@sirketio/auth 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_virtual/_rolldown/runtime.mjs +36 -0
- package/dist/adapter/index.d.mts +4 -0
- package/dist/adapter/index.mjs +7 -0
- package/dist/api/index.d.mts +3872 -0
- package/dist/api/index.mjs +206 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +18 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +204 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +410 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +31 -0
- package/dist/api/routes/callback.mjs +179 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +161 -0
- package/dist/api/routes/email-verification.mjs +299 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +28 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +36 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +182 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +415 -0
- package/dist/api/routes/session.mjs +483 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +171 -0
- package/dist/api/routes/sign-in.mjs +263 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +36 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +160 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +445 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +18 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +45 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +33 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +65 -0
- package/dist/client/plugins/index.d.mts +53 -0
- package/dist/client/plugins/index.mjs +30 -0
- package/dist/client/plugins/infer-plugin.d.mts +16 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +128 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/types.d.mts +41 -0
- package/dist/client/vanilla.d.mts +127 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +83 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init.mjs +20 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +121 -0
- package/dist/cookies/index.mjs +261 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +19 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +42 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +18 -0
- package/dist/db/index.mjs +34 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +49 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +53 -0
- package/dist/index.mjs +27 -0
- package/dist/integrations/next-js.d.mts +29 -0
- package/dist/integrations/next-js.mjs +85 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +48 -0
- package/dist/oauth2/link-account.mjs +143 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +96 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +911 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +76 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +29 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +841 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +40 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +46 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +33 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +1251 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +199 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +45 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +21 -0
- package/dist/plugins/captcha/index.mjs +62 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +17 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +72 -0
- package/dist/plugins/custom-session/index.mjs +78 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +17 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +424 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +21 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +11 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +428 -0
- package/dist/plugins/email-otp/index.mjs +130 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +631 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +86 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +33 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +201 -0
- package/dist/plugins/generic-oauth/index.mjs +145 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +411 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +159 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
- package/dist/plugins/haveibeenpwned/index.mjs +57 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +65 -0
- package/dist/plugins/index.mjs +48 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +40 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +224 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +26 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +38 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +118 -0
- package/dist/plugins/last-login-method/index.mjs +76 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +10 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +193 -0
- package/dist/plugins/magic-link/index.mjs +177 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +458 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +19 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +9 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +235 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +97 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +51 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +12 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +702 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +160 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +174 -0
- package/dist/plugins/one-tap/client.mjs +188 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +83 -0
- package/dist/plugins/one-tap/index.mjs +95 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +10 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +133 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +97 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +792 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +372 -0
- package/dist/plugins/organization/client.mjs +95 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +65 -0
- package/dist/plugins/organization/error-codes.mjs +66 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +394 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +17 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
- package/dist/plugins/organization/routes/crud-members.mjs +466 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
- package/dist/plugins/organization/routes/crud-org.mjs +423 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +677 -0
- package/dist/plugins/phone-number/client.d.mts +31 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +20 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +318 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +472 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +23 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +55 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +17 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +670 -0
- package/dist/plugins/two-factor/index.mjs +228 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +216 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +41 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +210 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +73 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +26 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +16 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +251 -0
- package/dist/plugins/username/index.mjs +234 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +33 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/providers/index.d.mts +1 -0
- package/dist/providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/types/adapter.d.mts +2 -0
- package/dist/types/api.d.mts +29 -0
- package/dist/types/auth.d.mts +29 -0
- package/dist/types/helper.d.mts +10 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +11 -0
- package/dist/types/plugins.d.mts +20 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +4 -0
- package/dist/utils/index.mjs +6 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +9 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.d.mts +8 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +428 -0
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { symmetricEncrypt } from "../../crypto/index.mjs";
|
|
2
|
+
import { sec } from "../../utils/time.mjs";
|
|
3
|
+
import { getJwksAdapter } from "./adapter.mjs";
|
|
4
|
+
import { exportJWK, generateKeyPair } from "jose";
|
|
5
|
+
|
|
6
|
+
//#region src/plugins/jwt/utils.ts
|
|
7
|
+
/**
|
|
8
|
+
* Converts an expirationTime to ISO seconds expiration time (the format of JWT exp)
|
|
9
|
+
*
|
|
10
|
+
* See https://github.com/panva/jose/blob/main/src/lib/jwt_claims_set.ts#L245
|
|
11
|
+
*
|
|
12
|
+
* @param expirationTime - see options.jwt.expirationTime
|
|
13
|
+
* @param iat - the iat time to consolidate on
|
|
14
|
+
* @returns
|
|
15
|
+
*/
|
|
16
|
+
function toExpJWT(expirationTime, iat) {
|
|
17
|
+
if (typeof expirationTime === "number") return expirationTime;
|
|
18
|
+
else if (expirationTime instanceof Date) return Math.floor(expirationTime.getTime() / 1e3);
|
|
19
|
+
else return iat + sec(expirationTime);
|
|
20
|
+
}
|
|
21
|
+
async function generateExportedKeyPair(options) {
|
|
22
|
+
const { alg, ...cfg } = options?.jwks?.keyPairConfig ?? {
|
|
23
|
+
alg: "EdDSA",
|
|
24
|
+
crv: "Ed25519"
|
|
25
|
+
};
|
|
26
|
+
const { publicKey, privateKey } = await generateKeyPair(alg, {
|
|
27
|
+
...cfg,
|
|
28
|
+
extractable: true
|
|
29
|
+
});
|
|
30
|
+
return {
|
|
31
|
+
publicWebKey: await exportJWK(publicKey),
|
|
32
|
+
privateWebKey: await exportJWK(privateKey),
|
|
33
|
+
alg,
|
|
34
|
+
cfg
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Creates a Jwk on the database
|
|
39
|
+
*
|
|
40
|
+
* @param ctx
|
|
41
|
+
* @param options
|
|
42
|
+
* @returns
|
|
43
|
+
*/
|
|
44
|
+
async function createJwk(ctx, options) {
|
|
45
|
+
const { publicWebKey, privateWebKey, alg, cfg } = await generateExportedKeyPair(options);
|
|
46
|
+
const stringifiedPrivateWebKey = JSON.stringify(privateWebKey);
|
|
47
|
+
const privateKeyEncryptionEnabled = !options?.jwks?.disablePrivateKeyEncryption;
|
|
48
|
+
const jwk = {
|
|
49
|
+
alg,
|
|
50
|
+
...cfg && "crv" in cfg ? { crv: cfg.crv } : {},
|
|
51
|
+
publicKey: JSON.stringify(publicWebKey),
|
|
52
|
+
privateKey: privateKeyEncryptionEnabled ? JSON.stringify(await symmetricEncrypt({
|
|
53
|
+
key: ctx.context.secret,
|
|
54
|
+
data: stringifiedPrivateWebKey
|
|
55
|
+
})) : stringifiedPrivateWebKey,
|
|
56
|
+
createdAt: /* @__PURE__ */ new Date(),
|
|
57
|
+
...options?.jwks?.rotationInterval ? { expiresAt: new Date(Date.now() + options.jwks.rotationInterval * 1e3) } : {}
|
|
58
|
+
};
|
|
59
|
+
return await getJwksAdapter(ctx.context.adapter, options).createJwk(ctx, jwk);
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
//#endregion
|
|
63
|
+
export { createJwk, generateExportedKeyPair, toExpJWT };
|
|
64
|
+
//# sourceMappingURL=utils.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.mjs","names":[],"sources":["../../../src/plugins/jwt/utils.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { exportJWK, generateKeyPair } from \"jose\";\nimport { symmetricEncrypt } from \"../../crypto\";\nimport type { TimeString } from \"../../utils/time\";\nimport { sec } from \"../../utils/time\";\nimport { getJwksAdapter } from \"./adapter\";\nimport type { Jwk, JwtOptions } from \"./types\";\n\n/**\n * Converts an expirationTime to ISO seconds expiration time (the format of JWT exp)\n *\n * See https://github.com/panva/jose/blob/main/src/lib/jwt_claims_set.ts#L245\n *\n * @param expirationTime - see options.jwt.expirationTime\n * @param iat - the iat time to consolidate on\n * @returns\n */\nexport function toExpJWT(\n\texpirationTime: number | Date | string,\n\tiat: number,\n): number {\n\tif (typeof expirationTime === \"number\") {\n\t\treturn expirationTime;\n\t} else if (expirationTime instanceof Date) {\n\t\treturn Math.floor(expirationTime.getTime() / 1000);\n\t} else {\n\t\treturn iat + sec(expirationTime as TimeString);\n\t}\n}\n\nexport async function generateExportedKeyPair(\n\toptions?: JwtOptions | undefined,\n) {\n\tconst { alg, ...cfg } = options?.jwks?.keyPairConfig ?? {\n\t\talg: \"EdDSA\",\n\t\tcrv: \"Ed25519\",\n\t};\n\tconst { publicKey, privateKey } = await generateKeyPair(alg, {\n\t\t...cfg,\n\t\textractable: true,\n\t});\n\n\tconst publicWebKey = await exportJWK(publicKey);\n\tconst privateWebKey = await exportJWK(privateKey);\n\n\treturn { publicWebKey, privateWebKey, alg, cfg };\n}\n\n/**\n * Creates a Jwk on the database\n *\n * @param ctx\n * @param options\n * @returns\n */\nexport async function createJwk(\n\tctx: GenericEndpointContext,\n\toptions?: JwtOptions | undefined,\n) {\n\tconst { publicWebKey, privateWebKey, alg, cfg } =\n\t\tawait generateExportedKeyPair(options);\n\n\tconst stringifiedPrivateWebKey = JSON.stringify(privateWebKey);\n\tconst privateKeyEncryptionEnabled =\n\t\t!options?.jwks?.disablePrivateKeyEncryption;\n\tconst jwk: Omit<Jwk, \"id\"> = {\n\t\talg,\n\t\t...(cfg && \"crv\" in cfg\n\t\t\t? {\n\t\t\t\t\tcrv: (cfg as { crv: (typeof jwk)[\"crv\"] }).crv,\n\t\t\t\t}\n\t\t\t: {}),\n\t\tpublicKey: JSON.stringify(publicWebKey),\n\t\tprivateKey: privateKeyEncryptionEnabled\n\t\t\t? JSON.stringify(\n\t\t\t\t\tawait symmetricEncrypt({\n\t\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\t\tdata: stringifiedPrivateWebKey,\n\t\t\t\t\t}),\n\t\t\t\t)\n\t\t\t: stringifiedPrivateWebKey,\n\t\tcreatedAt: new Date(),\n\t\t...(options?.jwks?.rotationInterval\n\t\t\t? {\n\t\t\t\t\texpiresAt: new Date(\n\t\t\t\t\t\tDate.now() + options.jwks.rotationInterval * 1000,\n\t\t\t\t\t),\n\t\t\t\t}\n\t\t\t: {}),\n\t};\n\n\tconst adapter = getJwksAdapter(ctx.context.adapter, options);\n\tconst key = await adapter.createJwk(ctx, jwk as Jwk);\n\n\treturn key;\n}\n"],"mappings":";;;;;;;;;;;;;;;AAiBA,SAAgB,SACf,gBACA,KACS;AACT,KAAI,OAAO,mBAAmB,SAC7B,QAAO;UACG,0BAA0B,KACpC,QAAO,KAAK,MAAM,eAAe,SAAS,GAAG,IAAK;KAElD,QAAO,MAAM,IAAI,eAA6B;;AAIhD,eAAsB,wBACrB,SACC;CACD,MAAM,EAAE,KAAK,GAAG,QAAQ,SAAS,MAAM,iBAAiB;EACvD,KAAK;EACL,KAAK;EACL;CACD,MAAM,EAAE,WAAW,eAAe,MAAM,gBAAgB,KAAK;EAC5D,GAAG;EACH,aAAa;EACb,CAAC;AAKF,QAAO;EAAE,cAHY,MAAM,UAAU,UAAU;EAGxB,eAFD,MAAM,UAAU,WAAW;EAEX;EAAK;EAAK;;;;;;;;;AAUjD,eAAsB,UACrB,KACA,SACC;CACD,MAAM,EAAE,cAAc,eAAe,KAAK,QACzC,MAAM,wBAAwB,QAAQ;CAEvC,MAAM,2BAA2B,KAAK,UAAU,cAAc;CAC9D,MAAM,8BACL,CAAC,SAAS,MAAM;CACjB,MAAM,MAAuB;EAC5B;EACA,GAAI,OAAO,SAAS,MACjB,EACA,KAAM,IAAqC,KAC3C,GACA,EAAE;EACL,WAAW,KAAK,UAAU,aAAa;EACvC,YAAY,8BACT,KAAK,UACL,MAAM,iBAAiB;GACtB,KAAK,IAAI,QAAQ;GACjB,MAAM;GACN,CAAC,CACF,GACA;EACH,2BAAW,IAAI,MAAM;EACrB,GAAI,SAAS,MAAM,mBAChB,EACA,WAAW,IAAI,KACd,KAAK,KAAK,GAAG,QAAQ,KAAK,mBAAmB,IAC7C,EACD,GACA,EAAE;EACL;AAKD,QAFY,MADI,eAAe,IAAI,QAAQ,SAAS,QAAQ,CAClC,UAAU,KAAK,IAAW"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { JwtOptions } from "./types.mjs";
|
|
2
|
+
import { JWTPayload } from "jose";
|
|
3
|
+
|
|
4
|
+
//#region src/plugins/jwt/verify.d.ts
|
|
5
|
+
/**
|
|
6
|
+
* Verify a JWT token using the JWKS public keys
|
|
7
|
+
* Returns the payload if valid, null otherwise
|
|
8
|
+
*/
|
|
9
|
+
declare function verifyJWT<T extends JWTPayload = JWTPayload>(token: string, options?: JwtOptions): Promise<(T & Required<Pick<JWTPayload, "sub" | "aud">>) | null>;
|
|
10
|
+
//#endregion
|
|
11
|
+
export { verifyJWT };
|
|
12
|
+
//# sourceMappingURL=verify.d.mts.map
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { getJwksAdapter } from "./adapter.mjs";
|
|
2
|
+
import { getCurrentAuthContext } from "@better-auth/core/context";
|
|
3
|
+
import { base64 } from "@better-auth/utils/base64";
|
|
4
|
+
import { importJWK, jwtVerify } from "jose";
|
|
5
|
+
|
|
6
|
+
//#region src/plugins/jwt/verify.ts
|
|
7
|
+
/**
|
|
8
|
+
* Verify a JWT token using the JWKS public keys
|
|
9
|
+
* Returns the payload if valid, null otherwise
|
|
10
|
+
*/
|
|
11
|
+
async function verifyJWT(token, options) {
|
|
12
|
+
const ctx = await getCurrentAuthContext();
|
|
13
|
+
try {
|
|
14
|
+
const parts = token.split(".");
|
|
15
|
+
if (parts.length !== 3) return null;
|
|
16
|
+
const headerStr = new TextDecoder().decode(base64.decode(parts[0]));
|
|
17
|
+
const kid = JSON.parse(headerStr).kid;
|
|
18
|
+
if (!kid) {
|
|
19
|
+
ctx.context.logger.debug("JWT missing kid in header");
|
|
20
|
+
return null;
|
|
21
|
+
}
|
|
22
|
+
const keys = await getJwksAdapter(ctx.context.adapter, options).getAllKeys(ctx);
|
|
23
|
+
if (!keys || keys.length === 0) {
|
|
24
|
+
ctx.context.logger.debug("No JWKS keys available");
|
|
25
|
+
return null;
|
|
26
|
+
}
|
|
27
|
+
const key = keys.find((k) => k.id === kid);
|
|
28
|
+
if (!key) {
|
|
29
|
+
ctx.context.logger.debug(`No JWKS key found for kid: ${kid}`);
|
|
30
|
+
return null;
|
|
31
|
+
}
|
|
32
|
+
const { payload } = await jwtVerify(token, await importJWK(JSON.parse(key.publicKey), key.alg ?? options?.jwks?.keyPairConfig?.alg ?? "EdDSA"), {
|
|
33
|
+
issuer: options?.jwt?.issuer ?? ctx.context.options.baseURL,
|
|
34
|
+
audience: options?.jwt?.audience ?? ctx.context.options.baseURL
|
|
35
|
+
});
|
|
36
|
+
if (!payload.sub || !payload.aud) return null;
|
|
37
|
+
return payload;
|
|
38
|
+
} catch (error) {
|
|
39
|
+
ctx.context.logger.debug("JWT verification failed", error);
|
|
40
|
+
return null;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
//#endregion
|
|
45
|
+
export { verifyJWT };
|
|
46
|
+
//# sourceMappingURL=verify.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify.mjs","names":[],"sources":["../../../src/plugins/jwt/verify.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { getCurrentAuthContext } from \"@better-auth/core/context\";\nimport { base64 } from \"@better-auth/utils/base64\";\nimport type { JWTPayload } from \"jose\";\nimport { importJWK, jwtVerify } from \"jose\";\nimport { getJwksAdapter } from \"./adapter\";\nimport type { JwtOptions } from \"./types\";\n\n/**\n * Verify a JWT token using the JWKS public keys\n * Returns the payload if valid, null otherwise\n */\nexport async function verifyJWT<T extends JWTPayload = JWTPayload>(\n\ttoken: string,\n\toptions?: JwtOptions,\n): Promise<(T & Required<Pick<JWTPayload, \"sub\" | \"aud\">>) | null> {\n\tconst ctx = await getCurrentAuthContext();\n\ttry {\n\t\tconst parts = token.split(\".\");\n\t\tif (parts.length !== 3) {\n\t\t\treturn null;\n\t\t}\n\n\t\tconst headerStr = new TextDecoder().decode(base64.decode(parts[0]!));\n\t\tconst header = JSON.parse(headerStr);\n\t\tconst kid = header.kid;\n\n\t\tif (!kid) {\n\t\t\tctx.context.logger.debug(\"JWT missing kid in header\");\n\t\t\treturn null;\n\t\t}\n\n\t\t// Get all JWKS keys\n\t\tconst adapter = getJwksAdapter(ctx.context.adapter, options);\n\t\tconst keys = await adapter.getAllKeys(ctx as GenericEndpointContext);\n\n\t\tif (!keys || keys.length === 0) {\n\t\t\tctx.context.logger.debug(\"No JWKS keys available\");\n\t\t\treturn null;\n\t\t}\n\n\t\tconst key = keys.find((k) => k.id === kid);\n\t\tif (!key) {\n\t\t\tctx.context.logger.debug(`No JWKS key found for kid: ${kid}`);\n\t\t\treturn null;\n\t\t}\n\n\t\tconst publicKey = JSON.parse(key.publicKey);\n\t\tconst alg = key.alg ?? options?.jwks?.keyPairConfig?.alg ?? \"EdDSA\";\n\t\tconst cryptoKey = await importJWK(publicKey, alg);\n\n\t\tconst { payload } = await jwtVerify(token, cryptoKey, {\n\t\t\tissuer: options?.jwt?.issuer ?? ctx.context.options.baseURL,\n\t\t\taudience: options?.jwt?.audience ?? ctx.context.options.baseURL,\n\t\t});\n\n\t\tif (!payload.sub || !payload.aud) {\n\t\t\treturn null;\n\t\t}\n\n\t\treturn payload as T & Required<Pick<JWTPayload, \"sub\" | \"aud\">>;\n\t} catch (error) {\n\t\tctx.context.logger.debug(\"JWT verification failed\", error);\n\t\treturn null;\n\t}\n}\n"],"mappings":";;;;;;;;;;AAYA,eAAsB,UACrB,OACA,SACkE;CAClE,MAAM,MAAM,MAAM,uBAAuB;AACzC,KAAI;EACH,MAAM,QAAQ,MAAM,MAAM,IAAI;AAC9B,MAAI,MAAM,WAAW,EACpB,QAAO;EAGR,MAAM,YAAY,IAAI,aAAa,CAAC,OAAO,OAAO,OAAO,MAAM,GAAI,CAAC;EAEpE,MAAM,MADS,KAAK,MAAM,UAAU,CACjB;AAEnB,MAAI,CAAC,KAAK;AACT,OAAI,QAAQ,OAAO,MAAM,4BAA4B;AACrD,UAAO;;EAKR,MAAM,OAAO,MADG,eAAe,IAAI,QAAQ,SAAS,QAAQ,CACjC,WAAW,IAA8B;AAEpE,MAAI,CAAC,QAAQ,KAAK,WAAW,GAAG;AAC/B,OAAI,QAAQ,OAAO,MAAM,yBAAyB;AAClD,UAAO;;EAGR,MAAM,MAAM,KAAK,MAAM,MAAM,EAAE,OAAO,IAAI;AAC1C,MAAI,CAAC,KAAK;AACT,OAAI,QAAQ,OAAO,MAAM,8BAA8B,MAAM;AAC7D,UAAO;;EAOR,MAAM,EAAE,YAAY,MAAM,UAAU,OAFlB,MAAM,UAFN,KAAK,MAAM,IAAI,UAAU,EAC/B,IAAI,OAAO,SAAS,MAAM,eAAe,OAAO,QACX,EAEK;GACrD,QAAQ,SAAS,KAAK,UAAU,IAAI,QAAQ,QAAQ;GACpD,UAAU,SAAS,KAAK,YAAY,IAAI,QAAQ,QAAQ;GACxD,CAAC;AAEF,MAAI,CAAC,QAAQ,OAAO,CAAC,QAAQ,IAC5B,QAAO;AAGR,SAAO;UACC,OAAO;AACf,MAAI,QAAQ,OAAO,MAAM,2BAA2B,MAAM;AAC1D,SAAO"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
//#region src/plugins/last-login-method/client.d.ts
|
|
2
|
+
/**
|
|
3
|
+
* Configuration for the client-side last login method plugin
|
|
4
|
+
*/
|
|
5
|
+
interface LastLoginMethodClientConfig {
|
|
6
|
+
/**
|
|
7
|
+
* Name of the cookie to read the last login method from
|
|
8
|
+
* @default "better-auth.last_used_login_method"
|
|
9
|
+
*/
|
|
10
|
+
cookieName?: string | undefined;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Client-side plugin to retrieve the last used login method
|
|
14
|
+
*/
|
|
15
|
+
declare const lastLoginMethodClient: (config?: LastLoginMethodClientConfig) => {
|
|
16
|
+
id: "last-login-method-client";
|
|
17
|
+
getActions(): {
|
|
18
|
+
/**
|
|
19
|
+
* Get the last used login method from cookies
|
|
20
|
+
* @returns The last used login method or null if not found
|
|
21
|
+
*/
|
|
22
|
+
getLastUsedLoginMethod: () => string | null;
|
|
23
|
+
/**
|
|
24
|
+
* Clear the last used login method cookie
|
|
25
|
+
* This sets the cookie with an expiration date in the past
|
|
26
|
+
*/
|
|
27
|
+
clearLastUsedLoginMethod: () => void;
|
|
28
|
+
/**
|
|
29
|
+
* Check if a specific login method was the last used
|
|
30
|
+
* @param method The method to check
|
|
31
|
+
* @returns True if the method was the last used, false otherwise
|
|
32
|
+
*/
|
|
33
|
+
isLastUsedLoginMethod: (method: string) => boolean;
|
|
34
|
+
};
|
|
35
|
+
};
|
|
36
|
+
//#endregion
|
|
37
|
+
export { LastLoginMethodClientConfig, lastLoginMethodClient };
|
|
38
|
+
//# sourceMappingURL=client.d.mts.map
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
//#region src/plugins/last-login-method/client.ts
|
|
2
|
+
function getCookieValue(name) {
|
|
3
|
+
if (typeof document === "undefined") return null;
|
|
4
|
+
const cookie = document.cookie.split("; ").find((row) => row.startsWith(`${name}=`));
|
|
5
|
+
return cookie ? cookie.split("=")[1] : null;
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Client-side plugin to retrieve the last used login method
|
|
9
|
+
*/
|
|
10
|
+
const lastLoginMethodClient = (config = {}) => {
|
|
11
|
+
const cookieName = config.cookieName || "better-auth.last_used_login_method";
|
|
12
|
+
return {
|
|
13
|
+
id: "last-login-method-client",
|
|
14
|
+
getActions() {
|
|
15
|
+
return {
|
|
16
|
+
getLastUsedLoginMethod: () => {
|
|
17
|
+
return getCookieValue(cookieName);
|
|
18
|
+
},
|
|
19
|
+
clearLastUsedLoginMethod: () => {
|
|
20
|
+
if (typeof document !== "undefined") document.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
|
|
21
|
+
},
|
|
22
|
+
isLastUsedLoginMethod: (method) => {
|
|
23
|
+
return getCookieValue(cookieName) === method;
|
|
24
|
+
}
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
};
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
//#endregion
|
|
31
|
+
export { lastLoginMethodClient };
|
|
32
|
+
//# sourceMappingURL=client.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/last-login-method/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\n\n/**\n * Configuration for the client-side last login method plugin\n */\nexport interface LastLoginMethodClientConfig {\n\t/**\n\t * Name of the cookie to read the last login method from\n\t * @default \"better-auth.last_used_login_method\"\n\t */\n\tcookieName?: string | undefined;\n}\n\nfunction getCookieValue(name: string): string | null {\n\tif (typeof document === \"undefined\") {\n\t\treturn null;\n\t}\n\n\tconst cookie = document.cookie\n\t\t.split(\"; \")\n\t\t.find((row) => row.startsWith(`${name}=`));\n\n\treturn cookie ? cookie.split(\"=\")[1]! : null;\n}\n\n/**\n * Client-side plugin to retrieve the last used login method\n */\nexport const lastLoginMethodClient = (\n\tconfig: LastLoginMethodClientConfig = {},\n) => {\n\tconst cookieName = config.cookieName || \"better-auth.last_used_login_method\";\n\n\treturn {\n\t\tid: \"last-login-method-client\",\n\t\tgetActions() {\n\t\t\treturn {\n\t\t\t\t/**\n\t\t\t\t * Get the last used login method from cookies\n\t\t\t\t * @returns The last used login method or null if not found\n\t\t\t\t */\n\t\t\t\tgetLastUsedLoginMethod: (): string | null => {\n\t\t\t\t\treturn getCookieValue(cookieName);\n\t\t\t\t},\n\t\t\t\t/**\n\t\t\t\t * Clear the last used login method cookie\n\t\t\t\t * This sets the cookie with an expiration date in the past\n\t\t\t\t */\n\t\t\t\tclearLastUsedLoginMethod: (): void => {\n\t\t\t\t\tif (typeof document !== \"undefined\") {\n\t\t\t\t\t\tdocument.cookie = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t\t/**\n\t\t\t\t * Check if a specific login method was the last used\n\t\t\t\t * @param method The method to check\n\t\t\t\t * @returns True if the method was the last used, false otherwise\n\t\t\t\t */\n\t\t\t\tisLastUsedLoginMethod: (method: string): boolean => {\n\t\t\t\t\tconst lastMethod = getCookieValue(cookieName);\n\t\t\t\t\treturn lastMethod === method;\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAaA,SAAS,eAAe,MAA6B;AACpD,KAAI,OAAO,aAAa,YACvB,QAAO;CAGR,MAAM,SAAS,SAAS,OACtB,MAAM,KAAK,CACX,MAAM,QAAQ,IAAI,WAAW,GAAG,KAAK,GAAG,CAAC;AAE3C,QAAO,SAAS,OAAO,MAAM,IAAI,CAAC,KAAM;;;;;AAMzC,MAAa,yBACZ,SAAsC,EAAE,KACpC;CACJ,MAAM,aAAa,OAAO,cAAc;AAExC,QAAO;EACN,IAAI;EACJ,aAAa;AACZ,UAAO;IAKN,8BAA6C;AAC5C,YAAO,eAAe,WAAW;;IAMlC,gCAAsC;AACrC,SAAI,OAAO,aAAa,YACvB,UAAS,SAAS,GAAG,WAAW;;IAQlC,wBAAwB,WAA4B;AAEnD,YADmB,eAAe,WAAW,KACvB;;IAEvB;;EAEF"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
import * as _better_auth_core0 from "@better-auth/core";
|
|
2
|
+
import { GenericEndpointContext } from "@better-auth/core";
|
|
3
|
+
import * as better_call0 from "better-call";
|
|
4
|
+
|
|
5
|
+
//#region src/plugins/last-login-method/index.d.ts
|
|
6
|
+
declare module "@better-auth/core" {
|
|
7
|
+
interface BetterAuthPluginRegistry<AuthOptions, Options> {
|
|
8
|
+
"last-login-method": {
|
|
9
|
+
creator: typeof lastLoginMethod;
|
|
10
|
+
};
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Configuration for tracking different authentication methods
|
|
15
|
+
*/
|
|
16
|
+
interface LastLoginMethodOptions {
|
|
17
|
+
/**
|
|
18
|
+
* Name of the cookie to store the last login method
|
|
19
|
+
* @default "better-auth.last_used_login_method"
|
|
20
|
+
*/
|
|
21
|
+
cookieName?: string | undefined;
|
|
22
|
+
/**
|
|
23
|
+
* Cookie expiration time in seconds
|
|
24
|
+
* @default 2592000 (30 days)
|
|
25
|
+
*/
|
|
26
|
+
maxAge?: number | undefined;
|
|
27
|
+
/**
|
|
28
|
+
* Custom method to resolve the last login method
|
|
29
|
+
* @param ctx - The context from the hook
|
|
30
|
+
* @returns The last login method
|
|
31
|
+
*/
|
|
32
|
+
customResolveMethod?: ((ctx: GenericEndpointContext) => string | null) | undefined;
|
|
33
|
+
/**
|
|
34
|
+
* Store the last login method in the database. This will create a new field in the user table.
|
|
35
|
+
* @default false
|
|
36
|
+
*/
|
|
37
|
+
storeInDatabase?: boolean | undefined;
|
|
38
|
+
/**
|
|
39
|
+
* Custom schema for the plugin
|
|
40
|
+
* @default undefined
|
|
41
|
+
*/
|
|
42
|
+
schema?: {
|
|
43
|
+
user?: {
|
|
44
|
+
lastLoginMethod?: string;
|
|
45
|
+
};
|
|
46
|
+
} | undefined;
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Plugin to track the last used login method
|
|
50
|
+
*/
|
|
51
|
+
declare const lastLoginMethod: <O extends LastLoginMethodOptions>(userConfig?: O | undefined) => {
|
|
52
|
+
id: "last-login-method";
|
|
53
|
+
init(ctx: _better_auth_core0.AuthContext): {
|
|
54
|
+
options: {
|
|
55
|
+
databaseHooks: {
|
|
56
|
+
user: {
|
|
57
|
+
create: {
|
|
58
|
+
before(user: {
|
|
59
|
+
id: string;
|
|
60
|
+
createdAt: Date;
|
|
61
|
+
updatedAt: Date;
|
|
62
|
+
email: string;
|
|
63
|
+
emailVerified: boolean;
|
|
64
|
+
name: string;
|
|
65
|
+
image?: string | null | undefined;
|
|
66
|
+
} & Record<string, unknown>, context: GenericEndpointContext | null): Promise<{
|
|
67
|
+
data: {
|
|
68
|
+
lastLoginMethod: any;
|
|
69
|
+
id: string;
|
|
70
|
+
createdAt: Date;
|
|
71
|
+
updatedAt: Date;
|
|
72
|
+
email: string;
|
|
73
|
+
emailVerified: boolean;
|
|
74
|
+
name: string;
|
|
75
|
+
image?: string | null | undefined;
|
|
76
|
+
};
|
|
77
|
+
} | undefined>;
|
|
78
|
+
};
|
|
79
|
+
};
|
|
80
|
+
session: {
|
|
81
|
+
create: {
|
|
82
|
+
after(session: {
|
|
83
|
+
id: string;
|
|
84
|
+
createdAt: Date;
|
|
85
|
+
updatedAt: Date;
|
|
86
|
+
userId: string;
|
|
87
|
+
expiresAt: Date;
|
|
88
|
+
token: string;
|
|
89
|
+
ipAddress?: string | null | undefined;
|
|
90
|
+
userAgent?: string | null | undefined;
|
|
91
|
+
} & Record<string, unknown>, context: GenericEndpointContext | null): Promise<void>;
|
|
92
|
+
};
|
|
93
|
+
};
|
|
94
|
+
};
|
|
95
|
+
};
|
|
96
|
+
};
|
|
97
|
+
hooks: {
|
|
98
|
+
after: {
|
|
99
|
+
matcher(): true;
|
|
100
|
+
handler: (inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<void>;
|
|
101
|
+
}[];
|
|
102
|
+
};
|
|
103
|
+
schema: O["storeInDatabase"] extends true ? {
|
|
104
|
+
user: {
|
|
105
|
+
fields: {
|
|
106
|
+
lastLoginMethod: {
|
|
107
|
+
type: "string";
|
|
108
|
+
required: false;
|
|
109
|
+
input: false;
|
|
110
|
+
};
|
|
111
|
+
};
|
|
112
|
+
};
|
|
113
|
+
} : undefined;
|
|
114
|
+
options: NoInfer<O>;
|
|
115
|
+
};
|
|
116
|
+
//#endregion
|
|
117
|
+
export { LastLoginMethodOptions, lastLoginMethod };
|
|
118
|
+
//# sourceMappingURL=index.d.mts.map
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import { createAuthMiddleware } from "@better-auth/core/api";
|
|
2
|
+
|
|
3
|
+
//#region src/plugins/last-login-method/index.ts
|
|
4
|
+
/**
|
|
5
|
+
* Plugin to track the last used login method
|
|
6
|
+
*/
|
|
7
|
+
const lastLoginMethod = (userConfig) => {
|
|
8
|
+
const defaultResolveMethod = (ctx) => {
|
|
9
|
+
if (ctx.path.startsWith("/callback/") || ctx.path.startsWith("/oauth2/callback/")) return ctx.params?.id || ctx.params?.providerId || ctx.path.split("/").pop();
|
|
10
|
+
if (ctx.path === "/sign-in/email" || ctx.path === "/sign-up/email") return "email";
|
|
11
|
+
if (ctx.path.includes("/passkey/verify-authentication")) return "passkey";
|
|
12
|
+
return null;
|
|
13
|
+
};
|
|
14
|
+
const config = {
|
|
15
|
+
cookieName: "better-auth.last_used_login_method",
|
|
16
|
+
maxAge: 3600 * 24 * 30,
|
|
17
|
+
...userConfig
|
|
18
|
+
};
|
|
19
|
+
return {
|
|
20
|
+
id: "last-login-method",
|
|
21
|
+
init(ctx) {
|
|
22
|
+
return { options: { databaseHooks: {
|
|
23
|
+
user: { create: { async before(user, context) {
|
|
24
|
+
if (!config.storeInDatabase) return;
|
|
25
|
+
if (!context) return;
|
|
26
|
+
const lastUsedLoginMethod = config.customResolveMethod?.(context) ?? defaultResolveMethod(context);
|
|
27
|
+
if (lastUsedLoginMethod) return { data: {
|
|
28
|
+
...user,
|
|
29
|
+
lastLoginMethod: lastUsedLoginMethod
|
|
30
|
+
} };
|
|
31
|
+
} } },
|
|
32
|
+
session: { create: { async after(session, context) {
|
|
33
|
+
if (!config.storeInDatabase) return;
|
|
34
|
+
if (!context) return;
|
|
35
|
+
const lastUsedLoginMethod = config.customResolveMethod?.(context) ?? defaultResolveMethod(context);
|
|
36
|
+
if (lastUsedLoginMethod && session?.userId) try {
|
|
37
|
+
await ctx.internalAdapter.updateUser(session.userId, { lastLoginMethod: lastUsedLoginMethod });
|
|
38
|
+
} catch (error) {
|
|
39
|
+
ctx.logger.error("Failed to update lastLoginMethod", error);
|
|
40
|
+
}
|
|
41
|
+
} } }
|
|
42
|
+
} } };
|
|
43
|
+
},
|
|
44
|
+
hooks: { after: [{
|
|
45
|
+
matcher() {
|
|
46
|
+
return true;
|
|
47
|
+
},
|
|
48
|
+
handler: createAuthMiddleware(async (ctx) => {
|
|
49
|
+
const lastUsedLoginMethod = config.customResolveMethod?.(ctx) ?? defaultResolveMethod(ctx);
|
|
50
|
+
if (lastUsedLoginMethod) {
|
|
51
|
+
const setCookie = ctx.context.responseHeaders?.get("set-cookie");
|
|
52
|
+
const sessionTokenName = ctx.context.authCookies.sessionToken.name;
|
|
53
|
+
if (setCookie && setCookie.includes(sessionTokenName)) {
|
|
54
|
+
const cookieAttributes = {
|
|
55
|
+
...ctx.context.authCookies.sessionToken.attributes,
|
|
56
|
+
maxAge: config.maxAge,
|
|
57
|
+
httpOnly: false
|
|
58
|
+
};
|
|
59
|
+
ctx.setCookie(config.cookieName, lastUsedLoginMethod, cookieAttributes);
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
})
|
|
63
|
+
}] },
|
|
64
|
+
schema: config.storeInDatabase ? { user: { fields: { lastLoginMethod: {
|
|
65
|
+
type: "string",
|
|
66
|
+
input: false,
|
|
67
|
+
required: false,
|
|
68
|
+
fieldName: config.schema?.user?.lastLoginMethod || "lastLoginMethod"
|
|
69
|
+
} } } } : void 0,
|
|
70
|
+
options: userConfig
|
|
71
|
+
};
|
|
72
|
+
};
|
|
73
|
+
|
|
74
|
+
//#endregion
|
|
75
|
+
export { lastLoginMethod };
|
|
76
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/last-login-method/index.ts"],"sourcesContent":["import type {\n\tBetterAuthPlugin,\n\tGenericEndpointContext,\n} from \"@better-auth/core\";\nimport { createAuthMiddleware } from \"@better-auth/core/api\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\t\"last-login-method\": {\n\t\t\tcreator: typeof lastLoginMethod;\n\t\t};\n\t}\n}\n/**\n * Configuration for tracking different authentication methods\n */\nexport interface LastLoginMethodOptions {\n\t/**\n\t * Name of the cookie to store the last login method\n\t * @default \"better-auth.last_used_login_method\"\n\t */\n\tcookieName?: string | undefined;\n\t/**\n\t * Cookie expiration time in seconds\n\t * @default 2592000 (30 days)\n\t */\n\tmaxAge?: number | undefined;\n\t/**\n\t * Custom method to resolve the last login method\n\t * @param ctx - The context from the hook\n\t * @returns The last login method\n\t */\n\tcustomResolveMethod?:\n\t\t| ((ctx: GenericEndpointContext) => string | null)\n\t\t| undefined;\n\t/**\n\t * Store the last login method in the database. This will create a new field in the user table.\n\t * @default false\n\t */\n\tstoreInDatabase?: boolean | undefined;\n\t/**\n\t * Custom schema for the plugin\n\t * @default undefined\n\t */\n\tschema?:\n\t\t| {\n\t\t\t\tuser?: {\n\t\t\t\t\tlastLoginMethod?: string;\n\t\t\t\t};\n\t\t }\n\t\t| undefined;\n}\n\n/**\n * Plugin to track the last used login method\n */\nexport const lastLoginMethod = <O extends LastLoginMethodOptions>(\n\tuserConfig?: O | undefined,\n) => {\n\tconst defaultResolveMethod = (ctx: GenericEndpointContext) => {\n\t\t// Check for OAuth callbacks (/callback/:id or /oauth2/callback/:providerId)\n\t\tif (\n\t\t\tctx.path.startsWith(\"/callback/\") ||\n\t\t\tctx.path.startsWith(\"/oauth2/callback/\")\n\t\t) {\n\t\t\treturn (\n\t\t\t\tctx.params?.id || ctx.params?.providerId || ctx.path.split(\"/\").pop()\n\t\t\t);\n\t\t}\n\t\t// Check for email sign-in/sign-up\n\t\tif (ctx.path === \"/sign-in/email\" || ctx.path === \"/sign-up/email\") {\n\t\t\treturn \"email\";\n\t\t}\n\t\tif (ctx.path.includes(\"/passkey/verify-authentication\")) return \"passkey\";\n\t\treturn null;\n\t};\n\n\tconst config = {\n\t\tcookieName: \"better-auth.last_used_login_method\",\n\t\tmaxAge: 60 * 60 * 24 * 30,\n\t\t...userConfig,\n\t} satisfies LastLoginMethodOptions;\n\n\treturn {\n\t\tid: \"last-login-method\",\n\t\tinit(ctx) {\n\t\t\treturn {\n\t\t\t\toptions: {\n\t\t\t\t\tdatabaseHooks: {\n\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\tcreate: {\n\t\t\t\t\t\t\t\tasync before(user, context) {\n\t\t\t\t\t\t\t\t\tif (!config.storeInDatabase) return;\n\t\t\t\t\t\t\t\t\tif (!context) return;\n\t\t\t\t\t\t\t\t\tconst lastUsedLoginMethod =\n\t\t\t\t\t\t\t\t\t\tconfig.customResolveMethod?.(context) ??\n\t\t\t\t\t\t\t\t\t\tdefaultResolveMethod(context);\n\t\t\t\t\t\t\t\t\tif (lastUsedLoginMethod) {\n\t\t\t\t\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\t\t\t\t\t\t...user,\n\t\t\t\t\t\t\t\t\t\t\t\tlastLoginMethod: lastUsedLoginMethod,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t};\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\tcreate: {\n\t\t\t\t\t\t\t\tasync after(session, context) {\n\t\t\t\t\t\t\t\t\tif (!config.storeInDatabase) return;\n\t\t\t\t\t\t\t\t\tif (!context) return;\n\t\t\t\t\t\t\t\t\tconst lastUsedLoginMethod =\n\t\t\t\t\t\t\t\t\t\tconfig.customResolveMethod?.(context) ??\n\t\t\t\t\t\t\t\t\t\tdefaultResolveMethod(context);\n\t\t\t\t\t\t\t\t\tif (lastUsedLoginMethod && session?.userId) {\n\t\t\t\t\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\t\t\t\t\tawait ctx.internalAdapter.updateUser(session.userId, {\n\t\t\t\t\t\t\t\t\t\t\t\tlastLoginMethod: lastUsedLoginMethod,\n\t\t\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t\t\t} catch (error) {\n\t\t\t\t\t\t\t\t\t\t\tctx.logger.error(\n\t\t\t\t\t\t\t\t\t\t\t\t\"Failed to update lastLoginMethod\",\n\t\t\t\t\t\t\t\t\t\t\t\terror,\n\t\t\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher() {\n\t\t\t\t\t\treturn true;\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst lastUsedLoginMethod =\n\t\t\t\t\t\t\tconfig.customResolveMethod?.(ctx) ?? defaultResolveMethod(ctx);\n\t\t\t\t\t\tif (lastUsedLoginMethod) {\n\t\t\t\t\t\t\tconst setCookie = ctx.context.responseHeaders?.get(\"set-cookie\");\n\t\t\t\t\t\t\tconst sessionTokenName =\n\t\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.name;\n\t\t\t\t\t\t\tconst hasSessionToken =\n\t\t\t\t\t\t\t\tsetCookie && setCookie.includes(sessionTokenName);\n\t\t\t\t\t\t\tif (hasSessionToken) {\n\t\t\t\t\t\t\t\t// Inherit cookie attributes from Better Auth's centralized cookie system\n\t\t\t\t\t\t\t\t// This ensures consistency with cross-origin, cross-subdomain, and security settings\n\t\t\t\t\t\t\t\tconst cookieAttributes = {\n\t\t\t\t\t\t\t\t\t...ctx.context.authCookies.sessionToken.attributes,\n\t\t\t\t\t\t\t\t\tmaxAge: config.maxAge,\n\t\t\t\t\t\t\t\t\thttpOnly: false, // Override: plugin cookies are not httpOnly\n\t\t\t\t\t\t\t\t};\n\n\t\t\t\t\t\t\t\tctx.setCookie(\n\t\t\t\t\t\t\t\t\tconfig.cookieName,\n\t\t\t\t\t\t\t\t\tlastUsedLoginMethod,\n\t\t\t\t\t\t\t\t\tcookieAttributes,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tschema: (config.storeInDatabase\n\t\t\t? {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tfields: {\n\t\t\t\t\t\t\tlastLoginMethod: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\tinput: false,\n\t\t\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\t\t\tfieldName:\n\t\t\t\t\t\t\t\t\tconfig.schema?.user?.lastLoginMethod || \"lastLoginMethod\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t}\n\t\t\t: undefined) as O[\"storeInDatabase\"] extends true\n\t\t\t? {\n\t\t\t\t\tuser: {\n\t\t\t\t\t\tfields: {\n\t\t\t\t\t\t\tlastLoginMethod: {\n\t\t\t\t\t\t\t\ttype: \"string\";\n\t\t\t\t\t\t\t\trequired: false;\n\t\t\t\t\t\t\t\tinput: false;\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t: undefined,\n\t\toptions: userConfig as NoInfer<O>,\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;AAwDA,MAAa,mBACZ,eACI;CACJ,MAAM,wBAAwB,QAAgC;AAE7D,MACC,IAAI,KAAK,WAAW,aAAa,IACjC,IAAI,KAAK,WAAW,oBAAoB,CAExC,QACC,IAAI,QAAQ,MAAM,IAAI,QAAQ,cAAc,IAAI,KAAK,MAAM,IAAI,CAAC,KAAK;AAIvE,MAAI,IAAI,SAAS,oBAAoB,IAAI,SAAS,iBACjD,QAAO;AAER,MAAI,IAAI,KAAK,SAAS,iCAAiC,CAAE,QAAO;AAChE,SAAO;;CAGR,MAAM,SAAS;EACd,YAAY;EACZ,QAAQ,OAAU,KAAK;EACvB,GAAG;EACH;AAED,QAAO;EACN,IAAI;EACJ,KAAK,KAAK;AACT,UAAO,EACN,SAAS,EACR,eAAe;IACd,MAAM,EACL,QAAQ,EACP,MAAM,OAAO,MAAM,SAAS;AAC3B,SAAI,CAAC,OAAO,gBAAiB;AAC7B,SAAI,CAAC,QAAS;KACd,MAAM,sBACL,OAAO,sBAAsB,QAAQ,IACrC,qBAAqB,QAAQ;AAC9B,SAAI,oBACH,QAAO,EACN,MAAM;MACL,GAAG;MACH,iBAAiB;MACjB,EACD;OAGH,EACD;IACD,SAAS,EACR,QAAQ,EACP,MAAM,MAAM,SAAS,SAAS;AAC7B,SAAI,CAAC,OAAO,gBAAiB;AAC7B,SAAI,CAAC,QAAS;KACd,MAAM,sBACL,OAAO,sBAAsB,QAAQ,IACrC,qBAAqB,QAAQ;AAC9B,SAAI,uBAAuB,SAAS,OACnC,KAAI;AACH,YAAM,IAAI,gBAAgB,WAAW,QAAQ,QAAQ,EACpD,iBAAiB,qBACjB,CAAC;cACM,OAAO;AACf,UAAI,OAAO,MACV,oCACA,MACA;;OAIJ,EACD;IACD,EACD,EACD;;EAEF,OAAO,EACN,OAAO,CACN;GACC,UAAU;AACT,WAAO;;GAER,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,sBACL,OAAO,sBAAsB,IAAI,IAAI,qBAAqB,IAAI;AAC/D,QAAI,qBAAqB;KACxB,MAAM,YAAY,IAAI,QAAQ,iBAAiB,IAAI,aAAa;KAChE,MAAM,mBACL,IAAI,QAAQ,YAAY,aAAa;AAGtC,SADC,aAAa,UAAU,SAAS,iBAAiB,EAC7B;MAGpB,MAAM,mBAAmB;OACxB,GAAG,IAAI,QAAQ,YAAY,aAAa;OACxC,QAAQ,OAAO;OACf,UAAU;OACV;AAED,UAAI,UACH,OAAO,YACP,qBACA,iBACA;;;KAGF;GACF,CACD,EACD;EACD,QAAS,OAAO,kBACb,EACA,MAAM,EACL,QAAQ,EACP,iBAAiB;GAChB,MAAM;GACN,OAAO;GACP,UAAU;GACV,WACC,OAAO,QAAQ,MAAM,mBAAmB;GACzC,EACD,EACD,EACD,GACA;EAaH,SAAS;EACT"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { magicLink } from "./index.mjs";
|
|
2
|
+
|
|
3
|
+
//#region src/plugins/magic-link/client.d.ts
|
|
4
|
+
declare const magicLinkClient: () => {
|
|
5
|
+
id: "magic-link";
|
|
6
|
+
$InferServerPlugin: ReturnType<typeof magicLink>;
|
|
7
|
+
};
|
|
8
|
+
//#endregion
|
|
9
|
+
export { magicLinkClient };
|
|
10
|
+
//# sourceMappingURL=client.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.mjs","names":[],"sources":["../../../src/plugins/magic-link/client.ts"],"sourcesContent":["import type { BetterAuthClientPlugin } from \"@better-auth/core\";\nimport type { magicLink } from \".\";\n\nexport const magicLinkClient = () => {\n\treturn {\n\t\tid: \"magic-link\",\n\t\t$InferServerPlugin: {} as ReturnType<typeof magicLink>,\n\t} satisfies BetterAuthClientPlugin;\n};\n"],"mappings":";AAGA,MAAa,wBAAwB;AACpC,QAAO;EACN,IAAI;EACJ,oBAAoB,EAAE;EACtB"}
|
|
@@ -0,0 +1,193 @@
|
|
|
1
|
+
import { Awaitable, GenericEndpointContext } from "@better-auth/core";
|
|
2
|
+
import * as better_call0 from "better-call";
|
|
3
|
+
import * as z from "zod";
|
|
4
|
+
|
|
5
|
+
//#region src/plugins/magic-link/index.d.ts
|
|
6
|
+
declare module "@better-auth/core" {
|
|
7
|
+
interface BetterAuthPluginRegistry<AuthOptions, Options> {
|
|
8
|
+
"magic-link": {
|
|
9
|
+
creator: typeof magicLink;
|
|
10
|
+
};
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
interface MagicLinkOptions {
|
|
14
|
+
/**
|
|
15
|
+
* Time in seconds until the magic link expires.
|
|
16
|
+
* @default (60 * 5) // 5 minutes
|
|
17
|
+
*/
|
|
18
|
+
expiresIn?: number | undefined;
|
|
19
|
+
/**
|
|
20
|
+
* Allowed attempts for verifying the magic link token.
|
|
21
|
+
* Note: Passing Infinity will allow unlimited attempts.
|
|
22
|
+
* @default 1
|
|
23
|
+
*/
|
|
24
|
+
allowedAttempts?: number;
|
|
25
|
+
/**
|
|
26
|
+
* Send magic link implementation.
|
|
27
|
+
*/
|
|
28
|
+
sendMagicLink: (data: {
|
|
29
|
+
email: string;
|
|
30
|
+
url: string;
|
|
31
|
+
token: string;
|
|
32
|
+
}, ctx?: GenericEndpointContext | undefined) => Awaitable<void>;
|
|
33
|
+
/**
|
|
34
|
+
* Disable sign up if user is not found.
|
|
35
|
+
*
|
|
36
|
+
* @default false
|
|
37
|
+
*/
|
|
38
|
+
disableSignUp?: boolean | undefined;
|
|
39
|
+
/**
|
|
40
|
+
* Rate limit configuration.
|
|
41
|
+
*
|
|
42
|
+
* @default {
|
|
43
|
+
* window: 60,
|
|
44
|
+
* max: 5,
|
|
45
|
+
* }
|
|
46
|
+
*/
|
|
47
|
+
rateLimit?: {
|
|
48
|
+
window: number;
|
|
49
|
+
max: number;
|
|
50
|
+
} | undefined;
|
|
51
|
+
/**
|
|
52
|
+
* Custom function to generate a token
|
|
53
|
+
*/
|
|
54
|
+
generateToken?: ((email: string) => Awaitable<string>) | undefined;
|
|
55
|
+
/**
|
|
56
|
+
* This option allows you to configure how the token is stored in your database.
|
|
57
|
+
* Note: This will not affect the token that's sent, it will only affect the token stored in your database.
|
|
58
|
+
*
|
|
59
|
+
* @default "plain"
|
|
60
|
+
*/
|
|
61
|
+
storeToken?: ("plain" | "hashed" | {
|
|
62
|
+
type: "custom-hasher";
|
|
63
|
+
hash: (token: string) => Promise<string>;
|
|
64
|
+
}) | undefined;
|
|
65
|
+
}
|
|
66
|
+
declare const magicLink: (options: MagicLinkOptions) => {
|
|
67
|
+
id: "magic-link";
|
|
68
|
+
endpoints: {
|
|
69
|
+
/**
|
|
70
|
+
* ### Endpoint
|
|
71
|
+
*
|
|
72
|
+
* POST `/sign-in/magic-link`
|
|
73
|
+
*
|
|
74
|
+
* ### API Methods
|
|
75
|
+
*
|
|
76
|
+
* **server:**
|
|
77
|
+
* `auth.api.signInMagicLink`
|
|
78
|
+
*
|
|
79
|
+
* **client:**
|
|
80
|
+
* `authClient.signIn.magicLink`
|
|
81
|
+
*
|
|
82
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/sign-in#api-method-sign-in-magic-link)
|
|
83
|
+
*/
|
|
84
|
+
signInMagicLink: better_call0.StrictEndpoint<"/sign-in/magic-link", {
|
|
85
|
+
method: "POST";
|
|
86
|
+
requireHeaders: true;
|
|
87
|
+
body: z.ZodObject<{
|
|
88
|
+
email: z.ZodEmail;
|
|
89
|
+
name: z.ZodOptional<z.ZodString>;
|
|
90
|
+
callbackURL: z.ZodOptional<z.ZodString>;
|
|
91
|
+
newUserCallbackURL: z.ZodOptional<z.ZodString>;
|
|
92
|
+
errorCallbackURL: z.ZodOptional<z.ZodString>;
|
|
93
|
+
}, z.core.$strip>;
|
|
94
|
+
metadata: {
|
|
95
|
+
openapi: {
|
|
96
|
+
operationId: string;
|
|
97
|
+
description: string;
|
|
98
|
+
responses: {
|
|
99
|
+
200: {
|
|
100
|
+
description: string;
|
|
101
|
+
content: {
|
|
102
|
+
"application/json": {
|
|
103
|
+
schema: {
|
|
104
|
+
type: "object";
|
|
105
|
+
properties: {
|
|
106
|
+
status: {
|
|
107
|
+
type: string;
|
|
108
|
+
};
|
|
109
|
+
};
|
|
110
|
+
};
|
|
111
|
+
};
|
|
112
|
+
};
|
|
113
|
+
};
|
|
114
|
+
};
|
|
115
|
+
};
|
|
116
|
+
};
|
|
117
|
+
}, {
|
|
118
|
+
status: boolean;
|
|
119
|
+
}>;
|
|
120
|
+
/**
|
|
121
|
+
* ### Endpoint
|
|
122
|
+
*
|
|
123
|
+
* GET `/magic-link/verify`
|
|
124
|
+
*
|
|
125
|
+
* ### API Methods
|
|
126
|
+
*
|
|
127
|
+
* **server:**
|
|
128
|
+
* `auth.api.magicLinkVerify`
|
|
129
|
+
*
|
|
130
|
+
* **client:**
|
|
131
|
+
* `authClient.magicLink.verify`
|
|
132
|
+
*
|
|
133
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/magic-link#api-method-magic-link-verify)
|
|
134
|
+
*/
|
|
135
|
+
magicLinkVerify: better_call0.StrictEndpoint<"/magic-link/verify", {
|
|
136
|
+
method: "GET";
|
|
137
|
+
query: z.ZodObject<{
|
|
138
|
+
token: z.ZodString;
|
|
139
|
+
callbackURL: z.ZodOptional<z.ZodString>;
|
|
140
|
+
errorCallbackURL: z.ZodOptional<z.ZodString>;
|
|
141
|
+
newUserCallbackURL: z.ZodOptional<z.ZodString>;
|
|
142
|
+
}, z.core.$strip>;
|
|
143
|
+
use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<void>)[];
|
|
144
|
+
requireHeaders: true;
|
|
145
|
+
metadata: {
|
|
146
|
+
openapi: {
|
|
147
|
+
operationId: string;
|
|
148
|
+
description: string;
|
|
149
|
+
responses: {
|
|
150
|
+
200: {
|
|
151
|
+
description: string;
|
|
152
|
+
content: {
|
|
153
|
+
"application/json": {
|
|
154
|
+
schema: {
|
|
155
|
+
type: "object";
|
|
156
|
+
properties: {
|
|
157
|
+
session: {
|
|
158
|
+
$ref: string;
|
|
159
|
+
};
|
|
160
|
+
user: {
|
|
161
|
+
$ref: string;
|
|
162
|
+
};
|
|
163
|
+
};
|
|
164
|
+
};
|
|
165
|
+
};
|
|
166
|
+
};
|
|
167
|
+
};
|
|
168
|
+
};
|
|
169
|
+
};
|
|
170
|
+
};
|
|
171
|
+
}, {
|
|
172
|
+
token: string;
|
|
173
|
+
user: {
|
|
174
|
+
id: string;
|
|
175
|
+
createdAt: Date;
|
|
176
|
+
updatedAt: Date;
|
|
177
|
+
email: string;
|
|
178
|
+
emailVerified: boolean;
|
|
179
|
+
name: string;
|
|
180
|
+
image?: string | null | undefined;
|
|
181
|
+
};
|
|
182
|
+
}>;
|
|
183
|
+
};
|
|
184
|
+
rateLimit: {
|
|
185
|
+
pathMatcher(path: string): boolean;
|
|
186
|
+
window: number;
|
|
187
|
+
max: number;
|
|
188
|
+
}[];
|
|
189
|
+
options: MagicLinkOptions;
|
|
190
|
+
};
|
|
191
|
+
//#endregion
|
|
192
|
+
export { MagicLinkOptions, magicLink };
|
|
193
|
+
//# sourceMappingURL=index.d.mts.map
|