better-auth 0.0.2-beta.7 → 0.0.2

package/dist/actions.js

@@ -1,1373 +0,0 @@
-// src/crypto/random.ts
-function generateRandomString(size) {
-  const i2hex = (i) => `0${i.toString(16)}`.slice(-2);
-  const r = (a, i) => a + i2hex(i);
-  const bytes = crypto.getRandomValues(new Uint8Array(size));
-  return Array.from(bytes).reduce(r, "");
-}
-
-// src/utils/time.ts
-var timeSpan = (span) => {
-  const [time, unit] = span;
-  const timeInMs = Number.parseInt(time) * 1e3;
-  switch (unit) {
-    case "s":
-      return timeInMs;
-    case "m":
-      return timeInMs * 60;
-    case "hr":
-      return timeInMs * 60 * 60;
-    case "d":
-      return timeInMs * 60 * 60 * 24;
-    case "w":
-      return timeInMs * 60 * 60 * 24 * 7;
-    default:
-      return 0;
-  }
-};
-var getDate = (span) => {
-  const sec = typeof span === "number" ? span : timeSpan(span);
-  const date = /* @__PURE__ */ new Date();
-  return new Date(date.getTime() + sec);
-};
-
-// src/adapters/internal-adapter.ts
-var createInternalAdapter = (db) => {
-  return {
-    createSession: async (userId, context) => {
-      if (context.sessionAdapter) {
-        return context.sessionAdapter.create({
-          userId,
-          expiresAt: new Date(Date.now() + context.session.expiresIn)
-        });
-      }
-      const session2 = await db.create({
-        model: context.session.modelName,
-        data: {
-          id: generateRandomString(32),
-          userId,
-          expiresAt: db.config?.dateFormat === "number" ? Date.now() + context.session.expiresIn : new Date(Date.now() + context.session.expiresIn)
-        },
-        select: context.session.selectFields
-      });
-      return session2;
-    },
-    updateSession: async (session2, context) => {
-      const updateDate = context.session.updateAge === 0 ? 0 : getDate(context.session.updateAge).valueOf();
-      const maxAge = getDate(context.session.expiresIn);
-      const shouldBeUpdated = session2.expiresAt.valueOf() - maxAge.valueOf() + updateDate <= Date.now();
-      if (shouldBeUpdated) {
-        if (context.sessionAdapter) {
-          return context.sessionAdapter.update({
-            id: session2.id,
-            userId: session2.userId,
-            expiresAt: new Date(Date.now() + context.session.expiresIn)
-          });
-        }
-        const updatedSession = await db.update({
-          model: context.session.modelName,
-          where: [
-            {
-              field: "id",
-              value: session2.id
-            }
-          ],
-          update: {
-            expiresAt: db.config?.dateFormat === "number" ? Date.now() + context.session.expiresIn : new Date(Date.now() + context.session.expiresIn)
-          }
-        });
-        return updatedSession;
-      }
-      return session2;
-    },
-    deleteSession: async (id, context) => {
-      const session2 = await db.delete({
-        model: context.session.modelName,
-        where: [
-          {
-            field: "id",
-            value: id
-          }
-        ]
-      });
-      return session2;
-    },
-    createUser: async (data, context) => {
-      const user = await db.create({
-        model: context.user.modelName,
-        data: {
-          id: generateRandomString(32),
-          ...data.user
-        },
-        select: context.user.selectFields
-      });
-      const account = await db.create({
-        model: context.account.modelName,
-        data: {
-          ...data.account,
-          userId: user.id,
-          providerId: data.account.providerId.toString(),
-          accountId: data.account.accountId.toString()
-        }
-      });
-      return { user, account };
-    },
-    updateUserByEmail: async (email, data, context) => {
-      const user = await db.update({
-        model: context.user.modelName,
-        where: [
-          {
-            field: "email",
-            value: email
-          }
-        ],
-        update: data
-      });
-      return user;
-    },
-    findUserByEmail: async (email, context) => {
-      const user = await db.findOne({
-        model: context.user.modelName,
-        where: [
-          {
-            field: "email",
-            value: email
-          }
-        ],
-        select: context.user.selectFields
-      });
-      return user;
-    },
-    findSession: async (id, context) => {
-      if (context.sessionAdapter) {
-        return context.sessionAdapter.findOne({
-          userId: id
-        });
-      }
-      const session2 = await db.findOne({
-        model: context.session.modelName,
-        where: [
-          {
-            field: "id",
-            value: id
-          }
-        ],
-        select: context.session.selectFields
-      });
-      return session2;
-    },
-    findUserById: async (id, context) => {
-      const user = await db.findOne({
-        model: context.user.modelName,
-        where: [
-          {
-            field: "id",
-            value: id
-          }
-        ],
-        select: context.user.selectFields
-      });
-      return user;
-    },
-    findAccount: async (input, context) => {
-      const account = await db.findOne({
-        model: context.account.modelName,
-        where: [
-          {
-            field: "providerId",
-            value: input.providerId.toString()
-          },
-          {
-            field: "accountId",
-            value: input.accountId.toString()
-          }
-        ],
-        select: context.account.selectFields
-      });
-      return account;
-    },
-    linkAccount: async (input, context) => {
-      const { userId, providerId, accountId } = input;
-      const account = await db.create({
-        model: context.account.modelName,
-        data: {
-          userId,
-          providerId: providerId.toString(),
-          accountId: accountId.toString()
-        }
-      });
-      return account;
-    }
-  };
-};
-
-// src/adapters/utils.ts
-import { z } from "zod";
-function toInternalFields(fields) {
-  const internalFields = {};
-  for (const field in fields) {
-    const { type, required, returned, hashValue, transform } = fields[field];
-    internalFields[field] = {
-      required: required ?? false,
-      returned: returned ?? true,
-      hashValue: hashValue ?? false,
-      validator: z[type]().transform(transform || ((x) => x))
-    };
-  }
-  return internalFields;
-}
-function getSelectFields(fields, table) {
-  const select = Object.keys(fields).filter((column) => {
-    return fields[column]?.returned !== false;
-  });
-  const defaultSelect = {
-    session: ["id", "userId", "expiresAt"],
-    user: ["id", "email", "emailVerified"],
-    account: ["providerId", "accountId", "userId"]
-  };
-  return [...defaultSelect[table], ...select];
-}
-var parseUser = (data, context) => {
-  const user = Object.keys(data).map((key) => {
-    const parsed = context.user.fields[key]?.validator.safeParse(data?.[key]);
-    return { key, value: parsed?.success ? parsed.data : data?.[key] };
-  }).reduce(
-    (acc, { key, value }) => {
-      acc[key] = value;
-      return acc;
-    },
-    {}
-  );
-  return user;
-};
-
-// src/cookies/index.ts
-function serialize(name, value, attributes) {
-  const keyValueEntries = [];
-  keyValueEntries.push([encodeURIComponent(name), encodeURIComponent(value)]);
-  if (attributes?.domain !== void 0) {
-    keyValueEntries.push(["Domain", attributes.domain]);
-  }
-  if (attributes?.expires !== void 0) {
-    keyValueEntries.push(["Expires", attributes.expires.toUTCString()]);
-  }
-  if (attributes?.httpOnly) {
-    keyValueEntries.push(["HttpOnly"]);
-  }
-  if (attributes?.maxAge !== void 0) {
-    keyValueEntries.push(["Max-Age", attributes.maxAge.toString()]);
-  }
-  if (attributes?.path !== void 0) {
-    keyValueEntries.push(["Path", attributes.path]);
-  }
-  if (attributes?.sameSite === "lax") {
-    keyValueEntries.push(["SameSite", "Lax"]);
-  }
-  if (attributes?.sameSite === "none") {
-    keyValueEntries.push(["SameSite", "None"]);
-  }
-  if (attributes?.sameSite === "strict") {
-    keyValueEntries.push(["SameSite", "Strict"]);
-  }
-  if (attributes?.secure) {
-    keyValueEntries.push(["Secure"]);
-  }
-  return keyValueEntries.map((pair) => pair.join("=")).join("; ");
-}
-function parse(header) {
-  const cookies = /* @__PURE__ */ new Map();
-  const items = header.split("; ");
-  for (const item of items) {
-    const pair = item.split("=");
-    const rawKey = pair[0];
-    const rawValue = pair[1] ?? "";
-    if (!rawKey)
-      continue;
-    cookies.set(decodeURIComponent(rawKey), decodeURIComponent(rawValue));
-  }
-  return cookies;
-}
-var cookieManager = (header) => {
-  return {
-    set(name, value, options = {}) {
-      const cookieStr = serialize(name, value, options);
-      header.append("set-cookie", cookieStr);
-    },
-    get(name) {
-      const cookie = header.get("cookie");
-      if (!cookie)
-        return null;
-      const cookies = parse(cookie);
-      const value = cookies.get(name);
-      return value;
-    }
-  };
-};
-function setSessionCookie(context, sessionId) {
-  context.request.cookies.set(
-    context.cookies.sessionToken.name,
-    sessionId,
-    context.cookies.sessionToken.options
-  );
-}
-function deleteSessionCooke(context) {
-  context.request.cookies.set(context.cookies.sessionToken.name, "", {
-    ...context.cookies.sessionToken.options,
-    maxAge: 0
-  });
-}
-
-// src/cookies/cookies.ts
-function getCookies(options) {
-  const secure = !!options.advanced?.useSecureCookies;
-  const secureCookiePrefix = secure ? "__Secure-" : "";
-  const cookiePrefix = "better-auth";
-  return {
-    sessionToken: {
-      name: `${secureCookiePrefix}${cookiePrefix}.session_token`,
-      options: {
-        httpOnly: true,
-        sameSite: "lax",
-        path: "/",
-        secure,
-        maxAge: options.session?.expiresIn || timeSpan("7d"),
-        ...options.advanced?.sessionCookie
-      }
-    },
-    csrfToken: {
-      name: `${secureCookiePrefix}${cookiePrefix}.csrf_token`,
-      options: {
-        httpOnly: true,
-        sameSite: "lax",
-        path: "/",
-        secure
-      }
-    },
-    state: {
-      name: `${secureCookiePrefix}${cookiePrefix}.state`,
-      options: {
-        httpOnly: true,
-        sameSite: "lax",
-        path: "/",
-        secure,
-        maxAge: 60 * 15
-        // 15 minutes in seconds
-      }
-    },
-    pkCodeVerifier: {
-      name: `${secureCookiePrefix}${cookiePrefix}.pk_code_verifier`,
-      options: {
-        httpOnly: true,
-        sameSite: "lax",
-        path: "/",
-        secure,
-        maxAge: 60 * 15
-        // 15 minutes in seconds
-      }
-    },
-    nonce: {
-      name: `${secureCookiePrefix}${cookiePrefix}.nonce`,
-      options: {
-        httpOnly: true,
-        sameSite: "lax",
-        path: "/",
-        secure,
-        maxAge: 60 * 15
-        // 15 minutes in seconds
-      }
-    }
-  };
-}
-
-// src/crypto/hmac.ts
-async function hmac(secretKey, message) {
-  const enc = new TextEncoder();
-  const algorithm = { name: "HMAC", hash: "SHA-256" };
-  const key = await crypto.subtle.importKey(
-    "raw",
-    enc.encode(secretKey),
-    algorithm,
-    false,
-    ["sign", "verify"]
-  );
-  const signature = await crypto.subtle.sign(
-    algorithm.name,
-    key,
-    enc.encode(message)
-  );
-  return btoa(String.fromCharCode(...new Uint8Array(signature)));
-}
-
-// src/plugins/csrf-check.ts
-var csrfHandler = async (context) => {
-  const csrfToken = context.request.cookies.get(context.cookies.csrfToken.name);
-  if (csrfToken) {
-    return {
-      status: 200,
-      body: {
-        csrfToken
-      }
-    };
-  }
-  const token = generateRandomString(32);
-  const hash = await hmac(context.secret, token);
-  const cookie = `${token}!${hash}`;
-  context.request.cookies.set(
-    context.cookies.csrfToken.name,
-    cookie,
-    context.cookies.csrfToken.options
-  );
-  return {
-    status: 200,
-    body: {
-      csrfToken: cookie
-    }
-  };
-};
-var CSRFCheckPlugin = () => {
-  return {
-    id: "csrf",
-    name: "CSRF Check",
-    version: "1.0.0",
-    hooks: {
-      matcher: (context) => !context.disableCSRF,
-      before: async (context) => {
-        const csrfToken = context.request.body.csrfToken;
-        const csrfCookie = context.request.cookies.get(
-          context.cookies.csrfToken.name
-        );
-        const [token, hash] = csrfCookie?.split("!") || [null, null];
-        if (!csrfToken || !csrfCookie || !token || !hash || csrfCookie !== csrfToken) {
-          context.request.cookies.set(context.cookies.csrfToken.name, "", {
-            ...context.cookies.csrfToken.options,
-            maxAge: 0
-          });
-          return {
-            response: {
-              status: 403,
-              statusText: "Invalid CSRF Token"
-            }
-          };
-        }
-        const expectedHash = await hmac(context.secret, token);
-        if (hash !== expectedHash) {
-          context.request.cookies.set(context.cookies.csrfToken.name, "", {
-            ...context.cookies.csrfToken.options,
-            maxAge: 0
-          });
-          return {
-            response: {
-              status: 403,
-              statusText: "Invalid CSRF Token"
-            }
-          };
-        }
-        return null;
-      }
-    },
-    handler: csrfHandler
-  };
-};
-
-// src/plugins/utils.ts
-var getPlugins = (options) => {
-  const plugins = {
-    post: [],
-    pre: [],
-    unordered: []
-  };
-  for (const plugin of options.plugins || []) {
-    plugins[plugin.order || "unordered"].push(plugin);
-  }
-  const internalPlugins = [CSRFCheckPlugin()];
-  return [
-    ...plugins.pre,
-    ...plugins.unordered,
-    ...internalPlugins,
-    ...plugins.post
-  ];
-};
-var usePlugins = (context, ignorePlugins) => {
-  const plugins = context.plugins.filter(
-    (pl) => pl.hooks && !ignorePlugins?.includes(pl.id)
-  );
-  const hooks = plugins.map((plugin) => {
-    return plugin.hooks;
-  });
-  const before = [];
-  const after = [];
-  for (const hook of hooks) {
-    if (hook.matcher(context)) {
-      hook.before && before.push(hook.before);
-      hook.after && after.push(hook.after);
-    }
-  }
-  return {
-    before: async (context2) => {
-      let ctx = context2;
-      let response;
-      for (const hook of before) {
-        const res = await hook(ctx);
-        if (res?.context) {
-          ctx = res.context;
-        }
-        if (res?.response) {
-          response = res.response;
-          break;
-        }
-      }
-      return {
-        context: ctx,
-        response
-      };
-    },
-    after: async (context2, fnResponse) => {
-      let ctx = context2;
-      let response;
-      for (const hook of after) {
-        const res = await hook(ctx, fnResponse);
-        if (res?.context) {
-          ctx = res.context;
-        }
-        if (res?.response) {
-          response = res.response;
-          break;
-        }
-      }
-      return {
-        context: ctx,
-        response
-      };
-    }
-  };
-};
-var withPlugins = (fn, ignorePlugins) => {
-  return async (ctx) => {
-    const { before, after } = usePlugins(ctx, ignorePlugins);
-    const { context, response } = await before(ctx);
-    if (response) {
-      return response;
-    }
-    const res = await fn(context);
-    const { response: afterResponse } = await after(context, res);
-    if (afterResponse) {
-      return afterResponse;
-    }
-    return res;
-  };
-};
-
-// ../shared/src/error.ts
-var BetterAuthError = class extends Error {
-  constructor(message) {
-    super(`${message}`);
-    this.name = this.constructor.name;
-    Object.setPrototypeOf(this, new.target.prototype);
-    Error.captureStackTrace(this, this.constructor);
-  }
-};
-var MissingSecret = class extends BetterAuthError {
-  constructor() {
-    super("Missing Secret: A secret is required in a production environment.");
-  }
-};
-var InvalidURL = class extends BetterAuthError {
-  constructor(message) {
-    super(
-      message || "Please make sure your config includes valid base URL and base PATH."
-    );
-  }
-};
-var InvalidRequest = class extends BetterAuthError {
-  constructor() {
-    super("Post requests must include a valid JSON parsable body.");
-  }
-};
-var ProviderMissing = class extends BetterAuthError {
-  constructor(id) {
-    super(`Provider ${id} is missing on your configuration.`);
-  }
-};
-var ProviderError = class extends BetterAuthError {
-};
-
-// src/routes/callback.ts
-import { z as z2 } from "zod";
-
-// src/oauth2/signin.ts
-import { base64url } from "jose";
-
-// src/crypto/sha.ts
-async function sha256(data) {
-  return await crypto.subtle.digest("SHA-256", data);
-}
-
-// src/oauth2/utils.ts
-async function discoveryRequest(context, provider) {
-  const issuerIdentifier = new URL(provider.issuer);
-  if (!(issuerIdentifier instanceof URL)) {
-    throw new TypeError('"issuerIdentifier" must be an instance of URL');
-  }
-  if (issuerIdentifier.protocol !== "https:" && issuerIdentifier.protocol !== "http:") {
-    throw new TypeError('"issuer.protocol" must be "https:" or "http:"');
-  }
-  const url = new URL(issuerIdentifier.href);
-  switch (provider.type) {
-    case void 0:
-    case "oidc":
-      url.pathname = `${url.pathname}/.well-known/openid-configuration`.replace(
-        "//",
-        "/"
-      );
-      break;
-    case "oauth":
-      if (url.pathname === "/") {
-        url.pathname = ".well-known/oauth-authorization-server";
-      } else {
-        url.pathname = `.well-known/oauth-authorization-server/${url.pathname}`.replace(
-          "//",
-          "/"
-        );
-      }
-      break;
-    default:
-      throw new TypeError(`"provider.type" must be "oidc" or "oauth"`);
-  }
-  const headers = new Headers(context.request.headers);
-  headers.set("accept", "application/json");
-  return fetch(url.href, {
-    headers: Object.fromEntries(headers.entries()),
-    method: "GET",
-    redirect: "manual"
-  }).then((res) => {
-    if (!res.ok) {
-      throw new Error(`HTTP error! status: ${res.status}`);
-    }
-    return res.json();
-  });
-}
-
-// src/oauth2/signin.ts
-async function signInOAuth(context, provider, {
-  onlySignUp,
-  autoCreateSession
-} = {
-  autoCreateSession: true,
-  onlySignUp: false
-}) {
-  if (!provider.params.clientId) {
-    throw new ProviderError("clientId is required");
-  }
-  const scopes = Array.from(new Set(provider?.scopes ?? []));
-  const { currentURL, callbackURL, data } = context.request.body;
-  const state = generateState(
-    currentURL,
-    callbackURL,
-    data,
-    autoCreateSession,
-    onlySignUp
-  );
-  let url = provider.params.authorizationEndpoint;
-  if (!url) {
-    const discovery = await discoveryRequest(context, provider);
-    if (!discovery.authorization_endpoint)
-      throw new ProviderError("Missing authorization endpoint");
-    url = discovery.authorization_endpoint;
-  }
-  const authorizationUrl = new URL(url);
-  authorizationUrl.searchParams.set("response_type", "code");
-  authorizationUrl.searchParams.set("client_id", provider.params.clientId);
-  authorizationUrl.searchParams.set("state", state);
-  authorizationUrl.searchParams.set("scope", scopes.join(" "));
-  authorizationUrl.searchParams.set(
-    "redirect_uri",
-    provider.params.redirectURL || `${context.request.url.toString()}/callback/${context.request.body.provider}`
-  );
-  if (provider.type === "oidc") {
-    if (provider.nonce) {
-      const nonce = generateRandomString(24);
-      authorizationUrl.searchParams.set("nonce", nonce);
-      context.request.cookies.set(
-        context.cookies.nonce.name,
-        nonce,
-        context.cookies.nonce.options
-      );
-    }
-  }
-  provider.params.responseMode && authorizationUrl.searchParams.set(
-    "response_mode",
-    provider.params.responseMode
-  );
-  if (provider.params.extra) {
-    const extra = Object.entries(provider.params.extra);
-    for (const [key, value] of extra) {
-      authorizationUrl.searchParams.set(key, value);
-    }
-  }
-  const codeVerifier = provider.pkCodeVerifier ? generateCodeVerifier() : void 0;
-  if (provider.pkCodeVerifier && codeVerifier) {
-    const codeChallengeMethod = provider?.codeChallengeMethod ?? "S256";
-    if (codeChallengeMethod === "S256") {
-      const codeChallengeBuffer = await sha256(
-        new TextEncoder().encode(codeVerifier)
-      );
-      const codeChallenge = base64url.encode(
-        new Uint8Array(codeChallengeBuffer)
-      );
-      authorizationUrl.searchParams.set("code_challenge", codeChallenge);
-      authorizationUrl.searchParams.set("code_challenge_method", "S256");
-    } else {
-      authorizationUrl.searchParams.set("code_challenge", codeVerifier);
-      authorizationUrl.searchParams.set("code_challenge_method", "plain");
-    }
-  }
-  context.request.cookies.set(
-    context.cookies.state.name,
-    state,
-    context.cookies.state.options
-  );
-  if (codeVerifier) {
-    context.request.cookies.set(
-      context.cookies.pkCodeVerifier.name,
-      codeVerifier,
-      context.cookies.pkCodeVerifier.options
-    );
-  }
-  return authorizationUrl.toString();
-}
-function generateCodeVerifier() {
-  const randomValues = new Uint8Array(32);
-  crypto.getRandomValues(randomValues);
-  return base64url.encode(randomValues);
-}
-function generateState(currentURL, callbackURL, signUp2, autoCreateSession, onlySignUp) {
-  let state = generateRandomString(24);
-  state += `!${currentURL}`;
-  state += `!${callbackURL || currentURL}`;
-  state += `!${JSON.stringify({
-    data: signUp2,
-    autoCreateSession,
-    onlySignUp
-  })}`;
-  return state;
-}
-function getState(state) {
-  const [hash, currentURL, callbackURL, signUpString] = state.split("!");
-  if (!hash || !currentURL || !callbackURL) {
-    throw new ProviderError("Invalid state");
-  }
-  const signUp2 = signUpString ? JSON.parse(signUpString) : void 0;
-  return {
-    hash,
-    currentURL,
-    callbackURL,
-    signUp: {
-      data: signUp2?.data,
-      autoCreateSession: signUp2?.autoCreateSession,
-      onlySignUp: signUp2?.onlySignUp
-    }
-  };
-}
-
-// src/oauth2/tokens.ts
-import { base64url as base64url2 } from "jose";
-async function getTokens(context, provider) {
-  const redirectURL = provider.params.redirectURL || `${context.baseURL}${context.basePath}/callback/${provider.id}`;
-  const headers = new Headers();
-  headers.set("Content-Type", "application/x-www-form-urlencoded");
-  headers.set("Accept", "application/json");
-  headers.set("User-Agent", "better-auth");
-  const encodedCredentials = base64url2.encode(
-    `${provider.params.clientId}:${provider.params.clientSecret}`
-  );
-  headers.set("Authorization", `Basic ${encodedCredentials}`);
-  const body = new URLSearchParams();
-  body.set("grant_type", "authorization_code");
-  body.set("code", context.request.query.code);
-  body.set("redirect_uri", redirectURL);
-  if (provider.pkCodeVerifier) {
-    const codeVerifier = context.request.cookies.get(
-      context.cookies.pkCodeVerifier.name
-    );
-    codeVerifier && body.set("code_verifier", codeVerifier);
-  }
-  body.set("client_id", provider.params.clientId);
-  body.set("client_secret", provider.params.clientSecret);
-  let url = provider.params.tokenEndpoint;
-  if (!url) {
-    const discovery = await discoveryRequest(context, provider);
-    if (!discovery.token_endpoint) {
-      throw new Error("Missing token endpoint");
-    }
-    url = discovery.token_endpoint;
-  }
-  const response = await fetch(url, {
-    method: "POST",
-    body,
-    headers
-  });
-  const data = await response.json();
-  return data;
-}
-
-// src/providers/utils.ts
-var getProvider = (context, providerId) => {
-  const providers = context.providers;
-  const provider = providers.find((provider2) => provider2.id === providerId);
-  return provider;
-};
-
-// src/routes/callback.ts
-var callbackQuerySchema = z2.object({
-  code: z2.string(),
-  state: z2.string(),
-  provider: z2.string()
-});
-var callback = async (context) => {
-  const parsedQuery = callbackQuerySchema.safeParse(context.request.query);
-  if (!parsedQuery.success) {
-    const error = context.request.url.searchParams.get("error");
-    const errorDesc = context.request.url.searchParams.get("error_description");
-    const state = context.request.url.searchParams.get("state");
-    if (!state) {
-      throw new ProviderError(
-        `state is not returned from ${context.request.url.searchParams.get(
-          "provider"
-        )}`
-      );
-    }
-    const { currentURL } = getState(state);
-    return {
-      status: 302,
-      headers: {
-        Location: `${currentURL}?error=${error}&error_description=${errorDesc}`
-      }
-    };
-  }
-  const provider = getProvider(context, parsedQuery.data.provider);
-  if (provider?.type === "oauth" || provider?.type === "oidc") {
-    const storedState = context.request.cookies.get(context.cookies.state.name);
-    const state = parsedQuery.data.state;
-    const { currentURL } = getState(state);
-    if (storedState !== state) {
-      return {
-        status: 302,
-        headers: {
-          Location: `${currentURL}?error=invalid_state`
-        }
-      };
-    }
-    const tokens = await getTokens(context, provider);
-    if (tokens.error) {
-      return {
-        status: 302,
-        headers: {
-          Location: `${currentURL}?error=${tokens.error}`
-        }
-      };
-    }
-    if (provider.type === "oauth" || provider.type === "oidc") {
-      const profile = await provider.getUserInfo(tokens);
-      const {
-        callbackURL,
-        currentURL: currentURL2,
-        signUp: { data, autoCreateSession, onlySignUp }
-      } = getState(state);
-      let userAccount = await context.adapter.findAccount(
-        {
-          providerId: provider.id,
-          accountId: profile.id
-        },
-        context
-      );
-      if (provider.type === "oidc") {
-        if (profile.nonce) {
-          const nonce = context.request.cookies.get(context.cookies.nonce.name);
-          if (profile.nonce !== nonce) {
-            return {
-              status: 302,
-              headers: {
-                Location: `${currentURL2}?error=invalid_nonce`
-              }
-            };
-          }
-        }
-      }
-      if (onlySignUp && userAccount) {
-        return {
-          status: 302,
-          headers: {
-            Location: `${currentURL2}?error=user_already_exist`
-          }
-        };
-      }
-      let userData = null;
-      if (!userAccount) {
-        if (provider.params.linkAccounts) {
-          const shouldLink = provider.params.linkAccounts.enabler ? await provider.params.linkAccounts.enabler(profile) : true;
-          if (shouldLink) {
-            const { field, key } = provider.params.linkAccounts;
-            const user = await context._db.findOne({
-              model: context.user.modelName,
-              where: [
-                {
-                  field,
-                  value: profile[key]
-                }
-              ]
-            });
-            if (user) {
-              userAccount = await context.adapter.linkAccount(
-                {
-                  userId: user.id,
-                  providerId: provider.id,
-                  accountId: profile.id
-                },
-                context
-              );
-              userData = user;
-            }
-          }
-        }
-        if (!userData && !data) {
-          return {
-            status: 302,
-            headers: {
-              Location: `${callbackURL}?error=user_not_found`
-            }
-          };
-        }
-        if (!userData) {
-          let signUpData = {};
-          for (const key in data) {
-            if (typeof data[key] === "string") {
-              const constructedKey = data[key].split(".");
-              let value = profile;
-              for (const k of constructedKey) {
-                value = value[k];
-              }
-              signUpData[key] = value;
-            } else if ("value" in data[key]) {
-              signUpData[key] = data[key].value;
-            }
-          }
-          signUpData = parseUser(signUpData, context);
-          const accountData = {
-            providerId: provider.id,
-            accountId: profile.id
-          };
-          for (const key in context.account.additionalFields) {
-            accountData[key] = tokens[context.account.additionalFields[key]];
-          }
-          try {
-            const { user, account } = await context.adapter.createUser(
-              {
-                user: signUpData,
-                account: accountData
-              },
-              context
-            );
-            userAccount = account;
-            userData = user;
-          } catch (e) {
-            return {
-              status: 302,
-              headers: {
-                Location: `${currentURL2}?error=user_already_exist`
-              }
-            };
-          }
-        }
-      }
-      if (!userData) {
-        userData = await context.adapter.findUserById(
-          userAccount?.userId,
-          context
-        );
-      }
-      if (autoCreateSession) {
-        const session2 = await context.adapter.createSession(
-          userData?.id,
-          context
-        );
-        setSessionCookie(context, session2.id);
-      }
-      return {
-        status: 302,
-        headers: {
-          Location: callbackURL
-        }
-      };
-    }
-    return {
-      status: 200
-    };
-  }
-  throw new ProviderError("Invalid provider type");
-};
-var callbackHandler = withPlugins(callback, ["csrf"]);
-
-// src/routes/session.ts
-var session = async (context) => {
-  const session2 = await getServerSession(context);
-  if (!session2) {
-    return {
-      status: 401,
-      statusText: "Unauthorize"
-    };
-  }
-  return {
-    status: 200,
-    body: session2
-  };
-};
-var getServerSession = async (context) => {
-  const sessionFromCookie = context.request.cookies.get(
-    context.cookies.sessionToken.name
-  );
-  if (!sessionFromCookie) {
-    return null;
-  }
-  const session2 = await context.adapter.findSession(sessionFromCookie, context);
-  if (!session2 || session2.expiresAt < /* @__PURE__ */ new Date()) {
-    session2 && await context.adapter.deleteSession(session2.id, context);
-    deleteSessionCooke(context);
-    return null;
-  }
-  const user = await context.adapter.findUserById(session2.userId, context);
-  if (!user) {
-    return null;
-  }
-  const updatedSession = await context.adapter.updateSession(session2, context);
-  context.request.cookies.set(context.cookies.sessionToken.name, session2.id, {
-    ...context.cookies.sessionToken.options,
-    maxAge: updatedSession.expiresAt.valueOf() - Date.now()
-  });
-  sessionFromCookie;
-  return {
-    user,
-    expiresAt: session2.expiresAt
-  };
-};
-var sessionHandler = withPlugins(session);
-
-// src/routes/signin.ts
-import { z as z3 } from "zod";
-var bodySchema = z3.object({
-  provider: z3.string(),
-  data: z3.record(z3.string(), z3.any()).optional(),
-  callbackURL: z3.string().optional(),
-  currentURL: z3.string()
-});
-var signIn = async (context) => {
-  const data = bodySchema.parse(context.request.body);
-  const provider = getProvider(context, data.provider);
-  if (!provider) {
-    throw new ProviderMissing(data.provider);
-  }
-  if (provider.type === "oauth" || provider.type === "oidc") {
-    const url = await signInOAuth(context, provider);
-    return {
-      status: 200,
-      body: {
-        url,
-        redirect: true
-      }
-    };
-  }
-  if (provider.type === "custom") {
-    if (!provider.signIn) {
-      throw new ProviderError("Sign in method not implemented");
-    }
-    const response = await provider.signIn(context);
-    return response;
-  }
-  throw new ProviderError("Invalid provider type");
-};
-var signInHandler = withPlugins(signIn);
-
-// src/routes/signout.ts
-var signOut = async (context) => {
-  const session2 = context.request.cookies.get(
-    context.cookies.sessionToken.name
-  );
-  deleteSessionCooke(context);
-  if (session2) {
-    try {
-      await context.adapter.deleteSession(session2, context);
-    } catch (e) {
-    }
-  }
-  return {
-    status: 200
-  };
-};
-var signOutHandler = withPlugins(signOut);
-
-// src/routes/signup.ts
-import { z as z4 } from "zod";
-var signUpSchema = z4.object({
-  data: z4.record(z4.string(), z4.any()).optional(),
-  provider: z4.string(),
-  currentURL: z4.string(),
-  callbackURL: z4.string().optional(),
-  autoCreateSession: z4.boolean().optional()
-});
-var signUp = async (context) => {
-  const data = signUpSchema.parse(context.request.body);
-  const provider = getProvider(context, data.provider);
-  if (!provider) {
-    throw new ProviderMissing(data.provider);
-  }
-  if (provider?.type === "oauth" || provider?.type === "oidc") {
-    context.request.body.signUp = context.request.body.data;
-    const url = await signInOAuth(context, provider, {
-      autoCreateSession: data.autoCreateSession ?? true,
-      onlySignUp: true
-    });
-    return {
-      status: 200,
-      body: {
-        url,
-        redirect: true
-      }
-    };
-  }
-  if (!provider.signUp) {
-    throw new ProviderError("Sign up method not implemented");
-  }
-  return await provider.signUp(context);
-};
-var signUpHandler = withPlugins(signUp);
-
-// src/utils/request.ts
-import { IncomingMessage } from "http";
-import { z as z5 } from "zod";
-async function getBody(request) {
-  try {
-    if (request instanceof Request)
-      return await request.json();
-    return new Promise((resolve) => {
-      const bodyParts = [];
-      let body;
-      request.on("data", (chunk) => {
-        bodyParts.push(chunk);
-      }).on("end", () => {
-        body = Buffer.concat(bodyParts).toString();
-        resolve(JSON.parse(body));
-      });
-    });
-  } catch {
-    throw new InvalidRequest();
-  }
-}
-var toRequestHeader = (incomingHeaders) => {
-  if (incomingHeaders instanceof Headers)
-    return incomingHeaders;
-  const headers = new Headers();
-  for (const [key, value] of Object.entries(incomingHeaders)) {
-    if (Array.isArray(value)) {
-      for (const val of value) {
-        headers.append(key, val);
-      }
-    } else if (value) {
-      headers.append(key, value);
-    }
-  }
-  return headers;
-};
-function parseUrl(request, options) {
-  let requestStringURL = request instanceof IncomingMessage ? `${request.headers.host}${request.url}` : request.url;
-  if (!requestStringURL.startsWith("http")) {
-    if (requestStringURL.startsWith("localhost")) {
-      requestStringURL = `http://${requestStringURL}`;
-    } else {
-      requestStringURL = `https://${requestStringURL}`;
-    }
-  }
-  const requestURL = new URL(requestStringURL);
-  const baseURL = requestURL.origin;
-  const basePath = options.basePath || "/api/auth";
-  let urlString = `${baseURL}${basePath}`;
-  if (!urlString.startsWith("http")) {
-    urlString = `https://${urlString}`;
-  }
-  const isValidURL = z5.string().url().safeParse(urlString);
-  let action = requestURL.pathname.split(basePath)[1] || "";
-  action = action.replace("/", "");
-  if (isValidURL.error) {
-    throw new InvalidURL();
-  }
-  if (action.startsWith("callback")) {
-    const provider = action.split("/")[1];
-    if (!provider)
-      throw new InvalidURL("Provider is missing in the URL.");
-    action = "callback";
-    requestURL.searchParams.set("provider", provider);
-  }
-  const url = new URL(urlString);
-  requestURL.searchParams.forEach((value, key) => {
-    url.searchParams.set(key, value);
-  });
-  return {
-    url,
-    action
-  };
-}
-
-// src/utils/secret.ts
-var DEFAULT_SECRET = "better-auth-secret-key-123456789";
-var getSecret = (secret) => {
-  secret = secret || process.env.BETTER_AUTH_SECRET || process.env.AUTH_SECRET;
-  if (process.env.NODE_ENV === "production" && !secret) {
-    throw new MissingSecret();
-  }
-  return secret || DEFAULT_SECRET;
-};
-
-// src/auth.ts
-var toContext = async (options, request, handlerOptions) => {
-  const basePath = options.basePath || "/api/auth";
-  const headers = toRequestHeader(request.headers);
-  const { url, action } = parseUrl(request, options);
-  const body = request.method?.toUpperCase() === "POST" ? await getBody(request) : null;
-  return {
-    baseURL: url.origin,
-    basePath,
-    request: {
-      method: request.method,
-      url,
-      query: Object.fromEntries(url.searchParams),
-      action,
-      body,
-      headers,
-      cookies: handlerOptions?.cookieManager || cookieManager(headers)
-    },
-    _db: options.adapter,
-    providers: options.providers,
-    secret: getSecret(options.secret),
-    adapter: createInternalAdapter(options.adapter),
-    plugins: getPlugins(options),
-    cookies: getCookies(options),
-    disableCSRF: options.advanced?.skipCSRFCheck || false,
-    session: {
-      modelName: options.session?.modelName || "session",
-      updateAge: options.session?.updateAge === void 0 ? timeSpan("1d") : options.session.updateAge,
-      expiresIn: options.session?.expiresIn || timeSpan("1w"),
-      additionalFields: options.session?.additionalFields ? toInternalFields(options.session.additionalFields) : {},
-      selectFields: getSelectFields(
-        options.session?.additionalFields || {},
-        "session"
-      )
-    },
-    user: {
-      modelName: options.user?.modelName || "user",
-      fields: options.user?.fields ? toInternalFields(options.user.fields) : {},
-      selectFields: getSelectFields(options.user?.fields || {}, "user")
-    },
-    account: {
-      modelName: options.account?.modelName || "account",
-      additionalFields: options.account?.additionalFields || {},
-      selectFields: [
-        ...Object.keys(options.account?.additionalFields || {}),
-        "userId",
-        "providerId",
-        "accountId"
-      ]
-    },
-    sessionAdapter: options.sessionAdapter
-  };
-};
-var toResponse = (res, context, handlerOptions) => {
-  if (handlerOptions?.toResponse) {
-    return handlerOptions.toResponse(res, context);
-  }
-  context.request.headers.set("content-type", "application/json");
-  const response = new Response(res.body ? JSON.stringify(res.body) : null, {
-    headers: {
-      ...context.request.headers,
-      "Set-Cookie": context.request.headers.get("Set-Cookie") ?? "",
-      ...res.headers
-    },
-    status: res.status,
-    statusText: res.statusText
-  });
-  return response;
-};
-
-// src/actions/index.ts
-function getActions(options, handlerOptions) {
-  const actions = {
-    /**
-     * Sign in with a provider. This action will return response object. If
-     * it's oauth, it will redirect to the provider. If it's custom, it
-     * will return the response object and it'll set the cookies.
-     *
-     * ► In most cases you should just be using
-     * client sdk  for sign in instead unless you
-     * have a good reason to use this.
-     */
-    signIn: async (request, input) => {
-      const url = request instanceof Headers ? request.get("referer") : request.url;
-      const req = new Request(url, {
-        body: JSON.stringify(input),
-        method: "POST"
-      });
-      const context = await toContext(options, req);
-      context.disableCSRF = true;
-      context.request.body = {
-        currentURL: url,
-        provider: input.provider
-      };
-      const response = await signInHandler(context);
-      if (response.body.redirect) {
-        return toResponse(
-          {
-            status: 302,
-            headers: {
-              Location: response.body.url
-            }
-          },
-          context
-        );
-      }
-      return toResponse(response, context, handlerOptions);
-    },
-    /**
-     * Get the current logged in user session.
-     */
-    getSession: async (request) => {
-      const url = request instanceof Headers ? request.get("referer") || request.get("x-forwarded-host") || "http://localhost" : request.url;
-      const req = request instanceof Request ? request : new Request(url, {
-        method: "POST",
-        body: JSON.stringify({}),
-        headers: request
-      });
-      const context = await toContext(options, req);
-      context.disableCSRF = true;
-      const response = await getServerSession(context);
-      return response;
-    },
-    /**
-     * Signout the current user.
-     * Delete the session and clear the cookies.
-     */
-    signOut: async (request) => {
-      const url = request instanceof Headers ? request.get("referer") : request.url;
-      const req = request instanceof Request ? request : new Request(url, {
-        method: "POST",
-        body: JSON.stringify({}),
-        headers: request
-      });
-      const context = await toContext(options, req);
-      context.disableCSRF = true;
-      const response = await signOutHandler(context);
-      return toResponse(response, context, handlerOptions);
-    }
-  };
-  return actions;
-}
-export {
-  getActions
-};
-//# sourceMappingURL=actions.js.map