npm - better-auth - Versions diffs - 0.2.3-beta.8 → 0.2.4 - Mend

better-auth 0.2.3-beta.8 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/client/plugins.js CHANGED Viewed

@@ -1,2 +1,527 @@
-import{atom as g}from"nanostores";var u=class extends Error{path;constructor(e,a){super(e),this.path=a}},m=class{constructor(e){this.s=e;this.statements=e}statements;newRole(e){return new f(e)}},f=class r{statements;constructor(e){this.statements=e}authorize(e,a){for(let[i,t]of Object.entries(e)){let s=this.statements[i];if(!s)return{success:!1,error:`You are not allowed to access resource: ${i}`};let o=a==="OR"?t.some(n=>s.includes(n)):t.every(n=>s.includes(n));return o?{success:o}:{success:!1,error:`unauthorized to access resource "${i}"`}}return{success:!1,error:"Not authorized"}}static fromString(e){let a=JSON.parse(e);if(typeof a!="object")throw new u("statements is not an object",".");for(let[i,t]of Object.entries(a)){if(typeof i!="string")throw new u("invalid resource identifier",i);if(!Array.isArray(t))throw new u("actions is not an array",i);for(let s=0;s<t.length;s++)if(typeof t[s]!="string")throw new u("action is not a string",`${i}[${s}]`)}return new r(a)}toString(){return JSON.stringify(this.statements)}};var h=r=>new m(r),P={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},d=h(P),U=d.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),v=d.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),E=d.newRole({organization:[],member:[],invitation:[]});import{createFetch as ee}from"@better-fetch/fetch";import"nanostores";import{betterFetch as K}from"@better-fetch/fetch";import{atom as me}from"nanostores";import"@better-fetch/fetch";import{atom as A,onMount as O}from"nanostores";var p=(r,e,a,i)=>{let t=A({data:null,error:null,isPending:!1}),s=()=>{let n=typeof i=="function"?i({data:t.get().data,error:t.get().error,isPending:t.get().isPending}):i;return a(e,{...n,onSuccess:async c=>{t.set({data:c.data,error:null,isPending:!1}),await n?.onSuccess?.(c)},async onError(c){t.set({error:c.error,data:null,isPending:!1}),await n?.onError?.(c)},async onRequest(c){let y=t.get();t.set({isPending:!0,data:y.data,error:y.error}),await n?.onRequest?.(c)}})};r=Array.isArray(r)?r:[r];let o=!1;for(let n of r)n.subscribe(()=>{o?s():O(t,()=>(s(),o=!0,()=>{t.off(),n.off()}))});return t};var ve=r=>{let e=g(void 0),a=g(!1),i=g(!1);return{id:"organization",$InferServerPlugin:{},getActions:t=>({$Infer:{ActiveOrganization:{},Organization:{},Invitation:{},Member:{}},organization:{setActive(s){e.set(s)},hasPermission:async s=>await t("/organization/has-permission",{method:"POST",body:{permission:s.permission},...s.fetchOptions})}}),getAtoms:t=>{let s=p(a,"/organization/list",t,{method:"GET"}),o=p([e,i],"/organization/activate",t,()=>({method:"POST",credentials:"include",body:{orgId:e.get()}}));return{_listOrg:a,_activeOrgSignal:i,activeOrganization:o,listOrganizations:s}},atomListeners:[{matcher(t){return t==="/organization/create"||t==="/organization/delete"},signal:"_listOrg"},{matcher(t){return t.startsWith("/organization")},signal:"_activeOrgSignal"}]}};var Ie=()=>({id:"username",$InferServerPlugin:{}});import{WebAuthnError as T,startAuthentication as w,startRegistration as x}from"@simplewebauthn/browser";import{createConsola as b}from"consola";var l=b({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),R=r=>({log:(...e)=>{!r?.disabled&&l.log("",...e)},error:(...e)=>{!r?.disabled&&l.error("",...e)},warn:(...e)=>{!r?.disabled&&l.warn("",...e)},info:(...e)=>{!r?.disabled&&l.info("",...e)},debug:(...e)=>{!r?.disabled&&l.debug("",...e)},box:(...e)=>{!r?.disabled&&l.box("",...e)},success:(...e)=>{!r?.disabled&&l.success("",...e)},break:(...e)=>{!r?.disabled&&console.log(`
-`)}}),ze=R();import{atom as k}from"nanostores";var C=(r,{_listPasskeys:e})=>({signIn:{passkey:async(t,s)=>{let o=await r("/passkey/generate-authenticate-options",{method:"POST",body:{email:t?.email,callbackURL:t?.callbackURL}});if(!o.data)return o;try{let n=await w(o.data,t?.autoFill||!1),c=await r("/passkey/verify-authentication",{body:{response:n},...t?.fetchOptions,...s});if(!c.data)return c}catch(n){console.log(n)}}},passkey:{addPasskey:async(t,s)=>{let o=await r("/passkey/generate-register-options",{method:"GET"});if(!o.data)return o;try{let n=await x(o.data),c=await r("/passkey/verify-registration",{...t?.fetchOptions,...s,body:{response:n,name:t?.name}});if(!c.data)return c;e.set(Math.random())}catch(n){return n instanceof T?n.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:n.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:n.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:n instanceof Error?n.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),De=()=>{let r=k();return{id:"passkey",$InferServerPlugin:{},getActions:e=>C(e,{_listPasskeys:r}),getAtoms(e){return{listPasskeys:p(r,"/passkey/list-user-passkeys",e,{method:"GET",credentials:"include"}),_listPasskeys:r}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(e){return e==="/passkey/verify-registration"||e==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var Ke=(r={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:e=>e==="/two-factor/enable"||e==="/two-factor/send-otp"||e==="/two-factor/disable",signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(e){e.data?.twoFactorRedirect&&(r.redirect||r.twoFactorPage)&&typeof window<"u"&&(window.location.href=r.twoFactorPage)}}}]});var Je=()=>({id:"magic-link",$InferServerPlugin:{}});export{C as getPasskeyActions,Je as magicLinkClient,ve as organizationClient,De as passkeyClient,Ke as twoFactorClient,Ie as usernameClient};
+// src/plugins/organization/client.ts
+import { atom as atom3 } from "nanostores";
+// src/plugins/organization/access/src/access.ts
+var ParsingError = class extends Error {
+  path;
+  constructor(message, path) {
+    super(message);
+    this.path = path;
+  }
+};
+var AccessControl = class {
+  constructor(s) {
+    this.s = s;
+    this.statements = s;
+  }
+  statements;
+  newRole(statements) {
+    return new Role(statements);
+  }
+};
+var Role = class _Role {
+  statements;
+  constructor(statements) {
+    this.statements = statements;
+  }
+  authorize(request, connector) {
+    for (const [requestedResource, requestedActions] of Object.entries(
+      request
+    )) {
+      const allowedActions = this.statements[requestedResource];
+      if (!allowedActions) {
+        return {
+          success: false,
+          error: `You are not allowed to access resource: ${requestedResource}`
+        };
+      }
+      const success = connector === "OR" ? requestedActions.some(
+        (requestedAction) => allowedActions.includes(requestedAction)
+      ) : requestedActions.every(
+        (requestedAction) => allowedActions.includes(requestedAction)
+      );
+      if (success) {
+        return { success };
+      }
+      return {
+        success: false,
+        error: `unauthorized to access resource "${requestedResource}"`
+      };
+    }
+    return {
+      success: false,
+      error: "Not authorized"
+    };
+  }
+  static fromString(s) {
+    const statements = JSON.parse(s);
+    if (typeof statements !== "object") {
+      throw new ParsingError("statements is not an object", ".");
+    }
+    for (const [resource, actions] of Object.entries(statements)) {
+      if (typeof resource !== "string") {
+        throw new ParsingError("invalid resource identifier", resource);
+      }
+      if (!Array.isArray(actions)) {
+        throw new ParsingError("actions is not an array", resource);
+      }
+      for (let i = 0; i < actions.length; i++) {
+        if (typeof actions[i] !== "string") {
+          throw new ParsingError("action is not a string", `${resource}[${i}]`);
+        }
+      }
+    }
+    return new _Role(statements);
+  }
+  toString() {
+    return JSON.stringify(this.statements);
+  }
+};
+// src/plugins/organization/access/statement.ts
+var createAccessControl = (statements) => {
+  return new AccessControl(statements);
+};
+var defaultStatements = {
+  organization: ["update", "delete"],
+  member: ["create", "update", "delete"],
+  invitation: ["create", "cancel"]
+};
+var defaultAc = createAccessControl(defaultStatements);
+var adminAc = defaultAc.newRole({
+  organization: ["update"],
+  invitation: ["create", "cancel"],
+  member: ["create", "update", "delete"]
+});
+var ownerAc = defaultAc.newRole({
+  organization: ["update", "delete"],
+  member: ["create", "update", "delete"],
+  invitation: ["create", "cancel"]
+});
+var memberAc = defaultAc.newRole({
+  organization: [],
+  member: [],
+  invitation: []
+});
+// src/client/config.ts
+import { createFetch } from "@better-fetch/fetch";
+import "nanostores";
+// src/client/fetch-plugins.ts
+import { betterFetch } from "@better-fetch/fetch";
+// src/client/session-atom.ts
+import { atom as atom2 } from "nanostores";
+// src/client/query.ts
+import "@better-fetch/fetch";
+import { atom, onMount } from "nanostores";
+var useAuthQuery = (initializedAtom, path, $fetch, options) => {
+  const value = atom({
+    data: null,
+    error: null,
+    isPending: false
+  });
+  const fn = () => {
+    const opts = typeof options === "function" ? options({
+      data: value.get().data,
+      error: value.get().error,
+      isPending: value.get().isPending
+    }) : options;
+    return $fetch(path, {
+      ...opts,
+      onSuccess: async (context) => {
+        value.set({
+          data: context.data,
+          error: null,
+          isPending: false
+        });
+        await opts?.onSuccess?.(context);
+      },
+      async onError(context) {
+        value.set({
+          error: context.error,
+          data: null,
+          isPending: false
+        });
+        await opts?.onError?.(context);
+      },
+      async onRequest(context) {
+        const currentValue = value.get();
+        value.set({
+          isPending: true,
+          data: currentValue.data,
+          error: currentValue.error
+        });
+        await opts?.onRequest?.(context);
+      }
+    });
+  };
+  initializedAtom = Array.isArray(initializedAtom) ? initializedAtom : [initializedAtom];
+  let isMounted = false;
+  for (const initAtom of initializedAtom) {
+    initAtom.subscribe(() => {
+      if (isMounted) {
+        fn();
+      } else {
+        onMount(value, () => {
+          fn();
+          isMounted = true;
+          return () => {
+            value.off();
+            initAtom.off();
+          };
+        });
+      }
+    });
+  }
+  return value;
+};
+// src/plugins/organization/client.ts
+var organizationClient = (options) => {
+  const activeOrgId = atom3(void 0);
+  const _listOrg = atom3(false);
+  const _activeOrgSignal = atom3(false);
+  return {
+    id: "organization",
+    $InferServerPlugin: {},
+    getActions: ($fetch) => ({
+      $Infer: {
+        ActiveOrganization: {},
+        Organization: {},
+        Invitation: {},
+        Member: {}
+      },
+      organization: {
+        setActive(orgId) {
+          activeOrgId.set(orgId);
+        },
+        hasPermission: async (data) => {
+          return await $fetch("/organization/has-permission", {
+            method: "POST",
+            body: {
+              permission: data.permission
+            },
+            ...data.fetchOptions
+          });
+        }
+      }
+    }),
+    getAtoms: ($fetch) => {
+      const listOrganizations = useAuthQuery(
+        _listOrg,
+        "/organization/list",
+        $fetch,
+        {
+          method: "GET"
+        }
+      );
+      const activeOrganization = useAuthQuery(
+        [activeOrgId, _activeOrgSignal],
+        "/organization/activate",
+        $fetch,
+        () => ({
+          method: "POST",
+          credentials: "include",
+          body: {
+            orgId: activeOrgId.get()
+          }
+        })
+      );
+      return {
+        _listOrg,
+        _activeOrgSignal,
+        activeOrganization,
+        listOrganizations
+      };
+    },
+    atomListeners: [
+      {
+        matcher(path) {
+          return path === "/organization/create" || path === "/organization/delete";
+        },
+        signal: "_listOrg"
+      },
+      {
+        matcher(path) {
+          return path.startsWith("/organization");
+        },
+        signal: "_activeOrgSignal"
+      }
+    ]
+  };
+};
+// src/plugins/username/client.ts
+var usernameClient = () => {
+  return {
+    id: "username",
+    $InferServerPlugin: {}
+  };
+};
+// src/plugins/passkey/client.ts
+import {
+  WebAuthnError,
+  startAuthentication,
+  startRegistration
+} from "@simplewebauthn/browser";
+// src/utils/logger.ts
+import { createConsola } from "consola";
+var consola = createConsola({
+  formatOptions: {
+    date: false,
+    colors: true,
+    compact: true
+  },
+  defaults: {
+    tag: "Better Auth"
+  }
+});
+var createLogger = (options) => {
+  return {
+    log: (...args) => {
+      !options?.disabled && consola.log("", ...args);
+    },
+    error: (...args) => {
+      !options?.disabled && consola.error("", ...args);
+    },
+    warn: (...args) => {
+      !options?.disabled && consola.warn("", ...args);
+    },
+    info: (...args) => {
+      !options?.disabled && consola.info("", ...args);
+    },
+    debug: (...args) => {
+      !options?.disabled && consola.debug("", ...args);
+    },
+    box: (...args) => {
+      !options?.disabled && consola.box("", ...args);
+    },
+    success: (...args) => {
+      !options?.disabled && consola.success("", ...args);
+    },
+    break: (...args) => {
+      !options?.disabled && console.log("\n");
+    }
+  };
+};
+var logger = createLogger();
+// src/plugins/passkey/client.ts
+import { atom as atom4 } from "nanostores";
+var getPasskeyActions = ($fetch, {
+  _listPasskeys
+}) => {
+  const signInPasskey = async (opts, options) => {
+    const response = await $fetch(
+      "/passkey/generate-authenticate-options",
+      {
+        method: "POST",
+        body: {
+          email: opts?.email,
+          callbackURL: opts?.callbackURL
+        }
+      }
+    );
+    if (!response.data) {
+      return response;
+    }
+    try {
+      const res = await startAuthentication(
+        response.data,
+        opts?.autoFill || false
+      );
+      const verified = await $fetch("/passkey/verify-authentication", {
+        body: {
+          response: res
+        },
+        ...opts?.fetchOptions,
+        ...options
+      });
+      if (!verified.data) {
+        return verified;
+      }
+    } catch (e) {
+      console.log(e);
+    }
+  };
+  const registerPasskey = async (opts, fetchOpts) => {
+    const options = await $fetch(
+      "/passkey/generate-register-options",
+      {
+        method: "GET"
+      }
+    );
+    if (!options.data) {
+      return options;
+    }
+    try {
+      const res = await startRegistration(options.data);
+      const verified = await $fetch("/passkey/verify-registration", {
+        ...opts?.fetchOptions,
+        ...fetchOpts,
+        body: {
+          response: res,
+          name: opts?.name
+        }
+      });
+      if (!verified.data) {
+        return verified;
+      }
+      _listPasskeys.set(Math.random());
+    } catch (e) {
+      if (e instanceof WebAuthnError) {
+        if (e.code === "ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED") {
+          return {
+            data: null,
+            error: {
+              message: "previously registered",
+              status: 400,
+              statusText: "BAD_REQUEST"
+            }
+          };
+        }
+        if (e.code === "ERROR_CEREMONY_ABORTED") {
+          return {
+            data: null,
+            error: {
+              message: "registration cancelled",
+              status: 400,
+              statusText: "BAD_REQUEST"
+            }
+          };
+        }
+        return {
+          data: null,
+          error: {
+            message: e.message,
+            status: 400,
+            statusText: "BAD_REQUEST"
+          }
+        };
+      }
+      return {
+        data: null,
+        error: {
+          message: e instanceof Error ? e.message : "unknown error",
+          status: 500,
+          statusText: "INTERNAL_SERVER_ERROR"
+        }
+      };
+    }
+  };
+  return {
+    signIn: {
+      /**
+       * Sign in with a registered passkey
+       */
+      passkey: signInPasskey
+    },
+    passkey: {
+      /**
+       * Add a passkey to the user account
+       */
+      addPasskey: registerPasskey
+    },
+    /**
+     * Inferred Internal Types
+     */
+    $Infer: {}
+  };
+};
+var passkeyClient = () => {
+  const _listPasskeys = atom4();
+  return {
+    id: "passkey",
+    $InferServerPlugin: {},
+    getActions: ($fetch) => getPasskeyActions($fetch, {
+      _listPasskeys
+    }),
+    getAtoms($fetch) {
+      const listPasskeys = useAuthQuery(
+        _listPasskeys,
+        "/passkey/list-user-passkeys",
+        $fetch,
+        {
+          method: "GET",
+          credentials: "include"
+        }
+      );
+      return {
+        listPasskeys,
+        _listPasskeys
+      };
+    },
+    pathMethods: {
+      "/passkey/register": "POST",
+      "/passkey/authenticate": "POST"
+    },
+    atomListeners: [
+      {
+        matcher(path) {
+          return path === "/passkey/verify-registration" || path === "/passkey/delete-passkey";
+        },
+        signal: "_listPasskeys"
+      }
+    ]
+  };
+};
+// src/plugins/two-factor/client.ts
+var twoFactorClient = (options = {
+  redirect: true,
+  twoFactorPage: "/"
+}) => {
+  return {
+    id: "two-factor",
+    $InferServerPlugin: {},
+    atomListeners: [
+      {
+        matcher: (path) => path === "/two-factor/enable" || path === "/two-factor/send-otp" || path === "/two-factor/disable",
+        signal: "_sessionSignal"
+      }
+    ],
+    pathMethods: {
+      "/two-factor/disable": "POST",
+      "/two-factor/enable": "POST",
+      "/two-factor/send-otp": "POST"
+    },
+    fetchPlugins: [
+      {
+        id: "two-factor",
+        name: "two-factor",
+        hooks: {
+          async onSuccess(context) {
+            if (context.data?.twoFactorRedirect) {
+              if (options.redirect || options.twoFactorPage) {
+                if (typeof window !== "undefined") {
+                  window.location.href = options.twoFactorPage;
+                }
+              }
+            }
+          }
+        }
+      }
+    ]
+  };
+};
+// src/plugins/magic-link/client.ts
+var magicLinkClient = () => {
+  return {
+    id: "magic-link",
+    $InferServerPlugin: {}
+  };
+};
+export {
+  getPasskeyActions,
+  magicLinkClient,
+  organizationClient,
+  passkeyClient,
+  twoFactorClient,
+  usernameClient
+};