@opensaas/stack-auth 0.1.0

package/dist/config/types.d.ts

@@ -0,0 +1,160 @@
+import type { ExtendUserListConfig } from '../lists/index.js';
+/**
+ * OAuth provider configuration
+ */
+export type OAuthProvider = {
+    clientId: string;
+    clientSecret: string;
+    enabled?: boolean;
+};
+/**
+ * Social provider configurations
+ */
+export type SocialProvidersConfig = {
+    github?: OAuthProvider;
+    google?: OAuthProvider;
+    discord?: OAuthProvider;
+    twitter?: OAuthProvider;
+    [key: string]: OAuthProvider | undefined;
+};
+/**
+ * Email and password configuration
+ */
+export type EmailPasswordConfig = {
+    enabled: boolean;
+    /**
+     * Minimum password length
+     * @default 8
+     */
+    minPasswordLength?: number;
+    /**
+     * Require password confirmation
+     * @default true
+     */
+    requireConfirmation?: boolean;
+};
+/**
+ * Email verification configuration
+ */
+export type EmailVerificationConfig = {
+    enabled: boolean;
+    /**
+     * Send verification email on sign up
+     * @default true
+     */
+    sendOnSignUp?: boolean;
+    /**
+     * Token expiration in seconds
+     * @default 86400 (24 hours)
+     */
+    tokenExpiration?: number;
+};
+/**
+ * Password reset configuration
+ */
+export type PasswordResetConfig = {
+    enabled: boolean;
+    /**
+     * Token expiration in seconds
+     * @default 3600 (1 hour)
+     */
+    tokenExpiration?: number;
+};
+/**
+ * Session configuration
+ */
+export type SessionConfig = {
+    /**
+     * Session expiration in seconds
+     * @default 604800 (7 days)
+     */
+    expiresIn?: number;
+    /**
+     * Update session expiration on each request
+     * @default true
+     */
+    updateAge?: boolean;
+};
+/**
+ * Auth configuration options
+ */
+export type AuthConfig = {
+    /**
+     * Email and password authentication
+     */
+    emailAndPassword?: EmailPasswordConfig | {
+        enabled: true;
+    };
+    /**
+     * Email verification
+     */
+    emailVerification?: EmailVerificationConfig | {
+        enabled: true;
+    };
+    /**
+     * Password reset
+     */
+    passwordReset?: PasswordResetConfig | {
+        enabled: true;
+    };
+    /**
+     * OAuth/social providers
+     */
+    socialProviders?: SocialProvidersConfig;
+    /**
+     * Session configuration
+     */
+    session?: SessionConfig;
+    /**
+     * Which fields to include in the session object
+     * This determines what data is available in access control functions
+     * @default ['userId', 'email', 'name']
+     *
+     * @example
+     * ```typescript
+     * sessionFields: ['userId', 'email', 'name', 'role']
+     * // session will be: { userId: string, email: string, name: string, role: string }
+     * ```
+     */
+    sessionFields?: string[];
+    /**
+     * Extend the auto-generated User list with custom fields
+     *
+     * @example
+     * ```typescript
+     * extendUserList: {
+     *   fields: {
+     *     role: text({ defaultValue: 'user' }),
+     *     company: text(),
+     *   }
+     * }
+     * ```
+     */
+    extendUserList?: ExtendUserListConfig;
+    /**
+     * Custom email sending function for verification and password reset
+     * If not provided, emails will be logged to console
+     *
+     * @example
+     * ```typescript
+     * sendEmail: async ({ to, subject, html }) => {
+     *   await resend.emails.send({ to, subject, html })
+     * }
+     * ```
+     */
+    sendEmail?: (params: {
+        to: string;
+        subject: string;
+        html: string;
+    }) => Promise<void>;
+};
+/**
+ * Internal normalized auth configuration
+ * Used after parsing user config
+ */
+export type NormalizedAuthConfig = Required<Omit<AuthConfig, 'emailAndPassword' | 'emailVerification' | 'passwordReset'>> & {
+    emailAndPassword: Required<EmailPasswordConfig>;
+    emailVerification: Required<EmailVerificationConfig>;
+    passwordReset: Required<PasswordResetConfig>;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/config/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAE7D;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,CAAC,EAAE,aAAa,CAAA;IACtB,MAAM,CAAC,EAAE,aAAa,CAAA;IACtB,OAAO,CAAC,EAAE,aAAa,CAAA;IACvB,OAAO,CAAC,EAAE,aAAa,CAAA;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAAA;CACzC,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAChB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,OAAO,EAAE,OAAO,CAAA;IAChB;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,OAAO,CAAA;IAChB;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB;;OAEG;IACH,gBAAgB,CAAC,EAAE,mBAAmB,GAAG;QAAE,OAAO,EAAE,IAAI,CAAA;KAAE,CAAA;IAE1D;;OAEG;IACH,iBAAiB,CAAC,EAAE,uBAAuB,GAAG;QAAE,OAAO,EAAE,IAAI,CAAA;KAAE,CAAA;IAE/D;;OAEG;IACH,aAAa,CAAC,EAAE,mBAAmB,GAAG;QAAE,OAAO,EAAE,IAAI,CAAA;KAAE,CAAA;IAEvD;;OAEG;IACH,eAAe,CAAC,EAAE,qBAAqB,CAAA;IAEvC;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAA;IAEvB;;;;;;;;;;OAUG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IAExB;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,EAAE,oBAAoB,CAAA;IAErC;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CACrF,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,oBAAoB,GAAG,QAAQ,CACzC,IAAI,CAAC,UAAU,EAAE,kBAAkB,GAAG,mBAAmB,GAAG,eAAe,CAAC,CAC7E,GAAG;IACF,gBAAgB,EAAE,QAAQ,CAAC,mBAAmB,CAAC,CAAA;IAC/C,iBAAiB,EAAE,QAAQ,CAAC,uBAAuB,CAAC,CAAA;IACpD,aAAa,EAAE,QAAQ,CAAC,mBAAmB,CAAC,CAAA;CAC7C,CAAA"}

package/dist/config/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/config/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":""}

package/dist/index.d.ts

@@ -0,0 +1,35 @@
+/**
+ * @opensaas/stack-auth
+ *
+ * Better-auth integration for OpenSaas Stack
+ *
+ * This package provides:
+ * - Auto-generated User, Session, Account, Verification lists
+ * - Session integration with OpenSaas access control
+ * - Pre-built auth UI components (SignIn, SignUp, ForgotPassword)
+ * - Easy configuration with withAuth() wrapper
+ *
+ * @example
+ * ```typescript
+ * // opensaas.config.ts
+ * import { config } from '@opensaas/stack-core'
+ * import { withAuth, authConfig } from '@opensaas/stack-auth'
+ *
+ * export default withAuth(
+ *   config({
+ *     db: { provider: 'sqlite', url: 'file:./dev.db' },
+ *     lists: { ... }
+ *   }),
+ *   authConfig({
+ *     emailAndPassword: { enabled: true },
+ *     emailVerification: { enabled: true },
+ *   })
+ * )
+ * ```
+ */
+export { withAuth, authConfig, normalizeAuthConfig } from './config/index.js';
+export type { AuthConfig, NormalizedAuthConfig } from './config/index.js';
+export type * from './config/types.js';
+export { getAuthLists, createUserList, createSessionList, createAccountList, createVerificationList, } from './lists/index.js';
+export type { ExtendUserListConfig } from './lists/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAGH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAC7E,YAAY,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AACzE,mBAAmB,mBAAmB,CAAA;AAGtC,OAAO,EACL,YAAY,EACZ,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,kBAAkB,CAAA;AACzB,YAAY,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAA"}

package/dist/index.js

@@ -0,0 +1,34 @@
+/**
+ * @opensaas/stack-auth
+ *
+ * Better-auth integration for OpenSaas Stack
+ *
+ * This package provides:
+ * - Auto-generated User, Session, Account, Verification lists
+ * - Session integration with OpenSaas access control
+ * - Pre-built auth UI components (SignIn, SignUp, ForgotPassword)
+ * - Easy configuration with withAuth() wrapper
+ *
+ * @example
+ * ```typescript
+ * // opensaas.config.ts
+ * import { config } from '@opensaas/stack-core'
+ * import { withAuth, authConfig } from '@opensaas/stack-auth'
+ *
+ * export default withAuth(
+ *   config({
+ *     db: { provider: 'sqlite', url: 'file:./dev.db' },
+ *     lists: { ... }
+ *   }),
+ *   authConfig({
+ *     emailAndPassword: { enabled: true },
+ *     emailVerification: { enabled: true },
+ *   })
+ * )
+ * ```
+ */
+// Config exports
+export { withAuth, authConfig, normalizeAuthConfig } from './config/index.js';
+// List generators (for advanced use cases)
+export { getAuthLists, createUserList, createSessionList, createAccountList, createVerificationList, } from './lists/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,iBAAiB;AACjB,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAI7E,2CAA2C;AAC3C,OAAO,EACL,YAAY,EACZ,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,kBAAkB,CAAA"}

package/dist/lists/index.d.ts

@@ -0,0 +1,46 @@
+import type { ListConfig, FieldConfig } from '@opensaas/stack-core';
+/**
+ * Configuration for extending the auto-generated User list
+ */
+export type ExtendUserListConfig = {
+    /**
+     * Additional fields to add to the User list
+     * You can add custom fields beyond the basic better-auth fields
+     */
+    fields?: Record<string, FieldConfig>;
+    /**
+     * Access control for the User list
+     * If not provided, defaults to basic access control (users can update their own records)
+     */
+    access?: ListConfig['access'];
+    /**
+     * Hooks for the User list
+     */
+    hooks?: ListConfig['hooks'];
+};
+/**
+ * Create the base User list with better-auth required fields
+ * This matches the better-auth user schema
+ */
+export declare function createUserList(config?: ExtendUserListConfig): ListConfig;
+/**
+ * Create the Session list for better-auth
+ * Stores active user sessions
+ */
+export declare function createSessionList(): ListConfig;
+/**
+ * Create the Account list for better-auth
+ * Stores OAuth provider accounts and credentials
+ */
+export declare function createAccountList(): ListConfig;
+/**
+ * Create the Verification list for better-auth
+ * Stores email verification tokens, password reset tokens, etc.
+ */
+export declare function createVerificationList(): ListConfig;
+/**
+ * Get all auth lists required by better-auth
+ * This is the main export used by withAuth()
+ */
+export declare function getAuthLists(userConfig?: ExtendUserListConfig): Record<string, ListConfig>;
+//# sourceMappingURL=index.d.ts.map

package/dist/lists/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lists/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAEnE;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IACpC;;;OAGG;IACH,MAAM,CAAC,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAA;IAC7B;;OAEG;IACH,KAAK,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,CAAA;CAC5B,CAAA;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,CAAC,EAAE,oBAAoB,GAAG,UAAU,CAqDxE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,UAAU,CA+C9C;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,UAAU,CA0D9C;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,UAAU,CA2BnD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,UAAU,CAAC,EAAE,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAO1F"}

package/dist/lists/index.js

@@ -0,0 +1,227 @@
+import { list } from '@opensaas/stack-core';
+import { text, timestamp, checkbox, relationship } from '@opensaas/stack-core/fields';
+/**
+ * Create the base User list with better-auth required fields
+ * This matches the better-auth user schema
+ */
+export function createUserList(config) {
+    return list({
+        fields: {
+            // Better-auth required fields
+            name: text({
+                validation: { isRequired: true },
+            }),
+            email: text({
+                validation: { isRequired: true },
+                isIndexed: 'unique',
+            }),
+            emailVerified: checkbox({
+                defaultValue: false,
+            }),
+            image: text(),
+            // Relationships to other auth tables
+            sessions: relationship({
+                ref: 'Session.user',
+                many: true,
+            }),
+            accounts: relationship({
+                ref: 'Account.user',
+                many: true,
+            }),
+            // Custom fields from user config
+            ...(config?.fields || {}),
+        },
+        access: config?.access || {
+            operation: {
+                // Anyone can query users (for displaying names, etc.)
+                query: () => true,
+                // Anyone can create a user (sign up)
+                create: () => true,
+                // Only update your own user record
+                update: ({ session, item }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    const itemId = item?.id;
+                    return userId === itemId;
+                },
+                // Only delete your own user record
+                delete: ({ session, item }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    const itemId = item?.id;
+                    return userId === itemId;
+                },
+            },
+        },
+        hooks: config?.hooks,
+    });
+}
+/**
+ * Create the Session list for better-auth
+ * Stores active user sessions
+ */
+export function createSessionList() {
+    return list({
+        fields: {
+            // Session token (stored in cookie, used as primary key)
+            token: text({
+                validation: { isRequired: true },
+                isIndexed: 'unique',
+            }),
+            // Expiration timestamp
+            expiresAt: timestamp(),
+            // Optional: IP address for security
+            ipAddress: text(),
+            // Optional: User agent for security
+            userAgent: text(),
+            // Relationship to user (userId will be auto-generated)
+            user: relationship({
+                ref: 'User.sessions',
+            }),
+        },
+        access: {
+            operation: {
+                // Only the session owner can query their sessions
+                query: ({ session }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    if (!userId)
+                        return false;
+                    // Return Prisma filter for nested relationship
+                    return {
+                        user: {
+                            id: { equals: userId },
+                        },
+                    };
+                },
+                // Better-auth handles session creation
+                create: () => true,
+                // No manual updates
+                update: () => false,
+                // Better-auth handles session deletion (logout)
+                delete: ({ session, item }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    const itemUserId = item?.user?.id;
+                    return userId === itemUserId;
+                },
+            },
+        },
+    });
+}
+/**
+ * Create the Account list for better-auth
+ * Stores OAuth provider accounts and credentials
+ */
+export function createAccountList() {
+    return list({
+        fields: {
+            // Account identifier from provider
+            accountId: text({
+                validation: { isRequired: true },
+            }),
+            // Provider identifier (e.g., 'github', 'google', 'credentials')
+            providerId: text({
+                validation: { isRequired: true },
+            }),
+            // Relationship to user (userId will be auto-generated)
+            user: relationship({
+                ref: 'User.accounts',
+            }),
+            // OAuth tokens
+            accessToken: text(),
+            refreshToken: text(),
+            accessTokenExpiresAt: timestamp(),
+            refreshTokenExpiresAt: timestamp(),
+            scope: text(),
+            idToken: text(),
+            // Password hash for credential provider (better-auth stores in account table)
+            password: text(),
+        },
+        access: {
+            operation: {
+                // Only the account owner can query their accounts
+                query: ({ session }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    if (!userId)
+                        return false;
+                    // Return Prisma filter for nested relationship
+                    return {
+                        user: {
+                            id: { equals: userId },
+                        },
+                    };
+                },
+                // Better-auth handles account creation
+                create: () => true,
+                // Better-auth handles account updates (token refresh)
+                update: ({ session, item }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    const itemUserId = item?.user?.id;
+                    return userId === itemUserId;
+                },
+                // Account owner can delete their accounts
+                delete: ({ session, item }) => {
+                    if (!session)
+                        return false;
+                    const userId = session.userId;
+                    const itemUserId = item?.user?.id;
+                    return userId === itemUserId;
+                },
+            },
+        },
+    });
+}
+/**
+ * Create the Verification list for better-auth
+ * Stores email verification tokens, password reset tokens, etc.
+ */
+export function createVerificationList() {
+    return list({
+        fields: {
+            // Identifier (e.g., email address)
+            identifier: text({
+                validation: { isRequired: true },
+            }),
+            // Token value
+            value: text({
+                validation: { isRequired: true },
+            }),
+            // Expiration timestamp
+            expiresAt: timestamp(),
+        },
+        access: {
+            operation: {
+                // No public querying (better-auth handles verification internally)
+                query: () => false,
+                // Better-auth creates verification tokens
+                create: () => true,
+                // No updates
+                update: () => false,
+                // Better-auth deletes used/expired tokens
+                delete: () => true,
+            },
+        },
+    });
+}
+/**
+ * Get all auth lists required by better-auth
+ * This is the main export used by withAuth()
+ */
+export function getAuthLists(userConfig) {
+    return {
+        User: createUserList(userConfig),
+        Session: createSessionList(),
+        Account: createAccountList(),
+        Verification: createVerificationList(),
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/lists/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/lists/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAA;AAC3C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAuBrF;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAA6B;IAC1D,OAAO,IAAI,CAAC;QACV,MAAM,EAAE;YACN,8BAA8B;YAC9B,IAAI,EAAE,IAAI,CAAC;gBACT,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aACjC,CAAC;YACF,KAAK,EAAE,IAAI,CAAC;gBACV,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;gBAChC,SAAS,EAAE,QAAQ;aACpB,CAAC;YACF,aAAa,EAAE,QAAQ,CAAC;gBACtB,YAAY,EAAE,KAAK;aACpB,CAAC;YACF,KAAK,EAAE,IAAI,EAAE;YAEb,qCAAqC;YACrC,QAAQ,EAAE,YAAY,CAAC;gBACrB,GAAG,EAAE,cAAc;gBACnB,IAAI,EAAE,IAAI;aACX,CAAC;YACF,QAAQ,EAAE,YAAY,CAAC;gBACrB,GAAG,EAAE,cAAc;gBACnB,IAAI,EAAE,IAAI;aACX,CAAC;YAEF,iCAAiC;YACjC,GAAG,CAAC,MAAM,EAAE,MAAM,IAAI,EAAE,CAAC;SAC1B;QACD,MAAM,EAAE,MAAM,EAAE,MAAM,IAAI;YACxB,SAAS,EAAE;gBACT,sDAAsD;gBACtD,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI;gBACjB,qCAAqC;gBACrC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;gBAClB,mCAAmC;gBACnC,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE;oBAC5B,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,MAAM,MAAM,GAAI,IAAwB,EAAE,EAAE,CAAA;oBAC5C,OAAO,MAAM,KAAK,MAAM,CAAA;gBAC1B,CAAC;gBACD,mCAAmC;gBACnC,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE;oBAC5B,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,MAAM,MAAM,GAAI,IAAwB,EAAE,EAAE,CAAA;oBAC5C,OAAO,MAAM,KAAK,MAAM,CAAA;gBAC1B,CAAC;aACF;SACF;QACD,KAAK,EAAE,MAAM,EAAE,KAAK;KACrB,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,CAAC;QACV,MAAM,EAAE;YACN,wDAAwD;YACxD,KAAK,EAAE,IAAI,CAAC;gBACV,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;gBAChC,SAAS,EAAE,QAAQ;aACpB,CAAC;YACF,uBAAuB;YACvB,SAAS,EAAE,SAAS,EAAE;YACtB,oCAAoC;YACpC,SAAS,EAAE,IAAI,EAAE;YACjB,oCAAoC;YACpC,SAAS,EAAE,IAAI,EAAE;YACjB,uDAAuD;YACvD,IAAI,EAAE,YAAY,CAAC;gBACjB,GAAG,EAAE,eAAe;aACrB,CAAC;SACH;QACD,MAAM,EAAE;YACN,SAAS,EAAE;gBACT,kDAAkD;gBAClD,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE;oBACrB,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,IAAI,CAAC,MAAM;wBAAE,OAAO,KAAK,CAAA;oBACzB,+CAA+C;oBAC/C,OAAO;wBACL,IAAI,EAAE;4BACJ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;yBACvB;qBACyB,CAAA;gBAC9B,CAAC;gBACD,uCAAuC;gBACvC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;gBAClB,oBAAoB;gBACpB,MAAM,EAAE,GAAG,EAAE,CAAC,KAAK;gBACnB,gDAAgD;gBAChD,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE;oBAC5B,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,MAAM,UAAU,GAAI,IAAmC,EAAE,IAAI,EAAE,EAAE,CAAA;oBACjE,OAAO,MAAM,KAAK,UAAU,CAAA;gBAC9B,CAAC;aACF;SACF;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,CAAC;QACV,MAAM,EAAE;YACN,mCAAmC;YACnC,SAAS,EAAE,IAAI,CAAC;gBACd,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aACjC,CAAC;YACF,gEAAgE;YAChE,UAAU,EAAE,IAAI,CAAC;gBACf,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aACjC,CAAC;YACF,uDAAuD;YACvD,IAAI,EAAE,YAAY,CAAC;gBACjB,GAAG,EAAE,eAAe;aACrB,CAAC;YACF,eAAe;YACf,WAAW,EAAE,IAAI,EAAE;YACnB,YAAY,EAAE,IAAI,EAAE;YACpB,oBAAoB,EAAE,SAAS,EAAE;YACjC,qBAAqB,EAAE,SAAS,EAAE;YAClC,KAAK,EAAE,IAAI,EAAE;YACb,OAAO,EAAE,IAAI,EAAE;YACf,8EAA8E;YAC9E,QAAQ,EAAE,IAAI,EAAE;SACjB;QACD,MAAM,EAAE;YACN,SAAS,EAAE;gBACT,kDAAkD;gBAClD,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE;oBACrB,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,IAAI,CAAC,MAAM;wBAAE,OAAO,KAAK,CAAA;oBACzB,+CAA+C;oBAC/C,OAAO;wBACL,IAAI,EAAE;4BACJ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;yBACvB;qBACyB,CAAA;gBAC9B,CAAC;gBACD,uCAAuC;gBACvC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;gBAClB,sDAAsD;gBACtD,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE;oBAC5B,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,MAAM,UAAU,GAAI,IAAmC,EAAE,IAAI,EAAE,EAAE,CAAA;oBACjE,OAAO,MAAM,KAAK,UAAU,CAAA;gBAC9B,CAAC;gBACD,0CAA0C;gBAC1C,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE;oBAC5B,IAAI,CAAC,OAAO;wBAAE,OAAO,KAAK,CAAA;oBAC1B,MAAM,MAAM,GAAI,OAA+B,CAAC,MAAM,CAAA;oBACtD,MAAM,UAAU,GAAI,IAAmC,EAAE,IAAI,EAAE,EAAE,CAAA;oBACjE,OAAO,MAAM,KAAK,UAAU,CAAA;gBAC9B,CAAC;aACF;SACF;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,IAAI,CAAC;QACV,MAAM,EAAE;YACN,mCAAmC;YACnC,UAAU,EAAE,IAAI,CAAC;gBACf,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aACjC,CAAC;YACF,cAAc;YACd,KAAK,EAAE,IAAI,CAAC;gBACV,UAAU,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aACjC,CAAC;YACF,uBAAuB;YACvB,SAAS,EAAE,SAAS,EAAE;SACvB;QACD,MAAM,EAAE;YACN,SAAS,EAAE;gBACT,mEAAmE;gBACnE,KAAK,EAAE,GAAG,EAAE,CAAC,KAAK;gBAClB,0CAA0C;gBAC1C,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;gBAClB,aAAa;gBACb,MAAM,EAAE,GAAG,EAAE,CAAC,KAAK;gBACnB,0CAA0C;gBAC1C,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI;aACnB;SACF;KACF,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,UAAiC;IAC5D,OAAO;QACL,IAAI,EAAE,cAAc,CAAC,UAAU,CAAC;QAChC,OAAO,EAAE,iBAAiB,EAAE;QAC5B,OAAO,EAAE,iBAAiB,EAAE;QAC5B,YAAY,EAAE,sBAAsB,EAAE;KACvC,CAAA;AACH,CAAC"}

package/dist/server/index.d.ts

@@ -0,0 +1,27 @@
+import { betterAuth } from 'better-auth';
+import type { BetterAuthOptions } from 'better-auth';
+import type { OpenSaasConfig, AccessContext } from '@opensaas/stack-core';
+import type { NormalizedAuthConfig } from '../config/types.js';
+/**
+ * Create a better-auth instance from OpenSaas config
+ * This should be called once at app startup
+ *
+ * @example
+ * ```typescript
+ * // lib/auth.ts
+ * import { createAuth } from '@opensaas/stack-auth/server'
+ * import config from '../opensaas.config'
+ *
+ * export const auth = createAuth(config)
+ * ```
+ */
+export declare function createAuth(opensaasConfig: OpenSaasConfig & {
+    __authConfig?: NormalizedAuthConfig;
+}, context: AccessContext): import("better-auth").Auth<BetterAuthOptions>;
+/**
+ * Get session from better-auth and transform it to OpenSaas session format
+ * This is used internally by the generated context
+ */
+export declare function getSessionFromAuth(auth: ReturnType<typeof betterAuth>, sessionFields: string[]): Promise<Record<string, unknown> | null>;
+export type { BetterAuthOptions };
+//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,KAAK,EAAE,cAAc,EAAkB,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACzF,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AAc9D;;;;;;;;;;;;GAYG;AACH,wBAAgB,UAAU,CACxB,cAAc,EAAE,cAAc,GAAG;IAAE,YAAY,CAAC,EAAE,oBAAoB,CAAA;CAAE,EACxE,OAAO,EAAE,aAAa,iDAkDvB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAAC,EACnC,aAAa,EAAE,MAAM,EAAE,2CA0BxB;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA"}

package/dist/server/index.js

@@ -0,0 +1,90 @@
+import { betterAuth } from 'better-auth';
+import { prismaAdapter } from 'better-auth/adapters/prisma';
+/**
+ * Get better-auth database configuration from OpenSaas config
+ */
+function getDatabaseConfig(dbConfig, context) {
+    return prismaAdapter(context.prisma, {
+        provider: dbConfig.provider,
+    });
+}
+/**
+ * Create a better-auth instance from OpenSaas config
+ * This should be called once at app startup
+ *
+ * @example
+ * ```typescript
+ * // lib/auth.ts
+ * import { createAuth } from '@opensaas/stack-auth/server'
+ * import config from '../opensaas.config'
+ *
+ * export const auth = createAuth(config)
+ * ```
+ */
+export function createAuth(opensaasConfig, context) {
+    // Extract auth config (added by withAuth)
+    const authConfig = opensaasConfig.__authConfig;
+    if (!authConfig) {
+        throw new Error('Auth config not found. Make sure to wrap your config with withAuth() in opensaas.config.ts');
+    }
+    // Build better-auth configuration
+    const betterAuthConfig = {
+        database: getDatabaseConfig(opensaasConfig.db, context),
+        // Enable email and password if configured
+        emailAndPassword: authConfig.emailAndPassword.enabled
+            ? {
+                enabled: true,
+                requireEmailVerification: authConfig.emailVerification.enabled,
+            }
+            : undefined,
+        // Configure session
+        session: {
+            expiresIn: authConfig.session.expiresIn || 604800,
+            updateAge: authConfig.session.updateAge ? (authConfig.session.expiresIn || 604800) / 10 : 0,
+        },
+        // Trust host (required for production)
+        trustedOrigins: process.env.BETTER_AUTH_TRUSTED_ORIGINS?.split(',') || [],
+        // Social providers
+        socialProviders: Object.entries(authConfig.socialProviders)
+            .filter(([_, config]) => config?.enabled !== false)
+            .reduce((acc, [provider, config]) => {
+            if (config) {
+                acc[provider] = {
+                    clientId: config.clientId,
+                    clientSecret: config.clientSecret,
+                };
+            }
+            return acc;
+        }, {}),
+    };
+    return betterAuth(betterAuthConfig);
+}
+/**
+ * Get session from better-auth and transform it to OpenSaas session format
+ * This is used internally by the generated context
+ */
+export async function getSessionFromAuth(auth, sessionFields) {
+    try {
+        const session = await auth.api.getSession({
+            headers: new Headers(),
+        });
+        if (!session?.user) {
+            return null;
+        }
+        // Build session object with requested fields
+        const result = {};
+        for (const field of sessionFields) {
+            if (field === 'userId') {
+                result.userId = session.user.id;
+            }
+            else if (field in session.user) {
+                result[field] = session.user[field];
+            }
+        }
+        return result;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAA;AAK3D;;GAEG;AACH,SAAS,iBAAiB,CACxB,QAAwB,EACxB,OAAsB;IAEtB,OAAO,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE;QACnC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;KAC5B,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,UAAU,CACxB,cAAwE,EACxE,OAAsB;IAEtB,0CAA0C;IAC1C,MAAM,UAAU,GAAG,cAAc,CAAC,YAAY,CAAA;IAE9C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,4FAA4F,CAC7F,CAAA;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,gBAAgB,GAAsB;QAC1C,QAAQ,EAAE,iBAAiB,CAAC,cAAc,CAAC,EAAE,EAAE,OAAO,CAAC;QAEvD,0CAA0C;QAC1C,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,CAAC,OAAO;YACnD,CAAC,CAAC;gBACE,OAAO,EAAE,IAAI;gBACb,wBAAwB,EAAE,UAAU,CAAC,iBAAiB,CAAC,OAAO;aAC/D;YACH,CAAC,CAAC,SAAS;QAEb,oBAAoB;QACpB,OAAO,EAAE;YACP,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,SAAS,IAAI,MAAM;YACjD,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;SAC5F;QAED,uCAAuC;QACvC,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;QAEzE,mBAAmB;QACnB,eAAe,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC;aACxD,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,CAAC;aAClD,MAAM,CACL,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE;YAC1B,IAAI,MAAM,EAAE,CAAC;gBACX,GAAG,CAAC,QAAQ,CAAC,GAAG;oBACd,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,YAAY,EAAE,MAAM,CAAC,YAAY;iBAClC,CAAA;YACH,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EACD,EAAgE,CACjE;KACJ,CAAA;IAED,OAAO,UAAU,CAAC,gBAAgB,CAAC,CAAA;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAmC,EACnC,aAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YACxC,OAAO,EAAE,IAAI,OAAO,EAAE;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC;YACnB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,6CAA6C;QAC7C,MAAM,MAAM,GAA4B,EAAE,CAAA;QAE1C,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACvB,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAA;YACjC,CAAC;iBAAM,IAAI,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAkC,CAAC,CAAA;YAClE,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC"}