@sirketio/auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (594) hide show
  1. package/dist/_virtual/_rolldown/runtime.mjs +36 -0
  2. package/dist/adapter/index.d.mts +4 -0
  3. package/dist/adapter/index.mjs +7 -0
  4. package/dist/api/index.d.mts +3872 -0
  5. package/dist/api/index.mjs +206 -0
  6. package/dist/api/index.mjs.map +1 -0
  7. package/dist/api/middlewares/index.d.mts +1 -0
  8. package/dist/api/middlewares/index.mjs +3 -0
  9. package/dist/api/middlewares/origin-check.d.mts +18 -0
  10. package/dist/api/middlewares/origin-check.mjs +140 -0
  11. package/dist/api/middlewares/origin-check.mjs.map +1 -0
  12. package/dist/api/rate-limiter/index.mjs +204 -0
  13. package/dist/api/rate-limiter/index.mjs.map +1 -0
  14. package/dist/api/routes/account.d.mts +410 -0
  15. package/dist/api/routes/account.mjs +493 -0
  16. package/dist/api/routes/account.mjs.map +1 -0
  17. package/dist/api/routes/callback.d.mts +31 -0
  18. package/dist/api/routes/callback.mjs +179 -0
  19. package/dist/api/routes/callback.mjs.map +1 -0
  20. package/dist/api/routes/email-verification.d.mts +161 -0
  21. package/dist/api/routes/email-verification.mjs +299 -0
  22. package/dist/api/routes/email-verification.mjs.map +1 -0
  23. package/dist/api/routes/error.d.mts +28 -0
  24. package/dist/api/routes/error.mjs +386 -0
  25. package/dist/api/routes/error.mjs.map +1 -0
  26. package/dist/api/routes/index.d.mts +11 -0
  27. package/dist/api/routes/index.mjs +13 -0
  28. package/dist/api/routes/ok.d.mts +36 -0
  29. package/dist/api/routes/ok.mjs +30 -0
  30. package/dist/api/routes/ok.mjs.map +1 -0
  31. package/dist/api/routes/password.d.mts +182 -0
  32. package/dist/api/routes/password.mjs +198 -0
  33. package/dist/api/routes/password.mjs.map +1 -0
  34. package/dist/api/routes/session.d.mts +415 -0
  35. package/dist/api/routes/session.mjs +483 -0
  36. package/dist/api/routes/session.mjs.map +1 -0
  37. package/dist/api/routes/sign-in.d.mts +171 -0
  38. package/dist/api/routes/sign-in.mjs +263 -0
  39. package/dist/api/routes/sign-in.mjs.map +1 -0
  40. package/dist/api/routes/sign-out.d.mts +36 -0
  41. package/dist/api/routes/sign-out.mjs +33 -0
  42. package/dist/api/routes/sign-out.mjs.map +1 -0
  43. package/dist/api/routes/sign-up.d.mts +160 -0
  44. package/dist/api/routes/sign-up.mjs +227 -0
  45. package/dist/api/routes/sign-up.mjs.map +1 -0
  46. package/dist/api/routes/update-user.d.mts +445 -0
  47. package/dist/api/routes/update-user.mjs +493 -0
  48. package/dist/api/routes/update-user.mjs.map +1 -0
  49. package/dist/api/state/oauth.d.mts +18 -0
  50. package/dist/api/state/oauth.mjs +8 -0
  51. package/dist/api/state/oauth.mjs.map +1 -0
  52. package/dist/api/state/should-session-refresh.d.mts +13 -0
  53. package/dist/api/state/should-session-refresh.mjs +16 -0
  54. package/dist/api/state/should-session-refresh.mjs.map +1 -0
  55. package/dist/api/to-auth-endpoints.mjs +197 -0
  56. package/dist/api/to-auth-endpoints.mjs.map +1 -0
  57. package/dist/auth/base.mjs +45 -0
  58. package/dist/auth/base.mjs.map +1 -0
  59. package/dist/auth/minimal.d.mts +12 -0
  60. package/dist/auth/minimal.mjs +14 -0
  61. package/dist/auth/minimal.mjs.map +1 -0
  62. package/dist/auth/trusted-origins.mjs +31 -0
  63. package/dist/auth/trusted-origins.mjs.map +1 -0
  64. package/dist/client/broadcast-channel.d.mts +20 -0
  65. package/dist/client/broadcast-channel.mjs +46 -0
  66. package/dist/client/broadcast-channel.mjs.map +1 -0
  67. package/dist/client/config.mjs +90 -0
  68. package/dist/client/config.mjs.map +1 -0
  69. package/dist/client/fetch-plugins.mjs +18 -0
  70. package/dist/client/fetch-plugins.mjs.map +1 -0
  71. package/dist/client/focus-manager.d.mts +11 -0
  72. package/dist/client/focus-manager.mjs +32 -0
  73. package/dist/client/focus-manager.mjs.map +1 -0
  74. package/dist/client/index.d.mts +33 -0
  75. package/dist/client/index.mjs +21 -0
  76. package/dist/client/index.mjs.map +1 -0
  77. package/dist/client/online-manager.d.mts +12 -0
  78. package/dist/client/online-manager.mjs +35 -0
  79. package/dist/client/online-manager.mjs.map +1 -0
  80. package/dist/client/parser.mjs +73 -0
  81. package/dist/client/parser.mjs.map +1 -0
  82. package/dist/client/path-to-object.d.mts +65 -0
  83. package/dist/client/plugins/index.d.mts +53 -0
  84. package/dist/client/plugins/index.mjs +30 -0
  85. package/dist/client/plugins/infer-plugin.d.mts +16 -0
  86. package/dist/client/plugins/infer-plugin.mjs +11 -0
  87. package/dist/client/plugins/infer-plugin.mjs.map +1 -0
  88. package/dist/client/proxy.mjs +79 -0
  89. package/dist/client/proxy.mjs.map +1 -0
  90. package/dist/client/query.d.mts +23 -0
  91. package/dist/client/query.mjs +98 -0
  92. package/dist/client/query.mjs.map +1 -0
  93. package/dist/client/react/index.d.mts +128 -0
  94. package/dist/client/react/index.mjs +24 -0
  95. package/dist/client/react/index.mjs.map +1 -0
  96. package/dist/client/react/react-store.d.mts +47 -0
  97. package/dist/client/react/react-store.mjs +47 -0
  98. package/dist/client/react/react-store.mjs.map +1 -0
  99. package/dist/client/session-atom.mjs +29 -0
  100. package/dist/client/session-atom.mjs.map +1 -0
  101. package/dist/client/session-refresh.d.mts +28 -0
  102. package/dist/client/session-refresh.mjs +140 -0
  103. package/dist/client/session-refresh.mjs.map +1 -0
  104. package/dist/client/types.d.mts +41 -0
  105. package/dist/client/vanilla.d.mts +127 -0
  106. package/dist/client/vanilla.mjs +20 -0
  107. package/dist/client/vanilla.mjs.map +1 -0
  108. package/dist/context/create-context.mjs +211 -0
  109. package/dist/context/create-context.mjs.map +1 -0
  110. package/dist/context/helpers.mjs +83 -0
  111. package/dist/context/helpers.mjs.map +1 -0
  112. package/dist/context/init.mjs +20 -0
  113. package/dist/context/init.mjs.map +1 -0
  114. package/dist/cookies/cookie-utils.d.mts +29 -0
  115. package/dist/cookies/cookie-utils.mjs +105 -0
  116. package/dist/cookies/cookie-utils.mjs.map +1 -0
  117. package/dist/cookies/index.d.mts +121 -0
  118. package/dist/cookies/index.mjs +261 -0
  119. package/dist/cookies/index.mjs.map +1 -0
  120. package/dist/cookies/session-store.d.mts +36 -0
  121. package/dist/cookies/session-store.mjs +200 -0
  122. package/dist/cookies/session-store.mjs.map +1 -0
  123. package/dist/crypto/buffer.d.mts +8 -0
  124. package/dist/crypto/buffer.mjs +18 -0
  125. package/dist/crypto/buffer.mjs.map +1 -0
  126. package/dist/crypto/index.d.mts +27 -0
  127. package/dist/crypto/index.mjs +38 -0
  128. package/dist/crypto/index.mjs.map +1 -0
  129. package/dist/crypto/jwt.d.mts +8 -0
  130. package/dist/crypto/jwt.mjs +95 -0
  131. package/dist/crypto/jwt.mjs.map +1 -0
  132. package/dist/crypto/password.d.mts +12 -0
  133. package/dist/crypto/password.mjs +36 -0
  134. package/dist/crypto/password.mjs.map +1 -0
  135. package/dist/crypto/random.d.mts +5 -0
  136. package/dist/crypto/random.mjs +8 -0
  137. package/dist/crypto/random.mjs.map +1 -0
  138. package/dist/db/adapter-base.d.mts +8 -0
  139. package/dist/db/adapter-base.mjs +19 -0
  140. package/dist/db/adapter-base.mjs.map +1 -0
  141. package/dist/db/field-converter.d.mts +8 -0
  142. package/dist/db/field-converter.mjs +21 -0
  143. package/dist/db/field-converter.mjs.map +1 -0
  144. package/dist/db/field.d.mts +42 -0
  145. package/dist/db/get-schema.d.mts +11 -0
  146. package/dist/db/get-schema.mjs +39 -0
  147. package/dist/db/get-schema.mjs.map +1 -0
  148. package/dist/db/index.d.mts +18 -0
  149. package/dist/db/index.mjs +34 -0
  150. package/dist/db/index.mjs.map +1 -0
  151. package/dist/db/internal-adapter.d.mts +14 -0
  152. package/dist/db/internal-adapter.mjs +616 -0
  153. package/dist/db/internal-adapter.mjs.map +1 -0
  154. package/dist/db/schema.d.mts +49 -0
  155. package/dist/db/schema.mjs +118 -0
  156. package/dist/db/schema.mjs.map +1 -0
  157. package/dist/db/to-zod.d.mts +36 -0
  158. package/dist/db/to-zod.mjs +26 -0
  159. package/dist/db/to-zod.mjs.map +1 -0
  160. package/dist/db/verification-token-storage.mjs +28 -0
  161. package/dist/db/verification-token-storage.mjs.map +1 -0
  162. package/dist/db/with-hooks.d.mts +33 -0
  163. package/dist/db/with-hooks.mjs +159 -0
  164. package/dist/db/with-hooks.mjs.map +1 -0
  165. package/dist/index.d.mts +53 -0
  166. package/dist/index.mjs +27 -0
  167. package/dist/integrations/next-js.d.mts +29 -0
  168. package/dist/integrations/next-js.mjs +85 -0
  169. package/dist/integrations/next-js.mjs.map +1 -0
  170. package/dist/oauth2/index.d.mts +5 -0
  171. package/dist/oauth2/index.mjs +7 -0
  172. package/dist/oauth2/link-account.d.mts +48 -0
  173. package/dist/oauth2/link-account.mjs +143 -0
  174. package/dist/oauth2/link-account.mjs.map +1 -0
  175. package/dist/oauth2/state.d.mts +26 -0
  176. package/dist/oauth2/state.mjs +51 -0
  177. package/dist/oauth2/state.mjs.map +1 -0
  178. package/dist/oauth2/utils.d.mts +8 -0
  179. package/dist/oauth2/utils.mjs +31 -0
  180. package/dist/oauth2/utils.mjs.map +1 -0
  181. package/dist/plugins/access/access.d.mts +30 -0
  182. package/dist/plugins/access/access.mjs +46 -0
  183. package/dist/plugins/access/access.mjs.map +1 -0
  184. package/dist/plugins/access/index.d.mts +3 -0
  185. package/dist/plugins/access/index.mjs +3 -0
  186. package/dist/plugins/access/types.d.mts +17 -0
  187. package/dist/plugins/additional-fields/client.d.mts +96 -0
  188. package/dist/plugins/additional-fields/client.mjs +11 -0
  189. package/dist/plugins/additional-fields/client.mjs.map +1 -0
  190. package/dist/plugins/admin/access/index.d.mts +2 -0
  191. package/dist/plugins/admin/access/index.mjs +3 -0
  192. package/dist/plugins/admin/access/statement.d.mts +118 -0
  193. package/dist/plugins/admin/access/statement.mjs +53 -0
  194. package/dist/plugins/admin/access/statement.mjs.map +1 -0
  195. package/dist/plugins/admin/admin.d.mts +911 -0
  196. package/dist/plugins/admin/admin.mjs +95 -0
  197. package/dist/plugins/admin/admin.mjs.map +1 -0
  198. package/dist/plugins/admin/client.d.mts +76 -0
  199. package/dist/plugins/admin/client.mjs +36 -0
  200. package/dist/plugins/admin/client.mjs.map +1 -0
  201. package/dist/plugins/admin/error-codes.d.mts +29 -0
  202. package/dist/plugins/admin/error-codes.mjs +30 -0
  203. package/dist/plugins/admin/error-codes.mjs.map +1 -0
  204. package/dist/plugins/admin/has-permission.mjs +16 -0
  205. package/dist/plugins/admin/has-permission.mjs.map +1 -0
  206. package/dist/plugins/admin/index.d.mts +3 -0
  207. package/dist/plugins/admin/index.mjs +3 -0
  208. package/dist/plugins/admin/routes.mjs +841 -0
  209. package/dist/plugins/admin/routes.mjs.map +1 -0
  210. package/dist/plugins/admin/schema.d.mts +40 -0
  211. package/dist/plugins/admin/schema.mjs +34 -0
  212. package/dist/plugins/admin/schema.mjs.map +1 -0
  213. package/dist/plugins/admin/types.d.mts +89 -0
  214. package/dist/plugins/api-key/adapter.mjs +468 -0
  215. package/dist/plugins/api-key/adapter.mjs.map +1 -0
  216. package/dist/plugins/api-key/client.d.mts +46 -0
  217. package/dist/plugins/api-key/client.mjs +19 -0
  218. package/dist/plugins/api-key/client.mjs.map +1 -0
  219. package/dist/plugins/api-key/error-codes.d.mts +33 -0
  220. package/dist/plugins/api-key/error-codes.mjs +34 -0
  221. package/dist/plugins/api-key/error-codes.mjs.map +1 -0
  222. package/dist/plugins/api-key/index.d.mts +1251 -0
  223. package/dist/plugins/api-key/index.mjs +134 -0
  224. package/dist/plugins/api-key/index.mjs.map +1 -0
  225. package/dist/plugins/api-key/rate-limit.mjs +74 -0
  226. package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
  227. package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
  228. package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
  229. package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
  230. package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
  231. package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
  232. package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
  233. package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
  234. package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
  235. package/dist/plugins/api-key/routes/index.mjs +71 -0
  236. package/dist/plugins/api-key/routes/index.mjs.map +1 -0
  237. package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
  238. package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
  239. package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
  240. package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
  241. package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
  242. package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
  243. package/dist/plugins/api-key/schema.d.mts +199 -0
  244. package/dist/plugins/api-key/schema.mjs +130 -0
  245. package/dist/plugins/api-key/schema.mjs.map +1 -0
  246. package/dist/plugins/api-key/types.d.mts +346 -0
  247. package/dist/plugins/bearer/index.d.mts +45 -0
  248. package/dist/plugins/bearer/index.mjs +66 -0
  249. package/dist/plugins/bearer/index.mjs.map +1 -0
  250. package/dist/plugins/captcha/constants.d.mts +10 -0
  251. package/dist/plugins/captcha/constants.mjs +22 -0
  252. package/dist/plugins/captcha/constants.mjs.map +1 -0
  253. package/dist/plugins/captcha/error-codes.mjs +16 -0
  254. package/dist/plugins/captcha/error-codes.mjs.map +1 -0
  255. package/dist/plugins/captcha/index.d.mts +21 -0
  256. package/dist/plugins/captcha/index.mjs +62 -0
  257. package/dist/plugins/captcha/index.mjs.map +1 -0
  258. package/dist/plugins/captcha/types.d.mts +28 -0
  259. package/dist/plugins/captcha/utils.mjs +11 -0
  260. package/dist/plugins/captcha/utils.mjs.map +1 -0
  261. package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
  262. package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
  263. package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
  264. package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
  265. package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
  266. package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
  267. package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
  268. package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
  269. package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
  270. package/dist/plugins/custom-session/client.d.mts +17 -0
  271. package/dist/plugins/custom-session/client.mjs +11 -0
  272. package/dist/plugins/custom-session/client.mjs.map +1 -0
  273. package/dist/plugins/custom-session/index.d.mts +72 -0
  274. package/dist/plugins/custom-session/index.mjs +78 -0
  275. package/dist/plugins/custom-session/index.mjs.map +1 -0
  276. package/dist/plugins/device-authorization/client.d.mts +17 -0
  277. package/dist/plugins/device-authorization/client.mjs +18 -0
  278. package/dist/plugins/device-authorization/client.mjs.map +1 -0
  279. package/dist/plugins/device-authorization/error-codes.mjs +21 -0
  280. package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
  281. package/dist/plugins/device-authorization/index.d.mts +424 -0
  282. package/dist/plugins/device-authorization/index.mjs +50 -0
  283. package/dist/plugins/device-authorization/index.mjs.map +1 -0
  284. package/dist/plugins/device-authorization/routes.mjs +510 -0
  285. package/dist/plugins/device-authorization/routes.mjs.map +1 -0
  286. package/dist/plugins/device-authorization/schema.mjs +57 -0
  287. package/dist/plugins/device-authorization/schema.mjs.map +1 -0
  288. package/dist/plugins/email-otp/client.d.mts +21 -0
  289. package/dist/plugins/email-otp/client.mjs +18 -0
  290. package/dist/plugins/email-otp/client.mjs.map +1 -0
  291. package/dist/plugins/email-otp/error-codes.d.mts +11 -0
  292. package/dist/plugins/email-otp/error-codes.mjs +12 -0
  293. package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
  294. package/dist/plugins/email-otp/index.d.mts +428 -0
  295. package/dist/plugins/email-otp/index.mjs +130 -0
  296. package/dist/plugins/email-otp/index.mjs.map +1 -0
  297. package/dist/plugins/email-otp/otp-token.mjs +29 -0
  298. package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
  299. package/dist/plugins/email-otp/routes.mjs +631 -0
  300. package/dist/plugins/email-otp/routes.mjs.map +1 -0
  301. package/dist/plugins/email-otp/types.d.mts +86 -0
  302. package/dist/plugins/email-otp/utils.mjs +17 -0
  303. package/dist/plugins/email-otp/utils.mjs.map +1 -0
  304. package/dist/plugins/generic-oauth/client.d.mts +33 -0
  305. package/dist/plugins/generic-oauth/client.mjs +14 -0
  306. package/dist/plugins/generic-oauth/client.mjs.map +1 -0
  307. package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
  308. package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
  309. package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
  310. package/dist/plugins/generic-oauth/index.d.mts +201 -0
  311. package/dist/plugins/generic-oauth/index.mjs +145 -0
  312. package/dist/plugins/generic-oauth/index.mjs.map +1 -0
  313. package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
  314. package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
  315. package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
  316. package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
  317. package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
  318. package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
  319. package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
  320. package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
  321. package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
  322. package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
  323. package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
  324. package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
  325. package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
  326. package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
  327. package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
  328. package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
  329. package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
  330. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
  331. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
  332. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
  333. package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
  334. package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
  335. package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
  336. package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
  337. package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
  338. package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
  339. package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
  340. package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
  341. package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
  342. package/dist/plugins/generic-oauth/routes.mjs +411 -0
  343. package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
  344. package/dist/plugins/generic-oauth/types.d.mts +159 -0
  345. package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
  346. package/dist/plugins/haveibeenpwned/index.mjs +57 -0
  347. package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
  348. package/dist/plugins/index.d.mts +65 -0
  349. package/dist/plugins/index.mjs +48 -0
  350. package/dist/plugins/jwt/adapter.mjs +27 -0
  351. package/dist/plugins/jwt/adapter.mjs.map +1 -0
  352. package/dist/plugins/jwt/client.d.mts +40 -0
  353. package/dist/plugins/jwt/client.mjs +19 -0
  354. package/dist/plugins/jwt/client.mjs.map +1 -0
  355. package/dist/plugins/jwt/index.d.mts +224 -0
  356. package/dist/plugins/jwt/index.mjs +202 -0
  357. package/dist/plugins/jwt/index.mjs.map +1 -0
  358. package/dist/plugins/jwt/schema.d.mts +26 -0
  359. package/dist/plugins/jwt/schema.mjs +23 -0
  360. package/dist/plugins/jwt/schema.mjs.map +1 -0
  361. package/dist/plugins/jwt/sign.d.mts +57 -0
  362. package/dist/plugins/jwt/sign.mjs +66 -0
  363. package/dist/plugins/jwt/sign.mjs.map +1 -0
  364. package/dist/plugins/jwt/types.d.mts +194 -0
  365. package/dist/plugins/jwt/utils.d.mts +42 -0
  366. package/dist/plugins/jwt/utils.mjs +64 -0
  367. package/dist/plugins/jwt/utils.mjs.map +1 -0
  368. package/dist/plugins/jwt/verify.d.mts +12 -0
  369. package/dist/plugins/jwt/verify.mjs +46 -0
  370. package/dist/plugins/jwt/verify.mjs.map +1 -0
  371. package/dist/plugins/last-login-method/client.d.mts +38 -0
  372. package/dist/plugins/last-login-method/client.mjs +32 -0
  373. package/dist/plugins/last-login-method/client.mjs.map +1 -0
  374. package/dist/plugins/last-login-method/index.d.mts +118 -0
  375. package/dist/plugins/last-login-method/index.mjs +76 -0
  376. package/dist/plugins/last-login-method/index.mjs.map +1 -0
  377. package/dist/plugins/magic-link/client.d.mts +10 -0
  378. package/dist/plugins/magic-link/client.mjs +11 -0
  379. package/dist/plugins/magic-link/client.mjs.map +1 -0
  380. package/dist/plugins/magic-link/index.d.mts +193 -0
  381. package/dist/plugins/magic-link/index.mjs +177 -0
  382. package/dist/plugins/magic-link/index.mjs.map +1 -0
  383. package/dist/plugins/magic-link/utils.mjs +12 -0
  384. package/dist/plugins/magic-link/utils.mjs.map +1 -0
  385. package/dist/plugins/mcp/authorize.mjs +133 -0
  386. package/dist/plugins/mcp/authorize.mjs.map +1 -0
  387. package/dist/plugins/mcp/index.d.mts +458 -0
  388. package/dist/plugins/mcp/index.mjs +717 -0
  389. package/dist/plugins/mcp/index.mjs.map +1 -0
  390. package/dist/plugins/multi-session/client.d.mts +19 -0
  391. package/dist/plugins/multi-session/client.mjs +20 -0
  392. package/dist/plugins/multi-session/client.mjs.map +1 -0
  393. package/dist/plugins/multi-session/error-codes.d.mts +9 -0
  394. package/dist/plugins/multi-session/error-codes.mjs +8 -0
  395. package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
  396. package/dist/plugins/multi-session/index.d.mts +235 -0
  397. package/dist/plugins/multi-session/index.mjs +172 -0
  398. package/dist/plugins/multi-session/index.mjs.map +1 -0
  399. package/dist/plugins/oauth-proxy/index.d.mts +97 -0
  400. package/dist/plugins/oauth-proxy/index.mjs +305 -0
  401. package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
  402. package/dist/plugins/oauth-proxy/utils.mjs +51 -0
  403. package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
  404. package/dist/plugins/oidc-provider/authorize.mjs +194 -0
  405. package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
  406. package/dist/plugins/oidc-provider/client.d.mts +12 -0
  407. package/dist/plugins/oidc-provider/client.mjs +11 -0
  408. package/dist/plugins/oidc-provider/client.mjs.map +1 -0
  409. package/dist/plugins/oidc-provider/error.mjs +17 -0
  410. package/dist/plugins/oidc-provider/error.mjs.map +1 -0
  411. package/dist/plugins/oidc-provider/index.d.mts +702 -0
  412. package/dist/plugins/oidc-provider/index.mjs +1093 -0
  413. package/dist/plugins/oidc-provider/index.mjs.map +1 -0
  414. package/dist/plugins/oidc-provider/schema.d.mts +160 -0
  415. package/dist/plugins/oidc-provider/schema.mjs +132 -0
  416. package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
  417. package/dist/plugins/oidc-provider/types.d.mts +517 -0
  418. package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
  419. package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
  420. package/dist/plugins/oidc-provider/utils.mjs +15 -0
  421. package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
  422. package/dist/plugins/one-tap/client.d.mts +174 -0
  423. package/dist/plugins/one-tap/client.mjs +188 -0
  424. package/dist/plugins/one-tap/client.mjs.map +1 -0
  425. package/dist/plugins/one-tap/index.d.mts +83 -0
  426. package/dist/plugins/one-tap/index.mjs +95 -0
  427. package/dist/plugins/one-tap/index.mjs.map +1 -0
  428. package/dist/plugins/one-time-token/client.d.mts +10 -0
  429. package/dist/plugins/one-time-token/client.mjs +11 -0
  430. package/dist/plugins/one-time-token/client.mjs.map +1 -0
  431. package/dist/plugins/one-time-token/index.d.mts +133 -0
  432. package/dist/plugins/one-time-token/index.mjs +82 -0
  433. package/dist/plugins/one-time-token/index.mjs.map +1 -0
  434. package/dist/plugins/one-time-token/utils.mjs +12 -0
  435. package/dist/plugins/one-time-token/utils.mjs.map +1 -0
  436. package/dist/plugins/open-api/generator.d.mts +115 -0
  437. package/dist/plugins/open-api/generator.mjs +315 -0
  438. package/dist/plugins/open-api/generator.mjs.map +1 -0
  439. package/dist/plugins/open-api/index.d.mts +97 -0
  440. package/dist/plugins/open-api/index.mjs +67 -0
  441. package/dist/plugins/open-api/index.mjs.map +1 -0
  442. package/dist/plugins/open-api/logo.mjs +15 -0
  443. package/dist/plugins/open-api/logo.mjs.map +1 -0
  444. package/dist/plugins/organization/access/index.d.mts +2 -0
  445. package/dist/plugins/organization/access/index.mjs +3 -0
  446. package/dist/plugins/organization/access/statement.d.mts +249 -0
  447. package/dist/plugins/organization/access/statement.mjs +81 -0
  448. package/dist/plugins/organization/access/statement.mjs.map +1 -0
  449. package/dist/plugins/organization/adapter.d.mts +792 -0
  450. package/dist/plugins/organization/adapter.mjs +624 -0
  451. package/dist/plugins/organization/adapter.mjs.map +1 -0
  452. package/dist/plugins/organization/call.mjs +19 -0
  453. package/dist/plugins/organization/call.mjs.map +1 -0
  454. package/dist/plugins/organization/client.d.mts +372 -0
  455. package/dist/plugins/organization/client.mjs +95 -0
  456. package/dist/plugins/organization/client.mjs.map +1 -0
  457. package/dist/plugins/organization/error-codes.d.mts +65 -0
  458. package/dist/plugins/organization/error-codes.mjs +66 -0
  459. package/dist/plugins/organization/error-codes.mjs.map +1 -0
  460. package/dist/plugins/organization/has-permission.mjs +35 -0
  461. package/dist/plugins/organization/has-permission.mjs.map +1 -0
  462. package/dist/plugins/organization/index.d.mts +5 -0
  463. package/dist/plugins/organization/index.mjs +4 -0
  464. package/dist/plugins/organization/organization.d.mts +394 -0
  465. package/dist/plugins/organization/organization.mjs +428 -0
  466. package/dist/plugins/organization/organization.mjs.map +1 -0
  467. package/dist/plugins/organization/permission.d.mts +17 -0
  468. package/dist/plugins/organization/permission.mjs +16 -0
  469. package/dist/plugins/organization/permission.mjs.map +1 -0
  470. package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
  471. package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
  472. package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
  473. package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
  474. package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
  475. package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
  476. package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
  477. package/dist/plugins/organization/routes/crud-members.mjs +466 -0
  478. package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
  479. package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
  480. package/dist/plugins/organization/routes/crud-org.mjs +423 -0
  481. package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
  482. package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
  483. package/dist/plugins/organization/routes/crud-team.mjs +676 -0
  484. package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
  485. package/dist/plugins/organization/schema.d.mts +376 -0
  486. package/dist/plugins/organization/schema.mjs +68 -0
  487. package/dist/plugins/organization/schema.mjs.map +1 -0
  488. package/dist/plugins/organization/types.d.mts +677 -0
  489. package/dist/plugins/phone-number/client.d.mts +31 -0
  490. package/dist/plugins/phone-number/client.mjs +20 -0
  491. package/dist/plugins/phone-number/client.mjs.map +1 -0
  492. package/dist/plugins/phone-number/error-codes.d.mts +20 -0
  493. package/dist/plugins/phone-number/error-codes.mjs +21 -0
  494. package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
  495. package/dist/plugins/phone-number/index.d.mts +318 -0
  496. package/dist/plugins/phone-number/index.mjs +49 -0
  497. package/dist/plugins/phone-number/index.mjs.map +1 -0
  498. package/dist/plugins/phone-number/routes.mjs +472 -0
  499. package/dist/plugins/phone-number/routes.mjs.map +1 -0
  500. package/dist/plugins/phone-number/schema.d.mts +23 -0
  501. package/dist/plugins/phone-number/schema.mjs +20 -0
  502. package/dist/plugins/phone-number/schema.mjs.map +1 -0
  503. package/dist/plugins/phone-number/types.d.mts +118 -0
  504. package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
  505. package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
  506. package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
  507. package/dist/plugins/two-factor/client.d.mts +55 -0
  508. package/dist/plugins/two-factor/client.mjs +37 -0
  509. package/dist/plugins/two-factor/client.mjs.map +1 -0
  510. package/dist/plugins/two-factor/constant.mjs +8 -0
  511. package/dist/plugins/two-factor/constant.mjs.map +1 -0
  512. package/dist/plugins/two-factor/error-code.d.mts +17 -0
  513. package/dist/plugins/two-factor/error-code.mjs +18 -0
  514. package/dist/plugins/two-factor/error-code.mjs.map +1 -0
  515. package/dist/plugins/two-factor/index.d.mts +670 -0
  516. package/dist/plugins/two-factor/index.mjs +228 -0
  517. package/dist/plugins/two-factor/index.mjs.map +1 -0
  518. package/dist/plugins/two-factor/otp/index.d.mts +216 -0
  519. package/dist/plugins/two-factor/otp/index.mjs +199 -0
  520. package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
  521. package/dist/plugins/two-factor/schema.d.mts +41 -0
  522. package/dist/plugins/two-factor/schema.mjs +36 -0
  523. package/dist/plugins/two-factor/schema.mjs.map +1 -0
  524. package/dist/plugins/two-factor/totp/index.d.mts +210 -0
  525. package/dist/plugins/two-factor/totp/index.mjs +157 -0
  526. package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
  527. package/dist/plugins/two-factor/types.d.mts +73 -0
  528. package/dist/plugins/two-factor/utils.mjs +12 -0
  529. package/dist/plugins/two-factor/utils.mjs.map +1 -0
  530. package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
  531. package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
  532. package/dist/plugins/username/client.d.mts +26 -0
  533. package/dist/plugins/username/client.mjs +18 -0
  534. package/dist/plugins/username/client.mjs.map +1 -0
  535. package/dist/plugins/username/error-codes.d.mts +16 -0
  536. package/dist/plugins/username/error-codes.mjs +17 -0
  537. package/dist/plugins/username/error-codes.mjs.map +1 -0
  538. package/dist/plugins/username/index.d.mts +251 -0
  539. package/dist/plugins/username/index.mjs +234 -0
  540. package/dist/plugins/username/index.mjs.map +1 -0
  541. package/dist/plugins/username/schema.d.mts +33 -0
  542. package/dist/plugins/username/schema.mjs +26 -0
  543. package/dist/plugins/username/schema.mjs.map +1 -0
  544. package/dist/providers/index.d.mts +1 -0
  545. package/dist/providers/index.mjs +3 -0
  546. package/dist/state.d.mts +42 -0
  547. package/dist/state.mjs +107 -0
  548. package/dist/state.mjs.map +1 -0
  549. package/dist/types/adapter.d.mts +2 -0
  550. package/dist/types/api.d.mts +29 -0
  551. package/dist/types/auth.d.mts +29 -0
  552. package/dist/types/helper.d.mts +10 -0
  553. package/dist/types/index.d.mts +11 -0
  554. package/dist/types/index.mjs +1 -0
  555. package/dist/types/models.d.mts +11 -0
  556. package/dist/types/plugins.d.mts +20 -0
  557. package/dist/utils/boolean.mjs +8 -0
  558. package/dist/utils/boolean.mjs.map +1 -0
  559. package/dist/utils/constants.mjs +6 -0
  560. package/dist/utils/constants.mjs.map +1 -0
  561. package/dist/utils/date.mjs +8 -0
  562. package/dist/utils/date.mjs.map +1 -0
  563. package/dist/utils/get-request-ip.d.mts +7 -0
  564. package/dist/utils/get-request-ip.mjs +23 -0
  565. package/dist/utils/get-request-ip.mjs.map +1 -0
  566. package/dist/utils/hide-metadata.d.mts +7 -0
  567. package/dist/utils/hide-metadata.mjs +6 -0
  568. package/dist/utils/hide-metadata.mjs.map +1 -0
  569. package/dist/utils/index.d.mts +4 -0
  570. package/dist/utils/index.mjs +6 -0
  571. package/dist/utils/is-api-error.d.mts +7 -0
  572. package/dist/utils/is-api-error.mjs +11 -0
  573. package/dist/utils/is-api-error.mjs.map +1 -0
  574. package/dist/utils/is-atom.mjs +8 -0
  575. package/dist/utils/is-atom.mjs.map +1 -0
  576. package/dist/utils/is-promise.mjs +8 -0
  577. package/dist/utils/is-promise.mjs.map +1 -0
  578. package/dist/utils/middleware-response.mjs +9 -0
  579. package/dist/utils/middleware-response.mjs.map +1 -0
  580. package/dist/utils/password.mjs +26 -0
  581. package/dist/utils/password.mjs.map +1 -0
  582. package/dist/utils/plugin-helper.mjs +17 -0
  583. package/dist/utils/plugin-helper.mjs.map +1 -0
  584. package/dist/utils/shim.mjs +24 -0
  585. package/dist/utils/shim.mjs.map +1 -0
  586. package/dist/utils/time.d.mts +49 -0
  587. package/dist/utils/time.mjs +100 -0
  588. package/dist/utils/time.mjs.map +1 -0
  589. package/dist/utils/url.d.mts +8 -0
  590. package/dist/utils/url.mjs +92 -0
  591. package/dist/utils/url.mjs.map +1 -0
  592. package/dist/utils/wildcard.mjs +108 -0
  593. package/dist/utils/wildcard.mjs.map +1 -0
  594. package/package.json +428 -0
package/dist/cookies/session-store.mjs ADDED
@@ -0,0 +1,200 @@
1
+ import { symmetricDecodeJWT, symmetricEncodeJWT } from "../crypto/jwt.mjs";
2
+ import "../crypto/index.mjs";
3
+ import { safeJSONParse } from "@better-auth/core/utils/json";
4
+ import * as z from "zod";
5
+
6
+ //#region src/cookies/session-store.ts
7
+ const ALLOWED_COOKIE_SIZE = 4096;
8
+ const ESTIMATED_EMPTY_COOKIE_SIZE = 200;
9
+ const CHUNK_SIZE = ALLOWED_COOKIE_SIZE - ESTIMATED_EMPTY_COOKIE_SIZE;
10
+ /**
11
+ * Parse cookies from the request headers
12
+ */
13
+ function parseCookiesFromContext(ctx) {
14
+ const cookieHeader = ctx.headers?.get("cookie");
15
+ if (!cookieHeader) return {};
16
+ const cookies = {};
17
+ const pairs = cookieHeader.split("; ");
18
+ for (const pair of pairs) {
19
+ const [name, ...valueParts] = pair.split("=");
20
+ if (name && valueParts.length > 0) cookies[name] = valueParts.join("=");
21
+ }
22
+ return cookies;
23
+ }
24
+ /**
25
+ * Extract the chunk index from a cookie name
26
+ */
27
+ function getChunkIndex(cookieName) {
28
+ const parts = cookieName.split(".");
29
+ const lastPart = parts[parts.length - 1];
30
+ const index = parseInt(lastPart || "0", 10);
31
+ return isNaN(index) ? 0 : index;
32
+ }
33
+ /**
34
+ * Read all existing chunks from cookies
35
+ */
36
+ function readExistingChunks(cookieName, ctx) {
37
+ const chunks = {};
38
+ const cookies = parseCookiesFromContext(ctx);
39
+ for (const [name, value] of Object.entries(cookies)) if (name.startsWith(cookieName)) chunks[name] = value;
40
+ return chunks;
41
+ }
42
+ /**
43
+ * Get the full session data by joining all chunks
44
+ */
45
+ function joinChunks(chunks) {
46
+ return Object.keys(chunks).sort((a, b) => {
47
+ return getChunkIndex(a) - getChunkIndex(b);
48
+ }).map((key) => chunks[key]).join("");
49
+ }
50
+ /**
51
+ * Split a cookie value into chunks if needed
52
+ */
53
+ function chunkCookie(storeName, cookie, chunks, logger) {
54
+ const chunkCount = Math.ceil(cookie.value.length / CHUNK_SIZE);
55
+ if (chunkCount === 1) {
56
+ chunks[cookie.name] = cookie.value;
57
+ return [cookie];
58
+ }
59
+ const cookies = [];
60
+ for (let i = 0; i < chunkCount; i++) {
61
+ const name = `${cookie.name}.${i}`;
62
+ const start = i * CHUNK_SIZE;
63
+ const value = cookie.value.substring(start, start + CHUNK_SIZE);
64
+ cookies.push({
65
+ ...cookie,
66
+ name,
67
+ value
68
+ });
69
+ chunks[name] = value;
70
+ }
71
+ logger.debug(`CHUNKING_${storeName.toUpperCase()}_COOKIE`, {
72
+ message: `${storeName} cookie exceeds allowed ${ALLOWED_COOKIE_SIZE} bytes.`,
73
+ emptyCookieSize: ESTIMATED_EMPTY_COOKIE_SIZE,
74
+ valueSize: cookie.value.length,
75
+ chunkCount,
76
+ chunks: cookies.map((c) => c.value.length + ESTIMATED_EMPTY_COOKIE_SIZE)
77
+ });
78
+ return cookies;
79
+ }
80
+ /**
81
+ * Get all cookies that should be cleaned (removed)
82
+ */
83
+ function getCleanCookies(chunks, cookieOptions) {
84
+ const cleanedChunks = {};
85
+ for (const name in chunks) cleanedChunks[name] = {
86
+ name,
87
+ value: "",
88
+ attributes: {
89
+ ...cookieOptions,
90
+ maxAge: 0
91
+ }
92
+ };
93
+ return cleanedChunks;
94
+ }
95
+ /**
96
+ * Create a session store for handling cookie chunking.
97
+ * When session data exceeds 4KB, it automatically splits it into multiple cookies.
98
+ *
99
+ * Based on next-auth's SessionStore implementation.
100
+ * @see https://github.com/nextauthjs/next-auth/blob/27b2519b84b8eb9cf053775dea29d577d2aa0098/packages/next-auth/src/core/lib/cookie.ts
101
+ */
102
+ const storeFactory = (storeName) => (cookieName, cookieOptions, ctx) => {
103
+ const chunks = readExistingChunks(cookieName, ctx);
104
+ const logger = ctx.context.logger;
105
+ return {
106
+ getValue() {
107
+ return joinChunks(chunks);
108
+ },
109
+ hasChunks() {
110
+ return Object.keys(chunks).length > 0;
111
+ },
112
+ chunk(value, options) {
113
+ const cleanedChunks = getCleanCookies(chunks, cookieOptions);
114
+ for (const name in chunks) delete chunks[name];
115
+ const cookies = cleanedChunks;
116
+ const chunked = chunkCookie(storeName, {
117
+ name: cookieName,
118
+ value,
119
+ attributes: {
120
+ ...cookieOptions,
121
+ ...options
122
+ }
123
+ }, chunks, logger);
124
+ for (const chunk of chunked) cookies[chunk.name] = chunk;
125
+ return Object.values(cookies);
126
+ },
127
+ clean() {
128
+ const cleanedChunks = getCleanCookies(chunks, cookieOptions);
129
+ for (const name in chunks) delete chunks[name];
130
+ return Object.values(cleanedChunks);
131
+ },
132
+ setCookies(cookies) {
133
+ for (const cookie of cookies) ctx.setCookie(cookie.name, cookie.value, cookie.attributes);
134
+ }
135
+ };
136
+ };
137
+ const createSessionStore = storeFactory("Session");
138
+ const createAccountStore = storeFactory("Account");
139
+ function getChunkedCookie(ctx, cookieName) {
140
+ const value = ctx.getCookie(cookieName);
141
+ if (value) return value;
142
+ const chunks = [];
143
+ const cookieHeader = ctx.headers?.get("cookie");
144
+ if (!cookieHeader) return null;
145
+ const cookies = {};
146
+ const pairs = cookieHeader.split("; ");
147
+ for (const pair of pairs) {
148
+ const [name, ...valueParts] = pair.split("=");
149
+ if (name && valueParts.length > 0) cookies[name] = valueParts.join("=");
150
+ }
151
+ for (const [name, val] of Object.entries(cookies)) if (name.startsWith(cookieName + ".")) {
152
+ const indexStr = name.split(".").at(-1);
153
+ const index = parseInt(indexStr || "0", 10);
154
+ if (!isNaN(index)) chunks.push({
155
+ index,
156
+ value: val
157
+ });
158
+ }
159
+ if (chunks.length > 0) {
160
+ chunks.sort((a, b) => a.index - b.index);
161
+ return chunks.map((c) => c.value).join("");
162
+ }
163
+ return null;
164
+ }
165
+ async function setAccountCookie(c, accountData) {
166
+ const accountDataCookie = c.context.authCookies.accountData;
167
+ const options = {
168
+ maxAge: 300,
169
+ ...accountDataCookie.attributes
170
+ };
171
+ const data = await symmetricEncodeJWT(accountData, c.context.secret, "better-auth-account", options.maxAge);
172
+ if (data.length > ALLOWED_COOKIE_SIZE) {
173
+ const accountStore = createAccountStore(accountDataCookie.name, options, c);
174
+ const cookies = accountStore.chunk(data, options);
175
+ accountStore.setCookies(cookies);
176
+ } else {
177
+ const accountStore = createAccountStore(accountDataCookie.name, options, c);
178
+ if (accountStore.hasChunks()) {
179
+ const cleanCookies = accountStore.clean();
180
+ accountStore.setCookies(cleanCookies);
181
+ }
182
+ c.setCookie(accountDataCookie.name, data, options);
183
+ }
184
+ }
185
+ async function getAccountCookie(c) {
186
+ const accountCookie = getChunkedCookie(c, c.context.authCookies.accountData.name);
187
+ if (accountCookie) {
188
+ const accountData = safeJSONParse(await symmetricDecodeJWT(accountCookie, c.context.secret, "better-auth-account"));
189
+ if (accountData) return accountData;
190
+ }
191
+ return null;
192
+ }
193
+ const getSessionQuerySchema = z.optional(z.object({
194
+ disableCookieCache: z.coerce.boolean().meta({ description: "Disable cookie cache and fetch session from database" }).optional(),
195
+ disableRefresh: z.coerce.boolean().meta({ description: "Disable session refresh. Useful for checking session status, without updating the session" }).optional()
196
+ }));
197
+
198
+ //#endregion
199
+ export { createAccountStore, createSessionStore, getAccountCookie, getChunkedCookie, getSessionQuerySchema, setAccountCookie };
200
+ //# sourceMappingURL=session-store.mjs.map
package/dist/cookies/session-store.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-store.mjs","names":[],"sources":["../../src/cookies/session-store.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport type { Account } from \"@better-auth/core/db\";\nimport type { InternalLogger } from \"@better-auth/core/env\";\nimport { safeJSONParse } from \"@better-auth/core/utils/json\";\nimport type { CookieOptions } from \"better-call\";\nimport * as z from \"zod\";\nimport { symmetricDecodeJWT, symmetricEncodeJWT } from \"../crypto\";\n\n// Cookie size constants based on browser limits\nconst ALLOWED_COOKIE_SIZE = 4096;\n// Estimated size of an empty cookie with all attributes\n// (name, path, domain, secure, httpOnly, sameSite, expires/maxAge)\nconst ESTIMATED_EMPTY_COOKIE_SIZE = 200;\nconst CHUNK_SIZE = ALLOWED_COOKIE_SIZE - ESTIMATED_EMPTY_COOKIE_SIZE;\n\ninterface Cookie {\n\tname: string;\n\tvalue: string;\n\tattributes: CookieOptions;\n}\n\ntype Chunks = Record<string, string>;\n\n/**\n * Parse cookies from the request headers\n */\nfunction parseCookiesFromContext(\n\tctx: GenericEndpointContext,\n): Record<string, string> {\n\tconst cookieHeader = ctx.headers?.get(\"cookie\");\n\tif (!cookieHeader) {\n\t\treturn {};\n\t}\n\n\tconst cookies: Record<string, string> = {};\n\tconst pairs = cookieHeader.split(\"; \");\n\n\tfor (const pair of pairs) {\n\t\tconst [name, ...valueParts] = pair.split(\"=\");\n\t\tif (name && valueParts.length > 0) {\n\t\t\tcookies[name] = valueParts.join(\"=\");\n\t\t}\n\t}\n\n\treturn cookies;\n}\n\n/**\n * Extract the chunk index from a cookie name\n */\nfunction getChunkIndex(cookieName: string): number {\n\tconst parts = cookieName.split(\".\");\n\tconst lastPart = parts[parts.length - 1];\n\tconst index = parseInt(lastPart || \"0\", 10);\n\treturn isNaN(index) ? 0 : index;\n}\n\n/**\n * Read all existing chunks from cookies\n */\nfunction readExistingChunks(\n\tcookieName: string,\n\tctx: GenericEndpointContext,\n): Chunks {\n\tconst chunks: Chunks = {};\n\tconst cookies = parseCookiesFromContext(ctx);\n\n\tfor (const [name, value] of Object.entries(cookies)) {\n\t\tif (name.startsWith(cookieName)) {\n\t\t\tchunks[name] = value;\n\t\t}\n\t}\n\n\treturn chunks;\n}\n\n/**\n * Get the full session data by joining all chunks\n */\nfunction joinChunks(chunks: Chunks): string {\n\tconst sortedKeys = Object.keys(chunks).sort((a, b) => {\n\t\tconst aIndex = getChunkIndex(a);\n\t\tconst bIndex = getChunkIndex(b);\n\t\treturn aIndex - bIndex;\n\t});\n\n\treturn sortedKeys.map((key) => chunks[key]).join(\"\");\n}\n\n/**\n * Split a cookie value into chunks if needed\n */\nfunction chunkCookie(\n\tstoreName: string,\n\tcookie: Cookie,\n\tchunks: Chunks,\n\tlogger: InternalLogger,\n): Cookie[] {\n\tconst chunkCount = Math.ceil(cookie.value.length / CHUNK_SIZE);\n\n\tif (chunkCount === 1) {\n\t\tchunks[cookie.name] = cookie.value;\n\t\treturn [cookie];\n\t}\n\n\tconst cookies: Cookie[] = [];\n\tfor (let i = 0; i < chunkCount; i++) {\n\t\tconst name = `${cookie.name}.${i}`;\n\t\tconst start = i * CHUNK_SIZE;\n\t\tconst value = cookie.value.substring(start, start + CHUNK_SIZE);\n\t\tcookies.push({ ...cookie, name, value });\n\t\tchunks[name] = value;\n\t}\n\n\tlogger.debug(`CHUNKING_${storeName.toUpperCase()}_COOKIE`, {\n\t\tmessage: `${storeName} cookie exceeds allowed ${ALLOWED_COOKIE_SIZE} bytes.`,\n\t\temptyCookieSize: ESTIMATED_EMPTY_COOKIE_SIZE,\n\t\tvalueSize: cookie.value.length,\n\t\tchunkCount,\n\t\tchunks: cookies.map((c) => c.value.length + ESTIMATED_EMPTY_COOKIE_SIZE),\n\t});\n\n\treturn cookies;\n}\n\n/**\n * Get all cookies that should be cleaned (removed)\n */\nfunction getCleanCookies(\n\tchunks: Chunks,\n\tcookieOptions: CookieOptions,\n): Record<string, Cookie> {\n\tconst cleanedChunks: Record<string, Cookie> = {};\n\tfor (const name in chunks) {\n\t\tcleanedChunks[name] = {\n\t\t\tname,\n\t\t\tvalue: \"\",\n\t\t\tattributes: { ...cookieOptions, maxAge: 0 },\n\t\t};\n\t}\n\treturn cleanedChunks;\n}\n\n/**\n * Create a session store for handling cookie chunking.\n * When session data exceeds 4KB, it automatically splits it into multiple cookies.\n *\n * Based on next-auth's SessionStore implementation.\n * @see https://github.com/nextauthjs/next-auth/blob/27b2519b84b8eb9cf053775dea29d577d2aa0098/packages/next-auth/src/core/lib/cookie.ts\n */\nconst storeFactory =\n\t(storeName: string) =>\n\t(\n\t\tcookieName: string,\n\t\tcookieOptions: CookieOptions,\n\t\tctx: GenericEndpointContext,\n\t) => {\n\t\tconst chunks = readExistingChunks(cookieName, ctx);\n\t\tconst logger = ctx.context.logger;\n\n\t\treturn {\n\t\t\t/**\n\t\t\t * Get the full session data by joining all chunks\n\t\t\t */\n\t\t\tgetValue(): string {\n\t\t\t\treturn joinChunks(chunks);\n\t\t\t},\n\n\t\t\t/**\n\t\t\t * Check if there are existing chunks\n\t\t\t */\n\t\t\thasChunks(): boolean {\n\t\t\t\treturn Object.keys(chunks).length > 0;\n\t\t\t},\n\n\t\t\t/**\n\t\t\t * Chunk a cookie value and return all cookies to set (including cleanup cookies)\n\t\t\t */\n\t\t\tchunk(value: string, options?: Partial<CookieOptions>): Cookie[] {\n\t\t\t\t// Start by cleaning all existing chunks\n\t\t\t\tconst cleanedChunks = getCleanCookies(chunks, cookieOptions);\n\t\t\t\t// Clear the chunks object\n\t\t\t\tfor (const name in chunks) {\n\t\t\t\t\tdelete chunks[name];\n\t\t\t\t}\n\t\t\t\tconst cookies: Record<string, Cookie> = cleanedChunks;\n\n\t\t\t\t// Create new chunks\n\t\t\t\tconst chunked = chunkCookie(\n\t\t\t\t\tstoreName,\n\t\t\t\t\t{\n\t\t\t\t\t\tname: cookieName,\n\t\t\t\t\t\tvalue,\n\t\t\t\t\t\tattributes: { ...cookieOptions, ...options },\n\t\t\t\t\t},\n\t\t\t\t\tchunks,\n\t\t\t\t\tlogger,\n\t\t\t\t);\n\n\t\t\t\t// Update with new chunks\n\t\t\t\tfor (const chunk of chunked) {\n\t\t\t\t\tcookies[chunk.name] = chunk;\n\t\t\t\t}\n\n\t\t\t\treturn Object.values(cookies);\n\t\t\t},\n\n\t\t\t/**\n\t\t\t * Get cookies to clean up all chunks\n\t\t\t */\n\t\t\tclean(): Cookie[] {\n\t\t\t\tconst cleanedChunks = getCleanCookies(chunks, cookieOptions);\n\t\t\t\t// Clear the chunks object\n\t\t\t\tfor (const name in chunks) {\n\t\t\t\t\tdelete chunks[name];\n\t\t\t\t}\n\t\t\t\treturn Object.values(cleanedChunks);\n\t\t\t},\n\n\t\t\t/**\n\t\t\t * Set all cookies in the context\n\t\t\t */\n\t\t\tsetCookies(cookies: Cookie[]): void {\n\t\t\t\tfor (const cookie of cookies) {\n\t\t\t\t\tctx.setCookie(cookie.name, cookie.value, cookie.attributes);\n\t\t\t\t}\n\t\t\t},\n\t\t};\n\t};\n\nexport const createSessionStore = storeFactory(\"Session\");\nexport const createAccountStore = storeFactory(\"Account\");\n\nexport function getChunkedCookie(\n\tctx: GenericEndpointContext,\n\tcookieName: string,\n): string | null {\n\tconst value = ctx.getCookie(cookieName);\n\tif (value) {\n\t\treturn value;\n\t}\n\n\tconst chunks: Array<{ index: number; value: string }> = [];\n\n\tconst cookieHeader = ctx.headers?.get(\"cookie\");\n\tif (!cookieHeader) {\n\t\treturn null;\n\t}\n\n\tconst cookies: Record<string, string> = {};\n\tconst pairs = cookieHeader.split(\"; \");\n\tfor (const pair of pairs) {\n\t\tconst [name, ...valueParts] = pair.split(\"=\");\n\t\tif (name && valueParts.length > 0) {\n\t\t\tcookies[name] = valueParts.join(\"=\");\n\t\t}\n\t}\n\n\tfor (const [name, val] of Object.entries(cookies)) {\n\t\tif (name.startsWith(cookieName + \".\")) {\n\t\t\tconst parts = name.split(\".\");\n\t\t\tconst indexStr = parts.at(-1);\n\t\t\tconst index = parseInt(indexStr || \"0\", 10);\n\t\t\tif (!isNaN(index)) {\n\t\t\t\tchunks.push({ index, value: val });\n\t\t\t}\n\t\t}\n\t}\n\n\tif (chunks.length > 0) {\n\t\tchunks.sort((a, b) => a.index - b.index);\n\t\treturn chunks.map((c) => c.value).join(\"\");\n\t}\n\n\treturn null;\n}\n\nexport async function setAccountCookie(\n\tc: GenericEndpointContext,\n\taccountData: Record<string, any>,\n) {\n\tconst accountDataCookie = c.context.authCookies.accountData;\n\tconst options = {\n\t\tmaxAge: 60 * 5,\n\t\t...accountDataCookie.attributes,\n\t};\n\tconst data = await symmetricEncodeJWT(\n\t\taccountData,\n\t\tc.context.secret,\n\t\t\"better-auth-account\",\n\t\toptions.maxAge,\n\t);\n\n\tif (data.length > ALLOWED_COOKIE_SIZE) {\n\t\tconst accountStore = createAccountStore(accountDataCookie.name, options, c);\n\n\t\tconst cookies = accountStore.chunk(data, options);\n\t\taccountStore.setCookies(cookies);\n\t} else {\n\t\tconst accountStore = createAccountStore(accountDataCookie.name, options, c);\n\t\tif (accountStore.hasChunks()) {\n\t\t\tconst cleanCookies = accountStore.clean();\n\t\t\taccountStore.setCookies(cleanCookies);\n\t\t}\n\t\tc.setCookie(accountDataCookie.name, data, options);\n\t}\n}\n\nexport async function getAccountCookie(c: GenericEndpointContext) {\n\tconst accountCookie = getChunkedCookie(\n\t\tc,\n\t\tc.context.authCookies.accountData.name,\n\t);\n\tif (accountCookie) {\n\t\tconst accountData = safeJSONParse<Account>(\n\t\t\tawait symmetricDecodeJWT(\n\t\t\t\taccountCookie,\n\t\t\t\tc.context.secret,\n\t\t\t\t\"better-auth-account\",\n\t\t\t),\n\t\t);\n\t\tif (accountData) {\n\t\t\treturn accountData;\n\t\t}\n\t}\n\n\treturn null;\n}\n\nexport const getSessionQuerySchema = z.optional(\n\tz.object({\n\t\t/**\n\t\t * If cookie cache is enabled, it will disable the cache\n\t\t * and fetch the session from the database\n\t\t */\n\t\tdisableCookieCache: z.coerce\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription: \"Disable cookie cache and fetch session from database\",\n\t\t\t})\n\t\t\t.optional(),\n\t\tdisableRefresh: z.coerce\n\t\t\t.boolean()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"Disable session refresh. Useful for checking session status, without updating the session\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n"],"mappings":";;;;;;AASA,MAAM,sBAAsB;AAG5B,MAAM,8BAA8B;AACpC,MAAM,aAAa,sBAAsB;;;;AAazC,SAAS,wBACR,KACyB;CACzB,MAAM,eAAe,IAAI,SAAS,IAAI,SAAS;AAC/C,KAAI,CAAC,aACJ,QAAO,EAAE;CAGV,MAAM,UAAkC,EAAE;CAC1C,MAAM,QAAQ,aAAa,MAAM,KAAK;AAEtC,MAAK,MAAM,QAAQ,OAAO;EACzB,MAAM,CAAC,MAAM,GAAG,cAAc,KAAK,MAAM,IAAI;AAC7C,MAAI,QAAQ,WAAW,SAAS,EAC/B,SAAQ,QAAQ,WAAW,KAAK,IAAI;;AAItC,QAAO;;;;;AAMR,SAAS,cAAc,YAA4B;CAClD,MAAM,QAAQ,WAAW,MAAM,IAAI;CACnC,MAAM,WAAW,MAAM,MAAM,SAAS;CACtC,MAAM,QAAQ,SAAS,YAAY,KAAK,GAAG;AAC3C,QAAO,MAAM,MAAM,GAAG,IAAI;;;;;AAM3B,SAAS,mBACR,YACA,KACS;CACT,MAAM,SAAiB,EAAE;CACzB,MAAM,UAAU,wBAAwB,IAAI;AAE5C,MAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,QAAQ,CAClD,KAAI,KAAK,WAAW,WAAW,CAC9B,QAAO,QAAQ;AAIjB,QAAO;;;;;AAMR,SAAS,WAAW,QAAwB;AAO3C,QANmB,OAAO,KAAK,OAAO,CAAC,MAAM,GAAG,MAAM;AAGrD,SAFe,cAAc,EAAE,GAChB,cAAc,EAAE;GAE9B,CAEgB,KAAK,QAAQ,OAAO,KAAK,CAAC,KAAK,GAAG;;;;;AAMrD,SAAS,YACR,WACA,QACA,QACA,QACW;CACX,MAAM,aAAa,KAAK,KAAK,OAAO,MAAM,SAAS,WAAW;AAE9D,KAAI,eAAe,GAAG;AACrB,SAAO,OAAO,QAAQ,OAAO;AAC7B,SAAO,CAAC,OAAO;;CAGhB,MAAM,UAAoB,EAAE;AAC5B,MAAK,IAAI,IAAI,GAAG,IAAI,YAAY,KAAK;EACpC,MAAM,OAAO,GAAG,OAAO,KAAK,GAAG;EAC/B,MAAM,QAAQ,IAAI;EAClB,MAAM,QAAQ,OAAO,MAAM,UAAU,OAAO,QAAQ,WAAW;AAC/D,UAAQ,KAAK;GAAE,GAAG;GAAQ;GAAM;GAAO,CAAC;AACxC,SAAO,QAAQ;;AAGhB,QAAO,MAAM,YAAY,UAAU,aAAa,CAAC,UAAU;EAC1D,SAAS,GAAG,UAAU,0BAA0B,oBAAoB;EACpE,iBAAiB;EACjB,WAAW,OAAO,MAAM;EACxB;EACA,QAAQ,QAAQ,KAAK,MAAM,EAAE,MAAM,SAAS,4BAA4B;EACxE,CAAC;AAEF,QAAO;;;;;AAMR,SAAS,gBACR,QACA,eACyB;CACzB,MAAM,gBAAwC,EAAE;AAChD,MAAK,MAAM,QAAQ,OAClB,eAAc,QAAQ;EACrB;EACA,OAAO;EACP,YAAY;GAAE,GAAG;GAAe,QAAQ;GAAG;EAC3C;AAEF,QAAO;;;;;;;;;AAUR,MAAM,gBACJ,eAEA,YACA,eACA,QACI;CACJ,MAAM,SAAS,mBAAmB,YAAY,IAAI;CAClD,MAAM,SAAS,IAAI,QAAQ;AAE3B,QAAO;EAIN,WAAmB;AAClB,UAAO,WAAW,OAAO;;EAM1B,YAAqB;AACpB,UAAO,OAAO,KAAK,OAAO,CAAC,SAAS;;EAMrC,MAAM,OAAe,SAA4C;GAEhE,MAAM,gBAAgB,gBAAgB,QAAQ,cAAc;AAE5D,QAAK,MAAM,QAAQ,OAClB,QAAO,OAAO;GAEf,MAAM,UAAkC;GAGxC,MAAM,UAAU,YACf,WACA;IACC,MAAM;IACN;IACA,YAAY;KAAE,GAAG;KAAe,GAAG;KAAS;IAC5C,EACD,QACA,OACA;AAGD,QAAK,MAAM,SAAS,QACnB,SAAQ,MAAM,QAAQ;AAGvB,UAAO,OAAO,OAAO,QAAQ;;EAM9B,QAAkB;GACjB,MAAM,gBAAgB,gBAAgB,QAAQ,cAAc;AAE5D,QAAK,MAAM,QAAQ,OAClB,QAAO,OAAO;AAEf,UAAO,OAAO,OAAO,cAAc;;EAMpC,WAAW,SAAyB;AACnC,QAAK,MAAM,UAAU,QACpB,KAAI,UAAU,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW;;EAG7D;;AAGH,MAAa,qBAAqB,aAAa,UAAU;AACzD,MAAa,qBAAqB,aAAa,UAAU;AAEzD,SAAgB,iBACf,KACA,YACgB;CAChB,MAAM,QAAQ,IAAI,UAAU,WAAW;AACvC,KAAI,MACH,QAAO;CAGR,MAAM,SAAkD,EAAE;CAE1D,MAAM,eAAe,IAAI,SAAS,IAAI,SAAS;AAC/C,KAAI,CAAC,aACJ,QAAO;CAGR,MAAM,UAAkC,EAAE;CAC1C,MAAM,QAAQ,aAAa,MAAM,KAAK;AACtC,MAAK,MAAM,QAAQ,OAAO;EACzB,MAAM,CAAC,MAAM,GAAG,cAAc,KAAK,MAAM,IAAI;AAC7C,MAAI,QAAQ,WAAW,SAAS,EAC/B,SAAQ,QAAQ,WAAW,KAAK,IAAI;;AAItC,MAAK,MAAM,CAAC,MAAM,QAAQ,OAAO,QAAQ,QAAQ,CAChD,KAAI,KAAK,WAAW,aAAa,IAAI,EAAE;EAEtC,MAAM,WADQ,KAAK,MAAM,IAAI,CACN,GAAG,GAAG;EAC7B,MAAM,QAAQ,SAAS,YAAY,KAAK,GAAG;AAC3C,MAAI,CAAC,MAAM,MAAM,CAChB,QAAO,KAAK;GAAE;GAAO,OAAO;GAAK,CAAC;;AAKrC,KAAI,OAAO,SAAS,GAAG;AACtB,SAAO,MAAM,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM;AACxC,SAAO,OAAO,KAAK,MAAM,EAAE,MAAM,CAAC,KAAK,GAAG;;AAG3C,QAAO;;AAGR,eAAsB,iBACrB,GACA,aACC;CACD,MAAM,oBAAoB,EAAE,QAAQ,YAAY;CAChD,MAAM,UAAU;EACf,QAAQ;EACR,GAAG,kBAAkB;EACrB;CACD,MAAM,OAAO,MAAM,mBAClB,aACA,EAAE,QAAQ,QACV,uBACA,QAAQ,OACR;AAED,KAAI,KAAK,SAAS,qBAAqB;EACtC,MAAM,eAAe,mBAAmB,kBAAkB,MAAM,SAAS,EAAE;EAE3E,MAAM,UAAU,aAAa,MAAM,MAAM,QAAQ;AACjD,eAAa,WAAW,QAAQ;QAC1B;EACN,MAAM,eAAe,mBAAmB,kBAAkB,MAAM,SAAS,EAAE;AAC3E,MAAI,aAAa,WAAW,EAAE;GAC7B,MAAM,eAAe,aAAa,OAAO;AACzC,gBAAa,WAAW,aAAa;;AAEtC,IAAE,UAAU,kBAAkB,MAAM,MAAM,QAAQ;;;AAIpD,eAAsB,iBAAiB,GAA2B;CACjE,MAAM,gBAAgB,iBACrB,GACA,EAAE,QAAQ,YAAY,YAAY,KAClC;AACD,KAAI,eAAe;EAClB,MAAM,cAAc,cACnB,MAAM,mBACL,eACA,EAAE,QAAQ,QACV,sBACA,CACD;AACD,MAAI,YACH,QAAO;;AAIT,QAAO;;AAGR,MAAa,wBAAwB,EAAE,SACtC,EAAE,OAAO;CAKR,oBAAoB,EAAE,OACpB,SAAS,CACT,KAAK,EACL,aAAa,wDACb,CAAC,CACD,UAAU;CACZ,gBAAgB,EAAE,OAChB,SAAS,CACT,KAAK,EACL,aACC,6FACD,CAAC,CACD,UAAU;CACZ,CAAC,CACF"}
package/dist/crypto/buffer.d.mts ADDED
@@ -0,0 +1,8 @@
1
+ //#region src/crypto/buffer.d.ts
2
+ /**
3
+ * Compare two buffers in constant time.
4
+ */
5
+ declare function constantTimeEqual(a: ArrayBuffer | Uint8Array | string, b: ArrayBuffer | Uint8Array | string): boolean;
6
+ //#endregion
7
+ export { constantTimeEqual };
8
+ //# sourceMappingURL=buffer.d.mts.map
package/dist/crypto/buffer.mjs ADDED
@@ -0,0 +1,18 @@
1
+ //#region src/crypto/buffer.ts
2
+ /**
3
+ * Compare two buffers in constant time.
4
+ */
5
+ function constantTimeEqual(a, b) {
6
+ if (typeof a === "string") a = new TextEncoder().encode(a);
7
+ if (typeof b === "string") b = new TextEncoder().encode(b);
8
+ const aBuffer = new Uint8Array(a);
9
+ const bBuffer = new Uint8Array(b);
10
+ let c = aBuffer.length ^ bBuffer.length;
11
+ const length = Math.max(aBuffer.length, bBuffer.length);
12
+ for (let i = 0; i < length; i++) c |= (i < aBuffer.length ? aBuffer[i] : 0) ^ (i < bBuffer.length ? bBuffer[i] : 0);
13
+ return c === 0;
14
+ }
15
+
16
+ //#endregion
17
+ export { constantTimeEqual };
18
+ //# sourceMappingURL=buffer.mjs.map
package/dist/crypto/buffer.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"buffer.mjs","names":[],"sources":["../../src/crypto/buffer.ts"],"sourcesContent":["/**\n * Compare two buffers in constant time.\n */\nexport function constantTimeEqual(\n\ta: ArrayBuffer | Uint8Array | string,\n\tb: ArrayBuffer | Uint8Array | string,\n): boolean {\n\tif (typeof a === \"string\") {\n\t\ta = new TextEncoder().encode(a);\n\t}\n\tif (typeof b === \"string\") {\n\t\tb = new TextEncoder().encode(b);\n\t}\n\tconst aBuffer = new Uint8Array(a);\n\tconst bBuffer = new Uint8Array(b);\n\tlet c = aBuffer.length ^ bBuffer.length;\n\tconst length = Math.max(aBuffer.length, bBuffer.length);\n\tfor (let i = 0; i < length; i++) {\n\t\tc |=\n\t\t\t(i < aBuffer.length ? aBuffer[i]! : 0) ^\n\t\t\t(i < bBuffer.length ? bBuffer[i]! : 0);\n\t}\n\treturn c === 0;\n}\n"],"mappings":";;;;AAGA,SAAgB,kBACf,GACA,GACU;AACV,KAAI,OAAO,MAAM,SAChB,KAAI,IAAI,aAAa,CAAC,OAAO,EAAE;AAEhC,KAAI,OAAO,MAAM,SAChB,KAAI,IAAI,aAAa,CAAC,OAAO,EAAE;CAEhC,MAAM,UAAU,IAAI,WAAW,EAAE;CACjC,MAAM,UAAU,IAAI,WAAW,EAAE;CACjC,IAAI,IAAI,QAAQ,SAAS,QAAQ;CACjC,MAAM,SAAS,KAAK,IAAI,QAAQ,QAAQ,QAAQ,OAAO;AACvD,MAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,IAC3B,OACE,IAAI,QAAQ,SAAS,QAAQ,KAAM,MACnC,IAAI,QAAQ,SAAS,QAAQ,KAAM;AAEtC,QAAO,MAAM"}
package/dist/crypto/index.d.mts ADDED
@@ -0,0 +1,27 @@
1
+ import { constantTimeEqual } from "./buffer.mjs";
2
+ import { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT } from "./jwt.mjs";
3
+ import { hashPassword, verifyPassword } from "./password.mjs";
4
+ import { generateRandomString } from "./random.mjs";
5
+
6
+ //#region src/crypto/index.d.ts
7
+ type SymmetricEncryptOptions = {
8
+ key: string;
9
+ data: string;
10
+ };
11
+ declare const symmetricEncrypt: ({
12
+ key,
13
+ data
14
+ }: SymmetricEncryptOptions) => Promise<string>;
15
+ type SymmetricDecryptOptions = {
16
+ key: string;
17
+ data: string;
18
+ };
19
+ declare const symmetricDecrypt: ({
20
+ key,
21
+ data
22
+ }: SymmetricDecryptOptions) => Promise<string>;
23
+ declare const getCryptoKey: (secret: string | BufferSource) => Promise<CryptoKey>;
24
+ declare const makeSignature: (value: string, secret: string | BufferSource) => Promise<string>;
25
+ //#endregion
26
+ export { SymmetricDecryptOptions, SymmetricEncryptOptions, constantTimeEqual, generateRandomString, getCryptoKey, hashPassword, makeSignature, signJWT, symmetricDecodeJWT, symmetricDecrypt, symmetricEncodeJWT, symmetricEncrypt, verifyJWT, verifyPassword };
27
+ //# sourceMappingURL=index.d.mts.map
package/dist/crypto/index.mjs ADDED
@@ -0,0 +1,38 @@
1
+ import { constantTimeEqual } from "./buffer.mjs";
2
+ import { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT } from "./jwt.mjs";
3
+ import { hashPassword, verifyPassword } from "./password.mjs";
4
+ import { generateRandomString } from "./random.mjs";
5
+ import { createHash } from "@better-auth/utils/hash";
6
+ import { getWebcryptoSubtle } from "@better-auth/utils";
7
+ import { xchacha20poly1305 } from "@noble/ciphers/chacha.js";
8
+ import { bytesToHex, hexToBytes, managedNonce, utf8ToBytes } from "@noble/ciphers/utils.js";
9
+
10
+ //#region src/crypto/index.ts
11
+ const algorithm = {
12
+ name: "HMAC",
13
+ hash: "SHA-256"
14
+ };
15
+ const symmetricEncrypt = async ({ key, data }) => {
16
+ const keyAsBytes = await createHash("SHA-256").digest(key);
17
+ const dataAsBytes = utf8ToBytes(data);
18
+ return bytesToHex(managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes)).encrypt(dataAsBytes));
19
+ };
20
+ const symmetricDecrypt = async ({ key, data }) => {
21
+ const keyAsBytes = await createHash("SHA-256").digest(key);
22
+ const dataAsBytes = hexToBytes(data);
23
+ const chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));
24
+ return new TextDecoder().decode(chacha.decrypt(dataAsBytes));
25
+ };
26
+ const getCryptoKey = async (secret) => {
27
+ const secretBuf = typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
28
+ return await getWebcryptoSubtle().importKey("raw", secretBuf, algorithm, false, ["sign", "verify"]);
29
+ };
30
+ const makeSignature = async (value, secret) => {
31
+ const key = await getCryptoKey(secret);
32
+ const signature = await getWebcryptoSubtle().sign(algorithm.name, key, new TextEncoder().encode(value));
33
+ return btoa(String.fromCharCode(...new Uint8Array(signature)));
34
+ };
35
+
36
+ //#endregion
37
+ export { constantTimeEqual, generateRandomString, getCryptoKey, hashPassword, makeSignature, signJWT, symmetricDecodeJWT, symmetricDecrypt, symmetricEncodeJWT, symmetricEncrypt, verifyJWT, verifyPassword };
38
+ //# sourceMappingURL=index.mjs.map
package/dist/crypto/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.mjs","names":[],"sources":["../../src/crypto/index.ts"],"sourcesContent":["import { getWebcryptoSubtle } from \"@better-auth/utils\";\nimport { createHash } from \"@better-auth/utils/hash\";\nimport { xchacha20poly1305 } from \"@noble/ciphers/chacha.js\";\nimport {\n\tbytesToHex,\n\thexToBytes,\n\tmanagedNonce,\n\tutf8ToBytes,\n} from \"@noble/ciphers/utils.js\";\n\nconst algorithm = { name: \"HMAC\", hash: \"SHA-256\" };\n\nexport type SymmetricEncryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricEncrypt = async ({\n\tkey,\n\tdata,\n}: SymmetricEncryptOptions) => {\n\tconst keyAsBytes = await createHash(\"SHA-256\").digest(key);\n\tconst dataAsBytes = utf8ToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));\n\treturn bytesToHex(chacha.encrypt(dataAsBytes));\n};\n\nexport type SymmetricDecryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricDecrypt = async ({\n\tkey,\n\tdata,\n}: SymmetricDecryptOptions) => {\n\tconst keyAsBytes = await createHash(\"SHA-256\").digest(key);\n\tconst dataAsBytes = hexToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));\n\treturn new TextDecoder().decode(chacha.decrypt(dataAsBytes));\n};\n\nexport const getCryptoKey = async (secret: string | BufferSource) => {\n\tconst secretBuf =\n\t\ttypeof secret === \"string\" ? new TextEncoder().encode(secret) : secret;\n\treturn await getWebcryptoSubtle().importKey(\n\t\t\"raw\",\n\t\tsecretBuf,\n\t\talgorithm,\n\t\tfalse,\n\t\t[\"sign\", \"verify\"],\n\t);\n};\n\nexport const makeSignature = async (\n\tvalue: string,\n\tsecret: string | BufferSource,\n): Promise<string> => {\n\tconst key = await getCryptoKey(secret);\n\tconst signature = await getWebcryptoSubtle().sign(\n\t\talgorithm.name,\n\t\tkey,\n\t\tnew TextEncoder().encode(value),\n\t);\n\t// the returned base64 encoded signature will always be 44 characters long and end with one or two equal signs\n\treturn btoa(String.fromCharCode(...new Uint8Array(signature)));\n};\n\nexport * from \"./buffer\";\nexport * from \"./jwt\";\nexport * from \"./password\";\nexport * from \"./random\";\n"],"mappings":";;;;;;;;;;AAUA,MAAM,YAAY;CAAE,MAAM;CAAQ,MAAM;CAAW;AAOnD,MAAa,mBAAmB,OAAO,EACtC,KACA,WAC8B;CAC9B,MAAM,aAAa,MAAM,WAAW,UAAU,CAAC,OAAO,IAAI;CAC1D,MAAM,cAAc,YAAY,KAAK;AAErC,QAAO,WADQ,aAAa,kBAAkB,CAAC,IAAI,WAAW,WAAW,CAAC,CACjD,QAAQ,YAAY,CAAC;;AAQ/C,MAAa,mBAAmB,OAAO,EACtC,KACA,WAC8B;CAC9B,MAAM,aAAa,MAAM,WAAW,UAAU,CAAC,OAAO,IAAI;CAC1D,MAAM,cAAc,WAAW,KAAK;CACpC,MAAM,SAAS,aAAa,kBAAkB,CAAC,IAAI,WAAW,WAAW,CAAC;AAC1E,QAAO,IAAI,aAAa,CAAC,OAAO,OAAO,QAAQ,YAAY,CAAC;;AAG7D,MAAa,eAAe,OAAO,WAAkC;CACpE,MAAM,YACL,OAAO,WAAW,WAAW,IAAI,aAAa,CAAC,OAAO,OAAO,GAAG;AACjE,QAAO,MAAM,oBAAoB,CAAC,UACjC,OACA,WACA,WACA,OACA,CAAC,QAAQ,SAAS,CAClB;;AAGF,MAAa,gBAAgB,OAC5B,OACA,WACqB;CACrB,MAAM,MAAM,MAAM,aAAa,OAAO;CACtC,MAAM,YAAY,MAAM,oBAAoB,CAAC,KAC5C,UAAU,MACV,KACA,IAAI,aAAa,CAAC,OAAO,MAAM,CAC/B;AAED,QAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,UAAU,CAAC,CAAC"}
package/dist/crypto/jwt.d.mts ADDED
@@ -0,0 +1,8 @@
1
+ //#region src/crypto/jwt.d.ts
2
+ declare function signJWT(payload: any, secret: string, expiresIn?: number): Promise<string>;
3
+ declare function verifyJWT<T = any>(token: string, secret: string): Promise<T | null>;
4
+ declare function symmetricEncodeJWT<T extends Record<string, any>>(payload: T, secret: string, salt: string, expiresIn?: number): Promise<string>;
5
+ declare function symmetricDecodeJWT<T = any>(token: string, secret: string, salt: string): Promise<T | null>;
6
+ //#endregion
7
+ export { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT };
8
+ //# sourceMappingURL=jwt.d.mts.map
package/dist/crypto/jwt.mjs ADDED
@@ -0,0 +1,95 @@
1
+ import { hkdf } from "@noble/hashes/hkdf.js";
2
+ import { sha256 } from "@noble/hashes/sha2.js";
3
+ import { EncryptJWT, SignJWT, base64url, calculateJwkThumbprint, jwtDecrypt, jwtVerify } from "jose";
4
+
5
+ //#region src/crypto/jwt.ts
6
+ async function signJWT(payload, secret, expiresIn = 3600) {
7
+ return await new SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(Math.floor(Date.now() / 1e3) + expiresIn).sign(new TextEncoder().encode(secret));
8
+ }
9
+ async function verifyJWT(token, secret) {
10
+ try {
11
+ return (await jwtVerify(token, new TextEncoder().encode(secret))).payload;
12
+ } catch {
13
+ return null;
14
+ }
15
+ }
16
+ const info = new Uint8Array([
17
+ 66,
18
+ 101,
19
+ 116,
20
+ 116,
21
+ 101,
22
+ 114,
23
+ 65,
24
+ 117,
25
+ 116,
26
+ 104,
27
+ 46,
28
+ 106,
29
+ 115,
30
+ 32,
31
+ 71,
32
+ 101,
33
+ 110,
34
+ 101,
35
+ 114,
36
+ 97,
37
+ 116,
38
+ 101,
39
+ 100,
40
+ 32,
41
+ 69,
42
+ 110,
43
+ 99,
44
+ 114,
45
+ 121,
46
+ 112,
47
+ 116,
48
+ 105,
49
+ 111,
50
+ 110,
51
+ 32,
52
+ 75,
53
+ 101,
54
+ 121
55
+ ]);
56
+ const now = () => Date.now() / 1e3 | 0;
57
+ const alg = "dir";
58
+ const enc = "A256CBC-HS512";
59
+ async function symmetricEncodeJWT(payload, secret, salt, expiresIn = 3600) {
60
+ const encryptionSecret = hkdf(sha256, new TextEncoder().encode(secret), new TextEncoder().encode(salt), info, 64);
61
+ const thumbprint = await calculateJwkThumbprint({
62
+ kty: "oct",
63
+ k: base64url.encode(encryptionSecret)
64
+ }, "sha256");
65
+ return await new EncryptJWT(payload).setProtectedHeader({
66
+ alg,
67
+ enc,
68
+ kid: thumbprint
69
+ }).setIssuedAt().setExpirationTime(now() + expiresIn).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
70
+ }
71
+ async function symmetricDecodeJWT(token, secret, salt) {
72
+ if (!token) return null;
73
+ try {
74
+ const { payload } = await jwtDecrypt(token, async ({ kid }) => {
75
+ const encryptionSecret = hkdf(sha256, new TextEncoder().encode(secret), new TextEncoder().encode(salt), info, 64);
76
+ if (kid === void 0) return encryptionSecret;
77
+ if (kid === await calculateJwkThumbprint({
78
+ kty: "oct",
79
+ k: base64url.encode(encryptionSecret)
80
+ }, "sha256")) return encryptionSecret;
81
+ throw new Error("no matching decryption secret");
82
+ }, {
83
+ clockTolerance: 15,
84
+ keyManagementAlgorithms: [alg],
85
+ contentEncryptionAlgorithms: [enc, "A256GCM"]
86
+ });
87
+ return payload;
88
+ } catch {
89
+ return null;
90
+ }
91
+ }
92
+
93
+ //#endregion
94
+ export { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT };
95
+ //# sourceMappingURL=jwt.mjs.map
package/dist/crypto/jwt.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwt.mjs","names":[],"sources":["../../src/crypto/jwt.ts"],"sourcesContent":["import { hkdf } from \"@noble/hashes/hkdf.js\";\nimport { sha256 } from \"@noble/hashes/sha2.js\";\nimport {\n\tbase64url,\n\tcalculateJwkThumbprint,\n\tEncryptJWT,\n\tjwtDecrypt,\n\tjwtVerify,\n\tSignJWT,\n} from \"jose\";\n\nexport async function signJWT(\n\tpayload: any,\n\tsecret: string,\n\texpiresIn: number = 3600,\n): Promise<string> {\n\tconst jwt = await new SignJWT(payload)\n\t\t.setProtectedHeader({ alg: \"HS256\" })\n\t\t.setIssuedAt()\n\t\t.setExpirationTime(Math.floor(Date.now() / 1000) + expiresIn)\n\t\t.sign(new TextEncoder().encode(secret));\n\n\treturn jwt;\n}\n\nexport async function verifyJWT<T = any>(\n\ttoken: string,\n\tsecret: string,\n): Promise<T | null> {\n\ttry {\n\t\tconst verified = await jwtVerify(token, new TextEncoder().encode(secret));\n\t\treturn verified.payload as T;\n\t} catch {\n\t\treturn null;\n\t}\n}\n\n// \"BetterAuth.js Generated Encryption Key\"\nconst info: Uint8Array = new Uint8Array([\n\t66, 101, 116, 116, 101, 114, 65, 117, 116, 104, 46, 106, 115, 32, 71, 101,\n\t110, 101, 114, 97, 116, 101, 100, 32, 69, 110, 99, 114, 121, 112, 116, 105,\n\t111, 110, 32, 75, 101, 121,\n]);\n\nconst now = () => (Date.now() / 1000) | 0;\n\nconst alg = \"dir\";\nconst enc = \"A256CBC-HS512\"; // 64 bytes key\n\nexport async function symmetricEncodeJWT<T extends Record<string, any>>(\n\tpayload: T,\n\tsecret: string,\n\tsalt: string,\n\texpiresIn: number = 3600,\n): Promise<string> {\n\tconst encryptionSecret = hkdf(\n\t\tsha256,\n\t\tnew TextEncoder().encode(secret),\n\t\tnew TextEncoder().encode(salt),\n\t\tinfo,\n\t\t64,\n\t);\n\n\tconst thumbprint = await calculateJwkThumbprint(\n\t\t{ kty: \"oct\", k: base64url.encode(encryptionSecret) },\n\t\t\"sha256\",\n\t);\n\n\treturn await new EncryptJWT(payload)\n\t\t.setProtectedHeader({ alg, enc, kid: thumbprint })\n\t\t.setIssuedAt()\n\t\t.setExpirationTime(now() + expiresIn)\n\t\t.setJti(crypto.randomUUID())\n\t\t.encrypt(encryptionSecret);\n}\n\nexport async function symmetricDecodeJWT<T = any>(\n\ttoken: string,\n\tsecret: string,\n\tsalt: string,\n): Promise<T | null> {\n\tif (!token) return null;\n\ttry {\n\t\tconst { payload } = await jwtDecrypt(\n\t\t\ttoken,\n\t\t\tasync ({ kid }) => {\n\t\t\t\tconst encryptionSecret = hkdf(\n\t\t\t\t\tsha256,\n\t\t\t\t\tnew TextEncoder().encode(secret),\n\t\t\t\t\tnew TextEncoder().encode(salt),\n\t\t\t\t\tinfo,\n\t\t\t\t\t64,\n\t\t\t\t);\n\t\t\t\tif (kid === undefined) return encryptionSecret;\n\n\t\t\t\tconst thumbprint = await calculateJwkThumbprint(\n\t\t\t\t\t{ kty: \"oct\", k: base64url.encode(encryptionSecret) },\n\t\t\t\t\t\"sha256\",\n\t\t\t\t);\n\t\t\t\tif (kid === thumbprint) return encryptionSecret;\n\n\t\t\t\tthrow new Error(\"no matching decryption secret\");\n\t\t\t},\n\t\t\t{\n\t\t\t\tclockTolerance: 15,\n\t\t\t\tkeyManagementAlgorithms: [alg],\n\t\t\t\tcontentEncryptionAlgorithms: [enc, \"A256GCM\"],\n\t\t\t},\n\t\t);\n\t\treturn payload as T;\n\t} catch {\n\t\treturn null;\n\t}\n}\n"],"mappings":";;;;;AAWA,eAAsB,QACrB,SACA,QACA,YAAoB,MACF;AAOlB,QANY,MAAM,IAAI,QAAQ,QAAQ,CACpC,mBAAmB,EAAE,KAAK,SAAS,CAAC,CACpC,aAAa,CACb,kBAAkB,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK,GAAG,UAAU,CAC5D,KAAK,IAAI,aAAa,CAAC,OAAO,OAAO,CAAC;;AAKzC,eAAsB,UACrB,OACA,QACoB;AACpB,KAAI;AAEH,UADiB,MAAM,UAAU,OAAO,IAAI,aAAa,CAAC,OAAO,OAAO,CAAC,EACzD;SACT;AACP,SAAO;;;AAKT,MAAM,OAAmB,IAAI,WAAW;CACvC;CAAI;CAAK;CAAK;CAAK;CAAK;CAAK;CAAI;CAAK;CAAK;CAAK;CAAI;CAAK;CAAK;CAAI;CAAI;CACtE;CAAK;CAAK;CAAK;CAAI;CAAK;CAAK;CAAK;CAAI;CAAI;CAAK;CAAI;CAAK;CAAK;CAAK;CAAK;CACvE;CAAK;CAAK;CAAI;CAAI;CAAK;CACvB,CAAC;AAEF,MAAM,YAAa,KAAK,KAAK,GAAG,MAAQ;AAExC,MAAM,MAAM;AACZ,MAAM,MAAM;AAEZ,eAAsB,mBACrB,SACA,QACA,MACA,YAAoB,MACF;CAClB,MAAM,mBAAmB,KACxB,QACA,IAAI,aAAa,CAAC,OAAO,OAAO,EAChC,IAAI,aAAa,CAAC,OAAO,KAAK,EAC9B,MACA,GACA;CAED,MAAM,aAAa,MAAM,uBACxB;EAAE,KAAK;EAAO,GAAG,UAAU,OAAO,iBAAiB;EAAE,EACrD,SACA;AAED,QAAO,MAAM,IAAI,WAAW,QAAQ,CAClC,mBAAmB;EAAE;EAAK;EAAK,KAAK;EAAY,CAAC,CACjD,aAAa,CACb,kBAAkB,KAAK,GAAG,UAAU,CACpC,OAAO,OAAO,YAAY,CAAC,CAC3B,QAAQ,iBAAiB;;AAG5B,eAAsB,mBACrB,OACA,QACA,MACoB;AACpB,KAAI,CAAC,MAAO,QAAO;AACnB,KAAI;EACH,MAAM,EAAE,YAAY,MAAM,WACzB,OACA,OAAO,EAAE,UAAU;GAClB,MAAM,mBAAmB,KACxB,QACA,IAAI,aAAa,CAAC,OAAO,OAAO,EAChC,IAAI,aAAa,CAAC,OAAO,KAAK,EAC9B,MACA,GACA;AACD,OAAI,QAAQ,OAAW,QAAO;AAM9B,OAAI,QAJe,MAAM,uBACxB;IAAE,KAAK;IAAO,GAAG,UAAU,OAAO,iBAAiB;IAAE,EACrD,SACA,CACuB,QAAO;AAE/B,SAAM,IAAI,MAAM,gCAAgC;KAEjD;GACC,gBAAgB;GAChB,yBAAyB,CAAC,IAAI;GAC9B,6BAA6B,CAAC,KAAK,UAAU;GAC7C,CACD;AACD,SAAO;SACA;AACP,SAAO"}
package/dist/crypto/password.d.mts ADDED
@@ -0,0 +1,12 @@
1
+ //#region src/crypto/password.d.ts
2
+ declare const hashPassword: (password: string) => Promise<string>;
3
+ declare const verifyPassword: ({
4
+ hash,
5
+ password
6
+ }: {
7
+ hash: string;
8
+ password: string;
9
+ }) => Promise<boolean>;
10
+ //#endregion
11
+ export { hashPassword, verifyPassword };
12
+ //# sourceMappingURL=password.d.mts.map
package/dist/crypto/password.mjs ADDED
@@ -0,0 +1,36 @@
1
+ import { constantTimeEqual } from "./buffer.mjs";
2
+ import { BetterAuthError } from "@better-auth/core/error";
3
+ import { hex } from "@better-auth/utils/hex";
4
+ import { scryptAsync } from "@noble/hashes/scrypt.js";
5
+ import { hexToBytes } from "@noble/hashes/utils.js";
6
+
7
+ //#region src/crypto/password.ts
8
+ const config = {
9
+ N: 16384,
10
+ r: 16,
11
+ p: 1,
12
+ dkLen: 64
13
+ };
14
+ async function generateKey(password, salt) {
15
+ return await scryptAsync(password.normalize("NFKC"), salt, {
16
+ N: config.N,
17
+ p: config.p,
18
+ r: config.r,
19
+ dkLen: config.dkLen,
20
+ maxmem: 128 * config.N * config.r * 2
21
+ });
22
+ }
23
+ const hashPassword = async (password) => {
24
+ const salt = hex.encode(crypto.getRandomValues(new Uint8Array(16)));
25
+ const key = await generateKey(password, salt);
26
+ return `${salt}:${hex.encode(key)}`;
27
+ };
28
+ const verifyPassword = async ({ hash, password }) => {
29
+ const [salt, key] = hash.split(":");
30
+ if (!salt || !key) throw new BetterAuthError("Invalid password hash");
31
+ return constantTimeEqual(await generateKey(password, salt), hexToBytes(key));
32
+ };
33
+
34
+ //#endregion
35
+ export { hashPassword, verifyPassword };
36
+ //# sourceMappingURL=password.mjs.map
package/dist/crypto/password.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"password.mjs","names":[],"sources":["../../src/crypto/password.ts"],"sourcesContent":["import { BetterAuthError } from \"@better-auth/core/error\";\nimport { hex } from \"@better-auth/utils/hex\";\nimport { scryptAsync } from \"@noble/hashes/scrypt.js\";\nimport { hexToBytes } from \"@noble/hashes/utils.js\";\nimport { constantTimeEqual } from \"./buffer\";\n\nconst config = {\n\tN: 16384,\n\tr: 16,\n\tp: 1,\n\tdkLen: 64,\n};\n\nasync function generateKey(password: string, salt: string) {\n\treturn await scryptAsync(password.normalize(\"NFKC\"), salt, {\n\t\tN: config.N,\n\t\tp: config.p,\n\t\tr: config.r,\n\t\tdkLen: config.dkLen,\n\t\tmaxmem: 128 * config.N * config.r * 2,\n\t});\n}\n\nexport const hashPassword = async (password: string) => {\n\tconst salt = hex.encode(crypto.getRandomValues(new Uint8Array(16)));\n\tconst key = await generateKey(password, salt);\n\treturn `${salt}:${hex.encode(key)}`;\n};\n\nexport const verifyPassword = async ({\n\thash,\n\tpassword,\n}: {\n\thash: string;\n\tpassword: string;\n}) => {\n\tconst [salt, key] = hash.split(\":\");\n\tif (!salt || !key) {\n\t\tthrow new BetterAuthError(\"Invalid password hash\");\n\t}\n\tconst targetKey = await generateKey(password, salt!);\n\treturn constantTimeEqual(targetKey, hexToBytes(key));\n};\n"],"mappings":";;;;;;;AAMA,MAAM,SAAS;CACd,GAAG;CACH,GAAG;CACH,GAAG;CACH,OAAO;CACP;AAED,eAAe,YAAY,UAAkB,MAAc;AAC1D,QAAO,MAAM,YAAY,SAAS,UAAU,OAAO,EAAE,MAAM;EAC1D,GAAG,OAAO;EACV,GAAG,OAAO;EACV,GAAG,OAAO;EACV,OAAO,OAAO;EACd,QAAQ,MAAM,OAAO,IAAI,OAAO,IAAI;EACpC,CAAC;;AAGH,MAAa,eAAe,OAAO,aAAqB;CACvD,MAAM,OAAO,IAAI,OAAO,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC;CACnE,MAAM,MAAM,MAAM,YAAY,UAAU,KAAK;AAC7C,QAAO,GAAG,KAAK,GAAG,IAAI,OAAO,IAAI;;AAGlC,MAAa,iBAAiB,OAAO,EACpC,MACA,eAIK;CACL,MAAM,CAAC,MAAM,OAAO,KAAK,MAAM,IAAI;AACnC,KAAI,CAAC,QAAQ,CAAC,IACb,OAAM,IAAI,gBAAgB,wBAAwB;AAGnD,QAAO,kBADW,MAAM,YAAY,UAAU,KAAM,EAChB,WAAW,IAAI,CAAC"}
package/dist/crypto/random.d.mts ADDED
@@ -0,0 +1,5 @@
1
+ //#region src/crypto/random.d.ts
2
+ declare const generateRandomString: <SubA extends "a-z" | "A-Z" | "0-9" | "-_">(length: number, ...alphabets: SubA[]) => string;
3
+ //#endregion
4
+ export { generateRandomString };
5
+ //# sourceMappingURL=random.d.mts.map
package/dist/crypto/random.mjs ADDED
@@ -0,0 +1,8 @@
1
+ import { createRandomStringGenerator } from "@better-auth/utils/random";
2
+
3
+ //#region src/crypto/random.ts
4
+ const generateRandomString = createRandomStringGenerator("a-z", "0-9", "A-Z", "-_");
5
+
6
+ //#endregion
7
+ export { generateRandomString };
8
+ //# sourceMappingURL=random.mjs.map
package/dist/crypto/random.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"random.mjs","names":[],"sources":["../../src/crypto/random.ts"],"sourcesContent":["import { createRandomStringGenerator } from \"@better-auth/utils/random\";\nexport const generateRandomString = createRandomStringGenerator(\n\t\"a-z\",\n\t\"0-9\",\n\t\"A-Z\",\n\t\"-_\",\n);\n"],"mappings":";;;AACA,MAAa,uBAAuB,4BACnC,OACA,OACA,OACA,KACA"}
package/dist/db/adapter-base.d.mts ADDED
@@ -0,0 +1,8 @@
1
+ import { BetterAuthOptions } from "@better-auth/core";
2
+ import { DBAdapter } from "@better-auth/core/db/adapter";
3
+
4
+ //#region src/db/adapter-base.d.ts
5
+ declare function getBaseAdapter(options: BetterAuthOptions, handleDirectDatabase: (options: BetterAuthOptions) => Promise<DBAdapter<BetterAuthOptions>>): Promise<DBAdapter<BetterAuthOptions>>;
6
+ //#endregion
7
+ export { getBaseAdapter };
8
+ //# sourceMappingURL=adapter-base.d.mts.map
package/dist/db/adapter-base.mjs ADDED
@@ -0,0 +1,19 @@
1
+ import { logger } from "@better-auth/core/env";
2
+
3
+ //#region src/db/adapter-base.ts
4
+ async function getBaseAdapter(options, handleDirectDatabase) {
5
+ let adapter;
6
+ if (typeof options.database === "function") adapter = options.database(options);
7
+ else adapter = await handleDirectDatabase(options);
8
+ if (!adapter.transaction) {
9
+ logger.warn("Adapter does not correctly implement transaction function, patching it automatically. Please update your adapter implementation.");
10
+ adapter.transaction = async (cb) => {
11
+ return cb(adapter);
12
+ };
13
+ }
14
+ return adapter;
15
+ }
16
+
17
+ //#endregion
18
+ export { getBaseAdapter };
19
+ //# sourceMappingURL=adapter-base.mjs.map
package/dist/db/adapter-base.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"adapter-base.mjs","names":[],"sources":["../../src/db/adapter-base.ts"],"sourcesContent":["import type { BetterAuthOptions } from \"@better-auth/core\"\nimport type { DBAdapter } from \"@better-auth/core/db/adapter\"\nimport { logger } from \"@better-auth/core/env\"\n\nexport async function getBaseAdapter(\n\toptions: BetterAuthOptions,\n\thandleDirectDatabase: (\n\t\toptions: BetterAuthOptions,\n\t) => Promise<DBAdapter<BetterAuthOptions>>,\n): Promise<DBAdapter<BetterAuthOptions>> {\n\tlet adapter: DBAdapter<BetterAuthOptions>;\n\n\tif (typeof options.database === \"function\") {\n\t\tadapter = options.database(options);\n\t} else {\n\t\tadapter = await handleDirectDatabase(options);\n\t}\n\n\t// patch for 1.3.x to ensure we have a transaction function in the adapter\n\tif (!adapter.transaction) {\n\t\tlogger.warn(\n\t\t\t\"Adapter does not correctly implement transaction function, patching it automatically. Please update your adapter implementation.\",\n\t\t);\n\t\tadapter.transaction = async (cb) => {\n\t\t\treturn cb(adapter);\n\t\t};\n\t}\n\n\treturn adapter;\n}\n"],"mappings":";;;AAIA,eAAsB,eACrB,SACA,sBAGwC;CACxC,IAAI;AAEJ,KAAI,OAAO,QAAQ,aAAa,WAC/B,WAAU,QAAQ,SAAS,QAAQ;KAEnC,WAAU,MAAM,qBAAqB,QAAQ;AAI9C,KAAI,CAAC,QAAQ,aAAa;AACzB,SAAO,KACN,mIACA;AACD,UAAQ,cAAc,OAAO,OAAO;AACnC,UAAO,GAAG,QAAQ;;;AAIpB,QAAO"}
package/dist/db/field-converter.d.mts ADDED
@@ -0,0 +1,8 @@
1
+ import { DBFieldAttribute } from "@better-auth/core/db";
2
+
3
+ //#region src/db/field-converter.d.ts
4
+ declare function convertToDB<T extends Record<string, any>>(fields: Record<string, DBFieldAttribute>, values: T): T;
5
+ declare function convertFromDB<T extends Record<string, any>>(fields: Record<string, DBFieldAttribute>, values: T | null): T | null;
6
+ //#endregion
7
+ export { convertFromDB, convertToDB };
8
+ //# sourceMappingURL=field-converter.d.mts.map
package/dist/db/field-converter.mjs ADDED
@@ -0,0 +1,21 @@
1
+ //#region src/db/field-converter.ts
2
+ function convertToDB(fields, values) {
3
+ const result = values.id ? { id: values.id } : {};
4
+ for (const key in fields) {
5
+ const field = fields[key];
6
+ const value = values[key];
7
+ if (value === void 0) continue;
8
+ result[field.fieldName || key] = value;
9
+ }
10
+ return result;
11
+ }
12
+ function convertFromDB(fields, values) {
13
+ if (!values) return null;
14
+ const result = { id: values.id };
15
+ for (const [key, value] of Object.entries(fields)) result[key] = values[value.fieldName || key];
16
+ return result;
17
+ }
18
+
19
+ //#endregion
20
+ export { convertFromDB, convertToDB };
21
+ //# sourceMappingURL=field-converter.mjs.map
package/dist/db/field-converter.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"field-converter.mjs","names":[],"sources":["../../src/db/field-converter.ts"],"sourcesContent":["import type { DBFieldAttribute } from \"@better-auth/core/db\";\n\nexport function convertToDB<T extends Record<string, any>>(\n\tfields: Record<string, DBFieldAttribute>,\n\tvalues: T,\n) {\n\tconst result: Record<string, any> = values.id\n\t\t? {\n\t\t\t\tid: values.id,\n\t\t\t}\n\t\t: {};\n\tfor (const key in fields) {\n\t\tconst field = fields[key]!;\n\t\tconst value = values[key];\n\t\tif (value === undefined) {\n\t\t\tcontinue;\n\t\t}\n\t\tresult[field.fieldName || key] = value;\n\t}\n\treturn result as T;\n}\n\nexport function convertFromDB<T extends Record<string, any>>(\n\tfields: Record<string, DBFieldAttribute>,\n\tvalues: T | null,\n) {\n\tif (!values) {\n\t\treturn null;\n\t}\n\tconst result: Record<string, any> = {\n\t\tid: values.id,\n\t};\n\tfor (const [key, value] of Object.entries(fields)) {\n\t\tresult[key] = values[value.fieldName || key];\n\t}\n\treturn result as T;\n}\n"],"mappings":";AAEA,SAAgB,YACf,QACA,QACC;CACD,MAAM,SAA8B,OAAO,KACxC,EACA,IAAI,OAAO,IACX,GACA,EAAE;AACL,MAAK,MAAM,OAAO,QAAQ;EACzB,MAAM,QAAQ,OAAO;EACrB,MAAM,QAAQ,OAAO;AACrB,MAAI,UAAU,OACb;AAED,SAAO,MAAM,aAAa,OAAO;;AAElC,QAAO;;AAGR,SAAgB,cACf,QACA,QACC;AACD,KAAI,CAAC,OACJ,QAAO;CAER,MAAM,SAA8B,EACnC,IAAI,OAAO,IACX;AACD,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,OAAO,CAChD,QAAO,OAAO,OAAO,MAAM,aAAa;AAEzC,QAAO"}