@sirketio/auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (594) hide show
  1. package/dist/_virtual/_rolldown/runtime.mjs +36 -0
  2. package/dist/adapter/index.d.mts +4 -0
  3. package/dist/adapter/index.mjs +7 -0
  4. package/dist/api/index.d.mts +3872 -0
  5. package/dist/api/index.mjs +206 -0
  6. package/dist/api/index.mjs.map +1 -0
  7. package/dist/api/middlewares/index.d.mts +1 -0
  8. package/dist/api/middlewares/index.mjs +3 -0
  9. package/dist/api/middlewares/origin-check.d.mts +18 -0
  10. package/dist/api/middlewares/origin-check.mjs +140 -0
  11. package/dist/api/middlewares/origin-check.mjs.map +1 -0
  12. package/dist/api/rate-limiter/index.mjs +204 -0
  13. package/dist/api/rate-limiter/index.mjs.map +1 -0
  14. package/dist/api/routes/account.d.mts +410 -0
  15. package/dist/api/routes/account.mjs +493 -0
  16. package/dist/api/routes/account.mjs.map +1 -0
  17. package/dist/api/routes/callback.d.mts +31 -0
  18. package/dist/api/routes/callback.mjs +179 -0
  19. package/dist/api/routes/callback.mjs.map +1 -0
  20. package/dist/api/routes/email-verification.d.mts +161 -0
  21. package/dist/api/routes/email-verification.mjs +299 -0
  22. package/dist/api/routes/email-verification.mjs.map +1 -0
  23. package/dist/api/routes/error.d.mts +28 -0
  24. package/dist/api/routes/error.mjs +386 -0
  25. package/dist/api/routes/error.mjs.map +1 -0
  26. package/dist/api/routes/index.d.mts +11 -0
  27. package/dist/api/routes/index.mjs +13 -0
  28. package/dist/api/routes/ok.d.mts +36 -0
  29. package/dist/api/routes/ok.mjs +30 -0
  30. package/dist/api/routes/ok.mjs.map +1 -0
  31. package/dist/api/routes/password.d.mts +182 -0
  32. package/dist/api/routes/password.mjs +198 -0
  33. package/dist/api/routes/password.mjs.map +1 -0
  34. package/dist/api/routes/session.d.mts +415 -0
  35. package/dist/api/routes/session.mjs +483 -0
  36. package/dist/api/routes/session.mjs.map +1 -0
  37. package/dist/api/routes/sign-in.d.mts +171 -0
  38. package/dist/api/routes/sign-in.mjs +263 -0
  39. package/dist/api/routes/sign-in.mjs.map +1 -0
  40. package/dist/api/routes/sign-out.d.mts +36 -0
  41. package/dist/api/routes/sign-out.mjs +33 -0
  42. package/dist/api/routes/sign-out.mjs.map +1 -0
  43. package/dist/api/routes/sign-up.d.mts +160 -0
  44. package/dist/api/routes/sign-up.mjs +227 -0
  45. package/dist/api/routes/sign-up.mjs.map +1 -0
  46. package/dist/api/routes/update-user.d.mts +445 -0
  47. package/dist/api/routes/update-user.mjs +493 -0
  48. package/dist/api/routes/update-user.mjs.map +1 -0
  49. package/dist/api/state/oauth.d.mts +18 -0
  50. package/dist/api/state/oauth.mjs +8 -0
  51. package/dist/api/state/oauth.mjs.map +1 -0
  52. package/dist/api/state/should-session-refresh.d.mts +13 -0
  53. package/dist/api/state/should-session-refresh.mjs +16 -0
  54. package/dist/api/state/should-session-refresh.mjs.map +1 -0
  55. package/dist/api/to-auth-endpoints.mjs +197 -0
  56. package/dist/api/to-auth-endpoints.mjs.map +1 -0
  57. package/dist/auth/base.mjs +45 -0
  58. package/dist/auth/base.mjs.map +1 -0
  59. package/dist/auth/minimal.d.mts +12 -0
  60. package/dist/auth/minimal.mjs +14 -0
  61. package/dist/auth/minimal.mjs.map +1 -0
  62. package/dist/auth/trusted-origins.mjs +31 -0
  63. package/dist/auth/trusted-origins.mjs.map +1 -0
  64. package/dist/client/broadcast-channel.d.mts +20 -0
  65. package/dist/client/broadcast-channel.mjs +46 -0
  66. package/dist/client/broadcast-channel.mjs.map +1 -0
  67. package/dist/client/config.mjs +90 -0
  68. package/dist/client/config.mjs.map +1 -0
  69. package/dist/client/fetch-plugins.mjs +18 -0
  70. package/dist/client/fetch-plugins.mjs.map +1 -0
  71. package/dist/client/focus-manager.d.mts +11 -0
  72. package/dist/client/focus-manager.mjs +32 -0
  73. package/dist/client/focus-manager.mjs.map +1 -0
  74. package/dist/client/index.d.mts +33 -0
  75. package/dist/client/index.mjs +21 -0
  76. package/dist/client/index.mjs.map +1 -0
  77. package/dist/client/online-manager.d.mts +12 -0
  78. package/dist/client/online-manager.mjs +35 -0
  79. package/dist/client/online-manager.mjs.map +1 -0
  80. package/dist/client/parser.mjs +73 -0
  81. package/dist/client/parser.mjs.map +1 -0
  82. package/dist/client/path-to-object.d.mts +65 -0
  83. package/dist/client/plugins/index.d.mts +53 -0
  84. package/dist/client/plugins/index.mjs +30 -0
  85. package/dist/client/plugins/infer-plugin.d.mts +16 -0
  86. package/dist/client/plugins/infer-plugin.mjs +11 -0
  87. package/dist/client/plugins/infer-plugin.mjs.map +1 -0
  88. package/dist/client/proxy.mjs +79 -0
  89. package/dist/client/proxy.mjs.map +1 -0
  90. package/dist/client/query.d.mts +23 -0
  91. package/dist/client/query.mjs +98 -0
  92. package/dist/client/query.mjs.map +1 -0
  93. package/dist/client/react/index.d.mts +128 -0
  94. package/dist/client/react/index.mjs +24 -0
  95. package/dist/client/react/index.mjs.map +1 -0
  96. package/dist/client/react/react-store.d.mts +47 -0
  97. package/dist/client/react/react-store.mjs +47 -0
  98. package/dist/client/react/react-store.mjs.map +1 -0
  99. package/dist/client/session-atom.mjs +29 -0
  100. package/dist/client/session-atom.mjs.map +1 -0
  101. package/dist/client/session-refresh.d.mts +28 -0
  102. package/dist/client/session-refresh.mjs +140 -0
  103. package/dist/client/session-refresh.mjs.map +1 -0
  104. package/dist/client/types.d.mts +41 -0
  105. package/dist/client/vanilla.d.mts +127 -0
  106. package/dist/client/vanilla.mjs +20 -0
  107. package/dist/client/vanilla.mjs.map +1 -0
  108. package/dist/context/create-context.mjs +211 -0
  109. package/dist/context/create-context.mjs.map +1 -0
  110. package/dist/context/helpers.mjs +83 -0
  111. package/dist/context/helpers.mjs.map +1 -0
  112. package/dist/context/init.mjs +20 -0
  113. package/dist/context/init.mjs.map +1 -0
  114. package/dist/cookies/cookie-utils.d.mts +29 -0
  115. package/dist/cookies/cookie-utils.mjs +105 -0
  116. package/dist/cookies/cookie-utils.mjs.map +1 -0
  117. package/dist/cookies/index.d.mts +121 -0
  118. package/dist/cookies/index.mjs +261 -0
  119. package/dist/cookies/index.mjs.map +1 -0
  120. package/dist/cookies/session-store.d.mts +36 -0
  121. package/dist/cookies/session-store.mjs +200 -0
  122. package/dist/cookies/session-store.mjs.map +1 -0
  123. package/dist/crypto/buffer.d.mts +8 -0
  124. package/dist/crypto/buffer.mjs +18 -0
  125. package/dist/crypto/buffer.mjs.map +1 -0
  126. package/dist/crypto/index.d.mts +27 -0
  127. package/dist/crypto/index.mjs +38 -0
  128. package/dist/crypto/index.mjs.map +1 -0
  129. package/dist/crypto/jwt.d.mts +8 -0
  130. package/dist/crypto/jwt.mjs +95 -0
  131. package/dist/crypto/jwt.mjs.map +1 -0
  132. package/dist/crypto/password.d.mts +12 -0
  133. package/dist/crypto/password.mjs +36 -0
  134. package/dist/crypto/password.mjs.map +1 -0
  135. package/dist/crypto/random.d.mts +5 -0
  136. package/dist/crypto/random.mjs +8 -0
  137. package/dist/crypto/random.mjs.map +1 -0
  138. package/dist/db/adapter-base.d.mts +8 -0
  139. package/dist/db/adapter-base.mjs +19 -0
  140. package/dist/db/adapter-base.mjs.map +1 -0
  141. package/dist/db/field-converter.d.mts +8 -0
  142. package/dist/db/field-converter.mjs +21 -0
  143. package/dist/db/field-converter.mjs.map +1 -0
  144. package/dist/db/field.d.mts +42 -0
  145. package/dist/db/get-schema.d.mts +11 -0
  146. package/dist/db/get-schema.mjs +39 -0
  147. package/dist/db/get-schema.mjs.map +1 -0
  148. package/dist/db/index.d.mts +18 -0
  149. package/dist/db/index.mjs +34 -0
  150. package/dist/db/index.mjs.map +1 -0
  151. package/dist/db/internal-adapter.d.mts +14 -0
  152. package/dist/db/internal-adapter.mjs +616 -0
  153. package/dist/db/internal-adapter.mjs.map +1 -0
  154. package/dist/db/schema.d.mts +49 -0
  155. package/dist/db/schema.mjs +118 -0
  156. package/dist/db/schema.mjs.map +1 -0
  157. package/dist/db/to-zod.d.mts +36 -0
  158. package/dist/db/to-zod.mjs +26 -0
  159. package/dist/db/to-zod.mjs.map +1 -0
  160. package/dist/db/verification-token-storage.mjs +28 -0
  161. package/dist/db/verification-token-storage.mjs.map +1 -0
  162. package/dist/db/with-hooks.d.mts +33 -0
  163. package/dist/db/with-hooks.mjs +159 -0
  164. package/dist/db/with-hooks.mjs.map +1 -0
  165. package/dist/index.d.mts +53 -0
  166. package/dist/index.mjs +27 -0
  167. package/dist/integrations/next-js.d.mts +29 -0
  168. package/dist/integrations/next-js.mjs +85 -0
  169. package/dist/integrations/next-js.mjs.map +1 -0
  170. package/dist/oauth2/index.d.mts +5 -0
  171. package/dist/oauth2/index.mjs +7 -0
  172. package/dist/oauth2/link-account.d.mts +48 -0
  173. package/dist/oauth2/link-account.mjs +143 -0
  174. package/dist/oauth2/link-account.mjs.map +1 -0
  175. package/dist/oauth2/state.d.mts +26 -0
  176. package/dist/oauth2/state.mjs +51 -0
  177. package/dist/oauth2/state.mjs.map +1 -0
  178. package/dist/oauth2/utils.d.mts +8 -0
  179. package/dist/oauth2/utils.mjs +31 -0
  180. package/dist/oauth2/utils.mjs.map +1 -0
  181. package/dist/plugins/access/access.d.mts +30 -0
  182. package/dist/plugins/access/access.mjs +46 -0
  183. package/dist/plugins/access/access.mjs.map +1 -0
  184. package/dist/plugins/access/index.d.mts +3 -0
  185. package/dist/plugins/access/index.mjs +3 -0
  186. package/dist/plugins/access/types.d.mts +17 -0
  187. package/dist/plugins/additional-fields/client.d.mts +96 -0
  188. package/dist/plugins/additional-fields/client.mjs +11 -0
  189. package/dist/plugins/additional-fields/client.mjs.map +1 -0
  190. package/dist/plugins/admin/access/index.d.mts +2 -0
  191. package/dist/plugins/admin/access/index.mjs +3 -0
  192. package/dist/plugins/admin/access/statement.d.mts +118 -0
  193. package/dist/plugins/admin/access/statement.mjs +53 -0
  194. package/dist/plugins/admin/access/statement.mjs.map +1 -0
  195. package/dist/plugins/admin/admin.d.mts +911 -0
  196. package/dist/plugins/admin/admin.mjs +95 -0
  197. package/dist/plugins/admin/admin.mjs.map +1 -0
  198. package/dist/plugins/admin/client.d.mts +76 -0
  199. package/dist/plugins/admin/client.mjs +36 -0
  200. package/dist/plugins/admin/client.mjs.map +1 -0
  201. package/dist/plugins/admin/error-codes.d.mts +29 -0
  202. package/dist/plugins/admin/error-codes.mjs +30 -0
  203. package/dist/plugins/admin/error-codes.mjs.map +1 -0
  204. package/dist/plugins/admin/has-permission.mjs +16 -0
  205. package/dist/plugins/admin/has-permission.mjs.map +1 -0
  206. package/dist/plugins/admin/index.d.mts +3 -0
  207. package/dist/plugins/admin/index.mjs +3 -0
  208. package/dist/plugins/admin/routes.mjs +841 -0
  209. package/dist/plugins/admin/routes.mjs.map +1 -0
  210. package/dist/plugins/admin/schema.d.mts +40 -0
  211. package/dist/plugins/admin/schema.mjs +34 -0
  212. package/dist/plugins/admin/schema.mjs.map +1 -0
  213. package/dist/plugins/admin/types.d.mts +89 -0
  214. package/dist/plugins/api-key/adapter.mjs +468 -0
  215. package/dist/plugins/api-key/adapter.mjs.map +1 -0
  216. package/dist/plugins/api-key/client.d.mts +46 -0
  217. package/dist/plugins/api-key/client.mjs +19 -0
  218. package/dist/plugins/api-key/client.mjs.map +1 -0
  219. package/dist/plugins/api-key/error-codes.d.mts +33 -0
  220. package/dist/plugins/api-key/error-codes.mjs +34 -0
  221. package/dist/plugins/api-key/error-codes.mjs.map +1 -0
  222. package/dist/plugins/api-key/index.d.mts +1251 -0
  223. package/dist/plugins/api-key/index.mjs +134 -0
  224. package/dist/plugins/api-key/index.mjs.map +1 -0
  225. package/dist/plugins/api-key/rate-limit.mjs +74 -0
  226. package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
  227. package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
  228. package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
  229. package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
  230. package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
  231. package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
  232. package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
  233. package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
  234. package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
  235. package/dist/plugins/api-key/routes/index.mjs +71 -0
  236. package/dist/plugins/api-key/routes/index.mjs.map +1 -0
  237. package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
  238. package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
  239. package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
  240. package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
  241. package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
  242. package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
  243. package/dist/plugins/api-key/schema.d.mts +199 -0
  244. package/dist/plugins/api-key/schema.mjs +130 -0
  245. package/dist/plugins/api-key/schema.mjs.map +1 -0
  246. package/dist/plugins/api-key/types.d.mts +346 -0
  247. package/dist/plugins/bearer/index.d.mts +45 -0
  248. package/dist/plugins/bearer/index.mjs +66 -0
  249. package/dist/plugins/bearer/index.mjs.map +1 -0
  250. package/dist/plugins/captcha/constants.d.mts +10 -0
  251. package/dist/plugins/captcha/constants.mjs +22 -0
  252. package/dist/plugins/captcha/constants.mjs.map +1 -0
  253. package/dist/plugins/captcha/error-codes.mjs +16 -0
  254. package/dist/plugins/captcha/error-codes.mjs.map +1 -0
  255. package/dist/plugins/captcha/index.d.mts +21 -0
  256. package/dist/plugins/captcha/index.mjs +62 -0
  257. package/dist/plugins/captcha/index.mjs.map +1 -0
  258. package/dist/plugins/captcha/types.d.mts +28 -0
  259. package/dist/plugins/captcha/utils.mjs +11 -0
  260. package/dist/plugins/captcha/utils.mjs.map +1 -0
  261. package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
  262. package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
  263. package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
  264. package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
  265. package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
  266. package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
  267. package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
  268. package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
  269. package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
  270. package/dist/plugins/custom-session/client.d.mts +17 -0
  271. package/dist/plugins/custom-session/client.mjs +11 -0
  272. package/dist/plugins/custom-session/client.mjs.map +1 -0
  273. package/dist/plugins/custom-session/index.d.mts +72 -0
  274. package/dist/plugins/custom-session/index.mjs +78 -0
  275. package/dist/plugins/custom-session/index.mjs.map +1 -0
  276. package/dist/plugins/device-authorization/client.d.mts +17 -0
  277. package/dist/plugins/device-authorization/client.mjs +18 -0
  278. package/dist/plugins/device-authorization/client.mjs.map +1 -0
  279. package/dist/plugins/device-authorization/error-codes.mjs +21 -0
  280. package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
  281. package/dist/plugins/device-authorization/index.d.mts +424 -0
  282. package/dist/plugins/device-authorization/index.mjs +50 -0
  283. package/dist/plugins/device-authorization/index.mjs.map +1 -0
  284. package/dist/plugins/device-authorization/routes.mjs +510 -0
  285. package/dist/plugins/device-authorization/routes.mjs.map +1 -0
  286. package/dist/plugins/device-authorization/schema.mjs +57 -0
  287. package/dist/plugins/device-authorization/schema.mjs.map +1 -0
  288. package/dist/plugins/email-otp/client.d.mts +21 -0
  289. package/dist/plugins/email-otp/client.mjs +18 -0
  290. package/dist/plugins/email-otp/client.mjs.map +1 -0
  291. package/dist/plugins/email-otp/error-codes.d.mts +11 -0
  292. package/dist/plugins/email-otp/error-codes.mjs +12 -0
  293. package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
  294. package/dist/plugins/email-otp/index.d.mts +428 -0
  295. package/dist/plugins/email-otp/index.mjs +130 -0
  296. package/dist/plugins/email-otp/index.mjs.map +1 -0
  297. package/dist/plugins/email-otp/otp-token.mjs +29 -0
  298. package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
  299. package/dist/plugins/email-otp/routes.mjs +631 -0
  300. package/dist/plugins/email-otp/routes.mjs.map +1 -0
  301. package/dist/plugins/email-otp/types.d.mts +86 -0
  302. package/dist/plugins/email-otp/utils.mjs +17 -0
  303. package/dist/plugins/email-otp/utils.mjs.map +1 -0
  304. package/dist/plugins/generic-oauth/client.d.mts +33 -0
  305. package/dist/plugins/generic-oauth/client.mjs +14 -0
  306. package/dist/plugins/generic-oauth/client.mjs.map +1 -0
  307. package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
  308. package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
  309. package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
  310. package/dist/plugins/generic-oauth/index.d.mts +201 -0
  311. package/dist/plugins/generic-oauth/index.mjs +145 -0
  312. package/dist/plugins/generic-oauth/index.mjs.map +1 -0
  313. package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
  314. package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
  315. package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
  316. package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
  317. package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
  318. package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
  319. package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
  320. package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
  321. package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
  322. package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
  323. package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
  324. package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
  325. package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
  326. package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
  327. package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
  328. package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
  329. package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
  330. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
  331. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
  332. package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
  333. package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
  334. package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
  335. package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
  336. package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
  337. package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
  338. package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
  339. package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
  340. package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
  341. package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
  342. package/dist/plugins/generic-oauth/routes.mjs +411 -0
  343. package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
  344. package/dist/plugins/generic-oauth/types.d.mts +159 -0
  345. package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
  346. package/dist/plugins/haveibeenpwned/index.mjs +57 -0
  347. package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
  348. package/dist/plugins/index.d.mts +65 -0
  349. package/dist/plugins/index.mjs +48 -0
  350. package/dist/plugins/jwt/adapter.mjs +27 -0
  351. package/dist/plugins/jwt/adapter.mjs.map +1 -0
  352. package/dist/plugins/jwt/client.d.mts +40 -0
  353. package/dist/plugins/jwt/client.mjs +19 -0
  354. package/dist/plugins/jwt/client.mjs.map +1 -0
  355. package/dist/plugins/jwt/index.d.mts +224 -0
  356. package/dist/plugins/jwt/index.mjs +202 -0
  357. package/dist/plugins/jwt/index.mjs.map +1 -0
  358. package/dist/plugins/jwt/schema.d.mts +26 -0
  359. package/dist/plugins/jwt/schema.mjs +23 -0
  360. package/dist/plugins/jwt/schema.mjs.map +1 -0
  361. package/dist/plugins/jwt/sign.d.mts +57 -0
  362. package/dist/plugins/jwt/sign.mjs +66 -0
  363. package/dist/plugins/jwt/sign.mjs.map +1 -0
  364. package/dist/plugins/jwt/types.d.mts +194 -0
  365. package/dist/plugins/jwt/utils.d.mts +42 -0
  366. package/dist/plugins/jwt/utils.mjs +64 -0
  367. package/dist/plugins/jwt/utils.mjs.map +1 -0
  368. package/dist/plugins/jwt/verify.d.mts +12 -0
  369. package/dist/plugins/jwt/verify.mjs +46 -0
  370. package/dist/plugins/jwt/verify.mjs.map +1 -0
  371. package/dist/plugins/last-login-method/client.d.mts +38 -0
  372. package/dist/plugins/last-login-method/client.mjs +32 -0
  373. package/dist/plugins/last-login-method/client.mjs.map +1 -0
  374. package/dist/plugins/last-login-method/index.d.mts +118 -0
  375. package/dist/plugins/last-login-method/index.mjs +76 -0
  376. package/dist/plugins/last-login-method/index.mjs.map +1 -0
  377. package/dist/plugins/magic-link/client.d.mts +10 -0
  378. package/dist/plugins/magic-link/client.mjs +11 -0
  379. package/dist/plugins/magic-link/client.mjs.map +1 -0
  380. package/dist/plugins/magic-link/index.d.mts +193 -0
  381. package/dist/plugins/magic-link/index.mjs +177 -0
  382. package/dist/plugins/magic-link/index.mjs.map +1 -0
  383. package/dist/plugins/magic-link/utils.mjs +12 -0
  384. package/dist/plugins/magic-link/utils.mjs.map +1 -0
  385. package/dist/plugins/mcp/authorize.mjs +133 -0
  386. package/dist/plugins/mcp/authorize.mjs.map +1 -0
  387. package/dist/plugins/mcp/index.d.mts +458 -0
  388. package/dist/plugins/mcp/index.mjs +717 -0
  389. package/dist/plugins/mcp/index.mjs.map +1 -0
  390. package/dist/plugins/multi-session/client.d.mts +19 -0
  391. package/dist/plugins/multi-session/client.mjs +20 -0
  392. package/dist/plugins/multi-session/client.mjs.map +1 -0
  393. package/dist/plugins/multi-session/error-codes.d.mts +9 -0
  394. package/dist/plugins/multi-session/error-codes.mjs +8 -0
  395. package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
  396. package/dist/plugins/multi-session/index.d.mts +235 -0
  397. package/dist/plugins/multi-session/index.mjs +172 -0
  398. package/dist/plugins/multi-session/index.mjs.map +1 -0
  399. package/dist/plugins/oauth-proxy/index.d.mts +97 -0
  400. package/dist/plugins/oauth-proxy/index.mjs +305 -0
  401. package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
  402. package/dist/plugins/oauth-proxy/utils.mjs +51 -0
  403. package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
  404. package/dist/plugins/oidc-provider/authorize.mjs +194 -0
  405. package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
  406. package/dist/plugins/oidc-provider/client.d.mts +12 -0
  407. package/dist/plugins/oidc-provider/client.mjs +11 -0
  408. package/dist/plugins/oidc-provider/client.mjs.map +1 -0
  409. package/dist/plugins/oidc-provider/error.mjs +17 -0
  410. package/dist/plugins/oidc-provider/error.mjs.map +1 -0
  411. package/dist/plugins/oidc-provider/index.d.mts +702 -0
  412. package/dist/plugins/oidc-provider/index.mjs +1093 -0
  413. package/dist/plugins/oidc-provider/index.mjs.map +1 -0
  414. package/dist/plugins/oidc-provider/schema.d.mts +160 -0
  415. package/dist/plugins/oidc-provider/schema.mjs +132 -0
  416. package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
  417. package/dist/plugins/oidc-provider/types.d.mts +517 -0
  418. package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
  419. package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
  420. package/dist/plugins/oidc-provider/utils.mjs +15 -0
  421. package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
  422. package/dist/plugins/one-tap/client.d.mts +174 -0
  423. package/dist/plugins/one-tap/client.mjs +188 -0
  424. package/dist/plugins/one-tap/client.mjs.map +1 -0
  425. package/dist/plugins/one-tap/index.d.mts +83 -0
  426. package/dist/plugins/one-tap/index.mjs +95 -0
  427. package/dist/plugins/one-tap/index.mjs.map +1 -0
  428. package/dist/plugins/one-time-token/client.d.mts +10 -0
  429. package/dist/plugins/one-time-token/client.mjs +11 -0
  430. package/dist/plugins/one-time-token/client.mjs.map +1 -0
  431. package/dist/plugins/one-time-token/index.d.mts +133 -0
  432. package/dist/plugins/one-time-token/index.mjs +82 -0
  433. package/dist/plugins/one-time-token/index.mjs.map +1 -0
  434. package/dist/plugins/one-time-token/utils.mjs +12 -0
  435. package/dist/plugins/one-time-token/utils.mjs.map +1 -0
  436. package/dist/plugins/open-api/generator.d.mts +115 -0
  437. package/dist/plugins/open-api/generator.mjs +315 -0
  438. package/dist/plugins/open-api/generator.mjs.map +1 -0
  439. package/dist/plugins/open-api/index.d.mts +97 -0
  440. package/dist/plugins/open-api/index.mjs +67 -0
  441. package/dist/plugins/open-api/index.mjs.map +1 -0
  442. package/dist/plugins/open-api/logo.mjs +15 -0
  443. package/dist/plugins/open-api/logo.mjs.map +1 -0
  444. package/dist/plugins/organization/access/index.d.mts +2 -0
  445. package/dist/plugins/organization/access/index.mjs +3 -0
  446. package/dist/plugins/organization/access/statement.d.mts +249 -0
  447. package/dist/plugins/organization/access/statement.mjs +81 -0
  448. package/dist/plugins/organization/access/statement.mjs.map +1 -0
  449. package/dist/plugins/organization/adapter.d.mts +792 -0
  450. package/dist/plugins/organization/adapter.mjs +624 -0
  451. package/dist/plugins/organization/adapter.mjs.map +1 -0
  452. package/dist/plugins/organization/call.mjs +19 -0
  453. package/dist/plugins/organization/call.mjs.map +1 -0
  454. package/dist/plugins/organization/client.d.mts +372 -0
  455. package/dist/plugins/organization/client.mjs +95 -0
  456. package/dist/plugins/organization/client.mjs.map +1 -0
  457. package/dist/plugins/organization/error-codes.d.mts +65 -0
  458. package/dist/plugins/organization/error-codes.mjs +66 -0
  459. package/dist/plugins/organization/error-codes.mjs.map +1 -0
  460. package/dist/plugins/organization/has-permission.mjs +35 -0
  461. package/dist/plugins/organization/has-permission.mjs.map +1 -0
  462. package/dist/plugins/organization/index.d.mts +5 -0
  463. package/dist/plugins/organization/index.mjs +4 -0
  464. package/dist/plugins/organization/organization.d.mts +394 -0
  465. package/dist/plugins/organization/organization.mjs +428 -0
  466. package/dist/plugins/organization/organization.mjs.map +1 -0
  467. package/dist/plugins/organization/permission.d.mts +17 -0
  468. package/dist/plugins/organization/permission.mjs +16 -0
  469. package/dist/plugins/organization/permission.mjs.map +1 -0
  470. package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
  471. package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
  472. package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
  473. package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
  474. package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
  475. package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
  476. package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
  477. package/dist/plugins/organization/routes/crud-members.mjs +466 -0
  478. package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
  479. package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
  480. package/dist/plugins/organization/routes/crud-org.mjs +423 -0
  481. package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
  482. package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
  483. package/dist/plugins/organization/routes/crud-team.mjs +676 -0
  484. package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
  485. package/dist/plugins/organization/schema.d.mts +376 -0
  486. package/dist/plugins/organization/schema.mjs +68 -0
  487. package/dist/plugins/organization/schema.mjs.map +1 -0
  488. package/dist/plugins/organization/types.d.mts +677 -0
  489. package/dist/plugins/phone-number/client.d.mts +31 -0
  490. package/dist/plugins/phone-number/client.mjs +20 -0
  491. package/dist/plugins/phone-number/client.mjs.map +1 -0
  492. package/dist/plugins/phone-number/error-codes.d.mts +20 -0
  493. package/dist/plugins/phone-number/error-codes.mjs +21 -0
  494. package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
  495. package/dist/plugins/phone-number/index.d.mts +318 -0
  496. package/dist/plugins/phone-number/index.mjs +49 -0
  497. package/dist/plugins/phone-number/index.mjs.map +1 -0
  498. package/dist/plugins/phone-number/routes.mjs +472 -0
  499. package/dist/plugins/phone-number/routes.mjs.map +1 -0
  500. package/dist/plugins/phone-number/schema.d.mts +23 -0
  501. package/dist/plugins/phone-number/schema.mjs +20 -0
  502. package/dist/plugins/phone-number/schema.mjs.map +1 -0
  503. package/dist/plugins/phone-number/types.d.mts +118 -0
  504. package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
  505. package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
  506. package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
  507. package/dist/plugins/two-factor/client.d.mts +55 -0
  508. package/dist/plugins/two-factor/client.mjs +37 -0
  509. package/dist/plugins/two-factor/client.mjs.map +1 -0
  510. package/dist/plugins/two-factor/constant.mjs +8 -0
  511. package/dist/plugins/two-factor/constant.mjs.map +1 -0
  512. package/dist/plugins/two-factor/error-code.d.mts +17 -0
  513. package/dist/plugins/two-factor/error-code.mjs +18 -0
  514. package/dist/plugins/two-factor/error-code.mjs.map +1 -0
  515. package/dist/plugins/two-factor/index.d.mts +670 -0
  516. package/dist/plugins/two-factor/index.mjs +228 -0
  517. package/dist/plugins/two-factor/index.mjs.map +1 -0
  518. package/dist/plugins/two-factor/otp/index.d.mts +216 -0
  519. package/dist/plugins/two-factor/otp/index.mjs +199 -0
  520. package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
  521. package/dist/plugins/two-factor/schema.d.mts +41 -0
  522. package/dist/plugins/two-factor/schema.mjs +36 -0
  523. package/dist/plugins/two-factor/schema.mjs.map +1 -0
  524. package/dist/plugins/two-factor/totp/index.d.mts +210 -0
  525. package/dist/plugins/two-factor/totp/index.mjs +157 -0
  526. package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
  527. package/dist/plugins/two-factor/types.d.mts +73 -0
  528. package/dist/plugins/two-factor/utils.mjs +12 -0
  529. package/dist/plugins/two-factor/utils.mjs.map +1 -0
  530. package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
  531. package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
  532. package/dist/plugins/username/client.d.mts +26 -0
  533. package/dist/plugins/username/client.mjs +18 -0
  534. package/dist/plugins/username/client.mjs.map +1 -0
  535. package/dist/plugins/username/error-codes.d.mts +16 -0
  536. package/dist/plugins/username/error-codes.mjs +17 -0
  537. package/dist/plugins/username/error-codes.mjs.map +1 -0
  538. package/dist/plugins/username/index.d.mts +251 -0
  539. package/dist/plugins/username/index.mjs +234 -0
  540. package/dist/plugins/username/index.mjs.map +1 -0
  541. package/dist/plugins/username/schema.d.mts +33 -0
  542. package/dist/plugins/username/schema.mjs +26 -0
  543. package/dist/plugins/username/schema.mjs.map +1 -0
  544. package/dist/providers/index.d.mts +1 -0
  545. package/dist/providers/index.mjs +3 -0
  546. package/dist/state.d.mts +42 -0
  547. package/dist/state.mjs +107 -0
  548. package/dist/state.mjs.map +1 -0
  549. package/dist/types/adapter.d.mts +2 -0
  550. package/dist/types/api.d.mts +29 -0
  551. package/dist/types/auth.d.mts +29 -0
  552. package/dist/types/helper.d.mts +10 -0
  553. package/dist/types/index.d.mts +11 -0
  554. package/dist/types/index.mjs +1 -0
  555. package/dist/types/models.d.mts +11 -0
  556. package/dist/types/plugins.d.mts +20 -0
  557. package/dist/utils/boolean.mjs +8 -0
  558. package/dist/utils/boolean.mjs.map +1 -0
  559. package/dist/utils/constants.mjs +6 -0
  560. package/dist/utils/constants.mjs.map +1 -0
  561. package/dist/utils/date.mjs +8 -0
  562. package/dist/utils/date.mjs.map +1 -0
  563. package/dist/utils/get-request-ip.d.mts +7 -0
  564. package/dist/utils/get-request-ip.mjs +23 -0
  565. package/dist/utils/get-request-ip.mjs.map +1 -0
  566. package/dist/utils/hide-metadata.d.mts +7 -0
  567. package/dist/utils/hide-metadata.mjs +6 -0
  568. package/dist/utils/hide-metadata.mjs.map +1 -0
  569. package/dist/utils/index.d.mts +4 -0
  570. package/dist/utils/index.mjs +6 -0
  571. package/dist/utils/is-api-error.d.mts +7 -0
  572. package/dist/utils/is-api-error.mjs +11 -0
  573. package/dist/utils/is-api-error.mjs.map +1 -0
  574. package/dist/utils/is-atom.mjs +8 -0
  575. package/dist/utils/is-atom.mjs.map +1 -0
  576. package/dist/utils/is-promise.mjs +8 -0
  577. package/dist/utils/is-promise.mjs.map +1 -0
  578. package/dist/utils/middleware-response.mjs +9 -0
  579. package/dist/utils/middleware-response.mjs.map +1 -0
  580. package/dist/utils/password.mjs +26 -0
  581. package/dist/utils/password.mjs.map +1 -0
  582. package/dist/utils/plugin-helper.mjs +17 -0
  583. package/dist/utils/plugin-helper.mjs.map +1 -0
  584. package/dist/utils/shim.mjs +24 -0
  585. package/dist/utils/shim.mjs.map +1 -0
  586. package/dist/utils/time.d.mts +49 -0
  587. package/dist/utils/time.mjs +100 -0
  588. package/dist/utils/time.mjs.map +1 -0
  589. package/dist/utils/url.d.mts +8 -0
  590. package/dist/utils/url.mjs +92 -0
  591. package/dist/utils/url.mjs.map +1 -0
  592. package/dist/utils/wildcard.mjs +108 -0
  593. package/dist/utils/wildcard.mjs.map +1 -0
  594. package/package.json +428 -0
package/dist/plugins/two-factor/otp/index.mjs ADDED
@@ -0,0 +1,199 @@
1
+ import { parseUserOutput } from "../../../db/schema.mjs";
2
+ import { constantTimeEqual } from "../../../crypto/buffer.mjs";
3
+ import { generateRandomString } from "../../../crypto/random.mjs";
4
+ import { symmetricDecrypt, symmetricEncrypt } from "../../../crypto/index.mjs";
5
+ import { setSessionCookie } from "../../../cookies/index.mjs";
6
+ import { TWO_FACTOR_ERROR_CODES } from "../error-code.mjs";
7
+ import { verifyTwoFactor } from "../verify-two-factor.mjs";
8
+ import { defaultKeyHasher } from "../utils.mjs";
9
+ import { APIError, BASE_ERROR_CODES } from "@better-auth/core/error";
10
+ import { createAuthEndpoint } from "@better-auth/core/api";
11
+ import * as z from "zod";
12
+
13
+ //#region src/plugins/two-factor/otp/index.ts
14
+ const verifyOTPBodySchema = z.object({
15
+ code: z.string().meta({ description: "The otp code to verify. Eg: \"012345\"" }),
16
+ trustDevice: z.boolean().optional().meta({ description: "If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true" })
17
+ });
18
+ const send2FaOTPBodySchema = z.object({ trustDevice: z.boolean().optional().meta({ description: "If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true" }) }).optional();
19
+ /**
20
+ * The otp adapter is created from the totp adapter.
21
+ */
22
+ const otp2fa = (options) => {
23
+ const opts = {
24
+ storeOTP: "plain",
25
+ digits: 6,
26
+ ...options,
27
+ period: (options?.period || 3) * 60 * 1e3
28
+ };
29
+ async function storeOTP(ctx, otp) {
30
+ if (opts.storeOTP === "hashed") return await defaultKeyHasher(otp);
31
+ if (typeof opts.storeOTP === "object" && "hash" in opts.storeOTP) return await opts.storeOTP.hash(otp);
32
+ if (typeof opts.storeOTP === "object" && "encrypt" in opts.storeOTP) return await opts.storeOTP.encrypt(otp);
33
+ if (opts.storeOTP === "encrypted") return await symmetricEncrypt({
34
+ key: ctx.context.secret,
35
+ data: otp
36
+ });
37
+ return otp;
38
+ }
39
+ async function decryptOrHashForComparison(ctx, storedOtp, userInput) {
40
+ if (opts.storeOTP === "hashed") return [storedOtp, await defaultKeyHasher(userInput)];
41
+ if (opts.storeOTP === "encrypted") return [await symmetricDecrypt({
42
+ key: ctx.context.secret,
43
+ data: storedOtp
44
+ }), userInput];
45
+ if (typeof opts.storeOTP === "object" && "encrypt" in opts.storeOTP) return [await opts.storeOTP.decrypt(storedOtp), userInput];
46
+ if (typeof opts.storeOTP === "object" && "hash" in opts.storeOTP) return [storedOtp, await opts.storeOTP.hash(userInput)];
47
+ return [storedOtp, userInput];
48
+ }
49
+ return {
50
+ id: "otp",
51
+ endpoints: {
52
+ sendTwoFactorOTP: createAuthEndpoint("/two-factor/send-otp", {
53
+ method: "POST",
54
+ body: send2FaOTPBodySchema,
55
+ metadata: { openapi: {
56
+ summary: "Send two factor OTP",
57
+ description: "Send two factor OTP to the user",
58
+ responses: { 200: {
59
+ description: "Successful response",
60
+ content: { "application/json": { schema: {
61
+ type: "object",
62
+ properties: { status: { type: "boolean" } }
63
+ } } }
64
+ } }
65
+ } }
66
+ }, async (ctx) => {
67
+ if (!options || !options.sendOTP) {
68
+ ctx.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options.");
69
+ throw APIError.from("BAD_REQUEST", {
70
+ message: "otp isn't configured",
71
+ code: "OTP_NOT_CONFIGURED"
72
+ });
73
+ }
74
+ const { session, key } = await verifyTwoFactor(ctx);
75
+ const code = generateRandomString(opts.digits, "0-9");
76
+ const hashedCode = await storeOTP(ctx, code);
77
+ await ctx.context.internalAdapter.createVerificationValue({
78
+ value: `${hashedCode}:0`,
79
+ identifier: `2fa-otp-${key}`,
80
+ expiresAt: new Date(Date.now() + opts.period)
81
+ });
82
+ const sendOTPResult = options.sendOTP({
83
+ user: session.user,
84
+ otp: code
85
+ }, ctx);
86
+ if (sendOTPResult instanceof Promise) await ctx.context.runInBackgroundOrAwait(sendOTPResult.catch((e) => {
87
+ ctx.context.logger.error("Failed to send two-factor OTP", e);
88
+ }));
89
+ return ctx.json({ status: true });
90
+ }),
91
+ verifyTwoFactorOTP: createAuthEndpoint("/two-factor/verify-otp", {
92
+ method: "POST",
93
+ body: verifyOTPBodySchema,
94
+ metadata: { openapi: {
95
+ summary: "Verify two factor OTP",
96
+ description: "Verify two factor OTP",
97
+ responses: { "200": {
98
+ description: "Two-factor OTP verified successfully",
99
+ content: { "application/json": { schema: {
100
+ type: "object",
101
+ properties: {
102
+ token: {
103
+ type: "string",
104
+ description: "Session token for the authenticated session"
105
+ },
106
+ user: {
107
+ type: "object",
108
+ properties: {
109
+ id: {
110
+ type: "string",
111
+ description: "Unique identifier of the user"
112
+ },
113
+ email: {
114
+ type: "string",
115
+ format: "email",
116
+ nullable: true,
117
+ description: "User's email address"
118
+ },
119
+ emailVerified: {
120
+ type: "boolean",
121
+ nullable: true,
122
+ description: "Whether the email is verified"
123
+ },
124
+ name: {
125
+ type: "string",
126
+ nullable: true,
127
+ description: "User's name"
128
+ },
129
+ image: {
130
+ type: "string",
131
+ format: "uri",
132
+ nullable: true,
133
+ description: "User's profile image URL"
134
+ },
135
+ createdAt: {
136
+ type: "string",
137
+ format: "date-time",
138
+ description: "Timestamp when the user was created"
139
+ },
140
+ updatedAt: {
141
+ type: "string",
142
+ format: "date-time",
143
+ description: "Timestamp when the user was last updated"
144
+ }
145
+ },
146
+ required: [
147
+ "id",
148
+ "createdAt",
149
+ "updatedAt"
150
+ ],
151
+ description: "The authenticated user object"
152
+ }
153
+ },
154
+ required: ["token", "user"]
155
+ } } }
156
+ } }
157
+ } }
158
+ }, async (ctx) => {
159
+ const { session, key, valid, invalid } = await verifyTwoFactor(ctx);
160
+ const toCheckOtp = await ctx.context.internalAdapter.findVerificationValue(`2fa-otp-${key}`);
161
+ const [otp, counter] = toCheckOtp?.value?.split(":") ?? [];
162
+ if (!toCheckOtp || toCheckOtp.expiresAt < /* @__PURE__ */ new Date()) {
163
+ if (toCheckOtp) await ctx.context.internalAdapter.deleteVerificationValue(toCheckOtp.id);
164
+ throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.OTP_HAS_EXPIRED);
165
+ }
166
+ const allowedAttempts = options?.allowedAttempts || 5;
167
+ if (parseInt(counter) >= allowedAttempts) {
168
+ await ctx.context.internalAdapter.deleteVerificationValue(toCheckOtp.id);
169
+ throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE);
170
+ }
171
+ const [storedValue, inputValue] = await decryptOrHashForComparison(ctx, otp, ctx.body.code);
172
+ if (constantTimeEqual(new TextEncoder().encode(storedValue), new TextEncoder().encode(inputValue))) {
173
+ if (!session.user.twoFactorEnabled) {
174
+ if (!session.session) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);
175
+ const updatedUser = await ctx.context.internalAdapter.updateUser(session.user.id, { twoFactorEnabled: true });
176
+ const newSession = await ctx.context.internalAdapter.createSession(session.user.id, false, session.session);
177
+ await ctx.context.internalAdapter.deleteSession(session.session.token);
178
+ await setSessionCookie(ctx, {
179
+ session: newSession,
180
+ user: updatedUser
181
+ });
182
+ return ctx.json({
183
+ token: newSession.token,
184
+ user: parseUserOutput(ctx.context.options, updatedUser)
185
+ });
186
+ }
187
+ return valid(ctx);
188
+ } else {
189
+ await ctx.context.internalAdapter.updateVerificationValue(toCheckOtp.id, { value: `${otp}:${(parseInt(counter, 10) || 0) + 1}` });
190
+ return invalid("INVALID_CODE");
191
+ }
192
+ })
193
+ }
194
+ };
195
+ };
196
+
197
+ //#endregion
198
+ export { otp2fa };
199
+ //# sourceMappingURL=index.mjs.map
package/dist/plugins/two-factor/otp/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.mjs","names":[],"sources":["../../../../src/plugins/two-factor/otp/index.ts"],"sourcesContent":["import type { Awaitable, GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { setSessionCookie } from \"../../../cookies\";\nimport {\n\tconstantTimeEqual,\n\tgenerateRandomString,\n\tsymmetricDecrypt,\n\tsymmetricEncrypt,\n} from \"../../../crypto\";\nimport { parseUserOutput } from \"../../../db/schema\";\nimport { TWO_FACTOR_ERROR_CODES } from \"../error-code\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\nimport { defaultKeyHasher } from \"../utils\";\nimport { verifyTwoFactor } from \"../verify-two-factor\";\n\nexport interface OTPOptions {\n\t/**\n\t * How long the opt will be valid for in\n\t * minutes\n\t *\n\t * @default \"3 mins\"\n\t */\n\tperiod?: number | undefined;\n\t/**\n\t * Number of digits for the OTP code\n\t *\n\t * @default 6\n\t */\n\tdigits?: number | undefined;\n\t/**\n\t * Send the otp to the user\n\t *\n\t * @param user - The user to send the otp to\n\t * @param otp - The otp to send\n\t * @param request - The request object\n\t * @returns void | Promise<void>\n\t */\n\tsendOTP?:\n\t\t| ((\n\t\t\t\t/**\n\t\t\t\t * The user to send the otp to\n\t\t\t\t * @type UserWithTwoFactor\n\t\t\t\t * @default UserWithTwoFactors\n\t\t\t\t */\n\t\t\t\tdata: {\n\t\t\t\t\tuser: UserWithTwoFactor;\n\t\t\t\t\totp: string;\n\t\t\t\t},\n\t\t\t\t/**\n\t\t\t\t * The request object\n\t\t\t\t */\n\t\t\t\tctx?: GenericEndpointContext,\n\t\t ) => Awaitable<void>)\n\t\t| undefined;\n\t/**\n\t * The number of allowed attempts for the OTP\n\t *\n\t * @default 5\n\t */\n\tallowedAttempts?: number | undefined;\n\tstoreOTP?:\n\t\t| (\n\t\t\t\t| \"plain\"\n\t\t\t\t| \"encrypted\"\n\t\t\t\t| \"hashed\"\n\t\t\t\t| { hash: (token: string) => Promise<string> }\n\t\t\t\t| {\n\t\t\t\t\t\tencrypt: (token: string) => Promise<string>;\n\t\t\t\t\t\tdecrypt: (token: string) => Promise<string>;\n\t\t\t\t }\n\t\t )\n\t\t| undefined;\n}\n\nconst verifyOTPBodySchema = z.object({\n\tcode: z.string().meta({\n\t\tdescription: 'The otp code to verify. Eg: \"012345\"',\n\t}),\n\t/**\n\t * if true, the device will be trusted\n\t * for 30 days. It'll be refreshed on\n\t * every sign in request within this time.\n\t */\n\ttrustDevice: z.boolean().optional().meta({\n\t\tdescription:\n\t\t\t\"If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true\",\n\t}),\n});\n\nconst send2FaOTPBodySchema = z\n\t.object({\n\t\t/**\n\t\t * if true, the device will be trusted\n\t\t * for 30 days. It'll be refreshed on\n\t\t * every sign in request within this time.\n\t\t */\n\t\ttrustDevice: z.boolean().optional().meta({\n\t\t\tdescription:\n\t\t\t\t\"If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true\",\n\t\t}),\n\t})\n\t.optional();\n\n/**\n * The otp adapter is created from the totp adapter.\n */\nexport const otp2fa = (options?: OTPOptions | undefined) => {\n\tconst opts = {\n\t\tstoreOTP: \"plain\",\n\t\tdigits: 6,\n\t\t...options,\n\t\tperiod: (options?.period || 3) * 60 * 1000,\n\t};\n\n\tasync function storeOTP(ctx: GenericEndpointContext, otp: string) {\n\t\tif (opts.storeOTP === \"hashed\") {\n\t\t\treturn await defaultKeyHasher(otp);\n\t\t}\n\t\tif (typeof opts.storeOTP === \"object\" && \"hash\" in opts.storeOTP) {\n\t\t\treturn await opts.storeOTP.hash(otp);\n\t\t}\n\t\tif (typeof opts.storeOTP === \"object\" && \"encrypt\" in opts.storeOTP) {\n\t\t\treturn await opts.storeOTP.encrypt(otp);\n\t\t}\n\t\tif (opts.storeOTP === \"encrypted\") {\n\t\t\treturn await symmetricEncrypt({\n\t\t\t\tkey: ctx.context.secret,\n\t\t\t\tdata: otp,\n\t\t\t});\n\t\t}\n\t\treturn otp;\n\t}\n\n\tasync function decryptOrHashForComparison(\n\t\tctx: GenericEndpointContext,\n\t\tstoredOtp: string,\n\t\tuserInput: string,\n\t): Promise<[string, string]> {\n\t\tif (opts.storeOTP === \"hashed\") {\n\t\t\t// For hashed storage: hash the user input and compare with stored hash\n\t\t\treturn [storedOtp, await defaultKeyHasher(userInput)];\n\t\t}\n\t\tif (opts.storeOTP === \"encrypted\") {\n\t\t\t// For encrypted storage: decrypt stored value and compare with plain input\n\t\t\tconst decrypted = await symmetricDecrypt({\n\t\t\t\tkey: ctx.context.secret,\n\t\t\t\tdata: storedOtp,\n\t\t\t});\n\t\t\treturn [decrypted, userInput];\n\t\t}\n\t\tif (typeof opts.storeOTP === \"object\" && \"encrypt\" in opts.storeOTP) {\n\t\t\tconst decrypted = await opts.storeOTP.decrypt(storedOtp);\n\t\t\treturn [decrypted, userInput];\n\t\t}\n\t\tif (typeof opts.storeOTP === \"object\" && \"hash\" in opts.storeOTP) {\n\t\t\t// For custom hash: hash the user input and compare with stored hash\n\t\t\treturn [storedOtp, await opts.storeOTP.hash(userInput)];\n\t\t}\n\t\t// Plain storage: compare directly\n\t\treturn [storedOtp, userInput];\n\t}\n\n\t/**\n\t * Generate OTP and send it to the user.\n\t */\n\tconst send2FaOTP = createAuthEndpoint(\n\t\t\"/two-factor/send-otp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: send2FaOTPBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tsummary: \"Send two factor OTP\",\n\t\t\t\t\tdescription: \"Send two factor OTP to the user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Successful response\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options || !options.sendOTP) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"send otp isn't configured. Please configure the send otp function on otp options.\",\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"otp isn't configured\",\n\t\t\t\t\tcode: \"OTP_NOT_CONFIGURED\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst { session, key } = await verifyTwoFactor(ctx);\n\t\t\tconst code = generateRandomString(opts.digits, \"0-9\");\n\t\t\tconst hashedCode = await storeOTP(ctx, code);\n\t\t\tawait ctx.context.internalAdapter.createVerificationValue({\n\t\t\t\tvalue: `${hashedCode}:0`,\n\t\t\t\tidentifier: `2fa-otp-${key}`,\n\t\t\t\texpiresAt: new Date(Date.now() + opts.period),\n\t\t\t});\n\t\t\tconst sendOTPResult = options.sendOTP(\n\t\t\t\t{ user: session.user as UserWithTwoFactor, otp: code },\n\t\t\t\tctx,\n\t\t\t);\n\t\t\tif (sendOTPResult instanceof Promise) {\n\t\t\t\tawait ctx.context.runInBackgroundOrAwait(\n\t\t\t\t\tsendOTPResult.catch((e: unknown) => {\n\t\t\t\t\t\tctx.context.logger.error(\"Failed to send two-factor OTP\", e);\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t}\n\t\t\treturn ctx.json({ status: true });\n\t\t},\n\t);\n\n\tconst verifyOTP = createAuthEndpoint(\n\t\t\"/two-factor/verify-otp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: verifyOTPBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tsummary: \"Verify two factor OTP\",\n\t\t\t\t\tdescription: \"Verify two factor OTP\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Two-factor OTP verified successfully\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\ttoken: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"Session token for the authenticated session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Unique identifier of the user\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"email\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"User's email address\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Whether the email is verified\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"User's name\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"uri\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tnullable: true,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"User's profile image URL\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"Timestamp when the user was created\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"Timestamp when the user was last updated\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\trequired: [\"id\", \"createdAt\", \"updatedAt\"],\n\t\t\t\t\t\t\t\t\t\t\t\tdescription: \"The authenticated user object\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"token\", \"user\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { session, key, valid, invalid } = await verifyTwoFactor(ctx);\n\t\t\tconst toCheckOtp =\n\t\t\t\tawait ctx.context.internalAdapter.findVerificationValue(\n\t\t\t\t\t`2fa-otp-${key}`,\n\t\t\t\t);\n\t\t\tconst [otp, counter] = toCheckOtp?.value?.split(\":\") ?? [];\n\t\t\tif (!toCheckOtp || toCheckOtp.expiresAt < new Date()) {\n\t\t\t\tif (toCheckOtp) {\n\t\t\t\t\tawait ctx.context.internalAdapter.deleteVerificationValue(\n\t\t\t\t\t\ttoCheckOtp.id,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tTWO_FACTOR_ERROR_CODES.OTP_HAS_EXPIRED,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst allowedAttempts = options?.allowedAttempts || 5;\n\t\t\tif (parseInt(counter!) >= allowedAttempts) {\n\t\t\t\tawait ctx.context.internalAdapter.deleteVerificationValue(\n\t\t\t\t\ttoCheckOtp.id,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tTWO_FACTOR_ERROR_CODES.TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst [storedValue, inputValue] = await decryptOrHashForComparison(\n\t\t\t\tctx,\n\t\t\t\totp!,\n\t\t\t\tctx.body.code,\n\t\t\t);\n\t\t\tconst isCodeValid = constantTimeEqual(\n\t\t\t\tnew TextEncoder().encode(storedValue),\n\t\t\t\tnew TextEncoder().encode(inputValue),\n\t\t\t);\n\t\t\tif (isCodeValid) {\n\t\t\t\tif (!session.user.twoFactorEnabled) {\n\t\t\t\t\tif (!session.session) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_CREATE_SESSION,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\t\t\tsession.user.id,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\tconst newSession = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\tsession.user.id,\n\t\t\t\t\t\tfalse,\n\t\t\t\t\t\tsession.session,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.internalAdapter.deleteSession(\n\t\t\t\t\t\tsession.session.token,\n\t\t\t\t\t);\n\t\t\t\t\tawait setSessionCookie(ctx, {\n\t\t\t\t\t\tsession: newSession,\n\t\t\t\t\t\tuser: updatedUser,\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\ttoken: newSession.token,\n\t\t\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser),\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\treturn valid(ctx);\n\t\t\t} else {\n\t\t\t\tawait ctx.context.internalAdapter.updateVerificationValue(\n\t\t\t\t\ttoCheckOtp.id,\n\t\t\t\t\t{\n\t\t\t\t\t\tvalue: `${otp}:${(parseInt(counter!, 10) || 0) + 1}`,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\treturn invalid(\"INVALID_CODE\");\n\t\t\t}\n\t\t},\n\t);\n\n\treturn {\n\t\tid: \"otp\",\n\t\tendpoints: {\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/send-otp`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.send2FaOTP`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.sendOtp`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-send-otp)\n\t\t\t */\n\t\t\tsendTwoFactorOTP: send2FaOTP,\n\t\t\t/**\n\t\t\t * ### Endpoint\n\t\t\t *\n\t\t\t * POST `/two-factor/verify-otp`\n\t\t\t *\n\t\t\t * ### API Methods\n\t\t\t *\n\t\t\t * **server:**\n\t\t\t * `auth.api.verifyOTP`\n\t\t\t *\n\t\t\t * **client:**\n\t\t\t * `authClient.twoFactor.verifyOtp`\n\t\t\t *\n\t\t\t * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#api-method-two-factor-verify-otp)\n\t\t\t */\n\t\t\tverifyTwoFactorOTP: verifyOTP,\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n"],"mappings":";;;;;;;;;;;;;AA4EA,MAAM,sBAAsB,EAAE,OAAO;CACpC,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,0CACb,CAAC;CAMF,aAAa,EAAE,SAAS,CAAC,UAAU,CAAC,KAAK,EACxC,aACC,2HACD,CAAC;CACF,CAAC;AAEF,MAAM,uBAAuB,EAC3B,OAAO,EAMP,aAAa,EAAE,SAAS,CAAC,UAAU,CAAC,KAAK,EACxC,aACC,2HACD,CAAC,EACF,CAAC,CACD,UAAU;;;;AAKZ,MAAa,UAAU,YAAqC;CAC3D,MAAM,OAAO;EACZ,UAAU;EACV,QAAQ;EACR,GAAG;EACH,SAAS,SAAS,UAAU,KAAK,KAAK;EACtC;CAED,eAAe,SAAS,KAA6B,KAAa;AACjE,MAAI,KAAK,aAAa,SACrB,QAAO,MAAM,iBAAiB,IAAI;AAEnC,MAAI,OAAO,KAAK,aAAa,YAAY,UAAU,KAAK,SACvD,QAAO,MAAM,KAAK,SAAS,KAAK,IAAI;AAErC,MAAI,OAAO,KAAK,aAAa,YAAY,aAAa,KAAK,SAC1D,QAAO,MAAM,KAAK,SAAS,QAAQ,IAAI;AAExC,MAAI,KAAK,aAAa,YACrB,QAAO,MAAM,iBAAiB;GAC7B,KAAK,IAAI,QAAQ;GACjB,MAAM;GACN,CAAC;AAEH,SAAO;;CAGR,eAAe,2BACd,KACA,WACA,WAC4B;AAC5B,MAAI,KAAK,aAAa,SAErB,QAAO,CAAC,WAAW,MAAM,iBAAiB,UAAU,CAAC;AAEtD,MAAI,KAAK,aAAa,YAMrB,QAAO,CAJW,MAAM,iBAAiB;GACxC,KAAK,IAAI,QAAQ;GACjB,MAAM;GACN,CAAC,EACiB,UAAU;AAE9B,MAAI,OAAO,KAAK,aAAa,YAAY,aAAa,KAAK,SAE1D,QAAO,CADW,MAAM,KAAK,SAAS,QAAQ,UAAU,EACrC,UAAU;AAE9B,MAAI,OAAO,KAAK,aAAa,YAAY,UAAU,KAAK,SAEvD,QAAO,CAAC,WAAW,MAAM,KAAK,SAAS,KAAK,UAAU,CAAC;AAGxD,SAAO,CAAC,WAAW,UAAU;;AAiO9B,QAAO;EACN,IAAI;EACJ,WAAW;GAgBV,kBA7OiB,mBAClB,wBACA;IACC,QAAQ;IACR,MAAM;IACN,UAAU,EACT,SAAS;KACR,SAAS;KACT,aAAa;KACb,WAAW,EACV,KAAK;MACJ,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;OACD,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;AACd,QAAI,CAAC,WAAW,CAAC,QAAQ,SAAS;AACjC,SAAI,QAAQ,OAAO,MAClB,oFACA;AACD,WAAM,SAAS,KAAK,eAAe;MAClC,SAAS;MACT,MAAM;MACN,CAAC;;IAEH,MAAM,EAAE,SAAS,QAAQ,MAAM,gBAAgB,IAAI;IACnD,MAAM,OAAO,qBAAqB,KAAK,QAAQ,MAAM;IACrD,MAAM,aAAa,MAAM,SAAS,KAAK,KAAK;AAC5C,UAAM,IAAI,QAAQ,gBAAgB,wBAAwB;KACzD,OAAO,GAAG,WAAW;KACrB,YAAY,WAAW;KACvB,WAAW,IAAI,KAAK,KAAK,KAAK,GAAG,KAAK,OAAO;KAC7C,CAAC;IACF,MAAM,gBAAgB,QAAQ,QAC7B;KAAE,MAAM,QAAQ;KAA2B,KAAK;KAAM,EACtD,IACA;AACD,QAAI,yBAAyB,QAC5B,OAAM,IAAI,QAAQ,uBACjB,cAAc,OAAO,MAAe;AACnC,SAAI,QAAQ,OAAO,MAAM,iCAAiC,EAAE;MAC3D,CACF;AAEF,WAAO,IAAI,KAAK,EAAE,QAAQ,MAAM,CAAC;KAElC;GAiMC,oBA/LgB,mBACjB,0BACA;IACC,QAAQ;IACR,MAAM;IACN,UAAU,EACT,SAAS;KACR,SAAS;KACT,aAAa;KACb,WAAW,EACV,OAAO;MACN,aAAa;MACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;OACP,MAAM;OACN,YAAY;QACX,OAAO;SACN,MAAM;SACN,aACC;SACD;QACD,MAAM;SACL,MAAM;SACN,YAAY;UACX,IAAI;WACH,MAAM;WACN,aAAa;WACb;UACD,OAAO;WACN,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACb;UACD,eAAe;WACd,MAAM;WACN,UAAU;WACV,aAAa;WACb;UACD,MAAM;WACL,MAAM;WACN,UAAU;WACV,aAAa;WACb;UACD,OAAO;WACN,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACb;UACD,WAAW;WACV,MAAM;WACN,QAAQ;WACR,aAAa;WACb;UACD,WAAW;WACV,MAAM;WACN,QAAQ;WACR,aACC;WACD;UACD;SACD,UAAU;UAAC;UAAM;UAAa;UAAY;SAC1C,aAAa;SACb;QACD;OACD,UAAU,CAAC,SAAS,OAAO;OAC3B,EACD,EACD;MACD,EACD;KACD,EACD;IACD,EACD,OAAO,QAAQ;IACd,MAAM,EAAE,SAAS,KAAK,OAAO,YAAY,MAAM,gBAAgB,IAAI;IACnE,MAAM,aACL,MAAM,IAAI,QAAQ,gBAAgB,sBACjC,WAAW,MACX;IACF,MAAM,CAAC,KAAK,WAAW,YAAY,OAAO,MAAM,IAAI,IAAI,EAAE;AAC1D,QAAI,CAAC,cAAc,WAAW,4BAAY,IAAI,MAAM,EAAE;AACrD,SAAI,WACH,OAAM,IAAI,QAAQ,gBAAgB,wBACjC,WAAW,GACX;AAEF,WAAM,SAAS,KACd,eACA,uBAAuB,gBACvB;;IAEF,MAAM,kBAAkB,SAAS,mBAAmB;AACpD,QAAI,SAAS,QAAS,IAAI,iBAAiB;AAC1C,WAAM,IAAI,QAAQ,gBAAgB,wBACjC,WAAW,GACX;AACD,WAAM,SAAS,KACd,eACA,uBAAuB,mCACvB;;IAEF,MAAM,CAAC,aAAa,cAAc,MAAM,2BACvC,KACA,KACA,IAAI,KAAK,KACT;AAKD,QAJoB,kBACnB,IAAI,aAAa,CAAC,OAAO,YAAY,EACrC,IAAI,aAAa,CAAC,OAAO,WAAW,CACpC,EACgB;AAChB,SAAI,CAAC,QAAQ,KAAK,kBAAkB;AACnC,UAAI,CAAC,QAAQ,QACZ,OAAM,SAAS,KACd,eACA,iBAAiB,yBACjB;MAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,QAAQ,KAAK,IACb,EACC,kBAAkB,MAClB,CACD;MACD,MAAM,aAAa,MAAM,IAAI,QAAQ,gBAAgB,cACpD,QAAQ,KAAK,IACb,OACA,QAAQ,QACR;AACD,YAAM,IAAI,QAAQ,gBAAgB,cACjC,QAAQ,QAAQ,MAChB;AACD,YAAM,iBAAiB,KAAK;OAC3B,SAAS;OACT,MAAM;OACN,CAAC;AACF,aAAO,IAAI,KAAK;OACf,OAAO,WAAW;OAClB,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY;OACvD,CAAC;;AAEH,YAAO,MAAM,IAAI;WACX;AACN,WAAM,IAAI,QAAQ,gBAAgB,wBACjC,WAAW,IACX,EACC,OAAO,GAAG,IAAI,IAAI,SAAS,SAAU,GAAG,IAAI,KAAK,KACjD,CACD;AACD,YAAO,QAAQ,eAAe;;KAGhC;GAqCC;EACD"}
package/dist/plugins/two-factor/schema.d.mts ADDED
@@ -0,0 +1,41 @@
1
+ //#region src/plugins/two-factor/schema.d.ts
2
+ declare const schema: {
3
+ user: {
4
+ fields: {
5
+ twoFactorEnabled: {
6
+ type: "boolean";
7
+ required: false;
8
+ defaultValue: false;
9
+ input: false;
10
+ };
11
+ };
12
+ };
13
+ twoFactor: {
14
+ fields: {
15
+ secret: {
16
+ type: "string";
17
+ required: true;
18
+ returned: false;
19
+ index: true;
20
+ };
21
+ backupCodes: {
22
+ type: "string";
23
+ required: true;
24
+ returned: false;
25
+ };
26
+ userId: {
27
+ type: "string";
28
+ required: true;
29
+ returned: false;
30
+ references: {
31
+ model: string;
32
+ field: string;
33
+ };
34
+ index: true;
35
+ };
36
+ };
37
+ };
38
+ };
39
+ //#endregion
40
+ export { schema };
41
+ //# sourceMappingURL=schema.d.mts.map
package/dist/plugins/two-factor/schema.mjs ADDED
@@ -0,0 +1,36 @@
1
+ //#region src/plugins/two-factor/schema.ts
2
+ const schema = {
3
+ user: { fields: { twoFactorEnabled: {
4
+ type: "boolean",
5
+ required: false,
6
+ defaultValue: false,
7
+ input: false
8
+ } } },
9
+ twoFactor: { fields: {
10
+ secret: {
11
+ type: "string",
12
+ required: true,
13
+ returned: false,
14
+ index: true
15
+ },
16
+ backupCodes: {
17
+ type: "string",
18
+ required: true,
19
+ returned: false
20
+ },
21
+ userId: {
22
+ type: "string",
23
+ required: true,
24
+ returned: false,
25
+ references: {
26
+ model: "user",
27
+ field: "id"
28
+ },
29
+ index: true
30
+ }
31
+ } }
32
+ };
33
+
34
+ //#endregion
35
+ export { schema };
36
+ //# sourceMappingURL=schema.mjs.map
package/dist/plugins/two-factor/schema.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.mjs","names":[],"sources":["../../../src/plugins/two-factor/schema.ts"],"sourcesContent":["import type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\n\nexport const schema = {\n\tuser: {\n\t\tfields: {\n\t\t\ttwoFactorEnabled: {\n\t\t\t\ttype: \"boolean\",\n\t\t\t\trequired: false,\n\t\t\t\tdefaultValue: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t},\n\t},\n\ttwoFactor: {\n\t\tfields: {\n\t\t\tsecret: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: true,\n\t\t\t\treturned: false,\n\t\t\t\tindex: true,\n\t\t\t},\n\t\t\tbackupCodes: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: true,\n\t\t\t\treturned: false,\n\t\t\t},\n\t\t\tuserId: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: true,\n\t\t\t\treturned: false,\n\t\t\t\treferences: {\n\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t},\n\t\t\t\tindex: true,\n\t\t\t},\n\t\t},\n\t},\n} satisfies BetterAuthPluginDBSchema;\n"],"mappings":";AAEA,MAAa,SAAS;CACrB,MAAM,EACL,QAAQ,EACP,kBAAkB;EACjB,MAAM;EACN,UAAU;EACV,cAAc;EACd,OAAO;EACP,EACD,EACD;CACD,WAAW,EACV,QAAQ;EACP,QAAQ;GACP,MAAM;GACN,UAAU;GACV,UAAU;GACV,OAAO;GACP;EACD,aAAa;GACZ,MAAM;GACN,UAAU;GACV,UAAU;GACV;EACD,QAAQ;GACP,MAAM;GACN,UAAU;GACV,UAAU;GACV,YAAY;IACX,OAAO;IACP,OAAO;IACP;GACD,OAAO;GACP;EACD,EACD;CACD"}
package/dist/plugins/two-factor/totp/index.d.mts ADDED
@@ -0,0 +1,210 @@
1
+ import { BackupCodeOptions } from "../backup-codes/index.mjs";
2
+ import { UserWithTwoFactor } from "../types.mjs";
3
+ import * as better_call0 from "better-call";
4
+ import * as z from "zod";
5
+
6
+ //#region src/plugins/two-factor/totp/index.d.ts
7
+ type TOTPOptions = {
8
+ /**
9
+ * Issuer
10
+ */
11
+ issuer?: string | undefined;
12
+ /**
13
+ * How many digits the otp to be
14
+ *
15
+ * @default 6
16
+ */
17
+ digits?: (6 | 8) | undefined;
18
+ /**
19
+ * Period for otp in seconds.
20
+ * @default 30
21
+ */
22
+ period?: number | undefined;
23
+ /**
24
+ * Backup codes configuration
25
+ */
26
+ backupCodes?: BackupCodeOptions | undefined;
27
+ /**
28
+ * Disable totp
29
+ */
30
+ disable?: boolean | undefined;
31
+ };
32
+ declare const totp2fa: (options?: TOTPOptions | undefined) => {
33
+ id: "totp";
34
+ endpoints: {
35
+ /**
36
+ * ### Endpoint
37
+ *
38
+ * POST `/totp/generate`
39
+ *
40
+ * ### API Methods
41
+ *
42
+ * **server:**
43
+ * `auth.api.generateTOTP`
44
+ *
45
+ * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#totp)
46
+ */
47
+ generateTOTP: better_call0.StrictEndpoint<string, {
48
+ method: "POST";
49
+ body: z.ZodObject<{
50
+ secret: z.ZodString;
51
+ }, z.core.$strip>;
52
+ metadata: {
53
+ openapi: {
54
+ summary: string;
55
+ description: string;
56
+ responses: {
57
+ 200: {
58
+ description: string;
59
+ content: {
60
+ "application/json": {
61
+ schema: {
62
+ type: "object";
63
+ properties: {
64
+ code: {
65
+ type: string;
66
+ };
67
+ };
68
+ };
69
+ };
70
+ };
71
+ };
72
+ };
73
+ };
74
+ };
75
+ }, {
76
+ code: string;
77
+ }>;
78
+ /**
79
+ * ### Endpoint
80
+ *
81
+ * POST `/two-factor/get-totp-uri`
82
+ *
83
+ * ### API Methods
84
+ *
85
+ * **server:**
86
+ * `auth.api.getTOTPURI`
87
+ *
88
+ * **client:**
89
+ * `authClient.twoFactor.getTotpUri`
90
+ *
91
+ * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#getting-totp-uri)
92
+ */
93
+ getTOTPURI: better_call0.StrictEndpoint<"/two-factor/get-totp-uri", {
94
+ method: "POST";
95
+ use: ((inputContext: better_call0.MiddlewareInputContext<better_call0.MiddlewareOptions>) => Promise<{
96
+ session: {
97
+ session: Record<string, any> & {
98
+ id: string;
99
+ createdAt: Date;
100
+ updatedAt: Date;
101
+ userId: string;
102
+ expiresAt: Date;
103
+ token: string;
104
+ ipAddress?: string | null | undefined;
105
+ userAgent?: string | null | undefined;
106
+ };
107
+ user: Record<string, any> & {
108
+ id: string;
109
+ createdAt: Date;
110
+ updatedAt: Date;
111
+ email: string;
112
+ emailVerified: boolean;
113
+ name: string;
114
+ image?: string | null | undefined;
115
+ };
116
+ };
117
+ }>)[];
118
+ body: z.ZodObject<{
119
+ password: z.ZodString;
120
+ }, z.core.$strip>;
121
+ metadata: {
122
+ openapi: {
123
+ summary: string;
124
+ description: string;
125
+ responses: {
126
+ 200: {
127
+ description: string;
128
+ content: {
129
+ "application/json": {
130
+ schema: {
131
+ type: "object";
132
+ properties: {
133
+ totpURI: {
134
+ type: string;
135
+ };
136
+ };
137
+ };
138
+ };
139
+ };
140
+ };
141
+ };
142
+ };
143
+ };
144
+ }, {
145
+ totpURI: string;
146
+ }>;
147
+ /**
148
+ * ### Endpoint
149
+ *
150
+ * POST `/two-factor/verify-totp`
151
+ *
152
+ * ### API Methods
153
+ *
154
+ * **server:**
155
+ * `auth.api.verifyTOTP`
156
+ *
157
+ * **client:**
158
+ * `authClient.twoFactor.verifyTotp`
159
+ *
160
+ * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/2fa#verifying-totp)
161
+ */
162
+ verifyTOTP: better_call0.StrictEndpoint<"/two-factor/verify-totp", {
163
+ method: "POST";
164
+ body: z.ZodObject<{
165
+ code: z.ZodString;
166
+ trustDevice: z.ZodOptional<z.ZodBoolean>;
167
+ }, z.core.$strip>;
168
+ metadata: {
169
+ openapi: {
170
+ summary: string;
171
+ description: string;
172
+ responses: {
173
+ 200: {
174
+ description: string;
175
+ content: {
176
+ "application/json": {
177
+ schema: {
178
+ type: "object";
179
+ properties: {
180
+ status: {
181
+ type: string;
182
+ };
183
+ };
184
+ };
185
+ };
186
+ };
187
+ };
188
+ };
189
+ };
190
+ };
191
+ }, {
192
+ token: string;
193
+ user: UserWithTwoFactor;
194
+ } | {
195
+ token: string;
196
+ user: Record<string, any> & {
197
+ id: string;
198
+ createdAt: Date;
199
+ updatedAt: Date;
200
+ email: string;
201
+ emailVerified: boolean;
202
+ name: string;
203
+ image?: string | null | undefined;
204
+ };
205
+ }>;
206
+ };
207
+ };
208
+ //#endregion
209
+ export { TOTPOptions, totp2fa };
210
+ //# sourceMappingURL=index.d.mts.map
package/dist/plugins/two-factor/totp/index.mjs ADDED
@@ -0,0 +1,157 @@
1
+ import { symmetricDecrypt } from "../../../crypto/index.mjs";
2
+ import { setSessionCookie } from "../../../cookies/index.mjs";
3
+ import { sessionMiddleware } from "../../../api/routes/session.mjs";
4
+ import "../../../api/index.mjs";
5
+ import { TWO_FACTOR_ERROR_CODES } from "../error-code.mjs";
6
+ import { verifyTwoFactor } from "../verify-two-factor.mjs";
7
+ import { APIError, BASE_ERROR_CODES } from "@better-auth/core/error";
8
+ import { createAuthEndpoint } from "@better-auth/core/api";
9
+ import * as z from "zod";
10
+ import { createOTP } from "@better-auth/utils/otp";
11
+
12
+ //#region src/plugins/two-factor/totp/index.ts
13
+ const generateTOTPBodySchema = z.object({ secret: z.string().meta({ description: "The secret to generate the TOTP code" }) });
14
+ const getTOTPURIBodySchema = z.object({ password: z.string().meta({ description: "User password" }) });
15
+ const verifyTOTPBodySchema = z.object({
16
+ code: z.string().meta({ description: "The otp code to verify. Eg: \"012345\"" }),
17
+ trustDevice: z.boolean().meta({ description: "If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time. Eg: true" }).optional()
18
+ });
19
+ const totp2fa = (options) => {
20
+ const opts = {
21
+ ...options,
22
+ digits: options?.digits || 6,
23
+ period: options?.period || 30
24
+ };
25
+ const twoFactorTable = "twoFactor";
26
+ return {
27
+ id: "totp",
28
+ endpoints: {
29
+ generateTOTP: createAuthEndpoint({
30
+ method: "POST",
31
+ body: generateTOTPBodySchema,
32
+ metadata: { openapi: {
33
+ summary: "Generate TOTP code",
34
+ description: "Use this endpoint to generate a TOTP code",
35
+ responses: { 200: {
36
+ description: "Successful response",
37
+ content: { "application/json": { schema: {
38
+ type: "object",
39
+ properties: { code: { type: "string" } }
40
+ } } }
41
+ } }
42
+ } }
43
+ }, async (ctx) => {
44
+ if (options?.disable) {
45
+ ctx.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp");
46
+ throw APIError.from("BAD_REQUEST", {
47
+ message: "totp isn't configured",
48
+ code: "TOTP_NOT_CONFIGURED"
49
+ });
50
+ }
51
+ return { code: await createOTP(ctx.body.secret, {
52
+ period: opts.period,
53
+ digits: opts.digits
54
+ }).totp() };
55
+ }),
56
+ getTOTPURI: createAuthEndpoint("/two-factor/get-totp-uri", {
57
+ method: "POST",
58
+ use: [sessionMiddleware],
59
+ body: getTOTPURIBodySchema,
60
+ metadata: { openapi: {
61
+ summary: "Get TOTP URI",
62
+ description: "Use this endpoint to get the TOTP URI",
63
+ responses: { 200: {
64
+ description: "Successful response",
65
+ content: { "application/json": { schema: {
66
+ type: "object",
67
+ properties: { totpURI: { type: "string" } }
68
+ } } }
69
+ } }
70
+ } }
71
+ }, async (ctx) => {
72
+ if (options?.disable) {
73
+ ctx.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp");
74
+ throw APIError.from("BAD_REQUEST", {
75
+ message: "totp isn't configured",
76
+ code: "TOTP_NOT_CONFIGURED"
77
+ });
78
+ }
79
+ const user = ctx.context.session.user;
80
+ const twoFactor = await ctx.context.adapter.findOne({
81
+ model: twoFactorTable,
82
+ where: [{
83
+ field: "userId",
84
+ value: user.id
85
+ }]
86
+ });
87
+ if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TOTP_NOT_ENABLED);
88
+ const secret = await symmetricDecrypt({
89
+ key: ctx.context.secret,
90
+ data: twoFactor.secret
91
+ });
92
+ await ctx.context.password.checkPassword(user.id, ctx);
93
+ return { totpURI: createOTP(secret, {
94
+ digits: opts.digits,
95
+ period: opts.period
96
+ }).url(options?.issuer || ctx.context.appName, user.email) };
97
+ }),
98
+ verifyTOTP: createAuthEndpoint("/two-factor/verify-totp", {
99
+ method: "POST",
100
+ body: verifyTOTPBodySchema,
101
+ metadata: { openapi: {
102
+ summary: "Verify two factor TOTP",
103
+ description: "Verify two factor TOTP",
104
+ responses: { 200: {
105
+ description: "Successful response",
106
+ content: { "application/json": { schema: {
107
+ type: "object",
108
+ properties: { status: { type: "boolean" } }
109
+ } } }
110
+ } }
111
+ } }
112
+ }, async (ctx) => {
113
+ if (options?.disable) {
114
+ ctx.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp");
115
+ throw APIError.from("BAD_REQUEST", {
116
+ message: "totp isn't configured",
117
+ code: "TOTP_NOT_CONFIGURED"
118
+ });
119
+ }
120
+ const { session, valid, invalid } = await verifyTwoFactor(ctx);
121
+ const user = session.user;
122
+ const twoFactor = await ctx.context.adapter.findOne({
123
+ model: twoFactorTable,
124
+ where: [{
125
+ field: "userId",
126
+ value: user.id
127
+ }]
128
+ });
129
+ if (!twoFactor) throw APIError.from("BAD_REQUEST", TWO_FACTOR_ERROR_CODES.TOTP_NOT_ENABLED);
130
+ if (!await createOTP(await symmetricDecrypt({
131
+ key: ctx.context.secret,
132
+ data: twoFactor.secret
133
+ }), {
134
+ period: opts.period,
135
+ digits: opts.digits
136
+ }).verify(ctx.body.code)) return invalid("INVALID_CODE");
137
+ if (!user.twoFactorEnabled) {
138
+ if (!session.session) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);
139
+ const updatedUser = await ctx.context.internalAdapter.updateUser(user.id, { twoFactorEnabled: true });
140
+ const newSession = await ctx.context.internalAdapter.createSession(user.id, false, session.session).catch((e) => {
141
+ throw e;
142
+ });
143
+ await ctx.context.internalAdapter.deleteSession(session.session.token);
144
+ await setSessionCookie(ctx, {
145
+ session: newSession,
146
+ user: updatedUser
147
+ });
148
+ }
149
+ return valid(ctx);
150
+ })
151
+ }
152
+ };
153
+ };
154
+
155
+ //#endregion
156
+ export { totp2fa };
157
+ //# sourceMappingURL=index.mjs.map