npm - better-auth - Versions diffs - 0.2.8-beta.8 → 0.2.8 - Mend

better-auth 0.2.8-beta.8 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/dist/.DS_Store +0 -0
package/dist/access.js +13 -2
package/dist/adapters/drizzle.d.ts +1 -1
package/dist/adapters/drizzle.js +13 -23
package/dist/adapters/mongodb.d.ts +1 -1
package/dist/adapters/mongodb.js +3 -2
package/dist/adapters/prisma.d.ts +1 -1
package/dist/adapters/prisma.js +3 -280
package/dist/api.d.ts +1 -1
package/dist/api.js +407 -269
package/dist/cli.js +213 -55
package/dist/client/plugins.d.ts +5 -3
package/dist/client/plugins.js +49 -34
package/dist/client.d.ts +3 -1
package/dist/client.js +34 -32
package/dist/{index-CKn-Zrry.d.ts → index-C9S3KShG.d.ts} +50 -63
package/dist/{index-DtRHPoYF.d.ts → index-UOcOxfoL.d.ts} +6 -5
package/dist/index.d.ts +1 -1
package/dist/index.js +501 -372
package/dist/next-js.d.ts +1 -1
package/dist/next-js.js +6 -5
package/dist/node.d.ts +1 -1
package/dist/node.js +5 -5
package/dist/plugins.d.ts +8 -5
package/dist/plugins.js +716 -498
package/dist/react.d.ts +4 -2
package/dist/react.js +37 -33
package/dist/social.js +116 -68
package/dist/solid-start.d.ts +1 -1
package/dist/solid-start.js +3 -2
package/dist/solid.d.ts +2 -1
package/dist/solid.js +35 -32
package/dist/svelte-kit.d.ts +1 -1
package/dist/svelte-kit.js +6 -4
package/dist/svelte.d.ts +2 -1
package/dist/svelte.js +33 -32
package/dist/types.d.ts +2 -2
package/dist/types.js +0 -1
package/dist/vue.d.ts +3 -1
package/dist/vue.js +35 -32
package/package.json +2 -3
package/dist/hide-metadata-DEHJp1rk.d.ts +0 -5
package/dist/utils.d.ts +0 -51
package/dist/utils.js +0 -426

package/dist/api.js CHANGED Viewed

@@ -1,19 +1,18 @@
-import { createMiddleware, createMiddlewareCreator, createEndpointCreator, APIError, createRouter } from 'better-call';
-import { z } from 'zod';
-import '@noble/ciphers/chacha';
-import '@noble/ciphers/utils';
-import '@noble/ciphers/webcrypto';
-import '@noble/hashes/sha256';
-import { generateCodeVerifier, generateState as generateState$1 } from 'oslo/oauth2';
-import { Facebook, GitHub, Google, Spotify, Twitch, Twitter, OAuth2Tokens } from 'arctic';
-import { createJWT, validateJWT, parseJWT } from 'oslo/jwt';
-import { betterFetch } from '@better-fetch/fetch';
-import { TimeSpan } from 'oslo';
-import { nanoid } from 'nanoid';
-import { createConsola } from 'consola';
-import chalk from 'chalk';
 // src/api/index.ts
+import {
+  APIError as APIError5,
+  createRouter
+} from "better-call";
+// src/api/middlewares/csrf.ts
+import { APIError } from "better-call";
+import { z } from "zod";
+// src/crypto/index.ts
+import { xchacha20poly1305 } from "@noble/ciphers/chacha";
+import { bytesToHex, hexToBytes, utf8ToBytes } from "@noble/ciphers/utils";
+import { managedNonce } from "@noble/ciphers/webcrypto";
+import { sha256 } from "@noble/hashes/sha256";
 async function hs256(secretKey, message) {
   const enc = new TextEncoder();
   const algorithm = { name: "HMAC", hash: "SHA-256" };
@@ -31,6 +30,13 @@ async function hs256(secretKey, message) {
   );
   return btoa(String.fromCharCode(...new Uint8Array(signature)));
 }
+// src/api/call.ts
+import {
+  createEndpointCreator,
+  createMiddleware,
+  createMiddlewareCreator
+} from "better-call";
 var optionsMiddleware = createMiddleware(async () => {
   return {};
 });
@@ -90,6 +96,30 @@ var csrfMiddleware = createAuthMiddleware(
   }
 );
+// src/api/routes/sign-in.ts
+import { APIError as APIError3 } from "better-call";
+import { generateCodeVerifier } from "oslo/oauth2";
+import { z as z4 } from "zod";
+// src/social-providers/apple.ts
+import "arctic";
+import { parseJWT } from "oslo/jwt";
+import "@better-fetch/fetch";
+// src/error/better-auth-error.ts
+var BetterAuthError = class extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.name = "BetterAuthError";
+    this.message = message;
+    this.cause = cause;
+    this.stack = "";
+  }
+};
+// src/social-providers/utils.ts
+import { OAuth2Tokens } from "arctic";
 // src/utils/base-url.ts
 function checkHasPath(url) {
   try {
@@ -110,6 +140,9 @@ function withPath(url, path = "/api/auth") {
   return `${url}${path}`;
 }
 function getBaseURL(url, path) {
+  if (url) {
+    return withPath(url, path);
+  }
   const env = process?.env || {};
   const fromEnv = env.BETTER_AUTH_URL || env.NEXT_PUBLIC_BETTER_AUTH_URL || env.PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_AUTH_URL || (env.BASE_URL !== "/" ? env.BASE_URL : void 0);
   if (fromEnv) {
@@ -120,142 +153,9 @@ function getBaseURL(url, path) {
   }
   return void 0;
 }
-async function setSessionCookie(ctx, sessionToken, dontRememberMe, overrides) {
-  const options = ctx.context.authCookies.sessionToken.options;
-  options.maxAge = dontRememberMe ? void 0 : options.maxAge;
-  await ctx.setSignedCookie(
-    ctx.context.authCookies.sessionToken.name,
-    sessionToken,
-    ctx.context.secret,
-    options
-  );
-  if (dontRememberMe) {
-    await ctx.setSignedCookie(
-      ctx.context.authCookies.dontRememberToken.name,
-      "true",
-      ctx.context.secret,
-      ctx.context.authCookies.dontRememberToken.options
-    );
-  }
-}
-function deleteSessionCookie(ctx) {
-  ctx.setCookie(ctx.context.authCookies.sessionToken.name, "", {
-    maxAge: 0
-  });
-  ctx.setCookie(ctx.context.authCookies.dontRememberToken.name, "", {
-    maxAge: 0
-  });
-}
-// src/utils/date.ts
-var getDate = (span, unit = "ms") => {
-  const date = /* @__PURE__ */ new Date();
-  return new Date(date.getTime() + (unit === "sec" ? span * 1e3 : span));
-};
-// src/utils/get-request-ip.ts
-function getIp(req) {
-  const testIP = "127.0.0.1";
-  if (process.env.NODE_ENV === "test") {
-    return testIP;
-  }
-  const headers = [
-    "x-client-ip",
-    "x-forwarded-for",
-    "cf-connecting-ip",
-    "fastly-client-ip",
-    "x-real-ip",
-    "x-cluster-client-ip",
-    "x-forwarded",
-    "forwarded-for",
-    "forwarded"
-  ];
-  for (const header of headers) {
-    const value = req.headers.get(header);
-    if (typeof value === "string") {
-      const ip = value.split(",")[0].trim();
-      if (ip) return ip;
-    }
-  }
-  return null;
-}
-// src/utils/hide-metadata.ts
-var HIDE_METADATA = {
-  isAction: false
-};
-var generateId = (size) => {
-  return nanoid(size);
-};
-var consola = createConsola({
-  formatOptions: {
-    date: false,
-    colors: true,
-    compact: true
-  },
-  defaults: {
-    tag: "Better Auth"
-  }
-});
-var createLogger = (options) => {
-  return {
-    log: (...args) => {
-      consola.log("", ...args);
-    },
-    error: (...args) => {
-      consola.error("", ...args);
-    },
-    warn: (...args) => {
-      consola.warn("", ...args);
-    },
-    info: (...args) => {
-      consola.info("", ...args);
-    },
-    debug: (...args) => {
-      consola.debug("", ...args);
-    },
-    box: (...args) => {
-      consola.box("", ...args);
-    },
-    success: (...args) => {
-      consola.success("", ...args);
-    },
-    break: (...args) => {
-      console.log("\n");
-    }
-  };
-};
-var logger = createLogger();
-function generateState(callbackURL, currentURL, dontRememberMe) {
-  const code = generateState$1();
-  const state = JSON.stringify({
-    code,
-    callbackURL,
-    currentURL,
-    dontRememberMe
-  });
-  return { state, code };
-}
-function parseState(state) {
-  const data = z.object({
-    code: z.string(),
-    callbackURL: z.string().optional(),
-    currentURL: z.string().optional(),
-    dontRememberMe: z.boolean().optional()
-  }).safeParse(JSON.parse(state));
-  return data;
-}
-// src/error/better-auth-error.ts
-var BetterAuthError = class extends Error {
-  constructor(message, cause) {
-    super(message);
-    this.name = "BetterAuthError";
-    this.message = message;
-    this.cause = cause;
-    this.stack = "";
-  }
-};
+// src/social-providers/utils.ts
+import { betterFetch } from "@better-fetch/fetch";
 function getRedirectURI(providerId, redirectURI) {
   return redirectURI || `${getBaseURL()}/callback/${providerId}`;
 }
@@ -327,6 +227,9 @@ var apple = (options) => {
     }
   };
 };
+// src/social-providers/discord.ts
+import { betterFetch as betterFetch3 } from "@better-fetch/fetch";
 var discord = (options) => {
   return {
     id: "discord",
@@ -350,7 +253,7 @@ var discord = (options) => {
       });
     },
     async getUserInfo(token) {
-      const { data: profile, error: error2 } = await betterFetch(
+      const { data: profile, error: error2 } = await betterFetch3(
         "https://discord.com/api/users/@me",
         {
           headers: {
@@ -381,6 +284,10 @@ var discord = (options) => {
     }
   };
 };
+// src/social-providers/facebook.ts
+import { betterFetch as betterFetch4 } from "@better-fetch/fetch";
+import { Facebook } from "arctic";
 var facebook = (options) => {
   const facebookArctic = new Facebook(
     options.clientId,
@@ -404,7 +311,7 @@ var facebook = (options) => {
       });
     },
     async getUserInfo(token) {
-      const { data: profile, error: error2 } = await betterFetch(
+      const { data: profile, error: error2 } = await betterFetch4(
         "https://graph.facebook.com/me",
         {
           auth: {
@@ -428,6 +335,10 @@ var facebook = (options) => {
     }
   };
 };
+// src/social-providers/github.ts
+import { betterFetch as betterFetch5 } from "@better-fetch/fetch";
+import { GitHub } from "arctic";
 var github = ({
   clientId,
   clientSecret,
@@ -449,7 +360,7 @@ var github = ({
       return await githubArctic.validateAuthorizationCode(state);
     },
     async getUserInfo(token) {
-      const { data: profile, error: error2 } = await betterFetch(
+      const { data: profile, error: error2 } = await betterFetch5(
         "https://api.github.com/user",
         {
           auth: {
@@ -463,7 +374,7 @@ var github = ({
       }
       let emailVerified = false;
       if (!profile.email) {
-        const { data, error: error3 } = await betterFetch("https://api.github.com/user/emails", {
+        const { data, error: error3 } = await betterFetch5("https://api.github.com/user/emails", {
           auth: {
             type: "Bearer",
             token: token.accessToken()
@@ -489,6 +400,54 @@ var github = ({
     }
   };
 };
+// src/social-providers/google.ts
+import { Google } from "arctic";
+import { parseJWT as parseJWT2 } from "oslo/jwt";
+// src/utils/logger.ts
+import { createConsola } from "consola";
+var consola = createConsola({
+  formatOptions: {
+    date: false,
+    colors: true,
+    compact: true
+  },
+  defaults: {
+    tag: "Better Auth"
+  }
+});
+var createLogger = (options) => {
+  return {
+    log: (...args) => {
+      !options?.disabled && consola.log("", ...args);
+    },
+    error: (...args) => {
+      !options?.disabled && consola.error("", ...args);
+    },
+    warn: (...args) => {
+      !options?.disabled && consola.warn("", ...args);
+    },
+    info: (...args) => {
+      !options?.disabled && consola.info("", ...args);
+    },
+    debug: (...args) => {
+      !options?.disabled && consola.debug("", ...args);
+    },
+    box: (...args) => {
+      !options?.disabled && consola.box("", ...args);
+    },
+    success: (...args) => {
+      !options?.disabled && consola.success("", ...args);
+    },
+    break: (...args) => {
+      !options?.disabled && console.log("\n");
+    }
+  };
+};
+var logger = createLogger();
+// src/social-providers/google.ts
 var google = (options) => {
   const googleArctic = new Google(
     options.clientId,
@@ -529,7 +488,7 @@ var google = (options) => {
       if (!token.idToken) {
         return null;
       }
-      const user = parseJWT(token.idToken())?.payload;
+      const user = parseJWT2(token.idToken())?.payload;
       return {
         user: {
           id: user.sub,
@@ -543,6 +502,10 @@ var google = (options) => {
     }
   };
 };
+// src/social-providers/spotify.ts
+import { betterFetch as betterFetch6 } from "@better-fetch/fetch";
+import { Spotify } from "arctic";
 var spotify = (options) => {
   const spotifyArctic = new Spotify(
     options.clientId,
@@ -566,7 +529,7 @@ var spotify = (options) => {
       });
     },
     async getUserInfo(token) {
-      const { data: profile, error: error2 } = await betterFetch(
+      const { data: profile, error: error2 } = await betterFetch6(
         "https://api.spotify.com/v1/me",
         {
           method: "GET",
@@ -591,6 +554,10 @@ var spotify = (options) => {
     }
   };
 };
+// src/social-providers/twitch.ts
+import { betterFetch as betterFetch7 } from "@better-fetch/fetch";
+import { Twitch } from "arctic";
 var twitch = (options) => {
   const twitchArctic = new Twitch(
     options.clientId,
@@ -613,7 +580,7 @@ var twitch = (options) => {
       });
     },
     async getUserInfo(token) {
-      const { data: profile, error: error2 } = await betterFetch(
+      const { data: profile, error: error2 } = await betterFetch7(
         "https://api.twitch.tv/helix/users",
         {
           method: "GET",
@@ -638,6 +605,10 @@ var twitch = (options) => {
     }
   };
 };
+// src/social-providers/twitter.ts
+import { betterFetch as betterFetch8 } from "@better-fetch/fetch";
+import { Twitter } from "arctic";
 var twitter = (options) => {
   const twitterArctic = new Twitter(
     options.clientId,
@@ -665,7 +636,7 @@ var twitter = (options) => {
       });
     },
     async getUserInfo(token) {
-      const { data: profile, error: error2 } = await betterFetch(
+      const { data: profile, error: error2 } = await betterFetch8(
         "https://api.x.com/2/users/me?user.fields=profile_image_url",
         {
           method: "GET",
@@ -694,6 +665,9 @@ var twitter = (options) => {
   };
 };
+// src/types/provider.ts
+import "arctic";
 // src/social-providers/index.ts
 var oAuthProviders = {
   apple,
@@ -706,6 +680,99 @@ var oAuthProviders = {
   twitter
 };
 var oAuthProviderList = Object.keys(oAuthProviders);
+// src/utils/state.ts
+import { generateState as generateStateOAuth } from "oslo/oauth2";
+import { z as z2 } from "zod";
+function generateState(callbackURL, currentURL, dontRememberMe) {
+  const code = generateStateOAuth();
+  const state = JSON.stringify({
+    code,
+    callbackURL,
+    currentURL,
+    dontRememberMe
+  });
+  return { state, code };
+}
+function parseState(state) {
+  const data = z2.object({
+    code: z2.string(),
+    callbackURL: z2.string().optional(),
+    currentURL: z2.string().optional(),
+    dontRememberMe: z2.boolean().optional()
+  }).safeParse(JSON.parse(state));
+  return data;
+}
+// src/api/routes/session.ts
+import { APIError as APIError2 } from "better-call";
+// src/utils/date.ts
+var getDate = (span, unit = "ms") => {
+  const date = /* @__PURE__ */ new Date();
+  return new Date(date.getTime() + (unit === "sec" ? span * 1e3 : span));
+};
+// src/utils/cookies.ts
+import { TimeSpan } from "oslo";
+async function setSessionCookie(ctx, sessionToken, dontRememberMe, overrides) {
+  const options = ctx.context.authCookies.sessionToken.options;
+  options.maxAge = dontRememberMe ? void 0 : options.maxAge;
+  await ctx.setSignedCookie(
+    ctx.context.authCookies.sessionToken.name,
+    sessionToken,
+    ctx.context.secret,
+    options
+  );
+  if (dontRememberMe) {
+    await ctx.setSignedCookie(
+      ctx.context.authCookies.dontRememberToken.name,
+      "true",
+      ctx.context.secret,
+      ctx.context.authCookies.dontRememberToken.options
+    );
+  }
+}
+function deleteSessionCookie(ctx) {
+  ctx.setCookie(ctx.context.authCookies.sessionToken.name, "", {
+    maxAge: 0
+  });
+  ctx.setCookie(ctx.context.authCookies.dontRememberToken.name, "", {
+    maxAge: 0
+  });
+}
+// src/api/routes/session.ts
+import { z as z3 } from "zod";
+// src/utils/get-request-ip.ts
+function getIp(req) {
+  const testIP = "127.0.0.1";
+  if (process.env.NODE_ENV === "test") {
+    return testIP;
+  }
+  const headers = [
+    "x-client-ip",
+    "x-forwarded-for",
+    "cf-connecting-ip",
+    "fastly-client-ip",
+    "x-real-ip",
+    "x-cluster-client-ip",
+    "x-forwarded",
+    "forwarded-for",
+    "forwarded"
+  ];
+  for (const header of headers) {
+    const value = req.headers.get(header);
+    if (typeof value === "string") {
+      const ip = value.split(",")[0].trim();
+      if (ip) return ip;
+    }
+  }
+  return null;
+}
+// src/api/routes/session.ts
 function getRequestUniqueKey(ctx, token) {
   if (!ctx.request) {
     return "";
@@ -798,7 +865,7 @@ var getSessionFromCtx = async (ctx) => {
 var sessionMiddleware = createAuthMiddleware(async (ctx) => {
   const session = await getSessionFromCtx(ctx);
   if (!session?.session) {
-    throw new APIError("UNAUTHORIZED");
+    throw new APIError2("UNAUTHORIZED");
   }
   return {
     session
@@ -833,8 +900,8 @@ var revokeSession = createAuthEndpoint(
   "/user/revoke-session",
   {
     method: "POST",
-    body: z.object({
-      id: z.string()
+    body: z3.object({
+      id: z3.string()
     }),
     use: [sessionMiddleware],
     requireHeaders: true
@@ -887,26 +954,26 @@ var signInOAuth = createAuthEndpoint(
   {
     method: "POST",
     requireHeaders: true,
-    query: z.object({
+    query: z4.object({
       /**
        * Redirect to the current URL after the
        * user has signed in.
        */
-      currentURL: z.string().optional()
+      currentURL: z4.string().optional()
     }).optional(),
-    body: z.object({
+    body: z4.object({
       /**
        * Callback URL to redirect to after the user has signed in.
        */
-      callbackURL: z.string().optional(),
+      callbackURL: z4.string().optional(),
       /**
        * OAuth2 provider to use`
        */
-      provider: z.enum(oAuthProviderList),
+      provider: z4.enum(oAuthProviderList),
       /**
        * If this is true the session will only be valid for the current browser session
        */
-      dontRememberMe: z.boolean().default(false).optional()
+      dontRememberMe: z4.boolean().default(false).optional()
     })
   },
   async (c) => {
@@ -920,7 +987,7 @@ var signInOAuth = createAuthEndpoint(
           provider: c.body.provider
         }
       );
-      throw new APIError("NOT_FOUND", {
+      throw new APIError3("NOT_FOUND", {
         message: "Provider not found"
       });
     }
@@ -960,7 +1027,7 @@ var signInOAuth = createAuthEndpoint(
         redirect: true
       };
     } catch (e) {
-      throw new APIError("INTERNAL_SERVER_ERROR");
+      throw new APIError3("INTERNAL_SERVER_ERROR");
     }
   }
 );
@@ -968,15 +1035,15 @@ var signInEmail = createAuthEndpoint(
   "/sign-in/email",
   {
     method: "POST",
-    body: z.object({
-      email: z.string().email(),
-      password: z.string(),
-      callbackURL: z.string().optional(),
+    body: z4.object({
+      email: z4.string().email(),
+      password: z4.string(),
+      callbackURL: z4.string().optional(),
       /**
        * If this is true the session will only be valid for the current browser session
        * @default false
        */
-      dontRememberMe: z.boolean().default(false).optional()
+      dontRememberMe: z4.boolean().default(false).optional()
     })
   },
   async (ctx) => {
@@ -984,7 +1051,7 @@ var signInEmail = createAuthEndpoint(
       ctx.context.logger.error(
         "Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"
       );
-      throw new APIError("BAD_REQUEST", {
+      throw new APIError3("BAD_REQUEST", {
         message: "Email and password is not enabled"
       });
     }
@@ -995,9 +1062,9 @@ var signInEmail = createAuthEndpoint(
       );
     }
     const { email, password } = ctx.body;
-    const checkEmail = z.string().email().safeParse(email);
+    const checkEmail = z4.string().email().safeParse(email);
     if (!checkEmail.success) {
-      throw new APIError("BAD_REQUEST", {
+      throw new APIError3("BAD_REQUEST", {
         message: "Invalid email"
       });
     }
@@ -1005,7 +1072,7 @@ var signInEmail = createAuthEndpoint(
     if (!user) {
       await ctx.context.password.hash(password);
       ctx.context.logger.error("User not found", { email });
-      throw new APIError("UNAUTHORIZED", {
+      throw new APIError3("UNAUTHORIZED", {
         message: "Invalid email or password"
       });
     }
@@ -1014,14 +1081,14 @@ var signInEmail = createAuthEndpoint(
     );
     if (!credentialAccount) {
       ctx.context.logger.error("Credential account not found", { email });
-      throw new APIError("UNAUTHORIZED", {
+      throw new APIError3("UNAUTHORIZED", {
         message: "Invalid email or password"
       });
     }
     const currentPassword = credentialAccount?.password;
     if (!currentPassword) {
       ctx.context.logger.error("Password not found", { email });
-      throw new APIError("UNAUTHORIZED", {
+      throw new APIError3("UNAUTHORIZED", {
         message: "Unexpected error"
       });
     }
@@ -1031,7 +1098,7 @@ var signInEmail = createAuthEndpoint(
     );
     if (!validPassword) {
       ctx.context.logger.error("Invalid password");
-      throw new APIError("UNAUTHORIZED", {
+      throw new APIError3("UNAUTHORIZED", {
         message: "Invalid email or password"
       });
     }
@@ -1042,7 +1109,7 @@ var signInEmail = createAuthEndpoint(
     );
     if (!session) {
       ctx.context.logger.error("Failed to create session");
-      throw new APIError("INTERNAL_SERVER_ERROR");
+      throw new APIError3("INTERNAL_SERVER_ERROR");
     }
     await setSessionCookie(ctx, session.id, ctx.body.dontRememberMe);
     return ctx.json({
@@ -1053,46 +1120,64 @@ var signInEmail = createAuthEndpoint(
     });
   }
 );
-z.object({
-  id: z.string(),
-  providerId: z.string(),
-  accountId: z.string(),
-  userId: z.string(),
-  accessToken: z.string().nullable().optional(),
-  refreshToken: z.string().nullable().optional(),
-  idToken: z.string().nullable().optional(),
+// src/api/routes/callback.ts
+import { APIError as APIError4 } from "better-call";
+import { z as z6 } from "zod";
+// src/db/schema.ts
+import { z as z5 } from "zod";
+var accountSchema = z5.object({
+  id: z5.string(),
+  providerId: z5.string(),
+  accountId: z5.string(),
+  userId: z5.string(),
+  accessToken: z5.string().nullable().optional(),
+  refreshToken: z5.string().nullable().optional(),
+  idToken: z5.string().nullable().optional(),
   /**
    * Access token expires at
    */
-  expiresAt: z.date().nullable().optional(),
+  expiresAt: z5.date().nullable().optional(),
   /**
    * Password is only stored in the credential provider
    */
-  password: z.string().optional().nullable()
+  password: z5.string().optional().nullable()
 });
-var userSchema = z.object({
-  id: z.string(),
-  email: z.string().transform((val) => val.toLowerCase()),
-  emailVerified: z.boolean().default(false),
-  name: z.string(),
-  image: z.string().optional(),
-  createdAt: z.date().default(/* @__PURE__ */ new Date()),
-  updatedAt: z.date().default(/* @__PURE__ */ new Date())
+var userSchema = z5.object({
+  id: z5.string(),
+  email: z5.string().transform((val) => val.toLowerCase()),
+  emailVerified: z5.boolean().default(false),
+  name: z5.string(),
+  image: z5.string().optional(),
+  createdAt: z5.date().default(/* @__PURE__ */ new Date()),
+  updatedAt: z5.date().default(/* @__PURE__ */ new Date())
 });
-z.object({
-  id: z.string(),
-  userId: z.string(),
-  expiresAt: z.date(),
-  ipAddress: z.string().optional(),
-  userAgent: z.string().optional()
+var sessionSchema = z5.object({
+  id: z5.string(),
+  userId: z5.string(),
+  expiresAt: z5.date(),
+  ipAddress: z5.string().optional(),
+  userAgent: z5.string().optional()
 });
-z.object({
-  id: z.string(),
-  value: z.string(),
-  expiresAt: z.date(),
-  identifier: z.string()
+var verificationSchema = z5.object({
+  id: z5.string(),
+  value: z5.string(),
+  expiresAt: z5.date(),
+  identifier: z5.string()
 });
+// src/utils/id.ts
+import { nanoid } from "nanoid";
+var generateId = (size) => {
+  return nanoid(size);
+};
+// src/utils/hide-metadata.ts
+var HIDE_METADATA = {
+  isAction: false
+};
 // src/utils/getAccount.ts
 function getAccountTokens(tokens) {
   const accessToken = tokens.accessToken();
@@ -1114,10 +1199,10 @@ var callbackOAuth = createAuthEndpoint(
   "/callback/:id",
   {
     method: "GET",
-    query: z.object({
-      state: z.string(),
-      code: z.string().optional(),
-      error: z.string().optional()
+    query: z6.object({
+      state: z6.string(),
+      code: z6.string().optional(),
+      error: z6.string().optional()
     }),
     metadata: HIDE_METADATA
   },
@@ -1245,7 +1330,7 @@ var callbackOAuth = createAuthEndpoint(
       }
     }
     if (!userId && !id)
-      throw new APIError("INTERNAL_SERVER_ERROR", {
+      throw new APIError4("INTERNAL_SERVER_ERROR", {
         message: "Unable to create user"
       });
     try {
@@ -1275,13 +1360,16 @@ var callbackOAuth = createAuthEndpoint(
     throw c.redirect(callbackURL);
   }
 );
+// src/api/routes/sign-out.ts
+import { z as z7 } from "zod";
 var signOut = createAuthEndpoint(
   "/sign-out",
   {
     method: "POST",
-    body: z.optional(
-      z.object({
-        callbackURL: z.string().optional()
+    body: z7.optional(
+      z7.object({
+        callbackURL: z7.string().optional()
       })
     )
   },
@@ -1303,22 +1391,28 @@ var signOut = createAuthEndpoint(
     });
   }
 );
+// src/api/routes/forget-password.ts
+import { TimeSpan as TimeSpan2 } from "oslo";
+import { createJWT, parseJWT as parseJWT3 } from "oslo/jwt";
+import { validateJWT } from "oslo/jwt";
+import { z as z8 } from "zod";
 var forgetPassword = createAuthEndpoint(
   "/forget-password",
   {
     method: "POST",
-    body: z.object({
+    body: z8.object({
       /**
        * The email address of the user to send a password reset email to.
        */
-      email: z.string().email(),
+      email: z8.string().email(),
       /**
        * The URL to redirect the user to reset their password.
        * If the token isn't valid or expired, it'll be redirected with a query parameter `?
        * error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?
        * token=VALID_TOKEN
        */
-      redirectTo: z.string()
+      redirectTo: z8.string()
     })
   },
   async (ctx) => {
@@ -1356,7 +1450,7 @@ var forgetPassword = createAuthEndpoint(
         redirectTo: ctx.body.redirectTo
       },
       {
-        expiresIn: new TimeSpan(1, "h"),
+        expiresIn: new TimeSpan2(1, "h"),
         issuer: "better-auth",
         subject: "forget-password",
         audiences: [user.user.email],
@@ -1381,9 +1475,9 @@ var forgetPasswordCallback = createAuthEndpoint(
   async (ctx) => {
     const { token } = ctx.params;
     let decodedToken;
-    const schema = z.object({
-      email: z.string(),
-      redirectTo: z.string()
+    const schema = z8.object({
+      email: z8.string(),
+      redirectTo: z8.string()
     });
     try {
       decodedToken = await validateJWT(
@@ -1395,7 +1489,7 @@ var forgetPasswordCallback = createAuthEndpoint(
         throw Error("Token expired");
       }
     } catch (e) {
-      const decoded = parseJWT(token);
+      const decoded = parseJWT3(token);
       const jwt = schema.safeParse(decoded?.payload);
       if (jwt.success) {
         throw ctx.redirect(`${jwt.data?.redirectTo}?error=invalid_token`);
@@ -1411,12 +1505,12 @@ var resetPassword = createAuthEndpoint(
   "/reset-password",
   {
     method: "POST",
-    query: z.object({
-      currentURL: z.string()
+    query: z8.object({
+      currentURL: z8.string()
     }).optional(),
-    body: z.object({
-      newPassword: z.string(),
-      callbackURL: z.string().optional()
+    body: z8.object({
+      newPassword: z8.string(),
+      callbackURL: z8.string().optional()
     })
   },
   async (ctx) => {
@@ -1443,7 +1537,7 @@ var resetPassword = createAuthEndpoint(
         Buffer.from(ctx.context.secret),
         token
       );
-      const email = z.string().email().parse(jwt.payload.email);
+      const email = z8.string().email().parse(jwt.payload.email);
       const user = await ctx.context.internalAdapter.findUserByEmail(email);
       if (!user) {
         return ctx.json(
@@ -1523,15 +1617,20 @@ var resetPassword = createAuthEndpoint(
     }
   }
 );
+// src/api/routes/verify-email.ts
+import { TimeSpan as TimeSpan3 } from "oslo";
+import { createJWT as createJWT2, validateJWT as validateJWT2 } from "oslo/jwt";
+import { z as z9 } from "zod";
 async function createEmailVerificationToken(secret, email) {
-  const token = await createJWT(
+  const token = await createJWT2(
     "HS256",
     Buffer.from(secret),
     {
       email: email.toLowerCase()
     },
     {
-      expiresIn: new TimeSpan(1, "h"),
+      expiresIn: new TimeSpan3(1, "h"),
       issuer: "better-auth",
       subject: "verify-email",
       audiences: [email],
@@ -1544,12 +1643,12 @@ var sendVerificationEmail = createAuthEndpoint(
   "/send-verification-email",
   {
     method: "POST",
-    query: z.object({
-      currentURL: z.string().optional()
+    query: z9.object({
+      currentURL: z9.string().optional()
     }).optional(),
-    body: z.object({
-      email: z.string().email(),
-      callbackURL: z.string().optional()
+    body: z9.object({
+      email: z9.string().email(),
+      callbackURL: z9.string().optional()
     })
   },
   async (ctx) => {
@@ -1582,16 +1681,16 @@ var verifyEmail = createAuthEndpoint(
   "/verify-email",
   {
     method: "GET",
-    query: z.object({
-      token: z.string(),
-      callbackURL: z.string().optional()
+    query: z9.object({
+      token: z9.string(),
+      callbackURL: z9.string().optional()
     })
   },
   async (ctx) => {
     const { token } = ctx.query;
     let jwt;
     try {
-      jwt = await validateJWT("HS256", Buffer.from(ctx.context.secret), token);
+      jwt = await validateJWT2("HS256", Buffer.from(ctx.context.secret), token);
     } catch (e) {
       ctx.context.logger.error("Failed to verify email", e);
       return ctx.json(null, {
@@ -1602,8 +1701,8 @@ var verifyEmail = createAuthEndpoint(
         }
       });
     }
-    const schema = z.object({
-      email: z.string().email()
+    const schema = z9.object({
+      email: z9.string().email()
     });
     const parsed = schema.parse(jwt.payload);
     const user = await ctx.context.internalAdapter.findUserByEmail(
@@ -1635,6 +1734,9 @@ var verifyEmail = createAuthEndpoint(
   }
 );
+// src/api/routes/update-user.ts
+import { z as z10 } from "zod";
 // src/crypto/random.ts
 function byteToBinary(byte) {
   return byte.toString(2).padStart(8, "0");
@@ -1697,9 +1799,9 @@ var updateUser = createAuthEndpoint(
   "/user/update",
   {
     method: "POST",
-    body: z.object({
-      name: z.string().optional(),
-      image: z.string().optional()
+    body: z10.object({
+      name: z10.string().optional(),
+      image: z10.string().optional()
     }),
     use: [sessionMiddleware]
   },
@@ -1723,20 +1825,20 @@ var changePassword = createAuthEndpoint(
   "/user/change-password",
   {
     method: "POST",
-    body: z.object({
+    body: z10.object({
       /**
        * The new password to set
        */
-      newPassword: z.string(),
+      newPassword: z10.string(),
       /**
        * The current password of the user
        */
-      currentPassword: z.string(),
+      currentPassword: z10.string(),
       /**
        * revoke all sessions that are not the
        * current one logged in by the user
        */
-      revokeOtherSessions: z.boolean().optional()
+      revokeOtherSessions: z10.boolean().optional()
     }),
     use: [sessionMiddleware]
   },
@@ -1806,11 +1908,11 @@ var setPassword = createAuthEndpoint(
   "/user/set-password",
   {
     method: "POST",
-    body: z.object({
+    body: z10.object({
       /**
        * The new password to set
        */
-      newPassword: z.string()
+      newPassword: z10.string()
     }),
     use: [sessionMiddleware]
   },
@@ -1860,8 +1962,8 @@ var deleteUser = createAuthEndpoint(
   "/user/delete",
   {
     method: "POST",
-    body: z.object({
-      password: z.string()
+    body: z10.object({
+      password: z10.string()
     }),
     use: [sessionMiddleware]
   },
@@ -2039,19 +2141,22 @@ var ok = createAuthEndpoint(
     });
   }
 );
+// src/api/routes/sign-up.ts
+import { z as z11 } from "zod";
 var signUpEmail = createAuthEndpoint(
   "/sign-up/email",
   {
     method: "POST",
-    query: z.object({
-      currentURL: z.string().optional()
+    query: z11.object({
+      currentURL: z11.string().optional()
     }).optional(),
-    body: z.object({
-      name: z.string(),
-      email: z.string(),
-      password: z.string(),
-      image: z.string().optional(),
-      callbackURL: z.string().optional()
+    body: z11.object({
+      name: z11.string(),
+      email: z11.string(),
+      password: z11.string(),
+      image: z11.string().optional(),
+      callbackURL: z11.string().optional()
     })
   },
   async (ctx) => {
@@ -2064,7 +2169,7 @@ var signUpEmail = createAuthEndpoint(
       });
     }
     const { name, email, password, image } = ctx.body;
-    const isValidEmail = z.string().email().safeParse(email);
+    const isValidEmail = z11.string().email().safeParse(email);
     if (!isValidEmail.success) {
       return ctx.json(null, {
         status: 400,
@@ -2166,6 +2271,9 @@ var signUpEmail = createAuthEndpoint(
   }
 );
+// src/api/index.ts
+import chalk from "chalk";
 // src/api/rate-limiter.ts
 function shouldRateLimit(max, window2, rateLimitData) {
   const now = Date.now();
@@ -2463,7 +2571,7 @@ var router = (ctx, options) => {
     onError(e) {
       const log = options.logger?.verboseLogging ? logger : void 0;
       if (options.logger?.disabled !== true) {
-        if (e instanceof APIError) {
+        if (e instanceof APIError5) {
           if (e.status === "INTERNAL_SERVER_ERROR") {
             logger.error(e);
           }
@@ -2504,5 +2612,35 @@ var router = (ctx, options) => {
     }
   });
 };
-export { callbackOAuth, changePassword, createAuthEndpoint, createAuthMiddleware, createEmailVerificationToken, csrfMiddleware, deleteUser, error, forgetPassword, forgetPasswordCallback, getCSRFToken, getEndpoints, getSession, getSessionFromCtx, listSessions, ok, optionsMiddleware, resetPassword, revokeSession, revokeSessions, router, sendVerificationEmail, sessionMiddleware, setPassword, signInEmail, signInOAuth, signOut, signUpEmail, updateUser, verifyEmail };
+export {
+  callbackOAuth,
+  changePassword,
+  createAuthEndpoint,
+  createAuthMiddleware,
+  createEmailVerificationToken,
+  csrfMiddleware,
+  deleteUser,
+  error,
+  forgetPassword,
+  forgetPasswordCallback,
+  getCSRFToken,
+  getEndpoints,
+  getSession,
+  getSessionFromCtx,
+  listSessions,
+  ok,
+  optionsMiddleware,
+  resetPassword,
+  revokeSession,
+  revokeSessions,
+  router,
+  sendVerificationEmail,
+  sessionMiddleware,
+  setPassword,
+  signInEmail,
+  signInOAuth,
+  signOut,
+  signUpEmail,
+  updateUser,
+  verifyEmail
+};