@rio.js/enterprise 1.4.0

package/dist/bun-sqlite-dialect-2R9nCsVF-DFs6tpGr.mjs

@@ -0,0 +1,155 @@
+import { a as DEFAULT_MIGRATION_LOCK_TABLE, c as DefaultQueryCompiler, l as sql, o as DEFAULT_MIGRATION_TABLE, s as CompiledQuery } from "./esm-C5TuvtGn.mjs";
+
+//#region ../better-auth/dist/bun-sqlite-dialect-2R9nCsVF.mjs
+var BunSqliteAdapter = class {
+	get supportsCreateIfNotExists() {
+		return true;
+	}
+	get supportsTransactionalDdl() {
+		return false;
+	}
+	get supportsReturning() {
+		return true;
+	}
+	async acquireMigrationLock() {}
+	async releaseMigrationLock() {}
+	get supportsOutput() {
+		return true;
+	}
+};
+var BunSqliteDriver = class {
+	#config;
+	#connectionMutex = new ConnectionMutex();
+	#db;
+	#connection;
+	constructor(config) {
+		this.#config = { ...config };
+	}
+	async init() {
+		this.#db = this.#config.database;
+		this.#connection = new BunSqliteConnection(this.#db);
+		if (this.#config.onCreateConnection) await this.#config.onCreateConnection(this.#connection);
+	}
+	async acquireConnection() {
+		await this.#connectionMutex.lock();
+		return this.#connection;
+	}
+	async beginTransaction(connection) {
+		await connection.executeQuery(CompiledQuery.raw("begin"));
+	}
+	async commitTransaction(connection) {
+		await connection.executeQuery(CompiledQuery.raw("commit"));
+	}
+	async rollbackTransaction(connection) {
+		await connection.executeQuery(CompiledQuery.raw("rollback"));
+	}
+	async releaseConnection() {
+		this.#connectionMutex.unlock();
+	}
+	async destroy() {
+		this.#db?.close();
+	}
+};
+var BunSqliteConnection = class {
+	#db;
+	constructor(db) {
+		this.#db = db;
+	}
+	executeQuery(compiledQuery) {
+		const { sql: sql$1, parameters } = compiledQuery;
+		const stmt = this.#db.prepare(sql$1);
+		return Promise.resolve({ rows: stmt.all(parameters) });
+	}
+	async *streamQuery() {
+		throw new Error("Streaming query is not supported by SQLite driver.");
+	}
+};
+var ConnectionMutex = class {
+	#promise;
+	#resolve;
+	async lock() {
+		while (this.#promise) await this.#promise;
+		this.#promise = new Promise((resolve) => {
+			this.#resolve = resolve;
+		});
+	}
+	unlock() {
+		const resolve = this.#resolve;
+		this.#promise = void 0;
+		this.#resolve = void 0;
+		resolve?.();
+	}
+};
+var BunSqliteIntrospector = class {
+	#db;
+	constructor(db) {
+		this.#db = db;
+	}
+	async getSchemas() {
+		return [];
+	}
+	async getTables(options = { withInternalKyselyTables: false }) {
+		let query = this.#db.selectFrom("sqlite_schema").where("type", "=", "table").where("name", "not like", "sqlite_%").select("name").$castTo();
+		if (!options.withInternalKyselyTables) query = query.where("name", "!=", DEFAULT_MIGRATION_TABLE).where("name", "!=", DEFAULT_MIGRATION_LOCK_TABLE);
+		const tables = await query.execute();
+		return Promise.all(tables.map(({ name }) => this.#getTableMetadata(name)));
+	}
+	async getMetadata(options) {
+		return { tables: await this.getTables(options) };
+	}
+	async #getTableMetadata(table) {
+		const db = this.#db;
+		const autoIncrementCol = (await db.selectFrom("sqlite_master").where("name", "=", table).select("sql").$castTo().execute())[0]?.sql?.split(/[\(\),]/)?.find((it) => it.toLowerCase().includes("autoincrement"))?.split(/\s+/)?.[0]?.replace(/["`]/g, "");
+		return {
+			name: table,
+			columns: (await db.selectFrom(sql`pragma_table_info(${table})`.as("table_info")).select([
+				"name",
+				"type",
+				"notnull",
+				"dflt_value"
+			]).execute()).map((col) => ({
+				name: col.name,
+				dataType: col.type,
+				isNullable: !col.notnull,
+				isAutoIncrementing: col.name === autoIncrementCol,
+				hasDefaultValue: col.dflt_value != null
+			})),
+			isView: true
+		};
+	}
+};
+var BunSqliteQueryCompiler = class extends DefaultQueryCompiler {
+	getCurrentParameterPlaceholder() {
+		return "?";
+	}
+	getLeftIdentifierWrapper() {
+		return "\"";
+	}
+	getRightIdentifierWrapper() {
+		return "\"";
+	}
+	getAutoIncrement() {
+		return "autoincrement";
+	}
+};
+var BunSqliteDialect = class {
+	#config;
+	constructor(config) {
+		this.#config = { ...config };
+	}
+	createDriver() {
+		return new BunSqliteDriver(this.#config);
+	}
+	createQueryCompiler() {
+		return new BunSqliteQueryCompiler();
+	}
+	createAdapter() {
+		return new BunSqliteAdapter();
+	}
+	createIntrospector(db) {
+		return new BunSqliteIntrospector(db);
+	}
+};
+
+//#endregion
+export { BunSqliteDialect };

package/dist/client--1_AEBPu-8Ae9icC9.mjs

@@ -0,0 +1,125 @@
+import { g as BetterAuthError } from "./env-DwlNAN_D-C1zHd0cf-Cdlw8sNp.mjs";
+
+//#region ../better-auth/dist/has-permission-BYrcx2Uw.mjs
+function role(statements) {
+	return {
+		authorize(request, connector = "AND") {
+			let success = false;
+			for (const [requestedResource, requestedActions] of Object.entries(request)) {
+				const allowedActions = statements[requestedResource];
+				if (!allowedActions) return {
+					success: false,
+					error: `You are not allowed to access resource: ${requestedResource}`
+				};
+				if (Array.isArray(requestedActions)) success = requestedActions.every((requestedAction) => allowedActions.includes(requestedAction));
+				else if (typeof requestedActions === "object") {
+					const actions = requestedActions;
+					if (actions.connector === "OR") success = actions.actions.some((requestedAction) => allowedActions.includes(requestedAction));
+					else success = actions.actions.every((requestedAction) => allowedActions.includes(requestedAction));
+				} else throw new BetterAuthError("Invalid access control request");
+				if (success && connector === "OR") return { success };
+				if (!success && connector === "AND") return {
+					success: false,
+					error: `unauthorized to access resource "${requestedResource}"`
+				};
+			}
+			if (success) return { success };
+			return {
+				success: false,
+				error: "Not authorized"
+			};
+		},
+		statements
+	};
+}
+function createAccessControl(s) {
+	return {
+		newRole(statements) {
+			return role(statements);
+		},
+		statements: s
+	};
+}
+const defaultAc = createAccessControl({
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+});
+const adminAc = defaultAc.newRole({
+	user: [
+		"create",
+		"list",
+		"set-role",
+		"ban",
+		"impersonate",
+		"delete",
+		"set-password",
+		"get",
+		"update"
+	],
+	session: [
+		"list",
+		"revoke",
+		"delete"
+	]
+});
+const userAc = defaultAc.newRole({
+	user: [],
+	session: []
+});
+const defaultRoles = {
+	admin: adminAc,
+	user: userAc
+};
+const hasPermission = (input) => {
+	if (input.userId && input.options?.adminUserIds?.includes(input.userId)) return true;
+	if (!input.permissions && !input.permission) return false;
+	const roles = (input.role || input.options?.defaultRole || "user").split(",");
+	const acRoles = input.options?.roles || defaultRoles;
+	for (const role$1 of roles) if ((acRoles[role$1]?.authorize(input.permission ?? input.permissions))?.success) return true;
+	return false;
+};
+
+//#endregion
+//#region ../better-auth/dist/client--1_AEBPu.mjs
+const twoFactorClient = (options) => {
+	return {
+		id: "two-factor",
+		$InferServerPlugin: {},
+		atomListeners: [{
+			matcher: (path) => path.startsWith("/two-factor/"),
+			signal: "$sessionSignal"
+		}],
+		pathMethods: {
+			"/two-factor/disable": "POST",
+			"/two-factor/enable": "POST",
+			"/two-factor/send-otp": "POST",
+			"/two-factor/generate-backup-codes": "POST"
+		},
+		fetchPlugins: [{
+			id: "two-factor",
+			name: "two-factor",
+			hooks: { async onSuccess(context) {
+				if (context.data?.twoFactorRedirect) {
+					if (options?.onTwoFactorRedirect) await options.onTwoFactorRedirect();
+				}
+			} }
+		}]
+	};
+};
+
+//#endregion
+export { role as a, hasPermission as i, adminAc as n, userAc as o, createAccessControl as r, twoFactorClient as t };

package/dist/client.d.mts

@@ -0,0 +1,17 @@
+import { AuthClient } from "better-auth/react";
+import { adminClient, apiKeyClient, lastLoginMethodClient, organizationClient, twoFactorClient } from "better-auth/client/plugins";
+import { ssoClient } from "@better-auth/sso/client";
+export * from "better-auth/client/plugins";
+
+//#region src/client.d.ts
+
+declare const createEnterpriseClient: ({
+  baseURL
+}: {
+  baseURL: string;
+}) => AuthClient<{
+  baseURL: string;
+  plugins: [ReturnType<typeof organizationClient>, ReturnType<typeof adminClient>, ReturnType<typeof apiKeyClient>, ReturnType<typeof ssoClient>, ReturnType<typeof twoFactorClient>, ReturnType<typeof lastLoginMethodClient>];
+}>;
+//#endregion
+export { createEnterpriseClient };

package/dist/client.mjs

@@ -0,0 +1,381 @@
+import "./env-DwlNAN_D-C1zHd0cf-Cdlw8sNp.mjs";
+import "./dist-CygcgJYk.mjs";
+import "./misc-CbURQDlR-sLtUwwQY.mjs";
+import "./parser-bL7W2mQ0-YdTgjtji.mjs";
+import { i as hasPermission, n as adminAc, o as userAc, t as twoFactorClient } from "./client--1_AEBPu-8Ae9icC9.mjs";
+import { i as useAuthQuery, n as createAuthClient } from "./react--VZQu7s1.mjs";
+import { atom } from "nanostores";
+
+//#region ../better-auth/dist/client/plugins/index.mjs
+const inferAdditionalFields = (schema) => {
+	return {
+		id: "additional-fields-client",
+		$InferServerPlugin: {}
+	};
+};
+const adminClient = (options) => {
+	const roles = {
+		admin: adminAc,
+		user: userAc,
+		...options?.roles
+	};
+	return {
+		id: "admin-client",
+		$InferServerPlugin: {},
+		getActions: () => ({ admin: { checkRolePermission: (data) => {
+			return hasPermission({
+				role: data.role,
+				options: {
+					ac: options?.ac,
+					roles
+				},
+				permissions: data.permissions ?? data.permission
+			});
+		} } }),
+		pathMethods: {
+			"/admin/list-users": "GET",
+			"/admin/stop-impersonating": "POST"
+		}
+	};
+};
+const anonymousClient = () => {
+	return {
+		id: "anonymous",
+		$InferServerPlugin: {},
+		pathMethods: { "/sign-in/anonymous": "POST" },
+		atomListeners: [{
+			matcher: (path) => path === "/sign-in/anonymous",
+			signal: "$sessionSignal"
+		}]
+	};
+};
+const apiKeyClient = () => {
+	return {
+		id: "api-key",
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/api-key/create": "POST",
+			"/api-key/delete": "POST",
+			"/api-key/delete-all-expired-api-keys": "POST"
+		}
+	};
+};
+const customSessionClient = () => {
+	return InferServerPlugin();
+};
+const deviceAuthorizationClient = () => {
+	return {
+		id: "device-authorization",
+		$InferServerPlugin: {},
+		pathMethods: {
+			"/device/code": "POST",
+			"/device/token": "POST",
+			"/device": "GET",
+			"/device/approve": "POST",
+			"/device/deny": "POST"
+		}
+	};
+};
+const emailOTPClient = () => {
+	return {
+		id: "email-otp",
+		$InferServerPlugin: {},
+		atomListeners: [{
+			matcher: (path) => path === "/email-otp/verify-email" || path === "/sign-in/email-otp",
+			signal: "$sessionSignal"
+		}]
+	};
+};
+const genericOAuthClient = () => {
+	return {
+		id: "generic-oauth-client",
+		$InferServerPlugin: {}
+	};
+};
+const jwtClient = () => {
+	return {
+		id: "better-auth-client",
+		$InferServerPlugin: {}
+	};
+};
+function getCookieValue(name) {
+	if (typeof document === "undefined") return null;
+	const cookie = document.cookie.split("; ").find((row) => row.startsWith(`${name}=`));
+	return cookie ? cookie.split("=")[1] : null;
+}
+/**
+* Client-side plugin to retrieve the last used login method
+*/
+const lastLoginMethodClient = (config = {}) => {
+	const cookieName = config.cookieName || "better-auth.last_used_login_method";
+	return {
+		id: "last-login-method-client",
+		getActions() {
+			return {
+				getLastUsedLoginMethod: () => {
+					return getCookieValue(cookieName);
+				},
+				clearLastUsedLoginMethod: () => {
+					if (typeof document !== "undefined") document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
+				},
+				isLastUsedLoginMethod: (method) => {
+					return getCookieValue(cookieName) === method;
+				}
+			};
+		}
+	};
+};
+const magicLinkClient = () => {
+	return {
+		id: "magic-link",
+		$InferServerPlugin: {}
+	};
+};
+const multiSessionClient = () => {
+	return {
+		id: "multi-session",
+		$InferServerPlugin: {},
+		atomListeners: [{
+			matcher(path) {
+				return path === "/multi-session/set-active";
+			},
+			signal: "$sessionSignal"
+		}]
+	};
+};
+const oidcClient = () => {
+	return {
+		id: "oidc-client",
+		$InferServerPlugin: {}
+	};
+};
+let isRequestInProgress = false;
+const oneTapClient = (options) => {
+	return {
+		id: "one-tap",
+		getActions: ($fetch, _) => ({ oneTap: async (opts, fetchOptions) => {
+			if (isRequestInProgress) {
+				console.warn("A Google One Tap request is already in progress. Please wait.");
+				return;
+			}
+			isRequestInProgress = true;
+			try {
+				if (typeof window === "undefined" || !window.document) {
+					console.warn("Google One Tap is only available in browser environments");
+					return;
+				}
+				const { autoSelect, cancelOnTapOutside, context } = opts ?? {};
+				const contextValue = context ?? options.context ?? "signin";
+				await loadGoogleScript();
+				await new Promise((resolve, reject) => {
+					let isResolved = false;
+					const baseDelay = options.promptOptions?.baseDelay ?? 1e3;
+					const maxAttempts = options.promptOptions?.maxAttempts ?? 5;
+					window.google?.accounts.id.initialize({
+						client_id: options.clientId,
+						callback: async (response) => {
+							isResolved = true;
+							try {
+								await $fetch("/one-tap/callback", {
+									method: "POST",
+									body: { idToken: response.credential },
+									...opts?.fetchOptions,
+									...fetchOptions
+								});
+								if (!opts?.fetchOptions && !fetchOptions || opts?.callbackURL) window.location.href = opts?.callbackURL ?? "/";
+								resolve();
+							} catch (error) {
+								console.error("Error during One Tap callback:", error);
+								reject(error);
+							}
+						},
+						auto_select: autoSelect,
+						cancel_on_tap_outside: cancelOnTapOutside,
+						context: contextValue,
+						...options.additionalOptions
+					});
+					const handlePrompt = (attempt) => {
+						if (isResolved) return;
+						window.google?.accounts.id.prompt((notification) => {
+							if (isResolved) return;
+							if (notification.isDismissedMoment && notification.isDismissedMoment()) if (attempt < maxAttempts) {
+								const delay = Math.pow(2, attempt) * baseDelay;
+								setTimeout(() => handlePrompt(attempt + 1), delay);
+							} else opts?.onPromptNotification?.(notification);
+							else if (notification.isSkippedMoment && notification.isSkippedMoment()) if (attempt < maxAttempts) {
+								const delay = Math.pow(2, attempt) * baseDelay;
+								setTimeout(() => handlePrompt(attempt + 1), delay);
+							} else opts?.onPromptNotification?.(notification);
+						});
+					};
+					handlePrompt(0);
+				});
+			} catch (error) {
+				console.error("Error during Google One Tap flow:", error);
+				throw error;
+			} finally {
+				isRequestInProgress = false;
+			}
+		} }),
+		getAtoms($fetch) {
+			return {};
+		}
+	};
+};
+const loadGoogleScript = () => {
+	return new Promise((resolve) => {
+		if (window.googleScriptInitialized) {
+			resolve();
+			return;
+		}
+		const script = document.createElement("script");
+		script.src = "https://accounts.google.com/gsi/client";
+		script.async = true;
+		script.defer = true;
+		script.onload = () => {
+			window.googleScriptInitialized = true;
+			resolve();
+		};
+		document.head.appendChild(script);
+	});
+};
+const oneTimeTokenClient = () => {
+	return {
+		id: "one-time-token",
+		$InferServerPlugin: {}
+	};
+};
+const organizationClient = (options) => {
+	const $listOrg = atom(false);
+	const $activeOrgSignal = atom(false);
+	const $activeMemberSignal = atom(false);
+	const $activeMemberRoleSignal = atom(false);
+	return {
+		id: "organization",
+		$InferServerPlugin: {},
+		getActions: ($fetch, _$store, co) => ({
+			$Infer: {
+				ActiveOrganization: {},
+				Organization: {},
+				Invitation: {},
+				Member: {},
+				Team: {}
+			},
+			organization: {}
+		}),
+		getAtoms: ($fetch) => {
+			const listOrganizations = useAuthQuery($listOrg, "/organization/list", $fetch, { method: "GET" });
+			return {
+				$listOrg,
+				$activeOrgSignal,
+				$activeMemberSignal,
+				$activeMemberRoleSignal,
+				activeOrganization: useAuthQuery([$activeOrgSignal], "/organization/get-full-organization", $fetch, () => ({ method: "GET" })),
+				listOrganizations,
+				activeMember: useAuthQuery([$activeMemberSignal], "/organization/get-active-member", $fetch, { method: "GET" }),
+				activeMemberRole: useAuthQuery([$activeMemberRoleSignal], "/organization/get-active-member-role", $fetch, { method: "GET" })
+			};
+		},
+		pathMethods: {
+			"/organization/get-full-organization": "GET",
+			"/organization/list-user-teams": "GET"
+		},
+		atomListeners: [
+			{
+				matcher(path) {
+					return path === "/organization/create" || path === "/organization/delete" || path === "/organization/update";
+				},
+				signal: "$listOrg"
+			},
+			{
+				matcher(path) {
+					return path.startsWith("/organization");
+				},
+				signal: "$activeOrgSignal"
+			},
+			{
+				matcher(path) {
+					return path.startsWith("/organization/set-active");
+				},
+				signal: "$sessionSignal"
+			},
+			{
+				matcher(path) {
+					return path.includes("/organization/update-member-role");
+				},
+				signal: "$activeMemberSignal"
+			},
+			{
+				matcher(path) {
+					return path.includes("/organization/update-member-role");
+				},
+				signal: "$activeMemberRoleSignal"
+			}
+		]
+	};
+};
+const inferOrgAdditionalFields = (schema) => {
+	return {};
+};
+const phoneNumberClient = () => {
+	return {
+		id: "phoneNumber",
+		$InferServerPlugin: {},
+		atomListeners: [{
+			matcher(path) {
+				return path === "/phone-number/update" || path === "/phone-number/verify" || path === "/sign-in/phone-number";
+			},
+			signal: "$sessionSignal"
+		}]
+	};
+};
+const siweClient = () => {
+	return {
+		id: "siwe",
+		$InferServerPlugin: {}
+	};
+};
+const usernameClient = () => {
+	return {
+		id: "username",
+		$InferServerPlugin: {},
+		atomListeners: [{
+			matcher: (path) => path === "/sign-in/username",
+			signal: "$sessionSignal"
+		}]
+	};
+};
+const InferServerPlugin = () => {
+	return {
+		id: "infer-server-plugin",
+		$InferServerPlugin: {}
+	};
+};
+
+//#endregion
+//#region ../sso/dist/client.mjs
+const ssoClient = (options) => {
+	return {
+		id: "sso-client",
+		$InferServerPlugin: {}
+	};
+};
+
+//#endregion
+//#region src/client.ts
+const createEnterpriseClient = ({ baseURL }) => {
+	return createAuthClient({
+		baseURL,
+		plugins: [
+			organizationClient(),
+			adminClient(),
+			apiKeyClient(),
+			ssoClient(),
+			twoFactorClient(),
+			lastLoginMethodClient()
+		]
+	});
+};
+
+//#endregion
+export { InferServerPlugin, adminClient, anonymousClient, apiKeyClient, createEnterpriseClient, customSessionClient, deviceAuthorizationClient, emailOTPClient, genericOAuthClient, inferAdditionalFields, inferOrgAdditionalFields, jwtClient, lastLoginMethodClient, magicLinkClient, multiSessionClient, oidcClient, oneTapClient, oneTimeTokenClient, organizationClient, phoneNumberClient, siweClient, twoFactorClient, usernameClient };