better-auth 0.0.8-beta.2 → 0.0.8-beta.21

package/dist/internal-adapter-CVKQ4XR9.d.ts

@@ -0,0 +1,637 @@
+import { Kysely, Migration, Dialect } from 'kysely';
+import { O as OAuthProvider, U as User, A as Account, S as Session } from './index-CcxejJTH.js';
+import { ZodSchema } from 'zod';
+import { ContextTools, CookieOptions, Endpoint, EndpointResponse } from 'better-call';
+import { L as LiteralString } from './helper-D8dhRz72.js';
+
+declare const createFieldAttribute: <T extends FieldType, C extends Omit<FieldAttributeConfig<T>, "type">>(type: T, config?: C) => {
+    required?: boolean;
+    returned?: boolean;
+    hashValue?: boolean;
+    defaultValue?: InferValueType<T> | (() => InferValueType<T>) | undefined;
+    transform?: ((value: InferValueType<T>) => InferValueType<T>) | undefined;
+    references?: {
+        /**
+         * The model to reference.
+         */
+        model: string;
+        /**
+         * The field on the referenced model.
+         */
+        field: string;
+        /**
+         * The action to perform when the reference is deleted.
+         * @default "cascade"
+         */
+        onDelete?: "no action" | "restrict" | "cascade" | "set null" | "set default";
+    };
+    unique?: boolean;
+    validator?: ZodSchema;
+    type: T;
+};
+type FieldAttribute<T extends FieldType = FieldType> = {
+    type: T;
+} & FieldAttributeConfig<T>;
+type FieldType = "string" | "number" | "boolean" | "date";
+type InferValueType<T extends FieldType> = T extends "string" ? string : T extends "number" ? number : T extends "boolean" ? boolean : T extends "date" ? Date : never;
+type InferFieldOutput<T extends FieldAttribute> = T["returned"] extends false ? never : T["required"] extends false ? InferValueType<T["type"]> | undefined : InferValueType<T["type"]>;
+type FieldAttributeConfig<T extends FieldType = FieldType> = {
+    /**
+     * if the field should be required on a new record.
+     * @default false
+     */
+    required?: boolean;
+    /**
+     * If the value should be returned on a response body.
+     * @default true
+     */
+    returned?: boolean;
+    /**
+     * If the value should be hashed when it's stored.
+     * @default false
+     */
+    hashValue?: boolean;
+    /**
+     * Default value for the field
+     *
+     * Note: This will not create a default value on the database level. It will only
+     * be used when creating a new record.
+     */
+    defaultValue?: InferValueType<T> | (() => InferValueType<T>);
+    /**
+     * transform the value before storing it.
+     */
+    transform?: (value: InferValueType<T>) => InferValueType<T>;
+    /**
+     * Reference to another model.
+     */
+    references?: {
+        /**
+         * The model to reference.
+         */
+        model: string;
+        /**
+         * The field on the referenced model.
+         */
+        field: string;
+        /**
+         * The action to perform when the reference is deleted.
+         * @default "cascade"
+         */
+        onDelete?: "no action" | "restrict" | "cascade" | "set null" | "set default";
+    };
+    unique?: boolean;
+    /**
+     * A zod schema to validate the value.
+     */
+    validator?: ZodSchema;
+};
+
+/**
+ * Adapter where clause
+ */
+type Where = {
+    operator?: "eq" | "ne" | "lt" | "lte" | "gt" | "gte";
+    value: string;
+    field: string;
+    connector?: "AND" | "OR";
+};
+/**
+ * Adapter Interface
+ */
+interface Adapter {
+    create: <T, R = T>(data: {
+        model: string;
+        data: T;
+        select?: string[];
+    }) => Promise<R>;
+    findOne: <T>(data: {
+        model: string;
+        where: Where[];
+        select?: string[];
+    }) => Promise<T | null>;
+    findMany: <T>(data: {
+        model: string;
+        where?: Where[];
+    }) => Promise<T[]>;
+    update: <T>(data: {
+        model: string;
+        where: Where[];
+        update: Record<string, any>;
+    }) => Promise<T | null>;
+    delete: <T>(data: {
+        model: string;
+        where: Where[];
+    }) => Promise<void>;
+    /**
+     * adapter specific configuration
+     */
+    config?: {
+        /**
+         * the format of the date fields
+         */
+        dateFormat?: "number" | "date";
+        /**
+         * if the adapter will throw an error when a
+         * record already exists. If this is set to
+         * false, there will be a check if the record
+         * exists or not before creating a new one.
+         */
+        failsOnRecordExist?: boolean;
+    };
+    createSchema?: (data: {
+        model: string;
+        fields: Record<string, FieldAttribute>;
+    }[]) => Promise<void>;
+}
+
+declare const createKyselyAdapter: (config: BetterAuthOptions) => Kysely<any> | null;
+
+declare function getAdapter(options: BetterAuthOptions): Adapter;
+
+type HookEndpointContext = ContextTools & {
+    context: AuthContext;
+} & {
+    body: any;
+    request?: Request;
+    headers?: Headers;
+    params?: Record<string, string> | undefined;
+    query?: any;
+    method?: any;
+};
+
+declare function getCookies(options: BetterAuthOptions): {
+    sessionToken: {
+        name: string;
+        options: {
+            httpOnly: true;
+            sameSite: "lax";
+            path: string;
+            secure: boolean;
+            maxAge: number;
+        };
+    };
+    csrfToken: {
+        name: string;
+        options: {
+            httpOnly: true;
+            sameSite: "lax";
+            path: string;
+            secure: boolean;
+            maxAge: number;
+        };
+    };
+    state: {
+        name: string;
+        options: {
+            httpOnly: true;
+            sameSite: "lax";
+            path: string;
+            secure: boolean;
+            maxAge: number;
+        };
+    };
+    pkCodeVerifier: {
+        name: string;
+        options: CookieOptions;
+    };
+    dontRememberToken: {
+        name: string;
+        options: CookieOptions;
+    };
+    nonce: {
+        name: string;
+        options: CookieOptions;
+    };
+};
+declare function createCookieGetter(options: BetterAuthOptions): (cookieName: string, options?: CookieOptions) => {
+    name: string;
+    options: CookieOptions;
+};
+type BetterAuthCookies = ReturnType<typeof getCookies>;
+
+declare const createLogger: (options?: {
+    disabled?: boolean;
+}) => {
+    log: (...args: any[]) => void;
+    error: (...args: any[]) => void;
+    warn: (...args: any[]) => void;
+    info: (...args: any[]) => void;
+    debug: (...args: any[]) => void;
+    box: (...args: any[]) => void;
+    success: (...args: any[]) => void;
+    break: (...args: any[]) => void;
+};
+
+type AuthContext = {
+    options: BetterAuthOptions;
+    baseURL: string;
+    authCookies: BetterAuthCookies;
+    logger: ReturnType<typeof createLogger>;
+    db: ReturnType<typeof createKyselyAdapter>;
+    adapter: ReturnType<typeof getAdapter>;
+    internalAdapter: ReturnType<typeof createInternalAdapter>;
+    createAuthCookie: ReturnType<typeof createCookieGetter>;
+    secret: string;
+    session: {
+        updateAge: number;
+        expiresIn: number;
+    };
+    password: {
+        hash: (password: string) => Promise<string>;
+        verify: (password: string, hash: string) => Promise<boolean>;
+    };
+};
+
+type AuthEndpoint = Endpoint<(ctx: {
+    options: BetterAuthOptions;
+    body: any;
+    query: any;
+    headers: Headers;
+}) => Promise<EndpointResponse>>;
+
+type PluginSchema = {
+    [table: string]: {
+        fields: {
+            [field in string]: FieldAttribute;
+        };
+        disableMigration?: boolean;
+    };
+};
+type BetterAuthPlugin = {
+    id: LiteralString;
+    endpoints?: {
+        [key: string]: AuthEndpoint;
+    };
+    middlewares?: {
+        path: string;
+        middleware: Endpoint;
+    }[];
+    hooks?: {
+        before?: {
+            matcher: (context: HookEndpointContext) => boolean;
+            handler: (context: HookEndpointContext) => Promise<void | {
+                context: Partial<HookEndpointContext>;
+            }>;
+        }[];
+        after?: {
+            matcher: (context: HookEndpointContext) => boolean;
+            handler: (context: HookEndpointContext & {
+                returned: EndpointResponse;
+            }) => Promise<void | {
+                response: EndpointResponse;
+            }>;
+        }[];
+    };
+    /**
+     * Schema the plugin needs
+     *
+     * This will also be used to migrate the database. If the fields are dynamic from the plugins
+     * configuration each time the configuration is changed a new migration will be created.
+     *
+     * NOTE: If you want to create migrations manually using
+     * migrations option or any other way you
+     * can disable migration per table basis.
+     *
+     * @example
+     * ```ts
+     * schema: {
+     * 	user: {
+     * 		fields: {
+     * 			email: {
+     * 				 type: "string",
+     * 			},
+     * 			emailVerified: {
+     * 				type: "boolean",
+     * 				defaultValue: false,
+     * 			},
+     * 		},
+     * 	}
+     * } as PluginSchema
+     * ```
+     */
+    schema?: PluginSchema;
+    /**
+     * The migrations of the plugin. If you define schema that will automatically create
+     * migrations for you.
+     *
+     * ⚠️ Only uses this if you dont't want to use the schema option and you disabled migrations for
+     * the tables.
+     */
+    migrations?: Record<string, Migration>;
+    /**
+     * The options of the plugin
+     */
+    options?: Record<string, any>;
+};
+
+interface BetterAuthOptions {
+    /**
+     * Base URL for the better auth. This is typically the
+     * root URL where your
+     * application server is hosted. If not explicitly set,
+     * the system will check the following environment variable:
+     *
+     * process.env.BETTER_AUTH_URL
+     *
+     * If not set it will throw an error.
+     */
+    baseURL?: string;
+    /**
+     * Base path for the better auth. This is typically the path where the
+     * better auth routes are mounted.
+     *
+     * @default "/api/auth"
+     */
+    basePath?: string;
+    /**
+     * The secret to use for encryption,
+     * signing and hashing.
+     *
+     * By default better auth will look for
+     * the following environment variables:
+     * process.env.BETTER_AUTH_SECRET,
+     * process.env.AUTH_SECRET
+     * If none of these environment
+     * variables are set,
+     * it will default to
+     * "better-auth-secret-123456789".
+     *
+     * on production if it's not set
+     * it will throw an error.
+     *
+     * you can generate a good secret
+     * using the following command:
+     * @example
+     * ```bash
+     * openssl rand -base64 32
+     * ```
+     */
+    secret?: string;
+    /**
+     * list of social providers
+     */
+    socialProvider?: OAuthProvider[];
+    /**
+     * Plugins
+     */
+    plugins?: BetterAuthPlugin[];
+    /**
+     * Advanced options
+     */
+    advanced?: {
+        /**
+         * Use secure cookies
+         *
+         * @default false
+         */
+        useSecureCookies?: boolean;
+        /**
+         * Disable CSRF check
+         */
+        disableCSRFCheck?: boolean;
+    };
+    /**
+     * Disable logging
+     *
+     * @default false
+     */
+    disableLog?: boolean;
+    /**
+     * Database configuration
+     */
+    database: {
+        provider: "postgres" | "sqlite" | "mysql";
+        url: string;
+    } | Dialect;
+    /**
+     * User configuration
+     */
+    user?: {
+        /**
+         * The model name for the user. Defaults to "user".
+         */
+        modelName?: string;
+        /**
+         * Additional fields to add to the user model
+         */
+        additionalFields?: Record<string, FieldAttribute>;
+    };
+    session?: {
+        modelName?: string;
+        /**
+         * Expiration time for the session token. The value
+         * should be in seconds.
+         * @default 7 days (60 * 60 * 24 * 7)
+         */
+        expiresIn?: number;
+        /**
+         * How often the session should be refreshed. The value
+         * should be in seconds.
+         * If set 0 the session will be refreshed every time it is used.
+         * @default 1 day (60 * 60 * 24)
+         */
+        updateAge?: number;
+    };
+    account?: {
+        modelName?: string;
+    };
+    /**
+     * Email and password authentication
+     */
+    emailAndPassword?: {
+        /**
+         * Enable email and password authentication
+         *
+         * @default false
+         */
+        enabled: boolean;
+        /**
+         * The maximum length of the password.
+         *
+         * @default 8
+         */
+        maxPasswordLength?: number;
+        /**
+         * The minimum length of the password.
+         *
+         * @default 32
+         */
+        minPasswordLength?: number;
+        /**
+         * send reset password email
+         *
+         * @param token the token to send to the email. Make sure to include the token as a
+         * parameter in the URL. You'll need to send it back to reset the password.
+         * @param user the user to send the email to
+         */
+        sendResetPasswordToken?: (token: string, user: User) => Promise<void>;
+        /**
+         * @param email the email to send the verification email to
+         * @param url the url to send the verification
+         * email to
+         * @param token the actual token. You can use this
+         * if you want to custom endpoint to verify the
+         * email.
+         */
+        sendVerificationEmail?: (email: string, url: string, token: string) => Promise<void>;
+        /**
+         * Send a verification email automatically after
+         * sign up
+         *
+         * @default false
+         */
+        sendEmailVerificationOnSignUp?: boolean;
+        /**
+         * Password hashing and verification
+         *
+         * By default Argon2id is used for password hashing and verification.
+         * You can provide your own hashing and verification function
+         * if you want to use a different algorithm.
+         */
+        password?: {
+            hash?: (password: string) => Promise<string>;
+            verify?: (password: string, hash: string) => Promise<boolean>;
+        };
+    };
+    /**
+     * List of trusted origins.
+     */
+    trustedOrigins?: string[];
+}
+
+declare const createInternalAdapter: (adapter: Adapter, options: BetterAuthOptions) => {
+    createOAuthUser: (user: User, account: Account) => Promise<{
+        user: {
+            id: string;
+            email: string;
+            emailVerified: boolean;
+            name: string;
+            createdAt: Date;
+            updatedAt: Date;
+            image?: string | undefined;
+        };
+        account: {
+            id: string;
+            providerId: string;
+            accountId: string;
+            userId: string;
+            accessToken?: string | null | undefined;
+            refreshToken?: string | null | undefined;
+            idToken?: string | null | undefined;
+            accessTokenExpiresAt?: Date | null | undefined;
+            refreshTokenExpiresAt?: Date | null | undefined;
+            password?: string | null | undefined;
+        };
+    } | null>;
+    createUser: (user: User) => Promise<{
+        id: string;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        createdAt: Date;
+        updatedAt: Date;
+        image?: string | undefined;
+    }>;
+    createSession: (userId: string, request?: Request, dontRememberMe?: boolean) => Promise<{
+        id: string;
+        userId: string;
+        expiresAt: Date;
+        ipAddress?: string | undefined;
+        userAgent?: string | undefined;
+    }>;
+    findSession: (sessionId: string) => Promise<{
+        session: {
+            id: string;
+            userId: string;
+            expiresAt: Date;
+            ipAddress?: string | undefined;
+            userAgent?: string | undefined;
+        };
+        user: {
+            id: string;
+            email: string;
+            emailVerified: boolean;
+            name: string;
+            createdAt: Date;
+            updatedAt: Date;
+            image?: string | undefined;
+        };
+    } | null>;
+    updateSession: (sessionId: string, session: Partial<Session>) => Promise<{
+        id: string;
+        userId: string;
+        expiresAt: Date;
+        ipAddress?: string | undefined;
+        userAgent?: string | undefined;
+    } | null>;
+    deleteSession: (id: string) => Promise<void>;
+    findUserByEmail: (email: string) => Promise<{
+        user: {
+            id: string;
+            email: string;
+            emailVerified: boolean;
+            name: string;
+            createdAt: Date;
+            updatedAt: Date;
+            image?: string | undefined;
+        };
+        accounts: {
+            id: string;
+            providerId: string;
+            accountId: string;
+            userId: string;
+            accessToken?: string | null | undefined;
+            refreshToken?: string | null | undefined;
+            idToken?: string | null | undefined;
+            accessTokenExpiresAt?: Date | null | undefined;
+            refreshTokenExpiresAt?: Date | null | undefined;
+            password?: string | null | undefined;
+        }[];
+    } | null>;
+    findUserById: (userId: string) => Promise<{
+        id: string;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        createdAt: Date;
+        updatedAt: Date;
+        image?: string | undefined;
+    } | null>;
+    linkAccount: (account: Account) => Promise<{
+        id: string;
+        providerId: string;
+        accountId: string;
+        userId: string;
+        accessToken?: string | null | undefined;
+        refreshToken?: string | null | undefined;
+        idToken?: string | null | undefined;
+        accessTokenExpiresAt?: Date | null | undefined;
+        refreshTokenExpiresAt?: Date | null | undefined;
+        password?: string | null | undefined;
+    }>;
+    updateUserByEmail: (email: string, data: Partial<User & Record<string, any>>) => Promise<{
+        id: string;
+        email: string;
+        emailVerified: boolean;
+        name: string;
+        createdAt: Date;
+        updatedAt: Date;
+        image?: string | undefined;
+    } | null>;
+    updatePassword: (userId: string, password: string) => Promise<{
+        id: string;
+        providerId: string;
+        accountId: string;
+        userId: string;
+        accessToken?: string | null | undefined;
+        refreshToken?: string | null | undefined;
+        idToken?: string | null | undefined;
+        accessTokenExpiresAt?: Date | null | undefined;
+        refreshTokenExpiresAt?: Date | null | undefined;
+        password?: string | null | undefined;
+    } | null>;
+};
+type InternalAdapter = ReturnType<typeof createInternalAdapter>;
+
+export { type AuthContext as A, type BetterAuthOptions as B, type FieldAttribute as F, type HookEndpointContext as H, type InferFieldOutput as I, type BetterAuthPlugin as a, type InternalAdapter as b, createInternalAdapter as c, createFieldAttribute as d, type FieldType as e, type InferValueType as f, type FieldAttributeConfig as g };

package/dist/next-js.d.ts

@@ -1,14 +1,24 @@
-import { A as Auth } from './index-CGeV0d2g.js';
-import 'better-call';
-import 'zod';
-import './helper-B5_2Vzba.js';
-import './schema-BOszzrbQ.js';
-import 'arctic';
+import { Auth } from './index.js';
+import { NextResponse } from 'next/server';
+import './helper-D8dhRz72.js';
+import './internal-adapter-CVKQ4XR9.js';
 import 'kysely';
+import './index-CcxejJTH.js';
+import 'arctic';
+import 'zod';
+import 'better-call';
 
 declare function toNextJsHandler(auth: Auth | Auth["handler"]): {
     GET: (request: Request) => Promise<Response>;
     POST: (request: Request) => Promise<Response>;
 };
+/**
+ * Middleware that checks if the user is authenticated.
+ * If not, it redirects to the redirectTo URL.
+ */
+declare function authMiddleware(options: {
+    baePath?: string;
+    redirectTo: string;
+}): (request: Request) => Promise<NextResponse<unknown>>;
 
-export { toNextJsHandler };
+export { authMiddleware, toNextJsHandler };

package/dist/next-js.js

@@ -1,3 +1,6 @@
+import { betterFetch } from '@better-fetch/fetch';
+import { NextResponse } from 'next/server';
+
 // src/integrations/next-js.ts
 function toNextJsHandler(auth) {
   const handler = async (request) => {
@@ -8,7 +11,21 @@ function toNextJsHandler(auth) {
     POST: handler
   };
 }
-export {
-  toNextJsHandler
-};
+function authMiddleware(options) {
+  return async (request) => {
+    const url = new URL(request.url).origin;
+    const basePath = options?.baePath || "/api/auth";
+    const fullURL = `${url}${basePath}/session`;
+    const res = await betterFetch(fullURL, {
+      headers: request.headers
+    });
+    if (!res.data) {
+      return NextResponse.redirect(new URL(options.redirectTo, url));
+    }
+    return NextResponse.next();
+  };
+}
+
+export { authMiddleware, toNextJsHandler };
+//# sourceMappingURL=next-js.js.map
 //# sourceMappingURL=next-js.js.map

package/dist/next-js.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/integrations/next-js.ts"],"sourcesContent":["import type { Auth } from \"../auth\";\n\nexport function toNextJsHandler(auth: Auth | Auth[\"handler\"]) {\n\tconst handler = async (request: Request) => {\n\t\treturn \"handler\" in auth ? auth.handler(request) : auth(request);\n\t};\n\treturn {\n\t\tGET: handler,\n\t\tPOST: handler,\n\t};\n}\n"],"mappings":";AAEO,SAAS,gBAAgB,MAA8B;AAC7D,QAAM,UAAU,OAAO,YAAqB;AAC3C,WAAO,aAAa,OAAO,KAAK,QAAQ,OAAO,IAAI,KAAK,OAAO;AAAA,EAChE;AACA,SAAO;AAAA,IACN,KAAK;AAAA,IACL,MAAM;AAAA,EACP;AACD;","names":[]}
+{"version":3,"sources":["../src/integrations/next-js.ts"],"names":[],"mappings":";;;;AAKO,SAAS,gBAAgB,IAA8B,EAAA;AAC7D,EAAM,MAAA,OAAA,GAAU,OAAO,OAAqB,KAAA;AAC3C,IAAA,OAAO,aAAa,IAAO,GAAA,IAAA,CAAK,QAAQ,OAAO,CAAA,GAAI,KAAK,OAAO,CAAA,CAAA;AAAA,GAChE,CAAA;AACA,EAAO,OAAA;AAAA,IACN,GAAK,EAAA,OAAA;AAAA,IACL,IAAM,EAAA,OAAA;AAAA,GACP,CAAA;AACD,CAAA;AAMO,SAAS,eAAe,OAG5B,EAAA;AACF,EAAA,OAAO,OAAO,OAAqB,KAAA;AAClC,IAAA,MAAM,GAAM,GAAA,IAAI,GAAI,CAAA,OAAA,CAAQ,GAAG,CAAE,CAAA,MAAA,CAAA;AACjC,IAAM,MAAA,QAAA,GAAW,SAAS,OAAW,IAAA,WAAA,CAAA;AACrC,IAAA,MAAM,OAAU,GAAA,CAAA,EAAG,GAAG,CAAA,EAAG,QAAQ,CAAA,QAAA,CAAA,CAAA;AACjC,IAAM,MAAA,GAAA,GAAM,MAAM,WAAA,CAEf,OAAS,EAAA;AAAA,MACX,SAAS,OAAQ,CAAA,OAAA;AAAA,KACjB,CAAA,CAAA;AACD,IAAI,IAAA,CAAC,IAAI,IAAM,EAAA;AACd,MAAA,OAAO,aAAa,QAAS,CAAA,IAAI,IAAI,OAAQ,CAAA,UAAA,EAAY,GAAG,CAAC,CAAA,CAAA;AAAA,KAC9D;AACA,IAAA,OAAO,aAAa,IAAK,EAAA,CAAA;AAAA,GAC1B,CAAA;AACD","file":"next-js.js","sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { Auth } from \"../auth\";\nimport type { Session } from \"../adapters/schema\";\nimport { NextRequest, NextResponse } from \"next/server\";\n\nexport function toNextJsHandler(auth: Auth | Auth[\"handler\"]) {\n\tconst handler = async (request: Request) => {\n\t\treturn \"handler\" in auth ? auth.handler(request) : auth(request);\n\t};\n\treturn {\n\t\tGET: handler,\n\t\tPOST: handler,\n\t};\n}\n\n/**\n * Middleware that checks if the user is authenticated.\n * If not, it redirects to the redirectTo URL.\n */\nexport function authMiddleware(options: {\n\tbaePath?: string;\n\tredirectTo: string;\n}) {\n\treturn async (request: Request) => {\n\t\tconst url = new URL(request.url).origin;\n\t\tconst basePath = options?.baePath || \"/api/auth\";\n\t\tconst fullURL = `${url}${basePath}/session`;\n\t\tconst res = await betterFetch<{\n\t\t\tsession: Session;\n\t\t}>(fullURL, {\n\t\t\theaders: request.headers,\n\t\t});\n\t\tif (!res.data) {\n\t\t\treturn NextResponse.redirect(new URL(options.redirectTo, url));\n\t\t}\n\t\treturn NextResponse.next();\n\t};\n}\n"]}