@sirketio/auth 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_virtual/_rolldown/runtime.mjs +36 -0
- package/dist/adapter/index.d.mts +4 -0
- package/dist/adapter/index.mjs +7 -0
- package/dist/api/index.d.mts +3872 -0
- package/dist/api/index.mjs +206 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +18 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +204 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +410 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +31 -0
- package/dist/api/routes/callback.mjs +179 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +161 -0
- package/dist/api/routes/email-verification.mjs +299 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +28 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +36 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +182 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +415 -0
- package/dist/api/routes/session.mjs +483 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +171 -0
- package/dist/api/routes/sign-in.mjs +263 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +36 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +160 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +445 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +18 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +45 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +33 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +65 -0
- package/dist/client/plugins/index.d.mts +53 -0
- package/dist/client/plugins/index.mjs +30 -0
- package/dist/client/plugins/infer-plugin.d.mts +16 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +128 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/types.d.mts +41 -0
- package/dist/client/vanilla.d.mts +127 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +83 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init.mjs +20 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +121 -0
- package/dist/cookies/index.mjs +261 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +19 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +42 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +18 -0
- package/dist/db/index.mjs +34 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +49 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +53 -0
- package/dist/index.mjs +27 -0
- package/dist/integrations/next-js.d.mts +29 -0
- package/dist/integrations/next-js.mjs +85 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +48 -0
- package/dist/oauth2/link-account.mjs +143 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +96 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +911 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +76 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +29 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +841 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +40 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +46 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +33 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +1251 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +199 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +45 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +21 -0
- package/dist/plugins/captcha/index.mjs +62 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +17 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +72 -0
- package/dist/plugins/custom-session/index.mjs +78 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +17 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +424 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +21 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +11 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +428 -0
- package/dist/plugins/email-otp/index.mjs +130 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +631 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +86 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +33 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +201 -0
- package/dist/plugins/generic-oauth/index.mjs +145 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +411 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +159 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
- package/dist/plugins/haveibeenpwned/index.mjs +57 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +65 -0
- package/dist/plugins/index.mjs +48 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +40 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +224 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +26 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +38 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +118 -0
- package/dist/plugins/last-login-method/index.mjs +76 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +10 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +193 -0
- package/dist/plugins/magic-link/index.mjs +177 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +458 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +19 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +9 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +235 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +97 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +51 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +12 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +702 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +160 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +174 -0
- package/dist/plugins/one-tap/client.mjs +188 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +83 -0
- package/dist/plugins/one-tap/index.mjs +95 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +10 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +133 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +97 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +792 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +372 -0
- package/dist/plugins/organization/client.mjs +95 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +65 -0
- package/dist/plugins/organization/error-codes.mjs +66 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +394 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +17 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
- package/dist/plugins/organization/routes/crud-members.mjs +466 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
- package/dist/plugins/organization/routes/crud-org.mjs +423 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +677 -0
- package/dist/plugins/phone-number/client.d.mts +31 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +20 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +318 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +472 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +23 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +55 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +17 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +670 -0
- package/dist/plugins/two-factor/index.mjs +228 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +216 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +41 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +210 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +73 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +26 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +16 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +251 -0
- package/dist/plugins/username/index.mjs +234 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +33 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/providers/index.d.mts +1 -0
- package/dist/providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/types/adapter.d.mts +2 -0
- package/dist/types/api.d.mts +29 -0
- package/dist/types/auth.d.mts +29 -0
- package/dist/types/helper.d.mts +10 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +11 -0
- package/dist/types/plugins.d.mts +20 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +4 -0
- package/dist/utils/index.mjs +6 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +9 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.d.mts +8 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +428 -0
|
@@ -0,0 +1,228 @@
|
|
|
1
|
+
import { mergeSchema } from "../../db/schema.mjs";
|
|
2
|
+
import { generateRandomString } from "../../crypto/random.mjs";
|
|
3
|
+
import { symmetricEncrypt } from "../../crypto/index.mjs";
|
|
4
|
+
import { deleteSessionCookie, expireCookie, setSessionCookie } from "../../cookies/index.mjs";
|
|
5
|
+
import { sessionMiddleware } from "../../api/routes/session.mjs";
|
|
6
|
+
import { validatePassword } from "../../utils/password.mjs";
|
|
7
|
+
import "../../api/index.mjs";
|
|
8
|
+
import { TWO_FACTOR_ERROR_CODES } from "./error-code.mjs";
|
|
9
|
+
import { twoFactorClient } from "./client.mjs";
|
|
10
|
+
import { TRUST_DEVICE_COOKIE_MAX_AGE, TRUST_DEVICE_COOKIE_NAME, TWO_FACTOR_COOKIE_NAME } from "./constant.mjs";
|
|
11
|
+
import { backupCode2fa, generateBackupCodes } from "./backup-codes/index.mjs";
|
|
12
|
+
import { otp2fa } from "./otp/index.mjs";
|
|
13
|
+
import { schema } from "./schema.mjs";
|
|
14
|
+
import { totp2fa } from "./totp/index.mjs";
|
|
15
|
+
import { APIError, BASE_ERROR_CODES } from "@better-auth/core/error";
|
|
16
|
+
import { createAuthEndpoint, createAuthMiddleware } from "@better-auth/core/api";
|
|
17
|
+
import * as z from "zod";
|
|
18
|
+
import { createHMAC } from "@better-auth/utils/hmac";
|
|
19
|
+
import { createOTP } from "@better-auth/utils/otp";
|
|
20
|
+
|
|
21
|
+
//#region src/plugins/two-factor/index.ts
|
|
22
|
+
const enableTwoFactorBodySchema = z.object({
|
|
23
|
+
password: z.string().meta({ description: "User password" }),
|
|
24
|
+
issuer: z.string().meta({ description: "Custom issuer for the TOTP URI" }).optional()
|
|
25
|
+
});
|
|
26
|
+
const disableTwoFactorBodySchema = z.object({ password: z.string().meta({ description: "User password" }) });
|
|
27
|
+
const twoFactor = (options) => {
|
|
28
|
+
const opts = { twoFactorTable: "twoFactor" };
|
|
29
|
+
const trustDeviceMaxAge = options?.trustDeviceMaxAge ?? TRUST_DEVICE_COOKIE_MAX_AGE;
|
|
30
|
+
const backupCodeOptions = {
|
|
31
|
+
storeBackupCodes: "encrypted",
|
|
32
|
+
...options?.backupCodeOptions
|
|
33
|
+
};
|
|
34
|
+
const totp = totp2fa(options?.totpOptions);
|
|
35
|
+
const backupCode = backupCode2fa(backupCodeOptions);
|
|
36
|
+
const otp = otp2fa(options?.otpOptions);
|
|
37
|
+
return {
|
|
38
|
+
id: "two-factor",
|
|
39
|
+
endpoints: {
|
|
40
|
+
...totp.endpoints,
|
|
41
|
+
...otp.endpoints,
|
|
42
|
+
...backupCode.endpoints,
|
|
43
|
+
enableTwoFactor: createAuthEndpoint("/two-factor/enable", {
|
|
44
|
+
method: "POST",
|
|
45
|
+
body: enableTwoFactorBodySchema,
|
|
46
|
+
use: [sessionMiddleware],
|
|
47
|
+
metadata: { openapi: {
|
|
48
|
+
summary: "Enable two factor authentication",
|
|
49
|
+
description: "Use this endpoint to enable two factor authentication. This will generate a TOTP URI and backup codes. Once the user verifies the TOTP URI, the two factor authentication will be enabled.",
|
|
50
|
+
responses: { 200: {
|
|
51
|
+
description: "Successful response",
|
|
52
|
+
content: { "application/json": { schema: {
|
|
53
|
+
type: "object",
|
|
54
|
+
properties: {
|
|
55
|
+
totpURI: {
|
|
56
|
+
type: "string",
|
|
57
|
+
description: "TOTP URI"
|
|
58
|
+
},
|
|
59
|
+
backupCodes: {
|
|
60
|
+
type: "array",
|
|
61
|
+
items: { type: "string" },
|
|
62
|
+
description: "Backup codes"
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
} } }
|
|
66
|
+
} }
|
|
67
|
+
} }
|
|
68
|
+
}, async (ctx) => {
|
|
69
|
+
const user = ctx.context.session.user;
|
|
70
|
+
const { password, issuer } = ctx.body;
|
|
71
|
+
if (!await validatePassword(ctx, {
|
|
72
|
+
password,
|
|
73
|
+
userId: user.id
|
|
74
|
+
})) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.INVALID_PASSWORD);
|
|
75
|
+
const secret = generateRandomString(32);
|
|
76
|
+
const encryptedSecret = await symmetricEncrypt({
|
|
77
|
+
key: ctx.context.secret,
|
|
78
|
+
data: secret
|
|
79
|
+
});
|
|
80
|
+
const backupCodes = await generateBackupCodes(ctx.context.secret, backupCodeOptions);
|
|
81
|
+
if (options?.skipVerificationOnEnable) {
|
|
82
|
+
const updatedUser = await ctx.context.internalAdapter.updateUser(user.id, { twoFactorEnabled: true });
|
|
83
|
+
/**
|
|
84
|
+
* Update the session cookie with the new user data
|
|
85
|
+
*/
|
|
86
|
+
await setSessionCookie(ctx, {
|
|
87
|
+
session: await ctx.context.internalAdapter.createSession(updatedUser.id, false, ctx.context.session.session),
|
|
88
|
+
user: updatedUser
|
|
89
|
+
});
|
|
90
|
+
await ctx.context.internalAdapter.deleteSession(ctx.context.session.session.token);
|
|
91
|
+
}
|
|
92
|
+
await ctx.context.adapter.deleteMany({
|
|
93
|
+
model: opts.twoFactorTable,
|
|
94
|
+
where: [{
|
|
95
|
+
field: "userId",
|
|
96
|
+
value: user.id
|
|
97
|
+
}]
|
|
98
|
+
});
|
|
99
|
+
await ctx.context.adapter.create({
|
|
100
|
+
model: opts.twoFactorTable,
|
|
101
|
+
data: {
|
|
102
|
+
secret: encryptedSecret,
|
|
103
|
+
backupCodes: backupCodes.encryptedBackupCodes,
|
|
104
|
+
userId: user.id
|
|
105
|
+
}
|
|
106
|
+
});
|
|
107
|
+
const totpURI = createOTP(secret, {
|
|
108
|
+
digits: options?.totpOptions?.digits || 6,
|
|
109
|
+
period: options?.totpOptions?.period
|
|
110
|
+
}).url(issuer || options?.issuer || ctx.context.appName, user.email);
|
|
111
|
+
return ctx.json({
|
|
112
|
+
totpURI,
|
|
113
|
+
backupCodes: backupCodes.backupCodes
|
|
114
|
+
});
|
|
115
|
+
}),
|
|
116
|
+
disableTwoFactor: createAuthEndpoint("/two-factor/disable", {
|
|
117
|
+
method: "POST",
|
|
118
|
+
body: disableTwoFactorBodySchema,
|
|
119
|
+
use: [sessionMiddleware],
|
|
120
|
+
metadata: { openapi: {
|
|
121
|
+
summary: "Disable two factor authentication",
|
|
122
|
+
description: "Use this endpoint to disable two factor authentication.",
|
|
123
|
+
responses: { 200: {
|
|
124
|
+
description: "Successful response",
|
|
125
|
+
content: { "application/json": { schema: {
|
|
126
|
+
type: "object",
|
|
127
|
+
properties: { status: { type: "boolean" } }
|
|
128
|
+
} } }
|
|
129
|
+
} }
|
|
130
|
+
} }
|
|
131
|
+
}, async (ctx) => {
|
|
132
|
+
const user = ctx.context.session.user;
|
|
133
|
+
const { password } = ctx.body;
|
|
134
|
+
if (!await validatePassword(ctx, {
|
|
135
|
+
password,
|
|
136
|
+
userId: user.id
|
|
137
|
+
})) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.INVALID_PASSWORD);
|
|
138
|
+
const updatedUser = await ctx.context.internalAdapter.updateUser(user.id, { twoFactorEnabled: false });
|
|
139
|
+
await ctx.context.adapter.delete({
|
|
140
|
+
model: opts.twoFactorTable,
|
|
141
|
+
where: [{
|
|
142
|
+
field: "userId",
|
|
143
|
+
value: updatedUser.id
|
|
144
|
+
}]
|
|
145
|
+
});
|
|
146
|
+
/**
|
|
147
|
+
* Update the session cookie with the new user data
|
|
148
|
+
*/
|
|
149
|
+
await setSessionCookie(ctx, {
|
|
150
|
+
session: await ctx.context.internalAdapter.createSession(updatedUser.id, false, ctx.context.session.session),
|
|
151
|
+
user: updatedUser
|
|
152
|
+
});
|
|
153
|
+
await ctx.context.internalAdapter.deleteSession(ctx.context.session.session.token);
|
|
154
|
+
const disableTrustCookie = ctx.context.createAuthCookie(TRUST_DEVICE_COOKIE_NAME, { maxAge: trustDeviceMaxAge });
|
|
155
|
+
const disableTrustValue = await ctx.getSignedCookie(disableTrustCookie.name, ctx.context.secret);
|
|
156
|
+
if (disableTrustValue) {
|
|
157
|
+
const [, trustId] = disableTrustValue.split("!");
|
|
158
|
+
if (trustId) await ctx.context.internalAdapter.deleteVerificationByIdentifier(trustId);
|
|
159
|
+
expireCookie(ctx, disableTrustCookie);
|
|
160
|
+
}
|
|
161
|
+
return ctx.json({ status: true });
|
|
162
|
+
})
|
|
163
|
+
},
|
|
164
|
+
options,
|
|
165
|
+
hooks: { after: [{
|
|
166
|
+
matcher(context) {
|
|
167
|
+
return context.path === "/sign-in/email" || context.path === "/sign-in/username" || context.path === "/sign-in/phone-number";
|
|
168
|
+
},
|
|
169
|
+
handler: createAuthMiddleware(async (ctx) => {
|
|
170
|
+
const data = ctx.context.newSession;
|
|
171
|
+
if (!data) return;
|
|
172
|
+
if (!data?.user.twoFactorEnabled) return;
|
|
173
|
+
const trustDeviceCookieAttrs = ctx.context.createAuthCookie(TRUST_DEVICE_COOKIE_NAME, { maxAge: trustDeviceMaxAge });
|
|
174
|
+
const trustDeviceCookie = await ctx.getSignedCookie(trustDeviceCookieAttrs.name, ctx.context.secret);
|
|
175
|
+
if (trustDeviceCookie) {
|
|
176
|
+
const [token, trustIdentifier] = trustDeviceCookie.split("!");
|
|
177
|
+
if (token && trustIdentifier) {
|
|
178
|
+
if (token === await createHMAC("SHA-256", "base64urlnopad").sign(ctx.context.secret, `${data.user.id}!${trustIdentifier}`)) {
|
|
179
|
+
const verificationRecord = await ctx.context.internalAdapter.findVerificationValue(trustIdentifier);
|
|
180
|
+
if (verificationRecord && verificationRecord.value === data.user.id && verificationRecord.expiresAt > /* @__PURE__ */ new Date()) {
|
|
181
|
+
await ctx.context.internalAdapter.deleteVerificationValue(verificationRecord.id);
|
|
182
|
+
const newTrustIdentifier = `trust-device-${generateRandomString(32)}`;
|
|
183
|
+
const newToken = await createHMAC("SHA-256", "base64urlnopad").sign(ctx.context.secret, `${data.user.id}!${newTrustIdentifier}`);
|
|
184
|
+
await ctx.context.internalAdapter.createVerificationValue({
|
|
185
|
+
value: data.user.id,
|
|
186
|
+
identifier: newTrustIdentifier,
|
|
187
|
+
expiresAt: new Date(Date.now() + trustDeviceMaxAge * 1e3)
|
|
188
|
+
});
|
|
189
|
+
const newTrustDeviceCookie = ctx.context.createAuthCookie(TRUST_DEVICE_COOKIE_NAME, { maxAge: trustDeviceMaxAge });
|
|
190
|
+
await ctx.setSignedCookie(newTrustDeviceCookie.name, `${newToken}!${newTrustIdentifier}`, ctx.context.secret, trustDeviceCookieAttrs.attributes);
|
|
191
|
+
return;
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
expireCookie(ctx, trustDeviceCookieAttrs);
|
|
196
|
+
}
|
|
197
|
+
/**
|
|
198
|
+
* remove the session cookie. It's set by the sign in credential
|
|
199
|
+
*/
|
|
200
|
+
deleteSessionCookie(ctx, true);
|
|
201
|
+
await ctx.context.internalAdapter.deleteSession(data.session.token);
|
|
202
|
+
const maxAge = options?.twoFactorCookieMaxAge ?? 600;
|
|
203
|
+
const twoFactorCookie = ctx.context.createAuthCookie(TWO_FACTOR_COOKIE_NAME, { maxAge });
|
|
204
|
+
const identifier = `2fa-${generateRandomString(20)}`;
|
|
205
|
+
await ctx.context.internalAdapter.createVerificationValue({
|
|
206
|
+
value: data.user.id,
|
|
207
|
+
identifier,
|
|
208
|
+
expiresAt: new Date(Date.now() + maxAge * 1e3)
|
|
209
|
+
});
|
|
210
|
+
await ctx.setSignedCookie(twoFactorCookie.name, identifier, ctx.context.secret, twoFactorCookie.attributes);
|
|
211
|
+
return ctx.json({ twoFactorRedirect: true });
|
|
212
|
+
})
|
|
213
|
+
}] },
|
|
214
|
+
schema: mergeSchema(schema, options?.schema),
|
|
215
|
+
rateLimit: [{
|
|
216
|
+
pathMatcher(path) {
|
|
217
|
+
return path.startsWith("/two-factor/");
|
|
218
|
+
},
|
|
219
|
+
window: 10,
|
|
220
|
+
max: 3
|
|
221
|
+
}],
|
|
222
|
+
$ERROR_CODES: TWO_FACTOR_ERROR_CODES
|
|
223
|
+
};
|
|
224
|
+
};
|
|
225
|
+
|
|
226
|
+
//#endregion
|
|
227
|
+
export { TWO_FACTOR_ERROR_CODES, twoFactor, twoFactorClient };
|
|
228
|
+
//# sourceMappingURL=index.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.mjs","names":[],"sources":["../../../src/plugins/two-factor/index.ts"],"sourcesContent":["import type { BetterAuthPlugin } from \"@better-auth/core\";\nimport {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport { createHMAC } from \"@better-auth/utils/hmac\";\nimport { createOTP } from \"@better-auth/utils/otp\";\nimport * as z from \"zod\";\nimport { sessionMiddleware } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { symmetricEncrypt } from \"../../crypto\";\nimport { generateRandomString } from \"../../crypto/random\";\nimport { mergeSchema } from \"../../db/schema\";\nimport { validatePassword } from \"../../utils/password\";\nimport type { BackupCodeOptions } from \"./backup-codes\";\nimport { backupCode2fa, generateBackupCodes } from \"./backup-codes\";\nimport {\n\tTRUST_DEVICE_COOKIE_MAX_AGE,\n\tTRUST_DEVICE_COOKIE_NAME,\n\tTWO_FACTOR_COOKIE_NAME,\n} from \"./constant\";\nimport { TWO_FACTOR_ERROR_CODES } from \"./error-code\";\nimport { otp2fa } from \"./otp\";\nimport { schema } from \"./schema\";\nimport { totp2fa } from \"./totp\";\nimport type { TwoFactorOptions, UserWithTwoFactor } from \"./types\";\n\nexport * from \"./error-code\";\n\ndeclare module \"@better-auth/core\" {\n\tinterface BetterAuthPluginRegistry<AuthOptions, Options> {\n\t\t\"two-factor\": {\n\t\t\tcreator: typeof twoFactor;\n\t\t};\n\t}\n}\n\nconst enableTwoFactorBodySchema = z.object({\n\tpassword: z.string().meta({\n\t\tdescription: \"User password\",\n\t}),\n\tissuer: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"Custom issuer for the TOTP URI\",\n\t\t})\n\t\t.optional(),\n});\n\nconst disableTwoFactorBodySchema = z.object({\n\tpassword: z.string().meta({\n\t\tdescription: \"User password\",\n\t}),\n});\n\nexport const twoFactor = <O extends TwoFactorOptions>(options?: O) => {\n\tconst opts = {\n\t\ttwoFactorTable: \"twoFactor\",\n\t};\n\tconst trustDeviceMaxAge =\n\t\toptions?.trustDeviceMaxAge ?? TRUST_DEVICE_COOKIE_MAX_AGE;\n\tconst backupCodeOptions = {\n\t\tstoreBackupCodes: \"encrypted\",\n\t\t...options?.backupCodeOptions,\n\t} satisfies BackupCodeOptions;\n\tconst totp = totp2fa(options?.totpOptions);\n\tconst backupCode = backupCode2fa(backupCodeOptions);\n\tconst otp = otp2fa(options?.otpOptions);\n\n\treturn {\n\t\tid: \"two-factor\",\n\t\tendpoints: {\n\t\t\t...totp.endpoints,\n\t\t\t...otp.endpoints,\n\t\t\t...backupCode.endpoints,\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/enable`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.enableTwoFactor`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.enable`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-enable)\n\t\t\t */\n\t\t\tenableTwoFactor: createAuthEndpoint(\n\t\t\t\t\"/two-factor/enable\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: enableTwoFactorBodySchema,\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tsummary: \"Enable two factor authentication\",\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Use this endpoint to enable two factor authentication. This will generate a TOTP URI and backup codes. Once the user verifies the TOTP URI, the two factor authentication will be enabled.\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttotpURI: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"TOTP URI\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tbackupCodes: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Backup codes\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tconst { password, issuer } = ctx.body;\n\t\t\t\t\tconst isPasswordValid = await validatePassword(ctx, {\n\t\t\t\t\t\tpassword,\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t});\n\t\t\t\t\tif (!isPasswordValid) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tBASE_ERROR_CODES.INVALID_PASSWORD,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst secret = generateRandomString(32);\n\t\t\t\t\tconst encryptedSecret = await symmetricEncrypt({\n\t\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\t\tdata: secret,\n\t\t\t\t\t});\n\t\t\t\t\tconst backupCodes = await generateBackupCodes(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tbackupCodeOptions,\n\t\t\t\t\t);\n\t\t\t\t\tif (options?.skipVerificationOnEnable) {\n\t\t\t\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\t\t\t\tuser.id,\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\tconst newSession = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\t\tupdatedUser.id,\n\t\t\t\t\t\t\tfalse,\n\t\t\t\t\t\t\tctx.context.session.session,\n\t\t\t\t\t\t);\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * Update the session cookie with the new user data\n\t\t\t\t\t\t */\n\t\t\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\t\t\tsession: newSession,\n\t\t\t\t\t\t\tuser: updatedUser,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\t//remove current session\n\t\t\t\t\t\tawait ctx.context.internalAdapter.deleteSession(\n\t\t\t\t\t\t\tctx.context.session.session.token,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\t//delete existing two factor\n\t\t\t\t\tawait ctx.context.adapter.deleteMany({\n\t\t\t\t\t\tmodel: opts.twoFactorTable,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\n\t\t\t\t\tawait ctx.context.adapter.create({\n\t\t\t\t\t\tmodel: opts.twoFactorTable,\n\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\tsecret: encryptedSecret,\n\t\t\t\t\t\t\tbackupCodes: backupCodes.encryptedBackupCodes,\n\t\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\t\tconst totpURI = createOTP(secret, {\n\t\t\t\t\t\tdigits: options?.totpOptions?.digits || 6,\n\t\t\t\t\t\tperiod: options?.totpOptions?.period,\n\t\t\t\t\t}).url(issuer || options?.issuer || ctx.context.appName, user.email);\n\t\t\t\t\treturn ctx.json({ totpURI, backupCodes: backupCodes.backupCodes });\n\t\t\t\t},\n\t\t\t),\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/disable`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.disableTwoFactor`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.disable`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-disable)\n\t\t\t */\n\t\t\tdisableTwoFactor: createAuthEndpoint(\n\t\t\t\t\"/two-factor/disable\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: disableTwoFactorBodySchema,\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\topenapi: {\n\t\t\t\t\t\t\tsummary: \"Disable two factor authentication\",\n\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\"Use this endpoint to disable two factor authentication.\",\n\t\t\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tconst { password } = ctx.body;\n\t\t\t\t\tconst isPasswordValid = await validatePassword(ctx, {\n\t\t\t\t\t\tpassword,\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t});\n\t\t\t\t\tif (!isPasswordValid) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tBASE_ERROR_CODES.INVALID_PASSWORD,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\t\t\tuser.id,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\ttwoFactorEnabled: false,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\t\t\tmodel: opts.twoFactorTable,\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: updatedUser.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tconst newSession = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\tupdatedUser.id,\n\t\t\t\t\t\tfalse,\n\t\t\t\t\t\tctx.context.session.session,\n\t\t\t\t\t);\n\t\t\t\t\t/**\n\t\t\t\t\t * Update the session cookie with the new user data\n\t\t\t\t\t */\n\t\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\t\tsession: newSession,\n\t\t\t\t\t\tuser: updatedUser,\n\t\t\t\t\t});\n\t\t\t\t\t//remove current session\n\t\t\t\t\tawait ctx.context.internalAdapter.deleteSession(\n\t\t\t\t\t\tctx.context.session.session.token,\n\t\t\t\t\t);\n\t\t\t\t\tconst disableTrustCookie = ctx.context.createAuthCookie(\n\t\t\t\t\t\tTRUST_DEVICE_COOKIE_NAME,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tmaxAge: trustDeviceMaxAge,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\tconst disableTrustValue = await ctx.getSignedCookie(\n\t\t\t\t\t\tdisableTrustCookie.name,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (disableTrustValue) {\n\t\t\t\t\t\tconst [, trustId] = disableTrustValue.split(\"!\");\n\t\t\t\t\t\tif (trustId) {\n\t\t\t\t\t\t\tawait ctx.context.internalAdapter.deleteVerificationByIdentifier(\n\t\t\t\t\t\t\t\ttrustId,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\t\t\t\t\t\texpireCookie(ctx, disableTrustCookie);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\toptions: options as NoInfer<O>,\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn (\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/email\" ||\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/username\" ||\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/phone-number\"\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst data = ctx.context.newSession;\n\t\t\t\t\t\tif (!data) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif (!data?.user.twoFactorEnabled) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst trustDeviceCookieAttrs = ctx.context.createAuthCookie(\n\t\t\t\t\t\t\tTRUST_DEVICE_COOKIE_NAME,\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tmaxAge: trustDeviceMaxAge,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\t// Check for trust device cookie\n\t\t\t\t\t\tconst trustDeviceCookie = await ctx.getSignedCookie(\n\t\t\t\t\t\t\ttrustDeviceCookieAttrs.name,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tif (trustDeviceCookie) {\n\t\t\t\t\t\t\tconst [token, trustIdentifier] = trustDeviceCookie.split(\"!\");\n\t\t\t\t\t\t\tif (token && trustIdentifier) {\n\t\t\t\t\t\t\t\tconst expectedToken = await createHMAC(\n\t\t\t\t\t\t\t\t\t\"SHA-256\",\n\t\t\t\t\t\t\t\t\t\"base64urlnopad\",\n\t\t\t\t\t\t\t\t).sign(\n\t\t\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\t\t\t`${data.user.id}!${trustIdentifier}`,\n\t\t\t\t\t\t\t\t);\n\n\t\t\t\t\t\t\t\tif (token === expectedToken) {\n\t\t\t\t\t\t\t\t\t// HMAC is valid; verify the server-side record\n\t\t\t\t\t\t\t\t\tconst verificationRecord =\n\t\t\t\t\t\t\t\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\t\t\t\t\t\t\t\ttrustIdentifier,\n\t\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t\tif (\n\t\t\t\t\t\t\t\t\t\tverificationRecord &&\n\t\t\t\t\t\t\t\t\t\tverificationRecord.value === data.user.id &&\n\t\t\t\t\t\t\t\t\t\tverificationRecord.expiresAt > new Date()\n\t\t\t\t\t\t\t\t\t) {\n\t\t\t\t\t\t\t\t\t\tawait ctx.context.internalAdapter.deleteVerificationValue(\n\t\t\t\t\t\t\t\t\t\t\tverificationRecord.id,\n\t\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t\t\tconst newTrustIdentifier = `trust-device-${generateRandomString(32)}`;\n\t\t\t\t\t\t\t\t\t\tconst newToken = await createHMAC(\n\t\t\t\t\t\t\t\t\t\t\t\"SHA-256\",\n\t\t\t\t\t\t\t\t\t\t\t\"base64urlnopad\",\n\t\t\t\t\t\t\t\t\t\t).sign(\n\t\t\t\t\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\t\t\t\t\t`${data.user.id}!${newTrustIdentifier}`,\n\t\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t\t\tawait ctx.context.internalAdapter.createVerificationValue({\n\t\t\t\t\t\t\t\t\t\t\tvalue: data.user.id,\n\t\t\t\t\t\t\t\t\t\t\tidentifier: newTrustIdentifier,\n\t\t\t\t\t\t\t\t\t\t\texpiresAt: new Date(\n\t\t\t\t\t\t\t\t\t\t\t\tDate.now() + trustDeviceMaxAge * 1000,\n\t\t\t\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t\t\tconst newTrustDeviceCookie = ctx.context.createAuthCookie(\n\t\t\t\t\t\t\t\t\t\t\tTRUST_DEVICE_COOKIE_NAME,\n\t\t\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\t\t\tmaxAge: trustDeviceMaxAge,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\t\t\t\t\t\tnewTrustDeviceCookie.name,\n\t\t\t\t\t\t\t\t\t\t\t`${newToken}!${newTrustIdentifier}`,\n\t\t\t\t\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\t\t\t\t\ttrustDeviceCookieAttrs.attributes,\n\t\t\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\texpireCookie(ctx, trustDeviceCookieAttrs);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * remove the session cookie. It's set by the sign in credential\n\t\t\t\t\t\t */\n\t\t\t\t\t\tdeleteSessionCookie(ctx, true);\n\t\t\t\t\t\tawait ctx.context.internalAdapter.deleteSession(data.session.token);\n\t\t\t\t\t\tconst maxAge = options?.twoFactorCookieMaxAge ?? 10 * 60; // 10 minutes\n\t\t\t\t\t\tconst twoFactorCookie = ctx.context.createAuthCookie(\n\t\t\t\t\t\t\tTWO_FACTOR_COOKIE_NAME,\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tmaxAge,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\tconst identifier = `2fa-${generateRandomString(20)}`;\n\t\t\t\t\t\tawait ctx.context.internalAdapter.createVerificationValue({\n\t\t\t\t\t\t\tvalue: data.user.id,\n\t\t\t\t\t\t\tidentifier,\n\t\t\t\t\t\t\texpiresAt: new Date(Date.now() + maxAge * 1000),\n\t\t\t\t\t\t});\n\t\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\t\ttwoFactorCookie.name,\n\t\t\t\t\t\t\tidentifier,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\ttwoFactorCookie.attributes,\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\ttwoFactorRedirect: true,\n\t\t\t\t\t\t});\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tschema: mergeSchema(schema, options?.schema),\n\t\trateLimit: [\n\t\t\t{\n\t\t\t\tpathMatcher(path) {\n\t\t\t\t\treturn path.startsWith(\"/two-factor/\");\n\t\t\t\t},\n\t\t\t\twindow: 10,\n\t\t\t\tmax: 3,\n\t\t\t},\n\t\t],\n\t\t$ERROR_CODES: TWO_FACTOR_ERROR_CODES,\n\t} satisfies BetterAuthPlugin;\n};\n\nexport * from \"./client\";\nexport * from \"./types\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AA0CA,MAAM,4BAA4B,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,iBACb,CAAC;CACF,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,kCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,UAAU,EAAE,QAAQ,CAAC,KAAK,EACzB,aAAa,iBACb,CAAC,EACF,CAAC;AAEF,MAAa,aAAyC,YAAgB;CACrE,MAAM,OAAO,EACZ,gBAAgB,aAChB;CACD,MAAM,oBACL,SAAS,qBAAqB;CAC/B,MAAM,oBAAoB;EACzB,kBAAkB;EAClB,GAAG,SAAS;EACZ;CACD,MAAM,OAAO,QAAQ,SAAS,YAAY;CAC1C,MAAM,aAAa,cAAc,kBAAkB;CACnD,MAAM,MAAM,OAAO,SAAS,WAAW;AAEvC,QAAO;EACN,IAAI;EACJ,WAAW;GACV,GAAG,KAAK;GACR,GAAG,IAAI;GACP,GAAG,WAAW;GAgBd,iBAAiB,mBAChB,sBACA;IACC,QAAQ;IACR,MAAM;IACN,KAAK,CAAC,kBAAkB;IACxB,UAAU,EACT,SAAS;KACR,SAAS;KACT,aACC;KACD,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY;QACX,SAAS;SACR,MAAM;SACN,aAAa;SACb;QACD,aAAa;SACZ,MAAM;SACN,OAAO,EACN,MAAM,UACN;SACD,aAAa;SACb;QACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;IACd,MAAM,OAAO,IAAI,QAAQ,QAAQ;IACjC,MAAM,EAAE,UAAU,WAAW,IAAI;AAKjC,QAAI,CAJoB,MAAM,iBAAiB,KAAK;KACnD;KACA,QAAQ,KAAK;KACb,CAAC,CAED,OAAM,SAAS,KACd,eACA,iBAAiB,iBACjB;IAEF,MAAM,SAAS,qBAAqB,GAAG;IACvC,MAAM,kBAAkB,MAAM,iBAAiB;KAC9C,KAAK,IAAI,QAAQ;KACjB,MAAM;KACN,CAAC;IACF,MAAM,cAAc,MAAM,oBACzB,IAAI,QAAQ,QACZ,kBACA;AACD,QAAI,SAAS,0BAA0B;KACtC,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,KAAK,IACL,EACC,kBAAkB,MAClB,CACD;;;;AASD,WAAM,iBAAiB,KAAK;MAC3B,SATkB,MAAM,IAAI,QAAQ,gBAAgB,cACpD,YAAY,IACZ,OACA,IAAI,QAAQ,QAAQ,QACpB;MAMA,MAAM;MACN,CAAC;AAGF,WAAM,IAAI,QAAQ,gBAAgB,cACjC,IAAI,QAAQ,QAAQ,QAAQ,MAC5B;;AAGF,UAAM,IAAI,QAAQ,QAAQ,WAAW;KACpC,OAAO,KAAK;KACZ,OAAO,CACN;MACC,OAAO;MACP,OAAO,KAAK;MACZ,CACD;KACD,CAAC;AAEF,UAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO,KAAK;KACZ,MAAM;MACL,QAAQ;MACR,aAAa,YAAY;MACzB,QAAQ,KAAK;MACb;KACD,CAAC;IACF,MAAM,UAAU,UAAU,QAAQ;KACjC,QAAQ,SAAS,aAAa,UAAU;KACxC,QAAQ,SAAS,aAAa;KAC9B,CAAC,CAAC,IAAI,UAAU,SAAS,UAAU,IAAI,QAAQ,SAAS,KAAK,MAAM;AACpE,WAAO,IAAI,KAAK;KAAE;KAAS,aAAa,YAAY;KAAa,CAAC;KAEnE;GAgBD,kBAAkB,mBACjB,uBACA;IACC,QAAQ;IACR,MAAM;IACN,KAAK,CAAC,kBAAkB;IACxB,UAAU,EACT,SAAS;KACR,SAAS;KACT,aACC;KACD,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;IACd,MAAM,OAAO,IAAI,QAAQ,QAAQ;IACjC,MAAM,EAAE,aAAa,IAAI;AAKzB,QAAI,CAJoB,MAAM,iBAAiB,KAAK;KACnD;KACA,QAAQ,KAAK;KACb,CAAC,CAED,OAAM,SAAS,KACd,eACA,iBAAiB,iBACjB;IAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,KAAK,IACL,EACC,kBAAkB,OAClB,CACD;AACD,UAAM,IAAI,QAAQ,QAAQ,OAAO;KAChC,OAAO,KAAK;KACZ,OAAO,CACN;MACC,OAAO;MACP,OAAO,YAAY;MACnB,CACD;KACD,CAAC;;;;AASF,UAAM,iBAAiB,KAAK;KAC3B,SATkB,MAAM,IAAI,QAAQ,gBAAgB,cACpD,YAAY,IACZ,OACA,IAAI,QAAQ,QAAQ,QACpB;KAMA,MAAM;KACN,CAAC;AAEF,UAAM,IAAI,QAAQ,gBAAgB,cACjC,IAAI,QAAQ,QAAQ,QAAQ,MAC5B;IACD,MAAM,qBAAqB,IAAI,QAAQ,iBACtC,0BACA,EACC,QAAQ,mBACR,CACD;IACD,MAAM,oBAAoB,MAAM,IAAI,gBACnC,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AACD,QAAI,mBAAmB;KACtB,MAAM,GAAG,WAAW,kBAAkB,MAAM,IAAI;AAChD,SAAI,QACH,OAAM,IAAI,QAAQ,gBAAgB,+BACjC,QACA;AAEF,kBAAa,KAAK,mBAAmB;;AAEtC,WAAO,IAAI,KAAK,EAAE,QAAQ,MAAM,CAAC;KAElC;GACD;EACQ;EACT,OAAO,EACN,OAAO,CACN;GACC,QAAQ,SAAS;AAChB,WACC,QAAQ,SAAS,oBACjB,QAAQ,SAAS,uBACjB,QAAQ,SAAS;;GAGnB,SAAS,qBAAqB,OAAO,QAAQ;IAC5C,MAAM,OAAO,IAAI,QAAQ;AACzB,QAAI,CAAC,KACJ;AAGD,QAAI,CAAC,MAAM,KAAK,iBACf;IAGD,MAAM,yBAAyB,IAAI,QAAQ,iBAC1C,0BACA,EACC,QAAQ,mBACR,CACD;IAED,MAAM,oBAAoB,MAAM,IAAI,gBACnC,uBAAuB,MACvB,IAAI,QAAQ,OACZ;AAED,QAAI,mBAAmB;KACtB,MAAM,CAAC,OAAO,mBAAmB,kBAAkB,MAAM,IAAI;AAC7D,SAAI,SAAS,iBASZ;UAAI,UARkB,MAAM,WAC3B,WACA,iBACA,CAAC,KACD,IAAI,QAAQ,QACZ,GAAG,KAAK,KAAK,GAAG,GAAG,kBACnB,EAE4B;OAE5B,MAAM,qBACL,MAAM,IAAI,QAAQ,gBAAgB,sBACjC,gBACA;AACF,WACC,sBACA,mBAAmB,UAAU,KAAK,KAAK,MACvC,mBAAmB,4BAAY,IAAI,MAAM,EACxC;AACD,cAAM,IAAI,QAAQ,gBAAgB,wBACjC,mBAAmB,GACnB;QACD,MAAM,qBAAqB,gBAAgB,qBAAqB,GAAG;QACnE,MAAM,WAAW,MAAM,WACtB,WACA,iBACA,CAAC,KACD,IAAI,QAAQ,QACZ,GAAG,KAAK,KAAK,GAAG,GAAG,qBACnB;AACD,cAAM,IAAI,QAAQ,gBAAgB,wBAAwB;SACzD,OAAO,KAAK,KAAK;SACjB,YAAY;SACZ,WAAW,IAAI,KACd,KAAK,KAAK,GAAG,oBAAoB,IACjC;SACD,CAAC;QACF,MAAM,uBAAuB,IAAI,QAAQ,iBACxC,0BACA,EACC,QAAQ,mBACR,CACD;AACD,cAAM,IAAI,gBACT,qBAAqB,MACrB,GAAG,SAAS,GAAG,sBACf,IAAI,QAAQ,QACZ,uBAAuB,WACvB;AACD;;;;AAIH,kBAAa,KAAK,uBAAuB;;;;;AAM1C,wBAAoB,KAAK,KAAK;AAC9B,UAAM,IAAI,QAAQ,gBAAgB,cAAc,KAAK,QAAQ,MAAM;IACnE,MAAM,SAAS,SAAS,yBAAyB;IACjD,MAAM,kBAAkB,IAAI,QAAQ,iBACnC,wBACA,EACC,QACA,CACD;IACD,MAAM,aAAa,OAAO,qBAAqB,GAAG;AAClD,UAAM,IAAI,QAAQ,gBAAgB,wBAAwB;KACzD,OAAO,KAAK,KAAK;KACjB;KACA,WAAW,IAAI,KAAK,KAAK,KAAK,GAAG,SAAS,IAAK;KAC/C,CAAC;AACF,UAAM,IAAI,gBACT,gBAAgB,MAChB,YACA,IAAI,QAAQ,QACZ,gBAAgB,WAChB;AACD,WAAO,IAAI,KAAK,EACf,mBAAmB,MACnB,CAAC;KACD;GACF,CACD,EACD;EACD,QAAQ,YAAY,QAAQ,SAAS,OAAO;EAC5C,WAAW,CACV;GACC,YAAY,MAAM;AACjB,WAAO,KAAK,WAAW,eAAe;;GAEvC,QAAQ;GACR,KAAK;GACL,CACD;EACD,cAAc;EACd"}
|
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
import { UserWithTwoFactor } from "../types.mjs";
|
|
2
|
+
import { Awaitable, GenericEndpointContext } from "@better-auth/core";
|
|
3
|
+
import * as better_call0 from "better-call";
|
|
4
|
+
import * as z from "zod";
|
|
5
|
+
|
|
6
|
+
//#region src/plugins/two-factor/otp/index.d.ts
|
|
7
|
+
interface OTPOptions {
|
|
8
|
+
/**
|
|
9
|
+
* How long the opt will be valid for in
|
|
10
|
+
* minutes
|
|
11
|
+
*
|
|
12
|
+
* @default "3 mins"
|
|
13
|
+
*/
|
|
14
|
+
period?: number | undefined;
|
|
15
|
+
/**
|
|
16
|
+
* Number of digits for the OTP code
|
|
17
|
+
*
|
|
18
|
+
* @default 6
|
|
19
|
+
*/
|
|
20
|
+
digits?: number | undefined;
|
|
21
|
+
/**
|
|
22
|
+
* Send the otp to the user
|
|
23
|
+
*
|
|
24
|
+
* @param user - The user to send the otp to
|
|
25
|
+
* @param otp - The otp to send
|
|
26
|
+
* @param request - The request object
|
|
27
|
+
* @returns void | Promise<void>
|
|
28
|
+
*/
|
|
29
|
+
sendOTP?: ((
|
|
30
|
+
/**
|
|
31
|
+
* The user to send the otp to
|
|
32
|
+
* @type UserWithTwoFactor
|
|
33
|
+
* @default UserWithTwoFactors
|
|
34
|
+
*/
|
|
35
|
+
data: {
|
|
36
|
+
user: UserWithTwoFactor;
|
|
37
|
+
otp: string;
|
|
38
|
+
},
|
|
39
|
+
/**
|
|
40
|
+
* The request object
|
|
41
|
+
*/
|
|
42
|
+
ctx?: GenericEndpointContext) => Awaitable<void>) | undefined;
|
|
43
|
+
/**
|
|
44
|
+
* The number of allowed attempts for the OTP
|
|
45
|
+
*
|
|
46
|
+
* @default 5
|
|
47
|
+
*/
|
|
48
|
+
allowedAttempts?: number | undefined;
|
|
49
|
+
storeOTP?: ("plain" | "encrypted" | "hashed" | {
|
|
50
|
+
hash: (token: string) => Promise<string>;
|
|
51
|
+
} | {
|
|
52
|
+
encrypt: (token: string) => Promise<string>;
|
|
53
|
+
decrypt: (token: string) => Promise<string>;
|
|
54
|
+
}) | undefined;
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* The otp adapter is created from the totp adapter.
|
|
58
|
+
*/
|
|
59
|
+
declare const otp2fa: (options?: OTPOptions | undefined) => {
|
|
60
|
+
id: "otp";
|
|
61
|
+
endpoints: {
|
|
62
|
+
/**
|
|
63
|
+
* ### Endpoint
|
|
64
|
+
*
|
|
65
|
+
* POST `/two-factor/send-otp`
|
|
66
|
+
*
|
|
67
|
+
* ### API Methods
|
|
68
|
+
*
|
|
69
|
+
* **server:**
|
|
70
|
+
* `auth.api.send2FaOTP`
|
|
71
|
+
*
|
|
72
|
+
* **client:**
|
|
73
|
+
* `authClient.twoFactor.sendOtp`
|
|
74
|
+
*
|
|
75
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-send-otp)
|
|
76
|
+
*/
|
|
77
|
+
sendTwoFactorOTP: better_call0.StrictEndpoint<"/two-factor/send-otp", {
|
|
78
|
+
method: "POST";
|
|
79
|
+
body: z.ZodOptional<z.ZodObject<{
|
|
80
|
+
trustDevice: z.ZodOptional<z.ZodBoolean>;
|
|
81
|
+
}, z.core.$strip>>;
|
|
82
|
+
metadata: {
|
|
83
|
+
openapi: {
|
|
84
|
+
summary: string;
|
|
85
|
+
description: string;
|
|
86
|
+
responses: {
|
|
87
|
+
200: {
|
|
88
|
+
description: string;
|
|
89
|
+
content: {
|
|
90
|
+
"application/json": {
|
|
91
|
+
schema: {
|
|
92
|
+
type: "object";
|
|
93
|
+
properties: {
|
|
94
|
+
status: {
|
|
95
|
+
type: string;
|
|
96
|
+
};
|
|
97
|
+
};
|
|
98
|
+
};
|
|
99
|
+
};
|
|
100
|
+
};
|
|
101
|
+
};
|
|
102
|
+
};
|
|
103
|
+
};
|
|
104
|
+
};
|
|
105
|
+
}, {
|
|
106
|
+
status: boolean;
|
|
107
|
+
}>;
|
|
108
|
+
/**
|
|
109
|
+
* ### Endpoint
|
|
110
|
+
*
|
|
111
|
+
* POST `/two-factor/verify-otp`
|
|
112
|
+
*
|
|
113
|
+
* ### API Methods
|
|
114
|
+
*
|
|
115
|
+
* **server:**
|
|
116
|
+
* `auth.api.verifyOTP`
|
|
117
|
+
*
|
|
118
|
+
* **client:**
|
|
119
|
+
* `authClient.twoFactor.verifyOtp`
|
|
120
|
+
*
|
|
121
|
+
* @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-verify-otp)
|
|
122
|
+
*/
|
|
123
|
+
verifyTwoFactorOTP: better_call0.StrictEndpoint<"/two-factor/verify-otp", {
|
|
124
|
+
method: "POST";
|
|
125
|
+
body: z.ZodObject<{
|
|
126
|
+
code: z.ZodString;
|
|
127
|
+
trustDevice: z.ZodOptional<z.ZodBoolean>;
|
|
128
|
+
}, z.core.$strip>;
|
|
129
|
+
metadata: {
|
|
130
|
+
openapi: {
|
|
131
|
+
summary: string;
|
|
132
|
+
description: string;
|
|
133
|
+
responses: {
|
|
134
|
+
"200": {
|
|
135
|
+
description: string;
|
|
136
|
+
content: {
|
|
137
|
+
"application/json": {
|
|
138
|
+
schema: {
|
|
139
|
+
type: "object";
|
|
140
|
+
properties: {
|
|
141
|
+
token: {
|
|
142
|
+
type: string;
|
|
143
|
+
description: string;
|
|
144
|
+
};
|
|
145
|
+
user: {
|
|
146
|
+
type: string;
|
|
147
|
+
properties: {
|
|
148
|
+
id: {
|
|
149
|
+
type: string;
|
|
150
|
+
description: string;
|
|
151
|
+
};
|
|
152
|
+
email: {
|
|
153
|
+
type: string;
|
|
154
|
+
format: string;
|
|
155
|
+
nullable: boolean;
|
|
156
|
+
description: string;
|
|
157
|
+
};
|
|
158
|
+
emailVerified: {
|
|
159
|
+
type: string;
|
|
160
|
+
nullable: boolean;
|
|
161
|
+
description: string;
|
|
162
|
+
};
|
|
163
|
+
name: {
|
|
164
|
+
type: string;
|
|
165
|
+
nullable: boolean;
|
|
166
|
+
description: string;
|
|
167
|
+
};
|
|
168
|
+
image: {
|
|
169
|
+
type: string;
|
|
170
|
+
format: string;
|
|
171
|
+
nullable: boolean;
|
|
172
|
+
description: string;
|
|
173
|
+
};
|
|
174
|
+
createdAt: {
|
|
175
|
+
type: string;
|
|
176
|
+
format: string;
|
|
177
|
+
description: string;
|
|
178
|
+
};
|
|
179
|
+
updatedAt: {
|
|
180
|
+
type: string;
|
|
181
|
+
format: string;
|
|
182
|
+
description: string;
|
|
183
|
+
};
|
|
184
|
+
};
|
|
185
|
+
required: string[];
|
|
186
|
+
description: string;
|
|
187
|
+
};
|
|
188
|
+
};
|
|
189
|
+
required: string[];
|
|
190
|
+
};
|
|
191
|
+
};
|
|
192
|
+
};
|
|
193
|
+
};
|
|
194
|
+
};
|
|
195
|
+
};
|
|
196
|
+
};
|
|
197
|
+
}, {
|
|
198
|
+
token: string;
|
|
199
|
+
user: UserWithTwoFactor;
|
|
200
|
+
} | {
|
|
201
|
+
token: string;
|
|
202
|
+
user: Record<string, any> & {
|
|
203
|
+
id: string;
|
|
204
|
+
createdAt: Date;
|
|
205
|
+
updatedAt: Date;
|
|
206
|
+
email: string;
|
|
207
|
+
emailVerified: boolean;
|
|
208
|
+
name: string;
|
|
209
|
+
image?: string | null | undefined;
|
|
210
|
+
};
|
|
211
|
+
}>;
|
|
212
|
+
};
|
|
213
|
+
};
|
|
214
|
+
//#endregion
|
|
215
|
+
export { OTPOptions, otp2fa };
|
|
216
|
+
//# sourceMappingURL=index.d.mts.map
|