npm - better-auth - Versions diffs - 0.2.2 → 0.2.3-beta.1 - Mend

better-auth 0.2.2 → 0.2.3-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/dist/adapters.d.ts +32 -6
package/dist/adapters.js +22 -1
package/dist/api.d.ts +2 -4
package/dist/cli.js +4 -2
package/dist/client/plugins.d.ts +5 -7
package/dist/client.d.ts +3 -5
package/dist/{index-DsEvbKjm.d.ts → index-3B6zGicM.d.ts} +10 -2
package/dist/{index-D_ohe9r9.d.ts → index-BMYcrOqA.d.ts} +72 -113
package/dist/index-CE92ti2Z.d.ts +827 -0
package/dist/index.d.ts +4 -6
package/dist/index.js +5 -3
package/dist/next-js.d.ts +2 -4
package/dist/node.d.ts +4 -6
package/dist/plugins.d.ts +6 -8
package/dist/plugins.js +1 -1
package/dist/react.d.ts +3 -5
package/dist/social.d.ts +3 -742
package/dist/solid-start.d.ts +4 -6
package/dist/solid.d.ts +3 -5
package/dist/svelte-kit.d.ts +4 -6
package/dist/svelte.d.ts +3 -5
package/dist/types.d.ts +3 -5
package/dist/utils.d.ts +5 -7
package/dist/vue.d.ts +3 -5
package/package.json +7 -5
package/dist/.DS_Store +0 -0
package/dist/adapter-D-m9-hQp.d.ts +0 -54
package/dist/schema-D9o3OF80.d.ts +0 -88

package/dist/index.d.ts CHANGED Viewed

@@ -1,9 +1,7 @@
-export { d as Auth, $ as betterAuth } from './index-D_ohe9r9.js';
+export { d as Auth, a2 as betterAuth } from './index-BMYcrOqA.js';
 import 'kysely';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
-import 'better-call';
 import './helper-C1ihmerM.js';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
+import 'better-call';

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
-var Ot=Object.defineProperty,_t=Object.defineProperties;var Et=Object.getOwnPropertyDescriptors;var K=Object.getOwnPropertySymbols;var Re=Object.prototype.hasOwnProperty,Te=Object.prototype.propertyIsEnumerable;var ke=(e,t,n)=>t in e?Ot(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,g=(e,t)=>{for(var n in t||(t={}))Re.call(t,n)&&ke(e,n,t[n]);if(K)for(var n of K(t))Te.call(t,n)&&ke(e,n,t[n]);return e},k=(e,t)=>_t(e,Et(t));var W=(e,t)=>{var n={};for(var o in e)Re.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(e!=null&&K)for(var o of K(e))t.indexOf(o)<0&&Te.call(e,o)&&(n[o]=e[o]);return n};var u=(e,t,n)=>new Promise((o,r)=>{var s=d=>{try{a(n.next(d))}catch(l){r(l)}},i=d=>{try{a(n.throw(d))}catch(l){r(l)}},a=d=>d.done?o(d.value):Promise.resolve(d.value).then(s,i);a((n=n.apply(e,t)).next())});import{APIError as xr,createRouter as Pr}from"better-call";import{APIError as Pe}from"better-call";import{z as ve}from"zod";import{xchacha20poly1305 as Vr}from"@noble/ciphers/chacha";import{bytesToHex as Mr,hexToBytes as Hr,utf8ToBytes as Gr}from"@noble/ciphers/utils";import{managedNonce as Wr}from"@noble/ciphers/webcrypto";import{sha256 as Zr}from"@noble/hashes/sha256";function J(e,t){return u(this,null,function*(){let n=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},r=yield crypto.subtle.importKey("raw",n.encode(e),o,!1,["sign","verify"]),s=yield crypto.subtle.sign(o.name,r,n.encode(t));return btoa(String.fromCharCode(...new Uint8Array(s)))})}import{createEndpointCreator as Ct,createMiddleware as Ue,createMiddlewareCreator as Bt}from"better-call";var xe=Ue(()=>u(void 0,null,function*(){return{}})),Z=Bt({use:[xe,Ue(()=>u(void 0,null,function*(){return{}}))]}),y=Ct({use:[xe]});var Ie=Z({body:ve.object({csrfToken:ve.string().optional()}).optional()},e=>u(void 0,null,function*(){var a,d,l,c;if(((a=e.request)==null?void 0:a.method)!=="POST"||(d=e.context.options.advanced)!=null&&d.disableCSRFCheck)return;let t=new URL(e.request.url);if(t.origin===new URL(e.context.baseURL).origin||(l=e.context.options.trustedOrigins)!=null&&l.includes(t.origin))return;let n=(c=e.body)==null?void 0:c.csrfToken,o=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[r,s]=(o==null?void 0:o.split("!"))||[null,null];if(!n||!o||!r||!s||o!==n)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new Pe("UNAUTHORIZED",{message:"Invalid CSRF Token"});let i=yield J(e.context.secret,r);if(s!==i)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new Pe("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import{APIError as C}from"better-call";import{generateCodeVerifier as nr}from"oslo/oauth2";import{z as S}from"zod";import"arctic";import{parseJWT as $t}from"oslo/jwt";import"@better-fetch/fetch";var I=class extends Error{constructor(t,n,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=n}};import{OAuth2Tokens as Dt}from"arctic";function jt(e){try{return new URL(e).pathname!=="/"}catch(t){throw new I(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ne(e,t="/api/auth"){return jt(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function Q(e,t){if(e)return ne(e,t);let n=(process==null?void 0:process.env)||{},o=n.BETTER_AUTH_URL||n.NEXT_PUBLIC_BETTER_AUTH_URL||n.PUBLIC_BETTER_AUTH_URL||n.NUXT_PUBLIC_BETTER_AUTH_URL||n.NUXT_PUBLIC_AUTH_URL||(n.BASE_URL!=="/"?n.BASE_URL:void 0);if(o)return ne(o,t);if(typeof window!="undefined")return ne(window.location.origin,t)}import{betterFetch as qt}from"@better-fetch/fetch";function R(e,t){return t||`${Q()}/callback/${e}`}function x(s){return u(this,arguments,function*({code:e,codeVerifier:t,redirectURI:n,options:o,tokenEndpoint:r}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",n),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:a,error:d}=yield qt(r,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return new Dt(a)})}var Se=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:o,scopes:r,redirectURI:s}){let i=r||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${s||e.redirectURI}&scope=${i.join(" ")}&state=${o}`)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("apple",e.redirectURI),options:e,tokenEndpoint:t})}),getUserInfo(o){return u(this,null,function*(){var s;let r=(s=$t(o.idToken()))==null?void 0:s.payload;return r?{user:{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified==="true"},data:r}:null})}}};import{betterFetch as Nt}from"@better-fetch/fetch";import{Discord as Ft}from"arctic";var Le=e=>{let t=new Ft(e.clientId,e.clientSecret,R("discord",e.redirectURI));return{id:"discord",name:"Discord",createAuthorizationURL({state:o,scopes:r}){let s=r||["email"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("discord",e.redirectURI),options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"})}),getUserInfo(o){return u(this,null,function*(){let{data:r,error:s}=yield Nt("https://discord.com/api/users/@me",{auth:{type:"Bearer",token:o.accessToken()}});return s?null:{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified},data:r}})}}};import{betterFetch as Vt}from"@better-fetch/fetch";import{Facebook as zt}from"arctic";var Oe=e=>{let t=new zt(e.clientId,e.clientSecret,R("facebook",e.redirectURI));return{id:"facebook",name:"Facebook",createAuthorizationURL({state:o,scopes:r}){let s=r||["email","public_profile"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("facebook",e.redirectURI),options:e,tokenEndpoint:"https://graph.facebook.com/v16.0/oauth/access_token"})}),getUserInfo(o){return u(this,null,function*(){let{data:r,error:s}=yield Vt("https://graph.facebook.com/me",{auth:{type:"Bearer",token:o.accessToken()}});return s?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as _e}from"@better-fetch/fetch";import{GitHub as Mt}from"arctic";var Ee=({clientId:e,clientSecret:t,redirectURI:n})=>{let o=new Mt(e,t,R("github",n));return{id:"github",name:"Github",createAuthorizationURL({state:s,scopes:i}){let a=i||["user:email"];return o.createAuthorizationURL(s,a)},validateAuthorizationCode:s=>u(void 0,null,function*(){return yield o.validateAuthorizationCode(s)}),getUserInfo(s){return u(this,null,function*(){var l,c,p,m;let{data:i,error:a}=yield _e("https://api.github.com/user",{auth:{type:"Bearer",token:s.accessToken()}});if(a)return null;let d=!1;if(!i.email){let{data:f,error:h}=yield _e("https://api.github.com/user/emails",{auth:{type:"Bearer",token:s.accessToken()}});h||(i.email=(c=(l=f.find(w=>w.primary))!=null?l:f[0])==null?void 0:c.email,d=(m=(p=f.find(w=>w.email===i.email))==null?void 0:p.verified)!=null?m:!1)}return{user:{id:i.id,name:i.name,email:i.email,image:i.avatar_url,emailVerified:d,createdAt:new Date,updatedAt:new Date},data:i}})}}};import{Google as Gt}from"arctic";import{parseJWT as Kt}from"oslo/jwt";import{createConsola as Ht}from"consola";var q=Ht({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),se=e=>({log:(...t)=>{!(e!=null&&e.disabled)&&q.log("",...t)},error:(...t)=>{!(e!=null&&e.disabled)&&q.error("",...t)},warn:(...t)=>{!(e!=null&&e.disabled)&&q.warn("",...t)},info:(...t)=>{!(e!=null&&e.disabled)&&q.info("",...t)},debug:(...t)=>{!(e!=null&&e.disabled)&&q.debug("",...t)},box:(...t)=>{!(e!=null&&e.disabled)&&q.box("",...t)},success:(...t)=>{!(e!=null&&e.disabled)&&q.success("",...t)},break:(...t)=>{!(e!=null&&e.disabled)&&console.log(`
-`)}}),O=se();var Ce=e=>{let t=new Gt(e.clientId,e.clientSecret,R("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:o,scopes:r,codeVerifier:s,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw O.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new I("CLIENT_ID_AND_SECRET_REQUIRED");if(!s)throw new I("codeVerifier is required for Google");let a=r||["email","profile"];return t.createAuthorizationURL(o,s,a)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(o){return u(this,null,function*(){var s;if(!o.idToken)return null;let r=(s=Kt(o.idToken()))==null?void 0:s.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as Wt}from"@better-fetch/fetch";import{Spotify as Jt}from"arctic";var Be=e=>{let t=new Jt(e.clientId,e.clientSecret,R("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:o,scopes:r}){let s=r||["user-read-email"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(o){return u(this,null,function*(){var i;let{data:r,error:s}=yield Wt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return s?null:{user:{id:r.id,name:r.display_name,email:r.email,image:(i=r.images[0])==null?void 0:i.url,emailVerified:!1},data:r}})}}};import{betterFetch as Zt}from"@better-fetch/fetch";import{Twitch as Qt}from"arctic";var je=e=>{let t=new Qt(e.clientId,e.clientSecret,R("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:o,scopes:r}){let s=r||["activity:write","read"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return u(this,null,function*(){let{data:r,error:s}=yield Zt("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return s?null:{user:{id:r.sub,name:r.preferred_username,email:r.email,image:r.picture,emailVerified:!1},data:r}})}}};import{betterFetch as Xt}from"@better-fetch/fetch";import{Twitter as Yt}from"arctic";var De=e=>{let t=new Yt(e.clientId,e.clientSecret,R("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(o){let r=o.scopes||["account_info.read"];return t.createAuthorizationURL(o.state,o.codeVerifier,r)},validateAuthorizationCode:(o,r,s)=>u(void 0,null,function*(){return x({code:o,codeVerifier:r,redirectURI:s||R("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return u(this,null,function*(){let{data:r,error:s}=yield Xt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return s||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}})}}};import"arctic";var ie={apple:Se,discord:Le,facebook:Oe,github:Ee,google:Ce,spotify:Be,twitch:je,twitter:De},qe=Object.keys(ie);import{generateState as er}from"oslo/oauth2";import{z}from"zod";function $e(e,t,n){let o=er();return{state:JSON.stringify({code:o,callbackURL:e,currentURL:t,dontRememberMe:n}),code:o}}function ae(e){return z.object({code:z.string(),callbackURL:z.string().optional(),currentURL:z.string().optional(),dontRememberMe:z.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as rr}from"better-call";var M=(e,t=!1)=>{let n=new Date;return new Date(n.getTime()+(t?e*1e3:e))};import{TimeSpan as tr}from"oslo";function Ne(e){var s;let n=!!((s=e.advanced)!=null&&s.useSecureCookies)||process.env.NODE_ENV!=="development"&&process.env.NODE_ENV!=="test"?"__Secure-":"",o="better-auth",r=new tr(7,"d").seconds();return{sessionToken:{name:`${n}${o}.session_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:r}},csrfToken:{name:`${n?"__Host-":""}${o}.csrf_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*60*24*7}},state:{name:`${n}${o}.state`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},pkCodeVerifier:{name:`${n}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},dontRememberToken:{name:`${n}${o}.dont_remember`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n}},nonce:{name:`${n}${o}.nonce`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}}}}function Fe(e){var s;let n=!!((s=e.advanced)!=null&&s.useSecureCookies)||process.env.NODE_ENV==="production"?"__Secure-":"",o="better-auth";function r(i,a){return{name:process.env.NODE_ENV==="production"?`${n}${o}.${i}`:`${o}.${i}`,options:g({secure:!!n,sameSite:"lax",path:"/",maxAge:60*15},a)}}return r}function _(e,t,n,o){return u(this,null,function*(){let r=e.context.authCookies.sessionToken.options;r.maxAge=n?void 0:r.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,r),n&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function H(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as Ve}from"zod";function X(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let n=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of n){let r=e.headers.get(o);if(typeof r=="string"){let s=r.split(",")[0].trim();if(s)return s}}return null}var de=new Map;function or(e,t){if(!e.request)return"";let{method:n,url:o,headers:r}=e.request,s=e.request.headers.get("User-Agent")||"",i=X(e.request)||"",a=JSON.stringify(r);return`${n}:${o}:${a}:${s}:${i}:${t}`}var ce=()=>y("/session",{method:"GET",requireHeaders:!0},e=>u(void 0,null,function*(){try{let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let n=or(e,t),o=de.get(n);if(o){if(o.expiresAt>Date.now())return e.json(o.data);de.delete(n)}let r=yield e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return H(e),r&&(yield e.context.internalAdapter.deleteSession(r.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let i=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-i*1e3+a*1e3<=Date.now()){let c=yield e.context.internalAdapter.updateSession(r.session.id,{expiresAt:M(e.context.sessionConfig.expiresIn,!0)});if(!c)return H(e),e.json(null,{status:401});let p=(c.expiresAt.valueOf()-Date.now())/1e3;return yield _(e,c.id,!1,{maxAge:p}),e.json({session:c,user:r.user})}return de.set(n,{data:r,expiresAt:Date.now()+5e3}),e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}})),ue=e=>u(void 0,null,function*(){return yield ce()(k(g({},e),{_flag:void 0}))}),$=Z(e=>u(void 0,null,function*(){let t=yield ue(e);if(!(t!=null&&t.session))throw new rr("UNAUTHORIZED");return{session:t}})),ze=()=>y("/user/list-sessions",{method:"GET",use:[$],requireHeaders:!0},e=>u(void 0,null,function*(){let n=(yield e.context.adapter.findMany({model:e.context.tables.session.tableName,where:[{field:"userId",value:e.context.session.user.id}]})).filter(o=>o.expiresAt>new Date);return e.json(n)})),Me=y("/user/revoke-session",{method:"POST",body:Ve.object({id:Ve.string()}),use:[$],requireHeaders:!0},e=>u(void 0,null,function*(){let t=e.body.id,n=yield e.context.internalAdapter.findSession(t);if(!n)return e.json(null,{status:400});if(n.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(t)}catch(o){return e.context.logger.error(o),e.json(null,{status:500})}return e.json({status:!0})})),He=y("/user/revoke-sessions",{method:"POST",use:[$],requireHeaders:!0},e=>u(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}return e.json({status:!0})}));var Ge=y("/sign-in/social",{method:"POST",requireHeaders:!0,query:S.object({currentURL:S.string().optional()}).optional(),body:S.object({callbackURL:S.string().optional(),provider:S.enum(qe),dontRememberMe:S.boolean().default(!1).optional()})},e=>u(void 0,null,function*(){var i,a,d,l;let t=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new C("NOT_FOUND",{message:"Provider not found"});let n=e.context.authCookies,o=(i=e.query)!=null&&i.currentURL?new URL((a=e.query)==null?void 0:a.currentURL):null,r=(d=e.body.callbackURL)!=null&&d.startsWith("http")?e.body.callbackURL:`${o==null?void 0:o.origin}${e.body.callbackURL||""}`,s=$e(r||(o==null?void 0:o.origin)||e.context.baseURL,(l=e.query)==null?void 0:l.currentURL);try{yield e.setSignedCookie(n.state.name,s.code,e.context.secret,n.state.options);let c=nr();yield e.setSignedCookie(n.pkCodeVerifier.name,c,e.context.secret,n.pkCodeVerifier.options);let p=t.createAuthorizationURL({state:s.state,codeVerifier:c});return p.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:p.toString(),state:s.state,codeVerifier:c,redirect:!0}}catch(c){throw new C("INTERNAL_SERVER_ERROR")}})),Ke=y("/sign-in/email",{method:"POST",body:S.object({email:S.string().email(),password:S.string(),callbackURL:S.string().optional(),dontRememberMe:S.boolean().default(!1).optional()})},e=>u(void 0,null,function*(){var c,p;if(!((p=(c=e.context.options)==null?void 0:c.emailAndPassword)!=null&&p.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new C("BAD_REQUEST",{message:"Email and password is not enabled"});let t=yield ue(e);t&&(yield e.context.internalAdapter.deleteSession(t.session.id));let{email:n,password:o}=e.body;if(!S.string().email().safeParse(n).success)throw new C("BAD_REQUEST",{message:"Invalid email"});let s=yield e.context.internalAdapter.findUserByEmail(n);if(!s)throw yield e.context.password.hash(o),e.context.logger.error("User not found",{email:n}),new C("UNAUTHORIZED",{message:"Invalid email or password"});let i=s.accounts.find(m=>m.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:n}),new C("UNAUTHORIZED",{message:"Invalid email or password"});let a=i==null?void 0:i.password;if(!a)throw e.context.logger.error("Password not found",{email:n}),new C("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(a,o)))throw e.context.logger.error("Invalid password"),new C("UNAUTHORIZED",{message:"Invalid email or password"});let l=yield e.context.internalAdapter.createSession(s.user.id,e.headers,e.body.dontRememberMe);if(!l)throw e.context.logger.error("Failed to create session"),new C("INTERNAL_SERVER_ERROR");return yield _(e,l.id,e.body.dontRememberMe),e.json({user:s.user,session:l,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as ar}from"better-call";import{z as Y}from"zod";import{z as A}from"zod";var ds=A.object({id:A.string(),providerId:A.string(),accountId:A.string(),userId:A.string(),accessToken:A.string().nullable().optional(),refreshToken:A.string().nullable().optional(),idToken:A.string().nullable().optional(),expiresAt:A.date().nullable().optional(),password:A.string().optional().nullable()}),We=A.object({id:A.string(),email:A.string().transform(e=>e.toLowerCase()),emailVerified:A.boolean().default(!1),name:A.string(),image:A.string().optional(),createdAt:A.date().default(new Date),updatedAt:A.date().default(new Date)}),cs=A.object({id:A.string(),userId:A.string(),expiresAt:A.date(),ipAddress:A.string().optional(),userAgent:A.string().optional()});import{alphabet as sr,generateRandomString as ir}from"oslo/crypto";var Je=()=>ir(36,sr("a-z","0-9"));var D={isAction:!1};function le(e){let t=e.accessToken(),n=e.hasRefreshToken()?e.refreshToken():void 0,o;try{o=e.accessTokenExpiresAt()}catch(r){}return{accessToken:t,refreshToken:n,expiresAt:o}}var Ze=y("/callback/:id",{method:"GET",query:Y.object({state:Y.string(),code:Y.string().optional(),error:Y.string().optional()}),metadata:D},e=>u(void 0,null,function*(){var h,w,U;if(e.query.error||!e.query.code){let T=((h=ae(e.query.state).data)==null?void 0:h.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${T}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(b=>b.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let n=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),o;try{o=yield t.validateAuthorizationCode(e.query.code,n,`${e.context.baseURL}/callback/${t.id}`)}catch(b){throw e.context.logger.error(b),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let r=yield t.getUserInfo(o).then(b=>b==null?void 0:b.user),s=Je(),i=We.safeParse(k(g({},r),{id:s})),a=ae(e.query.state);if(!a.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:d,currentURL:l,dontRememberMe:c}=a.data;if(!r||i.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!d)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let p=yield e.context.internalAdapter.findUserByEmail(r.email),m=p==null?void 0:p.user.id;if(p){let b=p.accounts.find(v=>v.providerId===t.id),T=(U=(w=e.context.options.account)==null?void 0:w.accountLinking)==null?void 0:U.trustedProviders,P=T?T.includes(t.id):!0;if(!b&&(!r.emailVerified||!P)){let v;try{v=new URL(l||d),v.searchParams.set("error","account_not_linked")}catch(oe){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(v.toString())}if(!b)try{yield e.context.internalAdapter.linkAccount(g({providerId:t.id,accountId:r.id,id:`${t.id}:${r.id}`,userId:p.user.id},le(o)))}catch(v){throw console.log(v),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(i.data,k(g({},le(o)),{id:`${t.id}:${r.id}`,providerId:t.id,accountId:r.id,userId:s}))}catch(b){let T=new URL(l||d);throw T.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",T.toString()),e.redirect(T.toString())}if(!m&&!s)throw new ar("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let f=yield e.context.internalAdapter.createSession(m||s,e.request,c);if(!f){let b=new URL(l||d);throw b.searchParams.set("error","unable_to_create_session"),e.redirect(b.toString())}try{yield _(e,f.id,c)}catch(b){e.context.logger.error("Unable to set session cookie",b);let T=new URL(l||d);throw T.searchParams.set("error","unable_to_create_session"),e.redirect(T.toString())}throw e.redirect(d)}));import{z as pe}from"zod";var Qe=y("/sign-out",{method:"POST",body:pe.optional(pe.object({callbackURL:pe.string().optional()}))},e=>u(void 0,null,function*(){var n,o;let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return t?(yield e.context.internalAdapter.deleteSession(t),H(e),e.json(null,{body:{redirect:!!((n=e.body)!=null&&n.callbackURL),url:(o=e.body)==null?void 0:o.callbackURL}})):e.json(null)}));import{TimeSpan as dr}from"oslo";import{createJWT as cr,parseJWT as ur}from"oslo/jwt";import{validateJWT as Xe}from"oslo/jwt";import{z as L}from"zod";var Ye=y("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()})},e=>u(void 0,null,function*(){var s;if(!((s=e.context.options.emailAndPassword)!=null&&s.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:t}=e.body,n=yield e.context.internalAdapter.findUserByEmail(t);if(!n)return e.json({status:!1},{body:{status:!0}});let o=yield cr("HS256",Buffer.from(e.context.secret),{email:n.user.email,redirectTo:e.body.redirectTo},{expiresIn:new dr(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[n.user.email],includeIssuedTimestamp:!0}),r=`${e.context.baseURL}/reset-password/${o}`;return yield e.context.options.emailAndPassword.sendResetPassword(r,n.user),e.json({status:!0})})),et=y("/reset-password/:token",{method:"GET"},e=>u(void 0,null,function*(){var s;let{token:t}=e.params,n,o=L.object({email:L.string(),redirectTo:L.string()});try{if(n=yield Xe("HS256",Buffer.from(e.context.secret),t),!n.expiresAt||n.expiresAt<new Date)throw Error("Token expired")}catch(i){let a=ur(t),d=o.safeParse(a==null?void 0:a.payload);throw d.success?e.redirect(`${(s=d.data)==null?void 0:s.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:r}=o.parse(n.payload);throw e.redirect(`${r}?token=${t}`)})),tt=y("/reset-password",{method:"POST",query:L.object({currentURL:L.string()}).optional(),body:L.object({newPassword:L.string(),callbackURL:L.string().optional()})},e=>u(void 0,null,function*(){var o,r,s;let t=(o=e.query)==null?void 0:o.currentURL.split("?token=")[1];if(!t)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:n}=e.body;try{let i=yield Xe("HS256",Buffer.from(e.context.secret),t),a=L.string().email().parse(i.payload.email),d=yield e.context.internalAdapter.findUserByEmail(a);if(!d)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(n.length<(((r=e.context.options.emailAndPassword)==null?void 0:r.minPasswordLength)||8)||n.length>(((s=e.context.options.emailAndPassword)==null?void 0:s.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let l=yield e.context.password.hash(n);return(yield e.context.internalAdapter.updatePassword(d.user.id,l))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(i){return console.log(i),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as lr}from"oslo";import{createJWT as pr,validateJWT as mr}from"oslo/jwt";import{z as E}from"zod";function me(e,t){return u(this,null,function*(){return yield pr("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new lr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})})}var rt=y("/send-verification-email",{method:"POST",query:E.object({currentURL:E.string().optional()}).optional(),body:E.object({email:E.string().email(),callbackURL:E.string().optional()})},e=>u(void 0,null,function*(){var r,s;if(!((r=e.context.options.emailAndPassword)!=null&&r.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:t}=e.body,n=yield me(e.context.secret,t),o=`${e.context.baseURL}/verify-email?token=${n}&callbackURL=${e.body.callbackURL||((s=e.query)==null?void 0:s.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(t,o,n),e.json({status:!0})})),ot=y("/verify-email",{method:"GET",query:E.object({token:E.string(),callbackURL:E.string().optional()})},e=>u(void 0,null,function*(){let{token:t}=e.query,n;try{n=yield mr("HS256",Buffer.from(e.context.secret),t)}catch(a){return e.context.logger.error("Failed to verify email",a),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let r=E.object({email:E.string().email()}).parse(n.payload),s=yield e.context.internalAdapter.findUserByEmail(r.email);if(!s)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!s.accounts.find(a=>a.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(r.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as B}from"zod";import{alphabet as fr,generateRandomString as gr}from"oslo/crypto";import"better-call";var nt=y("/user/update",{method:"POST",body:B.object({name:B.string().optional(),image:B.string().optional()}),use:[$]},e=>u(void 0,null,function*(){let{name:t,image:n}=e.body,o=e.context.session;if(!n&&!t)return e.json(o.user);let r=yield e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:n});return e.json(r)})),st=y("/user/change-password",{method:"POST",body:B.object({newPassword:B.string(),currentPassword:B.string(),revokeOtherSessions:B.boolean().optional()}),use:[$]},e=>u(void 0,null,function*(){let{newPassword:t,currentPassword:n,revokeOtherSessions:o}=e.body,r=e.context.session,s=e.context.password.config.minPasswordLength;if(t.length<s)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let i=e.context.password.config.maxPasswordLength;if(t.length>i)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let d=(yield e.context.internalAdapter.findAccounts(r.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!d||!d.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let l=yield e.context.password.hash(t);if(!(yield e.context.password.verify(d.password,n)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(d.id,{password:l}),o){yield e.context.internalAdapter.deleteSessions(r.user.id);let p=yield e.context.internalAdapter.createSession(r.user.id,e.headers);if(!p)return e.json(null,{status:500,body:{message:"Failed to create session"}});yield _(e,p.id)}return e.json(r.user)})),it=y("/user/set-password",{method:"POST",body:B.object({newPassword:B.string()}),use:[$]},e=>u(void 0,null,function*(){let{newPassword:t}=e.body,n=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let r=e.context.password.config.maxPasswordLength;if(t.length>r)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let i=(yield e.context.internalAdapter.findAccounts(n.user.id)).find(d=>d.providerId==="credential"&&d.password),a=yield e.context.password.hash(t);return i?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:gr(32,fr("a-z","0-9","A-Z")),userId:n.user.id,providerId:"credential",accountId:n.user.id,password:a}),e.json(n.user))}));import{alphabet as hr,generateRandomString as yr}from"oslo/crypto";var at=y("/csrf",{method:"GET",metadata:D},e=>u(void 0,null,function*(){let t=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t)return{csrfToken:t};let n=yr(32,hr("a-z","0-9","A-Z")),o=yield J(e.context.secret,n),r=`${n}!${o}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,r,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:n}}));var br=(e="Unknown")=>`<!DOCTYPE html>
+var Ct=Object.defineProperty,_t=Object.defineProperties;var Bt=Object.getOwnPropertyDescriptors;var W=Object.getOwnPropertySymbols;var Te=Object.prototype.hasOwnProperty,xe=Object.prototype.propertyIsEnumerable;var Re=(e,t,n)=>t in e?Ct(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n,g=(e,t)=>{for(var n in t||(t={}))Te.call(t,n)&&Re(e,n,t[n]);if(W)for(var n of W(t))xe.call(t,n)&&Re(e,n,t[n]);return e},T=(e,t)=>_t(e,Bt(t));var J=(e,t)=>{var n={};for(var o in e)Te.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(e!=null&&W)for(var o of W(e))t.indexOf(o)<0&&xe.call(e,o)&&(n[o]=e[o]);return n};var c=(e,t,n)=>new Promise((o,r)=>{var s=d=>{try{a(n.next(d))}catch(p){r(p)}},i=d=>{try{a(n.throw(d))}catch(p){r(p)}},a=d=>d.done?o(d.value):Promise.resolve(d.value).then(s,i);a((n=n.apply(e,t)).next())});import{APIError as vr,createRouter as Ir}from"better-call";import{APIError as ve}from"better-call";import{z as Ie}from"zod";import{xchacha20poly1305 as Zr}from"@noble/ciphers/chacha";import{bytesToHex as Xr,hexToBytes as Yr,utf8ToBytes as eo}from"@noble/ciphers/utils";import{managedNonce as ro}from"@noble/ciphers/webcrypto";import{sha256 as no}from"@noble/hashes/sha256";function Z(e,t){return c(this,null,function*(){let n=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},r=yield crypto.subtle.importKey("raw",n.encode(e),o,!1,["sign","verify"]),s=yield crypto.subtle.sign(o.name,r,n.encode(t));return btoa(String.fromCharCode(...new Uint8Array(s)))})}import{createEndpointCreator as jt,createMiddleware as Ue,createMiddlewareCreator as qt}from"better-call";var Pe=Ue(()=>c(void 0,null,function*(){return{}})),Q=qt({use:[Pe,Ue(()=>c(void 0,null,function*(){return{}}))]}),A=jt({use:[Pe]});var Se=Q({body:Ie.object({csrfToken:Ie.string().optional()}).optional()},e=>c(void 0,null,function*(){var a,d,p,l;if(((a=e.request)==null?void 0:a.method)!=="POST"||(d=e.context.options.advanced)!=null&&d.disableCSRFCheck)return;let t=new URL(e.request.url);if(t.origin===new URL(e.context.baseURL).origin||(p=e.context.options.trustedOrigins)!=null&&p.includes(t.origin))return;let n=(l=e.body)==null?void 0:l.csrfToken,o=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[r,s]=(o==null?void 0:o.split("!"))||[null,null];if(!n||!o||!r||!s||o!==n)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new ve("UNAUTHORIZED",{message:"Invalid CSRF Token"});let i=yield Z(e.context.secret,r);if(s!==i)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new ve("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import{APIError as _}from"better-call";import{generateCodeVerifier as ir}from"oslo/oauth2";import{z as O}from"zod";import"arctic";import{parseJWT as Ft}from"oslo/jwt";import"@better-fetch/fetch";var S=class extends Error{constructor(t,n,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=n}};import{OAuth2Tokens as Nt}from"arctic";function Dt(e){try{return new URL(e).pathname!=="/"}catch(t){throw new S(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function se(e,t="/api/auth"){return Dt(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function X(e,t){if(e)return se(e,t);let n=(process==null?void 0:process.env)||{},o=n.BETTER_AUTH_URL||n.NEXT_PUBLIC_BETTER_AUTH_URL||n.PUBLIC_BETTER_AUTH_URL||n.NUXT_PUBLIC_BETTER_AUTH_URL||n.NUXT_PUBLIC_AUTH_URL||(n.BASE_URL!=="/"?n.BASE_URL:void 0);if(o)return se(o,t);if(typeof window!="undefined")return se(window.location.origin,t)}import{betterFetch as $t}from"@better-fetch/fetch";function x(e,t){return t||`${X()}/callback/${e}`}function U(s){return c(this,arguments,function*({code:e,codeVerifier:t,redirectURI:n,options:o,tokenEndpoint:r}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",n),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:a,error:d}=yield $t(r,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return new Nt(a)})}var Oe=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:o,scopes:r,redirectURI:s}){let i=r||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${s||e.redirectURI}&scope=${i.join(" ")}&state=${o}`)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("apple",e.redirectURI),options:e,tokenEndpoint:t})}),getUserInfo(o){return c(this,null,function*(){var s;let r=(s=Ft(o.idToken()))==null?void 0:s.payload;return r?{user:{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified==="true"},data:r}:null})}}};import{betterFetch as Vt}from"@better-fetch/fetch";import{Discord as zt}from"arctic";var Le=e=>{let t=new zt(e.clientId,e.clientSecret,x("discord",e.redirectURI));return{id:"discord",name:"Discord",createAuthorizationURL({state:o,scopes:r}){let s=r||["email"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("discord",e.redirectURI),options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"})}),getUserInfo(o){return c(this,null,function*(){let{data:r,error:s}=yield Vt("https://discord.com/api/users/@me",{auth:{type:"Bearer",token:o.accessToken()}});return s?null:{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified},data:r}})}}};import{betterFetch as Mt}from"@better-fetch/fetch";import{Facebook as Ht}from"arctic";var Ee=e=>{let t=new Ht(e.clientId,e.clientSecret,x("facebook",e.redirectURI));return{id:"facebook",name:"Facebook",createAuthorizationURL({state:o,scopes:r}){let s=r||["email","public_profile"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("facebook",e.redirectURI),options:e,tokenEndpoint:"https://graph.facebook.com/v16.0/oauth/access_token"})}),getUserInfo(o){return c(this,null,function*(){let{data:r,error:s}=yield Mt("https://graph.facebook.com/me",{auth:{type:"Bearer",token:o.accessToken()}});return s?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as Ce}from"@better-fetch/fetch";import{GitHub as Gt}from"arctic";var _e=({clientId:e,clientSecret:t,redirectURI:n})=>{let o=new Gt(e,t,x("github",n));return{id:"github",name:"Github",createAuthorizationURL({state:s,scopes:i}){let a=i||["user:email"];return o.createAuthorizationURL(s,a)},validateAuthorizationCode:s=>c(void 0,null,function*(){return yield o.validateAuthorizationCode(s)}),getUserInfo(s){return c(this,null,function*(){var p,l,u,m;let{data:i,error:a}=yield Ce("https://api.github.com/user",{auth:{type:"Bearer",token:s.accessToken()}});if(a)return null;let d=!1;if(!i.email){let{data:f,error:h}=yield Ce("https://api.github.com/user/emails",{auth:{type:"Bearer",token:s.accessToken()}});h||(i.email=(l=(p=f.find(y=>y.primary))!=null?p:f[0])==null?void 0:l.email,d=(m=(u=f.find(y=>y.email===i.email))==null?void 0:u.verified)!=null?m:!1)}return{user:{id:i.id,name:i.name,email:i.email,image:i.avatar_url,emailVerified:d,createdAt:new Date,updatedAt:new Date},data:i}})}}};import{Google as Wt}from"arctic";import{parseJWT as Jt}from"oslo/jwt";import{createConsola as Kt}from"consola";var N=Kt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ie=e=>({log:(...t)=>{!(e!=null&&e.disabled)&&N.log("",...t)},error:(...t)=>{!(e!=null&&e.disabled)&&N.error("",...t)},warn:(...t)=>{!(e!=null&&e.disabled)&&N.warn("",...t)},info:(...t)=>{!(e!=null&&e.disabled)&&N.info("",...t)},debug:(...t)=>{!(e!=null&&e.disabled)&&N.debug("",...t)},box:(...t)=>{!(e!=null&&e.disabled)&&N.box("",...t)},success:(...t)=>{!(e!=null&&e.disabled)&&N.success("",...t)},break:(...t)=>{!(e!=null&&e.disabled)&&console.log(`
+`)}}),P=ie();var Be=e=>{let t=new Wt(e.clientId,e.clientSecret,x("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:o,scopes:r,codeVerifier:s,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw P.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new S("CLIENT_ID_AND_SECRET_REQUIRED");if(!s)throw new S("codeVerifier is required for Google");let a=r||["email","profile"];return t.createAuthorizationURL(o,s,a)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(o){return c(this,null,function*(){var s;if(!o.idToken)return null;let r=(s=Jt(o.idToken()))==null?void 0:s.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}})}}};import{betterFetch as Zt}from"@better-fetch/fetch";import{Spotify as Qt}from"arctic";var je=e=>{let t=new Qt(e.clientId,e.clientSecret,x("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:o,scopes:r}){let s=r||["user-read-email"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(o){return c(this,null,function*(){var i;let{data:r,error:s}=yield Zt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return s?null:{user:{id:r.id,name:r.display_name,email:r.email,image:(i=r.images[0])==null?void 0:i.url,emailVerified:!1},data:r}})}}};import{betterFetch as Xt}from"@better-fetch/fetch";import{Twitch as Yt}from"arctic";var qe=e=>{let t=new Yt(e.clientId,e.clientSecret,x("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:o,scopes:r}){let s=r||["activity:write","read"];return t.createAuthorizationURL(o,s)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return c(this,null,function*(){let{data:r,error:s}=yield Xt("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return s?null:{user:{id:r.sub,name:r.preferred_username,email:r.email,image:r.picture,emailVerified:!1},data:r}})}}};import{betterFetch as er}from"@better-fetch/fetch";import{Twitter as tr}from"arctic";var De=e=>{let t=new tr(e.clientId,e.clientSecret,x("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(o){let r=o.scopes||["account_info.read"];return t.createAuthorizationURL(o.state,o.codeVerifier,r)},validateAuthorizationCode:(o,r,s)=>c(void 0,null,function*(){return U({code:o,codeVerifier:r,redirectURI:s||x("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(o){return c(this,null,function*(){let{data:r,error:s}=yield er("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken()}`}});return s||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}})}}};import"arctic";var ae={apple:Oe,discord:Le,facebook:Ee,github:_e,google:Be,spotify:je,twitch:qe,twitter:De},Ne=Object.keys(ae);import{generateState as rr}from"oslo/oauth2";import{z as M}from"zod";function $e(e,t,n){let o=rr();return{state:JSON.stringify({code:o,callbackURL:e,currentURL:t,dontRememberMe:n}),code:o}}function de(e){return M.object({code:M.string(),callbackURL:M.string().optional(),currentURL:M.string().optional(),dontRememberMe:M.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as nr}from"better-call";var H=(e,t=!1)=>{let n=new Date;return new Date(n.getTime()+(t?e*1e3:e))};import{TimeSpan as or}from"oslo";function Fe(e){var s;let n=!!((s=e.advanced)!=null&&s.useSecureCookies)||process.env.NODE_ENV!=="development"&&process.env.NODE_ENV!=="test"?"__Secure-":"",o="better-auth",r=new or(7,"d").seconds();return{sessionToken:{name:`${n}${o}.session_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:r}},csrfToken:{name:`${n?"__Host-":""}${o}.csrf_token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*60*24*7}},state:{name:`${n}${o}.state`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},pkCodeVerifier:{name:`${n}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}},dontRememberToken:{name:`${n}${o}.dont_remember`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n}},nonce:{name:`${n}${o}.nonce`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:!!n,maxAge:60*15}}}}function Ve(e){var s;let n=!!((s=e.advanced)!=null&&s.useSecureCookies)||process.env.NODE_ENV==="production"?"__Secure-":"",o="better-auth";function r(i,a){return{name:process.env.NODE_ENV==="production"?`${n}${o}.${i}`:`${o}.${i}`,options:g({secure:!!n,sameSite:"lax",path:"/",maxAge:60*15},a)}}return r}function E(e,t,n,o){return c(this,null,function*(){let r=e.context.authCookies.sessionToken.options;r.maxAge=n?void 0:r.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,r),n&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function G(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as ze}from"zod";function Y(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let n=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of n){let r=e.headers.get(o);if(typeof r=="string"){let s=r.split(",")[0].trim();if(s)return s}}return null}var ce=new Map;function sr(e,t){if(!e.request)return"";let{method:n,url:o,headers:r}=e.request,s=e.request.headers.get("User-Agent")||"",i=Y(e.request)||"",a=JSON.stringify(r);return`${n}:${o}:${a}:${s}:${i}:${t}`}var le=()=>A("/session",{method:"GET",requireHeaders:!0},e=>c(void 0,null,function*(){try{let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let n=sr(e,t),o=ce.get(n);if(o){if(o.expiresAt>Date.now())return e.json(o.data);ce.delete(n)}let r=yield e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return G(e),r&&(yield e.context.internalAdapter.deleteSession(r.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let i=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-i*1e3+a*1e3<=Date.now()){let l=yield e.context.internalAdapter.updateSession(r.session.id,{expiresAt:H(e.context.sessionConfig.expiresIn,!0)});if(!l)return G(e),e.json(null,{status:401});let u=(l.expiresAt.valueOf()-Date.now())/1e3;return yield E(e,l.id,!1,{maxAge:u}),e.json({session:l,user:r.user})}return ce.set(n,{data:r,expiresAt:Date.now()+5e3}),e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}})),ue=e=>c(void 0,null,function*(){return yield le()(T(g({},e),{_flag:void 0}))}),$=Q(e=>c(void 0,null,function*(){let t=yield ue(e);if(!(t!=null&&t.session))throw new nr("UNAUTHORIZED");return{session:t}})),Me=()=>A("/user/list-sessions",{method:"GET",use:[$],requireHeaders:!0},e=>c(void 0,null,function*(){let n=(yield e.context.adapter.findMany({model:e.context.tables.session.tableName,where:[{field:"userId",value:e.context.session.user.id}]})).filter(o=>o.expiresAt>new Date);return e.json(n)})),He=A("/user/revoke-session",{method:"POST",body:ze.object({id:ze.string()}),use:[$],requireHeaders:!0},e=>c(void 0,null,function*(){let t=e.body.id,n=yield e.context.internalAdapter.findSession(t);if(!n)return e.json(null,{status:400});if(n.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(t)}catch(o){return e.context.logger.error(o),e.json(null,{status:500})}return e.json({status:!0})})),Ge=A("/user/revoke-sessions",{method:"POST",use:[$],requireHeaders:!0},e=>c(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}return e.json({status:!0})}));var Ke=A("/sign-in/social",{method:"POST",requireHeaders:!0,query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({callbackURL:O.string().optional(),provider:O.enum(Ne),dontRememberMe:O.boolean().default(!1).optional()})},e=>c(void 0,null,function*(){var i,a,d,p;let t=e.context.socialProviders.find(l=>l.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new _("NOT_FOUND",{message:"Provider not found"});let n=e.context.authCookies,o=(i=e.query)!=null&&i.currentURL?new URL((a=e.query)==null?void 0:a.currentURL):null,r=(d=e.body.callbackURL)!=null&&d.startsWith("http")?e.body.callbackURL:`${o==null?void 0:o.origin}${e.body.callbackURL||""}`,s=$e(r||(o==null?void 0:o.origin)||e.context.baseURL,(p=e.query)==null?void 0:p.currentURL);try{yield e.setSignedCookie(n.state.name,s.code,e.context.secret,n.state.options);let l=ir();yield e.setSignedCookie(n.pkCodeVerifier.name,l,e.context.secret,n.pkCodeVerifier.options);let u=t.createAuthorizationURL({state:s.state,codeVerifier:l});return u.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:u.toString(),state:s.state,codeVerifier:l,redirect:!0}}catch(l){throw new _("INTERNAL_SERVER_ERROR")}})),We=A("/sign-in/email",{method:"POST",body:O.object({email:O.string().email(),password:O.string(),callbackURL:O.string().optional(),dontRememberMe:O.boolean().default(!1).optional()})},e=>c(void 0,null,function*(){var l,u;if(!((u=(l=e.context.options)==null?void 0:l.emailAndPassword)!=null&&u.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new _("BAD_REQUEST",{message:"Email and password is not enabled"});let t=yield ue(e);t&&(yield e.context.internalAdapter.deleteSession(t.session.id));let{email:n,password:o}=e.body;if(!O.string().email().safeParse(n).success)throw new _("BAD_REQUEST",{message:"Invalid email"});let s=yield e.context.internalAdapter.findUserByEmail(n);if(!s)throw yield e.context.password.hash(o),e.context.logger.error("User not found",{email:n}),new _("UNAUTHORIZED",{message:"Invalid email or password"});let i=s.accounts.find(m=>m.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:n}),new _("UNAUTHORIZED",{message:"Invalid email or password"});let a=i==null?void 0:i.password;if(!a)throw e.context.logger.error("Password not found",{email:n}),new _("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(a,o)))throw e.context.logger.error("Invalid password"),new _("UNAUTHORIZED",{message:"Invalid email or password"});let p=yield e.context.internalAdapter.createSession(s.user.id,e.headers,e.body.dontRememberMe);if(!p)throw e.context.logger.error("Failed to create session"),new _("INTERNAL_SERVER_ERROR");return yield E(e,p.id,e.body.dontRememberMe),e.json({user:s.user,session:p,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as cr}from"better-call";import{z as ee}from"zod";import{z as R}from"zod";var hs=R.object({id:R.string(),providerId:R.string(),accountId:R.string(),userId:R.string(),accessToken:R.string().nullable().optional(),refreshToken:R.string().nullable().optional(),idToken:R.string().nullable().optional(),expiresAt:R.date().nullable().optional(),password:R.string().optional().nullable()}),Je=R.object({id:R.string(),email:R.string().transform(e=>e.toLowerCase()),emailVerified:R.boolean().default(!1),name:R.string(),image:R.string().optional(),createdAt:R.date().default(new Date),updatedAt:R.date().default(new Date)}),ys=R.object({id:R.string(),userId:R.string(),expiresAt:R.date(),ipAddress:R.string().optional(),userAgent:R.string().optional()});import{alphabet as ar,generateRandomString as dr}from"oslo/crypto";var Ze=()=>dr(36,ar("a-z","0-9"));var q={isAction:!1};function pe(e){let t=e.accessToken(),n=e.hasRefreshToken()?e.refreshToken():void 0,o;try{o=e.accessTokenExpiresAt()}catch(r){}return{accessToken:t,refreshToken:n,expiresAt:o}}var Qe=A("/callback/:id",{method:"GET",query:ee.object({state:ee.string(),code:ee.string().optional(),error:ee.string().optional()}),metadata:q},e=>c(void 0,null,function*(){var h,y,b;if(e.query.error||!e.query.code){let k=((h=de(e.query.state).data)==null?void 0:h.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${k}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(w=>w.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let n=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),o;try{o=yield t.validateAuthorizationCode(e.query.code,n,`${e.context.baseURL}/callback/${t.id}`)}catch(w){throw e.context.logger.error(w),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let r=yield t.getUserInfo(o).then(w=>w==null?void 0:w.user),s=Ze(),i=Je.safeParse(T(g({},r),{id:s})),a=de(e.query.state);if(!a.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:d,currentURL:p,dontRememberMe:l}=a.data;if(!r||i.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!d)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let u=yield e.context.internalAdapter.findUserByEmail(r.email),m=u==null?void 0:u.user.id;if(u){let w=u.accounts.find(I=>I.providerId===t.id),k=(b=(y=e.context.options.account)==null?void 0:y.accountLinking)==null?void 0:b.trustedProviders,v=k?k.includes(t.id):!0;if(!w&&(!r.emailVerified||!v)){let I;try{I=new URL(p||d),I.searchParams.set("error","account_not_linked")}catch(ne){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(I.toString())}if(!w)try{yield e.context.internalAdapter.linkAccount(g({providerId:t.id,accountId:r.id,id:`${t.id}:${r.id}`,userId:u.user.id},pe(o)))}catch(I){throw console.log(I),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(i.data,T(g({},pe(o)),{id:`${t.id}:${r.id}`,providerId:t.id,accountId:r.id,userId:s}))}catch(w){let k=new URL(p||d);throw k.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",k.toString()),e.redirect(k.toString())}if(!m&&!s)throw new cr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let f=yield e.context.internalAdapter.createSession(m||s,e.request,l);if(!f){let w=new URL(p||d);throw w.searchParams.set("error","unable_to_create_session"),e.redirect(w.toString())}try{yield E(e,f.id,l)}catch(w){e.context.logger.error("Unable to set session cookie",w);let k=new URL(p||d);throw k.searchParams.set("error","unable_to_create_session"),e.redirect(k.toString())}throw e.redirect(d)}));import{z as me}from"zod";var Xe=A("/sign-out",{method:"POST",body:me.optional(me.object({callbackURL:me.string().optional()}))},e=>c(void 0,null,function*(){var n,o;let t=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return t?(yield e.context.internalAdapter.deleteSession(t),G(e),e.json(null,{body:{redirect:!!((n=e.body)!=null&&n.callbackURL),url:(o=e.body)==null?void 0:o.callbackURL}})):e.json(null)}));import{TimeSpan as lr}from"oslo";import{createJWT as ur,parseJWT as pr}from"oslo/jwt";import{validateJWT as Ye}from"oslo/jwt";import{z as L}from"zod";var et=A("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()})},e=>c(void 0,null,function*(){var s;if(!((s=e.context.options.emailAndPassword)!=null&&s.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:t}=e.body,n=yield e.context.internalAdapter.findUserByEmail(t);if(!n)return e.json({status:!1},{body:{status:!0}});let o=yield ur("HS256",Buffer.from(e.context.secret),{email:n.user.email,redirectTo:e.body.redirectTo},{expiresIn:new lr(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[n.user.email],includeIssuedTimestamp:!0}),r=`${e.context.baseURL}/reset-password/${o}`;return yield e.context.options.emailAndPassword.sendResetPassword(r,n.user),e.json({status:!0})})),tt=A("/reset-password/:token",{method:"GET"},e=>c(void 0,null,function*(){var s;let{token:t}=e.params,n,o=L.object({email:L.string(),redirectTo:L.string()});try{if(n=yield Ye("HS256",Buffer.from(e.context.secret),t),!n.expiresAt||n.expiresAt<new Date)throw Error("Token expired")}catch(i){let a=pr(t),d=o.safeParse(a==null?void 0:a.payload);throw d.success?e.redirect(`${(s=d.data)==null?void 0:s.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:r}=o.parse(n.payload);throw e.redirect(`${r}?token=${t}`)})),rt=A("/reset-password",{method:"POST",query:L.object({currentURL:L.string()}).optional(),body:L.object({newPassword:L.string(),callbackURL:L.string().optional()})},e=>c(void 0,null,function*(){var o,r,s;let t=(o=e.query)==null?void 0:o.currentURL.split("?token=")[1];if(!t)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:n}=e.body;try{let i=yield Ye("HS256",Buffer.from(e.context.secret),t),a=L.string().email().parse(i.payload.email),d=yield e.context.internalAdapter.findUserByEmail(a);if(!d)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(n.length<(((r=e.context.options.emailAndPassword)==null?void 0:r.minPasswordLength)||8)||n.length>(((s=e.context.options.emailAndPassword)==null?void 0:s.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let p=yield e.context.password.hash(n);return(yield e.context.internalAdapter.updatePassword(d.user.id,p))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(i){return console.log(i),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as mr}from"oslo";import{createJWT as fr,validateJWT as gr}from"oslo/jwt";import{z as C}from"zod";function fe(e,t){return c(this,null,function*(){return yield fr("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new mr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})})}var ot=A("/send-verification-email",{method:"POST",query:C.object({currentURL:C.string().optional()}).optional(),body:C.object({email:C.string().email(),callbackURL:C.string().optional()})},e=>c(void 0,null,function*(){var r,s;if(!((r=e.context.options.emailAndPassword)!=null&&r.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:t}=e.body,n=yield fe(e.context.secret,t),o=`${e.context.baseURL}/verify-email?token=${n}&callbackURL=${e.body.callbackURL||((s=e.query)==null?void 0:s.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(t,o,n),e.json({status:!0})})),nt=A("/verify-email",{method:"GET",query:C.object({token:C.string(),callbackURL:C.string().optional()})},e=>c(void 0,null,function*(){let{token:t}=e.query,n;try{n=yield gr("HS256",Buffer.from(e.context.secret),t)}catch(a){return e.context.logger.error("Failed to verify email",a),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let r=C.object({email:C.string().email()}).parse(n.payload),s=yield e.context.internalAdapter.findUserByEmail(r.email);if(!s)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!s.accounts.find(a=>a.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(r.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as B}from"zod";import{alphabet as hr,generateRandomString as yr}from"oslo/crypto";import"better-call";var st=A("/user/update",{method:"POST",body:B.object({name:B.string().optional(),image:B.string().optional()}),use:[$]},e=>c(void 0,null,function*(){let{name:t,image:n}=e.body,o=e.context.session;if(!n&&!t)return e.json(o.user);let r=yield e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:n});return e.json(r)})),it=A("/user/change-password",{method:"POST",body:B.object({newPassword:B.string(),currentPassword:B.string(),revokeOtherSessions:B.boolean().optional()}),use:[$]},e=>c(void 0,null,function*(){let{newPassword:t,currentPassword:n,revokeOtherSessions:o}=e.body,r=e.context.session,s=e.context.password.config.minPasswordLength;if(t.length<s)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let i=e.context.password.config.maxPasswordLength;if(t.length>i)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let d=(yield e.context.internalAdapter.findAccounts(r.user.id)).find(u=>u.providerId==="credential"&&u.password);if(!d||!d.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let p=yield e.context.password.hash(t);if(!(yield e.context.password.verify(d.password,n)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(d.id,{password:p}),o){yield e.context.internalAdapter.deleteSessions(r.user.id);let u=yield e.context.internalAdapter.createSession(r.user.id,e.headers);if(!u)return e.json(null,{status:500,body:{message:"Failed to create session"}});yield E(e,u.id)}return e.json(r.user)})),at=A("/user/set-password",{method:"POST",body:B.object({newPassword:B.string()}),use:[$]},e=>c(void 0,null,function*(){let{newPassword:t}=e.body,n=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let r=e.context.password.config.maxPasswordLength;if(t.length>r)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let i=(yield e.context.internalAdapter.findAccounts(n.user.id)).find(d=>d.providerId==="credential"&&d.password),a=yield e.context.password.hash(t);return i?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:yr(32,hr("a-z","0-9","A-Z")),userId:n.user.id,providerId:"credential",accountId:n.user.id,password:a}),e.json(n.user))}));import{alphabet as br,generateRandomString as wr}from"oslo/crypto";var dt=A("/csrf",{method:"GET",metadata:q},e=>c(void 0,null,function*(){let t=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t)return{csrfToken:t};let n=wr(32,br("a-z","0-9","A-Z")),o=yield Z(e.context.secret,n),r=`${n}!${o}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,r,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:n}}));var Ar=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -79,4 +79,6 @@ var Ot=Object.defineProperty,_t=Object.defineProperties;var Et=Object.getOwnProp
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,dt=y("/error",{method:"GET",metadata:D},e=>u(void 0,null,function*(){var n;let t=new URL(((n=e.request)==null?void 0:n.url)||"").searchParams.get("error")||"Unknown";return new Response(br(t),{headers:{"Content-Type":"text/html"}})}));var ct=y("/ok",{method:"GET",metadata:D},e=>u(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as ut,generateRandomString as lt}from"oslo/crypto";import{z as j}from"zod";var pt=y("/sign-up/email",{method:"POST",query:j.object({currentURL:j.string().optional()}).optional(),body:j.object({name:j.string(),email:j.string(),password:j.string(),image:j.string().optional(),callbackURL:j.string().optional()})},e=>u(void 0,null,function*(){var m,f,h,w;if(!((m=e.context.options.emailAndPassword)!=null&&m.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:t,email:n,password:o,image:r}=e.body;if(!j.string().email().safeParse(n).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let i=e.context.password.config.minPasswordLength;if(o.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(o.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let d=yield e.context.internalAdapter.findUserByEmail(n),l=yield e.context.password.hash(o);if(d!=null&&d.user)return e.json(null,{status:400,body:{message:"User already exists"}});let c=yield e.context.internalAdapter.createUser({id:lt(32,ut("a-z","0-9","A-Z")),email:n.toLowerCase(),name:t,image:r,emailVerified:!1,createdAt:new Date,updatedAt:new Date});if(!c)return e.json(null,{status:400,body:{message:"Could not create user"}});yield e.context.internalAdapter.linkAccount({id:lt(32,ut("a-z","0-9","A-Z")),userId:c.id,providerId:"credential",accountId:c.id,password:l});let p=yield e.context.internalAdapter.createSession(c.id,e.request);if(!p)return e.json(null,{status:400,body:{message:"Could not create session"}});if(yield _(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let U=yield me(e.context.secret,c.email),b=`${e.context.baseURL}/verify-email?token=${U}&callbackURL=${e.body.callbackURL||((f=e.query)==null?void 0:f.currentURL)||"/"}`;yield(w=(h=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:w.call(h,c.email,b,U)}return e.json({user:c,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:c,session:p}})}));import fe from"chalk";function wr(e,t,n){let o=Date.now(),r=t*1e3;return o-n.lastRequest<r&&n.count>=e}function Ar(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function kr(e,t){let n=Date.now(),o=t*1e3;return Math.ceil((e+o-n)/1e3)}function Rr(e,t){let n=t!=null?t:"rateLimit",o=e.adapter;return{get:r=>u(this,null,function*(){return yield o.findOne({model:n,where:[{field:"key",value:r}]})}),set:(r,s,i)=>u(this,null,function*(){try{i?yield o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:r}],update:{count:s.count,lastRequest:s.lastRequest}}):yield o.create({model:t!=null?t:"rateLimit",data:{key:r,count:s.count,lastRequest:s.lastRequest}})}catch(a){O.error("Error setting rate limit",a)}})}}var mt=new Map;function Tr(e){if(e.rateLimit.customStorage)return e.rateLimit.customStorage;if(e.rateLimit.storage==="memory"){let n;return{get(o){return u(this,null,function*(){return mt.get(o)})},set(o,r,s){return u(this,null,function*(){mt.set(o,r)})}}}return Rr(e,e.rateLimit.tableName)}function ft(e,t){return u(this,null,function*(){if(!t.rateLimit.enabled)return;let n=t.baseURL,o=e.url.replace(n,""),r=t.rateLimit.window,s=t.rateLimit.max,i=X(e)+o,d=Ur().find(m=>m.pathMatcher(o));d&&(r=d.window,s=d.max);for(let m of t.options.plugins||[])if(m.rateLimit){let f=m.rateLimit.find(h=>h.pathMatcher(o));if(f){r=f.window,s=f.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(r=m.window,s=m.max)}let l=Tr(t),c=yield l.get(i),p=Date.now();if(!c)yield l.set(i,{key:i,count:1,lastRequest:p});else{let m=p-c.lastRequest;if(wr(s,r,c)){let f=kr(c.lastRequest,r);return Ar(f)}else m>r*1e3?yield l.set(i,k(g({},c),{count:1,lastRequest:p})):yield l.set(i,k(g({},c),{count:c.count+1,lastRequest:p}))}})}function Ur(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}function ge(e,t){var a,d;let n=(a=e.options.plugins)==null?void 0:a.reduce((l,c)=>g(g({},l),c.endpoints),{}),o=((d=e.options.plugins)==null?void 0:d.map(l=>{var c;return(c=l.middlewares)==null?void 0:c.map(p=>{let m=f=>u(this,null,function*(){return p.middleware(k(g({},f),{context:g(g({},e),f.context)}))});return m.path=p.path,m.options=p.middleware.options,m.headers=p.middleware.headers,{path:p.path,middleware:m}})}).filter(l=>l!==void 0).flat())||[],r={signInOAuth:Ge,callbackOAuth:Ze,getCSRFToken:at,getSession:ce(),signOut:Qe,signUpEmail:pt,signInEmail:Ke,forgetPassword:Ye,resetPassword:tt,verifyEmail:ot,sendVerificationEmail:rt,changePassword:st,setPassword:it,updateUser:nt,forgetPasswordCallback:et,listSessions:ze(),revokeSession:Me,revokeSessions:He},s=k(g(g({},r),n),{ok:ct,error:dt}),i={};for(let[l,c]of Object.entries(s))i[l]=p=>u(this,null,function*(){var h;let f=yield c(k(g({},p),{context:g(g({},e),p.context)}));for(let w of e.options.plugins||[])if((h=w.hooks)!=null&&h.after){for(let U of w.hooks.after)if(U.matcher(p)){let T=Object.assign(p,{context:k(g({},e),{returned:f})}),P=yield U.handler(T);P&&"response"in P&&(f=P.response)}}return f}),i[l].path=c.path,i[l].method=c.method,i[l].options=c.options,i[l].headers=c.headers;return{api:i,middlewares:o}}var gt=(e,t)=>{let{api:n,middlewares:o}=ge(e,t),r=new URL(e.baseURL).pathname;return Pr(n,{extraContext:e,basePath:r,routerMiddleware:[{path:"/**",middleware:Ie},...o],onRequest(i){return u(this,null,function*(){for(let a of e.options.plugins||[])if(a.onRequest){let d=yield a.onRequest(i,e);if(d)return d}return ft(i,e)})},onResponse(i){return u(this,null,function*(){for(let a of e.options.plugins||[])if(a.onResponse){let d=yield a.onResponse(i,e);if(d)return d.response}return i})},onError(i){var d,l,c,p;let a=(d=t.logger)!=null&&d.verboseLogging?O:void 0;if(((l=t.logger)==null?void 0:l.disabled)!==!0)if(i instanceof xr)a==null||a.warn(i);else if(typeof i=="object"&&i!==null&&"message"in i){let m=i.message;if(!m||typeof m!="string"){a==null||a.error(i);return}m.includes("no such table")?(c=O)==null||c.error(`Please run ${fe.green("npx better-auth migrate")} to create the tables. There are missing tables in your SQLite database.`):m.includes("relation")&&m.includes("does not exist")?O.error(`Please run ${fe.green("npx better-auth migrate")} to create the tables. There are missing tables in your PostgreSQL database.`):m.includes("Table")&&m.includes("doesn't exist")?(p=O)==null||p.error(`Please run ${fe.green("npx better-auth migrate")} to create the tables. There are missing tables in your MySQL database.`):a==null||a.error(i)}else a==null||a.error(i)}})};var N=e=>{var d,l,c,m,f,h;let t=(d=e.plugins)==null?void 0:d.reduce((w,U)=>{var T;let b=U.schema;if(!b)return w;for(let[P,v]of Object.entries(b))w[P]={fields:g(g({},(T=w[P])==null?void 0:T.fields),v.fields),tableName:P};return w},{}),n=((l=e.rateLimit)==null?void 0:l.storage)==="database",o={rateLimit:{tableName:((c=e.rateLimit)==null?void 0:c.tableName)||"rateLimit",fields:{key:{type:"string"},count:{type:"number"},lastRequest:{type:"number"}}}},p=t||{},{user:r,session:s,account:i}=p,a=W(p,["user","session","account"]);return g(g({user:{tableName:((m=e.user)==null?void 0:m.modelName)||"user",fields:g({name:{type:"string"},email:{type:"string"},emailVerified:{type:"boolean",defaultValue:()=>!1},image:{type:"string",required:!1},createdAt:{type:"date",defaultValue:()=>new Date},updatedAt:{type:"date",defaultValue:()=>new Date}},r==null?void 0:r.fields),order:0},session:{tableName:((f=e.session)==null?void 0:f.modelName)||"session",fields:g({expiresAt:{type:"date"},ipAddress:{type:"string",required:!1},userAgent:{type:"string",required:!1},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"}}},s==null?void 0:s.fields),order:1},account:{tableName:((h=e.account)==null?void 0:h.modelName)||"account",fields:g({accountId:{type:"string"},providerId:{type:"string"},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"}},accessToken:{type:"string",required:!1},refreshToken:{type:"string",required:!1},idToken:{type:"string",required:!1},expiresAt:{type:"date",required:!1},password:{type:"string",required:!1}},i==null?void 0:i.fields),order:2}},a),n?o:{})};import vr from"better-sqlite3";import{Kysely as Ir}from"kysely";import{MysqlDialect as yt,PostgresDialect as bt,SqliteDialect as wt}from"kysely";import{createPool as Sr}from"mysql2";import Lr from"pg";var{Pool:Or}=Lr;function ee(e){if(!e)return{and:null,or:null};let t=e==null?void 0:e.filter(o=>o.connector==="AND"||!o.connector).reduce((o,r)=>k(g({},o),{[r.field]:r.value}),{}),n=e==null?void 0:e.filter(o=>o.connector==="OR").reduce((o,r)=>k(g({},o),{[r.field]:r.value}),{});return{and:Object.keys(t).length?t:null,or:Object.keys(n).length?n:null}}function te(e,t,n){var o,r,s;for(let i in e)e[i]===0&&((o=t[i])==null?void 0:o.type)==="boolean"&&(n!=null&&n.boolean)&&(e[i]=!1),e[i]===1&&((r=t[i])==null?void 0:r.type)==="boolean"&&(n!=null&&n.boolean)&&(e[i]=!0),((s=t[i])==null?void 0:s.type)==="date"&&(e[i]instanceof Date||(e[i]=new Date(e[i])));return e}function ht(e,t){for(let n in e)typeof e[n]=="boolean"&&(t!=null&&t.boolean)&&(e[n]=e[n]?1:0),e[n]instanceof Date&&(e[n]=e[n].toISOString());return e}var At=(e,t)=>({create(o){return u(this,null,function*(){let{model:r,data:s,select:i}=o;t!=null&&t.transform&&(s=ht(s,t.transform));let a=yield e.insertInto(r).values(s).returningAll().executeTakeFirst();if(t!=null&&t.transform){let d=t.transform.schema[r];a=d?te(s,d,t.transform):a}return i!=null&&i.length&&(a=a?i.reduce((l,c)=>a!=null&&a[c]?k(g({},l),{[c]:a[c]}):l,{}):null),a})},findOne(o){return u(this,null,function*(){let{model:r,where:s,select:i}=o,{and:a,or:d}=ee(s),l=e.selectFrom(r).selectAll();d&&(l=l.where(p=>p.or(d))),a&&(l=l.where(p=>p.and(a)));let c=yield l.executeTakeFirst();if(i!=null&&i.length&&(c=c?i.reduce((m,f)=>c!=null&&c[f]?k(g({},m),{[f]:c[f]}):m,{}):null),t!=null&&t.transform){let p=t.transform.schema[r];return c=c&&p?te(c,p,t.transform):c,c||null}return c||null})},findMany(o){return u(this,null,function*(){let{model:r,where:s}=o,i=e.selectFrom(r),{and:a,or:d}=ee(s);a&&(i=i.where(c=>c.and(a))),d&&(i=i.where(c=>c.or(d)));let l=yield i.selectAll().execute();if(t!=null&&t.transform){let c=t.transform.schema[r];return c?l.map(p=>te(p,c,t.transform)):l}return l})},update(o){return u(this,null,function*(){let{model:r,where:s,update:i}=o,{and:a,or:d}=ee(s);t!=null&&t.transform&&(i=ht(i,t.transform));let l=e.updateTable(r).set(i);a&&(l=l.where(p=>p.and(a))),d&&(l=l.where(p=>p.or(d)));let c=(yield l.returningAll().executeTakeFirst())||null;if(t!=null&&t.transform){let p=t.transform.schema[r];return p?te(c,p,t.transform):c}return c})},delete(o){return u(this,null,function*(){let{model:r,where:s}=o,{and:i,or:a}=ee(s),d=e.deleteFrom(r);i&&(d=d.where(l=>l.and(i))),a&&(d=d.where(l=>l.or(a))),yield d.execute()})}}),_r=e=>{var n,o;if(!e.database)return;if("createDriver"in e.database)return e.database;let t;if("provider"in e.database){let r=e.database.provider,s=(o=(n=e.database)==null?void 0:n.url)==null?void 0:o.trim();if(r==="postgres"&&(t=new bt({pool:new Or({connectionString:s})})),r==="mysql")try{let i=new URL(s),a=Sr({host:i.hostname,user:i.username,password:i.password,database:i.pathname.split("/")[1],port:Number(i.port)});t=new yt({pool:a})}catch(i){if(i instanceof TypeError)throw new I("Invalid database URL")}if(r==="sqlite"){let i=new vr(s);t=new wt({database:i})}}return t},re=e=>{let t=_r(e);return t&&new Ir({dialect:t})},kt=e=>{if("provider"in e.database)return e.database.provider;if("dialect"in e.database){if(e.database.dialect instanceof bt)return"postgres";if(e.database.dialect instanceof yt)return"mysql";if(e.database.dialect instanceof wt)return"sqlite"}return"sqlite"};function Rt(e){if(!e.database)throw new I("Database configuration is required");if("create"in e.database)return e.database;let t=re(e);if(!t)throw new I("Failed to initialize database adapter");let n=N(e),o={};for(let r of Object.values(n))o[r.tableName]=r.fields;return At(t,{transform:{schema:o,date:!0,boolean:kt(e)==="sqlite"}})}import{scrypt as Er}from"node:crypto";import{decodeHex as Cr,encodeHex as Tt}from"oslo/encoding";import{constantTimeEqual as Br}from"oslo/crypto";var F={N:16384,r:16,p:1,dkLen:64};function Ut(e,t){return u(this,null,function*(){return yield new Promise((n,o)=>{Er(e.normalize("NFKC"),t,F.dkLen,{N:F.N,p:F.p,r:F.r,maxmem:128*F.N*F.r*2},(r,s)=>r?o(r):n(s))})})}var xt=e=>u(void 0,null,function*(){let t=Tt(crypto.getRandomValues(new Uint8Array(16))),n=yield Ut(e,t);return`${t}:${Tt(n)}`}),Pt=(e,t)=>u(void 0,null,function*(){let[n,o]=e.split(":"),r=yield Ut(t,n);return Br(r,Cr(o))});import{alphabet as jr,generateRandomString as Dr}from"oslo/crypto";var vt=(e,t)=>{var i;let n=((i=t.session)==null?void 0:i.expiresIn)||604800,o=N(t),r=t.databaseHooks;function s(a,d){return u(this,null,function*(){var p,m,f,h;let l=a;if((m=(p=r==null?void 0:r[d])==null?void 0:p.create)!=null&&m.before){let w=yield r[d].create.before(a);if(w===!1)return null;l=typeof w=="object"?w.data:w}let c=yield e.create({model:d,data:a});return(h=(f=r==null?void 0:r[d])==null?void 0:f.create)!=null&&h.after&&c&&(yield r[d].create.after(c)),c})}return{createOAuthUser:(a,d)=>u(void 0,null,function*(){try{let l=yield s(a,"user"),c=yield s(d,"account");return{user:l,account:c}}catch(l){return console.log(l),null}}),createUser:a=>u(void 0,null,function*(){return yield s(a,"user")}),createSession:(a,d,l)=>u(void 0,null,function*(){let c=d instanceof Request?d.headers:d,p={id:Dr(32,jr("a-z","0-9","A-Z")),userId:a,expiresAt:l?M(1e3*60*60*24):M(n,!0),ipAddress:(c==null?void 0:c.get("x-forwarded-for"))||"",userAgent:(c==null?void 0:c.get("user-agent"))||""};return yield s(p,"session")}),findSession:a=>u(void 0,null,function*(){let d=yield e.findOne({model:o.session.tableName,where:[{value:a,field:"id"}]});if(!d)return null;let l=yield e.findOne({model:o.user.tableName,where:[{value:d.userId,field:"id"}]});return l?{session:d,user:l}:null}),updateSession:(a,d)=>u(void 0,null,function*(){var c,p,m,f;if((p=(c=r==null?void 0:r.session)==null?void 0:c.update)!=null&&p.before){let h=yield r.session.update.before(d);if(h===!1)return null;d=typeof h=="object"?h.data:h}let l=yield e.update({model:o.session.tableName,where:[{field:"id",value:a}],update:d});return(f=(m=r==null?void 0:r.session)==null?void 0:m.update)!=null&&f.after&&l&&(yield r.session.update.after(l)),l}),deleteSession:a=>u(void 0,null,function*(){return yield e.delete({model:o.session.tableName,where:[{field:"id",value:a}]})}),deleteSessions:a=>u(void 0,null,function*(){return yield e.delete({model:o.session.tableName,where:[{field:"userId",value:a}]})}),findUserByEmail:a=>u(void 0,null,function*(){let d=yield e.findOne({model:o.user.tableName,where:[{value:a.toLowerCase(),field:"email"}]});if(!d)return null;let l=yield e.findMany({model:o.account.tableName,where:[{value:d.id,field:"userId"}]});return{user:d,accounts:l}}),findUserById:a=>u(void 0,null,function*(){return yield e.findOne({model:o.user.tableName,where:[{field:"id",value:a}]})}),linkAccount:a=>u(void 0,null,function*(){return yield s(a,"account")}),updateUserByEmail:(a,d)=>u(void 0,null,function*(){var c,p,m,f;if((p=(c=r==null?void 0:r.user)==null?void 0:c.update)!=null&&p.before){let h=yield r.user.update.before(d);if(h===!1)return null;d=typeof h=="object"?h.data:h}let l=yield e.update({model:o.user.tableName,where:[{value:a,field:"email"}],update:d});return(f=(m=r==null?void 0:r.user)==null?void 0:m.update)!=null&&f.after&&l&&(yield r.user.update.after(l)),l}),updatePassword:(a,d)=>u(void 0,null,function*(){return yield e.update({model:o.account.tableName,where:[{value:a,field:"userId"},{field:"providerId",value:"credential"}],update:{password:d}})}),findAccounts:a=>u(void 0,null,function*(){return yield e.findMany({model:o.account.tableName,where:[{field:"userId",value:a}]})}),updateAccount:(a,d)=>u(void 0,null,function*(){var c,p,m,f;if((p=(c=r==null?void 0:r.account)==null?void 0:c.update)!=null&&p.before){let h=yield r.account.update.before(d);if(h===!1)return null;d=typeof h=="object"?h.data:h}let l=yield e.update({model:o.account.tableName,where:[{field:"id",value:a}],update:d});return(f=(m=r==null?void 0:r.account)==null?void 0:m.update)!=null&&f.after&&l&&(yield r.account.update.after(l)),l})}};var It="better-auth-secret-123456789";var St=e=>({id:"cross-subdomain-cookies",onResponse(n,o){return u(this,null,function*(){let r=n.headers.get("set-cookie");if(!r)return;let s=o.baseURL,i=r.split(";"),a=(e==null?void 0:e.domainName)||new URL(s).hostname,d=o.authCookies,l=[d.sessionToken.name,d.csrfToken.name,d.dontRememberToken.name];if(!l.some(p=>r.includes(p)))return;let c=i.map(p=>{if(!l.some(f=>p.toLowerCase().includes(f.toLowerCase())))return p;let m=p.trim();return m.toLowerCase().startsWith("domain=")?`Domain=${a}`:m.toLowerCase().includes("domain=")?m:`${m}; Domain=${a}`}).filter((p,m,f)=>m===f.findIndex(h=>h.split(";")[0]===p.split(";")[0])).join("; ");return n.headers.set("set-cookie",c),{response:n}})}});var Lt=e=>{var m,f,h,w,U,b,T,P,v,oe,he,ye,be,we;let{options:t,context:n}=qr(e),o=t.plugins||[],r=$r(t),s=Rt(t),i=re(t),a=Q(t.baseURL,t.basePath)||"",d=t.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||It,l=Ne(t),c=N(t),p=Object.keys(t.socialProviders||{}).map(V=>{var Ae;let G=(Ae=t.socialProviders)==null?void 0:Ae[V];return G.enabled===!1?null:((!G.clientId||!G.clientSecret)&&O.warn(`Social provider ${V} is missing clientId or clientSecret`),ie[V](G))}).filter(V=>V!==null);return g({appName:t.appName||"Better Auth",socialProviders:p,options:k(g({},t),{baseURL:a?new URL(a).origin:"",basePath:t.basePath||"/api/auth",plugins:o.concat(r)}),tables:c,baseURL:a,sessionConfig:{updateAge:((m=t.session)==null?void 0:m.updateAge)||24*60*60,expiresIn:((f=t.session)==null?void 0:f.expiresIn)||60*60*24*7},secret:d,rateLimit:k(g({},t.rateLimit),{enabled:(w=(h=t.rateLimit)==null?void 0:h.enabled)!=null?w:process.env.NODE_ENV!=="development",window:((U=t.rateLimit)==null?void 0:U.window)||60,max:((b=t.rateLimit)==null?void 0:b.max)||100,storage:((T=t.rateLimit)==null?void 0:T.storage)||"memory"}),authCookies:l,logger:se({disabled:((P=t.logger)==null?void 0:P.disabled)||!1}),db:i,password:{hash:((oe=(v=t.emailAndPassword)==null?void 0:v.password)==null?void 0:oe.hash)||xt,verify:((ye=(he=t.emailAndPassword)==null?void 0:he.password)==null?void 0:ye.verify)||Pt,config:{minPasswordLength:((be=t.emailAndPassword)==null?void 0:be.minPasswordLength)||8,maxPasswordLength:((we=t.emailAndPassword)==null?void 0:we.maxPasswordLength)||128}},adapter:s,internalAdapter:vt(s,t),createAuthCookie:Fe(t)},n)};function qr(e){let t=e.plugins||[],n={};for(let i of t)if(i.init){let a=i.init(e);typeof a=="object"&&(a.options&&(e=g(g({},e),a.options)),n=g({},a))}let s=n,{options:o}=s,r=W(s,["options"]);return{options:e,context:r}}function $r(e){var n,o;let t=[];return(o=(n=e.advanced)==null?void 0:n.crossSubDomainCookies)!=null&&o.enabled&&t.push(St({eligibleCookies:e.advanced.crossSubDomainCookies.eligibleCookies})),t}var Td=e=>{let t=Lt(e),{api:n}=ge(t,e);return{handler:o=>u(void 0,null,function*(){let r=t.options.basePath,s=new URL(o.url);if(!t.options.baseURL){let a=`${s.origin}/api/auth`;t.options.baseURL=a,t.baseURL=a}if(!t.options.baseURL)return new Response("Base URL not set",{status:400});if(s.pathname===r||s.pathname===`${r}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:i}=gt(t,e);return i(o)}),api:n,options:t.options,$Infer:{}}};export{Td as betterAuth};
+</html>`,ct=A("/error",{method:"GET",metadata:q},e=>c(void 0,null,function*(){var n;let t=new URL(((n=e.request)==null?void 0:n.url)||"").searchParams.get("error")||"Unknown";return new Response(Ar(t),{headers:{"Content-Type":"text/html"}})}));var lt=A("/ok",{method:"GET",metadata:q},e=>c(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as ut,generateRandomString as pt}from"oslo/crypto";import{z as j}from"zod";var mt=A("/sign-up/email",{method:"POST",query:j.object({currentURL:j.string().optional()}).optional(),body:j.object({name:j.string(),email:j.string(),password:j.string(),image:j.string().optional(),callbackURL:j.string().optional()})},e=>c(void 0,null,function*(){var m,f,h,y;if(!((m=e.context.options.emailAndPassword)!=null&&m.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:t,email:n,password:o,image:r}=e.body;if(!j.string().email().safeParse(n).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let i=e.context.password.config.minPasswordLength;if(o.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(o.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let d=yield e.context.internalAdapter.findUserByEmail(n),p=yield e.context.password.hash(o);if(d!=null&&d.user)return e.json(null,{status:400,body:{message:"User already exists"}});let l=yield e.context.internalAdapter.createUser({id:pt(32,ut("a-z","0-9","A-Z")),email:n.toLowerCase(),name:t,image:r,emailVerified:!1,createdAt:new Date,updatedAt:new Date});if(!l)return e.json(null,{status:400,body:{message:"Could not create user"}});yield e.context.internalAdapter.linkAccount({id:pt(32,ut("a-z","0-9","A-Z")),userId:l.id,providerId:"credential",accountId:l.id,password:p});let u=yield e.context.internalAdapter.createSession(l.id,e.request);if(!u)return e.json(null,{status:400,body:{message:"Could not create session"}});if(yield E(e,u.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let b=yield fe(e.context.secret,l.email),w=`${e.context.baseURL}/verify-email?token=${b}&callbackURL=${e.body.callbackURL||((f=e.query)==null?void 0:f.currentURL)||"/"}`;yield(y=(h=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:y.call(h,l.email,w,b)}return e.json({user:l,session:u},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:l,session:u}})}));import ge from"chalk";function kr(e,t,n){let o=Date.now(),r=t*1e3;return o-n.lastRequest<r&&n.count>=e}function Rr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Tr(e,t){let n=Date.now(),o=t*1e3;return Math.ceil((e+o-n)/1e3)}function xr(e,t){let n=t!=null?t:"rateLimit",o=e.adapter;return{get:r=>c(this,null,function*(){return yield o.findOne({model:n,where:[{field:"key",value:r}]})}),set:(r,s,i)=>c(this,null,function*(){try{i?yield o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:r}],update:{count:s.count,lastRequest:s.lastRequest}}):yield o.create({model:t!=null?t:"rateLimit",data:{key:r,count:s.count,lastRequest:s.lastRequest}})}catch(a){P.error("Error setting rate limit",a)}})}}var ft=new Map;function Ur(e){if(e.rateLimit.customStorage)return e.rateLimit.customStorage;if(e.rateLimit.storage==="memory"){let n;return{get(o){return c(this,null,function*(){return ft.get(o)})},set(o,r,s){return c(this,null,function*(){ft.set(o,r)})}}}return xr(e,e.rateLimit.tableName)}function gt(e,t){return c(this,null,function*(){if(!t.rateLimit.enabled)return;let n=t.baseURL,o=e.url.replace(n,""),r=t.rateLimit.window,s=t.rateLimit.max,i=Y(e)+o,d=Pr().find(m=>m.pathMatcher(o));d&&(r=d.window,s=d.max);for(let m of t.options.plugins||[])if(m.rateLimit){let f=m.rateLimit.find(h=>h.pathMatcher(o));if(f){r=f.window,s=f.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(r=m.window,s=m.max)}let p=Ur(t),l=yield p.get(i),u=Date.now();if(!l)yield p.set(i,{key:i,count:1,lastRequest:u});else{let m=u-l.lastRequest;if(kr(s,r,l)){let f=Tr(l.lastRequest,r);return Rr(f)}else m>r*1e3?yield p.set(i,T(g({},l),{count:1,lastRequest:u})):yield p.set(i,T(g({},l),{count:l.count+1,lastRequest:u}))}})}function Pr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}function he(e,t){var a,d;let n=(a=e.options.plugins)==null?void 0:a.reduce((p,l)=>g(g({},p),l.endpoints),{}),o=((d=e.options.plugins)==null?void 0:d.map(p=>{var l;return(l=p.middlewares)==null?void 0:l.map(u=>{let m=f=>c(this,null,function*(){return u.middleware(T(g({},f),{context:g(g({},e),f.context)}))});return m.path=u.path,m.options=u.middleware.options,m.headers=u.middleware.headers,{path:u.path,middleware:m}})}).filter(p=>p!==void 0).flat())||[],r={signInOAuth:Ke,callbackOAuth:Qe,getCSRFToken:dt,getSession:le(),signOut:Xe,signUpEmail:mt,signInEmail:We,forgetPassword:et,resetPassword:rt,verifyEmail:nt,sendVerificationEmail:ot,changePassword:it,setPassword:at,updateUser:st,forgetPasswordCallback:tt,listSessions:Me(),revokeSession:He,revokeSessions:Ge},s=T(g(g({},r),n),{ok:lt,error:ct}),i={};for(let[p,l]of Object.entries(s))i[p]=u=>c(this,null,function*(){var h;let f=yield l(T(g({},u),{context:g(g({},e),u.context)}));for(let y of e.options.plugins||[])if((h=y.hooks)!=null&&h.after){for(let b of y.hooks.after)if(b.matcher(u)){let k=Object.assign(u,{context:T(g({},e),{returned:f})}),v=yield b.handler(k);v&&"response"in v&&(f=v.response)}}return f}),i[p].path=l.path,i[p].method=l.method,i[p].options=l.options,i[p].headers=l.headers;return{api:i,middlewares:o}}var ht=(e,t)=>{let{api:n,middlewares:o}=he(e,t),r=new URL(e.baseURL).pathname;return Ir(n,{extraContext:e,basePath:r,routerMiddleware:[{path:"/**",middleware:Se},...o],onRequest(i){return c(this,null,function*(){for(let a of e.options.plugins||[])if(a.onRequest){let d=yield a.onRequest(i,e);if(d)return d}return gt(i,e)})},onResponse(i){return c(this,null,function*(){for(let a of e.options.plugins||[])if(a.onResponse){let d=yield a.onResponse(i,e);if(d)return d.response}return i})},onError(i){var d,p,l,u;let a=(d=t.logger)!=null&&d.verboseLogging?P:void 0;if(((p=t.logger)==null?void 0:p.disabled)!==!0)if(i instanceof vr)a==null||a.warn(i);else if(typeof i=="object"&&i!==null&&"message"in i){let m=i.message;if(!m||typeof m!="string"){a==null||a.error(i);return}m.includes("no such table")?(l=P)==null||l.error(`Please run ${ge.green("npx better-auth migrate")} to create the tables. There are missing tables in your SQLite database.`):m.includes("relation")&&m.includes("does not exist")?P.error(`Please run ${ge.green("npx better-auth migrate")} to create the tables. There are missing tables in your PostgreSQL database.`):m.includes("Table")&&m.includes("doesn't exist")?(u=P)==null||u.error(`Please run ${ge.green("npx better-auth migrate")} to create the tables. There are missing tables in your MySQL database.`):a==null||a.error(i)}else a==null||a.error(i)}})};var D=e=>{var d,p,l,m,f,h;let t=(d=e.plugins)==null?void 0:d.reduce((y,b)=>{var k;let w=b.schema;if(!w)return y;for(let[v,I]of Object.entries(w))y[v]={fields:g(g({},(k=y[v])==null?void 0:k.fields),I.fields),tableName:v};return y},{}),n=((p=e.rateLimit)==null?void 0:p.storage)==="database",o={rateLimit:{tableName:((l=e.rateLimit)==null?void 0:l.tableName)||"rateLimit",fields:{key:{type:"string"},count:{type:"number"},lastRequest:{type:"number"}}}},u=t||{},{user:r,session:s,account:i}=u,a=J(u,["user","session","account"]);return g(g({user:{tableName:((m=e.user)==null?void 0:m.modelName)||"user",fields:g({name:{type:"string",required:!0},email:{type:"string",unique:!0,required:!0},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0},image:{type:"string",required:!1},createdAt:{type:"date",defaultValue:()=>new Date,required:!0},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0}},r==null?void 0:r.fields),order:0},session:{tableName:((f=e.session)==null?void 0:f.modelName)||"session",fields:g({expiresAt:{type:"date",required:!0},ipAddress:{type:"string",required:!1},userAgent:{type:"string",required:!1},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"},required:!0}},s==null?void 0:s.fields),order:1},account:{tableName:((h=e.account)==null?void 0:h.modelName)||"account",fields:g({accountId:{type:"string",required:!0},providerId:{type:"string",required:!0},userId:{type:"string",references:{model:"user",field:"id",onDelete:"cascade"},required:!0},accessToken:{type:"string",required:!1},refreshToken:{type:"string",required:!1},idToken:{type:"string",required:!1},expiresAt:{type:"date",required:!1},password:{type:"string",required:!1}},i==null?void 0:i.fields),order:2}},a),n?o:{})};import Sr from"better-sqlite3";import{Kysely as Or}from"kysely";import{MysqlDialect as yt,PostgresDialect as bt,SqliteDialect as wt}from"kysely";import{createPool as Lr}from"mysql2";import Er from"pg";var{Pool:Cr}=Er,_r=e=>{var n,o;if(!e.database)return;if("createDriver"in e.database)return e.database;let t;if("provider"in e.database){let r=e.database.provider,s=(o=(n=e.database)==null?void 0:n.url)==null?void 0:o.trim();if(r==="postgres"&&(t=new bt({pool:new Cr({connectionString:s})})),r==="mysql")try{let i=new URL(s),a=Lr({host:i.hostname,user:i.username,password:i.password,database:i.pathname.split("/")[1],port:Number(i.port)});t=new yt({pool:a})}catch(i){if(i instanceof TypeError)throw new S("Invalid database URL")}if(r==="sqlite"){let i=new Sr(s);t=new wt({database:i})}}return t},F=e=>{let t=_r(e);return t&&new Or({dialect:t})},te=e=>{if("provider"in e.database)return e.database.provider;if("dialect"in e.database){if(e.database.dialect instanceof bt)return"postgres";if(e.database.dialect instanceof yt)return"mysql";if(e.database.dialect instanceof wt)return"sqlite"}return"sqlite"};import"kysely";function Br(e){var n;return((n=e.plugins)==null?void 0:n.flatMap(o=>Object.keys(o.schema||{}).map(r=>{let i=(o.schema||{})[r];if(!(i!=null&&i.disableMigration))return{tableName:r,fields:i==null?void 0:i.fields}}).filter(r=>r!==void 0)))||[]}function At(e){let t=D(e),n=Br(e);return[t.user,t.session,t.account,...n].reduce((r,s)=>{var i;return r[s.tableName]={fields:g(g({},(i=r[s.tableName])==null?void 0:i.fields),s.fields)},r},{})}var jr={string:["character varying","text"],number:["int4","integer","bigint","smallint","numeric","real","double precision"],boolean:["bool","boolean"],date:["timestamp","date"]},qr={string:["varchar","text"],number:["integer","int","bigint","smallint","decimal","float","double"],boolean:["boolean"],date:["date","datetime"]},Dr={string:["TEXT"],number:["INTEGER","REAL"],boolean:["INTEGER","BOOLEAN"],date:["DATE","INTEGER"]},Nr={postgres:jr,mysql:qr,sqlite:Dr};function $r(e,t,n){return Nr[n][t].map(i=>i.toLowerCase()).includes(e.toLowerCase())}function kt(e){return c(this,null,function*(){let t=At(e),n=te(e),o=F(e);o||(P.error("Invalid database configuration."),process.exit(1));let r=yield o.introspection.getTables(),s=[],i=[];for(let[u,m]of Object.entries(t)){let f=r.find(y=>y.name===u);if(!f){let y=s.findIndex(k=>k.table===u),b={table:u,fields:m.fields,order:m.order||1/0},w=s.findIndex(k=>(k.order||1/0)>b.order);w===-1?y===-1?s.push(b):s[y].fields=g(g({},s[y].fields),m.fields):s.splice(w,0,b);continue}let h={};for(let[y,b]of Object.entries(m.fields)){let w=f.columns.find(k=>k.name===y);if(!w){h[y]=b;continue}$r(w.dataType,b.type,n)||P.warn(`Field ${y} in table ${u} has a different type in the database. Expected ${b.type} but got ${w.dataType}.`)}Object.keys(h).length>0&&i.push({table:u,fields:h,order:m.order||1/0})}let a=[];function d(u){let m={string:"text",boolean:"boolean",number:"integer",date:"date"};return n==="mysql"&&u==="string"?"varchar(255)":m[u]}if(i.length)for(let u of i)for(let[m,f]of Object.entries(u.fields)){let h=d(f.type),y=o.schema.alterTable(u.table).addColumn(m,h,b=>(b=f.required!==!1?b.notNull():b,f.references&&(b=b.references(`${f.references.model}.${f.references.field}`)),b));a.push(y)}if(s.length)for(let u of s){let m=o.schema.createTable(u.table).addColumn("id",d("string"),f=>f.primaryKey());for(let[f,h]of Object.entries(u.fields)){let y=d(h.type);m=m.addColumn(f,y,b=>(b=h.required!==!1?b.notNull():b,h.references&&(b=b.references(`${h.references.model}.${h.references.field}`)),h.unique&&(b=b.unique()),b))}a.push(m)}function p(){return c(this,null,function*(){for(let u of a)yield u.execute()})}function l(){return c(this,null,function*(){return a.map(m=>m.compile().sql).join(`;
+`)})}return{toBeCreated:s,toBeAdded:i,runMigrations:p,compileMigrations:l}})}function re(e){if(!e)return{and:null,or:null};let t=e==null?void 0:e.filter(o=>o.connector==="AND"||!o.connector).reduce((o,r)=>T(g({},o),{[r.field]:r.value}),{}),n=e==null?void 0:e.filter(o=>o.connector==="OR").reduce((o,r)=>T(g({},o),{[r.field]:r.value}),{});return{and:Object.keys(t).length?t:null,or:Object.keys(n).length?n:null}}function oe(e,t,n){var o,r,s;for(let i in e)e[i]===0&&((o=t[i])==null?void 0:o.type)==="boolean"&&(n!=null&&n.boolean)&&(e[i]=!1),e[i]===1&&((r=t[i])==null?void 0:r.type)==="boolean"&&(n!=null&&n.boolean)&&(e[i]=!0),((s=t[i])==null?void 0:s.type)==="date"&&(e[i]instanceof Date||(e[i]=new Date(e[i])));return e}function Rt(e,t){for(let n in e)typeof e[n]=="boolean"&&(t!=null&&t.boolean)&&(e[n]=e[n]?1:0),e[n]instanceof Date&&(e[n]=e[n].toISOString());return e}var Tt=(e,t)=>({id:"kysely",create(o){return c(this,null,function*(){let{model:r,data:s,select:i}=o;t!=null&&t.transform&&(s=Rt(s,t.transform));let a=yield e.insertInto(r).values(s).returningAll().executeTakeFirst();if(t!=null&&t.transform){let d=t.transform.schema[r];a=d?oe(s,d,t.transform):a}return i!=null&&i.length&&(a=a?i.reduce((p,l)=>a!=null&&a[l]?T(g({},p),{[l]:a[l]}):p,{}):null),a})},findOne(o){return c(this,null,function*(){let{model:r,where:s,select:i}=o,{and:a,or:d}=re(s),p=e.selectFrom(r).selectAll();d&&(p=p.where(u=>u.or(d))),a&&(p=p.where(u=>u.and(a)));let l=yield p.executeTakeFirst();if(i!=null&&i.length&&(l=l?i.reduce((m,f)=>l!=null&&l[f]?T(g({},m),{[f]:l[f]}):m,{}):null),t!=null&&t.transform){let u=t.transform.schema[r];return l=l&&u?oe(l,u,t.transform):l,l||null}return l||null})},findMany(o){return c(this,null,function*(){let{model:r,where:s}=o,i=e.selectFrom(r),{and:a,or:d}=re(s);a&&(i=i.where(l=>l.and(a))),d&&(i=i.where(l=>l.or(d)));let p=yield i.selectAll().execute();if(t!=null&&t.transform){let l=t.transform.schema[r];return l?p.map(u=>oe(u,l,t.transform)):p}return p})},update(o){return c(this,null,function*(){let{model:r,where:s,update:i}=o,{and:a,or:d}=re(s);t!=null&&t.transform&&(i=Rt(i,t.transform));let p=e.updateTable(r).set(i);a&&(p=p.where(u=>u.and(a))),d&&(p=p.where(u=>u.or(d)));let l=(yield p.returningAll().executeTakeFirst())||null;if(t!=null&&t.transform){let u=t.transform.schema[r];return u?oe(l,u,t.transform):l}return l})},delete(o){return c(this,null,function*(){let{model:r,where:s}=o,{and:i,or:a}=re(s),d=e.deleteFrom(r);i&&(d=d.where(p=>p.and(i))),a&&(d=d.where(p=>p.or(a))),yield d.execute()})},createSchema(o){return c(this,null,function*(){let{compileMigrations:r}=yield kt(o);return console.log(r),{code:yield r(),fileName:`./better-auth_migrations/${new Date().toISOString()}.sql`}})}});function xt(e){if(!e.database)throw new S("Database configuration is required");if("create"in e.database)return e.database;let t=F(e);if(!t)throw new S("Failed to initialize database adapter");let n=D(e),o={};for(let r of Object.values(n))o[r.tableName]=r.fields;return Tt(t,{transform:{schema:o,date:!0,boolean:te(e)==="sqlite"}})}import{scrypt as Fr}from"node:crypto";import{decodeHex as Vr,encodeHex as Ut}from"oslo/encoding";import{constantTimeEqual as zr}from"oslo/crypto";var V={N:16384,r:16,p:1,dkLen:64};function Pt(e,t){return c(this,null,function*(){return yield new Promise((n,o)=>{Fr(e.normalize("NFKC"),t,V.dkLen,{N:V.N,p:V.p,r:V.r,maxmem:128*V.N*V.r*2},(r,s)=>r?o(r):n(s))})})}var vt=e=>c(void 0,null,function*(){let t=Ut(crypto.getRandomValues(new Uint8Array(16))),n=yield Pt(e,t);return`${t}:${Ut(n)}`}),It=(e,t)=>c(void 0,null,function*(){let[n,o]=e.split(":"),r=yield Pt(t,n);return zr(r,Vr(o))});import{alphabet as Mr,generateRandomString as Hr}from"oslo/crypto";var St=(e,t)=>{var i;let n=((i=t.session)==null?void 0:i.expiresIn)||604800,o=D(t),r=t.databaseHooks;function s(a,d){return c(this,null,function*(){var u,m,f,h;let p=a;if((m=(u=r==null?void 0:r[d])==null?void 0:u.create)!=null&&m.before){let y=yield r[d].create.before(a);if(y===!1)return null;p=typeof y=="object"?y.data:y}let l=yield e.create({model:d,data:a});return(h=(f=r==null?void 0:r[d])==null?void 0:f.create)!=null&&h.after&&l&&(yield r[d].create.after(l)),l})}return{createOAuthUser:(a,d)=>c(void 0,null,function*(){try{let p=yield s(a,"user"),l=yield s(d,"account");return{user:p,account:l}}catch(p){return console.log(p),null}}),createUser:a=>c(void 0,null,function*(){return yield s(a,"user")}),createSession:(a,d,p)=>c(void 0,null,function*(){let l=d instanceof Request?d.headers:d,u={id:Hr(32,Mr("a-z","0-9","A-Z")),userId:a,expiresAt:p?H(1e3*60*60*24):H(n,!0),ipAddress:(l==null?void 0:l.get("x-forwarded-for"))||"",userAgent:(l==null?void 0:l.get("user-agent"))||""};return yield s(u,"session")}),findSession:a=>c(void 0,null,function*(){let d=yield e.findOne({model:o.session.tableName,where:[{value:a,field:"id"}]});if(!d)return null;let p=yield e.findOne({model:o.user.tableName,where:[{value:d.userId,field:"id"}]});return p?{session:d,user:p}:null}),updateSession:(a,d)=>c(void 0,null,function*(){var l,u,m,f;if((u=(l=r==null?void 0:r.session)==null?void 0:l.update)!=null&&u.before){let h=yield r.session.update.before(d);if(h===!1)return null;d=typeof h=="object"?h.data:h}let p=yield e.update({model:o.session.tableName,where:[{field:"id",value:a}],update:d});return(f=(m=r==null?void 0:r.session)==null?void 0:m.update)!=null&&f.after&&p&&(yield r.session.update.after(p)),p}),deleteSession:a=>c(void 0,null,function*(){return yield e.delete({model:o.session.tableName,where:[{field:"id",value:a}]})}),deleteSessions:a=>c(void 0,null,function*(){return yield e.delete({model:o.session.tableName,where:[{field:"userId",value:a}]})}),findUserByEmail:a=>c(void 0,null,function*(){let d=yield e.findOne({model:o.user.tableName,where:[{value:a.toLowerCase(),field:"email"}]});if(!d)return null;let p=yield e.findMany({model:o.account.tableName,where:[{value:d.id,field:"userId"}]});return{user:d,accounts:p}}),findUserById:a=>c(void 0,null,function*(){return yield e.findOne({model:o.user.tableName,where:[{field:"id",value:a}]})}),linkAccount:a=>c(void 0,null,function*(){return yield s(a,"account")}),updateUserByEmail:(a,d)=>c(void 0,null,function*(){var l,u,m,f;if((u=(l=r==null?void 0:r.user)==null?void 0:l.update)!=null&&u.before){let h=yield r.user.update.before(d);if(h===!1)return null;d=typeof h=="object"?h.data:h}let p=yield e.update({model:o.user.tableName,where:[{value:a,field:"email"}],update:d});return(f=(m=r==null?void 0:r.user)==null?void 0:m.update)!=null&&f.after&&p&&(yield r.user.update.after(p)),p}),updatePassword:(a,d)=>c(void 0,null,function*(){return yield e.update({model:o.account.tableName,where:[{value:a,field:"userId"},{field:"providerId",value:"credential"}],update:{password:d}})}),findAccounts:a=>c(void 0,null,function*(){return yield e.findMany({model:o.account.tableName,where:[{field:"userId",value:a}]})}),updateAccount:(a,d)=>c(void 0,null,function*(){var l,u,m,f;if((u=(l=r==null?void 0:r.account)==null?void 0:l.update)!=null&&u.before){let h=yield r.account.update.before(d);if(h===!1)return null;d=typeof h=="object"?h.data:h}let p=yield e.update({model:o.account.tableName,where:[{field:"id",value:a}],update:d});return(f=(m=r==null?void 0:r.account)==null?void 0:m.update)!=null&&f.after&&p&&(yield r.account.update.after(p)),p})}};var Ot="better-auth-secret-123456789";var Lt=e=>({id:"cross-subdomain-cookies",onResponse(n,o){return c(this,null,function*(){let r=n.headers.get("set-cookie");if(!r)return;let s=o.baseURL,i=r.split(";"),a=(e==null?void 0:e.domainName)||new URL(s).hostname,d=o.authCookies,p=[d.sessionToken.name,d.csrfToken.name,d.dontRememberToken.name];if(!p.some(u=>r.includes(u)))return;let l=i.map(u=>{if(!p.some(f=>u.toLowerCase().includes(f.toLowerCase())))return u;let m=u.trim();return m.toLowerCase().startsWith("domain=")?`Domain=${a}`:m.toLowerCase().includes("domain=")?m:`${m}; Domain=${a}`}).filter((u,m,f)=>m===f.findIndex(h=>h.split(";")[0]===u.split(";")[0])).join("; ");return n.headers.set("set-cookie",l),{response:n}})}});var Et=e=>{var m,f,h,y,b,w,k,v,I,ne,ye,be,we,Ae;let{options:t,context:n}=Gr(e),o=t.plugins||[],r=Kr(t),s=xt(t),i=F(t),a=X(t.baseURL,t.basePath)||"",d=t.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||Ot,p=Fe(t),l=D(t),u=Object.keys(t.socialProviders||{}).map(z=>{var ke;let K=(ke=t.socialProviders)==null?void 0:ke[z];return K.enabled===!1?null:((!K.clientId||!K.clientSecret)&&P.warn(`Social provider ${z} is missing clientId or clientSecret`),ae[z](K))}).filter(z=>z!==null);return g({appName:t.appName||"Better Auth",socialProviders:u,options:T(g({},t),{baseURL:a?new URL(a).origin:"",basePath:t.basePath||"/api/auth",plugins:o.concat(r)}),tables:l,baseURL:a,sessionConfig:{updateAge:((m=t.session)==null?void 0:m.updateAge)||24*60*60,expiresIn:((f=t.session)==null?void 0:f.expiresIn)||60*60*24*7},secret:d,rateLimit:T(g({},t.rateLimit),{enabled:(y=(h=t.rateLimit)==null?void 0:h.enabled)!=null?y:process.env.NODE_ENV!=="development",window:((b=t.rateLimit)==null?void 0:b.window)||60,max:((w=t.rateLimit)==null?void 0:w.max)||100,storage:((k=t.rateLimit)==null?void 0:k.storage)||"memory"}),authCookies:p,logger:ie({disabled:((v=t.logger)==null?void 0:v.disabled)||!1}),db:i,password:{hash:((ne=(I=t.emailAndPassword)==null?void 0:I.password)==null?void 0:ne.hash)||vt,verify:((be=(ye=t.emailAndPassword)==null?void 0:ye.password)==null?void 0:be.verify)||It,config:{minPasswordLength:((we=t.emailAndPassword)==null?void 0:we.minPasswordLength)||8,maxPasswordLength:((Ae=t.emailAndPassword)==null?void 0:Ae.maxPasswordLength)||128}},adapter:s,internalAdapter:St(s,t),createAuthCookie:Ve(t)},n)};function Gr(e){let t=e.plugins||[],n={};for(let i of t)if(i.init){let a=i.init(e);typeof a=="object"&&(a.options&&(e=g(g({},e),a.options)),n=g({},a))}let s=n,{options:o}=s,r=J(s,["options"]);return{options:e,context:r}}function Kr(e){var n,o;let t=[];return(o=(n=e.advanced)==null?void 0:n.crossSubDomainCookies)!=null&&o.enabled&&t.push(Lt({eligibleCookies:e.advanced.crossSubDomainCookies.eligibleCookies})),t}var Md=e=>{let t=Et(e),{api:n}=he(t,e);return{handler:o=>c(void 0,null,function*(){let r=t.options.basePath,s=new URL(o.url);if(!t.options.baseURL){let a=`${s.origin}/api/auth`;t.options.baseURL=a,t.baseURL=a}if(!t.options.baseURL)return new Response("Base URL not set",{status:400});if(s.pathname===r||s.pathname===`${r}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:i}=ht(t,e);return i(o)}),api:n,options:t.options,$Infer:{}}};export{Md as betterAuth};

package/dist/next-js.d.ts CHANGED Viewed

@@ -1,13 +1,11 @@
-import { d as Auth } from './index-D_ohe9r9.js';
-import { U as User, S as Session } from './schema-D9o3OF80.js';
+import { d as Auth } from './index-BMYcrOqA.js';
+import { U as User, S as Session } from './index-CE92ti2Z.js';
 import { NextRequest } from 'next/server';
 import 'kysely';
 import 'better-call';
 import 'zod';
 import './helper-C1ihmerM.js';
-import './social.js';
 import 'arctic';
-import './adapter-D-m9-hQp.js';
 declare function toNextJsHandler(auth: Auth | Auth["handler"]): {
     GET: (request: Request) => Promise<Response>;

package/dist/node.d.ts CHANGED Viewed

@@ -1,13 +1,11 @@
 import * as http from 'http';
-import { d as Auth } from './index-D_ohe9r9.js';
+import { d as Auth } from './index-BMYcrOqA.js';
 import 'kysely';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
-import 'better-call';
 import './helper-C1ihmerM.js';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
+import 'better-call';
 declare const toNodeHandler: (auth: Auth | Auth["handler"]) => (req: http.IncomingMessage, res: http.ServerResponse) => Promise<void>;

package/dist/plugins.d.ts CHANGED Viewed

@@ -1,20 +1,18 @@
-export { O as OrganizationOptions, b as Passkey, P as PasskeyOptions, W as WebAuthnCookieType, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, t as twoFactor, a as twoFactorClient, u as username } from './index-DsEvbKjm.js';
+export { O as OrganizationOptions, b as Passkey, P as PasskeyOptions, W as WebAuthnCookieType, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, t as twoFactor, a as twoFactorClient, u as username } from './index-3B6zGicM.js';
 export { i as ac } from './index-D6NOkCRo.js';
-import { H as HookEndpointContext } from './index-D_ohe9r9.js';
-export { A as AuthEndpoint, b as AuthMiddleware, B as BetterAuthPlugin, P as PluginSchema, a as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-D_ohe9r9.js';
+import { H as HookEndpointContext } from './index-BMYcrOqA.js';
+export { A as AuthEndpoint, b as AuthMiddleware, B as BetterAuthPlugin, P as PluginSchema, a as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-BMYcrOqA.js';
 export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
-import 'better-call';
 import './helper-C1ihmerM.js';
+import 'better-call';
 import './statement-CU-fdHXK.js';
 import '@better-fetch/fetch';
 import 'nanostores';
 import '@simplewebauthn/types';
 import 'kysely';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
 /**
  * Converts bearer token to session cookie