@sirketio/auth 0.0.1

package/dist/client/vanilla.d.mts

@@ -0,0 +1,127 @@
+import { PrettifyDeep, UnionToIntersection } from "../types/helper.mjs";
+import { InferActions, InferClientAPI, InferErrorCodes, IsSignal, SessionQueryParams } from "./types.mjs";
+import { BetterAuthClientOptions, BetterAuthClientPlugin } from "@better-auth/core";
+import { BASE_ERROR_CODES } from "@better-auth/core/error";
+import * as nanostores from "nanostores";
+import { Atom } from "nanostores";
+import * as _better_fetch_fetch0 from "@better-fetch/fetch";
+import { BetterFetchError } from "@better-fetch/fetch";
+
+//#region src/client/vanilla.d.ts
+type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
+  plugins: Array<infer Plugin>;
+} ? UnionToIntersection<Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: Atoms[key] } : {} : {} : {}> : {};
+declare function createAuthClient<Option extends BetterAuthClientOptions>(options?: Option | undefined): UnionToIntersection<InferResolvedHooks<Option>> & InferClientAPI<Option> & InferActions<Option> & {
+  useSession: Atom<{
+    data: InferClientAPI<Option> extends {
+      getSession: () => Promise<infer Res>;
+    } ? Res extends {
+      data: null;
+      error: {
+        message?: string | undefined;
+        status: number;
+        statusText: string;
+      };
+    } | {
+      data: infer S;
+      error: null;
+    } ? S : Res extends Record<string, any> ? Res : never : never;
+    error: BetterFetchError | null;
+    isPending: boolean;
+    isRefetching: boolean;
+    refetch: (queryParams?: {
+      query?: SessionQueryParams;
+    } | undefined) => Promise<void>;
+  }>;
+  $fetch: _better_fetch_fetch0.BetterFetch<{
+    plugins: (_better_fetch_fetch0.BetterFetchPlugin<Record<string, any>> | {
+      id: string;
+      name: string;
+      hooks: {
+        onSuccess: ((context: _better_fetch_fetch0.SuccessContext<any>) => Promise<void> | void) | undefined;
+        onError: ((context: _better_fetch_fetch0.ErrorContext) => Promise<void> | void) | undefined;
+        onRequest: (<T extends Record<string, any>>(context: _better_fetch_fetch0.RequestContext<T>) => Promise<_better_fetch_fetch0.RequestContext | void> | _better_fetch_fetch0.RequestContext | void) | undefined;
+        onResponse: ((context: _better_fetch_fetch0.ResponseContext) => Promise<Response | void | _better_fetch_fetch0.ResponseContext> | Response | _better_fetch_fetch0.ResponseContext | void) | undefined;
+      };
+    } | {
+      id: string;
+      name: string;
+      hooks: {
+        onSuccess(context: _better_fetch_fetch0.SuccessContext<any>): void;
+      };
+    })[];
+    cache?: RequestCache | undefined;
+    credentials?: RequestCredentials;
+    headers?: (HeadersInit & (HeadersInit | {
+      accept: "application/json" | "text/plain" | "application/octet-stream";
+      "content-type": "application/json" | "text/plain" | "application/x-www-form-urlencoded" | "multipart/form-data" | "application/octet-stream";
+      authorization: "Bearer" | "Basic";
+    })) | undefined;
+    integrity?: string | undefined;
+    keepalive?: boolean | undefined;
+    method: string;
+    mode?: RequestMode | undefined;
+    priority?: RequestPriority | undefined;
+    redirect?: RequestRedirect | undefined;
+    referrer?: string | undefined;
+    referrerPolicy?: ReferrerPolicy | undefined;
+    signal?: (AbortSignal | null) | undefined;
+    window?: null | undefined;
+    onRetry?: ((response: _better_fetch_fetch0.ResponseContext) => Promise<void> | void) | undefined;
+    hookOptions?: {
+      cloneResponse?: boolean;
+    } | undefined;
+    timeout?: number | undefined;
+    customFetchImpl: typeof fetch;
+    baseURL: string;
+    throw?: boolean | undefined;
+    auth?: ({
+      type: "Bearer";
+      token: string | Promise<string | undefined> | (() => string | Promise<string | undefined> | undefined) | undefined;
+    } | {
+      type: "Basic";
+      username: string | (() => string | undefined) | undefined;
+      password: string | (() => string | undefined) | undefined;
+    } | {
+      type: "Custom";
+      prefix: string | (() => string | undefined) | undefined;
+      value: string | (() => string | undefined) | undefined;
+    }) | undefined;
+    body?: any;
+    query?: any;
+    params?: any;
+    duplex?: "full" | "half" | undefined;
+    jsonParser: (text: string) => Promise<any> | any;
+    retry?: _better_fetch_fetch0.RetryOptions | undefined;
+    retryAttempt?: number | undefined;
+    output?: (_better_fetch_fetch0.StandardSchemaV1 | typeof Blob | typeof File) | undefined;
+    errorSchema?: _better_fetch_fetch0.StandardSchemaV1 | undefined;
+    disableValidation?: boolean | undefined;
+    disableSignal?: boolean | undefined;
+  }, unknown, unknown, {}>;
+  $store: {
+    notify: (signal?: (Omit<string, "$sessionSignal"> | "$sessionSignal") | undefined) => void;
+    listen: (signal: Omit<string, "$sessionSignal"> | "$sessionSignal", listener: (value: boolean, oldValue?: boolean | undefined) => void) => void;
+    atoms: Record<string, nanostores.WritableAtom<any>>;
+  };
+  $Infer: {
+    Session: NonNullable<InferClientAPI<Option> extends {
+      getSession: () => Promise<infer Res>;
+    } ? Res extends {
+      data: null;
+      error: {
+        message?: string | undefined;
+        status: number;
+        statusText: string;
+      };
+    } | {
+      data: infer S;
+      error: null;
+    } ? S : Res extends Record<string, any> ? Res : never : never>;
+  };
+  $ERROR_CODES: PrettifyDeep<InferErrorCodes<Option> & typeof BASE_ERROR_CODES>;
+};
+type AuthClient<Option extends BetterAuthClientOptions> = ReturnType<typeof createAuthClient<Option>>;
+//#endregion
+export { AuthClient, createAuthClient };
+//# sourceMappingURL=vanilla.d.mts.map

package/dist/client/vanilla.mjs

@@ -0,0 +1,20 @@
+import { getClientConfig } from "./config.mjs";
+import { createDynamicPathProxy } from "./proxy.mjs";
+import { capitalizeFirstLetter } from "@better-auth/core/utils/string";
+
+//#region src/client/vanilla.ts
+function createAuthClient(options) {
+	const { pluginPathMethods, pluginsActions, pluginsAtoms, $fetch, atomListeners, $store } = getClientConfig(options);
+	const resolvedHooks = {};
+	for (const [key, value] of Object.entries(pluginsAtoms)) resolvedHooks[`use${capitalizeFirstLetter(key)}`] = value;
+	return createDynamicPathProxy({
+		...pluginsActions,
+		...resolvedHooks,
+		$fetch,
+		$store
+	}, $fetch, pluginPathMethods, pluginsAtoms, atomListeners);
+}
+
+//#endregion
+export { createAuthClient };
+//# sourceMappingURL=vanilla.mjs.map

package/dist/client/vanilla.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"vanilla.mjs","names":[],"sources":["../../src/client/vanilla.ts"],"sourcesContent":["import type {\n\tBetterAuthClientOptions,\n\tBetterAuthClientPlugin,\n} from \"@better-auth/core\";\nimport type { BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { capitalizeFirstLetter } from \"@better-auth/core/utils/string\";\nimport type {\n\tBetterFetchError,\n\tBetterFetchResponse,\n} from \"@better-fetch/fetch\";\nimport type { Atom } from \"nanostores\";\nimport type { PrettifyDeep, UnionToIntersection } from \"../types/helper\";\nimport { getClientConfig } from \"./config\";\nimport { createDynamicPathProxy } from \"./proxy\";\nimport type {\n\tInferActions,\n\tInferClientAPI,\n\tInferErrorCodes,\n\tIsSignal,\n\tSessionQueryParams,\n} from \"./types\";\n\ntype InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {\n\tplugins: Array<infer Plugin>;\n}\n\t? UnionToIntersection<\n\t\t\tPlugin extends BetterAuthClientPlugin\n\t\t\t\t? Plugin[\"getAtoms\"] extends (fetch: any) => infer Atoms\n\t\t\t\t\t? Atoms extends Record<string, any>\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t[key in keyof Atoms as IsSignal<key> extends true\n\t\t\t\t\t\t\t\t\t? never\n\t\t\t\t\t\t\t\t\t: key extends string\n\t\t\t\t\t\t\t\t\t\t? `use${Capitalize<key>}`\n\t\t\t\t\t\t\t\t\t\t: never]: Atoms[key];\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: {}\n\t\t\t\t\t: {}\n\t\t\t\t: {}\n\t\t>\n\t: {};\n\nexport function createAuthClient<Option extends BetterAuthClientOptions>(\n\toptions?: Option | undefined,\n) {\n\tconst {\n\t\tpluginPathMethods,\n\t\tpluginsActions,\n\t\tpluginsAtoms,\n\t\t$fetch,\n\t\tatomListeners,\n\t\t$store,\n\t} = getClientConfig(options);\n\tconst resolvedHooks: Record<string, any> = {};\n\tfor (const [key, value] of Object.entries(pluginsAtoms)) {\n\t\tresolvedHooks[`use${capitalizeFirstLetter(key)}`] = value;\n\t}\n\tconst routes = {\n\t\t...pluginsActions,\n\t\t...resolvedHooks,\n\t\t$fetch,\n\t\t$store,\n\t};\n\tconst proxy = createDynamicPathProxy(\n\t\troutes,\n\t\t$fetch,\n\t\tpluginPathMethods,\n\t\tpluginsAtoms,\n\t\tatomListeners,\n\t);\n\ttype ClientAPI = InferClientAPI<Option>;\n\ttype Session = ClientAPI extends {\n\t\tgetSession: () => Promise<infer Res>;\n\t}\n\t\t? Res extends BetterFetchResponse<infer S>\n\t\t\t? S\n\t\t\t: Res extends Record<string, any>\n\t\t\t\t? Res\n\t\t\t\t: never\n\t\t: never;\n\treturn proxy as UnionToIntersection<InferResolvedHooks<Option>> &\n\t\tClientAPI &\n\t\tInferActions<Option> & {\n\t\t\tuseSession: Atom<{\n\t\t\t\tdata: Session;\n\t\t\t\terror: BetterFetchError | null;\n\t\t\t\tisPending: boolean;\n\t\t\t\tisRefetching: boolean;\n\t\t\t\trefetch: (\n\t\t\t\t\tqueryParams?: { query?: SessionQueryParams } | undefined,\n\t\t\t\t) => Promise<void>;\n\t\t\t}>;\n\t\t\t$fetch: typeof $fetch;\n\t\t\t$store: typeof $store;\n\t\t\t$Infer: {\n\t\t\t\tSession: NonNullable<Session>;\n\t\t\t};\n\t\t\t$ERROR_CODES: PrettifyDeep<\n\t\t\t\tInferErrorCodes<Option> & typeof BASE_ERROR_CODES\n\t\t\t>;\n\t\t};\n}\n\nexport type AuthClient<Option extends BetterAuthClientOptions> = ReturnType<\n\ttypeof createAuthClient<Option>\n>;\n"],"mappings":";;;;;AA0CA,SAAgB,iBACf,SACC;CACD,MAAM,EACL,mBACA,gBACA,cACA,QACA,eACA,WACG,gBAAgB,QAAQ;CAC5B,MAAM,gBAAqC,EAAE;AAC7C,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,aAAa,CACtD,eAAc,MAAM,sBAAsB,IAAI,MAAM;AAyBrD,QAjBc,uBANC;EACd,GAAG;EACH,GAAG;EACH;EACA;EACA,EAGA,QACA,mBACA,cACA,cACA"}

package/dist/context/create-context.mjs

@@ -0,0 +1,211 @@
+import { getBaseURL } from "../utils/url.mjs";
+import { matchesOriginPattern } from "../auth/trusted-origins.mjs";
+import { createInternalAdapter } from "../db/internal-adapter.mjs";
+import { isPromise } from "../utils/is-promise.mjs";
+import { getInternalPlugins, getTrustedOrigins, getTrustedProviders, runPluginInit } from "./helpers.mjs";
+import { hashPassword, verifyPassword } from "../crypto/password.mjs";
+import { createCookieGetter, getCookies } from "../cookies/index.mjs";
+import { checkPassword } from "../utils/password.mjs";
+import { checkEndpointConflicts } from "../api/index.mjs";
+import { DEFAULT_SECRET } from "../utils/constants.mjs";
+import { getBetterAuthVersion } from "@better-auth/core/context";
+import { getAuthTables } from "@better-auth/core/db";
+import { createLogger, env, isProduction, isTest } from "@better-auth/core/env";
+import { BetterAuthError } from "@better-auth/core/error";
+import { generateId } from "@better-auth/core/utils/id";
+import { socialProviders } from "@better-auth/core/social-providers";
+import { createTelemetry } from "@better-auth/telemetry";
+import defu from "defu";
+
+//#region src/context/create-context.ts
+/**
+* Estimates the entropy of a string in bits.
+* This is a simple approximation that helps detect low-entropy secrets.
+*/
+function estimateEntropy(str) {
+	const unique = new Set(str).size;
+	if (unique === 0) return 0;
+	return Math.log2(Math.pow(unique, str.length));
+}
+/**
+* Validates that the secret meets minimum security requirements.
+* Throws BetterAuthError if the secret is invalid.
+* Skips validation for DEFAULT_SECRET in test environments only.
+* Only throws for DEFAULT_SECRET in production environment.
+*/
+function validateSecret(secret, logger) {
+	const isDefaultSecret = secret === DEFAULT_SECRET;
+	if (isTest()) return;
+	if (isDefaultSecret && isProduction) throw new BetterAuthError("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");
+	if (!secret) throw new BetterAuthError("BETTER_AUTH_SECRET is missing. Set it in your environment or pass `secret` to sirketioAuth({ secret }).");
+	if (secret.length < 32) logger.warn(`[better-auth] Warning: your BETTER_AUTH_SECRET should be at least 32 characters long for adequate security. Generate one with \`npx auth secret\` or \`openssl rand -base64 32\`.`);
+	if (estimateEntropy(secret) < 120) logger.warn("[better-auth] Warning: your BETTER_AUTH_SECRET appears low-entropy. Use a randomly generated secret for production.");
+}
+async function createAuthContext(adapter, options, getDatabaseType) {
+	if (!options.database) options = defu(options, {
+		session: { cookieCache: {
+			enabled: true,
+			strategy: "jwe",
+			refreshCache: true
+		} },
+		account: {
+			storeStateStrategy: "cookie",
+			storeAccountCookie: true
+		}
+	});
+	const plugins = options.plugins || [];
+	const internalPlugins = getInternalPlugins(options);
+	const logger = createLogger(options.logger);
+	const baseURL = getBaseURL(options.baseURL, options.basePath);
+	if (!baseURL) logger.warn(`[better-auth] Base URL could not be determined. Please set a valid base URL using the baseURL config option or the BETTER_AUTH_URL environment variable. Without this, callbacks and redirects may not work correctly.`);
+	if (adapter.id === "memory" && options.advanced?.database?.generateId === false) logger.error(`[better-auth] Misconfiguration detected.
+You are using the memory DB with generateId: false.
+This will cause no id to be generated for any model.
+Most of the features of Better Auth will not work correctly.`);
+	const secret = options.secret || env.BETTER_AUTH_SECRET || env.AUTH_SECRET || DEFAULT_SECRET;
+	validateSecret(secret, logger);
+	options = {
+		...options,
+		secret,
+		baseURL: baseURL ? new URL(baseURL).origin : "",
+		basePath: options.basePath || "/api/auth",
+		plugins: plugins.concat(internalPlugins)
+	};
+	checkEndpointConflicts(options, logger);
+	const cookies = getCookies(options);
+	const tables = getAuthTables(options);
+	const providers = (await Promise.all(Object.entries(options.socialProviders || {}).map(async ([key, originalConfig]) => {
+		const config = typeof originalConfig === "function" ? await originalConfig() : originalConfig;
+		if (config == null) return null;
+		if (config.enabled === false) return null;
+		if (!config.clientId) logger.warn(`Social provider ${key} is missing clientId or clientSecret`);
+		const provider = socialProviders[key](config);
+		provider.disableImplicitSignUp = config.disableImplicitSignUp;
+		return provider;
+	}))).filter((x) => x !== null);
+	const generateIdFunc = ({ model, size }) => {
+		if (typeof options.advanced?.generateId === "function") return options.advanced.generateId({
+			model,
+			size
+		});
+		const dbGenerateId = options?.advanced?.database?.generateId;
+		if (typeof dbGenerateId === "function") return dbGenerateId({
+			model,
+			size
+		});
+		if (dbGenerateId === "uuid") return crypto.randomUUID();
+		if (dbGenerateId === "serial" || dbGenerateId === false) return false;
+		return generateId(size);
+	};
+	const { publish } = await createTelemetry(options, {
+		adapter: adapter.id,
+		database: typeof options.database === "function" ? "adapter" : getDatabaseType(options.database)
+	});
+	const pluginIds = new Set(options.plugins.map((p) => p.id));
+	const getPluginFn = (id) => options.plugins.find((p) => p.id === id) ?? null;
+	const hasPluginFn = (id) => pluginIds.has(id);
+	const trustedOrigins = await getTrustedOrigins(options);
+	const trustedProviders = await getTrustedProviders(options);
+	const ctx = {
+		appName: options.appName || "Better Auth",
+		baseURL: baseURL || "",
+		version: getBetterAuthVersion(),
+		socialProviders: providers,
+		options,
+		oauthConfig: {
+			storeStateStrategy: options.account?.storeStateStrategy || (options.database ? "database" : "cookie"),
+			skipStateCookieCheck: !!options.account?.skipStateCookieCheck
+		},
+		tables,
+		trustedOrigins,
+		trustedProviders,
+		isTrustedOrigin(url, settings) {
+			return this.trustedOrigins.some((origin) => matchesOriginPattern(url, origin, settings));
+		},
+		sessionConfig: {
+			updateAge: options.session?.updateAge !== void 0 ? options.session.updateAge : 1440 * 60,
+			expiresIn: options.session?.expiresIn || 3600 * 24 * 7,
+			freshAge: options.session?.freshAge === void 0 ? 3600 * 24 : options.session.freshAge,
+			cookieRefreshCache: (() => {
+				const refreshCache = options.session?.cookieCache?.refreshCache;
+				const maxAge = options.session?.cookieCache?.maxAge || 300;
+				if ((!!options.database || !!options.secondaryStorage) && refreshCache) {
+					logger.warn("[better-auth] `session.cookieCache.refreshCache` is enabled while `database` or `secondaryStorage` is configured. `refreshCache` is meant for stateless (DB-less) setups. Disabling `refreshCache` — remove it from your config to silence this warning.");
+					return false;
+				}
+				if (refreshCache === false || refreshCache === void 0) return false;
+				if (refreshCache === true) return {
+					enabled: true,
+					updateAge: Math.floor(maxAge * .2)
+				};
+				return {
+					enabled: true,
+					updateAge: refreshCache.updateAge !== void 0 ? refreshCache.updateAge : Math.floor(maxAge * .2)
+				};
+			})()
+		},
+		secret,
+		rateLimit: {
+			...options.rateLimit,
+			enabled: options.rateLimit?.enabled ?? isProduction,
+			window: options.rateLimit?.window || 10,
+			max: options.rateLimit?.max || 100,
+			storage: options.rateLimit?.storage || (options.secondaryStorage ? "secondary-storage" : "memory")
+		},
+		authCookies: cookies,
+		logger,
+		generateId: generateIdFunc,
+		session: null,
+		secondaryStorage: options.secondaryStorage,
+		password: {
+			hash: options.emailAndPassword?.password?.hash || hashPassword,
+			verify: options.emailAndPassword?.password?.verify || verifyPassword,
+			config: {
+				minPasswordLength: options.emailAndPassword?.minPasswordLength || 8,
+				maxPasswordLength: options.emailAndPassword?.maxPasswordLength || 128
+			},
+			checkPassword
+		},
+		setNewSession(session) {
+			this.newSession = session;
+		},
+		newSession: null,
+		adapter,
+		internalAdapter: createInternalAdapter(adapter, {
+			options,
+			logger,
+			hooks: options.databaseHooks ? [options.databaseHooks] : [],
+			generateId: generateIdFunc
+		}),
+		createAuthCookie: createCookieGetter(options),
+		async runMigrations() {
+			throw new BetterAuthError("runMigrations will be set by the specific init implementation");
+		},
+		publishTelemetry: publish,
+		skipCSRFCheck: !!options.advanced?.disableCSRFCheck,
+		skipOriginCheck: options.advanced?.disableOriginCheck !== void 0 ? options.advanced.disableOriginCheck : isTest() ? true : false,
+		runInBackground: options.advanced?.backgroundTasks?.handler ?? ((p) => {
+			p.catch(() => {});
+		}),
+		async runInBackgroundOrAwait(promise) {
+			try {
+				if (options.advanced?.backgroundTasks?.handler) {
+					if (promise instanceof Promise) options.advanced.backgroundTasks.handler(promise.catch((e) => {
+						logger.error("Failed to run background task:", e);
+					}));
+				} else await promise;
+			} catch (e) {
+				logger.error("Failed to run background task:", e);
+			}
+		},
+		getPlugin: getPluginFn,
+		hasPlugin: hasPluginFn
+	};
+	const initOrPromise = runPluginInit(ctx);
+	if (isPromise(initOrPromise)) await initOrPromise;
+	return ctx;
+}
+
+//#endregion
+export { createAuthContext };
+//# sourceMappingURL=create-context.mjs.map

package/dist/context/create-context.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-context.mjs","names":[],"sources":["../../src/context/create-context.ts"],"sourcesContent":["import type { AuthContext, BetterAuthOptions } from \"@better-auth/core\";\nimport { getBetterAuthVersion } from \"@better-auth/core/context\";\nimport { getAuthTables } from \"@better-auth/core/db\";\nimport type { DBAdapter } from \"@better-auth/core/db/adapter\";\nimport { createLogger, env, isProduction, isTest } from \"@better-auth/core/env\";\nimport { BetterAuthError } from \"@better-auth/core/error\";\nimport type { OAuthProvider } from \"@better-auth/core/oauth2\";\nimport type { SocialProviders } from \"@better-auth/core/social-providers\";\nimport { socialProviders } from \"@better-auth/core/social-providers\";\nimport { generateId } from \"@better-auth/core/utils/id\";\nimport { createTelemetry } from \"@better-auth/telemetry\";\nimport defu from \"defu\";\nimport type { Entries } from \"type-fest\";\nimport { checkEndpointConflicts } from \"../api\";\nimport { matchesOriginPattern } from \"../auth/trusted-origins\";\nimport { createCookieGetter, getCookies } from \"../cookies\";\nimport { hashPassword, verifyPassword } from \"../crypto/password\";\nimport { createInternalAdapter } from \"../db/internal-adapter\";\nimport { DEFAULT_SECRET } from \"../utils/constants\";\nimport { isPromise } from \"../utils/is-promise\";\nimport { checkPassword } from \"../utils/password\";\nimport { getBaseURL } from \"../utils/url\";\nimport {\n\tgetInternalPlugins,\n\tgetTrustedOrigins,\n\tgetTrustedProviders,\n\trunPluginInit,\n} from \"./helpers\";\n\n/**\n * Estimates the entropy of a string in bits.\n * This is a simple approximation that helps detect low-entropy secrets.\n */\nfunction estimateEntropy(str: string): number {\n\tconst unique = new Set(str).size;\n\tif (unique === 0) return 0;\n\treturn Math.log2(Math.pow(unique, str.length));\n}\n\n/**\n * Validates that the secret meets minimum security requirements.\n * Throws BetterAuthError if the secret is invalid.\n * Skips validation for DEFAULT_SECRET in test environments only.\n * Only throws for DEFAULT_SECRET in production environment.\n */\nfunction validateSecret(\n\tsecret: string,\n\tlogger: ReturnType<typeof createLogger>,\n): void {\n\tconst isDefaultSecret = secret === DEFAULT_SECRET;\n\n\tif (isTest()) {\n\t\treturn;\n\t}\n\n\tif (isDefaultSecret && isProduction) {\n\t\tthrow new BetterAuthError(\n\t\t\t\"You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config.\",\n\t\t);\n\t}\n\n\tif (!secret) {\n\t\tthrow new BetterAuthError(\n\t\t\t\"BETTER_AUTH_SECRET is missing. Set it in your environment or pass `secret` to sirketioAuth({ secret }).\",\n\t\t);\n\t}\n\n\tif (secret.length < 32) {\n\t\tlogger.warn(\n\t\t\t`[better-auth] Warning: your BETTER_AUTH_SECRET should be at least 32 characters long for adequate security. Generate one with \\`npx auth secret\\` or \\`openssl rand -base64 32\\`.`,\n\t\t);\n\t}\n\n\t// Optional high-entropy check: warn if entropy appears low\n\tconst entropy = estimateEntropy(secret);\n\tif (entropy < 120) {\n\t\tlogger.warn(\n\t\t\t\"[better-auth] Warning: your BETTER_AUTH_SECRET appears low-entropy. Use a randomly generated secret for production.\",\n\t\t);\n\t}\n}\n\nexport async function createAuthContext<Options extends BetterAuthOptions>(\n\tadapter: DBAdapter,\n\toptions: Options,\n\tgetDatabaseType: (database: Options[\"database\"]) => string,\n): Promise<AuthContext<Options>> {\n\t//set default options for stateless mode\n\tif (!options.database) {\n\t\toptions = defu(options, {\n\t\t\tsession: {\n\t\t\t\tcookieCache: {\n\t\t\t\t\tenabled: true,\n\t\t\t\t\tstrategy: \"jwe\" as const,\n\t\t\t\t\trefreshCache: true,\n\t\t\t\t},\n\t\t\t},\n\t\t\taccount: {\n\t\t\t\tstoreStateStrategy: \"cookie\" as const,\n\t\t\t\tstoreAccountCookie: true,\n\t\t\t},\n\t\t}) as Options;\n\t}\n\tconst plugins = options.plugins || [];\n\tconst internalPlugins = getInternalPlugins(options);\n\tconst logger = createLogger(options.logger);\n\tconst baseURL = getBaseURL(options.baseURL, options.basePath);\n\n\tif (!baseURL) {\n\t\tlogger.warn(\n\t\t\t`[better-auth] Base URL could not be determined. Please set a valid base URL using the baseURL config option or the BETTER_AUTH_URL environment variable. Without this, callbacks and redirects may not work correctly.`,\n\t\t);\n\t}\n\n\tif (\n\t\tadapter.id === \"memory\" &&\n\t\toptions.advanced?.database?.generateId === false\n\t) {\n\t\tlogger.error(\n\t\t\t`[better-auth] Misconfiguration detected.\nYou are using the memory DB with generateId: false.\nThis will cause no id to be generated for any model.\nMost of the features of Better Auth will not work correctly.`,\n\t\t);\n\t}\n\n\tconst secret =\n\t\toptions.secret ||\n\t\tenv.BETTER_AUTH_SECRET ||\n\t\tenv.AUTH_SECRET ||\n\t\tDEFAULT_SECRET;\n\n\tvalidateSecret(secret, logger);\n\n\toptions = {\n\t\t...options,\n\t\tsecret,\n\t\tbaseURL: baseURL ? new URL(baseURL).origin : \"\",\n\t\tbasePath: options.basePath || \"/api/auth\",\n\t\tplugins: plugins.concat(internalPlugins),\n\t};\n\n\tcheckEndpointConflicts(options, logger);\n\tconst cookies = getCookies(options);\n\tconst tables = getAuthTables(options);\n\tconst providers = (\n\t\tawait Promise.all(\n\t\t\t(\n\t\t\t\tObject.entries(\n\t\t\t\t\toptions.socialProviders || {},\n\t\t\t\t) as unknown as Entries<SocialProviders>\n\t\t\t).map(async ([key, originalConfig]) => {\n\t\t\t\tconst config =\n\t\t\t\t\ttypeof originalConfig === \"function\"\n\t\t\t\t\t\t? await originalConfig()\n\t\t\t\t\t\t: originalConfig;\n\t\t\t\tif (config == null) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\t\t\t\tif (config.enabled === false) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\t\t\t\tif (!config.clientId) {\n\t\t\t\t\tlogger.warn(\n\t\t\t\t\t\t`Social provider ${key} is missing clientId or clientSecret`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tconst provider = socialProviders[key](config as never);\n\t\t\t\t(provider as OAuthProvider).disableImplicitSignUp =\n\t\t\t\t\tconfig.disableImplicitSignUp;\n\t\t\t\treturn provider as OAuthProvider;\n\t\t\t}),\n\t\t)\n\t).filter((x) => x !== null);\n\n\tconst generateIdFunc: AuthContext[\"generateId\"] = ({ model, size }) => {\n\t\tif (typeof (options.advanced as any)?.generateId === \"function\") {\n\t\t\treturn (options.advanced as any).generateId({ model, size });\n\t\t}\n\t\tconst dbGenerateId = options?.advanced?.database?.generateId;\n\t\tif (typeof dbGenerateId === \"function\") {\n\t\t\treturn dbGenerateId({ model, size });\n\t\t}\n\t\tif (dbGenerateId === \"uuid\") {\n\t\t\treturn crypto.randomUUID();\n\t\t}\n\t\tif (dbGenerateId === \"serial\" || dbGenerateId === false) {\n\t\t\treturn false;\n\t\t}\n\t\treturn generateId(size);\n\t};\n\n\tconst { publish } = await createTelemetry(options, {\n\t\tadapter: adapter.id,\n\t\tdatabase:\n\t\t\ttypeof options.database === \"function\"\n\t\t\t\t? \"adapter\"\n\t\t\t\t: getDatabaseType(options.database),\n\t});\n\n\tconst pluginIds = new Set(options.plugins!.map((p) => p.id));\n\n\tconst getPluginFn = (id: string) =>\n\t\t(options.plugins!.find((p) => p.id === id) as never | undefined) ?? null;\n\n\tconst hasPluginFn = (id: string) => pluginIds.has(id);\n\n\tconst trustedOrigins = await getTrustedOrigins(options);\n\tconst trustedProviders = await getTrustedProviders(options);\n\n\tconst ctx: AuthContext = {\n\t\tappName: options.appName || \"Better Auth\",\n\t\tbaseURL: baseURL || \"\",\n\t\tversion: getBetterAuthVersion(),\n\t\tsocialProviders: providers,\n\t\toptions,\n\t\toauthConfig: {\n\t\t\tstoreStateStrategy:\n\t\t\t\toptions.account?.storeStateStrategy ||\n\t\t\t\t(options.database ? \"database\" : \"cookie\"),\n\t\t\tskipStateCookieCheck: !!options.account?.skipStateCookieCheck,\n\t\t},\n\t\ttables,\n\t\ttrustedOrigins,\n\t\ttrustedProviders,\n\t\tisTrustedOrigin(\n\t\t\turl: string,\n\t\t\tsettings?: {\n\t\t\t\tallowRelativePaths: boolean;\n\t\t\t},\n\t\t) {\n\t\t\treturn this.trustedOrigins.some((origin) =>\n\t\t\t\tmatchesOriginPattern(url, origin, settings),\n\t\t\t);\n\t\t},\n\t\tsessionConfig: {\n\t\t\tupdateAge:\n\t\t\t\toptions.session?.updateAge !== undefined\n\t\t\t\t\t? options.session.updateAge\n\t\t\t\t\t: 24 * 60 * 60,\n\t\t\texpiresIn: options.session?.expiresIn || 60 * 60 * 24 * 7,\n\t\t\tfreshAge:\n\t\t\t\toptions.session?.freshAge === undefined\n\t\t\t\t\t? 60 * 60 * 24\n\t\t\t\t\t: options.session.freshAge,\n\t\t\tcookieRefreshCache: (() => {\n\t\t\t\tconst refreshCache = options.session?.cookieCache?.refreshCache;\n\t\t\t\tconst maxAge = options.session?.cookieCache?.maxAge || 60 * 5;\n\n\t\t\t\t// `refreshCache` is intended for fully stateless / DB-less setups.\n\t\t\t\t// If a server-side store is configured, prefer fetching/refreshing from that source\n\t\t\t\t// and disable stateless refresh behavior to avoid confusing/unsafe configurations.\n\t\t\t\tconst isStateful = !!options.database || !!options.secondaryStorage;\n\t\t\t\tif (isStateful && refreshCache) {\n\t\t\t\t\tlogger.warn(\n\t\t\t\t\t\t\"[better-auth] `session.cookieCache.refreshCache` is enabled while `database` or `secondaryStorage` is configured. `refreshCache` is meant for stateless (DB-less) setups. Disabling `refreshCache` — remove it from your config to silence this warning.\",\n\t\t\t\t\t);\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\tif (refreshCache === false || refreshCache === undefined) {\n\t\t\t\t\treturn false;\n\t\t\t\t}\n\n\t\t\t\tif (refreshCache === true) {\n\t\t\t\t\treturn {\n\t\t\t\t\t\tenabled: true,\n\t\t\t\t\t\tupdateAge: Math.floor(maxAge * 0.2),\n\t\t\t\t\t};\n\t\t\t\t}\n\n\t\t\t\treturn {\n\t\t\t\t\tenabled: true,\n\t\t\t\t\tupdateAge:\n\t\t\t\t\t\trefreshCache.updateAge !== undefined\n\t\t\t\t\t\t\t? refreshCache.updateAge\n\t\t\t\t\t\t\t: Math.floor(maxAge * 0.2),\n\t\t\t\t};\n\t\t\t})(),\n\t\t},\n\t\tsecret,\n\t\trateLimit: {\n\t\t\t...options.rateLimit,\n\t\t\tenabled: options.rateLimit?.enabled ?? isProduction,\n\t\t\twindow: options.rateLimit?.window || 10,\n\t\t\tmax: options.rateLimit?.max || 100,\n\t\t\tstorage:\n\t\t\t\toptions.rateLimit?.storage ||\n\t\t\t\t(options.secondaryStorage ? \"secondary-storage\" : \"memory\"),\n\t\t},\n\t\tauthCookies: cookies,\n\t\tlogger,\n\t\tgenerateId: generateIdFunc,\n\t\tsession: null,\n\t\tsecondaryStorage: options.secondaryStorage,\n\t\tpassword: {\n\t\t\thash: options.emailAndPassword?.password?.hash || hashPassword,\n\t\t\tverify: options.emailAndPassword?.password?.verify || verifyPassword,\n\t\t\tconfig: {\n\t\t\t\tminPasswordLength: options.emailAndPassword?.minPasswordLength || 8,\n\t\t\t\tmaxPasswordLength: options.emailAndPassword?.maxPasswordLength || 128,\n\t\t\t},\n\t\t\tcheckPassword,\n\t\t},\n\t\tsetNewSession(session) {\n\t\t\tthis.newSession = session;\n\t\t},\n\t\tnewSession: null,\n\t\tadapter: adapter,\n\t\tinternalAdapter: createInternalAdapter(adapter, {\n\t\t\toptions,\n\t\t\tlogger,\n\t\t\thooks: options.databaseHooks ? [options.databaseHooks] : [],\n\t\t\tgenerateId: generateIdFunc,\n\t\t}),\n\t\tcreateAuthCookie: createCookieGetter(options),\n\t\tasync runMigrations() {\n\t\t\tthrow new BetterAuthError(\n\t\t\t\t\"runMigrations will be set by the specific init implementation\",\n\t\t\t);\n\t\t},\n\t\tpublishTelemetry: publish,\n\t\tskipCSRFCheck: !!options.advanced?.disableCSRFCheck,\n\t\tskipOriginCheck:\n\t\t\toptions.advanced?.disableOriginCheck !== undefined\n\t\t\t\t? options.advanced.disableOriginCheck\n\t\t\t\t: isTest()\n\t\t\t\t\t? true\n\t\t\t\t\t: false,\n\t\trunInBackground:\n\t\t\toptions.advanced?.backgroundTasks?.handler ??\n\t\t\t((p) => {\n\t\t\t\tp.catch(() => {});\n\t\t\t}),\n\t\tasync runInBackgroundOrAwait(\n\t\t\tpromise: Promise<unknown> | Promise<void> | void | unknown,\n\t\t) {\n\t\t\ttry {\n\t\t\t\tif (options.advanced?.backgroundTasks?.handler) {\n\t\t\t\t\tif (promise instanceof Promise) {\n\t\t\t\t\t\toptions.advanced.backgroundTasks.handler(\n\t\t\t\t\t\t\tpromise.catch((e) => {\n\t\t\t\t\t\t\t\tlogger.error(\"Failed to run background task:\", e);\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tawait promise;\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tlogger.error(\"Failed to run background task:\", e);\n\t\t\t}\n\t\t},\n\t\tgetPlugin: getPluginFn,\n\t\thasPlugin: hasPluginFn as never,\n\t};\n\n\tconst initOrPromise = runPluginInit(ctx);\n\tif (isPromise(initOrPromise)) {\n\t\tawait initOrPromise;\n\t}\n\n\treturn ctx as unknown as AuthContext<Options>;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAiCA,SAAS,gBAAgB,KAAqB;CAC7C,MAAM,SAAS,IAAI,IAAI,IAAI,CAAC;AAC5B,KAAI,WAAW,EAAG,QAAO;AACzB,QAAO,KAAK,KAAK,KAAK,IAAI,QAAQ,IAAI,OAAO,CAAC;;;;;;;;AAS/C,SAAS,eACR,QACA,QACO;CACP,MAAM,kBAAkB,WAAW;AAEnC,KAAI,QAAQ,CACX;AAGD,KAAI,mBAAmB,aACtB,OAAM,IAAI,gBACT,wIACA;AAGF,KAAI,CAAC,OACJ,OAAM,IAAI,gBACT,0GACA;AAGF,KAAI,OAAO,SAAS,GACnB,QAAO,KACN,oLACA;AAKF,KADgB,gBAAgB,OAAO,GACzB,IACb,QAAO,KACN,sHACA;;AAIH,eAAsB,kBACrB,SACA,SACA,iBACgC;AAEhC,KAAI,CAAC,QAAQ,SACZ,WAAU,KAAK,SAAS;EACvB,SAAS,EACR,aAAa;GACZ,SAAS;GACT,UAAU;GACV,cAAc;GACd,EACD;EACD,SAAS;GACR,oBAAoB;GACpB,oBAAoB;GACpB;EACD,CAAC;CAEH,MAAM,UAAU,QAAQ,WAAW,EAAE;CACrC,MAAM,kBAAkB,mBAAmB,QAAQ;CACnD,MAAM,SAAS,aAAa,QAAQ,OAAO;CAC3C,MAAM,UAAU,WAAW,QAAQ,SAAS,QAAQ,SAAS;AAE7D,KAAI,CAAC,QACJ,QAAO,KACN,yNACA;AAGF,KACC,QAAQ,OAAO,YACf,QAAQ,UAAU,UAAU,eAAe,MAE3C,QAAO,MACN;;;8DAIA;CAGF,MAAM,SACL,QAAQ,UACR,IAAI,sBACJ,IAAI,eACJ;AAED,gBAAe,QAAQ,OAAO;AAE9B,WAAU;EACT,GAAG;EACH;EACA,SAAS,UAAU,IAAI,IAAI,QAAQ,CAAC,SAAS;EAC7C,UAAU,QAAQ,YAAY;EAC9B,SAAS,QAAQ,OAAO,gBAAgB;EACxC;AAED,wBAAuB,SAAS,OAAO;CACvC,MAAM,UAAU,WAAW,QAAQ;CACnC,MAAM,SAAS,cAAc,QAAQ;CACrC,MAAM,aACL,MAAM,QAAQ,IAEZ,OAAO,QACN,QAAQ,mBAAmB,EAAE,CAC7B,CACA,IAAI,OAAO,CAAC,KAAK,oBAAoB;EACtC,MAAM,SACL,OAAO,mBAAmB,aACvB,MAAM,gBAAgB,GACtB;AACJ,MAAI,UAAU,KACb,QAAO;AAER,MAAI,OAAO,YAAY,MACtB,QAAO;AAER,MAAI,CAAC,OAAO,SACX,QAAO,KACN,mBAAmB,IAAI,sCACvB;EAEF,MAAM,WAAW,gBAAgB,KAAK,OAAgB;AACtD,EAAC,SAA2B,wBAC3B,OAAO;AACR,SAAO;GACN,CACF,EACA,QAAQ,MAAM,MAAM,KAAK;CAE3B,MAAM,kBAA6C,EAAE,OAAO,WAAW;AACtE,MAAI,OAAQ,QAAQ,UAAkB,eAAe,WACpD,QAAQ,QAAQ,SAAiB,WAAW;GAAE;GAAO;GAAM,CAAC;EAE7D,MAAM,eAAe,SAAS,UAAU,UAAU;AAClD,MAAI,OAAO,iBAAiB,WAC3B,QAAO,aAAa;GAAE;GAAO;GAAM,CAAC;AAErC,MAAI,iBAAiB,OACpB,QAAO,OAAO,YAAY;AAE3B,MAAI,iBAAiB,YAAY,iBAAiB,MACjD,QAAO;AAER,SAAO,WAAW,KAAK;;CAGxB,MAAM,EAAE,YAAY,MAAM,gBAAgB,SAAS;EAClD,SAAS,QAAQ;EACjB,UACC,OAAO,QAAQ,aAAa,aACzB,YACA,gBAAgB,QAAQ,SAAS;EACrC,CAAC;CAEF,MAAM,YAAY,IAAI,IAAI,QAAQ,QAAS,KAAK,MAAM,EAAE,GAAG,CAAC;CAE5D,MAAM,eAAe,OACnB,QAAQ,QAAS,MAAM,MAAM,EAAE,OAAO,GAAG,IAA0B;CAErE,MAAM,eAAe,OAAe,UAAU,IAAI,GAAG;CAErD,MAAM,iBAAiB,MAAM,kBAAkB,QAAQ;CACvD,MAAM,mBAAmB,MAAM,oBAAoB,QAAQ;CAE3D,MAAM,MAAmB;EACxB,SAAS,QAAQ,WAAW;EAC5B,SAAS,WAAW;EACpB,SAAS,sBAAsB;EAC/B,iBAAiB;EACjB;EACA,aAAa;GACZ,oBACC,QAAQ,SAAS,uBAChB,QAAQ,WAAW,aAAa;GAClC,sBAAsB,CAAC,CAAC,QAAQ,SAAS;GACzC;EACD;EACA;EACA;EACA,gBACC,KACA,UAGC;AACD,UAAO,KAAK,eAAe,MAAM,WAChC,qBAAqB,KAAK,QAAQ,SAAS,CAC3C;;EAEF,eAAe;GACd,WACC,QAAQ,SAAS,cAAc,SAC5B,QAAQ,QAAQ,YAChB,OAAU;GACd,WAAW,QAAQ,SAAS,aAAa,OAAU,KAAK;GACxD,UACC,QAAQ,SAAS,aAAa,SAC3B,OAAU,KACV,QAAQ,QAAQ;GACpB,2BAA2B;IAC1B,MAAM,eAAe,QAAQ,SAAS,aAAa;IACnD,MAAM,SAAS,QAAQ,SAAS,aAAa,UAAU;AAMvD,SADmB,CAAC,CAAC,QAAQ,YAAY,CAAC,CAAC,QAAQ,qBACjC,cAAc;AAC/B,YAAO,KACN,2PACA;AACD,YAAO;;AAGR,QAAI,iBAAiB,SAAS,iBAAiB,OAC9C,QAAO;AAGR,QAAI,iBAAiB,KACpB,QAAO;KACN,SAAS;KACT,WAAW,KAAK,MAAM,SAAS,GAAI;KACnC;AAGF,WAAO;KACN,SAAS;KACT,WACC,aAAa,cAAc,SACxB,aAAa,YACb,KAAK,MAAM,SAAS,GAAI;KAC5B;OACE;GACJ;EACD;EACA,WAAW;GACV,GAAG,QAAQ;GACX,SAAS,QAAQ,WAAW,WAAW;GACvC,QAAQ,QAAQ,WAAW,UAAU;GACrC,KAAK,QAAQ,WAAW,OAAO;GAC/B,SACC,QAAQ,WAAW,YAClB,QAAQ,mBAAmB,sBAAsB;GACnD;EACD,aAAa;EACb;EACA,YAAY;EACZ,SAAS;EACT,kBAAkB,QAAQ;EAC1B,UAAU;GACT,MAAM,QAAQ,kBAAkB,UAAU,QAAQ;GAClD,QAAQ,QAAQ,kBAAkB,UAAU,UAAU;GACtD,QAAQ;IACP,mBAAmB,QAAQ,kBAAkB,qBAAqB;IAClE,mBAAmB,QAAQ,kBAAkB,qBAAqB;IAClE;GACD;GACA;EACD,cAAc,SAAS;AACtB,QAAK,aAAa;;EAEnB,YAAY;EACH;EACT,iBAAiB,sBAAsB,SAAS;GAC/C;GACA;GACA,OAAO,QAAQ,gBAAgB,CAAC,QAAQ,cAAc,GAAG,EAAE;GAC3D,YAAY;GACZ,CAAC;EACF,kBAAkB,mBAAmB,QAAQ;EAC7C,MAAM,gBAAgB;AACrB,SAAM,IAAI,gBACT,gEACA;;EAEF,kBAAkB;EAClB,eAAe,CAAC,CAAC,QAAQ,UAAU;EACnC,iBACC,QAAQ,UAAU,uBAAuB,SACtC,QAAQ,SAAS,qBACjB,QAAQ,GACP,OACA;EACL,iBACC,QAAQ,UAAU,iBAAiB,aACjC,MAAM;AACP,KAAE,YAAY,GAAG;;EAEnB,MAAM,uBACL,SACC;AACD,OAAI;AACH,QAAI,QAAQ,UAAU,iBAAiB,SACtC;SAAI,mBAAmB,QACtB,SAAQ,SAAS,gBAAgB,QAChC,QAAQ,OAAO,MAAM;AACpB,aAAO,MAAM,kCAAkC,EAAE;OAChD,CACF;UAGF,OAAM;YAEC,GAAG;AACX,WAAO,MAAM,kCAAkC,EAAE;;;EAGnD,WAAW;EACX,WAAW;EACX;CAED,MAAM,gBAAgB,cAAc,IAAI;AACxC,KAAI,UAAU,cAAc,CAC3B,OAAM;AAGP,QAAO"}

package/dist/context/helpers.mjs

@@ -0,0 +1,83 @@
+import { getBaseURL } from "../utils/url.mjs";
+import { createInternalAdapter } from "../db/internal-adapter.mjs";
+import "../db/index.mjs";
+import { isPromise } from "../utils/is-promise.mjs";
+import { env } from "@better-auth/core/env";
+import { defu as defu$1 } from "defu";
+
+//#region src/context/helpers.ts
+async function runPluginInit(context) {
+	let options = context.options;
+	const plugins = options.plugins || [];
+	const dbHooks = [];
+	const pluginTrustedOrigins = [];
+	for (const plugin of plugins) if (plugin.init) {
+		const initPromise = plugin.init(context);
+		let result;
+		if (isPromise(initPromise)) result = await initPromise;
+		else result = initPromise;
+		if (typeof result === "object") {
+			if (result.options) {
+				const { databaseHooks, trustedOrigins, ...restOpts } = result.options;
+				if (databaseHooks) dbHooks.push(databaseHooks);
+				if (trustedOrigins) pluginTrustedOrigins.push(trustedOrigins);
+				options = defu$1(options, restOpts);
+			}
+			if (result.context) Object.assign(context, result.context);
+		}
+	}
+	if (pluginTrustedOrigins.length > 0) {
+		const allSources = [...options.trustedOrigins ? [options.trustedOrigins] : [], ...pluginTrustedOrigins];
+		const staticOrigins = allSources.filter(Array.isArray).flat();
+		const dynamicOrigins = allSources.filter((s) => typeof s === "function");
+		if (dynamicOrigins.length > 0) options.trustedOrigins = async (request) => {
+			const resolved = await Promise.all(dynamicOrigins.map((fn) => fn(request)));
+			return [...staticOrigins, ...resolved.flat()].filter((v) => typeof v === "string" && v !== "");
+		};
+		else options.trustedOrigins = staticOrigins;
+	}
+	dbHooks.push(options.databaseHooks);
+	context.internalAdapter = createInternalAdapter(context.adapter, {
+		options,
+		logger: context.logger,
+		hooks: dbHooks.filter((u) => u !== void 0),
+		generateId: context.generateId
+	});
+	context.options = options;
+}
+function getInternalPlugins(options) {
+	const plugins = [];
+	if (options.advanced?.crossSubDomainCookies?.enabled) {}
+	return plugins;
+}
+async function getTrustedOrigins(options, request) {
+	const baseURL = getBaseURL(options.baseURL, options.basePath, request);
+	const trustedOrigins = baseURL ? [new URL(baseURL).origin] : [];
+	if (options.trustedOrigins) {
+		if (Array.isArray(options.trustedOrigins)) trustedOrigins.push(...options.trustedOrigins);
+		if (typeof options.trustedOrigins === "function") {
+			const validOrigins = await options.trustedOrigins(request);
+			trustedOrigins.push(...validOrigins);
+		}
+	}
+	const envTrustedOrigins = env.BETTER_AUTH_TRUSTED_ORIGINS;
+	if (envTrustedOrigins) trustedOrigins.push(...envTrustedOrigins.split(","));
+	return trustedOrigins.filter((v) => Boolean(v));
+}
+async function getAwaitableValue(arr, item) {
+	if (!arr) return void 0;
+	for (const val of arr) {
+		const value = typeof val === "function" ? await val() : val;
+		if (value[item.field ?? "id"] === item.value) return value;
+	}
+}
+async function getTrustedProviders(options, request) {
+	const trustedProviders = options.account?.accountLinking?.trustedProviders;
+	if (!trustedProviders) return [];
+	if (Array.isArray(trustedProviders)) return trustedProviders.filter((v) => Boolean(v));
+	return (await trustedProviders(request) ?? []).filter((v) => Boolean(v));
+}
+
+//#endregion
+export { getAwaitableValue, getInternalPlugins, getTrustedOrigins, getTrustedProviders, runPluginInit };
+//# sourceMappingURL=helpers.mjs.map

package/dist/context/helpers.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.mjs","names":["defu"],"sources":["../../src/context/helpers.ts"],"sourcesContent":["import type {\n\tAuthContext,\n\tAwaitableFunction,\n\tBetterAuthOptions,\n\tBetterAuthPlugin,\n} from \"@better-auth/core\";\nimport { env } from \"@better-auth/core/env\";\nimport { defu } from \"defu\";\nimport { createInternalAdapter } from \"../db\";\nimport { isPromise } from \"../utils/is-promise\";\nimport { getBaseURL } from \"../utils/url\";\n\nexport async function runPluginInit(context: AuthContext) {\n\tlet options = context.options;\n\tconst plugins = options.plugins || [];\n\tconst dbHooks: BetterAuthOptions[\"databaseHooks\"][] = [];\n\tconst pluginTrustedOrigins: NonNullable<\n\t\tBetterAuthOptions[\"trustedOrigins\"]\n\t>[] = [];\n\tfor (const plugin of plugins) {\n\t\tif (plugin.init) {\n\t\t\tconst initPromise = plugin.init(context);\n\t\t\tlet result: ReturnType<Required<BetterAuthPlugin>[\"init\"]>;\n\t\t\tif (isPromise(initPromise)) {\n\t\t\t\tresult = await initPromise;\n\t\t\t} else {\n\t\t\t\tresult = initPromise;\n\t\t\t}\n\t\t\tif (typeof result === \"object\") {\n\t\t\t\tif (result.options) {\n\t\t\t\t\tconst { databaseHooks, trustedOrigins, ...restOpts } = result.options;\n\t\t\t\t\tif (databaseHooks) {\n\t\t\t\t\t\tdbHooks.push(databaseHooks);\n\t\t\t\t\t}\n\t\t\t\t\tif (trustedOrigins) {\n\t\t\t\t\t\tpluginTrustedOrigins.push(trustedOrigins);\n\t\t\t\t\t}\n\t\t\t\t\toptions = defu(options, restOpts);\n\t\t\t\t}\n\t\t\t\tif (result.context) {\n\t\t\t\t\t// Use Object.assign to keep the reference to the original context\n\t\t\t\t\tObject.assign(context, result.context);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\tif (pluginTrustedOrigins.length > 0) {\n\t\tconst allSources = [\n\t\t\t...(options.trustedOrigins ? [options.trustedOrigins] : []),\n\t\t\t...pluginTrustedOrigins,\n\t\t];\n\t\tconst staticOrigins = allSources.filter(Array.isArray).flat();\n\t\tconst dynamicOrigins = allSources.filter(\n\t\t\t(s): s is Exclude<typeof s, string[]> => typeof s === \"function\",\n\t\t);\n\t\tif (dynamicOrigins.length > 0) {\n\t\t\toptions.trustedOrigins = async (request) => {\n\t\t\t\tconst resolved = await Promise.all(\n\t\t\t\t\tdynamicOrigins.map((fn) => fn(request)),\n\t\t\t\t);\n\t\t\t\treturn [...staticOrigins, ...resolved.flat()].filter(\n\t\t\t\t\t(v): v is string => typeof v === \"string\" && v !== \"\",\n\t\t\t\t);\n\t\t\t};\n\t\t} else {\n\t\t\toptions.trustedOrigins = staticOrigins;\n\t\t}\n\t}\n\t// Add the global database hooks last\n\tdbHooks.push(options.databaseHooks);\n\tcontext.internalAdapter = createInternalAdapter(context.adapter, {\n\t\toptions,\n\t\tlogger: context.logger,\n\t\thooks: dbHooks.filter((u) => u !== undefined),\n\t\tgenerateId: context.generateId,\n\t});\n\tcontext.options = options;\n}\n\nexport function getInternalPlugins(options: BetterAuthOptions) {\n\tconst plugins: BetterAuthPlugin[] = [];\n\tif (options.advanced?.crossSubDomainCookies?.enabled) {\n\t\t// TODO: add internal plugin\n\t}\n\treturn plugins;\n}\n\nexport async function getTrustedOrigins(\n\toptions: BetterAuthOptions,\n\trequest?: Request,\n): Promise<string[]> {\n\tconst baseURL = getBaseURL(options.baseURL, options.basePath, request);\n\tconst trustedOrigins: (string | undefined | null)[] = baseURL\n\t\t? [new URL(baseURL).origin]\n\t\t: [];\n\tif (options.trustedOrigins) {\n\t\tif (Array.isArray(options.trustedOrigins)) {\n\t\t\ttrustedOrigins.push(...options.trustedOrigins);\n\t\t}\n\t\tif (typeof options.trustedOrigins === \"function\") {\n\t\t\tconst validOrigins = await options.trustedOrigins(request);\n\t\t\ttrustedOrigins.push(...validOrigins);\n\t\t}\n\t}\n\tconst envTrustedOrigins = env.BETTER_AUTH_TRUSTED_ORIGINS;\n\tif (envTrustedOrigins) {\n\t\ttrustedOrigins.push(...envTrustedOrigins.split(\",\"));\n\t}\n\treturn trustedOrigins.filter((v): v is string => Boolean(v));\n}\n\nexport async function getAwaitableValue<T extends Record<string, any>>(\n\tarr: AwaitableFunction<T>[] | undefined,\n\titem: { field?: string; value: string },\n): Promise<T | undefined> {\n\tif (!arr) return undefined;\n\tfor (const val of arr) {\n\t\tconst value = typeof val === \"function\" ? await val() : val;\n\t\tif (value[item.field ?? \"id\"] === item.value) {\n\t\t\treturn value;\n\t\t}\n\t}\n\treturn undefined;\n}\n\nexport async function getTrustedProviders(\n\toptions: BetterAuthOptions,\n\trequest?: Request,\n): Promise<string[]> {\n\tconst trustedProviders = options.account?.accountLinking?.trustedProviders;\n\tif (!trustedProviders) {\n\t\treturn [];\n\t}\n\tif (Array.isArray(trustedProviders)) {\n\t\treturn trustedProviders.filter((v): v is string => Boolean(v));\n\t}\n\tconst resolved = await trustedProviders(request);\n\treturn (resolved ?? []).filter((v): v is string => Boolean(v));\n}\n"],"mappings":";;;;;;;;AAYA,eAAsB,cAAc,SAAsB;CACzD,IAAI,UAAU,QAAQ;CACtB,MAAM,UAAU,QAAQ,WAAW,EAAE;CACrC,MAAM,UAAgD,EAAE;CACxD,MAAM,uBAEA,EAAE;AACR,MAAK,MAAM,UAAU,QACpB,KAAI,OAAO,MAAM;EAChB,MAAM,cAAc,OAAO,KAAK,QAAQ;EACxC,IAAI;AACJ,MAAI,UAAU,YAAY,CACzB,UAAS,MAAM;MAEf,UAAS;AAEV,MAAI,OAAO,WAAW,UAAU;AAC/B,OAAI,OAAO,SAAS;IACnB,MAAM,EAAE,eAAe,gBAAgB,GAAG,aAAa,OAAO;AAC9D,QAAI,cACH,SAAQ,KAAK,cAAc;AAE5B,QAAI,eACH,sBAAqB,KAAK,eAAe;AAE1C,cAAUA,OAAK,SAAS,SAAS;;AAElC,OAAI,OAAO,QAEV,QAAO,OAAO,SAAS,OAAO,QAAQ;;;AAK1C,KAAI,qBAAqB,SAAS,GAAG;EACpC,MAAM,aAAa,CAClB,GAAI,QAAQ,iBAAiB,CAAC,QAAQ,eAAe,GAAG,EAAE,EAC1D,GAAG,qBACH;EACD,MAAM,gBAAgB,WAAW,OAAO,MAAM,QAAQ,CAAC,MAAM;EAC7D,MAAM,iBAAiB,WAAW,QAChC,MAAwC,OAAO,MAAM,WACtD;AACD,MAAI,eAAe,SAAS,EAC3B,SAAQ,iBAAiB,OAAO,YAAY;GAC3C,MAAM,WAAW,MAAM,QAAQ,IAC9B,eAAe,KAAK,OAAO,GAAG,QAAQ,CAAC,CACvC;AACD,UAAO,CAAC,GAAG,eAAe,GAAG,SAAS,MAAM,CAAC,CAAC,QAC5C,MAAmB,OAAO,MAAM,YAAY,MAAM,GACnD;;MAGF,SAAQ,iBAAiB;;AAI3B,SAAQ,KAAK,QAAQ,cAAc;AACnC,SAAQ,kBAAkB,sBAAsB,QAAQ,SAAS;EAChE;EACA,QAAQ,QAAQ;EAChB,OAAO,QAAQ,QAAQ,MAAM,MAAM,OAAU;EAC7C,YAAY,QAAQ;EACpB,CAAC;AACF,SAAQ,UAAU;;AAGnB,SAAgB,mBAAmB,SAA4B;CAC9D,MAAM,UAA8B,EAAE;AACtC,KAAI,QAAQ,UAAU,uBAAuB,SAAS;AAGtD,QAAO;;AAGR,eAAsB,kBACrB,SACA,SACoB;CACpB,MAAM,UAAU,WAAW,QAAQ,SAAS,QAAQ,UAAU,QAAQ;CACtE,MAAM,iBAAgD,UACnD,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,GACzB,EAAE;AACL,KAAI,QAAQ,gBAAgB;AAC3B,MAAI,MAAM,QAAQ,QAAQ,eAAe,CACxC,gBAAe,KAAK,GAAG,QAAQ,eAAe;AAE/C,MAAI,OAAO,QAAQ,mBAAmB,YAAY;GACjD,MAAM,eAAe,MAAM,QAAQ,eAAe,QAAQ;AAC1D,kBAAe,KAAK,GAAG,aAAa;;;CAGtC,MAAM,oBAAoB,IAAI;AAC9B,KAAI,kBACH,gBAAe,KAAK,GAAG,kBAAkB,MAAM,IAAI,CAAC;AAErD,QAAO,eAAe,QAAQ,MAAmB,QAAQ,EAAE,CAAC;;AAG7D,eAAsB,kBACrB,KACA,MACyB;AACzB,KAAI,CAAC,IAAK,QAAO;AACjB,MAAK,MAAM,OAAO,KAAK;EACtB,MAAM,QAAQ,OAAO,QAAQ,aAAa,MAAM,KAAK,GAAG;AACxD,MAAI,MAAM,KAAK,SAAS,UAAU,KAAK,MACtC,QAAO;;;AAMV,eAAsB,oBACrB,SACA,SACoB;CACpB,MAAM,mBAAmB,QAAQ,SAAS,gBAAgB;AAC1D,KAAI,CAAC,iBACJ,QAAO,EAAE;AAEV,KAAI,MAAM,QAAQ,iBAAiB,CAClC,QAAO,iBAAiB,QAAQ,MAAmB,QAAQ,EAAE,CAAC;AAG/D,SADiB,MAAM,iBAAiB,QAAQ,IAC5B,EAAE,EAAE,QAAQ,MAAmB,QAAQ,EAAE,CAAC"}

package/dist/context/init.mjs

@@ -0,0 +1,20 @@
+import { getBaseAdapter } from "../db/adapter-base.mjs";
+import { createAuthContext } from "./create-context.mjs";
+import { BetterAuthError } from "@better-auth/core/error";
+
+//#region src/context/init.ts
+const init = async (options) => {
+	const adapter = await getBaseAdapter(options, async () => {
+		throw new BetterAuthError("Direct database connection requires Kysely. Please use `better-auth` instead of `better-auth/minimal`, or provide an adapter (drizzleAdapter, prismaAdapter, etc.)");
+	});
+	const getDatabaseType = (_database) => "unknown";
+	const ctx = await createAuthContext(adapter, options, getDatabaseType);
+	ctx.runMigrations = async function() {
+		throw new BetterAuthError("Migrations are not supported in 'better-auth/minimal'. Please use 'better-auth' for migration support.");
+	};
+	return ctx;
+};
+
+//#endregion
+export { init };
+//# sourceMappingURL=init.mjs.map

package/dist/context/init.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.mjs","names":[],"sources":["../../src/context/init.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\";\nimport { BetterAuthError } from \"@better-auth/core/error\";\nimport { getBaseAdapter } from \"../db/adapter-base\";\nimport { createAuthContext } from \"./create-context\";\n\nexport const init = async (options: BetterAuthOptions) => {\n\tconst adapter = await getBaseAdapter(options, async () => {\n\t\tthrow new BetterAuthError(\n\t\t\t\"Direct database connection requires Kysely. Please use `better-auth` instead of `better-auth/minimal`, or provide an adapter (drizzleAdapter, prismaAdapter, etc.)\",\n\t\t);\n\t});\n\n\t// Without Kysely, we can't detect database type, so always return \"unknown\"\n\tconst getDatabaseType = (_database: BetterAuthOptions[\"database\"]) =>\n\t\t\"unknown\";\n\n\t// Use base context creation\n\tconst ctx = await createAuthContext(adapter, options, getDatabaseType);\n\n\t// Add runMigrations that throws error (migrations require Kysely)\n\tctx.runMigrations = async function () {\n\t\tthrow new BetterAuthError(\n\t\t\t\"Migrations are not supported in 'better-auth/minimal'. Please use 'better-auth' for migration support.\",\n\t\t);\n\t};\n\n\treturn ctx;\n};\n"],"mappings":";;;;;AAKA,MAAa,OAAO,OAAO,YAA+B;CACzD,MAAM,UAAU,MAAM,eAAe,SAAS,YAAY;AACzD,QAAM,IAAI,gBACT,qKACA;GACA;CAGF,MAAM,mBAAmB,cACxB;CAGD,MAAM,MAAM,MAAM,kBAAkB,SAAS,SAAS,gBAAgB;AAGtE,KAAI,gBAAgB,iBAAkB;AACrC,QAAM,IAAI,gBACT,yGACA;;AAGF,QAAO"}

package/dist/cookies/cookie-utils.d.mts

@@ -0,0 +1,29 @@
+//#region src/cookies/cookie-utils.d.ts
+interface CookieAttributes {
+  value: string;
+  "max-age"?: number | undefined;
+  expires?: Date | undefined;
+  domain?: string | undefined;
+  path?: string | undefined;
+  secure?: boolean | undefined;
+  httponly?: boolean | undefined;
+  samesite?: ("strict" | "lax" | "none") | undefined;
+  [key: string]: any;
+}
+declare const SECURE_COOKIE_PREFIX = "__Secure-";
+declare const HOST_COOKIE_PREFIX = "__Host-";
+/**
+ * Remove __Secure- or __Host- prefix from cookie name.
+ */
+declare function stripSecureCookiePrefix(cookieName: string): string;
+/**
+ * Split `Set-Cookie` header, handling commas in `Expires` dates.
+ */
+declare function splitSetCookieHeader(setCookie: string): string[];
+declare function parseSetCookieHeader(setCookie: string): Map<string, CookieAttributes>;
+declare function setCookieToHeader(headers: Headers): (context: {
+  response: Response;
+}) => void;
+//#endregion
+export { CookieAttributes, HOST_COOKIE_PREFIX, SECURE_COOKIE_PREFIX, parseSetCookieHeader, setCookieToHeader, splitSetCookieHeader, stripSecureCookiePrefix };
+//# sourceMappingURL=cookie-utils.d.mts.map