@sirketio/auth 0.0.1

package/dist/plugins/bearer/index.d.mts

@@ -0,0 +1,45 @@
+import * as _better_auth_core0 from "@better-auth/core";
+import * as better_call0 from "better-call";
+
+//#region src/plugins/bearer/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    bearer: {
+      creator: typeof bearer;
+    };
+  }
+}
+interface BearerOptions {
+  /**
+   * If true, only signed tokens
+   * will be converted to session
+   * cookies
+   *
+   * @default false
+   */
+  requireSignature?: boolean | undefined;
+}
+/**
+ * Converts bearer token to session cookie
+ */
+declare const bearer: (options?: BearerOptions | undefined) => {
+  id: "bearer";
+  hooks: {
+    before: {
+      matcher(context: _better_auth_core0.HookEndpointContext): boolean;
+      handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
+        context: {
+          headers: Headers;
+        };
+      } | undefined>;
+    }[];
+    after: {
+      matcher(context: _better_auth_core0.HookEndpointContext): true;
+      handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<void>;
+    }[];
+  };
+  options: BearerOptions | undefined;
+};
+//#endregion
+export { BearerOptions, bearer };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/bearer/index.mjs

@@ -0,0 +1,66 @@
+import { parseSetCookieHeader } from "../../cookies/cookie-utils.mjs";
+import "../../cookies/index.mjs";
+import { serializeSignedCookie } from "better-call";
+import { createAuthMiddleware } from "@better-auth/core/api";
+import { createHMAC } from "@better-auth/utils/hmac";
+
+//#region src/plugins/bearer/index.ts
+/**
+* Converts bearer token to session cookie
+*/
+const bearer = (options) => {
+	return {
+		id: "bearer",
+		hooks: {
+			before: [{
+				matcher(context) {
+					return Boolean(context.request?.headers.get("authorization") || context.headers?.get("authorization"));
+				},
+				handler: createAuthMiddleware(async (c) => {
+					const token = c.request?.headers.get("authorization")?.replace("Bearer ", "") || c.headers?.get("Authorization")?.replace("Bearer ", "");
+					if (!token) return;
+					let signedToken = "";
+					if (token.includes(".")) signedToken = token.replace("=", "");
+					else {
+						if (options?.requireSignature) return;
+						signedToken = (await serializeSignedCookie("", token, c.context.secret)).replace("=", "");
+					}
+					try {
+						const decodedToken = decodeURIComponent(signedToken);
+						if (!await createHMAC("SHA-256", "base64urlnopad").verify(c.context.secret, decodedToken.split(".")[0], decodedToken.split(".")[1])) return;
+					} catch {
+						return;
+					}
+					const existingHeaders = c.request?.headers || c.headers;
+					const headers = new Headers({ ...Object.fromEntries(existingHeaders?.entries()) });
+					headers.append("cookie", `${c.context.authCookies.sessionToken.name}=${signedToken}`);
+					return { context: { headers } };
+				})
+			}],
+			after: [{
+				matcher(context) {
+					return true;
+				},
+				handler: createAuthMiddleware(async (ctx) => {
+					const setCookie = ctx.context.responseHeaders?.get("set-cookie");
+					if (!setCookie) return;
+					const parsedCookies = parseSetCookieHeader(setCookie);
+					const cookieName = ctx.context.authCookies.sessionToken.name;
+					const sessionCookie = parsedCookies.get(cookieName);
+					if (!sessionCookie || !sessionCookie.value || sessionCookie["max-age"] === 0) return;
+					const token = sessionCookie.value;
+					const exposedHeaders = ctx.context.responseHeaders?.get("access-control-expose-headers") || "";
+					const headersSet = new Set(exposedHeaders.split(",").map((header) => header.trim()).filter(Boolean));
+					headersSet.add("set-auth-token");
+					ctx.setHeader("set-auth-token", token);
+					ctx.setHeader("Access-Control-Expose-Headers", Array.from(headersSet).join(", "));
+				})
+			}]
+		},
+		options
+	};
+};
+
+//#endregion
+export { bearer };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/bearer/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/bearer/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\nimport { createHMAC } from \"@better-auth/utils/hmac\";\nimport { serializeSignedCookie } from \"better-call\";\nimport { parseSetCookieHeader } from \"../../cookies\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\tbearer: {\n\t\t\tcreator: typeof bearer;\n\t\t};\n\t}\n}\n\nexport interface BearerOptions {\n\t/**\n\t * If true, only signed tokens\n\t * will be converted to session\n\t * cookies\n\t *\n\t * @default false\n\t */\n\trequireSignature?: boolean | undefined;\n}\n\n/**\n * Converts bearer token to session cookie\n */\nexport const bearer = (options?: BearerOptions | undefined) => {\n\treturn {\n\t\tid: \"bearer\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn Boolean(\n\t\t\t\t\t\t\tcontext.request?.headers.get(\"authorization\") ||\n\t\t\t\t\t\t\t\tcontext.headers?.get(\"authorization\"),\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (c) => {\n\t\t\t\t\t\tconst token =\n\t\t\t\t\t\t\tc.request?.headers.get(\"authorization\")?.replace(\"Bearer \", \"\") ||\n\t\t\t\t\t\t\tc.headers?.get(\"Authorization\")?.replace(\"Bearer \", \"\");\n\t\t\t\t\t\tif (!token) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tlet signedToken = \"\";\n\t\t\t\t\t\tif (token.includes(\".\")) {\n\t\t\t\t\t\t\tsignedToken = token.replace(\"=\", \"\");\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tif (options?.requireSignature) {\n\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tsignedToken = (\n\t\t\t\t\t\t\t\tawait serializeSignedCookie(\"\", token, c.context.secret)\n\t\t\t\t\t\t\t).replace(\"=\", \"\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tconst decodedToken = decodeURIComponent(signedToken);\n\t\t\t\t\t\t\tconst isValid = await createHMAC(\n\t\t\t\t\t\t\t\t\"SHA-256\",\n\t\t\t\t\t\t\t\t\"base64urlnopad\",\n\t\t\t\t\t\t\t).verify(\n\t\t\t\t\t\t\t\tc.context.secret,\n\t\t\t\t\t\t\t\tdecodedToken.split(\".\")[0]!,\n\t\t\t\t\t\t\t\tdecodedToken.split(\".\")[1]!,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\tif (!isValid) {\n\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t} catch {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst existingHeaders = (c.request?.headers ||\n\t\t\t\t\t\t\tc.headers) as Headers;\n\t\t\t\t\t\tconst headers = new Headers({\n\t\t\t\t\t\t\t...Object.fromEntries(existingHeaders?.entries()),\n\t\t\t\t\t\t});\n\t\t\t\t\t\theaders.append(\n\t\t\t\t\t\t\t\"cookie\",\n\t\t\t\t\t\t\t`${c.context.authCookies.sessionToken.name}=${signedToken}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\tcontext: {\n\t\t\t\t\t\t\t\theaders,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t};\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst setCookie = ctx.context.responseHeaders?.get(\"set-cookie\");\n\t\t\t\t\t\tif (!setCookie) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst parsedCookies = parseSetCookieHeader(setCookie);\n\t\t\t\t\t\tconst cookieName = ctx.context.authCookies.sessionToken.name;\n\t\t\t\t\t\tconst sessionCookie = parsedCookies.get(cookieName);\n\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t!sessionCookie ||\n\t\t\t\t\t\t\t!sessionCookie.value ||\n\t\t\t\t\t\t\tsessionCookie[\"max-age\"] === 0\n\t\t\t\t\t\t) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst token = sessionCookie.value;\n\t\t\t\t\t\tconst exposedHeaders =\n\t\t\t\t\t\t\tctx.context.responseHeaders?.get(\n\t\t\t\t\t\t\t\t\"access-control-expose-headers\",\n\t\t\t\t\t\t\t) || \"\";\n\t\t\t\t\t\tconst headersSet = new Set(\n\t\t\t\t\t\t\texposedHeaders\n\t\t\t\t\t\t\t\t.split(\",\")\n\t\t\t\t\t\t\t\t.map((header) => header.trim())\n\t\t\t\t\t\t\t\t.filter(Boolean),\n\t\t\t\t\t\t);\n\t\t\t\t\t\theadersSet.add(\"set-auth-token\");\n\t\t\t\t\t\tctx.setHeader(\"set-auth-token\", token);\n\t\t\t\t\t\tctx.setHeader(\n\t\t\t\t\t\t\t\"Access-Control-Expose-Headers\",\n\t\t\t\t\t\t\tArray.from(headersSet).join(\", \"),\n\t\t\t\t\t\t);\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\toptions,\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;;;;AA4BA,MAAa,UAAU,YAAwC;AAC9D,QAAO;EACN,IAAI;EACJ,OAAO;GACN,QAAQ,CACP;IACC,QAAQ,SAAS;AAChB,YAAO,QACN,QAAQ,SAAS,QAAQ,IAAI,gBAAgB,IAC5C,QAAQ,SAAS,IAAI,gBAAgB,CACtC;;IAEF,SAAS,qBAAqB,OAAO,MAAM;KAC1C,MAAM,QACL,EAAE,SAAS,QAAQ,IAAI,gBAAgB,EAAE,QAAQ,WAAW,GAAG,IAC/D,EAAE,SAAS,IAAI,gBAAgB,EAAE,QAAQ,WAAW,GAAG;AACxD,SAAI,CAAC,MACJ;KAGD,IAAI,cAAc;AAClB,SAAI,MAAM,SAAS,IAAI,CACtB,eAAc,MAAM,QAAQ,KAAK,GAAG;UAC9B;AACN,UAAI,SAAS,iBACZ;AAED,qBACC,MAAM,sBAAsB,IAAI,OAAO,EAAE,QAAQ,OAAO,EACvD,QAAQ,KAAK,GAAG;;AAEnB,SAAI;MACH,MAAM,eAAe,mBAAmB,YAAY;AASpD,UAAI,CARY,MAAM,WACrB,WACA,iBACA,CAAC,OACD,EAAE,QAAQ,QACV,aAAa,MAAM,IAAI,CAAC,IACxB,aAAa,MAAM,IAAI,CAAC,GACxB,CAEA;aAEM;AACP;;KAED,MAAM,kBAAmB,EAAE,SAAS,WACnC,EAAE;KACH,MAAM,UAAU,IAAI,QAAQ,EAC3B,GAAG,OAAO,YAAY,iBAAiB,SAAS,CAAC,EACjD,CAAC;AACF,aAAQ,OACP,UACA,GAAG,EAAE,QAAQ,YAAY,aAAa,KAAK,GAAG,cAC9C;AACD,YAAO,EACN,SAAS,EACR,SACA,EACD;MACA;IACF,CACD;GACD,OAAO,CACN;IACC,QAAQ,SAAS;AAChB,YAAO;;IAER,SAAS,qBAAqB,OAAO,QAAQ;KAC5C,MAAM,YAAY,IAAI,QAAQ,iBAAiB,IAAI,aAAa;AAChE,SAAI,CAAC,UACJ;KAED,MAAM,gBAAgB,qBAAqB,UAAU;KACrD,MAAM,aAAa,IAAI,QAAQ,YAAY,aAAa;KACxD,MAAM,gBAAgB,cAAc,IAAI,WAAW;AACnD,SACC,CAAC,iBACD,CAAC,cAAc,SACf,cAAc,eAAe,EAE7B;KAED,MAAM,QAAQ,cAAc;KAC5B,MAAM,iBACL,IAAI,QAAQ,iBAAiB,IAC5B,gCACA,IAAI;KACN,MAAM,aAAa,IAAI,IACtB,eACE,MAAM,IAAI,CACV,KAAK,WAAW,OAAO,MAAM,CAAC,CAC9B,OAAO,QAAQ,CACjB;AACD,gBAAW,IAAI,iBAAiB;AAChC,SAAI,UAAU,kBAAkB,MAAM;AACtC,SAAI,UACH,iCACA,MAAM,KAAK,WAAW,CAAC,KAAK,KAAK,CACjC;MACA;IACF,CACD;GACD;EACD;EACA"}

package/dist/plugins/captcha/constants.d.mts

@@ -0,0 +1,10 @@
+//#region src/plugins/captcha/constants.d.ts
+declare const Providers: {
+  readonly CLOUDFLARE_TURNSTILE: "cloudflare-turnstile";
+  readonly GOOGLE_RECAPTCHA: "google-recaptcha";
+  readonly HCAPTCHA: "hcaptcha";
+  readonly CAPTCHAFOX: "captchafox";
+};
+//#endregion
+export { Providers };
+//# sourceMappingURL=constants.d.mts.map

package/dist/plugins/captcha/constants.mjs

@@ -0,0 +1,22 @@
+//#region src/plugins/captcha/constants.ts
+const defaultEndpoints = [
+	"/sign-up/email",
+	"/sign-in/email",
+	"/request-password-reset"
+];
+const Providers = {
+	CLOUDFLARE_TURNSTILE: "cloudflare-turnstile",
+	GOOGLE_RECAPTCHA: "google-recaptcha",
+	HCAPTCHA: "hcaptcha",
+	CAPTCHAFOX: "captchafox"
+};
+const siteVerifyMap = {
+	[Providers.CLOUDFLARE_TURNSTILE]: "https://challenges.cloudflare.com/turnstile/v0/siteverify",
+	[Providers.GOOGLE_RECAPTCHA]: "https://www.google.com/recaptcha/api/siteverify",
+	[Providers.HCAPTCHA]: "https://api.hcaptcha.com/siteverify",
+	[Providers.CAPTCHAFOX]: "https://api.captchafox.com/siteverify"
+};
+
+//#endregion
+export { Providers, defaultEndpoints, siteVerifyMap };
+//# sourceMappingURL=constants.mjs.map

package/dist/plugins/captcha/constants.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.mjs","names":[],"sources":["../../../src/plugins/captcha/constants.ts"],"sourcesContent":["import type { Provider } from \"./types\";\n\nexport const defaultEndpoints = [\n\t\"/sign-up/email\",\n\t\"/sign-in/email\",\n\t\"/request-password-reset\",\n];\n\nexport const Providers = {\n\tCLOUDFLARE_TURNSTILE: \"cloudflare-turnstile\",\n\tGOOGLE_RECAPTCHA: \"google-recaptcha\",\n\tHCAPTCHA: \"hcaptcha\",\n\tCAPTCHAFOX: \"captchafox\",\n} as const;\n\nexport const siteVerifyMap: Record<Provider, string> = {\n\t[Providers.CLOUDFLARE_TURNSTILE]:\n\t\t\"https://challenges.cloudflare.com/turnstile/v0/siteverify\",\n\t[Providers.GOOGLE_RECAPTCHA]:\n\t\t\"https://www.google.com/recaptcha/api/siteverify\",\n\t[Providers.HCAPTCHA]: \"https://api.hcaptcha.com/siteverify\",\n\t[Providers.CAPTCHAFOX]: \"https://api.captchafox.com/siteverify\",\n};\n"],"mappings":";AAEA,MAAa,mBAAmB;CAC/B;CACA;CACA;CACA;AAED,MAAa,YAAY;CACxB,sBAAsB;CACtB,kBAAkB;CAClB,UAAU;CACV,YAAY;CACZ;AAED,MAAa,gBAA0C;EACrD,UAAU,uBACV;EACA,UAAU,mBACV;EACA,UAAU,WAAW;EACrB,UAAU,aAAa;CACxB"}

package/dist/plugins/captcha/error-codes.mjs

@@ -0,0 +1,16 @@
+import { defineErrorCodes } from "@better-auth/core/utils/error-codes";
+
+//#region src/plugins/captcha/error-codes.ts
+const EXTERNAL_ERROR_CODES = defineErrorCodes({
+	VERIFICATION_FAILED: "Captcha verification failed",
+	MISSING_RESPONSE: "Missing CAPTCHA response",
+	UNKNOWN_ERROR: "Something went wrong"
+});
+const INTERNAL_ERROR_CODES = defineErrorCodes({
+	MISSING_SECRET_KEY: "Missing secret key",
+	SERVICE_UNAVAILABLE: "CAPTCHA service unavailable"
+});
+
+//#endregion
+export { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES };
+//# sourceMappingURL=error-codes.mjs.map

package/dist/plugins/captcha/error-codes.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-codes.mjs","names":[],"sources":["../../../src/plugins/captcha/error-codes.ts"],"sourcesContent":["// These error codes are returned by the API\nimport { defineErrorCodes } from \"@better-auth/core/utils/error-codes\";\n\nexport const EXTERNAL_ERROR_CODES = defineErrorCodes({\n\tVERIFICATION_FAILED: \"Captcha verification failed\",\n\tMISSING_RESPONSE: \"Missing CAPTCHA response\",\n\tUNKNOWN_ERROR: \"Something went wrong\",\n});\n\n// These error codes are only visible in the server logs\nexport const INTERNAL_ERROR_CODES = defineErrorCodes({\n\tMISSING_SECRET_KEY: \"Missing secret key\",\n\tSERVICE_UNAVAILABLE: \"CAPTCHA service unavailable\",\n});\n"],"mappings":";;;AAGA,MAAa,uBAAuB,iBAAiB;CACpD,qBAAqB;CACrB,kBAAkB;CAClB,eAAe;CACf,CAAC;AAGF,MAAa,uBAAuB,iBAAiB;CACpD,oBAAoB;CACpB,qBAAqB;CACrB,CAAC"}

package/dist/plugins/captcha/index.d.mts

@@ -0,0 +1,21 @@
+import { BaseCaptchaOptions, CaptchaFoxOptions, CaptchaOptions, CloudflareTurnstileOptions, GoogleRecaptchaOptions, HCaptchaOptions, Provider } from "./types.mjs";
+import * as _better_auth_core0 from "@better-auth/core";
+
+//#region src/plugins/captcha/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    captcha: {
+      creator: typeof captcha;
+    };
+  }
+}
+declare const captcha: (options: CaptchaOptions) => {
+  id: "captcha";
+  onRequest: (request: Request, ctx: _better_auth_core0.AuthContext) => Promise<{
+    response: Response;
+  } | undefined>;
+  options: CaptchaOptions;
+};
+//#endregion
+export { BaseCaptchaOptions, CaptchaFoxOptions, CaptchaOptions, CloudflareTurnstileOptions, GoogleRecaptchaOptions, HCaptchaOptions, Provider, captcha };
+//# sourceMappingURL=index.d.mts.map

package/dist/plugins/captcha/index.mjs

@@ -0,0 +1,62 @@
+import { getIp } from "../../utils/get-request-ip.mjs";
+import { middlewareResponse } from "../../utils/middleware-response.mjs";
+import { Providers, defaultEndpoints, siteVerifyMap } from "./constants.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "./error-codes.mjs";
+import { captchaFox } from "./verify-handlers/captchafox.mjs";
+import { cloudflareTurnstile } from "./verify-handlers/cloudflare-turnstile.mjs";
+import { googleRecaptcha } from "./verify-handlers/google-recaptcha.mjs";
+import { hCaptcha } from "./verify-handlers/h-captcha.mjs";
+import "./verify-handlers/index.mjs";
+
+//#region src/plugins/captcha/index.ts
+const captcha = (options) => ({
+	id: "captcha",
+	onRequest: async (request, ctx) => {
+		try {
+			if (!(options.endpoints?.length ? options.endpoints : defaultEndpoints).some((endpoint) => request.url.includes(endpoint))) return void 0;
+			if (!options.secretKey) throw new Error(INTERNAL_ERROR_CODES.MISSING_SECRET_KEY.message);
+			const captchaResponse = request.headers.get("x-captcha-response");
+			const remoteUserIP = getIp(request, ctx.options) ?? void 0;
+			if (!captchaResponse) return middlewareResponse({
+				message: EXTERNAL_ERROR_CODES.MISSING_RESPONSE.message,
+				code: EXTERNAL_ERROR_CODES.MISSING_RESPONSE.code,
+				status: 400
+			});
+			const handlerParams = {
+				siteVerifyURL: options.siteVerifyURLOverride || siteVerifyMap[options.provider],
+				captchaResponse,
+				secretKey: options.secretKey,
+				remoteIP: remoteUserIP
+			};
+			if (options.provider === Providers.CLOUDFLARE_TURNSTILE) return await cloudflareTurnstile(handlerParams);
+			if (options.provider === Providers.GOOGLE_RECAPTCHA) return await googleRecaptcha({
+				...handlerParams,
+				minScore: options.minScore
+			});
+			if (options.provider === Providers.HCAPTCHA) return await hCaptcha({
+				...handlerParams,
+				siteKey: options.siteKey
+			});
+			if (options.provider === Providers.CAPTCHAFOX) return await captchaFox({
+				...handlerParams,
+				siteKey: options.siteKey
+			});
+		} catch (_error) {
+			const errorMessage = _error instanceof Error ? _error.message : void 0;
+			ctx.logger.error(errorMessage ?? "Unknown error", {
+				endpoint: request.url,
+				message: _error
+			});
+			return middlewareResponse({
+				message: EXTERNAL_ERROR_CODES.UNKNOWN_ERROR.message,
+				code: EXTERNAL_ERROR_CODES.UNKNOWN_ERROR.code,
+				status: 500
+			});
+		}
+	},
+	options
+});
+
+//#endregion
+export { captcha };
+//# sourceMappingURL=index.mjs.map

package/dist/plugins/captcha/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["verifyHandlers.cloudflareTurnstile","verifyHandlers.googleRecaptcha","verifyHandlers.hCaptcha","verifyHandlers.captchaFox"],"sources":["../../../src/plugins/captcha/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport { getIp } from \"../../utils/get-request-ip\";\nimport { middlewareResponse } from \"../../utils/middleware-response\";\nimport { defaultEndpoints, Providers, siteVerifyMap } from \"./constants\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"./error-codes\";\nimport type { CaptchaOptions } from \"./types\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\tcaptcha: {\n\t\t\tcreator: typeof captcha;\n\t\t};\n\t}\n}\n\nimport * as verifyHandlers from \"./verify-handlers\";\n\nexport type * from \"./types\";\n\nexport const captcha = (options: CaptchaOptions) =>\n\t({\n\t\tid: \"captcha\",\n\t\tonRequest: async (request, ctx) => {\n\t\t\ttry {\n\t\t\t\tconst endpoints = options.endpoints?.length\n\t\t\t\t\t? options.endpoints\n\t\t\t\t\t: defaultEndpoints;\n\n\t\t\t\tif (!endpoints.some((endpoint) => request.url.includes(endpoint)))\n\t\t\t\t\treturn undefined;\n\n\t\t\t\tif (!options.secretKey) {\n\t\t\t\t\tthrow new Error(INTERNAL_ERROR_CODES.MISSING_SECRET_KEY.message);\n\t\t\t\t}\n\n\t\t\t\tconst captchaResponse = request.headers.get(\"x-captcha-response\");\n\t\t\t\tconst remoteUserIP = getIp(request, ctx.options) ?? undefined;\n\n\t\t\t\tif (!captchaResponse) {\n\t\t\t\t\treturn middlewareResponse({\n\t\t\t\t\t\tmessage: EXTERNAL_ERROR_CODES.MISSING_RESPONSE.message,\n\t\t\t\t\t\tcode: EXTERNAL_ERROR_CODES.MISSING_RESPONSE.code,\n\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tconst siteVerifyURL =\n\t\t\t\t\toptions.siteVerifyURLOverride || siteVerifyMap[options.provider];\n\n\t\t\t\tconst handlerParams = {\n\t\t\t\t\tsiteVerifyURL,\n\t\t\t\t\tcaptchaResponse,\n\t\t\t\t\tsecretKey: options.secretKey,\n\t\t\t\t\tremoteIP: remoteUserIP,\n\t\t\t\t};\n\n\t\t\t\tif (options.provider === Providers.CLOUDFLARE_TURNSTILE) {\n\t\t\t\t\treturn await verifyHandlers.cloudflareTurnstile(handlerParams);\n\t\t\t\t}\n\n\t\t\t\tif (options.provider === Providers.GOOGLE_RECAPTCHA) {\n\t\t\t\t\treturn await verifyHandlers.googleRecaptcha({\n\t\t\t\t\t\t...handlerParams,\n\t\t\t\t\t\tminScore: options.minScore,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tif (options.provider === Providers.HCAPTCHA) {\n\t\t\t\t\treturn await verifyHandlers.hCaptcha({\n\t\t\t\t\t\t...handlerParams,\n\t\t\t\t\t\tsiteKey: options.siteKey,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\tif (options.provider === Providers.CAPTCHAFOX) {\n\t\t\t\t\treturn await verifyHandlers.captchaFox({\n\t\t\t\t\t\t...handlerParams,\n\t\t\t\t\t\tsiteKey: options.siteKey,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t} catch (_error) {\n\t\t\t\tconst errorMessage =\n\t\t\t\t\t_error instanceof Error ? _error.message : undefined;\n\n\t\t\t\tctx.logger.error(errorMessage ?? \"Unknown error\", {\n\t\t\t\t\tendpoint: request.url,\n\t\t\t\t\tmessage: _error,\n\t\t\t\t});\n\n\t\t\t\treturn middlewareResponse({\n\t\t\t\t\tmessage: EXTERNAL_ERROR_CODES.UNKNOWN_ERROR.message,\n\t\t\t\t\tcode: EXTERNAL_ERROR_CODES.UNKNOWN_ERROR.code,\n\t\t\t\t\tstatus: 500,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t\toptions,\n\t}) satisfies BetterAuthPlugin;\n"],"mappings":";;;;;;;;;;;AAmBA,MAAa,WAAW,aACtB;CACA,IAAI;CACJ,WAAW,OAAO,SAAS,QAAQ;AAClC,MAAI;AAKH,OAAI,EAJc,QAAQ,WAAW,SAClC,QAAQ,YACR,kBAEY,MAAM,aAAa,QAAQ,IAAI,SAAS,SAAS,CAAC,CAChE,QAAO;AAER,OAAI,CAAC,QAAQ,UACZ,OAAM,IAAI,MAAM,qBAAqB,mBAAmB,QAAQ;GAGjE,MAAM,kBAAkB,QAAQ,QAAQ,IAAI,qBAAqB;GACjE,MAAM,eAAe,MAAM,SAAS,IAAI,QAAQ,IAAI;AAEpD,OAAI,CAAC,gBACJ,QAAO,mBAAmB;IACzB,SAAS,qBAAqB,iBAAiB;IAC/C,MAAM,qBAAqB,iBAAiB;IAC5C,QAAQ;IACR,CAAC;GAMH,MAAM,gBAAgB;IACrB,eAHA,QAAQ,yBAAyB,cAAc,QAAQ;IAIvD;IACA,WAAW,QAAQ;IACnB,UAAU;IACV;AAED,OAAI,QAAQ,aAAa,UAAU,qBAClC,QAAO,MAAMA,oBAAmC,cAAc;AAG/D,OAAI,QAAQ,aAAa,UAAU,iBAClC,QAAO,MAAMC,gBAA+B;IAC3C,GAAG;IACH,UAAU,QAAQ;IAClB,CAAC;AAGH,OAAI,QAAQ,aAAa,UAAU,SAClC,QAAO,MAAMC,SAAwB;IACpC,GAAG;IACH,SAAS,QAAQ;IACjB,CAAC;AAGH,OAAI,QAAQ,aAAa,UAAU,WAClC,QAAO,MAAMC,WAA0B;IACtC,GAAG;IACH,SAAS,QAAQ;IACjB,CAAC;WAEK,QAAQ;GAChB,MAAM,eACL,kBAAkB,QAAQ,OAAO,UAAU;AAE5C,OAAI,OAAO,MAAM,gBAAgB,iBAAiB;IACjD,UAAU,QAAQ;IAClB,SAAS;IACT,CAAC;AAEF,UAAO,mBAAmB;IACzB,SAAS,qBAAqB,cAAc;IAC5C,MAAM,qBAAqB,cAAc;IACzC,QAAQ;IACR,CAAC;;;CAGJ;CACA"}

package/dist/plugins/captcha/types.d.mts

@@ -0,0 +1,28 @@
+import { Providers } from "./constants.mjs";
+
+//#region src/plugins/captcha/types.d.ts
+type Provider = (typeof Providers)[keyof typeof Providers];
+interface BaseCaptchaOptions {
+  secretKey: string;
+  endpoints?: string[] | undefined;
+  siteVerifyURLOverride?: string | undefined;
+}
+interface GoogleRecaptchaOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.GOOGLE_RECAPTCHA;
+  minScore?: number | undefined;
+}
+interface CloudflareTurnstileOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.CLOUDFLARE_TURNSTILE;
+}
+interface HCaptchaOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.HCAPTCHA;
+  siteKey?: string | undefined;
+}
+interface CaptchaFoxOptions extends BaseCaptchaOptions {
+  provider: typeof Providers.CAPTCHAFOX;
+  siteKey?: string | undefined;
+}
+type CaptchaOptions = GoogleRecaptchaOptions | CloudflareTurnstileOptions | HCaptchaOptions | CaptchaFoxOptions;
+//#endregion
+export { BaseCaptchaOptions, CaptchaFoxOptions, CaptchaOptions, CloudflareTurnstileOptions, GoogleRecaptchaOptions, HCaptchaOptions, Provider };
+//# sourceMappingURL=types.d.mts.map

package/dist/plugins/captcha/utils.mjs

@@ -0,0 +1,11 @@
+//#region src/plugins/captcha/utils.ts
+const encodeToURLParams = (obj) => {
+	if (typeof obj !== "object" || obj === null || Array.isArray(obj)) throw new Error("Input must be a non-null object.");
+	const params = new URLSearchParams();
+	for (const [key, value] of Object.entries(obj)) if (value !== void 0 && value !== null) params.append(key, String(value));
+	return params.toString();
+};
+
+//#endregion
+export { encodeToURLParams };
+//# sourceMappingURL=utils.mjs.map

package/dist/plugins/captcha/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.mjs","names":[],"sources":["../../../src/plugins/captcha/utils.ts"],"sourcesContent":["export const encodeToURLParams = (obj: Record<string, any>): string => {\n\tif (typeof obj !== \"object\" || obj === null || Array.isArray(obj)) {\n\t\tthrow new Error(\"Input must be a non-null object.\");\n\t}\n\n\tconst params = new URLSearchParams();\n\n\tfor (const [key, value] of Object.entries(obj)) {\n\t\tif (value !== undefined && value !== null) {\n\t\t\tparams.append(key, String(value));\n\t\t}\n\t}\n\n\treturn params.toString();\n};\n"],"mappings":";AAAA,MAAa,qBAAqB,QAAqC;AACtE,KAAI,OAAO,QAAQ,YAAY,QAAQ,QAAQ,MAAM,QAAQ,IAAI,CAChE,OAAM,IAAI,MAAM,mCAAmC;CAGpD,MAAM,SAAS,IAAI,iBAAiB;AAEpC,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,IAAI,CAC7C,KAAI,UAAU,UAAa,UAAU,KACpC,QAAO,OAAO,KAAK,OAAO,MAAM,CAAC;AAInC,QAAO,OAAO,UAAU"}

package/dist/plugins/captcha/verify-handlers/captchafox.mjs

@@ -0,0 +1,28 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { encodeToURLParams } from "../utils.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/captchafox.ts
+const captchaFox = async ({ siteVerifyURL, captchaResponse, secretKey, siteKey, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: encodeToURLParams({
+			secret: secretKey,
+			response: captchaResponse,
+			...siteKey && { sitekey: siteKey },
+			...remoteIP && { remoteIp: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		code: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,
+		status: 403
+	});
+};
+
+//#endregion
+export { captchaFox };
+//# sourceMappingURL=captchafox.mjs.map

package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"captchafox.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/captchafox.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\nimport { encodeToURLParams } from \"../utils\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tsiteKey?: string | undefined;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\tchallenge_ts: number;\n\thostname: string;\n\t\"error-codes\":\n\t\t| Array<\n\t\t\t\t| \"missing-input-secret\"\n\t\t\t\t| \"invalid-input-secret\"\n\t\t\t\t| \"invalid-input-sitekey\"\n\t\t\t\t| \"missing-input-response\"\n\t\t\t\t| \"invalid-input-response\"\n\t\t\t\t| \"expired-input-response\"\n\t\t\t\t| \"timeout-or-duplicate\"\n\t\t\t\t| \"bad-request\"\n\t\t  >\n\t\t| undefined;\n\tinsights: Record<string, unknown> | undefined; // ENTERPRISE feature: insights into verification.\n};\n\nexport const captchaFox = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tsiteKey,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse>(siteVerifyURL, {\n\t\tmethod: \"POST\",\n\t\theaders: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n\t\tbody: encodeToURLParams({\n\t\t\tsecret: secretKey,\n\t\t\tresponse: captchaResponse,\n\t\t\t...(siteKey && { sitekey: siteKey }),\n\t\t\t...(remoteIP && { remoteIp: remoteIP }),\n\t\t}),\n\t});\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (!response.data.success) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tcode: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;;AAgCA,MAAa,aAAa,OAAO,EAChC,eACA,iBACA,WACA,SACA,eACa;CACb,MAAM,WAAW,MAAM,YAAgC,eAAe;EACrE,QAAQ;EACR,SAAS,EAAE,gBAAgB,qCAAqC;EAChE,MAAM,kBAAkB;GACvB,QAAQ;GACR,UAAU;GACV,GAAI,WAAW,EAAE,SAAS,SAAS;GACnC,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CAAC;AAEF,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KAAI,CAAC,SAAS,KAAK,QAClB,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,MAAM,qBAAqB,oBAAoB;EAC/C,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs

@@ -0,0 +1,26 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/cloudflare-turnstile.ts
+const cloudflareTurnstile = async ({ siteVerifyURL, captchaResponse, secretKey, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({
+			secret: secretKey,
+			response: captchaResponse,
+			...remoteIP && { remoteip: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		code: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,
+		status: 403
+	});
+};
+
+//#endregion
+export { cloudflareTurnstile };
+//# sourceMappingURL=cloudflare-turnstile.mjs.map

package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloudflare-turnstile.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/cloudflare-turnstile.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\t\"error-codes\"?: string[] | undefined;\n\tchallenge_ts?: string | undefined;\n\thostname?: string | undefined;\n\taction?: string | undefined;\n\tcdata?: string | undefined;\n\tmetadata?:\n\t\t| {\n\t\t\t\tinteractive: boolean;\n\t\t  }\n\t\t| undefined;\n\tmessages?: string[] | undefined;\n};\n\nexport const cloudflareTurnstile = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse>(siteVerifyURL, {\n\t\tmethod: \"POST\",\n\t\theaders: { \"Content-Type\": \"application/json\" },\n\t\tbody: JSON.stringify({\n\t\t\tsecret: secretKey,\n\t\t\tresponse: captchaResponse,\n\t\t\t...(remoteIP && { remoteip: remoteIP }),\n\t\t}),\n\t});\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (!response.data.success) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tcode: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;AA0BA,MAAa,sBAAsB,OAAO,EACzC,eACA,iBACA,WACA,eACa;CACb,MAAM,WAAW,MAAM,YAAgC,eAAe;EACrE,QAAQ;EACR,SAAS,EAAE,gBAAgB,oBAAoB;EAC/C,MAAM,KAAK,UAAU;GACpB,QAAQ;GACR,UAAU;GACV,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CAAC;AAEF,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KAAI,CAAC,SAAS,KAAK,QAClB,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,MAAM,qBAAqB,oBAAoB;EAC/C,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs

@@ -0,0 +1,30 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { encodeToURLParams } from "../utils.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/google-recaptcha.ts
+const isV3 = (response) => {
+	return "score" in response && typeof response.score === "number";
+};
+const googleRecaptcha = async ({ siteVerifyURL, captchaResponse, secretKey, minScore = .5, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: encodeToURLParams({
+			secret: secretKey,
+			response: captchaResponse,
+			...remoteIP && { remoteip: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success || isV3(response.data) && response.data.score < minScore) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		code: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,
+		status: 403
+	});
+};
+
+//#endregion
+export { googleRecaptcha };
+//# sourceMappingURL=google-recaptcha.mjs.map

package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-recaptcha.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/google-recaptcha.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\nimport { encodeToURLParams } from \"../utils\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tminScore?: number | undefined;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\tchallenge_ts: string;\n\thostname: string;\n\t\"error-codes\":\n\t\t| Array<\n\t\t\t\t| \"missing-input-secret\"\n\t\t\t\t| \"invalid-input-secret\"\n\t\t\t\t| \"missing-input-response\"\n\t\t\t\t| \"invalid-input-response\"\n\t\t\t\t| \"bad-request\"\n\t\t\t\t| \"timeout-or-duplicate\"\n\t\t  >\n\t\t| undefined;\n};\n\ntype SiteVerifyV3Response = SiteVerifyResponse & {\n\tscore: number;\n};\n\nconst isV3 = (\n\tresponse: SiteVerifyResponse | SiteVerifyV3Response,\n): response is SiteVerifyV3Response => {\n\treturn \"score\" in response && typeof response.score === \"number\";\n};\n\nexport const googleRecaptcha = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tminScore = 0.5,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse | SiteVerifyV3Response>(\n\t\tsiteVerifyURL,\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\theaders: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n\t\t\tbody: encodeToURLParams({\n\t\t\t\tsecret: secretKey,\n\t\t\t\tresponse: captchaResponse,\n\t\t\t\t...(remoteIP && { remoteip: remoteIP }),\n\t\t\t}),\n\t\t},\n\t);\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (\n\t\t!response.data.success ||\n\t\t(isV3(response.data) && response.data.score < minScore)\n\t) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tcode: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;;AAiCA,MAAM,QACL,aACsC;AACtC,QAAO,WAAW,YAAY,OAAO,SAAS,UAAU;;AAGzD,MAAa,kBAAkB,OAAO,EACrC,eACA,iBACA,WACA,WAAW,IACX,eACa;CACb,MAAM,WAAW,MAAM,YACtB,eACA;EACC,QAAQ;EACR,SAAS,EAAE,gBAAgB,qCAAqC;EAChE,MAAM,kBAAkB;GACvB,QAAQ;GACR,UAAU;GACV,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CACD;AAED,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KACC,CAAC,SAAS,KAAK,WACd,KAAK,SAAS,KAAK,IAAI,SAAS,KAAK,QAAQ,SAE9C,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,MAAM,qBAAqB,oBAAoB;EAC/C,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/h-captcha.mjs

@@ -0,0 +1,28 @@
+import { middlewareResponse } from "../../../utils/middleware-response.mjs";
+import { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from "../error-codes.mjs";
+import { encodeToURLParams } from "../utils.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/plugins/captcha/verify-handlers/h-captcha.ts
+const hCaptcha = async ({ siteVerifyURL, captchaResponse, secretKey, siteKey, remoteIP }) => {
+	const response = await betterFetch(siteVerifyURL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: encodeToURLParams({
+			secret: secretKey,
+			response: captchaResponse,
+			...siteKey && { sitekey: siteKey },
+			...remoteIP && { remoteip: remoteIP }
+		})
+	});
+	if (!response.data || response.error) throw new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);
+	if (!response.data.success) return middlewareResponse({
+		message: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,
+		code: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,
+		status: 403
+	});
+};
+
+//#endregion
+export { hCaptcha };
+//# sourceMappingURL=h-captcha.mjs.map

package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"h-captcha.mjs","names":[],"sources":["../../../../src/plugins/captcha/verify-handlers/h-captcha.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport { middlewareResponse } from \"../../../utils/middleware-response\";\nimport { EXTERNAL_ERROR_CODES, INTERNAL_ERROR_CODES } from \"../error-codes\";\nimport { encodeToURLParams } from \"../utils\";\n\ntype Params = {\n\tsiteVerifyURL: string;\n\tsecretKey: string;\n\tcaptchaResponse: string;\n\tsiteKey?: string | undefined;\n\tremoteIP?: string | undefined;\n};\n\ntype SiteVerifyResponse = {\n\tsuccess: boolean;\n\tchallenge_ts: number;\n\thostname: string;\n\tcredit: true | false | undefined;\n\t\"error-codes\":\n\t\t| Array<\n\t\t\t\t| \"missing-input-secret\"\n\t\t\t\t| \"invalid-input-secret\"\n\t\t\t\t| \"missing-input-response\"\n\t\t\t\t| \"invalid-input-response\"\n\t\t\t\t| \"expired-input-response\"\n\t\t\t\t| \"already-seen-response\"\n\t\t\t\t| \"bad-request\"\n\t\t\t\t| \"missing-remoteip\"\n\t\t\t\t| \"invalid-remoteip\"\n\t\t\t\t| \"not-using-dummy-passcode\"\n\t\t\t\t| \"sitekey-secret-mismatch\"\n\t\t  >\n\t\t| undefined;\n\tscore: number | undefined; // ENTERPRISE feature: a score denoting malicious activity.\n\tscore_reason: Array<unknown> | undefined; // ENTERPRISE feature: reason(s) for score.\n};\n\nexport const hCaptcha = async ({\n\tsiteVerifyURL,\n\tcaptchaResponse,\n\tsecretKey,\n\tsiteKey,\n\tremoteIP,\n}: Params) => {\n\tconst response = await betterFetch<SiteVerifyResponse>(siteVerifyURL, {\n\t\tmethod: \"POST\",\n\t\theaders: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n\t\tbody: encodeToURLParams({\n\t\t\tsecret: secretKey,\n\t\t\tresponse: captchaResponse,\n\t\t\t...(siteKey && { sitekey: siteKey }),\n\t\t\t...(remoteIP && { remoteip: remoteIP }),\n\t\t}),\n\t});\n\n\tif (!response.data || response.error) {\n\t\tthrow new Error(INTERNAL_ERROR_CODES.SERVICE_UNAVAILABLE.message);\n\t}\n\n\tif (!response.data.success) {\n\t\treturn middlewareResponse({\n\t\t\tmessage: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.message,\n\t\t\tcode: EXTERNAL_ERROR_CODES.VERIFICATION_FAILED.code,\n\t\t\tstatus: 403,\n\t\t});\n\t}\n\n\treturn undefined;\n};\n"],"mappings":";;;;;;AAqCA,MAAa,WAAW,OAAO,EAC9B,eACA,iBACA,WACA,SACA,eACa;CACb,MAAM,WAAW,MAAM,YAAgC,eAAe;EACrE,QAAQ;EACR,SAAS,EAAE,gBAAgB,qCAAqC;EAChE,MAAM,kBAAkB;GACvB,QAAQ;GACR,UAAU;GACV,GAAI,WAAW,EAAE,SAAS,SAAS;GACnC,GAAI,YAAY,EAAE,UAAU,UAAU;GACtC,CAAC;EACF,CAAC;AAEF,KAAI,CAAC,SAAS,QAAQ,SAAS,MAC9B,OAAM,IAAI,MAAM,qBAAqB,oBAAoB,QAAQ;AAGlE,KAAI,CAAC,SAAS,KAAK,QAClB,QAAO,mBAAmB;EACzB,SAAS,qBAAqB,oBAAoB;EAClD,MAAM,qBAAqB,oBAAoB;EAC/C,QAAQ;EACR,CAAC"}

package/dist/plugins/captcha/verify-handlers/index.mjs

@@ -0,0 +1,6 @@
+import { captchaFox } from "./captchafox.mjs";
+import { cloudflareTurnstile } from "./cloudflare-turnstile.mjs";
+import { googleRecaptcha } from "./google-recaptcha.mjs";
+import { hCaptcha } from "./h-captcha.mjs";
+
+export {  };

package/dist/plugins/custom-session/client.d.mts

@@ -0,0 +1,17 @@
+import { BetterAuthOptions } from "../../types/index.mjs";
+import { Auth } from "better-auth";
+
+//#region src/plugins/custom-session/client.d.ts
+declare const customSessionClient: <A extends Auth | {
+  options: BetterAuthOptions;
+}>() => {
+  id: "infer-server-plugin";
+  $InferServerPlugin: (A extends {
+    options: infer O;
+  } ? O : A)["plugins"] extends (infer P)[] ? P extends {
+    id: "custom-session";
+  } ? P : never : never;
+};
+//#endregion
+export { customSessionClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/plugins/custom-session/client.mjs

@@ -0,0 +1,11 @@
+import { InferServerPlugin } from "../../client/plugins/infer-plugin.mjs";
+import "../../client/plugins/index.mjs";
+
+//#region src/plugins/custom-session/client.ts
+const customSessionClient = () => {
+	return InferServerPlugin();
+};
+
+//#endregion
+export { customSessionClient };
+//# sourceMappingURL=client.mjs.map

package/dist/plugins/custom-session/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/custom-session/client.ts"],"sourcesContent":["import type { Auth } from \"better-auth\";\nimport { InferServerPlugin } from \"../../client/plugins\";\nimport type { BetterAuthOptions } from \"../../types\";\n\nexport const customSessionClient = <\n\tA extends\n\t\t| Auth\n\t\t| {\n\t\t\t\toptions: BetterAuthOptions;\n\t\t  },\n>() => {\n\treturn InferServerPlugin<A, \"custom-session\">();\n};\n"],"mappings":";;;;AAIA,MAAa,4BAMN;AACN,QAAO,mBAAwC"}

package/dist/plugins/custom-session/index.d.mts

@@ -0,0 +1,72 @@
+import * as _better_auth_core0 from "@better-auth/core";
+import { BetterAuthOptions, GenericEndpointContext } from "@better-auth/core";
+import { Session, User } from "@better-auth/core/db";
+import * as better_call0 from "better-call";
+import * as z from "zod";
+
+//#region src/plugins/custom-session/index.d.ts
+declare module "@better-auth/core" {
+  interface BetterAuthPluginRegistry<AuthOptions, Options> {
+    "custom-session": {
+      creator: typeof customSession;
+    };
+  }
+}
+type CustomSessionPluginOptions = {
+  /**
+   * This option is used to determine if the list-device-sessions endpoint should be mutated to the custom session data.
+   * @default false
+   */
+  shouldMutateListDeviceSessionsEndpoint?: boolean | undefined;
+};
+declare const customSession: <Returns extends Record<string, any>, O extends BetterAuthOptions = BetterAuthOptions>(fn: (session: {
+  user: User<O["user"], O["plugins"]>;
+  session: Session<O["session"], O["plugins"]>;
+}, ctx: GenericEndpointContext) => Promise<Returns>, options?: O | undefined, pluginOptions?: CustomSessionPluginOptions | undefined) => {
+  id: "custom-session";
+  hooks: {
+    after: {
+      matcher: (ctx: _better_auth_core0.HookEndpointContext) => boolean;
+      handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<Awaited<Returns>[] | undefined>;
+    }[];
+  };
+  endpoints: {
+    getSession: better_call0.StrictEndpoint<"/get-session", {
+      method: "GET";
+      query: z.ZodOptional<z.ZodObject<{
+        disableCookieCache: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodPipe<z.ZodString, z.ZodTransform<boolean, string>>]>>;
+        disableRefresh: z.ZodOptional<z.ZodBoolean>;
+      }, z.core.$strip>>;
+      metadata: {
+        CUSTOM_SESSION: boolean;
+        openapi: {
+          description: string;
+          responses: {
+            "200": {
+              description: string;
+              content: {
+                "application/json": {
+                  schema: {
+                    type: "array";
+                    nullable: boolean;
+                    items: {
+                      $ref: string;
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+      requireHeaders: true;
+    }, Returns | null>;
+  };
+  $Infer: {
+    Session: Awaited<ReturnType<typeof fn>>;
+  };
+  options: CustomSessionPluginOptions | undefined;
+};
+//#endregion
+export { CustomSessionPluginOptions, customSession };
+//# sourceMappingURL=index.d.mts.map