@stotles/better-auth-audit-logs 0.4.0-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +319 -0
- package/dist/adapters/index.d.ts +1 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/memory.d.ts +13 -0
- package/dist/adapters/memory.d.ts.map +1 -0
- package/dist/client.cjs +77 -0
- package/dist/client.d.ts +10 -0
- package/dist/client.d.ts.map +1 -0
- package/dist/client.js +13 -0
- package/dist/endpoints/get-log.d.ts +27 -0
- package/dist/endpoints/get-log.d.ts.map +1 -0
- package/dist/endpoints/index.d.ts +3 -0
- package/dist/endpoints/index.d.ts.map +1 -0
- package/dist/endpoints/insert-log.d.ts +44 -0
- package/dist/endpoints/insert-log.d.ts.map +1 -0
- package/dist/endpoints/list-logs.d.ts +40 -0
- package/dist/endpoints/list-logs.d.ts.map +1 -0
- package/dist/hooks/after.d.ts +6 -0
- package/dist/hooks/after.d.ts.map +1 -0
- package/dist/hooks/before.d.ts +6 -0
- package/dist/hooks/before.d.ts.map +1 -0
- package/dist/hooks/index.d.ts +2 -0
- package/dist/hooks/index.d.ts.map +1 -0
- package/dist/index.cjs +828 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +762 -0
- package/dist/internal.d.ts +16 -0
- package/dist/internal.d.ts.map +1 -0
- package/dist/plugin.d.ts +180 -0
- package/dist/plugin.d.ts.map +1 -0
- package/dist/schema.d.ts +109 -0
- package/dist/schema.d.ts.map +1 -0
- package/dist/types.d.ts +102 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/utils/index.d.ts +7 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/normalize-path.d.ts +1 -0
- package/dist/utils/normalize-path.d.ts.map +1 -0
- package/dist/utils/parse-metadata.d.ts +8 -0
- package/dist/utils/parse-metadata.d.ts.map +1 -0
- package/dist/utils/request-meta.d.ts +9 -0
- package/dist/utils/request-meta.d.ts.map +1 -0
- package/dist/utils/retry.d.ts +8 -0
- package/dist/utils/retry.d.ts.map +1 -0
- package/dist/utils/sanitize.d.ts +3 -0
- package/dist/utils/sanitize.d.ts.map +1 -0
- package/dist/utils/severity.d.ts +2 -0
- package/dist/utils/severity.d.ts.map +1 -0
- package/dist/utils/validate-entry.d.ts +8 -0
- package/dist/utils/validate-entry.d.ts.map +1 -0
- package/dist/utils/validate-metadata.d.ts +10 -0
- package/dist/utils/validate-metadata.d.ts.map +1 -0
- package/package.json +72 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Ejiro Asiuwhu
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,319 @@
|
|
|
1
|
+
# @stotles/better-auth-audit-logs
|
|
2
|
+
|
|
3
|
+
[](https://www.npmjs.com/package/@stotles/better-auth-audit-logs)
|
|
4
|
+
[](https://www.npmjs.com/package/@stotles/better-auth-audit-logs)
|
|
5
|
+
[](https://github.com/Stotles/better-auth-audit-logs/blob/main/LICENSE)
|
|
6
|
+
|
|
7
|
+
Audit log plugin for [Better Auth](https://better-auth.com). Automatically captures auth events with IP, user agent, and severity — zero config required.
|
|
8
|
+
|
|
9
|
+
**Requires** `better-auth >= 1.0.0` and `typescript >= 5`.
|
|
10
|
+
|
|
11
|
+
## Quick start
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
npm install @stotles/better-auth-audit-logs
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
```ts
|
|
18
|
+
import { betterAuth } from "better-auth";
|
|
19
|
+
import { auditLog } from "@stotles/better-auth-audit-logs";
|
|
20
|
+
|
|
21
|
+
export const auth = betterAuth({
|
|
22
|
+
plugins: [auditLog()],
|
|
23
|
+
});
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
Then generate and run the migration:
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
npx @better-auth/cli generate
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
That's it. All auth events are now logged automatically.
|
|
33
|
+
|
|
34
|
+
## Schema
|
|
35
|
+
|
|
36
|
+
The plugin adds an `auditLog` table. If you prefer to manage your schema manually, copy the relevant definition:
|
|
37
|
+
|
|
38
|
+
<details>
|
|
39
|
+
<summary>Prisma</summary>
|
|
40
|
+
|
|
41
|
+
```prisma
|
|
42
|
+
model AuditLog {
|
|
43
|
+
id String @id @default(cuid())
|
|
44
|
+
userId String?
|
|
45
|
+
action String
|
|
46
|
+
status String
|
|
47
|
+
severity String
|
|
48
|
+
ipAddress String?
|
|
49
|
+
userAgent String?
|
|
50
|
+
metadata String?
|
|
51
|
+
createdAt DateTime @default(now())
|
|
52
|
+
|
|
53
|
+
user User? @relation(fields: [userId], references: [id], onDelete: SetNull)
|
|
54
|
+
|
|
55
|
+
@@index([userId])
|
|
56
|
+
@@index([action])
|
|
57
|
+
@@index([createdAt])
|
|
58
|
+
@@map("auditLog")
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
</details>
|
|
63
|
+
|
|
64
|
+
<details>
|
|
65
|
+
<summary>Drizzle</summary>
|
|
66
|
+
|
|
67
|
+
```ts
|
|
68
|
+
import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
|
|
69
|
+
import { user } from "./auth-schema"; // your existing user table
|
|
70
|
+
|
|
71
|
+
export const auditLog = sqliteTable("auditLog", {
|
|
72
|
+
id: text("id").primaryKey(),
|
|
73
|
+
userId: text("userId").references(() => user.id, { onDelete: "set null" }),
|
|
74
|
+
action: text("action").notNull(),
|
|
75
|
+
status: text("status").notNull(),
|
|
76
|
+
severity: text("severity").notNull(),
|
|
77
|
+
ipAddress: text("ipAddress"),
|
|
78
|
+
userAgent: text("userAgent"),
|
|
79
|
+
metadata: text("metadata"),
|
|
80
|
+
createdAt: integer("createdAt", { mode: "timestamp" }).notNull(),
|
|
81
|
+
});
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
</details>
|
|
85
|
+
|
|
86
|
+
<details>
|
|
87
|
+
<summary>MongoDB</summary>
|
|
88
|
+
|
|
89
|
+
```ts
|
|
90
|
+
// Collection: auditLog
|
|
91
|
+
{
|
|
92
|
+
_id: ObjectId,
|
|
93
|
+
userId: String | null, // references user collection
|
|
94
|
+
action: String, // e.g. "sign-in:email"
|
|
95
|
+
status: String, // "success" | "failed"
|
|
96
|
+
severity: String, // "low" | "medium" | "high" | "critical"
|
|
97
|
+
ipAddress: String | null,
|
|
98
|
+
userAgent: String | null,
|
|
99
|
+
metadata: String | null, // JSON string
|
|
100
|
+
createdAt: Date
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
// Recommended indexes
|
|
104
|
+
db.auditLog.createIndex({ userId: 1 })
|
|
105
|
+
db.auditLog.createIndex({ action: 1 })
|
|
106
|
+
db.auditLog.createIndex({ createdAt: 1 })
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
</details>
|
|
110
|
+
|
|
111
|
+
## Client plugin
|
|
112
|
+
|
|
113
|
+
```ts
|
|
114
|
+
import { createAuthClient } from "better-auth/client";
|
|
115
|
+
import { auditLogClient } from "@stotles/better-auth-audit-logs/client";
|
|
116
|
+
|
|
117
|
+
export const authClient = createAuthClient({
|
|
118
|
+
plugins: [auditLogClient()],
|
|
119
|
+
});
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
```ts
|
|
123
|
+
// List recent failed sign-ins
|
|
124
|
+
const { data } = await authClient.auditLog.listAuditLogs({
|
|
125
|
+
query: { status: "failed", limit: 20 },
|
|
126
|
+
});
|
|
127
|
+
|
|
128
|
+
// Single entry by ID
|
|
129
|
+
const { data: entry } = await authClient.auditLog.getAuditLog({
|
|
130
|
+
params: { id: "log-entry-id" },
|
|
131
|
+
});
|
|
132
|
+
|
|
133
|
+
// Manually log custom events (admin actions, data exports, etc.)
|
|
134
|
+
await authClient.auditLog.insertAuditLog({
|
|
135
|
+
action: "admin:user-export",
|
|
136
|
+
status: "success",
|
|
137
|
+
severity: "high",
|
|
138
|
+
metadata: { exportedCount: 500 },
|
|
139
|
+
});
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
## What gets logged
|
|
143
|
+
|
|
144
|
+
All auth `POST` endpoints are captured by default:
|
|
145
|
+
|
|
146
|
+
| Event | Path | Hook |
|
|
147
|
+
|---|---|---|
|
|
148
|
+
| Sign in | `/sign-in/email`, `/sign-in/social` | after |
|
|
149
|
+
| Sign up | `/sign-up/email` | after |
|
|
150
|
+
| Change/reset password | `/change-password`, `/reset-password` | after |
|
|
151
|
+
| Change email | `/change-email` | after |
|
|
152
|
+
| Two-factor | `/two-factor/*` | after |
|
|
153
|
+
| OAuth callback | `/oauth/callback` | after |
|
|
154
|
+
| Sign out | `/sign-out` | **before** |
|
|
155
|
+
| Delete account | `/delete-user` | **before** |
|
|
156
|
+
| Revoke session | `/revoke-session`, `/revoke-sessions`, `/revoke-other-sessions` | **before** |
|
|
157
|
+
|
|
158
|
+
"Before" hooks fire for destructive events where the session would be lost after execution.
|
|
159
|
+
|
|
160
|
+
Severity is inferred automatically (`critical` for ban/impersonate, `high` for delete/revoke/failed sign-in, `medium` for sign-in/out, `low` for everything else) and can be overridden per-path.
|
|
161
|
+
|
|
162
|
+
## Configuration
|
|
163
|
+
|
|
164
|
+
All options are optional:
|
|
165
|
+
|
|
166
|
+
```ts
|
|
167
|
+
auditLog({
|
|
168
|
+
enabled: true, // disable without removing the plugin
|
|
169
|
+
nonBlocking: false, // fire-and-forget — never blocks auth responses
|
|
170
|
+
|
|
171
|
+
// restrict to specific paths (empty = capture all)
|
|
172
|
+
paths: [
|
|
173
|
+
"/sign-in/email",
|
|
174
|
+
{ path: "/delete-user", config: { severity: "high", capture: { requestBody: true } } },
|
|
175
|
+
],
|
|
176
|
+
|
|
177
|
+
capture: {
|
|
178
|
+
ipAddress: true, // capture client IP
|
|
179
|
+
userAgent: true, // capture User-Agent header
|
|
180
|
+
requestBody: false, // include request body in metadata
|
|
181
|
+
},
|
|
182
|
+
|
|
183
|
+
piiRedaction: {
|
|
184
|
+
enabled: false, // redact sensitive fields when requestBody is captured
|
|
185
|
+
strategy: "mask", // "mask" (***) | "hash" (SHA-256) | "remove" (delete key)
|
|
186
|
+
fields: ["password"], // defaults: password, token, secret, apiKey, otp, etc.
|
|
187
|
+
},
|
|
188
|
+
|
|
189
|
+
retention: {
|
|
190
|
+
enabled: false, // enable scheduled cleanup
|
|
191
|
+
days: 90, // delete entries older than N days
|
|
192
|
+
},
|
|
193
|
+
|
|
194
|
+
// intercept before write — return null to suppress. Receives the endpoint
|
|
195
|
+
// ctx as a second argument, so you can resolve the session or read the request.
|
|
196
|
+
beforeLog: async (entry, ctx) => {
|
|
197
|
+
if (entry.userId === "service-account") return null;
|
|
198
|
+
return entry;
|
|
199
|
+
},
|
|
200
|
+
|
|
201
|
+
// called after each successful write
|
|
202
|
+
afterLog: async (entry) => {
|
|
203
|
+
await analytics.track("auth.event", entry);
|
|
204
|
+
},
|
|
205
|
+
|
|
206
|
+
storage: undefined, // custom storage backend (see below)
|
|
207
|
+
})
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
To override the DB model name, pass `schema: { auditLog: { modelName: "your_table_name" } }`.
|
|
211
|
+
|
|
212
|
+
## Adding additional metadata to log entries
|
|
213
|
+
|
|
214
|
+
`beforeLog` is the injection point for extra per-entry data. Because it receives the
|
|
215
|
+
endpoint `ctx`, you can resolve the session and stash a value such as the active
|
|
216
|
+
organization into `metadata` — which is stored as JSON and returned intact:
|
|
217
|
+
|
|
218
|
+
```ts
|
|
219
|
+
import { getSessionFromCtx } from "better-auth/api";
|
|
220
|
+
|
|
221
|
+
auditLog({
|
|
222
|
+
beforeLog: async (entry, ctx) => {
|
|
223
|
+
const session = await getSessionFromCtx(ctx);
|
|
224
|
+
return {
|
|
225
|
+
...entry,
|
|
226
|
+
metadata: {
|
|
227
|
+
...entry.metadata,
|
|
228
|
+
activeOrganizationId: session?.session?.activeOrganizationId ?? null,
|
|
229
|
+
},
|
|
230
|
+
};
|
|
231
|
+
},
|
|
232
|
+
});
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
## Custom storage
|
|
236
|
+
|
|
237
|
+
Route writes to any external backend instead of Better Auth's database:
|
|
238
|
+
|
|
239
|
+
```ts
|
|
240
|
+
import { auditLog, type AuditLogStorage } from "@stotles/better-auth-audit-logs";
|
|
241
|
+
|
|
242
|
+
const clickhouse: AuditLogStorage = {
|
|
243
|
+
async write(entry) {
|
|
244
|
+
await fetch("https://ch.example.com/insert", {
|
|
245
|
+
method: "POST",
|
|
246
|
+
body: JSON.stringify(entry),
|
|
247
|
+
});
|
|
248
|
+
},
|
|
249
|
+
// Optional — enables the query endpoints to work with your backend
|
|
250
|
+
async read(options) { /* ... */ },
|
|
251
|
+
async readById(id) { /* ... */ },
|
|
252
|
+
};
|
|
253
|
+
|
|
254
|
+
auditLog({ storage: clickhouse })
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
A `MemoryStorage` adapter is included for testing:
|
|
258
|
+
|
|
259
|
+
```ts
|
|
260
|
+
import { auditLog, MemoryStorage } from "@stotles/better-auth-audit-logs";
|
|
261
|
+
|
|
262
|
+
const storage = new MemoryStorage();
|
|
263
|
+
const auth = betterAuth({ plugins: [auditLog({ storage })] });
|
|
264
|
+
|
|
265
|
+
// assert in tests
|
|
266
|
+
expect(storage.entries).toHaveLength(1);
|
|
267
|
+
expect(storage.entries[0].action).toBe("sign-in:email");
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
## API endpoints
|
|
271
|
+
|
|
272
|
+
Three endpoints are registered under `/audit-log/`, all requiring an active session. Rate limited to 60 req/min.
|
|
273
|
+
|
|
274
|
+
| Endpoint | Method | Description |
|
|
275
|
+
|---|---|---|
|
|
276
|
+
| `/audit-log/list` | `GET` | Paginated entries |
|
|
277
|
+
| `/audit-log/:id` | `GET` | Single entry by ID |
|
|
278
|
+
| `/audit-log/insert` | `POST` | Manually insert a custom event |
|
|
279
|
+
|
|
280
|
+
**Query parameters** for `GET /audit-log/list`:
|
|
281
|
+
|
|
282
|
+
| Parameter | Type | Default |
|
|
283
|
+
|---|---|---|
|
|
284
|
+
| `userId` | `string` | session user |
|
|
285
|
+
| `action` | `string` | — |
|
|
286
|
+
| `status` | `"success" \| "failed"` | — |
|
|
287
|
+
| `from` | ISO date string | — |
|
|
288
|
+
| `to` | ISO date string | — |
|
|
289
|
+
| `limit` | `number` | `50` (max 500) |
|
|
290
|
+
| `offset` | `number` | `0` |
|
|
291
|
+
|
|
292
|
+
## Design decisions
|
|
293
|
+
|
|
294
|
+
- **Entries survive user deletion** — `userId` uses `ON DELETE SET NULL`. Deleting a user does not erase their audit trail.
|
|
295
|
+
- **`userAgent` is not returned in API responses** — stored for forensics but excluded from client queries by default.
|
|
296
|
+
- **Failed sign-ins have `userId: null`** — the user isn't authenticated yet, so there's no session to pull from.
|
|
297
|
+
|
|
298
|
+
## Recommended production config
|
|
299
|
+
|
|
300
|
+
```ts
|
|
301
|
+
auditLog({
|
|
302
|
+
nonBlocking: true,
|
|
303
|
+
piiRedaction: { enabled: true, strategy: "hash" },
|
|
304
|
+
retention: { enabled: true, days: 90 },
|
|
305
|
+
afterLog: async (entry) => {
|
|
306
|
+
if (entry.severity === "critical" || entry.severity === "high") {
|
|
307
|
+
await alerting.emit(entry);
|
|
308
|
+
}
|
|
309
|
+
},
|
|
310
|
+
})
|
|
311
|
+
```
|
|
312
|
+
|
|
313
|
+
## Acknowledgments
|
|
314
|
+
|
|
315
|
+
This plugin was inspired by the audit log design shared by [@Re4GD](https://github.com/Re4GD) in [better-auth/better-auth#1184](https://github.com/better-auth/better-auth/issues/1184). Additional inspiration from [@issamwahbi](https://github.com/issamwahbi) ([#3592](https://github.com/better-auth/better-auth/discussions/3592)) and [@ItsProless](https://github.com/ItsProless) ([#7952](https://github.com/better-auth/better-auth/discussions/7952)).
|
|
316
|
+
|
|
317
|
+
## License
|
|
318
|
+
|
|
319
|
+
[MIT](./LICENSE)
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { MemoryStorage } from "./memory";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { AuditLogEntry, AuditLogStorage, StorageReadOptions, StorageReadResult } from "../types";
|
|
2
|
+
export interface MemoryStorageOptions {
|
|
3
|
+
maxEntries?: number;
|
|
4
|
+
}
|
|
5
|
+
export declare class MemoryStorage implements AuditLogStorage {
|
|
6
|
+
readonly entries: AuditLogEntry[];
|
|
7
|
+
private readonly maxEntries;
|
|
8
|
+
constructor(opts?: MemoryStorageOptions);
|
|
9
|
+
write(entry: AuditLogEntry): Promise<void>;
|
|
10
|
+
read(opts: StorageReadOptions): Promise<StorageReadResult>;
|
|
11
|
+
readById(id: string): Promise<AuditLogEntry | null>;
|
|
12
|
+
deleteOlderThan(date: Date): Promise<number>;
|
|
13
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/adapters/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EAClB,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID,qBAAa,aAAc,YAAW,eAAe;IACnD,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,CAAM;IACvC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,IAAI,CAAC,EAAE,oBAAoB;IAIjC,KAAK,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAS1C,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAmB1D,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAInD,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC;CAOnD"}
|
package/dist/client.cjs
ADDED
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
var __create = Object.create;
|
|
2
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
3
|
+
var __defProp = Object.defineProperty;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
6
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
function __accessProp(key) {
|
|
8
|
+
return this[key];
|
|
9
|
+
}
|
|
10
|
+
var __toESMCache_node;
|
|
11
|
+
var __toESMCache_esm;
|
|
12
|
+
var __toESM = (mod, isNodeMode, target) => {
|
|
13
|
+
var canCache = mod != null && typeof mod === "object";
|
|
14
|
+
if (canCache) {
|
|
15
|
+
var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
|
|
16
|
+
var cached = cache.get(mod);
|
|
17
|
+
if (cached)
|
|
18
|
+
return cached;
|
|
19
|
+
}
|
|
20
|
+
target = mod != null ? __create(__getProtoOf(mod)) : {};
|
|
21
|
+
const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
|
|
22
|
+
for (let key of __getOwnPropNames(mod))
|
|
23
|
+
if (!__hasOwnProp.call(to, key))
|
|
24
|
+
__defProp(to, key, {
|
|
25
|
+
get: __accessProp.bind(mod, key),
|
|
26
|
+
enumerable: true
|
|
27
|
+
});
|
|
28
|
+
if (canCache)
|
|
29
|
+
cache.set(mod, to);
|
|
30
|
+
return to;
|
|
31
|
+
};
|
|
32
|
+
var __toCommonJS = (from) => {
|
|
33
|
+
var entry = (__moduleCache ??= new WeakMap).get(from), desc;
|
|
34
|
+
if (entry)
|
|
35
|
+
return entry;
|
|
36
|
+
entry = __defProp({}, "__esModule", { value: true });
|
|
37
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
38
|
+
for (var key of __getOwnPropNames(from))
|
|
39
|
+
if (!__hasOwnProp.call(entry, key))
|
|
40
|
+
__defProp(entry, key, {
|
|
41
|
+
get: __accessProp.bind(from, key),
|
|
42
|
+
enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
__moduleCache.set(from, entry);
|
|
46
|
+
return entry;
|
|
47
|
+
};
|
|
48
|
+
var __moduleCache;
|
|
49
|
+
var __returnValue = (v) => v;
|
|
50
|
+
function __exportSetter(name, newValue) {
|
|
51
|
+
this[name] = __returnValue.bind(null, newValue);
|
|
52
|
+
}
|
|
53
|
+
var __export = (target, all) => {
|
|
54
|
+
for (var name in all)
|
|
55
|
+
__defProp(target, name, {
|
|
56
|
+
get: all[name],
|
|
57
|
+
enumerable: true,
|
|
58
|
+
configurable: true,
|
|
59
|
+
set: __exportSetter.bind(all, name)
|
|
60
|
+
});
|
|
61
|
+
};
|
|
62
|
+
|
|
63
|
+
// src/client.ts
|
|
64
|
+
var exports_client = {};
|
|
65
|
+
__export(exports_client, {
|
|
66
|
+
auditLogClient: () => auditLogClient
|
|
67
|
+
});
|
|
68
|
+
module.exports = __toCommonJS(exports_client);
|
|
69
|
+
var auditLogClient = () => ({
|
|
70
|
+
id: "audit-log",
|
|
71
|
+
$InferServerPlugin: {},
|
|
72
|
+
pathMethods: {
|
|
73
|
+
"/audit-log/list": "GET",
|
|
74
|
+
"/audit-log/:id": "GET",
|
|
75
|
+
"/audit-log/insert": "POST"
|
|
76
|
+
}
|
|
77
|
+
});
|
package/dist/client.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { auditLog } from "./plugin";
|
|
2
|
+
export declare const auditLogClient: () => {
|
|
3
|
+
id: "audit-log";
|
|
4
|
+
$InferServerPlugin: ReturnType<typeof auditLog>;
|
|
5
|
+
pathMethods: {
|
|
6
|
+
"/audit-log/list": "GET";
|
|
7
|
+
"/audit-log/:id": "GET";
|
|
8
|
+
"/audit-log/insert": "POST";
|
|
9
|
+
};
|
|
10
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,cAAc;;wBAGG,UAAU,CAAC,OAAO,QAAQ,CAAC;;;;;;CAMpB,CAAC"}
|
package/dist/client.js
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import type { AuditLogEntry, ResolvedOptions } from "../types";
|
|
2
|
+
export declare function createGetLogEndpoint(opts: ResolvedOptions, modelName: string): import("better-call").StrictEndpoint<"/audit-log/:id", {
|
|
3
|
+
method: "GET";
|
|
4
|
+
use: ((inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<{
|
|
5
|
+
session: {
|
|
6
|
+
session: Record<string, any> & {
|
|
7
|
+
id: string;
|
|
8
|
+
createdAt: Date;
|
|
9
|
+
updatedAt: Date;
|
|
10
|
+
userId: string;
|
|
11
|
+
expiresAt: Date;
|
|
12
|
+
token: string;
|
|
13
|
+
ipAddress?: string | null | undefined;
|
|
14
|
+
userAgent?: string | null | undefined;
|
|
15
|
+
};
|
|
16
|
+
user: Record<string, any> & {
|
|
17
|
+
id: string;
|
|
18
|
+
createdAt: Date;
|
|
19
|
+
updatedAt: Date;
|
|
20
|
+
email: string;
|
|
21
|
+
emailVerified: boolean;
|
|
22
|
+
name: string;
|
|
23
|
+
image?: string | null | undefined;
|
|
24
|
+
};
|
|
25
|
+
};
|
|
26
|
+
}>)[];
|
|
27
|
+
}, AuditLogEntry>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-log.d.ts","sourceRoot":"","sources":["../../src/endpoints/get-log.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG/D,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;;;;;;;;;;;yBAkEgG,CAAC;yBAA4C,CAAC;;;;;;;;;qBAAwN,CAAC;;;;kBADnb"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/endpoints/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
import type { ResolvedOptions } from "../types";
|
|
3
|
+
export declare function createInsertLogEndpoint(opts: ResolvedOptions, modelName: string): import("better-call").StrictEndpoint<"/audit-log/insert", {
|
|
4
|
+
method: "POST";
|
|
5
|
+
use: ((inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<{
|
|
6
|
+
session: {
|
|
7
|
+
session: Record<string, any> & {
|
|
8
|
+
id: string;
|
|
9
|
+
createdAt: Date;
|
|
10
|
+
updatedAt: Date;
|
|
11
|
+
userId: string;
|
|
12
|
+
expiresAt: Date;
|
|
13
|
+
token: string;
|
|
14
|
+
ipAddress?: string | null | undefined;
|
|
15
|
+
userAgent?: string | null | undefined;
|
|
16
|
+
};
|
|
17
|
+
user: Record<string, any> & {
|
|
18
|
+
id: string;
|
|
19
|
+
createdAt: Date;
|
|
20
|
+
updatedAt: Date;
|
|
21
|
+
email: string;
|
|
22
|
+
emailVerified: boolean;
|
|
23
|
+
name: string;
|
|
24
|
+
image?: string | null | undefined;
|
|
25
|
+
};
|
|
26
|
+
};
|
|
27
|
+
}>)[];
|
|
28
|
+
body: z.ZodObject<{
|
|
29
|
+
action: z.ZodString;
|
|
30
|
+
status: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
|
|
31
|
+
success: "success";
|
|
32
|
+
failed: "failed";
|
|
33
|
+
}>>>;
|
|
34
|
+
severity: z.ZodOptional<z.ZodEnum<{
|
|
35
|
+
low: "low";
|
|
36
|
+
medium: "medium";
|
|
37
|
+
high: "high";
|
|
38
|
+
critical: "critical";
|
|
39
|
+
}>>;
|
|
40
|
+
metadata: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
|
|
41
|
+
}, z.core.$strip>;
|
|
42
|
+
}, {
|
|
43
|
+
success: boolean;
|
|
44
|
+
}>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"insert-log.d.ts","sourceRoot":"","sources":["../../src/endpoints/insert-log.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAIhD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;;;;;;;;;;;yBAmDkU,CAAC;yBAA4C,CAAC;;;;;;;;;qBAAwN,CAAC;;;;;;;;;;;;;;;;;;;;GADxpB"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
import type { ResolvedOptions } from "../types";
|
|
3
|
+
export declare function createListLogsEndpoint(opts: ResolvedOptions, modelName: string): import("better-call").StrictEndpoint<"/audit-log/list", {
|
|
4
|
+
method: "GET";
|
|
5
|
+
use: ((inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<{
|
|
6
|
+
session: {
|
|
7
|
+
session: Record<string, any> & {
|
|
8
|
+
id: string;
|
|
9
|
+
createdAt: Date;
|
|
10
|
+
updatedAt: Date;
|
|
11
|
+
userId: string;
|
|
12
|
+
expiresAt: Date;
|
|
13
|
+
token: string;
|
|
14
|
+
ipAddress?: string | null | undefined;
|
|
15
|
+
userAgent?: string | null | undefined;
|
|
16
|
+
};
|
|
17
|
+
user: Record<string, any> & {
|
|
18
|
+
id: string;
|
|
19
|
+
createdAt: Date;
|
|
20
|
+
updatedAt: Date;
|
|
21
|
+
email: string;
|
|
22
|
+
emailVerified: boolean;
|
|
23
|
+
name: string;
|
|
24
|
+
image?: string | null | undefined;
|
|
25
|
+
};
|
|
26
|
+
};
|
|
27
|
+
}>)[];
|
|
28
|
+
query: z.ZodObject<{
|
|
29
|
+
userId: z.ZodOptional<z.ZodString>;
|
|
30
|
+
action: z.ZodOptional<z.ZodString>;
|
|
31
|
+
status: z.ZodOptional<z.ZodEnum<{
|
|
32
|
+
success: "success";
|
|
33
|
+
failed: "failed";
|
|
34
|
+
}>>;
|
|
35
|
+
from: z.ZodOptional<z.ZodString>;
|
|
36
|
+
to: z.ZodOptional<z.ZodString>;
|
|
37
|
+
limit: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
|
|
38
|
+
offset: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
|
|
39
|
+
}, z.core.$strip>;
|
|
40
|
+
}, import("..").StorageReadResult>;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"list-logs.d.ts","sourceRoot":"","sources":["../../src/endpoints/list-logs.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAiB,eAAe,EAAsB,MAAM,UAAU,CAAC;AAGnF,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;;;;;;;;;;;yBA0DhB,CAAC;yBAGtD,CAAT;;;;;;;;;qBAMS,CAAJ;;;;;;;;;;;;;;;;mCAyCL"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { HookEndpointContext } from "@better-auth/core";
|
|
2
|
+
import type { ResolvedOptions } from "../types";
|
|
3
|
+
export declare function createAfterHooks(opts: ResolvedOptions, modelName: string): {
|
|
4
|
+
matcher: (context: HookEndpointContext) => boolean;
|
|
5
|
+
handler: (inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<void>;
|
|
6
|
+
}[];
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"after.d.ts","sourceRoot":"","sources":["../../src/hooks/after.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAkB,eAAe,EAAE,MAAM,UAAU,CAAC;AAGhE,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;uBAGhD,mBAAmB;;IAmD3C"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { HookEndpointContext } from "@better-auth/core";
|
|
2
|
+
import type { ResolvedOptions } from "../types";
|
|
3
|
+
export declare function createBeforeHooks(opts: ResolvedOptions, modelName: string): {
|
|
4
|
+
matcher: (context: HookEndpointContext) => boolean;
|
|
5
|
+
handler: (inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<void>;
|
|
6
|
+
}[];
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"before.d.ts","sourceRoot":"","sources":["../../src/hooks/before.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAGhD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;uBAGjD,mBAAmB;;IA2B3C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC"}
|