npm - better-auth - Versions diffs - 0.2.2 → 0.2.3-beta.1 - Mend

better-auth 0.2.2 → 0.2.3-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/dist/adapters.d.ts +32 -6
package/dist/adapters.js +22 -1
package/dist/api.d.ts +2 -4
package/dist/cli.js +4 -2
package/dist/client/plugins.d.ts +5 -7
package/dist/client.d.ts +3 -5
package/dist/{index-DsEvbKjm.d.ts → index-3B6zGicM.d.ts} +10 -2
package/dist/{index-D_ohe9r9.d.ts → index-BMYcrOqA.d.ts} +72 -113
package/dist/index-CE92ti2Z.d.ts +827 -0
package/dist/index.d.ts +4 -6
package/dist/index.js +5 -3
package/dist/next-js.d.ts +2 -4
package/dist/node.d.ts +4 -6
package/dist/plugins.d.ts +6 -8
package/dist/plugins.js +1 -1
package/dist/react.d.ts +3 -5
package/dist/social.d.ts +3 -742
package/dist/solid-start.d.ts +4 -6
package/dist/solid.d.ts +3 -5
package/dist/svelte-kit.d.ts +4 -6
package/dist/svelte.d.ts +3 -5
package/dist/types.d.ts +3 -5
package/dist/utils.d.ts +5 -7
package/dist/vue.d.ts +3 -5
package/package.json +7 -5
package/dist/.DS_Store +0 -0
package/dist/adapter-D-m9-hQp.d.ts +0 -54
package/dist/schema-D9o3OF80.d.ts +0 -88

package/dist/plugins.js CHANGED Viewed

@@ -79,4 +79,4 @@ var De=Object.defineProperty,Vt=Object.defineProperties;var Ht=Object.getOwnProp
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,Xr=c("/error",{method:"GET",metadata:K},e=>s(void 0,null,function*(){var o;let r=new URL(((o=e.request)==null?void 0:o.url)||"").searchParams.get("error")||"Unknown";return new Response(Yr(r),{headers:{"Content-Type":"text/html"}})}));var eo=c("/ok",{method:"GET",metadata:K},e=>s(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as dt,generateRandomString as ut}from"oslo/crypto";import{z as G}from"zod";var at=(e,r)=>{let o={};for(let[n,t]of Object.entries(e))o[n]=i=>t(g(f({},i),{context:f(f({},r),i.context)})),o[n].path=t.path,o[n].method=t.method,o[n].options=t.options,o[n].headers=t.headers;return o};function Ce(e,r){return s(this,null,function*(){let o=yield e.context.internalAdapter.findAccounts(r.userId),n=o==null?void 0:o.find(a=>a.providerId==="credential"),t=n==null?void 0:n.password;return!n||!t?!1:yield e.context.password.verify(t,r.password)})}var Ee=c("/sign-up/email",{method:"POST",query:G.object({currentURL:G.string().optional()}).optional(),body:G.object({name:G.string(),email:G.string(),password:G.string(),image:G.string().optional(),callbackURL:G.string().optional()})},e=>s(void 0,null,function*(){var y,R,I,S;if(!((y=e.context.options.emailAndPassword)!=null&&y.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:r,email:o,password:n,image:t}=e.body;if(!G.string().email().safeParse(o).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let a=e.context.password.config.minPasswordLength;if(n.length<a)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(n.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=yield e.context.internalAdapter.findUserByEmail(o),l=yield e.context.password.hash(n);if(u!=null&&u.user)return e.json(null,{status:400,body:{message:"User already exists"}});let m=yield e.context.internalAdapter.createUser({id:ut(32,dt("a-z","0-9","A-Z")),email:o.toLowerCase(),name:r,image:t,emailVerified:!1,createdAt:new Date,updatedAt:new Date});if(!m)return e.json(null,{status:400,body:{message:"Could not create user"}});yield e.context.internalAdapter.linkAccount({id:ut(32,dt("a-z","0-9","A-Z")),userId:m.id,providerId:"credential",accountId:m.id,password:l});let p=yield e.context.internalAdapter.createSession(m.id,e.request);if(!p)return e.json(null,{status:400,body:{message:"Could not create session"}});if(yield T(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let _=yield ne(e.context.secret,m.email),k=`${e.context.baseURL}/verify-email?token=${_}&callbackURL=${e.body.callbackURL||((R=e.query)==null?void 0:R.currentURL)||"/"}`;yield(S=(I=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:S.call(I,m.email,k,_)}return e.json({user:m,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:m,session:p}})}));var _e={};Jt(_e,{AccessControl:()=>ie,ParsingError:()=>Q,Role:()=>ee,adminAc:()=>mt,createAccessControl:()=>ct,defaultAc:()=>pe,defaultRoles:()=>ze,defaultStatements:()=>lt,memberAc:()=>ft,ownerAc:()=>pt,permissionFromString:()=>to});var Q=class extends Error{constructor(o,n){super(o);ae(this,"path");this.path=n}},ie=class{constructor(r){this.s=r;ae(this,"statements");this.statements=r}newRole(r){return new ee(r)}},ee=class e{constructor(r){ae(this,"statements");this.statements=r}authorize(r,o){for(let[n,t]of Object.entries(r)){let i=this.statements[n];if(!i)return{success:!1,error:`You are not allowed to access resource: ${n}`};let a=o==="OR"?t.some(d=>i.includes(d)):t.every(d=>i.includes(d));return a?{success:a}:{success:!1,error:`unauthorized to access resource "${n}"`}}return{success:!1,error:"Not authorized"}}static fromString(r){let o=JSON.parse(r);if(typeof o!="object")throw new Q("statements is not an object",".");for(let[n,t]of Object.entries(o)){if(typeof n!="string")throw new Q("invalid resource identifier",n);if(!Array.isArray(t))throw new Q("actions is not an array",n);for(let i=0;i<t.length;i++)if(typeof t[i]!="string")throw new Q("action is not a string",`${n}[${i}]`)}return new e(o)}toString(){return JSON.stringify(this.statements)}};var ct=e=>new ie(e),lt={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},pe=ct(lt),mt=pe.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),pt=pe.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),ft=pe.newRole({organization:[],member:[],invitation:[]}),ze={admin:mt,owner:pt,member:ft};var to=e=>ee.fromString(e!=null?e:"");var ro={findFullOrganization:(e,r)=>s(void 0,null,function*(){let o=yield r==null?void 0:r.selectFrom("organization").leftJoin("member","organization.id","member.organizationId").leftJoin("invitation","organization.id","invitation.organizationId").leftJoin("user","member.userId","user.id").where("organization.id","=",e).select(["organization.id as org_id","organization.name as org_name","organization.slug as org_slug","organization.logo as org_logo","organization.metadata as org_metadata","organization.createdAt as org_createdAt","member.id as member_id","member.userId as member_user_id","member.role as member_role","member.createdAt as member_createdAt","invitation.id as invitation_id","invitation.email as invitation_email","invitation.status as invitation_status","invitation.expiresAt as invitation_expiresAt","invitation.role as invitation_role","invitation.inviterId as invitation_inviterId","user.id as user_id","user.name as user_name","user.email as user_email","user.image as user_image"]).execute();if(!o||o.length===0)return null;let n={id:o[0].org_id,name:o[0].org_name,slug:o[0].org_slug,logo:o[0].org_logo,metadata:o[0].org_metadata?JSON.parse(o[0].org_metadata):void 0,createdAt:o[0].org_createdAt,members:[],invitations:[]};return o.forEach(t=>{t.member_id&&(n.members.find(a=>a.id===t.member_id)||n.members.push({id:t.member_id,userId:t.member_user_id,role:t.member_role,createdAt:t.member_createdAt,user:{id:t.user_id,name:t.user_name,email:t.user_email,image:t.user_image},email:t.user_email,organizationId:t.org_id})),t.invitation_id&&n.invitations.push({id:t.invitation_id,email:t.invitation_email,status:t.invitation_status,expiresAt:t.invitation_expiresAt,organizationId:t.org_id,role:t.invitation_role,inviterId:t.invitation_inviterId})}),n})},O=(e,r)=>({findOrganizationBySlug:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"slug",value:o}]})}),createOrganization:o=>s(void 0,null,function*(){let n=yield e.create({model:"organization",data:g(f({},o.organization),{metadata:o.organization.metadata?JSON.stringify(o.organization.metadata):void 0})}),t=yield e.create({model:"member",data:{id:H(),organizationId:n.id,userId:o.user.id,createdAt:new Date,email:o.user.email,role:(r==null?void 0:r.creatorRole)||"owner"}});return g(f({},n),{metadata:n.metadata?JSON.parse(n.metadata):void 0,members:[g(f({},t),{user:{id:o.user.id,name:o.user.name,email:o.user.email,image:o.user.image}})]})}),findMemberByEmail:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberByOrgId:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"userId",value:o.userId},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberById:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"id",value:o}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),createMember:o=>s(void 0,null,function*(){return yield e.create({model:"member",data:o})}),updateMember:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"member",where:[{field:"id",value:o}],update:{role:n}})}),deleteMember:o=>s(void 0,null,function*(){return yield e.delete({model:"member",where:[{field:"id",value:o}]})}),updateOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"organization",where:[{field:"id",value:o}],update:n})}),deleteOrganization:o=>s(void 0,null,function*(){let n=yield e.delete({model:"organization",where:[{field:"id",value:o}]});return o}),setActiveOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"session",where:[{field:"id",value:o}],update:{activeOrganizationId:n}})}),findOrganizationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"id",value:o}]})}),findFullOrganization:(o,n)=>s(void 0,null,function*(){function t(){return s(this,null,function*(){let i=yield e.findOne({model:"organization",where:[{field:"id",value:o}]}),a=yield e.findMany({model:"invitation",where:[{field:"organizationId",value:o}]}),d=yield e.findMany({model:"member",where:[{field:"organizationId",value:o}]}),u=yield Promise.all(d.map(m=>s(this,null,function*(){let p=yield e.findOne({model:"user",where:[{field:"id",value:m.userId}]});if(!p)throw new C("Unexpected error: User not found for member");return g(f({},m),{user:{id:p.id,name:p.name,email:p.email,image:p.image}})})));return g(f({},i),{invitations:a,members:u})})}return n?ro.findFullOrganization(o,n):t()}),listOrganizations:o=>s(void 0,null,function*(){let n=yield e.findMany({model:"member",where:[{field:"userId",value:o}]}),t=n==null?void 0:n.map(a=>a.organizationId);if(!t)return[];let i=[];for(let a of t){let d=yield e.findOne({model:"organization",where:[{field:"id",value:a}]});d&&i.push(d)}return i}),createInvitation:t=>s(void 0,[t],function*({invitation:o,user:n}){let a=ue((r==null?void 0:r.invitationExpiresIn)||1728e5);return yield e.create({model:"invitation",data:{id:H(),email:o.email,role:o.role,organizationId:o.organizationId,status:"pending",expiresAt:a,inviterId:n.id}})}),findInvitationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"invitation",where:[{field:"id",value:o}]})}),findPendingInvitation:o=>s(void 0,null,function*(){return(yield e.findMany({model:"invitation",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId},{field:"status",value:"pending"}]})).filter(t=>new Date(t.expiresAt)>new Date)}),updateInvitation:o=>s(void 0,null,function*(){return yield e.update({model:"invitation",where:[{field:"id",value:o.invitationId}],update:{status:o.status}})})});import"better-call";import{APIError as ld,createRouter as md}from"better-call";import{APIError as gt}from"better-call";import{z as yt}from"zod";var oo=M({body:yt.object({csrfToken:yt.string().optional()}).optional()},e=>s(void 0,null,function*(){var d,u,l,m;if(((d=e.request)==null?void 0:d.method)!=="POST"||(u=e.context.options.advanced)!=null&&u.disableCSRFCheck)return;let r=new URL(e.request.url);if(r.origin===new URL(e.context.baseURL).origin||(l=e.context.options.trustedOrigins)!=null&&l.includes(r.origin))return;let o=(m=e.body)==null?void 0:m.csrfToken,n=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[t,i]=(n==null?void 0:n.split("!"))||[null,null];if(!o||!n||!t||!i||n!==o)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=yield F(e.context.secret,t);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import Od from"chalk";var P=M(e=>s(void 0,null,function*(){return{}})),U=M({use:[A]},e=>s(void 0,null,function*(){return{session:e.context.session}}));import{z as x}from"zod";import{z as w}from"zod";var fe=w.enum(["admin","member","owner"]),no=w.enum(["pending","accepted","rejected","canceled"]).default("pending"),Md=w.object({id:w.string(),name:w.string(),slug:w.string(),logo:w.string().optional(),metadata:w.record(w.string()).or(w.string().transform(e=>JSON.parse(e))).optional(),createdAt:w.date()}),Fd=w.object({id:w.string(),email:w.string(),organizationId:w.string(),userId:w.string(),role:fe,createdAt:w.date()}),Dd=w.object({id:w.string(),organizationId:w.string(),email:w.string(),role:fe,status:no,inviterId:w.string(),expiresAt:w.date()});var ht=c("/organization/invite-member",{method:"POST",use:[P,U],body:x.object({email:x.string(),role:fe,organizationId:x.string().optional(),resend:x.boolean().optional()})},e=>s(void 0,null,function*(){var p,y;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({invitation:["create"]}).error)return e.json(null,{body:{message:"You are not allowed to invite users to this organization"},status:403});if(yield n.findMemberByEmail({email:e.body.email,organizationId:o}))return e.json(null,{status:400,body:{message:"User is already a member of this organization"}});if((yield n.findPendingInvitation({email:e.body.email,organizationId:o})).length&&!e.body.resend)return e.json(null,{status:400,body:{message:"User is already invited to this organization"}});let l=yield n.createInvitation({invitation:{role:e.body.role,email:e.body.email,organizationId:o},user:r.user}),m=yield n.findOrganizationById(o);return m?(yield(y=(p=e.context.orgOptions).sendInvitationEmail)==null?void 0:y.call(p,{id:l.id,role:l.role,email:l.email,organization:m,inviter:g(f({},t),{user:r.user})},e.request),e.json(l)):e.json(null,{status:400,body:{message:"Organization not found!"}})})),wt=c("/organization/accept-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"accepted"}),i=yield o.createMember({id:H(),organizationId:n.organizationId,userId:r.user.id,email:n.email,role:n.role,createdAt:new Date});return yield o.setActiveOrganization(r.session.id,n.organizationId),t?e.json({invitation:t,member:i}):e.json(null,{status:400,body:{message:"Invitation not found!"}})})),bt=c("/organization/reject-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"rejected"});return e.json({invitation:t,member:null})})),At=c("/organization/cancel-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n)return e.json(null,{status:400,body:{message:"Invitation not found!"}});let t=yield o.findMemberByOrgId({userId:r.user.id,organizationId:n.organizationId});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization"}});if(e.context.roles[t.role].authorize({invitation:["cancel"]}).error)return e.json(null,{status:403,body:{message:"You are not allowed to cancel this invitation"}});let a=yield o.updateInvitation({invitationId:e.body.invitationId,status:"canceled"});return e.json(a)})),kt=c("/organization/get-invitation",{method:"GET",use:[P],requireHeaders:!0,query:x.object({id:x.string()})},e=>s(void 0,null,function*(){let r=yield $(e);if(!r)return e.json(null,{status:400,body:{message:"User not logged in"}});let o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.query.id);if(!n||n.status!=="pending"||n.expiresAt<new Date)return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.findOrganizationById(n.organizationId);if(!t)return e.json(null,{status:400,body:{message:"Organization not found!"}});let i=yield o.findMemberByOrgId({userId:n.inviterId,organizationId:n.organizationId});return i?e.json(g(f({},n),{organizationName:t.name,organizationSlug:t.slug,inviterEmail:i.email})):e.json(null,{status:400,body:{message:"Inviter is no longer a member of this organization"}})}));import{z as Y}from"zod";var Ot=c("/organization/remove-member",{method:"POST",body:Y.object({memberIdOrEmail:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){var m;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});let a=r.user.email===e.body.memberIdOrEmail||t.id===e.body.memberIdOrEmail;if(a&&t.role===(((m=e.context.orgOptions)==null?void 0:m.creatorRole)||"owner"))return e.json(null,{status:400,body:{message:"You cannot leave the organization as the owner"}});if(!(a||i.authorize({member:["delete"]}).success))return e.json(null,{body:{message:"You are not allowed to delete this member"},status:403});let l=null;return e.body.memberIdOrEmail.includes("@")?l=yield n.findMemberByEmail({email:e.body.memberIdOrEmail,organizationId:o}):l=yield n.findMemberById(e.body.memberIdOrEmail),(l==null?void 0:l.organizationId)!==o?e.json(null,{status:400,body:{message:"Member not found!"}}):(yield n.deleteMember(l.id),r.user.id===l.userId&&r.session.activeOrganizationId===l.organizationId&&(yield n.setActiveOrganization(r.session.id,null)),e.json({member:l}))})),vt=c("/organization/update-member-role",{method:"POST",body:Y.object({role:Y.enum(["admin","member","owner"]),memberId:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({member:["update"]}).error||e.body.role==="owner"&&t.role!=="owner")return e.json(null,{body:{message:"You are not allowed to update this member"},status:403});let d=yield n.updateMember(e.body.memberId,e.body.role);return d?e.json(d):e.json(null,{status:400,body:{message:"Member not found!"}})}));import{z as v}from"zod";var It=c("/organization/create",{method:"POST",body:v.object({name:v.string(),slug:v.string(),userId:v.string().optional(),logo:v.string().optional(),metadata:v.record(v.string()).optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session.user;if(!r)return e.json(null,{status:401});let o=e.context.orgOptions;if(!(typeof(o==null?void 0:o.allowUserToCreateOrganization)=="function"?yield o.allowUserToCreateOrganization(r):(o==null?void 0:o.allowUserToCreateOrganization)===void 0?!0:o.allowUserToCreateOrganization))return e.json(null,{status:403,body:{message:"You are not allowed to create organizations"}});let t=O(e.context.adapter,o),i=yield t.listOrganizations(r.id);if(typeof o.organizationLimit=="number"?i.length>=o.organizationLimit:typeof o.organizationLimit=="function"?yield o.organizationLimit(r):!1)return e.json(null,{status:403,body:{message:"You have reached the maximum number of organizations"}});if(yield t.findOrganizationBySlug(e.body.slug))return e.json(null,{status:400,body:{message:"Organization with this slug already exists"}});let u=yield t.createOrganization({organization:{id:H(),slug:e.body.slug,name:e.body.name,logo:e.body.logo,createdAt:new Date,metadata:e.body.metadata},user:r});return e.json(u)})),Rt=c("/organization/update",{method:"POST",body:v.object({data:v.object({name:v.string().optional(),slug:v.string().optional()}).partial(),orgId:v.string().optional()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({organization:["update"]}).error)return e.json(null,{body:{message:"You are not allowed to update this organization"},status:403});let d=yield n.updateOrganization(o,e.body.data);return e.json(d)})),Tt=c("/organization/delete",{method:"POST",body:v.object({orgId:v.string()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];return i?i.authorize({organization:["delete"]}).error?e.json(null,{body:{message:"You are not allowed to delete this organization"},status:403}):(o===r.session.activeOrganizationId&&(yield n.setActiveOrganization(r.session.id,null)),yield n.deleteOrganization(o),e.json(o)):e.json(null,{status:400,body:{message:"Role not found!"}})})),Pt=c("/organization/get-full",{method:"GET",query:v.object({orgId:v.string().optional()}),requireHeaders:!0,use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.query.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let t=yield O(e.context.adapter,e.context.orgOptions).findFullOrganization(o,e.context.db);return t?e.json(t):e.json(null,{status:404,body:{message:"Organization not found!"}})})),St=c("/organization/activate",{method:"POST",body:v.object({orgId:v.string().nullable().optional()}),use:[U,P]},e=>s(void 0,null,function*(){let r=O(e.context.adapter,e.context.orgOptions),o=e.context.session,n=e.body.orgId;if(n===null)return o.session.activeOrganizationId&&(yield r.setActiveOrganization(o.session.id,null)),e.json(null);if(!n){let a=o.session.activeOrganizationId;if(!a)return e.json(null);n=a}if(!(yield r.findMemberByOrgId({userId:o.user.id,organizationId:n})))return yield r.setActiveOrganization(o.session.id,null),e.json(null,{status:400,body:{message:"You are not a member of this organization"}});yield r.setActiveOrganization(o.session.id,n);let i=yield r.findFullOrganization(n,e.context.db);return e.json(i)})),Ut=c("/organization/list",{method:"GET",use:[P,U]},e=>s(void 0,null,function*(){let o=yield O(e.context.adapter,e.context.orgOptions).listOrganizations(e.context.session.user.id);return e.json(o)}));var ku=e=>{let r={createOrganization:It,updateOrganization:Rt,deleteOrganization:Tt,setActiveOrganization:St,getFullOrganization:Pt,listOrganization:Ut,createInvitation:ht,cancelInvitation:At,acceptInvitation:wt,getInvitation:kt,rejectInvitation:bt,removeMember:Ot,updateMemberRole:vt},o=f(f({},ze),e==null?void 0:e.roles),n=at(r,{orgOptions:e||{},roles:o,getSession:t=>s(void 0,null,function*(){return yield $(t)})});return{id:"organization",endpoints:g(f({},n),{hasPermission:c("/organization/has-permission",{method:"POST",requireHeaders:!0,body:se.object({permission:se.record(se.string(),se.array(se.string()))}),use:[U]},t=>s(void 0,null,function*(){if(!t.context.session.session.activeOrganizationId)throw new Ct("BAD_REQUEST",{message:"No active organization"});let a=yield O(t.context.adapter).findMemberByOrgId({userId:t.context.session.user.id,organizationId:t.context.session.session.activeOrganizationId||""});if(!a)throw new Ct("UNAUTHORIZED",{message:"You are not a member of this organization"});let u=o[a.role].authorize(t.body.permission);return u.error?t.json({error:u.error,success:!1},{status:403}):t.json({error:null,success:!0})}))}),schema:{session:{fields:{activeOrganizationId:{type:"string",required:!1}}},organization:{fields:{name:{type:"string"},slug:{type:"string",unique:!0},logo:{type:"string",required:!1},createdAt:{type:"date",required:!0},metadata:{type:"string",required:!1}}},member:{fields:{organizationId:{type:"string",required:!0},userId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!0,defaultValue:"member"},createdAt:{type:"date",required:!0}}},invitation:{fields:{organizationId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!1},status:{type:"string",required:!0,defaultValue:"pending"},expiresAt:{type:"date",required:!0},inviterId:{type:"string",references:{model:"user",field:"id"}}}}},$Infer:{Organization:{},Invitation:{},Member:{},ActiveOrganization:{}}}};import{alphabet as fo,generateRandomString as go}from"oslo/crypto";import{z as be}from"zod";import{alphabet as io,generateRandomString as so}from"oslo/crypto";import{z as he}from"zod";import{APIError as te}from"better-call";var ge="two-factor";var ye="trust-device";import{z as je}from"zod";var X=M({body:je.object({trustDevice:je.boolean().optional(),callbackURL:je.string().optional()})},e=>s(void 0,null,function*(){let r=e.context.createAuthCookie(ge),o=yield e.getSignedCookie(r.name,e.context.secret);if(!o)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let[n,t]=o.split("!");if(!n||!t)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let i=yield e.context.adapter.findMany({model:"session",where:[{field:"userId",value:n}]});if(!i.length)throw new te("UNAUTHORIZED",{message:"invalid session"});let a=i.filter(d=>d.expiresAt>new Date);if(!a)throw new te("UNAUTHORIZED",{message:"invalid session"});for(let d of a){let u=yield F(e.context.secret,d.id),l=yield e.context.adapter.findOne({model:"user",where:[{field:"id",value:d.userId}]});if(!l)throw new te("UNAUTHORIZED",{message:"invalid session"});if(u===t)return{valid:()=>s(void 0,null,function*(){if(yield T(e,d.id,!1),e.body.trustDevice){let m=e.context.createAuthCookie(ye,{maxAge:2592e3}),p=yield F(e.context.secret,`${l.id}!${d.id}`);yield e.setSignedCookie(m.name,`${p}!${d.id}`,e.context.secret,m.options)}return e.body.callbackURL?e.json({status:!0,callbackURL:e.body.callbackURL,redirect:!0}):e.json({status:!0})}),invalid:()=>s(void 0,null,function*(){return e.json({status:!1},{status:401,body:{message:"Invalid code"}})}),session:{id:d.id,userId:d.userId,expiresAt:d.expiresAt,user:l}}}throw new te("UNAUTHORIZED",{message:"invalid two factor authentication"})}));function ao(e){var r;return Array.from({length:(r=e==null?void 0:e.amount)!=null?r:10}).fill(null).map(()=>{var o;return so((o=e==null?void 0:e.length)!=null?o:10,io("a-z","0-9"))}).map(o=>`${o.slice(0,5)}-${o.slice(5)}`)}function Le(e,r){return s(this,null,function*(){let o=e,n=r!=null&&r.customBackupCodesGenerate?r.customBackupCodesGenerate():ao(),t=le({data:JSON.stringify(n),key:o});return{backupCodes:n,encryptedBackupCodes:t}})}function uo(e,r){return s(this,null,function*(){let o=yield Et(e.user,r);return o?o.includes(e.code):!1})}function Et(e,r){return s(this,null,function*(){let o=Buffer.from(yield me({key:r,data:e.twoFactorBackupCodes})).toString("utf-8"),n=JSON.parse(o),t=he.array(he.string()).safeParse(n);return t.success?t.data:null})}var zt=e=>({id:"backup_code",endpoints:{verifyBackupCode:c("/two-factor/verify-backup-code",{method:"POST",body:he.object({code:he.string()}),use:[X]},r=>s(void 0,null,function*(){return uo({user:r.context.session.user,code:r.body.code},r.context.secret)?r.json({status:!0}):r.json({status:!1},{status:401})})),generateBackupCodes:c("/two-factor/generate-backup-codes",{method:"POST",use:[A]},r=>s(void 0,null,function*(){let o=yield Le(r.context.secret,e);return yield r.context.adapter.update({model:"user",update:{twoFactorEnabled:!0,twoFactorBackupCodes:o.encryptedBackupCodes},where:[{field:"id",value:r.context.session.user.id}]}),r.json({status:!0,backupCodes:o.backupCodes})})),viewBackupCodes:c("/view/backup-codes",{method:"GET",use:[A]},r=>s(void 0,null,function*(){let o=r.context.session.user,n=Et(o,r.context.secret);return r.json({status:!0,backupCodes:n})}))}});import{APIError as _t}from"better-call";import"oslo/crypto";import{TOTPController as co}from"oslo/otp";import{z as jt}from"zod";import{TimeSpan as lo}from"oslo";var Lt=e=>{let r={period:new lo((e==null?void 0:e.period)||3,"m")},o=new co({digits:6,period:r.period}),n=c("/two-factor/send-otp",{method:"POST",use:[X]},i=>s(void 0,null,function*(){if(!e||!e.sendOTP)throw i.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options."),new _t("BAD_REQUEST",{message:"otp isn't configured"});let a=i.context.session.user,d=yield o.generate(Buffer.from(a.twoFactorSecret));return yield e.sendOTP(a,d),i.json({status:!0})})),t=c("/two-factor/verify-otp",{method:"POST",body:jt.object({code:jt.string()}),use:[X]},i=>s(void 0,null,function*(){let a=i.context.session.user;if(!a.twoFactorEnabled)throw new _t("BAD_REQUEST",{message:"two factor isn't enabled"});return(yield o.generate(Buffer.from(a.twoFactorSecret)))===i.body.code?i.context.valid():i.context.invalid()}));return{id:"otp",endpoints:{send2FaOTP:n,verifyOTP:t}}};import{APIError as we}from"better-call";import{TimeSpan as mo}from"oslo";import{TOTPController as xt,createTOTPKeyURI as po}from"oslo/otp";import{z as xe}from"zod";var Bt=e=>{let r={digits:6,period:new mo((e==null?void 0:e.period)||30,"s")},o=c("/totp/generate",{method:"POST",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;return{code:yield new xt(r).generate(Buffer.from(a.twoFactorSecret))}})),n=c("/two-factor/get-totp-uri",{method:"GET",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;if(!a.twoFactorSecret)throw new we("BAD_REQUEST",{message:"totp isn't enabled"});return{totpURI:po((e==null?void 0:e.issuer)||"BetterAuth",a.email,Buffer.from(a.twoFactorSecret),r)}})),t=c("/two-factor/verify-totp",{method:"POST",body:xe.object({code:xe.string(),callbackURL:xe.string().optional()}),use:[X]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=new xt(r),d=Buffer.from(yield me({key:i.context.secret,data:i.context.session.user.twoFactorSecret}));return(yield a.verify(i.body.code,d))?i.context.valid():i.context.invalid()}));return{id:"totp",endpoints:{generateTOTP:o,viewTOTPURI:n,verifyTOTP:t}}};var mc=(e={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:o=>o==="/two-factor/enable"||o==="/two-factor/send-otp"||o==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{onSuccess(o){return s(this,null,function*(){var n;(n=o.data)!=null&&n.twoFactorRedirect&&(e.redirect||e.twoFactorPage)&&typeof window!="undefined"&&(window.location.href=e.twoFactorPage)})}}}]});var Rc=e=>{let r=Bt(f({issuer:(e==null?void 0:e.issuer)||"better-auth"},e==null?void 0:e.totpOptions)),o=zt(e==null?void 0:e.backupCodeOptions),n=Lt(e==null?void 0:e.otpOptions);return{id:"two-factor",endpoints:g(f(f(f({},r.endpoints),n.endpoints),o.endpoints),{enableTwoFactor:c("/two-factor/enable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;if(!(yield Ce(t,{password:a,userId:i.id})))return t.json({status:!1},{status:400,body:{message:"Invalid password"}});let u=go(16,fo("a-z","0-9","-")),l=le({key:t.context.secret,data:u}),m=yield Le(t.context.secret,e==null?void 0:e.backupCodeOptions);return yield t.context.adapter.update({model:"user",update:{twoFactorSecret:l,twoFactorEnabled:!0,twoFactorBackupCodes:m.encryptedBackupCodes},where:[{field:"id",value:i.id}]}),t.json({status:!0})})),disableTwoFactor:c("/two-factor/disable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;return(yield Ce(t,{password:a,userId:i.id}))?(yield t.context.adapter.update({model:"user",update:{twoFactorEnabled:!1},where:[{field:"id",value:i.id}]}),t.json({status:!0})):t.json({status:!1},{status:400,body:{message:"Invalid password"}})}))}),options:e,hooks:{after:[{matcher(t){return t.path==="/sign-in/email"||t.path==="/sign-in/username"},handler:M(t=>s(void 0,null,function*(){let i=t.context.returned;if((i==null?void 0:i.status)!==200)return;let a=yield i.clone().json();if(!a.user.twoFactorEnabled)return;let d=t.context.createAuthCookie(ye,{maxAge:30*24*60*60}),u=yield t.getSignedCookie(d.name,t.context.secret);if(u){let[y,R]=u.split("!"),I=yield F(t.context.secret,`${a.user.id}!${R}`);if(y===I){let S=yield F(t.context.secret,`${a.user.id}!${a.session.id}`);yield t.setSignedCookie(d.name,`${S}!${a.session.id}`,t.context.secret,d.options);return}}t.setCookie(t.context.authCookies.sessionToken.name,"",{path:"/",sameSite:"lax",httpOnly:!0,secure:!1,maxAge:0});let l=yield F(t.context.secret,a.session.id),m=t.context.createAuthCookie(ge,{maxAge:60*60*24});return yield t.setSignedCookie(m.name,`${a.session.userId}!${l}`,t.context.secret,m.options),{response:new Response(JSON.stringify({twoFactorRedirect:!0}),{headers:t.responseHeader})}}))}]},schema:{user:{fields:{twoFactorEnabled:{type:"boolean",required:!1,defaultValue:!1},twoFactorSecret:{type:"string",required:!1,returned:!1},twoFactorBackupCodes:{type:"string",required:!1,returned:!1}}}},rateLimit:[{pathMatcher(t){return t.startsWith("/two-factor/")},window:10,max:3}]}};import{generateAuthenticationOptions as vo,generateRegistrationOptions as Io,verifyAuthenticationResponse as Ro,verifyRegistrationResponse as To}from"@simplewebauthn/server";import{APIError as Po}from"better-call";import{alphabet as Mt,generateRandomString as Ft}from"oslo/crypto";import{z as q}from"zod";import{WebAuthnError as wo,startAuthentication as bo,startRegistration as Ao}from"@simplewebauthn/browser";import{createFetch as Mc}from"@better-fetch/fetch";import"nanostores";import{betterFetch as Cc}from"@better-fetch/fetch";import{atom as Xc}from"nanostores";import"@better-fetch/fetch";import{atom as yo,onMount as ho}from"nanostores";var Be=(e,r,o,n)=>{let t=yo({data:null,error:null,isPending:!1}),i=()=>{let d=typeof n=="function"?n({data:t.get().data,error:t.get().error,isPending:t.get().isPending}):n;return o(r,g(f({},d),{onSuccess:l=>s(void 0,null,function*(){var m;t.set({data:l.data,error:null,isPending:!1}),yield(m=d==null?void 0:d.onSuccess)==null?void 0:m.call(d,l)}),onError(l){return s(this,null,function*(){var m;t.set({error:l.error,data:null,isPending:!1}),yield(m=d==null?void 0:d.onError)==null?void 0:m.call(d,l)})},onRequest(l){return s(this,null,function*(){var p;let m=t.get();t.set({isPending:!0,data:m.data,error:m.error}),yield(p=d==null?void 0:d.onRequest)==null?void 0:p.call(d,l)})}}))};e=Array.isArray(e)?e:[e];let a=!1;for(let d of e)d.subscribe(()=>{a?i():ho(t,()=>(i(),a=!0,()=>{t.off(),d.off()}))});return t};import{atom as ko}from"nanostores";var Oo=(e,{_listPasskeys:r})=>({signIn:{passkey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-authenticate-options",{method:"POST",body:{email:t==null?void 0:t.email,callbackURL:t==null?void 0:t.callbackURL}});if(!a.data)return a;try{let d=yield bo(a.data,(t==null?void 0:t.autoFill)||!1),u=yield e("/passkey/verify-authentication",f(f({body:{response:d}},t==null?void 0:t.fetchOptions),i));if(!u.data)return u}catch(d){console.log(d)}})},passkey:{addPasskey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let d=yield Ao(a.data),u=yield e("/passkey/verify-registration",g(f(f({},t==null?void 0:t.fetchOptions),i),{body:{response:d,name:t==null?void 0:t.name}}));if(!u.data)return u;r.set(Math.random())}catch(d){return d instanceof wo?d.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:d.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d instanceof Error?d.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}})},$Infer:{}}),kl=()=>{let e=ko();return{id:"passkey",$InferServerPlugin:{},getActions:r=>Oo(r,{_listPasskeys:e}),getAtoms(r){return{listPasskeys:Be(e,"/passkey/list-user-passkeys",r,{method:"GET",credentials:"include"}),_listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(r){return r==="/passkey/verify-registration"||r==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var _l=e=>{let r=process.env.BETTER_AUTH_URL,o=(e==null?void 0:e.rpID)||(r==null?void 0:r.replace("http://","").replace("https://","").replace(":3000",""))||"localhost";if(!o)throw new C("passkey rpID not found. Please provide a rpID in the options or set the BETTER_AUTH_URL environment variable.");let n=g(f({origin:null},e),{rpID:o,advanced:f({webAuthnChallengeCookie:"better-auth-passkey"},e==null?void 0:e.advanced)}),t=60*60*24;return{id:"passkey",endpoints:{generatePasskeyRegistrationOptions:c("/passkey/generate-register-options",{method:"GET",use:[A],metadata:{client:!1}},i=>s(void 0,null,function*(){let a=i.context.session,d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}),u=new Uint8Array(Buffer.from(Ft(32,Mt("a-z","0-9")))),l;l=yield Io({rpName:n.rpName||i.context.appName,rpID:n.rpID,userID:u,userName:a.user.email||a.user.id,attestationType:"none",excludeCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}}),authenticatorSelection:{residentKey:"preferred",userVerification:"preferred",authenticatorAttachment:"platform"}});let m={expectedChallenge:l.challenge,userData:{id:a.user.id}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(m),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(l,{status:200})})),generatePasskeyAuthenticationOptions:c("/passkey/generate-authenticate-options",{method:"POST",body:q.object({email:q.string().optional(),callbackURL:q.string().optional()}).optional()},i=>s(void 0,null,function*(){var m;let a=yield $(i),d=[];a&&(d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}));let u=yield vo(f({rpID:n.rpID,userVerification:"preferred"},d.length?{allowCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}})}:{})),l={expectedChallenge:u.challenge,callbackURL:(m=i.body)==null?void 0:m.callbackURL,userData:{id:(a==null?void 0:a.user.id)||""}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(l),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(u,{status:200})})),verifyPasskeyRegistration:c("/passkey/verify-registration",{method:"POST",body:q.object({response:q.any(),name:q.string().optional()}),use:[A]},i=>s(void 0,null,function*(){var p;let a=(e==null?void 0:e.origin)||((p=i.headers)==null?void 0:p.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{userData:l,expectedChallenge:m}=JSON.parse(u);if(l.id!==i.context.session.user.id)throw new Po("UNAUTHORIZED",{message:"You are not authorized to register this passkey"});try{let y=yield To({response:d,expectedChallenge:m,expectedOrigin:a,expectedRPID:e==null?void 0:e.rpID}),{verified:R,registrationInfo:I}=y;if(!R||!I)return i.json(null,{status:400});let{credentialID:S,credentialPublicKey:_,counter:k,credentialDeviceType:z,credentialBackedUp:ke}=I,N=Buffer.from(_).toString("base64"),Me=Ft(32,Mt("a-z","0-9")),Nt={name:i.body.name,userId:l.id,webauthnUserID:Me,id:S,publicKey:N,counter:k,deviceType:z,transports:d.response.transports.join(","),backedUp:ke,createdAt:new Date},$t=yield i.context.adapter.create({model:"passkey",data:Nt});return i.json($t,{status:200})}catch(y){return console.log(y),i.json(null,{status:400,body:{message:"Registration failed"}})}})),verifyPasskeyAuthentication:c("/passkey/verify-authentication",{method:"POST",body:q.object({response:q.any()})},i=>s(void 0,null,function*(){var y,R;let a=(e==null?void 0:e.origin)||((y=i.headers)==null?void 0:y.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{expectedChallenge:l,callbackURL:m}=JSON.parse(u),p=yield i.context.adapter.findOne({model:"passkey",where:[{field:"id",value:d.id}]});if(!p)return i.json(null,{status:401,body:{message:"Passkey not found"}});try{let I=yield Ro({response:d,expectedChallenge:l,expectedOrigin:a,expectedRPID:n.rpID,authenticator:{credentialID:p.id,credentialPublicKey:new Uint8Array(Buffer.from(p.publicKey,"base64")),counter:p.counter,transports:(R=p.transports)==null?void 0:R.split(",")}}),{verified:S}=I;if(!S)return i.json(null,{status:401,body:{message:"verification failed"}});yield i.context.adapter.update({model:"passkey",where:[{field:"id",value:p.id}],update:{counter:I.authenticationInfo.newCounter}});let _=yield i.context.internalAdapter.createSession(p.userId,i.request);return _?(yield T(i,_.id),m?i.json({url:m,redirect:!0,session:_}):i.json({session:_},{status:200})):i.json(null,{status:500,body:{message:"Failed to create session"}})}catch(I){return i.context.logger.error(I),i.json(null,{status:400,body:{message:"Authentication failed"}})}})),listPasskeys:c("/passkey/list-user-passkeys",{method:"GET",use:[A]},i=>s(void 0,null,function*(){let a=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:i.context.session.user.id}]});return i.json(a,{status:200})})),deletePasskey:c("/passkey/delete-passkey",{method:"POST",body:q.object({id:q.string()}),use:[A]},i=>s(void 0,null,function*(){return yield i.context.adapter.delete({model:"passkey",where:[{field:"id",value:i.body.id}]}),i.json(null,{status:200})}))},schema:{passkey:{fields:{name:{type:"string",required:!1},publicKey:{type:"string"},userId:{type:"string",references:{model:"user",field:"id"}},webauthnUserID:{type:"string"},counter:{type:"number"},deviceType:{type:"string"},backedUp:{type:"boolean"},transports:{type:"string",required:!1},createdAt:{type:"date",defaultValue:new Date,required:!1}}}}}};import{z as B}from"zod";import{APIError as Ae}from"better-call";var Dt=()=>({id:"username",endpoints:{signInUsername:c("/sign-in/username",{method:"POST",body:B.object({username:B.string(),password:B.string(),dontRememberMe:B.boolean().optional(),callbackURL:B.string().optional()})},e=>s(void 0,null,function*(){let r=yield e.context.adapter.findOne({model:"user",where:[{field:"username",value:e.body.username}]});if(!r)throw yield e.context.password.hash(e.body.password),e.context.logger.error("User not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let o=yield e.context.adapter.findOne({model:"account",where:[{field:"userId",value:r.id},{field:"providerId",value:"credential"}]});if(!o)throw new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let n=o==null?void 0:o.password;if(!n)throw e.context.logger.error("Password not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(n,e.body.password)))throw e.context.logger.error("Invalid password"),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let i=yield e.context.internalAdapter.createSession(r.id,e.request);return i?(yield e.setSignedCookie(e.context.authCookies.sessionToken.name,i.id,e.context.secret,e.body.dontRememberMe?g(f({},e.context.authCookies.sessionToken.options),{maxAge:void 0}):e.context.authCookies.sessionToken.options),e.json({user:r,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})):e.json(null,{status:500,body:{message:"Failed to create session",status:500}})})),signUpUsername:c("/sign-up/username",{method:"POST",body:B.object({username:B.string().min(3).max(20),name:B.string(),email:B.string().email(),password:B.string(),image:B.string().optional(),callbackURL:B.string().optional()})},e=>s(void 0,null,function*(){let r=yield Ee(g(f({},e),{_flag:void 0}));return r?(yield e.context.internalAdapter.updateUserByEmail(r.user.email,{username:e.body.username}),e.body.callbackURL?e.json(r,{body:f({url:e.body.callbackURL,redirect:!0},r)}):e.json(r)):e.json(null,{status:400,body:{message:"Sign up failed",status:400}})}))},schema:{user:{fields:{username:{type:"string",required:!1,unique:!0,returned:!0}}}}});import{serializeSigned as So}from"better-call";var Gl=()=>({id:"bearer",hooks:{before:[{matcher(e){var r,o;return((o=(r=e.request)==null?void 0:r.headers.get("authorization"))==null?void 0:o.startsWith("Bearer "))||!1},handler:e=>s(void 0,null,function*(){var t,i;let r=(i=(t=e.request)==null?void 0:t.headers.get("authorization"))==null?void 0:i.replace("Bearer ","");if(!r)throw new C("No token found");let o=e.headers||new Headers,n=yield So("",r,e.context.secret);o.set("cookie",`${e.context.authCookies.sessionToken.name}=${n.replace("=","")}`)})}]}});import{z as J}from"zod";import{APIError as qt}from"better-call";import{validateJWT as Uo}from"oslo/jwt";import"process";var sm=e=>({id:"magic-link",endpoints:{signInMagicLink:c("/sign-in/magic-link",{method:"POST",requireHeaders:!0,body:J.object({email:J.string().email(),callbackURL:J.string().optional(),currentURL:J.string().optional()})},r=>s(void 0,null,function*(){let{email:o}=r.body;if(!(yield r.context.internalAdapter.findUserByEmail(o)))throw new qt("UNAUTHORIZED",{message:"User not found"});let t=yield ne(r.context.secret,o),i=`${r.context.baseURL}/magic-link/verify?token=${t}&callbackURL=${r.body.callbackURL||r.body.currentURL}`;try{yield e.sendMagicLink({email:o,url:i,token:t})}catch(a){throw r.context.logger.error("Failed to send magic link",a),new qt("INTERNAL_SERVER_ERROR",{message:"Failed to send magic link"})}return r.json({status:!0})})),magicLinkVerify:c("/magic-link/verify",{method:"GET",query:J.object({token:J.string(),callbackURL:J.string().optional()}),requireHeaders:!0},r=>s(void 0,null,function*(){let{token:o,callbackURL:n}=r.query,t;try{t=yield Uo("HS256",Buffer.from(r.context.secret),o)}catch(l){if(r.context.logger.error("Failed to verify email",l),n)throw r.redirect(`${n}?error=INVALID_TOKEN`);return r.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let a=J.object({email:J.string().email()}).parse(t.payload),d=yield r.context.internalAdapter.findUserByEmail(a.email);if(!d){if(n)throw r.redirect(`${n}?error=USER_NOT_FOUND`);return r.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}})}let u=yield r.context.internalAdapter.createSession(d.user.id,r.headers);if(!u){if(n)throw r.redirect(`${n}?error=SESSION_NOT_CREATED`);return r.json(null,{status:400,statusText:"SESSION NOT CREATED",body:{message:"Failed to create session"}})}if(yield T(r,u.id),!n)return r.json({status:!0});throw r.redirect(n)}))}});export{K as HIDE_METADATA,_e as ac,Gl as bearer,c as createAuthEndpoint,M as createAuthMiddleware,Oo as getPasskeyActions,sm as magicLink,Ne as optionsMiddleware,ku as organization,_l as passkey,kl as passkeyClient,Rc as twoFactor,mc as twoFactorClient,Dt as username};
+</html>`,Xr=c("/error",{method:"GET",metadata:K},e=>s(void 0,null,function*(){var o;let r=new URL(((o=e.request)==null?void 0:o.url)||"").searchParams.get("error")||"Unknown";return new Response(Yr(r),{headers:{"Content-Type":"text/html"}})}));var eo=c("/ok",{method:"GET",metadata:K},e=>s(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as dt,generateRandomString as ut}from"oslo/crypto";import{z as G}from"zod";var at=(e,r)=>{let o={};for(let[n,t]of Object.entries(e))o[n]=i=>t(g(f({},i),{context:f(f({},r),i.context)})),o[n].path=t.path,o[n].method=t.method,o[n].options=t.options,o[n].headers=t.headers;return o};function Ce(e,r){return s(this,null,function*(){let o=yield e.context.internalAdapter.findAccounts(r.userId),n=o==null?void 0:o.find(a=>a.providerId==="credential"),t=n==null?void 0:n.password;return!n||!t?!1:yield e.context.password.verify(t,r.password)})}var Ee=c("/sign-up/email",{method:"POST",query:G.object({currentURL:G.string().optional()}).optional(),body:G.object({name:G.string(),email:G.string(),password:G.string(),image:G.string().optional(),callbackURL:G.string().optional()})},e=>s(void 0,null,function*(){var y,R,I,S;if(!((y=e.context.options.emailAndPassword)!=null&&y.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:r,email:o,password:n,image:t}=e.body;if(!G.string().email().safeParse(o).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let a=e.context.password.config.minPasswordLength;if(n.length<a)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(n.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=yield e.context.internalAdapter.findUserByEmail(o),l=yield e.context.password.hash(n);if(u!=null&&u.user)return e.json(null,{status:400,body:{message:"User already exists"}});let m=yield e.context.internalAdapter.createUser({id:ut(32,dt("a-z","0-9","A-Z")),email:o.toLowerCase(),name:r,image:t,emailVerified:!1,createdAt:new Date,updatedAt:new Date});if(!m)return e.json(null,{status:400,body:{message:"Could not create user"}});yield e.context.internalAdapter.linkAccount({id:ut(32,dt("a-z","0-9","A-Z")),userId:m.id,providerId:"credential",accountId:m.id,password:l});let p=yield e.context.internalAdapter.createSession(m.id,e.request);if(!p)return e.json(null,{status:400,body:{message:"Could not create session"}});if(yield T(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let _=yield ne(e.context.secret,m.email),k=`${e.context.baseURL}/verify-email?token=${_}&callbackURL=${e.body.callbackURL||((R=e.query)==null?void 0:R.currentURL)||"/"}`;yield(S=(I=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:S.call(I,m.email,k,_)}return e.json({user:m,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:m,session:p}})}));var _e={};Jt(_e,{AccessControl:()=>ie,ParsingError:()=>Q,Role:()=>ee,adminAc:()=>mt,createAccessControl:()=>ct,defaultAc:()=>pe,defaultRoles:()=>ze,defaultStatements:()=>lt,memberAc:()=>ft,ownerAc:()=>pt,permissionFromString:()=>to});var Q=class extends Error{constructor(o,n){super(o);ae(this,"path");this.path=n}},ie=class{constructor(r){this.s=r;ae(this,"statements");this.statements=r}newRole(r){return new ee(r)}},ee=class e{constructor(r){ae(this,"statements");this.statements=r}authorize(r,o){for(let[n,t]of Object.entries(r)){let i=this.statements[n];if(!i)return{success:!1,error:`You are not allowed to access resource: ${n}`};let a=o==="OR"?t.some(d=>i.includes(d)):t.every(d=>i.includes(d));return a?{success:a}:{success:!1,error:`unauthorized to access resource "${n}"`}}return{success:!1,error:"Not authorized"}}static fromString(r){let o=JSON.parse(r);if(typeof o!="object")throw new Q("statements is not an object",".");for(let[n,t]of Object.entries(o)){if(typeof n!="string")throw new Q("invalid resource identifier",n);if(!Array.isArray(t))throw new Q("actions is not an array",n);for(let i=0;i<t.length;i++)if(typeof t[i]!="string")throw new Q("action is not a string",`${n}[${i}]`)}return new e(o)}toString(){return JSON.stringify(this.statements)}};var ct=e=>new ie(e),lt={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},pe=ct(lt),mt=pe.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),pt=pe.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),ft=pe.newRole({organization:[],member:[],invitation:[]}),ze={admin:mt,owner:pt,member:ft};var to=e=>ee.fromString(e!=null?e:"");var ro={findFullOrganization:(e,r)=>s(void 0,null,function*(){let o=yield r==null?void 0:r.selectFrom("organization").leftJoin("member","organization.id","member.organizationId").leftJoin("invitation","organization.id","invitation.organizationId").leftJoin("user","member.userId","user.id").where("organization.id","=",e).select(["organization.id as org_id","organization.name as org_name","organization.slug as org_slug","organization.logo as org_logo","organization.metadata as org_metadata","organization.createdAt as org_createdAt","member.id as member_id","member.userId as member_user_id","member.role as member_role","member.createdAt as member_createdAt","invitation.id as invitation_id","invitation.email as invitation_email","invitation.status as invitation_status","invitation.expiresAt as invitation_expiresAt","invitation.role as invitation_role","invitation.inviterId as invitation_inviterId","user.id as user_id","user.name as user_name","user.email as user_email","user.image as user_image"]).execute();if(!o||o.length===0)return null;let n={id:o[0].org_id,name:o[0].org_name,slug:o[0].org_slug,logo:o[0].org_logo,metadata:o[0].org_metadata?JSON.parse(o[0].org_metadata):void 0,createdAt:o[0].org_createdAt,members:[],invitations:[]};return o.forEach(t=>{t.member_id&&(n.members.find(a=>a.id===t.member_id)||n.members.push({id:t.member_id,userId:t.member_user_id,role:t.member_role,createdAt:t.member_createdAt,user:{id:t.user_id,name:t.user_name,email:t.user_email,image:t.user_image},email:t.user_email,organizationId:t.org_id})),t.invitation_id&&n.invitations.push({id:t.invitation_id,email:t.invitation_email,status:t.invitation_status,expiresAt:t.invitation_expiresAt,organizationId:t.org_id,role:t.invitation_role,inviterId:t.invitation_inviterId})}),n})},O=(e,r)=>({findOrganizationBySlug:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"slug",value:o}]})}),createOrganization:o=>s(void 0,null,function*(){let n=yield e.create({model:"organization",data:g(f({},o.organization),{metadata:o.organization.metadata?JSON.stringify(o.organization.metadata):void 0})}),t=yield e.create({model:"member",data:{id:H(),organizationId:n.id,userId:o.user.id,createdAt:new Date,email:o.user.email,role:(r==null?void 0:r.creatorRole)||"owner"}});return g(f({},n),{metadata:n.metadata?JSON.parse(n.metadata):void 0,members:[g(f({},t),{user:{id:o.user.id,name:o.user.name,email:o.user.email,image:o.user.image}})]})}),findMemberByEmail:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberByOrgId:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"userId",value:o.userId},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberById:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"id",value:o}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),createMember:o=>s(void 0,null,function*(){return yield e.create({model:"member",data:o})}),updateMember:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"member",where:[{field:"id",value:o}],update:{role:n}})}),deleteMember:o=>s(void 0,null,function*(){return yield e.delete({model:"member",where:[{field:"id",value:o}]})}),updateOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"organization",where:[{field:"id",value:o}],update:n})}),deleteOrganization:o=>s(void 0,null,function*(){let n=yield e.delete({model:"organization",where:[{field:"id",value:o}]});return o}),setActiveOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"session",where:[{field:"id",value:o}],update:{activeOrganizationId:n}})}),findOrganizationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"id",value:o}]})}),findFullOrganization:(o,n)=>s(void 0,null,function*(){function t(){return s(this,null,function*(){let i=yield e.findOne({model:"organization",where:[{field:"id",value:o}]}),a=yield e.findMany({model:"invitation",where:[{field:"organizationId",value:o}]}),d=yield e.findMany({model:"member",where:[{field:"organizationId",value:o}]}),u=yield Promise.all(d.map(m=>s(this,null,function*(){let p=yield e.findOne({model:"user",where:[{field:"id",value:m.userId}]});if(!p)throw new C("Unexpected error: User not found for member");return g(f({},m),{user:{id:p.id,name:p.name,email:p.email,image:p.image}})})));return g(f({},i),{invitations:a,members:u})})}return n?ro.findFullOrganization(o,n):t()}),listOrganizations:o=>s(void 0,null,function*(){let n=yield e.findMany({model:"member",where:[{field:"userId",value:o}]}),t=n==null?void 0:n.map(a=>a.organizationId);if(!t)return[];let i=[];for(let a of t){let d=yield e.findOne({model:"organization",where:[{field:"id",value:a}]});d&&i.push(d)}return i}),createInvitation:t=>s(void 0,[t],function*({invitation:o,user:n}){let a=ue((r==null?void 0:r.invitationExpiresIn)||1728e5);return yield e.create({model:"invitation",data:{id:H(),email:o.email,role:o.role,organizationId:o.organizationId,status:"pending",expiresAt:a,inviterId:n.id}})}),findInvitationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"invitation",where:[{field:"id",value:o}]})}),findPendingInvitation:o=>s(void 0,null,function*(){return(yield e.findMany({model:"invitation",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId},{field:"status",value:"pending"}]})).filter(t=>new Date(t.expiresAt)>new Date)}),updateInvitation:o=>s(void 0,null,function*(){return yield e.update({model:"invitation",where:[{field:"id",value:o.invitationId}],update:{status:o.status}})})});import"better-call";import{APIError as ld,createRouter as md}from"better-call";import{APIError as gt}from"better-call";import{z as yt}from"zod";var oo=M({body:yt.object({csrfToken:yt.string().optional()}).optional()},e=>s(void 0,null,function*(){var d,u,l,m;if(((d=e.request)==null?void 0:d.method)!=="POST"||(u=e.context.options.advanced)!=null&&u.disableCSRFCheck)return;let r=new URL(e.request.url);if(r.origin===new URL(e.context.baseURL).origin||(l=e.context.options.trustedOrigins)!=null&&l.includes(r.origin))return;let o=(m=e.body)==null?void 0:m.csrfToken,n=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[t,i]=(n==null?void 0:n.split("!"))||[null,null];if(!o||!n||!t||!i||n!==o)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=yield F(e.context.secret,t);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import Od from"chalk";var P=M(e=>s(void 0,null,function*(){return{}})),U=M({use:[A]},e=>s(void 0,null,function*(){return{session:e.context.session}}));import{z as x}from"zod";import{z as w}from"zod";var fe=w.enum(["admin","member","owner"]),no=w.enum(["pending","accepted","rejected","canceled"]).default("pending"),Md=w.object({id:w.string(),name:w.string(),slug:w.string(),logo:w.string().optional(),metadata:w.record(w.string()).or(w.string().transform(e=>JSON.parse(e))).optional(),createdAt:w.date()}),Fd=w.object({id:w.string(),email:w.string(),organizationId:w.string(),userId:w.string(),role:fe,createdAt:w.date()}),Dd=w.object({id:w.string(),organizationId:w.string(),email:w.string(),role:fe,status:no,inviterId:w.string(),expiresAt:w.date()});var ht=c("/organization/invite-member",{method:"POST",use:[P,U],body:x.object({email:x.string(),role:fe,organizationId:x.string().optional(),resend:x.boolean().optional()})},e=>s(void 0,null,function*(){var p,y;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({invitation:["create"]}).error)return e.json(null,{body:{message:"You are not allowed to invite users to this organization"},status:403});if(yield n.findMemberByEmail({email:e.body.email,organizationId:o}))return e.json(null,{status:400,body:{message:"User is already a member of this organization"}});if((yield n.findPendingInvitation({email:e.body.email,organizationId:o})).length&&!e.body.resend)return e.json(null,{status:400,body:{message:"User is already invited to this organization"}});let l=yield n.createInvitation({invitation:{role:e.body.role,email:e.body.email,organizationId:o},user:r.user}),m=yield n.findOrganizationById(o);return m?(yield(y=(p=e.context.orgOptions).sendInvitationEmail)==null?void 0:y.call(p,{id:l.id,role:l.role,email:l.email,organization:m,inviter:g(f({},t),{user:r.user})},e.request),e.json(l)):e.json(null,{status:400,body:{message:"Organization not found!"}})})),wt=c("/organization/accept-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"accepted"}),i=yield o.createMember({id:H(),organizationId:n.organizationId,userId:r.user.id,email:n.email,role:n.role,createdAt:new Date});return yield o.setActiveOrganization(r.session.id,n.organizationId),t?e.json({invitation:t,member:i}):e.json(null,{status:400,body:{message:"Invitation not found!"}})})),bt=c("/organization/reject-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"rejected"});return e.json({invitation:t,member:null})})),At=c("/organization/cancel-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n)return e.json(null,{status:400,body:{message:"Invitation not found!"}});let t=yield o.findMemberByOrgId({userId:r.user.id,organizationId:n.organizationId});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization"}});if(e.context.roles[t.role].authorize({invitation:["cancel"]}).error)return e.json(null,{status:403,body:{message:"You are not allowed to cancel this invitation"}});let a=yield o.updateInvitation({invitationId:e.body.invitationId,status:"canceled"});return e.json(a)})),kt=c("/organization/get-invitation",{method:"GET",use:[P],requireHeaders:!0,query:x.object({id:x.string()})},e=>s(void 0,null,function*(){let r=yield $(e);if(!r)return e.json(null,{status:400,body:{message:"User not logged in"}});let o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.query.id);if(!n||n.status!=="pending"||n.expiresAt<new Date)return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.findOrganizationById(n.organizationId);if(!t)return e.json(null,{status:400,body:{message:"Organization not found!"}});let i=yield o.findMemberByOrgId({userId:n.inviterId,organizationId:n.organizationId});return i?e.json(g(f({},n),{organizationName:t.name,organizationSlug:t.slug,inviterEmail:i.email})):e.json(null,{status:400,body:{message:"Inviter is no longer a member of this organization"}})}));import{z as Y}from"zod";var Ot=c("/organization/remove-member",{method:"POST",body:Y.object({memberIdOrEmail:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){var m;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});let a=r.user.email===e.body.memberIdOrEmail||t.id===e.body.memberIdOrEmail;if(a&&t.role===(((m=e.context.orgOptions)==null?void 0:m.creatorRole)||"owner"))return e.json(null,{status:400,body:{message:"You cannot leave the organization as the owner"}});if(!(a||i.authorize({member:["delete"]}).success))return e.json(null,{body:{message:"You are not allowed to delete this member"},status:403});let l=null;return e.body.memberIdOrEmail.includes("@")?l=yield n.findMemberByEmail({email:e.body.memberIdOrEmail,organizationId:o}):l=yield n.findMemberById(e.body.memberIdOrEmail),(l==null?void 0:l.organizationId)!==o?e.json(null,{status:400,body:{message:"Member not found!"}}):(yield n.deleteMember(l.id),r.user.id===l.userId&&r.session.activeOrganizationId===l.organizationId&&(yield n.setActiveOrganization(r.session.id,null)),e.json({member:l}))})),vt=c("/organization/update-member-role",{method:"POST",body:Y.object({role:Y.enum(["admin","member","owner"]),memberId:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({member:["update"]}).error||e.body.role==="owner"&&t.role!=="owner")return e.json(null,{body:{message:"You are not allowed to update this member"},status:403});let d=yield n.updateMember(e.body.memberId,e.body.role);return d?e.json(d):e.json(null,{status:400,body:{message:"Member not found!"}})}));import{z as v}from"zod";var It=c("/organization/create",{method:"POST",body:v.object({name:v.string(),slug:v.string(),userId:v.string().optional(),logo:v.string().optional(),metadata:v.record(v.string()).optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session.user;if(!r)return e.json(null,{status:401});let o=e.context.orgOptions;if(!(typeof(o==null?void 0:o.allowUserToCreateOrganization)=="function"?yield o.allowUserToCreateOrganization(r):(o==null?void 0:o.allowUserToCreateOrganization)===void 0?!0:o.allowUserToCreateOrganization))return e.json(null,{status:403,body:{message:"You are not allowed to create organizations"}});let t=O(e.context.adapter,o),i=yield t.listOrganizations(r.id);if(typeof o.organizationLimit=="number"?i.length>=o.organizationLimit:typeof o.organizationLimit=="function"?yield o.organizationLimit(r):!1)return e.json(null,{status:403,body:{message:"You have reached the maximum number of organizations"}});if(yield t.findOrganizationBySlug(e.body.slug))return e.json(null,{status:400,body:{message:"Organization with this slug already exists"}});let u=yield t.createOrganization({organization:{id:H(),slug:e.body.slug,name:e.body.name,logo:e.body.logo,createdAt:new Date,metadata:e.body.metadata},user:r});return e.json(u)})),Rt=c("/organization/update",{method:"POST",body:v.object({data:v.object({name:v.string().optional(),slug:v.string().optional()}).partial(),orgId:v.string().optional()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({organization:["update"]}).error)return e.json(null,{body:{message:"You are not allowed to update this organization"},status:403});let d=yield n.updateOrganization(o,e.body.data);return e.json(d)})),Tt=c("/organization/delete",{method:"POST",body:v.object({orgId:v.string()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];return i?i.authorize({organization:["delete"]}).error?e.json(null,{body:{message:"You are not allowed to delete this organization"},status:403}):(o===r.session.activeOrganizationId&&(yield n.setActiveOrganization(r.session.id,null)),yield n.deleteOrganization(o),e.json(o)):e.json(null,{status:400,body:{message:"Role not found!"}})})),Pt=c("/organization/get-full",{method:"GET",query:v.object({orgId:v.string().optional()}),requireHeaders:!0,use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.query.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let t=yield O(e.context.adapter,e.context.orgOptions).findFullOrganization(o,e.context.db);return t?e.json(t):e.json(null,{status:404,body:{message:"Organization not found!"}})})),St=c("/organization/activate",{method:"POST",body:v.object({orgId:v.string().nullable().optional()}),use:[U,P]},e=>s(void 0,null,function*(){let r=O(e.context.adapter,e.context.orgOptions),o=e.context.session,n=e.body.orgId;if(n===null)return o.session.activeOrganizationId&&(yield r.setActiveOrganization(o.session.id,null)),e.json(null);if(!n){let a=o.session.activeOrganizationId;if(!a)return e.json(null);n=a}if(!(yield r.findMemberByOrgId({userId:o.user.id,organizationId:n})))return yield r.setActiveOrganization(o.session.id,null),e.json(null,{status:400,body:{message:"You are not a member of this organization"}});yield r.setActiveOrganization(o.session.id,n);let i=yield r.findFullOrganization(n,e.context.db);return e.json(i)})),Ut=c("/organization/list",{method:"GET",use:[P,U]},e=>s(void 0,null,function*(){let o=yield O(e.context.adapter,e.context.orgOptions).listOrganizations(e.context.session.user.id);return e.json(o)}));var ku=e=>{let r={createOrganization:It,updateOrganization:Rt,deleteOrganization:Tt,setActiveOrganization:St,getFullOrganization:Pt,listOrganization:Ut,createInvitation:ht,cancelInvitation:At,acceptInvitation:wt,getInvitation:kt,rejectInvitation:bt,removeMember:Ot,updateMemberRole:vt},o=f(f({},ze),e==null?void 0:e.roles),n=at(r,{orgOptions:e||{},roles:o,getSession:t=>s(void 0,null,function*(){return yield $(t)})});return{id:"organization",endpoints:g(f({},n),{hasPermission:c("/organization/has-permission",{method:"POST",requireHeaders:!0,body:se.object({permission:se.record(se.string(),se.array(se.string()))}),use:[U]},t=>s(void 0,null,function*(){if(!t.context.session.session.activeOrganizationId)throw new Ct("BAD_REQUEST",{message:"No active organization"});let a=yield O(t.context.adapter).findMemberByOrgId({userId:t.context.session.user.id,organizationId:t.context.session.session.activeOrganizationId||""});if(!a)throw new Ct("UNAUTHORIZED",{message:"You are not a member of this organization"});let u=o[a.role].authorize(t.body.permission);return u.error?t.json({error:u.error,success:!1},{status:403}):t.json({error:null,success:!0})}))}),schema:{session:{fields:{activeOrganizationId:{type:"string",required:!1}}},organization:{fields:{name:{type:"string",required:!0},slug:{type:"string",unique:!0},logo:{type:"string",required:!1},createdAt:{type:"date",required:!0},metadata:{type:"string",required:!1}}},member:{fields:{organizationId:{type:"string",required:!0},userId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!0,defaultValue:"member"},createdAt:{type:"date",required:!0}}},invitation:{fields:{organizationId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!1},status:{type:"string",required:!0,defaultValue:"pending"},expiresAt:{type:"date",required:!0},inviterId:{type:"string",references:{model:"user",field:"id"},required:!0}}}},$Infer:{Organization:{},Invitation:{},Member:{},ActiveOrganization:{}}}};import{alphabet as fo,generateRandomString as go}from"oslo/crypto";import{z as be}from"zod";import{alphabet as io,generateRandomString as so}from"oslo/crypto";import{z as he}from"zod";import{APIError as te}from"better-call";var ge="two-factor";var ye="trust-device";import{z as je}from"zod";var X=M({body:je.object({trustDevice:je.boolean().optional(),callbackURL:je.string().optional()})},e=>s(void 0,null,function*(){let r=e.context.createAuthCookie(ge),o=yield e.getSignedCookie(r.name,e.context.secret);if(!o)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let[n,t]=o.split("!");if(!n||!t)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let i=yield e.context.adapter.findMany({model:"session",where:[{field:"userId",value:n}]});if(!i.length)throw new te("UNAUTHORIZED",{message:"invalid session"});let a=i.filter(d=>d.expiresAt>new Date);if(!a)throw new te("UNAUTHORIZED",{message:"invalid session"});for(let d of a){let u=yield F(e.context.secret,d.id),l=yield e.context.adapter.findOne({model:"user",where:[{field:"id",value:d.userId}]});if(!l)throw new te("UNAUTHORIZED",{message:"invalid session"});if(u===t)return{valid:()=>s(void 0,null,function*(){if(yield T(e,d.id,!1),e.body.trustDevice){let m=e.context.createAuthCookie(ye,{maxAge:2592e3}),p=yield F(e.context.secret,`${l.id}!${d.id}`);yield e.setSignedCookie(m.name,`${p}!${d.id}`,e.context.secret,m.options)}return e.body.callbackURL?e.json({status:!0,callbackURL:e.body.callbackURL,redirect:!0}):e.json({status:!0})}),invalid:()=>s(void 0,null,function*(){return e.json({status:!1},{status:401,body:{message:"Invalid code"}})}),session:{id:d.id,userId:d.userId,expiresAt:d.expiresAt,user:l}}}throw new te("UNAUTHORIZED",{message:"invalid two factor authentication"})}));function ao(e){var r;return Array.from({length:(r=e==null?void 0:e.amount)!=null?r:10}).fill(null).map(()=>{var o;return so((o=e==null?void 0:e.length)!=null?o:10,io("a-z","0-9"))}).map(o=>`${o.slice(0,5)}-${o.slice(5)}`)}function Le(e,r){return s(this,null,function*(){let o=e,n=r!=null&&r.customBackupCodesGenerate?r.customBackupCodesGenerate():ao(),t=le({data:JSON.stringify(n),key:o});return{backupCodes:n,encryptedBackupCodes:t}})}function uo(e,r){return s(this,null,function*(){let o=yield Et(e.user,r);return o?o.includes(e.code):!1})}function Et(e,r){return s(this,null,function*(){let o=Buffer.from(yield me({key:r,data:e.twoFactorBackupCodes})).toString("utf-8"),n=JSON.parse(o),t=he.array(he.string()).safeParse(n);return t.success?t.data:null})}var zt=e=>({id:"backup_code",endpoints:{verifyBackupCode:c("/two-factor/verify-backup-code",{method:"POST",body:he.object({code:he.string()}),use:[X]},r=>s(void 0,null,function*(){return uo({user:r.context.session.user,code:r.body.code},r.context.secret)?r.json({status:!0}):r.json({status:!1},{status:401})})),generateBackupCodes:c("/two-factor/generate-backup-codes",{method:"POST",use:[A]},r=>s(void 0,null,function*(){let o=yield Le(r.context.secret,e);return yield r.context.adapter.update({model:"user",update:{twoFactorEnabled:!0,twoFactorBackupCodes:o.encryptedBackupCodes},where:[{field:"id",value:r.context.session.user.id}]}),r.json({status:!0,backupCodes:o.backupCodes})})),viewBackupCodes:c("/view/backup-codes",{method:"GET",use:[A]},r=>s(void 0,null,function*(){let o=r.context.session.user,n=Et(o,r.context.secret);return r.json({status:!0,backupCodes:n})}))}});import{APIError as _t}from"better-call";import"oslo/crypto";import{TOTPController as co}from"oslo/otp";import{z as jt}from"zod";import{TimeSpan as lo}from"oslo";var Lt=e=>{let r={period:new lo((e==null?void 0:e.period)||3,"m")},o=new co({digits:6,period:r.period}),n=c("/two-factor/send-otp",{method:"POST",use:[X]},i=>s(void 0,null,function*(){if(!e||!e.sendOTP)throw i.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options."),new _t("BAD_REQUEST",{message:"otp isn't configured"});let a=i.context.session.user,d=yield o.generate(Buffer.from(a.twoFactorSecret));return yield e.sendOTP(a,d),i.json({status:!0})})),t=c("/two-factor/verify-otp",{method:"POST",body:jt.object({code:jt.string()}),use:[X]},i=>s(void 0,null,function*(){let a=i.context.session.user;if(!a.twoFactorEnabled)throw new _t("BAD_REQUEST",{message:"two factor isn't enabled"});return(yield o.generate(Buffer.from(a.twoFactorSecret)))===i.body.code?i.context.valid():i.context.invalid()}));return{id:"otp",endpoints:{send2FaOTP:n,verifyOTP:t}}};import{APIError as we}from"better-call";import{TimeSpan as mo}from"oslo";import{TOTPController as xt,createTOTPKeyURI as po}from"oslo/otp";import{z as xe}from"zod";var Bt=e=>{let r={digits:6,period:new mo((e==null?void 0:e.period)||30,"s")},o=c("/totp/generate",{method:"POST",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;return{code:yield new xt(r).generate(Buffer.from(a.twoFactorSecret))}})),n=c("/two-factor/get-totp-uri",{method:"GET",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;if(!a.twoFactorSecret)throw new we("BAD_REQUEST",{message:"totp isn't enabled"});return{totpURI:po((e==null?void 0:e.issuer)||"BetterAuth",a.email,Buffer.from(a.twoFactorSecret),r)}})),t=c("/two-factor/verify-totp",{method:"POST",body:xe.object({code:xe.string(),callbackURL:xe.string().optional()}),use:[X]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=new xt(r),d=Buffer.from(yield me({key:i.context.secret,data:i.context.session.user.twoFactorSecret}));return(yield a.verify(i.body.code,d))?i.context.valid():i.context.invalid()}));return{id:"totp",endpoints:{generateTOTP:o,viewTOTPURI:n,verifyTOTP:t}}};var mc=(e={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:o=>o==="/two-factor/enable"||o==="/two-factor/send-otp"||o==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{onSuccess(o){return s(this,null,function*(){var n;(n=o.data)!=null&&n.twoFactorRedirect&&(e.redirect||e.twoFactorPage)&&typeof window!="undefined"&&(window.location.href=e.twoFactorPage)})}}}]});var Rc=e=>{let r=Bt(f({issuer:(e==null?void 0:e.issuer)||"better-auth"},e==null?void 0:e.totpOptions)),o=zt(e==null?void 0:e.backupCodeOptions),n=Lt(e==null?void 0:e.otpOptions);return{id:"two-factor",endpoints:g(f(f(f({},r.endpoints),n.endpoints),o.endpoints),{enableTwoFactor:c("/two-factor/enable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;if(!(yield Ce(t,{password:a,userId:i.id})))return t.json({status:!1},{status:400,body:{message:"Invalid password"}});let u=go(16,fo("a-z","0-9","-")),l=le({key:t.context.secret,data:u}),m=yield Le(t.context.secret,e==null?void 0:e.backupCodeOptions);return yield t.context.adapter.update({model:"user",update:{twoFactorSecret:l,twoFactorEnabled:!0,twoFactorBackupCodes:m.encryptedBackupCodes},where:[{field:"id",value:i.id}]}),t.json({status:!0})})),disableTwoFactor:c("/two-factor/disable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;return(yield Ce(t,{password:a,userId:i.id}))?(yield t.context.adapter.update({model:"user",update:{twoFactorEnabled:!1},where:[{field:"id",value:i.id}]}),t.json({status:!0})):t.json({status:!1},{status:400,body:{message:"Invalid password"}})}))}),options:e,hooks:{after:[{matcher(t){return t.path==="/sign-in/email"||t.path==="/sign-in/username"},handler:M(t=>s(void 0,null,function*(){let i=t.context.returned;if((i==null?void 0:i.status)!==200)return;let a=yield i.clone().json();if(!a.user.twoFactorEnabled)return;let d=t.context.createAuthCookie(ye,{maxAge:30*24*60*60}),u=yield t.getSignedCookie(d.name,t.context.secret);if(u){let[y,R]=u.split("!"),I=yield F(t.context.secret,`${a.user.id}!${R}`);if(y===I){let S=yield F(t.context.secret,`${a.user.id}!${a.session.id}`);yield t.setSignedCookie(d.name,`${S}!${a.session.id}`,t.context.secret,d.options);return}}t.setCookie(t.context.authCookies.sessionToken.name,"",{path:"/",sameSite:"lax",httpOnly:!0,secure:!1,maxAge:0});let l=yield F(t.context.secret,a.session.id),m=t.context.createAuthCookie(ge,{maxAge:60*60*24});return yield t.setSignedCookie(m.name,`${a.session.userId}!${l}`,t.context.secret,m.options),{response:new Response(JSON.stringify({twoFactorRedirect:!0}),{headers:t.responseHeader})}}))}]},schema:{user:{fields:{twoFactorEnabled:{type:"boolean",required:!1,defaultValue:!1},twoFactorSecret:{type:"string",required:!1,returned:!1},twoFactorBackupCodes:{type:"string",required:!1,returned:!1}}}},rateLimit:[{pathMatcher(t){return t.startsWith("/two-factor/")},window:10,max:3}]}};import{generateAuthenticationOptions as vo,generateRegistrationOptions as Io,verifyAuthenticationResponse as Ro,verifyRegistrationResponse as To}from"@simplewebauthn/server";import{APIError as Po}from"better-call";import{alphabet as Mt,generateRandomString as Ft}from"oslo/crypto";import{z as q}from"zod";import{WebAuthnError as wo,startAuthentication as bo,startRegistration as Ao}from"@simplewebauthn/browser";import{createFetch as Mc}from"@better-fetch/fetch";import"nanostores";import{betterFetch as Cc}from"@better-fetch/fetch";import{atom as Xc}from"nanostores";import"@better-fetch/fetch";import{atom as yo,onMount as ho}from"nanostores";var Be=(e,r,o,n)=>{let t=yo({data:null,error:null,isPending:!1}),i=()=>{let d=typeof n=="function"?n({data:t.get().data,error:t.get().error,isPending:t.get().isPending}):n;return o(r,g(f({},d),{onSuccess:l=>s(void 0,null,function*(){var m;t.set({data:l.data,error:null,isPending:!1}),yield(m=d==null?void 0:d.onSuccess)==null?void 0:m.call(d,l)}),onError(l){return s(this,null,function*(){var m;t.set({error:l.error,data:null,isPending:!1}),yield(m=d==null?void 0:d.onError)==null?void 0:m.call(d,l)})},onRequest(l){return s(this,null,function*(){var p;let m=t.get();t.set({isPending:!0,data:m.data,error:m.error}),yield(p=d==null?void 0:d.onRequest)==null?void 0:p.call(d,l)})}}))};e=Array.isArray(e)?e:[e];let a=!1;for(let d of e)d.subscribe(()=>{a?i():ho(t,()=>(i(),a=!0,()=>{t.off(),d.off()}))});return t};import{atom as ko}from"nanostores";var Oo=(e,{_listPasskeys:r})=>({signIn:{passkey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-authenticate-options",{method:"POST",body:{email:t==null?void 0:t.email,callbackURL:t==null?void 0:t.callbackURL}});if(!a.data)return a;try{let d=yield bo(a.data,(t==null?void 0:t.autoFill)||!1),u=yield e("/passkey/verify-authentication",f(f({body:{response:d}},t==null?void 0:t.fetchOptions),i));if(!u.data)return u}catch(d){console.log(d)}})},passkey:{addPasskey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let d=yield Ao(a.data),u=yield e("/passkey/verify-registration",g(f(f({},t==null?void 0:t.fetchOptions),i),{body:{response:d,name:t==null?void 0:t.name}}));if(!u.data)return u;r.set(Math.random())}catch(d){return d instanceof wo?d.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:d.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d instanceof Error?d.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}})},$Infer:{}}),kl=()=>{let e=ko();return{id:"passkey",$InferServerPlugin:{},getActions:r=>Oo(r,{_listPasskeys:e}),getAtoms(r){return{listPasskeys:Be(e,"/passkey/list-user-passkeys",r,{method:"GET",credentials:"include"}),_listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(r){return r==="/passkey/verify-registration"||r==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var _l=e=>{let r=process.env.BETTER_AUTH_URL,o=(e==null?void 0:e.rpID)||(r==null?void 0:r.replace("http://","").replace("https://","").replace(":3000",""))||"localhost";if(!o)throw new C("passkey rpID not found. Please provide a rpID in the options or set the BETTER_AUTH_URL environment variable.");let n=g(f({origin:null},e),{rpID:o,advanced:f({webAuthnChallengeCookie:"better-auth-passkey"},e==null?void 0:e.advanced)}),t=60*60*24;return{id:"passkey",endpoints:{generatePasskeyRegistrationOptions:c("/passkey/generate-register-options",{method:"GET",use:[A],metadata:{client:!1}},i=>s(void 0,null,function*(){let a=i.context.session,d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}),u=new Uint8Array(Buffer.from(Ft(32,Mt("a-z","0-9")))),l;l=yield Io({rpName:n.rpName||i.context.appName,rpID:n.rpID,userID:u,userName:a.user.email||a.user.id,attestationType:"none",excludeCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}}),authenticatorSelection:{residentKey:"preferred",userVerification:"preferred",authenticatorAttachment:"platform"}});let m={expectedChallenge:l.challenge,userData:{id:a.user.id}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(m),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(l,{status:200})})),generatePasskeyAuthenticationOptions:c("/passkey/generate-authenticate-options",{method:"POST",body:q.object({email:q.string().optional(),callbackURL:q.string().optional()}).optional()},i=>s(void 0,null,function*(){var m;let a=yield $(i),d=[];a&&(d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}));let u=yield vo(f({rpID:n.rpID,userVerification:"preferred"},d.length?{allowCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}})}:{})),l={expectedChallenge:u.challenge,callbackURL:(m=i.body)==null?void 0:m.callbackURL,userData:{id:(a==null?void 0:a.user.id)||""}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(l),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(u,{status:200})})),verifyPasskeyRegistration:c("/passkey/verify-registration",{method:"POST",body:q.object({response:q.any(),name:q.string().optional()}),use:[A]},i=>s(void 0,null,function*(){var p;let a=(e==null?void 0:e.origin)||((p=i.headers)==null?void 0:p.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{userData:l,expectedChallenge:m}=JSON.parse(u);if(l.id!==i.context.session.user.id)throw new Po("UNAUTHORIZED",{message:"You are not authorized to register this passkey"});try{let y=yield To({response:d,expectedChallenge:m,expectedOrigin:a,expectedRPID:e==null?void 0:e.rpID}),{verified:R,registrationInfo:I}=y;if(!R||!I)return i.json(null,{status:400});let{credentialID:S,credentialPublicKey:_,counter:k,credentialDeviceType:z,credentialBackedUp:ke}=I,N=Buffer.from(_).toString("base64"),Me=Ft(32,Mt("a-z","0-9")),Nt={name:i.body.name,userId:l.id,webauthnUserID:Me,id:S,publicKey:N,counter:k,deviceType:z,transports:d.response.transports.join(","),backedUp:ke,createdAt:new Date},$t=yield i.context.adapter.create({model:"passkey",data:Nt});return i.json($t,{status:200})}catch(y){return console.log(y),i.json(null,{status:400,body:{message:"Registration failed"}})}})),verifyPasskeyAuthentication:c("/passkey/verify-authentication",{method:"POST",body:q.object({response:q.any()})},i=>s(void 0,null,function*(){var y,R;let a=(e==null?void 0:e.origin)||((y=i.headers)==null?void 0:y.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{expectedChallenge:l,callbackURL:m}=JSON.parse(u),p=yield i.context.adapter.findOne({model:"passkey",where:[{field:"id",value:d.id}]});if(!p)return i.json(null,{status:401,body:{message:"Passkey not found"}});try{let I=yield Ro({response:d,expectedChallenge:l,expectedOrigin:a,expectedRPID:n.rpID,authenticator:{credentialID:p.id,credentialPublicKey:new Uint8Array(Buffer.from(p.publicKey,"base64")),counter:p.counter,transports:(R=p.transports)==null?void 0:R.split(",")}}),{verified:S}=I;if(!S)return i.json(null,{status:401,body:{message:"verification failed"}});yield i.context.adapter.update({model:"passkey",where:[{field:"id",value:p.id}],update:{counter:I.authenticationInfo.newCounter}});let _=yield i.context.internalAdapter.createSession(p.userId,i.request);return _?(yield T(i,_.id),m?i.json({url:m,redirect:!0,session:_}):i.json({session:_},{status:200})):i.json(null,{status:500,body:{message:"Failed to create session"}})}catch(I){return i.context.logger.error(I),i.json(null,{status:400,body:{message:"Authentication failed"}})}})),listPasskeys:c("/passkey/list-user-passkeys",{method:"GET",use:[A]},i=>s(void 0,null,function*(){let a=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:i.context.session.user.id}]});return i.json(a,{status:200})})),deletePasskey:c("/passkey/delete-passkey",{method:"POST",body:q.object({id:q.string()}),use:[A]},i=>s(void 0,null,function*(){return yield i.context.adapter.delete({model:"passkey",where:[{field:"id",value:i.body.id}]}),i.json(null,{status:200})}))},schema:{passkey:{fields:{name:{type:"string",required:!1},publicKey:{type:"string",required:!0},userId:{type:"string",references:{model:"user",field:"id"},required:!0},webauthnUserID:{type:"string",required:!0},counter:{type:"number",required:!0},deviceType:{type:"string",required:!0},backedUp:{type:"boolean",required:!0},transports:{type:"string",required:!1},createdAt:{type:"date",defaultValue:new Date,required:!1}}}}}};import{z as B}from"zod";import{APIError as Ae}from"better-call";var Dt=()=>({id:"username",endpoints:{signInUsername:c("/sign-in/username",{method:"POST",body:B.object({username:B.string(),password:B.string(),dontRememberMe:B.boolean().optional(),callbackURL:B.string().optional()})},e=>s(void 0,null,function*(){let r=yield e.context.adapter.findOne({model:"user",where:[{field:"username",value:e.body.username}]});if(!r)throw yield e.context.password.hash(e.body.password),e.context.logger.error("User not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let o=yield e.context.adapter.findOne({model:"account",where:[{field:"userId",value:r.id},{field:"providerId",value:"credential"}]});if(!o)throw new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let n=o==null?void 0:o.password;if(!n)throw e.context.logger.error("Password not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(n,e.body.password)))throw e.context.logger.error("Invalid password"),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let i=yield e.context.internalAdapter.createSession(r.id,e.request);return i?(yield e.setSignedCookie(e.context.authCookies.sessionToken.name,i.id,e.context.secret,e.body.dontRememberMe?g(f({},e.context.authCookies.sessionToken.options),{maxAge:void 0}):e.context.authCookies.sessionToken.options),e.json({user:r,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})):e.json(null,{status:500,body:{message:"Failed to create session",status:500}})})),signUpUsername:c("/sign-up/username",{method:"POST",body:B.object({username:B.string().min(3).max(20),name:B.string(),email:B.string().email(),password:B.string(),image:B.string().optional(),callbackURL:B.string().optional()})},e=>s(void 0,null,function*(){let r=yield Ee(g(f({},e),{_flag:void 0}));return r?(yield e.context.internalAdapter.updateUserByEmail(r.user.email,{username:e.body.username}),e.body.callbackURL?e.json(r,{body:f({url:e.body.callbackURL,redirect:!0},r)}):e.json(r)):e.json(null,{status:400,body:{message:"Sign up failed",status:400}})}))},schema:{user:{fields:{username:{type:"string",required:!1,unique:!0,returned:!0}}}}});import{serializeSigned as So}from"better-call";var Gl=()=>({id:"bearer",hooks:{before:[{matcher(e){var r,o;return((o=(r=e.request)==null?void 0:r.headers.get("authorization"))==null?void 0:o.startsWith("Bearer "))||!1},handler:e=>s(void 0,null,function*(){var t,i;let r=(i=(t=e.request)==null?void 0:t.headers.get("authorization"))==null?void 0:i.replace("Bearer ","");if(!r)throw new C("No token found");let o=e.headers||new Headers,n=yield So("",r,e.context.secret);o.set("cookie",`${e.context.authCookies.sessionToken.name}=${n.replace("=","")}`)})}]}});import{z as J}from"zod";import{APIError as qt}from"better-call";import{validateJWT as Uo}from"oslo/jwt";import"process";var sm=e=>({id:"magic-link",endpoints:{signInMagicLink:c("/sign-in/magic-link",{method:"POST",requireHeaders:!0,body:J.object({email:J.string().email(),callbackURL:J.string().optional(),currentURL:J.string().optional()})},r=>s(void 0,null,function*(){let{email:o}=r.body;if(!(yield r.context.internalAdapter.findUserByEmail(o)))throw new qt("UNAUTHORIZED",{message:"User not found"});let t=yield ne(r.context.secret,o),i=`${r.context.baseURL}/magic-link/verify?token=${t}&callbackURL=${r.body.callbackURL||r.body.currentURL}`;try{yield e.sendMagicLink({email:o,url:i,token:t})}catch(a){throw r.context.logger.error("Failed to send magic link",a),new qt("INTERNAL_SERVER_ERROR",{message:"Failed to send magic link"})}return r.json({status:!0})})),magicLinkVerify:c("/magic-link/verify",{method:"GET",query:J.object({token:J.string(),callbackURL:J.string().optional()}),requireHeaders:!0},r=>s(void 0,null,function*(){let{token:o,callbackURL:n}=r.query,t;try{t=yield Uo("HS256",Buffer.from(r.context.secret),o)}catch(l){if(r.context.logger.error("Failed to verify email",l),n)throw r.redirect(`${n}?error=INVALID_TOKEN`);return r.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let a=J.object({email:J.string().email()}).parse(t.payload),d=yield r.context.internalAdapter.findUserByEmail(a.email);if(!d){if(n)throw r.redirect(`${n}?error=USER_NOT_FOUND`);return r.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}})}let u=yield r.context.internalAdapter.createSession(d.user.id,r.headers);if(!u){if(n)throw r.redirect(`${n}?error=SESSION_NOT_CREATED`);return r.json(null,{status:400,statusText:"SESSION NOT CREATED",body:{message:"Failed to create session"}})}if(yield T(r,u.id),!n)return r.json({status:!0});throw r.redirect(n)}))}});export{K as HIDE_METADATA,_e as ac,Gl as bearer,c as createAuthEndpoint,M as createAuthMiddleware,Oo as getPasskeyActions,sm as magicLink,Ne as optionsMiddleware,ku as organization,_l as passkey,kl as passkeyClient,Rc as twoFactor,mc as twoFactorClient,Dt as username};

package/dist/react.d.ts CHANGED Viewed

@@ -1,15 +1,13 @@
 import * as _better_fetch_fetch from '@better-fetch/fetch';
-import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-D_ohe9r9.js';
+import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-BMYcrOqA.js';
 import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
 import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
 import 'kysely';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
 import 'better-call';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
 import 'nanostores';
 type InferResolvedHooks<O extends ClientOptions> = O["plugins"] extends Array<infer Plugin> ? Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends (fetch: any) => infer Atoms ? Atoms extends Record<string, any> ? {