npm - @sirketio/auth - Versions diffs - 0.0.1 - Mend

@sirketio/auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/dist/_virtual/_rolldown/runtime.mjs +36 -0
package/dist/adapter/index.d.mts +4 -0
package/dist/adapter/index.mjs +7 -0
package/dist/api/index.d.mts +3872 -0
package/dist/api/index.mjs +206 -0
package/dist/api/index.mjs.map +1 -0
package/dist/api/middlewares/index.d.mts +1 -0
package/dist/api/middlewares/index.mjs +3 -0
package/dist/api/middlewares/origin-check.d.mts +18 -0
package/dist/api/middlewares/origin-check.mjs +140 -0
package/dist/api/middlewares/origin-check.mjs.map +1 -0
package/dist/api/rate-limiter/index.mjs +204 -0
package/dist/api/rate-limiter/index.mjs.map +1 -0
package/dist/api/routes/account.d.mts +410 -0
package/dist/api/routes/account.mjs +493 -0
package/dist/api/routes/account.mjs.map +1 -0
package/dist/api/routes/callback.d.mts +31 -0
package/dist/api/routes/callback.mjs +179 -0
package/dist/api/routes/callback.mjs.map +1 -0
package/dist/api/routes/email-verification.d.mts +161 -0
package/dist/api/routes/email-verification.mjs +299 -0
package/dist/api/routes/email-verification.mjs.map +1 -0
package/dist/api/routes/error.d.mts +28 -0
package/dist/api/routes/error.mjs +386 -0
package/dist/api/routes/error.mjs.map +1 -0
package/dist/api/routes/index.d.mts +11 -0
package/dist/api/routes/index.mjs +13 -0
package/dist/api/routes/ok.d.mts +36 -0
package/dist/api/routes/ok.mjs +30 -0
package/dist/api/routes/ok.mjs.map +1 -0
package/dist/api/routes/password.d.mts +182 -0
package/dist/api/routes/password.mjs +198 -0
package/dist/api/routes/password.mjs.map +1 -0
package/dist/api/routes/session.d.mts +415 -0
package/dist/api/routes/session.mjs +483 -0
package/dist/api/routes/session.mjs.map +1 -0
package/dist/api/routes/sign-in.d.mts +171 -0
package/dist/api/routes/sign-in.mjs +263 -0
package/dist/api/routes/sign-in.mjs.map +1 -0
package/dist/api/routes/sign-out.d.mts +36 -0
package/dist/api/routes/sign-out.mjs +33 -0
package/dist/api/routes/sign-out.mjs.map +1 -0
package/dist/api/routes/sign-up.d.mts +160 -0
package/dist/api/routes/sign-up.mjs +227 -0
package/dist/api/routes/sign-up.mjs.map +1 -0
package/dist/api/routes/update-user.d.mts +445 -0
package/dist/api/routes/update-user.mjs +493 -0
package/dist/api/routes/update-user.mjs.map +1 -0
package/dist/api/state/oauth.d.mts +18 -0
package/dist/api/state/oauth.mjs +8 -0
package/dist/api/state/oauth.mjs.map +1 -0
package/dist/api/state/should-session-refresh.d.mts +13 -0
package/dist/api/state/should-session-refresh.mjs +16 -0
package/dist/api/state/should-session-refresh.mjs.map +1 -0
package/dist/api/to-auth-endpoints.mjs +197 -0
package/dist/api/to-auth-endpoints.mjs.map +1 -0
package/dist/auth/base.mjs +45 -0
package/dist/auth/base.mjs.map +1 -0
package/dist/auth/minimal.d.mts +12 -0
package/dist/auth/minimal.mjs +14 -0
package/dist/auth/minimal.mjs.map +1 -0
package/dist/auth/trusted-origins.mjs +31 -0
package/dist/auth/trusted-origins.mjs.map +1 -0
package/dist/client/broadcast-channel.d.mts +20 -0
package/dist/client/broadcast-channel.mjs +46 -0
package/dist/client/broadcast-channel.mjs.map +1 -0
package/dist/client/config.mjs +90 -0
package/dist/client/config.mjs.map +1 -0
package/dist/client/fetch-plugins.mjs +18 -0
package/dist/client/fetch-plugins.mjs.map +1 -0
package/dist/client/focus-manager.d.mts +11 -0
package/dist/client/focus-manager.mjs +32 -0
package/dist/client/focus-manager.mjs.map +1 -0
package/dist/client/index.d.mts +33 -0
package/dist/client/index.mjs +21 -0
package/dist/client/index.mjs.map +1 -0
package/dist/client/online-manager.d.mts +12 -0
package/dist/client/online-manager.mjs +35 -0
package/dist/client/online-manager.mjs.map +1 -0
package/dist/client/parser.mjs +73 -0
package/dist/client/parser.mjs.map +1 -0
package/dist/client/path-to-object.d.mts +65 -0
package/dist/client/plugins/index.d.mts +53 -0
package/dist/client/plugins/index.mjs +30 -0
package/dist/client/plugins/infer-plugin.d.mts +16 -0
package/dist/client/plugins/infer-plugin.mjs +11 -0
package/dist/client/plugins/infer-plugin.mjs.map +1 -0
package/dist/client/proxy.mjs +79 -0
package/dist/client/proxy.mjs.map +1 -0
package/dist/client/query.d.mts +23 -0
package/dist/client/query.mjs +98 -0
package/dist/client/query.mjs.map +1 -0
package/dist/client/react/index.d.mts +128 -0
package/dist/client/react/index.mjs +24 -0
package/dist/client/react/index.mjs.map +1 -0
package/dist/client/react/react-store.d.mts +47 -0
package/dist/client/react/react-store.mjs +47 -0
package/dist/client/react/react-store.mjs.map +1 -0
package/dist/client/session-atom.mjs +29 -0
package/dist/client/session-atom.mjs.map +1 -0
package/dist/client/session-refresh.d.mts +28 -0
package/dist/client/session-refresh.mjs +140 -0
package/dist/client/session-refresh.mjs.map +1 -0
package/dist/client/types.d.mts +41 -0
package/dist/client/vanilla.d.mts +127 -0
package/dist/client/vanilla.mjs +20 -0
package/dist/client/vanilla.mjs.map +1 -0
package/dist/context/create-context.mjs +211 -0
package/dist/context/create-context.mjs.map +1 -0
package/dist/context/helpers.mjs +83 -0
package/dist/context/helpers.mjs.map +1 -0
package/dist/context/init.mjs +20 -0
package/dist/context/init.mjs.map +1 -0
package/dist/cookies/cookie-utils.d.mts +29 -0
package/dist/cookies/cookie-utils.mjs +105 -0
package/dist/cookies/cookie-utils.mjs.map +1 -0
package/dist/cookies/index.d.mts +121 -0
package/dist/cookies/index.mjs +261 -0
package/dist/cookies/index.mjs.map +1 -0
package/dist/cookies/session-store.d.mts +36 -0
package/dist/cookies/session-store.mjs +200 -0
package/dist/cookies/session-store.mjs.map +1 -0
package/dist/crypto/buffer.d.mts +8 -0
package/dist/crypto/buffer.mjs +18 -0
package/dist/crypto/buffer.mjs.map +1 -0
package/dist/crypto/index.d.mts +27 -0
package/dist/crypto/index.mjs +38 -0
package/dist/crypto/index.mjs.map +1 -0
package/dist/crypto/jwt.d.mts +8 -0
package/dist/crypto/jwt.mjs +95 -0
package/dist/crypto/jwt.mjs.map +1 -0
package/dist/crypto/password.d.mts +12 -0
package/dist/crypto/password.mjs +36 -0
package/dist/crypto/password.mjs.map +1 -0
package/dist/crypto/random.d.mts +5 -0
package/dist/crypto/random.mjs +8 -0
package/dist/crypto/random.mjs.map +1 -0
package/dist/db/adapter-base.d.mts +8 -0
package/dist/db/adapter-base.mjs +19 -0
package/dist/db/adapter-base.mjs.map +1 -0
package/dist/db/field-converter.d.mts +8 -0
package/dist/db/field-converter.mjs +21 -0
package/dist/db/field-converter.mjs.map +1 -0
package/dist/db/field.d.mts +42 -0
package/dist/db/get-schema.d.mts +11 -0
package/dist/db/get-schema.mjs +39 -0
package/dist/db/get-schema.mjs.map +1 -0
package/dist/db/index.d.mts +18 -0
package/dist/db/index.mjs +34 -0
package/dist/db/index.mjs.map +1 -0
package/dist/db/internal-adapter.d.mts +14 -0
package/dist/db/internal-adapter.mjs +616 -0
package/dist/db/internal-adapter.mjs.map +1 -0
package/dist/db/schema.d.mts +49 -0
package/dist/db/schema.mjs +118 -0
package/dist/db/schema.mjs.map +1 -0
package/dist/db/to-zod.d.mts +36 -0
package/dist/db/to-zod.mjs +26 -0
package/dist/db/to-zod.mjs.map +1 -0
package/dist/db/verification-token-storage.mjs +28 -0
package/dist/db/verification-token-storage.mjs.map +1 -0
package/dist/db/with-hooks.d.mts +33 -0
package/dist/db/with-hooks.mjs +159 -0
package/dist/db/with-hooks.mjs.map +1 -0
package/dist/index.d.mts +53 -0
package/dist/index.mjs +27 -0
package/dist/integrations/next-js.d.mts +29 -0
package/dist/integrations/next-js.mjs +85 -0
package/dist/integrations/next-js.mjs.map +1 -0
package/dist/oauth2/index.d.mts +5 -0
package/dist/oauth2/index.mjs +7 -0
package/dist/oauth2/link-account.d.mts +48 -0
package/dist/oauth2/link-account.mjs +143 -0
package/dist/oauth2/link-account.mjs.map +1 -0
package/dist/oauth2/state.d.mts +26 -0
package/dist/oauth2/state.mjs +51 -0
package/dist/oauth2/state.mjs.map +1 -0
package/dist/oauth2/utils.d.mts +8 -0
package/dist/oauth2/utils.mjs +31 -0
package/dist/oauth2/utils.mjs.map +1 -0
package/dist/plugins/access/access.d.mts +30 -0
package/dist/plugins/access/access.mjs +46 -0
package/dist/plugins/access/access.mjs.map +1 -0
package/dist/plugins/access/index.d.mts +3 -0
package/dist/plugins/access/index.mjs +3 -0
package/dist/plugins/access/types.d.mts +17 -0
package/dist/plugins/additional-fields/client.d.mts +96 -0
package/dist/plugins/additional-fields/client.mjs +11 -0
package/dist/plugins/additional-fields/client.mjs.map +1 -0
package/dist/plugins/admin/access/index.d.mts +2 -0
package/dist/plugins/admin/access/index.mjs +3 -0
package/dist/plugins/admin/access/statement.d.mts +118 -0
package/dist/plugins/admin/access/statement.mjs +53 -0
package/dist/plugins/admin/access/statement.mjs.map +1 -0
package/dist/plugins/admin/admin.d.mts +911 -0
package/dist/plugins/admin/admin.mjs +95 -0
package/dist/plugins/admin/admin.mjs.map +1 -0
package/dist/plugins/admin/client.d.mts +76 -0
package/dist/plugins/admin/client.mjs +36 -0
package/dist/plugins/admin/client.mjs.map +1 -0
package/dist/plugins/admin/error-codes.d.mts +29 -0
package/dist/plugins/admin/error-codes.mjs +30 -0
package/dist/plugins/admin/error-codes.mjs.map +1 -0
package/dist/plugins/admin/has-permission.mjs +16 -0
package/dist/plugins/admin/has-permission.mjs.map +1 -0
package/dist/plugins/admin/index.d.mts +3 -0
package/dist/plugins/admin/index.mjs +3 -0
package/dist/plugins/admin/routes.mjs +841 -0
package/dist/plugins/admin/routes.mjs.map +1 -0
package/dist/plugins/admin/schema.d.mts +40 -0
package/dist/plugins/admin/schema.mjs +34 -0
package/dist/plugins/admin/schema.mjs.map +1 -0
package/dist/plugins/admin/types.d.mts +89 -0
package/dist/plugins/api-key/adapter.mjs +468 -0
package/dist/plugins/api-key/adapter.mjs.map +1 -0
package/dist/plugins/api-key/client.d.mts +46 -0
package/dist/plugins/api-key/client.mjs +19 -0
package/dist/plugins/api-key/client.mjs.map +1 -0
package/dist/plugins/api-key/error-codes.d.mts +33 -0
package/dist/plugins/api-key/error-codes.mjs +34 -0
package/dist/plugins/api-key/error-codes.mjs.map +1 -0
package/dist/plugins/api-key/index.d.mts +1251 -0
package/dist/plugins/api-key/index.mjs +134 -0
package/dist/plugins/api-key/index.mjs.map +1 -0
package/dist/plugins/api-key/rate-limit.mjs +74 -0
package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/index.mjs +71 -0
package/dist/plugins/api-key/routes/index.mjs.map +1 -0
package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
package/dist/plugins/api-key/schema.d.mts +199 -0
package/dist/plugins/api-key/schema.mjs +130 -0
package/dist/plugins/api-key/schema.mjs.map +1 -0
package/dist/plugins/api-key/types.d.mts +346 -0
package/dist/plugins/bearer/index.d.mts +45 -0
package/dist/plugins/bearer/index.mjs +66 -0
package/dist/plugins/bearer/index.mjs.map +1 -0
package/dist/plugins/captcha/constants.d.mts +10 -0
package/dist/plugins/captcha/constants.mjs +22 -0
package/dist/plugins/captcha/constants.mjs.map +1 -0
package/dist/plugins/captcha/error-codes.mjs +16 -0
package/dist/plugins/captcha/error-codes.mjs.map +1 -0
package/dist/plugins/captcha/index.d.mts +21 -0
package/dist/plugins/captcha/index.mjs +62 -0
package/dist/plugins/captcha/index.mjs.map +1 -0
package/dist/plugins/captcha/types.d.mts +28 -0
package/dist/plugins/captcha/utils.mjs +11 -0
package/dist/plugins/captcha/utils.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
package/dist/plugins/custom-session/client.d.mts +17 -0
package/dist/plugins/custom-session/client.mjs +11 -0
package/dist/plugins/custom-session/client.mjs.map +1 -0
package/dist/plugins/custom-session/index.d.mts +72 -0
package/dist/plugins/custom-session/index.mjs +78 -0
package/dist/plugins/custom-session/index.mjs.map +1 -0
package/dist/plugins/device-authorization/client.d.mts +17 -0
package/dist/plugins/device-authorization/client.mjs +18 -0
package/dist/plugins/device-authorization/client.mjs.map +1 -0
package/dist/plugins/device-authorization/error-codes.mjs +21 -0
package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
package/dist/plugins/device-authorization/index.d.mts +424 -0
package/dist/plugins/device-authorization/index.mjs +50 -0
package/dist/plugins/device-authorization/index.mjs.map +1 -0
package/dist/plugins/device-authorization/routes.mjs +510 -0
package/dist/plugins/device-authorization/routes.mjs.map +1 -0
package/dist/plugins/device-authorization/schema.mjs +57 -0
package/dist/plugins/device-authorization/schema.mjs.map +1 -0
package/dist/plugins/email-otp/client.d.mts +21 -0
package/dist/plugins/email-otp/client.mjs +18 -0
package/dist/plugins/email-otp/client.mjs.map +1 -0
package/dist/plugins/email-otp/error-codes.d.mts +11 -0
package/dist/plugins/email-otp/error-codes.mjs +12 -0
package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
package/dist/plugins/email-otp/index.d.mts +428 -0
package/dist/plugins/email-otp/index.mjs +130 -0
package/dist/plugins/email-otp/index.mjs.map +1 -0
package/dist/plugins/email-otp/otp-token.mjs +29 -0
package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
package/dist/plugins/email-otp/routes.mjs +631 -0
package/dist/plugins/email-otp/routes.mjs.map +1 -0
package/dist/plugins/email-otp/types.d.mts +86 -0
package/dist/plugins/email-otp/utils.mjs +17 -0
package/dist/plugins/email-otp/utils.mjs.map +1 -0
package/dist/plugins/generic-oauth/client.d.mts +33 -0
package/dist/plugins/generic-oauth/client.mjs +14 -0
package/dist/plugins/generic-oauth/client.mjs.map +1 -0
package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
package/dist/plugins/generic-oauth/index.d.mts +201 -0
package/dist/plugins/generic-oauth/index.mjs +145 -0
package/dist/plugins/generic-oauth/index.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
package/dist/plugins/generic-oauth/routes.mjs +411 -0
package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
package/dist/plugins/generic-oauth/types.d.mts +159 -0
package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
package/dist/plugins/haveibeenpwned/index.mjs +57 -0
package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
package/dist/plugins/index.d.mts +65 -0
package/dist/plugins/index.mjs +48 -0
package/dist/plugins/jwt/adapter.mjs +27 -0
package/dist/plugins/jwt/adapter.mjs.map +1 -0
package/dist/plugins/jwt/client.d.mts +40 -0
package/dist/plugins/jwt/client.mjs +19 -0
package/dist/plugins/jwt/client.mjs.map +1 -0
package/dist/plugins/jwt/index.d.mts +224 -0
package/dist/plugins/jwt/index.mjs +202 -0
package/dist/plugins/jwt/index.mjs.map +1 -0
package/dist/plugins/jwt/schema.d.mts +26 -0
package/dist/plugins/jwt/schema.mjs +23 -0
package/dist/plugins/jwt/schema.mjs.map +1 -0
package/dist/plugins/jwt/sign.d.mts +57 -0
package/dist/plugins/jwt/sign.mjs +66 -0
package/dist/plugins/jwt/sign.mjs.map +1 -0
package/dist/plugins/jwt/types.d.mts +194 -0
package/dist/plugins/jwt/utils.d.mts +42 -0
package/dist/plugins/jwt/utils.mjs +64 -0
package/dist/plugins/jwt/utils.mjs.map +1 -0
package/dist/plugins/jwt/verify.d.mts +12 -0
package/dist/plugins/jwt/verify.mjs +46 -0
package/dist/plugins/jwt/verify.mjs.map +1 -0
package/dist/plugins/last-login-method/client.d.mts +38 -0
package/dist/plugins/last-login-method/client.mjs +32 -0
package/dist/plugins/last-login-method/client.mjs.map +1 -0
package/dist/plugins/last-login-method/index.d.mts +118 -0
package/dist/plugins/last-login-method/index.mjs +76 -0
package/dist/plugins/last-login-method/index.mjs.map +1 -0
package/dist/plugins/magic-link/client.d.mts +10 -0
package/dist/plugins/magic-link/client.mjs +11 -0
package/dist/plugins/magic-link/client.mjs.map +1 -0
package/dist/plugins/magic-link/index.d.mts +193 -0
package/dist/plugins/magic-link/index.mjs +177 -0
package/dist/plugins/magic-link/index.mjs.map +1 -0
package/dist/plugins/magic-link/utils.mjs +12 -0
package/dist/plugins/magic-link/utils.mjs.map +1 -0
package/dist/plugins/mcp/authorize.mjs +133 -0
package/dist/plugins/mcp/authorize.mjs.map +1 -0
package/dist/plugins/mcp/index.d.mts +458 -0
package/dist/plugins/mcp/index.mjs +717 -0
package/dist/plugins/mcp/index.mjs.map +1 -0
package/dist/plugins/multi-session/client.d.mts +19 -0
package/dist/plugins/multi-session/client.mjs +20 -0
package/dist/plugins/multi-session/client.mjs.map +1 -0
package/dist/plugins/multi-session/error-codes.d.mts +9 -0
package/dist/plugins/multi-session/error-codes.mjs +8 -0
package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
package/dist/plugins/multi-session/index.d.mts +235 -0
package/dist/plugins/multi-session/index.mjs +172 -0
package/dist/plugins/multi-session/index.mjs.map +1 -0
package/dist/plugins/oauth-proxy/index.d.mts +97 -0
package/dist/plugins/oauth-proxy/index.mjs +305 -0
package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
package/dist/plugins/oauth-proxy/utils.mjs +51 -0
package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
package/dist/plugins/oidc-provider/authorize.mjs +194 -0
package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
package/dist/plugins/oidc-provider/client.d.mts +12 -0
package/dist/plugins/oidc-provider/client.mjs +11 -0
package/dist/plugins/oidc-provider/client.mjs.map +1 -0
package/dist/plugins/oidc-provider/error.mjs +17 -0
package/dist/plugins/oidc-provider/error.mjs.map +1 -0
package/dist/plugins/oidc-provider/index.d.mts +702 -0
package/dist/plugins/oidc-provider/index.mjs +1093 -0
package/dist/plugins/oidc-provider/index.mjs.map +1 -0
package/dist/plugins/oidc-provider/schema.d.mts +160 -0
package/dist/plugins/oidc-provider/schema.mjs +132 -0
package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
package/dist/plugins/oidc-provider/types.d.mts +517 -0
package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
package/dist/plugins/oidc-provider/utils.mjs +15 -0
package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
package/dist/plugins/one-tap/client.d.mts +174 -0
package/dist/plugins/one-tap/client.mjs +188 -0
package/dist/plugins/one-tap/client.mjs.map +1 -0
package/dist/plugins/one-tap/index.d.mts +83 -0
package/dist/plugins/one-tap/index.mjs +95 -0
package/dist/plugins/one-tap/index.mjs.map +1 -0
package/dist/plugins/one-time-token/client.d.mts +10 -0
package/dist/plugins/one-time-token/client.mjs +11 -0
package/dist/plugins/one-time-token/client.mjs.map +1 -0
package/dist/plugins/one-time-token/index.d.mts +133 -0
package/dist/plugins/one-time-token/index.mjs +82 -0
package/dist/plugins/one-time-token/index.mjs.map +1 -0
package/dist/plugins/one-time-token/utils.mjs +12 -0
package/dist/plugins/one-time-token/utils.mjs.map +1 -0
package/dist/plugins/open-api/generator.d.mts +115 -0
package/dist/plugins/open-api/generator.mjs +315 -0
package/dist/plugins/open-api/generator.mjs.map +1 -0
package/dist/plugins/open-api/index.d.mts +97 -0
package/dist/plugins/open-api/index.mjs +67 -0
package/dist/plugins/open-api/index.mjs.map +1 -0
package/dist/plugins/open-api/logo.mjs +15 -0
package/dist/plugins/open-api/logo.mjs.map +1 -0
package/dist/plugins/organization/access/index.d.mts +2 -0
package/dist/plugins/organization/access/index.mjs +3 -0
package/dist/plugins/organization/access/statement.d.mts +249 -0
package/dist/plugins/organization/access/statement.mjs +81 -0
package/dist/plugins/organization/access/statement.mjs.map +1 -0
package/dist/plugins/organization/adapter.d.mts +792 -0
package/dist/plugins/organization/adapter.mjs +624 -0
package/dist/plugins/organization/adapter.mjs.map +1 -0
package/dist/plugins/organization/call.mjs +19 -0
package/dist/plugins/organization/call.mjs.map +1 -0
package/dist/plugins/organization/client.d.mts +372 -0
package/dist/plugins/organization/client.mjs +95 -0
package/dist/plugins/organization/client.mjs.map +1 -0
package/dist/plugins/organization/error-codes.d.mts +65 -0
package/dist/plugins/organization/error-codes.mjs +66 -0
package/dist/plugins/organization/error-codes.mjs.map +1 -0
package/dist/plugins/organization/has-permission.mjs +35 -0
package/dist/plugins/organization/has-permission.mjs.map +1 -0
package/dist/plugins/organization/index.d.mts +5 -0
package/dist/plugins/organization/index.mjs +4 -0
package/dist/plugins/organization/organization.d.mts +394 -0
package/dist/plugins/organization/organization.mjs +428 -0
package/dist/plugins/organization/organization.mjs.map +1 -0
package/dist/plugins/organization/permission.d.mts +17 -0
package/dist/plugins/organization/permission.mjs +16 -0
package/dist/plugins/organization/permission.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
package/dist/plugins/organization/routes/crud-members.mjs +466 -0
package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
package/dist/plugins/organization/routes/crud-org.mjs +423 -0
package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
package/dist/plugins/organization/routes/crud-team.mjs +676 -0
package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
package/dist/plugins/organization/schema.d.mts +376 -0
package/dist/plugins/organization/schema.mjs +68 -0
package/dist/plugins/organization/schema.mjs.map +1 -0
package/dist/plugins/organization/types.d.mts +677 -0
package/dist/plugins/phone-number/client.d.mts +31 -0
package/dist/plugins/phone-number/client.mjs +20 -0
package/dist/plugins/phone-number/client.mjs.map +1 -0
package/dist/plugins/phone-number/error-codes.d.mts +20 -0
package/dist/plugins/phone-number/error-codes.mjs +21 -0
package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
package/dist/plugins/phone-number/index.d.mts +318 -0
package/dist/plugins/phone-number/index.mjs +49 -0
package/dist/plugins/phone-number/index.mjs.map +1 -0
package/dist/plugins/phone-number/routes.mjs +472 -0
package/dist/plugins/phone-number/routes.mjs.map +1 -0
package/dist/plugins/phone-number/schema.d.mts +23 -0
package/dist/plugins/phone-number/schema.mjs +20 -0
package/dist/plugins/phone-number/schema.mjs.map +1 -0
package/dist/plugins/phone-number/types.d.mts +118 -0
package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
package/dist/plugins/two-factor/client.d.mts +55 -0
package/dist/plugins/two-factor/client.mjs +37 -0
package/dist/plugins/two-factor/client.mjs.map +1 -0
package/dist/plugins/two-factor/constant.mjs +8 -0
package/dist/plugins/two-factor/constant.mjs.map +1 -0
package/dist/plugins/two-factor/error-code.d.mts +17 -0
package/dist/plugins/two-factor/error-code.mjs +18 -0
package/dist/plugins/two-factor/error-code.mjs.map +1 -0
package/dist/plugins/two-factor/index.d.mts +670 -0
package/dist/plugins/two-factor/index.mjs +228 -0
package/dist/plugins/two-factor/index.mjs.map +1 -0
package/dist/plugins/two-factor/otp/index.d.mts +216 -0
package/dist/plugins/two-factor/otp/index.mjs +199 -0
package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
package/dist/plugins/two-factor/schema.d.mts +41 -0
package/dist/plugins/two-factor/schema.mjs +36 -0
package/dist/plugins/two-factor/schema.mjs.map +1 -0
package/dist/plugins/two-factor/totp/index.d.mts +210 -0
package/dist/plugins/two-factor/totp/index.mjs +157 -0
package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
package/dist/plugins/two-factor/types.d.mts +73 -0
package/dist/plugins/two-factor/utils.mjs +12 -0
package/dist/plugins/two-factor/utils.mjs.map +1 -0
package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
package/dist/plugins/username/client.d.mts +26 -0
package/dist/plugins/username/client.mjs +18 -0
package/dist/plugins/username/client.mjs.map +1 -0
package/dist/plugins/username/error-codes.d.mts +16 -0
package/dist/plugins/username/error-codes.mjs +17 -0
package/dist/plugins/username/error-codes.mjs.map +1 -0
package/dist/plugins/username/index.d.mts +251 -0
package/dist/plugins/username/index.mjs +234 -0
package/dist/plugins/username/index.mjs.map +1 -0
package/dist/plugins/username/schema.d.mts +33 -0
package/dist/plugins/username/schema.mjs +26 -0
package/dist/plugins/username/schema.mjs.map +1 -0
package/dist/providers/index.d.mts +1 -0
package/dist/providers/index.mjs +3 -0
package/dist/state.d.mts +42 -0
package/dist/state.mjs +107 -0
package/dist/state.mjs.map +1 -0
package/dist/types/adapter.d.mts +2 -0
package/dist/types/api.d.mts +29 -0
package/dist/types/auth.d.mts +29 -0
package/dist/types/helper.d.mts +10 -0
package/dist/types/index.d.mts +11 -0
package/dist/types/index.mjs +1 -0
package/dist/types/models.d.mts +11 -0
package/dist/types/plugins.d.mts +20 -0
package/dist/utils/boolean.mjs +8 -0
package/dist/utils/boolean.mjs.map +1 -0
package/dist/utils/constants.mjs +6 -0
package/dist/utils/constants.mjs.map +1 -0
package/dist/utils/date.mjs +8 -0
package/dist/utils/date.mjs.map +1 -0
package/dist/utils/get-request-ip.d.mts +7 -0
package/dist/utils/get-request-ip.mjs +23 -0
package/dist/utils/get-request-ip.mjs.map +1 -0
package/dist/utils/hide-metadata.d.mts +7 -0
package/dist/utils/hide-metadata.mjs +6 -0
package/dist/utils/hide-metadata.mjs.map +1 -0
package/dist/utils/index.d.mts +4 -0
package/dist/utils/index.mjs +6 -0
package/dist/utils/is-api-error.d.mts +7 -0
package/dist/utils/is-api-error.mjs +11 -0
package/dist/utils/is-api-error.mjs.map +1 -0
package/dist/utils/is-atom.mjs +8 -0
package/dist/utils/is-atom.mjs.map +1 -0
package/dist/utils/is-promise.mjs +8 -0
package/dist/utils/is-promise.mjs.map +1 -0
package/dist/utils/middleware-response.mjs +9 -0
package/dist/utils/middleware-response.mjs.map +1 -0
package/dist/utils/password.mjs +26 -0
package/dist/utils/password.mjs.map +1 -0
package/dist/utils/plugin-helper.mjs +17 -0
package/dist/utils/plugin-helper.mjs.map +1 -0
package/dist/utils/shim.mjs +24 -0
package/dist/utils/shim.mjs.map +1 -0
package/dist/utils/time.d.mts +49 -0
package/dist/utils/time.mjs +100 -0
package/dist/utils/time.mjs.map +1 -0
package/dist/utils/url.d.mts +8 -0
package/dist/utils/url.mjs +92 -0
package/dist/utils/url.mjs.map +1 -0
package/dist/utils/wildcard.mjs +108 -0
package/dist/utils/wildcard.mjs.map +1 -0
package/package.json +428 -0

package/dist/plugins/organization/routes/crud-access-control.mjs ADDED Viewed

@@ -0,0 +1,678 @@
+import { toZodSchema } from "../../../db/to-zod.mjs";
+import "../../../db/index.mjs";
+import { ORGANIZATION_ERROR_CODES } from "../error-codes.mjs";
+import { orgSessionMiddleware } from "../call.mjs";
+import { hasPermission } from "../has-permission.mjs";
+import { APIError } from "@better-auth/core/error";
+import { createAuthEndpoint } from "@better-auth/core/api";
+import * as z from "zod";
+//#region src/plugins/organization/routes/crud-access-control.ts
+const normalizeRoleName = (role) => role.toLowerCase();
+const DEFAULT_MAXIMUM_ROLES_PER_ORGANIZATION = Number.POSITIVE_INFINITY;
+const getAdditionalFields = (options, shouldBePartial = false) => {
+	const additionalFields = options?.schema?.organizationRole?.additionalFields || {};
+	if (shouldBePartial) for (const key in additionalFields) additionalFields[key].required = false;
+	return {
+		additionalFieldsSchema: toZodSchema({
+			fields: additionalFields,
+			isClientSide: true
+		}),
+		$AdditionalFields: {},
+		$ReturnAdditionalFields: {}
+	};
+};
+const baseCreateOrgRoleSchema = z.object({
+	organizationId: z.string().optional().meta({ description: "The id of the organization to create the role in. If not provided, the user's active organization will be used." }),
+	role: z.string().meta({ description: "The name of the role to create" }),
+	permission: z.record(z.string(), z.array(z.string())).meta({ description: "The permission to assign to the role" })
+});
+const createOrgRole = (options) => {
+	const { additionalFieldsSchema, $AdditionalFields, $ReturnAdditionalFields } = getAdditionalFields(options, false);
+	return createAuthEndpoint("/organization/create-role", {
+		method: "POST",
+		body: baseCreateOrgRoleSchema.safeExtend({ additionalFields: z.object({ ...additionalFieldsSchema.shape }).optional() }),
+		metadata: { $Infer: { body: {} } },
+		requireHeaders: true,
+		use: [orgSessionMiddleware]
+	}, async (ctx) => {
+		const { session, user } = ctx.context.session;
+		let roleName = ctx.body.role;
+		const permission = ctx.body.permission;
+		const additionalFields = ctx.body.additionalFields;
+		const ac = options.ac;
+		if (!ac) {
+			ctx.context.logger.error(`[Dynamic Access Control] The organization plugin is missing a pre-defined ac instance.`, `\nPlease refer to the documentation here: https://better-auth.com/docs/plugins/organization#dynamic-access-control`);
+			throw APIError.from("NOT_IMPLEMENTED", ORGANIZATION_ERROR_CODES.MISSING_AC_INSTANCE);
+		}
+		const organizationId = ctx.body.organizationId ?? session.activeOrganizationId;
+		if (!organizationId) {
+			ctx.context.logger.error(`[Dynamic Access Control] The session is missing an active organization id to create a role. Either set an active org id, or pass an organizationId in the request body.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE);
+		}
+		roleName = normalizeRoleName(roleName);
+		await checkIfRoleNameIsTakenByPreDefinedRole({
+			role: roleName,
+			organizationId,
+			options,
+			ctx
+		});
+		const member = await ctx.context.adapter.findOne({
+			model: "member",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, {
+				field: "userId",
+				value: user.id,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		if (!member) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not a member of the organization to create a role.`, {
+				userId: user.id,
+				organizationId
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION);
+		}
+		if (!await hasPermission({
+			options,
+			organizationId,
+			permissions: { ac: ["create"] },
+			role: member.role
+		}, ctx)) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not permitted to create a role. If this is unexpected, please make sure the role associated to that member has the "ac" resource with the "create" permission.`, {
+				userId: user.id,
+				organizationId,
+				role: member.role
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE);
+		}
+		const maximumRolesPerOrganization = typeof options.dynamicAccessControl?.maximumRolesPerOrganization === "function" ? await options.dynamicAccessControl.maximumRolesPerOrganization(organizationId) : options.dynamicAccessControl?.maximumRolesPerOrganization ?? DEFAULT_MAXIMUM_ROLES_PER_ORGANIZATION;
+		const rolesInDB = await ctx.context.adapter.count({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		if (rolesInDB >= maximumRolesPerOrganization) {
+			ctx.context.logger.error(`[Dynamic Access Control] Failed to create a new role, the organization has too many roles. Maximum allowed roles is ${maximumRolesPerOrganization}.`, {
+				organizationId,
+				maximumRolesPerOrganization,
+				rolesInDB
+			});
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.TOO_MANY_ROLES);
+		}
+		await checkForInvalidResources({
+			ac,
+			ctx,
+			permission
+		});
+		await checkIfMemberHasPermission({
+			ctx,
+			member,
+			options,
+			organizationId,
+			permissionRequired: permission,
+			user,
+			action: "create"
+		});
+		await checkIfRoleNameIsTakenByRoleInDB({
+			ctx,
+			organizationId,
+			role: roleName
+		});
+		const newRole = ac.newRole(permission);
+		const data = {
+			...await ctx.context.adapter.create({
+				model: "organizationRole",
+				data: {
+					createdAt: /* @__PURE__ */ new Date(),
+					organizationId,
+					permission: JSON.stringify(permission),
+					role: roleName,
+					...additionalFields
+				}
+			}),
+			permission
+		};
+		return ctx.json({
+			success: true,
+			roleData: data,
+			statements: newRole.statements
+		});
+	});
+};
+const deleteOrgRoleBodySchema = z.object({ organizationId: z.string().optional().meta({ description: "The id of the organization to create the role in. If not provided, the user's active organization will be used." }) }).and(z.union([z.object({ roleName: z.string().nonempty().meta({ description: "The name of the role to delete" }) }), z.object({ roleId: z.string().nonempty().meta({ description: "The id of the role to delete" }) })]));
+const deleteOrgRole = (options) => {
+	return createAuthEndpoint("/organization/delete-role", {
+		method: "POST",
+		body: deleteOrgRoleBodySchema,
+		requireHeaders: true,
+		use: [orgSessionMiddleware],
+		metadata: { $Infer: { body: {} } }
+	}, async (ctx) => {
+		const { session, user } = ctx.context.session;
+		const organizationId = ctx.body.organizationId ?? session.activeOrganizationId;
+		if (!organizationId) {
+			ctx.context.logger.error(`[Dynamic Access Control] The session is missing an active organization id to delete a role. Either set an active org id, or pass an organizationId in the request body.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION);
+		}
+		const member = await ctx.context.adapter.findOne({
+			model: "member",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, {
+				field: "userId",
+				value: user.id,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		if (!member) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not a member of the organization to delete a role.`, {
+				userId: user.id,
+				organizationId
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION);
+		}
+		if (!await hasPermission({
+			options,
+			organizationId,
+			permissions: { ac: ["delete"] },
+			role: member.role
+		}, ctx)) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not permitted to delete a role. If this is unexpected, please make sure the role associated to that member has the "ac" resource with the "delete" permission.`, {
+				userId: user.id,
+				organizationId,
+				role: member.role
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE);
+		}
+		if (ctx.body.roleName) {
+			const roleName = ctx.body.roleName;
+			const defaultRoles = options.roles ? Object.keys(options.roles) : [
+				"owner",
+				"admin",
+				"member"
+			];
+			if (defaultRoles.includes(roleName)) {
+				ctx.context.logger.error(`[Dynamic Access Control] Cannot delete a pre-defined role.`, {
+					roleName,
+					organizationId,
+					defaultRoles
+				});
+				throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.CANNOT_DELETE_A_PRE_DEFINED_ROLE);
+			}
+		}
+		let condition;
+		if (ctx.body.roleName) condition = {
+			field: "role",
+			value: ctx.body.roleName,
+			operator: "eq",
+			connector: "AND"
+		};
+		else if (ctx.body.roleId) condition = {
+			field: "id",
+			value: ctx.body.roleId,
+			operator: "eq",
+			connector: "AND"
+		};
+		else {
+			ctx.context.logger.error(`[Dynamic Access Control] The role name/id is not provided in the request body.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND);
+		}
+		const existingRoleInDB = await ctx.context.adapter.findOne({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, condition]
+		});
+		if (!existingRoleInDB) {
+			ctx.context.logger.error(`[Dynamic Access Control] The role name/id does not exist in the database.`, {
+				..."roleName" in ctx.body ? { roleName: ctx.body.roleName } : { roleId: ctx.body.roleId },
+				organizationId
+			});
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND);
+		}
+		existingRoleInDB.permission = JSON.parse(existingRoleInDB.permission);
+		const roleToDelete = existingRoleInDB.role;
+		if ((await ctx.context.adapter.findMany({
+			model: "member",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, {
+				field: "role",
+				value: roleToDelete,
+				operator: "contains"
+			}]
+		})).find((member) => {
+			return member.role.split(",").map((r) => r.trim()).includes(roleToDelete);
+		})) {
+			ctx.context.logger.error(`[Dynamic Access Control] Cannot delete a role that is assigned to members.`, {
+				role: existingRoleInDB.role,
+				organizationId
+			});
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_IS_ASSIGNED_TO_MEMBERS);
+		}
+		await ctx.context.adapter.delete({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, condition]
+		});
+		return ctx.json({ success: true });
+	});
+};
+const listOrgRolesQuerySchema = z.object({ organizationId: z.string().optional().meta({ description: "The id of the organization to list roles for. If not provided, the user's active organization will be used." }) }).optional();
+const listOrgRoles = (options) => {
+	const { $ReturnAdditionalFields } = getAdditionalFields(options, false);
+	return createAuthEndpoint("/organization/list-roles", {
+		method: "GET",
+		requireHeaders: true,
+		use: [orgSessionMiddleware],
+		query: listOrgRolesQuerySchema
+	}, async (ctx) => {
+		const { session, user } = ctx.context.session;
+		const organizationId = ctx.query?.organizationId ?? session.activeOrganizationId;
+		if (!organizationId) {
+			ctx.context.logger.error(`[Dynamic Access Control] The session is missing an active organization id to list roles. Either set an active org id, or pass an organizationId in the request query.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION);
+		}
+		const member = await ctx.context.adapter.findOne({
+			model: "member",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, {
+				field: "userId",
+				value: user.id,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		if (!member) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not a member of the organization to list roles.`, {
+				userId: user.id,
+				organizationId
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION);
+		}
+		if (!await hasPermission({
+			options,
+			organizationId,
+			permissions: { ac: ["read"] },
+			role: member.role
+		}, ctx)) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not permitted to list roles.`, {
+				userId: user.id,
+				organizationId,
+				role: member.role
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE);
+		}
+		let roles = await ctx.context.adapter.findMany({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		roles = roles.map((x) => ({
+			...x,
+			permission: JSON.parse(x.permission)
+		}));
+		return ctx.json(roles);
+	});
+};
+const getOrgRoleQuerySchema = z.object({ organizationId: z.string().optional().meta({ description: "The id of the organization to read a role for. If not provided, the user's active organization will be used." }) }).and(z.union([z.object({ roleName: z.string().nonempty().meta({ description: "The name of the role to read" }) }), z.object({ roleId: z.string().nonempty().meta({ description: "The id of the role to read" }) })])).optional();
+const getOrgRole = (options) => {
+	const { $ReturnAdditionalFields } = getAdditionalFields(options, false);
+	return createAuthEndpoint("/organization/get-role", {
+		method: "GET",
+		requireHeaders: true,
+		use: [orgSessionMiddleware],
+		query: getOrgRoleQuerySchema,
+		metadata: { $Infer: { query: {} } }
+	}, async (ctx) => {
+		const { session, user } = ctx.context.session;
+		const organizationId = ctx.query?.organizationId ?? session.activeOrganizationId;
+		if (!organizationId) {
+			ctx.context.logger.error(`[Dynamic Access Control] The session is missing an active organization id to read a role. Either set an active org id, or pass an organizationId in the request query.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION);
+		}
+		const member = await ctx.context.adapter.findOne({
+			model: "member",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, {
+				field: "userId",
+				value: user.id,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		if (!member) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not a member of the organization to read a role.`, {
+				userId: user.id,
+				organizationId
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION);
+		}
+		if (!await hasPermission({
+			options,
+			organizationId,
+			permissions: { ac: ["read"] },
+			role: member.role
+		}, ctx)) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not permitted to read a role.`, {
+				userId: user.id,
+				organizationId,
+				role: member.role
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE);
+		}
+		let condition;
+		if (ctx.query.roleName) condition = {
+			field: "role",
+			value: ctx.query.roleName,
+			operator: "eq",
+			connector: "AND"
+		};
+		else if (ctx.query.roleId) condition = {
+			field: "id",
+			value: ctx.query.roleId,
+			operator: "eq",
+			connector: "AND"
+		};
+		else {
+			ctx.context.logger.error(`[Dynamic Access Control] The role name/id is not provided in the request query.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND);
+		}
+		const role = await ctx.context.adapter.findOne({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, condition]
+		});
+		if (!role) {
+			ctx.context.logger.error(`[Dynamic Access Control] The role name/id does not exist in the database.`, {
+				..."roleName" in ctx.query ? { roleName: ctx.query.roleName } : { roleId: ctx.query.roleId },
+				organizationId
+			});
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND);
+		}
+		role.permission = JSON.parse(role.permission);
+		return ctx.json(role);
+	});
+};
+const roleNameOrIdSchema = z.union([z.object({ roleName: z.string().nonempty().meta({ description: "The name of the role to update" }) }), z.object({ roleId: z.string().nonempty().meta({ description: "The id of the role to update" }) })]);
+const updateOrgRole = (options) => {
+	const { additionalFieldsSchema, $AdditionalFields, $ReturnAdditionalFields } = getAdditionalFields(options, true);
+	return createAuthEndpoint("/organization/update-role", {
+		method: "POST",
+		body: z.object({
+			organizationId: z.string().optional().meta({ description: "The id of the organization to update the role in. If not provided, the user's active organization will be used." }),
+			data: z.object({
+				permission: z.record(z.string(), z.array(z.string())).optional().meta({ description: "The permission to update the role with" }),
+				roleName: z.string().optional().meta({ description: "The name of the role to update" }),
+				...additionalFieldsSchema.shape
+			})
+		}).and(roleNameOrIdSchema),
+		metadata: { $Infer: { body: {} } },
+		requireHeaders: true,
+		use: [orgSessionMiddleware]
+	}, async (ctx) => {
+		const { session, user } = ctx.context.session;
+		const ac = options.ac;
+		if (!ac) {
+			ctx.context.logger.error(`[Dynamic Access Control] The organization plugin is missing a pre-defined ac instance.`, `\nPlease refer to the documentation here: https://better-auth.com/docs/plugins/organization#dynamic-access-control`);
+			throw APIError.from("NOT_IMPLEMENTED", ORGANIZATION_ERROR_CODES.MISSING_AC_INSTANCE);
+		}
+		const organizationId = ctx.body.organizationId ?? session.activeOrganizationId;
+		if (!organizationId) {
+			ctx.context.logger.error(`[Dynamic Access Control] The session is missing an active organization id to update a role. Either set an active org id, or pass an organizationId in the request body.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION);
+		}
+		const member = await ctx.context.adapter.findOne({
+			model: "member",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, {
+				field: "userId",
+				value: user.id,
+				operator: "eq",
+				connector: "AND"
+			}]
+		});
+		if (!member) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not a member of the organization to update a role.`, {
+				userId: user.id,
+				organizationId
+			});
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION);
+		}
+		if (!await hasPermission({
+			options,
+			organizationId,
+			role: member.role,
+			permissions: { ac: ["update"] }
+		}, ctx)) {
+			ctx.context.logger.error(`[Dynamic Access Control] The user is not permitted to update a role.`);
+			throw APIError.from("FORBIDDEN", ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE);
+		}
+		let condition;
+		if (ctx.body.roleName) condition = {
+			field: "role",
+			value: ctx.body.roleName,
+			operator: "eq",
+			connector: "AND"
+		};
+		else if (ctx.body.roleId) condition = {
+			field: "id",
+			value: ctx.body.roleId,
+			operator: "eq",
+			connector: "AND"
+		};
+		else {
+			ctx.context.logger.error(`[Dynamic Access Control] The role name/id is not provided in the request body.`);
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND);
+		}
+		const role = await ctx.context.adapter.findOne({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, condition]
+		});
+		if (!role) {
+			ctx.context.logger.error(`[Dynamic Access Control] The role name/id does not exist in the database.`, {
+				..."roleName" in ctx.body ? { roleName: ctx.body.roleName } : { roleId: ctx.body.roleId },
+				organizationId
+			});
+			throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND);
+		}
+		role.permission = role.permission ? JSON.parse(role.permission) : void 0;
+		const { permission: _, roleName: __, ...additionalFields } = ctx.body.data;
+		const updateData = { ...additionalFields };
+		if (ctx.body.data.permission) {
+			const newPermission = ctx.body.data.permission;
+			await checkForInvalidResources({
+				ac,
+				ctx,
+				permission: newPermission
+			});
+			await checkIfMemberHasPermission({
+				ctx,
+				member,
+				options,
+				organizationId,
+				permissionRequired: newPermission,
+				user,
+				action: "update"
+			});
+			updateData.permission = newPermission;
+		}
+		if (ctx.body.data.roleName) {
+			let newRoleName = ctx.body.data.roleName;
+			newRoleName = normalizeRoleName(newRoleName);
+			await checkIfRoleNameIsTakenByPreDefinedRole({
+				role: newRoleName,
+				organizationId,
+				options,
+				ctx
+			});
+			await checkIfRoleNameIsTakenByRoleInDB({
+				role: newRoleName,
+				organizationId,
+				ctx
+			});
+			updateData.role = newRoleName;
+		}
+		const update = {
+			...updateData,
+			...updateData.permission ? { permission: JSON.stringify(updateData.permission) } : {}
+		};
+		await ctx.context.adapter.update({
+			model: "organizationRole",
+			where: [{
+				field: "organizationId",
+				value: organizationId,
+				operator: "eq",
+				connector: "AND"
+			}, condition],
+			update
+		});
+		return ctx.json({
+			success: true,
+			roleData: {
+				...role,
+				...update,
+				permission: updateData.permission || role.permission || null
+			}
+		});
+	});
+};
+async function checkForInvalidResources({ ac, ctx, permission }) {
+	const validResources = Object.keys(ac.statements);
+	const providedResources = Object.keys(permission);
+	if (providedResources.some((r) => !validResources.includes(r))) {
+		ctx.context.logger.error(`[Dynamic Access Control] The provided permission includes an invalid resource.`, {
+			providedResources,
+			validResources
+		});
+		throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.INVALID_RESOURCE);
+	}
+}
+async function checkIfMemberHasPermission({ ctx, permissionRequired: permission, options, organizationId, member, user, action }) {
+	const hasNecessaryPermissions = [];
+	const permissionEntries = Object.entries(permission);
+	for await (const [resource, permissions] of permissionEntries) for await (const perm of permissions) hasNecessaryPermissions.push({
+		resource: { [resource]: [perm] },
+		hasPermission: await hasPermission({
+			options,
+			organizationId,
+			permissions: { [resource]: [perm] },
+			useMemoryCache: true,
+			role: member.role
+		}, ctx)
+	});
+	const missingPermissions = hasNecessaryPermissions.filter((x) => x.hasPermission === false).map((x) => {
+		const key = Object.keys(x.resource)[0];
+		return `${key}:${x.resource[key][0]}`;
+	});
+	if (missingPermissions.length > 0) {
+		ctx.context.logger.error(`[Dynamic Access Control] The user is missing permissions necessary to ${action} a role with those set of permissions.\n`, {
+			userId: user.id,
+			organizationId,
+			role: member.role,
+			missingPermissions
+		});
+		let error;
+		if (action === "create") error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE;
+		else if (action === "update") error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE;
+		else if (action === "delete") error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE;
+		else if (action === "read") error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE;
+		else if (action === "list") error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE;
+		else error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE;
+		throw APIError.fromStatus("FORBIDDEN", {
+			message: error.message,
+			code: error.code,
+			missingPermissions
+		});
+	}
+}
+async function checkIfRoleNameIsTakenByPreDefinedRole({ options, organizationId, role, ctx }) {
+	const defaultRoles = options.roles ? Object.keys(options.roles) : [
+		"owner",
+		"admin",
+		"member"
+	];
+	if (defaultRoles.includes(role)) {
+		ctx.context.logger.error(`[Dynamic Access Control] The role name "${role}" is already taken by a pre-defined role.`, {
+			role,
+			organizationId,
+			defaultRoles
+		});
+		throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NAME_IS_ALREADY_TAKEN);
+	}
+}
+async function checkIfRoleNameIsTakenByRoleInDB({ organizationId, role, ctx }) {
+	if (await ctx.context.adapter.findOne({
+		model: "organizationRole",
+		where: [{
+			field: "organizationId",
+			value: organizationId,
+			operator: "eq",
+			connector: "AND"
+		}, {
+			field: "role",
+			value: role,
+			operator: "eq",
+			connector: "AND"
+		}]
+	})) {
+		ctx.context.logger.error(`[Dynamic Access Control] The role name "${role}" is already taken by a role in the database.`, {
+			role,
+			organizationId
+		});
+		throw APIError.from("BAD_REQUEST", ORGANIZATION_ERROR_CODES.ROLE_NAME_IS_ALREADY_TAKEN);
+	}
+}
+//#endregion
+export { createOrgRole, deleteOrgRole, getOrgRole, listOrgRoles, updateOrgRole };
+//# sourceMappingURL=crud-access-control.mjs.map