better-auth 0.0.2-beta.7 → 0.0.2

package/dist/client.js

@@ -0,0 +1,693 @@
+// src/client/base.ts
+import { createFetch } from "@better-fetch/fetch";
+
+// src/error/better-auth-error.ts
+var BetterAuthError = class extends Error {
+  constructor(message) {
+    super(message);
+  }
+};
+
+// src/utils/base-url.ts
+function checkHasPath(url) {
+  try {
+    const parsedUrl = new URL(url);
+    return parsedUrl.pathname !== "/";
+  } catch (error) {
+    console.error("Invalid URL:", error);
+    return false;
+  }
+}
+function withPath(url, path = "/api/auth") {
+  const hasPath = checkHasPath(url);
+  if (hasPath) {
+    return {
+      baseURL: new URL(url).origin,
+      withPath: url
+    };
+  }
+  path = path.startsWith("/") ? path : `/${path}`;
+  return {
+    baseURL: url,
+    withPath: `${url}${path}`
+  };
+}
+function getBaseURL(url, path) {
+  if (url) {
+    return withPath(url, path);
+  }
+  const env = typeof process !== "undefined" ? process.env : typeof import.meta !== "undefined" ? (
+    //@ts-ignore
+    import.meta.env
+  ) : {};
+  const fromEnv = env.BETTER_AUTH_URL || env.AUTH_URL || env.NEXT_PUBLIC_AUTH_URL || env.NEXT_PUBLIC_BETTER_AUTH_URL || env.PUBLIC_AUTH_URL || env.PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_AUTH_URL;
+  if (fromEnv) {
+    return withPath(fromEnv, path);
+  }
+  const isDev = !fromEnv && (env.NODE_ENV === "development" || env.NODE_ENV === "test");
+  if (isDev) {
+    return {
+      baseURL: "http://localhost:3000",
+      withPath: "http://localhost:3000/api/auth"
+    };
+  }
+  throw new BetterAuthError(
+    "Could not infer baseURL from environment variables"
+  );
+}
+
+// src/client/fetch-plugins.ts
+import { betterFetch } from "@better-fetch/fetch";
+var redirectPlugin = {
+  id: "redirect",
+  name: "Redirect",
+  hooks: {
+    onSuccess(context) {
+      if (context.data?.url && context.data?.redirect) {
+        window.location.href = context.data.url;
+      }
+    }
+  }
+};
+var addCurrentURL = {
+  id: "add-current-url",
+  name: "Add current URL",
+  hooks: {
+    onRequest(context) {
+      if (typeof window !== "undefined") {
+        const url = new URL(context.url);
+        url.searchParams.set("currentURL", window.location.href);
+        context.url = url;
+      }
+      return context;
+    }
+  }
+};
+var csrfPlugin = {
+  id: "csrf",
+  name: "CSRF Check",
+  async init(url, options) {
+    if (options?.method !== "GET") {
+      options = options || {};
+      const { data, error } = await betterFetch("/csrf", {
+        body: void 0,
+        baseURL: options.baseURL,
+        plugins: [],
+        method: "GET",
+        credentials: "include"
+      });
+      if (error?.status === 404) {
+        throw new BetterAuthError(
+          "Route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth)."
+        );
+      }
+      if (error) {
+        throw new BetterAuthError(error.message || "Failed to get CSRF token.");
+      }
+      options.body = {
+        ...options?.body,
+        csrfToken: data.csrfToken
+      };
+    }
+    options.credentials = "include";
+    return { url, options };
+  }
+};
+
+// src/client/proxy.ts
+function getMethod(path, knownPathMethods, args) {
+  const method = knownPathMethods[path];
+  const { options, query, ...body } = args || {};
+  if (method) {
+    return method;
+  }
+  if (options?.method) {
+    return options.method;
+  }
+  if (body && Object.keys(body).length > 0) {
+    return "POST";
+  }
+  return "GET";
+}
+function createDynamicPathProxy(routes, client, knownPathMethods, $signal, $signals) {
+  function createProxy(path = []) {
+    return new Proxy(function() {
+    }, {
+      get(target, prop) {
+        const fullPath = [...path, prop];
+        let current = routes;
+        for (const segment of fullPath) {
+          if (current && typeof current === "object" && segment in current) {
+            current = current[segment];
+          } else {
+            current = void 0;
+            break;
+          }
+        }
+        if (typeof current === "function") {
+          return current;
+        }
+        return createProxy(fullPath);
+      },
+      apply: async (_, __, args) => {
+        const routePath = "/" + path.map(
+          (segment) => segment.replace(/[A-Z]/g, (letter) => `-${letter.toLowerCase()}`)
+        ).join("/");
+        const arg = args[0] || {};
+        const method = getMethod(routePath, knownPathMethods, arg);
+        const { query, options, ...body } = arg;
+        return await client(routePath, {
+          ...options,
+          body: method === "GET" ? void 0 : body,
+          query,
+          method,
+          async onSuccess(context) {
+            const signal = $signal?.find((s) => s.matcher(routePath));
+            if (!signal) return;
+            const signalAtom = $signals?.[signal.atom];
+            if (!signalAtom) return;
+            signalAtom.set(!signalAtom.get());
+            await options?.onSuccess?.(context);
+          }
+        });
+      }
+    });
+  }
+  return createProxy();
+}
+
+// src/client/session-atom.ts
+import { atom, computed, task } from "nanostores";
+function getSessionAtom(client) {
+  const $signal = atom(false);
+  const $session = computed(
+    $signal,
+    () => task(async () => {
+      const session = await client("/session", {
+        credentials: "include",
+        method: "GET"
+      });
+      return session.data;
+    })
+  );
+  return { $session, $sessionSignal: $signal };
+}
+
+// src/client/base.ts
+var createAuthFetch = (options) => {
+  const $baseFetch = createFetch();
+  return createFetch({
+    method: "GET",
+    ...options,
+    baseURL: getBaseURL(options?.baseURL).withPath,
+    plugins: [
+      ...options?.plugins || [],
+      ...options?.authPlugins?.flatMap((plugin) => plugin($baseFetch).fetchPlugins).filter((plugin) => plugin !== void 0) || [],
+      ...options?.csrfPlugin !== false ? [csrfPlugin] : [],
+      redirectPlugin,
+      addCurrentURL
+    ]
+  });
+};
+var createAuthClient = (options, additionalActions = {}) => {
+  const $fetch = createAuthFetch(options);
+  const { $session, $sessionSignal } = getSessionAtom($fetch);
+  let pluginsActions = {};
+  const pluginProxySignals = [];
+  let pluginSignals = {};
+  let pluginPathMethods = {};
+  for (const plugin of options?.authPlugins || []) {
+    const pl = plugin($fetch);
+    if (pl.authProxySignal) {
+      pluginProxySignals.push(...pl.authProxySignal);
+    }
+    if (pl.actions) {
+      pluginsActions = {
+        ...pluginsActions,
+        ...pl.actions
+      };
+    }
+    if (pl.signals) {
+      pluginSignals = {
+        ...pluginSignals,
+        ...pl.signals
+      };
+    }
+    if (pl.pathMethods) {
+      pluginPathMethods = {
+        ...pluginPathMethods,
+        ...pl.pathMethods
+      };
+    }
+  }
+  const actions = {
+    $atoms: {
+      $session
+    },
+    $fetch,
+    ...pluginsActions,
+    ...additionalActions
+  };
+  const proxy = createDynamicPathProxy(
+    actions,
+    $fetch,
+    {
+      ...pluginPathMethods,
+      "/sign-out": "POST"
+    },
+    [
+      {
+        matcher: (path) => path === "/organization/create",
+        atom: "$listOrg"
+      },
+      {
+        matcher: (path) => path.startsWith("/organization"),
+        atom: "$activeOrgSignal"
+      },
+      {
+        matcher: (path) => path === "/sign-out" || path.startsWith("/sign-up") || path.startsWith("/sign-in"),
+        atom: "$sessionSignal"
+      },
+      ...pluginProxySignals
+    ],
+    {
+      $sessionSignal,
+      ...pluginSignals
+    }
+  );
+  return proxy;
+};
+
+// src/client/create-client-plugin.ts
+var createClientPlugin = () => {
+  return ($fn) => {
+    return ($fetch) => {
+      const data = $fn($fetch);
+      return {
+        ...data,
+        integrations: data.integrations,
+        plugin: {}
+      };
+    };
+  };
+};
+
+// src/plugins/two-factor/client.ts
+var twoFactorClient = (options = {
+  redirect: true,
+  twoFactorPage: "/"
+}) => {
+  return createClientPlugin()(($fetch) => {
+    return {
+      id: "two-factor",
+      authProxySignal: [
+        {
+          matcher: (path) => path === "/two-factor/enable" || path === "/two-factor/send-otp",
+          atom: "$sessionSignal"
+        }
+      ],
+      pathMethods: {
+        "enable/totp": "POST",
+        "/two-factor/disable": "POST",
+        "/two-factor/enable": "POST",
+        "/two-factor/send-otp": "POST"
+      },
+      fetchPlugins: [
+        {
+          id: "two-factor",
+          name: "two-factor",
+          hooks: {
+            async onSuccess(context) {
+              if (context.data?.twoFactorRedirect) {
+                if (options.redirect) {
+                  window.location.href = options.twoFactorPage;
+                }
+              }
+            }
+          }
+        }
+      ]
+    };
+  });
+};
+
+// src/plugins/organization/client.ts
+import { atom as atom2, computed as computed2, task as task2 } from "nanostores";
+
+// src/plugins/organization/access/src/access.ts
+var ParsingError = class extends Error {
+  path;
+  constructor(message, path) {
+    super(message);
+    this.path = path;
+  }
+};
+var AccessControl = class {
+  constructor(s) {
+    this.s = s;
+    this.statements = s;
+  }
+  statements;
+  newRole(statements) {
+    return new Role(statements);
+  }
+};
+var Role = class _Role {
+  statements;
+  constructor(statements) {
+    this.statements = statements;
+  }
+  authorize(request, connector) {
+    for (const [requestedResource, requestedActions] of Object.entries(
+      request
+    )) {
+      const allowedActions = this.statements[requestedResource];
+      if (!allowedActions) {
+        return {
+          success: false,
+          error: `You are not allowed to access resource: ${requestedResource}`
+        };
+      }
+      const success = connector === "OR" ? requestedActions.some(
+        (requestedAction) => allowedActions.includes(requestedAction)
+      ) : requestedActions.every(
+        (requestedAction) => allowedActions.includes(requestedAction)
+      );
+      if (success) {
+        return { success };
+      }
+      return {
+        success: false,
+        error: `unauthorized to access resource "${requestedResource}"`
+      };
+    }
+    return {
+      success: false,
+      error: "Not authorized"
+    };
+  }
+  static fromString(s) {
+    const statements = JSON.parse(s);
+    if (typeof statements !== "object") {
+      throw new ParsingError("statements is not an object", ".");
+    }
+    for (const [resource, actions] of Object.entries(statements)) {
+      if (typeof resource !== "string") {
+        throw new ParsingError("invalid resource identifier", resource);
+      }
+      if (!Array.isArray(actions)) {
+        throw new ParsingError("actions is not an array", resource);
+      }
+      for (let i = 0; i < actions.length; i++) {
+        if (typeof actions[i] !== "string") {
+          throw new ParsingError("action is not a string", `${resource}[${i}]`);
+        }
+      }
+    }
+    return new _Role(statements);
+  }
+  toString() {
+    return JSON.stringify(this.statements);
+  }
+};
+
+// src/plugins/organization/access/statement.ts
+var createAccessControl = (statements) => {
+  return new AccessControl(statements);
+};
+var defaultStatements = {
+  organization: ["update", "delete"],
+  member: ["create", "update", "delete"],
+  invitation: ["create", "cancel"]
+};
+var defaultAc = createAccessControl(defaultStatements);
+var adminAc = defaultAc.newRole({
+  organization: ["update"],
+  invitation: ["create", "cancel"],
+  member: ["create", "update", "delete"]
+});
+var ownerAc = defaultAc.newRole({
+  organization: ["update", "delete"],
+  member: ["create", "update", "delete"],
+  invitation: ["create", "cancel"]
+});
+var memberAc = defaultAc.newRole({
+  organization: [],
+  member: [],
+  invitation: []
+});
+
+// src/plugins/organization/client.ts
+var organizationClient = (options) => createClientPlugin()(($fetch) => {
+  const activeOrgId = atom2(null);
+  const $listOrg = atom2(false);
+  const $activeOrgSignal = atom2(false);
+  const $activeOrganization = computed2(
+    [activeOrgId, $activeOrgSignal],
+    () => task2(async () => {
+      if (!activeOrgId.get()) {
+        return null;
+      }
+      const organization = await $fetch("/organization/set-active", {
+        method: "POST",
+        credentials: "include",
+        body: {
+          orgId: activeOrgId.get()
+        }
+      });
+      return organization.data;
+    })
+  );
+  const $listOrganizations = computed2(
+    $listOrg,
+    () => task2(async () => {
+      const organizations = await $fetch(
+        "/organization/list",
+        {
+          method: "GET"
+        }
+      );
+      return organizations.data;
+    })
+  );
+  const $activeInvitationId = atom2(null);
+  const $invitation = computed2(
+    $activeInvitationId,
+    () => task2(async () => {
+      if (!$activeInvitationId.get()) {
+        return {
+          error: {
+            message: "No invitation found",
+            status: 400,
+            data: null
+          },
+          data: null
+        };
+      }
+      const res = await $fetch("/organization/get-active-invitation", {
+        method: "GET",
+        query: {
+          id: $activeInvitationId.get()
+        },
+        credentials: "include"
+      });
+      return res;
+    })
+  );
+  return {
+    id: "organization",
+    actions: {
+      organization: {
+        setActive(orgId) {
+          activeOrgId.set(orgId);
+        },
+        setInvitationId: (id) => {
+          $activeInvitationId.set(id);
+        },
+        hasPermission: async (permission) => {
+          await $fetch("/organization/has-permission", {
+            method: "POST",
+            body: {
+              permission
+            }
+          });
+        }
+      }
+    },
+    integrations: {
+      react(useStore) {
+        return {
+          organization: {
+            useActiveOrganization() {
+              return useStore($activeOrganization);
+            },
+            useListOrganization() {
+              return useStore($listOrganizations);
+            },
+            useInvitation() {
+              return useStore($invitation);
+            }
+          }
+        };
+      },
+      vue(useStore) {
+        return {
+          useActiveOrganization() {
+            return useStore($activeOrganization);
+          },
+          useListOrganization() {
+            return useStore($listOrganizations);
+          },
+          useInvitation() {
+            return useStore($invitation);
+          }
+        };
+      },
+      preact(useStore) {
+        return {
+          useActiveOrganization() {
+            return useStore($activeOrganization);
+          },
+          useListOrganization() {
+            return useStore($listOrganizations);
+          },
+          useInvitation() {
+            return useStore($invitation);
+          }
+        };
+      },
+      svelte() {
+        return {
+          $activeOrganization,
+          $listOrganizations,
+          $invitation
+        };
+      }
+    },
+    signals: {
+      $listOrg,
+      $activeOrgSignal
+    },
+    authProxySignal: [
+      {
+        matcher(path) {
+          return path.startsWith("/organization");
+        },
+        atom: "$listOrg"
+      },
+      {
+        matcher(path) {
+          return path.startsWith("/organization");
+        },
+        atom: "$activeOrgSignal"
+      }
+    ]
+  };
+});
+
+// src/plugins/passkey/client.ts
+import {
+  WebAuthnError,
+  startAuthentication,
+  startRegistration
+} from "@simplewebauthn/browser";
+var getPasskeyActions = ($fetch) => {
+  const signInPasskey = async (opts) => {
+    const response = await $fetch(
+      "/passkey/generate-authenticate-options",
+      {
+        method: "POST",
+        body: {
+          email: opts?.email
+        }
+      }
+    );
+    if (!response.data) {
+      return response;
+    }
+    try {
+      const res = await startAuthentication(
+        response.data,
+        opts?.autoFill || false
+      );
+      const verified = await $fetch("/passkey/verify-authentication", {
+        body: {
+          response: res,
+          type: "authenticate"
+        }
+      });
+      if (!verified.data) {
+        return verified;
+      }
+    } catch (e) {
+      console.log(e);
+    }
+  };
+  const registerPasskey = async () => {
+    const options = await $fetch(
+      "/passkey/generate-register-options",
+      {
+        method: "GET"
+      }
+    );
+    if (!options.data) {
+      return options;
+    }
+    try {
+      const res = await startRegistration(options.data);
+      const verified = await $fetch("/passkey/verify-registration", {
+        body: {
+          response: res,
+          type: "register"
+        }
+      });
+      if (!verified.data) {
+        return verified;
+      }
+    } catch (e) {
+      if (e instanceof WebAuthnError) {
+        if (e.code === "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED") {
+          return {
+            data: null,
+            error: {
+              message: "previously registered",
+              status: 400,
+              statusText: "BAD_REQUEST"
+            }
+          };
+        }
+      }
+    }
+  };
+  return {
+    signInPasskey,
+    registerPasskey
+  };
+};
+var passkeyClient = createClientPlugin()(
+  ($fetch) => {
+    return {
+      id: "passkey",
+      actions: getPasskeyActions($fetch)
+    };
+  }
+);
+
+// src/plugins/username/client.ts
+var usernameClient = createClientPlugin()(
+  ($fetch) => {
+    return {
+      id: "username"
+    };
+  }
+);
+export {
+  createAuthClient,
+  createAuthFetch,
+  getPasskeyActions,
+  organizationClient,
+  passkeyClient,
+  twoFactorClient,
+  usernameClient
+};
+//# sourceMappingURL=client.js.map