better-auth 0.2.2 → 0.2.3-beta.10

package/dist/next-js.d.ts

@@ -1,13 +1,11 @@
-import { d as Auth } from './index-D_ohe9r9.js';
-import { U as User, S as Session } from './schema-D9o3OF80.js';
+import { d as Auth } from './index-gO-yM4kI.js';
+import { U as User, S as Session } from './index-CE92ti2Z.js';
 import { NextRequest } from 'next/server';
 import 'kysely';
 import 'better-call';
 import 'zod';
 import './helper-C1ihmerM.js';
-import './social.js';
 import 'arctic';
-import './adapter-D-m9-hQp.js';
 
 declare function toNextJsHandler(auth: Auth | Auth["handler"]): {
     GET: (request: Request) => Promise<Response>;

package/dist/next-js.js

@@ -1 +1 @@
-var o=(e,t,r)=>new Promise((i,n)=>{var d=s=>{try{u(r.next(s))}catch(c){n(c)}},a=s=>{try{u(r.throw(s))}catch(c){n(c)}},u=s=>s.done?i(s.value):Promise.resolve(s.value).then(d,a);u((r=r.apply(e,t)).next())});import{betterFetch as l}from"@better-fetch/fetch";import{NextResponse as h}from"next/server";function U(e){let t=r=>o(this,null,function*(){return"handler"in e?e.handler(r):e(r)});return{GET:t,POST:t}}function b(e){return t=>o(this,null,function*(){let r=new URL(t.url).origin,i=(e==null?void 0:e.baePath)||"/api/auth",n=`${r}${i}/session`,a=(yield l(n,{headers:t.headers})).data||null;return e.customRedirect?e.customRedirect(a,t):a?h.next():h.redirect(new URL(e.redirectTo||"/",r))})}export{b as authMiddleware,U as toNextJsHandler};
+import{betterFetch as a}from"@better-fetch/fetch";import{NextResponse as n}from"next/server";function l(e){let r=async t=>"handler"in e?e.handler(t):e(t);return{GET:r,POST:r}}function m(e){return async r=>{let t=new URL(r.url).origin,o=e?.baePath||"/api/auth",i=`${t}${o}/session`,s=(await a(i,{headers:r.headers})).data||null;return e.customRedirect?e.customRedirect(s,r):s?n.next():n.redirect(new URL(e.redirectTo||"/",t))}}export{m as authMiddleware,l as toNextJsHandler};

package/dist/node.d.ts

@@ -1,13 +1,11 @@
 import * as http from 'http';
-import { d as Auth } from './index-D_ohe9r9.js';
+import { d as Auth } from './index-gO-yM4kI.js';
 import 'kysely';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
-import 'better-call';
 import './helper-C1ihmerM.js';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
+import 'better-call';
 
 declare const toNodeHandler: (auth: Auth | Auth["handler"]) => (req: http.IncomingMessage, res: http.ServerResponse) => Promise<void>;
 

package/dist/plugins.d.ts

@@ -1,20 +1,18 @@
-export { O as OrganizationOptions, b as Passkey, P as PasskeyOptions, W as WebAuthnCookieType, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, t as twoFactor, a as twoFactorClient, u as username } from './index-DsEvbKjm.js';
+export { O as OrganizationOptions, b as Passkey, P as PasskeyOptions, W as WebAuthnCookieType, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, t as twoFactor, a as twoFactorClient, u as username } from './index-CmzUOocy.js';
 export { i as ac } from './index-D6NOkCRo.js';
-import { H as HookEndpointContext } from './index-D_ohe9r9.js';
-export { A as AuthEndpoint, b as AuthMiddleware, B as BetterAuthPlugin, P as PluginSchema, a as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-D_ohe9r9.js';
+import { H as HookEndpointContext } from './index-gO-yM4kI.js';
+export { A as AuthEndpoint, b as AuthMiddleware, B as BetterAuthPlugin, P as PluginSchema, a as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-gO-yM4kI.js';
 export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
-import 'better-call';
 import './helper-C1ihmerM.js';
+import 'better-call';
 import './statement-CU-fdHXK.js';
 import '@better-fetch/fetch';
 import 'nanostores';
 import '@simplewebauthn/types';
 import 'kysely';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
 
 /**
  * Converts bearer token to session cookie

package/dist/plugins.js

@@ -1,5 +1,5 @@
-var De=Object.defineProperty,Vt=Object.defineProperties;var Ht=Object.getOwnPropertyDescriptors;var Fe=Object.getOwnPropertySymbols;var Wt=Object.prototype.hasOwnProperty,Gt=Object.prototype.propertyIsEnumerable;var Oe=(e,r,o)=>r in e?De(e,r,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[r]=o,f=(e,r)=>{for(var o in r||(r={}))Wt.call(r,o)&&Oe(e,o,r[o]);if(Fe)for(var o of Fe(r))Gt.call(r,o)&&Oe(e,o,r[o]);return e},g=(e,r)=>Vt(e,Ht(r));var Jt=(e,r)=>{for(var o in r)De(e,o,{get:r[o],enumerable:!0})};var ae=(e,r,o)=>Oe(e,typeof r!="symbol"?r+"":r,o);var s=(e,r,o)=>new Promise((n,t)=>{var i=u=>{try{d(o.next(u))}catch(l){t(l)}},a=u=>{try{d(o.throw(u))}catch(l){t(l)}},d=u=>u.done?n(u.value):Promise.resolve(u.value).then(i,a);d((o=o.apply(e,r)).next())});import{APIError as Ct}from"better-call";import{z as se}from"zod";import{createEndpointCreator as Kt,createMiddleware as qe,createMiddlewareCreator as Zt}from"better-call";var Ne=qe(()=>s(void 0,null,function*(){return{}})),M=Zt({use:[Ne,qe(()=>s(void 0,null,function*(){return{}}))]}),c=Kt({use:[Ne]});import{APIError as V}from"better-call";import{generateCodeVerifier as Or}from"oslo/oauth2";import{z as j}from"zod";import"arctic";import{parseJWT as er}from"oslo/jwt";import"@better-fetch/fetch";var C=class extends Error{constructor(r,o,n){super(r),this.name="BetterAuthError",this.message=r,this.cause=o}};import{OAuth2Tokens as Yt}from"arctic";function Qt(e){try{return new URL(e).pathname!=="/"}catch(r){throw new C(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ve(e,r="/api/auth"){return Qt(e)?e:(r=r.startsWith("/")?r:`/${r}`,`${e}${r}`)}function Ie(e,r){if(e)return ve(e,r);let o=(process==null?void 0:process.env)||{},n=o.BETTER_AUTH_URL||o.NEXT_PUBLIC_BETTER_AUTH_URL||o.PUBLIC_BETTER_AUTH_URL||o.NUXT_PUBLIC_BETTER_AUTH_URL||o.NUXT_PUBLIC_AUTH_URL||(o.BASE_URL!=="/"?o.BASE_URL:void 0);if(n)return ve(n,r);if(typeof window!="undefined")return ve(window.location.origin,r)}import{betterFetch as Xt}from"@better-fetch/fetch";function b(e,r){return r||`${Ie()}/callback/${e}`}function E(i){return s(this,arguments,function*({code:e,codeVerifier:r,redirectURI:o,options:n,tokenEndpoint:t}){let a=new URLSearchParams;a.set("grant_type","authorization_code"),a.set("code",e),r&&a.set("code_verifier",r),a.set("redirect_uri",o),a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:d,error:u}=yield Xt(t,{method:"POST",body:a,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(u)throw u;return new Yt(d)})}var $e=e=>{let r="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:n,scopes:t,redirectURI:i}){let a=t||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${a.join(" ")}&state=${n}`)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("apple",e.redirectURI),options:e,tokenEndpoint:r})}),getUserInfo(n){return s(this,null,function*(){var i;let t=(i=er(n.idToken()))==null?void 0:i.payload;return t?{user:{id:t.sub,name:t.name,email:t.email,emailVerified:t.email_verified==="true"},data:t}:null})}}};import{betterFetch as tr}from"@better-fetch/fetch";import{Discord as rr}from"arctic";var Ve=e=>{let r=new rr(e.clientId,e.clientSecret,b("discord",e.redirectURI));return{id:"discord",name:"Discord",createAuthorizationURL({state:n,scopes:t}){let i=t||["email"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("discord",e.redirectURI),options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield tr("https://discord.com/api/users/@me",{auth:{type:"Bearer",token:n.accessToken()}});return i?null:{user:{id:t.id,name:t.display_name||t.username||"",email:t.email,emailVerified:t.verified},data:t}})}}};import{betterFetch as or}from"@better-fetch/fetch";import{Facebook as nr}from"arctic";var He=e=>{let r=new nr(e.clientId,e.clientSecret,b("facebook",e.redirectURI));return{id:"facebook",name:"Facebook",createAuthorizationURL({state:n,scopes:t}){let i=t||["email","public_profile"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("facebook",e.redirectURI),options:e,tokenEndpoint:"https://graph.facebook.com/v16.0/oauth/access_token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield or("https://graph.facebook.com/me",{auth:{type:"Bearer",token:n.accessToken()}});return i?null:{user:{id:t.id,name:t.name,email:t.email,emailVerified:t.email_verified},data:t}})}}};import{betterFetch as We}from"@better-fetch/fetch";import{GitHub as ir}from"arctic";var Ge=({clientId:e,clientSecret:r,redirectURI:o})=>{let n=new ir(e,r,b("github",o));return{id:"github",name:"Github",createAuthorizationURL({state:i,scopes:a}){let d=a||["user:email"];return n.createAuthorizationURL(i,d)},validateAuthorizationCode:i=>s(void 0,null,function*(){return yield n.validateAuthorizationCode(i)}),getUserInfo(i){return s(this,null,function*(){var l,m,p,y;let{data:a,error:d}=yield We("https://api.github.com/user",{auth:{type:"Bearer",token:i.accessToken()}});if(d)return null;let u=!1;if(!a.email){let{data:R,error:I}=yield We("https://api.github.com/user/emails",{auth:{type:"Bearer",token:i.accessToken()}});I||(a.email=(m=(l=R.find(S=>S.primary))!=null?l:R[0])==null?void 0:m.email,u=(y=(p=R.find(S=>S.email===a.email))==null?void 0:p.verified)!=null?y:!1)}return{user:{id:a.id,name:a.name,email:a.email,image:a.avatar_url,emailVerified:u,createdAt:new Date,updatedAt:new Date},data:a}})}}};import{Google as dr}from"arctic";import{parseJWT as ur}from"oslo/jwt";import{createConsola as sr}from"consola";var Z=sr({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ar=e=>({log:(...r)=>{!(e!=null&&e.disabled)&&Z.log("",...r)},error:(...r)=>{!(e!=null&&e.disabled)&&Z.error("",...r)},warn:(...r)=>{!(e!=null&&e.disabled)&&Z.warn("",...r)},info:(...r)=>{!(e!=null&&e.disabled)&&Z.info("",...r)},debug:(...r)=>{!(e!=null&&e.disabled)&&Z.debug("",...r)},box:(...r)=>{!(e!=null&&e.disabled)&&Z.box("",...r)},success:(...r)=>{!(e!=null&&e.disabled)&&Z.success("",...r)},break:(...r)=>{!(e!=null&&e.disabled)&&console.log(`
-`)}}),de=ar();var Je=e=>{let r=new dr(e.clientId,e.clientSecret,b("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:n,scopes:t,codeVerifier:i,redirectURI:a}){if(!e.clientId||!e.clientSecret)throw de.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new C("CLIENT_ID_AND_SECRET_REQUIRED");if(!i)throw new C("codeVerifier is required for Google");let d=t||["email","profile"];return r.createAuthorizationURL(n,i,d)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"})}),getUserInfo(n){return s(this,null,function*(){var i;if(!n.idToken)return null;let t=(i=ur(n.idToken()))==null?void 0:i.payload;return{user:{id:t.sub,name:t.name,email:t.email,image:t.picture,emailVerified:t.email_verified},data:t}})}}};import{betterFetch as cr}from"@better-fetch/fetch";import{Spotify as lr}from"arctic";var Ke=e=>{let r=new lr(e.clientId,e.clientSecret,b("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:n,scopes:t}){let i=t||["user-read-email"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"})}),getUserInfo(n){return s(this,null,function*(){var a;let{data:t,error:i}=yield cr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i?null:{user:{id:t.id,name:t.display_name,email:t.email,image:(a=t.images[0])==null?void 0:a.url,emailVerified:!1},data:t}})}}};import{betterFetch as mr}from"@better-fetch/fetch";import{Twitch as pr}from"arctic";var Ze=e=>{let r=new pr(e.clientId,e.clientSecret,b("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:n,scopes:t}){let i=t||["activity:write","read"];return r.createAuthorizationURL(n,i)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield mr("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i?null:{user:{id:t.sub,name:t.preferred_username,email:t.email,image:t.picture,emailVerified:!1},data:t}})}}};import{betterFetch as fr}from"@better-fetch/fetch";import{Twitter as gr}from"arctic";var Qe=e=>{let r=new gr(e.clientId,e.clientSecret,b("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(n){let t=n.scopes||["account_info.read"];return r.createAuthorizationURL(n.state,n.codeVerifier,t)},validateAuthorizationCode:(n,t,i)=>s(void 0,null,function*(){return E({code:n,codeVerifier:t,redirectURI:i||b("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"})}),getUserInfo(n){return s(this,null,function*(){let{data:t,error:i}=yield fr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken()}`}});return i||!t.data.email?null:{user:{id:t.data.id,name:t.data.name,email:t.data.email,image:t.data.profile_image_url,emailVerified:t.data.verified||!1},data:t}})}}};import"arctic";var yr={apple:$e,discord:Ve,facebook:He,github:Ge,google:Je,spotify:Ke,twitch:Ze,twitter:Qe},Ye=Object.keys(yr);import{generateState as hr}from"oslo/oauth2";import{z as re}from"zod";function Xe(e,r,o){let n=hr();return{state:JSON.stringify({code:n,callbackURL:e,currentURL:r,dontRememberMe:o}),code:n}}function Re(e){return re.object({code:re.string(),callbackURL:re.string().optional(),currentURL:re.string().optional(),dontRememberMe:re.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as wr}from"better-call";var ue=(e,r=!1)=>{let o=new Date;return new Date(o.getTime()+(r?e*1e3:e))};import{TimeSpan as li}from"oslo";function T(e,r,o,n){return s(this,null,function*(){let t=e.context.authCookies.sessionToken.options;t.maxAge=o?void 0:t.maxAge,yield e.setSignedCookie(e.context.authCookies.sessionToken.name,r,e.context.secret,t),o&&(yield e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options))})}function oe(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as et}from"zod";function Te(e){let r="127.0.0.1";if(process.env.NODE_ENV==="test")return r;let o=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let n of o){let t=e.headers.get(n);if(typeof t=="string"){let i=t.split(",")[0].trim();if(i)return i}}return null}var Pe=new Map;function br(e,r){if(!e.request)return"";let{method:o,url:n,headers:t}=e.request,i=e.request.headers.get("User-Agent")||"",a=Te(e.request)||"",d=JSON.stringify(t);return`${o}:${n}:${d}:${i}:${a}:${r}`}var tt=()=>c("/session",{method:"GET",requireHeaders:!0},e=>s(void 0,null,function*(){try{let r=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!r)return e.json(null,{status:401});let o=br(e,r),n=Pe.get(o);if(n){if(n.expiresAt>Date.now())return e.json(n.data);Pe.delete(o)}let t=yield e.context.internalAdapter.findSession(r);if(!t||t.session.expiresAt<new Date)return oe(e),t&&(yield e.context.internalAdapter.deleteSession(t.session.id)),e.json(null,{status:401});if(yield e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(t);let a=e.context.sessionConfig.expiresIn,d=e.context.sessionConfig.updateAge;if(t.session.expiresAt.valueOf()-a*1e3+d*1e3<=Date.now()){let m=yield e.context.internalAdapter.updateSession(t.session.id,{expiresAt:ue(e.context.sessionConfig.expiresIn,!0)});if(!m)return oe(e),e.json(null,{status:401});let p=(m.expiresAt.valueOf()-Date.now())/1e3;return yield T(e,m.id,!1,{maxAge:p}),e.json({session:m,user:t.user})}return Pe.set(o,{data:t,expiresAt:Date.now()+5e3}),e.json(t)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}})),$=e=>s(void 0,null,function*(){return yield tt()(g(f({},e),{_flag:void 0}))}),A=M(e=>s(void 0,null,function*(){let r=yield $(e);if(!(r!=null&&r.session))throw new wr("UNAUTHORIZED");return{session:r}}));var Ar=c("/user/revoke-session",{method:"POST",body:et.object({id:et.string()}),use:[A],requireHeaders:!0},e=>s(void 0,null,function*(){let r=e.body.id,o=yield e.context.internalAdapter.findSession(r);if(!o)return e.json(null,{status:400});if(o.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{yield e.context.internalAdapter.deleteSession(r)}catch(n){return e.context.logger.error(n),e.json(null,{status:500})}return e.json({status:!0})})),kr=c("/user/revoke-sessions",{method:"POST",use:[A],requireHeaders:!0},e=>s(void 0,null,function*(){try{yield e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}return e.json({status:!0})}));var vr=c("/sign-in/social",{method:"POST",requireHeaders:!0,query:j.object({currentURL:j.string().optional()}).optional(),body:j.object({callbackURL:j.string().optional(),provider:j.enum(Ye),dontRememberMe:j.boolean().default(!1).optional()})},e=>s(void 0,null,function*(){var a,d,u,l;let r=e.context.socialProviders.find(m=>m.id===e.body.provider);if(!r)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new V("NOT_FOUND",{message:"Provider not found"});let o=e.context.authCookies,n=(a=e.query)!=null&&a.currentURL?new URL((d=e.query)==null?void 0:d.currentURL):null,t=(u=e.body.callbackURL)!=null&&u.startsWith("http")?e.body.callbackURL:`${n==null?void 0:n.origin}${e.body.callbackURL||""}`,i=Xe(t||(n==null?void 0:n.origin)||e.context.baseURL,(l=e.query)==null?void 0:l.currentURL);try{yield e.setSignedCookie(o.state.name,i.code,e.context.secret,o.state.options);let m=Or();yield e.setSignedCookie(o.pkCodeVerifier.name,m,e.context.secret,o.pkCodeVerifier.options);let p=r.createAuthorizationURL({state:i.state,codeVerifier:m});return p.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:p.toString(),state:i.state,codeVerifier:m,redirect:!0}}catch(m){throw new V("INTERNAL_SERVER_ERROR")}})),Ir=c("/sign-in/email",{method:"POST",body:j.object({email:j.string().email(),password:j.string(),callbackURL:j.string().optional(),dontRememberMe:j.boolean().default(!1).optional()})},e=>s(void 0,null,function*(){var m,p;if(!((p=(m=e.context.options)==null?void 0:m.emailAndPassword)!=null&&p.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new V("BAD_REQUEST",{message:"Email and password is not enabled"});let r=yield $(e);r&&(yield e.context.internalAdapter.deleteSession(r.session.id));let{email:o,password:n}=e.body;if(!j.string().email().safeParse(o).success)throw new V("BAD_REQUEST",{message:"Invalid email"});let i=yield e.context.internalAdapter.findUserByEmail(o);if(!i)throw yield e.context.password.hash(n),e.context.logger.error("User not found",{email:o}),new V("UNAUTHORIZED",{message:"Invalid email or password"});let a=i.accounts.find(y=>y.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:o}),new V("UNAUTHORIZED",{message:"Invalid email or password"});let d=a==null?void 0:a.password;if(!d)throw e.context.logger.error("Password not found",{email:o}),new V("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(d,n)))throw e.context.logger.error("Invalid password"),new V("UNAUTHORIZED",{message:"Invalid email or password"});let l=yield e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);if(!l)throw e.context.logger.error("Failed to create session"),new V("INTERNAL_SERVER_ERROR");return yield T(e,l.id,e.body.dontRememberMe),e.json({user:i.user,session:l,redirect:!!e.body.callbackURL,url:e.body.callbackURL})}));import{APIError as Pr}from"better-call";import{z as ce}from"zod";import{z as h}from"zod";var ji=h.object({id:h.string(),providerId:h.string(),accountId:h.string(),userId:h.string(),accessToken:h.string().nullable().optional(),refreshToken:h.string().nullable().optional(),idToken:h.string().nullable().optional(),expiresAt:h.date().nullable().optional(),password:h.string().optional().nullable()}),rt=h.object({id:h.string(),email:h.string().transform(e=>e.toLowerCase()),emailVerified:h.boolean().default(!1),name:h.string(),image:h.string().optional(),createdAt:h.date().default(new Date),updatedAt:h.date().default(new Date)}),Li=h.object({id:h.string(),userId:h.string(),expiresAt:h.date(),ipAddress:h.string().optional(),userAgent:h.string().optional()});import{alphabet as Rr,generateRandomString as Tr}from"oslo/crypto";var H=()=>Tr(36,Rr("a-z","0-9"));var K={isAction:!1};function Se(e){let r=e.accessToken(),o=e.hasRefreshToken()?e.refreshToken():void 0,n;try{n=e.accessTokenExpiresAt()}catch(t){}return{accessToken:r,refreshToken:o,expiresAt:n}}var Sr=c("/callback/:id",{method:"GET",query:ce.object({state:ce.string(),code:ce.string().optional(),error:ce.string().optional()}),metadata:K},e=>s(void 0,null,function*(){var I,S,_;if(e.query.error||!e.query.code){let z=((I=Re(e.query.state).data)==null?void 0:I.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${z}?error=${e.query.error||"oAuth_code_missing"}`)}let r=e.context.socialProviders.find(k=>k.id===e.params.id);if(!r)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let o=yield e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),n;try{n=yield r.validateAuthorizationCode(e.query.code,o,`${e.context.baseURL}/callback/${r.id}`)}catch(k){throw e.context.logger.error(k),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let t=yield r.getUserInfo(n).then(k=>k==null?void 0:k.user),i=H(),a=rt.safeParse(g(f({},t),{id:i})),d=Re(e.query.state);if(!d.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:u,currentURL:l,dontRememberMe:m}=d.data;if(!t||a.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!u)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let p=yield e.context.internalAdapter.findUserByEmail(t.email),y=p==null?void 0:p.user.id;if(p){let k=p.accounts.find(N=>N.providerId===r.id),z=(_=(S=e.context.options.account)==null?void 0:S.accountLinking)==null?void 0:_.trustedProviders,ke=z?z.includes(r.id):!0;if(!k&&(!t.emailVerified||!ke)){let N;try{N=new URL(l||u),N.searchParams.set("error","account_not_linked")}catch(Me){throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(N.toString())}if(!k)try{yield e.context.internalAdapter.linkAccount(f({providerId:r.id,accountId:t.id,id:`${r.id}:${t.id}`,userId:p.user.id},Se(n)))}catch(N){throw console.log(N),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{yield e.context.internalAdapter.createOAuthUser(a.data,g(f({},Se(n)),{id:`${r.id}:${t.id}`,providerId:r.id,accountId:t.id,userId:i}))}catch(k){let z=new URL(l||u);throw z.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",z.toString()),e.redirect(z.toString())}if(!y&&!i)throw new Pr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let R=yield e.context.internalAdapter.createSession(y||i,e.request,m);if(!R){let k=new URL(l||u);throw k.searchParams.set("error","unable_to_create_session"),e.redirect(k.toString())}try{yield T(e,R.id,m)}catch(k){e.context.logger.error("Unable to set session cookie",k);let z=new URL(l||u);throw z.searchParams.set("error","unable_to_create_session"),e.redirect(z.toString())}throw e.redirect(u)}));import{z as Ue}from"zod";var Ur=c("/sign-out",{method:"POST",body:Ue.optional(Ue.object({callbackURL:Ue.string().optional()}))},e=>s(void 0,null,function*(){var o,n;let r=yield e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return r?(yield e.context.internalAdapter.deleteSession(r),oe(e),e.json(null,{body:{redirect:!!((o=e.body)!=null&&o.callbackURL),url:(n=e.body)==null?void 0:n.callbackURL}})):e.json(null)}));import{TimeSpan as Cr}from"oslo";import{createJWT as Er,parseJWT as zr}from"oslo/jwt";import{validateJWT as ot}from"oslo/jwt";import{z as L}from"zod";var _r=c("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()})},e=>s(void 0,null,function*(){var i;if(!((i=e.context.options.emailAndPassword)!=null&&i.sendResetPassword))return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:r}=e.body,o=yield e.context.internalAdapter.findUserByEmail(r);if(!o)return e.json({status:!1},{body:{status:!0}});let n=yield Er("HS256",Buffer.from(e.context.secret),{email:o.user.email,redirectTo:e.body.redirectTo},{expiresIn:new Cr(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[o.user.email],includeIssuedTimestamp:!0}),t=`${e.context.baseURL}/reset-password/${n}`;return yield e.context.options.emailAndPassword.sendResetPassword(t,o.user),e.json({status:!0})})),jr=c("/reset-password/:token",{method:"GET"},e=>s(void 0,null,function*(){var i;let{token:r}=e.params,o,n=L.object({email:L.string(),redirectTo:L.string()});try{if(o=yield ot("HS256",Buffer.from(e.context.secret),r),!o.expiresAt||o.expiresAt<new Date)throw Error("Token expired")}catch(a){let d=zr(r),u=n.safeParse(d==null?void 0:d.payload);throw u.success?e.redirect(`${(i=u.data)==null?void 0:i.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:t}=n.parse(o.payload);throw e.redirect(`${t}?token=${r}`)})),Lr=c("/reset-password",{method:"POST",query:L.object({currentURL:L.string()}).optional(),body:L.object({newPassword:L.string(),callbackURL:L.string().optional()})},e=>s(void 0,null,function*(){var n,t,i;let r=(n=e.query)==null?void 0:n.currentURL.split("?token=")[1];if(!r)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:o}=e.body;try{let a=yield ot("HS256",Buffer.from(e.context.secret),r),d=L.string().email().parse(a.payload.email),u=yield e.context.internalAdapter.findUserByEmail(d);if(!u)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(o.length<(((t=e.context.options.emailAndPassword)==null?void 0:t.minPasswordLength)||8)||o.length>(((i=e.context.options.emailAndPassword)==null?void 0:i.maxPasswordLength)||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let l=yield e.context.password.hash(o);return(yield e.context.internalAdapter.updatePassword(u.user.id,l))?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(a){return console.log(a),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}}));import{TimeSpan as xr}from"oslo";import{createJWT as Br,validateJWT as Mr}from"oslo/jwt";import{z as D}from"zod";function ne(e,r){return s(this,null,function*(){return yield Br("HS256",Buffer.from(e),{email:r.toLowerCase()},{expiresIn:new xr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[r],includeIssuedTimestamp:!0})})}var Fr=c("/send-verification-email",{method:"POST",query:D.object({currentURL:D.string().optional()}).optional(),body:D.object({email:D.string().email(),callbackURL:D.string().optional()})},e=>s(void 0,null,function*(){var t,i;if(!((t=e.context.options.emailAndPassword)!=null&&t.sendVerificationEmail))return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:r}=e.body,o=yield ne(e.context.secret,r),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||((i=e.query)==null?void 0:i.currentURL)||"/"}`;return yield e.context.options.emailAndPassword.sendVerificationEmail(r,n,o),e.json({status:!0})})),Dr=c("/verify-email",{method:"GET",query:D.object({token:D.string(),callbackURL:D.string().optional()})},e=>s(void 0,null,function*(){let{token:r}=e.query,o;try{o=yield Mr("HS256",Buffer.from(e.context.secret),r)}catch(d){return e.context.logger.error("Failed to verify email",d),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let t=D.object({email:D.string().email()}).parse(o.payload),i=yield e.context.internalAdapter.findUserByEmail(t.email);if(!i)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!i.accounts.find(d=>d.providerId==="credential"))throw e.redirect;if(yield e.context.internalAdapter.updateUserByEmail(t.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})}));import{z as W}from"zod";import{alphabet as qr,generateRandomString as Nr}from"oslo/crypto";import"better-call";var $r=c("/user/update",{method:"POST",body:W.object({name:W.string().optional(),image:W.string().optional()}),use:[A]},e=>s(void 0,null,function*(){let{name:r,image:o}=e.body,n=e.context.session;if(!o&&!r)return e.json(n.user);let t=yield e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o});return e.json(t)})),Vr=c("/user/change-password",{method:"POST",body:W.object({newPassword:W.string(),currentPassword:W.string(),revokeOtherSessions:W.boolean().optional()}),use:[A]},e=>s(void 0,null,function*(){let{newPassword:r,currentPassword:o,revokeOtherSessions:n}=e.body,t=e.context.session,i=e.context.password.config.minPasswordLength;if(r.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(r.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=(yield e.context.internalAdapter.findAccounts(t.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!u||!u.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let l=yield e.context.password.hash(r);if(!(yield e.context.password.verify(u.password,o)))return e.json(null,{status:400,body:{message:"Invalid password"}});if(yield e.context.internalAdapter.updateAccount(u.id,{password:l}),n){yield e.context.internalAdapter.deleteSessions(t.user.id);let p=yield e.context.internalAdapter.createSession(t.user.id,e.headers);if(!p)return e.json(null,{status:500,body:{message:"Failed to create session"}});yield T(e,p.id)}return e.json(t.user)})),Hr=c("/user/set-password",{method:"POST",body:W.object({newPassword:W.string()}),use:[A]},e=>s(void 0,null,function*(){let{newPassword:r}=e.body,o=e.context.session,n=e.context.password.config.minPasswordLength;if(r.length<n)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let t=e.context.password.config.maxPasswordLength;if(r.length>t)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let a=(yield e.context.internalAdapter.findAccounts(o.user.id)).find(u=>u.providerId==="credential"&&u.password),d=yield e.context.password.hash(r);return a?e.json(null,{status:400,body:{message:"User already has a password"}}):(yield e.context.internalAdapter.linkAccount({id:Nr(32,qr("a-z","0-9","A-Z")),userId:o.user.id,providerId:"credential",accountId:o.user.id,password:d}),e.json(o.user))}));import{alphabet as Kr,generateRandomString as Zr}from"oslo/crypto";import{xchacha20poly1305 as nt}from"@noble/ciphers/chacha";import{bytesToHex as Wr,hexToBytes as Gr,utf8ToBytes as Jr}from"@noble/ciphers/utils";import{managedNonce as it}from"@noble/ciphers/webcrypto";import{sha256 as st}from"@noble/hashes/sha256";function F(e,r){return s(this,null,function*(){let o=new TextEncoder,n={name:"HMAC",hash:"SHA-256"},t=yield crypto.subtle.importKey("raw",o.encode(e),n,!1,["sign","verify"]),i=yield crypto.subtle.sign(n.name,t,o.encode(r));return btoa(String.fromCharCode(...new Uint8Array(i)))})}var le=({key:e,data:r})=>{let o=st(e),n=Jr(r),t=it(nt)(o);return Wr(t.encrypt(n))},me=({key:e,data:r})=>{let o=st(e),n=Gr(r);return it(nt)(o).decrypt(n)};var Qr=c("/csrf",{method:"GET",metadata:K},e=>s(void 0,null,function*(){let r=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(r)return{csrfToken:r};let o=Zr(32,Kr("a-z","0-9","A-Z")),n=yield F(e.context.secret,o),t=`${o}!${n}`;return yield e.setSignedCookie(e.context.authCookies.csrfToken.name,t,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:o}}));var Yr=(e="Unknown")=>`<!DOCTYPE html>
+var xt=Object.defineProperty;var Bt=(e,r)=>{for(var t in r)xt(e,t,{get:r[t],enumerable:!0})};import{APIError as At}from"better-call";import{z as ee}from"zod";import{createEndpointCreator as Mt,createMiddleware as Ce,createMiddlewareCreator as Ft}from"better-call";var Ee=Ce(async()=>({})),z=Ft({use:[Ee,Ce(async()=>({}))]}),d=Mt({use:[Ee]});import{APIError as M}from"better-call";import{generateCodeVerifier as lr}from"oslo/oauth2";import{z as P}from"zod";import"arctic";import{parseJWT as $t}from"oslo/jwt";import"@better-fetch/fetch";var R=class extends Error{constructor(r,t,o){super(r),this.name="BetterAuthError",this.message=r,this.cause=t}};import{OAuth2Tokens as Nt}from"arctic";function Dt(e){try{return new URL(e).pathname!=="/"}catch{throw new R(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ge(e,r="/api/auth"){return Dt(e)?e:(r=r.startsWith("/")?r:`/${r}`,`${e}${r}`)}function ye(e,r){if(e)return ge(e,r);let t=process?.env||{},o=t.BETTER_AUTH_URL||t.NEXT_PUBLIC_BETTER_AUTH_URL||t.PUBLIC_BETTER_AUTH_URL||t.NUXT_PUBLIC_BETTER_AUTH_URL||t.NUXT_PUBLIC_AUTH_URL||(t.BASE_URL!=="/"?t.BASE_URL:void 0);if(o)return ge(o,r);if(typeof window<"u")return ge(window.location.origin,r)}import{betterFetch as qt}from"@better-fetch/fetch";function y(e,r){return r||`${ye()}/callback/${e}`}async function T({code:e,codeVerifier:r,redirectURI:t,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),r&&i.set("code_verifier",r),i.set("redirect_uri",t),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:a}=await qt(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(a)throw a;return new Nt(s)}var ze=e=>{let r="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:t,scopes:o,redirectURI:n}){let i=o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${t}`)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("apple",e.redirectURI),options:e,tokenEndpoint:r}),async getUserInfo(t){let o=$t(t.idToken())?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as Vt}from"@better-fetch/fetch";import{Discord as Ht}from"arctic";var _e=e=>{let r=new Ht(e.clientId,e.clientSecret,y("discord",e.redirectURI));return{id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:o}){let n=o||["email"];return r.createAuthorizationURL(t,n)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("discord",e.redirectURI),options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:o,error:n}=await Vt("https://discord.com/api/users/@me",{auth:{type:"Bearer",token:t.accessToken()}});return n?null:{user:{id:o.id,name:o.display_name||o.username||"",email:o.email,emailVerified:o.verified},data:o}}}};import{betterFetch as Wt}from"@better-fetch/fetch";import{Facebook as Gt}from"arctic";var Le=e=>{let r=new Gt(e.clientId,e.clientSecret,y("facebook",e.redirectURI));return{id:"facebook",name:"Facebook",createAuthorizationURL({state:t,scopes:o}){let n=o||["email","public_profile"];return r.createAuthorizationURL(t,n)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("facebook",e.redirectURI),options:e,tokenEndpoint:"https://graph.facebook.com/v16.0/oauth/access_token"}),async getUserInfo(t){let{data:o,error:n}=await Wt("https://graph.facebook.com/me",{auth:{type:"Bearer",token:t.accessToken()}});return n?null:{user:{id:o.id,name:o.name,email:o.email,emailVerified:o.email_verified},data:o}}}};import{betterFetch as je}from"@better-fetch/fetch";import{GitHub as Jt}from"arctic";var xe=({clientId:e,clientSecret:r,redirectURI:t})=>{let o=new Jt(e,r,y("github",t));return{id:"github",name:"Github",createAuthorizationURL({state:n,scopes:i}){let s=i||["user:email"];return o.createAuthorizationURL(n,s)},validateAuthorizationCode:async n=>await o.validateAuthorizationCode(n),async getUserInfo(n){let{data:i,error:s}=await je("https://api.github.com/user",{auth:{type:"Bearer",token:n.accessToken()}});if(s)return null;let a=!1;if(!i.email){let{data:u,error:c}=await je("https://api.github.com/user/emails",{auth:{type:"Bearer",token:n.accessToken()}});c||(i.email=(u.find(l=>l.primary)??u[0])?.email,a=u.find(l=>l.email===i.email)?.verified??!1)}return{user:{id:i.id,name:i.name,email:i.email,image:i.avatar_url,emailVerified:a,createdAt:new Date,updatedAt:new Date},data:i}}}};import{Google as Qt}from"arctic";import{parseJWT as Yt}from"oslo/jwt";import{createConsola as Kt}from"consola";var V=Kt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),Zt=e=>({log:(...r)=>{!e?.disabled&&V.log("",...r)},error:(...r)=>{!e?.disabled&&V.error("",...r)},warn:(...r)=>{!e?.disabled&&V.warn("",...r)},info:(...r)=>{!e?.disabled&&V.info("",...r)},debug:(...r)=>{!e?.disabled&&V.debug("",...r)},box:(...r)=>{!e?.disabled&&V.box("",...r)},success:(...r)=>{!e?.disabled&&V.success("",...r)},break:(...r)=>{!e?.disabled&&console.log(`
+`)}}),te=Zt();var Be=e=>{let r=new Qt(e.clientId,e.clientSecret,y("google",e.redirectURI));return{id:"google",name:"Google",createAuthorizationURL({state:t,scopes:o,codeVerifier:n,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw te.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new R("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new R("codeVerifier is required for Google");let s=o||["email","profile"];return r.createAuthorizationURL(t,n,s)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("google",e.redirectURI),options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let o=Yt(t.idToken())?.payload;return{user:{id:o.sub,name:o.name,email:o.email,image:o.picture,emailVerified:o.email_verified},data:o}}}};import{betterFetch as Xt}from"@better-fetch/fetch";import{Spotify as er}from"arctic";var Me=e=>{let r=new er(e.clientId,e.clientSecret,y("spotify",e.redirectURI));return{id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:o}){let n=o||["user-read-email"];return r.createAuthorizationURL(t,n)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("spotify",e.redirectURI),options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:o,error:n}=await Xt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken()}`}});return n?null:{user:{id:o.id,name:o.display_name,email:o.email,image:o.images[0]?.url,emailVerified:!1},data:o}}}};import{betterFetch as tr}from"@better-fetch/fetch";import{Twitch as rr}from"arctic";var Fe=e=>{let r=new rr(e.clientId,e.clientSecret,y("twitch",e.redirectURI));return{id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:o}){let n=o||["activity:write","read"];return r.createAuthorizationURL(t,n)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:o,error:n}=await tr("https://api.twitch.tv/helix/users",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken()}`}});return n?null:{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}}};import{betterFetch as or}from"@better-fetch/fetch";import{Twitter as nr}from"arctic";var De=e=>{let r=new nr(e.clientId,e.clientSecret,y("twitter",e.redirectURI));return{id:"twitter",name:"Twitter",createAuthorizationURL(t){let o=t.scopes||["account_info.read"];return r.createAuthorizationURL(t.state,t.codeVerifier,o)},validateAuthorizationCode:async(t,o,n)=>T({code:t,codeVerifier:o,redirectURI:n||y("twitch",e.redirectURI),options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:o,error:n}=await or("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken()}`}});return n||!o.data.email?null:{user:{id:o.data.id,name:o.data.name,email:o.data.email,image:o.data.profile_image_url,emailVerified:o.data.verified||!1},data:o}}}};import"arctic";var ir={apple:ze,discord:_e,facebook:Le,github:xe,google:Be,spotify:Me,twitch:Fe,twitter:De},Ne=Object.keys(ir);import{generateState as sr}from"oslo/oauth2";import{z as Z}from"zod";function qe(e,r,t){let o=sr();return{state:JSON.stringify({code:o,callbackURL:e,currentURL:r,dontRememberMe:t}),code:o}}function he(e){return Z.object({code:Z.string(),callbackURL:Z.string().optional(),currentURL:Z.string().optional(),dontRememberMe:Z.boolean().optional()}).safeParse(JSON.parse(e))}import{APIError as ar}from"better-call";var re=(e,r=!1)=>{let t=new Date;return new Date(t.getTime()+(r?e*1e3:e))};import{TimeSpan as Vn}from"oslo";async function A(e,r,t,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=t?void 0:n.maxAge,await e.setSignedCookie(e.context.authCookies.sessionToken.name,r,e.context.secret,n),t&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function Q(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{z as $e}from"zod";function be(e){let r="127.0.0.1";if(process.env.NODE_ENV==="test")return r;let t=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of t){let n=e.headers.get(o);if(typeof n=="string"){let i=n.split(",")[0].trim();if(i)return i}}return null}var we=new Map;function dr(e,r){if(!e.request)return"";let{method:t,url:o,headers:n}=e.request,i=e.request.headers.get("User-Agent")||"",s=be(e.request)||"",a=JSON.stringify(n);return`${t}:${o}:${a}:${i}:${s}:${r}`}var Ve=()=>d("/session",{method:"GET",requireHeaders:!0},async e=>{try{let r=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!r)return e.json(null,{status:401});let t=dr(e,r),o=we.get(t);if(o){if(o.expiresAt>Date.now())return e.json(o.data);we.delete(t)}let n=await e.context.internalAdapter.findSession(r);if(!n||n.session.expiresAt<new Date)return Q(e),n&&await e.context.internalAdapter.deleteSession(n.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(n);let s=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(n.session.expiresAt.valueOf()-s*1e3+a*1e3<=Date.now()){let l=await e.context.internalAdapter.updateSession(n.session.id,{expiresAt:re(e.context.sessionConfig.expiresIn,!0)});if(!l)return Q(e),e.json(null,{status:401});let m=(l.expiresAt.valueOf()-Date.now())/1e3;return await A(e,l.id,!1,{maxAge:m}),e.json({session:l,user:n.user})}return we.set(t,{data:n,expiresAt:Date.now()+5e3}),e.json(n)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}}),B=async e=>await Ve()({...e,_flag:void 0}),h=z(async e=>{let r=await B(e);if(!r?.session)throw new ar("UNAUTHORIZED");return{session:r}});var ur=d("/user/revoke-session",{method:"POST",body:$e.object({id:$e.string()}),use:[h],requireHeaders:!0},async e=>{let r=e.body.id,t=await e.context.internalAdapter.findSession(r);if(!t)return e.json(null,{status:400});if(t.session.userId!==e.context.session.user.id)return e.json(null,{status:403});try{await e.context.internalAdapter.deleteSession(r)}catch(o){return e.context.logger.error(o),e.json(null,{status:500})}return e.json({status:!0})}),cr=d("/user/revoke-sessions",{method:"POST",use:[h],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}return e.json({status:!0})});var mr=d("/sign-in/social",{method:"POST",requireHeaders:!0,query:P.object({currentURL:P.string().optional()}).optional(),body:P.object({callbackURL:P.string().optional(),provider:P.enum(Ne),dontRememberMe:P.boolean().default(!1).optional()})},async e=>{let r=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!r)throw e.context.logger.error("Provider not found. Make sure to add the provider to your auth config",{provider:e.body.provider}),new M("NOT_FOUND",{message:"Provider not found"});let t=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=qe(n||o?.origin||e.context.baseURL,e.query?.currentURL);try{await e.setSignedCookie(t.state.name,i.code,e.context.secret,t.state.options);let s=lr();await e.setSignedCookie(t.pkCodeVerifier.name,s,e.context.secret,t.pkCodeVerifier.options);let a=r.createAuthorizationURL({state:i.state,codeVerifier:s});return a.searchParams.set("redirect_uri",`${e.context.baseURL}/callback/${e.body.provider}`),{url:a.toString(),state:i.state,codeVerifier:s,redirect:!0}}catch{throw new M("INTERNAL_SERVER_ERROR")}}),pr=d("/sign-in/email",{method:"POST",body:P.object({email:P.string().email(),password:P.string(),callbackURL:P.string().optional(),dontRememberMe:P.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new M("BAD_REQUEST",{message:"Email and password is not enabled"});let r=await B(e);r&&await e.context.internalAdapter.deleteSession(r.session.id);let{email:t,password:o}=e.body;if(!P.string().email().safeParse(t).success)throw new M("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t);if(!i)throw await e.context.password.hash(o),e.context.logger.error("User not found",{email:t}),new M("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(l=>l.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new M("UNAUTHORIZED",{message:"Invalid email or password"});let a=s?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new M("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,o))throw e.context.logger.error("Invalid password"),new M("UNAUTHORIZED",{message:"Invalid email or password"});let c=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);if(!c)throw e.context.logger.error("Failed to create session"),new M("INTERNAL_SERVER_ERROR");return await A(e,c.id,e.body.dontRememberMe),e.json({user:i.user,session:c,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as yr}from"better-call";import{z as oe}from"zod";import{z as f}from"zod";var ci=f.object({id:f.string(),providerId:f.string(),accountId:f.string(),userId:f.string(),accessToken:f.string().nullable().optional(),refreshToken:f.string().nullable().optional(),idToken:f.string().nullable().optional(),expiresAt:f.date().nullable().optional(),password:f.string().optional().nullable()}),He=f.object({id:f.string(),email:f.string().transform(e=>e.toLowerCase()),emailVerified:f.boolean().default(!1),name:f.string(),image:f.string().optional(),createdAt:f.date().default(new Date),updatedAt:f.date().default(new Date)}),li=f.object({id:f.string(),userId:f.string(),expiresAt:f.date(),ipAddress:f.string().optional(),userAgent:f.string().optional()});import{alphabet as fr,generateRandomString as gr}from"oslo/crypto";var F=()=>gr(36,fr("a-z","0-9"));var $={isAction:!1};function Ae(e){let r=e.accessToken(),t=e.hasRefreshToken()?e.refreshToken():void 0,o;try{o=e.accessTokenExpiresAt()}catch{}return{accessToken:r,refreshToken:t,expiresAt:o}}var hr=d("/callback/:id",{method:"GET",query:oe.object({state:oe.string(),code:oe.string().optional(),error:oe.string().optional()}),metadata:$},async e=>{if(e.query.error||!e.query.code){let O=he(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${O}?error=${e.query.error||"oAuth_code_missing"}`)}let r=e.context.socialProviders.find(p=>p.id===e.params.id);if(!r)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let t=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),o;try{o=await r.validateAuthorizationCode(e.query.code,t,`${e.context.baseURL}/callback/${r.id}`)}catch(p){throw e.context.logger.error(p),e.redirect(`${e.context.baseURL}/error?error=oauth_code_verification_failed`)}let n=await r.getUserInfo(o).then(p=>p?.user),i=F(),s=He.safeParse({...n,id:i}),a=he(e.query.state);if(!a.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=invalid_state_parameter`);let{callbackURL:u,currentURL:c,dontRememberMe:l}=a.data;if(!n||s.success===!1)throw e.redirect(`${e.context.baseURL}/error?error=oauth_validation_failed`);if(!u)throw e.redirect(`${e.context.baseURL}/error?error=oauth_callback_url_not_found`);let m=await e.context.internalAdapter.findUserByEmail(n.email),I=m?.user.id;if(m){let p=m.accounts.find(x=>x.providerId===r.id),O=e.context.options.account?.accountLinking?.trustedProviders,fe=O?O.includes(r.id):!0;if(!p&&(!n.emailVerified||!fe)){let x;try{x=new URL(c||u),x.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(x.toString())}if(!p)try{await e.context.internalAdapter.linkAccount({providerId:r.id,accountId:n.id,id:`${r.id}:${n.id}`,userId:m.user.id,...Ae(o)})}catch(x){throw console.log(x),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{await e.context.internalAdapter.createOAuthUser(s.data,{...Ae(o),id:`${r.id}:${n.id}`,providerId:r.id,accountId:n.id,userId:i})}catch{let O=new URL(c||u);throw O.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",O.toString()),e.redirect(O.toString())}if(!I&&!i)throw new yr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});let E=await e.context.internalAdapter.createSession(I||i,e.request,l);if(!E){let p=new URL(c||u);throw p.searchParams.set("error","unable_to_create_session"),e.redirect(p.toString())}try{await A(e,E.id,l)}catch(p){e.context.logger.error("Unable to set session cookie",p);let O=new URL(c||u);throw O.searchParams.set("error","unable_to_create_session"),e.redirect(O.toString())}throw e.redirect(u)});import{z as ke}from"zod";var br=d("/sign-out",{method:"POST",body:ke.optional(ke.object({callbackURL:ke.string().optional()}))},async e=>{let r=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);return r?(await e.context.internalAdapter.deleteSession(r),Q(e),e.json(null,{body:{redirect:!!e.body?.callbackURL,url:e.body?.callbackURL}})):e.json(null)});import{TimeSpan as wr}from"oslo";import{createJWT as Ar,parseJWT as kr}from"oslo/jwt";import{validateJWT as We}from"oslo/jwt";import{z as S}from"zod";var Or=d("/forget-password",{method:"POST",body:S.object({email:S.string().email(),redirectTo:S.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)return e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!"),e.json(null,{status:400,statusText:"RESET_PASSWORD_EMAIL_NOT_SENT",body:{message:"Reset password isn't enabled"}});let{email:r}=e.body,t=await e.context.internalAdapter.findUserByEmail(r);if(!t)return e.json({status:!1},{body:{status:!0}});let o=await Ar("HS256",Buffer.from(e.context.secret),{email:t.user.email,redirectTo:e.body.redirectTo},{expiresIn:new wr(1,"h"),issuer:"better-auth",subject:"forget-password",audiences:[t.user.email],includeIssuedTimestamp:!0}),n=`${e.context.baseURL}/reset-password/${o}`;return await e.context.options.emailAndPassword.sendResetPassword(n,t.user),e.json({status:!0})}),vr=d("/reset-password/:token",{method:"GET"},async e=>{let{token:r}=e.params,t,o=S.object({email:S.string(),redirectTo:S.string()});try{if(t=await We("HS256",Buffer.from(e.context.secret),r),!t.expiresAt||t.expiresAt<new Date)throw Error("Token expired")}catch{let s=kr(r),a=o.safeParse(s?.payload);throw a.success?e.redirect(`${a.data?.redirectTo}?error=invalid_token`):e.redirect(`${e.context.baseURL}/error?error=invalid_token`)}let{redirectTo:n}=o.parse(t.payload);throw e.redirect(`${n}?token=${r}`)}),Ir=d("/reset-password",{method:"POST",query:S.object({currentURL:S.string()}).optional(),body:S.object({newPassword:S.string(),callbackURL:S.string().optional()})},async e=>{let r=e.query?.currentURL.split("?token=")[1];if(!r)return e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}});let{newPassword:t}=e.body;try{let o=await We("HS256",Buffer.from(e.context.secret),r),n=S.string().email().parse(o.payload.email),i=await e.context.internalAdapter.findUserByEmail(n);if(!i)return e.json({error:"User not found",data:null},{status:400,body:{message:"failed to reset password"}});if(t.length<(e.context.options.emailAndPassword?.minPasswordLength||8)||t.length>(e.context.options.emailAndPassword?.maxPasswordLength||32))return e.json({data:null,error:"password is too short or too long"},{status:400,statusText:"INVALID_PASSWORD_LENGTH",body:{message:"password is too short or too long"}});let s=await e.context.password.hash(t);return await e.context.internalAdapter.updatePassword(i.user.id,s)?e.json({error:null,data:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}},{body:{status:!0,url:e.body.callbackURL,redirect:!!e.body.callbackURL}}):e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User doesn't have a credential account"}})}catch(o){return console.log(o),e.json({error:"Invalid token",data:null},{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}});import{TimeSpan as Rr}from"oslo";import{createJWT as Tr,validateJWT as Pr}from"oslo/jwt";import{z as L}from"zod";async function Y(e,r){return await Tr("HS256",Buffer.from(e),{email:r.toLowerCase()},{expiresIn:new Rr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[r],includeIssuedTimestamp:!0})}var Sr=d("/send-verification-email",{method:"POST",query:L.object({currentURL:L.string().optional()}).optional(),body:L.object({email:L.string().email(),callbackURL:L.string().optional()})},async e=>{if(!e.context.options.emailAndPassword?.sendVerificationEmail)return e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),e.json(null,{status:400,statusText:"VERIFICATION_EMAIL_NOT_SENT",body:{message:"Verification email isn't enabled"}});let{email:r}=e.body,t=await Y(e.context.secret,r),o=`${e.context.baseURL}/verify-email?token=${t}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailAndPassword.sendVerificationEmail(r,o,t),e.json({status:!0})}),Ur=d("/verify-email",{method:"GET",query:L.object({token:L.string(),callbackURL:L.string().optional()})},async e=>{let{token:r}=e.query,t;try{t=await Pr("HS256",Buffer.from(e.context.secret),r)}catch(a){return e.context.logger.error("Failed to verify email",a),e.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let n=L.object({email:L.string().email()}).parse(t.payload),i=await e.context.internalAdapter.findUserByEmail(n.email);if(!i)return e.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}});if(!i.accounts.find(a=>a.providerId==="credential"))throw e.redirect;if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw console.log("Redirecting to",e.query.callbackURL),e.redirect("/");return e.json({status:!0})});import{z as D}from"zod";import{alphabet as Cr,generateRandomString as Er}from"oslo/crypto";import"better-call";var zr=d("/user/update",{method:"POST",body:D.object({name:D.string().optional(),image:D.string().optional()}),use:[h]},async e=>{let{name:r,image:t}=e.body,o=e.context.session;if(!t&&!r)return e.json(o.user);let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:r,image:t});return e.json(n)}),_r=d("/user/change-password",{method:"POST",body:D.object({newPassword:D.string(),currentPassword:D.string(),revokeOtherSessions:D.boolean().optional()}),use:[h]},async e=>{let{newPassword:r,currentPassword:t,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(r.length<i)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let s=e.context.password.config.maxPasswordLength;if(r.length>s)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=(await e.context.internalAdapter.findAccounts(n.user.id)).find(m=>m.providerId==="credential"&&m.password);if(!u||!u.password)return e.json(null,{status:400,body:{message:"User does not have a password"}});let c=await e.context.password.hash(r);if(!await e.context.password.verify(u.password,t))return e.json(null,{status:400,body:{message:"Invalid password"}});if(await e.context.internalAdapter.updateAccount(u.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let m=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!m)return e.json(null,{status:500,body:{message:"Failed to create session"}});await A(e,m.id)}return e.json(n.user)}),Lr=d("/user/set-password",{method:"POST",body:D.object({newPassword:D.string()}),use:[h]},async e=>{let{newPassword:r}=e.body,t=e.context.session,o=e.context.password.config.minPasswordLength;if(r.length<o)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let n=e.context.password.config.maxPasswordLength;if(r.length>n)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let s=(await e.context.internalAdapter.findAccounts(t.user.id)).find(u=>u.providerId==="credential"&&u.password),a=await e.context.password.hash(r);return s?e.json(null,{status:400,body:{message:"User already has a password"}}):(await e.context.internalAdapter.linkAccount({id:Er(32,Cr("a-z","0-9","A-Z")),userId:t.user.id,providerId:"credential",accountId:t.user.id,password:a}),e.json(t.user))});import{alphabet as Mr,generateRandomString as Fr}from"oslo/crypto";import{xchacha20poly1305 as Ge}from"@noble/ciphers/chacha";import{bytesToHex as jr,hexToBytes as xr,utf8ToBytes as Br}from"@noble/ciphers/utils";import{managedNonce as Je}from"@noble/ciphers/webcrypto";import{sha256 as Ke}from"@noble/hashes/sha256";async function _(e,r){let t=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",t.encode(e),o,!1,["sign","verify"]),i=await crypto.subtle.sign(o.name,n,t.encode(r));return btoa(String.fromCharCode(...new Uint8Array(i)))}var ne=({key:e,data:r})=>{let t=Ke(e),o=Br(r),n=Je(Ge)(t);return jr(n.encrypt(o))},ie=({key:e,data:r})=>{let t=Ke(e),o=xr(r);return Je(Ge)(t).decrypt(o)};var Dr=d("/csrf",{method:"GET",metadata:$},async e=>{let r=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(r)return{csrfToken:r};let t=Fr(32,Mr("a-z","0-9","A-Z")),o=await _(e.context.secret,t),n=`${t}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),{csrfToken:t}});var Nr=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -79,4 +79,4 @@ var De=Object.defineProperty,Vt=Object.defineProperties;var Ht=Object.getOwnProp
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,Xr=c("/error",{method:"GET",metadata:K},e=>s(void 0,null,function*(){var o;let r=new URL(((o=e.request)==null?void 0:o.url)||"").searchParams.get("error")||"Unknown";return new Response(Yr(r),{headers:{"Content-Type":"text/html"}})}));var eo=c("/ok",{method:"GET",metadata:K},e=>s(void 0,null,function*(){return e.json({ok:!0})}));import{alphabet as dt,generateRandomString as ut}from"oslo/crypto";import{z as G}from"zod";var at=(e,r)=>{let o={};for(let[n,t]of Object.entries(e))o[n]=i=>t(g(f({},i),{context:f(f({},r),i.context)})),o[n].path=t.path,o[n].method=t.method,o[n].options=t.options,o[n].headers=t.headers;return o};function Ce(e,r){return s(this,null,function*(){let o=yield e.context.internalAdapter.findAccounts(r.userId),n=o==null?void 0:o.find(a=>a.providerId==="credential"),t=n==null?void 0:n.password;return!n||!t?!1:yield e.context.password.verify(t,r.password)})}var Ee=c("/sign-up/email",{method:"POST",query:G.object({currentURL:G.string().optional()}).optional(),body:G.object({name:G.string(),email:G.string(),password:G.string(),image:G.string().optional(),callbackURL:G.string().optional()})},e=>s(void 0,null,function*(){var y,R,I,S;if(!((y=e.context.options.emailAndPassword)!=null&&y.enabled))return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:r,email:o,password:n,image:t}=e.body;if(!G.string().email().safeParse(o).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let a=e.context.password.config.minPasswordLength;if(n.length<a)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let d=e.context.password.config.maxPasswordLength;if(n.length>d)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=yield e.context.internalAdapter.findUserByEmail(o),l=yield e.context.password.hash(n);if(u!=null&&u.user)return e.json(null,{status:400,body:{message:"User already exists"}});let m=yield e.context.internalAdapter.createUser({id:ut(32,dt("a-z","0-9","A-Z")),email:o.toLowerCase(),name:r,image:t,emailVerified:!1,createdAt:new Date,updatedAt:new Date});if(!m)return e.json(null,{status:400,body:{message:"Could not create user"}});yield e.context.internalAdapter.linkAccount({id:ut(32,dt("a-z","0-9","A-Z")),userId:m.id,providerId:"credential",accountId:m.id,password:l});let p=yield e.context.internalAdapter.createSession(m.id,e.request);if(!p)return e.json(null,{status:400,body:{message:"Could not create session"}});if(yield T(e,p.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let _=yield ne(e.context.secret,m.email),k=`${e.context.baseURL}/verify-email?token=${_}&callbackURL=${e.body.callbackURL||((R=e.query)==null?void 0:R.currentURL)||"/"}`;yield(S=(I=e.context.options.emailAndPassword).sendVerificationEmail)==null?void 0:S.call(I,m.email,k,_)}return e.json({user:m,session:p},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:m,session:p}})}));var _e={};Jt(_e,{AccessControl:()=>ie,ParsingError:()=>Q,Role:()=>ee,adminAc:()=>mt,createAccessControl:()=>ct,defaultAc:()=>pe,defaultRoles:()=>ze,defaultStatements:()=>lt,memberAc:()=>ft,ownerAc:()=>pt,permissionFromString:()=>to});var Q=class extends Error{constructor(o,n){super(o);ae(this,"path");this.path=n}},ie=class{constructor(r){this.s=r;ae(this,"statements");this.statements=r}newRole(r){return new ee(r)}},ee=class e{constructor(r){ae(this,"statements");this.statements=r}authorize(r,o){for(let[n,t]of Object.entries(r)){let i=this.statements[n];if(!i)return{success:!1,error:`You are not allowed to access resource: ${n}`};let a=o==="OR"?t.some(d=>i.includes(d)):t.every(d=>i.includes(d));return a?{success:a}:{success:!1,error:`unauthorized to access resource "${n}"`}}return{success:!1,error:"Not authorized"}}static fromString(r){let o=JSON.parse(r);if(typeof o!="object")throw new Q("statements is not an object",".");for(let[n,t]of Object.entries(o)){if(typeof n!="string")throw new Q("invalid resource identifier",n);if(!Array.isArray(t))throw new Q("actions is not an array",n);for(let i=0;i<t.length;i++)if(typeof t[i]!="string")throw new Q("action is not a string",`${n}[${i}]`)}return new e(o)}toString(){return JSON.stringify(this.statements)}};var ct=e=>new ie(e),lt={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},pe=ct(lt),mt=pe.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),pt=pe.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),ft=pe.newRole({organization:[],member:[],invitation:[]}),ze={admin:mt,owner:pt,member:ft};var to=e=>ee.fromString(e!=null?e:"");var ro={findFullOrganization:(e,r)=>s(void 0,null,function*(){let o=yield r==null?void 0:r.selectFrom("organization").leftJoin("member","organization.id","member.organizationId").leftJoin("invitation","organization.id","invitation.organizationId").leftJoin("user","member.userId","user.id").where("organization.id","=",e).select(["organization.id as org_id","organization.name as org_name","organization.slug as org_slug","organization.logo as org_logo","organization.metadata as org_metadata","organization.createdAt as org_createdAt","member.id as member_id","member.userId as member_user_id","member.role as member_role","member.createdAt as member_createdAt","invitation.id as invitation_id","invitation.email as invitation_email","invitation.status as invitation_status","invitation.expiresAt as invitation_expiresAt","invitation.role as invitation_role","invitation.inviterId as invitation_inviterId","user.id as user_id","user.name as user_name","user.email as user_email","user.image as user_image"]).execute();if(!o||o.length===0)return null;let n={id:o[0].org_id,name:o[0].org_name,slug:o[0].org_slug,logo:o[0].org_logo,metadata:o[0].org_metadata?JSON.parse(o[0].org_metadata):void 0,createdAt:o[0].org_createdAt,members:[],invitations:[]};return o.forEach(t=>{t.member_id&&(n.members.find(a=>a.id===t.member_id)||n.members.push({id:t.member_id,userId:t.member_user_id,role:t.member_role,createdAt:t.member_createdAt,user:{id:t.user_id,name:t.user_name,email:t.user_email,image:t.user_image},email:t.user_email,organizationId:t.org_id})),t.invitation_id&&n.invitations.push({id:t.invitation_id,email:t.invitation_email,status:t.invitation_status,expiresAt:t.invitation_expiresAt,organizationId:t.org_id,role:t.invitation_role,inviterId:t.invitation_inviterId})}),n})},O=(e,r)=>({findOrganizationBySlug:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"slug",value:o}]})}),createOrganization:o=>s(void 0,null,function*(){let n=yield e.create({model:"organization",data:g(f({},o.organization),{metadata:o.organization.metadata?JSON.stringify(o.organization.metadata):void 0})}),t=yield e.create({model:"member",data:{id:H(),organizationId:n.id,userId:o.user.id,createdAt:new Date,email:o.user.email,role:(r==null?void 0:r.creatorRole)||"owner"}});return g(f({},n),{metadata:n.metadata?JSON.parse(n.metadata):void 0,members:[g(f({},t),{user:{id:o.user.id,name:o.user.name,email:o.user.email,image:o.user.image}})]})}),findMemberByEmail:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberByOrgId:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"userId",value:o.userId},{field:"organizationId",value:o.organizationId}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),findMemberById:o=>s(void 0,null,function*(){let n=yield e.findOne({model:"member",where:[{field:"id",value:o}]});if(!n)return null;let t=yield e.findOne({model:"user",where:[{field:"id",value:n.userId}]});return t?g(f({},n),{user:{id:t.id,name:t.name,email:t.email,image:t.image}}):null}),createMember:o=>s(void 0,null,function*(){return yield e.create({model:"member",data:o})}),updateMember:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"member",where:[{field:"id",value:o}],update:{role:n}})}),deleteMember:o=>s(void 0,null,function*(){return yield e.delete({model:"member",where:[{field:"id",value:o}]})}),updateOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"organization",where:[{field:"id",value:o}],update:n})}),deleteOrganization:o=>s(void 0,null,function*(){let n=yield e.delete({model:"organization",where:[{field:"id",value:o}]});return o}),setActiveOrganization:(o,n)=>s(void 0,null,function*(){return yield e.update({model:"session",where:[{field:"id",value:o}],update:{activeOrganizationId:n}})}),findOrganizationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"organization",where:[{field:"id",value:o}]})}),findFullOrganization:(o,n)=>s(void 0,null,function*(){function t(){return s(this,null,function*(){let i=yield e.findOne({model:"organization",where:[{field:"id",value:o}]}),a=yield e.findMany({model:"invitation",where:[{field:"organizationId",value:o}]}),d=yield e.findMany({model:"member",where:[{field:"organizationId",value:o}]}),u=yield Promise.all(d.map(m=>s(this,null,function*(){let p=yield e.findOne({model:"user",where:[{field:"id",value:m.userId}]});if(!p)throw new C("Unexpected error: User not found for member");return g(f({},m),{user:{id:p.id,name:p.name,email:p.email,image:p.image}})})));return g(f({},i),{invitations:a,members:u})})}return n?ro.findFullOrganization(o,n):t()}),listOrganizations:o=>s(void 0,null,function*(){let n=yield e.findMany({model:"member",where:[{field:"userId",value:o}]}),t=n==null?void 0:n.map(a=>a.organizationId);if(!t)return[];let i=[];for(let a of t){let d=yield e.findOne({model:"organization",where:[{field:"id",value:a}]});d&&i.push(d)}return i}),createInvitation:t=>s(void 0,[t],function*({invitation:o,user:n}){let a=ue((r==null?void 0:r.invitationExpiresIn)||1728e5);return yield e.create({model:"invitation",data:{id:H(),email:o.email,role:o.role,organizationId:o.organizationId,status:"pending",expiresAt:a,inviterId:n.id}})}),findInvitationById:o=>s(void 0,null,function*(){return yield e.findOne({model:"invitation",where:[{field:"id",value:o}]})}),findPendingInvitation:o=>s(void 0,null,function*(){return(yield e.findMany({model:"invitation",where:[{field:"email",value:o.email},{field:"organizationId",value:o.organizationId},{field:"status",value:"pending"}]})).filter(t=>new Date(t.expiresAt)>new Date)}),updateInvitation:o=>s(void 0,null,function*(){return yield e.update({model:"invitation",where:[{field:"id",value:o.invitationId}],update:{status:o.status}})})});import"better-call";import{APIError as ld,createRouter as md}from"better-call";import{APIError as gt}from"better-call";import{z as yt}from"zod";var oo=M({body:yt.object({csrfToken:yt.string().optional()}).optional()},e=>s(void 0,null,function*(){var d,u,l,m;if(((d=e.request)==null?void 0:d.method)!=="POST"||(u=e.context.options.advanced)!=null&&u.disableCSRFCheck)return;let r=new URL(e.request.url);if(r.origin===new URL(e.context.baseURL).origin||(l=e.context.options.trustedOrigins)!=null&&l.includes(r.origin))return;let o=(m=e.body)==null?void 0:m.csrfToken,n=yield e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[t,i]=(n==null?void 0:n.split("!"))||[null,null];if(!o||!n||!t||!i||n!==o)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=yield F(e.context.secret,t);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new gt("UNAUTHORIZED",{message:"Invalid CSRF Token"})}));import Od from"chalk";var P=M(e=>s(void 0,null,function*(){return{}})),U=M({use:[A]},e=>s(void 0,null,function*(){return{session:e.context.session}}));import{z as x}from"zod";import{z as w}from"zod";var fe=w.enum(["admin","member","owner"]),no=w.enum(["pending","accepted","rejected","canceled"]).default("pending"),Md=w.object({id:w.string(),name:w.string(),slug:w.string(),logo:w.string().optional(),metadata:w.record(w.string()).or(w.string().transform(e=>JSON.parse(e))).optional(),createdAt:w.date()}),Fd=w.object({id:w.string(),email:w.string(),organizationId:w.string(),userId:w.string(),role:fe,createdAt:w.date()}),Dd=w.object({id:w.string(),organizationId:w.string(),email:w.string(),role:fe,status:no,inviterId:w.string(),expiresAt:w.date()});var ht=c("/organization/invite-member",{method:"POST",use:[P,U],body:x.object({email:x.string(),role:fe,organizationId:x.string().optional(),resend:x.boolean().optional()})},e=>s(void 0,null,function*(){var p,y;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({invitation:["create"]}).error)return e.json(null,{body:{message:"You are not allowed to invite users to this organization"},status:403});if(yield n.findMemberByEmail({email:e.body.email,organizationId:o}))return e.json(null,{status:400,body:{message:"User is already a member of this organization"}});if((yield n.findPendingInvitation({email:e.body.email,organizationId:o})).length&&!e.body.resend)return e.json(null,{status:400,body:{message:"User is already invited to this organization"}});let l=yield n.createInvitation({invitation:{role:e.body.role,email:e.body.email,organizationId:o},user:r.user}),m=yield n.findOrganizationById(o);return m?(yield(y=(p=e.context.orgOptions).sendInvitationEmail)==null?void 0:y.call(p,{id:l.id,role:l.role,email:l.email,organization:m,inviter:g(f({},t),{user:r.user})},e.request),e.json(l)):e.json(null,{status:400,body:{message:"Organization not found!"}})})),wt=c("/organization/accept-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"accepted"}),i=yield o.createMember({id:H(),organizationId:n.organizationId,userId:r.user.id,email:n.email,role:n.role,createdAt:new Date});return yield o.setActiveOrganization(r.session.id,n.organizationId),t?e.json({invitation:t,member:i}):e.json(null,{status:400,body:{message:"Invitation not found!"}})})),bt=c("/organization/reject-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n||n.expiresAt<new Date||n.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.updateInvitation({invitationId:e.body.invitationId,status:"rejected"});return e.json({invitation:t,member:null})})),At=c("/organization/cancel-invitation",{method:"POST",body:x.object({invitationId:x.string()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.body.invitationId);if(!n)return e.json(null,{status:400,body:{message:"Invitation not found!"}});let t=yield o.findMemberByOrgId({userId:r.user.id,organizationId:n.organizationId});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization"}});if(e.context.roles[t.role].authorize({invitation:["cancel"]}).error)return e.json(null,{status:403,body:{message:"You are not allowed to cancel this invitation"}});let a=yield o.updateInvitation({invitationId:e.body.invitationId,status:"canceled"});return e.json(a)})),kt=c("/organization/get-invitation",{method:"GET",use:[P],requireHeaders:!0,query:x.object({id:x.string()})},e=>s(void 0,null,function*(){let r=yield $(e);if(!r)return e.json(null,{status:400,body:{message:"User not logged in"}});let o=O(e.context.adapter,e.context.orgOptions),n=yield o.findInvitationById(e.query.id);if(!n||n.status!=="pending"||n.expiresAt<new Date)return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(n.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let t=yield o.findOrganizationById(n.organizationId);if(!t)return e.json(null,{status:400,body:{message:"Organization not found!"}});let i=yield o.findMemberByOrgId({userId:n.inviterId,organizationId:n.organizationId});return i?e.json(g(f({},n),{organizationName:t.name,organizationSlug:t.slug,inviterEmail:i.email})):e.json(null,{status:400,body:{message:"Inviter is no longer a member of this organization"}})}));import{z as Y}from"zod";var Ot=c("/organization/remove-member",{method:"POST",body:Y.object({memberIdOrEmail:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){var m;let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});let a=r.user.email===e.body.memberIdOrEmail||t.id===e.body.memberIdOrEmail;if(a&&t.role===(((m=e.context.orgOptions)==null?void 0:m.creatorRole)||"owner"))return e.json(null,{status:400,body:{message:"You cannot leave the organization as the owner"}});if(!(a||i.authorize({member:["delete"]}).success))return e.json(null,{body:{message:"You are not allowed to delete this member"},status:403});let l=null;return e.body.memberIdOrEmail.includes("@")?l=yield n.findMemberByEmail({email:e.body.memberIdOrEmail,organizationId:o}):l=yield n.findMemberById(e.body.memberIdOrEmail),(l==null?void 0:l.organizationId)!==o?e.json(null,{status:400,body:{message:"Member not found!"}}):(yield n.deleteMember(l.id),r.user.id===l.userId&&r.session.activeOrganizationId===l.organizationId&&(yield n.setActiveOrganization(r.session.id,null)),e.json({member:l}))})),vt=c("/organization/update-member-role",{method:"POST",body:Y.object({role:Y.enum(["admin","member","owner"]),memberId:Y.string(),organizationId:Y.string().optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.body.organizationId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"No active organization found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({member:["update"]}).error||e.body.role==="owner"&&t.role!=="owner")return e.json(null,{body:{message:"You are not allowed to update this member"},status:403});let d=yield n.updateMember(e.body.memberId,e.body.role);return d?e.json(d):e.json(null,{status:400,body:{message:"Member not found!"}})}));import{z as v}from"zod";var It=c("/organization/create",{method:"POST",body:v.object({name:v.string(),slug:v.string(),userId:v.string().optional(),logo:v.string().optional(),metadata:v.record(v.string()).optional()}),use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session.user;if(!r)return e.json(null,{status:401});let o=e.context.orgOptions;if(!(typeof(o==null?void 0:o.allowUserToCreateOrganization)=="function"?yield o.allowUserToCreateOrganization(r):(o==null?void 0:o.allowUserToCreateOrganization)===void 0?!0:o.allowUserToCreateOrganization))return e.json(null,{status:403,body:{message:"You are not allowed to create organizations"}});let t=O(e.context.adapter,o),i=yield t.listOrganizations(r.id);if(typeof o.organizationLimit=="number"?i.length>=o.organizationLimit:typeof o.organizationLimit=="function"?yield o.organizationLimit(r):!1)return e.json(null,{status:403,body:{message:"You have reached the maximum number of organizations"}});if(yield t.findOrganizationBySlug(e.body.slug))return e.json(null,{status:400,body:{message:"Organization with this slug already exists"}});let u=yield t.createOrganization({organization:{id:H(),slug:e.body.slug,name:e.body.name,logo:e.body.logo,createdAt:new Date,metadata:e.body.metadata},user:r});return e.json(u)})),Rt=c("/organization/update",{method:"POST",body:v.object({data:v.object({name:v.string().optional(),slug:v.string().optional()}).partial(),orgId:v.string().optional()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({organization:["update"]}).error)return e.json(null,{body:{message:"You are not allowed to update this organization"},status:403});let d=yield n.updateOrganization(o,e.body.data);return e.json(d)})),Tt=c("/organization/delete",{method:"POST",body:v.object({orgId:v.string()}),requireHeaders:!0,use:[P]},e=>s(void 0,null,function*(){let r=yield e.context.getSession(e);if(!r)return e.json(null,{status:401});let o=e.body.orgId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=O(e.context.adapter,e.context.orgOptions),t=yield n.findMemberByOrgId({userId:r.user.id,organizationId:o});if(!t)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[t.role];return i?i.authorize({organization:["delete"]}).error?e.json(null,{body:{message:"You are not allowed to delete this organization"},status:403}):(o===r.session.activeOrganizationId&&(yield n.setActiveOrganization(r.session.id,null)),yield n.deleteOrganization(o),e.json(o)):e.json(null,{status:400,body:{message:"Role not found!"}})})),Pt=c("/organization/get-full",{method:"GET",query:v.object({orgId:v.string().optional()}),requireHeaders:!0,use:[P,U]},e=>s(void 0,null,function*(){let r=e.context.session,o=e.query.orgId||r.session.activeOrganizationId;if(!o)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let t=yield O(e.context.adapter,e.context.orgOptions).findFullOrganization(o,e.context.db);return t?e.json(t):e.json(null,{status:404,body:{message:"Organization not found!"}})})),St=c("/organization/activate",{method:"POST",body:v.object({orgId:v.string().nullable().optional()}),use:[U,P]},e=>s(void 0,null,function*(){let r=O(e.context.adapter,e.context.orgOptions),o=e.context.session,n=e.body.orgId;if(n===null)return o.session.activeOrganizationId&&(yield r.setActiveOrganization(o.session.id,null)),e.json(null);if(!n){let a=o.session.activeOrganizationId;if(!a)return e.json(null);n=a}if(!(yield r.findMemberByOrgId({userId:o.user.id,organizationId:n})))return yield r.setActiveOrganization(o.session.id,null),e.json(null,{status:400,body:{message:"You are not a member of this organization"}});yield r.setActiveOrganization(o.session.id,n);let i=yield r.findFullOrganization(n,e.context.db);return e.json(i)})),Ut=c("/organization/list",{method:"GET",use:[P,U]},e=>s(void 0,null,function*(){let o=yield O(e.context.adapter,e.context.orgOptions).listOrganizations(e.context.session.user.id);return e.json(o)}));var ku=e=>{let r={createOrganization:It,updateOrganization:Rt,deleteOrganization:Tt,setActiveOrganization:St,getFullOrganization:Pt,listOrganization:Ut,createInvitation:ht,cancelInvitation:At,acceptInvitation:wt,getInvitation:kt,rejectInvitation:bt,removeMember:Ot,updateMemberRole:vt},o=f(f({},ze),e==null?void 0:e.roles),n=at(r,{orgOptions:e||{},roles:o,getSession:t=>s(void 0,null,function*(){return yield $(t)})});return{id:"organization",endpoints:g(f({},n),{hasPermission:c("/organization/has-permission",{method:"POST",requireHeaders:!0,body:se.object({permission:se.record(se.string(),se.array(se.string()))}),use:[U]},t=>s(void 0,null,function*(){if(!t.context.session.session.activeOrganizationId)throw new Ct("BAD_REQUEST",{message:"No active organization"});let a=yield O(t.context.adapter).findMemberByOrgId({userId:t.context.session.user.id,organizationId:t.context.session.session.activeOrganizationId||""});if(!a)throw new Ct("UNAUTHORIZED",{message:"You are not a member of this organization"});let u=o[a.role].authorize(t.body.permission);return u.error?t.json({error:u.error,success:!1},{status:403}):t.json({error:null,success:!0})}))}),schema:{session:{fields:{activeOrganizationId:{type:"string",required:!1}}},organization:{fields:{name:{type:"string"},slug:{type:"string",unique:!0},logo:{type:"string",required:!1},createdAt:{type:"date",required:!0},metadata:{type:"string",required:!1}}},member:{fields:{organizationId:{type:"string",required:!0},userId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!0,defaultValue:"member"},createdAt:{type:"date",required:!0}}},invitation:{fields:{organizationId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!1},status:{type:"string",required:!0,defaultValue:"pending"},expiresAt:{type:"date",required:!0},inviterId:{type:"string",references:{model:"user",field:"id"}}}}},$Infer:{Organization:{},Invitation:{},Member:{},ActiveOrganization:{}}}};import{alphabet as fo,generateRandomString as go}from"oslo/crypto";import{z as be}from"zod";import{alphabet as io,generateRandomString as so}from"oslo/crypto";import{z as he}from"zod";import{APIError as te}from"better-call";var ge="two-factor";var ye="trust-device";import{z as je}from"zod";var X=M({body:je.object({trustDevice:je.boolean().optional(),callbackURL:je.string().optional()})},e=>s(void 0,null,function*(){let r=e.context.createAuthCookie(ge),o=yield e.getSignedCookie(r.name,e.context.secret);if(!o)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let[n,t]=o.split("!");if(!n||!t)throw new te("UNAUTHORIZED",{message:"invalid two factor cookie"});let i=yield e.context.adapter.findMany({model:"session",where:[{field:"userId",value:n}]});if(!i.length)throw new te("UNAUTHORIZED",{message:"invalid session"});let a=i.filter(d=>d.expiresAt>new Date);if(!a)throw new te("UNAUTHORIZED",{message:"invalid session"});for(let d of a){let u=yield F(e.context.secret,d.id),l=yield e.context.adapter.findOne({model:"user",where:[{field:"id",value:d.userId}]});if(!l)throw new te("UNAUTHORIZED",{message:"invalid session"});if(u===t)return{valid:()=>s(void 0,null,function*(){if(yield T(e,d.id,!1),e.body.trustDevice){let m=e.context.createAuthCookie(ye,{maxAge:2592e3}),p=yield F(e.context.secret,`${l.id}!${d.id}`);yield e.setSignedCookie(m.name,`${p}!${d.id}`,e.context.secret,m.options)}return e.body.callbackURL?e.json({status:!0,callbackURL:e.body.callbackURL,redirect:!0}):e.json({status:!0})}),invalid:()=>s(void 0,null,function*(){return e.json({status:!1},{status:401,body:{message:"Invalid code"}})}),session:{id:d.id,userId:d.userId,expiresAt:d.expiresAt,user:l}}}throw new te("UNAUTHORIZED",{message:"invalid two factor authentication"})}));function ao(e){var r;return Array.from({length:(r=e==null?void 0:e.amount)!=null?r:10}).fill(null).map(()=>{var o;return so((o=e==null?void 0:e.length)!=null?o:10,io("a-z","0-9"))}).map(o=>`${o.slice(0,5)}-${o.slice(5)}`)}function Le(e,r){return s(this,null,function*(){let o=e,n=r!=null&&r.customBackupCodesGenerate?r.customBackupCodesGenerate():ao(),t=le({data:JSON.stringify(n),key:o});return{backupCodes:n,encryptedBackupCodes:t}})}function uo(e,r){return s(this,null,function*(){let o=yield Et(e.user,r);return o?o.includes(e.code):!1})}function Et(e,r){return s(this,null,function*(){let o=Buffer.from(yield me({key:r,data:e.twoFactorBackupCodes})).toString("utf-8"),n=JSON.parse(o),t=he.array(he.string()).safeParse(n);return t.success?t.data:null})}var zt=e=>({id:"backup_code",endpoints:{verifyBackupCode:c("/two-factor/verify-backup-code",{method:"POST",body:he.object({code:he.string()}),use:[X]},r=>s(void 0,null,function*(){return uo({user:r.context.session.user,code:r.body.code},r.context.secret)?r.json({status:!0}):r.json({status:!1},{status:401})})),generateBackupCodes:c("/two-factor/generate-backup-codes",{method:"POST",use:[A]},r=>s(void 0,null,function*(){let o=yield Le(r.context.secret,e);return yield r.context.adapter.update({model:"user",update:{twoFactorEnabled:!0,twoFactorBackupCodes:o.encryptedBackupCodes},where:[{field:"id",value:r.context.session.user.id}]}),r.json({status:!0,backupCodes:o.backupCodes})})),viewBackupCodes:c("/view/backup-codes",{method:"GET",use:[A]},r=>s(void 0,null,function*(){let o=r.context.session.user,n=Et(o,r.context.secret);return r.json({status:!0,backupCodes:n})}))}});import{APIError as _t}from"better-call";import"oslo/crypto";import{TOTPController as co}from"oslo/otp";import{z as jt}from"zod";import{TimeSpan as lo}from"oslo";var Lt=e=>{let r={period:new lo((e==null?void 0:e.period)||3,"m")},o=new co({digits:6,period:r.period}),n=c("/two-factor/send-otp",{method:"POST",use:[X]},i=>s(void 0,null,function*(){if(!e||!e.sendOTP)throw i.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options."),new _t("BAD_REQUEST",{message:"otp isn't configured"});let a=i.context.session.user,d=yield o.generate(Buffer.from(a.twoFactorSecret));return yield e.sendOTP(a,d),i.json({status:!0})})),t=c("/two-factor/verify-otp",{method:"POST",body:jt.object({code:jt.string()}),use:[X]},i=>s(void 0,null,function*(){let a=i.context.session.user;if(!a.twoFactorEnabled)throw new _t("BAD_REQUEST",{message:"two factor isn't enabled"});return(yield o.generate(Buffer.from(a.twoFactorSecret)))===i.body.code?i.context.valid():i.context.invalid()}));return{id:"otp",endpoints:{send2FaOTP:n,verifyOTP:t}}};import{APIError as we}from"better-call";import{TimeSpan as mo}from"oslo";import{TOTPController as xt,createTOTPKeyURI as po}from"oslo/otp";import{z as xe}from"zod";var Bt=e=>{let r={digits:6,period:new mo((e==null?void 0:e.period)||30,"s")},o=c("/totp/generate",{method:"POST",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;return{code:yield new xt(r).generate(Buffer.from(a.twoFactorSecret))}})),n=c("/two-factor/get-totp-uri",{method:"GET",use:[A]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=i.context.session.user;if(!a.twoFactorSecret)throw new we("BAD_REQUEST",{message:"totp isn't enabled"});return{totpURI:po((e==null?void 0:e.issuer)||"BetterAuth",a.email,Buffer.from(a.twoFactorSecret),r)}})),t=c("/two-factor/verify-totp",{method:"POST",body:xe.object({code:xe.string(),callbackURL:xe.string().optional()}),use:[X]},i=>s(void 0,null,function*(){if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new we("BAD_REQUEST",{message:"totp isn't configured"});let a=new xt(r),d=Buffer.from(yield me({key:i.context.secret,data:i.context.session.user.twoFactorSecret}));return(yield a.verify(i.body.code,d))?i.context.valid():i.context.invalid()}));return{id:"totp",endpoints:{generateTOTP:o,viewTOTPURI:n,verifyTOTP:t}}};var mc=(e={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:o=>o==="/two-factor/enable"||o==="/two-factor/send-otp"||o==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{onSuccess(o){return s(this,null,function*(){var n;(n=o.data)!=null&&n.twoFactorRedirect&&(e.redirect||e.twoFactorPage)&&typeof window!="undefined"&&(window.location.href=e.twoFactorPage)})}}}]});var Rc=e=>{let r=Bt(f({issuer:(e==null?void 0:e.issuer)||"better-auth"},e==null?void 0:e.totpOptions)),o=zt(e==null?void 0:e.backupCodeOptions),n=Lt(e==null?void 0:e.otpOptions);return{id:"two-factor",endpoints:g(f(f(f({},r.endpoints),n.endpoints),o.endpoints),{enableTwoFactor:c("/two-factor/enable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;if(!(yield Ce(t,{password:a,userId:i.id})))return t.json({status:!1},{status:400,body:{message:"Invalid password"}});let u=go(16,fo("a-z","0-9","-")),l=le({key:t.context.secret,data:u}),m=yield Le(t.context.secret,e==null?void 0:e.backupCodeOptions);return yield t.context.adapter.update({model:"user",update:{twoFactorSecret:l,twoFactorEnabled:!0,twoFactorBackupCodes:m.encryptedBackupCodes},where:[{field:"id",value:i.id}]}),t.json({status:!0})})),disableTwoFactor:c("/two-factor/disable",{method:"POST",body:be.object({password:be.string().min(8)}),use:[A]},t=>s(void 0,null,function*(){let i=t.context.session.user,{password:a}=t.body;return(yield Ce(t,{password:a,userId:i.id}))?(yield t.context.adapter.update({model:"user",update:{twoFactorEnabled:!1},where:[{field:"id",value:i.id}]}),t.json({status:!0})):t.json({status:!1},{status:400,body:{message:"Invalid password"}})}))}),options:e,hooks:{after:[{matcher(t){return t.path==="/sign-in/email"||t.path==="/sign-in/username"},handler:M(t=>s(void 0,null,function*(){let i=t.context.returned;if((i==null?void 0:i.status)!==200)return;let a=yield i.clone().json();if(!a.user.twoFactorEnabled)return;let d=t.context.createAuthCookie(ye,{maxAge:30*24*60*60}),u=yield t.getSignedCookie(d.name,t.context.secret);if(u){let[y,R]=u.split("!"),I=yield F(t.context.secret,`${a.user.id}!${R}`);if(y===I){let S=yield F(t.context.secret,`${a.user.id}!${a.session.id}`);yield t.setSignedCookie(d.name,`${S}!${a.session.id}`,t.context.secret,d.options);return}}t.setCookie(t.context.authCookies.sessionToken.name,"",{path:"/",sameSite:"lax",httpOnly:!0,secure:!1,maxAge:0});let l=yield F(t.context.secret,a.session.id),m=t.context.createAuthCookie(ge,{maxAge:60*60*24});return yield t.setSignedCookie(m.name,`${a.session.userId}!${l}`,t.context.secret,m.options),{response:new Response(JSON.stringify({twoFactorRedirect:!0}),{headers:t.responseHeader})}}))}]},schema:{user:{fields:{twoFactorEnabled:{type:"boolean",required:!1,defaultValue:!1},twoFactorSecret:{type:"string",required:!1,returned:!1},twoFactorBackupCodes:{type:"string",required:!1,returned:!1}}}},rateLimit:[{pathMatcher(t){return t.startsWith("/two-factor/")},window:10,max:3}]}};import{generateAuthenticationOptions as vo,generateRegistrationOptions as Io,verifyAuthenticationResponse as Ro,verifyRegistrationResponse as To}from"@simplewebauthn/server";import{APIError as Po}from"better-call";import{alphabet as Mt,generateRandomString as Ft}from"oslo/crypto";import{z as q}from"zod";import{WebAuthnError as wo,startAuthentication as bo,startRegistration as Ao}from"@simplewebauthn/browser";import{createFetch as Mc}from"@better-fetch/fetch";import"nanostores";import{betterFetch as Cc}from"@better-fetch/fetch";import{atom as Xc}from"nanostores";import"@better-fetch/fetch";import{atom as yo,onMount as ho}from"nanostores";var Be=(e,r,o,n)=>{let t=yo({data:null,error:null,isPending:!1}),i=()=>{let d=typeof n=="function"?n({data:t.get().data,error:t.get().error,isPending:t.get().isPending}):n;return o(r,g(f({},d),{onSuccess:l=>s(void 0,null,function*(){var m;t.set({data:l.data,error:null,isPending:!1}),yield(m=d==null?void 0:d.onSuccess)==null?void 0:m.call(d,l)}),onError(l){return s(this,null,function*(){var m;t.set({error:l.error,data:null,isPending:!1}),yield(m=d==null?void 0:d.onError)==null?void 0:m.call(d,l)})},onRequest(l){return s(this,null,function*(){var p;let m=t.get();t.set({isPending:!0,data:m.data,error:m.error}),yield(p=d==null?void 0:d.onRequest)==null?void 0:p.call(d,l)})}}))};e=Array.isArray(e)?e:[e];let a=!1;for(let d of e)d.subscribe(()=>{a?i():ho(t,()=>(i(),a=!0,()=>{t.off(),d.off()}))});return t};import{atom as ko}from"nanostores";var Oo=(e,{_listPasskeys:r})=>({signIn:{passkey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-authenticate-options",{method:"POST",body:{email:t==null?void 0:t.email,callbackURL:t==null?void 0:t.callbackURL}});if(!a.data)return a;try{let d=yield bo(a.data,(t==null?void 0:t.autoFill)||!1),u=yield e("/passkey/verify-authentication",f(f({body:{response:d}},t==null?void 0:t.fetchOptions),i));if(!u.data)return u}catch(d){console.log(d)}})},passkey:{addPasskey:(t,i)=>s(void 0,null,function*(){let a=yield e("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let d=yield Ao(a.data),u=yield e("/passkey/verify-registration",g(f(f({},t==null?void 0:t.fetchOptions),i),{body:{response:d,name:t==null?void 0:t.name}}));if(!u.data)return u;r.set(Math.random())}catch(d){return d instanceof wo?d.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:d.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:d instanceof Error?d.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}})},$Infer:{}}),kl=()=>{let e=ko();return{id:"passkey",$InferServerPlugin:{},getActions:r=>Oo(r,{_listPasskeys:e}),getAtoms(r){return{listPasskeys:Be(e,"/passkey/list-user-passkeys",r,{method:"GET",credentials:"include"}),_listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(r){return r==="/passkey/verify-registration"||r==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var _l=e=>{let r=process.env.BETTER_AUTH_URL,o=(e==null?void 0:e.rpID)||(r==null?void 0:r.replace("http://","").replace("https://","").replace(":3000",""))||"localhost";if(!o)throw new C("passkey rpID not found. Please provide a rpID in the options or set the BETTER_AUTH_URL environment variable.");let n=g(f({origin:null},e),{rpID:o,advanced:f({webAuthnChallengeCookie:"better-auth-passkey"},e==null?void 0:e.advanced)}),t=60*60*24;return{id:"passkey",endpoints:{generatePasskeyRegistrationOptions:c("/passkey/generate-register-options",{method:"GET",use:[A],metadata:{client:!1}},i=>s(void 0,null,function*(){let a=i.context.session,d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}),u=new Uint8Array(Buffer.from(Ft(32,Mt("a-z","0-9")))),l;l=yield Io({rpName:n.rpName||i.context.appName,rpID:n.rpID,userID:u,userName:a.user.email||a.user.id,attestationType:"none",excludeCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}}),authenticatorSelection:{residentKey:"preferred",userVerification:"preferred",authenticatorAttachment:"platform"}});let m={expectedChallenge:l.challenge,userData:{id:a.user.id}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(m),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(l,{status:200})})),generatePasskeyAuthenticationOptions:c("/passkey/generate-authenticate-options",{method:"POST",body:q.object({email:q.string().optional(),callbackURL:q.string().optional()}).optional()},i=>s(void 0,null,function*(){var m;let a=yield $(i),d=[];a&&(d=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:a.user.id}]}));let u=yield vo(f({rpID:n.rpID,userVerification:"preferred"},d.length?{allowCredentials:d.map(p=>{var y;return{id:p.id,transports:(y=p.transports)==null?void 0:y.split(",")}})}:{})),l={expectedChallenge:u.challenge,callbackURL:(m=i.body)==null?void 0:m.callbackURL,userData:{id:(a==null?void 0:a.user.id)||""}};return yield i.setSignedCookie(n.advanced.webAuthnChallengeCookie,JSON.stringify(l),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:t}),i.json(u,{status:200})})),verifyPasskeyRegistration:c("/passkey/verify-registration",{method:"POST",body:q.object({response:q.any(),name:q.string().optional()}),use:[A]},i=>s(void 0,null,function*(){var p;let a=(e==null?void 0:e.origin)||((p=i.headers)==null?void 0:p.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{userData:l,expectedChallenge:m}=JSON.parse(u);if(l.id!==i.context.session.user.id)throw new Po("UNAUTHORIZED",{message:"You are not authorized to register this passkey"});try{let y=yield To({response:d,expectedChallenge:m,expectedOrigin:a,expectedRPID:e==null?void 0:e.rpID}),{verified:R,registrationInfo:I}=y;if(!R||!I)return i.json(null,{status:400});let{credentialID:S,credentialPublicKey:_,counter:k,credentialDeviceType:z,credentialBackedUp:ke}=I,N=Buffer.from(_).toString("base64"),Me=Ft(32,Mt("a-z","0-9")),Nt={name:i.body.name,userId:l.id,webauthnUserID:Me,id:S,publicKey:N,counter:k,deviceType:z,transports:d.response.transports.join(","),backedUp:ke,createdAt:new Date},$t=yield i.context.adapter.create({model:"passkey",data:Nt});return i.json($t,{status:200})}catch(y){return console.log(y),i.json(null,{status:400,body:{message:"Registration failed"}})}})),verifyPasskeyAuthentication:c("/passkey/verify-authentication",{method:"POST",body:q.object({response:q.any()})},i=>s(void 0,null,function*(){var y,R;let a=(e==null?void 0:e.origin)||((y=i.headers)==null?void 0:y.get("origin"))||"";if(!a)return i.json(null,{status:400});let d=i.body.response,u=yield i.getSignedCookie(n.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{expectedChallenge:l,callbackURL:m}=JSON.parse(u),p=yield i.context.adapter.findOne({model:"passkey",where:[{field:"id",value:d.id}]});if(!p)return i.json(null,{status:401,body:{message:"Passkey not found"}});try{let I=yield Ro({response:d,expectedChallenge:l,expectedOrigin:a,expectedRPID:n.rpID,authenticator:{credentialID:p.id,credentialPublicKey:new Uint8Array(Buffer.from(p.publicKey,"base64")),counter:p.counter,transports:(R=p.transports)==null?void 0:R.split(",")}}),{verified:S}=I;if(!S)return i.json(null,{status:401,body:{message:"verification failed"}});yield i.context.adapter.update({model:"passkey",where:[{field:"id",value:p.id}],update:{counter:I.authenticationInfo.newCounter}});let _=yield i.context.internalAdapter.createSession(p.userId,i.request);return _?(yield T(i,_.id),m?i.json({url:m,redirect:!0,session:_}):i.json({session:_},{status:200})):i.json(null,{status:500,body:{message:"Failed to create session"}})}catch(I){return i.context.logger.error(I),i.json(null,{status:400,body:{message:"Authentication failed"}})}})),listPasskeys:c("/passkey/list-user-passkeys",{method:"GET",use:[A]},i=>s(void 0,null,function*(){let a=yield i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:i.context.session.user.id}]});return i.json(a,{status:200})})),deletePasskey:c("/passkey/delete-passkey",{method:"POST",body:q.object({id:q.string()}),use:[A]},i=>s(void 0,null,function*(){return yield i.context.adapter.delete({model:"passkey",where:[{field:"id",value:i.body.id}]}),i.json(null,{status:200})}))},schema:{passkey:{fields:{name:{type:"string",required:!1},publicKey:{type:"string"},userId:{type:"string",references:{model:"user",field:"id"}},webauthnUserID:{type:"string"},counter:{type:"number"},deviceType:{type:"string"},backedUp:{type:"boolean"},transports:{type:"string",required:!1},createdAt:{type:"date",defaultValue:new Date,required:!1}}}}}};import{z as B}from"zod";import{APIError as Ae}from"better-call";var Dt=()=>({id:"username",endpoints:{signInUsername:c("/sign-in/username",{method:"POST",body:B.object({username:B.string(),password:B.string(),dontRememberMe:B.boolean().optional(),callbackURL:B.string().optional()})},e=>s(void 0,null,function*(){let r=yield e.context.adapter.findOne({model:"user",where:[{field:"username",value:e.body.username}]});if(!r)throw yield e.context.password.hash(e.body.password),e.context.logger.error("User not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let o=yield e.context.adapter.findOne({model:"account",where:[{field:"userId",value:r.id},{field:"providerId",value:"credential"}]});if(!o)throw new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let n=o==null?void 0:o.password;if(!n)throw e.context.logger.error("Password not found",{username:Dt}),new Ae("UNAUTHORIZED",{message:"Unexpected error"});if(!(yield e.context.password.verify(n,e.body.password)))throw e.context.logger.error("Invalid password"),new Ae("UNAUTHORIZED",{message:"Invalid email or password"});let i=yield e.context.internalAdapter.createSession(r.id,e.request);return i?(yield e.setSignedCookie(e.context.authCookies.sessionToken.name,i.id,e.context.secret,e.body.dontRememberMe?g(f({},e.context.authCookies.sessionToken.options),{maxAge:void 0}):e.context.authCookies.sessionToken.options),e.json({user:r,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})):e.json(null,{status:500,body:{message:"Failed to create session",status:500}})})),signUpUsername:c("/sign-up/username",{method:"POST",body:B.object({username:B.string().min(3).max(20),name:B.string(),email:B.string().email(),password:B.string(),image:B.string().optional(),callbackURL:B.string().optional()})},e=>s(void 0,null,function*(){let r=yield Ee(g(f({},e),{_flag:void 0}));return r?(yield e.context.internalAdapter.updateUserByEmail(r.user.email,{username:e.body.username}),e.body.callbackURL?e.json(r,{body:f({url:e.body.callbackURL,redirect:!0},r)}):e.json(r)):e.json(null,{status:400,body:{message:"Sign up failed",status:400}})}))},schema:{user:{fields:{username:{type:"string",required:!1,unique:!0,returned:!0}}}}});import{serializeSigned as So}from"better-call";var Gl=()=>({id:"bearer",hooks:{before:[{matcher(e){var r,o;return((o=(r=e.request)==null?void 0:r.headers.get("authorization"))==null?void 0:o.startsWith("Bearer "))||!1},handler:e=>s(void 0,null,function*(){var t,i;let r=(i=(t=e.request)==null?void 0:t.headers.get("authorization"))==null?void 0:i.replace("Bearer ","");if(!r)throw new C("No token found");let o=e.headers||new Headers,n=yield So("",r,e.context.secret);o.set("cookie",`${e.context.authCookies.sessionToken.name}=${n.replace("=","")}`)})}]}});import{z as J}from"zod";import{APIError as qt}from"better-call";import{validateJWT as Uo}from"oslo/jwt";import"process";var sm=e=>({id:"magic-link",endpoints:{signInMagicLink:c("/sign-in/magic-link",{method:"POST",requireHeaders:!0,body:J.object({email:J.string().email(),callbackURL:J.string().optional(),currentURL:J.string().optional()})},r=>s(void 0,null,function*(){let{email:o}=r.body;if(!(yield r.context.internalAdapter.findUserByEmail(o)))throw new qt("UNAUTHORIZED",{message:"User not found"});let t=yield ne(r.context.secret,o),i=`${r.context.baseURL}/magic-link/verify?token=${t}&callbackURL=${r.body.callbackURL||r.body.currentURL}`;try{yield e.sendMagicLink({email:o,url:i,token:t})}catch(a){throw r.context.logger.error("Failed to send magic link",a),new qt("INTERNAL_SERVER_ERROR",{message:"Failed to send magic link"})}return r.json({status:!0})})),magicLinkVerify:c("/magic-link/verify",{method:"GET",query:J.object({token:J.string(),callbackURL:J.string().optional()}),requireHeaders:!0},r=>s(void 0,null,function*(){let{token:o,callbackURL:n}=r.query,t;try{t=yield Uo("HS256",Buffer.from(r.context.secret),o)}catch(l){if(r.context.logger.error("Failed to verify email",l),n)throw r.redirect(`${n}?error=INVALID_TOKEN`);return r.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let a=J.object({email:J.string().email()}).parse(t.payload),d=yield r.context.internalAdapter.findUserByEmail(a.email);if(!d){if(n)throw r.redirect(`${n}?error=USER_NOT_FOUND`);return r.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}})}let u=yield r.context.internalAdapter.createSession(d.user.id,r.headers);if(!u){if(n)throw r.redirect(`${n}?error=SESSION_NOT_CREATED`);return r.json(null,{status:400,statusText:"SESSION NOT CREATED",body:{message:"Failed to create session"}})}if(yield T(r,u.id),!n)return r.json({status:!0});throw r.redirect(n)}))}});export{K as HIDE_METADATA,_e as ac,Gl as bearer,c as createAuthEndpoint,M as createAuthMiddleware,Oo as getPasskeyActions,sm as magicLink,Ne as optionsMiddleware,ku as organization,_l as passkey,kl as passkeyClient,Rc as twoFactor,mc as twoFactorClient,Dt as username};
+</html>`,qr=d("/error",{method:"GET",metadata:$},async e=>{let r=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Nr(r),{headers:{"Content-Type":"text/html"}})});var $r=d("/ok",{method:"GET",metadata:$},async e=>e.json({ok:!0}));import{alphabet as Qe,generateRandomString as Ye}from"oslo/crypto";import{z as N}from"zod";var Ze=(e,r)=>{let t={};for(let[o,n]of Object.entries(e))t[o]=i=>n({...i,context:{...r,...i.context}}),t[o].path=n.path,t[o].method=n.method,t[o].options=n.options,t[o].headers=n.headers;return t};async function Oe(e,r){let o=(await e.context.internalAdapter.findAccounts(r.userId))?.find(s=>s.providerId==="credential"),n=o?.password;return!o||!n?!1:await e.context.password.verify(n,r.password)}var ve=d("/sign-up/email",{method:"POST",query:N.object({currentURL:N.string().optional()}).optional(),body:N.object({name:N.string(),email:N.string(),password:N.string(),image:N.string().optional(),callbackURL:N.string().optional()})},async e=>{if(!e.context.options.emailAndPassword?.enabled)return e.json(null,{status:400,body:{message:"Email and password is not enabled"}});let{name:r,email:t,password:o,image:n}=e.body;if(!N.string().email().safeParse(t).success)return e.json(null,{status:400,body:{message:"Invalid email address"}});let s=e.context.password.config.minPasswordLength;if(o.length<s)return e.context.logger.error("Password is too short"),e.json(null,{status:400,body:{message:"Password is too short"}});let a=e.context.password.config.maxPasswordLength;if(o.length>a)return e.context.logger.error("Password is too long"),e.json(null,{status:400,body:{message:"Password is too long"}});let u=await e.context.internalAdapter.findUserByEmail(t),c=await e.context.password.hash(o);if(u?.user)return e.json(null,{status:400,body:{message:"User already exists"}});let l=await e.context.internalAdapter.createUser({id:Ye(32,Qe("a-z","0-9","A-Z")),email:t.toLowerCase(),name:r,image:n,emailVerified:!1,createdAt:new Date,updatedAt:new Date});if(!l)return e.json(null,{status:400,body:{message:"Could not create user"}});await e.context.internalAdapter.linkAccount({id:Ye(32,Qe("a-z","0-9","A-Z")),userId:l.id,providerId:"credential",accountId:l.id,password:c});let m=await e.context.internalAdapter.createSession(l.id,e.request);if(!m)return e.json(null,{status:400,body:{message:"Could not create session"}});if(await A(e,m.id),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let I=await Y(e.context.secret,l.email),E=`${e.context.baseURL}/verify-email?token=${I}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailAndPassword.sendVerificationEmail?.(l.email,E,I)}return e.json({user:l,session:m},{body:e.body.callbackURL?{url:e.body.callbackURL,redirect:!0}:{user:l,session:m}})});var nt={};Bt(nt,{AccessControl:()=>X,ParsingError:()=>H,Role:()=>J,adminAc:()=>tt,createAccessControl:()=>Xe,defaultAc:()=>se,defaultRoles:()=>Ie,defaultStatements:()=>et,memberAc:()=>ot,ownerAc:()=>rt,permissionFromString:()=>Vr});var H=class extends Error{path;constructor(r,t){super(r),this.path=t}},X=class{constructor(r){this.s=r;this.statements=r}statements;newRole(r){return new J(r)}},J=class e{statements;constructor(r){this.statements=r}authorize(r,t){for(let[o,n]of Object.entries(r)){let i=this.statements[o];if(!i)return{success:!1,error:`You are not allowed to access resource: ${o}`};let s=t==="OR"?n.some(a=>i.includes(a)):n.every(a=>i.includes(a));return s?{success:s}:{success:!1,error:`unauthorized to access resource "${o}"`}}return{success:!1,error:"Not authorized"}}static fromString(r){let t=JSON.parse(r);if(typeof t!="object")throw new H("statements is not an object",".");for(let[o,n]of Object.entries(t)){if(typeof o!="string")throw new H("invalid resource identifier",o);if(!Array.isArray(n))throw new H("actions is not an array",o);for(let i=0;i<n.length;i++)if(typeof n[i]!="string")throw new H("action is not a string",`${o}[${i}]`)}return new e(t)}toString(){return JSON.stringify(this.statements)}};var Xe=e=>new X(e),et={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},se=Xe(et),tt=se.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),rt=se.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),ot=se.newRole({organization:[],member:[],invitation:[]}),Ie={admin:tt,owner:rt,member:ot};var Vr=e=>J.fromString(e??"");var Hr={findFullOrganization:async(e,r)=>{let t=await r?.selectFrom("organization").leftJoin("member","organization.id","member.organizationId").leftJoin("invitation","organization.id","invitation.organizationId").leftJoin("user","member.userId","user.id").where("organization.id","=",e).select(["organization.id as org_id","organization.name as org_name","organization.slug as org_slug","organization.logo as org_logo","organization.metadata as org_metadata","organization.createdAt as org_createdAt","member.id as member_id","member.userId as member_user_id","member.role as member_role","member.createdAt as member_createdAt","invitation.id as invitation_id","invitation.email as invitation_email","invitation.status as invitation_status","invitation.expiresAt as invitation_expiresAt","invitation.role as invitation_role","invitation.inviterId as invitation_inviterId","user.id as user_id","user.name as user_name","user.email as user_email","user.image as user_image"]).execute();if(!t||t.length===0)return null;let o={id:t[0].org_id,name:t[0].org_name,slug:t[0].org_slug,logo:t[0].org_logo,metadata:t[0].org_metadata?JSON.parse(t[0].org_metadata):void 0,createdAt:t[0].org_createdAt,members:[],invitations:[]};return t.forEach(n=>{n.member_id&&(o.members.find(s=>s.id===n.member_id)||o.members.push({id:n.member_id,userId:n.member_user_id,role:n.member_role,createdAt:n.member_createdAt,user:{id:n.user_id,name:n.user_name,email:n.user_email,image:n.user_image},email:n.user_email,organizationId:n.org_id})),n.invitation_id&&o.invitations.push({id:n.invitation_id,email:n.invitation_email,status:n.invitation_status,expiresAt:n.invitation_expiresAt,organizationId:n.org_id,role:n.invitation_role,inviterId:n.invitation_inviterId})}),o}},b=(e,r)=>({findOrganizationBySlug:async t=>await e.findOne({model:"organization",where:[{field:"slug",value:t}]}),createOrganization:async t=>{let o=await e.create({model:"organization",data:{...t.organization,metadata:t.organization.metadata?JSON.stringify(t.organization.metadata):void 0}}),n=await e.create({model:"member",data:{id:F(),organizationId:o.id,userId:t.user.id,createdAt:new Date,email:t.user.email,role:r?.creatorRole||"owner"}});return{...o,metadata:o.metadata?JSON.parse(o.metadata):void 0,members:[{...n,user:{id:t.user.id,name:t.user.name,email:t.user.email,image:t.user.image}}]}},findMemberByEmail:async t=>{let o=await e.findOne({model:"member",where:[{field:"email",value:t.email},{field:"organizationId",value:t.organizationId}]});if(!o)return null;let n=await e.findOne({model:"user",where:[{field:"id",value:o.userId}]});return n?{...o,user:{id:n.id,name:n.name,email:n.email,image:n.image}}:null},findMemberByOrgId:async t=>{let o=await e.findOne({model:"member",where:[{field:"userId",value:t.userId},{field:"organizationId",value:t.organizationId}]});if(!o)return null;let n=await e.findOne({model:"user",where:[{field:"id",value:o.userId}]});return n?{...o,user:{id:n.id,name:n.name,email:n.email,image:n.image}}:null},findMemberById:async t=>{let o=await e.findOne({model:"member",where:[{field:"id",value:t}]});if(!o)return null;let n=await e.findOne({model:"user",where:[{field:"id",value:o.userId}]});return n?{...o,user:{id:n.id,name:n.name,email:n.email,image:n.image}}:null},createMember:async t=>await e.create({model:"member",data:t}),updateMember:async(t,o)=>await e.update({model:"member",where:[{field:"id",value:t}],update:{role:o}}),deleteMember:async t=>await e.delete({model:"member",where:[{field:"id",value:t}]}),updateOrganization:async(t,o)=>await e.update({model:"organization",where:[{field:"id",value:t}],update:o}),deleteOrganization:async t=>{let o=await e.delete({model:"organization",where:[{field:"id",value:t}]});return t},setActiveOrganization:async(t,o)=>await e.update({model:"session",where:[{field:"id",value:t}],update:{activeOrganizationId:o}}),findOrganizationById:async t=>await e.findOne({model:"organization",where:[{field:"id",value:t}]}),findFullOrganization:async(t,o)=>{async function n(){let i=await e.findOne({model:"organization",where:[{field:"id",value:t}]}),s=await e.findMany({model:"invitation",where:[{field:"organizationId",value:t}]}),a=await e.findMany({model:"member",where:[{field:"organizationId",value:t}]}),u=await Promise.all(a.map(async l=>{let m=await e.findOne({model:"user",where:[{field:"id",value:l.userId}]});if(!m)throw new R("Unexpected error: User not found for member");return{...l,user:{id:m.id,name:m.name,email:m.email,image:m.image}}}));return{...i,invitations:s,members:u}}return o?Hr.findFullOrganization(t,o):n()},listOrganizations:async t=>{let n=(await e.findMany({model:"member",where:[{field:"userId",value:t}]}))?.map(s=>s.organizationId);if(!n)return[];let i=[];for(let s of n){let a=await e.findOne({model:"organization",where:[{field:"id",value:s}]});a&&i.push(a)}return i},createInvitation:async({invitation:t,user:o})=>{let i=re(r?.invitationExpiresIn||1728e5);return await e.create({model:"invitation",data:{id:F(),email:t.email,role:t.role,organizationId:t.organizationId,status:"pending",expiresAt:i,inviterId:o.id}})},findInvitationById:async t=>await e.findOne({model:"invitation",where:[{field:"id",value:t}]}),findPendingInvitation:async t=>(await e.findMany({model:"invitation",where:[{field:"email",value:t.email},{field:"organizationId",value:t.organizationId},{field:"status",value:"pending"}]})).filter(n=>new Date(n.expiresAt)>new Date),updateInvitation:async t=>await e.update({model:"invitation",where:[{field:"id",value:t.invitationId}],update:{status:t.status}})});import"better-call";import{APIError as Ia,createRouter as Ra}from"better-call";import{APIError as it}from"better-call";import{z as st}from"zod";var Wr=z({body:st.object({csrfToken:st.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let r=new URL(e.request.url);if(r.origin===new URL(e.context.baseURL).origin||e.context.options.trustedOrigins?.includes(r.origin))return;let t=e.body?.csrfToken,o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!t||!o||!n||!i||o!==t)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new it("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await _(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new it("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import ja from"chalk";var k=z(async e=>({})),v=z({use:[h]},async e=>({session:e.context.session}));import{z as U}from"zod";import{z as g}from"zod";var ae=g.enum(["admin","member","owner"]),Gr=g.enum(["pending","accepted","rejected","canceled"]).default("pending"),Ka=g.object({id:g.string(),name:g.string(),slug:g.string(),logo:g.string().optional(),metadata:g.record(g.string()).or(g.string().transform(e=>JSON.parse(e))).optional(),createdAt:g.date()}),Za=g.object({id:g.string(),email:g.string(),organizationId:g.string(),userId:g.string(),role:ae,createdAt:g.date()}),Qa=g.object({id:g.string(),organizationId:g.string(),email:g.string(),role:ae,status:Gr,inviterId:g.string(),expiresAt:g.date()});var at=d("/organization/invite-member",{method:"POST",use:[k,v],body:U.object({email:U.string(),role:ae,organizationId:U.string().optional(),resend:U.boolean().optional()})},async e=>{let r=e.context.session,t=e.body.organizationId||r.session.activeOrganizationId;if(!t)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let o=b(e.context.adapter,e.context.orgOptions),n=await o.findMemberByOrgId({userId:r.user.id,organizationId:t});if(!n)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[n.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({invitation:["create"]}).error)return e.json(null,{body:{message:"You are not allowed to invite users to this organization"},status:403});if(await o.findMemberByEmail({email:e.body.email,organizationId:t}))return e.json(null,{status:400,body:{message:"User is already a member of this organization"}});if((await o.findPendingInvitation({email:e.body.email,organizationId:t})).length&&!e.body.resend)return e.json(null,{status:400,body:{message:"User is already invited to this organization"}});let c=await o.createInvitation({invitation:{role:e.body.role,email:e.body.email,organizationId:t},user:r.user}),l=await o.findOrganizationById(t);return l?(await e.context.orgOptions.sendInvitationEmail?.({id:c.id,role:c.role,email:c.email,organization:l,inviter:{...n,user:r.user}},e.request),e.json(c)):e.json(null,{status:400,body:{message:"Organization not found!"}})}),dt=d("/organization/accept-invitation",{method:"POST",body:U.object({invitationId:U.string()}),use:[k,v]},async e=>{let r=e.context.session,t=b(e.context.adapter,e.context.orgOptions),o=await t.findInvitationById(e.body.invitationId);if(!o||o.expiresAt<new Date||o.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(o.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let n=await t.updateInvitation({invitationId:e.body.invitationId,status:"accepted"}),i=await t.createMember({id:F(),organizationId:o.organizationId,userId:r.user.id,email:o.email,role:o.role,createdAt:new Date});return await t.setActiveOrganization(r.session.id,o.organizationId),n?e.json({invitation:n,member:i}):e.json(null,{status:400,body:{message:"Invitation not found!"}})}),ut=d("/organization/reject-invitation",{method:"POST",body:U.object({invitationId:U.string()}),use:[k,v]},async e=>{let r=e.context.session,t=b(e.context.adapter,e.context.orgOptions),o=await t.findInvitationById(e.body.invitationId);if(!o||o.expiresAt<new Date||o.status!=="pending")return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(o.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let n=await t.updateInvitation({invitationId:e.body.invitationId,status:"rejected"});return e.json({invitation:n,member:null})}),ct=d("/organization/cancel-invitation",{method:"POST",body:U.object({invitationId:U.string()}),use:[k,v]},async e=>{let r=e.context.session,t=b(e.context.adapter,e.context.orgOptions),o=await t.findInvitationById(e.body.invitationId);if(!o)return e.json(null,{status:400,body:{message:"Invitation not found!"}});let n=await t.findMemberByOrgId({userId:r.user.id,organizationId:o.organizationId});if(!n)return e.json(null,{status:400,body:{message:"User is not a member of this organization"}});if(e.context.roles[n.role].authorize({invitation:["cancel"]}).error)return e.json(null,{status:403,body:{message:"You are not allowed to cancel this invitation"}});let s=await t.updateInvitation({invitationId:e.body.invitationId,status:"canceled"});return e.json(s)}),lt=d("/organization/get-invitation",{method:"GET",use:[k],requireHeaders:!0,query:U.object({id:U.string()})},async e=>{let r=await B(e);if(!r)return e.json(null,{status:400,body:{message:"User not logged in"}});let t=b(e.context.adapter,e.context.orgOptions),o=await t.findInvitationById(e.query.id);if(!o||o.status!=="pending"||o.expiresAt<new Date)return e.json(null,{status:400,body:{message:"Invitation not found!"}});if(o.email!==r.user.email)return e.json(null,{status:400,body:{message:"You are not the recipient of the invitation"}});let n=await t.findOrganizationById(o.organizationId);if(!n)return e.json(null,{status:400,body:{message:"Organization not found!"}});let i=await t.findMemberByOrgId({userId:o.inviterId,organizationId:o.organizationId});return i?e.json({...o,organizationName:n.name,organizationSlug:n.slug,inviterEmail:i.email}):e.json(null,{status:400,body:{message:"Inviter is no longer a member of this organization"}})});import{z as W}from"zod";var mt=d("/organization/remove-member",{method:"POST",body:W.object({memberIdOrEmail:W.string(),organizationId:W.string().optional()}),use:[k,v]},async e=>{let r=e.context.session,t=e.body.organizationId||r.session.activeOrganizationId;if(!t)return e.json(null,{status:400,body:{message:"No active organization found!"}});let o=b(e.context.adapter,e.context.orgOptions),n=await o.findMemberByOrgId({userId:r.user.id,organizationId:t});if(!n)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[n.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});let s=r.user.email===e.body.memberIdOrEmail||n.id===e.body.memberIdOrEmail;if(s&&n.role===(e.context.orgOptions?.creatorRole||"owner"))return e.json(null,{status:400,body:{message:"You cannot leave the organization as the owner"}});if(!(s||i.authorize({member:["delete"]}).success))return e.json(null,{body:{message:"You are not allowed to delete this member"},status:403});let c=null;return e.body.memberIdOrEmail.includes("@")?c=await o.findMemberByEmail({email:e.body.memberIdOrEmail,organizationId:t}):c=await o.findMemberById(e.body.memberIdOrEmail),c?.organizationId!==t?e.json(null,{status:400,body:{message:"Member not found!"}}):(await o.deleteMember(c.id),r.user.id===c.userId&&r.session.activeOrganizationId===c.organizationId&&await o.setActiveOrganization(r.session.id,null),e.json({member:c}))}),pt=d("/organization/update-member-role",{method:"POST",body:W.object({role:W.enum(["admin","member","owner"]),memberId:W.string(),organizationId:W.string().optional()}),use:[k,v]},async e=>{let r=e.context.session,t=e.body.organizationId||r.session.activeOrganizationId;if(!t)return e.json(null,{status:400,body:{message:"No active organization found!"}});let o=b(e.context.adapter,e.context.orgOptions),n=await o.findMemberByOrgId({userId:r.user.id,organizationId:t});if(!n)return e.json(null,{status:400,body:{message:"Member not found!"}});let i=e.context.roles[n.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({member:["update"]}).error||e.body.role==="owner"&&n.role!=="owner")return e.json(null,{body:{message:"You are not allowed to update this member"},status:403});let a=await o.updateMember(e.body.memberId,e.body.role);return a?e.json(a):e.json(null,{status:400,body:{message:"Member not found!"}})});import{z as w}from"zod";var ft=d("/organization/create",{method:"POST",body:w.object({name:w.string(),slug:w.string(),userId:w.string().optional(),logo:w.string().optional(),metadata:w.record(w.string()).optional()}),use:[k,v]},async e=>{let r=e.context.session.user;if(!r)return e.json(null,{status:401});let t=e.context.orgOptions;if(!(typeof t?.allowUserToCreateOrganization=="function"?await t.allowUserToCreateOrganization(r):t?.allowUserToCreateOrganization===void 0?!0:t.allowUserToCreateOrganization))return e.json(null,{status:403,body:{message:"You are not allowed to create organizations"}});let n=b(e.context.adapter,t),i=await n.listOrganizations(r.id);if(typeof t.organizationLimit=="number"?i.length>=t.organizationLimit:typeof t.organizationLimit=="function"?await t.organizationLimit(r):!1)return e.json(null,{status:403,body:{message:"You have reached the maximum number of organizations"}});if(await n.findOrganizationBySlug(e.body.slug))return e.json(null,{status:400,body:{message:"Organization with this slug already exists"}});let u=await n.createOrganization({organization:{id:F(),slug:e.body.slug,name:e.body.name,logo:e.body.logo,createdAt:new Date,metadata:e.body.metadata},user:r});return e.json(u)}),gt=d("/organization/update",{method:"POST",body:w.object({data:w.object({name:w.string().optional(),slug:w.string().optional()}).partial(),orgId:w.string().optional()}),requireHeaders:!0,use:[k]},async e=>{let r=await e.context.getSession(e);if(!r)return e.json(null,{status:401});let t=e.body.orgId||r.session.activeOrganizationId;if(!t)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let o=b(e.context.adapter,e.context.orgOptions),n=await o.findMemberByOrgId({userId:r.user.id,organizationId:t});if(!n)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[n.role];if(!i)return e.json(null,{status:400,body:{message:"Role not found!"}});if(i.authorize({organization:["update"]}).error)return e.json(null,{body:{message:"You are not allowed to update this organization"},status:403});let a=await o.updateOrganization(t,e.body.data);return e.json(a)}),yt=d("/organization/delete",{method:"POST",body:w.object({orgId:w.string()}),requireHeaders:!0,use:[k]},async e=>{let r=await e.context.getSession(e);if(!r)return e.json(null,{status:401});let t=e.body.orgId;if(!t)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let o=b(e.context.adapter,e.context.orgOptions),n=await o.findMemberByOrgId({userId:r.user.id,organizationId:t});if(!n)return e.json(null,{status:400,body:{message:"User is not a member of this organization!"}});let i=e.context.roles[n.role];return i?i.authorize({organization:["delete"]}).error?e.json(null,{body:{message:"You are not allowed to delete this organization"},status:403}):(t===r.session.activeOrganizationId&&await o.setActiveOrganization(r.session.id,null),await o.deleteOrganization(t),e.json(t)):e.json(null,{status:400,body:{message:"Role not found!"}})}),ht=d("/organization/get-full",{method:"GET",query:w.object({orgId:w.string().optional()}),requireHeaders:!0,use:[k,v]},async e=>{let r=e.context.session,t=e.query.orgId||r.session.activeOrganizationId;if(!t)return e.json(null,{status:400,body:{message:"Organization id not found!"}});let n=await b(e.context.adapter,e.context.orgOptions).findFullOrganization(t,e.context.db);return n?e.json(n):e.json(null,{status:404,body:{message:"Organization not found!"}})}),bt=d("/organization/activate",{method:"POST",body:w.object({orgId:w.string().nullable().optional()}),use:[v,k]},async e=>{let r=b(e.context.adapter,e.context.orgOptions),t=e.context.session,o=e.body.orgId;if(o===null)return t.session.activeOrganizationId&&await r.setActiveOrganization(t.session.id,null),e.json(null);if(!o){let s=t.session.activeOrganizationId;if(!s)return e.json(null);o=s}if(!await r.findMemberByOrgId({userId:t.user.id,organizationId:o}))return await r.setActiveOrganization(t.session.id,null),e.json(null,{status:400,body:{message:"You are not a member of this organization"}});await r.setActiveOrganization(t.session.id,o);let i=await r.findFullOrganization(o,e.context.db);return e.json(i)}),wt=d("/organization/list",{method:"GET",use:[k,v]},async e=>{let t=await b(e.context.adapter,e.context.orgOptions).listOrganizations(e.context.session.user.id);return e.json(t)});var Ud=e=>{let r={createOrganization:ft,updateOrganization:gt,deleteOrganization:yt,setActiveOrganization:bt,getFullOrganization:ht,listOrganization:wt,createInvitation:at,cancelInvitation:ct,acceptInvitation:dt,getInvitation:lt,rejectInvitation:ut,removeMember:mt,updateMemberRole:pt},t={...Ie,...e?.roles};return{id:"organization",endpoints:{...Ze(r,{orgOptions:e||{},roles:t,getSession:async n=>await B(n)}),hasPermission:d("/organization/has-permission",{method:"POST",requireHeaders:!0,body:ee.object({permission:ee.record(ee.string(),ee.array(ee.string()))}),use:[v]},async n=>{if(!n.context.session.session.activeOrganizationId)throw new At("BAD_REQUEST",{message:"No active organization"});let s=await b(n.context.adapter).findMemberByOrgId({userId:n.context.session.user.id,organizationId:n.context.session.session.activeOrganizationId||""});if(!s)throw new At("UNAUTHORIZED",{message:"You are not a member of this organization"});let u=t[s.role].authorize(n.body.permission);return u.error?n.json({error:u.error,success:!1},{status:403}):n.json({error:null,success:!0})})},schema:{session:{fields:{activeOrganizationId:{type:"string",required:!1}}},organization:{fields:{name:{type:"string",required:!0},slug:{type:"string",unique:!0},logo:{type:"string",required:!1},createdAt:{type:"date",required:!0},metadata:{type:"string",required:!1}}},member:{fields:{organizationId:{type:"string",required:!0},userId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!0,defaultValue:"member"},createdAt:{type:"date",required:!0}}},invitation:{fields:{organizationId:{type:"string",required:!0},email:{type:"string",required:!0},role:{type:"string",required:!1},status:{type:"string",required:!0,defaultValue:"pending"},expiresAt:{type:"date",required:!0},inviterId:{type:"string",references:{model:"user",field:"id"},required:!0}}}},$Infer:{Organization:{},Invitation:{},Member:{},ActiveOrganization:{}}}};import{alphabet as ro,generateRandomString as oo}from"oslo/crypto";import{z as me}from"zod";import{alphabet as Jr,generateRandomString as Kr}from"oslo/crypto";import{z as ce}from"zod";import{APIError as K}from"better-call";var de="two-factor";var ue="trust-device";import{z as Re}from"zod";var G=z({body:Re.object({trustDevice:Re.boolean().optional(),callbackURL:Re.string().optional()})},async e=>{let r=e.context.createAuthCookie(de),t=await e.getSignedCookie(r.name,e.context.secret);if(!t)throw new K("UNAUTHORIZED",{message:"invalid two factor cookie"});let[o,n]=t.split("!");if(!o||!n)throw new K("UNAUTHORIZED",{message:"invalid two factor cookie"});let i=await e.context.adapter.findMany({model:"session",where:[{field:"userId",value:o}]});if(!i.length)throw new K("UNAUTHORIZED",{message:"invalid session"});let s=i.filter(a=>a.expiresAt>new Date);if(!s)throw new K("UNAUTHORIZED",{message:"invalid session"});for(let a of s){let u=await _(e.context.secret,a.id),c=await e.context.adapter.findOne({model:"user",where:[{field:"id",value:a.userId}]});if(!c)throw new K("UNAUTHORIZED",{message:"invalid session"});if(u===n)return{valid:async()=>{if(await A(e,a.id,!1),e.body.trustDevice){let l=e.context.createAuthCookie(ue,{maxAge:2592e3}),m=await _(e.context.secret,`${c.id}!${a.id}`);await e.setSignedCookie(l.name,`${m}!${a.id}`,e.context.secret,l.options)}return e.body.callbackURL?e.json({status:!0,callbackURL:e.body.callbackURL,redirect:!0}):e.json({status:!0})},invalid:async()=>e.json({status:!1},{status:401,body:{message:"Invalid code"}}),session:{id:a.id,userId:a.userId,expiresAt:a.expiresAt,user:c}}}throw new K("UNAUTHORIZED",{message:"invalid two factor authentication"})});function Zr(e){return Array.from({length:e?.amount??10}).fill(null).map(()=>Kr(e?.length??10,Jr("a-z","0-9"))).map(r=>`${r.slice(0,5)}-${r.slice(5)}`)}async function Te(e,r){let t=e,o=r?.customBackupCodesGenerate?r.customBackupCodesGenerate():Zr(),n=ne({data:JSON.stringify(o),key:t});return{backupCodes:o,encryptedBackupCodes:n}}async function Qr(e,r){let t=await kt(e.user,r);return t?t.includes(e.code):!1}async function kt(e,r){let t=Buffer.from(await ie({key:r,data:e.twoFactorBackupCodes})).toString("utf-8"),o=JSON.parse(t),n=ce.array(ce.string()).safeParse(o);return n.success?n.data:null}var Ot=e=>({id:"backup_code",endpoints:{verifyBackupCode:d("/two-factor/verify-backup-code",{method:"POST",body:ce.object({code:ce.string()}),use:[G]},async r=>Qr({user:r.context.session.user,code:r.body.code},r.context.secret)?r.json({status:!0}):r.json({status:!1},{status:401})),generateBackupCodes:d("/two-factor/generate-backup-codes",{method:"POST",use:[h]},async r=>{let t=await Te(r.context.secret,e);return await r.context.adapter.update({model:"user",update:{twoFactorEnabled:!0,twoFactorBackupCodes:t.encryptedBackupCodes},where:[{field:"id",value:r.context.session.user.id}]}),r.json({status:!0,backupCodes:t.backupCodes})}),viewBackupCodes:d("/view/backup-codes",{method:"GET",use:[h]},async r=>{let t=r.context.session.user,o=kt(t,r.context.secret);return r.json({status:!0,backupCodes:o})})}});import{APIError as vt}from"better-call";import"oslo/crypto";import{TOTPController as Yr}from"oslo/otp";import{z as It}from"zod";import{TimeSpan as Xr}from"oslo";var Rt=e=>{let r={period:new Xr(e?.period||3,"m")},t=new Yr({digits:6,period:r.period}),o=d("/two-factor/send-otp",{method:"POST",use:[G]},async i=>{if(!e||!e.sendOTP)throw i.context.logger.error("send otp isn't configured. Please configure the send otp function on otp options."),new vt("BAD_REQUEST",{message:"otp isn't configured"});let s=i.context.session.user,a=await t.generate(Buffer.from(s.twoFactorSecret));return await e.sendOTP(s,a),i.json({status:!0})}),n=d("/two-factor/verify-otp",{method:"POST",body:It.object({code:It.string()}),use:[G]},async i=>{let s=i.context.session.user;if(!s.twoFactorEnabled)throw new vt("BAD_REQUEST",{message:"two factor isn't enabled"});return await t.generate(Buffer.from(s.twoFactorSecret))===i.body.code?i.context.valid():i.context.invalid()});return{id:"otp",endpoints:{send2FaOTP:o,verifyOTP:n}}};import{APIError as le}from"better-call";import{TimeSpan as eo}from"oslo";import{TOTPController as Tt,createTOTPKeyURI as to}from"oslo/otp";import{z as Pe}from"zod";var Pt=e=>{let r={digits:6,period:new eo(e?.period||30,"s")},t=d("/totp/generate",{method:"POST",use:[h]},async i=>{if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new le("BAD_REQUEST",{message:"totp isn't configured"});let s=i.context.session.user;return{code:await new Tt(r).generate(Buffer.from(s.twoFactorSecret))}}),o=d("/two-factor/get-totp-uri",{method:"GET",use:[h]},async i=>{if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new le("BAD_REQUEST",{message:"totp isn't configured"});let s=i.context.session.user;if(!s.twoFactorSecret)throw new le("BAD_REQUEST",{message:"totp isn't enabled"});return{totpURI:to(e?.issuer||"BetterAuth",s.email,Buffer.from(s.twoFactorSecret),r)}}),n=d("/two-factor/verify-totp",{method:"POST",body:Pe.object({code:Pe.string(),callbackURL:Pe.string().optional()}),use:[G]},async i=>{if(!e)throw i.context.logger.error("totp isn't configured. please pass totp option on two factor plugin to enable totp"),new le("BAD_REQUEST",{message:"totp isn't configured"});let s=new Tt(r),a=Buffer.from(await ie({key:i.context.secret,data:i.context.session.user.twoFactorSecret}));return await s.verify(i.body.code,a)?i.context.valid():i.context.invalid()});return{id:"totp",endpoints:{generateTOTP:t,viewTOTPURI:o,verifyTOTP:n}}};var gu=(e={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:r=>r==="/two-factor/enable"||r==="/two-factor/send-otp"||r==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(r){r.data?.twoFactorRedirect&&(e.redirect||e.twoFactorPage)&&typeof window<"u"&&(window.location.href=e.twoFactorPage)}}}]});var Pu=e=>{let r=Pt({issuer:e?.issuer||"better-auth",...e?.totpOptions}),t=Ot(e?.backupCodeOptions),o=Rt(e?.otpOptions);return{id:"two-factor",endpoints:{...r.endpoints,...o.endpoints,...t.endpoints,enableTwoFactor:d("/two-factor/enable",{method:"POST",body:me.object({password:me.string().min(8)}),use:[h]},async n=>{let i=n.context.session.user,{password:s}=n.body;if(!await Oe(n,{password:s,userId:i.id}))return n.json({status:!1},{status:400,body:{message:"Invalid password"}});let u=oo(16,ro("a-z","0-9","-")),c=ne({key:n.context.secret,data:u}),l=await Te(n.context.secret,e?.backupCodeOptions);return await n.context.adapter.update({model:"user",update:{twoFactorSecret:c,twoFactorEnabled:!0,twoFactorBackupCodes:l.encryptedBackupCodes},where:[{field:"id",value:i.id}]}),n.json({status:!0})}),disableTwoFactor:d("/two-factor/disable",{method:"POST",body:me.object({password:me.string().min(8)}),use:[h]},async n=>{let i=n.context.session.user,{password:s}=n.body;return await Oe(n,{password:s,userId:i.id})?(await n.context.adapter.update({model:"user",update:{twoFactorEnabled:!1},where:[{field:"id",value:i.id}]}),n.json({status:!0})):n.json({status:!1},{status:400,body:{message:"Invalid password"}})})},options:e,hooks:{after:[{matcher(n){return n.path==="/sign-in/email"||n.path==="/sign-in/username"},handler:z(async n=>{let i=n.context.returned;if(i?.status!==200)return;let s=await i.clone().json();if(!s.user.twoFactorEnabled)return;let a=n.context.createAuthCookie(ue,{maxAge:30*24*60*60}),u=await n.getSignedCookie(a.name,n.context.secret);if(u){let[I,E]=u.split("!"),p=await _(n.context.secret,`${s.user.id}!${E}`);if(I===p){let O=await _(n.context.secret,`${s.user.id}!${s.session.id}`);await n.setSignedCookie(a.name,`${O}!${s.session.id}`,n.context.secret,a.options);return}}n.setCookie(n.context.authCookies.sessionToken.name,"",{path:"/",sameSite:"lax",httpOnly:!0,secure:!1,maxAge:0});let c=await _(n.context.secret,s.session.id),l=n.context.createAuthCookie(de,{maxAge:60*60*24});return await n.setSignedCookie(l.name,`${s.session.userId}!${c}`,n.context.secret,l.options),{response:new Response(JSON.stringify({twoFactorRedirect:!0}),{headers:n.responseHeader})}})}]},schema:{user:{fields:{twoFactorEnabled:{type:"boolean",required:!1,defaultValue:!1},twoFactorSecret:{type:"string",required:!1,returned:!1},twoFactorBackupCodes:{type:"string",required:!1,returned:!1}}}},rateLimit:[{pathMatcher(n){return n.startsWith("/two-factor/")},window:10,max:3}]}};import{generateAuthenticationOptions as mo,generateRegistrationOptions as po,verifyAuthenticationResponse as fo,verifyRegistrationResponse as go}from"@simplewebauthn/server";import{APIError as yo}from"better-call";import{alphabet as St,generateRandomString as Ut}from"oslo/crypto";import{z as j}from"zod";import{WebAuthnError as so,startAuthentication as ao,startRegistration as uo}from"@simplewebauthn/browser";import{createFetch as Mu}from"@better-fetch/fetch";import"nanostores";import{betterFetch as Eu}from"@better-fetch/fetch";import{atom as Ku}from"nanostores";import"@better-fetch/fetch";import{atom as no,onMount as io}from"nanostores";var Se=(e,r,t,o)=>{let n=no({data:null,error:null,isPending:!1}),i=()=>{let a=typeof o=="function"?o({data:n.get().data,error:n.get().error,isPending:n.get().isPending}):o;return t(r,{...a,onSuccess:async u=>{n.set({data:u.data,error:null,isPending:!1}),await a?.onSuccess?.(u)},async onError(u){n.set({error:u.error,data:null,isPending:!1}),await a?.onError?.(u)},async onRequest(u){let c=n.get();n.set({isPending:!0,data:c.data,error:c.error}),await a?.onRequest?.(u)}})};e=Array.isArray(e)?e:[e];let s=!1;for(let a of e)a.subscribe(()=>{s?i():io(n,()=>(i(),s=!0,()=>{n.off(),a.off()}))});return n};import{atom as co}from"nanostores";var lo=(e,{_listPasskeys:r})=>({signIn:{passkey:async(n,i)=>{let s=await e("/passkey/generate-authenticate-options",{method:"POST",body:{email:n?.email,callbackURL:n?.callbackURL}});if(!s.data)return s;try{let a=await ao(s.data,n?.autoFill||!1),u=await e("/passkey/verify-authentication",{body:{response:a},...n?.fetchOptions,...i});if(!u.data)return u}catch(a){console.log(a)}}},passkey:{addPasskey:async(n,i)=>{let s=await e("/passkey/generate-register-options",{method:"GET"});if(!s.data)return s;try{let a=await uo(s.data),u=await e("/passkey/verify-registration",{...n?.fetchOptions,...i,body:{response:a,name:n?.name}});if(!u.data)return u;r.set(Math.random())}catch(a){return a instanceof so?a.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:a.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:a.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:a instanceof Error?a.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),yc=()=>{let e=co();return{id:"passkey",$InferServerPlugin:{},getActions:r=>lo(r,{_listPasskeys:e}),getAtoms(r){return{listPasskeys:Se(e,"/passkey/list-user-passkeys",r,{method:"GET",credentials:"include"}),_listPasskeys:e}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(r){return r==="/passkey/verify-registration"||r==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var Pc=e=>{let r=process.env.BETTER_AUTH_URL,t=e?.rpID||r?.replace("http://","").replace("https://","").replace(":3000","")||"localhost";if(!t)throw new R("passkey rpID not found. Please provide a rpID in the options or set the BETTER_AUTH_URL environment variable.");let o={origin:null,...e,rpID:t,advanced:{webAuthnChallengeCookie:"better-auth-passkey",...e?.advanced}},n=60*60*24;return{id:"passkey",endpoints:{generatePasskeyRegistrationOptions:d("/passkey/generate-register-options",{method:"GET",use:[h],metadata:{client:!1}},async i=>{let s=i.context.session,a=await i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:s.user.id}]}),u=new Uint8Array(Buffer.from(Ut(32,St("a-z","0-9")))),c;c=await po({rpName:o.rpName||i.context.appName,rpID:o.rpID,userID:u,userName:s.user.email||s.user.id,attestationType:"none",excludeCredentials:a.map(m=>({id:m.id,transports:m.transports?.split(",")})),authenticatorSelection:{residentKey:"preferred",userVerification:"preferred",authenticatorAttachment:"platform"}});let l={expectedChallenge:c.challenge,userData:{id:s.user.id}};return await i.setSignedCookie(o.advanced.webAuthnChallengeCookie,JSON.stringify(l),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:n}),i.json(c,{status:200})}),generatePasskeyAuthenticationOptions:d("/passkey/generate-authenticate-options",{method:"POST",body:j.object({email:j.string().optional(),callbackURL:j.string().optional()}).optional()},async i=>{let s=await B(i),a=[];s&&(a=await i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:s.user.id}]}));let u=await mo({rpID:o.rpID,userVerification:"preferred",...a.length?{allowCredentials:a.map(l=>({id:l.id,transports:l.transports?.split(",")}))}:{}}),c={expectedChallenge:u.challenge,callbackURL:i.body?.callbackURL,userData:{id:s?.user.id||""}};return await i.setSignedCookie(o.advanced.webAuthnChallengeCookie,JSON.stringify(c),i.context.secret,{secure:!0,httpOnly:!0,sameSite:"lax",maxAge:n}),i.json(u,{status:200})}),verifyPasskeyRegistration:d("/passkey/verify-registration",{method:"POST",body:j.object({response:j.any(),name:j.string().optional()}),use:[h]},async i=>{let s=e?.origin||i.headers?.get("origin")||"";if(!s)return i.json(null,{status:400});let a=i.body.response,u=await i.getSignedCookie(o.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{userData:c,expectedChallenge:l}=JSON.parse(u);if(c.id!==i.context.session.user.id)throw new yo("UNAUTHORIZED",{message:"You are not authorized to register this passkey"});try{let m=await go({response:a,expectedChallenge:l,expectedOrigin:s,expectedRPID:e?.rpID}),{verified:I,registrationInfo:E}=m;if(!I||!E)return i.json(null,{status:400});let{credentialID:p,credentialPublicKey:O,counter:fe,credentialDeviceType:x,credentialBackedUp:Ue}=E,zt=Buffer.from(O).toString("base64"),_t=Ut(32,St("a-z","0-9")),Lt={name:i.body.name,userId:c.id,webauthnUserID:_t,id:p,publicKey:zt,counter:fe,deviceType:x,transports:a.response.transports.join(","),backedUp:Ue,createdAt:new Date},jt=await i.context.adapter.create({model:"passkey",data:Lt});return i.json(jt,{status:200})}catch(m){return console.log(m),i.json(null,{status:400,body:{message:"Registration failed"}})}}),verifyPasskeyAuthentication:d("/passkey/verify-authentication",{method:"POST",body:j.object({response:j.any()})},async i=>{let s=e?.origin||i.headers?.get("origin")||"";if(!s)return i.json(null,{status:400});let a=i.body.response,u=await i.getSignedCookie(o.advanced.webAuthnChallengeCookie,i.context.secret);if(!u)return i.json(null,{status:400});let{expectedChallenge:c,callbackURL:l}=JSON.parse(u),m=await i.context.adapter.findOne({model:"passkey",where:[{field:"id",value:a.id}]});if(!m)return i.json(null,{status:401,body:{message:"Passkey not found"}});try{let I=await fo({response:a,expectedChallenge:c,expectedOrigin:s,expectedRPID:o.rpID,authenticator:{credentialID:m.id,credentialPublicKey:new Uint8Array(Buffer.from(m.publicKey,"base64")),counter:m.counter,transports:m.transports?.split(",")}}),{verified:E}=I;if(!E)return i.json(null,{status:401,body:{message:"verification failed"}});await i.context.adapter.update({model:"passkey",where:[{field:"id",value:m.id}],update:{counter:I.authenticationInfo.newCounter}});let p=await i.context.internalAdapter.createSession(m.userId,i.request);return p?(await A(i,p.id),l?i.json({url:l,redirect:!0,session:p}):i.json({session:p},{status:200})):i.json(null,{status:500,body:{message:"Failed to create session"}})}catch(I){return i.context.logger.error(I),i.json(null,{status:400,body:{message:"Authentication failed"}})}}),listPasskeys:d("/passkey/list-user-passkeys",{method:"GET",use:[h]},async i=>{let s=await i.context.adapter.findMany({model:"passkey",where:[{field:"userId",value:i.context.session.user.id}]});return i.json(s,{status:200})}),deletePasskey:d("/passkey/delete-passkey",{method:"POST",body:j.object({id:j.string()}),use:[h]},async i=>(await i.context.adapter.delete({model:"passkey",where:[{field:"id",value:i.body.id}]}),i.json(null,{status:200})))},schema:{passkey:{fields:{name:{type:"string",required:!1},publicKey:{type:"string",required:!0},userId:{type:"string",references:{model:"user",field:"id"},required:!0},webauthnUserID:{type:"string",required:!0},counter:{type:"number",required:!0},deviceType:{type:"string",required:!0},backedUp:{type:"boolean",required:!0},transports:{type:"string",required:!1},createdAt:{type:"date",defaultValue:new Date,required:!1}}}}}};import{z as C}from"zod";import{APIError as pe}from"better-call";var Ct=()=>({id:"username",endpoints:{signInUsername:d("/sign-in/username",{method:"POST",body:C.object({username:C.string(),password:C.string(),dontRememberMe:C.boolean().optional(),callbackURL:C.string().optional()})},async e=>{let r=await e.context.adapter.findOne({model:"user",where:[{field:"username",value:e.body.username}]});if(!r)throw await e.context.password.hash(e.body.password),e.context.logger.error("User not found",{username:Ct}),new pe("UNAUTHORIZED",{message:"Invalid email or password"});let t=await e.context.adapter.findOne({model:"account",where:[{field:"userId",value:r.id},{field:"providerId",value:"credential"}]});if(!t)throw new pe("UNAUTHORIZED",{message:"Invalid email or password"});let o=t?.password;if(!o)throw e.context.logger.error("Password not found",{username:Ct}),new pe("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(o,e.body.password))throw e.context.logger.error("Invalid password"),new pe("UNAUTHORIZED",{message:"Invalid email or password"});let i=await e.context.internalAdapter.createSession(r.id,e.request);return i?(await e.setSignedCookie(e.context.authCookies.sessionToken.name,i.id,e.context.secret,e.body.dontRememberMe?{...e.context.authCookies.sessionToken.options,maxAge:void 0}:e.context.authCookies.sessionToken.options),e.json({user:r,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})):e.json(null,{status:500,body:{message:"Failed to create session",status:500}})}),signUpUsername:d("/sign-up/username",{method:"POST",body:C.object({username:C.string().min(3).max(20),name:C.string(),email:C.string().email(),password:C.string(),image:C.string().optional(),callbackURL:C.string().optional()})},async e=>{let r=await ve({...e,_flag:void 0});return r?(await e.context.internalAdapter.updateUserByEmail(r.user.email,{username:e.body.username}),e.body.callbackURL?e.json(r,{body:{url:e.body.callbackURL,redirect:!0,...r}}):e.json(r)):e.json(null,{status:400,body:{message:"Sign up failed",status:400}})})},schema:{user:{fields:{username:{type:"string",required:!1,unique:!0,returned:!0}}}}});import{serializeSigned as ho}from"better-call";var Fc=()=>({id:"bearer",hooks:{before:[{matcher(e){return e.request?.headers.get("authorization")?.startsWith("Bearer ")||!1},handler:async e=>{let r=e.request?.headers.get("authorization")?.replace("Bearer ","");if(!r)throw new R("No token found");let t=e.headers||new Headers,o=await ho("",r,e.context.secret);t.set("cookie",`${e.context.authCookies.sessionToken.name}=${o.replace("=","")}`)}}]}});import{z as q}from"zod";import{APIError as Et}from"better-call";import{validateJWT as bo}from"oslo/jwt";import"process";var Qc=e=>({id:"magic-link",endpoints:{signInMagicLink:d("/sign-in/magic-link",{method:"POST",requireHeaders:!0,body:q.object({email:q.string().email(),callbackURL:q.string().optional(),currentURL:q.string().optional()})},async r=>{let{email:t}=r.body;if(!await r.context.internalAdapter.findUserByEmail(t))throw new Et("UNAUTHORIZED",{message:"User not found"});let n=await Y(r.context.secret,t),i=`${r.context.baseURL}/magic-link/verify?token=${n}&callbackURL=${r.body.callbackURL||r.body.currentURL}`;try{await e.sendMagicLink({email:t,url:i,token:n})}catch(s){throw r.context.logger.error("Failed to send magic link",s),new Et("INTERNAL_SERVER_ERROR",{message:"Failed to send magic link"})}return r.json({status:!0})}),magicLinkVerify:d("/magic-link/verify",{method:"GET",query:q.object({token:q.string(),callbackURL:q.string().optional()}),requireHeaders:!0},async r=>{let{token:t,callbackURL:o}=r.query,n;try{n=await bo("HS256",Buffer.from(r.context.secret),t)}catch(c){if(r.context.logger.error("Failed to verify email",c),o)throw r.redirect(`${o}?error=INVALID_TOKEN`);return r.json(null,{status:400,statusText:"INVALID_TOKEN",body:{message:"Invalid token"}})}let s=q.object({email:q.string().email()}).parse(n.payload),a=await r.context.internalAdapter.findUserByEmail(s.email);if(!a){if(o)throw r.redirect(`${o}?error=USER_NOT_FOUND`);return r.json(null,{status:400,statusText:"USER_NOT_FOUND",body:{message:"User not found"}})}let u=await r.context.internalAdapter.createSession(a.user.id,r.headers);if(!u){if(o)throw r.redirect(`${o}?error=SESSION_NOT_CREATED`);return r.json(null,{status:400,statusText:"SESSION NOT CREATED",body:{message:"Failed to create session"}})}if(await A(r,u.id),!o)return r.json({status:!0});throw r.redirect(o)})}});export{$ as HIDE_METADATA,nt as ac,Fc as bearer,d as createAuthEndpoint,z as createAuthMiddleware,lo as getPasskeyActions,Qc as magicLink,Ee as optionsMiddleware,Ud as organization,Pc as passkey,yc as passkeyClient,Pu as twoFactor,gu as twoFactorClient,Ct as username};

package/dist/react.d.ts

@@ -1,15 +1,13 @@
 import * as _better_fetch_fetch from '@better-fetch/fetch';
-import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-D_ohe9r9.js';
+import { B as BetterAuthPlugin, F as FieldAttribute, I as InferFieldOutput } from './index-gO-yM4kI.js';
 import { U as UnionToIntersection, P as Prettify } from './helper-C1ihmerM.js';
 import { ClientOptions, InferClientAPI, InferActions, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
 import 'kysely';
-import './schema-D9o3OF80.js';
+import './index-CE92ti2Z.js';
+import 'arctic';
 import 'zod';
 import 'better-call';
-import './social.js';
-import 'arctic';
-import './adapter-D-m9-hQp.js';
 import 'nanostores';
 
 type InferResolvedHooks<O extends ClientOptions> = O["plugins"] extends Array<infer Plugin> ? Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends (fetch: any) => infer Atoms ? Atoms extends Record<string, any> ? {

package/dist/react.js

@@ -1 +1 @@
-var z=Object.defineProperty,K=Object.defineProperties;var Q=Object.getOwnPropertyDescriptors;var T=Object.getOwnPropertySymbols;var w=Object.prototype.hasOwnProperty,I=Object.prototype.propertyIsEnumerable;var x=(e,t,r)=>t in e?z(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,l=(e,t)=>{for(var r in t||(t={}))w.call(t,r)&&x(e,r,t[r]);if(T)for(var r of T(t))I.call(t,r)&&x(e,r,t[r]);return e},m=(e,t)=>K(e,Q(t));var B=(e,t)=>{var r={};for(var i in e)w.call(e,i)&&t.indexOf(i)<0&&(r[i]=e[i]);if(e!=null&&T)for(var i of T(e))t.indexOf(i)<0&&I.call(e,i)&&(r[i]=e[i]);return r};var y=(e,t,r)=>new Promise((i,n)=>{var d=f=>{try{s(r.next(f))}catch(u){n(u)}},c=f=>{try{s(r.throw(f))}catch(u){n(u)}},s=f=>f.done?i(f.value):Promise.resolve(f.value).then(d,c);s((r=r.apply(e,t)).next())});import{useStore as S}from"@nanostores/react";import{createFetch as J}from"@better-fetch/fetch";var p=class extends Error{constructor(t,r,i){super(t),this.name="BetterAuthError",this.message=t,this.cause=r}};function X(e){try{return new URL(e).pathname!=="/"}catch(t){throw new p(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function b(e,t="/api/auth"){return X(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function E(e,t){if(e)return b(e,t);let r=(process==null?void 0:process.env)||{},i=r.BETTER_AUTH_URL||r.NEXT_PUBLIC_BETTER_AUTH_URL||r.PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_AUTH_URL||(r.BASE_URL!=="/"?r.BASE_URL:void 0);if(i)return b(i,t);if(typeof window!="undefined")return b(window.location.origin,t)}import"nanostores";import{betterFetch as D}from"@better-fetch/fetch";var k={id:"redirect",name:"Redirect",hooks:{onSuccess(e){var t,r;(t=e.data)!=null&&t.url&&((r=e.data)!=null&&r.redirect)&&typeof window!="undefined"&&(window.location.href=e.data.url)}}},v={id:"add-current-url",name:"Add current URL",hooks:{onRequest(e){if(typeof window!="undefined"){let t=new URL(e.url);t.searchParams.set("currentURL",window.location.href),e.url=t}return e}}},_=new Map,$={id:"csrf",name:"CSRF Check",init(e,t){return y(this,null,function*(){if(!(t!=null&&t.baseURL))throw new p("API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`");if((t==null?void 0:t.method)!=="GET"){t=t||{};let r=_.get("CSRF_TOKEN");if(!r){let{data:i,error:n}=yield D("/csrf",{body:void 0,baseURL:t.baseURL,plugins:[],method:"GET",credentials:"include",customFetchImpl:t.customFetchImpl});if(n){if(n.status===404)throw new p("CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth).");if(n.status===429)return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests"});throw new p("Failed to fetch CSRF token: "+n.message)}_.set("CSRF_TOKEN",i.csrfToken)}t.body=m(l({},t==null?void 0:t.body),{csrfToken:r})}return t.credentials="include",{url:e,options:t}})}};var q=e=>{var s,f,u,a,g,P;let t=J(m(l({baseURL:E(((s=e==null?void 0:e.fetchOptions)==null?void 0:s.baseURL)||(e==null?void 0:e.baseURL)),credentials:"include"},e==null?void 0:e.fetchOptions),{plugins:[$,k,v,...((u=(f=e==null?void 0:e.fetchOptions)==null?void 0:f.plugins)==null?void 0:u.filter(o=>o!==void 0))||[],...((a=e==null?void 0:e.plugins)==null?void 0:a.flatMap(o=>o.fetchPlugins).filter(o=>o!==void 0))||[]]})),r=(e==null?void 0:e.plugins)||[],i={},n={},d={"/sign-out":"POST","/user/revoke-sessions":"POST"},c=[{signal:"_sessionSignal",matcher(o){return o==="/sign-out"||o==="sign-up/email"||o==="/user/update"}}];for(let o of r)o.getActions&&Object.assign(i,(g=o.getActions)==null?void 0:g.call(o,t)),o.getAtoms&&Object.assign(n,(P=o.getAtoms)==null?void 0:P.call(o,t)),o.pathMethods&&Object.assign(d,o.pathMethods),o.atomListeners&&c.push(...o.atomListeners);return{pluginsActions:i,pluginsAtoms:n,pluginPathMethods:d,atomListeners:c,$fetch:t}};function W(e){return e.charAt(0).toUpperCase()+e.slice(1)}function Z(e,t,r){let i=t[e],s=r||{},{fetchOptions:n,query:d}=s,c=B(s,["fetchOptions","query"]);return i||(n!=null&&n.method?n.method:c&&Object.keys(c).length>0?"POST":"GET")}function M(e,t,r,i,n){function d(c=[]){return new Proxy(function(){},{get(s,f){let u=[...c,f],a=e;for(let g of u)if(a&&typeof a=="object"&&g in a)a=a[g];else{a=void 0;break}return typeof a=="function"?a:d(u)},apply:(s,f,u)=>y(this,null,function*(){let a="/"+c.map(U=>U.replace(/[A-Z]/g,R=>`-${R.toLowerCase()}`)).join("/"),g=u[0]||{},P=u[1]||{},L=g,{query:o,fetchOptions:A}=L,G=B(L,["query","fetchOptions"]),h=l(l({},P),A),F=Z(a,r,g);return yield t(a,m(l({},h),{body:F==="GET"?void 0:l(l({},G),(h==null?void 0:h.body)||{}),query:o||(h==null?void 0:h.query),method:F,onSuccess(U){return y(this,null,function*(){var C;yield(C=h==null?void 0:h.onSuccess)==null?void 0:C.call(h,U);let R=n==null?void 0:n.find(V=>V.matcher(a));if(!R)return;let O=i[R.signal];if(!O)return;let N=O.get();setTimeout(()=>{O.set(!N)},10)})}}))})})}return d()}import{atom as te}from"nanostores";import"@better-fetch/fetch";import{atom as Y,onMount as ee}from"nanostores";var H=(e,t,r,i)=>{let n=Y({data:null,error:null,isPending:!1}),d=()=>{let s=typeof i=="function"?i({data:n.get().data,error:n.get().error,isPending:n.get().isPending}):i;return r(t,m(l({},s),{onSuccess:u=>y(void 0,null,function*(){var a;n.set({data:u.data,error:null,isPending:!1}),yield(a=s==null?void 0:s.onSuccess)==null?void 0:a.call(s,u)}),onError(u){return y(this,null,function*(){var a;n.set({error:u.error,data:null,isPending:!1}),yield(a=s==null?void 0:s.onError)==null?void 0:a.call(s,u)})},onRequest(u){return y(this,null,function*(){var g;let a=n.get();n.set({isPending:!0,data:a.data,error:a.error}),yield(g=s==null?void 0:s.onRequest)==null?void 0:g.call(s,u)})}}))};e=Array.isArray(e)?e:[e];let c=!1;for(let s of e)s.subscribe(()=>{c?d():ee(n,()=>(d(),c=!0,()=>{n.off(),s.off()}))});return n};function j(e){let t=te(!1);return{$session:H(t,"/session",e,{method:"GET"}),_sessionSignal:t,$Infer:{}}}import"react";function re(e){return`use${W(e)}`}function ve(e){let{pluginPathMethods:t,pluginsActions:r,pluginsAtoms:i,$fetch:n,atomListeners:d}=q(e),c={};for(let[o,A]of Object.entries(i))c[re(o)]=()=>S(A);let{$session:s,_sessionSignal:f,$Infer:u}=j(n);function a(o){return S(s)}let g=m(l(l({},r),c),{useSession:a});return M(g,n,t,m(l({},i),{_sessionSignal:f}),d)}var $e=S;export{ve as createAuthClient,$e as useAuthQuery};
+import{useStore as R}from"@nanostores/react";import{createFetch as q}from"@better-fetch/fetch";var f=class extends Error{constructor(t,s,i){super(t),this.name="BetterAuthError",this.message=t,this.cause=s}};function v(e){try{return new URL(e).pathname!=="/"}catch{throw new f(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function A(e,t="/api/auth"){return v(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function O(e,t){if(e)return A(e,t);let s=process?.env||{},i=s.BETTER_AUTH_URL||s.NEXT_PUBLIC_BETTER_AUTH_URL||s.PUBLIC_BETTER_AUTH_URL||s.NUXT_PUBLIC_BETTER_AUTH_URL||s.NUXT_PUBLIC_AUTH_URL||(s.BASE_URL!=="/"?s.BASE_URL:void 0);if(i)return A(i,t);if(typeof window<"u")return A(window.location.origin,t)}import"nanostores";import{betterFetch as $}from"@better-fetch/fetch";var b={id:"redirect",name:"Redirect",hooks:{onSuccess(e){e.data?.url&&e.data?.redirect&&typeof window<"u"&&(window.location.href=e.data.url)}}},L={id:"add-current-url",name:"Add current URL",hooks:{onRequest(e){if(typeof window<"u"){let t=new URL(e.url);t.searchParams.set("currentURL",window.location.href),e.url=t}return e}}},B=new Map,S={id:"csrf",name:"CSRF Check",async init(e,t){if(!t?.baseURL)throw new f("API Base URL on the auth client isn't configured. Please pass it directly to the client `baseURL`");if(t?.method!=="GET"){t=t||{};let s=B.get("CSRF_TOKEN");if(!s){let{data:i,error:r}=await $("/csrf",{body:void 0,baseURL:t.baseURL,plugins:[],method:"GET",credentials:"include",customFetchImpl:t.customFetchImpl});if(r){if(r.status===404)throw new f("CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth).");if(r.status===429)return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests"});throw new f("Failed to fetch CSRF token: "+r.message)}B.set("CSRF_TOKEN",i.csrfToken)}t.body={...t?.body,csrfToken:s}}return t.credentials="include",{url:e,options:t}}};var F=e=>{let t=q({baseURL:O(e?.fetchOptions?.baseURL||e?.baseURL),credentials:"include",...e?.fetchOptions,plugins:[S,b,L,...e?.fetchOptions?.plugins?.filter(n=>n!==void 0)||[],...e?.plugins?.flatMap(n=>n.fetchPlugins).filter(n=>n!==void 0)||[]]}),s=e?.plugins||[],i={},r={},c={"/sign-out":"POST","/user/revoke-sessions":"POST"},o=[{signal:"_sessionSignal",matcher(n){return n==="/sign-out"||n==="sign-up/email"||n==="/user/update"}}];for(let n of s)n.getActions&&Object.assign(i,n.getActions?.(t)),n.getAtoms&&Object.assign(r,n.getAtoms?.(t)),n.pathMethods&&Object.assign(c,n.pathMethods),n.atomListeners&&o.push(...n.atomListeners);return{pluginsActions:i,pluginsAtoms:r,pluginPathMethods:c,atomListeners:o,$fetch:t}};function C(e){return e.charAt(0).toUpperCase()+e.slice(1)}function W(e,t,s){let i=t[e],{fetchOptions:r,query:c,...o}=s||{};return i||(r?.method?r.method:o&&Object.keys(o).length>0?"POST":"GET")}function x(e,t,s,i,r){function c(o=[]){return new Proxy(function(){},{get(n,u){let l=[...o,u],a=e;for(let d of l)if(a&&typeof a=="object"&&d in a)a=a[d];else{a=void 0;break}return typeof a=="function"?a:c(l)},apply:async(n,u,l)=>{let a="/"+o.map(y=>y.replace(/[A-Z]/g,m=>`-${m.toLowerCase()}`)).join("/"),d=l[0]||{},T=l[1]||{},{query:p,fetchOptions:g,...E}=d,h={...T,...g},U=W(a,s,d);return await t(a,{...h,body:U==="GET"?void 0:{...E,...h?.body||{}},query:p||h?.query,method:U,async onSuccess(y){await h?.onSuccess?.(y);let m=r?.find(k=>k.matcher(a));if(!m)return;let P=i[m.signal];if(!P)return;let _=P.get();setTimeout(()=>{P.set(!_)},10)}})}})}return c()}import{atom as j}from"nanostores";import"@better-fetch/fetch";import{atom as M,onMount as H}from"nanostores";var w=(e,t,s,i)=>{let r=M({data:null,error:null,isPending:!1}),c=()=>{let n=typeof i=="function"?i({data:r.get().data,error:r.get().error,isPending:r.get().isPending}):i;return s(t,{...n,onSuccess:async u=>{r.set({data:u.data,error:null,isPending:!1}),await n?.onSuccess?.(u)},async onError(u){r.set({error:u.error,data:null,isPending:!1}),await n?.onError?.(u)},async onRequest(u){let l=r.get();r.set({isPending:!0,data:l.data,error:l.error}),await n?.onRequest?.(u)}})};e=Array.isArray(e)?e:[e];let o=!1;for(let n of e)n.subscribe(()=>{o?c():H(r,()=>(c(),o=!0,()=>{r.off(),n.off()}))});return r};function I(e){let t=j(!1);return{$session:w(t,"/session",e,{method:"GET"}),_sessionSignal:t,$Infer:{}}}import"react";function G(e){return`use${C(e)}`}function Pe(e){let{pluginPathMethods:t,pluginsActions:s,pluginsAtoms:i,$fetch:r,atomListeners:c}=F(e),o={};for(let[p,g]of Object.entries(i))o[G(p)]=()=>R(g);let{$session:n,_sessionSignal:u,$Infer:l}=I(r);function a(p){return R(n)}let d={...s,...o,useSession:a};return x(d,r,t,{...i,_sessionSignal:u},c)}var Ae=R;export{Pe as createAuthClient,Ae as useAuthQuery};