better-auth 0.0.2-beta.7 → 0.0.2

package/dist/providers.d.ts

@@ -1,3 +0,0 @@
-export { d as CustomProvider, K as DiscordProfile, u as FacebookOptions, F as FacebookProfile, r as GitHubOptions, x as GitLabProfile, p as GoogleProfile, O as OAuthProvider, n as OIDCProvider, c as Provider, o as ProviderOptions, m as ProviderType, P as Providers, J as Twitch, E as TwitchOptions, D as TwitchProfile, w as apple, t as credential, L as discord, v as facebook, s as github, y as gitlab, q as google, M as magicLink, z as spotify } from './options-CH15FEBw.js';
-import './types-DAxaMWCy.js';
-import 'zod';

package/dist/providers.js

@@ -1,653 +0,0 @@
-// src/jwt/index.ts
-import { SignJWT, decodeJwt, jwtVerify } from "jose";
-function parseJWT(jwt) {
-  const decoded = decodeJwt(jwt);
-  return decoded;
-}
-function validateJWT(jwt, secret) {
-  return jwtVerify(jwt, new TextEncoder().encode(secret));
-}
-function createJWT({
-  payload,
-  secret,
-  expiresIn,
-  algorithm
-}) {
-  return new SignJWT(payload).setProtectedHeader({
-    alg: algorithm || "HS256"
-  }).setExpirationTime(Math.floor(Date.now() / 1e3) + expiresIn).sign(new TextEncoder().encode(secret));
-}
-
-// src/providers/google.ts
-var google = (options) => {
-  return {
-    id: "google",
-    name: "Google",
-    type: "oidc",
-    nonce: true,
-    params: {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      linkAccounts: options.linkAccounts,
-      redirectURL: options.redirectURL,
-      tokenEndpoint: "https://oauth2.googleapis.com/token",
-      authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth"
-    },
-    issuer: "https://accounts.google.com",
-    scopes: options.scopes || ["openid", "email", "profile"],
-    pkCodeVerifier: true,
-    async getUserInfo(tokens) {
-      const idToken = tokens?.id_token;
-      const user = parseJWT(idToken);
-      const profile = {
-        ...user,
-        id: user.sub
-      };
-      return profile;
-    }
-  };
-};
-
-// src/providers/github.ts
-var github = (options) => {
-  return {
-    id: "github",
-    name: "Github",
-    type: "oauth",
-    params: {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      redirectURL: options.redirectURL,
-      linkAccounts: options.linkAccounts,
-      tokenEndpoint: "https://github.com/login/oauth/access_token",
-      authorizationEndpoint: "https://github.com/login/oauth/authorize",
-      extra: {
-        allow_signup: options.allowSignup === void 0 ? "true" : options.allowSignup ? "true" : "false"
-      }
-    },
-    scopes: options.scopes || ["read:user user:email"],
-    async getUserInfo(tokens) {
-      const response = await fetch("https://api.github.com/user", {
-        headers: {
-          Authorization: `Bearer ${tokens.access_token}`
-        }
-      });
-      const profile = await response.json();
-      if (!profile.email) {
-        const res = await fetch("https://api.github.com/user/emails", {
-          headers: {
-            Authorization: `Bearer ${tokens.access_token}`,
-            "User-Agent": "better-auth"
-          }
-        });
-        if (res.ok) {
-          const emails = await res.json();
-          profile.email = (emails.find((e) => e.primary) ?? emails[0])?.email;
-        }
-      }
-      return {
-        ...profile,
-        id: profile.id,
-        first_name: profile.name.split(" ")[0] || "",
-        last_name: profile.name.split(" ")[1] || ""
-      };
-    }
-  };
-};
-
-// ../shared/src/error.ts
-var BetterAuthError = class extends Error {
-  constructor(message) {
-    super(`${message}`);
-    this.name = this.constructor.name;
-    Object.setPrototypeOf(this, new.target.prototype);
-    Error.captureStackTrace(this, this.constructor);
-  }
-};
-
-// src/providers/credential.ts
-import { z } from "zod";
-
-// src/crypto/password.ts
-import * as argon2 from "argon2";
-
-// src/crypto/random.ts
-function generateRandomString(size) {
-  const i2hex = (i) => `0${i.toString(16)}`.slice(-2);
-  const r = (a, i) => a + i2hex(i);
-  const bytes = crypto.getRandomValues(new Uint8Array(size));
-  return Array.from(bytes).reduce(r, "");
-}
-
-// src/crypto/password.ts
-var hashPassword = async (password, secret) => {
-  const salt = generateRandomString(12);
-  const hash2 = await argon2.hash(password, {
-    type: argon2.argon2id,
-    salt: Buffer.from(salt),
-    secret: Buffer.from(secret)
-  });
-  return hash2;
-};
-var validatePassword = async (password, hash2, secret) => {
-  const res = await argon2.verify(hash2, password, {
-    secret: Buffer.from(secret)
-  });
-  return res;
-};
-
-// src/cookies/index.ts
-function setSessionCookie(context, sessionId) {
-  context.request.cookies.set(
-    context.cookies.sessionToken.name,
-    sessionId,
-    context.cookies.sessionToken.options
-  );
-}
-
-// src/utils/session.ts
-var createSession = async (userId, context) => {
-  const session = await context.adapter.createSession(userId, context);
-  setSessionCookie(context, session.id);
-  return session;
-};
-
-// src/providers/credential.ts
-var credential = (options) => {
-  const input = z.object({
-    email: z.string(),
-    password: z.string()
-  });
-  return {
-    id: "credential",
-    name: "Credential",
-    type: "custom",
-    async signIn(context) {
-      const {
-        data: { email, password },
-        currentURL,
-        callbackURL
-      } = z.object({
-        data: z.object({
-          email: z.string(),
-          password: z.string()
-        }),
-        currentURL: z.string(),
-        callbackURL: z.string()
-      }).parse(context.request.body);
-      const user = await context._db.findOne({
-        model: context.user.modelName || "user",
-        where: [
-          {
-            field: "email",
-            value: email
-          }
-        ]
-      });
-      if (!user) {
-        return {
-          status: 401,
-          body: {
-            error: "user_not_found"
-          }
-        };
-      }
-      const passwordHash = user["password"];
-      if (!passwordHash) {
-        throw new BetterAuthError(
-          "Password field is missing in the user table."
-        );
-      }
-      try {
-        const isValid = await validatePassword(
-          password,
-          passwordHash,
-          context.secret
-        );
-        if (!isValid) {
-          return {
-            status: 401,
-            body: {
-              error: "invalid_password"
-            }
-          };
-        }
-      } catch (e) {
-        return {
-          status: 401,
-          body: {
-            error: "invalid_password"
-          }
-        };
-      }
-      await createSession(user.id, context);
-      return {
-        status: 200,
-        body: {
-          redirect: true,
-          url: callbackURL
-        }
-      };
-    },
-    async signUp(context) {
-      const { data, autoCreateSession, currentURL, callbackURL } = context.request.body;
-      if (!data) {
-        throw new BetterAuthError("Data is required for sign up.");
-      }
-      const userExist = await context.adapter.findUserByEmail(
-        data["email"],
-        context
-      );
-      if (userExist) {
-        return {
-          status: 400,
-          body: {
-            error: "user_already_exist"
-          }
-        };
-      }
-      const user = await context.adapter.createUser(
-        {
-          user: {
-            ...data,
-            ["password"]: await hashPassword(data["password"], context.secret),
-            emailVerified: false
-          },
-          account: {
-            providerId: "credential",
-            accountId: data["email"]
-          }
-        },
-        context
-      );
-      if (autoCreateSession) {
-        await createSession(user.user.id, context);
-      }
-      return {
-        status: 200,
-        body: {
-          redirect: true,
-          url: callbackURL
-        }
-      };
-    },
-    input
-  };
-};
-
-// src/providers/facebook.ts
-var facebook = (options) => {
-  return {
-    id: "facebook",
-    name: "Facebook",
-    type: "oauth",
-    scopes: ["email", "public_profile"],
-    params: {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      redirectURL: options.redirectURL,
-      authorizationEndpoint: "https://www.facebook.com/v16.0/dialog/oauth",
-      tokenEndpoint: "https://graph.facebook.com/v16.0/oauth/access_token"
-    },
-    async getUserInfo(tokens) {
-      const result = await fetch(
-        "https://graph.facebook.com/v16.0/me?fields=id,name,email,picture",
-        {
-          headers: {
-            Authorization: `Bearer ${tokens.access_token}`
-          }
-        }
-      ).then((res) => res.json()).then((res) => res);
-      return {
-        ...result,
-        id: result.id,
-        name: result.name,
-        email: result.email,
-        emailVerified: true
-      };
-    }
-  };
-};
-
-// src/providers/apple.ts
-var apple = (options) => {
-  const authorizationEndpoint = "https://appleid.apple.com/auth/authorize";
-  const tokenEndpoint = "https://appleid.apple.com/auth/token";
-  return {
-    id: "apple",
-    name: "Apple",
-    type: "oidc",
-    params: {
-      authorizationEndpoint,
-      tokenEndpoint,
-      linkAccounts: options.linkAccounts,
-      redirectURL: options.redirectURL,
-      clientId: options.clientId,
-      clientSecret: options.clientSecret
-    },
-    issuer: "https://appleid.apple.com",
-    scopes: options.scopes || ["email", "name"],
-    async getUserInfo(tokens) {
-      const idToken = tokens?.id_token;
-      const user = parseJWT(idToken)?.payload;
-      const profile = {
-        ...user,
-        id: user.sub,
-        email: user.email,
-        emailVerified: true
-      };
-      return profile;
-    }
-  };
-};
-
-// src/providers/gitlab.ts
-var gitlab = (options) => {
-  const domain = options?.domain ?? "https://gitlab.com";
-  const authorizationEndpoint = `${domain}/oauth/authorize`;
-  const tokenEndpoint = `${domain}/oauth/token`;
-  return {
-    id: "gitlab",
-    name: "Gitlab",
-    type: "oauth",
-    scopes: ["read_user"],
-    params: {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      redirectURL: options.redirectURL,
-      authorizationEndpoint,
-      tokenEndpoint
-    },
-    async getUserInfo(tokens) {
-      const headers = {
-        Authorization: `Bearer ${tokens.access_token}`
-      };
-      const result = await fetch("https://gitlab.com/api/v4/user", {
-        headers
-      }).then((res) => res.json()).then((res) => res);
-      return {
-        ...result,
-        id: result.id.toString(),
-        email: result.public_email,
-        emailVerified: true,
-        image: result.avatar_url
-      };
-    }
-  };
-};
-
-// src/providers/spotify.ts
-var spotify = (options) => {
-  return {
-    id: "spotify",
-    name: "Spotify",
-    type: "oauth",
-    scopes: ["user-read-email"],
-    params: {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      redirectURL: options.redirectURL,
-      authorizationEndpoint: "https://accounts.spotify.com/authorize",
-      tokenEndpoint: "https://accounts.spotify.com/api/token"
-    },
-    async getUserInfo(tokens) {
-      const profile = await fetch("https://api.spotify.com/v1/me", {
-        headers: {
-          Authorization: `Bearer ${tokens.access_token}`
-        }
-      }).then((res) => res.json()).then((res) => res);
-      return {
-        ...profile,
-        id: profile.id,
-        email: profile.email,
-        emailVerified: true,
-        name: profile.display_name,
-        image: profile.images[0]?.url
-      };
-    }
-  };
-};
-
-// src/providers/twitch.ts
-var Twitch = (options) => {
-  const authorizeEndpoint = "https://id.twitch.tv/oauth2/authorize";
-  const tokenEndpoint = "https://id.twitch.tv/oauth2/token";
-  return {
-    id: "twitch",
-    name: "Twitch",
-    type: "oauth",
-    scopes: options.scopes ?? ["openid user:read:email"],
-    params: {
-      clientId: options.clientId,
-      linkAccounts: options.linkAccounts,
-      clientSecret: options.clientSecret,
-      redirectURL: options.redirectURL,
-      authorizationEndpoint: authorizeEndpoint,
-      tokenEndpoint
-    },
-    async getUserInfo(tokens) {
-      const headers = {
-        Authorization: `Bearer ${tokens.access_token}`
-      };
-      const result = await fetch("https://api.twitch.tv/helix/users", {
-        headers
-      }).then((res) => res.json()).then((res) => res.data[0]);
-      return {
-        ...result,
-        id: result.sub,
-        email: result.email,
-        emailVerified: true,
-        name: result.preferred_username,
-        image: result.picture
-      };
-    }
-  };
-};
-
-// src/providers/discord.ts
-var discord = (options) => {
-  const authorizeEndpoint = "https://discord.com/oauth2/authorize";
-  const tokenEndpoint = "https://discord.com/api/oauth2/token";
-  return {
-    id: "discord",
-    name: "Discord",
-    type: "oauth",
-    params: {
-      clientId: options.clientId,
-      clientSecret: options.clientSecret,
-      linkAccounts: options.linkAccounts,
-      authorizationEndpoint: authorizeEndpoint,
-      tokenEndpoint,
-      redirectURL: options.redirectURL
-    },
-    scopes: options.scopes || ["identify", "email"],
-    async getUserInfo(tokens) {
-      const profile = await fetch("https://discord.com/api/users/@me", {
-        headers: {
-          Authorization: `Bearer ${tokens.access_token}`
-        }
-      }).then((res) => res.json()).then((res) => res);
-      if (profile.avatar === null) {
-        const defaultAvatarNumber = profile.discriminator === "0" ? Number(BigInt(profile.id) >> BigInt(22)) % 6 : Number.parseInt(profile.discriminator) % 5;
-        profile.image_url = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNumber}.png`;
-      } else {
-        const format = profile.avatar.startsWith("a_") ? "gif" : "png";
-        profile.image_url = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
-      }
-      return {
-        ...profile,
-        id: profile.id,
-        email: profile.email,
-        name: profile.global_name || profile.username,
-        emailVerified: profile.verified || false,
-        image: profile.image_url
-      };
-    }
-  };
-};
-
-// src/providers/magic-link.ts
-import { base64url } from "jose";
-import { z as z2 } from "zod";
-var magicLink = (options) => {
-  const schema = z2.object({
-    callbackURL: z2.string(),
-    currentURL: z2.string(),
-    allowSignUp: z2.boolean().default(false),
-    data: z2.object({
-      email: z2.string()
-    }).and(z2.record(z2.string(), z2.any()))
-  });
-  async function signIn(context) {
-    const data = schema.safeParse(context.request.body);
-    if (data.error) {
-      return {
-        status: 400,
-        statusText: "Invalid Data"
-      };
-    }
-    const {
-      data: { email },
-      currentURL,
-      callbackURL
-    } = data.data;
-    let user = await context.adapter.findUserByEmail(email, context);
-    const redirect = callbackURL ? {
-      error: options?.redirect?.error || currentURL,
-      success: formatURL(callbackURL, currentURL)
-    } : {
-      error: options?.redirect?.error || currentURL,
-      success: options?.redirect?.success || new URL(currentURL).origin
-    };
-    if (!user) {
-      if (data.data.allowSignUp) {
-        if (!data.data.data) {
-          return {
-            status: 400,
-            statusText: "Invalid User Registration Data"
-          };
-        }
-        const response = await context.adapter.createUser(
-          {
-            user: data.data.data,
-            account: {
-              providerId: "magic_link",
-              accountId: email
-            }
-          },
-          context
-        );
-        user = response.user;
-      } else {
-        return {
-          status: 302,
-          Location: `${redirect.error}?error=user_doesn't_exist`
-        };
-      }
-    }
-    const token = await createJWT({
-      payload: {
-        email,
-        redirect: {
-          error: formatURL(redirect.error, currentURL),
-          redirect: formatURL(redirect.error, currentURL)
-        }
-      },
-      secret: context.secret,
-      expiresIn: 60 * 60 * 2
-    });
-    const encoded = base64url.encode(token);
-    const url = `${context.request.url.toString()}/magic-link/verify?token=${encoded}`;
-    await options?.sendEmail(email, url);
-    return {
-      status: 200,
-      body: {
-        success: true
-      }
-    };
-  }
-  return {
-    id: "magic-link",
-    name: "magic-link",
-    type: "custom",
-    signIn,
-    async signUp(context) {
-      const data = schema.parse(context.request.body);
-      const user = await context.adapter.findUserByEmail(
-        data.data.email,
-        context
-      );
-      if (user) {
-        return {
-          status: 302,
-          Location: `${data.currentURL}?error=user_already_exists`
-        };
-      }
-      return await signIn({
-        ...context,
-        request: {
-          ...context.request,
-          body: data
-        }
-      });
-    },
-    handler: {
-      matcher: (context) => context.request.action.startsWith("magic-link"),
-      handler: async (context) => {
-        const token = context.request.url.searchParams.get("token");
-        if (!token) {
-          return {
-            status: 403
-          };
-        }
-        const decoded = new TextDecoder().decode(base64url.decode(token));
-        const isValid = await validateJWT(decoded, context.secret);
-        if (!isValid) {
-          return {
-            status: 403
-          };
-        }
-        const payload = parseJWT(decoded);
-        const user = await context.adapter.findUserByEmail(
-          payload.email,
-          context
-        );
-        if (!user) {
-          return {
-            status: 302,
-            Location: `${payload.redirect.error}?error=user_not_found`
-          };
-        }
-        await createSession(user.id, context);
-        return {
-          status: 200
-        };
-      }
-    },
-    input: z2.object({
-      email: z2.string()
-    })
-  };
-};
-function formatURL(pathOrURL, currentURL) {
-  if (pathOrURL.startsWith("/")) {
-    return `${new URL(currentURL).origin}/${pathOrURL}`;
-  }
-  if (pathOrURL.startsWith("http")) {
-    return pathOrURL;
-  }
-  throw new BetterAuthError("Redirect url passed in magic links are invalid.");
-}
-export {
-  Twitch,
-  apple,
-  credential,
-  discord,
-  facebook,
-  github,
-  gitlab,
-  google,
-  magicLink,
-  spotify
-};
-//# sourceMappingURL=providers.js.map