@stotles/better-auth-audit-logs 0.4.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +319 -0
  3. package/dist/adapters/index.d.ts +1 -0
  4. package/dist/adapters/index.d.ts.map +1 -0
  5. package/dist/adapters/memory.d.ts +13 -0
  6. package/dist/adapters/memory.d.ts.map +1 -0
  7. package/dist/client.cjs +77 -0
  8. package/dist/client.d.ts +10 -0
  9. package/dist/client.d.ts.map +1 -0
  10. package/dist/client.js +13 -0
  11. package/dist/endpoints/get-log.d.ts +27 -0
  12. package/dist/endpoints/get-log.d.ts.map +1 -0
  13. package/dist/endpoints/index.d.ts +3 -0
  14. package/dist/endpoints/index.d.ts.map +1 -0
  15. package/dist/endpoints/insert-log.d.ts +44 -0
  16. package/dist/endpoints/insert-log.d.ts.map +1 -0
  17. package/dist/endpoints/list-logs.d.ts +40 -0
  18. package/dist/endpoints/list-logs.d.ts.map +1 -0
  19. package/dist/hooks/after.d.ts +6 -0
  20. package/dist/hooks/after.d.ts.map +1 -0
  21. package/dist/hooks/before.d.ts +6 -0
  22. package/dist/hooks/before.d.ts.map +1 -0
  23. package/dist/hooks/index.d.ts +2 -0
  24. package/dist/hooks/index.d.ts.map +1 -0
  25. package/dist/index.cjs +828 -0
  26. package/dist/index.d.ts +4 -0
  27. package/dist/index.d.ts.map +1 -0
  28. package/dist/index.js +762 -0
  29. package/dist/internal.d.ts +16 -0
  30. package/dist/internal.d.ts.map +1 -0
  31. package/dist/plugin.d.ts +180 -0
  32. package/dist/plugin.d.ts.map +1 -0
  33. package/dist/schema.d.ts +109 -0
  34. package/dist/schema.d.ts.map +1 -0
  35. package/dist/types.d.ts +102 -0
  36. package/dist/types.d.ts.map +1 -0
  37. package/dist/utils/index.d.ts +7 -0
  38. package/dist/utils/index.d.ts.map +1 -0
  39. package/dist/utils/normalize-path.d.ts +1 -0
  40. package/dist/utils/normalize-path.d.ts.map +1 -0
  41. package/dist/utils/parse-metadata.d.ts +8 -0
  42. package/dist/utils/parse-metadata.d.ts.map +1 -0
  43. package/dist/utils/request-meta.d.ts +9 -0
  44. package/dist/utils/request-meta.d.ts.map +1 -0
  45. package/dist/utils/retry.d.ts +8 -0
  46. package/dist/utils/retry.d.ts.map +1 -0
  47. package/dist/utils/sanitize.d.ts +3 -0
  48. package/dist/utils/sanitize.d.ts.map +1 -0
  49. package/dist/utils/severity.d.ts +2 -0
  50. package/dist/utils/severity.d.ts.map +1 -0
  51. package/dist/utils/validate-entry.d.ts +8 -0
  52. package/dist/utils/validate-entry.d.ts.map +1 -0
  53. package/dist/utils/validate-metadata.d.ts +10 -0
  54. package/dist/utils/validate-metadata.d.ts.map +1 -0
  55. package/package.json +72 -0
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Ejiro Asiuwhu
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,319 @@
1
+ # @stotles/better-auth-audit-logs
2
+
3
+ [![npm version](https://img.shields.io/npm/v/@stotles/better-auth-audit-logs)](https://www.npmjs.com/package/@stotles/better-auth-audit-logs)
4
+ [![npm downloads](https://img.shields.io/npm/dm/@stotles/better-auth-audit-logs)](https://www.npmjs.com/package/@stotles/better-auth-audit-logs)
5
+ [![license](https://img.shields.io/npm/l/@stotles/better-auth-audit-logs)](https://github.com/Stotles/better-auth-audit-logs/blob/main/LICENSE)
6
+
7
+ Audit log plugin for [Better Auth](https://better-auth.com). Automatically captures auth events with IP, user agent, and severity — zero config required.
8
+
9
+ **Requires** `better-auth >= 1.0.0` and `typescript >= 5`.
10
+
11
+ ## Quick start
12
+
13
+ ```bash
14
+ npm install @stotles/better-auth-audit-logs
15
+ ```
16
+
17
+ ```ts
18
+ import { betterAuth } from "better-auth";
19
+ import { auditLog } from "@stotles/better-auth-audit-logs";
20
+
21
+ export const auth = betterAuth({
22
+ plugins: [auditLog()],
23
+ });
24
+ ```
25
+
26
+ Then generate and run the migration:
27
+
28
+ ```bash
29
+ npx @better-auth/cli generate
30
+ ```
31
+
32
+ That's it. All auth events are now logged automatically.
33
+
34
+ ## Schema
35
+
36
+ The plugin adds an `auditLog` table. If you prefer to manage your schema manually, copy the relevant definition:
37
+
38
+ <details>
39
+ <summary>Prisma</summary>
40
+
41
+ ```prisma
42
+ model AuditLog {
43
+ id String @id @default(cuid())
44
+ userId String?
45
+ action String
46
+ status String
47
+ severity String
48
+ ipAddress String?
49
+ userAgent String?
50
+ metadata String?
51
+ createdAt DateTime @default(now())
52
+
53
+ user User? @relation(fields: [userId], references: [id], onDelete: SetNull)
54
+
55
+ @@index([userId])
56
+ @@index([action])
57
+ @@index([createdAt])
58
+ @@map("auditLog")
59
+ }
60
+ ```
61
+
62
+ </details>
63
+
64
+ <details>
65
+ <summary>Drizzle</summary>
66
+
67
+ ```ts
68
+ import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
69
+ import { user } from "./auth-schema"; // your existing user table
70
+
71
+ export const auditLog = sqliteTable("auditLog", {
72
+ id: text("id").primaryKey(),
73
+ userId: text("userId").references(() => user.id, { onDelete: "set null" }),
74
+ action: text("action").notNull(),
75
+ status: text("status").notNull(),
76
+ severity: text("severity").notNull(),
77
+ ipAddress: text("ipAddress"),
78
+ userAgent: text("userAgent"),
79
+ metadata: text("metadata"),
80
+ createdAt: integer("createdAt", { mode: "timestamp" }).notNull(),
81
+ });
82
+ ```
83
+
84
+ </details>
85
+
86
+ <details>
87
+ <summary>MongoDB</summary>
88
+
89
+ ```ts
90
+ // Collection: auditLog
91
+ {
92
+ _id: ObjectId,
93
+ userId: String | null, // references user collection
94
+ action: String, // e.g. "sign-in:email"
95
+ status: String, // "success" | "failed"
96
+ severity: String, // "low" | "medium" | "high" | "critical"
97
+ ipAddress: String | null,
98
+ userAgent: String | null,
99
+ metadata: String | null, // JSON string
100
+ createdAt: Date
101
+ }
102
+
103
+ // Recommended indexes
104
+ db.auditLog.createIndex({ userId: 1 })
105
+ db.auditLog.createIndex({ action: 1 })
106
+ db.auditLog.createIndex({ createdAt: 1 })
107
+ ```
108
+
109
+ </details>
110
+
111
+ ## Client plugin
112
+
113
+ ```ts
114
+ import { createAuthClient } from "better-auth/client";
115
+ import { auditLogClient } from "@stotles/better-auth-audit-logs/client";
116
+
117
+ export const authClient = createAuthClient({
118
+ plugins: [auditLogClient()],
119
+ });
120
+ ```
121
+
122
+ ```ts
123
+ // List recent failed sign-ins
124
+ const { data } = await authClient.auditLog.listAuditLogs({
125
+ query: { status: "failed", limit: 20 },
126
+ });
127
+
128
+ // Single entry by ID
129
+ const { data: entry } = await authClient.auditLog.getAuditLog({
130
+ params: { id: "log-entry-id" },
131
+ });
132
+
133
+ // Manually log custom events (admin actions, data exports, etc.)
134
+ await authClient.auditLog.insertAuditLog({
135
+ action: "admin:user-export",
136
+ status: "success",
137
+ severity: "high",
138
+ metadata: { exportedCount: 500 },
139
+ });
140
+ ```
141
+
142
+ ## What gets logged
143
+
144
+ All auth `POST` endpoints are captured by default:
145
+
146
+ | Event | Path | Hook |
147
+ |---|---|---|
148
+ | Sign in | `/sign-in/email`, `/sign-in/social` | after |
149
+ | Sign up | `/sign-up/email` | after |
150
+ | Change/reset password | `/change-password`, `/reset-password` | after |
151
+ | Change email | `/change-email` | after |
152
+ | Two-factor | `/two-factor/*` | after |
153
+ | OAuth callback | `/oauth/callback` | after |
154
+ | Sign out | `/sign-out` | **before** |
155
+ | Delete account | `/delete-user` | **before** |
156
+ | Revoke session | `/revoke-session`, `/revoke-sessions`, `/revoke-other-sessions` | **before** |
157
+
158
+ "Before" hooks fire for destructive events where the session would be lost after execution.
159
+
160
+ Severity is inferred automatically (`critical` for ban/impersonate, `high` for delete/revoke/failed sign-in, `medium` for sign-in/out, `low` for everything else) and can be overridden per-path.
161
+
162
+ ## Configuration
163
+
164
+ All options are optional:
165
+
166
+ ```ts
167
+ auditLog({
168
+ enabled: true, // disable without removing the plugin
169
+ nonBlocking: false, // fire-and-forget — never blocks auth responses
170
+
171
+ // restrict to specific paths (empty = capture all)
172
+ paths: [
173
+ "/sign-in/email",
174
+ { path: "/delete-user", config: { severity: "high", capture: { requestBody: true } } },
175
+ ],
176
+
177
+ capture: {
178
+ ipAddress: true, // capture client IP
179
+ userAgent: true, // capture User-Agent header
180
+ requestBody: false, // include request body in metadata
181
+ },
182
+
183
+ piiRedaction: {
184
+ enabled: false, // redact sensitive fields when requestBody is captured
185
+ strategy: "mask", // "mask" (***) | "hash" (SHA-256) | "remove" (delete key)
186
+ fields: ["password"], // defaults: password, token, secret, apiKey, otp, etc.
187
+ },
188
+
189
+ retention: {
190
+ enabled: false, // enable scheduled cleanup
191
+ days: 90, // delete entries older than N days
192
+ },
193
+
194
+ // intercept before write — return null to suppress. Receives the endpoint
195
+ // ctx as a second argument, so you can resolve the session or read the request.
196
+ beforeLog: async (entry, ctx) => {
197
+ if (entry.userId === "service-account") return null;
198
+ return entry;
199
+ },
200
+
201
+ // called after each successful write
202
+ afterLog: async (entry) => {
203
+ await analytics.track("auth.event", entry);
204
+ },
205
+
206
+ storage: undefined, // custom storage backend (see below)
207
+ })
208
+ ```
209
+
210
+ To override the DB model name, pass `schema: { auditLog: { modelName: "your_table_name" } }`.
211
+
212
+ ## Adding additional metadata to log entries
213
+
214
+ `beforeLog` is the injection point for extra per-entry data. Because it receives the
215
+ endpoint `ctx`, you can resolve the session and stash a value such as the active
216
+ organization into `metadata` — which is stored as JSON and returned intact:
217
+
218
+ ```ts
219
+ import { getSessionFromCtx } from "better-auth/api";
220
+
221
+ auditLog({
222
+ beforeLog: async (entry, ctx) => {
223
+ const session = await getSessionFromCtx(ctx);
224
+ return {
225
+ ...entry,
226
+ metadata: {
227
+ ...entry.metadata,
228
+ activeOrganizationId: session?.session?.activeOrganizationId ?? null,
229
+ },
230
+ };
231
+ },
232
+ });
233
+ ```
234
+
235
+ ## Custom storage
236
+
237
+ Route writes to any external backend instead of Better Auth's database:
238
+
239
+ ```ts
240
+ import { auditLog, type AuditLogStorage } from "@stotles/better-auth-audit-logs";
241
+
242
+ const clickhouse: AuditLogStorage = {
243
+ async write(entry) {
244
+ await fetch("https://ch.example.com/insert", {
245
+ method: "POST",
246
+ body: JSON.stringify(entry),
247
+ });
248
+ },
249
+ // Optional — enables the query endpoints to work with your backend
250
+ async read(options) { /* ... */ },
251
+ async readById(id) { /* ... */ },
252
+ };
253
+
254
+ auditLog({ storage: clickhouse })
255
+ ```
256
+
257
+ A `MemoryStorage` adapter is included for testing:
258
+
259
+ ```ts
260
+ import { auditLog, MemoryStorage } from "@stotles/better-auth-audit-logs";
261
+
262
+ const storage = new MemoryStorage();
263
+ const auth = betterAuth({ plugins: [auditLog({ storage })] });
264
+
265
+ // assert in tests
266
+ expect(storage.entries).toHaveLength(1);
267
+ expect(storage.entries[0].action).toBe("sign-in:email");
268
+ ```
269
+
270
+ ## API endpoints
271
+
272
+ Three endpoints are registered under `/audit-log/`, all requiring an active session. Rate limited to 60 req/min.
273
+
274
+ | Endpoint | Method | Description |
275
+ |---|---|---|
276
+ | `/audit-log/list` | `GET` | Paginated entries |
277
+ | `/audit-log/:id` | `GET` | Single entry by ID |
278
+ | `/audit-log/insert` | `POST` | Manually insert a custom event |
279
+
280
+ **Query parameters** for `GET /audit-log/list`:
281
+
282
+ | Parameter | Type | Default |
283
+ |---|---|---|
284
+ | `userId` | `string` | session user |
285
+ | `action` | `string` | — |
286
+ | `status` | `"success" \| "failed"` | — |
287
+ | `from` | ISO date string | — |
288
+ | `to` | ISO date string | — |
289
+ | `limit` | `number` | `50` (max 500) |
290
+ | `offset` | `number` | `0` |
291
+
292
+ ## Design decisions
293
+
294
+ - **Entries survive user deletion** — `userId` uses `ON DELETE SET NULL`. Deleting a user does not erase their audit trail.
295
+ - **`userAgent` is not returned in API responses** — stored for forensics but excluded from client queries by default.
296
+ - **Failed sign-ins have `userId: null`** — the user isn't authenticated yet, so there's no session to pull from.
297
+
298
+ ## Recommended production config
299
+
300
+ ```ts
301
+ auditLog({
302
+ nonBlocking: true,
303
+ piiRedaction: { enabled: true, strategy: "hash" },
304
+ retention: { enabled: true, days: 90 },
305
+ afterLog: async (entry) => {
306
+ if (entry.severity === "critical" || entry.severity === "high") {
307
+ await alerting.emit(entry);
308
+ }
309
+ },
310
+ })
311
+ ```
312
+
313
+ ## Acknowledgments
314
+
315
+ This plugin was inspired by the audit log design shared by [@Re4GD](https://github.com/Re4GD) in [better-auth/better-auth#1184](https://github.com/better-auth/better-auth/issues/1184). Additional inspiration from [@issamwahbi](https://github.com/issamwahbi) ([#3592](https://github.com/better-auth/better-auth/discussions/3592)) and [@ItsProless](https://github.com/ItsProless) ([#7952](https://github.com/better-auth/better-auth/discussions/7952)).
316
+
317
+ ## License
318
+
319
+ [MIT](./LICENSE)
@@ -0,0 +1 @@
1
+ export { MemoryStorage } from "./memory";
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}
@@ -0,0 +1,13 @@
1
+ import type { AuditLogEntry, AuditLogStorage, StorageReadOptions, StorageReadResult } from "../types";
2
+ export interface MemoryStorageOptions {
3
+ maxEntries?: number;
4
+ }
5
+ export declare class MemoryStorage implements AuditLogStorage {
6
+ readonly entries: AuditLogEntry[];
7
+ private readonly maxEntries;
8
+ constructor(opts?: MemoryStorageOptions);
9
+ write(entry: AuditLogEntry): Promise<void>;
10
+ read(opts: StorageReadOptions): Promise<StorageReadResult>;
11
+ readById(id: string): Promise<AuditLogEntry | null>;
12
+ deleteOlderThan(date: Date): Promise<number>;
13
+ }
@@ -0,0 +1 @@
1
+ {"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../src/adapters/memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EAClB,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID,qBAAa,aAAc,YAAW,eAAe;IACnD,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,CAAM;IACvC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,IAAI,CAAC,EAAE,oBAAoB;IAIjC,KAAK,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAS1C,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAmB1D,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAInD,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC;CAOnD"}
@@ -0,0 +1,77 @@
1
+ var __create = Object.create;
2
+ var __getProtoOf = Object.getPrototypeOf;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
6
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
7
+ function __accessProp(key) {
8
+ return this[key];
9
+ }
10
+ var __toESMCache_node;
11
+ var __toESMCache_esm;
12
+ var __toESM = (mod, isNodeMode, target) => {
13
+ var canCache = mod != null && typeof mod === "object";
14
+ if (canCache) {
15
+ var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
16
+ var cached = cache.get(mod);
17
+ if (cached)
18
+ return cached;
19
+ }
20
+ target = mod != null ? __create(__getProtoOf(mod)) : {};
21
+ const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
22
+ for (let key of __getOwnPropNames(mod))
23
+ if (!__hasOwnProp.call(to, key))
24
+ __defProp(to, key, {
25
+ get: __accessProp.bind(mod, key),
26
+ enumerable: true
27
+ });
28
+ if (canCache)
29
+ cache.set(mod, to);
30
+ return to;
31
+ };
32
+ var __toCommonJS = (from) => {
33
+ var entry = (__moduleCache ??= new WeakMap).get(from), desc;
34
+ if (entry)
35
+ return entry;
36
+ entry = __defProp({}, "__esModule", { value: true });
37
+ if (from && typeof from === "object" || typeof from === "function") {
38
+ for (var key of __getOwnPropNames(from))
39
+ if (!__hasOwnProp.call(entry, key))
40
+ __defProp(entry, key, {
41
+ get: __accessProp.bind(from, key),
42
+ enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
43
+ });
44
+ }
45
+ __moduleCache.set(from, entry);
46
+ return entry;
47
+ };
48
+ var __moduleCache;
49
+ var __returnValue = (v) => v;
50
+ function __exportSetter(name, newValue) {
51
+ this[name] = __returnValue.bind(null, newValue);
52
+ }
53
+ var __export = (target, all) => {
54
+ for (var name in all)
55
+ __defProp(target, name, {
56
+ get: all[name],
57
+ enumerable: true,
58
+ configurable: true,
59
+ set: __exportSetter.bind(all, name)
60
+ });
61
+ };
62
+
63
+ // src/client.ts
64
+ var exports_client = {};
65
+ __export(exports_client, {
66
+ auditLogClient: () => auditLogClient
67
+ });
68
+ module.exports = __toCommonJS(exports_client);
69
+ var auditLogClient = () => ({
70
+ id: "audit-log",
71
+ $InferServerPlugin: {},
72
+ pathMethods: {
73
+ "/audit-log/list": "GET",
74
+ "/audit-log/:id": "GET",
75
+ "/audit-log/insert": "POST"
76
+ }
77
+ });
@@ -0,0 +1,10 @@
1
+ import type { auditLog } from "./plugin";
2
+ export declare const auditLogClient: () => {
3
+ id: "audit-log";
4
+ $InferServerPlugin: ReturnType<typeof auditLog>;
5
+ pathMethods: {
6
+ "/audit-log/list": "GET";
7
+ "/audit-log/:id": "GET";
8
+ "/audit-log/insert": "POST";
9
+ };
10
+ };
@@ -0,0 +1 @@
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,cAAc;;wBAGG,UAAU,CAAC,OAAO,QAAQ,CAAC;;;;;;CAMpB,CAAC"}
package/dist/client.js ADDED
@@ -0,0 +1,13 @@
1
+ // src/client.ts
2
+ var auditLogClient = () => ({
3
+ id: "audit-log",
4
+ $InferServerPlugin: {},
5
+ pathMethods: {
6
+ "/audit-log/list": "GET",
7
+ "/audit-log/:id": "GET",
8
+ "/audit-log/insert": "POST"
9
+ }
10
+ });
11
+ export {
12
+ auditLogClient
13
+ };
@@ -0,0 +1,27 @@
1
+ import type { AuditLogEntry, ResolvedOptions } from "../types";
2
+ export declare function createGetLogEndpoint(opts: ResolvedOptions, modelName: string): import("better-call").StrictEndpoint<"/audit-log/:id", {
3
+ method: "GET";
4
+ use: ((inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<{
5
+ session: {
6
+ session: Record<string, any> & {
7
+ id: string;
8
+ createdAt: Date;
9
+ updatedAt: Date;
10
+ userId: string;
11
+ expiresAt: Date;
12
+ token: string;
13
+ ipAddress?: string | null | undefined;
14
+ userAgent?: string | null | undefined;
15
+ };
16
+ user: Record<string, any> & {
17
+ id: string;
18
+ createdAt: Date;
19
+ updatedAt: Date;
20
+ email: string;
21
+ emailVerified: boolean;
22
+ name: string;
23
+ image?: string | null | undefined;
24
+ };
25
+ };
26
+ }>)[];
27
+ }, AuditLogEntry>;
@@ -0,0 +1 @@
1
+ {"version":3,"file":"get-log.d.ts","sourceRoot":"","sources":["../../src/endpoints/get-log.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG/D,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;;;;;;;;;;;yBAkEgG,CAAC;yBAA4C,CAAC;;;;;;;;;qBAAwN,CAAC;;;;kBADnb"}
@@ -0,0 +1,3 @@
1
+ export { createListLogsEndpoint } from "./list-logs";
2
+ export { createGetLogEndpoint } from "./get-log";
3
+ export { createInsertLogEndpoint } from "./insert-log";
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/endpoints/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC"}
@@ -0,0 +1,44 @@
1
+ import { z } from "zod";
2
+ import type { ResolvedOptions } from "../types";
3
+ export declare function createInsertLogEndpoint(opts: ResolvedOptions, modelName: string): import("better-call").StrictEndpoint<"/audit-log/insert", {
4
+ method: "POST";
5
+ use: ((inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<{
6
+ session: {
7
+ session: Record<string, any> & {
8
+ id: string;
9
+ createdAt: Date;
10
+ updatedAt: Date;
11
+ userId: string;
12
+ expiresAt: Date;
13
+ token: string;
14
+ ipAddress?: string | null | undefined;
15
+ userAgent?: string | null | undefined;
16
+ };
17
+ user: Record<string, any> & {
18
+ id: string;
19
+ createdAt: Date;
20
+ updatedAt: Date;
21
+ email: string;
22
+ emailVerified: boolean;
23
+ name: string;
24
+ image?: string | null | undefined;
25
+ };
26
+ };
27
+ }>)[];
28
+ body: z.ZodObject<{
29
+ action: z.ZodString;
30
+ status: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
31
+ success: "success";
32
+ failed: "failed";
33
+ }>>>;
34
+ severity: z.ZodOptional<z.ZodEnum<{
35
+ low: "low";
36
+ medium: "medium";
37
+ high: "high";
38
+ critical: "critical";
39
+ }>>;
40
+ metadata: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>>;
41
+ }, z.core.$strip>;
42
+ }, {
43
+ success: boolean;
44
+ }>;
@@ -0,0 +1 @@
1
+ {"version":3,"file":"insert-log.d.ts","sourceRoot":"","sources":["../../src/endpoints/insert-log.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAIhD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;;;;;;;;;;;yBAmDkU,CAAC;yBAA4C,CAAC;;;;;;;;;qBAAwN,CAAC;;;;;;;;;;;;;;;;;;;;GADxpB"}
@@ -0,0 +1,40 @@
1
+ import { z } from "zod";
2
+ import type { ResolvedOptions } from "../types";
3
+ export declare function createListLogsEndpoint(opts: ResolvedOptions, modelName: string): import("better-call").StrictEndpoint<"/audit-log/list", {
4
+ method: "GET";
5
+ use: ((inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<{
6
+ session: {
7
+ session: Record<string, any> & {
8
+ id: string;
9
+ createdAt: Date;
10
+ updatedAt: Date;
11
+ userId: string;
12
+ expiresAt: Date;
13
+ token: string;
14
+ ipAddress?: string | null | undefined;
15
+ userAgent?: string | null | undefined;
16
+ };
17
+ user: Record<string, any> & {
18
+ id: string;
19
+ createdAt: Date;
20
+ updatedAt: Date;
21
+ email: string;
22
+ emailVerified: boolean;
23
+ name: string;
24
+ image?: string | null | undefined;
25
+ };
26
+ };
27
+ }>)[];
28
+ query: z.ZodObject<{
29
+ userId: z.ZodOptional<z.ZodString>;
30
+ action: z.ZodOptional<z.ZodString>;
31
+ status: z.ZodOptional<z.ZodEnum<{
32
+ success: "success";
33
+ failed: "failed";
34
+ }>>;
35
+ from: z.ZodOptional<z.ZodString>;
36
+ to: z.ZodOptional<z.ZodString>;
37
+ limit: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
38
+ offset: z.ZodDefault<z.ZodOptional<z.ZodCoercedNumber<unknown>>>;
39
+ }, z.core.$strip>;
40
+ }, import("..").StorageReadResult>;
@@ -0,0 +1 @@
1
+ {"version":3,"file":"list-logs.d.ts","sourceRoot":"","sources":["../../src/endpoints/list-logs.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAiB,eAAe,EAAsB,MAAM,UAAU,CAAC;AAGnF,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;;;;;;;;;;;yBA0DhB,CAAC;yBAGtD,CAAT;;;;;;;;;qBAMS,CAAJ;;;;;;;;;;;;;;;;mCAyCL"}
@@ -0,0 +1,6 @@
1
+ import type { HookEndpointContext } from "@better-auth/core";
2
+ import type { ResolvedOptions } from "../types";
3
+ export declare function createAfterHooks(opts: ResolvedOptions, modelName: string): {
4
+ matcher: (context: HookEndpointContext) => boolean;
5
+ handler: (inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<void>;
6
+ }[];
@@ -0,0 +1 @@
1
+ {"version":3,"file":"after.d.ts","sourceRoot":"","sources":["../../src/hooks/after.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAkB,eAAe,EAAE,MAAM,UAAU,CAAC;AAGhE,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;uBAGhD,mBAAmB;;IAmD3C"}
@@ -0,0 +1,6 @@
1
+ import type { HookEndpointContext } from "@better-auth/core";
2
+ import type { ResolvedOptions } from "../types";
3
+ export declare function createBeforeHooks(opts: ResolvedOptions, modelName: string): {
4
+ matcher: (context: HookEndpointContext) => boolean;
5
+ handler: (inputContext: import("better-call").MiddlewareInputContext<import("better-call").MiddlewareOptions>) => Promise<void>;
6
+ }[];
@@ -0,0 +1 @@
1
+ {"version":3,"file":"before.d.ts","sourceRoot":"","sources":["../../src/hooks/before.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAGhD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM;uBAGjD,mBAAmB;;IA2B3C"}
@@ -0,0 +1,2 @@
1
+ export { createBeforeHooks } from "./before";
2
+ export { createAfterHooks } from "./after";
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC"}