appos 0.3.2-0 → 0.3.3-0

package/dist/exports/api/_virtual/rolldown_runtime.mjs

@@ -1 +1,36 @@
-var e=Object.defineProperty,t=Object.getOwnPropertyDescriptor,n=Object.getOwnPropertyNames,r=Object.prototype.hasOwnProperty,i=(t,n)=>{let r={};for(var i in t)e(r,i,{get:t[i],enumerable:!0});return n&&e(r,Symbol.toStringTag,{value:`Module`}),r},a=(i,a,o,s)=>{if(a&&typeof a==`object`||typeof a==`function`)for(var c=n(a),l=0,u=c.length,d;l<u;l++)d=c[l],!r.call(i,d)&&d!==o&&e(i,d,{get:(e=>a[e]).bind(null,d),enumerable:!(s=t(a,d))||s.enumerable});return i},o=(e,t,n)=>(a(e,t,`default`),n&&a(n,t,`default`));export{i as __export,o as __reExport};
+//#region rolldown:runtime
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (all, symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+
+//#endregion
+export { __export, __reExport };

package/dist/exports/api/app-context.mjs

@@ -1 +1,24 @@
-import{fromNodeHeaders as e}from"better-auth/node";async function t(t){let{apiKey:n,container:r,request:i,fetchSession:a=!1}=t,o=e(i.headers),s=a?await r.auth.api.getSession({headers:o}):null;return{apiKey:n,container:r,request:i,session:s?.session??null,user:s?.user??null}}export{t as defineAppContext};
+import { fromNodeHeaders } from "better-auth/node";
+
+//#region src/api/app-context.ts
+/**
+* Creates a unified AppContext for tRPC and OpenAPI handlers.
+*
+* For tRPC (session auth): Pass fetchSession=true to fetch session from Better Auth.
+* For OpenAPI (API key auth): Pass fetchSession=false (default), session will be null.
+*/
+async function defineAppContext(opts) {
+	const { apiKey, container, request, fetchSession = false } = opts;
+	const headers = fromNodeHeaders(request.headers);
+	const sessionData = fetchSession ? await container.auth.api.getSession({ headers }) : null;
+	return {
+		apiKey,
+		container,
+		request,
+		session: sessionData?.session ?? null,
+		user: sessionData?.user ?? null
+	};
+}
+
+//#endregion
+export { defineAppContext };

package/dist/exports/api/auth-schema.mjs

@@ -1 +1,373 @@
-import{sql as e}from"drizzle-orm";import{pgTable as t}from"drizzle-orm/pg-core";function n(){let n=t(`accounts`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),accessToken:t.text(`access_token`),accessTokenExpiresAt:t.timestamp(`access_token_expires_at`,{mode:`string`,withTimezone:!0}),accountId:t.text(`account_id`).notNull(),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),idToken:t.text(`id_token`),providerId:t.text(`provider_id`).notNull(),password:t.text(`password`),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),refreshToken:t.text(`refresh_token`),refreshTokenExpiresAt:t.timestamp(`refresh_token_expires_at`,{mode:`string`,withTimezone:!0}),scope:t.text(`scope`),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),r=t(`api_keys`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),name:t.text(`name`),enabled:t.boolean(`enabled`).default(!0),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}),key:t.text(`key`).notNull(),lastRefillAt:t.timestamp(`last_refill_at`,{mode:`string`,withTimezone:!0}),lastRequest:t.timestamp(`last_request`,{mode:`string`,withTimezone:!0}),lastUsedAt:t.timestamp(`last_used_at`,{mode:`string`,withTimezone:!0}),metadata:t.text(`metadata`),permissions:t.text(`permissions`),prefix:t.text(`prefix`),rateLimitEnabled:t.boolean(`rate_limit_enabled`).default(!0),rateLimitTimeWindow:t.integer(`rate_limit_time_window`).default(864e5),rateLimitMax:t.integer(`rate_limit_max`).default(10),refillInterval:t.integer(`refill_interval`),refillAmount:t.integer(`refill_amount`),requestCount:t.integer(`request_count`),remaining:t.integer(`remaining`),start:t.text(`start`),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),i=t(`invitations`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),email:t.text(`email`).notNull(),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}).notNull(),inviterId:t.text(`inviter_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),organizationId:t.text(`organization_id`).notNull().references(()=>o.id,{onDelete:`cascade`}),role:t.text(`role`),status:t.text(`status`).default(`pending`).notNull(),teamId:t.text(`team_id`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),a=t(`members`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),organizationId:t.text(`organization_id`).notNull().references(()=>o.id,{onDelete:`cascade`}),role:t.text(`role`).default(`member`).notNull(),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),o=t(`organizations`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),name:t.text(`name`).notNull(),slug:t.text(`slug`).unique(),logo:t.text(`logo`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),metadata:t.text(`metadata`)}),e=>[]),s=t(`sessions`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),activeOrganizationId:t.text(`active_organization_id`).references(()=>o.id,{onDelete:`set null`}),activeTeamId:t.text(`active_team_id`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}).notNull(),impersonatedBy:t.text(`impersonated_by`).references(()=>l.id,{onDelete:`set null`}),ipAddress:t.text(`ip_address`),token:t.text(`token`).notNull().unique(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),userAgent:t.text(`user_agent`),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`})}),e=>[]),c=t(`sso_providers`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),domain:t.text(`domain`).notNull(),issuer:t.text(`issuer`).notNull(),oidcConfig:t.text(`oidc_config`),organizationId:t.text(`organization_id`).references(()=>o.id,{onDelete:`cascade`}),providerId:t.text(`provider_id`).notNull().unique(),samlConfig:t.text(`saml_config`),userId:t.text(`user_id`).references(()=>l.id,{onDelete:`cascade`})}),e=>[]),l=t(`users`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),banExpires:t.timestamp(`ban_expires`,{mode:`string`,withTimezone:!0}),banReason:t.text(`ban_reason`),banned:t.boolean(`banned`).default(!1),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),displayUsername:t.text(`display_username`),email:t.text(`email`).notNull().unique(),emailVerified:t.boolean(`email_verified`).default(!1).notNull(),image:t.text(`image`),isAnonymous:t.boolean(`is_anonymous`),lastLoginMethod:t.text(`last_login_method`),name:t.text(`name`).notNull(),phoneNumber:t.text(`phone_number`).unique(),phoneNumberVerified:t.boolean(`phone_number_verified`),role:t.text(`role`),twoFactorEnabled:t.boolean(`two_factor_enabled`).default(!1),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),username:t.text(`username`).unique()}),e=>[]),u=t(`teams`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),name:t.text(`name`).notNull(),organizationId:t.text(`organization_id`).notNull().references(()=>o.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),d=t(`team_members`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),teamId:t.text(`team_id`).notNull().references(()=>u.id,{onDelete:`cascade`}),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),f=t(`two_factors`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),secret:t.text(`secret`).notNull(),backupCodes:t.text(`backup_codes`).notNull(),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`})}),e=>[]),p=t(`verifications`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}).notNull(),identifier:t.text(`identifier`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),value:t.text(`value`).notNull()}),e=>[]);return{tables:{accounts:n,apiKeys:r,auditLogs:t(`audit_logs`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),tableName:t.text(`table_name`),action:t.text(`action`).notNull(),customAction:t.text(`custom_action`),oldData:t.jsonb(`old_data`),newData:t.jsonb(`new_data`),metadata:t.jsonb(`metadata`),organizationId:t.text(`organization_id`).references(()=>o.id,{onDelete:`set null`}),userId:t.text(`user_id`).references(()=>l.id,{onDelete:`set null`}),sessionId:t.text(`session_id`).references(()=>s.id,{onDelete:`set null`}),requestId:t.text(`request_id`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),invitations:i,members:a,organizations:o,sessions:s,ssoProviders:c,teams:u,teamMembers:d,twoFactors:f,users:l,verifications:p},relations:e=>({users:{sessions:e.many.sessions({from:e.users.id,to:e.sessions.userId}),accounts:e.many.accounts({from:e.users.id,to:e.accounts.userId}),apiKeys:e.many.apiKeys({from:e.users.id,to:e.apiKeys.userId}),memberships:e.many.members({from:e.users.id,to:e.members.userId}),invitations:e.many.invitations({from:e.users.id,to:e.invitations.inviterId}),ssoProvider:e.one.ssoProviders({from:e.users.id,to:e.ssoProviders.userId}),twoFactor:e.one.twoFactors({from:e.users.id,to:e.twoFactors.userId})},sessions:{user:e.one.users({from:e.sessions.userId,to:e.users.id})},accounts:{user:e.one.users({from:e.accounts.userId,to:e.users.id})},apiKeys:{user:e.one.users({from:e.apiKeys.userId,to:e.users.id})},organizations:{members:e.many.members({from:e.organizations.id,to:e.members.organizationId}),invitations:e.many.invitations({from:e.organizations.id,to:e.invitations.organizationId}),teams:e.many.teams({from:e.organizations.id,to:e.teams.organizationId})},members:{organization:e.one.organizations({from:e.members.organizationId,to:e.organizations.id}),user:e.one.users({from:e.members.userId,to:e.users.id})},invitations:{organization:e.one.organizations({from:e.invitations.organizationId,to:e.organizations.id}),inviter:e.one.users({from:e.invitations.inviterId,to:e.users.id})},teams:{organization:e.one.organizations({from:e.teams.organizationId,to:e.organizations.id})},ssoProviders:{user:e.one.users({from:e.ssoProviders.userId,to:e.users.id})},verifications:{},twoFactors:{user:e.one.users({from:e.twoFactors.userId,to:e.users.id})},auditLogs:{organization:e.one.organizations({from:e.auditLogs.organizationId,to:e.organizations.id}),user:e.one.users({from:e.auditLogs.userId,to:e.users.id}),session:e.one.sessions({from:e.auditLogs.sessionId,to:e.sessions.id})}})}}export{n as defineAuthSchema};
+import { sql } from "drizzle-orm";
+import { pgTable } from "drizzle-orm/pg-core";
+
+//#region src/api/auth-schema.ts
+/**
+* Defines the authentication schema for the application.
+*
+* @returns An object containing the schema and relations for the authentication tables.
+*/
+function defineAuthSchema() {
+	const accounts = pgTable("accounts", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		accessToken: t.text("access_token"),
+		accessTokenExpiresAt: t.timestamp("access_token_expires_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		accountId: t.text("account_id").notNull(),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		idToken: t.text("id_token"),
+		providerId: t.text("provider_id").notNull(),
+		password: t.text("password"),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		refreshToken: t.text("refresh_token"),
+		refreshTokenExpiresAt: t.timestamp("refresh_token_expires_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		scope: t.text("scope"),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const apiKeys = pgTable("api_keys", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		name: t.text("name"),
+		enabled: t.boolean("enabled").default(true),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		key: t.text("key").notNull(),
+		lastRefillAt: t.timestamp("last_refill_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		lastRequest: t.timestamp("last_request", {
+			mode: "string",
+			withTimezone: true
+		}),
+		lastUsedAt: t.timestamp("last_used_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		metadata: t.text("metadata"),
+		permissions: t.text("permissions"),
+		prefix: t.text("prefix"),
+		rateLimitEnabled: t.boolean("rate_limit_enabled").default(true),
+		rateLimitTimeWindow: t.integer("rate_limit_time_window").default(864e5),
+		rateLimitMax: t.integer("rate_limit_max").default(10),
+		refillInterval: t.integer("refill_interval"),
+		refillAmount: t.integer("refill_amount"),
+		requestCount: t.integer("request_count"),
+		remaining: t.integer("remaining"),
+		start: t.text("start"),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const invitations = pgTable("invitations", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		email: t.text("email").notNull(),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}).notNull(),
+		inviterId: t.text("inviter_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		organizationId: t.text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+		role: t.text("role"),
+		status: t.text("status").default("pending").notNull(),
+		teamId: t.text("team_id"),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const members = pgTable("members", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		organizationId: t.text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+		role: t.text("role").default("member").notNull(),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const organizations = pgTable("organizations", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		name: t.text("name").notNull(),
+		slug: t.text("slug").unique(),
+		logo: t.text("logo"),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		metadata: t.text("metadata")
+	}), (t) => []);
+	const sessions = pgTable("sessions", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		activeOrganizationId: t.text("active_organization_id").references(() => organizations.id, { onDelete: "set null" }),
+		activeTeamId: t.text("active_team_id"),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}).notNull(),
+		impersonatedBy: t.text("impersonated_by").references(() => users.id, { onDelete: "set null" }),
+		ipAddress: t.text("ip_address"),
+		token: t.text("token").notNull().unique(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		userAgent: t.text("user_agent"),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" })
+	}), (t) => []);
+	const ssoProviders = pgTable("sso_providers", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		domain: t.text("domain").notNull(),
+		issuer: t.text("issuer").notNull(),
+		oidcConfig: t.text("oidc_config"),
+		organizationId: t.text("organization_id").references(() => organizations.id, { onDelete: "cascade" }),
+		providerId: t.text("provider_id").notNull().unique(),
+		samlConfig: t.text("saml_config"),
+		userId: t.text("user_id").references(() => users.id, { onDelete: "cascade" })
+	}), (t) => []);
+	const users = pgTable("users", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		banExpires: t.timestamp("ban_expires", {
+			mode: "string",
+			withTimezone: true
+		}),
+		banReason: t.text("ban_reason"),
+		banned: t.boolean("banned").default(false),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		displayUsername: t.text("display_username"),
+		email: t.text("email").notNull().unique(),
+		emailVerified: t.boolean("email_verified").default(false).notNull(),
+		image: t.text("image"),
+		isAnonymous: t.boolean("is_anonymous"),
+		lastLoginMethod: t.text("last_login_method"),
+		name: t.text("name").notNull(),
+		phoneNumber: t.text("phone_number").unique(),
+		phoneNumberVerified: t.boolean("phone_number_verified"),
+		role: t.text("role"),
+		twoFactorEnabled: t.boolean("two_factor_enabled").default(false),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		username: t.text("username").unique()
+	}), (t) => []);
+	const teams = pgTable("teams", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		name: t.text("name").notNull(),
+		organizationId: t.text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const teamMembers = pgTable("team_members", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		teamId: t.text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const twoFactors = pgTable("two_factors", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		secret: t.text("secret").notNull(),
+		backupCodes: t.text("backup_codes").notNull(),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" })
+	}), (t) => []);
+	const verifications = pgTable("verifications", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}).notNull(),
+		identifier: t.text("identifier").notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		value: t.text("value").notNull()
+	}), (t) => []);
+	return {
+		tables: {
+			accounts,
+			apiKeys,
+			auditLogs: pgTable("audit_logs", (t) => ({
+				id: t.text("id").primaryKey().default(sql`uuidv7()`),
+				tableName: t.text("table_name"),
+				action: t.text("action").notNull(),
+				customAction: t.text("custom_action"),
+				oldData: t.jsonb("old_data"),
+				newData: t.jsonb("new_data"),
+				metadata: t.jsonb("metadata"),
+				organizationId: t.text("organization_id").references(() => organizations.id, { onDelete: "set null" }),
+				userId: t.text("user_id").references(() => users.id, { onDelete: "set null" }),
+				sessionId: t.text("session_id").references(() => sessions.id, { onDelete: "set null" }),
+				requestId: t.text("request_id"),
+				createdAt: t.timestamp("created_at", {
+					mode: "string",
+					withTimezone: true
+				}).default(sql`NOW()`).notNull()
+			}), (t) => []),
+			invitations,
+			members,
+			organizations,
+			sessions,
+			ssoProviders,
+			teams,
+			teamMembers,
+			twoFactors,
+			users,
+			verifications
+		},
+		relations: (r) => ({
+			users: {
+				sessions: r.many.sessions({
+					from: r.users.id,
+					to: r.sessions.userId
+				}),
+				accounts: r.many.accounts({
+					from: r.users.id,
+					to: r.accounts.userId
+				}),
+				apiKeys: r.many.apiKeys({
+					from: r.users.id,
+					to: r.apiKeys.userId
+				}),
+				memberships: r.many.members({
+					from: r.users.id,
+					to: r.members.userId
+				}),
+				invitations: r.many.invitations({
+					from: r.users.id,
+					to: r.invitations.inviterId
+				}),
+				ssoProvider: r.one.ssoProviders({
+					from: r.users.id,
+					to: r.ssoProviders.userId
+				}),
+				twoFactor: r.one.twoFactors({
+					from: r.users.id,
+					to: r.twoFactors.userId
+				})
+			},
+			sessions: { user: r.one.users({
+				from: r.sessions.userId,
+				to: r.users.id
+			}) },
+			accounts: { user: r.one.users({
+				from: r.accounts.userId,
+				to: r.users.id
+			}) },
+			apiKeys: { user: r.one.users({
+				from: r.apiKeys.userId,
+				to: r.users.id
+			}) },
+			organizations: {
+				members: r.many.members({
+					from: r.organizations.id,
+					to: r.members.organizationId
+				}),
+				invitations: r.many.invitations({
+					from: r.organizations.id,
+					to: r.invitations.organizationId
+				}),
+				teams: r.many.teams({
+					from: r.organizations.id,
+					to: r.teams.organizationId
+				})
+			},
+			members: {
+				organization: r.one.organizations({
+					from: r.members.organizationId,
+					to: r.organizations.id
+				}),
+				user: r.one.users({
+					from: r.members.userId,
+					to: r.users.id
+				})
+			},
+			invitations: {
+				organization: r.one.organizations({
+					from: r.invitations.organizationId,
+					to: r.organizations.id
+				}),
+				inviter: r.one.users({
+					from: r.invitations.inviterId,
+					to: r.users.id
+				})
+			},
+			teams: { organization: r.one.organizations({
+				from: r.teams.organizationId,
+				to: r.organizations.id
+			}) },
+			ssoProviders: { user: r.one.users({
+				from: r.ssoProviders.userId,
+				to: r.users.id
+			}) },
+			verifications: {},
+			twoFactors: { user: r.one.users({
+				from: r.twoFactors.userId,
+				to: r.users.id
+			}) },
+			auditLogs: {
+				organization: r.one.organizations({
+					from: r.auditLogs.organizationId,
+					to: r.organizations.id
+				}),
+				user: r.one.users({
+					from: r.auditLogs.userId,
+					to: r.users.id
+				}),
+				session: r.one.sessions({
+					from: r.auditLogs.sessionId,
+					to: r.sessions.id
+				})
+			}
+		})
+	};
+}
+
+//#endregion
+export { defineAuthSchema };

package/dist/exports/api/auth.d.mts

@@ -370,6 +370,10 @@ type DefineAuthOptions<T extends AuthConfig, TDb = unknown> = {
    * Hooks for email sending and OTP delivery.
    */
   hooks: RequiredHooks<T>;
+  /**
+   * Secret key for signing tokens and cookies.
+   */
+  secret: string;
   /**
    * Session configuration.
    */

package/dist/exports/api/auth.mjs

@@ -1 +1,188 @@
-import{AUTH_BASE_PATH as e,AUTH_BASE_URL as t}from"./web/auth.mjs";import{passkey as n}from"@better-auth/passkey";import{sso as r}from"@better-auth/sso";import{betterAuth as i}from"better-auth";import{drizzleAdapter as a}from"better-auth/adapters/drizzle";import{admin as o,anonymous as s,apiKey as c,emailOTP as l,magicLink as u,multiSession as d,phoneNumber as f,twoFactor as p,username as m}from"better-auth/plugins";import{createAccessControl as h}from"better-auth/plugins/access";import{z as g}from"zod";const _=g.enum([`DELETE`,`LOGIN`,`LOGOUT`,`INSERT`,`PASSWORD_CHANGE`,`TRUNCATE`,`UPDATE`]);function v(h){let{auditLog:g,config:_,appName:v,database:y,hooks:b,oauth:x,session:S,passkey:C}=h,w=[];_.plugins?.admin&&w.push(o({defaultRole:_.plugins.admin.defaultRole,adminRoles:_.plugins.admin.adminRoles})),_.plugins?.apiKey&&w.push(c({defaultPrefix:_.plugins.apiKey.defaultPrefix,defaultKeyLength:_.plugins.apiKey.defaultKeyLength,rateLimit:_.plugins.apiKey.rateLimit?{enabled:!0,maxRequests:_.plugins.apiKey.rateLimit.maxRequests,timeWindow:_.plugins.apiKey.rateLimit.timeWindow}:void 0})),_.plugins?.twoFactor&&w.push(p({issuer:_.plugins.twoFactor.issuer??v,totpOptions:_.plugins.twoFactor.totp?{digits:_.plugins.twoFactor.totp.digits,period:_.plugins.twoFactor.totp.period}:void 0,backupCodeOptions:_.plugins.twoFactor.backupCodes?{amount:_.plugins.twoFactor.backupCodes.amount,length:_.plugins.twoFactor.backupCodes.length}:void 0,otpOptions:_.plugins.twoFactor.otp&&b.send2FAOTP?{sendOTP:async({user:e,otp:t})=>b.send2FAOTP({email:e.email,otp:t})}:void 0})),_.methods?.passkey&&C&&w.push(n({rpName:v,rpID:C.rpID,origin:C.origin})),_.methods?.magicLink&&b.sendMagicLink&&w.push(u({expiresIn:_.methods.magicLink.expiresIn,sendMagicLink:async({email:e,url:t,token:n})=>{await b.sendMagicLink({email:e,url:t,token:n})}})),_.methods?.phoneOtp&&b.sendPhoneOTP&&w.push(f({otpLength:_.methods.phoneOtp.otpLength,expiresIn:_.methods.phoneOtp.expiresIn,sendOTP:async({phoneNumber:e,code:t})=>{await b.sendPhoneOTP({phoneNumber:e,otp:t})}})),_.methods?.emailOtp&&b.sendEmailOTP&&w.push(l({otpLength:_.methods.emailOtp.otpLength,expiresIn:_.methods.emailOtp.expiresIn,sendVerificationOTP:async({email:e,otp:t})=>{await b.sendEmailOTP({email:e,otp:t})}})),_.plugins?.username&&w.push(m({minUsernameLength:_.plugins.username.minUsernameLength,maxUsernameLength:_.plugins.username.maxUsernameLength})),_.plugins?.anonymous&&w.push(s({emailDomainName:_.plugins.anonymous.emailDomainName})),_.plugins?.multiSession&&w.push(d({maximumSessions:_.plugins.multiSession.maximumSessions})),_.plugins?.sso&&w.push(r({providersLimit:_.plugins.sso.providersLimit,trustEmailVerified:_.plugins.sso.trustEmailVerified,domainVerification:_.plugins.sso.domainVerification?{enabled:!0}:void 0}));let T={};_.oauth?.google&&(T.google={clientId:x?.google?.clientId??process.env.GOOGLE_CLIENT_ID??``,clientSecret:x?.google?.clientSecret??process.env.GOOGLE_CLIENT_SECRET??``}),_.oauth?.github&&(T.github={clientId:x?.github?.clientId??process.env.GITHUB_CLIENT_ID??``,clientSecret:x?.github?.clientSecret??process.env.GITHUB_CLIENT_SECRET??``}),_.oauth?.apple&&(T.apple={clientId:x?.apple?.clientId??process.env.APPLE_CLIENT_ID??``,clientSecret:x?.apple?.clientSecret??process.env.APPLE_CLIENT_SECRET??``}),_.oauth?.facebook&&(T.facebook={clientId:x?.facebook?.clientId??process.env.FACEBOOK_CLIENT_ID??``,clientSecret:x?.facebook?.clientSecret??process.env.FACEBOOK_CLIENT_SECRET??``});let E=_.basePath??e,D=_.baseURL??t,O=i({account:{accountLinking:{enabled:!0,trustedProviders:[`email-password`,`google`]}},advanced:{cookiePrefix:v.replace(/\s+/g,`_`).toLowerCase(),database:{generateId:!1},ipAddress:{disableIpTracking:!1,ipAddressHeaders:[`cf-connecting-ip`,`x-client-ip`,`x-forwarded-for`,`x-real-ip`]}},appName:v,baseURL:D||void 0,basePath:E,database:a(y,{provider:`pg`,usePlural:!0}),emailAndPassword:_.methods?.emailPassword?{enabled:!0,requireEmailVerification:_.methods.emailPassword.requireEmailVerification,minPasswordLength:_.methods.emailPassword.minPasswordLength,maxPasswordLength:_.methods.emailPassword.maxPasswordLength,sendVerificationEmail:b.sendVerificationEmail?async({user:e,url:t,token:n})=>b.sendVerificationEmail({email:e.email,url:t,token:n}):void 0,sendResetPassword:b.sendResetPasswordEmail?async({user:e,url:t,token:n})=>b.sendResetPasswordEmail({email:e.email,url:t,token:n}):void 0}:{enabled:!1},plugins:w,socialProviders:Object.keys(T).length>0?T:void 0,session:S?{expiresIn:S.expiresIn,updateAge:S.updateAge,freshAge:S.freshAge}:void 0}),k=new Set(g?.excludeTables??[]);return Object.assign(O,{auditLog:g,shouldAudit(e){return!k.has(e)}})}export{_ as auditActionSchema,h as createAccessControl,v as defineAuth};
+import { AUTH_BASE_PATH, AUTH_BASE_URL } from "./web/auth.mjs";
+import { passkey } from "@better-auth/passkey";
+import { sso } from "@better-auth/sso";
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { admin, anonymous, apiKey, emailOTP, magicLink, multiSession, phoneNumber, twoFactor, username } from "better-auth/plugins";
+import { createAccessControl } from "better-auth/plugins/access";
+import { z } from "zod";
+
+//#region src/api/auth.ts
+/**
+* Standard audit log actions following OCSF/CADF standards.
+* Zod enum provides both runtime validation and TypeScript type.
+*
+* Actions:
+* - Data ops: INSERT, UPDATE, DELETE, TRUNCATE, SELECT
+* - Auth ops: LOGIN, LOGOUT, LOGIN_FAILED, PASSWORD_CHANGE
+* - Custom: CUSTOM (use customAction field for app-specific events)
+*/
+const auditActionSchema = z.enum([
+	"DELETE",
+	"LOGIN",
+	"LOGOUT",
+	"INSERT",
+	"PASSWORD_CHANGE",
+	"TRUNCATE",
+	"UPDATE"
+]);
+/**
+* Defines Better Auth instance from neutral config + server dependencies.
+*/
+function defineAuth(opts) {
+	const { auditLog, config, appName, database, hooks, oauth, passkey: passkeyConfig, secret, session } = opts;
+	const plugins = [];
+	if (config.plugins?.admin) plugins.push(admin({
+		defaultRole: config.plugins.admin.defaultRole,
+		adminRoles: config.plugins.admin.adminRoles
+	}));
+	if (config.plugins?.apiKey) plugins.push(apiKey({
+		defaultPrefix: config.plugins.apiKey.defaultPrefix,
+		defaultKeyLength: config.plugins.apiKey.defaultKeyLength,
+		rateLimit: config.plugins.apiKey.rateLimit ? {
+			enabled: true,
+			maxRequests: config.plugins.apiKey.rateLimit.maxRequests,
+			timeWindow: config.plugins.apiKey.rateLimit.timeWindow
+		} : void 0
+	}));
+	if (config.plugins?.twoFactor) plugins.push(twoFactor({
+		issuer: config.plugins.twoFactor.issuer ?? appName,
+		totpOptions: config.plugins.twoFactor.totp ? {
+			digits: config.plugins.twoFactor.totp.digits,
+			period: config.plugins.twoFactor.totp.period
+		} : void 0,
+		backupCodeOptions: config.plugins.twoFactor.backupCodes ? {
+			amount: config.plugins.twoFactor.backupCodes.amount,
+			length: config.plugins.twoFactor.backupCodes.length
+		} : void 0,
+		otpOptions: config.plugins.twoFactor.otp && hooks.send2FAOTP ? { sendOTP: async ({ user, otp }) => hooks.send2FAOTP({
+			email: user.email,
+			otp
+		}) } : void 0
+	}));
+	if (config.methods?.passkey && passkeyConfig) plugins.push(passkey({
+		rpName: appName,
+		rpID: passkeyConfig.rpID,
+		origin: passkeyConfig.origin
+	}));
+	if (config.methods?.magicLink && hooks.sendMagicLink) plugins.push(magicLink({
+		expiresIn: config.methods.magicLink.expiresIn,
+		sendMagicLink: async ({ email, url, token }) => {
+			await hooks.sendMagicLink({
+				email,
+				url,
+				token
+			});
+		}
+	}));
+	if (config.methods?.phoneOtp && hooks.sendPhoneOTP) plugins.push(phoneNumber({
+		otpLength: config.methods.phoneOtp.otpLength,
+		expiresIn: config.methods.phoneOtp.expiresIn,
+		sendOTP: async ({ phoneNumber: phone, code }) => {
+			await hooks.sendPhoneOTP({
+				phoneNumber: phone,
+				otp: code
+			});
+		}
+	}));
+	if (config.methods?.emailOtp && hooks.sendEmailOTP) plugins.push(emailOTP({
+		otpLength: config.methods.emailOtp.otpLength,
+		expiresIn: config.methods.emailOtp.expiresIn,
+		sendVerificationOTP: async ({ email, otp }) => {
+			await hooks.sendEmailOTP({
+				email,
+				otp
+			});
+		}
+	}));
+	if (config.plugins?.username) plugins.push(username({
+		minUsernameLength: config.plugins.username.minUsernameLength,
+		maxUsernameLength: config.plugins.username.maxUsernameLength
+	}));
+	if (config.plugins?.anonymous) plugins.push(anonymous({ emailDomainName: config.plugins.anonymous.emailDomainName }));
+	if (config.plugins?.multiSession) plugins.push(multiSession({ maximumSessions: config.plugins.multiSession.maximumSessions }));
+	if (config.plugins?.sso) plugins.push(sso({
+		providersLimit: config.plugins.sso.providersLimit,
+		trustEmailVerified: config.plugins.sso.trustEmailVerified,
+		domainVerification: config.plugins.sso.domainVerification ? { enabled: true } : void 0
+	}));
+	const socialProviders = {};
+	if (config.oauth?.google) socialProviders.google = {
+		clientId: oauth?.google?.clientId ?? process.env.GOOGLE_CLIENT_ID ?? "",
+		clientSecret: oauth?.google?.clientSecret ?? process.env.GOOGLE_CLIENT_SECRET ?? ""
+	};
+	if (config.oauth?.github) socialProviders.github = {
+		clientId: oauth?.github?.clientId ?? process.env.GITHUB_CLIENT_ID ?? "",
+		clientSecret: oauth?.github?.clientSecret ?? process.env.GITHUB_CLIENT_SECRET ?? ""
+	};
+	if (config.oauth?.apple) socialProviders.apple = {
+		clientId: oauth?.apple?.clientId ?? process.env.APPLE_CLIENT_ID ?? "",
+		clientSecret: oauth?.apple?.clientSecret ?? process.env.APPLE_CLIENT_SECRET ?? ""
+	};
+	if (config.oauth?.facebook) socialProviders.facebook = {
+		clientId: oauth?.facebook?.clientId ?? process.env.FACEBOOK_CLIENT_ID ?? "",
+		clientSecret: oauth?.facebook?.clientSecret ?? process.env.FACEBOOK_CLIENT_SECRET ?? ""
+	};
+	const basePath = config.basePath ?? AUTH_BASE_PATH;
+	const baseURL = config.baseURL ?? AUTH_BASE_URL;
+	const auth = betterAuth({
+		account: { accountLinking: {
+			enabled: true,
+			trustedProviders: ["email-password", "google"]
+		} },
+		advanced: {
+			cookiePrefix: appName.replace(/\s+/g, "_").toLowerCase(),
+			database: { generateId: false },
+			ipAddress: {
+				disableIpTracking: false,
+				ipAddressHeaders: [
+					"cf-connecting-ip",
+					"x-client-ip",
+					"x-forwarded-for",
+					"x-real-ip"
+				]
+			}
+		},
+		appName,
+		baseURL: baseURL || void 0,
+		basePath,
+		database: drizzleAdapter(database, {
+			provider: "pg",
+			usePlural: true
+		}),
+		emailAndPassword: config.methods?.emailPassword ? {
+			enabled: true,
+			requireEmailVerification: config.methods.emailPassword.requireEmailVerification,
+			minPasswordLength: config.methods.emailPassword.minPasswordLength,
+			maxPasswordLength: config.methods.emailPassword.maxPasswordLength,
+			sendVerificationEmail: hooks.sendVerificationEmail ? async ({ user, url, token }) => hooks.sendVerificationEmail({
+				email: user.email,
+				url,
+				token
+			}) : void 0,
+			sendResetPassword: hooks.sendResetPasswordEmail ? async ({ user, url, token }) => hooks.sendResetPasswordEmail({
+				email: user.email,
+				url,
+				token
+			}) : void 0
+		} : { enabled: false },
+		plugins,
+		secret,
+		session: session ? {
+			expiresIn: session.expiresIn,
+			updateAge: session.updateAge,
+			freshAge: session.freshAge
+		} : void 0,
+		socialProviders: Object.keys(socialProviders).length > 0 ? socialProviders : void 0
+	});
+	const excludeTablesSet = new Set(auditLog?.excludeTables ?? []);
+	return Object.assign(auth, {
+		auditLog,
+		shouldAudit(tableName) {
+			return !excludeTablesSet.has(tableName);
+		}
+	});
+}
+
+//#endregion
+export { auditActionSchema, createAccessControl, defineAuth };

package/dist/exports/api/cache.d.mts

@@ -1,6 +1,6 @@
 import { Logger } from "./logger.mjs";
+import * as _keyv_redis0 from "@keyv/redis";
 import { KeyvRedisOptions } from "@keyv/redis";
-import * as keyv0 from "keyv";
 
 //#region src/api/cache.d.ts
 /**
@@ -39,6 +39,6 @@ declare function defineCache({
   url,
   logger,
   options
-}: DefineCacheOptions): keyv0.Keyv<any>;
+}: DefineCacheOptions): _keyv_redis0.Keyv<any>;
 //#endregion
 export { Cache, DefineCacheOptions, defineCache };