better-auth 0.1.1-beta.2 → 0.1.1-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api.d.ts +1 -1
- package/dist/api.js +1 -1
- package/dist/client/plugins.d.ts +3 -3
- package/dist/client.d.ts +1 -1
- package/dist/{index-CMQfBjoY.d.ts → index-BD5tEEdN.d.ts} +1 -1
- package/dist/{index-BZTQCJvy.d.ts → index-wJcPCm9A.d.ts} +37 -29
- package/dist/index.d.ts +1 -1
- package/dist/index.js +3 -3
- package/dist/next-js.d.ts +1 -1
- package/dist/node.d.ts +1 -1
- package/dist/plugins.d.ts +31 -4
- package/dist/plugins.js +3 -3
- package/dist/react.d.ts +1 -1
- package/dist/solid-start.d.ts +1 -1
- package/dist/solid.d.ts +1 -1
- package/dist/svelte-kit.d.ts +1 -1
- package/dist/svelte.d.ts +1 -1
- package/dist/types.d.ts +2 -2
- package/dist/utils.d.ts +2 -2
- package/dist/vue.d.ts +1 -1
- package/package.json +1 -1
package/dist/api.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export {
|
|
1
|
+
export { e as AuthEndpoint, f as AuthMiddleware, y as callbackOAuth, X as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, Q as createEmailVerificationToken, a1 as csrfMiddleware, _ as error, M as forgetPassword, N as forgetPasswordCallback, Z as getCSRFToken, u as getEndpoints, z as getSession, C as getSessionFromCtx, E as listSessions, $ as ok, o as optionsMiddleware, O as resetPassword, J as revokeSession, K as revokeSessions, v as router, T as sendVerificationEmail, D as sessionMiddleware, Y as setPassword, x as signInEmail, w as signInOAuth, L as signOut, a0 as signUpEmail, V as updateUser, U as verifyEmail } from './index-wJcPCm9A.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import './helper-C1ihmerM.js';
|
|
4
4
|
import 'better-call';
|
package/dist/api.js
CHANGED
|
@@ -79,4 +79,4 @@ var Je=Object.defineProperty,Ze=Object.defineProperties;var Ke=Object.getOwnProp
|
|
|
79
79
|
<div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
|
|
80
80
|
</div>
|
|
81
81
|
</body>
|
|
82
|
-
</html>`,Ve=f("/error",{method:"GET",metadata:C},e=>a(void 0,null,function*(){var n;let t=new URL(((n=e.request)==null?void 0:n.url)||"").searchParams.get("error")||"Unknown";return new Response(Bt(t),{headers:{"Content-Type":"text/html"}})}));var Me=f("/ok",{method:"GET",metadata:C},e=>a(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as He,generateRandomString as Ne}from"oslo/crypto";import{z as O}from"zod";var Fe=f("/sign-up/email",{method:"POST",query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({name:O.string(),email:O.string(),password:O.string(),image:O.string().optional(),callbackURL:O.string().optional()})},e=>a(void 0,null,function*(){var m,w,U,T;if(!((m=e.context.options.emailAndPassword)!=null&&m.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:t,email:n,password:o,image:r}=e.body;if(!O.string().email().safeParse(n).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let i=e.context.password.config.minPasswordLength;if(o.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(o.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let c=yield e.context.internalAdapter.findUserByEmail(n),u=yield e.context.password.hash(o);if(c!=null&&c.user)return e.json(null,{status:400,body:{message:"User already exists"}});let l=yield e.context.internalAdapter.createUser({id:Ne(32,He("a-z","0-9","A-Z")),email:n.toLowerCase(),name:t,image:r,emailVerified:!1,createdAt:new Date,updatedAt:new Date});yield e.context.internalAdapter.linkAccount({id:Ne(32,He("a-z","0-9","A-Z")),userId:l.id,providerId:"credential",accountId:l.id,password:u});let p=yield e.context.internalAdapter.createSession(l.id,e.request);if(yield x(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let L=yield Y(e.context.secret,l.email),b=`${e.context.baseURL}/verify-email?token=${L}&callbackURL=${e.body.callbackURL||((w=e.query)==null?void 0:w.currentURL)||"/"}`;yield(T=(U=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:T.call(U,l.email,b,L)}return e.json({user:l,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:l,session:p}})}));import ee from"chalk";function zt(e,t,n){let o=Date.now(),r=t*1e3;return o-n.lastRequest<r&&n.count>=e}function qt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Vt(e,t){let n=Date.now(),o=t*1e3;return Math.ceil((e+o-n)/1e3)}function Mt(e,t){let n=t!=null?t:"rateLimit",o=e.adapter;return{get:r=>a(this,null,function*(){return yield o.findOne({model:n,where:[{field:"key",value:r}]})}),set:(r,s,i)=>a(this,null,function*(){try{i?yield o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:r}],update:{count:s.count,lastRequest:s.lastRequest}}):yield o.create({model:t!=null?t:"rateLimit",data:{key:r,count:s.count,lastRequest:s.lastRequest}})}catch(d){_.error("Error setting rate limit",d)}})}}var Ge=new Map;function Ht(e){if(e.rateLimit.customStorage)return e.rateLimit.customStorage;if(e.rateLimit.storage==="memory"){let n;return{get(o){return a(this,null,function*(){return Ge.get(o)})},set(o,r,s){return a(this,null,function*(){Ge.set(o,r)})}}}return Mt(e,e.rateLimit.tableName)}function We(e,t){return a(this,null,function*(){if(!t.rateLimit.enabled)return;let n=t.baseURL,o=e.url.replace(n,""),r=t.rateLimit.window,s=t.rateLimit.max,i=N(e)+o,c=Nt().find(m=>m.pathMatcher(o));c&&(r=c.window,s=c.max);for(let m of t.options.plugins||[])if(m.rateLimit){let w=m.rateLimit.find(U=>U.pathMatcher(o));if(w){r=w.window,s=w.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(r=m.window,s=m.max)}let u=Ht(t),l=yield u.get(i),p=Date.now();if(!l)yield u.set(i,{key:i,count:1,lastRequest:p});else{let m=p-l.lastRequest;if(zt(s,r,l)){let w=Vt(l.lastRequest,r);return qt(w)}else m>r*1e3?yield u.set(i,k(g({},l),{count:1,lastRequest:p})):yield u.set(i,k(g({},l),{count:l.count+1,lastRequest:p}))}})}function Nt(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}function Wt(e,t){var d,c;let n=(d=e.options.plugins)==null?void 0:d.reduce((u,l)=>g(g({},u),l.endpoints),{}),o=((c=e.options.plugins)==null?void 0:c.map(u=>{var l;return(l=u.middlewares)==null?void 0:l.map(p=>{let m=w=>a(this,null,function*(){return p.middleware(k(g({},w),{context:g(g({},e),w.context)}))});return m.path=p.path,m.options=p.middleware.options,m.headers=p.middleware.headers,{path:p.path,middleware:m}})}).filter(u=>u!==void 0).flat())||[],r={signInOAuth:ve,callbackOAuth:_e,getCSRFToken:qe,getSession:Z(),signOut:Ie,signUpEmail:Fe,signInEmail:Pe,forgetPassword:Le,resetPassword:Ce,verifyEmail:De,sendVerificationEmail:je,changePassword:Be,setPassword:ze,updateUser:$e,forgetPasswordCallback:Ee,listSessions:Re(),revokeSession:Ue,revokeSessions:Te},s=k(g(g({},r),n),{ok:Me,error:Ve}),i={};for(let[u,l]of Object.entries(s))i[u]=p=>a(this,null,function*(){var U;let w=yield l(k(g({},p),{context:g(g({},e),p.context)}));for(let T of e.options.plugins||[])if((U=T.hooks)!=null&&U.after){for(let L of T.hooks.after)if(L.matcher(p)){let R=Object.assign(p,{context:k(g({},e),{returned:w})}),z=yield L.handler(R);z&&"response"in z&&(w=z.response)}}return w}),i[u].path=l.path,i[u].method=l.method,i[u].options=l.options,i[u].headers=l.headers;return{api:i,middlewares:o}}var Ii=(e,t)=>{let{api:n,middlewares:o}=Wt(e,t),r=new URL(e.baseURL).pathname;return Gt(n,{extraContext:e,basePath:r,routerMiddleware:[{path:"/**",middleware:ae},...o],onRequest(i){return a(this,null,function*(){return We(i,e)})},onError(i){var c,u,l,p;let d=(c=t.logger)!=null&&c.verboseLogging?_:void 0;if(((u=t.logger)==null?void 0:u.disabled)!==!0)if(i instanceof Ft)d==null||d.warn(i);else if(typeof i=="object"&&i!==null&&"message"in i){let m=i.message;if(!m||typeof m!="string"){d==null||d.error(i);return}m.includes("no such table")?(l=_)==null||l.error(`Please run ${ee.green("npx better-auth migrate")} to create the tables. There are missing tables in your SQLite database.`):m.includes("relation")&&m.includes("does not exist")?_.error(`Please run ${ee.green("npx better-auth migrate")} to create the tables. There are missing tables in your PostgreSQL database.`):m.includes("Table")&&m.includes("doesn't exist")?(p=_)==null||p.error(`Please run ${ee.green("npx better-auth migrate")} to create the tables. There are missing tables in your MySQL database.`):d==null||d.error(i)}else d==null||d.error(i)}})};export{_e as callbackOAuth,Be as changePassword,f as createAuthEndpoint,H as createAuthMiddleware,Y as createEmailVerificationToken,ae as csrfMiddleware,Ve as error,Le as forgetPassword,Ee as forgetPasswordCallback,qe as getCSRFToken,Wt as getEndpoints,Z as getSession,K as getSessionFromCtx,Re as listSessions,Me as ok,ne as optionsMiddleware,Ce as resetPassword,Ue as revokeSession,Te as revokeSessions,Ii as router,je as sendVerificationEmail,B as sessionMiddleware,ze as setPassword,Pe as signInEmail,ve as signInOAuth,Ie as signOut,Fe as signUpEmail,$e as updateUser,De as verifyEmail};
|
|
82
|
+
</html>`,Ve=f("/error",{method:"GET",metadata:C},e=>a(void 0,null,function*(){var n;let t=new URL(((n=e.request)==null?void 0:n.url)||"").searchParams.get("error")||"Unknown";return new Response(Bt(t),{headers:{"Content-Type":"text/html"}})}));var Me=f("/ok",{method:"GET",metadata:C},e=>a(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as He,generateRandomString as Ne}from"oslo/crypto";import{z as O}from"zod";var Fe=f("/sign-up/email",{method:"POST",query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({name:O.string(),email:O.string(),password:O.string(),image:O.string().optional(),callbackURL:O.string().optional()})},e=>a(void 0,null,function*(){var m,w,U,T;if(!((m=e.context.options.emailAndPassword)!=null&&m.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:t,email:n,password:o,image:r}=e.body;if(!O.string().email().safeParse(n).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let i=e.context.password.config.minPasswordLength;if(o.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(o.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let c=yield e.context.internalAdapter.findUserByEmail(n),u=yield e.context.password.hash(o);if(c!=null&&c.user)return e.json(null,{status:400,body:{message:"User already exists"}});let l=yield e.context.internalAdapter.createUser({id:Ne(32,He("a-z","0-9","A-Z")),email:n.toLowerCase(),name:t,image:r,emailVerified:!1,createdAt:new Date,updatedAt:new Date});yield e.context.internalAdapter.linkAccount({id:Ne(32,He("a-z","0-9","A-Z")),userId:l.id,providerId:"credential",accountId:l.id,password:u});let p=yield e.context.internalAdapter.createSession(l.id,e.request);if(yield x(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let L=yield Y(e.context.secret,l.email),b=`${e.context.baseURL}/verify-email?token=${L}&callbackURL=${e.body.callbackURL||((w=e.query)==null?void 0:w.currentURL)||"/"}`;yield(T=(U=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:T.call(U,l.email,b,L)}return e.json({user:l,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:l,session:p}})}));import ee from"chalk";function zt(e,t,n){let o=Date.now(),r=t*1e3;return o-n.lastRequest<r&&n.count>=e}function qt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Vt(e,t){let n=Date.now(),o=t*1e3;return Math.ceil((e+o-n)/1e3)}function Mt(e,t){let n=t!=null?t:"rateLimit",o=e.adapter;return{get:r=>a(this,null,function*(){return yield o.findOne({model:n,where:[{field:"key",value:r}]})}),set:(r,s,i)=>a(this,null,function*(){try{i?yield o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:r}],update:{count:s.count,lastRequest:s.lastRequest}}):yield o.create({model:t!=null?t:"rateLimit",data:{key:r,count:s.count,lastRequest:s.lastRequest}})}catch(d){_.error("Error setting rate limit",d)}})}}var Ge=new Map;function Ht(e){if(e.rateLimit.customStorage)return e.rateLimit.customStorage;if(e.rateLimit.storage==="memory"){let n;return{get(o){return a(this,null,function*(){return Ge.get(o)})},set(o,r,s){return a(this,null,function*(){Ge.set(o,r)})}}}return Mt(e,e.rateLimit.tableName)}function We(e,t){return a(this,null,function*(){if(!t.rateLimit.enabled)return;let n=t.baseURL,o=e.url.replace(n,""),r=t.rateLimit.window,s=t.rateLimit.max,i=N(e)+o,c=Nt().find(m=>m.pathMatcher(o));c&&(r=c.window,s=c.max);for(let m of t.options.plugins||[])if(m.rateLimit){let w=m.rateLimit.find(U=>U.pathMatcher(o));if(w){r=w.window,s=w.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(r=m.window,s=m.max)}let u=Ht(t),l=yield u.get(i),p=Date.now();if(!l)yield u.set(i,{key:i,count:1,lastRequest:p});else{let m=p-l.lastRequest;if(zt(s,r,l)){let w=Vt(l.lastRequest,r);return qt(w)}else m>r*1e3?yield u.set(i,k(g({},l),{count:1,lastRequest:p})):yield u.set(i,k(g({},l),{count:l.count+1,lastRequest:p}))}})}function Nt(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}function Wt(e,t){var d,c;let n=(d=e.options.plugins)==null?void 0:d.reduce((u,l)=>g(g({},u),l.endpoints),{}),o=((c=e.options.plugins)==null?void 0:c.map(u=>{var l;return(l=u.middlewares)==null?void 0:l.map(p=>{let m=w=>a(this,null,function*(){return p.middleware(k(g({},w),{context:g(g({},e),w.context)}))});return m.path=p.path,m.options=p.middleware.options,m.headers=p.middleware.headers,{path:p.path,middleware:m}})}).filter(u=>u!==void 0).flat())||[],r={signInOAuth:ve,callbackOAuth:_e,getCSRFToken:qe,getSession:Z(),signOut:Ie,signUpEmail:Fe,signInEmail:Pe,forgetPassword:Le,resetPassword:Ce,verifyEmail:De,sendVerificationEmail:je,changePassword:Be,setPassword:ze,updateUser:$e,forgetPasswordCallback:Ee,listSessions:Re(),revokeSession:Ue,revokeSessions:Te},s=k(g(g({},r),n),{ok:Me,error:Ve}),i={};for(let[u,l]of Object.entries(s))i[u]=p=>a(this,null,function*(){var U;let w=yield l(k(g({},p),{context:g(g({},e),p.context)}));for(let T of e.options.plugins||[])if((U=T.hooks)!=null&&U.after){for(let L of T.hooks.after)if(L.matcher(p)){let R=Object.assign(p,{context:k(g({},e),{returned:w})}),z=yield L.handler(R);z&&"response"in z&&(w=z.response)}}return w}),i[u].path=l.path,i[u].method=l.method,i[u].options=l.options,i[u].headers=l.headers;return{api:i,middlewares:o}}var Ii=(e,t)=>{let{api:n,middlewares:o}=Wt(e,t),r=new URL(e.baseURL).pathname;return Gt(n,{extraContext:e,basePath:r,routerMiddleware:[{path:"/**",middleware:ae},...o],onRequest(i){return a(this,null,function*(){for(let d of e.options.plugins||[])if(d.onRequest){let c=yield d.onRequest(i,e);if(c)return c}return We(i,e)})},onResponse(i){return a(this,null,function*(){for(let d of e.options.plugins||[])if(d.onResponse){let c=yield d.onResponse(i,e);if(c)return c.response}return i})},onError(i){var c,u,l,p;let d=(c=t.logger)!=null&&c.verboseLogging?_:void 0;if(((u=t.logger)==null?void 0:u.disabled)!==!0)if(i instanceof Ft)d==null||d.warn(i);else if(typeof i=="object"&&i!==null&&"message"in i){let m=i.message;if(!m||typeof m!="string"){d==null||d.error(i);return}m.includes("no such table")?(l=_)==null||l.error(`Please run ${ee.green("npx better-auth migrate")} to create the tables. There are missing tables in your SQLite database.`):m.includes("relation")&&m.includes("does not exist")?_.error(`Please run ${ee.green("npx better-auth migrate")} to create the tables. There are missing tables in your PostgreSQL database.`):m.includes("Table")&&m.includes("doesn't exist")?(p=_)==null||p.error(`Please run ${ee.green("npx better-auth migrate")} to create the tables. There are missing tables in your MySQL database.`):d==null||d.error(i)}else d==null||d.error(i)}})};export{_e as callbackOAuth,Be as changePassword,f as createAuthEndpoint,H as createAuthMiddleware,Y as createEmailVerificationToken,ae as csrfMiddleware,Ve as error,Le as forgetPassword,Ee as forgetPasswordCallback,qe as getCSRFToken,Wt as getEndpoints,Z as getSession,K as getSessionFromCtx,Re as listSessions,Me as ok,ne as optionsMiddleware,Ce as resetPassword,Ue as revokeSession,Te as revokeSessions,Ii as router,je as sendVerificationEmail,B as sessionMiddleware,ze as setPassword,Pe as signInEmail,ve as signInOAuth,Ie as signOut,Fe as signUpEmail,$e as updateUser,De as verifyEmail};
|
package/dist/client/plugins.d.ts
CHANGED
|
@@ -2,14 +2,14 @@ import * as nanostores from 'nanostores';
|
|
|
2
2
|
import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CU-fdHXK.js';
|
|
3
3
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
4
4
|
import { BetterFetchOption } from '@better-fetch/fetch';
|
|
5
|
-
import { o as organization, d as Organization, M as Member, I as Invitation, u as username, m as magicLink } from '../index-
|
|
6
|
-
export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-
|
|
5
|
+
import { o as organization, d as Organization, M as Member, I as Invitation, u as username, m as magicLink } from '../index-BD5tEEdN.js';
|
|
6
|
+
export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-BD5tEEdN.js';
|
|
7
7
|
import { P as Prettify } from '../helper-C1ihmerM.js';
|
|
8
8
|
import '../index-C8A40nOX.js';
|
|
9
9
|
import 'arctic';
|
|
10
10
|
import 'zod';
|
|
11
11
|
import 'better-call';
|
|
12
|
-
import '../index-
|
|
12
|
+
import '../index-wJcPCm9A.js';
|
|
13
13
|
import 'kysely';
|
|
14
14
|
import '@simplewebauthn/types';
|
|
15
15
|
|
package/dist/client.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ import * as nanostores from 'nanostores';
|
|
|
3
3
|
import { PreinitializedWritableAtom } from 'nanostores';
|
|
4
4
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
5
5
|
import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/fetch';
|
|
6
|
-
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-
|
|
6
|
+
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-wJcPCm9A.js';
|
|
7
7
|
import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
|
|
8
8
|
import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, InferSessionFromClient, InferUserFromClient, IsSignal } from './types.js';
|
|
9
9
|
export { AtomListener, InferPluginsFromClient } from './types.js';
|
|
@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-C1ihmerM.js';
|
|
|
5
5
|
import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CU-fdHXK.js';
|
|
6
6
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
7
7
|
import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
|
|
8
|
-
import { H as HookEndpointContext } from './index-
|
|
8
|
+
import { H as HookEndpointContext } from './index-wJcPCm9A.js';
|
|
9
9
|
import * as nanostores from 'nanostores';
|
|
10
10
|
import { atom } from 'nanostores';
|
|
11
11
|
import * as _simplewebauthn_types from '@simplewebauthn/types';
|
|
@@ -389,8 +389,8 @@ declare const getAuthTables: (options: BetterAuthOptions) => {
|
|
|
389
389
|
|
|
390
390
|
declare function getAdapter(options: BetterAuthOptions): Adapter;
|
|
391
391
|
|
|
392
|
-
type HookEndpointContext = ContextTools & {
|
|
393
|
-
context: AuthContext;
|
|
392
|
+
type HookEndpointContext<C extends Record<string, any> = {}> = ContextTools & {
|
|
393
|
+
context: AuthContext & C;
|
|
394
394
|
} & {
|
|
395
395
|
body: any;
|
|
396
396
|
request?: Request;
|
|
@@ -1211,6 +1211,14 @@ type BetterAuthPlugin = {
|
|
|
1211
1211
|
path: string;
|
|
1212
1212
|
middleware: Endpoint;
|
|
1213
1213
|
}[];
|
|
1214
|
+
onRequest?: (request: Request, ctx: AuthContext) => Promise<{
|
|
1215
|
+
response: Response;
|
|
1216
|
+
} | {
|
|
1217
|
+
request: Request;
|
|
1218
|
+
} | void>;
|
|
1219
|
+
onResponse?: (response: Response, ctx: AuthContext) => Promise<{
|
|
1220
|
+
response: Response;
|
|
1221
|
+
} | void>;
|
|
1214
1222
|
hooks?: {
|
|
1215
1223
|
before?: {
|
|
1216
1224
|
matcher: (context: HookEndpointContext) => boolean;
|
|
@@ -1220,9 +1228,9 @@ type BetterAuthPlugin = {
|
|
|
1220
1228
|
}[];
|
|
1221
1229
|
after?: {
|
|
1222
1230
|
matcher: (context: HookEndpointContext) => boolean;
|
|
1223
|
-
handler: (context: HookEndpointContext
|
|
1231
|
+
handler: (context: HookEndpointContext<{
|
|
1224
1232
|
returned: EndpointResponse;
|
|
1225
|
-
}) => Promise<void | {
|
|
1233
|
+
}>) => Promise<void | {
|
|
1226
1234
|
response: EndpointResponse;
|
|
1227
1235
|
}>;
|
|
1228
1236
|
}[];
|
|
@@ -1594,17 +1602,17 @@ declare const signInOAuth: {
|
|
|
1594
1602
|
/**
|
|
1595
1603
|
* OAuth2 provider to use`
|
|
1596
1604
|
*/
|
|
1597
|
-
provider: z.ZodEnum<["github", ...("
|
|
1605
|
+
provider: z.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
1598
1606
|
/**
|
|
1599
1607
|
* If this is true the session will only be valid for the current browser session
|
|
1600
1608
|
*/
|
|
1601
1609
|
dontRememberMe: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
|
|
1602
1610
|
}, "strip", z.ZodTypeAny, {
|
|
1603
|
-
provider: "
|
|
1611
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
1604
1612
|
callbackURL?: string | undefined;
|
|
1605
1613
|
dontRememberMe?: boolean | undefined;
|
|
1606
1614
|
}, {
|
|
1607
|
-
provider: "
|
|
1615
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
1608
1616
|
callbackURL?: string | undefined;
|
|
1609
1617
|
dontRememberMe?: boolean | undefined;
|
|
1610
1618
|
}>;
|
|
@@ -1637,17 +1645,17 @@ declare const signInOAuth: {
|
|
|
1637
1645
|
/**
|
|
1638
1646
|
* OAuth2 provider to use`
|
|
1639
1647
|
*/
|
|
1640
|
-
provider: z.ZodEnum<["github", ...("
|
|
1648
|
+
provider: z.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
1641
1649
|
/**
|
|
1642
1650
|
* If this is true the session will only be valid for the current browser session
|
|
1643
1651
|
*/
|
|
1644
1652
|
dontRememberMe: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
|
|
1645
1653
|
}, "strip", z.ZodTypeAny, {
|
|
1646
|
-
provider: "
|
|
1654
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
1647
1655
|
callbackURL?: string | undefined;
|
|
1648
1656
|
dontRememberMe?: boolean | undefined;
|
|
1649
1657
|
}, {
|
|
1650
|
-
provider: "
|
|
1658
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
1651
1659
|
callbackURL?: string | undefined;
|
|
1652
1660
|
dontRememberMe?: boolean | undefined;
|
|
1653
1661
|
}>;
|
|
@@ -2731,14 +2739,14 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
|
|
|
2731
2739
|
}>>;
|
|
2732
2740
|
body: zod.ZodObject<{
|
|
2733
2741
|
callbackURL: zod.ZodOptional<zod.ZodString>;
|
|
2734
|
-
provider: zod.ZodEnum<["github", ...("
|
|
2742
|
+
provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
2735
2743
|
dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
|
|
2736
2744
|
}, "strip", zod.ZodTypeAny, {
|
|
2737
|
-
provider: "
|
|
2745
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
2738
2746
|
callbackURL?: string | undefined;
|
|
2739
2747
|
dontRememberMe?: boolean | undefined;
|
|
2740
2748
|
}, {
|
|
2741
|
-
provider: "
|
|
2749
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
2742
2750
|
callbackURL?: string | undefined;
|
|
2743
2751
|
dontRememberMe?: boolean | undefined;
|
|
2744
2752
|
}>;
|
|
@@ -2761,14 +2769,14 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
|
|
|
2761
2769
|
}>>;
|
|
2762
2770
|
body: zod.ZodObject<{
|
|
2763
2771
|
callbackURL: zod.ZodOptional<zod.ZodString>;
|
|
2764
|
-
provider: zod.ZodEnum<["github", ...("
|
|
2772
|
+
provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
2765
2773
|
dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
|
|
2766
2774
|
}, "strip", zod.ZodTypeAny, {
|
|
2767
|
-
provider: "
|
|
2775
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
2768
2776
|
callbackURL?: string | undefined;
|
|
2769
2777
|
dontRememberMe?: boolean | undefined;
|
|
2770
2778
|
}, {
|
|
2771
|
-
provider: "
|
|
2779
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
2772
2780
|
callbackURL?: string | undefined;
|
|
2773
2781
|
dontRememberMe?: boolean | undefined;
|
|
2774
2782
|
}>;
|
|
@@ -3728,14 +3736,14 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
|
|
|
3728
3736
|
}>>;
|
|
3729
3737
|
body: zod.ZodObject<{
|
|
3730
3738
|
callbackURL: zod.ZodOptional<zod.ZodString>;
|
|
3731
|
-
provider: zod.ZodEnum<["github", ...("
|
|
3739
|
+
provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
3732
3740
|
dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
|
|
3733
3741
|
}, "strip", zod.ZodTypeAny, {
|
|
3734
|
-
provider: "
|
|
3742
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
3735
3743
|
callbackURL?: string | undefined;
|
|
3736
3744
|
dontRememberMe?: boolean | undefined;
|
|
3737
3745
|
}, {
|
|
3738
|
-
provider: "
|
|
3746
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
3739
3747
|
callbackURL?: string | undefined;
|
|
3740
3748
|
dontRememberMe?: boolean | undefined;
|
|
3741
3749
|
}>;
|
|
@@ -3758,14 +3766,14 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
|
|
|
3758
3766
|
}>>;
|
|
3759
3767
|
body: zod.ZodObject<{
|
|
3760
3768
|
callbackURL: zod.ZodOptional<zod.ZodString>;
|
|
3761
|
-
provider: zod.ZodEnum<["github", ...("
|
|
3769
|
+
provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
3762
3770
|
dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
|
|
3763
3771
|
}, "strip", zod.ZodTypeAny, {
|
|
3764
|
-
provider: "
|
|
3772
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
3765
3773
|
callbackURL?: string | undefined;
|
|
3766
3774
|
dontRememberMe?: boolean | undefined;
|
|
3767
3775
|
}, {
|
|
3768
|
-
provider: "
|
|
3776
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
3769
3777
|
callbackURL?: string | undefined;
|
|
3770
3778
|
dontRememberMe?: boolean | undefined;
|
|
3771
3779
|
}>;
|
|
@@ -4727,14 +4735,14 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
|
|
|
4727
4735
|
}>>;
|
|
4728
4736
|
body: zod.ZodObject<{
|
|
4729
4737
|
callbackURL: zod.ZodOptional<zod.ZodString>;
|
|
4730
|
-
provider: zod.ZodEnum<["github", ...("
|
|
4738
|
+
provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
4731
4739
|
dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
|
|
4732
4740
|
}, "strip", zod.ZodTypeAny, {
|
|
4733
|
-
provider: "
|
|
4741
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
4734
4742
|
callbackURL?: string | undefined;
|
|
4735
4743
|
dontRememberMe?: boolean | undefined;
|
|
4736
4744
|
}, {
|
|
4737
|
-
provider: "
|
|
4745
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
4738
4746
|
callbackURL?: string | undefined;
|
|
4739
4747
|
dontRememberMe?: boolean | undefined;
|
|
4740
4748
|
}>;
|
|
@@ -4757,14 +4765,14 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
|
|
|
4757
4765
|
}>>;
|
|
4758
4766
|
body: zod.ZodObject<{
|
|
4759
4767
|
callbackURL: zod.ZodOptional<zod.ZodString>;
|
|
4760
|
-
provider: zod.ZodEnum<["github", ...("
|
|
4768
|
+
provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter")[]]>;
|
|
4761
4769
|
dontRememberMe: zod.ZodOptional<zod.ZodDefault<zod.ZodBoolean>>;
|
|
4762
4770
|
}, "strip", zod.ZodTypeAny, {
|
|
4763
|
-
provider: "
|
|
4771
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
4764
4772
|
callbackURL?: string | undefined;
|
|
4765
4773
|
dontRememberMe?: boolean | undefined;
|
|
4766
4774
|
}, {
|
|
4767
|
-
provider: "
|
|
4775
|
+
provider: "apple" | "discord" | "facebook" | "github" | "google" | "spotify" | "twitch" | "twitter";
|
|
4768
4776
|
callbackURL?: string | undefined;
|
|
4769
4777
|
dontRememberMe?: boolean | undefined;
|
|
4770
4778
|
}>;
|
|
@@ -5681,4 +5689,4 @@ type Auth = {
|
|
|
5681
5689
|
options: BetterAuthOptions;
|
|
5682
5690
|
};
|
|
5683
5691
|
|
|
5684
|
-
export { ok as $, type
|
|
5692
|
+
export { ok as $, type Auth as A, type BetterAuthPlugin as B, getSessionFromCtx as C, sessionMiddleware as D, listSessions as E, type FieldAttribute as F, type GenericEndpointContext as G, type HookEndpointContext as H, type InferFieldOutput as I, revokeSession as J, revokeSessions as K, signOut as L, forgetPassword as M, forgetPasswordCallback as N, resetPassword as O, type PluginSchema as P, createEmailVerificationToken as Q, type RateLimit as R, type SessionAdapter as S, sendVerificationEmail as T, verifyEmail as U, updateUser as V, type Where as W, changePassword as X, setPassword as Y, getCSRFToken as Z, error as _, type BetterAuthOptions as a, signUpEmail as a0, csrfMiddleware as a1, betterAuth as a2, type AuthContext as b, createAuthMiddleware as c, createAuthEndpoint as d, type AuthEndpoint as e, type AuthMiddleware as f, getCookies as g, createCookieGetter as h, type BetterAuthCookies as i, deleteSessionCookie as j, createLogger as k, logger as l, type InferSession as m, type InferUser as n, optionsMiddleware as o, parseSetCookieHeader as p, type InferPluginTypes as q, init as r, setSessionCookie as s, type Adapter as t, getEndpoints as u, router as v, signInOAuth as w, signInEmail as x, callbackOAuth as y, getSession as z };
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
var Pt=Object.defineProperty,vt=Object.defineProperties;var It=Object.getOwnPropertyDescriptors;var K=Object.getOwnPropertySymbols;var ye=Object.prototype.hasOwnProperty,be=Object.prototype.propertyIsEnumerable;var he=(e,t,n)=>t in e?Pt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,f=(e,t)=>{for(var n in t||(t={}))ye.call(t,n)&&he(e,n,t[n]);if(K)for(var n of K(t))be.call(t,n)&&he(e,n,t[n]);return e},w=(e,t)=>vt(e,It(t));var we=(e,t)=>{var n={};for(var o in e)ye.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(e!=null&&K)for(var o of K(e))t.indexOf(o)<0&&be.call(e,o)&&(n[o]=e[o]);return n};var d=(e,t,n)=>new Promise((o,r)=>{var i=c=>{try{a(n.next(c))}catch(u){r(u)}},s=c=>{try{a(n.throw(c))}catch(u){r(u)}},a=c=>c.done?o(c.value):Promise.resolve(c.value).then(i,s);a((n=n.apply(e,t)).next())});import{APIError as Ar,createRouter as kr}from"better-call";import{APIError as Re}from"better-call";import{z as Te}from"zod";import{xchacha20poly1305 as Br}from"@noble/ciphers/chacha";import{bytesToHex as jr,hexToBytes as qr,utf8ToBytes as Nr}from"@noble/ciphers/utils";import{managedNonce as Fr}from"@noble/ciphers/webcrypto";import{sha256 as Vr}from"@noble/hashes/sha256";function W(e,t){return d(this,null,function*(){let n=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},r=yield crypto.subtle.importKey("raw",n.encode(e),o,!1,["sign","verify"]),i=yield crypto.subtle.sign(o.name,r,n.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))})}import{createEndpointCreator as St,createMiddleware as Ae,createMiddlewareCreator as Lt}from"better-call";var ke=Ae(()=>d(void 0,null,function*(){return{}})),J=Lt({use:[ke,Ae(()=>d(void 0,null,function*(){return{}}))]}),h=St({use:[ke]});var
|
|
2
|
-
`)}}),O=ne();var Le=e=>{let t=new Ft(e.clientId,e.clientSecret,A("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:o,scopes:r,codeVerifier:i,redirectURI:s}){if(!e.clientId||!e.clientSecret)throw O.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new I("CLIENT_ID_AND_SECRET_REQUIRED");if(!i)throw new I("codeVerifier is required for Google");let a=r||["email","profile"];return t.createAuthorizationURL(o,i,a)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:i||A("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(o){return d(this,null,function*(){var i;if(!o.idToken)return null;let r=(i=zt(o.idToken()))==null?void 0:i.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as Vt}from"@better-fetch/fetch";import{Spotify as Mt}from"arctic";var Oe=e=>{let t=new Mt(e.clientId,e.clientSecret,A("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:o,scopes:r}){let i=r||["user-read-email"];return t.createAuthorizationURL(o,i)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:i||A("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(o){return d(this,null,function*(){var s;let{data:r,error:i}=yield Vt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return i?null:{user:{id:r.id,name:r.display_name,email:r.email,image:(s=r.images[0])==null?void 0:s.url,emailVerified:!1},data:r}})}}};import{betterFetch as Ht}from"@better-fetch/fetch";import{Twitch as Gt}from"arctic";var _e=e=>{let t=new Gt(e.clientId,e.clientSecret,A("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:o,scopes:r}){let i=r||["activity:write","read"];return t.createAuthorizationURL(o,i)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:i||A("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return d(this,null,function*(){let{data:r,error:i}=yield Ht("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return i?null:{user:{id:r.sub,name:r.preferred_username,email:r.email,image:r.picture,emailVerified:!1},data:r}})}}};import{betterFetch as Kt}from"@better-fetch/fetch";import{Twitter as Wt}from"arctic";var Ee=e=>{let t=new Wt(e.clientId,e.clientSecret,A("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(o){let r=o.scopes||["account_info.read"];return t.createAuthorizationURL(o.state,o.codeVerifier,r)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:i||A("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return d(this,null,function*(){let{data:r,error:i}=yield Kt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return i||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}})}}};import"arctic";var se={apple:Ue,discord:Pe,facebook:ve,github:Se,google:Le,spotify:Oe,twitch:_e,twitter:Ee},Ce=Object.keys(se);import{generateState as Jt}from"oslo/oauth2";import{z as V}from"zod";function Be(e,t,n){let o=Jt();return{state:JSON.stringify({code:o,callbackURL:e,currentURL:t,dontRememberMe:n}),code:o}}function ie(e){return V.object({code:V.string(),callbackURL:V.string().optional(),currentURL:V.string().optional(),dontRememberMe:V.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as Qt}from"better-call";var M=(e,t=!1)=>{let n=new Date;return new Date(n.getTime()+(t?e*1e3:e))};import{TimeSpan as Zt}from"oslo";function De(e){var i;let n=!!((i=e.advanced)!=null&&i.useSecureCookies)||process.env.NODE_ENV!=="development"&&process.env.NODE_ENV!=="test"?"__Secure-":"",o="better-auth",r=new Zt(7,"d").seconds();return{sessionToken:{name:`${n}${o}.session_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:r}},csrfToken:{name:`${n?"__Host-":""}${o}.csrf_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*60*24*7}},state:{name:`${n}${o}.state`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},pkCodeVerifier:{name:`${n}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},dontRememberToken:{name:`${n}${o}.dont_remember`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n}},nonce:{name:`${n}${o}.nonce`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}}}}function je(e){var i;let n=!!((i=e.advanced)!=null&&i.useSecureCookies)||process.env.NODE_ENV==="production"?"__Secure-":"",o="better-auth";function r(s,a){return{name:process.env.NODE_ENV==="production"?`${n}${o}.${s}`:`${o}.${s}`,options:f({secure:!!n,sameSite:"lax",path:"/",maxAge:60*15},a)}}return r}function _(e,t,n,o){return d(this,null,function*(){let r=e.context.authCookies.sessionToken.options;r.maxAge=n?void 0:r.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,r),n&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function H(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as qe}from"zod";function Q(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let n=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of n){let r=e.headers.get(o);if(typeof r=="string"){let i=r.split(",")[0].trim();if(i)return i}}return null}var ae=new Map;function Xt(e,t){if(!e.request)return"";let{method:n,url:o,headers:r}=e.request,i=e.request.headers.get("User-Agent")||"",s=Q(e.request)||"",a=JSON.stringify(r);return`${n}:${o}:${a}:${i}:${s}:${t}`}var de=()=>h("/session",{method:"GET",requireHeaders:!0},e=>d(void 0,null,function*(){try{let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let n=Xt(e,t),o=ae.get(n);if(o){if(o.expiresAt>Date.now())return e.json(o.data);ae.delete(n)}let r=yield e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return H(e),r&&(yield e.context.internalAdapter.deleteSession(r.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let s=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-s*1e3+a*1e3<=Date.now()){let l=yield e.context.internalAdapter.updateSession(r.session.id,{expiresAt:M(e.context.sessionConfig.expiresIn,!0)});if(!l)return H(e),e.json(null,{status:401});let p=(l.expiresAt.valueOf()-Date.now())/1e3;return yield _(e,l.id,!1,{maxAge:p}),e.json({session:l,user:r.user})}return ae.set(n,{data:r,expiresAt:Date.now()+5e3}),e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}})),ce=e=>d(void 0,null,function*(){return yield de()(w(f({},e),{_flag:void 0}))}),N=J(e=>d(void 0,null,function*(){let t=yield ce(e);if(!(t!=null&&t.session))throw new Qt("UNAUTHORIZED");return{session:t}})),Ne=()=>h("/user/list-sessions",{method:"GET",use:[N],requireHeaders:!0},e=>d(void 0,null,function*(){let n=(yield e.context.adapter.findMany({model:e.context.tables.session.tableName,where:[{field:"userId",value:e.context.session.user.id}]})).filter(o=>o.expiresAt>new Date);return e.json(n)})),$e=h("/user/revoke-session",{method:"POST",body:qe.object({id:qe.string()}),use:[N],requireHeaders:!0},e=>d(void 0,null,function*(){let t=e.body.id,n=yield e.context.internalAdapter.findSession(t);if(!n)return e.json(null,{status:400});if(n.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(t)}catch(o){return e.context.logger.error(o),e.json(null,{status:500})}return e.json({status:!0})})),Fe=h("/user/revoke-sessions",{method:"POST",use:[N],requireHeaders:!0},e=>d(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}return e.json({status:!0})}));var ze=h("/sign-in/social",{method:"POST",requireHeaders:!0,query:S.object({currentURL:S.string().optional()}).optional(),body:S.object({callbackURL:S.string().optional(),provider:S.enum(Ce),dontRememberMe:S.boolean().default(!1).optional()})},e=>d(void 0,null,function*(){var s,a,c,u;let t=e.context.socialProviders.find(l=>l.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new D("NOT_FOUND",{message:"Provider not found"});let n=e.context.authCookies,o=(s=e.query)!=null&&s.currentURL?new URL((a=e.query)==null?void 0:a.currentURL):null,r=(c=e.body.callbackURL)!=null&&c.startsWith("http")?e.body.callbackURL:`${o==null?void 0:o.origin}${e.body.callbackURL||""}`,i=Be(r||(o==null?void 0:o.origin)||e.context.baseURL,(u=e.query)==null?void 0:u.currentURL);try{yield e.setSignedCookie(n.state.name,i.code,e.context.secret,n.state.options);let l=Yt();yield e.setSignedCookie(n.pkCodeVerifier.name,l,e.context.secret,n.pkCodeVerifier.options);let p=t.createAuthorizationURL({state:i.state,codeVerifier:l});return p.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:p.toString(),state:i.state,codeVerifier:l,redirect:!0}}catch(l){throw new D("INTERNAL_SERVER_ERROR")}})),Ve=h("/sign-in/email",{method:"POST",body:S.object({email:S.string().email(),password:S.string(),callbackURL:S.string().optional(),dontRememberMe:S.boolean().default(!1).optional()})},e=>d(void 0,null,function*(){var l,p;if(!((p=(l=e.context.options)==null?void 0:l.emailAndPassword)!=null&&p.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new D("BAD_REQUEST",{message:"Email and password is not enabled"});let t=yield ce(e);t&&(yield e.context.internalAdapter.deleteSession(t.session.id));let{email:n,password:o}=e.body;if(!S.string().email().safeParse(n).success)throw new D("BAD_REQUEST",{message:"Invalid email"});let i=yield e.context.internalAdapter.findUserByEmail(n);if(!i)throw yield e.context.password.hash(o),e.context.logger.error("User not found",{email:n}),new D("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(m=>m.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:n}),new D("UNAUTHORIZED",{message:"Invalid email or password"});let a=s==null?void 0:s.password;if(!a)throw e.context.logger.error("Password not found",{email:n}),new D("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(a,o)))throw e.context.logger.error("Invalid password"),new D("UNAUTHORIZED",{message:"Invalid email or password"});let u=yield e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);return yield _(e,u.id,e.body.dontRememberMe),e.json({user:i.user,session:u,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as rr}from"better-call";import{z as X}from"zod";import{z as y}from"zod";var ts=y.object({id:y.string(),providerId:y.string(),accountId:y.string(),userId:y.string(),accessToken:y.string().nullable().optional(),refreshToken:y.string().nullable().optional(),idToken:y.string().nullable().optional(),expiresAt:y.date().nullable().optional(),password:y.string().optional().nullable()}),Me=y.object({id:y.string(),email:y.string().transform(e=>e.toLowerCase()),emailVerified:y.boolean().default(!1),name:y.string(),image:y.string().optional(),createdAt:y.date().default(new Date),updatedAt:y.date().default(new Date)}),rs=y.object({id:y.string(),userId:y.string(),expiresAt:y.date(),ipAddress:y.string().optional(),userAgent:y.string().optional()});import{alphabet as er,generateRandomString as tr}from"oslo/crypto";var He=()=>tr(36,er("a-z","0-9"));var j={isAction:!1};function le(e){let t=e.accessToken(),n=e.hasRefreshToken()?e.refreshToken():void 0,o;try{o=e.accessTokenExpiresAt()}catch(r){}return{accessToken:t,refreshToken:n,expiresAt:o}}var Ge=h("/callback/:id",{method:"GET",query:X.object({state:X.string(),code:X.string().optional(),error:X.string().optional()}),metadata:j},e=>d(void 0,null,function*(){var T,k,U;if(e.query.error||!e.query.code){let R=((T=ie(e.query.state).data)==null?void 0:T.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${R}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(b=>b.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let n=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),o;try{o=yield t.validateAuthorizationCode(e.query.code,n,`${e.context.baseURL}/callback/${t.id}`)}catch(b){throw e.context.logger.error(b),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let r=yield t.getUserInfo(o).then(b=>b==null?void 0:b.user),i=He(),s=Me.safeParse(w(f({},r),{id:i})),a=ie(e.query.state);if(!a.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:c,currentURL:u,dontRememberMe:l}=a.data;if(!r||s.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!c)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let p=yield e.context.internalAdapter.findUserByEmail(r.email),m=p==null?void 0:p.user.id;if(p){let b=p.accounts.find(v=>v.providerId===t.id),R=(U=(k=e.context.options.account)==null?void 0:k.accountLinking)==null?void 0:U.trustedProviders,P=R?R.includes(t.id):!0;if(!b&&(!r.emailVerified||!P)){let v;try{v=new URL(u||c),v.searchParams.set("error","account_not_linked")}catch(re){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(v.toString())}if(!b)try{yield e.context.internalAdapter.linkAccount(f({providerId:t.id,accountId:r.id,id:`${t.id}:${r.id}`,userId:p.user.id},le(o)))}catch(v){throw console.log(v),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(s.data,w(f({},le(o)),{id:`${t.id}:${r.id}`,providerId:t.id,accountId:r.id,userId:i}))}catch(b){let R=new URL(u||c);throw R.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",R.toString()),e.redirect(R.toString())}if(!m&&!i)throw new rr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let g=yield e.context.internalAdapter.createSession(m||i,e.request,l);try{yield _(e,g.id,l)}catch(b){e.context.logger.error("Unable to set session cookie",b);let R=new URL(u||c);throw R.searchParams.set("error","unable_to_create_session"),e.redirect(R.toString())}throw e.redirect(c)}));import{z as ue}from"zod";var Ke=h("/sign-out",{method:"POST",body:ue.optional(ue.object({callbackURL:ue.string().optional()}))},e=>d(void 0,null,function*(){var n,o;let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return t?(yield e.context.internalAdapter.deleteSession(t),H(e),e.json(null,{body:{redirect:!!((n=e.body)!=null&&n.callbackURL),url:(o=e.body)==null?void 0:o.callbackURL}})):e.json(null)}));import{TimeSpan as or}from"oslo";import{createJWT as nr,parseJWT as sr}from"oslo/jwt";import{validateJWT as We}from"oslo/jwt";import{z as L}from"zod";var Je=h("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()})},e=>d(void 0,null,function*(){var i;if(!((i=e.context.options.emailAndPassword)!=null&&i.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:t}=e.body,n=yield e.context.internalAdapter.findUserByEmail(t);if(!n)return e.json({status:!1},{body:{status:!0}});let o=yield nr("HS256",Buffer.from(e.context.secret),{email:n.user.email,redirectTo:e.body.redirectTo},{expiresIn:new or(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[n.user.email],includeIssuedTimestamp:!0}),r=`${e.context.baseURL}/reset-password/${o}`;return yield e.context.options.emailAndPassword.sendResetPassword(r,n.user),e.json({status:!0})})),Ze=h("/reset-password/:token",{method:"GET"},e=>d(void 0,null,function*(){var i;let{token:t}=e.params,n,o=L.object({email:L.string(),redirectTo:L.string()});try{if(n=yield We("HS256",Buffer.from(e.context.secret),t),!n.expiresAt||n.expiresAt<new Date)throw Error("Token expired")}catch(s){let a=sr(t),c=o.safeParse(a==null?void 0:a.payload);throw c.success?e.redirect(`${(i=c.data)==null?void 0:i.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:r}=o.parse(n.payload);throw e.redirect(`${r}?token=${t}`)})),Qe=h("/reset-password",{method:"POST",query:L.object({currentURL:L.string()}).optional(),body:L.object({newPassword:L.string(),callbackURL:L.string().optional()})},e=>d(void 0,null,function*(){var o,r,i;let t=(o=e.query)==null?void 0:o.currentURL.split("?token=")[1];if(!t)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:n}=e.body;try{let s=yield We("HS256",Buffer.from(e.context.secret),t),a=L.string().email().parse(s.payload.email),c=yield e.context.internalAdapter.findUserByEmail(a);if(!c)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(n.length<(((r=e.context.options.emailAndPassword)==null?void 0:r.minPasswordLength)||8)||n.length>(((i=e.context.options.emailAndPassword)==null?void 0:i.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let u=yield e.context.password.hash(n);return(yield e.context.internalAdapter.updatePassword(c.user.id,u))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(s){return console.log(s),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as ir}from"oslo";import{createJWT as ar,validateJWT as dr}from"oslo/jwt";import{z as E}from"zod";function pe(e,t){return d(this,null,function*(){return yield ar("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new ir(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})})}var Xe=h("/send-verification-email",{method:"POST",query:E.object({currentURL:E.string().optional()}).optional(),body:E.object({email:E.string().email(),callbackURL:E.string().optional()})},e=>d(void 0,null,function*(){var r,i;if(!((r=e.context.options.emailAndPassword)!=null&&r.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:t}=e.body,n=yield pe(e.context.secret,t),o=`${e.context.baseURL}/verify-email?token=${n}&callbackURL=${e.body.callbackURL||((i=e.query)==null?void 0:i.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(t,o,n),e.json({status:!0})})),Ye=h("/verify-email",{method:"GET",query:E.object({token:E.string(),callbackURL:E.string().optional()})},e=>d(void 0,null,function*(){let{token:t}=e.query,n;try{n=yield dr("HS256",Buffer.from(e.context.secret),t)}catch(a){return e.context.logger.error("Failed to verify email",a),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let r=E.object({email:E.string().email()}).parse(n.payload),i=yield e.context.internalAdapter.findUserByEmail(r.email);if(!i)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!i.accounts.find(a=>a.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(r.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as C}from"zod";import{alphabet as cr,generateRandomString as lr}from"oslo/crypto";import"better-call";var et=h("/user/update",{method:"POST",body:C.object({name:C.string().optional(),image:C.string().optional()}),use:[N]},e=>d(void 0,null,function*(){let{name:t,image:n}=e.body,o=e.context.session;if(!n&&!t)return e.json(o.user);let r=yield e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:n});return e.json(r)})),tt=h("/user/change-password",{method:"POST",body:C.object({newPassword:C.string(),currentPassword:C.string(),revokeOtherSessions:C.boolean().optional()}),use:[N]},e=>d(void 0,null,function*(){let{newPassword:t,currentPassword:n,revokeOtherSessions:o}=e.body,r=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let s=e.context.password.config.maxPasswordLength;if(t.length>s)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let c=(yield e.context.internalAdapter.findAccounts(r.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!c||!c.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let u=yield e.context.password.hash(t);if(!(yield e.context.password.verify(c.password,n)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(c.id,{password:u}),o){yield e.context.internalAdapter.deleteSessions(r.user.id);let p=yield e.context.internalAdapter.createSession(r.user.id,e.headers);yield _(e,p.id)}return e.json(r.user)})),rt=h("/user/set-password",{method:"POST",body:C.object({newPassword:C.string()}),use:[N]},e=>d(void 0,null,function*(){let{newPassword:t}=e.body,n=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let r=e.context.password.config.maxPasswordLength;if(t.length>r)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let s=(yield e.context.internalAdapter.findAccounts(n.user.id)).find(c=>c.providerId==="credential"&&c.password),a=yield e.context.password.hash(t);return s?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:lr(32,cr("a-z","0-9","A-Z")),userId:n.user.id,providerId:"credential",accountId:n.user.id,password:a}),e.json(n.user))}));import{alphabet as ur,generateRandomString as pr}from"oslo/crypto";var ot=h("/csrf",{method:"GET",metadata:j},e=>d(void 0,null,function*(){let t=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t)return{csrfToken:t};let n=pr(32,ur("a-z","0-9","A-Z")),o=yield W(e.context.secret,n),r=`${n}!${o}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,r,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:n}}));var mr=(e="Unknown")=>`<!DOCTYPE html>
|
|
1
|
+
var Pt=Object.defineProperty,vt=Object.defineProperties;var It=Object.getOwnPropertyDescriptors;var K=Object.getOwnPropertySymbols;var ye=Object.prototype.hasOwnProperty,be=Object.prototype.propertyIsEnumerable;var he=(e,t,n)=>t in e?Pt(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,f=(e,t)=>{for(var n in t||(t={}))ye.call(t,n)&&he(e,n,t[n]);if(K)for(var n of K(t))be.call(t,n)&&he(e,n,t[n]);return e},w=(e,t)=>vt(e,It(t));var we=(e,t)=>{var n={};for(var o in e)ye.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(e!=null&&K)for(var o of K(e))t.indexOf(o)<0&&be.call(e,o)&&(n[o]=e[o]);return n};var d=(e,t,n)=>new Promise((o,r)=>{var i=c=>{try{a(n.next(c))}catch(u){r(u)}},s=c=>{try{a(n.throw(c))}catch(u){r(u)}},a=c=>c.done?o(c.value):Promise.resolve(c.value).then(i,s);a((n=n.apply(e,t)).next())});import{APIError as Ar,createRouter as kr}from"better-call";import{APIError as Re}from"better-call";import{z as Te}from"zod";import{xchacha20poly1305 as Br}from"@noble/ciphers/chacha";import{bytesToHex as jr,hexToBytes as qr,utf8ToBytes as Nr}from"@noble/ciphers/utils";import{managedNonce as Fr}from"@noble/ciphers/webcrypto";import{sha256 as Vr}from"@noble/hashes/sha256";function W(e,t){return d(this,null,function*(){let n=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},r=yield crypto.subtle.importKey("raw",n.encode(e),o,!1,["sign","verify"]),i=yield crypto.subtle.sign(o.name,r,n.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))})}import{createEndpointCreator as St,createMiddleware as Ae,createMiddlewareCreator as Lt}from"better-call";var ke=Ae(()=>d(void 0,null,function*(){return{}})),J=Lt({use:[ke,Ae(()=>d(void 0,null,function*(){return{}}))]}),h=St({use:[ke]});var Ue=J({body:Te.object({csrfToken:Te.string().optional()}).optional()},e=>d(void 0,null,function*(){var a,c,u,l;if(((a=e.request)==null?void 0:a.method)!=="POST"||(c=e.context.options.advanced)!=null&&c.disableCSRFCheck)return;let t=new URL(e.request.url);if(t.origin===new URL(e.context.baseURL).origin||(u=e.context.options.trustedOrigins)!=null&&u.includes(t.origin))return;let n=(l=e.body)==null?void 0:l.csrfToken,o=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[r,i]=(o==null?void 0:o.split("!"))||[null,null];if(!n||!o||!r||!i||o!==n)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new Re("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=yield W(e.context.secret,r);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new Re("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import{APIError as D}from"better-call";import{generateCodeVerifier as Yt}from"oslo/oauth2";import{z as S}from"zod";import"arctic";import{parseJWT as Ct}from"oslo/jwt";import"@better-fetch/fetch";var I=class extends Error{constructor(t,n,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=n}};import{OAuth2Tokens as _t}from"arctic";function Ot(e){try{return new URL(e).pathname!=="/"}catch(t){throw new I(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function oe(e,t="/api/auth"){return Ot(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function Z(e,t){if(e)return oe(e,t);let n=(process==null?void 0:process.env)||{},o=n.BETTER_AUTH_URL||n.NEXT_PUBLIC_BETTER_AUTH_URL||n.PUBLIC_BETTER_AUTH_URL||n.NUXT_PUBLIC_BETTER_AUTH_URL||n.NUXT_PUBLIC_AUTH_URL||(n.BASE_URL!=="/"?n.BASE_URL:void 0);if(o)return oe(o,t);if(typeof window!="undefined")return oe(window.location.origin,t)}import{betterFetch as Et}from"@better-fetch/fetch";function A(e,t){return t||`${Z()}/callback/${e}`}function U(i){return d(this,arguments,function*({code:e,codeVerifier:t,redirectURI:n,options:o,tokenEndpoint:r}){let s=new URLSearchParams;s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",n),s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:a,error:c}=yield Et(r,{method:"POST",body:s,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return new _t(a)})}var xe=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:o,scopes:r,redirectURI:i}){let s=r||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${s.join(" ")}&state=${o}`)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("apple",e.redirectURI),options:e,tokenEndpoint:t})}),getUserInfo(o){return d(this,null,function*(){var i;let r=(i=Ct(o.idToken()))==null?void 0:i.payload;return r?{user:{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified==="true"},data:r}:null})}}};import{betterFetch as Bt}from"@better-fetch/fetch";import{Discord as Dt}from"arctic";var Pe=e=>{let t=new Dt(e.clientId,e.clientSecret,A("discord",e.redirectURI));return{id:"discord",name:"Discord",createAuthorizationURL({state:o,scopes:r}){let i=r||["email"];return t.createAuthorizationURL(o,i)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("discord",e.redirectURI),options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"})}),getUserInfo(o){return d(this,null,function*(){let{data:r,error:i}=yield Bt("https://discord.com/api/users/@me",{auth:{type:"Bearer",token:o.accessToken()}});return i?null:{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified},data:r}})}}};import{betterFetch as jt}from"@better-fetch/fetch";import{Facebook as qt}from"arctic";var ve=e=>{let t=new qt(e.clientId,e.clientSecret,A("facebook",e.redirectURI));return{id:"facebook",name:"Facebook",createAuthorizationURL({state:o,scopes:r}){let i=r||["email","public_profile"];return t.createAuthorizationURL(o,i)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("facebook",e.redirectURI),options:e,tokenEndpoint:"https://graph.facebook.com/v16.0/oauth/access_token"})}),getUserInfo(o){return d(this,null,function*(){let{data:r,error:i}=yield jt("https://graph.facebook.com/me",{auth:{type:"Bearer",token:o.accessToken()}});return i?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as Ie}from"@better-fetch/fetch";import{GitHub as Nt}from"arctic";var Se=({clientId:e,clientSecret:t,redirectURI:n})=>{let o=new Nt(e,t,A("github",n));return{id:"github",name:"Github",createAuthorizationURL({state:i,scopes:s}){let a=s||["user:email"];return o.createAuthorizationURL(i,a)},validateAuthorizationCode:i=>d(void 0,null,function*(){return yield o.validateAuthorizationCode(i)}),getUserInfo(i){return d(this,null,function*(){var u,l,p,m;let{data:s,error:a}=yield Ie("https://api.github.com/user",{auth:{type:"Bearer",token:i.accessToken()}});if(a)return null;let c=!1;if(!s.email){let{data:g,error:T}=yield Ie("https://api.github.com/user/emails",{auth:{type:"Bearer",token:i.accessToken()}});T||(s.email=(l=(u=g.find(k=>k.primary))!=null?u:g[0])==null?void 0:l.email,c=(m=(p=g.find(k=>k.email===s.email))==null?void 0:p.verified)!=null?m:!1)}return{user:{id:s.id,name:s.name,email:s.email,image:s.avatar_url,emailVerified:c,createdAt:new Date,updatedAt:new Date},data:s}})}}};import{Google as Ft}from"arctic";import{parseJWT as zt}from"oslo/jwt";import{createConsola as $t}from"consola";var q=$t({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ne=e=>({log:(...t)=>{!(e!=null&&e.disabled)&&q.log("",...t)},error:(...t)=>{!(e!=null&&e.disabled)&&q.error("",...t)},warn:(...t)=>{!(e!=null&&e.disabled)&&q.warn("",...t)},info:(...t)=>{!(e!=null&&e.disabled)&&q.info("",...t)},debug:(...t)=>{!(e!=null&&e.disabled)&&q.debug("",...t)},box:(...t)=>{!(e!=null&&e.disabled)&&q.box("",...t)},success:(...t)=>{!(e!=null&&e.disabled)&&q.success("",...t)},break:(...t)=>{!(e!=null&&e.disabled)&&console.log(`
|
|
2
|
+
`)}}),O=ne();var Le=e=>{let t=new Ft(e.clientId,e.clientSecret,A("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:o,scopes:r,codeVerifier:i,redirectURI:s}){if(!e.clientId||!e.clientSecret)throw O.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new I("CLIENT_ID_AND_SECRET_REQUIRED");if(!i)throw new I("codeVerifier is required for Google");let a=r||["email","profile"];return t.createAuthorizationURL(o,i,a)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(o){return d(this,null,function*(){var i;if(!o.idToken)return null;let r=(i=zt(o.idToken()))==null?void 0:i.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as Vt}from"@better-fetch/fetch";import{Spotify as Mt}from"arctic";var Oe=e=>{let t=new Mt(e.clientId,e.clientSecret,A("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:o,scopes:r}){let i=r||["user-read-email"];return t.createAuthorizationURL(o,i)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(o){return d(this,null,function*(){var s;let{data:r,error:i}=yield Vt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return i?null:{user:{id:r.id,name:r.display_name,email:r.email,image:(s=r.images[0])==null?void 0:s.url,emailVerified:!1},data:r}})}}};import{betterFetch as Ht}from"@better-fetch/fetch";import{Twitch as Gt}from"arctic";var _e=e=>{let t=new Gt(e.clientId,e.clientSecret,A("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:o,scopes:r}){let i=r||["activity:write","read"];return t.createAuthorizationURL(o,i)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return d(this,null,function*(){let{data:r,error:i}=yield Ht("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return i?null:{user:{id:r.sub,name:r.preferred_username,email:r.email,image:r.picture,emailVerified:!1},data:r}})}}};import{betterFetch as Kt}from"@better-fetch/fetch";import{Twitter as Wt}from"arctic";var Ee=e=>{let t=new Wt(e.clientId,e.clientSecret,A("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(o){let r=o.scopes||["account_info.read"];return t.createAuthorizationURL(o.state,o.codeVerifier,r)},validateAuthorizationCode:(o,r,i)=>d(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:i||A("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return d(this,null,function*(){let{data:r,error:i}=yield Kt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return i||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}})}}};import"arctic";var se={apple:xe,discord:Pe,facebook:ve,github:Se,google:Le,spotify:Oe,twitch:_e,twitter:Ee},Ce=Object.keys(se);import{generateState as Jt}from"oslo/oauth2";import{z as V}from"zod";function Be(e,t,n){let o=Jt();return{state:JSON.stringify({code:o,callbackURL:e,currentURL:t,dontRememberMe:n}),code:o}}function ie(e){return V.object({code:V.string(),callbackURL:V.string().optional(),currentURL:V.string().optional(),dontRememberMe:V.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as Qt}from"better-call";var M=(e,t=!1)=>{let n=new Date;return new Date(n.getTime()+(t?e*1e3:e))};import{TimeSpan as Zt}from"oslo";function De(e){var i;let n=!!((i=e.advanced)!=null&&i.useSecureCookies)||process.env.NODE_ENV!=="development"&&process.env.NODE_ENV!=="test"?"__Secure-":"",o="better-auth",r=new Zt(7,"d").seconds();return{sessionToken:{name:`${n}${o}.session_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:r}},csrfToken:{name:`${n?"__Host-":""}${o}.csrf_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*60*24*7}},state:{name:`${n}${o}.state`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},pkCodeVerifier:{name:`${n}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},dontRememberToken:{name:`${n}${o}.dont_remember`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n}},nonce:{name:`${n}${o}.nonce`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}}}}function je(e){var i;let n=!!((i=e.advanced)!=null&&i.useSecureCookies)||process.env.NODE_ENV==="production"?"__Secure-":"",o="better-auth";function r(s,a){return{name:process.env.NODE_ENV==="production"?`${n}${o}.${s}`:`${o}.${s}`,options:f({secure:!!n,sameSite:"lax",path:"/",maxAge:60*15},a)}}return r}function _(e,t,n,o){return d(this,null,function*(){let r=e.context.authCookies.sessionToken.options;r.maxAge=n?void 0:r.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,r),n&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function H(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as qe}from"zod";function Q(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let n=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of n){let r=e.headers.get(o);if(typeof r=="string"){let i=r.split(",")[0].trim();if(i)return i}}return null}var ae=new Map;function Xt(e,t){if(!e.request)return"";let{method:n,url:o,headers:r}=e.request,i=e.request.headers.get("User-Agent")||"",s=Q(e.request)||"",a=JSON.stringify(r);return`${n}:${o}:${a}:${i}:${s}:${t}`}var de=()=>h("/session",{method:"GET",requireHeaders:!0},e=>d(void 0,null,function*(){try{let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let n=Xt(e,t),o=ae.get(n);if(o){if(o.expiresAt>Date.now())return e.json(o.data);ae.delete(n)}let r=yield e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return H(e),r&&(yield e.context.internalAdapter.deleteSession(r.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let s=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-s*1e3+a*1e3<=Date.now()){let l=yield e.context.internalAdapter.updateSession(r.session.id,{expiresAt:M(e.context.sessionConfig.expiresIn,!0)});if(!l)return H(e),e.json(null,{status:401});let p=(l.expiresAt.valueOf()-Date.now())/1e3;return yield _(e,l.id,!1,{maxAge:p}),e.json({session:l,user:r.user})}return ae.set(n,{data:r,expiresAt:Date.now()+5e3}),e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}})),ce=e=>d(void 0,null,function*(){return yield de()(w(f({},e),{_flag:void 0}))}),N=J(e=>d(void 0,null,function*(){let t=yield ce(e);if(!(t!=null&&t.session))throw new Qt("UNAUTHORIZED");return{session:t}})),Ne=()=>h("/user/list-sessions",{method:"GET",use:[N],requireHeaders:!0},e=>d(void 0,null,function*(){let n=(yield e.context.adapter.findMany({model:e.context.tables.session.tableName,where:[{field:"userId",value:e.context.session.user.id}]})).filter(o=>o.expiresAt>new Date);return e.json(n)})),$e=h("/user/revoke-session",{method:"POST",body:qe.object({id:qe.string()}),use:[N],requireHeaders:!0},e=>d(void 0,null,function*(){let t=e.body.id,n=yield e.context.internalAdapter.findSession(t);if(!n)return e.json(null,{status:400});if(n.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(t)}catch(o){return e.context.logger.error(o),e.json(null,{status:500})}return e.json({status:!0})})),Fe=h("/user/revoke-sessions",{method:"POST",use:[N],requireHeaders:!0},e=>d(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}return e.json({status:!0})}));var ze=h("/sign-in/social",{method:"POST",requireHeaders:!0,query:S.object({currentURL:S.string().optional()}).optional(),body:S.object({callbackURL:S.string().optional(),provider:S.enum(Ce),dontRememberMe:S.boolean().default(!1).optional()})},e=>d(void 0,null,function*(){var s,a,c,u;let t=e.context.socialProviders.find(l=>l.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new D("NOT_FOUND",{message:"Provider not found"});let n=e.context.authCookies,o=(s=e.query)!=null&&s.currentURL?new URL((a=e.query)==null?void 0:a.currentURL):null,r=(c=e.body.callbackURL)!=null&&c.startsWith("http")?e.body.callbackURL:`${o==null?void 0:o.origin}${e.body.callbackURL||""}`,i=Be(r||(o==null?void 0:o.origin)||e.context.baseURL,(u=e.query)==null?void 0:u.currentURL);try{yield e.setSignedCookie(n.state.name,i.code,e.context.secret,n.state.options);let l=Yt();yield e.setSignedCookie(n.pkCodeVerifier.name,l,e.context.secret,n.pkCodeVerifier.options);let p=t.createAuthorizationURL({state:i.state,codeVerifier:l});return p.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:p.toString(),state:i.state,codeVerifier:l,redirect:!0}}catch(l){throw new D("INTERNAL_SERVER_ERROR")}})),Ve=h("/sign-in/email",{method:"POST",body:S.object({email:S.string().email(),password:S.string(),callbackURL:S.string().optional(),dontRememberMe:S.boolean().default(!1).optional()})},e=>d(void 0,null,function*(){var l,p;if(!((p=(l=e.context.options)==null?void 0:l.emailAndPassword)!=null&&p.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new D("BAD_REQUEST",{message:"Email and password is not enabled"});let t=yield ce(e);t&&(yield e.context.internalAdapter.deleteSession(t.session.id));let{email:n,password:o}=e.body;if(!S.string().email().safeParse(n).success)throw new D("BAD_REQUEST",{message:"Invalid email"});let i=yield e.context.internalAdapter.findUserByEmail(n);if(!i)throw yield e.context.password.hash(o),e.context.logger.error("User not found",{email:n}),new D("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(m=>m.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:n}),new D("UNAUTHORIZED",{message:"Invalid email or password"});let a=s==null?void 0:s.password;if(!a)throw e.context.logger.error("Password not found",{email:n}),new D("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(a,o)))throw e.context.logger.error("Invalid password"),new D("UNAUTHORIZED",{message:"Invalid email or password"});let u=yield e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);return yield _(e,u.id,e.body.dontRememberMe),e.json({user:i.user,session:u,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as rr}from"better-call";import{z as X}from"zod";import{z as y}from"zod";var ts=y.object({id:y.string(),providerId:y.string(),accountId:y.string(),userId:y.string(),accessToken:y.string().nullable().optional(),refreshToken:y.string().nullable().optional(),idToken:y.string().nullable().optional(),expiresAt:y.date().nullable().optional(),password:y.string().optional().nullable()}),Me=y.object({id:y.string(),email:y.string().transform(e=>e.toLowerCase()),emailVerified:y.boolean().default(!1),name:y.string(),image:y.string().optional(),createdAt:y.date().default(new Date),updatedAt:y.date().default(new Date)}),rs=y.object({id:y.string(),userId:y.string(),expiresAt:y.date(),ipAddress:y.string().optional(),userAgent:y.string().optional()});import{alphabet as er,generateRandomString as tr}from"oslo/crypto";var He=()=>tr(36,er("a-z","0-9"));var j={isAction:!1};function le(e){let t=e.accessToken(),n=e.hasRefreshToken()?e.refreshToken():void 0,o;try{o=e.accessTokenExpiresAt()}catch(r){}return{accessToken:t,refreshToken:n,expiresAt:o}}var Ge=h("/callback/:id",{method:"GET",query:X.object({state:X.string(),code:X.string().optional(),error:X.string().optional()}),metadata:j},e=>d(void 0,null,function*(){var T,k,x;if(e.query.error||!e.query.code){let R=((T=ie(e.query.state).data)==null?void 0:T.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${R}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(b=>b.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let n=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),o;try{o=yield t.validateAuthorizationCode(e.query.code,n,`${e.context.baseURL}/callback/${t.id}`)}catch(b){throw e.context.logger.error(b),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let r=yield t.getUserInfo(o).then(b=>b==null?void 0:b.user),i=He(),s=Me.safeParse(w(f({},r),{id:i})),a=ie(e.query.state);if(!a.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:c,currentURL:u,dontRememberMe:l}=a.data;if(!r||s.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!c)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let p=yield e.context.internalAdapter.findUserByEmail(r.email),m=p==null?void 0:p.user.id;if(p){let b=p.accounts.find(v=>v.providerId===t.id),R=(x=(k=e.context.options.account)==null?void 0:k.accountLinking)==null?void 0:x.trustedProviders,P=R?R.includes(t.id):!0;if(!b&&(!r.emailVerified||!P)){let v;try{v=new URL(u||c),v.searchParams.set("error","account_not_linked")}catch(re){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(v.toString())}if(!b)try{yield e.context.internalAdapter.linkAccount(f({providerId:t.id,accountId:r.id,id:`${t.id}:${r.id}`,userId:p.user.id},le(o)))}catch(v){throw console.log(v),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(s.data,w(f({},le(o)),{id:`${t.id}:${r.id}`,providerId:t.id,accountId:r.id,userId:i}))}catch(b){let R=new URL(u||c);throw R.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",R.toString()),e.redirect(R.toString())}if(!m&&!i)throw new rr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let g=yield e.context.internalAdapter.createSession(m||i,e.request,l);try{yield _(e,g.id,l)}catch(b){e.context.logger.error("Unable to set session cookie",b);let R=new URL(u||c);throw R.searchParams.set("error","unable_to_create_session"),e.redirect(R.toString())}throw e.redirect(c)}));import{z as ue}from"zod";var Ke=h("/sign-out",{method:"POST",body:ue.optional(ue.object({callbackURL:ue.string().optional()}))},e=>d(void 0,null,function*(){var n,o;let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return t?(yield e.context.internalAdapter.deleteSession(t),H(e),e.json(null,{body:{redirect:!!((n=e.body)!=null&&n.callbackURL),url:(o=e.body)==null?void 0:o.callbackURL}})):e.json(null)}));import{TimeSpan as or}from"oslo";import{createJWT as nr,parseJWT as sr}from"oslo/jwt";import{validateJWT as We}from"oslo/jwt";import{z as L}from"zod";var Je=h("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()})},e=>d(void 0,null,function*(){var i;if(!((i=e.context.options.emailAndPassword)!=null&&i.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:t}=e.body,n=yield e.context.internalAdapter.findUserByEmail(t);if(!n)return e.json({status:!1},{body:{status:!0}});let o=yield nr("HS256",Buffer.from(e.context.secret),{email:n.user.email,redirectTo:e.body.redirectTo},{expiresIn:new or(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[n.user.email],includeIssuedTimestamp:!0}),r=`${e.context.baseURL}/reset-password/${o}`;return yield e.context.options.emailAndPassword.sendResetPassword(r,n.user),e.json({status:!0})})),Ze=h("/reset-password/:token",{method:"GET"},e=>d(void 0,null,function*(){var i;let{token:t}=e.params,n,o=L.object({email:L.string(),redirectTo:L.string()});try{if(n=yield We("HS256",Buffer.from(e.context.secret),t),!n.expiresAt||n.expiresAt<new Date)throw Error("Token expired")}catch(s){let a=sr(t),c=o.safeParse(a==null?void 0:a.payload);throw c.success?e.redirect(`${(i=c.data)==null?void 0:i.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:r}=o.parse(n.payload);throw e.redirect(`${r}?token=${t}`)})),Qe=h("/reset-password",{method:"POST",query:L.object({currentURL:L.string()}).optional(),body:L.object({newPassword:L.string(),callbackURL:L.string().optional()})},e=>d(void 0,null,function*(){var o,r,i;let t=(o=e.query)==null?void 0:o.currentURL.split("?token=")[1];if(!t)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:n}=e.body;try{let s=yield We("HS256",Buffer.from(e.context.secret),t),a=L.string().email().parse(s.payload.email),c=yield e.context.internalAdapter.findUserByEmail(a);if(!c)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(n.length<(((r=e.context.options.emailAndPassword)==null?void 0:r.minPasswordLength)||8)||n.length>(((i=e.context.options.emailAndPassword)==null?void 0:i.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let u=yield e.context.password.hash(n);return(yield e.context.internalAdapter.updatePassword(c.user.id,u))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(s){return console.log(s),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as ir}from"oslo";import{createJWT as ar,validateJWT as dr}from"oslo/jwt";import{z as E}from"zod";function pe(e,t){return d(this,null,function*(){return yield ar("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new ir(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})})}var Xe=h("/send-verification-email",{method:"POST",query:E.object({currentURL:E.string().optional()}).optional(),body:E.object({email:E.string().email(),callbackURL:E.string().optional()})},e=>d(void 0,null,function*(){var r,i;if(!((r=e.context.options.emailAndPassword)!=null&&r.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:t}=e.body,n=yield pe(e.context.secret,t),o=`${e.context.baseURL}/verify-email?token=${n}&callbackURL=${e.body.callbackURL||((i=e.query)==null?void 0:i.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(t,o,n),e.json({status:!0})})),Ye=h("/verify-email",{method:"GET",query:E.object({token:E.string(),callbackURL:E.string().optional()})},e=>d(void 0,null,function*(){let{token:t}=e.query,n;try{n=yield dr("HS256",Buffer.from(e.context.secret),t)}catch(a){return e.context.logger.error("Failed to verify email",a),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let r=E.object({email:E.string().email()}).parse(n.payload),i=yield e.context.internalAdapter.findUserByEmail(r.email);if(!i)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!i.accounts.find(a=>a.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(r.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as C}from"zod";import{alphabet as cr,generateRandomString as lr}from"oslo/crypto";import"better-call";var et=h("/user/update",{method:"POST",body:C.object({name:C.string().optional(),image:C.string().optional()}),use:[N]},e=>d(void 0,null,function*(){let{name:t,image:n}=e.body,o=e.context.session;if(!n&&!t)return e.json(o.user);let r=yield e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:n});return e.json(r)})),tt=h("/user/change-password",{method:"POST",body:C.object({newPassword:C.string(),currentPassword:C.string(),revokeOtherSessions:C.boolean().optional()}),use:[N]},e=>d(void 0,null,function*(){let{newPassword:t,currentPassword:n,revokeOtherSessions:o}=e.body,r=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let s=e.context.password.config.maxPasswordLength;if(t.length>s)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let c=(yield e.context.internalAdapter.findAccounts(r.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!c||!c.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let u=yield e.context.password.hash(t);if(!(yield e.context.password.verify(c.password,n)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(c.id,{password:u}),o){yield e.context.internalAdapter.deleteSessions(r.user.id);let p=yield e.context.internalAdapter.createSession(r.user.id,e.headers);yield _(e,p.id)}return e.json(r.user)})),rt=h("/user/set-password",{method:"POST",body:C.object({newPassword:C.string()}),use:[N]},e=>d(void 0,null,function*(){let{newPassword:t}=e.body,n=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let r=e.context.password.config.maxPasswordLength;if(t.length>r)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let s=(yield e.context.internalAdapter.findAccounts(n.user.id)).find(c=>c.providerId==="credential"&&c.password),a=yield e.context.password.hash(t);return s?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:lr(32,cr("a-z","0-9","A-Z")),userId:n.user.id,providerId:"credential",accountId:n.user.id,password:a}),e.json(n.user))}));import{alphabet as ur,generateRandomString as pr}from"oslo/crypto";var ot=h("/csrf",{method:"GET",metadata:j},e=>d(void 0,null,function*(){let t=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t)return{csrfToken:t};let n=pr(32,ur("a-z","0-9","A-Z")),o=yield W(e.context.secret,n),r=`${n}!${o}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,r,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:n}}));var mr=(e="Unknown")=>`<!DOCTYPE html>
|
|
3
3
|
<html lang="en">
|
|
4
4
|
<head>
|
|
5
5
|
<meta charset="UTF-8">
|
|
@@ -79,4 +79,4 @@ var Pt=Object.defineProperty,vt=Object.defineProperties;var It=Object.getOwnProp
|
|
|
79
79
|
<div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
|
|
80
80
|
</div>
|
|
81
81
|
</body>
|
|
82
|
-
</html>`,nt=h("/error",{method:"GET",metadata:j},e=>d(void 0,null,function*(){var n;let t=new URL(((n=e.request)==null?void 0:n.url)||"").searchParams.get("error")||"Unknown";return new Response(mr(t),{headers:{"Content-Type":"text/html"}})}));var st=h("/ok",{method:"GET",metadata:j},e=>d(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as it,generateRandomString as at}from"oslo/crypto";import{z as B}from"zod";var dt=h("/sign-up/email",{method:"POST",query:B.object({currentURL:B.string().optional()}).optional(),body:B.object({name:B.string(),email:B.string(),password:B.string(),image:B.string().optional(),callbackURL:B.string().optional()})},e=>d(void 0,null,function*(){var m,g,T,k;if(!((m=e.context.options.emailAndPassword)!=null&&m.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:t,email:n,password:o,image:r}=e.body;if(!B.string().email().safeParse(n).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let s=e.context.password.config.minPasswordLength;if(o.length<s)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(o.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let c=yield e.context.internalAdapter.findUserByEmail(n),u=yield e.context.password.hash(o);if(c!=null&&c.user)return e.json(null,{status:400,body:{message:"User already exists"}});let l=yield e.context.internalAdapter.createUser({id:at(32,it("a-z","0-9","A-Z")),email:n.toLowerCase(),name:t,image:r,emailVerified:!1,createdAt:new Date,updatedAt:new Date});yield e.context.internalAdapter.linkAccount({id:at(32,it("a-z","0-9","A-Z")),userId:l.id,providerId:"credential",accountId:l.id,password:u});let p=yield e.context.internalAdapter.createSession(l.id,e.request);if(yield _(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let U=yield pe(e.context.secret,l.email),b=`${e.context.baseURL}/verify-email?token=${U}&callbackURL=${e.body.callbackURL||((g=e.query)==null?void 0:g.currentURL)||"/"}`;yield(k=(T=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:k.call(T,l.email,b,U)}return e.json({user:l,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:l,session:p}})}));import me from"chalk";function fr(e,t,n){let o=Date.now(),r=t*1e3;return o-n.lastRequest<r&&n.count>=e}function gr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function hr(e,t){let n=Date.now(),o=t*1e3;return Math.ceil((e+o-n)/1e3)}function yr(e,t){let n=t!=null?t:"rateLimit",o=e.adapter;return{get:r=>d(this,null,function*(){return yield o.findOne({model:n,where:[{field:"key",value:r}]})}),set:(r,i,s)=>d(this,null,function*(){try{s?yield o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:r}],update:{count:i.count,lastRequest:i.lastRequest}}):yield o.create({model:t!=null?t:"rateLimit",data:{key:r,count:i.count,lastRequest:i.lastRequest}})}catch(a){O.error("Error setting rate limit",a)}})}}var ct=new Map;function br(e){if(e.rateLimit.customStorage)return e.rateLimit.customStorage;if(e.rateLimit.storage==="memory"){let n;return{get(o){return d(this,null,function*(){return ct.get(o)})},set(o,r,i){return d(this,null,function*(){ct.set(o,r)})}}}return yr(e,e.rateLimit.tableName)}function lt(e,t){return d(this,null,function*(){if(!t.rateLimit.enabled)return;let n=t.baseURL,o=e.url.replace(n,""),r=t.rateLimit.window,i=t.rateLimit.max,s=Q(e)+o,c=wr().find(m=>m.pathMatcher(o));c&&(r=c.window,i=c.max);for(let m of t.options.plugins||[])if(m.rateLimit){let g=m.rateLimit.find(T=>T.pathMatcher(o));if(g){r=g.window,i=g.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(r=m.window,i=m.max)}let u=br(t),l=yield u.get(s),p=Date.now();if(!l)yield u.set(s,{key:s,count:1,lastRequest:p});else{let m=p-l.lastRequest;if(fr(i,r,l)){let g=hr(l.lastRequest,r);return gr(g)}else m>r*1e3?yield u.set(s,w(f({},l),{count:1,lastRequest:p})):yield u.set(s,w(f({},l),{count:l.count+1,lastRequest:p}))}})}function wr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}function fe(e,t){var a,c;let n=(a=e.options.plugins)==null?void 0:a.reduce((u,l)=>f(f({},u),l.endpoints),{}),o=((c=e.options.plugins)==null?void 0:c.map(u=>{var l;return(l=u.middlewares)==null?void 0:l.map(p=>{let m=g=>d(this,null,function*(){return p.middleware(w(f({},g),{context:f(f({},e),g.context)}))});return m.path=p.path,m.options=p.middleware.options,m.headers=p.middleware.headers,{path:p.path,middleware:m}})}).filter(u=>u!==void 0).flat())||[],r={signInOAuth:ze,callbackOAuth:Ge,getCSRFToken:ot,getSession:de(),signOut:Ke,signUpEmail:dt,signInEmail:Ve,forgetPassword:Je,resetPassword:Qe,verifyEmail:Ye,sendVerificationEmail:Xe,changePassword:tt,setPassword:rt,updateUser:et,forgetPasswordCallback:Ze,listSessions:Ne(),revokeSession:$e,revokeSessions:Fe},i=w(f(f({},r),n),{ok:st,error:nt}),s={};for(let[u,l]of Object.entries(i))s[u]=p=>d(this,null,function*(){var T;let g=yield l(w(f({},p),{context:f(f({},e),p.context)}));for(let k of e.options.plugins||[])if((T=k.hooks)!=null&&T.after){for(let U of k.hooks.after)if(U.matcher(p)){let R=Object.assign(p,{context:w(f({},e),{returned:g})}),P=yield U.handler(R);P&&"response"in P&&(g=P.response)}}return g}),s[u].path=l.path,s[u].method=l.method,s[u].options=l.options,s[u].headers=l.headers;return{api:s,middlewares:o}}var ut=(e,t)=>{let{api:n,middlewares:o}=fe(e,t),r=new URL(e.baseURL).pathname;return kr(n,{extraContext:e,basePath:r,routerMiddleware:[{path:"/**",middleware:xe},...o],onRequest(s){return d(this,null,function*(){return lt(s,e)})},onError(s){var c,u,l,p;let a=(c=t.logger)!=null&&c.verboseLogging?O:void 0;if(((u=t.logger)==null?void 0:u.disabled)!==!0)if(s instanceof Ar)a==null||a.warn(s);else if(typeof s=="object"&&s!==null&&"message"in s){let m=s.message;if(!m||typeof m!="string"){a==null||a.error(s);return}m.includes("no such table")?(l=O)==null||l.error(`Please run ${me.green("npx better-auth migrate")} to create the tables. There are missing tables in your SQLite database.`):m.includes("relation")&&m.includes("does not exist")?O.error(`Please run ${me.green("npx better-auth migrate")} to create the tables. There are missing tables in your PostgreSQL database.`):m.includes("Table")&&m.includes("doesn't exist")?(p=O)==null||p.error(`Please run ${me.green("npx better-auth migrate")} to create the tables. There are missing tables in your MySQL database.`):a==null||a.error(s)}else a==null||a.error(s)}})};var $=e=>{var c,u,l,m,g,T;let t=(c=e.plugins)==null?void 0:c.reduce((k,U)=>{var R;let b=U.schema;if(!b)return k;for(let[P,v]of Object.entries(b))k[P]={fields:f(f({},(R=k[P])==null?void 0:R.fields),v.fields),tableName:P};return k},{}),n=((u=e.rateLimit)==null?void 0:u.storage)==="database",o={rateLimit:{tableName:((l=e.rateLimit)==null?void 0:l.tableName)||"rateLimit",fields:{key:{type:"string"},count:{type:"number"},lastRequest:{type:"number"}}}},p=t||{},{user:r,session:i,account:s}=p,a=we(p,["user","session","account"]);return f(f({user:{tableName:((m=e.user)==null?void 0:m.modelName)||"user",fields:f({name:{type:"string"},email:{type:"string"},emailVerified:{type:"boolean",defaultValue:()=>!1},image:{type:"string",required:!1},createdAt:{type:"date",defaultValue:()=>new Date},updatedAt:{type:"date",defaultValue:()=>new Date}},r==null?void 0:r.fields),order:0},session:{tableName:((g=e.session)==null?void 0:g.modelName)||"session",fields:f({expiresAt:{type:"date"},ipAddress:{type:"string",required:!1},userAgent:{type:"string",required:!1},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"}}},i==null?void 0:i.fields),order:1},account:{tableName:((T=e.account)==null?void 0:T.modelName)||"account",fields:f({accountId:{type:"string"},providerId:{type:"string"},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"}},accessToken:{type:"string",required:!1},refreshToken:{type:"string",required:!1},idToken:{type:"string",required:!1},expiresAt:{type:"date",required:!1},password:{type:"string",required:!1}},s==null?void 0:s.fields),order:2}},a),n?o:{})};import Rr from"better-sqlite3";import{Kysely as Tr}from"kysely";import{MysqlDialect as mt,PostgresDialect as ft,SqliteDialect as gt}from"kysely";import{createPool as xr}from"mysql2";import Ur from"pg";var{Pool:Pr}=Ur;function Y(e){if(!e)return{and:null,or:null};let t=e==null?void 0:e.filter(o=>o.connector==="AND"||!o.connector).reduce((o,r)=>w(f({},o),{[r.field]:r.value}),{}),n=e==null?void 0:e.filter(o=>o.connector==="OR").reduce((o,r)=>w(f({},o),{[r.field]:r.value}),{});return{and:Object.keys(t).length?t:null,or:Object.keys(n).length?n:null}}function ee(e,t,n){var o,r,i;for(let s in e)e[s]===0&&((o=t[s])==null?void 0:o.type)==="boolean"&&(n!=null&&n.boolean)&&(e[s]=!1),e[s]===1&&((r=t[s])==null?void 0:r.type)==="boolean"&&(n!=null&&n.boolean)&&(e[s]=!0),((i=t[s])==null?void 0:i.type)==="date"&&(e[s]instanceof Date||(e[s]=new Date(e[s])));return e}function pt(e,t){for(let n in e)typeof e[n]=="boolean"&&(t!=null&&t.boolean)&&(e[n]=e[n]?1:0),e[n]instanceof Date&&(e[n]=e[n].toISOString());return e}var ht=(e,t)=>({create(o){return d(this,null,function*(){let{model:r,data:i,select:s}=o;t!=null&&t.transform&&(i=pt(i,t.transform));let a=yield e.insertInto(r).values(i).returningAll().executeTakeFirst();if(t!=null&&t.transform){let c=t.transform.schema[r];a=c?ee(i,c,t.transform):a}return s!=null&&s.length&&(a=a?s.reduce((u,l)=>a!=null&&a[l]?w(f({},u),{[l]:a[l]}):u,{}):null),a})},findOne(o){return d(this,null,function*(){let{model:r,where:i,select:s}=o,{and:a,or:c}=Y(i),u=e.selectFrom(r).selectAll();c&&(u=u.where(p=>p.or(c))),a&&(u=u.where(p=>p.and(a)));let l=yield u.executeTakeFirst();if(s!=null&&s.length&&(l=l?s.reduce((m,g)=>l!=null&&l[g]?w(f({},m),{[g]:l[g]}):m,{}):null),t!=null&&t.transform){let p=t.transform.schema[r];return l=l&&p?ee(l,p,t.transform):l,l||null}return l||null})},findMany(o){return d(this,null,function*(){let{model:r,where:i}=o,s=e.selectFrom(r),{and:a,or:c}=Y(i);a&&(s=s.where(l=>l.and(a))),c&&(s=s.where(l=>l.or(c)));let u=yield s.selectAll().execute();if(t!=null&&t.transform){let l=t.transform.schema[r];return l?u.map(p=>ee(p,l,t.transform)):u}return u})},update(o){return d(this,null,function*(){let{model:r,where:i,update:s}=o,{and:a,or:c}=Y(i);t!=null&&t.transform&&(s=pt(s,t.transform));let u=e.updateTable(r).set(s);a&&(u=u.where(p=>p.and(a))),c&&(u=u.where(p=>p.or(c)));let l=(yield u.returningAll().executeTakeFirst())||null;if(t!=null&&t.transform){let p=t.transform.schema[r];return p?ee(l,p,t.transform):l}return l})},delete(o){return d(this,null,function*(){let{model:r,where:i}=o,{and:s,or:a}=Y(i),c=e.deleteFrom(r);s&&(c=c.where(u=>u.and(s))),a&&(c=c.where(u=>u.or(a))),yield c.execute()})}}),vr=e=>{var n,o;if(!e.database)return null;if("createDriver"in e.database)return e.database;let t=null;if("provider"in e.database){let r=e.database.provider,i=(o=(n=e.database)==null?void 0:n.url)==null?void 0:o.trim();if(r==="postgres"&&(t=new ft({pool:new Pr({connectionString:i})})),r==="mysql"){let s=new URL(i),a=xr({host:s.hostname,user:s.username,password:s.password,database:s.pathname.split("/")[1],port:Number(s.port)});t=new mt({pool:a})}if(r==="sqlite"){let s=new Rr(i);t=new gt({database:s})}}return t},te=e=>{let t=vr(e);return t?new Tr({dialect:t}):null},yt=e=>{if("provider"in e.database)return e.database.provider;if("dialect"in e.database){if(e.database.dialect instanceof ft)return"postgres";if(e.database.dialect instanceof mt)return"mysql";if(e.database.dialect instanceof gt)return"sqlite"}return"sqlite"};function bt(e){if(!e.database)throw new I("Database configuration is required");let t=te(e);if(!t)throw new I("Failed to initialize database adapter");let n=$(e),o={};for(let r of Object.values(n))o[r.tableName]=r.fields;return ht(t,{transform:{schema:o,date:!0,boolean:yt(e)==="sqlite"}})}import{scrypt as Ir}from"node:crypto";import{decodeHex as Sr,encodeHex as wt}from"oslo/encoding";import{constantTimeEqual as Lr}from"oslo/crypto";var F={N:16384,r:16,p:1,dkLen:64};function At(e,t){return d(this,null,function*(){return yield new Promise((n,o)=>{Ir(e.normalize("NFKC"),t,F.dkLen,{N:F.N,p:F.p,r:F.r,maxmem:128*F.N*F.r*2},(r,i)=>r?o(r):n(i))})})}var kt=e=>d(void 0,null,function*(){let t=wt(crypto.getRandomValues(new Uint8Array(16))),n=yield At(e,t);return`${t}:${wt(n)}`}),Rt=(e,t)=>d(void 0,null,function*(){let[n,o]=e.split(":"),r=yield At(t,n);return Lr(r,Sr(o))});import{alphabet as Or,generateRandomString as _r}from"oslo/crypto";var Tt=(e,t,n)=>{var i;let o=((i=n.session)==null?void 0:i.expiresIn)||604800,r=$(n);return{createOAuthUser:(s,a)=>d(void 0,null,function*(){try{let c=yield e.create({model:r.user.tableName,data:s}),u=yield e.create({model:r.account.tableName,data:a});return{user:c,account:u}}catch(c){return console.log(c),null}}),createUser:s=>d(void 0,null,function*(){return yield e.create({model:r.user.tableName,data:s})}),createSession:(s,a,c)=>d(void 0,null,function*(){let u=a instanceof Request?a.headers:a,l={id:_r(32,Or("a-z","0-9","A-Z")),userId:s,expiresAt:c?M(1e3*60*60*24):M(o,!0),ipAddress:(u==null?void 0:u.get("x-forwarded-for"))||"",userAgent:(u==null?void 0:u.get("user-agent"))||""};return e.create({model:r.session.tableName,data:l})}),findSession:s=>d(void 0,null,function*(){let a=yield e.findOne({model:r.session.tableName,where:[{value:s,field:"id"}]});if(!a)return null;let c=yield e.findOne({model:r.user.tableName,where:[{value:a.userId,field:"id"}]});return c?{session:a,user:c}:null}),updateSession:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.session.tableName,where:[{field:"id",value:s}],update:a})}),deleteSession:s=>d(void 0,null,function*(){return yield e.delete({model:r.session.tableName,where:[{field:"id",value:s}]})}),deleteSessions:s=>d(void 0,null,function*(){return yield t.deleteFrom(r.session.tableName).where("userId","=",s).execute()}),findUserByEmail:s=>d(void 0,null,function*(){let a=yield e.findOne({model:r.user.tableName,where:[{value:s.toLowerCase(),field:"email"}]});if(!a)return null;let c=yield e.findMany({model:r.account.tableName,where:[{value:a.id,field:"userId"}]});return{user:a,accounts:c}}),findUserById:s=>d(void 0,null,function*(){return yield e.findOne({model:r.user.tableName,where:[{field:"id",value:s}]})}),linkAccount:s=>d(void 0,null,function*(){return yield e.create({model:r.account.tableName,data:s})}),updateUserByEmail:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.user.tableName,where:[{value:s,field:"email"}],update:a})}),updatePassword:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.account.tableName,where:[{value:s,field:"userId"},{field:"providerId",value:"credential"}],update:{password:a}})}),findAccounts:s=>d(void 0,null,function*(){return yield e.findMany({model:r.account.tableName,where:[{field:"userId",value:s}]})}),updateAccount:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.account.tableName,where:[{field:"id",value:s}],update:a})})}};var xt="better-auth-secret-123456789";var Ut=e=>{var c,u,l,p,m,g,T,k,U,b,R,P,v,re;let t=bt(e),n=te(e);if(!n)throw new I("No database adapter found");let o=Z(e.baseURL,e.basePath)||"",r=e.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||xt,i=De(e),s=$(e),a=Object.keys(e.socialProviders||{}).map(z=>{var ge;let G=(ge=e.socialProviders)==null?void 0:ge[z];return G.enabled===!1?null:((!G.clientId||!G.clientSecret)&&O.warn(`Social provider ${z} is missing clientId or clientSecret`),se[z](G))}).filter(z=>z!==null);return{appName:e.appName||"Better Auth",socialProviders:a,options:w(f({},e),{baseURL:o?new URL(o).origin:"",basePath:e.basePath||"/api/auth"}),tables:s,baseURL:o,sessionConfig:{updateAge:((c=e.session)==null?void 0:c.updateAge)||24*60*60,expiresIn:((u=e.session)==null?void 0:u.expiresIn)||60*60*24*7},secret:r,rateLimit:w(f({},e.rateLimit),{enabled:(p=(l=e.rateLimit)==null?void 0:l.enabled)!=null?p:process.env.NODE_ENV!=="development",window:((m=e.rateLimit)==null?void 0:m.window)||60,max:((g=e.rateLimit)==null?void 0:g.max)||100,storage:((T=e.rateLimit)==null?void 0:T.storage)||"memory"}),authCookies:i,logger:ne({disabled:((k=e.logger)==null?void 0:k.disabled)||!1}),db:n,password:{hash:((b=(U=e.emailAndPassword)==null?void 0:U.password)==null?void 0:b.hash)||kt,verify:((P=(R=e.emailAndPassword)==null?void 0:R.password)==null?void 0:P.verify)||Rt,config:{minPasswordLength:((v=e.emailAndPassword)==null?void 0:v.minPasswordLength)||8,maxPasswordLength:((re=e.emailAndPassword)==null?void 0:re.maxPasswordLength)||128}},adapter:t,internalAdapter:Tt(t,n,e),createAuthCookie:je(e)}};var cd=e=>{let t=Ut(e),{api:n}=fe(t,e);return{handler:o=>d(void 0,null,function*(){let r=t.options.basePath,i=new URL(o.url);if(!t.options.baseURL){let a=`${i.origin}/api/auth`;t.options.baseURL=a,t.baseURL=a}if(!t.options.baseURL)return new Response("Base URL not set",{status:400});if(i.pathname===r||i.pathname===`${r}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:s}=ut(t,e);return s(o)}),api:n,options:t.options,$Infer:{}}};export{cd as betterAuth};
|
|
82
|
+
</html>`,nt=h("/error",{method:"GET",metadata:j},e=>d(void 0,null,function*(){var n;let t=new URL(((n=e.request)==null?void 0:n.url)||"").searchParams.get("error")||"Unknown";return new Response(mr(t),{headers:{"Content-Type":"text/html"}})}));var st=h("/ok",{method:"GET",metadata:j},e=>d(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as it,generateRandomString as at}from"oslo/crypto";import{z as B}from"zod";var dt=h("/sign-up/email",{method:"POST",query:B.object({currentURL:B.string().optional()}).optional(),body:B.object({name:B.string(),email:B.string(),password:B.string(),image:B.string().optional(),callbackURL:B.string().optional()})},e=>d(void 0,null,function*(){var m,g,T,k;if(!((m=e.context.options.emailAndPassword)!=null&&m.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:t,email:n,password:o,image:r}=e.body;if(!B.string().email().safeParse(n).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let s=e.context.password.config.minPasswordLength;if(o.length<s)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(o.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let c=yield e.context.internalAdapter.findUserByEmail(n),u=yield e.context.password.hash(o);if(c!=null&&c.user)return e.json(null,{status:400,body:{message:"User already exists"}});let l=yield e.context.internalAdapter.createUser({id:at(32,it("a-z","0-9","A-Z")),email:n.toLowerCase(),name:t,image:r,emailVerified:!1,createdAt:new Date,updatedAt:new Date});yield e.context.internalAdapter.linkAccount({id:at(32,it("a-z","0-9","A-Z")),userId:l.id,providerId:"credential",accountId:l.id,password:u});let p=yield e.context.internalAdapter.createSession(l.id,e.request);if(yield _(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let x=yield pe(e.context.secret,l.email),b=`${e.context.baseURL}/verify-email?token=${x}&callbackURL=${e.body.callbackURL||((g=e.query)==null?void 0:g.currentURL)||"/"}`;yield(k=(T=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:k.call(T,l.email,b,x)}return e.json({user:l,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:l,session:p}})}));import me from"chalk";function fr(e,t,n){let o=Date.now(),r=t*1e3;return o-n.lastRequest<r&&n.count>=e}function gr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function hr(e,t){let n=Date.now(),o=t*1e3;return Math.ceil((e+o-n)/1e3)}function yr(e,t){let n=t!=null?t:"rateLimit",o=e.adapter;return{get:r=>d(this,null,function*(){return yield o.findOne({model:n,where:[{field:"key",value:r}]})}),set:(r,i,s)=>d(this,null,function*(){try{s?yield o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:r}],update:{count:i.count,lastRequest:i.lastRequest}}):yield o.create({model:t!=null?t:"rateLimit",data:{key:r,count:i.count,lastRequest:i.lastRequest}})}catch(a){O.error("Error setting rate limit",a)}})}}var ct=new Map;function br(e){if(e.rateLimit.customStorage)return e.rateLimit.customStorage;if(e.rateLimit.storage==="memory"){let n;return{get(o){return d(this,null,function*(){return ct.get(o)})},set(o,r,i){return d(this,null,function*(){ct.set(o,r)})}}}return yr(e,e.rateLimit.tableName)}function lt(e,t){return d(this,null,function*(){if(!t.rateLimit.enabled)return;let n=t.baseURL,o=e.url.replace(n,""),r=t.rateLimit.window,i=t.rateLimit.max,s=Q(e)+o,c=wr().find(m=>m.pathMatcher(o));c&&(r=c.window,i=c.max);for(let m of t.options.plugins||[])if(m.rateLimit){let g=m.rateLimit.find(T=>T.pathMatcher(o));if(g){r=g.window,i=g.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(r=m.window,i=m.max)}let u=br(t),l=yield u.get(s),p=Date.now();if(!l)yield u.set(s,{key:s,count:1,lastRequest:p});else{let m=p-l.lastRequest;if(fr(i,r,l)){let g=hr(l.lastRequest,r);return gr(g)}else m>r*1e3?yield u.set(s,w(f({},l),{count:1,lastRequest:p})):yield u.set(s,w(f({},l),{count:l.count+1,lastRequest:p}))}})}function wr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}function fe(e,t){var a,c;let n=(a=e.options.plugins)==null?void 0:a.reduce((u,l)=>f(f({},u),l.endpoints),{}),o=((c=e.options.plugins)==null?void 0:c.map(u=>{var l;return(l=u.middlewares)==null?void 0:l.map(p=>{let m=g=>d(this,null,function*(){return p.middleware(w(f({},g),{context:f(f({},e),g.context)}))});return m.path=p.path,m.options=p.middleware.options,m.headers=p.middleware.headers,{path:p.path,middleware:m}})}).filter(u=>u!==void 0).flat())||[],r={signInOAuth:ze,callbackOAuth:Ge,getCSRFToken:ot,getSession:de(),signOut:Ke,signUpEmail:dt,signInEmail:Ve,forgetPassword:Je,resetPassword:Qe,verifyEmail:Ye,sendVerificationEmail:Xe,changePassword:tt,setPassword:rt,updateUser:et,forgetPasswordCallback:Ze,listSessions:Ne(),revokeSession:$e,revokeSessions:Fe},i=w(f(f({},r),n),{ok:st,error:nt}),s={};for(let[u,l]of Object.entries(i))s[u]=p=>d(this,null,function*(){var T;let g=yield l(w(f({},p),{context:f(f({},e),p.context)}));for(let k of e.options.plugins||[])if((T=k.hooks)!=null&&T.after){for(let x of k.hooks.after)if(x.matcher(p)){let R=Object.assign(p,{context:w(f({},e),{returned:g})}),P=yield x.handler(R);P&&"response"in P&&(g=P.response)}}return g}),s[u].path=l.path,s[u].method=l.method,s[u].options=l.options,s[u].headers=l.headers;return{api:s,middlewares:o}}var ut=(e,t)=>{let{api:n,middlewares:o}=fe(e,t),r=new URL(e.baseURL).pathname;return kr(n,{extraContext:e,basePath:r,routerMiddleware:[{path:"/**",middleware:Ue},...o],onRequest(s){return d(this,null,function*(){for(let a of e.options.plugins||[])if(a.onRequest){let c=yield a.onRequest(s,e);if(c)return c}return lt(s,e)})},onResponse(s){return d(this,null,function*(){for(let a of e.options.plugins||[])if(a.onResponse){let c=yield a.onResponse(s,e);if(c)return c.response}return s})},onError(s){var c,u,l,p;let a=(c=t.logger)!=null&&c.verboseLogging?O:void 0;if(((u=t.logger)==null?void 0:u.disabled)!==!0)if(s instanceof Ar)a==null||a.warn(s);else if(typeof s=="object"&&s!==null&&"message"in s){let m=s.message;if(!m||typeof m!="string"){a==null||a.error(s);return}m.includes("no such table")?(l=O)==null||l.error(`Please run ${me.green("npx better-auth migrate")} to create the tables. There are missing tables in your SQLite database.`):m.includes("relation")&&m.includes("does not exist")?O.error(`Please run ${me.green("npx better-auth migrate")} to create the tables. There are missing tables in your PostgreSQL database.`):m.includes("Table")&&m.includes("doesn't exist")?(p=O)==null||p.error(`Please run ${me.green("npx better-auth migrate")} to create the tables. There are missing tables in your MySQL database.`):a==null||a.error(s)}else a==null||a.error(s)}})};var $=e=>{var c,u,l,m,g,T;let t=(c=e.plugins)==null?void 0:c.reduce((k,x)=>{var R;let b=x.schema;if(!b)return k;for(let[P,v]of Object.entries(b))k[P]={fields:f(f({},(R=k[P])==null?void 0:R.fields),v.fields),tableName:P};return k},{}),n=((u=e.rateLimit)==null?void 0:u.storage)==="database",o={rateLimit:{tableName:((l=e.rateLimit)==null?void 0:l.tableName)||"rateLimit",fields:{key:{type:"string"},count:{type:"number"},lastRequest:{type:"number"}}}},p=t||{},{user:r,session:i,account:s}=p,a=we(p,["user","session","account"]);return f(f({user:{tableName:((m=e.user)==null?void 0:m.modelName)||"user",fields:f({name:{type:"string"},email:{type:"string"},emailVerified:{type:"boolean",defaultValue:()=>!1},image:{type:"string",required:!1},createdAt:{type:"date",defaultValue:()=>new Date},updatedAt:{type:"date",defaultValue:()=>new Date}},r==null?void 0:r.fields),order:0},session:{tableName:((g=e.session)==null?void 0:g.modelName)||"session",fields:f({expiresAt:{type:"date"},ipAddress:{type:"string",required:!1},userAgent:{type:"string",required:!1},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"}}},i==null?void 0:i.fields),order:1},account:{tableName:((T=e.account)==null?void 0:T.modelName)||"account",fields:f({accountId:{type:"string"},providerId:{type:"string"},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"}},accessToken:{type:"string",required:!1},refreshToken:{type:"string",required:!1},idToken:{type:"string",required:!1},expiresAt:{type:"date",required:!1},password:{type:"string",required:!1}},s==null?void 0:s.fields),order:2}},a),n?o:{})};import Rr from"better-sqlite3";import{Kysely as Tr}from"kysely";import{MysqlDialect as mt,PostgresDialect as ft,SqliteDialect as gt}from"kysely";import{createPool as Ur}from"mysql2";import xr from"pg";var{Pool:Pr}=xr;function Y(e){if(!e)return{and:null,or:null};let t=e==null?void 0:e.filter(o=>o.connector==="AND"||!o.connector).reduce((o,r)=>w(f({},o),{[r.field]:r.value}),{}),n=e==null?void 0:e.filter(o=>o.connector==="OR").reduce((o,r)=>w(f({},o),{[r.field]:r.value}),{});return{and:Object.keys(t).length?t:null,or:Object.keys(n).length?n:null}}function ee(e,t,n){var o,r,i;for(let s in e)e[s]===0&&((o=t[s])==null?void 0:o.type)==="boolean"&&(n!=null&&n.boolean)&&(e[s]=!1),e[s]===1&&((r=t[s])==null?void 0:r.type)==="boolean"&&(n!=null&&n.boolean)&&(e[s]=!0),((i=t[s])==null?void 0:i.type)==="date"&&(e[s]instanceof Date||(e[s]=new Date(e[s])));return e}function pt(e,t){for(let n in e)typeof e[n]=="boolean"&&(t!=null&&t.boolean)&&(e[n]=e[n]?1:0),e[n]instanceof Date&&(e[n]=e[n].toISOString());return e}var ht=(e,t)=>({create(o){return d(this,null,function*(){let{model:r,data:i,select:s}=o;t!=null&&t.transform&&(i=pt(i,t.transform));let a=yield e.insertInto(r).values(i).returningAll().executeTakeFirst();if(t!=null&&t.transform){let c=t.transform.schema[r];a=c?ee(i,c,t.transform):a}return s!=null&&s.length&&(a=a?s.reduce((u,l)=>a!=null&&a[l]?w(f({},u),{[l]:a[l]}):u,{}):null),a})},findOne(o){return d(this,null,function*(){let{model:r,where:i,select:s}=o,{and:a,or:c}=Y(i),u=e.selectFrom(r).selectAll();c&&(u=u.where(p=>p.or(c))),a&&(u=u.where(p=>p.and(a)));let l=yield u.executeTakeFirst();if(s!=null&&s.length&&(l=l?s.reduce((m,g)=>l!=null&&l[g]?w(f({},m),{[g]:l[g]}):m,{}):null),t!=null&&t.transform){let p=t.transform.schema[r];return l=l&&p?ee(l,p,t.transform):l,l||null}return l||null})},findMany(o){return d(this,null,function*(){let{model:r,where:i}=o,s=e.selectFrom(r),{and:a,or:c}=Y(i);a&&(s=s.where(l=>l.and(a))),c&&(s=s.where(l=>l.or(c)));let u=yield s.selectAll().execute();if(t!=null&&t.transform){let l=t.transform.schema[r];return l?u.map(p=>ee(p,l,t.transform)):u}return u})},update(o){return d(this,null,function*(){let{model:r,where:i,update:s}=o,{and:a,or:c}=Y(i);t!=null&&t.transform&&(s=pt(s,t.transform));let u=e.updateTable(r).set(s);a&&(u=u.where(p=>p.and(a))),c&&(u=u.where(p=>p.or(c)));let l=(yield u.returningAll().executeTakeFirst())||null;if(t!=null&&t.transform){let p=t.transform.schema[r];return p?ee(l,p,t.transform):l}return l})},delete(o){return d(this,null,function*(){let{model:r,where:i}=o,{and:s,or:a}=Y(i),c=e.deleteFrom(r);s&&(c=c.where(u=>u.and(s))),a&&(c=c.where(u=>u.or(a))),yield c.execute()})}}),vr=e=>{var n,o;if(!e.database)return null;if("createDriver"in e.database)return e.database;let t=null;if("provider"in e.database){let r=e.database.provider,i=(o=(n=e.database)==null?void 0:n.url)==null?void 0:o.trim();if(r==="postgres"&&(t=new ft({pool:new Pr({connectionString:i})})),r==="mysql"){let s=new URL(i),a=Ur({host:s.hostname,user:s.username,password:s.password,database:s.pathname.split("/")[1],port:Number(s.port)});t=new mt({pool:a})}if(r==="sqlite"){let s=new Rr(i);t=new gt({database:s})}}return t},te=e=>{let t=vr(e);return t?new Tr({dialect:t}):null},yt=e=>{if("provider"in e.database)return e.database.provider;if("dialect"in e.database){if(e.database.dialect instanceof ft)return"postgres";if(e.database.dialect instanceof mt)return"mysql";if(e.database.dialect instanceof gt)return"sqlite"}return"sqlite"};function bt(e){if(!e.database)throw new I("Database configuration is required");let t=te(e);if(!t)throw new I("Failed to initialize database adapter");let n=$(e),o={};for(let r of Object.values(n))o[r.tableName]=r.fields;return ht(t,{transform:{schema:o,date:!0,boolean:yt(e)==="sqlite"}})}import{scrypt as Ir}from"node:crypto";import{decodeHex as Sr,encodeHex as wt}from"oslo/encoding";import{constantTimeEqual as Lr}from"oslo/crypto";var F={N:16384,r:16,p:1,dkLen:64};function At(e,t){return d(this,null,function*(){return yield new Promise((n,o)=>{Ir(e.normalize("NFKC"),t,F.dkLen,{N:F.N,p:F.p,r:F.r,maxmem:128*F.N*F.r*2},(r,i)=>r?o(r):n(i))})})}var kt=e=>d(void 0,null,function*(){let t=wt(crypto.getRandomValues(new Uint8Array(16))),n=yield At(e,t);return`${t}:${wt(n)}`}),Rt=(e,t)=>d(void 0,null,function*(){let[n,o]=e.split(":"),r=yield At(t,n);return Lr(r,Sr(o))});import{alphabet as Or,generateRandomString as _r}from"oslo/crypto";var Tt=(e,t,n)=>{var i;let o=((i=n.session)==null?void 0:i.expiresIn)||604800,r=$(n);return{createOAuthUser:(s,a)=>d(void 0,null,function*(){try{let c=yield e.create({model:r.user.tableName,data:s}),u=yield e.create({model:r.account.tableName,data:a});return{user:c,account:u}}catch(c){return console.log(c),null}}),createUser:s=>d(void 0,null,function*(){return yield e.create({model:r.user.tableName,data:s})}),createSession:(s,a,c)=>d(void 0,null,function*(){let u=a instanceof Request?a.headers:a,l={id:_r(32,Or("a-z","0-9","A-Z")),userId:s,expiresAt:c?M(1e3*60*60*24):M(o,!0),ipAddress:(u==null?void 0:u.get("x-forwarded-for"))||"",userAgent:(u==null?void 0:u.get("user-agent"))||""};return e.create({model:r.session.tableName,data:l})}),findSession:s=>d(void 0,null,function*(){let a=yield e.findOne({model:r.session.tableName,where:[{value:s,field:"id"}]});if(!a)return null;let c=yield e.findOne({model:r.user.tableName,where:[{value:a.userId,field:"id"}]});return c?{session:a,user:c}:null}),updateSession:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.session.tableName,where:[{field:"id",value:s}],update:a})}),deleteSession:s=>d(void 0,null,function*(){return yield e.delete({model:r.session.tableName,where:[{field:"id",value:s}]})}),deleteSessions:s=>d(void 0,null,function*(){return yield t.deleteFrom(r.session.tableName).where("userId","=",s).execute()}),findUserByEmail:s=>d(void 0,null,function*(){let a=yield e.findOne({model:r.user.tableName,where:[{value:s.toLowerCase(),field:"email"}]});if(!a)return null;let c=yield e.findMany({model:r.account.tableName,where:[{value:a.id,field:"userId"}]});return{user:a,accounts:c}}),findUserById:s=>d(void 0,null,function*(){return yield e.findOne({model:r.user.tableName,where:[{field:"id",value:s}]})}),linkAccount:s=>d(void 0,null,function*(){return yield e.create({model:r.account.tableName,data:s})}),updateUserByEmail:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.user.tableName,where:[{value:s,field:"email"}],update:a})}),updatePassword:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.account.tableName,where:[{value:s,field:"userId"},{field:"providerId",value:"credential"}],update:{password:a}})}),findAccounts:s=>d(void 0,null,function*(){return yield e.findMany({model:r.account.tableName,where:[{field:"userId",value:s}]})}),updateAccount:(s,a)=>d(void 0,null,function*(){return yield e.update({model:r.account.tableName,where:[{field:"id",value:s}],update:a})})}};var Ut="better-auth-secret-123456789";var xt=e=>{var c,u,l,p,m,g,T,k,x,b,R,P,v,re;let t=bt(e),n=te(e);if(!n)throw new I("No database adapter found");let o=Z(e.baseURL,e.basePath)||"",r=e.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||Ut,i=De(e),s=$(e),a=Object.keys(e.socialProviders||{}).map(z=>{var ge;let G=(ge=e.socialProviders)==null?void 0:ge[z];return G.enabled===!1?null:((!G.clientId||!G.clientSecret)&&O.warn(`Social provider ${z} is missing clientId or clientSecret`),se[z](G))}).filter(z=>z!==null);return{appName:e.appName||"Better Auth",socialProviders:a,options:w(f({},e),{baseURL:o?new URL(o).origin:"",basePath:e.basePath||"/api/auth"}),tables:s,baseURL:o,sessionConfig:{updateAge:((c=e.session)==null?void 0:c.updateAge)||24*60*60,expiresIn:((u=e.session)==null?void 0:u.expiresIn)||60*60*24*7},secret:r,rateLimit:w(f({},e.rateLimit),{enabled:(p=(l=e.rateLimit)==null?void 0:l.enabled)!=null?p:process.env.NODE_ENV!=="development",window:((m=e.rateLimit)==null?void 0:m.window)||60,max:((g=e.rateLimit)==null?void 0:g.max)||100,storage:((T=e.rateLimit)==null?void 0:T.storage)||"memory"}),authCookies:i,logger:ne({disabled:((k=e.logger)==null?void 0:k.disabled)||!1}),db:n,password:{hash:((b=(x=e.emailAndPassword)==null?void 0:x.password)==null?void 0:b.hash)||kt,verify:((P=(R=e.emailAndPassword)==null?void 0:R.password)==null?void 0:P.verify)||Rt,config:{minPasswordLength:((v=e.emailAndPassword)==null?void 0:v.minPasswordLength)||8,maxPasswordLength:((re=e.emailAndPassword)==null?void 0:re.maxPasswordLength)||128}},adapter:t,internalAdapter:Tt(t,n,e),createAuthCookie:je(e)}};var cd=e=>{let t=xt(e),{api:n}=fe(t,e);return{handler:o=>d(void 0,null,function*(){let r=t.options.basePath,i=new URL(o.url);if(!t.options.baseURL){let a=`${i.origin}/api/auth`;t.options.baseURL=a,t.baseURL=a}if(!t.options.baseURL)return new Response("Base URL not set",{status:400});if(i.pathname===r||i.pathname===`${r}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:s}=ut(t,e);return s(o)}),api:n,options:t.options,$Infer:{}}};export{cd as betterAuth};
|
package/dist/next-js.d.ts
CHANGED
package/dist/node.d.ts
CHANGED
package/dist/plugins.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
export { O as OrganizationOptions, b as Passkey, P as PasskeyOptions, W as WebAuthnCookieType, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, t as twoFactor, a as twoFactorClient, u as username } from './index-
|
|
1
|
+
export { O as OrganizationOptions, b as Passkey, P as PasskeyOptions, W as WebAuthnCookieType, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, t as twoFactor, a as twoFactorClient, u as username } from './index-BD5tEEdN.js';
|
|
2
2
|
export { i as ac } from './index-D6NOkCRo.js';
|
|
3
|
-
import { H as HookEndpointContext } from './index-
|
|
4
|
-
export {
|
|
3
|
+
import { H as HookEndpointContext, b as AuthContext } from './index-wJcPCm9A.js';
|
|
4
|
+
export { e as AuthEndpoint, f as AuthMiddleware, B as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-wJcPCm9A.js';
|
|
5
5
|
export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
|
|
6
6
|
import './index-C8A40nOX.js';
|
|
7
7
|
import 'arctic';
|
|
@@ -27,4 +27,31 @@ declare const bearer: () => {
|
|
|
27
27
|
};
|
|
28
28
|
};
|
|
29
29
|
|
|
30
|
-
|
|
30
|
+
interface Options {
|
|
31
|
+
/**
|
|
32
|
+
* By default, domain name will be extracted from base URL
|
|
33
|
+
* you can provide a custom domain name here
|
|
34
|
+
*/
|
|
35
|
+
domainName?: string;
|
|
36
|
+
/**
|
|
37
|
+
* List of cookies that should be shared across subdomains
|
|
38
|
+
*
|
|
39
|
+
* by default, only sessionToken, csrfToken and dontRememberToken
|
|
40
|
+
* cookies will be shared across subdomains
|
|
41
|
+
*/
|
|
42
|
+
eligibleCookies?: string[];
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* This plugin will update the domain of the cookies
|
|
46
|
+
* that are eligible to be shared across subdomains
|
|
47
|
+
* @param options
|
|
48
|
+
* @category Plugins
|
|
49
|
+
*/
|
|
50
|
+
declare const crossSubdomainCookies: (options?: Options) => {
|
|
51
|
+
id: "cross-subdomain-cookies";
|
|
52
|
+
onResponse(response: Response, ctx: AuthContext): Promise<{
|
|
53
|
+
response: Response;
|
|
54
|
+
} | undefined>;
|
|
55
|
+
};
|
|
56
|
+
|
|
57
|
+
export { bearer, crossSubdomainCookies };
|
package/dist/plugins.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
var
|
|
2
|
-
`)}}),de=ar();var Je=e=>{let r=new dr(e.clientId,e.clientSecret,b("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:n,scopes:t,codeVerifier:i,redirectURI:a}){if(!e.clientId||!e.clientSecret)throw de.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new C("CLIENT_ID_AND_SECRET_REQUIRED");if(!i)throw new C("codeVerifier is required for Google");let d=t||["email","profile"];return r.createAuthorizationURL(n,i,d)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(n){return s(this,null,function*(){var i;if(!n.idToken)return null;let t=(i=ur(n.idToken()))==null?void 0:i.payload;return{user:{id:t.sub,name:t.name,email:t.email,image:t.picture,emailVerified:t.email_verified},data:t}})}}};import{betterFetch as cr}from"@better-fetch/fetch";import{Spotify as lr}from"arctic";var Ke=e=>{let r=new lr(e.clientId,e.clientSecret,b("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:n,scopes:t}){let i=t||["user-read-email"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(n){return s(this,null,function*(){var a;let{data:t,error:i}=yield cr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i?null:{user:{id:t.id,name:t.display_name,email:t.email,image:(a=t.images[0])==null?void 0:a.url,emailVerified:!1},data:t}})}}};import{betterFetch as mr}from"@better-fetch/fetch";import{Twitch as pr}from"arctic";var Ze=e=>{let r=new pr(e.clientId,e.clientSecret,b("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:n,scopes:t}){let i=t||["activity:write","read"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield mr("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i?null:{user:{id:t.sub,name:t.preferred_username,email:t.email,image:t.picture,emailVerified:!1},data:t}})}}};import{betterFetch as fr}from"@better-fetch/fetch";import{Twitter as gr}from"arctic";var Qe=e=>{let r=new gr(e.clientId,e.clientSecret,b("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(n){let t=n.scopes||["account_info.read"];return r.createAuthorizationURL(n.state,n.codeVerifier,t)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield fr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i||!t.data.email?null:{user:{id:t.data.id,name:t.data.name,email:t.data.email,image:t.data.profile_image_url,emailVerified:t.data.verified||!1},data:t}})}}};import"arctic";var yr={apple:$e,discord:Ve,facebook:He,github:Ge,google:Je,spotify:Ke,twitch:Ze,twitter:Qe},Ye=Object.keys(yr);import{generateState as hr}from"oslo/oauth2";import{z as re}from"zod";function Xe(e,r,o){let n=hr();return{state:JSON.stringify({code:n,callbackURL:e,currentURL:r,dontRememberMe:o}),code:n}}function Te(e){return re.object({code:re.string(),callbackURL:re.string().optional(),currentURL:re.string().optional(),dontRememberMe:re.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as wr}from"better-call";var ue=(e,r=!1)=>{let o=new Date;return new Date(o.getTime()+(r?e*1e3:e))};import{TimeSpan as li}from"oslo";function T(e,r,o,n){return s(this,null,function*(){let t=e.context.authCookies.sessionToken.options;t.maxAge=o?void 0:t.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,r,e.context.secret,t),o&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function oe(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as et}from"zod";function Re(e){let r="127.0.0.1";if(process.env.NODE_ENV==="test")return r;let o=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let n of o){let t=e.headers.get(n);if(typeof t=="string"){let i=t.split(",")[0].trim();if(i)return i}}return null}var Pe=new Map;function br(e,r){if(!e.request)return"";let{method:o,url:n,headers:t}=e.request,i=e.request.headers.get("User-Agent")||"",a=Re(e.request)||"",d=JSON.stringify(t);return`${o}:${n}:${d}:${i}:${a}:${r}`}var tt=()=>c("/session",{method:"GET",requireHeaders:!0},e=>s(void 0,null,function*(){try{let r=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!r)return e.json(null,{status:401});let o=br(e,r),n=Pe.get(o);if(n){if(n.expiresAt>Date.now())return e.json(n.data);Pe.delete(o)}let t=yield e.context.internalAdapter.findSession(r);if(!t||t.session.expiresAt<new Date)return oe(e),t&&(yield e.context.internalAdapter.deleteSession(t.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(t);let a=e.context.sessionConfig.expiresIn,d=e.context.sessionConfig.updateAge;if(t.session.expiresAt.valueOf()-a*1e3+d*1e3<=Date.now()){let m=yield e.context.internalAdapter.updateSession(t.session.id,{expiresAt:ue(e.context.sessionConfig.expiresIn,!0)});if(!m)return oe(e),e.json(null,{status:401});let p=(m.expiresAt.valueOf()-Date.now())/1e3;return yield T(e,m.id,!1,{maxAge:p}),e.json({session:m,user:t.user})}return Pe.set(o,{data:t,expiresAt:Date.now()+5e3}),e.json(t)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}})),$=e=>s(void 0,null,function*(){return yield tt()(g(f({},e),{_flag:void 0}))}),A=M(e=>s(void 0,null,function*(){let r=yield $(e);if(!(r!=null&&r.session))throw new wr("UNAUTHORIZED");return{session:r}}));var Ar=c("/user/revoke-session",{method:"POST",body:et.object({id:et.string()}),use:[A],requireHeaders:!0},e=>s(void 0,null,function*(){let r=e.body.id,o=yield e.context.internalAdapter.findSession(r);if(!o)return e.json(null,{status:400});if(o.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(r)}catch(n){return e.context.logger.error(n),e.json(null,{status:500})}return e.json({status:!0})})),kr=c("/user/revoke-sessions",{method:"POST",use:[A],requireHeaders:!0},e=>s(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}return e.json({status:!0})}));var vr=c("/sign-in/social",{method:"POST",requireHeaders:!0,query:_.object({currentURL:_.string().optional()}).optional(),body:_.object({callbackURL:_.string().optional(),provider:_.enum(Ye),dontRememberMe:_.boolean().default(!1).optional()})},e=>s(void 0,null,function*(){var a,d,u,l;let r=e.context.socialProviders.find(m=>m.id===e.body.provider);if(!r)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new J("NOT_FOUND",{message:"Provider not found"});let o=e.context.authCookies,n=(a=e.query)!=null&&a.currentURL?new URL((d=e.query)==null?void 0:d.currentURL):null,t=(u=e.body.callbackURL)!=null&&u.startsWith("http")?e.body.callbackURL:`${n==null?void 0:n.origin}${e.body.callbackURL||""}`,i=Xe(t||(n==null?void 0:n.origin)||e.context.baseURL,(l=e.query)==null?void 0:l.currentURL);try{yield e.setSignedCookie(o.state.name,i.code,e.context.secret,o.state.options);let m=Or();yield e.setSignedCookie(o.pkCodeVerifier.name,m,e.context.secret,o.pkCodeVerifier.options);let p=r.createAuthorizationURL({state:i.state,codeVerifier:m});return p.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:p.toString(),state:i.state,codeVerifier:m,redirect:!0}}catch(m){throw new J("INTERNAL_SERVER_ERROR")}})),Ir=c("/sign-in/email",{method:"POST",body:_.object({email:_.string().email(),password:_.string(),callbackURL:_.string().optional(),dontRememberMe:_.boolean().default(!1).optional()})},e=>s(void 0,null,function*(){var m,p;if(!((p=(m=e.context.options)==null?void 0:m.emailAndPassword)!=null&&p.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new J("BAD_REQUEST",{message:"Email and password is not enabled"});let r=yield $(e);r&&(yield e.context.internalAdapter.deleteSession(r.session.id));let{email:o,password:n}=e.body;if(!_.string().email().safeParse(o).success)throw new J("BAD_REQUEST",{message:"Invalid email"});let i=yield e.context.internalAdapter.findUserByEmail(o);if(!i)throw yield e.context.password.hash(n),e.context.logger.error("User not found",{email:o}),new J("UNAUTHORIZED",{message:"Invalid email or password"});let a=i.accounts.find(y=>y.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:o}),new J("UNAUTHORIZED",{message:"Invalid email or password"});let d=a==null?void 0:a.password;if(!d)throw e.context.logger.error("Password not found",{email:o}),new J("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(d,n)))throw e.context.logger.error("Invalid password"),new J("UNAUTHORIZED",{message:"Invalid email or password"});let l=yield e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);return yield T(e,l.id,e.body.dontRememberMe),e.json({user:i.user,session:l,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as Pr}from"better-call";import{z as ce}from"zod";import{z as h}from"zod";var ji=h.object({id:h.string(),providerId:h.string(),accountId:h.string(),userId:h.string(),accessToken:h.string().nullable().optional(),refreshToken:h.string().nullable().optional(),idToken:h.string().nullable().optional(),expiresAt:h.date().nullable().optional(),password:h.string().optional().nullable()}),rt=h.object({id:h.string(),email:h.string().transform(e=>e.toLowerCase()),emailVerified:h.boolean().default(!1),name:h.string(),image:h.string().optional(),createdAt:h.date().default(new Date),updatedAt:h.date().default(new Date)}),Li=h.object({id:h.string(),userId:h.string(),expiresAt:h.date(),ipAddress:h.string().optional(),userAgent:h.string().optional()});import{alphabet as Tr,generateRandomString as Rr}from"oslo/crypto";var V=()=>Rr(36,Tr("a-z","0-9"));var K={isAction:!1};function Se(e){let r=e.accessToken(),o=e.hasRefreshToken()?e.refreshToken():void 0,n;try{n=e.accessTokenExpiresAt()}catch(t){}return{accessToken:r,refreshToken:o,expiresAt:n}}var Sr=c("/callback/:id",{method:"GET",query:ce.object({state:ce.string(),code:ce.string().optional(),error:ce.string().optional()}),metadata:K},e=>s(void 0,null,function*(){var I,S,B;if(e.query.error||!e.query.code){let z=((I=Te(e.query.state).data)==null?void 0:I.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${z}?error=${e.query.error||"oAuth_code_missing"}`)}let r=e.context.socialProviders.find(k=>k.id===e.params.id);if(!r)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let o=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),n;try{n=yield r.validateAuthorizationCode(e.query.code,o,`${e.context.baseURL}/callback/${r.id}`)}catch(k){throw e.context.logger.error(k),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let t=yield r.getUserInfo(n).then(k=>k==null?void 0:k.user),i=V(),a=rt.safeParse(g(f({},t),{id:i})),d=Te(e.query.state);if(!d.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:u,currentURL:l,dontRememberMe:m}=d.data;if(!t||a.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!u)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let p=yield e.context.internalAdapter.findUserByEmail(t.email),y=p==null?void 0:p.user.id;if(p){let k=p.accounts.find(N=>N.providerId===r.id),z=(B=(S=e.context.options.account)==null?void 0:S.accountLinking)==null?void 0:B.trustedProviders,ke=z?z.includes(r.id):!0;if(!k&&(!t.emailVerified||!ke)){let N;try{N=new URL(l||u),N.searchParams.set("error","account_not_linked")}catch(Me){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(N.toString())}if(!k)try{yield e.context.internalAdapter.linkAccount(f({providerId:r.id,accountId:t.id,id:`${r.id}:${t.id}`,userId:p.user.id},Se(n)))}catch(N){throw console.log(N),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(a.data,g(f({},Se(n)),{id:`${r.id}:${t.id}`,providerId:r.id,accountId:t.id,userId:i}))}catch(k){let z=new URL(l||u);throw z.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",z.toString()),e.redirect(z.toString())}if(!y&&!i)throw new Pr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let P=yield e.context.internalAdapter.createSession(y||i,e.request,m);try{yield T(e,P.id,m)}catch(k){e.context.logger.error("Unable to set session cookie",k);let z=new URL(l||u);throw z.searchParams.set("error","unable_to_create_session"),e.redirect(z.toString())}throw e.redirect(u)}));import{z as Ue}from"zod";var Ur=c("/sign-out",{method:"POST",body:Ue.optional(Ue.object({callbackURL:Ue.string().optional()}))},e=>s(void 0,null,function*(){var o,n;let r=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return r?(yield e.context.internalAdapter.deleteSession(r),oe(e),e.json(null,{body:{redirect:!!((o=e.body)!=null&&o.callbackURL),url:(n=e.body)==null?void 0:n.callbackURL}})):e.json(null)}));import{TimeSpan as Cr}from"oslo";import{createJWT as Er,parseJWT as zr}from"oslo/jwt";import{validateJWT as ot}from"oslo/jwt";import{z as j}from"zod";var _r=c("/forget-password",{method:"POST",body:j.object({email:j.string().email(),redirectTo:j.string()})},e=>s(void 0,null,function*(){var i;if(!((i=e.context.options.emailAndPassword)!=null&&i.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:r}=e.body,o=yield e.context.internalAdapter.findUserByEmail(r);if(!o)return e.json({status:!1},{body:{status:!0}});let n=yield Er("HS256",Buffer.from(e.context.secret),{email:o.user.email,redirectTo:e.body.redirectTo},{expiresIn:new Cr(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[o.user.email],includeIssuedTimestamp:!0}),t=`${e.context.baseURL}/reset-password/${n}`;return yield e.context.options.emailAndPassword.sendResetPassword(t,o.user),e.json({status:!0})})),jr=c("/reset-password/:token",{method:"GET"},e=>s(void 0,null,function*(){var i;let{token:r}=e.params,o,n=j.object({email:j.string(),redirectTo:j.string()});try{if(o=yield ot("HS256",Buffer.from(e.context.secret),r),!o.expiresAt||o.expiresAt<new Date)throw Error("Token expired")}catch(a){let d=zr(r),u=n.safeParse(d==null?void 0:d.payload);throw u.success?e.redirect(`${(i=u.data)==null?void 0:i.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:t}=n.parse(o.payload);throw e.redirect(`${t}?token=${r}`)})),Lr=c("/reset-password",{method:"POST",query:j.object({currentURL:j.string()}).optional(),body:j.object({newPassword:j.string(),callbackURL:j.string().optional()})},e=>s(void 0,null,function*(){var n,t,i;let r=(n=e.query)==null?void 0:n.currentURL.split("?token=")[1];if(!r)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:o}=e.body;try{let a=yield ot("HS256",Buffer.from(e.context.secret),r),d=j.string().email().parse(a.payload.email),u=yield e.context.internalAdapter.findUserByEmail(d);if(!u)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(o.length<(((t=e.context.options.emailAndPassword)==null?void 0:t.minPasswordLength)||8)||o.length>(((i=e.context.options.emailAndPassword)==null?void 0:i.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let l=yield e.context.password.hash(o);return(yield e.context.internalAdapter.updatePassword(u.user.id,l))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(a){return console.log(a),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as xr}from"oslo";import{createJWT as Br,validateJWT as Mr}from"oslo/jwt";import{z as D}from"zod";function ne(e,r){return s(this,null,function*(){return yield Br("HS256",Buffer.from(e),{email:r.toLowerCase()},{expiresIn:new xr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[r],includeIssuedTimestamp:!0})})}var Fr=c("/send-verification-email",{method:"POST",query:D.object({currentURL:D.string().optional()}).optional(),body:D.object({email:D.string().email(),callbackURL:D.string().optional()})},e=>s(void 0,null,function*(){var t,i;if(!((t=e.context.options.emailAndPassword)!=null&&t.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:r}=e.body,o=yield ne(e.context.secret,r),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||((i=e.query)==null?void 0:i.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(r,n,o),e.json({status:!0})})),Dr=c("/verify-email",{method:"GET",query:D.object({token:D.string(),callbackURL:D.string().optional()})},e=>s(void 0,null,function*(){let{token:r}=e.query,o;try{o=yield Mr("HS256",Buffer.from(e.context.secret),r)}catch(d){return e.context.logger.error("Failed to verify email",d),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let t=D.object({email:D.string().email()}).parse(o.payload),i=yield e.context.internalAdapter.findUserByEmail(t.email);if(!i)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!i.accounts.find(d=>d.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(t.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as H}from"zod";import{alphabet as qr,generateRandomString as Nr}from"oslo/crypto";import"better-call";var $r=c("/user/update",{method:"POST",body:H.object({name:H.string().optional(),image:H.string().optional()}),use:[A]},e=>s(void 0,null,function*(){let{name:r,image:o}=e.body,n=e.context.session;if(!o&&!r)return e.json(n.user);let t=yield e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o});return e.json(t)})),Vr=c("/user/change-password",{method:"POST",body:H.object({newPassword:H.string(),currentPassword:H.string(),revokeOtherSessions:H.boolean().optional()}),use:[A]},e=>s(void 0,null,function*(){let{newPassword:r,currentPassword:o,revokeOtherSessions:n}=e.body,t=e.context.session,i=e.context.password.config.minPasswordLength;if(r.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(r.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=(yield e.context.internalAdapter.findAccounts(t.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!u||!u.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let l=yield e.context.password.hash(r);if(!(yield e.context.password.verify(u.password,o)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(u.id,{password:l}),n){yield e.context.internalAdapter.deleteSessions(t.user.id);let p=yield e.context.internalAdapter.createSession(t.user.id,e.headers);yield T(e,p.id)}return e.json(t.user)})),Hr=c("/user/set-password",{method:"POST",body:H.object({newPassword:H.string()}),use:[A]},e=>s(void 0,null,function*(){let{newPassword:r}=e.body,o=e.context.session,n=e.context.password.config.minPasswordLength;if(r.length<n)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let t=e.context.password.config.maxPasswordLength;if(r.length>t)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let a=(yield e.context.internalAdapter.findAccounts(o.user.id)).find(u=>u.providerId==="credential"&&u.password),d=yield e.context.password.hash(r);return a?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:Nr(32,qr("a-z","0-9","A-Z")),userId:o.user.id,providerId:"credential",accountId:o.user.id,password:d}),e.json(o.user))}));import{alphabet as Kr,generateRandomString as Zr}from"oslo/crypto";import{xchacha20poly1305 as nt}from"@noble/ciphers/chacha";import{bytesToHex as Wr,hexToBytes as Gr,utf8ToBytes as Jr}from"@noble/ciphers/utils";import{managedNonce as it}from"@noble/ciphers/webcrypto";import{sha256 as st}from"@noble/hashes/sha256";function F(e,r){return s(this,null,function*(){let o=new TextEncoder,n={name:"HMAC",hash:"SHA-256"},t=yield crypto.subtle.importKey("raw",o.encode(e),n,!1,["sign","verify"]),i=yield crypto.subtle.sign(n.name,t,o.encode(r));return btoa(String.fromCharCode(...new Uint8Array(i)))})}var le=({key:e,data:r})=>{let o=st(e),n=Jr(r),t=it(nt)(o);return Wr(t.encrypt(n))},me=({key:e,data:r})=>{let o=st(e),n=Gr(r);return it(nt)(o).decrypt(n)};var Qr=c("/csrf",{method:"GET",metadata:K},e=>s(void 0,null,function*(){let r=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(r)return{csrfToken:r};let o=Zr(32,Kr("a-z","0-9","A-Z")),n=yield F(e.context.secret,o),t=`${o}!${n}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,t,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:o}}));var Yr=(e="Unknown")=>`<!DOCTYPE html>
|
|
1
|
+
var Fe=Object.defineProperty,Vt=Object.defineProperties;var Ht=Object.getOwnPropertyDescriptors;var De=Object.getOwnPropertySymbols;var Wt=Object.prototype.hasOwnProperty,Gt=Object.prototype.propertyIsEnumerable;var Oe=(e,r,o)=>r in e?Fe(e,r,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[r]=o,f=(e,r)=>{for(var o in r||(r={}))Wt.call(r,o)&&Oe(e,o,r[o]);if(De)for(var o of De(r))Gt.call(r,o)&&Oe(e,o,r[o]);return e},g=(e,r)=>Vt(e,Ht(r));var Jt=(e,r)=>{for(var o in r)Fe(e,o,{get:r[o],enumerable:!0})};var ae=(e,r,o)=>Oe(e,typeof r!="symbol"?r+"":r,o);var s=(e,r,o)=>new Promise((n,t)=>{var i=u=>{try{d(o.next(u))}catch(c){t(c)}},a=u=>{try{d(o.throw(u))}catch(c){t(c)}},d=u=>u.done?n(u.value):Promise.resolve(u.value).then(i,a);d((o=o.apply(e,r)).next())});import{APIError as Ct}from"better-call";import{z as se}from"zod";import{createEndpointCreator as Kt,createMiddleware as qe,createMiddlewareCreator as Zt}from"better-call";var Ne=qe(()=>s(void 0,null,function*(){return{}})),M=Zt({use:[Ne,qe(()=>s(void 0,null,function*(){return{}}))]}),l=Kt({use:[Ne]});import{APIError as J}from"better-call";import{generateCodeVerifier as Or}from"oslo/oauth2";import{z as _}from"zod";import"arctic";import{parseJWT as er}from"oslo/jwt";import"@better-fetch/fetch";var C=class extends Error{constructor(r,o,n){super(r),this.name="BetterAuthError",this.message=r,this.cause=o}};import{OAuth2Tokens as Yt}from"arctic";function Qt(e){try{return new URL(e).pathname!=="/"}catch(r){throw new C(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ve(e,r="/api/auth"){return Qt(e)?e:(r=r.startsWith("/")?r:`/${r}`,`${e}${r}`)}function Ie(e,r){if(e)return ve(e,r);let o=(process==null?void 0:process.env)||{},n=o.BETTER_AUTH_URL||o.NEXT_PUBLIC_BETTER_AUTH_URL||o.PUBLIC_BETTER_AUTH_URL||o.NUXT_PUBLIC_BETTER_AUTH_URL||o.NUXT_PUBLIC_AUTH_URL||(o.BASE_URL!=="/"?o.BASE_URL:void 0);if(n)return ve(n,r);if(typeof window!="undefined")return ve(window.location.origin,r)}import{betterFetch as Xt}from"@better-fetch/fetch";function b(e,r){return r||`${Ie()}/callback/${e}`}function E(i){return s(this,arguments,function*({code:e,codeVerifier:r,redirectURI:o,options:n,tokenEndpoint:t}){let a=new URLSearchParams;a.set("grant_type","authorization_code"),a.set("code",e),r&&a.set("code_verifier",r),a.set("redirect_uri",o),a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:d,error:u}=yield Xt(t,{method:"POST",body:a,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(u)throw u;return new Yt(d)})}var $e=e=>{let r="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:n,scopes:t,redirectURI:i}){let a=t||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${a.join(" ")}&state=${n}`)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("apple",e.redirectURI),options:e,tokenEndpoint:r})}),getUserInfo(n){return s(this,null,function*(){var i;let t=(i=er(n.idToken()))==null?void 0:i.payload;return t?{user:{id:t.sub,name:t.name,email:t.email,emailVerified:t.email_verified==="true"},data:t}:null})}}};import{betterFetch as tr}from"@better-fetch/fetch";import{Discord as rr}from"arctic";var Ve=e=>{let r=new rr(e.clientId,e.clientSecret,b("discord",e.redirectURI));return{id:"discord",name:"Discord",createAuthorizationURL({state:n,scopes:t}){let i=t||["email"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("discord",e.redirectURI),options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield tr("https://discord.com/api/users/@me",{auth:{type:"Bearer",token:n.accessToken()}});return i?null:{user:{id:t.id,name:t.display_name||t.username||"",email:t.email,emailVerified:t.verified},data:t}})}}};import{betterFetch as or}from"@better-fetch/fetch";import{Facebook as nr}from"arctic";var He=e=>{let r=new nr(e.clientId,e.clientSecret,b("facebook",e.redirectURI));return{id:"facebook",name:"Facebook",createAuthorizationURL({state:n,scopes:t}){let i=t||["email","public_profile"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("facebook",e.redirectURI),options:e,tokenEndpoint:"https://graph.facebook.com/v16.0/oauth/access_token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield or("https://graph.facebook.com/me",{auth:{type:"Bearer",token:n.accessToken()}});return i?null:{user:{id:t.id,name:t.name,email:t.email,emailVerified:t.email_verified},data:t}})}}};import{betterFetch as We}from"@better-fetch/fetch";import{GitHub as ir}from"arctic";var Ge=({clientId:e,clientSecret:r,redirectURI:o})=>{let n=new ir(e,r,b("github",o));return{id:"github",name:"Github",createAuthorizationURL({state:i,scopes:a}){let d=a||["user:email"];return n.createAuthorizationURL(i,d)},validateAuthorizationCode:i=>s(void 0,null,function*(){return yield n.validateAuthorizationCode(i)}),getUserInfo(i){return s(this,null,function*(){var c,m,p,y;let{data:a,error:d}=yield We("https://api.github.com/user",{auth:{type:"Bearer",token:i.accessToken()}});if(d)return null;let u=!1;if(!a.email){let{data:A,error:O}=yield We("https://api.github.com/user/emails",{auth:{type:"Bearer",token:i.accessToken()}});O||(a.email=(m=(c=A.find(S=>S.primary))!=null?c:A[0])==null?void 0:m.email,u=(y=(p=A.find(S=>S.email===a.email))==null?void 0:p.verified)!=null?y:!1)}return{user:{id:a.id,name:a.name,email:a.email,image:a.avatar_url,emailVerified:u,createdAt:new Date,updatedAt:new Date},data:a}})}}};import{Google as dr}from"arctic";import{parseJWT as ur}from"oslo/jwt";import{createConsola as sr}from"consola";var Z=sr({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ar=e=>({log:(...r)=>{!(e!=null&&e.disabled)&&Z.log("",...r)},error:(...r)=>{!(e!=null&&e.disabled)&&Z.error("",...r)},warn:(...r)=>{!(e!=null&&e.disabled)&&Z.warn("",...r)},info:(...r)=>{!(e!=null&&e.disabled)&&Z.info("",...r)},debug:(...r)=>{!(e!=null&&e.disabled)&&Z.debug("",...r)},box:(...r)=>{!(e!=null&&e.disabled)&&Z.box("",...r)},success:(...r)=>{!(e!=null&&e.disabled)&&Z.success("",...r)},break:(...r)=>{!(e!=null&&e.disabled)&&console.log(`
|
|
2
|
+
`)}}),de=ar();var Je=e=>{let r=new dr(e.clientId,e.clientSecret,b("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:n,scopes:t,codeVerifier:i,redirectURI:a}){if(!e.clientId||!e.clientSecret)throw de.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new C("CLIENT_ID_AND_SECRET_REQUIRED");if(!i)throw new C("codeVerifier is required for Google");let d=t||["email","profile"];return r.createAuthorizationURL(n,i,d)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(n){return s(this,null,function*(){var i;if(!n.idToken)return null;let t=(i=ur(n.idToken()))==null?void 0:i.payload;return{user:{id:t.sub,name:t.name,email:t.email,image:t.picture,emailVerified:t.email_verified},data:t}})}}};import{betterFetch as cr}from"@better-fetch/fetch";import{Spotify as lr}from"arctic";var Ke=e=>{let r=new lr(e.clientId,e.clientSecret,b("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:n,scopes:t}){let i=t||["user-read-email"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(n){return s(this,null,function*(){var a;let{data:t,error:i}=yield cr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i?null:{user:{id:t.id,name:t.display_name,email:t.email,image:(a=t.images[0])==null?void 0:a.url,emailVerified:!1},data:t}})}}};import{betterFetch as mr}from"@better-fetch/fetch";import{Twitch as pr}from"arctic";var Ze=e=>{let r=new pr(e.clientId,e.clientSecret,b("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:n,scopes:t}){let i=t||["activity:write","read"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield mr("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i?null:{user:{id:t.sub,name:t.preferred_username,email:t.email,image:t.picture,emailVerified:!1},data:t}})}}};import{betterFetch as fr}from"@better-fetch/fetch";import{Twitter as gr}from"arctic";var Qe=e=>{let r=new gr(e.clientId,e.clientSecret,b("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(n){let t=n.scopes||["account_info.read"];return r.createAuthorizationURL(n.state,n.codeVerifier,t)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield fr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i||!t.data.email?null:{user:{id:t.data.id,name:t.data.name,email:t.data.email,image:t.data.profile_image_url,emailVerified:t.data.verified||!1},data:t}})}}};import"arctic";var yr={apple:$e,discord:Ve,facebook:He,github:Ge,google:Je,spotify:Ke,twitch:Ze,twitter:Qe},Ye=Object.keys(yr);import{generateState as hr}from"oslo/oauth2";import{z as re}from"zod";function Xe(e,r,o){let n=hr();return{state:JSON.stringify({code:n,callbackURL:e,currentURL:r,dontRememberMe:o}),code:n}}function Re(e){return re.object({code:re.string(),callbackURL:re.string().optional(),currentURL:re.string().optional(),dontRememberMe:re.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as wr}from"better-call";var ue=(e,r=!1)=>{let o=new Date;return new Date(o.getTime()+(r?e*1e3:e))};import{TimeSpan as li}from"oslo";function T(e,r,o,n){return s(this,null,function*(){let t=e.context.authCookies.sessionToken.options;t.maxAge=o?void 0:t.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,r,e.context.secret,t),o&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function oe(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as et}from"zod";function Te(e){let r="127.0.0.1";if(process.env.NODE_ENV==="test")return r;let o=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let n of o){let t=e.headers.get(n);if(typeof t=="string"){let i=t.split(",")[0].trim();if(i)return i}}return null}var Pe=new Map;function br(e,r){if(!e.request)return"";let{method:o,url:n,headers:t}=e.request,i=e.request.headers.get("User-Agent")||"",a=Te(e.request)||"",d=JSON.stringify(t);return`${o}:${n}:${d}:${i}:${a}:${r}`}var tt=()=>l("/session",{method:"GET",requireHeaders:!0},e=>s(void 0,null,function*(){try{let r=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!r)return e.json(null,{status:401});let o=br(e,r),n=Pe.get(o);if(n){if(n.expiresAt>Date.now())return e.json(n.data);Pe.delete(o)}let t=yield e.context.internalAdapter.findSession(r);if(!t||t.session.expiresAt<new Date)return oe(e),t&&(yield e.context.internalAdapter.deleteSession(t.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(t);let a=e.context.sessionConfig.expiresIn,d=e.context.sessionConfig.updateAge;if(t.session.expiresAt.valueOf()-a*1e3+d*1e3<=Date.now()){let m=yield e.context.internalAdapter.updateSession(t.session.id,{expiresAt:ue(e.context.sessionConfig.expiresIn,!0)});if(!m)return oe(e),e.json(null,{status:401});let p=(m.expiresAt.valueOf()-Date.now())/1e3;return yield T(e,m.id,!1,{maxAge:p}),e.json({session:m,user:t.user})}return Pe.set(o,{data:t,expiresAt:Date.now()+5e3}),e.json(t)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}})),$=e=>s(void 0,null,function*(){return yield tt()(g(f({},e),{_flag:void 0}))}),k=M(e=>s(void 0,null,function*(){let r=yield $(e);if(!(r!=null&&r.session))throw new wr("UNAUTHORIZED");return{session:r}}));var kr=l("/user/revoke-session",{method:"POST",body:et.object({id:et.string()}),use:[k],requireHeaders:!0},e=>s(void 0,null,function*(){let r=e.body.id,o=yield e.context.internalAdapter.findSession(r);if(!o)return e.json(null,{status:400});if(o.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(r)}catch(n){return e.context.logger.error(n),e.json(null,{status:500})}return e.json({status:!0})})),Ar=l("/user/revoke-sessions",{method:"POST",use:[k],requireHeaders:!0},e=>s(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}return e.json({status:!0})}));var vr=l("/sign-in/social",{method:"POST",requireHeaders:!0,query:_.object({currentURL:_.string().optional()}).optional(),body:_.object({callbackURL:_.string().optional(),provider:_.enum(Ye),dontRememberMe:_.boolean().default(!1).optional()})},e=>s(void 0,null,function*(){var a,d,u,c;let r=e.context.socialProviders.find(m=>m.id===e.body.provider);if(!r)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new J("NOT_FOUND",{message:"Provider not found"});let o=e.context.authCookies,n=(a=e.query)!=null&&a.currentURL?new URL((d=e.query)==null?void 0:d.currentURL):null,t=(u=e.body.callbackURL)!=null&&u.startsWith("http")?e.body.callbackURL:`${n==null?void 0:n.origin}${e.body.callbackURL||""}`,i=Xe(t||(n==null?void 0:n.origin)||e.context.baseURL,(c=e.query)==null?void 0:c.currentURL);try{yield e.setSignedCookie(o.state.name,i.code,e.context.secret,o.state.options);let m=Or();yield e.setSignedCookie(o.pkCodeVerifier.name,m,e.context.secret,o.pkCodeVerifier.options);let p=r.createAuthorizationURL({state:i.state,codeVerifier:m});return p.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:p.toString(),state:i.state,codeVerifier:m,redirect:!0}}catch(m){throw new J("INTERNAL_SERVER_ERROR")}})),Ir=l("/sign-in/email",{method:"POST",body:_.object({email:_.string().email(),password:_.string(),callbackURL:_.string().optional(),dontRememberMe:_.boolean().default(!1).optional()})},e=>s(void 0,null,function*(){var m,p;if(!((p=(m=e.context.options)==null?void 0:m.emailAndPassword)!=null&&p.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new J("BAD_REQUEST",{message:"Email and password is not enabled"});let r=yield $(e);r&&(yield e.context.internalAdapter.deleteSession(r.session.id));let{email:o,password:n}=e.body;if(!_.string().email().safeParse(o).success)throw new J("BAD_REQUEST",{message:"Invalid email"});let i=yield e.context.internalAdapter.findUserByEmail(o);if(!i)throw yield e.context.password.hash(n),e.context.logger.error("User not found",{email:o}),new J("UNAUTHORIZED",{message:"Invalid email or password"});let a=i.accounts.find(y=>y.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:o}),new J("UNAUTHORIZED",{message:"Invalid email or password"});let d=a==null?void 0:a.password;if(!d)throw e.context.logger.error("Password not found",{email:o}),new J("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(d,n)))throw e.context.logger.error("Invalid password"),new J("UNAUTHORIZED",{message:"Invalid email or password"});let c=yield e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);return yield T(e,c.id,e.body.dontRememberMe),e.json({user:i.user,session:c,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as Pr}from"better-call";import{z as ce}from"zod";import{z as h}from"zod";var Li=h.object({id:h.string(),providerId:h.string(),accountId:h.string(),userId:h.string(),accessToken:h.string().nullable().optional(),refreshToken:h.string().nullable().optional(),idToken:h.string().nullable().optional(),expiresAt:h.date().nullable().optional(),password:h.string().optional().nullable()}),rt=h.object({id:h.string(),email:h.string().transform(e=>e.toLowerCase()),emailVerified:h.boolean().default(!1),name:h.string(),image:h.string().optional(),createdAt:h.date().default(new Date),updatedAt:h.date().default(new Date)}),ji=h.object({id:h.string(),userId:h.string(),expiresAt:h.date(),ipAddress:h.string().optional(),userAgent:h.string().optional()});import{alphabet as Rr,generateRandomString as Tr}from"oslo/crypto";var V=()=>Tr(36,Rr("a-z","0-9"));var K={isAction:!1};function Se(e){let r=e.accessToken(),o=e.hasRefreshToken()?e.refreshToken():void 0,n;try{n=e.accessTokenExpiresAt()}catch(t){}return{accessToken:r,refreshToken:o,expiresAt:n}}var Sr=l("/callback/:id",{method:"GET",query:ce.object({state:ce.string(),code:ce.string().optional(),error:ce.string().optional()}),metadata:K},e=>s(void 0,null,function*(){var O,S,B;if(e.query.error||!e.query.code){let z=((O=Re(e.query.state).data)==null?void 0:O.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${z}?error=${e.query.error||"oAuth_code_missing"}`)}let r=e.context.socialProviders.find(v=>v.id===e.params.id);if(!r)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let o=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),n;try{n=yield r.validateAuthorizationCode(e.query.code,o,`${e.context.baseURL}/callback/${r.id}`)}catch(v){throw e.context.logger.error(v),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let t=yield r.getUserInfo(n).then(v=>v==null?void 0:v.user),i=V(),a=rt.safeParse(g(f({},t),{id:i})),d=Re(e.query.state);if(!d.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:u,currentURL:c,dontRememberMe:m}=d.data;if(!t||a.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!u)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let p=yield e.context.internalAdapter.findUserByEmail(t.email),y=p==null?void 0:p.user.id;if(p){let v=p.accounts.find(N=>N.providerId===r.id),z=(B=(S=e.context.options.account)==null?void 0:S.accountLinking)==null?void 0:B.trustedProviders,Ae=z?z.includes(r.id):!0;if(!v&&(!t.emailVerified||!Ae)){let N;try{N=new URL(c||u),N.searchParams.set("error","account_not_linked")}catch(Me){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(N.toString())}if(!v)try{yield e.context.internalAdapter.linkAccount(f({providerId:r.id,accountId:t.id,id:`${r.id}:${t.id}`,userId:p.user.id},Se(n)))}catch(N){throw console.log(N),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(a.data,g(f({},Se(n)),{id:`${r.id}:${t.id}`,providerId:r.id,accountId:t.id,userId:i}))}catch(v){let z=new URL(c||u);throw z.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",z.toString()),e.redirect(z.toString())}if(!y&&!i)throw new Pr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let A=yield e.context.internalAdapter.createSession(y||i,e.request,m);try{yield T(e,A.id,m)}catch(v){e.context.logger.error("Unable to set session cookie",v);let z=new URL(c||u);throw z.searchParams.set("error","unable_to_create_session"),e.redirect(z.toString())}throw e.redirect(u)}));import{z as Ue}from"zod";var Ur=l("/sign-out",{method:"POST",body:Ue.optional(Ue.object({callbackURL:Ue.string().optional()}))},e=>s(void 0,null,function*(){var o,n;let r=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return r?(yield e.context.internalAdapter.deleteSession(r),oe(e),e.json(null,{body:{redirect:!!((o=e.body)!=null&&o.callbackURL),url:(n=e.body)==null?void 0:n.callbackURL}})):e.json(null)}));import{TimeSpan as Cr}from"oslo";import{createJWT as Er,parseJWT as zr}from"oslo/jwt";import{validateJWT as ot}from"oslo/jwt";import{z as L}from"zod";var _r=l("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()})},e=>s(void 0,null,function*(){var i;if(!((i=e.context.options.emailAndPassword)!=null&&i.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:r}=e.body,o=yield e.context.internalAdapter.findUserByEmail(r);if(!o)return e.json({status:!1},{body:{status:!0}});let n=yield Er("HS256",Buffer.from(e.context.secret),{email:o.user.email,redirectTo:e.body.redirectTo},{expiresIn:new Cr(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[o.user.email],includeIssuedTimestamp:!0}),t=`${e.context.baseURL}/reset-password/${n}`;return yield e.context.options.emailAndPassword.sendResetPassword(t,o.user),e.json({status:!0})})),Lr=l("/reset-password/:token",{method:"GET"},e=>s(void 0,null,function*(){var i;let{token:r}=e.params,o,n=L.object({email:L.string(),redirectTo:L.string()});try{if(o=yield ot("HS256",Buffer.from(e.context.secret),r),!o.expiresAt||o.expiresAt<new Date)throw Error("Token expired")}catch(a){let d=zr(r),u=n.safeParse(d==null?void 0:d.payload);throw u.success?e.redirect(`${(i=u.data)==null?void 0:i.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:t}=n.parse(o.payload);throw e.redirect(`${t}?token=${r}`)})),jr=l("/reset-password",{method:"POST",query:L.object({currentURL:L.string()}).optional(),body:L.object({newPassword:L.string(),callbackURL:L.string().optional()})},e=>s(void 0,null,function*(){var n,t,i;let r=(n=e.query)==null?void 0:n.currentURL.split("?token=")[1];if(!r)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:o}=e.body;try{let a=yield ot("HS256",Buffer.from(e.context.secret),r),d=L.string().email().parse(a.payload.email),u=yield e.context.internalAdapter.findUserByEmail(d);if(!u)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(o.length<(((t=e.context.options.emailAndPassword)==null?void 0:t.minPasswordLength)||8)||o.length>(((i=e.context.options.emailAndPassword)==null?void 0:i.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let c=yield e.context.password.hash(o);return(yield e.context.internalAdapter.updatePassword(u.user.id,c))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(a){return console.log(a),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as xr}from"oslo";import{createJWT as Br,validateJWT as Mr}from"oslo/jwt";import{z as F}from"zod";function ne(e,r){return s(this,null,function*(){return yield Br("HS256",Buffer.from(e),{email:r.toLowerCase()},{expiresIn:new xr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[r],includeIssuedTimestamp:!0})})}var Dr=l("/send-verification-email",{method:"POST",query:F.object({currentURL:F.string().optional()}).optional(),body:F.object({email:F.string().email(),callbackURL:F.string().optional()})},e=>s(void 0,null,function*(){var t,i;if(!((t=e.context.options.emailAndPassword)!=null&&t.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:r}=e.body,o=yield ne(e.context.secret,r),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||((i=e.query)==null?void 0:i.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(r,n,o),e.json({status:!0})})),Fr=l("/verify-email",{method:"GET",query:F.object({token:F.string(),callbackURL:F.string().optional()})},e=>s(void 0,null,function*(){let{token:r}=e.query,o;try{o=yield Mr("HS256",Buffer.from(e.context.secret),r)}catch(d){return e.context.logger.error("Failed to verify email",d),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let t=F.object({email:F.string().email()}).parse(o.payload),i=yield e.context.internalAdapter.findUserByEmail(t.email);if(!i)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!i.accounts.find(d=>d.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(t.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as H}from"zod";import{alphabet as qr,generateRandomString as Nr}from"oslo/crypto";import"better-call";var $r=l("/user/update",{method:"POST",body:H.object({name:H.string().optional(),image:H.string().optional()}),use:[k]},e=>s(void 0,null,function*(){let{name:r,image:o}=e.body,n=e.context.session;if(!o&&!r)return e.json(n.user);let t=yield e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o});return e.json(t)})),Vr=l("/user/change-password",{method:"POST",body:H.object({newPassword:H.string(),currentPassword:H.string(),revokeOtherSessions:H.boolean().optional()}),use:[k]},e=>s(void 0,null,function*(){let{newPassword:r,currentPassword:o,revokeOtherSessions:n}=e.body,t=e.context.session,i=e.context.password.config.minPasswordLength;if(r.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(r.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=(yield e.context.internalAdapter.findAccounts(t.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!u||!u.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let c=yield e.context.password.hash(r);if(!(yield e.context.password.verify(u.password,o)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(u.id,{password:c}),n){yield e.context.internalAdapter.deleteSessions(t.user.id);let p=yield e.context.internalAdapter.createSession(t.user.id,e.headers);yield T(e,p.id)}return e.json(t.user)})),Hr=l("/user/set-password",{method:"POST",body:H.object({newPassword:H.string()}),use:[k]},e=>s(void 0,null,function*(){let{newPassword:r}=e.body,o=e.context.session,n=e.context.password.config.minPasswordLength;if(r.length<n)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let t=e.context.password.config.maxPasswordLength;if(r.length>t)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let a=(yield e.context.internalAdapter.findAccounts(o.user.id)).find(u=>u.providerId==="credential"&&u.password),d=yield e.context.password.hash(r);return a?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:Nr(32,qr("a-z","0-9","A-Z")),userId:o.user.id,providerId:"credential",accountId:o.user.id,password:d}),e.json(o.user))}));import{alphabet as Kr,generateRandomString as Zr}from"oslo/crypto";import{xchacha20poly1305 as nt}from"@noble/ciphers/chacha";import{bytesToHex as Wr,hexToBytes as Gr,utf8ToBytes as Jr}from"@noble/ciphers/utils";import{managedNonce as it}from"@noble/ciphers/webcrypto";import{sha256 as st}from"@noble/hashes/sha256";function D(e,r){return s(this,null,function*(){let o=new TextEncoder,n={name:"HMAC",hash:"SHA-256"},t=yield crypto.subtle.importKey("raw",o.encode(e),n,!1,["sign","verify"]),i=yield crypto.subtle.sign(n.name,t,o.encode(r));return btoa(String.fromCharCode(...new Uint8Array(i)))})}var le=({key:e,data:r})=>{let o=st(e),n=Jr(r),t=it(nt)(o);return Wr(t.encrypt(n))},me=({key:e,data:r})=>{let o=st(e),n=Gr(r);return it(nt)(o).decrypt(n)};var Qr=l("/csrf",{method:"GET",metadata:K},e=>s(void 0,null,function*(){let r=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(r)return{csrfToken:r};let o=Zr(32,Kr("a-z","0-9","A-Z")),n=yield D(e.context.secret,o),t=`${o}!${n}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,t,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:o}}));var Yr=(e="Unknown")=>`<!DOCTYPE html>
|
|
3
3
|
<html lang="en">
|
|
4
4
|
<head>
|
|
5
5
|
<meta charset="UTF-8">
|
|
@@ -79,4 +79,4 @@ var De=Object.defineProperty,Vt=Object.defineProperties;var Ht=Object.getOwnProp
|
|
|
79
79
|
<div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
|
|
80
80
|
</div>
|
|
81
81
|
</body>
|
|
82
|
-
</html>`,Xr=c("/error",{method:"GET",metadata:K},e=>s(void 0,null,function*(){var o;let r=new URL(((o=e.request)==null?void 0:o.url)||"").searchParams.get("error")||"Unknown";return new Response(Yr(r),{headers:{"Content-Type":"text/html"}})}));var eo=c("/ok",{method:"GET",metadata:K},e=>s(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as dt,generateRandomString as ut}from"oslo/crypto";import{z as W}from"zod";var at=(e,r)=>{let o={};for(let[n,t]of Object.entries(e))o[n]=i=>t(g(f({},i),{context:f(f({},r),i.context)})),o[n].path=t.path,o[n].method=t.method,o[n].options=t.options,o[n].headers=t.headers;return o};function Ce(e,r){return s(this,null,function*(){let o=yield e.context.internalAdapter.findAccounts(r.userId),n=o==null?void 0:o.find(a=>a.providerId==="credential"),t=n==null?void 0:n.password;return!n||!t?!1:yield e.context.password.verify(t,r.password)})}var Ee=c("/sign-up/email",{method:"POST",query:W.object({currentURL:W.string().optional()}).optional(),body:W.object({name:W.string(),email:W.string(),password:W.string(),image:W.string().optional(),callbackURL:W.string().optional()})},e=>s(void 0,null,function*(){var y,P,I,S;if(!((y=e.context.options.emailAndPassword)!=null&&y.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:r,email:o,password:n,image:t}=e.body;if(!W.string().email().safeParse(o).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let a=e.context.password.config.minPasswordLength;if(n.length<a)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(n.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=yield e.context.internalAdapter.findUserByEmail(o),l=yield e.context.password.hash(n);if(u!=null&&u.user)return e.json(null,{status:400,body:{message:"User already exists"}});let m=yield e.context.internalAdapter.createUser({id:ut(32,dt("a-z","0-9","A-Z")),email:o.toLowerCase(),name:r,image:t,emailVerified:!1,createdAt:new Date,updatedAt:new Date});yield e.context.internalAdapter.linkAccount({id:ut(32,dt("a-z","0-9","A-Z")),userId:m.id,providerId:"credential",accountId:m.id,password:l});let p=yield e.context.internalAdapter.createSession(m.id,e.request);if(yield T(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let B=yield ne(e.context.secret,m.email),k=`${e.context.baseURL}/verify-email?token=${B}&callbackURL=${e.body.callbackURL||((P=e.query)==null?void 0:P.currentURL)||"/"}`;yield(S=(I=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:S.call(I,m.email,k,B)}return e.json({user:m,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:m,session:p}})}));var _e={};Jt(_e,{AccessControl:()=>ie,ParsingError:()=>Q,Role:()=>ee,adminAc:()=>mt,createAccessControl:()=>ct,defaultAc:()=>pe,defaultRoles:()=>ze,defaultStatements:()=>lt,memberAc:()=>ft,ownerAc:()=>pt,permissionFromString:()=>to});var Q=class extends Error{constructor(o,n){super(o);ae(this,"path");this.path=n}},ie=class{constructor(r){this.s=r;ae(this,"statements");this.statements=r}newRole(r){return new ee(r)}},ee=class e{constructor(r){ae(this,"statements");this.statements=r}authorize(r,o){for(let[n,t]of Object.entries(r)){let i=this.statements[n];if(!i)return{success:!1,error:`You are not allowed to access resource: ${n}`};let a=o==="OR"?t.some(d=>i.includes(d)):t.every(d=>i.includes(d));return a?{success:a}:{success:!1,error:`unauthorized to access resource "${n}"`}}return{success:!1,error:"Not authorized"}}static fromString(r){let o=JSON.parse(r);if(typeof o!="object")throw new Q("statements is not an object",".");for(let[n,t]of Object.entries(o)){if(typeof n!="string")throw new Q("invalid resource identifier",n);if(!Array.isArray(t))throw new Q("actions is not an array",n);for(let i=0;i<t.length;i++)if(typeof t[i]!="string")throw new Q("action is not a string",`${n}[${i}]`)}return new e(o)}toString(){return JSON.stringify(this.statements)}};var ct=e=>new ie(e),lt={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},pe=ct(lt),mt=pe.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),pt=pe.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),ft=pe.newRole({organization:[],member:[],invitation:[]}),ze={admin:mt,owner:pt,member:ft};var to=e=>ee.fromString(e!=null?e:"");var ro={findFullOrganization:(e,r)=>s(void 0,null,function*(){let o=yield r==null?void 0:r.selectFrom("organization").leftJoin("member","organization.id","member.organizationId").leftJoin("invitation","organization.id","invitation.organizationId").leftJoin("user","member.userId","user.id").where("organization.id","=",e).select(["organization.id as org_id","organization.name as org_name","organization.slug as org_slug","organization.logo as org_logo","organization.metadata as org_metadata","organization.createdAt as org_createdAt","member.id as member_id","member.userId as member_user_id","member.role as member_role","member.createdAt as member_createdAt","invitation.id as invitation_id","invitation.email as invitation_email","invitation.status as invitation_status","invitation.expiresAt as invitation_expiresAt","invitation.role as invitation_role","invitation.inviterId as invitation_inviterId","user.id as user_id","user.name as user_name","user.email as user_email","user.image as user_image"]).execute();if(!o||o.length===0)return null;let n={id:o[0].org_id,name:o[0].org_name,slug:o[0].org_slug,logo:o[0].org_logo,metadata:o[0].org_metadata?JSON.parse(o[0].org_metadata):void 0,createdAt:o[0].org_createdAt,members:[],invitations:[]};return o.forEach(t=>{t.member_id&&(n.members.find(a=>a.id===t.member_id)||n.members.push({id:t.member_id,userId:t.member_user_id,role:t.member_role,createdAt:t.member_createdAt,user:{id:t.user_id,name:t.user_name,email:t.user_email,image:t.user_image},email:t.user_email,organizationId:t.org_id})),t.invitation_id&&n.invitations.push({id:t.invitation_id,email:t.invitation_email,status:t.invitation_status,expiresAt:t.invitation_expiresAt,organizationId:t.org_id,role:t.invitation_role,inviterId:t.invitation_inviterId})}),n})},O=(e,r)=>({findOrganizationBySlug:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"slug",value:o}]})}),createOrganization:o=>s(void 0,null,function*(){let n=yield e.create({model:"organization",data:g(f({},o.organization),{metadata:o.organization.metadata?JSON.stringify(o.organization.metadata):void 0})}),t=yield e.create({model:"member",data:{id:V(),organizationId:n.id,userId:o.user.id,createdAt:new Date,email:o.user.email,role:(r==null?void 0:r.creatorRole)||"owner"}});return g(f({},n),{metadata:n.metadata?JSON.parse(n.metadata):void 0,members:[g(f({},t),{user:{id:o.user.id,name:o.user.name,email:o.user.email,image:o.user.image}})]})}),findMemberByEmail:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberByOrgId:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"userId",value:o.userId},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberById:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"id",value:o}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),createMember:o=>s(void 0,null,function*(){return yield e.create({model:"member",data:o})}),updateMember:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"member",where:[{field:"id",value:o}],update:{role:n}})}),deleteMember:o=>s(void 0,null,function*(){return yield e.delete({model:"member",where:[{field:"id",value:o}]})}),updateOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"organization",where:[{field:"id",value:o}],update:n})}),deleteOrganization:o=>s(void 0,null,function*(){let n=yield e.delete({model:"organization",where:[{field:"id",value:o}]});return o}),setActiveOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"session",where:[{field:"id",value:o}],update:{activeOrganizationId:n}})}),findOrganizationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"id",value:o}]})}),findFullOrganization:(o,n)=>s(void 0,null,function*(){function t(){return s(this,null,function*(){let i=yield e.findOne({model:"organization",where:[{field:"id",value:o}]}),a=yield e.findMany({model:"invitation",where:[{field:"organizationId",value:o}]}),d=yield e.findMany({model:"member",where:[{field:"organizationId",value:o}]}),u=yield Promise.all(d.map(m=>s(this,null,function*(){let p=yield e.findOne({model:"user",where:[{field:"id",value:m.userId}]});if(!p)throw new C("Unexpected error: User not found for member");return g(f({},m),{user:{id:p.id,name:p.name,email:p.email,image:p.image}})})));return g(f({},i),{invitations:a,members:u})})}return n?ro.findFullOrganization(o,n):t()}),listOrganizations:o=>s(void 0,null,function*(){let n=yield e.findMany({model:"member",where:[{field:"userId",value:o}]}),t=n==null?void 0:n.map(a=>a.organizationId);if(!t)return[];let i=[];for(let a of t){let d=yield e.findOne({model:"organization",where:[{field:"id",value:a}]});d&&i.push(d)}return i}),createInvitation:t=>s(void 0,[t],function*({invitation:o,user:n}){let a=ue((r==null?void 0:r.invitationExpiresIn)||1728e5);return yield e.create({model:"invitation",data:{id:V(),email:o.email,role:o.role,organizationId:o.organizationId,status:"pending",expiresAt:a,inviterId:n.id}})}),findInvitationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"invitation",where:[{field:"id",value:o}]})}),findPendingInvitation:o=>s(void 0,null,function*(){return(yield e.findMany({model:"invitation",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId},{field:"status",value:"pending"}]})).filter(t=>new Date(t.expiresAt)>new Date)}),updateInvitation:o=>s(void 0,null,function*(){return yield e.update({model:"invitation",where:[{field:"id",value:o.invitationId}],update:{status:o.status}})})});import"better-call";import{APIError as ld,createRouter as md}from"better-call";import{APIError as gt}from"better-call";import{z as yt}from"zod";var oo=M({body:yt.object({csrfToken:yt.string().optional()}).optional()},e=>s(void 0,null,function*(){var d,u,l,m;if(((d=e.request)==null?void 0:d.method)!=="POST"||(u=e.context.options.advanced)!=null&&u.disableCSRFCheck)return;let r=new URL(e.request.url);if(r.origin===new URL(e.context.baseURL).origin||(l=e.context.options.trustedOrigins)!=null&&l.includes(r.origin))return;let o=(m=e.body)==null?void 0:m.csrfToken,n=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[t,i]=(n==null?void 0:n.split("!"))||[null,null];if(!o||!n||!t||!i||n!==o)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=yield F(e.context.secret,t);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import Od from"chalk";var R=M(e=>s(void 0,null,function*(){return{}})),U=M({use:[A]},e=>s(void 0,null,function*(){return{session:e.context.session}}));import{z as L}from"zod";import{z as w}from"zod";var fe=w.enum(["admin","member","owner"]),no=w.enum(["pending","accepted","rejected","canceled"]).default("pending"),Md=w.object({id:w.string(),name:w.string(),slug:w.string(),logo:w.string().optional(),metadata:w.record(w.string()).or(w.string().transform(e=>JSON.parse(e))).optional(),createdAt:w.date()}),Fd=w.object({id:w.string(),email:w.string(),organizationId:w.string(),userId:w.string(),role:fe,createdAt:w.date()}),Dd=w.object({id:w.string(),organizationId:w.string(),email:w.string(),role:fe,status:no,inviterId:w.string(),expiresAt:w.date()});var ht=c("/organization/invite-member",{method:"POST",use:[R,U],body:L.object({email:L.string(),role:fe,organizationId:L.string().optional(),resend:L.boolean().optional()})},e=>s(void 0,null,function*(){var p,y;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({invitation:["create"]}).error)return e.json(null,{body:{message:"You are not allowed to invite users to this organization"},status:403});if(yield n.findMemberByEmail({email:e.body.email,organizationId:o}))return e.json(null,{status:400,body:{message:"User is already a member of this organization"}});if((yield n.findPendingInvitation({email:e.body.email,organizationId:o})).length&&!e.body.resend)return e.json(null,{status:400,body:{message:"User is already invited to this organization"}});let l=yield n.createInvitation({invitation:{role:e.body.role,email:e.body.email,organizationId:o},user:r.user}),m=yield n.findOrganizationById(o);return m?(yield(y=(p=e.context.orgOptions).sendInvitationEmail)==null?void 0:y.call(p,{id:l.id,role:l.role,email:l.email,organization:m,inviter:g(f({},t),{user:r.user})},e.request),e.json(l)):e.json(null,{status:400,body:{message:"Organization not found!"}})})),wt=c("/organization/accept-invitation",{method:"POST",body:L.object({invitationId:L.string()}),use:[R,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"accepted"}),i=yield o.createMember({id:V(),organizationId:n.organizationId,userId:r.user.id,email:n.email,role:n.role,createdAt:new Date});return yield o.setActiveOrganization(r.session.id,n.organizationId),t?e.json({invitation:t,member:i}):e.json(null,{status:400,body:{message:"Invitation not found!"}})})),bt=c("/organization/reject-invitation",{method:"POST",body:L.object({invitationId:L.string()}),use:[R,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"rejected"});return e.json({invitation:t,member:null})})),At=c("/organization/cancel-invitation",{method:"POST",body:L.object({invitationId:L.string()}),use:[R,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n)return e.json(null,{status:400,body:{message:"Invitation not found!"}});let t=yield o.findMemberByOrgId({userId:r.user.id,organizationId:n.organizationId});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization"}});if(e.context.roles[t.role].authorize({invitation:["cancel"]}).error)return e.json(null,{status:403,body:{message:"You are not allowed to cancel this invitation"}});let a=yield o.updateInvitation({invitationId:e.body.invitationId,status:"canceled"});return e.json(a)})),kt=c("/organization/get-invitation",{method:"GET",use:[R],requireHeaders:!0,query:L.object({id:L.string()})},e=>s(void 0,null,function*(){let r=yield $(e);if(!r)return e.json(null,{status:400,body:{message:"User not logged in"}});let o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.query.id);if(!n||n.status!=="pending"||n.expiresAt<new Date)return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.findOrganizationById(n.organizationId);if(!t)return e.json(null,{status:400,body:{message:"Organization not found!"}});let i=yield o.findMemberByOrgId({userId:n.inviterId,organizationId:n.organizationId});return i?e.json(g(f({},n),{organizationName:t.name,organizationSlug:t.slug,inviterEmail:i.email})):e.json(null,{status:400,body:{message:"Inviter is no longer a member of this organization"}})}));import{z as Y}from"zod";var Ot=c("/organization/remove-member",{method:"POST",body:Y.object({memberIdOrEmail:Y.string(),organizationId:Y.string().optional()}),use:[R,U]},e=>s(void 0,null,function*(){var m;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});let a=r.user.email===e.body.memberIdOrEmail||t.id===e.body.memberIdOrEmail;if(a&&t.role===(((m=e.context.orgOptions)==null?void 0:m.creatorRole)||"owner"))return e.json(null,{status:400,body:{message:"You cannot leave the organization as the owner"}});if(!(a||i.authorize({member:["delete"]}).success))return e.json(null,{body:{message:"You are not allowed to delete this member"},status:403});let l=null;return e.body.memberIdOrEmail.includes("@")?l=yield n.findMemberByEmail({email:e.body.memberIdOrEmail,organizationId:o}):l=yield n.findMemberById(e.body.memberIdOrEmail),(l==null?void 0:l.organizationId)!==o?e.json(null,{status:400,body:{message:"Member not found!"}}):(yield n.deleteMember(l.id),r.user.id===l.userId&&r.session.activeOrganizationId===l.organizationId&&(yield n.setActiveOrganization(r.session.id,null)),e.json({member:l}))})),vt=c("/organization/update-member-role",{method:"POST",body:Y.object({role:Y.enum(["admin","member","owner"]),memberId:Y.string(),organizationId:Y.string().optional()}),use:[R,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({member:["update"]}).error||e.body.role==="owner"&&t.role!=="owner")return e.json(null,{body:{message:"You are not allowed to update this member"},status:403});let d=yield n.updateMember(e.body.memberId,e.body.role);return d?e.json(d):e.json(null,{status:400,body:{message:"Member not found!"}})}));import{z as v}from"zod";var It=c("/organization/create",{method:"POST",body:v.object({name:v.string(),slug:v.string(),userId:v.string().optional(),logo:v.string().optional(),metadata:v.record(v.string()).optional()}),use:[R,U]},e=>s(void 0,null,function*(){let r=e.context.session.user;if(!r)return e.json(null,{status:401});let o=e.context.orgOptions;if(!(typeof(o==null?void 0:o.allowUserToCreateOrganization)=="function"?yield o.allowUserToCreateOrganization(r):(o==null?void 0:o.allowUserToCreateOrganization)===void 0?!0:o.allowUserToCreateOrganization))return e.json(null,{status:403,body:{message:"You are not allowed to create organizations"}});let t=O(e.context.adapter,o),i=yield t.listOrganizations(r.id);if(typeof o.organizationLimit=="number"?i.length>=o.organizationLimit:typeof o.organizationLimit=="function"?yield o.organizationLimit(r):!1)return e.json(null,{status:403,body:{message:"You have reached the maximum number of organizations"}});if(yield t.findOrganizationBySlug(e.body.slug))return e.json(null,{status:400,body:{message:"Organization with this slug already exists"}});let u=yield t.createOrganization({organization:{id:V(),slug:e.body.slug,name:e.body.name,logo:e.body.logo,createdAt:new Date,metadata:e.body.metadata},user:r});return e.json(u)})),Tt=c("/organization/update",{method:"POST",body:v.object({data:v.object({name:v.string().optional(),slug:v.string().optional()}).partial(),orgId:v.string().optional()}),requireHeaders:!0,use:[R]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({organization:["update"]}).error)return e.json(null,{body:{message:"You are not allowed to update this organization"},status:403});let d=yield n.updateOrganization(o,e.body.data);return e.json(d)})),Rt=c("/organization/delete",{method:"POST",body:v.object({orgId:v.string()}),requireHeaders:!0,use:[R]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];return i?i.authorize({organization:["delete"]}).error?e.json(null,{body:{message:"You are not allowed to delete this organization"},status:403}):(o===r.session.activeOrganizationId&&(yield n.setActiveOrganization(r.session.id,null)),yield n.deleteOrganization(o),e.json(o)):e.json(null,{status:400,body:{message:"Role not found!"}})})),Pt=c("/organization/get-full",{method:"GET",query:v.object({orgId:v.string().optional()}),requireHeaders:!0,use:[R,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.query.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let t=yield O(e.context.adapter,e.context.orgOptions).findFullOrganization(o,e.context.db);return t?e.json(t):e.json(null,{status:404,body:{message:"Organization not found!"}})})),St=c("/organization/activate",{method:"POST",body:v.object({orgId:v.string().nullable().optional()}),use:[U,R]},e=>s(void 0,null,function*(){let r=O(e.context.adapter,e.context.orgOptions),o=e.context.session,n=e.body.orgId;if(n===null)return o.session.activeOrganizationId&&(yield r.setActiveOrganization(o.session.id,null)),e.json(null);if(!n){let a=o.session.activeOrganizationId;if(!a)return e.json(null);n=a}if(!(yield r.findMemberByOrgId({userId:o.user.id,organizationId:n})))return yield r.setActiveOrganization(o.session.id,null),e.json(null,{status:400,body:{message:"You are not a member of this organization"}});yield r.setActiveOrganization(o.session.id,n);let i=yield r.findFullOrganization(n,e.context.db);return e.json(i)})),Ut=c("/organization/list",{method:"GET",use:[R,U]},e=>s(void 0,null,function*(){let o=yield O(e.context.adapter,e.context.orgOptions).listOrganizations(e.context.session.user.id);return e.json(o)}));var ku=e=>{let r={createOrganization:It,updateOrganization:Tt,deleteOrganization:Rt,setActiveOrganization:St,getFullOrganization:Pt,listOrganization:Ut,createInvitation:ht,cancelInvitation:At,acceptInvitation:wt,getInvitation:kt,rejectInvitation:bt,removeMember:Ot,updateMemberRole:vt},o=f(f({},ze),e==null?void 0:e.roles),n=at(r,{orgOptions:e||{},roles:o,getSession:t=>s(void 0,null,function*(){return yield $(t)})});return{id:"organization",endpoints:g(f({},n),{hasPermission:c("/organization/has-permission",{method:"POST",requireHeaders:!0,body:se.object({permission:se.record(se.string(),se.array(se.string()))}),use:[U]},t=>s(void 0,null,function*(){if(!t.context.session.session.activeOrganizationId)throw new Ct("BAD_REQUEST",{message:"No active organization"});let a=yield O(t.context.adapter).findMemberByOrgId({userId:t.context.session.user.id,organizationId:t.context.session.session.activeOrganizationId||""});if(!a)throw new Ct("UNAUTHORIZED",{message:"You are not a member of this organization"});let u=o[a.role].authorize(t.body.permission);return u.error?t.json({error:u.error,success:!1},{status:403}):t.json({error:null,success:!0})}))}),schema:{session:{fields:{activeOrganizationId:{type:"string",required:!1}}},organization:{fields:{name:{type:"string"},slug:{type:"string",unique:!0},logo:{type:"string",required:!1},createdAt:{type:"date",required:!0},metadata:{type:"string",required:!1}}},member:{fields:{organizationId:{type:"string",required:!0},userId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!0,defaultValue:"member"},createdAt:{type:"date",required:!0}}},invitation:{fields:{organizationId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!1},status:{type:"string",required:!0,defaultValue:"pending"},expiresAt:{type:"date",required:!0},inviterId:{type:"string",references:{model:"user",field:"id"}}}}},$Infer:{Organization:{},Invitation:{},Member:{},ActiveOrganization:{}}}};import{alphabet as fo,generateRandomString as go}from"oslo/crypto";import{z as be}from"zod";import{alphabet as io,generateRandomString as so}from"oslo/crypto";import{z as he}from"zod";import{APIError as te}from"better-call";var ge="two-factor";var ye="trust-device";import{z as je}from"zod";var X=M({body:je.object({trustDevice:je.boolean().optional(),callbackURL:je.string().optional()})},e=>s(void 0,null,function*(){let r=e.context.createAuthCookie(ge),o=yield e.getSignedCookie(r.name,e.context.secret);if(!o)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let[n,t]=o.split("!");if(!n||!t)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let i=yield e.context.adapter.findMany({model:"session",where:[{field:"userId",value:n}]});if(!i.length)throw new te("UNAUTHORIZED",{message:"invalid session"});let a=i.filter(d=>d.expiresAt>new Date);if(!a)throw new te("UNAUTHORIZED",{message:"invalid session"});for(let d of a){let u=yield F(e.context.secret,d.id),l=yield e.context.adapter.findOne({model:"user",where:[{field:"id",value:d.userId}]});if(!l)throw new te("UNAUTHORIZED",{message:"invalid session"});if(u===t)return{valid:()=>s(void 0,null,function*(){if(yield T(e,d.id,!1),e.body.trustDevice){let m=e.context.createAuthCookie(ye,{maxAge:2592e3}),p=yield F(e.context.secret,`${l.id}!${d.id}`);yield e.setSignedCookie(m.name,`${p}!${d.id}`,e.context.secret,m.options)}return e.body.callbackURL?e.json({status:!0,callbackURL:e.body.callbackURL,redirect:!0}):e.json({status:!0})}),invalid:()=>s(void 0,null,function*(){return e.json({status:!1},{status:401,body:{message:"Invalid code"}})}),session:{id:d.id,userId:d.userId,expiresAt:d.expiresAt,user:l}}}throw new te("UNAUTHORIZED",{message:"invalid two factor authentication"})}));function ao(e){var r;return Array.from({length:(r=e==null?void 0:e.amount)!=null?r:10}).fill(null).map(()=>{var o;return so((o=e==null?void 0:e.length)!=null?o:10,io("a-z","0-9"))}).map(o=>`${o.slice(0,5)}-${o.slice(5)}`)}function Le(e,r){return s(this,null,function*(){let o=e,n=r!=null&&r.customBackupCodesGenerate?r.customBackupCodesGenerate():ao(),t=le({data:JSON.stringify(n),key:o});return{backupCodes:n,encryptedBackupCodes:t}})}function uo(e,r){return s(this,null,function*(){let o=yield Et(e.user,r);return o?o.includes(e.code):!1})}function Et(e,r){return s(this,null,function*(){let o=Buffer.from(yield me({key:r,data:e.twoFactorBackupCodes})).toString("utf-8"),n=JSON.parse(o),t=he.array(he.string()).safeParse(n);return t.success?t.data:null})}var zt=e=>({id:"backup_code",endpoints:{verifyBackupCode:c("/two-factor/verify-backup-code",{method:"POST",body:he.object({code:he.string()}),use:[X]},r=>s(void 0,null,function*(){return uo({user:r.context.session.user,code:r.body.code},r.context.secret)?r.json({status:!0}):r.json({status:!1},{status:401})})),generateBackupCodes:c("/two-factor/generate-backup-codes",{method:"POST",use:[A]},r=>s(void 0,null,function*(){let o=yield Le(r.context.secret,e);return yield r.context.adapter.update({model:"user",update:{twoFactorEnabled:!0,twoFactorBackupCodes:o.encryptedBackupCodes},where:[{field:"id",value:r.context.session.user.id}]}),r.json({status:!0,backupCodes:o.backupCodes})})),viewBackupCodes:c("/view/backup-codes",{method:"GET",use:[A]},r=>s(void 0,null,function*(){let o=r.context.session.user,n=Et(o,r.context.secret);return r.json({status:!0,backupCodes:n})}))}});import{APIError as _t}from"better-call";import"oslo/crypto";import{TOTPController as co}from"oslo/otp";import{z as jt}from"zod";import{TimeSpan as lo}from"oslo";var Lt=e=>{let r={period:new lo((e==null?void 0:e.period)||3,"m")},o=new co({digits:6,period:r.period}),n=c("/two-factor/send-otp",{method:"POST",use:[X]},i=>s(void 0,null,function*(){if(!e||!e.sendOTP)throw i.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options."),new _t("BAD_REQUEST",{message:"otp isn't configured"});let a=i.context.session.user,d=yield o.generate(Buffer.from(a.twoFactorSecret));return yield e.sendOTP(a,d),i.json({status:!0})})),t=c("/two-factor/verify-otp",{method:"POST",body:jt.object({code:jt.string()}),use:[X]},i=>s(void 0,null,function*(){let a=i.context.session.user;if(!a.twoFactorEnabled)throw new _t("BAD_REQUEST",{message:"two factor isn't enabled"});return(yield o.generate(Buffer.from(a.twoFactorSecret)))===i.body.code?i.context.valid():i.context.invalid()}));return{id:"otp",endpoints:{send2FaOTP:n,verifyOTP:t}}};import{APIError as we}from"better-call";import{TimeSpan as mo}from"oslo";import{TOTPController as xt,createTOTPKeyURI as po}from"oslo/otp";import{z as xe}from"zod";var Bt=e=>{let r={digits:6,period:new mo((e==null?void 0:e.period)||30,"s")},o=c("/totp/generate",{method:"POST",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;return{code:yield new xt(r).generate(Buffer.from(a.twoFactorSecret))}})),n=c("/two-factor/get-totp-uri",{method:"GET",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;if(!a.twoFactorSecret)throw new we("BAD_REQUEST",{message:"totp isn't enabled"});return{totpURI:po((e==null?void 0:e.issuer)||"BetterAuth",a.email,Buffer.from(a.twoFactorSecret),r)}})),t=c("/two-factor/verify-totp",{method:"POST",body:xe.object({code:xe.string(),callbackURL:xe.string().optional()}),use:[X]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=new xt(r),d=Buffer.from(yield me({key:i.context.secret,data:i.context.session.user.twoFactorSecret}));return(yield a.verify(i.body.code,d))?i.context.valid():i.context.invalid()}));return{id:"totp",endpoints:{generateTOTP:o,viewTOTPURI:n,verifyTOTP:t}}};var mc=(e={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:o=>o==="/two-factor/enable"||o==="/two-factor/send-otp"||o==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{onSuccess(o){return s(this,null,function*(){var n;(n=o.data)!=null&&n.twoFactorRedirect&&(e.redirect||e.twoFactorPage)&&typeof window!="undefined"&&(window.location.href=e.twoFactorPage)})}}}]});var Tc=e=>{let r=Bt(f({issuer:(e==null?void 0:e.issuer)||"better-auth"},e==null?void 0:e.totpOptions)),o=zt(e==null?void 0:e.backupCodeOptions),n=Lt(e==null?void 0:e.otpOptions);return{id:"two-factor",endpoints:g(f(f(f({},r.endpoints),n.endpoints),o.endpoints),{enableTwoFactor:c("/two-factor/enable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;if(!(yield Ce(t,{password:a,userId:i.id})))return t.json({status:!1},{status:400,body:{message:"Invalid password"}});let u=go(16,fo("a-z","0-9","-")),l=le({key:t.context.secret,data:u}),m=yield Le(t.context.secret,e==null?void 0:e.backupCodeOptions);return yield t.context.adapter.update({model:"user",update:{twoFactorSecret:l,twoFactorEnabled:!0,twoFactorBackupCodes:m.encryptedBackupCodes},where:[{field:"id",value:i.id}]}),t.json({status:!0})})),disableTwoFactor:c("/two-factor/disable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;return(yield Ce(t,{password:a,userId:i.id}))?(yield t.context.adapter.update({model:"user",update:{twoFactorEnabled:!1},where:[{field:"id",value:i.id}]}),t.json({status:!0})):t.json({status:!1},{status:400,body:{message:"Invalid password"}})}))}),options:e,hooks:{after:[{matcher(t){return t.path==="/sign-in/email"||t.path==="/sign-in/username"},handler:M(t=>s(void 0,null,function*(){let i=t.context.returned;if((i==null?void 0:i.status)!==200)return;let a=yield i.clone().json();if(!a.user.twoFactorEnabled)return;let d=t.context.createAuthCookie(ye,{maxAge:30*24*60*60}),u=yield t.getSignedCookie(d.name,t.context.secret);if(u){let[y,P]=u.split("!"),I=yield F(t.context.secret,`${a.user.id}!${P}`);if(y===I){let S=yield F(t.context.secret,`${a.user.id}!${a.session.id}`);yield t.setSignedCookie(d.name,`${S}!${a.session.id}`,t.context.secret,d.options);return}}t.setCookie(t.context.authCookies.sessionToken.name,"",{path:"/",sameSite:"lax",httpOnly:!0,secure:!1,maxAge:0});let l=yield F(t.context.secret,a.session.id),m=t.context.createAuthCookie(ge,{maxAge:60*60*24});return yield t.setSignedCookie(m.name,`${a.session.userId}!${l}`,t.context.secret,m.options),{response:new Response(JSON.stringify({twoFactorRedirect:!0}),{headers:t.responseHeader})}}))}]},schema:{user:{fields:{twoFactorEnabled:{type:"boolean",required:!1,defaultValue:!1},twoFactorSecret:{type:"string",required:!1,returned:!1},twoFactorBackupCodes:{type:"string",required:!1,returned:!1}}}},rateLimit:[{pathMatcher(t){return t.startsWith("/two-factor/")},window:10,max:3}]}};import{generateAuthenticationOptions as vo,generateRegistrationOptions as Io,verifyAuthenticationResponse as To,verifyRegistrationResponse as Ro}from"@simplewebauthn/server";import{APIError as Po}from"better-call";import{alphabet as Mt,generateRandomString as Ft}from"oslo/crypto";import{z as q}from"zod";import{WebAuthnError as wo,startAuthentication as bo,startRegistration as Ao}from"@simplewebauthn/browser";import{createFetch as Mc}from"@better-fetch/fetch";import"nanostores";import{betterFetch as Cc}from"@better-fetch/fetch";import{atom as Xc}from"nanostores";import"@better-fetch/fetch";import{atom as yo,onMount as ho}from"nanostores";var Be=(e,r,o,n)=>{let t=yo({data:null,error:null,isPending:!1}),i=()=>{let d=typeof n=="function"?n({data:t.get().data,error:t.get().error,isPending:t.get().isPending}):n;return o(r,g(f({},d),{onSuccess:l=>s(void 0,null,function*(){var m;t.set({data:l.data,error:null,isPending:!1}),yield(m=d==null?void 0:d.onSuccess)==null?void 0:m.call(d,l)}),onError(l){return s(this,null,function*(){var m;t.set({error:l.error,data:null,isPending:!1}),yield(m=d==null?void 0:d.onError)==null?void 0:m.call(d,l)})},onRequest(l){return s(this,null,function*(){var p;let m=t.get();t.set({isPending:!0,data:m.data,error:m.error}),yield(p=d==null?void 0:d.onRequest)==null?void 0:p.call(d,l)})}}))};e=Array.isArray(e)?e:[e];let a=!1;for(let d of e)d.subscribe(()=>{a?i():ho(t,()=>(i(),a=!0,()=>{t.off(),d.off()}))});return t};import{atom as ko}from"nanostores";var Oo=(e,{_listPasskeys:r})=>({signIn:{passkey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-authenticate-options",{method:"POST",body:{email:t==null?void 0:t.email,callbackURL:t==null?void 0:t.callbackURL}});if(!a.data)return a;try{let d=yield bo(a.data,(t==null?void 0:t.autoFill)||!1),u=yield e("/passkey/verify-authentication",f(f({body:{response:d}},t==null?void 0:t.fetchOptions),i));if(!u.data)return u}catch(d){console.log(d)}})},passkey:{addPasskey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let d=yield Ao(a.data),u=yield e("/passkey/verify-registration",g(f(f({},t==null?void 0:t.fetchOptions),i),{body:{response:d,name:t==null?void 0:t.name}}));if(!u.data)return u;r.set(Math.random())}catch(d){return d instanceof wo?d.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:d.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d instanceof Error?d.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}})},$Infer:{}}),kl=()=>{let e=ko();return{id:"passkey",$InferServerPlugin:{},getActions:r=>Oo(r,{_listPasskeys:e}),getAtoms(r){return{listPasskeys:Be(e,"/passkey/list-user-passkeys",r,{method:"GET",credentials:"include"}),_listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(r){return r==="/passkey/verify-registration"||r==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var _l=e=>{let r=process.env.BETTER_AUTH_URL,o=(e==null?void 0:e.rpID)||(r==null?void 0:r.replace("http://","").replace("https://","").replace(":3000",""))||"localhost";if(!o)throw new C("passkey rpID not found. Please provide a rpID in the options or set the BETTER_AUTH_URL environment variable.");let n=g(f({origin:null},e),{rpID:o,advanced:f({webAuthnChallengeCookie:"better-auth-passkey"},e==null?void 0:e.advanced)}),t=60*60*24;return{id:"passkey",endpoints:{generatePasskeyRegistrationOptions:c("/passkey/generate-register-options",{method:"GET",use:[A],metadata:{client:!1}},i=>s(void 0,null,function*(){let a=i.context.session,d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}),u=new Uint8Array(Buffer.from(Ft(32,Mt("a-z","0-9")))),l;l=yield Io({rpName:n.rpName||i.context.appName,rpID:n.rpID,userID:u,userName:a.user.email||a.user.id,attestationType:"none",excludeCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}}),authenticatorSelection:{residentKey:"preferred",userVerification:"preferred",authenticatorAttachment:"platform"}});let m={expectedChallenge:l.challenge,userData:{id:a.user.id}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(m),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(l,{status:200})})),generatePasskeyAuthenticationOptions:c("/passkey/generate-authenticate-options",{method:"POST",body:q.object({email:q.string().optional(),callbackURL:q.string().optional()}).optional()},i=>s(void 0,null,function*(){var m;let a=yield $(i),d=[];a&&(d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}));let u=yield vo(f({rpID:n.rpID,userVerification:"preferred"},d.length?{allowCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}})}:{})),l={expectedChallenge:u.challenge,callbackURL:(m=i.body)==null?void 0:m.callbackURL,userData:{id:(a==null?void 0:a.user.id)||""}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(l),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(u,{status:200})})),verifyPasskeyRegistration:c("/passkey/verify-registration",{method:"POST",body:q.object({response:q.any(),name:q.string().optional()}),use:[A]},i=>s(void 0,null,function*(){var p;let a=(e==null?void 0:e.origin)||((p=i.headers)==null?void 0:p.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{userData:l,expectedChallenge:m}=JSON.parse(u);if(l.id!==i.context.session.user.id)throw new Po("UNAUTHORIZED",{message:"You are not authorized to register this passkey"});try{let y=yield Ro({response:d,expectedChallenge:m,expectedOrigin:a,expectedRPID:e==null?void 0:e.rpID}),{verified:P,registrationInfo:I}=y;if(!P||!I)return i.json(null,{status:400});let{credentialID:S,credentialPublicKey:B,counter:k,credentialDeviceType:z,credentialBackedUp:ke}=I,N=Buffer.from(B).toString("base64"),Me=Ft(32,Mt("a-z","0-9")),Nt={name:i.body.name,userId:l.id,webauthnUserID:Me,id:S,publicKey:N,counter:k,deviceType:z,transports:d.response.transports.join(","),backedUp:ke,createdAt:new Date},$t=yield i.context.adapter.create({model:"passkey",data:Nt});return i.json($t,{status:200})}catch(y){return console.log(y),i.json(null,{status:400,body:{message:"Registration failed"}})}})),verifyPasskeyAuthentication:c("/passkey/verify-authentication",{method:"POST",body:q.object({response:q.any()})},i=>s(void 0,null,function*(){var y,P;let a=(e==null?void 0:e.origin)||((y=i.headers)==null?void 0:y.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{expectedChallenge:l,callbackURL:m}=JSON.parse(u),p=yield i.context.adapter.findOne({model:"passkey",where:[{field:"id",value:d.id}]});if(!p)return i.json(null,{status:401,body:{message:"Passkey not found"}});try{let I=yield To({response:d,expectedChallenge:l,expectedOrigin:a,expectedRPID:n.rpID,authenticator:{credentialID:p.id,credentialPublicKey:new Uint8Array(Buffer.from(p.publicKey,"base64")),counter:p.counter,transports:(P=p.transports)==null?void 0:P.split(",")}}),{verified:S}=I;if(!S)return i.json(null,{status:401,body:{message:"verification failed"}});yield i.context.adapter.update({model:"passkey",where:[{field:"id",value:p.id}],update:{counter:I.authenticationInfo.newCounter}});let B=yield i.context.internalAdapter.createSession(p.userId,i.request);return yield T(i,B.id),m?i.json({url:m,redirect:!0,session:B}):i.json({session:B},{status:200})}catch(I){return i.context.logger.error(I),i.json(null,{status:400,body:{message:"Authentication failed"}})}})),listPasskeys:c("/passkey/list-user-passkeys",{method:"GET",use:[A]},i=>s(void 0,null,function*(){let a=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:i.context.session.user.id}]});return i.json(a,{status:200})})),deletePasskey:c("/passkey/delete-passkey",{method:"POST",body:q.object({id:q.string()}),use:[A]},i=>s(void 0,null,function*(){return yield i.context.adapter.delete({model:"passkey",where:[{field:"id",value:i.body.id}]}),i.json(null,{status:200})}))},schema:{passkey:{fields:{name:{type:"string",required:!1},publicKey:{type:"string"},userId:{type:"string",references:{model:"user",field:"id"}},webauthnUserID:{type:"string"},counter:{type:"number"},deviceType:{type:"string"},backedUp:{type:"boolean"},transports:{type:"string",required:!1},createdAt:{type:"date",defaultValue:new Date,required:!1}}}}}};import{z as x}from"zod";import{APIError as Ae}from"better-call";var Dt=()=>({id:"username",endpoints:{signInUsername:c("/sign-in/username",{method:"POST",body:x.object({username:x.string(),password:x.string(),dontRememberMe:x.boolean().optional(),callbackURL:x.string().optional()})},e=>s(void 0,null,function*(){let r=yield e.context.adapter.findOne({model:"user",where:[{field:"username",value:e.body.username}]});if(!r)throw yield e.context.password.hash(e.body.password),e.context.logger.error("User not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let o=yield e.context.adapter.findOne({model:"account",where:[{field:"userId",value:r.id},{field:"providerId",value:"credential"}]});if(!o)throw new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let n=o==null?void 0:o.password;if(!n)throw e.context.logger.error("Password not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(n,e.body.password)))throw e.context.logger.error("Invalid password"),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let i=yield e.context.internalAdapter.createSession(r.id,e.request);return yield e.setSignedCookie(e.context.authCookies.sessionToken.name,i.id,e.context.secret,e.body.dontRememberMe?g(f({},e.context.authCookies.sessionToken.options),{maxAge:void 0}):e.context.authCookies.sessionToken.options),e.json({user:r,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})})),signUpUsername:c("/sign-up/username",{method:"POST",body:x.object({username:x.string().min(3).max(20),name:x.string(),email:x.string().email(),password:x.string(),image:x.string().optional(),callbackURL:x.string().optional()})},e=>s(void 0,null,function*(){let r=yield Ee(g(f({},e),{_flag:void 0}));return r?(yield e.context.internalAdapter.updateUserByEmail(r.user.email,{username:e.body.username}),e.body.callbackURL?e.json(r,{body:f({url:e.body.callbackURL,redirect:!0},r)}):e.json(r)):e.json(null,{status:400,body:{message:"Sign up failed",status:400}})}))},schema:{user:{fields:{username:{type:"string",required:!1,unique:!0,returned:!0}}}}});import{serializeSigned as So}from"better-call";var Gl=()=>({id:"bearer",hooks:{before:[{matcher(e){var r,o;return((o=(r=e.request)==null?void 0:r.headers.get("authorization"))==null?void 0:o.startsWith("Bearer "))||!1},handler:e=>s(void 0,null,function*(){var t,i;let r=(i=(t=e.request)==null?void 0:t.headers.get("authorization"))==null?void 0:i.replace("Bearer ","");if(!r)throw new C("No token found");let o=e.headers||new Headers,n=yield So("",r,e.context.secret);o.set("cookie",`${e.context.authCookies.sessionToken.name}=${n.replace("=","")}`)})}]}});import{z as G}from"zod";import{APIError as qt}from"better-call";import{validateJWT as Uo}from"oslo/jwt";import"process";var sm=e=>({id:"magic-link",endpoints:{signInMagicLink:c("/sign-in/magic-link",{method:"POST",requireHeaders:!0,body:G.object({email:G.string().email(),callbackURL:G.string().optional(),currentURL:G.string().optional()})},r=>s(void 0,null,function*(){let{email:o}=r.body;if(!(yield r.context.internalAdapter.findUserByEmail(o)))throw new qt("UNAUTHORIZED",{message:"User not found"});let t=yield ne(r.context.secret,o),i=`${r.context.baseURL}/magic-link/verify?token=${t}&callbackURL=${r.body.callbackURL||r.body.currentURL}`;try{yield e.sendMagicLink({email:o,url:i,token:t})}catch(a){throw r.context.logger.error("Failed to send magic link",a),new qt("INTERNAL_SERVER_ERROR",{message:"Failed to send magic link"})}return r.json({status:!0})})),magicLinkVerify:c("/magic-link/verify",{method:"GET",query:G.object({token:G.string(),callbackURL:G.string().optional()}),requireHeaders:!0},r=>s(void 0,null,function*(){let{token:o,callbackURL:n}=r.query,t;try{t=yield Uo("HS256",Buffer.from(r.context.secret),o)}catch(l){if(r.context.logger.error("Failed to verify email",l),n)throw r.redirect(`${n}?error=INVALID_TOKEN`);return r.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let a=G.object({email:G.string().email()}).parse(t.payload),d=yield r.context.internalAdapter.findUserByEmail(a.email);if(!d){if(n)throw r.redirect(`${n}?error=USER_NOT_FOUND`);return r.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}})}let u=yield r.context.internalAdapter.createSession(d.user.id,r.headers);if(!u){if(n)throw r.redirect(`${n}?error=SESSION_NOT_CREATED`);return r.json(null,{status:400,statusText:"SESSION NOT CREATED",body:{message:"Failed to create session"}})}if(yield T(r,u.id),!n)return r.json({status:!0});throw r.redirect(n)}))}});export{K as HIDE_METADATA,_e as ac,Gl as bearer,c as createAuthEndpoint,M as createAuthMiddleware,Oo as getPasskeyActions,sm as magicLink,Ne as optionsMiddleware,ku as organization,_l as passkey,kl as passkeyClient,Tc as twoFactor,mc as twoFactorClient,Dt as username};
|
|
82
|
+
</html>`,Xr=l("/error",{method:"GET",metadata:K},e=>s(void 0,null,function*(){var o;let r=new URL(((o=e.request)==null?void 0:o.url)||"").searchParams.get("error")||"Unknown";return new Response(Yr(r),{headers:{"Content-Type":"text/html"}})}));var eo=l("/ok",{method:"GET",metadata:K},e=>s(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as dt,generateRandomString as ut}from"oslo/crypto";import{z as W}from"zod";var at=(e,r)=>{let o={};for(let[n,t]of Object.entries(e))o[n]=i=>t(g(f({},i),{context:f(f({},r),i.context)})),o[n].path=t.path,o[n].method=t.method,o[n].options=t.options,o[n].headers=t.headers;return o};function Ce(e,r){return s(this,null,function*(){let o=yield e.context.internalAdapter.findAccounts(r.userId),n=o==null?void 0:o.find(a=>a.providerId==="credential"),t=n==null?void 0:n.password;return!n||!t?!1:yield e.context.password.verify(t,r.password)})}var Ee=l("/sign-up/email",{method:"POST",query:W.object({currentURL:W.string().optional()}).optional(),body:W.object({name:W.string(),email:W.string(),password:W.string(),image:W.string().optional(),callbackURL:W.string().optional()})},e=>s(void 0,null,function*(){var y,A,O,S;if(!((y=e.context.options.emailAndPassword)!=null&&y.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:r,email:o,password:n,image:t}=e.body;if(!W.string().email().safeParse(o).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let a=e.context.password.config.minPasswordLength;if(n.length<a)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(n.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=yield e.context.internalAdapter.findUserByEmail(o),c=yield e.context.password.hash(n);if(u!=null&&u.user)return e.json(null,{status:400,body:{message:"User already exists"}});let m=yield e.context.internalAdapter.createUser({id:ut(32,dt("a-z","0-9","A-Z")),email:o.toLowerCase(),name:r,image:t,emailVerified:!1,createdAt:new Date,updatedAt:new Date});yield e.context.internalAdapter.linkAccount({id:ut(32,dt("a-z","0-9","A-Z")),userId:m.id,providerId:"credential",accountId:m.id,password:c});let p=yield e.context.internalAdapter.createSession(m.id,e.request);if(yield T(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let B=yield ne(e.context.secret,m.email),v=`${e.context.baseURL}/verify-email?token=${B}&callbackURL=${e.body.callbackURL||((A=e.query)==null?void 0:A.currentURL)||"/"}`;yield(S=(O=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:S.call(O,m.email,v,B)}return e.json({user:m,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:m,session:p}})}));var _e={};Jt(_e,{AccessControl:()=>ie,ParsingError:()=>Q,Role:()=>ee,adminAc:()=>mt,createAccessControl:()=>ct,defaultAc:()=>pe,defaultRoles:()=>ze,defaultStatements:()=>lt,memberAc:()=>ft,ownerAc:()=>pt,permissionFromString:()=>to});var Q=class extends Error{constructor(o,n){super(o);ae(this,"path");this.path=n}},ie=class{constructor(r){this.s=r;ae(this,"statements");this.statements=r}newRole(r){return new ee(r)}},ee=class e{constructor(r){ae(this,"statements");this.statements=r}authorize(r,o){for(let[n,t]of Object.entries(r)){let i=this.statements[n];if(!i)return{success:!1,error:`You are not allowed to access resource: ${n}`};let a=o==="OR"?t.some(d=>i.includes(d)):t.every(d=>i.includes(d));return a?{success:a}:{success:!1,error:`unauthorized to access resource "${n}"`}}return{success:!1,error:"Not authorized"}}static fromString(r){let o=JSON.parse(r);if(typeof o!="object")throw new Q("statements is not an object",".");for(let[n,t]of Object.entries(o)){if(typeof n!="string")throw new Q("invalid resource identifier",n);if(!Array.isArray(t))throw new Q("actions is not an array",n);for(let i=0;i<t.length;i++)if(typeof t[i]!="string")throw new Q("action is not a string",`${n}[${i}]`)}return new e(o)}toString(){return JSON.stringify(this.statements)}};var ct=e=>new ie(e),lt={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},pe=ct(lt),mt=pe.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),pt=pe.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),ft=pe.newRole({organization:[],member:[],invitation:[]}),ze={admin:mt,owner:pt,member:ft};var to=e=>ee.fromString(e!=null?e:"");var ro={findFullOrganization:(e,r)=>s(void 0,null,function*(){let o=yield r==null?void 0:r.selectFrom("organization").leftJoin("member","organization.id","member.organizationId").leftJoin("invitation","organization.id","invitation.organizationId").leftJoin("user","member.userId","user.id").where("organization.id","=",e).select(["organization.id as org_id","organization.name as org_name","organization.slug as org_slug","organization.logo as org_logo","organization.metadata as org_metadata","organization.createdAt as org_createdAt","member.id as member_id","member.userId as member_user_id","member.role as member_role","member.createdAt as member_createdAt","invitation.id as invitation_id","invitation.email as invitation_email","invitation.status as invitation_status","invitation.expiresAt as invitation_expiresAt","invitation.role as invitation_role","invitation.inviterId as invitation_inviterId","user.id as user_id","user.name as user_name","user.email as user_email","user.image as user_image"]).execute();if(!o||o.length===0)return null;let n={id:o[0].org_id,name:o[0].org_name,slug:o[0].org_slug,logo:o[0].org_logo,metadata:o[0].org_metadata?JSON.parse(o[0].org_metadata):void 0,createdAt:o[0].org_createdAt,members:[],invitations:[]};return o.forEach(t=>{t.member_id&&(n.members.find(a=>a.id===t.member_id)||n.members.push({id:t.member_id,userId:t.member_user_id,role:t.member_role,createdAt:t.member_createdAt,user:{id:t.user_id,name:t.user_name,email:t.user_email,image:t.user_image},email:t.user_email,organizationId:t.org_id})),t.invitation_id&&n.invitations.push({id:t.invitation_id,email:t.invitation_email,status:t.invitation_status,expiresAt:t.invitation_expiresAt,organizationId:t.org_id,role:t.invitation_role,inviterId:t.invitation_inviterId})}),n})},I=(e,r)=>({findOrganizationBySlug:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"slug",value:o}]})}),createOrganization:o=>s(void 0,null,function*(){let n=yield e.create({model:"organization",data:g(f({},o.organization),{metadata:o.organization.metadata?JSON.stringify(o.organization.metadata):void 0})}),t=yield e.create({model:"member",data:{id:V(),organizationId:n.id,userId:o.user.id,createdAt:new Date,email:o.user.email,role:(r==null?void 0:r.creatorRole)||"owner"}});return g(f({},n),{metadata:n.metadata?JSON.parse(n.metadata):void 0,members:[g(f({},t),{user:{id:o.user.id,name:o.user.name,email:o.user.email,image:o.user.image}})]})}),findMemberByEmail:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberByOrgId:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"userId",value:o.userId},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberById:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"id",value:o}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),createMember:o=>s(void 0,null,function*(){return yield e.create({model:"member",data:o})}),updateMember:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"member",where:[{field:"id",value:o}],update:{role:n}})}),deleteMember:o=>s(void 0,null,function*(){return yield e.delete({model:"member",where:[{field:"id",value:o}]})}),updateOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"organization",where:[{field:"id",value:o}],update:n})}),deleteOrganization:o=>s(void 0,null,function*(){let n=yield e.delete({model:"organization",where:[{field:"id",value:o}]});return o}),setActiveOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"session",where:[{field:"id",value:o}],update:{activeOrganizationId:n}})}),findOrganizationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"id",value:o}]})}),findFullOrganization:(o,n)=>s(void 0,null,function*(){function t(){return s(this,null,function*(){let i=yield e.findOne({model:"organization",where:[{field:"id",value:o}]}),a=yield e.findMany({model:"invitation",where:[{field:"organizationId",value:o}]}),d=yield e.findMany({model:"member",where:[{field:"organizationId",value:o}]}),u=yield Promise.all(d.map(m=>s(this,null,function*(){let p=yield e.findOne({model:"user",where:[{field:"id",value:m.userId}]});if(!p)throw new C("Unexpected error: User not found for member");return g(f({},m),{user:{id:p.id,name:p.name,email:p.email,image:p.image}})})));return g(f({},i),{invitations:a,members:u})})}return n?ro.findFullOrganization(o,n):t()}),listOrganizations:o=>s(void 0,null,function*(){let n=yield e.findMany({model:"member",where:[{field:"userId",value:o}]}),t=n==null?void 0:n.map(a=>a.organizationId);if(!t)return[];let i=[];for(let a of t){let d=yield e.findOne({model:"organization",where:[{field:"id",value:a}]});d&&i.push(d)}return i}),createInvitation:t=>s(void 0,[t],function*({invitation:o,user:n}){let a=ue((r==null?void 0:r.invitationExpiresIn)||1728e5);return yield e.create({model:"invitation",data:{id:V(),email:o.email,role:o.role,organizationId:o.organizationId,status:"pending",expiresAt:a,inviterId:n.id}})}),findInvitationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"invitation",where:[{field:"id",value:o}]})}),findPendingInvitation:o=>s(void 0,null,function*(){return(yield e.findMany({model:"invitation",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId},{field:"status",value:"pending"}]})).filter(t=>new Date(t.expiresAt)>new Date)}),updateInvitation:o=>s(void 0,null,function*(){return yield e.update({model:"invitation",where:[{field:"id",value:o.invitationId}],update:{status:o.status}})})});import"better-call";import{APIError as ld,createRouter as md}from"better-call";import{APIError as gt}from"better-call";import{z as yt}from"zod";var oo=M({body:yt.object({csrfToken:yt.string().optional()}).optional()},e=>s(void 0,null,function*(){var d,u,c,m;if(((d=e.request)==null?void 0:d.method)!=="POST"||(u=e.context.options.advanced)!=null&&u.disableCSRFCheck)return;let r=new URL(e.request.url);if(r.origin===new URL(e.context.baseURL).origin||(c=e.context.options.trustedOrigins)!=null&&c.includes(r.origin))return;let o=(m=e.body)==null?void 0:m.csrfToken,n=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[t,i]=(n==null?void 0:n.split("!"))||[null,null];if(!o||!n||!t||!i||n!==o)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=yield D(e.context.secret,t);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import Od from"chalk";var P=M(e=>s(void 0,null,function*(){return{}})),U=M({use:[k]},e=>s(void 0,null,function*(){return{session:e.context.session}}));import{z as j}from"zod";import{z as w}from"zod";var fe=w.enum(["admin","member","owner"]),no=w.enum(["pending","accepted","rejected","canceled"]).default("pending"),Md=w.object({id:w.string(),name:w.string(),slug:w.string(),logo:w.string().optional(),metadata:w.record(w.string()).or(w.string().transform(e=>JSON.parse(e))).optional(),createdAt:w.date()}),Dd=w.object({id:w.string(),email:w.string(),organizationId:w.string(),userId:w.string(),role:fe,createdAt:w.date()}),Fd=w.object({id:w.string(),organizationId:w.string(),email:w.string(),role:fe,status:no,inviterId:w.string(),expiresAt:w.date()});var ht=l("/organization/invite-member",{method:"POST",use:[P,U],body:j.object({email:j.string(),role:fe,organizationId:j.string().optional(),resend:j.boolean().optional()})},e=>s(void 0,null,function*(){var p,y;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=I(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({invitation:["create"]}).error)return e.json(null,{body:{message:"You are not allowed to invite users to this organization"},status:403});if(yield n.findMemberByEmail({email:e.body.email,organizationId:o}))return e.json(null,{status:400,body:{message:"User is already a member of this organization"}});if((yield n.findPendingInvitation({email:e.body.email,organizationId:o})).length&&!e.body.resend)return e.json(null,{status:400,body:{message:"User is already invited to this organization"}});let c=yield n.createInvitation({invitation:{role:e.body.role,email:e.body.email,organizationId:o},user:r.user}),m=yield n.findOrganizationById(o);return m?(yield(y=(p=e.context.orgOptions).sendInvitationEmail)==null?void 0:y.call(p,{id:c.id,role:c.role,email:c.email,organization:m,inviter:g(f({},t),{user:r.user})},e.request),e.json(c)):e.json(null,{status:400,body:{message:"Organization not found!"}})})),wt=l("/organization/accept-invitation",{method:"POST",body:j.object({invitationId:j.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=I(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"accepted"}),i=yield o.createMember({id:V(),organizationId:n.organizationId,userId:r.user.id,email:n.email,role:n.role,createdAt:new Date});return yield o.setActiveOrganization(r.session.id,n.organizationId),t?e.json({invitation:t,member:i}):e.json(null,{status:400,body:{message:"Invitation not found!"}})})),bt=l("/organization/reject-invitation",{method:"POST",body:j.object({invitationId:j.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=I(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"rejected"});return e.json({invitation:t,member:null})})),kt=l("/organization/cancel-invitation",{method:"POST",body:j.object({invitationId:j.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=I(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n)return e.json(null,{status:400,body:{message:"Invitation not found!"}});let t=yield o.findMemberByOrgId({userId:r.user.id,organizationId:n.organizationId});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization"}});if(e.context.roles[t.role].authorize({invitation:["cancel"]}).error)return e.json(null,{status:403,body:{message:"You are not allowed to cancel this invitation"}});let a=yield o.updateInvitation({invitationId:e.body.invitationId,status:"canceled"});return e.json(a)})),At=l("/organization/get-invitation",{method:"GET",use:[P],requireHeaders:!0,query:j.object({id:j.string()})},e=>s(void 0,null,function*(){let r=yield $(e);if(!r)return e.json(null,{status:400,body:{message:"User not logged in"}});let o=I(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.query.id);if(!n||n.status!=="pending"||n.expiresAt<new Date)return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.findOrganizationById(n.organizationId);if(!t)return e.json(null,{status:400,body:{message:"Organization not found!"}});let i=yield o.findMemberByOrgId({userId:n.inviterId,organizationId:n.organizationId});return i?e.json(g(f({},n),{organizationName:t.name,organizationSlug:t.slug,inviterEmail:i.email})):e.json(null,{status:400,body:{message:"Inviter is no longer a member of this organization"}})}));import{z as Y}from"zod";var Ot=l("/organization/remove-member",{method:"POST",body:Y.object({memberIdOrEmail:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){var m;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=I(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});let a=r.user.email===e.body.memberIdOrEmail||t.id===e.body.memberIdOrEmail;if(a&&t.role===(((m=e.context.orgOptions)==null?void 0:m.creatorRole)||"owner"))return e.json(null,{status:400,body:{message:"You cannot leave the organization as the owner"}});if(!(a||i.authorize({member:["delete"]}).success))return e.json(null,{body:{message:"You are not allowed to delete this member"},status:403});let c=null;return e.body.memberIdOrEmail.includes("@")?c=yield n.findMemberByEmail({email:e.body.memberIdOrEmail,organizationId:o}):c=yield n.findMemberById(e.body.memberIdOrEmail),(c==null?void 0:c.organizationId)!==o?e.json(null,{status:400,body:{message:"Member not found!"}}):(yield n.deleteMember(c.id),r.user.id===c.userId&&r.session.activeOrganizationId===c.organizationId&&(yield n.setActiveOrganization(r.session.id,null)),e.json({member:c}))})),vt=l("/organization/update-member-role",{method:"POST",body:Y.object({role:Y.enum(["admin","member","owner"]),memberId:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=I(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({member:["update"]}).error||e.body.role==="owner"&&t.role!=="owner")return e.json(null,{body:{message:"You are not allowed to update this member"},status:403});let d=yield n.updateMember(e.body.memberId,e.body.role);return d?e.json(d):e.json(null,{status:400,body:{message:"Member not found!"}})}));import{z as R}from"zod";var It=l("/organization/create",{method:"POST",body:R.object({name:R.string(),slug:R.string(),userId:R.string().optional(),logo:R.string().optional(),metadata:R.record(R.string()).optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session.user;if(!r)return e.json(null,{status:401});let o=e.context.orgOptions;if(!(typeof(o==null?void 0:o.allowUserToCreateOrganization)=="function"?yield o.allowUserToCreateOrganization(r):(o==null?void 0:o.allowUserToCreateOrganization)===void 0?!0:o.allowUserToCreateOrganization))return e.json(null,{status:403,body:{message:"You are not allowed to create organizations"}});let t=I(e.context.adapter,o),i=yield t.listOrganizations(r.id);if(typeof o.organizationLimit=="number"?i.length>=o.organizationLimit:typeof o.organizationLimit=="function"?yield o.organizationLimit(r):!1)return e.json(null,{status:403,body:{message:"You have reached the maximum number of organizations"}});if(yield t.findOrganizationBySlug(e.body.slug))return e.json(null,{status:400,body:{message:"Organization with this slug already exists"}});let u=yield t.createOrganization({organization:{id:V(),slug:e.body.slug,name:e.body.name,logo:e.body.logo,createdAt:new Date,metadata:e.body.metadata},user:r});return e.json(u)})),Rt=l("/organization/update",{method:"POST",body:R.object({data:R.object({name:R.string().optional(),slug:R.string().optional()}).partial(),orgId:R.string().optional()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=I(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({organization:["update"]}).error)return e.json(null,{body:{message:"You are not allowed to update this organization"},status:403});let d=yield n.updateOrganization(o,e.body.data);return e.json(d)})),Tt=l("/organization/delete",{method:"POST",body:R.object({orgId:R.string()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=I(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];return i?i.authorize({organization:["delete"]}).error?e.json(null,{body:{message:"You are not allowed to delete this organization"},status:403}):(o===r.session.activeOrganizationId&&(yield n.setActiveOrganization(r.session.id,null)),yield n.deleteOrganization(o),e.json(o)):e.json(null,{status:400,body:{message:"Role not found!"}})})),Pt=l("/organization/get-full",{method:"GET",query:R.object({orgId:R.string().optional()}),requireHeaders:!0,use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.query.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let t=yield I(e.context.adapter,e.context.orgOptions).findFullOrganization(o,e.context.db);return t?e.json(t):e.json(null,{status:404,body:{message:"Organization not found!"}})})),St=l("/organization/activate",{method:"POST",body:R.object({orgId:R.string().nullable().optional()}),use:[U,P]},e=>s(void 0,null,function*(){let r=I(e.context.adapter,e.context.orgOptions),o=e.context.session,n=e.body.orgId;if(n===null)return o.session.activeOrganizationId&&(yield r.setActiveOrganization(o.session.id,null)),e.json(null);if(!n){let a=o.session.activeOrganizationId;if(!a)return e.json(null);n=a}if(!(yield r.findMemberByOrgId({userId:o.user.id,organizationId:n})))return yield r.setActiveOrganization(o.session.id,null),e.json(null,{status:400,body:{message:"You are not a member of this organization"}});yield r.setActiveOrganization(o.session.id,n);let i=yield r.findFullOrganization(n,e.context.db);return e.json(i)})),Ut=l("/organization/list",{method:"GET",use:[P,U]},e=>s(void 0,null,function*(){let o=yield I(e.context.adapter,e.context.orgOptions).listOrganizations(e.context.session.user.id);return e.json(o)}));var Au=e=>{let r={createOrganization:It,updateOrganization:Rt,deleteOrganization:Tt,setActiveOrganization:St,getFullOrganization:Pt,listOrganization:Ut,createInvitation:ht,cancelInvitation:kt,acceptInvitation:wt,getInvitation:At,rejectInvitation:bt,removeMember:Ot,updateMemberRole:vt},o=f(f({},ze),e==null?void 0:e.roles),n=at(r,{orgOptions:e||{},roles:o,getSession:t=>s(void 0,null,function*(){return yield $(t)})});return{id:"organization",endpoints:g(f({},n),{hasPermission:l("/organization/has-permission",{method:"POST",requireHeaders:!0,body:se.object({permission:se.record(se.string(),se.array(se.string()))}),use:[U]},t=>s(void 0,null,function*(){if(!t.context.session.session.activeOrganizationId)throw new Ct("BAD_REQUEST",{message:"No active organization"});let a=yield I(t.context.adapter).findMemberByOrgId({userId:t.context.session.user.id,organizationId:t.context.session.session.activeOrganizationId||""});if(!a)throw new Ct("UNAUTHORIZED",{message:"You are not a member of this organization"});let u=o[a.role].authorize(t.body.permission);return u.error?t.json({error:u.error,success:!1},{status:403}):t.json({error:null,success:!0})}))}),schema:{session:{fields:{activeOrganizationId:{type:"string",required:!1}}},organization:{fields:{name:{type:"string"},slug:{type:"string",unique:!0},logo:{type:"string",required:!1},createdAt:{type:"date",required:!0},metadata:{type:"string",required:!1}}},member:{fields:{organizationId:{type:"string",required:!0},userId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!0,defaultValue:"member"},createdAt:{type:"date",required:!0}}},invitation:{fields:{organizationId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!1},status:{type:"string",required:!0,defaultValue:"pending"},expiresAt:{type:"date",required:!0},inviterId:{type:"string",references:{model:"user",field:"id"}}}}},$Infer:{Organization:{},Invitation:{},Member:{},ActiveOrganization:{}}}};import{alphabet as fo,generateRandomString as go}from"oslo/crypto";import{z as be}from"zod";import{alphabet as io,generateRandomString as so}from"oslo/crypto";import{z as he}from"zod";import{APIError as te}from"better-call";var ge="two-factor";var ye="trust-device";import{z as Le}from"zod";var X=M({body:Le.object({trustDevice:Le.boolean().optional(),callbackURL:Le.string().optional()})},e=>s(void 0,null,function*(){let r=e.context.createAuthCookie(ge),o=yield e.getSignedCookie(r.name,e.context.secret);if(!o)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let[n,t]=o.split("!");if(!n||!t)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let i=yield e.context.adapter.findMany({model:"session",where:[{field:"userId",value:n}]});if(!i.length)throw new te("UNAUTHORIZED",{message:"invalid session"});let a=i.filter(d=>d.expiresAt>new Date);if(!a)throw new te("UNAUTHORIZED",{message:"invalid session"});for(let d of a){let u=yield D(e.context.secret,d.id),c=yield e.context.adapter.findOne({model:"user",where:[{field:"id",value:d.userId}]});if(!c)throw new te("UNAUTHORIZED",{message:"invalid session"});if(u===t)return{valid:()=>s(void 0,null,function*(){if(yield T(e,d.id,!1),e.body.trustDevice){let m=e.context.createAuthCookie(ye,{maxAge:2592e3}),p=yield D(e.context.secret,`${c.id}!${d.id}`);yield e.setSignedCookie(m.name,`${p}!${d.id}`,e.context.secret,m.options)}return e.body.callbackURL?e.json({status:!0,callbackURL:e.body.callbackURL,redirect:!0}):e.json({status:!0})}),invalid:()=>s(void 0,null,function*(){return e.json({status:!1},{status:401,body:{message:"Invalid code"}})}),session:{id:d.id,userId:d.userId,expiresAt:d.expiresAt,user:c}}}throw new te("UNAUTHORIZED",{message:"invalid two factor authentication"})}));function ao(e){var r;return Array.from({length:(r=e==null?void 0:e.amount)!=null?r:10}).fill(null).map(()=>{var o;return so((o=e==null?void 0:e.length)!=null?o:10,io("a-z","0-9"))}).map(o=>`${o.slice(0,5)}-${o.slice(5)}`)}function je(e,r){return s(this,null,function*(){let o=e,n=r!=null&&r.customBackupCodesGenerate?r.customBackupCodesGenerate():ao(),t=le({data:JSON.stringify(n),key:o});return{backupCodes:n,encryptedBackupCodes:t}})}function uo(e,r){return s(this,null,function*(){let o=yield Et(e.user,r);return o?o.includes(e.code):!1})}function Et(e,r){return s(this,null,function*(){let o=Buffer.from(yield me({key:r,data:e.twoFactorBackupCodes})).toString("utf-8"),n=JSON.parse(o),t=he.array(he.string()).safeParse(n);return t.success?t.data:null})}var zt=e=>({id:"backup_code",endpoints:{verifyBackupCode:l("/two-factor/verify-backup-code",{method:"POST",body:he.object({code:he.string()}),use:[X]},r=>s(void 0,null,function*(){return uo({user:r.context.session.user,code:r.body.code},r.context.secret)?r.json({status:!0}):r.json({status:!1},{status:401})})),generateBackupCodes:l("/two-factor/generate-backup-codes",{method:"POST",use:[k]},r=>s(void 0,null,function*(){let o=yield je(r.context.secret,e);return yield r.context.adapter.update({model:"user",update:{twoFactorEnabled:!0,twoFactorBackupCodes:o.encryptedBackupCodes},where:[{field:"id",value:r.context.session.user.id}]}),r.json({status:!0,backupCodes:o.backupCodes})})),viewBackupCodes:l("/view/backup-codes",{method:"GET",use:[k]},r=>s(void 0,null,function*(){let o=r.context.session.user,n=Et(o,r.context.secret);return r.json({status:!0,backupCodes:n})}))}});import{APIError as _t}from"better-call";import"oslo/crypto";import{TOTPController as co}from"oslo/otp";import{z as Lt}from"zod";import{TimeSpan as lo}from"oslo";var jt=e=>{let r={period:new lo((e==null?void 0:e.period)||3,"m")},o=new co({digits:6,period:r.period}),n=l("/two-factor/send-otp",{method:"POST",use:[X]},i=>s(void 0,null,function*(){if(!e||!e.sendOTP)throw i.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options."),new _t("BAD_REQUEST",{message:"otp isn't configured"});let a=i.context.session.user,d=yield o.generate(Buffer.from(a.twoFactorSecret));return yield e.sendOTP(a,d),i.json({status:!0})})),t=l("/two-factor/verify-otp",{method:"POST",body:Lt.object({code:Lt.string()}),use:[X]},i=>s(void 0,null,function*(){let a=i.context.session.user;if(!a.twoFactorEnabled)throw new _t("BAD_REQUEST",{message:"two factor isn't enabled"});return(yield o.generate(Buffer.from(a.twoFactorSecret)))===i.body.code?i.context.valid():i.context.invalid()}));return{id:"otp",endpoints:{send2FaOTP:n,verifyOTP:t}}};import{APIError as we}from"better-call";import{TimeSpan as mo}from"oslo";import{TOTPController as xt,createTOTPKeyURI as po}from"oslo/otp";import{z as xe}from"zod";var Bt=e=>{let r={digits:6,period:new mo((e==null?void 0:e.period)||30,"s")},o=l("/totp/generate",{method:"POST",use:[k]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;return{code:yield new xt(r).generate(Buffer.from(a.twoFactorSecret))}})),n=l("/two-factor/get-totp-uri",{method:"GET",use:[k]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;if(!a.twoFactorSecret)throw new we("BAD_REQUEST",{message:"totp isn't enabled"});return{totpURI:po((e==null?void 0:e.issuer)||"BetterAuth",a.email,Buffer.from(a.twoFactorSecret),r)}})),t=l("/two-factor/verify-totp",{method:"POST",body:xe.object({code:xe.string(),callbackURL:xe.string().optional()}),use:[X]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=new xt(r),d=Buffer.from(yield me({key:i.context.secret,data:i.context.session.user.twoFactorSecret}));return(yield a.verify(i.body.code,d))?i.context.valid():i.context.invalid()}));return{id:"totp",endpoints:{generateTOTP:o,viewTOTPURI:n,verifyTOTP:t}}};var mc=(e={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:o=>o==="/two-factor/enable"||o==="/two-factor/send-otp"||o==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{onSuccess(o){return s(this,null,function*(){var n;(n=o.data)!=null&&n.twoFactorRedirect&&(e.redirect||e.twoFactorPage)&&typeof window!="undefined"&&(window.location.href=e.twoFactorPage)})}}}]});var Rc=e=>{let r=Bt(f({issuer:(e==null?void 0:e.issuer)||"better-auth"},e==null?void 0:e.totpOptions)),o=zt(e==null?void 0:e.backupCodeOptions),n=jt(e==null?void 0:e.otpOptions);return{id:"two-factor",endpoints:g(f(f(f({},r.endpoints),n.endpoints),o.endpoints),{enableTwoFactor:l("/two-factor/enable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[k]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;if(!(yield Ce(t,{password:a,userId:i.id})))return t.json({status:!1},{status:400,body:{message:"Invalid password"}});let u=go(16,fo("a-z","0-9","-")),c=le({key:t.context.secret,data:u}),m=yield je(t.context.secret,e==null?void 0:e.backupCodeOptions);return yield t.context.adapter.update({model:"user",update:{twoFactorSecret:c,twoFactorEnabled:!0,twoFactorBackupCodes:m.encryptedBackupCodes},where:[{field:"id",value:i.id}]}),t.json({status:!0})})),disableTwoFactor:l("/two-factor/disable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[k]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;return(yield Ce(t,{password:a,userId:i.id}))?(yield t.context.adapter.update({model:"user",update:{twoFactorEnabled:!1},where:[{field:"id",value:i.id}]}),t.json({status:!0})):t.json({status:!1},{status:400,body:{message:"Invalid password"}})}))}),options:e,hooks:{after:[{matcher(t){return t.path==="/sign-in/email"||t.path==="/sign-in/username"},handler:M(t=>s(void 0,null,function*(){let i=t.context.returned;if((i==null?void 0:i.status)!==200)return;let a=yield i.clone().json();if(!a.user.twoFactorEnabled)return;let d=t.context.createAuthCookie(ye,{maxAge:30*24*60*60}),u=yield t.getSignedCookie(d.name,t.context.secret);if(u){let[y,A]=u.split("!"),O=yield D(t.context.secret,`${a.user.id}!${A}`);if(y===O){let S=yield D(t.context.secret,`${a.user.id}!${a.session.id}`);yield t.setSignedCookie(d.name,`${S}!${a.session.id}`,t.context.secret,d.options);return}}t.setCookie(t.context.authCookies.sessionToken.name,"",{path:"/",sameSite:"lax",httpOnly:!0,secure:!1,maxAge:0});let c=yield D(t.context.secret,a.session.id),m=t.context.createAuthCookie(ge,{maxAge:60*60*24});return yield t.setSignedCookie(m.name,`${a.session.userId}!${c}`,t.context.secret,m.options),{response:new Response(JSON.stringify({twoFactorRedirect:!0}),{headers:t.responseHeader})}}))}]},schema:{user:{fields:{twoFactorEnabled:{type:"boolean",required:!1,defaultValue:!1},twoFactorSecret:{type:"string",required:!1,returned:!1},twoFactorBackupCodes:{type:"string",required:!1,returned:!1}}}},rateLimit:[{pathMatcher(t){return t.startsWith("/two-factor/")},window:10,max:3}]}};import{generateAuthenticationOptions as vo,generateRegistrationOptions as Io,verifyAuthenticationResponse as Ro,verifyRegistrationResponse as To}from"@simplewebauthn/server";import{APIError as Po}from"better-call";import{alphabet as Mt,generateRandomString as Dt}from"oslo/crypto";import{z as q}from"zod";import{WebAuthnError as wo,startAuthentication as bo,startRegistration as ko}from"@simplewebauthn/browser";import{createFetch as Mc}from"@better-fetch/fetch";import"nanostores";import{betterFetch as Cc}from"@better-fetch/fetch";import{atom as Xc}from"nanostores";import"@better-fetch/fetch";import{atom as yo,onMount as ho}from"nanostores";var Be=(e,r,o,n)=>{let t=yo({data:null,error:null,isPending:!1}),i=()=>{let d=typeof n=="function"?n({data:t.get().data,error:t.get().error,isPending:t.get().isPending}):n;return o(r,g(f({},d),{onSuccess:c=>s(void 0,null,function*(){var m;t.set({data:c.data,error:null,isPending:!1}),yield(m=d==null?void 0:d.onSuccess)==null?void 0:m.call(d,c)}),onError(c){return s(this,null,function*(){var m;t.set({error:c.error,data:null,isPending:!1}),yield(m=d==null?void 0:d.onError)==null?void 0:m.call(d,c)})},onRequest(c){return s(this,null,function*(){var p;let m=t.get();t.set({isPending:!0,data:m.data,error:m.error}),yield(p=d==null?void 0:d.onRequest)==null?void 0:p.call(d,c)})}}))};e=Array.isArray(e)?e:[e];let a=!1;for(let d of e)d.subscribe(()=>{a?i():ho(t,()=>(i(),a=!0,()=>{t.off(),d.off()}))});return t};import{atom as Ao}from"nanostores";var Oo=(e,{_listPasskeys:r})=>({signIn:{passkey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-authenticate-options",{method:"POST",body:{email:t==null?void 0:t.email,callbackURL:t==null?void 0:t.callbackURL}});if(!a.data)return a;try{let d=yield bo(a.data,(t==null?void 0:t.autoFill)||!1),u=yield e("/passkey/verify-authentication",f(f({body:{response:d}},t==null?void 0:t.fetchOptions),i));if(!u.data)return u}catch(d){console.log(d)}})},passkey:{addPasskey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let d=yield ko(a.data),u=yield e("/passkey/verify-registration",g(f(f({},t==null?void 0:t.fetchOptions),i),{body:{response:d,name:t==null?void 0:t.name}}));if(!u.data)return u;r.set(Math.random())}catch(d){return d instanceof wo?d.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:d.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d instanceof Error?d.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}})},$Infer:{}}),Al=()=>{let e=Ao();return{id:"passkey",$InferServerPlugin:{},getActions:r=>Oo(r,{_listPasskeys:e}),getAtoms(r){return{listPasskeys:Be(e,"/passkey/list-user-passkeys",r,{method:"GET",credentials:"include"}),_listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(r){return r==="/passkey/verify-registration"||r==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var _l=e=>{let r=process.env.BETTER_AUTH_URL,o=(e==null?void 0:e.rpID)||(r==null?void 0:r.replace("http://","").replace("https://","").replace(":3000",""))||"localhost";if(!o)throw new C("passkey rpID not found. Please provide a rpID in the options or set the BETTER_AUTH_URL environment variable.");let n=g(f({origin:null},e),{rpID:o,advanced:f({webAuthnChallengeCookie:"better-auth-passkey"},e==null?void 0:e.advanced)}),t=60*60*24;return{id:"passkey",endpoints:{generatePasskeyRegistrationOptions:l("/passkey/generate-register-options",{method:"GET",use:[k],metadata:{client:!1}},i=>s(void 0,null,function*(){let a=i.context.session,d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}),u=new Uint8Array(Buffer.from(Dt(32,Mt("a-z","0-9")))),c;c=yield Io({rpName:n.rpName||i.context.appName,rpID:n.rpID,userID:u,userName:a.user.email||a.user.id,attestationType:"none",excludeCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}}),authenticatorSelection:{residentKey:"preferred",userVerification:"preferred",authenticatorAttachment:"platform"}});let m={expectedChallenge:c.challenge,userData:{id:a.user.id}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(m),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(c,{status:200})})),generatePasskeyAuthenticationOptions:l("/passkey/generate-authenticate-options",{method:"POST",body:q.object({email:q.string().optional(),callbackURL:q.string().optional()}).optional()},i=>s(void 0,null,function*(){var m;let a=yield $(i),d=[];a&&(d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}));let u=yield vo(f({rpID:n.rpID,userVerification:"preferred"},d.length?{allowCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}})}:{})),c={expectedChallenge:u.challenge,callbackURL:(m=i.body)==null?void 0:m.callbackURL,userData:{id:(a==null?void 0:a.user.id)||""}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(c),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(u,{status:200})})),verifyPasskeyRegistration:l("/passkey/verify-registration",{method:"POST",body:q.object({response:q.any(),name:q.string().optional()}),use:[k]},i=>s(void 0,null,function*(){var p;let a=(e==null?void 0:e.origin)||((p=i.headers)==null?void 0:p.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{userData:c,expectedChallenge:m}=JSON.parse(u);if(c.id!==i.context.session.user.id)throw new Po("UNAUTHORIZED",{message:"You are not authorized to register this passkey"});try{let y=yield To({response:d,expectedChallenge:m,expectedOrigin:a,expectedRPID:e==null?void 0:e.rpID}),{verified:A,registrationInfo:O}=y;if(!A||!O)return i.json(null,{status:400});let{credentialID:S,credentialPublicKey:B,counter:v,credentialDeviceType:z,credentialBackedUp:Ae}=O,N=Buffer.from(B).toString("base64"),Me=Dt(32,Mt("a-z","0-9")),Nt={name:i.body.name,userId:c.id,webauthnUserID:Me,id:S,publicKey:N,counter:v,deviceType:z,transports:d.response.transports.join(","),backedUp:Ae,createdAt:new Date},$t=yield i.context.adapter.create({model:"passkey",data:Nt});return i.json($t,{status:200})}catch(y){return console.log(y),i.json(null,{status:400,body:{message:"Registration failed"}})}})),verifyPasskeyAuthentication:l("/passkey/verify-authentication",{method:"POST",body:q.object({response:q.any()})},i=>s(void 0,null,function*(){var y,A;let a=(e==null?void 0:e.origin)||((y=i.headers)==null?void 0:y.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{expectedChallenge:c,callbackURL:m}=JSON.parse(u),p=yield i.context.adapter.findOne({model:"passkey",where:[{field:"id",value:d.id}]});if(!p)return i.json(null,{status:401,body:{message:"Passkey not found"}});try{let O=yield Ro({response:d,expectedChallenge:c,expectedOrigin:a,expectedRPID:n.rpID,authenticator:{credentialID:p.id,credentialPublicKey:new Uint8Array(Buffer.from(p.publicKey,"base64")),counter:p.counter,transports:(A=p.transports)==null?void 0:A.split(",")}}),{verified:S}=O;if(!S)return i.json(null,{status:401,body:{message:"verification failed"}});yield i.context.adapter.update({model:"passkey",where:[{field:"id",value:p.id}],update:{counter:O.authenticationInfo.newCounter}});let B=yield i.context.internalAdapter.createSession(p.userId,i.request);return yield T(i,B.id),m?i.json({url:m,redirect:!0,session:B}):i.json({session:B},{status:200})}catch(O){return i.context.logger.error(O),i.json(null,{status:400,body:{message:"Authentication failed"}})}})),listPasskeys:l("/passkey/list-user-passkeys",{method:"GET",use:[k]},i=>s(void 0,null,function*(){let a=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:i.context.session.user.id}]});return i.json(a,{status:200})})),deletePasskey:l("/passkey/delete-passkey",{method:"POST",body:q.object({id:q.string()}),use:[k]},i=>s(void 0,null,function*(){return yield i.context.adapter.delete({model:"passkey",where:[{field:"id",value:i.body.id}]}),i.json(null,{status:200})}))},schema:{passkey:{fields:{name:{type:"string",required:!1},publicKey:{type:"string"},userId:{type:"string",references:{model:"user",field:"id"}},webauthnUserID:{type:"string"},counter:{type:"number"},deviceType:{type:"string"},backedUp:{type:"boolean"},transports:{type:"string",required:!1},createdAt:{type:"date",defaultValue:new Date,required:!1}}}}}};import{z as x}from"zod";import{APIError as ke}from"better-call";var Ft=()=>({id:"username",endpoints:{signInUsername:l("/sign-in/username",{method:"POST",body:x.object({username:x.string(),password:x.string(),dontRememberMe:x.boolean().optional(),callbackURL:x.string().optional()})},e=>s(void 0,null,function*(){let r=yield e.context.adapter.findOne({model:"user",where:[{field:"username",value:e.body.username}]});if(!r)throw yield e.context.password.hash(e.body.password),e.context.logger.error("User not found",{username:Ft}),new ke("UNAUTHORIZED",{message:"Invalid email or password"});let o=yield e.context.adapter.findOne({model:"account",where:[{field:"userId",value:r.id},{field:"providerId",value:"credential"}]});if(!o)throw new ke("UNAUTHORIZED",{message:"Invalid email or password"});let n=o==null?void 0:o.password;if(!n)throw e.context.logger.error("Password not found",{username:Ft}),new ke("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(n,e.body.password)))throw e.context.logger.error("Invalid password"),new ke("UNAUTHORIZED",{message:"Invalid email or password"});let i=yield e.context.internalAdapter.createSession(r.id,e.request);return yield e.setSignedCookie(e.context.authCookies.sessionToken.name,i.id,e.context.secret,e.body.dontRememberMe?g(f({},e.context.authCookies.sessionToken.options),{maxAge:void 0}):e.context.authCookies.sessionToken.options),e.json({user:r,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})})),signUpUsername:l("/sign-up/username",{method:"POST",body:x.object({username:x.string().min(3).max(20),name:x.string(),email:x.string().email(),password:x.string(),image:x.string().optional(),callbackURL:x.string().optional()})},e=>s(void 0,null,function*(){let r=yield Ee(g(f({},e),{_flag:void 0}));return r?(yield e.context.internalAdapter.updateUserByEmail(r.user.email,{username:e.body.username}),e.body.callbackURL?e.json(r,{body:f({url:e.body.callbackURL,redirect:!0},r)}):e.json(r)):e.json(null,{status:400,body:{message:"Sign up failed",status:400}})}))},schema:{user:{fields:{username:{type:"string",required:!1,unique:!0,returned:!0}}}}});import{serializeSigned as So}from"better-call";var Gl=()=>({id:"bearer",hooks:{before:[{matcher(e){var r,o;return((o=(r=e.request)==null?void 0:r.headers.get("authorization"))==null?void 0:o.startsWith("Bearer "))||!1},handler:e=>s(void 0,null,function*(){var t,i;let r=(i=(t=e.request)==null?void 0:t.headers.get("authorization"))==null?void 0:i.replace("Bearer ","");if(!r)throw new C("No token found");let o=e.headers||new Headers,n=yield So("",r,e.context.secret);o.set("cookie",`${e.context.authCookies.sessionToken.name}=${n.replace("=","")}`)})}]}});import{z as G}from"zod";import{APIError as qt}from"better-call";import{validateJWT as Uo}from"oslo/jwt";import"process";var sm=e=>({id:"magic-link",endpoints:{signInMagicLink:l("/sign-in/magic-link",{method:"POST",requireHeaders:!0,body:G.object({email:G.string().email(),callbackURL:G.string().optional(),currentURL:G.string().optional()})},r=>s(void 0,null,function*(){let{email:o}=r.body;if(!(yield r.context.internalAdapter.findUserByEmail(o)))throw new qt("UNAUTHORIZED",{message:"User not found"});let t=yield ne(r.context.secret,o),i=`${r.context.baseURL}/magic-link/verify?token=${t}&callbackURL=${r.body.callbackURL||r.body.currentURL}`;try{yield e.sendMagicLink({email:o,url:i,token:t})}catch(a){throw r.context.logger.error("Failed to send magic link",a),new qt("INTERNAL_SERVER_ERROR",{message:"Failed to send magic link"})}return r.json({status:!0})})),magicLinkVerify:l("/magic-link/verify",{method:"GET",query:G.object({token:G.string(),callbackURL:G.string().optional()}),requireHeaders:!0},r=>s(void 0,null,function*(){let{token:o,callbackURL:n}=r.query,t;try{t=yield Uo("HS256",Buffer.from(r.context.secret),o)}catch(c){if(r.context.logger.error("Failed to verify email",c),n)throw r.redirect(`${n}?error=INVALID_TOKEN`);return r.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let a=G.object({email:G.string().email()}).parse(t.payload),d=yield r.context.internalAdapter.findUserByEmail(a.email);if(!d){if(n)throw r.redirect(`${n}?error=USER_NOT_FOUND`);return r.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}})}let u=yield r.context.internalAdapter.createSession(d.user.id,r.headers);if(!u){if(n)throw r.redirect(`${n}?error=SESSION_NOT_CREATED`);return r.json(null,{status:400,statusText:"SESSION NOT CREATED",body:{message:"Failed to create session"}})}if(yield T(r,u.id),!n)return r.json({status:!0});throw r.redirect(n)}))}});var lm=e=>({id:"cross-subdomain-cookies",onResponse(o,n){return s(this,null,function*(){let t=o.headers.get("set-cookie");if(!t)return;let i=n.baseURL,a=t.split(";"),d=(e==null?void 0:e.domainName)||new URL(i).hostname,u=n.authCookies,c=[u.sessionToken.name,u.csrfToken.name,u.dontRememberToken.name];if(!c.some(p=>t.includes(p)))return;let m=a.map(p=>{if(!c.some(A=>p.toLowerCase().includes(A.toLowerCase())))return p;let y=p.trim();return y.toLowerCase().startsWith("domain=")?`Domain=${d}`:y.toLowerCase().includes("domain=")?y:`${y}; Domain=${d}`}).filter((p,y,A)=>y===A.findIndex(O=>O.split(";")[0]===p.split(";")[0])).join("; ");return o.headers.set("set-cookie",m),{response:o}})}});export{K as HIDE_METADATA,_e as ac,Gl as bearer,l as createAuthEndpoint,M as createAuthMiddleware,lm as crossSubdomainCookies,Oo as getPasskeyActions,sm as magicLink,Ne as optionsMiddleware,Au as organization,_l as passkey,Al as passkeyClient,Rc as twoFactor,mc as twoFactorClient,Ft as username};
|
package/dist/react.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
2
|
-
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-
|
|
2
|
+
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-wJcPCm9A.js';
|
|
3
3
|
import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
|
|
4
4
|
import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
|
|
5
5
|
import { useStore } from '@nanostores/react';
|
package/dist/solid-start.d.ts
CHANGED
package/dist/solid.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
2
|
-
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-
|
|
2
|
+
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-wJcPCm9A.js';
|
|
3
3
|
import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
|
|
4
4
|
import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
|
|
5
5
|
import { Accessor } from 'solid-js';
|
package/dist/svelte-kit.d.ts
CHANGED
package/dist/svelte.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as nanostores from 'nanostores';
|
|
2
2
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
3
|
-
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-
|
|
3
|
+
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-wJcPCm9A.js';
|
|
4
4
|
import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
|
|
5
5
|
import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
|
|
6
6
|
import 'kysely';
|
package/dist/types.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { B as BetterAuthPlugin,
|
|
2
|
-
export { t as Adapter,
|
|
1
|
+
import { B as BetterAuthPlugin, A as Auth, m as InferSession, n as InferUser } from './index-wJcPCm9A.js';
|
|
2
|
+
export { t as Adapter, b as AuthContext, a as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, q as InferPluginTypes, P as PluginSchema, R as RateLimit, S as SessionAdapter, W as Where, r as init } from './index-wJcPCm9A.js';
|
|
3
3
|
import { U as UnionToIntersection, H as HasRequiredKeys, P as Prettify, L as LiteralString } from './helper-C1ihmerM.js';
|
|
4
4
|
export { a as LiteralUnion, R as RequiredKeysOf, W as WithoutEmpty } from './helper-C1ihmerM.js';
|
|
5
5
|
export { f as OAuthProvider, O as OAuthProviderList, P as ProviderOptions, S as Session, U as User } from './index-C8A40nOX.js';
|
package/dist/utils.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export { i as BetterAuthCookies, h as createCookieGetter, k as createLogger, j as deleteSessionCookie, g as getCookies, l as logger, p as parseSetCookieHeader, s as setSessionCookie } from './index-
|
|
1
|
+
import { b as AuthContext, G as GenericEndpointContext } from './index-wJcPCm9A.js';
|
|
2
|
+
export { i as BetterAuthCookies, h as createCookieGetter, k as createLogger, j as deleteSessionCookie, g as getCookies, l as logger, p as parseSetCookieHeader, s as setSessionCookie } from './index-wJcPCm9A.js';
|
|
3
3
|
export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
|
|
4
4
|
import { z } from 'zod';
|
|
5
5
|
import 'kysely';
|
package/dist/vue.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
2
|
-
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-
|
|
2
|
+
import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-wJcPCm9A.js';
|
|
3
3
|
import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
|
|
4
4
|
import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
|
|
5
5
|
import { Ref, DeepReadonly } from 'vue';
|