npm - better-auth-cloudflare-email - Versions diffs - 0.1.0 - Mend

better-auth-cloudflare-email 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Paul Stenhouse
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,244 @@
+# better-auth-cloudflare-email-plugin
+Send emails through [Cloudflare Email Service](https://developers.cloudflare.com/email-service/) from [Better Auth](https://better-auth.com) — with zero configuration for each callback.
+Two transports, one interface:
+- **`cloudflareEmail.workers()`** — inside a Cloudflare Worker, uses the `send_email` binding directly (no API key, zero network hop)
+- **`cloudflareEmail.api()`** — from any runtime (Node.js, Bun, Deno, Vercel, etc.), uses the Cloudflare REST API
+Both wire into all 6 Better Auth email callbacks automatically and ship with clean, responsive HTML templates out of the box.
+## Callbacks handled
+| Callback | Source | Triggered by |
+|---|---|---|
+| `sendVerificationEmail` | Core config | Sign-up, manual verify |
+| `sendResetPassword` | Core config | Password reset request |
+| `sendChangeEmailConfirmation` | Core config | Email change request |
+| `sendDeleteAccountVerification` | Core config | Account deletion request |
+| `sendMagicLink` | `magicLink()` plugin | Magic link sign-in |
+| `sendVerificationOTP` | `emailOTP()` plugin | OTP sign-in / verify / reset |
+## Install
+```bash
+npm install better-auth-cloudflare-email
+```
+## Quick start
+### Cloudflare Workers (binding transport)
+```ts
+import { betterAuth } from "better-auth";
+import { magicLink, emailOTP } from "better-auth/plugins";
+import { cloudflareEmail } from "better-auth-cloudflare-email";
+function createAuth(env: Env) {
+  const email = cloudflareEmail.workers({
+    binding: env.EMAIL,
+    from: "MyApp <noreply@myapp.com>",
+    appName: "MyApp",
+  });
+  return betterAuth({
+    ...email.config,
+    plugins: [
+      magicLink({ sendMagicLink: email.sendMagicLink }),
+      emailOTP({ sendVerificationOTP: email.sendVerificationOTP }),
+    ],
+  });
+}
+```
+Add the binding to your `wrangler.jsonc`:
+```jsonc
+{
+  "send_email": [{ "name": "EMAIL" }]
+}
+```
+### Any runtime (REST API transport)
+```ts
+import { betterAuth } from "better-auth";
+import { magicLink, emailOTP } from "better-auth/plugins";
+import { cloudflareEmail } from "better-auth-cloudflare-email";
+const email = cloudflareEmail.api({
+  accountId: process.env.CF_ACCOUNT_ID!,
+  apiToken: process.env.CF_API_TOKEN!,
+  from: "MyApp <noreply@myapp.com>",
+  appName: "MyApp",
+});
+export const auth = betterAuth({
+  ...email.config,
+  plugins: [
+    magicLink({ sendMagicLink: email.sendMagicLink }),
+    emailOTP({ sendVerificationOTP: email.sendVerificationOTP }),
+  ],
+});
+```
+## How it works
+`cloudflareEmail.workers()` and `cloudflareEmail.api()` both return the same object:
+```ts
+{
+  // Spread into betterAuth() — wires verification, reset, change email, delete account
+  config: { emailVerification, emailAndPassword, user },
+  // Wire into plugins manually
+  sendMagicLink,
+  sendVerificationOTP,
+  // Individual callbacks (if you prefer manual wiring)
+  sendVerificationEmail,
+  sendResetPassword,
+  sendChangeEmailConfirmation,
+  sendDeleteAccountVerification,
+  // Send any arbitrary email
+  sendRaw(message: EmailMessage): Promise<EmailSendResult>,
+}
+```
+The `config` object is designed to be spread into your `betterAuth()` call. Override any defaults after spreading:
+```ts
+const email = cloudflareEmail.workers({ binding: env.EMAIL, from: "..." });
+export const auth = betterAuth({
+  ...email.config,
+  emailAndPassword: {
+    ...email.config.emailAndPassword,
+    requireEmailVerification: true,  // your override
+    minPasswordLength: 12,           // your override
+  },
+});
+```
+## Hono + Workers example
+```ts
+import { Hono } from "hono";
+import { betterAuth } from "better-auth";
+import { cloudflareEmail } from "better-auth-cloudflare-email";
+interface Env {
+  EMAIL: import("./auth/cloudflare-email").EmailBinding;
+  DB: D1Database;
+}
+const app = new Hono<{ Bindings: Env }>();
+app.on(["POST", "GET"], "/api/auth/*", (c) => {
+  const email = cloudflareEmail.workers({
+    binding: c.env.EMAIL,
+    from: "MyApp <noreply@myapp.com>",
+  });
+  const auth = betterAuth({
+    ...email.config,
+    // database, plugins, etc.
+  });
+  return auth.handler(c.req.raw);
+});
+export default app;
+```
+### Singleton auth with dynamic binding
+If you don't want to create auth per-request, pass a function that resolves the binding at call time:
+```ts
+import { getRequestContext } from "@cloudflare/next-on-pages";
+import { cloudflareEmail } from "better-auth-cloudflare-email";
+const email = cloudflareEmail.workers({
+  binding: () => getRequestContext().env.EMAIL,
+  from: "MyApp <noreply@myapp.com>",
+});
+export const auth = betterAuth({ ...email.config });
+```
+## Custom templates
+Override any template by passing a function that returns `{ subject, html, text }`:
+```ts
+const email = cloudflareEmail.workers({
+  binding: env.EMAIL,
+  from: "MyApp <noreply@myapp.com>",
+  appName: "MyApp",
+  templates: {
+    verifyEmail: ({ appName, url, userName }) => ({
+      subject: `Welcome to ${appName}!`,
+      html: `<h1>Hey ${userName}!</h1><a href="${url}">Verify your email</a>`,
+      text: `Verify your email: ${url}`,
+    }),
+    // resetPassword, changeEmail, deleteAccount, magicLink, otp
+  },
+});
+```
+### Template data available
+| Field | Type | Available in |
+|---|---|---|
+| `appName` | `string` | All templates |
+| `url` | `string` | All except `otp` |
+| `token` | `string` | All except `otp` |
+| `userName` | `string \| undefined` | `verifyEmail`, `resetPassword` |
+| `otp` | `string` | `otp` only |
+| `email` | `string` | `magicLink`, `otp` |
+## Sending arbitrary emails
+Use `sendRaw` to send any email outside of Better Auth's callbacks:
+```ts
+await email.sendRaw({
+  to: "user@example.com",
+  from: "support@myapp.com",
+  subject: "Your invoice",
+  html: "<p>Thanks for your purchase.</p>",
+  text: "Thanks for your purchase.",
+  attachments: [{
+    filename: "invoice.pdf",
+    content: base64String,
+    contentType: "application/pdf",
+    disposition: "attachment",
+  }],
+});
+```
+## Transport comparison
+| | `cloudflareEmail.workers()` | `cloudflareEmail.api()` |
+|---|---|---|
+| Runtime | Cloudflare Workers only | Any (Node, Bun, Deno, Vercel...) |
+| Auth | `send_email` binding (no key) | `CF_ACCOUNT_ID` + `CF_API_TOKEN` |
+| Latency | In-process, zero hop | HTTP round-trip to Cloudflare API |
+| Config | `binding: env.EMAIL` | `accountId` + `apiToken` |
+| Output | Identical | Identical |
+## Cloudflare Email Service setup
+1. Your domain must use [Cloudflare DNS](https://developers.cloudflare.com/dns/)
+2. Go to **Cloudflare Dashboard > Compute & AI > Email Service > Email Sending**
+3. Select your domain and add the required DNS records (SPF, DKIM)
+4. For the REST API transport, create an [API token](https://dash.cloudflare.com/profile/api-tokens) with email send permissions
+> Cloudflare Email Service is currently in **private beta**. It requires a Workers Paid plan.
+## License
+MIT

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,228 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  cloudflareEmail: () => cloudflareEmail
+});
+module.exports = __toCommonJS(index_exports);
+// src/auth/cloudflare-email.ts
+function layout(title, body, appName) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>${title}</title>
+<style>
+  body{margin:0;padding:0;background:#f4f4f5;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif}
+  .wrap{max-width:480px;margin:40px auto;background:#fff;border-radius:12px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,.08)}
+  .header{background:#18181b;padding:24px 32px;color:#fff;font-size:18px;font-weight:600}
+  .body{padding:32px}
+  .body p{margin:0 0 16px;color:#3f3f46;line-height:1.6;font-size:15px}
+  .btn{display:inline-block;padding:12px 28px;background:#18181b;color:#fff!important;text-decoration:none;border-radius:8px;font-weight:500;font-size:15px}
+  .code{display:inline-block;padding:12px 24px;background:#f4f4f5;border-radius:8px;font-size:28px;font-weight:700;letter-spacing:6px;color:#18181b}
+  .footer{padding:16px 32px;font-size:12px;color:#a1a1aa;border-top:1px solid #f4f4f5}
+</style></head>
+<body><div class="wrap">
+<div class="header">${appName}</div>
+<div class="body">${body}</div>
+<div class="footer">You received this email because an action was requested on your account. If you didn't request this, you can safely ignore it.</div>
+</div></body></html>`;
+}
+var defaultTemplates = {
+  verifyEmail: ({ appName, url, userName }) => ({
+    subject: `Verify your email \u2013 ${appName}`,
+    html: layout(
+      "Verify Email",
+      `<p>Hi${userName ? ` ${userName}` : ""},</p>
+<p>Thanks for signing up. Please verify your email address by clicking the button below.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Verify Email</a></p>
+<p style="font-size:13px;color:#71717a">If the button doesn't work, copy and paste this link into your browser:<br>${url}</p>`,
+      appName
+    ),
+    text: `Verify your email for ${appName}: ${url}`
+  }),
+  resetPassword: ({ appName, url, userName }) => ({
+    subject: `Reset your password \u2013 ${appName}`,
+    html: layout(
+      "Reset Password",
+      `<p>Hi${userName ? ` ${userName}` : ""},</p>
+<p>We received a request to reset your password. Click the button below to choose a new one.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Reset Password</a></p>
+<p style="font-size:13px;color:#71717a">This link expires in 1 hour. If you didn't request a password reset, you can ignore this email.</p>`,
+      appName
+    ),
+    text: `Reset your password for ${appName}: ${url}`
+  }),
+  changeEmail: ({ appName, url }) => ({
+    subject: `Confirm email change \u2013 ${appName}`,
+    html: layout(
+      "Confirm Email Change",
+      `<p>You requested to change the email address on your ${appName} account.</p>
+<p>Click the button below to confirm this change.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Confirm Change</a></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this, please secure your account immediately.</p>`,
+      appName
+    ),
+    text: `Confirm email change for ${appName}: ${url}`
+  }),
+  deleteAccount: ({ appName, url }) => ({
+    subject: `Confirm account deletion \u2013 ${appName}`,
+    html: layout(
+      "Delete Account",
+      `<p>You requested to delete your ${appName} account. This action is permanent.</p>
+<p>Click the button below to confirm deletion.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn" style="background:#dc2626">Delete Account</a></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this, please ignore this email and secure your account.</p>`,
+      appName
+    ),
+    text: `Confirm account deletion for ${appName}: ${url}`
+  }),
+  magicLink: ({ appName, url }) => ({
+    subject: `Sign in to ${appName}`,
+    html: layout(
+      "Magic Link",
+      `<p>Click the button below to sign in to your ${appName} account. This link expires in 15 minutes.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Sign In</a></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this, you can safely ignore this email.</p>`,
+      appName
+    ),
+    text: `Sign in to ${appName}: ${url}`
+  }),
+  otp: ({ appName, otp }) => ({
+    subject: `Your verification code \u2013 ${appName}`,
+    html: layout(
+      "Verification Code",
+      `<p>Use the following code to continue. It expires in 5 minutes.</p>
+<p style="text-align:center;margin:24px 0"><span class="code">${otp}</span></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this code, you can safely ignore this email.</p>`,
+      appName
+    ),
+    text: `Your ${appName} verification code: ${otp}`
+  })
+};
+function createWorkersTransport(opts) {
+  return {
+    async send(message) {
+      const binding = typeof opts.binding === "function" ? opts.binding() : opts.binding;
+      return binding.send(message);
+    }
+  };
+}
+function createApiTransport(opts) {
+  const baseUrl = opts.baseUrl ?? "https://api.cloudflare.com/client/v4";
+  const url = `${baseUrl}/accounts/${opts.accountId}/email-service/send`;
+  return {
+    async send(message) {
+      const res = await fetch(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${opts.apiToken}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(message)
+      });
+      if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Cloudflare Email API error (${res.status}): ${body}`);
+      }
+      const json = await res.json();
+      return { messageId: json.result?.messageId ?? "" };
+    }
+  };
+}
+function build(transport, shared) {
+  const appName = shared.appName ?? "Our App";
+  const from = shared.from;
+  const t = { ...defaultTemplates, ...shared.templates };
+  function fire(to, rendered) {
+    void transport.send({ to, from, subject: rendered.subject, html: rendered.html, text: rendered.text });
+  }
+  const sendVerificationEmail = async (data, _request) => {
+    fire(data.user.email, t.verifyEmail({ appName, url: data.url, token: data.token, userName: data.user.name }));
+  };
+  const sendResetPassword = async (data, _request) => {
+    fire(data.user.email, t.resetPassword({ appName, url: data.url, token: data.token, userName: data.user.name }));
+  };
+  const sendChangeEmailConfirmation = async (data, _request) => {
+    fire(data.newEmail, t.changeEmail({ appName, url: data.url, token: data.token }));
+  };
+  const sendDeleteAccountVerification = async (data, _request) => {
+    fire(data.user.email, t.deleteAccount({ appName, url: data.url, token: data.token }));
+  };
+  const sendMagicLink = async (data) => {
+    fire(data.email, t.magicLink({ appName, url: data.url, token: data.token, email: data.email }));
+  };
+  const sendVerificationOTP = async (data) => {
+    fire(data.email, t.otp({ appName, otp: data.otp, email: data.email }));
+  };
+  return {
+    config: {
+      emailVerification: { sendVerificationEmail, sendOnSignUp: true },
+      emailAndPassword: { enabled: true, sendResetPassword },
+      user: {
+        changeEmail: { enabled: true, sendChangeEmailConfirmation },
+        deleteUser: { enabled: true, sendDeleteAccountVerification }
+      }
+    },
+    sendVerificationEmail,
+    sendResetPassword,
+    sendChangeEmailConfirmation,
+    sendDeleteAccountVerification,
+    sendMagicLink,
+    sendVerificationOTP,
+    sendRaw: (message) => transport.send(message)
+  };
+}
+var cloudflareEmail = {
+  /**
+   * Use inside a Cloudflare Worker — sends via the `send_email` binding.
+   * Zero network hop, no API key needed.
+   *
+   * ```ts
+   * const email = cloudflareEmail.workers({
+   *   binding: env.EMAIL,
+   *   from: "App <noreply@app.com>",
+   * });
+   * ```
+   */
+  workers(opts) {
+    return build(createWorkersTransport(opts), opts);
+  },
+  /**
+   * Use from any runtime (Node.js, Bun, Deno, Vercel, etc.) — sends via
+   * the Cloudflare Email Service REST API.
+   *
+   * ```ts
+   * const email = cloudflareEmail.api({
+   *   accountId: process.env.CF_ACCOUNT_ID,
+   *   apiToken: process.env.CF_API_TOKEN,
+   *   from: "App <noreply@app.com>",
+   * });
+   * ```
+   */
+  api(opts) {
+    return build(createApiTransport(opts), opts);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  cloudflareEmail
+});

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,223 @@
+/**
+ * Better Auth + Cloudflare Email Service integration.
+ *
+ * Two transports, one interface:
+ *
+ *   // Inside a Cloudflare Worker — uses the send_email binding (zero latency, no API key)
+ *   import { cloudflareEmail } from "./cloudflare-email";
+ *   const email = cloudflareEmail.workers({ binding: env.EMAIL, from: "..." });
+ *
+ *   // Anywhere else — uses the Cloudflare REST API
+ *   import { cloudflareEmail } from "./cloudflare-email";
+ *   const email = cloudflareEmail.api({ accountId: "...", apiToken: "...", from: "..." });
+ *
+ * Both return the same object shape — spread `email.config` into betterAuth()
+ * and wire plugin callbacks identically.
+ */
+interface EmailMessage {
+    to: string | string[];
+    from: string;
+    subject: string;
+    html?: string;
+    text?: string;
+    cc?: string | string[];
+    bcc?: string | string[];
+    replyTo?: string;
+    headers?: Record<string, string>;
+    attachments?: EmailAttachment[];
+}
+interface EmailAttachment {
+    filename: string;
+    content: string;
+    contentType: string;
+    disposition: "attachment" | "inline";
+    contentId?: string;
+}
+interface EmailSendResult {
+    messageId: string;
+}
+interface EmailTransport {
+    send(message: EmailMessage): Promise<EmailSendResult>;
+}
+interface TemplateData {
+    appName: string;
+    url?: string;
+    token?: string;
+    otp?: string;
+    email?: string;
+    userName?: string;
+}
+type TemplateFn = (data: TemplateData) => {
+    subject: string;
+    html: string;
+    text: string;
+};
+interface Templates {
+    verifyEmail?: TemplateFn;
+    resetPassword?: TemplateFn;
+    changeEmail?: TemplateFn;
+    deleteAccount?: TemplateFn;
+    magicLink?: TemplateFn;
+    otp?: TemplateFn;
+}
+interface SharedOptions {
+    /** Default "from" address, e.g. "MyApp <noreply@myapp.com>". */
+    from: string;
+    /** Application name shown in email templates. Default: "Our App". */
+    appName?: string;
+    /** Override default email templates per type. */
+    templates?: Templates;
+}
+/** Cloudflare Workers send_email binding. */
+interface EmailBinding {
+    send(message: EmailMessage): Promise<EmailSendResult>;
+    sendBatch?(messages: EmailMessage[]): Promise<{
+        results: Array<{
+            success: boolean;
+            messageId?: string;
+            error?: string;
+        }>;
+    }>;
+}
+interface WorkersOptions extends SharedOptions {
+    /** The send_email binding, or a function that returns it (for singleton auth). */
+    binding: EmailBinding | (() => EmailBinding);
+}
+interface ApiOptions extends SharedOptions {
+    /** Cloudflare Account ID. */
+    accountId: string;
+    /** Cloudflare API Token with email send permissions. */
+    apiToken: string;
+    /** Override the base URL. Default: "https://api.cloudflare.com/client/v4" */
+    baseUrl?: string;
+}
+interface CloudflareEmailResult {
+    /** Spread into betterAuth() to wire up core email callbacks automatically. */
+    config: {
+        emailVerification: {
+            sendVerificationEmail: (data: {
+                user: {
+                    email: string;
+                    name?: string;
+                };
+                url: string;
+                token: string;
+            }, request?: Request) => Promise<void>;
+            sendOnSignUp: true;
+        };
+        emailAndPassword: {
+            enabled: true;
+            sendResetPassword: (data: {
+                user: {
+                    email: string;
+                    name?: string;
+                };
+                url: string;
+                token: string;
+            }, request?: Request) => Promise<void>;
+        };
+        user: {
+            changeEmail: {
+                enabled: true;
+                sendChangeEmailConfirmation: (data: {
+                    user: {
+                        email: string;
+                        name?: string;
+                    };
+                    newEmail: string;
+                    url: string;
+                    token: string;
+                }, request?: Request) => Promise<void>;
+            };
+            deleteUser: {
+                enabled: true;
+                sendDeleteAccountVerification: (data: {
+                    user: {
+                        email: string;
+                        name?: string;
+                    };
+                    url: string;
+                    token: string;
+                }, request?: Request) => Promise<void>;
+            };
+        };
+    };
+    /** For magicLink() plugin. */
+    sendMagicLink: (data: {
+        email: string;
+        url: string;
+        token: string;
+        metadata?: Record<string, unknown>;
+    }) => Promise<void>;
+    /** For emailOTP() plugin. */
+    sendVerificationOTP: (data: {
+        email: string;
+        otp: string;
+        type: string;
+    }) => Promise<void>;
+    /** Individual callbacks if you prefer manual wiring. */
+    sendVerificationEmail: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    sendResetPassword: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    sendChangeEmailConfirmation: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        newEmail: string;
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    sendDeleteAccountVerification: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    /** Send an arbitrary email through the underlying transport. */
+    sendRaw: (message: EmailMessage) => Promise<EmailSendResult>;
+}
+declare const cloudflareEmail: {
+    /**
+     * Use inside a Cloudflare Worker — sends via the `send_email` binding.
+     * Zero network hop, no API key needed.
+     *
+     * ```ts
+     * const email = cloudflareEmail.workers({
+     *   binding: env.EMAIL,
+     *   from: "App <noreply@app.com>",
+     * });
+     * ```
+     */
+    workers(opts: WorkersOptions): CloudflareEmailResult;
+    /**
+     * Use from any runtime (Node.js, Bun, Deno, Vercel, etc.) — sends via
+     * the Cloudflare Email Service REST API.
+     *
+     * ```ts
+     * const email = cloudflareEmail.api({
+     *   accountId: process.env.CF_ACCOUNT_ID,
+     *   apiToken: process.env.CF_API_TOKEN,
+     *   from: "App <noreply@app.com>",
+     * });
+     * ```
+     */
+    api(opts: ApiOptions): CloudflareEmailResult;
+};
+export { type ApiOptions, type EmailAttachment, type EmailBinding, type EmailMessage, type EmailSendResult, type EmailTransport, type TemplateData, type TemplateFn, type Templates, type WorkersOptions, cloudflareEmail };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,223 @@
+/**
+ * Better Auth + Cloudflare Email Service integration.
+ *
+ * Two transports, one interface:
+ *
+ *   // Inside a Cloudflare Worker — uses the send_email binding (zero latency, no API key)
+ *   import { cloudflareEmail } from "./cloudflare-email";
+ *   const email = cloudflareEmail.workers({ binding: env.EMAIL, from: "..." });
+ *
+ *   // Anywhere else — uses the Cloudflare REST API
+ *   import { cloudflareEmail } from "./cloudflare-email";
+ *   const email = cloudflareEmail.api({ accountId: "...", apiToken: "...", from: "..." });
+ *
+ * Both return the same object shape — spread `email.config` into betterAuth()
+ * and wire plugin callbacks identically.
+ */
+interface EmailMessage {
+    to: string | string[];
+    from: string;
+    subject: string;
+    html?: string;
+    text?: string;
+    cc?: string | string[];
+    bcc?: string | string[];
+    replyTo?: string;
+    headers?: Record<string, string>;
+    attachments?: EmailAttachment[];
+}
+interface EmailAttachment {
+    filename: string;
+    content: string;
+    contentType: string;
+    disposition: "attachment" | "inline";
+    contentId?: string;
+}
+interface EmailSendResult {
+    messageId: string;
+}
+interface EmailTransport {
+    send(message: EmailMessage): Promise<EmailSendResult>;
+}
+interface TemplateData {
+    appName: string;
+    url?: string;
+    token?: string;
+    otp?: string;
+    email?: string;
+    userName?: string;
+}
+type TemplateFn = (data: TemplateData) => {
+    subject: string;
+    html: string;
+    text: string;
+};
+interface Templates {
+    verifyEmail?: TemplateFn;
+    resetPassword?: TemplateFn;
+    changeEmail?: TemplateFn;
+    deleteAccount?: TemplateFn;
+    magicLink?: TemplateFn;
+    otp?: TemplateFn;
+}
+interface SharedOptions {
+    /** Default "from" address, e.g. "MyApp <noreply@myapp.com>". */
+    from: string;
+    /** Application name shown in email templates. Default: "Our App". */
+    appName?: string;
+    /** Override default email templates per type. */
+    templates?: Templates;
+}
+/** Cloudflare Workers send_email binding. */
+interface EmailBinding {
+    send(message: EmailMessage): Promise<EmailSendResult>;
+    sendBatch?(messages: EmailMessage[]): Promise<{
+        results: Array<{
+            success: boolean;
+            messageId?: string;
+            error?: string;
+        }>;
+    }>;
+}
+interface WorkersOptions extends SharedOptions {
+    /** The send_email binding, or a function that returns it (for singleton auth). */
+    binding: EmailBinding | (() => EmailBinding);
+}
+interface ApiOptions extends SharedOptions {
+    /** Cloudflare Account ID. */
+    accountId: string;
+    /** Cloudflare API Token with email send permissions. */
+    apiToken: string;
+    /** Override the base URL. Default: "https://api.cloudflare.com/client/v4" */
+    baseUrl?: string;
+}
+interface CloudflareEmailResult {
+    /** Spread into betterAuth() to wire up core email callbacks automatically. */
+    config: {
+        emailVerification: {
+            sendVerificationEmail: (data: {
+                user: {
+                    email: string;
+                    name?: string;
+                };
+                url: string;
+                token: string;
+            }, request?: Request) => Promise<void>;
+            sendOnSignUp: true;
+        };
+        emailAndPassword: {
+            enabled: true;
+            sendResetPassword: (data: {
+                user: {
+                    email: string;
+                    name?: string;
+                };
+                url: string;
+                token: string;
+            }, request?: Request) => Promise<void>;
+        };
+        user: {
+            changeEmail: {
+                enabled: true;
+                sendChangeEmailConfirmation: (data: {
+                    user: {
+                        email: string;
+                        name?: string;
+                    };
+                    newEmail: string;
+                    url: string;
+                    token: string;
+                }, request?: Request) => Promise<void>;
+            };
+            deleteUser: {
+                enabled: true;
+                sendDeleteAccountVerification: (data: {
+                    user: {
+                        email: string;
+                        name?: string;
+                    };
+                    url: string;
+                    token: string;
+                }, request?: Request) => Promise<void>;
+            };
+        };
+    };
+    /** For magicLink() plugin. */
+    sendMagicLink: (data: {
+        email: string;
+        url: string;
+        token: string;
+        metadata?: Record<string, unknown>;
+    }) => Promise<void>;
+    /** For emailOTP() plugin. */
+    sendVerificationOTP: (data: {
+        email: string;
+        otp: string;
+        type: string;
+    }) => Promise<void>;
+    /** Individual callbacks if you prefer manual wiring. */
+    sendVerificationEmail: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    sendResetPassword: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    sendChangeEmailConfirmation: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        newEmail: string;
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    sendDeleteAccountVerification: (data: {
+        user: {
+            email: string;
+            name?: string;
+        };
+        url: string;
+        token: string;
+    }, request?: Request) => Promise<void>;
+    /** Send an arbitrary email through the underlying transport. */
+    sendRaw: (message: EmailMessage) => Promise<EmailSendResult>;
+}
+declare const cloudflareEmail: {
+    /**
+     * Use inside a Cloudflare Worker — sends via the `send_email` binding.
+     * Zero network hop, no API key needed.
+     *
+     * ```ts
+     * const email = cloudflareEmail.workers({
+     *   binding: env.EMAIL,
+     *   from: "App <noreply@app.com>",
+     * });
+     * ```
+     */
+    workers(opts: WorkersOptions): CloudflareEmailResult;
+    /**
+     * Use from any runtime (Node.js, Bun, Deno, Vercel, etc.) — sends via
+     * the Cloudflare Email Service REST API.
+     *
+     * ```ts
+     * const email = cloudflareEmail.api({
+     *   accountId: process.env.CF_ACCOUNT_ID,
+     *   apiToken: process.env.CF_API_TOKEN,
+     *   from: "App <noreply@app.com>",
+     * });
+     * ```
+     */
+    api(opts: ApiOptions): CloudflareEmailResult;
+};
+export { type ApiOptions, type EmailAttachment, type EmailBinding, type EmailMessage, type EmailSendResult, type EmailTransport, type TemplateData, type TemplateFn, type Templates, type WorkersOptions, cloudflareEmail };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,201 @@
+// src/auth/cloudflare-email.ts
+function layout(title, body, appName) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>${title}</title>
+<style>
+  body{margin:0;padding:0;background:#f4f4f5;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif}
+  .wrap{max-width:480px;margin:40px auto;background:#fff;border-radius:12px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,.08)}
+  .header{background:#18181b;padding:24px 32px;color:#fff;font-size:18px;font-weight:600}
+  .body{padding:32px}
+  .body p{margin:0 0 16px;color:#3f3f46;line-height:1.6;font-size:15px}
+  .btn{display:inline-block;padding:12px 28px;background:#18181b;color:#fff!important;text-decoration:none;border-radius:8px;font-weight:500;font-size:15px}
+  .code{display:inline-block;padding:12px 24px;background:#f4f4f5;border-radius:8px;font-size:28px;font-weight:700;letter-spacing:6px;color:#18181b}
+  .footer{padding:16px 32px;font-size:12px;color:#a1a1aa;border-top:1px solid #f4f4f5}
+</style></head>
+<body><div class="wrap">
+<div class="header">${appName}</div>
+<div class="body">${body}</div>
+<div class="footer">You received this email because an action was requested on your account. If you didn't request this, you can safely ignore it.</div>
+</div></body></html>`;
+}
+var defaultTemplates = {
+  verifyEmail: ({ appName, url, userName }) => ({
+    subject: `Verify your email \u2013 ${appName}`,
+    html: layout(
+      "Verify Email",
+      `<p>Hi${userName ? ` ${userName}` : ""},</p>
+<p>Thanks for signing up. Please verify your email address by clicking the button below.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Verify Email</a></p>
+<p style="font-size:13px;color:#71717a">If the button doesn't work, copy and paste this link into your browser:<br>${url}</p>`,
+      appName
+    ),
+    text: `Verify your email for ${appName}: ${url}`
+  }),
+  resetPassword: ({ appName, url, userName }) => ({
+    subject: `Reset your password \u2013 ${appName}`,
+    html: layout(
+      "Reset Password",
+      `<p>Hi${userName ? ` ${userName}` : ""},</p>
+<p>We received a request to reset your password. Click the button below to choose a new one.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Reset Password</a></p>
+<p style="font-size:13px;color:#71717a">This link expires in 1 hour. If you didn't request a password reset, you can ignore this email.</p>`,
+      appName
+    ),
+    text: `Reset your password for ${appName}: ${url}`
+  }),
+  changeEmail: ({ appName, url }) => ({
+    subject: `Confirm email change \u2013 ${appName}`,
+    html: layout(
+      "Confirm Email Change",
+      `<p>You requested to change the email address on your ${appName} account.</p>
+<p>Click the button below to confirm this change.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Confirm Change</a></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this, please secure your account immediately.</p>`,
+      appName
+    ),
+    text: `Confirm email change for ${appName}: ${url}`
+  }),
+  deleteAccount: ({ appName, url }) => ({
+    subject: `Confirm account deletion \u2013 ${appName}`,
+    html: layout(
+      "Delete Account",
+      `<p>You requested to delete your ${appName} account. This action is permanent.</p>
+<p>Click the button below to confirm deletion.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn" style="background:#dc2626">Delete Account</a></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this, please ignore this email and secure your account.</p>`,
+      appName
+    ),
+    text: `Confirm account deletion for ${appName}: ${url}`
+  }),
+  magicLink: ({ appName, url }) => ({
+    subject: `Sign in to ${appName}`,
+    html: layout(
+      "Magic Link",
+      `<p>Click the button below to sign in to your ${appName} account. This link expires in 15 minutes.</p>
+<p style="text-align:center;margin:24px 0"><a href="${url}" class="btn">Sign In</a></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this, you can safely ignore this email.</p>`,
+      appName
+    ),
+    text: `Sign in to ${appName}: ${url}`
+  }),
+  otp: ({ appName, otp }) => ({
+    subject: `Your verification code \u2013 ${appName}`,
+    html: layout(
+      "Verification Code",
+      `<p>Use the following code to continue. It expires in 5 minutes.</p>
+<p style="text-align:center;margin:24px 0"><span class="code">${otp}</span></p>
+<p style="font-size:13px;color:#71717a">If you didn't request this code, you can safely ignore this email.</p>`,
+      appName
+    ),
+    text: `Your ${appName} verification code: ${otp}`
+  })
+};
+function createWorkersTransport(opts) {
+  return {
+    async send(message) {
+      const binding = typeof opts.binding === "function" ? opts.binding() : opts.binding;
+      return binding.send(message);
+    }
+  };
+}
+function createApiTransport(opts) {
+  const baseUrl = opts.baseUrl ?? "https://api.cloudflare.com/client/v4";
+  const url = `${baseUrl}/accounts/${opts.accountId}/email-service/send`;
+  return {
+    async send(message) {
+      const res = await fetch(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${opts.apiToken}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(message)
+      });
+      if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Cloudflare Email API error (${res.status}): ${body}`);
+      }
+      const json = await res.json();
+      return { messageId: json.result?.messageId ?? "" };
+    }
+  };
+}
+function build(transport, shared) {
+  const appName = shared.appName ?? "Our App";
+  const from = shared.from;
+  const t = { ...defaultTemplates, ...shared.templates };
+  function fire(to, rendered) {
+    void transport.send({ to, from, subject: rendered.subject, html: rendered.html, text: rendered.text });
+  }
+  const sendVerificationEmail = async (data, _request) => {
+    fire(data.user.email, t.verifyEmail({ appName, url: data.url, token: data.token, userName: data.user.name }));
+  };
+  const sendResetPassword = async (data, _request) => {
+    fire(data.user.email, t.resetPassword({ appName, url: data.url, token: data.token, userName: data.user.name }));
+  };
+  const sendChangeEmailConfirmation = async (data, _request) => {
+    fire(data.newEmail, t.changeEmail({ appName, url: data.url, token: data.token }));
+  };
+  const sendDeleteAccountVerification = async (data, _request) => {
+    fire(data.user.email, t.deleteAccount({ appName, url: data.url, token: data.token }));
+  };
+  const sendMagicLink = async (data) => {
+    fire(data.email, t.magicLink({ appName, url: data.url, token: data.token, email: data.email }));
+  };
+  const sendVerificationOTP = async (data) => {
+    fire(data.email, t.otp({ appName, otp: data.otp, email: data.email }));
+  };
+  return {
+    config: {
+      emailVerification: { sendVerificationEmail, sendOnSignUp: true },
+      emailAndPassword: { enabled: true, sendResetPassword },
+      user: {
+        changeEmail: { enabled: true, sendChangeEmailConfirmation },
+        deleteUser: { enabled: true, sendDeleteAccountVerification }
+      }
+    },
+    sendVerificationEmail,
+    sendResetPassword,
+    sendChangeEmailConfirmation,
+    sendDeleteAccountVerification,
+    sendMagicLink,
+    sendVerificationOTP,
+    sendRaw: (message) => transport.send(message)
+  };
+}
+var cloudflareEmail = {
+  /**
+   * Use inside a Cloudflare Worker — sends via the `send_email` binding.
+   * Zero network hop, no API key needed.
+   *
+   * ```ts
+   * const email = cloudflareEmail.workers({
+   *   binding: env.EMAIL,
+   *   from: "App <noreply@app.com>",
+   * });
+   * ```
+   */
+  workers(opts) {
+    return build(createWorkersTransport(opts), opts);
+  },
+  /**
+   * Use from any runtime (Node.js, Bun, Deno, Vercel, etc.) — sends via
+   * the Cloudflare Email Service REST API.
+   *
+   * ```ts
+   * const email = cloudflareEmail.api({
+   *   accountId: process.env.CF_ACCOUNT_ID,
+   *   apiToken: process.env.CF_API_TOKEN,
+   *   from: "App <noreply@app.com>",
+   * });
+   * ```
+   */
+  api(opts) {
+    return build(createApiTransport(opts), opts);
+  }
+};
+export {
+  cloudflareEmail
+};

package/package.json ADDED Viewed

@@ -0,0 +1,52 @@
+{
+  "name": "better-auth-cloudflare-email",
+  "version": "0.1.0",
+  "description": "Send emails through Cloudflare Email Service from Better Auth — Workers binding and REST API transports",
+  "license": "MIT",
+  "author": "Paul Stenhouse",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/paulstenhouse/better-auth-cloudflare-email-plugin"
+  },
+  "keywords": [
+    "better-auth",
+    "cloudflare",
+    "email",
+    "cloudflare-workers",
+    "cloudflare-email",
+    "authentication",
+    "transactional-email"
+  ],
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "prepublishOnly": "npm run build"
+  },
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0"
+  },
+  "peerDependencies": {
+    "better-auth": ">=1.0.0"
+  },
+  "peerDependenciesMeta": {
+    "better-auth": {
+      "optional": true
+    }
+  }
+}