}

package/dist/runtime/app/composables/useUserSession.d.ts

@@ -1,20 +1,22 @@
-import type { AuthUser } from '#nuxt-better-auth';
+import type { AppAuthClient, AuthSession, AuthUser } from '#nuxt-better-auth';
+import type { ComputedRef, Ref } from 'vue';
 export interface SignOutOptions {
     onSuccess?: () => void | Promise<void>;
 }
-export declare function useUserSession(): {
-    client: any;
-    session: any;
-    user: any;
-    loggedIn: any;
-    ready: any;
-    signIn: any;
-    signUp: any;
-    signOut: (options?: SignOutOptions) => Promise<any>;
+export interface UseUserSessionReturn {
+    client: AppAuthClient | null;
+    session: Ref<AuthSession | null>;
+    user: Ref<AuthUser | null>;
+    loggedIn: ComputedRef<boolean>;
+    ready: ComputedRef<boolean>;
+    signIn: NonNullable<AppAuthClient>['signIn'];
+    signUp: NonNullable<AppAuthClient>['signUp'];
+    signOut: (options?: SignOutOptions) => Promise<void>;
     waitForSession: () => Promise<void>;
     fetchSession: (options?: {
         headers?: HeadersInit;
         force?: boolean;
     }) => Promise<void>;
-    updateUser: (updates: Partial<AuthUser>) => void;
-};
+    updateUser: (updates: Partial<AuthUser>) => Promise<void>;
+}
+export declare function useUserSession(): UseUserSessionReturn;

package/dist/runtime/app/composables/useUserSession.js

@@ -1,41 +1,152 @@
-import { createAppAuthClient } from "#auth/client";
-import { computed, nextTick, useRequestHeaders, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
+import createAppAuthClient from "#auth/client";
+import { computed, navigateTo, nextTick, useNuxtApp, useRequestURL, useRuntimeConfig, useState, watch } from "#imports";
+import { normalizeAuthActionError } from "../internal/auth-action-error.js";
+import { resolvePostAuthSuccessRedirect, withFallbackSocialCallbackURL } from "../internal/redirect-helpers.js";
+import { fetchSessionClient, fetchSessionServer, stripToken } from "../internal/session-fetch.js";
+import { isRecord } from "../internal/utils.js";
+import { wrapAuthMethod } from "../internal/wrap-auth-method.js";
+let _sessionSignalListenerBound = false;
+let _signOutPromise = null;
 let _client = null;
 function getClient(baseURL) {
   if (!_client)
     _client = createAppAuthClient(baseURL);
   return _client;
 }
+function getRuntimeFlags() {
+  const globalFlags = globalThis.__NUXT_BETTER_AUTH_TEST_FLAGS__;
+  if (globalFlags)
+    return globalFlags;
+  return { client: Boolean(import.meta.client), server: Boolean(import.meta.server) };
+}
+function ensureSessionSignalListener(client, onSignal) {
+  if (_sessionSignalListenerBound)
+    return;
+  const store = client.$store;
+  if (!isRecord(store))
+    return;
+  const listen = store.listen;
+  if (typeof listen !== "function")
+    return;
+  _sessionSignalListenerBound = true;
+  const listenFn = listen;
+  listenFn("$sessionSignal", async () => {
+    try {
+      await onSignal();
+    } catch {
+    }
+  });
+}
 export function useUserSession() {
+  const runtimeFlags = getRuntimeFlags();
   const runtimeConfig = useRuntimeConfig();
   const requestURL = useRequestURL();
-  const client = import.meta.client ? getClient(runtimeConfig.public.siteUrl || requestURL.origin) : null;
+  const nuxtApp = useNuxtApp();
+  const client = runtimeFlags.client ? getClient(runtimeConfig.public.siteUrl || requestURL.origin) : null;
   const session = useState("auth:session", () => null);
   const user = useState("auth:user", () => null);
   const authReady = useState("auth:ready", () => false);
+  const prerenderReadyResetQueued = useState("auth:prerender-ready-reset-queued", () => false);
+  const hydrationReconcileQueued = useState("auth:hydration-reconcile-queued", () => false);
   const ready = computed(() => authReady.value);
   const loggedIn = computed(() => Boolean(session.value && user.value));
+  const isPrerenderedPayload = computed(() => Boolean(nuxtApp.payload.prerenderedAt || nuxtApp.payload.isCached));
+  const isPrerenderHydrationEmptySnapshot = computed(() => {
+    if (!runtimeFlags.client)
+      return false;
+    if (!nuxtApp.isHydrating || !nuxtApp.payload.serverRendered || !isPrerenderedPayload.value)
+      return false;
+    return !session.value && !user.value;
+  });
+  const skipHydratedSsrGetSession = computed(() => {
+    const authConfig = runtimeConfig.public.auth;
+    return Boolean(authConfig?.session?.skipHydratedSsrGetSession);
+  });
+  const shouldSkipInitialClientSessionFetch = computed(() => {
+    if (!skipHydratedSsrGetSession.value)
+      return false;
+    if (!runtimeFlags.client)
+      return false;
+    if (!nuxtApp.payload.serverRendered)
+      return false;
+    if (isPrerenderedPayload.value)
+      return false;
+    return Boolean(session.value && user.value);
+  });
+  if (isPrerenderHydrationEmptySnapshot.value && authReady.value && !prerenderReadyResetQueued.value) {
+    prerenderReadyResetQueued.value = true;
+    nuxtApp.hook("app:suspense:resolve", () => {
+      try {
+        if (!session.value && !user.value && authReady.value)
+          authReady.value = false;
+      } finally {
+        prerenderReadyResetQueued.value = false;
+      }
+    });
+  }
+  if (shouldSkipInitialClientSessionFetch.value && !authReady.value)
+    authReady.value = true;
   function clearSession() {
     session.value = null;
     user.value = null;
   }
-  function updateUser(updates) {
-    if (user.value)
-      user.value = { ...user.value, ...updates };
+  async function fetchSession(options = {}) {
+    if (runtimeFlags.server)
+      return fetchSessionServer(session, user, authReady, options);
+    if (client)
+      return fetchSessionClient(client, session, user, authReady, options);
+  }
+  async function updateUser(updates) {
+    if (!user.value)
+      return;
+    const previousUser = user.value;
+    user.value = { ...user.value, ...updates };
+    if (!client)
+      return;
+    try {
+      const clientWithUpdateUser = client;
+      const result = await clientWithUpdateUser.updateUser(updates);
+      if (result?.error) {
+        if (result.error instanceof Error)
+          throw result.error;
+        const normalizedError = normalizeAuthActionError(result.error);
+        throw new Error(normalizedError.message);
+      }
+    } catch (error) {
+      user.value = previousUser;
+      if (!(error instanceof Error)) {
+        const normalizedError = normalizeAuthActionError(error);
+        throw new Error(normalizedError.message);
+      }
+      throw error;
+    }
   }
-  if (import.meta.client && client) {
+  if (runtimeFlags.client && client && !shouldSkipInitialClientSessionFetch.value) {
     const clientSession = client.useSession();
     watch(
       () => clientSession.value,
       (newSession) => {
+        const shouldWaitForPrerenderResolution = isPrerenderHydrationEmptySnapshot.value && !newSession?.data?.session && !newSession?.data?.user;
+        if (shouldWaitForPrerenderResolution)
+          return;
         if (newSession?.data?.session && newSession?.data?.user) {
-          const { token: _, ...safeSession } = newSession.data.session;
-          session.value = safeSession;
+          session.value = stripToken(newSession.data.session);
           user.value = newSession.data.user;
-        } else if (!newSession?.isPending) {
+        } else if (!newSession?.isPending && !newSession?.isRefetching) {
+          const isHydrationEmptySnapshot = nuxtApp.isHydrating && nuxtApp.payload.serverRendered && Boolean(session.value && user.value) && !newSession?.data?.session && !newSession?.data?.user;
+          if (isHydrationEmptySnapshot) {
+            if (!hydrationReconcileQueued.value) {
+              hydrationReconcileQueued.value = true;
+              nuxtApp.hook("app:mounted", async () => {
+                await fetchSession({ force: true });
+                hydrationReconcileQueued.value = false;
+              });
+            }
+            return;
+          }
           clearSession();
         }
-        if (!authReady.value && !newSession?.isPending)
+        if (!authReady.value && !newSession?.isPending && !newSession?.isRefetching)
           authReady.value = true;
       },
       { immediate: true, deep: true }
@@ -59,34 +170,28 @@ export function useUserSession() {
       }, 5e3);
     });
   }
-  function wrapOnSuccess(cb) {
-    return async (ctx) => {
-      await fetchSession({ force: true });
-      if (!loggedIn.value)
-        await waitForSession();
-      await nextTick();
-      await cb(ctx);
-    };
-  }
-  function wrapAuthMethod(method) {
-    return (async (...args) => {
-      const [data, options] = args;
-      if (data?.fetchOptions?.onSuccess) {
-        return method({ ...data, fetchOptions: { ...data.fetchOptions, onSuccess: wrapOnSuccess(data.fetchOptions.onSuccess) } }, options);
-      }
-      if (options?.onSuccess) {
-        return method(data, { ...options, onSuccess: wrapOnSuccess(options.onSuccess) });
-      }
-      return method(data, options);
-    });
-  }
+  const wrapDeps = {
+    fetchSession,
+    loggedIn,
+    waitForSession,
+    resolvePostAuthSuccessRedirect: () => resolvePostAuthSuccessRedirect(requestURL)
+  };
   const signIn = client?.signIn ? new Proxy(client.signIn, {
     get(target, prop) {
       const targetRecord = target;
       const method = targetRecord[prop];
       if (typeof method !== "function")
         return method;
-      return wrapAuthMethod((...args) => targetRecord[prop](...args));
+      const shouldSkipSessionSync = prop === "social" ? (data) => {
+        const socialData = isRecord(data) ? data : void 0;
+        return socialData?.disableRedirect !== true;
+      } : void 0;
+      const transformData = prop === "social" ? (data) => withFallbackSocialCallbackURL(data, requestURL) : void 0;
+      return wrapAuthMethod(
+        (...args) => targetRecord[prop](...args),
+        wrapDeps,
+        { shouldSkipSessionSync, transformData }
+      );
     }
   }) : new Proxy({}, {
     get: (_, prop) => {
@@ -99,50 +204,40 @@ export function useUserSession() {
       const method = targetRecord[prop];
       if (typeof method !== "function")
         return method;
-      return wrapAuthMethod((...args) => targetRecord[prop](...args));
+      return wrapAuthMethod((...args) => targetRecord[prop](...args), wrapDeps);
     }
   }) : new Proxy({}, {
     get: (_, prop) => {
       throw new Error(`signUp.${String(prop)}() can only be called on client-side`);
     }
   });
-  async function fetchSession(options = {}) {
-    if (import.meta.server) {
-      if (!authReady.value)
-        authReady.value = true;
-      return;
-    }
-    if (client) {
-      try {
-        const headers = options.headers || useRequestHeaders(["cookie"]);
-        const fetchOptions = headers ? { headers } : void 0;
-        const query = options.force ? { disableCookieCache: true } : void 0;
-        const result = await client.getSession({ query }, fetchOptions);
-        const data = result.data;
-        if (data?.session && data?.user) {
-          const { token: _, ...safeSession } = data.session;
-          session.value = safeSession;
-          user.value = data.user;
-        } else {
-          clearSession();
-        }
-      } catch (error) {
-        clearSession();
-        console.error("[nuxt-better-auth] Failed to fetch session:", error);
-      } finally {
-        if (!authReady.value)
-          authReady.value = true;
-      }
-    }
+  if (runtimeFlags.client && client && shouldSkipInitialClientSessionFetch.value) {
+    ensureSessionSignalListener(client, () => fetchSession({ force: true }));
   }
   async function signOut(options) {
     if (!client)
       throw new Error("signOut can only be called on client-side");
-    const response = await client.signOut();
-    clearSession();
-    if (options?.onSuccess)
-      await options.onSuccess();
-    return response;
+    if (_signOutPromise) {
+      await _signOutPromise;
+      return;
+    }
+    _signOutPromise = (async () => {
+      await client.signOut();
+      clearSession();
+      if (options?.onSuccess) {
+        await options.onSuccess();
+        return;
+      }
+      const authConfig = runtimeConfig.public.auth;
+      const logoutRedirect = authConfig?.redirects?.logout;
+      if (logoutRedirect) {
+        await nextTick();
+        await navigateTo(logoutRedirect);
+      }
+    })().finally(() => {
+      _signOutPromise = null;
+    });
+    await _signOutPromise;
   }
   return {
     client,

package/dist/runtime/app/internal/auth-action-error.d.ts

@@ -0,0 +1,3 @@
+import type { AuthActionError } from '../../types.js';
+export declare const DEFAULT_AUTH_ACTION_ERROR_MESSAGE = "Request failed. Please try again.";
+export declare function normalizeAuthActionError(error: unknown): AuthActionError;

package/dist/runtime/app/internal/auth-action-error.js

@@ -0,0 +1,33 @@
+import { isRecord } from "./utils.js";
+export const DEFAULT_AUTH_ACTION_ERROR_MESSAGE = "Request failed. Please try again.";
+function getMessage(value) {
+  if (value instanceof Error)
+    return value.message;
+  if (typeof value === "string")
+    return value;
+  if (isRecord(value) && typeof value.message === "string")
+    return value.message;
+  return DEFAULT_AUTH_ACTION_ERROR_MESSAGE;
+}
+function getCode(value) {
+  if (!isRecord(value))
+    return void 0;
+  return typeof value.code === "string" ? value.code : void 0;
+}
+function getStatus(value) {
+  if (!isRecord(value))
+    return void 0;
+  if (typeof value.status === "number")
+    return value.status;
+  if (typeof value.statusCode === "number")
+    return value.statusCode;
+  return void 0;
+}
+export function normalizeAuthActionError(error) {
+  return {
+    message: getMessage(error),
+    code: getCode(error),
+    status: getStatus(error),
+    raw: error
+  };
+}

package/dist/runtime/app/internal/auth-action-handles.d.ts

@@ -0,0 +1,18 @@
+import type { Ref } from 'vue';
+import type { AuthActionError } from '../../types.js';
+export type UserAuthActionStatus = 'idle' | 'pending' | 'success' | 'error';
+export interface UserAuthActionHandle<TArgs extends unknown[], TResult> {
+    execute: (...args: TArgs) => Promise<void>;
+    status: Ref<UserAuthActionStatus>;
+    data: Ref<TResult | null>;
+    error: Ref<AuthActionError | null>;
+}
+export interface CreateActionHandleOptions {
+    keepPendingOnRedirect?: boolean;
+}
+export type ActionHandleFor<T> = T extends (...args: infer A) => Promise<infer R> ? UserAuthActionHandle<A, R> : never;
+export type ActionHandleMap<T> = {
+    [K in keyof T]: ActionHandleFor<T[K]>;
+};
+export declare function createActionHandle<TArgs extends unknown[], TResult>(getMethod: () => (...args: TArgs) => Promise<TResult>, options?: CreateActionHandleOptions): UserAuthActionHandle<TArgs, TResult>;
+export declare function createActionHandles<T extends object>(getTarget: () => T, targetName: string): ActionHandleMap<T>;

package/dist/runtime/app/internal/auth-action-handles.js

@@ -0,0 +1,105 @@
+import { ref } from "#imports";
+import { normalizeAuthActionError } from "./auth-action-error.js";
+import { isRecord } from "./utils.js";
+function isErrorResult(value) {
+  if (!isRecord(value))
+    return false;
+  if (!("error" in value))
+    return false;
+  return Boolean(value.error);
+}
+function isRedirectResult(value) {
+  if (!isRecord(value))
+    return false;
+  return value.redirect === true && typeof value.url === "string" && value.url.length > 0;
+}
+function getRedirectResult(value) {
+  if (isRedirectResult(value))
+    return value;
+  if (!isRecord(value))
+    return null;
+  const nested = value.data;
+  if (isRedirectResult(nested))
+    return nested;
+  return null;
+}
+const REDIRECT_PENDING_FALLBACK_MS = 1e4;
+export function createActionHandle(getMethod, options = {}) {
+  const status = ref("idle");
+  const data = ref(null);
+  const error = ref(null);
+  let latestCallId = 0;
+  const run = async (...args) => {
+    const callId = ++latestCallId;
+    status.value = "pending";
+    data.value = null;
+    error.value = null;
+    try {
+      const result = await getMethod()(...args);
+      if (isErrorResult(result)) {
+        const normalizedError = normalizeAuthActionError(result.error);
+        if (callId === latestCallId) {
+          status.value = "error";
+          data.value = null;
+          error.value = normalizedError;
+        }
+        return;
+      }
+      if (callId === latestCallId) {
+        if (options.keepPendingOnRedirect !== false) {
+          const redirectResult = getRedirectResult(result);
+          if (redirectResult) {
+            status.value = "pending";
+            data.value = result;
+            error.value = null;
+            setTimeout(() => {
+              if (callId !== latestCallId || status.value !== "pending")
+                return;
+              status.value = "success";
+            }, REDIRECT_PENDING_FALLBACK_MS);
+            return;
+          }
+        }
+        status.value = "success";
+        data.value = result;
+        error.value = null;
+      }
+    } catch (thrown) {
+      const normalizedError = normalizeAuthActionError(thrown);
+      if (callId === latestCallId) {
+        status.value = "error";
+        data.value = null;
+        error.value = normalizedError;
+      }
+    }
+  };
+  const execute = (async (...args) => {
+    await run(...args);
+  });
+  return {
+    execute,
+    status,
+    data,
+    error
+  };
+}
+export function createActionHandles(getTarget, targetName) {
+  const handles = /* @__PURE__ */ new Map();
+  return new Proxy({}, {
+    get(_target, prop) {
+      if (prop === "then")
+        return void 0;
+      if (handles.has(prop))
+        return handles.get(prop);
+      const handle = createActionHandle(() => {
+        const target = getTarget();
+        const method = target[prop];
+        if (typeof method !== "function")
+          throw new TypeError(`${targetName}.${String(prop)}() is not a function`);
+        return method;
+      });
+      handles.set(prop, handle);
+      return handle;
+    }
+  });
+}

package/dist/runtime/app/internal/redirect-helpers.d.ts

@@ -0,0 +1,4 @@
+export declare function isSafeLocalRedirect(redirect: unknown): string | undefined;
+export declare function resolvePostAuthRedirect(requestURL: URL): string | undefined;
+export declare function resolvePostAuthSuccessRedirect(requestURL: URL): (() => Promise<void>) | undefined;
+export declare function withFallbackSocialCallbackURL(data: unknown, requestURL: URL): unknown;

package/dist/runtime/app/internal/redirect-helpers.js

@@ -0,0 +1,37 @@
+import { navigateTo, useRuntimeConfig } from "#imports";
+import { isRecord } from "./utils.js";
+export function isSafeLocalRedirect(redirect) {
+  if (typeof redirect !== "string")
+    return;
+  if (!redirect.startsWith("/") || redirect.startsWith("//"))
+    return;
+  return redirect;
+}
+export function resolvePostAuthRedirect(requestURL) {
+  const runtimeConfig = useRuntimeConfig();
+  const authConfig = runtimeConfig.public.auth;
+  const redirectQueryKey = authConfig?.redirectQueryKey ?? "redirect";
+  const queryRedirect = requestURL.searchParams?.get(redirectQueryKey);
+  const safeQueryRedirect = isSafeLocalRedirect(queryRedirect);
+  if (safeQueryRedirect)
+    return safeQueryRedirect;
+  return isSafeLocalRedirect(authConfig?.redirects?.authenticated);
+}
+export function resolvePostAuthSuccessRedirect(requestURL) {
+  const target = resolvePostAuthRedirect(requestURL);
+  if (!target)
+    return;
+  return async () => {
+    await navigateTo(target);
+  };
+}
+export function withFallbackSocialCallbackURL(data, requestURL) {
+  const callbackURL = resolvePostAuthRedirect(requestURL);
+  if (!callbackURL)
+    return data;
+  if (!isRecord(data))
+    return { callbackURL };
+  if (typeof data.callbackURL === "string")
+    return data;
+  return { ...data, callbackURL };
+}