@stratal/framework 0.0.21 → 0.0.22

package/dist/auth/index.mjs

@@ -1,16 +1,13 @@
-import { n as createStratalAcPlugin, t as AccessService } from "../access.service-Cb99esfz.mjs";
+import { n as createStratalAcPlugin, t as AccessService } from "../access.service-DWRsDLJq.mjs";
 import { n as AC_TOKENS, t as __decorateParam } from "../decorateParam-C_dJ_dIO.mjs";
-import { t as __decorateMetadata } from "../decorateMetadata-D5WUsc6Y.mjs";
-import { t as __decorate } from "../decorate-DViXs-0l.mjs";
-import { t as AuthContext } from "../auth-context-HLwuOl51.mjs";
-import { CONTAINER_TOKEN, DI_TOKENS, Transient } from "stratal/di";
-import { I18nModule } from "stratal/i18n";
+import { t as __decorate } from "../decorate-7CAoTBu4.mjs";
+import { t as AuthContext } from "../auth-context-CObJcW0t.mjs";
+import { CONTAINER_TOKEN, DI_TOKENS, Request, Transient, inject } from "stratal/di";
 import { Module } from "stratal/module";
 import { RATE_LIMITER_TOKENS, RateLimiterRegistry } from "stratal/rate-limiter";
-import { ApplicationError, ERROR_CODES } from "stratal/errors";
+import { AuthError, HttpException } from "stratal/errors";
 import { LOGGER_TOKENS } from "stratal/logger";
-import { inject as inject$1 } from "tsyringe";
-import { betterAuth } from "better-auth";
+import { betterAuth } from "better-auth/minimal";
 import { APIError } from "better-auth/api";
 //#region src/auth/auth.tokens.ts
 /** Token for AuthService - core authentication service */
@@ -18,56 +15,6 @@ const AUTH_SERVICE = Symbol.for("stratal:auth:service");
 /** Token for Better Auth options configuration */
 const AUTH_OPTIONS = Symbol.for("stratal:auth:options");
 //#endregion
-//#region src/auth/i18n/en.ts
-const authMessages = { en: { auth: {
-	errors: {
-		tokenRequired: "Verification token is required",
-		invalidToken: "Invalid or expired verification token",
-		verificationFailed: "Verification failed. Please try again.",
-		userNotFound: "User not found. Please check your credentials.",
-		invalidCredentials: "Invalid email or password",
-		invalidPassword: "Invalid password",
-		invalidEmail: "Invalid email address",
-		sessionExpired: "Your session has expired. Please sign in again.",
-		emailNotVerified: "Please verify your email address before signing in",
-		passwordTooShort: "Password must be at least {minLength} characters",
-		passwordTooLong: "Password must be at most {maxLength} characters",
-		accountAlreadyExists: "An account with this email already exists",
-		failedToCreateUser: "Failed to create user account. Please try again.",
-		failedToCreateSession: "Failed to create session. Please try again.",
-		failedToGetSession: "Failed to retrieve session. Please try again.",
-		failedToUpdateUser: "Failed to update user information. Please try again.",
-		failedToGetUserInfo: "Failed to retrieve user information. Please try again.",
-		socialAccountLinked: "This social account is already linked to another user",
-		providerNotFound: "Authentication provider not found",
-		userEmailNotFound: "User email address not found",
-		accountNotFound: "Account not found",
-		credentialAccountNotFound: "Credential account not found",
-		cannotUnlinkLastAccount: "Cannot unlink your last account",
-		userAlreadyHasPassword: "User already has a password set",
-		emailCannotBeUpdated: "Email address cannot be updated at this time",
-		tokenExpired: "The verification token has expired. Please request a new verification email.",
-		invalidCallbackUrl: "Invalid callback URL",
-		invalidOrigin: "Request origin is not allowed",
-		validationFailed: "Authentication validation failed",
-		emailAlreadyVerified: "Email address is already verified",
-		emailMismatch: "Email address does not match",
-		unknownError: "An authentication error occurred"
-	},
-	org: {
-		organizationNotFound: "Organization not found",
-		memberNotFound: "Member not found",
-		invitationNotFound: "Invitation not found",
-		permissionDenied: "You do not have permission to perform this action",
-		invitationRecipientMismatch: "You are not the recipient of this invitation",
-		conflict: "A resource with this identifier already exists",
-		limitReached: "The maximum limit has been reached",
-		membershipError: "This action cannot be performed due to membership constraints",
-		teamNotFound: "Team not found",
-		roleNotFound: "Role not found"
-	}
-} } };
-//#endregion
 //#region src/auth/middleware/auth-context.middleware.ts
 let AuthContextMiddleware = class AuthContextMiddleware {
 	async handle(ctx, next) {
@@ -99,9 +46,8 @@ let SessionVerificationMiddleware = class SessionVerificationMiddleware {
 };
 SessionVerificationMiddleware = __decorate([
 	Transient(),
-	__decorateParam(0, inject$1(AUTH_SERVICE)),
-	__decorateParam(1, inject$1(LOGGER_TOKENS.LoggerService)),
-	__decorateMetadata("design:paramtypes", [Object, Object])
+	__decorateParam(0, inject(AUTH_SERVICE)),
+	__decorateParam(1, inject(LOGGER_TOKENS.LoggerService))
 ], SessionVerificationMiddleware);
 //#endregion
 //#region src/auth/rate-limit-bridge.ts
@@ -188,227 +134,208 @@ function projectCustomRules(registry) {
 }
 //#endregion
 //#region src/auth/errors/auth-errors.ts
-var UserNotFoundError = class extends ApplicationError {
+var UserNotFoundError = class extends HttpException {
+	email;
 	constructor(email) {
-		super("auth.errors.userNotFound", ERROR_CODES.RESOURCE.NOT_FOUND, email ? { email } : void 0);
+		super(404, "User not found");
+		this.email = email;
 	}
 };
-var InvalidCredentialsError = class extends ApplicationError {
+var InvalidCredentialsError = class extends HttpException {
 	constructor() {
-		super("auth.errors.invalidCredentials", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
+		super(401, "Invalid email or password");
 	}
 };
-var InvalidPasswordError = class extends ApplicationError {
+var InvalidPasswordError = class extends HttpException {
 	constructor() {
-		super("auth.errors.invalidPassword", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
+		super(401, "Invalid password");
 	}
 };
-var InvalidEmailError = class extends ApplicationError {
+var InvalidEmailError = class extends HttpException {
+	email;
 	constructor(email) {
-		super("auth.errors.invalidEmail", ERROR_CODES.VALIDATION.INVALID_FORMAT, email ? { email } : void 0);
+		super(422, "Invalid email address");
+		this.email = email;
 	}
 };
-var SessionExpiredError = class extends ApplicationError {
+var SessionExpiredError = class extends HttpException {
 	constructor() {
-		super("auth.errors.sessionExpired", ERROR_CODES.AUTH.SESSION_EXPIRED);
+		super(401, "Session expired");
 	}
 };
-var EmailNotVerifiedError = class extends ApplicationError {
+var EmailNotVerifiedError = class extends HttpException {
+	email;
 	constructor(email) {
-		super("auth.errors.emailNotVerified", ERROR_CODES.AUTH.EMAIL_NOT_VERIFIED, email ? { email } : void 0);
+		super(403, "Email not verified");
+		this.email = email;
 	}
 };
-var PasswordTooShortError = class extends ApplicationError {
+var PasswordTooShortError = class extends HttpException {
+	minLength;
 	constructor(minLength) {
-		super("auth.errors.passwordTooShort", ERROR_CODES.AUTH.PASSWORD_TOO_SHORT, { minLength });
+		super(422, "Password too short");
+		this.minLength = minLength;
 	}
 };
-var PasswordTooLongError = class extends ApplicationError {
+var PasswordTooLongError = class extends HttpException {
+	maxLength;
 	constructor(maxLength) {
-		super("auth.errors.passwordTooLong", ERROR_CODES.AUTH.PASSWORD_TOO_LONG, { maxLength });
+		super(422, "Password too long");
+		this.maxLength = maxLength;
 	}
 };
-var AccountAlreadyExistsError = class extends ApplicationError {
+var AccountAlreadyExistsError = class extends HttpException {
+	email;
 	constructor(email) {
-		super("auth.errors.accountAlreadyExists", ERROR_CODES.AUTH.ACCOUNT_ALREADY_EXISTS, email ? { email } : void 0);
-	}
-};
-var FailedToCreateUserError = class extends ApplicationError {
-	constructor(reason) {
-		super("auth.errors.failedToCreateUser", ERROR_CODES.AUTH.FAILED_TO_CREATE_USER, reason ? { reason } : void 0);
-	}
-};
-var FailedToCreateSessionError = class extends ApplicationError {
-	constructor(reason) {
-		super("auth.errors.failedToCreateSession", ERROR_CODES.AUTH.FAILED_TO_CREATE_SESSION, reason ? { reason } : void 0);
+		super(409, "Account already exists");
+		this.email = email;
 	}
 };
-var FailedToUpdateUserError = class extends ApplicationError {
-	constructor(reason) {
-		super("auth.errors.failedToUpdateUser", ERROR_CODES.AUTH.FAILED_TO_UPDATE_USER, reason ? { reason } : void 0);
-	}
-};
-var SocialAccountLinkedError = class extends ApplicationError {
+var SocialAccountLinkedError = class extends HttpException {
+	provider;
 	constructor(provider) {
-		super("auth.errors.socialAccountLinked", ERROR_CODES.AUTH.SOCIAL_ACCOUNT_LINKED, provider ? { provider } : void 0);
+		super(409, "Social account already linked");
+		this.provider = provider;
 	}
 };
-var CannotUnlinkLastAccountError = class extends ApplicationError {
+var CannotUnlinkLastAccountError = class extends HttpException {
 	constructor() {
-		super("auth.errors.cannotUnlinkLastAccount", ERROR_CODES.AUTH.CANNOT_UNLINK_LAST_ACCOUNT);
+		super(409, "Cannot unlink last account");
 	}
 };
-var ProviderNotFoundError = class extends ApplicationError {
+var ProviderNotFoundError = class extends HttpException {
+	provider;
 	constructor(provider) {
-		super("auth.errors.providerNotFound", ERROR_CODES.RESOURCE.NOT_FOUND, provider ? { provider } : void 0);
+		super(404, "Authentication provider not found");
+		this.provider = provider;
 	}
 };
-var UserEmailNotFoundError = class extends ApplicationError {
+var UserEmailNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.errors.userEmailNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+		super(404, "User email not found");
 	}
 };
-var AccountNotFoundError = class extends ApplicationError {
+var AccountNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.errors.accountNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+		super(404, "Account not found");
 	}
 };
-var CredentialAccountNotFoundError = class extends ApplicationError {
+var CredentialAccountNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.errors.credentialAccountNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+		super(404, "Credential account not found");
 	}
 };
-var UserAlreadyHasPasswordError = class extends ApplicationError {
+var UserAlreadyHasPasswordError = class extends HttpException {
 	constructor() {
-		super("auth.errors.userAlreadyHasPassword", ERROR_CODES.RESOURCE.CONFLICT);
-	}
-};
-var EmailCannotBeUpdatedError = class extends ApplicationError {
-	constructor(reason) {
-		super("auth.errors.emailCannotBeUpdated", ERROR_CODES.VALIDATION.GENERIC, reason ? { reason } : void 0);
-	}
-};
-var FailedToGetSessionError = class extends ApplicationError {
-	constructor(reason) {
-		super("auth.errors.failedToGetSession", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
+		super(409, "User already has a password");
 	}
 };
-var FailedToGetUserInfoError = class extends ApplicationError {
+var EmailCannotBeUpdatedError = class extends HttpException {
+	reason;
 	constructor(reason) {
-		super("auth.errors.failedToGetUserInfo", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
+		super(422, "Email cannot be updated");
+		this.reason = reason;
 	}
 };
-var IdTokenNotSupportedError = class extends ApplicationError {
+var IdTokenNotSupportedError = class extends HttpException {
 	constructor() {
-		super("auth.errors.invalidToken", ERROR_CODES.VALIDATION.GENERIC);
+		super(422, "ID token not supported");
 	}
 };
-var TokenExpiredError = class extends ApplicationError {
+var TokenExpiredError = class extends HttpException {
 	constructor() {
-		super("auth.errors.tokenExpired", ERROR_CODES.VALIDATION.GENERIC);
+		super(401, "Token expired");
 	}
 };
-var InvalidCallbackUrlError = class extends ApplicationError {
+var InvalidCallbackUrlError = class extends HttpException {
 	constructor() {
-		super("auth.errors.invalidCallbackUrl", ERROR_CODES.VALIDATION.INVALID_FORMAT);
+		super(422, "Invalid callback URL");
 	}
 };
-var InvalidOriginError = class extends ApplicationError {
+var InvalidOriginError = class extends HttpException {
 	constructor() {
-		super("auth.errors.invalidOrigin", ERROR_CODES.AUTHZ.FORBIDDEN);
+		super(403, "Invalid request origin");
 	}
 };
-var AuthValidationFailedError = class extends ApplicationError {
+var AuthValidationFailedError = class extends HttpException {
 	constructor() {
-		super("auth.errors.validationFailed", ERROR_CODES.VALIDATION.GENERIC);
+		super(422, "Authentication validation failed");
 	}
 };
-var EmailAlreadyVerifiedError = class extends ApplicationError {
+var EmailAlreadyVerifiedError = class extends HttpException {
 	constructor() {
-		super("auth.errors.emailAlreadyVerified", ERROR_CODES.RESOURCE.CONFLICT);
+		super(409, "Email already verified");
 	}
 };
-var EmailMismatchError = class extends ApplicationError {
+var EmailMismatchError = class extends HttpException {
 	constructor() {
-		super("auth.errors.emailMismatch", ERROR_CODES.VALIDATION.INVALID_FORMAT);
-	}
-};
-var BetterAuthUnknownError = class extends ApplicationError {
-	constructor(errorCode) {
-		super("auth.errors.unknownError", ERROR_CODES.SYSTEM.INTERNAL_ERROR, errorCode ? { errorCode } : void 0);
+		super(422, "Email mismatch");
 	}
 };
 //#endregion
 //#region src/auth/errors/invalid-token.error.ts
-var InvalidTokenError = class extends ApplicationError {
+var InvalidTokenError = class extends HttpException {
 	constructor() {
-		super("auth.errors.invalidToken", ERROR_CODES.AUTH.INVALID_TOKEN);
+		super(401, "Invalid or expired token");
 	}
 };
 //#endregion
 //#region src/auth/errors/organization-errors.ts
-var OrganizationNotFoundError = class extends ApplicationError {
+var OrganizationNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.org.organizationNotFound", ERROR_CODES.AUTH.ORGANIZATION_NOT_FOUND);
+		super(404, "Organization not found");
 	}
 };
-var OrganizationMemberNotFoundError = class extends ApplicationError {
+var OrganizationMemberNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.org.memberNotFound", ERROR_CODES.AUTH.MEMBER_NOT_FOUND);
+		super(404, "Organization member not found");
 	}
 };
-var OrganizationInvitationNotFoundError = class extends ApplicationError {
+var OrganizationInvitationNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.org.invitationNotFound", ERROR_CODES.AUTH.INVITATION_NOT_FOUND);
+		super(404, "Invitation not found");
 	}
 };
-var OrganizationPermissionDeniedError = class extends ApplicationError {
+var OrganizationPermissionDeniedError = class extends HttpException {
 	constructor() {
-		super("auth.org.permissionDenied", ERROR_CODES.AUTHZ.FORBIDDEN);
+		super(403, "Organization permission denied");
 	}
 };
-var OrganizationInvitationRecipientMismatchError = class extends ApplicationError {
+var OrganizationInvitationRecipientMismatchError = class extends HttpException {
 	constructor() {
-		super("auth.org.invitationRecipientMismatch", ERROR_CODES.AUTH.INVITATION_RECIPIENT_MISMATCH);
+		super(403, "Invitation recipient mismatch");
 	}
 };
-var OrganizationConflictError = class extends ApplicationError {
+var OrganizationConflictError = class extends HttpException {
 	constructor() {
-		super("auth.org.conflict", ERROR_CODES.RESOURCE.CONFLICT);
+		super(409, "Organization resource conflict");
 	}
 };
-var OrganizationLimitReachedError = class extends ApplicationError {
+var OrganizationLimitReachedError = class extends HttpException {
 	constructor() {
-		super("auth.org.limitReached", ERROR_CODES.AUTH.ORGANIZATION_LIMIT_REACHED);
+		super(422, "Organization limit reached");
 	}
 };
-var OrganizationMembershipError = class extends ApplicationError {
+var OrganizationMembershipError = class extends HttpException {
 	constructor() {
-		super("auth.org.membershipError", ERROR_CODES.AUTH.ORGANIZATION_MEMBERSHIP_REQUIRED);
+		super(422, "Organization membership constraint violated");
 	}
 };
-var OrganizationTeamNotFoundError = class extends ApplicationError {
+var OrganizationTeamNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.org.teamNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+		super(404, "Team not found");
 	}
 };
-var OrganizationRoleNotFoundError = class extends ApplicationError {
+var OrganizationRoleNotFoundError = class extends HttpException {
 	constructor() {
-		super("auth.org.roleNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
+		super(404, "Role not found");
 	}
 };
 //#endregion
 //#region src/auth/errors/token-required.error.ts
-var TokenRequiredError = class extends ApplicationError {
-	constructor() {
-		super("auth.errors.tokenRequired", ERROR_CODES.VALIDATION.REQUIRED_FIELD, { field: "token" });
-	}
-};
-//#endregion
-//#region src/auth/errors/verification-failed.error.ts
-var VerificationFailedError = class extends ApplicationError {
+var TokenRequiredError = class extends HttpException {
 	constructor() {
-		super("auth.errors.verificationFailed", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
+		super(401, "Verification token is required");
 	}
 };
 //#endregion
@@ -424,18 +351,18 @@ function mapBetterAuthError(error) {
 		if (location.includes("EXPIRED_TOKEN")) return new TokenExpiredError();
 		if (location.includes("ATTEMPTS_EXCEEDED")) return new InvalidTokenError();
 		if (location.includes("new_user_signup_disabled")) return new UserNotFoundError();
-		if (location.includes("failed_to_create_user")) return new FailedToCreateUserError();
-		if (location.includes("failed_to_create_session")) return new FailedToCreateSessionError();
+		if (location.includes("failed_to_create_user")) return new AuthError("Failed to create user");
+		if (location.includes("failed_to_create_session")) return new AuthError("Failed to create session");
 	}
-	if (!errorCode) return new BetterAuthUnknownError();
+	if (!errorCode) return new AuthError("An authentication error occurred");
 	if (errorCode === "USER_NOT_FOUND" || errorCode === "INVALID_USER") return new UserNotFoundError();
 	if (errorCode === "USER_EMAIL_NOT_FOUND") return new UserEmailNotFoundError();
 	if (errorCode === "INVALID_EMAIL_OR_PASSWORD") return new InvalidCredentialsError();
 	if (errorCode === "INVALID_PASSWORD") return new InvalidPasswordError();
 	if (errorCode === "INVALID_EMAIL") return new InvalidEmailError();
 	if (errorCode === "SESSION_EXPIRED" || errorCode === "SESSION_NOT_FRESH") return new SessionExpiredError();
-	if (errorCode === "FAILED_TO_CREATE_SESSION") return new FailedToCreateSessionError();
-	if (errorCode === "FAILED_TO_GET_SESSION") return new FailedToGetSessionError();
+	if (errorCode === "FAILED_TO_CREATE_SESSION") return new AuthError("Failed to create session");
+	if (errorCode === "FAILED_TO_GET_SESSION") return new AuthError("Failed to retrieve session");
 	if (errorCode === "EMAIL_NOT_VERIFIED") return new EmailNotVerifiedError();
 	if (errorCode === "EMAIL_CAN_NOT_BE_UPDATED") return new EmailCannotBeUpdatedError();
 	if (errorCode === "EMAIL_ALREADY_VERIFIED") return new EmailAlreadyVerifiedError();
@@ -446,9 +373,9 @@ function mapBetterAuthError(error) {
 	if (errorCode === "ACCOUNT_NOT_FOUND") return new AccountNotFoundError();
 	if (errorCode === "CREDENTIAL_ACCOUNT_NOT_FOUND") return new CredentialAccountNotFoundError();
 	if (errorCode === "FAILED_TO_UNLINK_LAST_ACCOUNT") return new CannotUnlinkLastAccountError();
-	if (errorCode === "FAILED_TO_CREATE_USER") return new FailedToCreateUserError();
-	if (errorCode === "FAILED_TO_UPDATE_USER") return new FailedToUpdateUserError();
-	if (errorCode === "FAILED_TO_GET_USER_INFO") return new FailedToGetUserInfoError();
+	if (errorCode === "FAILED_TO_CREATE_USER") return new AuthError("Failed to create user");
+	if (errorCode === "FAILED_TO_UPDATE_USER") return new AuthError("Failed to update user");
+	if (errorCode === "FAILED_TO_GET_USER_INFO") return new AuthError("Failed to retrieve user info");
 	if (errorCode === "SOCIAL_ACCOUNT_ALREADY_LINKED" || errorCode === "LINKED_ACCOUNT_ALREADY_EXISTS") return new SocialAccountLinkedError();
 	if (errorCode === "PROVIDER_NOT_FOUND") return new ProviderNotFoundError();
 	if (errorCode === "ID_TOKEN_NOT_SUPPORTED") return new IdTokenNotSupportedError();
@@ -458,7 +385,7 @@ function mapBetterAuthError(error) {
 	if (errorCode === "INVALID_CALLBACK_URL" || errorCode === "INVALID_REDIRECT_URL" || errorCode === "INVALID_NEW_USER_CALLBACK_URL" || errorCode === "INVALID_ERROR_CALLBACK_URL" || errorCode === "CALLBACK_URL_REQUIRED") return new InvalidCallbackUrlError();
 	if (errorCode === "INVALID_ORIGIN" || errorCode === "MISSING_OR_NULL_ORIGIN" || errorCode === "CROSS_SITE_NAVIGATION_LOGIN_BLOCKED") return new InvalidOriginError();
 	if (errorCode === "VALIDATION_ERROR" || errorCode === "MISSING_FIELD" || errorCode === "FIELD_NOT_ALLOWED" || errorCode === "BODY_MUST_BE_AN_OBJECT" || errorCode === "ASYNC_VALIDATION_NOT_SUPPORTED" || errorCode === "METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED") return new AuthValidationFailedError();
-	if (errorCode === "FAILED_TO_CREATE_VERIFICATION" || errorCode === "VERIFICATION_EMAIL_NOT_ENABLED") return new FailedToCreateSessionError();
+	if (errorCode === "FAILED_TO_CREATE_VERIFICATION" || errorCode === "VERIFICATION_EMAIL_NOT_ENABLED") return new AuthError("Failed to create session");
 	if (errorCode === "ORGANIZATION_NOT_FOUND" || errorCode === "NO_ACTIVE_ORGANIZATION") return new OrganizationNotFoundError();
 	if (errorCode === "MEMBER_NOT_FOUND" || errorCode === "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION" || errorCode === "USER_IS_NOT_A_MEMBER_OF_THE_TEAM") return new OrganizationMemberNotFoundError();
 	if (errorCode === "INVITATION_NOT_FOUND" || errorCode === "FAILED_TO_RETRIEVE_INVITATION") return new OrganizationInvitationNotFoundError();
@@ -469,7 +396,7 @@ function mapBetterAuthError(error) {
 	if (errorCode === "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS" || errorCode === "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS" || errorCode === "ORGANIZATION_MEMBERSHIP_LIMIT_REACHED" || errorCode === "INVITATION_LIMIT_REACHED" || errorCode === "TEAM_MEMBER_LIMIT_REACHED" || errorCode === "TOO_MANY_ROLES") return new OrganizationLimitReachedError();
 	if (errorCode === "YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER" || errorCode === "YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER" || errorCode === "UNABLE_TO_REMOVE_LAST_TEAM" || errorCode === "CANNOT_DELETE_A_PRE_DEFINED_ROLE" || errorCode === "ROLE_IS_ASSIGNED_TO_MEMBERS" || errorCode === "YOU_CANNOT_IMPERSONATE_ADMINS" || errorCode === "YOU_CANNOT_BAN_YOURSELF" || errorCode === "YOU_CANNOT_REMOVE_YOURSELF" || errorCode === "INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION") return new OrganizationMembershipError();
 	if (errorCode.startsWith("YOU_ARE_NOT_ALLOWED_TO_") || errorCode === "YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION" || errorCode === "YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM" || errorCode === "YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE" || errorCode === "MISSING_AC_INSTANCE") return new OrganizationPermissionDeniedError();
-	return new BetterAuthUnknownError(errorCode);
+	return new AuthError("An authentication error occurred");
 }
 /**
 * Type guard to check if an error is a Better Auth APIError.
@@ -510,26 +437,22 @@ const wrapBetterAuth = async (fn) => {
 //#region src/auth/services/auth.service.ts
 let AuthService = class AuthService {
 	options;
-	authInstance;
+	_authInstance;
 	constructor(options) {
 		this.options = options;
-		this.authInstance = betterAuth({
-			...this.options,
-			onAPIError: getErrorHandlerConfig()
-		});
 	}
 	/**
-	* Get the Better Auth instance
+	* Get the Better Auth instance.
 	*/
 	get auth() {
-		return this.authInstance;
+		this._authInstance ??= betterAuth({
+			...this.options,
+			onAPIError: getErrorHandlerConfig()
+		});
+		return this._authInstance;
 	}
 };
-AuthService = __decorate([
-	Transient(AUTH_SERVICE),
-	__decorateParam(0, inject$1(AUTH_OPTIONS)),
-	__decorateMetadata("design:paramtypes", [Object])
-], AuthService);
+AuthService = __decorate([Request(AUTH_SERVICE), __decorateParam(0, inject(AUTH_OPTIONS))], AuthService);
 //#endregion
 //#region src/auth/auth.module.ts
 var _AuthModule;
@@ -566,7 +489,7 @@ let AuthModule = _AuthModule = class AuthModule {
 					...raw,
 					plugins: [createStratalAcPlugin(accessControl), ...raw.plugins ?? []]
 				};
-				if (container.getTsyringeContainer().isRegistered(RATE_LIMITER_TOKENS.ModuleMarker, true)) {
+				if (container.isRegistered(RATE_LIMITER_TOKENS.ModuleMarker)) {
 					const store = container.resolve(RATE_LIMITER_TOKENS.Store);
 					const registry = container.resolve(RATE_LIMITER_TOKENS.Registry);
 					raw = {
@@ -605,11 +528,8 @@ let AuthModule = _AuthModule = class AuthModule {
 		};
 	}
 };
-AuthModule = _AuthModule = __decorate([Module({
-	imports: [I18nModule.registerMessages(authMessages)],
-	providers: []
-})], AuthModule);
+AuthModule = _AuthModule = __decorate([Module({ providers: [AuthContext] })], AuthModule);
 //#endregion
-export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthService, AuthValidationFailedError, BetterAuthUnknownError, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailAlreadyVerifiedError, EmailCannotBeUpdatedError, EmailMismatchError, EmailNotVerifiedError, FailedToCreateSessionError, FailedToCreateUserError, FailedToGetSessionError, FailedToGetUserInfoError, FailedToUpdateUserError, IdTokenNotSupportedError, InvalidCallbackUrlError, InvalidCredentialsError, InvalidEmailError, InvalidOriginError, InvalidPasswordError, InvalidTokenError, OrganizationConflictError, OrganizationInvitationNotFoundError, OrganizationInvitationRecipientMismatchError, OrganizationLimitReachedError, OrganizationMemberNotFoundError, OrganizationMembershipError, OrganizationNotFoundError, OrganizationPermissionDeniedError, OrganizationRoleNotFoundError, OrganizationTeamNotFoundError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, VerificationFailedError, authMessages, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
+export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthService, AuthValidationFailedError, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailAlreadyVerifiedError, EmailCannotBeUpdatedError, EmailMismatchError, EmailNotVerifiedError, IdTokenNotSupportedError, InvalidCallbackUrlError, InvalidCredentialsError, InvalidEmailError, InvalidOriginError, InvalidPasswordError, InvalidTokenError, OrganizationConflictError, OrganizationInvitationNotFoundError, OrganizationInvitationRecipientMismatchError, OrganizationLimitReachedError, OrganizationMemberNotFoundError, OrganizationMembershipError, OrganizationNotFoundError, OrganizationPermissionDeniedError, OrganizationRoleNotFoundError, OrganizationTeamNotFoundError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
 
 //# sourceMappingURL=index.mjs.map