better-auth-organization-member 1.0.0

package/dist/server-Big_p9zG.mjs

@@ -0,0 +1,1017 @@
+import { BASE_ERROR_CODES, defineErrorCodes } from "better-auth";
+import { createAuthEndpoint, createAuthMiddleware, sessionMiddleware } from "better-auth/api";
+import { clientSideHasPermission } from "better-auth/client/plugins";
+import { toZodSchema } from "better-auth/db";
+import { getOrgAdapter } from "better-auth/plugins";
+import z from "zod";
+
+//#region ../../node_modules/better-call/dist/error.mjs
+function isErrorStackTraceLimitWritable() {
+	const desc = Object.getOwnPropertyDescriptor(Error, "stackTraceLimit");
+	if (desc === void 0) return Object.isExtensible(Error);
+	return Object.prototype.hasOwnProperty.call(desc, "writable") ? desc.writable : desc.set !== void 0;
+}
+/**
+* Hide internal stack frames from the error stack trace.
+*/
+function hideInternalStackFrames(stack) {
+	const lines = stack.split("\n    at ");
+	if (lines.length <= 1) return stack;
+	lines.splice(1, 1);
+	return lines.join("\n    at ");
+}
+/**
+* Creates a custom error class that hides stack frames.
+*/
+function makeErrorForHideStackFrame(Base, clazz) {
+	class HideStackFramesError extends Base {
+		#hiddenStack;
+		constructor(...args) {
+			if (isErrorStackTraceLimitWritable()) {
+				const limit = Error.stackTraceLimit;
+				Error.stackTraceLimit = 0;
+				super(...args);
+				Error.stackTraceLimit = limit;
+			} else super(...args);
+			const stack = (/* @__PURE__ */ new Error()).stack;
+			if (stack) this.#hiddenStack = hideInternalStackFrames(stack.replace(/^Error/, this.name));
+		}
+		get errorStack() {
+			return this.#hiddenStack;
+		}
+	}
+	Object.defineProperty(HideStackFramesError.prototype, "constructor", {
+		get() {
+			return clazz;
+		},
+		enumerable: false,
+		configurable: true
+	});
+	return HideStackFramesError;
+}
+const statusCodes = {
+	OK: 200,
+	CREATED: 201,
+	ACCEPTED: 202,
+	NO_CONTENT: 204,
+	MULTIPLE_CHOICES: 300,
+	MOVED_PERMANENTLY: 301,
+	FOUND: 302,
+	SEE_OTHER: 303,
+	NOT_MODIFIED: 304,
+	TEMPORARY_REDIRECT: 307,
+	BAD_REQUEST: 400,
+	UNAUTHORIZED: 401,
+	PAYMENT_REQUIRED: 402,
+	FORBIDDEN: 403,
+	NOT_FOUND: 404,
+	METHOD_NOT_ALLOWED: 405,
+	NOT_ACCEPTABLE: 406,
+	PROXY_AUTHENTICATION_REQUIRED: 407,
+	REQUEST_TIMEOUT: 408,
+	CONFLICT: 409,
+	GONE: 410,
+	LENGTH_REQUIRED: 411,
+	PRECONDITION_FAILED: 412,
+	PAYLOAD_TOO_LARGE: 413,
+	URI_TOO_LONG: 414,
+	UNSUPPORTED_MEDIA_TYPE: 415,
+	RANGE_NOT_SATISFIABLE: 416,
+	EXPECTATION_FAILED: 417,
+	"I'M_A_TEAPOT": 418,
+	MISDIRECTED_REQUEST: 421,
+	UNPROCESSABLE_ENTITY: 422,
+	LOCKED: 423,
+	FAILED_DEPENDENCY: 424,
+	TOO_EARLY: 425,
+	UPGRADE_REQUIRED: 426,
+	PRECONDITION_REQUIRED: 428,
+	TOO_MANY_REQUESTS: 429,
+	REQUEST_HEADER_FIELDS_TOO_LARGE: 431,
+	UNAVAILABLE_FOR_LEGAL_REASONS: 451,
+	INTERNAL_SERVER_ERROR: 500,
+	NOT_IMPLEMENTED: 501,
+	BAD_GATEWAY: 502,
+	SERVICE_UNAVAILABLE: 503,
+	GATEWAY_TIMEOUT: 504,
+	HTTP_VERSION_NOT_SUPPORTED: 505,
+	VARIANT_ALSO_NEGOTIATES: 506,
+	INSUFFICIENT_STORAGE: 507,
+	LOOP_DETECTED: 508,
+	NOT_EXTENDED: 510,
+	NETWORK_AUTHENTICATION_REQUIRED: 511
+};
+var InternalAPIError = class extends Error {
+	constructor(status = "INTERNAL_SERVER_ERROR", body = void 0, headers = {}, statusCode = typeof status === "number" ? status : statusCodes[status]) {
+		super(body?.message, body?.cause ? { cause: body.cause } : void 0);
+		this.status = status;
+		this.body = body;
+		this.headers = headers;
+		this.statusCode = statusCode;
+		this.name = "APIError";
+		this.status = status;
+		this.headers = headers;
+		this.statusCode = statusCode;
+		this.body = body ? {
+			code: body?.message?.toUpperCase().replace(/ /g, "_").replace(/[^A-Z0-9_]/g, ""),
+			...body
+		} : void 0;
+	}
+};
+var ValidationError = class extends InternalAPIError {
+	constructor(message, issues) {
+		super(400, {
+			message,
+			code: "VALIDATION_ERROR"
+		});
+		this.message = message;
+		this.issues = issues;
+		this.issues = issues;
+	}
+};
+var BetterCallError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "BetterCallError";
+	}
+};
+const APIError = makeErrorForHideStackFrame(InternalAPIError, Error);
+
+//#endregion
+//#region ../../node_modules/better-call/dist/utils.mjs
+function isAPIError(error) {
+	return error instanceof APIError || error?.name === "APIError";
+}
+function tryDecode(str) {
+	try {
+		return str.includes("%") ? decodeURIComponent(str) : str;
+	} catch {
+		return str;
+	}
+}
+async function tryCatch(promise) {
+	try {
+		return {
+			data: await promise,
+			error: null
+		};
+	} catch (error) {
+		return {
+			data: null,
+			error
+		};
+	}
+}
+/**
+* Check if an object is a `Request`
+* - `instanceof`: works for native Request instances
+* - `toString`: handles where instanceof check fails but the object is still a valid Request
+*/
+function isRequest(obj) {
+	return obj instanceof Request || Object.prototype.toString.call(obj) === "[object Request]";
+}
+
+//#endregion
+//#region ../../node_modules/better-call/dist/to-response.mjs
+function isJSONSerializable(value) {
+	if (value === void 0) return false;
+	const t = typeof value;
+	if (t === "string" || t === "number" || t === "boolean" || t === null) return true;
+	if (t !== "object") return false;
+	if (Array.isArray(value)) return true;
+	if (value.buffer) return false;
+	return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
+}
+function safeStringify(obj, replacer, space) {
+	let id = 0;
+	const seen = /* @__PURE__ */ new WeakMap();
+	const safeReplacer = (key, value) => {
+		if (typeof value === "bigint") return value.toString();
+		if (typeof value === "object" && value !== null) {
+			if (seen.has(value)) return `[Circular ref-${seen.get(value)}]`;
+			seen.set(value, id++);
+		}
+		if (replacer) return replacer(key, value);
+		return value;
+	};
+	return JSON.stringify(obj, safeReplacer, space);
+}
+function isJSONResponse(value) {
+	if (!value || typeof value !== "object") return false;
+	return "_flag" in value && value._flag === "json";
+}
+function toResponse(data, init) {
+	if (data instanceof Response) {
+		if (init?.headers instanceof Headers) init.headers.forEach((value, key) => {
+			data.headers.set(key, value);
+		});
+		return data;
+	}
+	if (isJSONResponse(data)) {
+		const body$1 = data.body;
+		const routerResponse = data.routerResponse;
+		if (routerResponse instanceof Response) return routerResponse;
+		const headers$1 = new Headers();
+		if (routerResponse?.headers) {
+			const headers$2 = new Headers(routerResponse.headers);
+			for (const [key, value] of headers$2.entries()) headers$2.set(key, value);
+		}
+		if (data.headers) for (const [key, value] of new Headers(data.headers).entries()) headers$1.set(key, value);
+		if (init?.headers) for (const [key, value] of new Headers(init.headers).entries()) headers$1.set(key, value);
+		headers$1.set("Content-Type", "application/json");
+		return new Response(JSON.stringify(body$1), {
+			...routerResponse,
+			headers: headers$1,
+			status: data.status ?? init?.status ?? routerResponse?.status,
+			statusText: init?.statusText ?? routerResponse?.statusText
+		});
+	}
+	if (isAPIError(data)) return toResponse(data.body, {
+		status: init?.status ?? data.statusCode,
+		statusText: data.status.toString(),
+		headers: init?.headers || data.headers
+	});
+	let body = data;
+	let headers = new Headers(init?.headers);
+	if (!data) {
+		if (data === null) body = JSON.stringify(null);
+		headers.set("content-type", "application/json");
+	} else if (typeof data === "string") {
+		body = data;
+		headers.set("Content-Type", "text/plain");
+	} else if (data instanceof ArrayBuffer || ArrayBuffer.isView(data)) {
+		body = data;
+		headers.set("Content-Type", "application/octet-stream");
+	} else if (data instanceof Blob) {
+		body = data;
+		headers.set("Content-Type", data.type || "application/octet-stream");
+	} else if (data instanceof FormData) body = data;
+	else if (data instanceof URLSearchParams) {
+		body = data;
+		headers.set("Content-Type", "application/x-www-form-urlencoded");
+	} else if (data instanceof ReadableStream) {
+		body = data;
+		headers.set("Content-Type", "application/octet-stream");
+	} else if (isJSONSerializable(data)) {
+		body = safeStringify(data);
+		headers.set("Content-Type", "application/json");
+	}
+	return new Response(body, {
+		...init,
+		headers
+	});
+}
+
+//#endregion
+//#region ../../node_modules/@better-auth/utils/dist/index.mjs
+function getWebcryptoSubtle() {
+	const cr = typeof globalThis !== "undefined" && globalThis.crypto;
+	if (cr && typeof cr.subtle === "object" && cr.subtle != null) return cr.subtle;
+	throw new Error("crypto.subtle must be defined");
+}
+
+//#endregion
+//#region ../../node_modules/better-call/dist/crypto.mjs
+const algorithm = {
+	name: "HMAC",
+	hash: "SHA-256"
+};
+const getCryptoKey = async (secret) => {
+	const secretBuf = typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
+	return await getWebcryptoSubtle().importKey("raw", secretBuf, algorithm, false, ["sign", "verify"]);
+};
+const verifySignature = async (base64Signature, value, secret) => {
+	try {
+		const signatureBinStr = atob(base64Signature);
+		const signature = new Uint8Array(signatureBinStr.length);
+		for (let i = 0, len = signatureBinStr.length; i < len; i++) signature[i] = signatureBinStr.charCodeAt(i);
+		return await getWebcryptoSubtle().verify(algorithm, secret, signature, new TextEncoder().encode(value));
+	} catch (e) {
+		return false;
+	}
+};
+const makeSignature = async (value, secret) => {
+	const key = await getCryptoKey(secret);
+	const signature = await getWebcryptoSubtle().sign(algorithm.name, key, new TextEncoder().encode(value));
+	return btoa(String.fromCharCode(...new Uint8Array(signature)));
+};
+const signCookieValue = async (value, secret) => {
+	const signature = await makeSignature(value, secret);
+	value = `${value}.${signature}`;
+	value = encodeURIComponent(value);
+	return value;
+};
+
+//#endregion
+//#region ../../node_modules/better-call/dist/cookies.mjs
+const getCookieKey = (key, prefix) => {
+	let finalKey = key;
+	if (prefix) if (prefix === "secure") finalKey = "__Secure-" + key;
+	else if (prefix === "host") finalKey = "__Host-" + key;
+	else return;
+	return finalKey;
+};
+/**
+* Parse an HTTP Cookie header string and returning an object of all cookie
+* name-value pairs.
+*
+* Inspired by https://github.com/unjs/cookie-es/blob/main/src/cookie/parse.ts
+*
+* @param str the string representing a `Cookie` header value
+*/
+function parseCookies(str) {
+	if (typeof str !== "string") throw new TypeError("argument str must be a string");
+	const cookies = /* @__PURE__ */ new Map();
+	let index = 0;
+	while (index < str.length) {
+		const eqIdx = str.indexOf("=", index);
+		if (eqIdx === -1) break;
+		let endIdx = str.indexOf(";", index);
+		if (endIdx === -1) endIdx = str.length;
+		else if (endIdx < eqIdx) {
+			index = str.lastIndexOf(";", eqIdx - 1) + 1;
+			continue;
+		}
+		const key = str.slice(index, eqIdx).trim();
+		if (!cookies.has(key)) {
+			let val = str.slice(eqIdx + 1, endIdx).trim();
+			if (val.codePointAt(0) === 34) val = val.slice(1, -1);
+			cookies.set(key, tryDecode(val));
+		}
+		index = endIdx + 1;
+	}
+	return cookies;
+}
+const _serialize = (key, value, opt = {}) => {
+	let cookie;
+	if (opt?.prefix === "secure") cookie = `${`__Secure-${key}`}=${value}`;
+	else if (opt?.prefix === "host") cookie = `${`__Host-${key}`}=${value}`;
+	else cookie = `${key}=${value}`;
+	if (key.startsWith("__Secure-") && !opt.secure) opt.secure = true;
+	if (key.startsWith("__Host-")) {
+		if (!opt.secure) opt.secure = true;
+		if (opt.path !== "/") opt.path = "/";
+		if (opt.domain) opt.domain = void 0;
+	}
+	if (opt && typeof opt.maxAge === "number" && opt.maxAge >= 0) {
+		if (opt.maxAge > 3456e4) throw new Error("Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration.");
+		cookie += `; Max-Age=${Math.floor(opt.maxAge)}`;
+	}
+	if (opt.domain && opt.prefix !== "host") cookie += `; Domain=${opt.domain}`;
+	if (opt.path) cookie += `; Path=${opt.path}`;
+	if (opt.expires) {
+		if (opt.expires.getTime() - Date.now() > 3456e7) throw new Error("Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future.");
+		cookie += `; Expires=${opt.expires.toUTCString()}`;
+	}
+	if (opt.httpOnly) cookie += "; HttpOnly";
+	if (opt.secure) cookie += "; Secure";
+	if (opt.sameSite) cookie += `; SameSite=${opt.sameSite.charAt(0).toUpperCase() + opt.sameSite.slice(1)}`;
+	if (opt.partitioned) {
+		if (!opt.secure) opt.secure = true;
+		cookie += "; Partitioned";
+	}
+	return cookie;
+};
+const serializeCookie = (key, value, opt) => {
+	value = encodeURIComponent(value);
+	return _serialize(key, value, opt);
+};
+const serializeSignedCookie = async (key, value, secret, opt) => {
+	value = await signCookieValue(value, secret);
+	return _serialize(key, value, opt);
+};
+
+//#endregion
+//#region ../../node_modules/better-call/dist/validator.mjs
+/**
+* Runs validation on body and query
+* @returns error and data object
+*/
+async function runValidation(options, context = {}) {
+	let request = {
+		body: context.body,
+		query: context.query
+	};
+	if (options.body) {
+		const result = await options.body["~standard"].validate(context.body);
+		if (result.issues) return {
+			data: null,
+			error: fromError(result.issues, "body")
+		};
+		request.body = result.value;
+	}
+	if (options.query) {
+		const result = await options.query["~standard"].validate(context.query);
+		if (result.issues) return {
+			data: null,
+			error: fromError(result.issues, "query")
+		};
+		request.query = result.value;
+	}
+	if (options.requireHeaders && !context.headers) return {
+		data: null,
+		error: {
+			message: "Headers is required",
+			issues: []
+		}
+	};
+	if (options.requireRequest && !context.request) return {
+		data: null,
+		error: {
+			message: "Request is required",
+			issues: []
+		}
+	};
+	return {
+		data: request,
+		error: null
+	};
+}
+function fromError(error, validating) {
+	return {
+		message: error.map((e) => {
+			return `[${e.path?.length ? `${validating}.` + e.path.map((x) => typeof x === "object" ? x.key : x).join(".") : validating}] ${e.message}`;
+		}).join("; "),
+		issues: error
+	};
+}
+
+//#endregion
+//#region ../../node_modules/better-call/dist/context.mjs
+const createInternalContext = async (context, { options, path }) => {
+	const headers = new Headers();
+	let responseStatus = void 0;
+	const { data, error } = await runValidation(options, context);
+	if (error) throw new ValidationError(error.message, error.issues);
+	const requestHeaders = "headers" in context ? context.headers instanceof Headers ? context.headers : new Headers(context.headers) : "request" in context && isRequest(context.request) ? context.request.headers : null;
+	const requestCookies = requestHeaders?.get("cookie");
+	const parsedCookies = requestCookies ? parseCookies(requestCookies) : void 0;
+	const internalContext = {
+		...context,
+		body: data.body,
+		query: data.query,
+		path: context.path || path || "virtual:",
+		context: "context" in context && context.context ? context.context : {},
+		returned: void 0,
+		headers: context?.headers,
+		request: context?.request,
+		params: "params" in context ? context.params : void 0,
+		method: context.method ?? (Array.isArray(options.method) ? options.method[0] : options.method === "*" ? "GET" : options.method),
+		setHeader: (key, value) => {
+			headers.set(key, value);
+		},
+		getHeader: (key) => {
+			if (!requestHeaders) return null;
+			return requestHeaders.get(key);
+		},
+		getCookie: (key, prefix) => {
+			const finalKey = getCookieKey(key, prefix);
+			if (!finalKey) return null;
+			return parsedCookies?.get(finalKey) || null;
+		},
+		getSignedCookie: async (key, secret, prefix) => {
+			const finalKey = getCookieKey(key, prefix);
+			if (!finalKey) return null;
+			const value = parsedCookies?.get(finalKey);
+			if (!value) return null;
+			const signatureStartPos = value.lastIndexOf(".");
+			if (signatureStartPos < 1) return null;
+			const signedValue = value.substring(0, signatureStartPos);
+			const signature = value.substring(signatureStartPos + 1);
+			if (signature.length !== 44 || !signature.endsWith("=")) return null;
+			return await verifySignature(signature, signedValue, await getCryptoKey(secret)) ? signedValue : false;
+		},
+		setCookie: (key, value, options$1) => {
+			const cookie = serializeCookie(key, value, options$1);
+			headers.append("set-cookie", cookie);
+			return cookie;
+		},
+		setSignedCookie: async (key, value, secret, options$1) => {
+			const cookie = await serializeSignedCookie(key, value, secret, options$1);
+			headers.append("set-cookie", cookie);
+			return cookie;
+		},
+		redirect: (url) => {
+			headers.set("location", url);
+			return new APIError("FOUND", void 0, headers);
+		},
+		error: (status, body, headers$1) => {
+			return new APIError(status, body, headers$1);
+		},
+		setStatus: (status) => {
+			responseStatus = status;
+		},
+		json: (json, routerResponse) => {
+			if (!context.asResponse) return json;
+			return {
+				body: routerResponse?.body || json,
+				routerResponse,
+				_flag: "json"
+			};
+		},
+		responseHeaders: headers,
+		get responseStatus() {
+			return responseStatus;
+		}
+	};
+	for (const middleware of options.use || []) {
+		const response = await middleware({
+			...internalContext,
+			returnHeaders: true,
+			asResponse: false
+		});
+		if (response.response) Object.assign(internalContext.context, response.response);
+		/**
+		* Apply headers from the middleware to the endpoint headers
+		*/
+		if (response.headers) response.headers.forEach((value, key) => {
+			internalContext.responseHeaders.set(key, value);
+		});
+	}
+	return internalContext;
+};
+
+//#endregion
+//#region ../../node_modules/better-call/dist/endpoint.mjs
+function createEndpoint(pathOrOptions, handlerOrOptions, handlerOrNever) {
+	const path = typeof pathOrOptions === "string" ? pathOrOptions : void 0;
+	const options = typeof handlerOrOptions === "object" ? handlerOrOptions : pathOrOptions;
+	const handler = typeof handlerOrOptions === "function" ? handlerOrOptions : handlerOrNever;
+	if ((options.method === "GET" || options.method === "HEAD") && options.body) throw new BetterCallError("Body is not allowed with GET or HEAD methods");
+	if (path && /\/{2,}/.test(path)) throw new BetterCallError("Path cannot contain consecutive slashes");
+	const internalHandler = async (...inputCtx) => {
+		const context = inputCtx[0] || {};
+		const { data: internalContext, error: validationError } = await tryCatch(createInternalContext(context, {
+			options,
+			path
+		}));
+		if (validationError) {
+			if (!(validationError instanceof ValidationError)) throw validationError;
+			if (options.onValidationError) await options.onValidationError({
+				message: validationError.message,
+				issues: validationError.issues
+			});
+			throw new APIError(400, {
+				message: validationError.message,
+				code: "VALIDATION_ERROR"
+			});
+		}
+		const response = await handler(internalContext).catch(async (e) => {
+			if (isAPIError(e)) {
+				const onAPIError = options.onAPIError;
+				if (onAPIError) await onAPIError(e);
+				if (context.asResponse) return e;
+			}
+			throw e;
+		});
+		const headers = internalContext.responseHeaders;
+		const status = internalContext.responseStatus;
+		return context.asResponse ? toResponse(response, {
+			headers,
+			status
+		}) : context.returnHeaders ? context.returnStatus ? {
+			headers,
+			response,
+			status
+		} : {
+			headers,
+			response
+		} : context.returnStatus ? {
+			response,
+			status
+		} : response;
+	};
+	internalHandler.options = options;
+	internalHandler.path = path;
+	return internalHandler;
+}
+createEndpoint.create = (opts) => {
+	return (path, options, handler) => {
+		return createEndpoint(path, {
+			...options,
+			use: [...options?.use || [], ...opts?.use || []]
+		}, handler);
+	};
+};
+
+//#endregion
+//#region ../../node_modules/better-call/dist/middleware.mjs
+function createMiddleware(optionsOrHandler, handler) {
+	const internalHandler = async (inputCtx) => {
+		const context = inputCtx;
+		const _handler = typeof optionsOrHandler === "function" ? optionsOrHandler : handler;
+		const internalContext = await createInternalContext(context, {
+			options: typeof optionsOrHandler === "function" ? {} : optionsOrHandler,
+			path: "/"
+		});
+		if (!_handler) throw new Error("handler must be defined");
+		const response = await _handler(internalContext);
+		const headers = internalContext.responseHeaders;
+		return context.returnHeaders ? {
+			headers,
+			response
+		} : response;
+	};
+	internalHandler.options = typeof optionsOrHandler === "function" ? {} : optionsOrHandler;
+	return internalHandler;
+}
+createMiddleware.create = (opts) => {
+	function fn(optionsOrHandler, handler) {
+		if (typeof optionsOrHandler === "function") return createMiddleware({ use: opts?.use }, optionsOrHandler);
+		if (!handler) throw new Error("Middleware handler is required");
+		return createMiddleware({
+			...optionsOrHandler,
+			method: "*",
+			use: [...opts?.use || [], ...optionsOrHandler.use || []]
+		}, handler);
+	}
+	return fn;
+};
+
+//#endregion
+//#region src/server.ts
+/** @format */
+const ORGANIZATION_ERROR_CODES = defineErrorCodes({
+	NO_ACTIVE_ORGANIZATION: "No active organization",
+	MEMBER_NOT_FOUND: "Member not found",
+	ORGANIZATION_NOT_FOUND: "Organization not found",
+	YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER: "You are not allowed to update this member",
+	YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER: "You cannot leave the organization without an owner",
+	INVITATION_NOT_FOUND: "Invitation not found",
+	YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_INVITATION: "You are not allowed to update this invitation",
+	ONLY_PENDING_INVITATIONS_CAN_BE_UPDATED: "Only pending invitations can be updated",
+	YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION: "You are not a member of this organization"
+});
+const getOrganizationPlugin = (ctx) => {
+	return ctx.options.plugins?.find((plugin) => plugin.id === "organization");
+};
+const orgMiddleware = createAuthMiddleware(async () => {
+	return {};
+});
+/**
+* The middleware forces the endpoint to require a valid session by utilizing the `sessionMiddleware`.
+* It also appends additional types to the session type regarding organizations.
+*/
+const orgSessionMiddleware = createAuthMiddleware({ use: [sessionMiddleware] }, async (ctx) => {
+	return { session: ctx.context.session };
+});
+/**
+* Organization Member Plugin
+*
+* Extends the organization plugin with:
+* - updateMember endpoint to update member fields (not just role)
+* - Automatically adds afterAcceptInvitation hook to transfer invitation data to member
+*
+* @requires organization plugin
+*/
+const createUpdateMemberEndpoint = (options) => {
+	const baseMemberSchema = z.object({
+		role: z.union([z.string(), z.array(z.string())]).meta({ description: "The new role to be applied. This can be a string or array of strings representing the roles. Eg: [\"admin\", \"sale\"]" }),
+		memberId: z.string().meta({ description: "The member id to apply the role update to. Eg: \"member-id\"" }),
+		organizationId: z.string().meta({ description: "An optional organization ID which the member is a part of to apply the role update. If not provided, you must provide session headers to get the active organization. Eg: \"organization-id\"" }).optional(),
+		firstName: z.string().optional().meta({ description: "First name of the member" }),
+		lastName: z.string().optional().meta({ description: "Last name of the member" }),
+		avatar: z.string().optional().meta({ description: "Avatar URL of the member" }),
+		status: z.enum(["active", "inactive"]).optional()
+	});
+	const { status: _status, ...additionalFieldsWithoutStatus } = toZodSchema({
+		fields: options?.schema?.member?.additionalFields || {},
+		isClientSide: true
+	}).shape;
+	return createAuthEndpoint("/organization/update-member", {
+		method: "POST",
+		body: z.object({
+			...baseMemberSchema.shape,
+			...additionalFieldsWithoutStatus.shape
+		}),
+		use: [orgMiddleware, orgSessionMiddleware],
+		requireHeaders: true,
+		metadata: {
+			$Infer: { body: {} },
+			openapi: {
+				operationId: "updateOrganizationMember",
+				description: "Update a member in an organization",
+				responses: { "200": {
+					description: "Success",
+					content: { "application/json": { schema: {
+						type: "object",
+						properties: {
+							id: { type: "string" },
+							userId: { type: "string" },
+							organizationId: { type: "string" },
+							firstName: { type: "string" },
+							lastName: { type: "string" },
+							avatar: { type: "string" },
+							status: { type: "string" }
+						},
+						required: [
+							"id",
+							"userId",
+							"organizationId",
+							"role"
+						]
+					} } }
+				} }
+			}
+		}
+	}, async (ctx) => {
+		const session = ctx.context.session;
+		const organizationPlugin = getOrganizationPlugin(ctx.context);
+		if (!organizationPlugin) throw new Error("organization-member plugin requires the organization plugin");
+		if (!ctx.body.role) throw new APIError("BAD_REQUEST");
+		const organizationId = ctx.body.organizationId || session.session.activeOrganizationId;
+		if (!organizationId) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION });
+		const adapter = getOrgAdapter(ctx.context, organizationPlugin.options);
+		const roleToSet = Array.isArray(ctx.body.role) ? ctx.body.role : ctx.body.role ? [ctx.body.role] : [];
+		const member = await adapter.findMemberByOrgId({
+			userId: session.user.id,
+			organizationId
+		});
+		if (!member) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.MEMBER_NOT_FOUND });
+		const toBeUpdatedMember = member.id !== ctx.body.memberId ? await adapter.findMemberById(ctx.body.memberId) : member;
+		if (!toBeUpdatedMember) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.MEMBER_NOT_FOUND });
+		if (!(toBeUpdatedMember.organizationId === organizationId)) throw new APIError("FORBIDDEN", { message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER });
+		const creatorRole = organizationPlugin.options?.creatorRole || "owner";
+		const updatingMemberRoles = member.role.split(",");
+		const isUpdatingCreator = toBeUpdatedMember.role.split(",").includes(creatorRole);
+		const updaterIsCreator = updatingMemberRoles.includes(creatorRole);
+		const isSettingCreatorRole = roleToSet.includes(creatorRole);
+		const memberIsUpdatingThemselves = member.id === toBeUpdatedMember.id;
+		if (isUpdatingCreator && !updaterIsCreator || isSettingCreatorRole && !updaterIsCreator) throw new APIError("FORBIDDEN", { message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER });
+		if (updaterIsCreator && memberIsUpdatingThemselves) {
+			if ((await ctx.context.adapter.findMany({
+				model: "member",
+				where: [{
+					field: "organizationId",
+					value: organizationId
+				}]
+			})).filter((member$1) => {
+				return member$1.role.split(",").includes(creatorRole);
+			}).length <= 1 && !isSettingCreatorRole) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER });
+		}
+		if (!clientSideHasPermission({
+			role: member.role,
+			options: organizationPlugin.options,
+			permissions: { member: ["update"] },
+			allowCreatorAllPermissions: true
+		})) throw new APIError("FORBIDDEN", { message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER });
+		const organization = await adapter.findOrganizationById(organizationId);
+		if (!organization) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.ORGANIZATION_NOT_FOUND });
+		const userBeingUpdated = await ctx.context.internalAdapter.findUserById(toBeUpdatedMember.userId);
+		if (!userBeingUpdated) throw new APIError("BAD_REQUEST", { message: BASE_ERROR_CODES.USER_NOT_FOUND });
+		const { memberId: _, organizationId: __, ...updates } = ctx.body;
+		let finalUpdates = updates;
+		if (options?.organizationMemberHooks?.beforeUpdateMember) {
+			const response = await options.organizationMemberHooks.beforeUpdateMember({
+				member: toBeUpdatedMember,
+				updates,
+				user: userBeingUpdated,
+				organization
+			});
+			if (response && typeof response === "object" && "data" in response) finalUpdates = response.data;
+		}
+		const updatedMember = await ctx.context.adapter.update({
+			model: "member",
+			where: [{
+				field: "id",
+				value: ctx.body.memberId
+			}],
+			update: finalUpdates
+		});
+		if (!updatedMember) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.MEMBER_NOT_FOUND });
+		if (options?.organizationMemberHooks?.afterUpdateMember) await options.organizationMemberHooks.afterUpdateMember({
+			member: updatedMember,
+			user: userBeingUpdated,
+			organization
+		});
+		return ctx.json(updatedMember);
+	});
+};
+const createGetMemberEndpoint = () => {
+	return createAuthEndpoint("/organization/get-member", {
+		method: "GET",
+		query: z.object({
+			userId: z.string().meta({ description: "The user id of the member to retrieve. Eg: \"user-id\"" }).optional(),
+			organizationId: z.string().meta({ description: "The organization ID which the member belongs to. If not provided, will default to the user's active organization. Eg: \"organization-id\"" }).optional(),
+			organizationSlug: z.string().meta({ description: "The organization slug to get member for. If not provided, will default to the user's active organization. Eg: \"organization-slug\"" }).optional()
+		}),
+		use: [orgMiddleware, orgSessionMiddleware],
+		requireHeaders: true,
+		metadata: {
+			$Infer: { query: {} },
+			openapi: {
+				operationId: "getOrganizationMember",
+				description: "Get a member from an organization by user ID",
+				responses: { "200": {
+					description: "Success",
+					content: { "application/json": { schema: {
+						type: "object",
+						properties: {
+							id: { type: "string" },
+							userId: { type: "string" },
+							organizationId: { type: "string" },
+							role: { type: "string" },
+							firstName: { type: "string" },
+							lastName: { type: "string" },
+							avatar: { type: "string" },
+							status: { type: "string" },
+							createdAt: {
+								type: "string",
+								format: "date-time"
+							}
+						},
+						required: [
+							"id",
+							"userId",
+							"organizationId",
+							"role"
+						]
+					} } }
+				} }
+			}
+		}
+	}, async (ctx) => {
+		const session = ctx.context.session;
+		const organizationPlugin = getOrganizationPlugin(ctx.context);
+		if (!organizationPlugin) throw new Error("organization-member plugin requires the organization plugin");
+		const adapter = getOrgAdapter(ctx.context, organizationPlugin.options);
+		let organizationId = ctx.query?.organizationId || session.session.activeOrganizationId;
+		const userId = ctx.query.userId || session.user.id;
+		if (!userId) throw new APIError("BAD_REQUEST", { message: BASE_ERROR_CODES.USER_NOT_FOUND });
+		if (ctx.query?.organizationSlug) {
+			const organization = await adapter.findOrganizationBySlug(ctx.query.organizationSlug);
+			if (!organization) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.ORGANIZATION_NOT_FOUND });
+			organizationId = organization.id;
+		}
+		if (!organizationId) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION });
+		const currentUserMember = await adapter.findMemberByOrgId({
+			userId: session.user.id,
+			organizationId
+		});
+		if (!currentUserMember) throw new APIError("FORBIDDEN", { message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION });
+		if (!ctx.query.userId && (ctx.query.organizationSlug || ctx.query.organizationId)) return ctx.json(currentUserMember);
+		const requestedMember = await adapter.findMemberByOrgId({
+			userId,
+			organizationId
+		});
+		if (!requestedMember) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.MEMBER_NOT_FOUND });
+		return ctx.json(requestedMember);
+	});
+};
+const createUpdateInvitationEndpoint = (options) => {
+	const baseInvitationSchema = z.object({
+		invitationId: z.string().meta({ description: "The invitation id to update. Eg: \"invitation-id\"" }),
+		organizationId: z.string().meta({ description: "An optional organization ID which the invitation belongs to. If not provided, you must provide session headers to get the active organization. Eg: \"organization-id\"" }).optional()
+	});
+	const additionalFieldsSchema = toZodSchema({
+		fields: options?.schema?.invitation?.additionalFields || {},
+		isClientSide: true
+	});
+	return createAuthEndpoint("/organization/update-invitation", {
+		method: "POST",
+		body: z.object({
+			...baseInvitationSchema.shape,
+			...additionalFieldsSchema.shape,
+			role: z.union([z.string(), z.array(z.string())]).optional().meta({ description: "The new role to be applied. This can be a string or array of strings representing the roles. Eg: [\"admin\", \"sale\"]" })
+		}),
+		use: [orgMiddleware, orgSessionMiddleware],
+		requireHeaders: true,
+		metadata: {
+			$Infer: { body: {} },
+			openapi: {
+				operationId: "updateOrganizationInvitation",
+				description: "Update a pending invitation in an organization",
+				responses: { "200": {
+					description: "Success",
+					content: { "application/json": { schema: {
+						type: "object",
+						properties: {
+							id: { type: "string" },
+							organizationId: { type: "string" },
+							email: { type: "string" },
+							role: { type: "string" },
+							status: { type: "string" },
+							createdAt: {
+								type: "string",
+								format: "date-time",
+								description: "Timestamp when the team was created"
+							},
+							updatedAt: {
+								type: "string",
+								format: "date-time",
+								description: "Timestamp when the team was last updated"
+							}
+						},
+						required: [
+							"id",
+							"organizationId",
+							"email",
+							"role",
+							"status"
+						]
+					} } }
+				} }
+			}
+		}
+	}, async (ctx) => {
+		const session = ctx.context.session;
+		const organizationPlugin = getOrganizationPlugin(ctx.context);
+		if (!organizationPlugin) throw new Error("organization-member plugin requires the organization plugin");
+		const organizationId = ctx.body.organizationId || session.session.activeOrganizationId;
+		if (!organizationId) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION });
+		const adapter = getOrgAdapter(ctx.context, organizationPlugin.options);
+		const member = await adapter.findMemberByOrgId({
+			userId: session.user.id,
+			organizationId
+		});
+		if (!member) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.MEMBER_NOT_FOUND });
+		if (!clientSideHasPermission({
+			role: member.role,
+			options: organizationPlugin.options,
+			permissions: { invitation: ["create"] },
+			allowCreatorAllPermissions: true
+		})) throw new APIError("FORBIDDEN", { message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_INVITATION });
+		const invitation = await adapter.findInvitationById(ctx.body.invitationId);
+		if (!invitation) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.INVITATION_NOT_FOUND });
+		if (invitation.organizationId !== organizationId) throw new APIError("FORBIDDEN", { message: ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_INVITATION });
+		if (invitation.status !== "pending") throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.ONLY_PENDING_INVITATIONS_CAN_BE_UPDATED });
+		const organization = await adapter.findOrganizationById(organizationId);
+		if (!organization) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.ORGANIZATION_NOT_FOUND });
+		const { invitationId: _, organizationId: __, ...updates } = ctx.body;
+		let finalUpdates = updates;
+		if (options?.organizationMemberHooks?.beforeUpdateInvitation) {
+			const response = await options.organizationMemberHooks.beforeUpdateInvitation({
+				invitation,
+				updates,
+				inviter: session.user,
+				organization
+			});
+			if (response && typeof response === "object" && "data" in response) finalUpdates = response.data;
+		}
+		const updatedInvitation = await ctx.context.adapter.update({
+			model: "invitation",
+			where: [{
+				field: "id",
+				value: ctx.body.invitationId
+			}],
+			update: finalUpdates
+		});
+		if (!updatedInvitation) throw new APIError("BAD_REQUEST", { message: ORGANIZATION_ERROR_CODES.INVITATION_NOT_FOUND });
+		if (options?.organizationMemberHooks?.afterUpdateInvitation) await options.organizationMemberHooks.afterUpdateInvitation({
+			invitation: updatedInvitation,
+			inviter: session.user,
+			organization
+		});
+		return ctx.json(updatedInvitation);
+	});
+};
+const organizationMember = (userConfig) => {
+	({ ...userConfig });
+	return {
+		id: "organization-member",
+		init(ctx) {
+			const organizationPlugin = getOrganizationPlugin(ctx);
+			if (!organizationPlugin) throw new Error("organization-member plugin requires the organization plugin");
+			if (!organizationPlugin.options.organizationHooks) organizationPlugin.options.organizationHooks = {};
+			const existingAfterAcceptInvitation = organizationPlugin.options.organizationHooks?.afterAcceptInvitation;
+			organizationPlugin.options.organizationHooks.afterAcceptInvitation = async (data) => {
+				await existingAfterAcceptInvitation?.(data);
+				try {
+					const { invitation, member } = data;
+					const updateData = {};
+					for (const field of Object.keys(organizationPlugin.options?.schema?.invitation?.additionalFields ?? {})) {
+						const fieldName = organizationPlugin.options?.schema?.invitation?.additionalFields?.[field]?.fieldName || field;
+						updateData[fieldName] = invitation[fieldName];
+					}
+					if (Object.keys(updateData).length > 0) {
+						await ctx.adapter.update({
+							model: "member",
+							where: [{
+								field: "id",
+								value: member.id
+							}],
+							update: updateData
+						});
+						ctx.logger?.info("Member fields updated from invitation:", {
+							memberId: member.id,
+							fields: Object.keys(updateData)
+						});
+					}
+				} catch (error) {
+					ctx.logger?.error("Failed to update member fields from invitation:", error);
+				}
+			};
+		},
+		endpoints: {
+			getMember: createGetMemberEndpoint(),
+			updateMember: createUpdateMemberEndpoint(userConfig),
+			updateInvitation: createUpdateInvitationEndpoint(userConfig)
+		},
+		options: userConfig,
+		$ERROR_CODES: ORGANIZATION_ERROR_CODES
+	};
+};
+
+//#endregion
+export { orgSessionMiddleware as n, organizationMember as r, orgMiddleware as t };
+//# sourceMappingURL=server-Big_p9zG.mjs.map