better-auth 0.4.12-beta.7 → 0.4.13

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../auth-Cx7ibOvY.js';
+import { A as Adapter } from '../auth-C6fr77co.js';
 import 'zod';
 import 'kysely';
 import '../schema-Dkt0LqYs.js';
@@ -18,6 +18,15 @@ interface DrizzleAdapterOptions {
      * has an object with a key "users" instead of "user"
      */
     usePlural?: boolean;
+    /**
+     * Custom generateId function.
+     *
+     * If not provided, nanoid will be used.
+     * If set to false, the database's auto generated id will be used.
+     *
+     * @default nanoid
+     */
+    generateId?: ((size?: number) => string) | false;
 }
 interface DB {
     [key: string]: any;

package/dist/adapters/drizzle.js

@@ -1 +1 @@
-import{and as y,asc as g,desc as P,eq as m,or as z}from"drizzle-orm";var h=class extends Error{constructor(r,l){super(r),this.name="BetterAuthError",this.message=r,this.cause=l,this.stack=""}};function f(t,r){let l=r.schema;if(!l)throw new h("Drizzle adapter failed to initialize. Schema not found. Please provide a schema object in the adapter options object.");let u=r.usePlural?`${t}s`:t,s=l[u];if(!s)throw new h(`[# Drizzle Adapter]: The model "${t}" was not found in the schema object. Please pass the schema directly to the adapter options.`);return s}function p(t,r){if(!t)return[];if(t.length===1){let e=t[0];return e?[m(r[e.field],e.value)]:[]}let l=t.filter(e=>e.connector==="AND"||!e.connector),u=t.filter(e=>e.connector==="OR"),s=y(...l.map(e=>m(r[e.field],e.value))),o=z(...u.map(e=>m(r[e.field],e.value))),a=[];return l.length&&a.push(s),u.length&&a.push(o),a}var B=(t,r)=>{let l=r.schema||t._.fullSchema,u=r?.provider;return{id:"drizzle",async create(s){let{model:o,data:a}=s,e=f(o,{schema:l,usePlural:r.usePlural}),n=t.insert(e).values(a);return u!=="mysql"?(await n.returning())[0]:(await n,(await t.select().from(e).where(m(e.id,s.data.id)))[0])},async findOne(s){let{model:o,where:a,select:e}=s,n=f(o,{schema:l,usePlural:r.usePlural}),i=p(a,n),c=null;return e?.length?c=await t.select(...e.map(d=>({[d]:n[d]}))).from(n).where(...i):c=await t.select().from(n).where(...i),c.length?c[0]:null},async findMany(s){let{model:o,where:a,limit:e,offset:n,sortBy:i}=s,c=f(o,{schema:l,usePlural:r.usePlural}),d=a?p(a,c):[],w=i?.direction==="desc"?P:g;return await t.select().from(c).limit(e||100).offset(n||0).orderBy(w(c[i?.field||"id"])).where(...d.length?d:[])},async update(s){let{model:o,where:a,update:e}=s,n=f(o,{schema:l,usePlural:r.usePlural}),i=p(a,n),c=t.update(n).set(e).where(...i);return u!=="mysql"?(await c.returning())[0]:(await c,(await t.select().from(n).where(m(n.id,s.update.id)))[0])},async delete(s){let{model:o,where:a}=s,e=f(o,{schema:l,usePlural:r.usePlural}),n=p(a,e);return(await t.delete(e).where(...n))[0]},options:r}};export{B as drizzleAdapter};
+import{and as g,asc as y,desc as P,eq as m,or as z}from"drizzle-orm";var h=class extends Error{constructor(t,l){super(t),this.name="BetterAuthError",this.message=t,this.cause=l,this.stack=""}};function f(r,t){let l=t.schema;if(!l)throw new h("Drizzle adapter failed to initialize. Schema not found. Please provide a schema object in the adapter options object.");let u=t.usePlural?`${r}s`:r,s=l[u];if(!s)throw new h(`[# Drizzle Adapter]: The model "${r}" was not found in the schema object. Please pass the schema directly to the adapter options.`);return s}function p(r,t){if(!r)return[];if(r.length===1){let e=r[0];return e?[m(t[e.field],e.value)]:[]}let l=r.filter(e=>e.connector==="AND"||!e.connector),u=r.filter(e=>e.connector==="OR"),s=g(...l.map(e=>m(t[e.field],e.value))),c=z(...u.map(e=>m(t[e.field],e.value))),a=[];return l.length&&a.push(s),u.length&&a.push(c),a}var B=(r,t)=>{let l=t.schema||r._.fullSchema,u=t?.provider;return{id:"drizzle",async create(s){let{model:c,data:a}=s,e=f(c,{schema:l,usePlural:t.usePlural});t.generateId!==void 0&&(a.id=t.generateId?t.generateId():void 0);let n=r.insert(e).values(a);return u!=="mysql"?(await n.returning())[0]:(await n,(await r.select().from(e).where(m(e.id,s.data.id)))[0])},async findOne(s){let{model:c,where:a,select:e}=s,n=f(c,{schema:l,usePlural:t.usePlural}),i=p(a,n),o=null;return e?.length?o=await r.select(...e.map(d=>({[d]:n[d]}))).from(n).where(...i):o=await r.select().from(n).where(...i),o.length?o[0]:null},async findMany(s){let{model:c,where:a,limit:e,offset:n,sortBy:i}=s,o=f(c,{schema:l,usePlural:t.usePlural}),d=a?p(a,o):[],w=i?.direction==="desc"?P:y;return await r.select().from(o).limit(e||100).offset(n||0).orderBy(w(o[i?.field||"id"])).where(...d.length?d:[])},async update(s){let{model:c,where:a,update:e}=s,n=f(c,{schema:l,usePlural:t.usePlural}),i=p(a,n),o=r.update(n).set(e).where(...i);return u!=="mysql"?(await o.returning())[0]:(await o,(await r.select().from(n).where(m(n.id,s.update.id)))[0])},async delete(s){let{model:c,where:a}=s,e=f(c,{schema:l,usePlural:t.usePlural}),n=p(a,e);return(await r.delete(e).where(...n))[0]},options:t}};export{B as drizzleAdapter};

package/dist/adapters/kysely.d.ts

@@ -1,5 +1,5 @@
 import { Kysely } from 'kysely';
-import { B as BetterAuthOptions, K as KyselyDatabaseType, F as FieldAttribute, A as Adapter } from '../auth-Cx7ibOvY.js';
+import { B as BetterAuthOptions, K as KyselyDatabaseType, F as FieldAttribute, A as Adapter } from '../auth-C6fr77co.js';
 import 'zod';
 import '../schema-Dkt0LqYs.js';
 import 'better-call';
@@ -28,6 +28,15 @@ interface KyselyAdapterConfig {
         boolean: boolean;
         date: boolean;
     };
+    /**
+     * Custom generateId function.
+     *
+     * If not provided, nanoid will be used.
+     * If set to false, the database's auto generated id will be used.
+     *
+     * @default nanoid
+     */
+    generateId?: ((size?: number) => string) | false;
 }
 declare const kyselyAdapter: (db: Kysely<any>, config?: KyselyAdapterConfig) => Adapter;
 

package/dist/adapters/kysely.js

@@ -1,2 +1 @@
-import"kysely";import{createConsola as I}from"consola";var f=I({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),k=t=>({log:(...e)=>{!t?.disabled&&f.log("",...e)},error:(...e)=>{!t?.disabled&&f.error("",...e)},warn:(...e)=>{!t?.disabled&&f.warn("",...e)},info:(...e)=>{!t?.disabled&&f.info("",...e)},debug:(...e)=>{!t?.disabled&&f.debug("",...e)},box:(...e)=>{!t?.disabled&&f.box("",...e)},success:(...e)=>{!t?.disabled&&f.success("",...e)},break:(...e)=>{!t?.disabled&&console.log(`
-`)}}),O=k();import{Kysely as g,MssqlDialect as v}from"kysely";import{MysqlDialect as A,PostgresDialect as h,SqliteDialect as x}from"kysely";function w(t){if("dialect"in t)return w(t.dialect);if("createDriver"in t){if(t instanceof x)return"sqlite";if(t instanceof A)return"mysql";if(t instanceof h)return"postgres";if(t instanceof v)return"mssql"}return"aggregate"in t?"sqlite":"getConnection"in t?"mysql":"connect"in t?"postgres":null}var T=async t=>{let e=t.database;if("db"in e)return{kysely:e.db,databaseType:e.type};if("dialect"in e)return{kysely:new g({dialect:e.dialect}),databaseType:e.type};let i,r=w(e);return"createDriver"in e&&(i=e),"aggregate"in e&&(i=new x({database:e})),"getConnection"in e&&(i=new A({pool:e})),"connect"in e&&(i=new h({pool:e})),{kysely:i?new g({dialect:i}):null,databaseType:r}};import{z as me}from"zod";function y(t){if(!t)return{and:null,or:null};let e=t?.filter(r=>r.connector==="AND"||!r.connector).reduce((r,d)=>({...r,[d.field]:d.value}),{}),i=t?.filter(r=>r.connector==="OR").reduce((r,d)=>({...r,[d.field]:d.value}),{});return{and:Object.keys(e).length?e:null,or:Object.keys(i).length?i:null}}function p(t,e,i){for(let r in t)t[r]===0&&e[r]?.type==="boolean"&&i?.boolean&&(t[r]=!1),t[r]===1&&e[r]?.type==="boolean"&&i?.boolean&&(t[r]=!0),e[r]?.type==="date"&&(t[r]instanceof Date||(t[r]=new Date(t[r])));return t}function F(t,e){for(let i in t)typeof t[i]=="boolean"&&e?.boolean&&(t[i]=t[i]?1:0),t[i]instanceof Date&&(t[i]=t[i].toISOString());return t}var q=(t,e)=>({id:"kysely",async create(i){let{model:r,data:d,select:u}=i;e?.transform&&(d=F(d,e.transform));let a=await t.insertInto(r).values(d).returningAll().executeTakeFirst();if(e?.transform){let o=e.transform.schema[r];a=o?p(d,o,e.transform):a}return u?.length&&(a=a?u.reduce((n,s)=>a?.[s]?{...n,[s]:a[s]}:n,{}):null),a},async findOne(i){let{model:r,where:d,select:u}=i,{and:a,or:o}=y(d),n=t.selectFrom(r).selectAll();o&&(n=n.where(l=>l.or(o))),a&&(n=n.where(l=>l.and(a)));let s=await n.executeTakeFirst();if(u?.length&&(s=s?u.reduce((m,c)=>s?.[c]?{...m,[c]:s[c]}:m,{}):null),e?.transform){let l=e.transform.schema[r];return s=s&&l?p(s,l,e.transform):s,s||null}return s||null},async findMany(i){let{model:r,where:d,limit:u,offset:a,sortBy:o}=i,n=t.selectFrom(r),{and:s,or:l}=y(d);s&&(n=n.where(c=>c.and(s))),l&&(n=n.where(c=>c.or(l))),n=n.limit(u||100),a&&(n=n.offset(a)),o&&(n=n.orderBy(o.field,o.direction));let m=await n.selectAll().execute();if(e?.transform){let c=e.transform.schema[r];return c?m.map(N=>p(N,c,e.transform)):m}return m},async update(i){let{model:r,where:d,update:u}=i,{and:a,or:o}=y(d);e?.transform&&(u=F(u,e.transform));let n=t.updateTable(r).set(u);a&&(n=n.where(l=>l.and(a))),o&&(n=n.where(l=>l.or(o)));let s=await n.returningAll().executeTakeFirst()||null;if(e?.transform){let l=e.transform.schema[r];return l?p(s,l,e.transform):s}return s},async delete(i){let{model:r,where:d}=i,{and:u,or:a}=y(d),o=t.deleteFrom(r);u&&(o=o.where(n=>n.and(u))),a&&(o=o.where(n=>n.or(a))),await o.execute()}});export{T as createKyselyAdapter,q as kyselyAdapter};
+import{Kysely as p,MssqlDialect as k}from"kysely";import{MysqlDialect as h,PostgresDialect as A,SqliteDialect as w}from"kysely";function b(t){if("dialect"in t)return b(t.dialect);if("createDriver"in t){if(t instanceof w)return"sqlite";if(t instanceof h)return"mysql";if(t instanceof A)return"postgres";if(t instanceof k)return"mssql"}return"aggregate"in t?"sqlite":"getConnection"in t?"mysql":"connect"in t?"postgres":null}var x=async t=>{let e=t.database;if("db"in e)return{kysely:e.db,databaseType:e.type};if("dialect"in e)return{kysely:new p({dialect:e.dialect}),databaseType:e.type};let a,r=b(e);return"createDriver"in e&&(a=e),"aggregate"in e&&(a=new w({database:e})),"getConnection"in e&&(a=new h({pool:e})),"connect"in e&&(a=new A({pool:e})),{kysely:a?new p({dialect:a}):null,databaseType:r}};function d(t){if(!t)return{and:null,or:null};let e=t?.filter(r=>r.connector==="AND"||!r.connector).reduce((r,o)=>({...r,[o.field]:o.value}),{}),a=t?.filter(r=>r.connector==="OR").reduce((r,o)=>({...r,[o.field]:o.value}),{});return{and:Object.keys(e).length?e:null,or:Object.keys(a).length?a:null}}function m(t,e,a){for(let r in t)t[r]===0&&e[r]?.type==="boolean"&&a?.boolean&&(t[r]=!1),t[r]===1&&e[r]?.type==="boolean"&&a?.boolean&&(t[r]=!0),e[r]?.type==="date"&&(t[r]instanceof Date||(t[r]=new Date(t[r])));return t}function D(t,e){for(let a in t)typeof t[a]=="boolean"&&e?.boolean&&(t[a]=t[a]?1:0),t[a]instanceof Date&&(t[a]=t[a].toISOString());return t}var K=(t,e)=>({id:"kysely",async create(a){let{model:r,data:o,select:y}=a;e?.transform&&(o=D(o,e.transform)),e?.generateId!==void 0&&(o.id=e.generateId?e.generateId():void 0);let i=await t.insertInto(r).values(o).returningAll().executeTakeFirst();if(e?.transform){let l=e.transform.schema[r];i=l?m(o,l,e.transform):i}return y?.length&&(i=i?y.reduce((n,s)=>i?.[s]?{...n,[s]:i[s]}:n,{}):null),i},async findOne(a){let{model:r,where:o,select:y}=a,{and:i,or:l}=d(o),n=t.selectFrom(r).selectAll();l&&(n=n.where(f=>f.or(l))),i&&(n=n.where(f=>f.and(i)));let s=await n.executeTakeFirst();if(y?.length&&(s=s?y.reduce((u,c)=>s?.[c]?{...u,[c]:s[c]}:u,{}):null),e?.transform){let f=e.transform.schema[r];return s=s&&f?m(s,f,e.transform):s,s||null}return s||null},async findMany(a){let{model:r,where:o,limit:y,offset:i,sortBy:l}=a,n=t.selectFrom(r),{and:s,or:f}=d(o);s&&(n=n.where(c=>c.and(s))),f&&(n=n.where(c=>c.or(f))),n=n.limit(y||100),i&&(n=n.offset(i)),l&&(n=n.orderBy(l.field,l.direction));let u=await n.selectAll().execute();if(e?.transform){let c=e.transform.schema[r];return c?u.map(g=>m(g,c,e.transform)):u}return u},async update(a){let{model:r,where:o,update:y}=a,{and:i,or:l}=d(o);e?.transform&&(y=D(y,e.transform));let n=t.updateTable(r).set(y);i&&(n=n.where(f=>f.and(i))),l&&(n=n.where(f=>f.or(l)));let s=await n.returningAll().executeTakeFirst()||null;if(e?.transform){let f=e.transform.schema[r];return f?m(s,f,e.transform):s}return s},async delete(a){let{model:r,where:o}=a,{and:y,or:i}=d(o),l=t.deleteFrom(r);y&&(l=l.where(n=>n.and(y))),i&&(l=l.where(n=>n.or(i))),await l.execute()}});export{x as createKyselyAdapter,K as kyselyAdapter};

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../auth-Cx7ibOvY.js';
+import { W as Where } from '../auth-C6fr77co.js';
 import 'zod';
 import 'kysely';
 import '../schema-Dkt0LqYs.js';
@@ -12,9 +12,20 @@ import 'mysql2';
 
 declare const mongodbAdapter: (mongo: Db, opts?: {
     usePlural?: boolean;
+    /**
+     * Custom generateId function.
+     *
+     * If not provided, nanoid will be used.
+     * If set to false, the database's auto generated id will be used.
+     *
+     * @default nanoid
+     */
+    generateId?: ((size?: number) => string) | false;
 }) => {
     id: string;
-    create<T, R = T>(data: {
+    create<T extends {
+        id?: string;
+    } & Record<string, any>, R = T>(data: {
         model: string;
         data: T;
         select?: string[];

package/dist/adapters/mongodb.js

@@ -1 +1 @@
-function u(o){if(!o)return{};if(o.length===1){let e=o[0];return e?{[e.field]:e.value}:void 0}let a=o.filter(e=>e.connector==="AND"||!e.connector),r=o.filter(e=>e.connector==="OR"),s=a.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[e.field]:e.value}})),n=r.map(e=>({[e.field]:e.value})),t={};return s.length&&(t={...t,$and:s}),n.length&&(t={...t,$or:n}),t}function f(o){let{_id:a,...r}=o;return r}function m(o){return o.reduce((r,s)=>(r[s]=1,r),{})}var y=(o,a)=>{let r=o,s=n=>a?.usePlural?`${n}s`:n;return{id:"mongodb",async create(n){let{model:t,data:e}=n,l={id:(await r.collection(s(t)).insertOne({...e})).insertedId,...e};return f(l)},async findOne(n){let{model:t,where:e,select:c}=n,i=u(e),l={};c&&(l=m(c));let p=(await r.collection(s(t)).find({...i},{projection:l}).toArray())[0];return p?f(p):null},async findMany(n){let{model:t,where:e,limit:c,offset:i,sortBy:l}=n,d=u(e);return(await r.collection(s(t)).find().filter(d).skip(i||0).limit(c||100).sort(l?.field||"id",l?.direction==="desc"?-1:1).toArray()).map(f)},async update(n){let{model:t,where:e,update:c}=n,i=u(e);if(e.length===1){let d=await r.collection(s(t)).findOneAndUpdate(i,{$set:c},{returnDocument:"after"});return f(d)}let l=await r.collection(s(t)).updateMany(i,{$set:c});return{}},async delete(n){let{model:t,where:e}=n,c=u(e),i=await r.collection(s(t)).findOneAndDelete(c)}}};export{y as mongodbAdapter};
+function u(o){if(!o)return{};if(o.length===1){let e=o[0];return e?{[e.field]:e.value}:void 0}let l=o.filter(e=>e.connector==="AND"||!e.connector),r=o.filter(e=>e.connector==="OR"),s=l.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[e.field]:e.value}})),n=r.map(e=>({[e.field]:e.value})),t={};return s.length&&(t={...t,$and:s}),n.length&&(t={...t,$or:n}),t}function f(o){let{_id:l,...r}=o;return r}function p(o){return o.reduce((r,s)=>(r[s]=1,r),{})}var g=(o,l)=>{let r=o,s=n=>l?.usePlural?`${n}s`:n;return{id:"mongodb",async create(n){let{model:t,data:e}=n;l?.generateId!==void 0&&(e.id=l.generateId?l.generateId():void 0);let i=(await r.collection(s(t)).insertOne({...e})).insertedId,a={...e,id:i};return f(a)},async findOne(n){let{model:t,where:e,select:c}=n,i=u(e),a={};c&&(a=p(c));let m=(await r.collection(s(t)).find({...i},{projection:a}).toArray())[0];return m?f(m):null},async findMany(n){let{model:t,where:e,limit:c,offset:i,sortBy:a}=n,d=u(e);return(await r.collection(s(t)).find().filter(d).skip(i||0).limit(c||100).sort(a?.field||"id",a?.direction==="desc"?-1:1).toArray()).map(f)},async update(n){let{model:t,where:e,update:c}=n,i=u(e);if(e.length===1){let d=await r.collection(s(t)).findOneAndUpdate(i,{$set:c},{returnDocument:"after"});return f(d)}let a=await r.collection(s(t)).updateMany(i,{$set:c});return{}},async delete(n){let{model:t,where:e}=n,c=u(e),i=await r.collection(s(t)).findOneAndDelete(c)}}};export{g as mongodbAdapter};

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../auth-Cx7ibOvY.js';
+import { A as Adapter } from '../auth-C6fr77co.js';
 import 'zod';
 import 'kysely';
 import '../schema-Dkt0LqYs.js';
@@ -9,8 +9,17 @@ import '../social.js';
 import 'better-sqlite3';
 import 'mysql2';
 
-declare const prismaAdapter: (prisma: any, { provider, }: {
-    provider: "sqlite" | "cockroachdb" | "mysql" | "postgresql" | "sqlserver";
+declare const prismaAdapter: (prisma: any, { provider, generateId, }: {
+    provider: "sqlite" | "cockroachdb" | "mysql" | "postgresql" | "sqlserver" | "mongodb";
+    /**
+     * Custom generateId function.
+     *
+     * If not provided, nanoid will be used.
+     * If set to false, the database's auto generated id will be used.
+     *
+     * @default nanoid
+     */
+    generateId?: ((size?: number) => string) | false;
 }) => Adapter;
 
 export { prismaAdapter };

package/dist/adapters/prisma.js

@@ -1 +1 @@
-function i(s){if(!s)return{};if(s.length===1){let e=s[0];return e?{[e.field]:e.value}:void 0}let l=s.filter(e=>e.connector==="AND"||!e.connector),n=s.filter(e=>e.connector==="OR"),r=l.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[e.operator]:e.value}})),t=n.map(e=>({[e.field]:{[e.operator||"eq"]:e.value}}));return{AND:r.length?r:void 0,OR:t.length?t:void 0}}var u=(s,{provider:l})=>{let n=s;return{id:"prisma",async create(r){let{model:t,data:e,select:a}=r;return await n[t].create({data:e,...a?.length?{select:a.reduce((o,d)=>({...o,[d]:!0}),{})}:{}})},async findOne(r){let{model:t,where:e,select:a}=r,o=i(e);return await n[t].findFirst({where:o,...a?.length?{select:a.reduce((d,c)=>({...d,[c]:!0}),{})}:{}})},async findMany(r){let{model:t,where:e,limit:a,offset:o,sortBy:d}=r,c=i(e);return await n[t].findMany({where:c,take:a||100,skip:o||0,orderBy:d?.field?{[d.field]:d.direction==="desc"?"desc":"asc"}:void 0})},async update(r){let{model:t,where:e,update:a}=r,o=i(e);return e.length===1?await n[t].update({where:o,data:a}):await n[t].updateMany({where:o,data:a})},async delete(r){let{model:t,where:e}=r,a=i(e);return await n[t].delete({where:a})}}};export{u as prismaAdapter};
+function c(o){if(!o)return{};if(o.length===1){let e=o[0];return e?{[e.field]:e.value}:void 0}let u=o.filter(e=>e.connector==="AND"||!e.connector),i=o.filter(e=>e.connector==="OR"),a=u.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[e.operator]:e.value}})),t=i.map(e=>({[e.field]:{[e.operator||"eq"]:e.value}}));return{AND:a.length?a:void 0,OR:t.length?t:void 0}}var f=(o,{provider:u,generateId:i})=>{let a=o;return{id:"prisma",async create(t){let{model:e,data:n,select:r}=t;return i!==void 0&&(n.id=i?i():void 0),await a[e].create({data:n,...r?.length?{select:r.reduce((d,s)=>({...d,[s]:!0}),{})}:{}})},async findOne(t){let{model:e,where:n,select:r}=t,d=c(n);return await a[e].findFirst({where:d,...r?.length?{select:r.reduce((s,l)=>({...s,[l]:!0}),{})}:{}})},async findMany(t){let{model:e,where:n,limit:r,offset:d,sortBy:s}=t,l=c(n);return await a[e].findMany({where:l,take:r||100,skip:d||0,orderBy:s?.field?{[s.field]:s.direction==="desc"?"desc":"asc"}:void 0})},async update(t){let{model:e,where:n,update:r}=t,d=c(n);return n.length===1?await a[e].update({where:d,data:r}):await a[e].updateMany({where:d,data:r})},async delete(t){let{model:e,where:n}=t,r=c(n);return await a[e].delete({where:r})}}};export{f as prismaAdapter};

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, a0 as callbackOAuth, af as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, ab as createEmailVerificationToken, am as csrfMiddleware, ah as deleteUser, aj as error, a8 as forgetPassword, a9 as forgetPasswordCallback, ai as getCSRFToken, Y as getEndpoints, a1 as getSession, a2 as getSessionFromCtx, a4 as listSessions, ak as ok, o as optionsMiddleware, aa as resetPassword, a5 as revokeSession, a6 as revokeSessions, Z as router, ac as sendVerificationEmail, a3 as sessionMiddleware, ag as setPassword, $ as signInEmail, _ as signInOAuth, a7 as signOut, al as signUpEmail, ae as updateUser, ad as verifyEmail } from './auth-Cx7ibOvY.js';
+export { e as AuthEndpoint, f as AuthMiddleware, a0 as callbackOAuth, af as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, ab as createEmailVerificationToken, am as csrfMiddleware, ah as deleteUser, aj as error, a8 as forgetPassword, a9 as forgetPasswordCallback, ai as getCSRFToken, Y as getEndpoints, a1 as getSession, a2 as getSessionFromCtx, a4 as listSessions, ak as ok, o as optionsMiddleware, aa as resetPassword, a5 as revokeSession, a6 as revokeSessions, Z as router, ac as sendVerificationEmail, a3 as sessionMiddleware, ag as setPassword, $ as signInEmail, _ as signInOAuth, a7 as signOut, al as signUpEmail, ae as updateUser, ad as verifyEmail } from './auth-C6fr77co.js';
 import './helper-DPDj8Nix.js';
 export { APIError } from 'better-call';
 import 'zod';

package/dist/api.js

@@ -1,6 +1,6 @@
-import{APIError as Lt,createRouter as It}from"better-call";import{APIError as W}from"better-call";import{z as oe}from"zod";import{xchacha20poly1305 as Gt}from"@noble/ciphers/chacha";import{bytesToHex as Zt,hexToBytes as Wt,utf8ToBytes as Jt}from"@noble/ciphers/utils";import{managedNonce as Xt}from"@noble/ciphers/webcrypto";import{sha256 as er}from"oslo/crypto";function Z(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let s=0;s<r.length;s++)n|=r[s]^o[s];return n===0}import{decodeHex as zt,encodeHex as Vt}from"oslo/encoding";import{scryptAsync as Nt}from"@noble/hashes/scrypt";function Je(e){return e.toString(2).padStart(8,"0")}function Ke(e){return[...e].map(t=>Je(t)).join("")}function ee(e){return parseInt(Ke(e),2)}function Xe(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=ee(o);for(;n>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=ee(o);return n}function j(e,t){let r="";for(let o=0;o<e;o++)r+=t[Xe(t.length)];return r}function q(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function N(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),s=await crypto.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(s)))}import{createEndpointCreator as Ye,createMiddleware as te,createMiddlewareCreator as et}from"better-call";var re=te(async()=>({})),D=et({use:[re,te(async()=>({}))]}),u=Ye({use:[re]});var ne=D({body:oe.object({csrfToken:oe.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=new URL(e.request.url);if(e.context.trustedOrigins.includes(t.origin))return;let r=e.body?.csrfToken;if(!r)throw new W("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,s]=o?.split("!")||[null,null];if(!r||!o||!n||!s||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new W("UNAUTHORIZED",{message:"Invalid CSRF Token"});let i=await N(e.context.secret,n);if(s!==i)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new W("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as O}from"better-call";import{generateCodeVerifier as wt}from"oslo/oauth2";import{z as E}from"zod";import{generateState as tt}from"oslo/oauth2";import{z as M}from"zod";import{sha256 as se}from"oslo/crypto";async function ie(e){let t=await se(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function ae(e,t){let r=await se(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return Z(r,o)}import"better-call";async function ce(e){let t=tt(),r=JSON.stringify({code:t,callbackURL:e}),o=await ie(r);return{raw:r,hash:o}}function J(e){return M.object({code:M.string(),callbackURL:M.string().optional(),currentURL:M.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as xr}from"oslo";var I=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};async function P(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function z(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as de}from"better-call";import{createConsola as rt}from"consola";var C=rt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ot=e=>({log:(...t)=>{!e?.disabled&&C.log("",...t)},error:(...t)=>{!e?.disabled&&C.error("",...t)},warn:(...t)=>{!e?.disabled&&C.warn("",...t)},info:(...t)=>{!e?.disabled&&C.info("",...t)},debug:(...t)=>{!e?.disabled&&C.debug("",...t)},box:(...t)=>{!e?.disabled&&C.box("",...t)},success:(...t)=>{!e?.disabled&&C.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
-`)}}),w=ot();var U=D(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,n=e.context.trustedOrigins;if(t?.includes("http")){let s=new URL(t).origin;if(!n.includes(s))throw w.error("Invalid callback URL",{callbackURL:t,trustedOrigins:n}),new de("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let s=new URL(o).origin;if(!n.includes(s))throw w.error("Invalid current URL",{currentURL:o,trustedOrigins:n}),new de("FORBIDDEN",{message:"Invalid callback URL"})}});import{parseJWT as at}from"oslo/jwt";import{sha256 as nt}from"oslo/crypto";import{base64url as st}from"oslo/encoding";async function pe(e){let t=await nt(new TextEncoder().encode(e));return st.encode(new Uint8Array(t),{includePadding:!1})}function ue(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function A({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:s,claims:i,disablePkce:d,redirectURI:a}){let c=new URL(r);if(c.searchParams.set("response_type","code"),c.searchParams.set("client_id",t.clientId),c.searchParams.set("state",o),c.searchParams.set("scope",s.join(" ")),c.searchParams.set("redirect_uri",t.redirectURI||a),!d&&n){let p=await pe(n);c.searchParams.set("code_challenge_method","S256"),c.searchParams.set("code_challenge",p)}if(i){let p=i.reduce((y,f)=>(y[f]=null,y),{});c.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...p}}))}return c}import{betterFetch as it}from"@better-fetch/fetch";async function b({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let s=new URLSearchParams;s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:i,error:d}=await it(n,{method:"POST",body:s,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return ue(i)}function K(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var le=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let s=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${s.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>b({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=at(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as ct}from"@better-fetch/fetch";var me=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await ct("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as dt}from"@better-fetch/fetch";var fe=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await A({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await dt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});import{betterFetch as ge}from"@better-fetch/fetch";var he=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:s}){let i=e.scope||o||["user:email"];return A({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:i,state:r,redirectURI:s,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>b({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await ge("https://api.github.com/user",{auth:{type:"Bearer",token:r.accessToken}});if(n)return null;let s=!1;if(!o.email){let{data:i,error:d}=await ge("https://api.github.com/user/emails",{auth:{type:"Bearer",token:r.accessToken}});d||(o.email=(i.find(a=>a.primary)??i[0])?.email,s=i.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:s},data:o}}}};import{parseJWT as pt}from"oslo/jwt";var we=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new I("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new I("codeVerifier is required for Google");let s=e.scope||r||["email","profile"];return A({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:s,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=pt(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as ut}from"@better-fetch/fetch";import{parseJWT as lt}from"oslo/jwt";var ye=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let s=e.scope||n.scopes||["openid","profile","email","User.Read"];return A({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:s,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:s,redirectURI:i}){return b({code:n,codeVerifier:s,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let s=lt(n.idToken)?.payload,i=e.profilePhotoSize||48;return await ut(`https://graph.microsoft.com/v1.0/me/photos/${i}x${i}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(d){if(!(e.disableProfilePhoto||!d.response.ok))try{let c=await d.response.clone().arrayBuffer(),p=Buffer.from(c).toString("base64");s.picture=`data:image/jpeg;base64, ${p}`}catch(a){w.error(a)}}}),{user:{id:s.sub,name:s.name,email:s.email,image:s.picture,emailVerified:!0},data:s}}}};import{betterFetch as mt}from"@better-fetch/fetch";var be=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let s=e.scope||r||["user-read-email"];return A({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:s,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await mt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var S={isAction:!1};var Ae=e=>j(e||21,q("a-z","0-9","A-Z"));import{parseJWT as ft}from"oslo/jwt";var Re=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return A({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return w.error("No idToken found in token"),null;let o=ft(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as gt}from"@better-fetch/fetch";var ke=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return A({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await gt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var ht={apple:le,discord:me,facebook:fe,github:he,microsoft:ye,google:we,spotify:be,twitch:Re,twitter:ke},Ue=Object.keys(ht);var Ee=u("/sign-in/social",{method:"POST",requireHeaders:!0,query:E.object({currentURL:E.string().optional()}).optional(),body:E.object({callbackURL:E.string().optional(),provider:E.enum(Ue)}),use:[U]},async e=>{let t=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new O("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,s=await ce(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,s.hash,e.context.secret,r.state.options);let i=wt();await e.setSignedCookie(r.pkCodeVerifier.name,i,e.context.secret,r.pkCodeVerifier.options);let d=await t.createAuthorizationURL({state:s.raw,codeVerifier:i,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:d.toString(),state:s,codeVerifier:i,redirect:!0})}),xe=u("/sign-in/email",{method:"POST",body:E.object({email:E.string().email(),password:E.string(),callbackURL:E.string().optional(),dontRememberMe:E.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new O("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!E.string().email().safeParse(t).success)throw new O("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new O("UNAUTHORIZED",{message:"Invalid email or password"});let s=n.accounts.find(c=>c.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new O("UNAUTHORIZED",{message:"Invalid email or password"});let i=s?.password;if(!i)throw e.context.logger.error("Password not found",{email:t}),new O("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(i,r))throw e.context.logger.error("Invalid password"),new O("UNAUTHORIZED",{message:"Invalid email or password"});let a=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!a)throw e.context.logger.error("Failed to create session"),new O("UNAUTHORIZED",{message:"Failed to create session"});return await P(e,a.id,e.body.dontRememberMe),e.json({user:n.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as bt}from"better-call";import{z as F}from"zod";import{z as l}from"zod";var kn=l.object({id:l.string(),providerId:l.string(),accountId:l.string(),userId:l.string(),accessToken:l.string().nullable().optional(),refreshToken:l.string().nullable().optional(),idToken:l.string().nullable().optional(),expiresAt:l.date().nullable().optional(),password:l.string().optional().nullable()}),Pe=l.object({id:l.string(),email:l.string().transform(e=>e.toLowerCase()),emailVerified:l.boolean().default(!1),name:l.string(),image:l.string().optional(),createdAt:l.date().default(new Date),updatedAt:l.date().default(new Date)}),Un=l.object({id:l.string(),userId:l.string(),expiresAt:l.date(),ipAddress:l.string().optional(),userAgent:l.string().optional()}),En=l.object({id:l.string(),value:l.string(),expiresAt:l.date(),identifier:l.string()});function yt(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function Te(e,t){let r={...e.user?.additionalFields};return yt(t||{},{fields:r})}var ve=u("/callback/:id",{method:"GET",query:F.object({state:F.string(),code:F.string().optional(),error:F.string().optional()}),metadata:S},async e=>{if(e.query.error||!e.query.code){let h=J(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${h}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=J(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,s=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!s)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await ae(e.query.state,s))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let d=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(m=>m?.user),p=Ae(),y=Pe.safeParse({...c,id:p});if(!c||y.success===!1)throw w.error("Unable to get user info",y.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let f=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(m=>{throw w.error(`Better auth was unable to query your database.
-Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),g=f?.user.id;if(f){let m=f.accounts.find(k=>k.providerId===t.id),h=e.context.options.account?.accountLinking?.trustedProviders,R=h?h.includes(t.id):!0;if(!m&&(!c.emailVerified||!R)){let k;try{k=new URL(n||o),k.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(k.toString())}if(!m)try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:f.user.id,...K(a)})}catch(k){throw console.log(k),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{await e.context.internalAdapter.createOAuthUser(y.data,{...K(a),id:`${t.id}:${c.id}`,providerId:t.id,accountId:c.id.toString(),userId:p})}catch{let h=new URL(n||o);throw h.searchParams.set("error","unable_to_create_user"),e.setHeader("Location",h.toString()),e.redirect(h.toString())}if(!g&&!p)throw new bt("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});try{let m=await e.context.internalAdapter.createSession(g||p,e.request);if(!m){let h=new URL(n||o);throw h.searchParams.set("error","unable_to_create_session"),e.redirect(h.toString())}try{await P(e,m.id)}catch(h){e.context.logger.error("Unable to set session cookie",h);let R=new URL(n||o);throw R.searchParams.set("error","unable_to_create_session"),e.redirect(R.toString())}}catch{let m=new URL(n||o||"");throw m.searchParams.set("error","unable_to_create_session"),e.redirect(m.toString())}throw e.redirect(o)});import{APIError as V}from"better-call";var H=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as _e}from"zod";var X=()=>u("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return z(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,s=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+s*1e3<=Date.now()){let a=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:H(e.context.sessionConfig.expiresIn,"sec")});if(!a)return z(e),e.json(null,{status:401});let c=(a.expiresAt.valueOf()-Date.now())/1e3;return await P(e,a.id,!1,{maxAge:c}),e.json({session:a,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),At=async e=>await X()({...e,_flag:"json",headers:e.headers}),L=D(async e=>{let t=await At(e);if(!t?.session)throw new V("UNAUTHORIZED");return{session:t}}),Se=()=>u("/user/list-sessions",{method:"GET",use:[L],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Oe=u("/user/revoke-session",{method:"POST",body:_e.object({id:_e.string()}),use:[L],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new V("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new V("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new V("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Le=u("/user/revoke-sessions",{method:"POST",use:[L],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new V("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});import"zod";import{APIError as Rt}from"better-call";var Ie=u("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Rt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),z(e),e.json({success:!0})});import{z as _}from"zod";import{APIError as G}from"better-call";var Ce=u("/forget-password",{method:"POST",body:_.object({email:_.string().email(),redirectTo:_.string()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new G("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,s=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),i=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${i}`,expiresAt:s});let d=`${e.context.baseURL}/reset-password/${i}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(d,o.user),e.json({status:!0})}),Be=u("/reset-password/:token",{method:"GET",query:_.object({callbackURL:_.string()}),use:[U]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),De=u("/reset-password",{query:_.object({token:_.string()}).optional(),method:"POST",body:_.object({newPassword:_.string()})},async e=>{let t=e.query?.token;if(!t)throw new G("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new G("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let s=n.value,i=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(s)).find(p=>p.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:s,providerId:"credential",password:i,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(s,i))throw new G("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{TimeSpan as kt}from"oslo";import{createJWT as Ut,validateJWT as Et}from"oslo/jwt";import{z as T}from"zod";import{APIError as Q}from"better-call";async function Y(e,t){return await Ut("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new kt(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var $e=u("/send-verification-email",{method:"POST",query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({email:T.string().email(),callbackURL:T.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),new Q("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new Q("BAD_REQUEST",{message:"User not found"});let o=await Y(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailAndPassword.sendVerificationEmail(n,r.user,o),e.json({status:!0})}),ze=u("/verify-email",{method:"GET",query:T.object({token:T.string(),callbackURL:T.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await Et("HS256",Buffer.from(e.context.secret),t)}catch(i){throw e.context.logger.error("Failed to verify email",i),new Q("BAD_REQUEST",{message:"Invalid token"})}let n=T.object({email:T.string().email()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new Q("BAD_REQUEST",{message:"User not found"});if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})});import{z as x}from"zod";import{APIError as v}from"better-call";var Ve=u("/user/update",{method:"POST",body:x.object({name:x.string().optional(),image:x.string().optional()}),use:[L,U]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:n})}),je=u("/user/change-password",{method:"POST",body:x.object({newPassword:x.string(),currentPassword:x.string(),revokeOtherSessions:x.boolean().optional()}),use:[L]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,s=e.context.password.config.minPasswordLength;if(t.length<s)throw e.context.logger.error("Password is too short"),new v("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new v("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(n.user.id)).find(y=>y.providerId==="credential"&&y.password);if(!a||!a.password)throw new v("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(a.password,r))throw new v("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let y=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!y)throw new v("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await P(e,y.id)}return e.json(n.user)}),qe=u("/user/set-password",{method:"POST",body:x.object({newPassword:x.string()}),use:[L]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new v("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new v("BAD_REQUEST",{message:"Password too long"});let i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),d=await e.context.password.hash(t);if(!i)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:d}),e.json(r.user);throw new v("BAD_REQUEST",{message:"user already has a password"})}),Ne=u("/user/delete",{method:"POST",body:x.object({password:x.string()}),use:[L]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(i=>i.providerId==="credential"&&i.password);if(!n||!n.password)throw new v("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new v("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)});var Me=u("/csrf",{method:"GET",metadata:S},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[s,i]=t.split("!")||[null,null];return e.json({csrfToken:s})}let r=j(32,q("a-z","0-9","A-Z")),o=await N(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var xt=(e="Unknown")=>`<!DOCTYPE html>
+import{APIError as It,createRouter as Ct}from"better-call";import{APIError as Z}from"better-call";import{z as oe}from"zod";import{xchacha20poly1305 as Qt}from"@noble/ciphers/chacha";import{bytesToHex as Wt,hexToBytes as Jt,utf8ToBytes as Kt}from"@noble/ciphers/utils";import{managedNonce as Yt}from"@noble/ciphers/webcrypto";import{sha256 as tr}from"oslo/crypto";function Q(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as zt,encodeHex as jt}from"oslo/encoding";import{scryptAsync as Mt}from"@noble/hashes/scrypt";function Je(e){return e.toString(2).padStart(8,"0")}function Ke(e){return[...e].map(t=>Je(t)).join("")}function X(e){return parseInt(Ke(e),2)}function Xe(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=X(o);for(;n>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=X(o);return n}function Y(e,t){let r="";for(let o=0;o<e;o++)r+=t[Xe(t.length)];return r}function ee(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function q(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await crypto.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as Ye,createMiddleware as te,createMiddlewareCreator as et}from"better-call";var re=te(async()=>({})),$=et({use:[re,te(async()=>({}))]}),p=Ye({use:[re]});var ne=$({body:oe.object({csrfToken:oe.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=new URL(e.request.url);if(e.context.trustedOrigins.includes(t.origin))return;let r=e.body?.csrfToken;if(!r)throw new Z("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!r||!o||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new Z("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await q(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new Z("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as P}from"better-call";import{generateCodeVerifier as Rt}from"oslo/oauth2";import{z as E}from"zod";import{generateState as tt}from"oslo/oauth2";import{z as N}from"zod";import{sha256 as ie}from"oslo/crypto";async function se(e){let t=await ie(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function ae(e,t){let r=await ie(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return Q(r,o)}import"better-call";async function ce(e){let t=tt(),r=JSON.stringify({code:t,callbackURL:e}),o=await se(r);return{raw:r,hash:o}}function W(e){return N.object({code:N.string(),callbackURL:N.string().optional(),currentURL:N.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as vr}from"oslo";var I=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};async function v(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function z(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as de}from"better-call";import{createConsola as rt}from"consola";var C=rt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ot=e=>({log:(...t)=>{!e?.disabled&&C.log("",...t)},error:(...t)=>{!e?.disabled&&C.error("",...t)},warn:(...t)=>{!e?.disabled&&C.warn("",...t)},info:(...t)=>{!e?.disabled&&C.info("",...t)},debug:(...t)=>{!e?.disabled&&C.debug("",...t)},box:(...t)=>{!e?.disabled&&C.box("",...t)},success:(...t)=>{!e?.disabled&&C.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
+`)}}),w=ot();var U=$(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,n=e.context.trustedOrigins;if(t?.includes("http")){let i=new URL(t).origin;if(!n.includes(i))throw w.error("Invalid callback URL",{callbackURL:t,trustedOrigins:n}),new de("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let i=new URL(o).origin;if(!n.includes(i))throw w.error("Invalid current URL",{currentURL:o,trustedOrigins:n}),new de("FORBIDDEN",{message:"Invalid callback URL"})}});import{parseJWT as at}from"oslo/jwt";import{sha256 as nt}from"oslo/crypto";import{base64url as it}from"oslo/encoding";async function ue(e){let t=await nt(new TextEncoder().encode(e));return it.encode(new Uint8Array(t),{includePadding:!1})}function pe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function k({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:d,redirectURI:a}){let c=new URL(r);if(c.searchParams.set("response_type","code"),c.searchParams.set("client_id",t.clientId),c.searchParams.set("state",o),c.searchParams.set("scope",i.join(" ")),c.searchParams.set("redirect_uri",t.redirectURI||a),!d&&n){let u=await ue(n);c.searchParams.set("code_challenge_method","S256"),c.searchParams.set("code_challenge",u)}if(s){let u=s.reduce((y,g)=>(y[g]=null,y),{});c.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...u}}))}return c}import{betterFetch as st}from"@better-fetch/fetch";async function b({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:d}=await st(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return pe(s)}function J(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var le=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>b({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=at(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as ct}from"@better-fetch/fetch";var me=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await ct("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as dt}from"@better-fetch/fetch";var fe=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await k({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await dt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});import{betterFetch as ge}from"@better-fetch/fetch";var he=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=e.scope||o||["user:email"];return k({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>b({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await ge("https://api.github.com/user",{auth:{type:"Bearer",token:r.accessToken}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:d}=await ge("https://api.github.com/user/emails",{auth:{type:"Bearer",token:r.accessToken}});d||(o.email=(s.find(a=>a.primary)??s[0])?.email,i=s.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as ut}from"oslo/jwt";var we=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new I("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new I("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return k({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=ut(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as pt}from"@better-fetch/fetch";import{parseJWT as lt}from"oslo/jwt";var ye=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return k({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return b({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=lt(n.idToken)?.payload,s=e.profilePhotoSize||48;return await pt(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(d){if(!(e.disableProfilePhoto||!d.response.ok))try{let c=await d.response.clone().arrayBuffer(),u=Buffer.from(c).toString("base64");i.picture=`data:image/jpeg;base64, ${u}`}catch(a){w.error(a)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as mt}from"@better-fetch/fetch";var be=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return k({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await mt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var L={isAction:!1};import{nanoid as ft}from"nanoid";var Ae=e=>ft(e);import{parseJWT as gt}from"oslo/jwt";var Re=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return k({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>b({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return w.error("No idToken found in token"),null;let o=gt(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as ht}from"@better-fetch/fetch";var ke=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return k({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>b({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await ht("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var wt={apple:le,discord:me,facebook:fe,github:he,microsoft:ye,google:we,spotify:be,twitch:Re,twitter:ke},Ue=Object.keys(wt);import{TimeSpan as yt}from"oslo";import{createJWT as bt,validateJWT as At}from"oslo/jwt";import{z as T}from"zod";import{APIError as M}from"better-call";async function B(e,t){return await bt("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new yt(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Ee=p("/send-verification-email",{method:"POST",query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({email:T.string().email(),callbackURL:T.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),new M("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new M("BAD_REQUEST",{message:"User not found"});let o=await B(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),xe=p("/verify-email",{method:"GET",query:T.object({token:T.string(),callbackURL:T.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await At("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new M("BAD_REQUEST",{message:"Invalid token"})}let n=T.object({email:T.string().email()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new M("BAD_REQUEST",{message:"User not found"});if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})});var ve=p("/sign-in/social",{method:"POST",requireHeaders:!0,query:E.object({currentURL:E.string().optional()}).optional(),body:E.object({callbackURL:E.string().optional(),provider:E.enum(Ue)}),use:[U]},async e=>{let t=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new P("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await ce(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let s=Rt();await e.setSignedCookie(r.pkCodeVerifier.name,s,e.context.secret,r.pkCodeVerifier.options);let d=await t.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:d.toString(),state:i,codeVerifier:s,redirect:!0})}),Te=p("/sign-in/email",{method:"POST",body:E.object({email:E.string().email(),password:E.string(),callbackURL:E.string().optional(),dontRememberMe:E.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new P("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!E.string().email().safeParse(t).success)throw new P("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new P("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw w.error("Email verification is required but no email verification handler is provided"),new P("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await B(e.context.secret,n.user.email),u=`${e.context.options.baseURL}/verify-email?token=${c}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,u,c),e.context.logger.error("Email not verified",{email:t}),new P("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=n.accounts.find(c=>c.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new P("UNAUTHORIZED",{message:"Invalid email or password"});let s=i?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new P("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new P("UNAUTHORIZED",{message:"Invalid email or password"});let a=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!a)throw e.context.logger.error("Failed to create session"),new P("UNAUTHORIZED",{message:"Failed to create session"});return await v(e,a.id,e.body.dontRememberMe),e.json({user:n.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as Ut}from"better-call";import{z as F}from"zod";import{z as m}from"zod";var Bn=m.object({id:m.string(),providerId:m.string(),accountId:m.string(),userId:m.string(),accessToken:m.string().nullable().optional(),refreshToken:m.string().nullable().optional(),idToken:m.string().nullable().optional(),expiresAt:m.date().nullable().optional(),password:m.string().optional().nullable()}),Pe=m.object({id:m.string(),email:m.string().transform(e=>e.toLowerCase()),emailVerified:m.boolean().default(!1),name:m.string(),image:m.string().optional(),createdAt:m.date().default(new Date),updatedAt:m.date().default(new Date)}),Dn=m.object({id:m.string(),userId:m.string(),expiresAt:m.date(),ipAddress:m.string().optional(),userAgent:m.string().optional()}),$n=m.object({id:m.string(),value:m.string(),expiresAt:m.date(),identifier:m.string()});function kt(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function _e(e,t){let r={...e.user?.additionalFields};return kt(t||{},{fields:r})}var Se=p("/callback/:id",{method:"GET",query:F.object({state:F.string(),code:F.string().optional(),error:F.string().optional()}),metadata:L},async e=>{if(e.query.error||!e.query.code){let h=W(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${h}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(l=>l.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=W(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await ae(e.query.state,i))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let d=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(l){throw e.context.logger.error(l),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(l=>l?.user),u=Ae(),y=Pe.safeParse({...c,id:u});if(!c||y.success===!1)throw w.error("Unable to get user info",y.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let g=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(l=>{throw w.error(`Better auth was unable to query your database.
+Error: `,l),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),f=g?.user.id;if(g){let l=g.accounts.find(R=>R.providerId===t.id),h=e.context.options.account?.accountLinking?.trustedProviders,A=h?h.includes(t.id):!0;if(!l&&(!c.emailVerified||!A)){let R;try{R=new URL(n||o),R.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(R.toString())}if(!l)try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:g.user.id,...J(a)})}catch(R){throw console.log(R),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{let l=c.emailVerified,h=await e.context.internalAdapter.createOAuthUser({...y.data,emailVerified:l},{...J(a),id:`${t.id}:${c.id}`,providerId:t.id,accountId:c.id.toString()});if(!l&&h&&e.context.options.emailVerification?.sendOnSignUp){let A=await B(e.context.secret,c.email),R=`${e.context.baseURL}/verify-email?token=${A}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(h.user,R,A)}}catch{let h=new URL(n||o);throw h.searchParams.set("error","unable_to_create_user"),e.redirect(h.toString())}if(!f&&!u)throw new Ut("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});try{let l=await e.context.internalAdapter.createSession(f||u,e.request);if(!l){let h=new URL(n||o);throw h.searchParams.set("error","unable_to_create_session"),e.redirect(h.toString())}try{await v(e,l.id)}catch(h){e.context.logger.error("Unable to set session cookie",h);let A=new URL(n||o);throw A.searchParams.set("error","unable_to_create_session"),e.redirect(A.toString())}}catch{let l=new URL(n||o||"");throw l.searchParams.set("error","unable_to_create_session"),e.redirect(l.toString())}throw e.redirect(o)});import{APIError as j}from"better-call";var H=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as Le}from"zod";var K=()=>p("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return z(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let a=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:H(e.context.sessionConfig.expiresIn,"sec")});if(!a)return z(e),e.json(null,{status:401});let c=(a.expiresAt.valueOf()-Date.now())/1e3;return await v(e,a.id,!1,{maxAge:c}),e.json({session:a,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Et=async e=>await K()({...e,_flag:"json",headers:e.headers}),O=$(async e=>{let t=await Et(e);if(!t?.session)throw new j("UNAUTHORIZED");return{session:t}}),Oe=()=>p("/user/list-sessions",{method:"GET",use:[O],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ie=p("/user/revoke-session",{method:"POST",body:Le.object({id:Le.string()}),use:[O],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new j("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new j("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Ce=p("/user/revoke-sessions",{method:"POST",use:[O],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new j("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});import"zod";import{APIError as xt}from"better-call";var Be=p("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new xt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),z(e),e.json({success:!0})});import{z as S}from"zod";import{APIError as G}from"better-call";var De=p("/forget-password",{method:"POST",body:S.object({email:S.string().email(),redirectTo:S.string()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new G("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let d=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,d),e.json({status:!0})}),$e=p("/reset-password/:token",{method:"GET",query:S.object({callbackURL:S.string()}),use:[U]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),Ve=p("/reset-password",{query:S.object({token:S.string()}).optional(),method:"POST",body:S.object({newPassword:S.string()})},async e=>{let t=e.query?.token;if(!t)throw new G("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new G("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(u=>u.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,s))throw new G("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as x}from"zod";import{APIError as _}from"better-call";var ze=p("/user/update",{method:"POST",body:x.object({name:x.string().optional(),image:x.string().optional()}),use:[O,U]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:n})}),je=p("/user/change-password",{method:"POST",body:x.object({newPassword:x.string(),currentPassword:x.string(),revokeOtherSessions:x.boolean().optional()}),use:[O]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new _("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new _("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(n.user.id)).find(y=>y.providerId==="credential"&&y.password);if(!a||!a.password)throw new _("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(a.password,r))throw new _("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let y=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!y)throw new _("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await v(e,y.id)}return e.json(n.user)}),qe=p("/user/set-password",{method:"POST",body:x.object({newPassword:x.string()}),use:[O]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new _("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new _("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),d=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:d}),e.json(r.user);throw new _("BAD_REQUEST",{message:"user already has a password"})}),Ne=p("/user/delete",{method:"POST",body:x.object({password:x.string()}),use:[O]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!n||!n.password)throw new _("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new _("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)});var Me=p("/csrf",{method:"GET",metadata:L},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,s]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=Y(32,ee("a-z","0-9","A-Z")),o=await q(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var vt=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,Fe=u("/error",{method:"GET",metadata:S},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(xt(t),{headers:{"Content-Type":"text/html"}})});var He=u("/ok",{method:"GET",metadata:S},async e=>e.json({ok:!0}));import{z as $}from"zod";import{APIError as B}from"better-call";var Ge=()=>u("/sign-up/email",{method:"POST",query:$.object({currentURL:$.string().optional()}).optional(),body:$.record($.string(),$.any()),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new B("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:s,callbackURL:i,...d}=t;if(!$.string().email().safeParse(o).success)throw new B("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(n.length<c)throw e.context.logger.error("Password is too short"),new B("BAD_REQUEST",{message:"Password is too short"});let p=e.context.password.config.maxPasswordLength;if(n.length>p)throw e.context.logger.error("Password is too long"),new B("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new B("UNPROCESSABLE_ENTITY",{message:"The email has already been taken"});let f=Te(e.context.options,d),g=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:s,...f,emailVerified:!1});if(!g)throw new B("BAD_REQUEST",{message:"Failed to create user"});let m=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:g.id,providerId:"credential",accountId:g.id,password:m,expiresAt:H(60*60*24*30,"sec")}),e.context.options.emailAndPassword.sendEmailVerificationOnSignUp){let R=await Y(e.context.secret,g.email),k=`${e.context.baseURL}/verify-email?token=${R}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailAndPassword.sendVerificationEmail?.(k,g,R)}let h=await e.context.internalAdapter.createSession(g.id,e.request);if(!h)throw new B("BAD_REQUEST",{message:"Failed to create session"});return await P(e,h.id),e.json({user:g,session:h},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:g,session:h}})});function Qe(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of r){let n=e.headers.get(o);if(typeof n=="string"){let s=n.split(",")[0].trim();if(s)return s}}return null}function Pt(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function Tt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function vt(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function _t(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,s,i)=>{try{i?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:s.count,lastRequest:s.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:s.count,lastRequest:s.lastRequest}})}catch(d){w.error("Error setting rate limit",d)}}}}var Ze=new Map;function St(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Ze.get(r)},async set(r,o,n){Ze.set(r,o)}}:_t(e,e.rateLimit.tableName)}async function We(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,s=t.rateLimit.max,i=Qe(e)+o,a=Ot().find(f=>f.pathMatcher(o));a&&(n=a.window,s=a.max);for(let f of t.options.plugins||[])if(f.rateLimit){let g=f.rateLimit.find(m=>m.pathMatcher(o));if(g){n=g.window,s=g.max;break}}if(t.rateLimit.customRules){let f=t.rateLimit.customRules[o];f&&(n=f.window,s=f.max)}let c=St(t),p=await c.get(i),y=Date.now();if(!p)await c.set(i,{key:i,count:1,lastRequest:y});else{let f=y-p.lastRequest;if(Pt(s,n,p)){let g=vt(p.lastRequest,n);return Tt(g)}else f>n*1e3?await c.set(i,{...p,count:1,lastRequest:y}):await c.set(i,{...p,count:p.count+1,lastRequest:y})}}function Ot(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}import{APIError as Ti}from"better-call";function Ct(e,t){let r=t.plugins?.reduce((d,a)=>({...d,...a.endpoints}),{}),o=t.plugins?.map(d=>d.middlewares?.map(a=>{let c=async p=>a.middleware({...p,context:{...e,...p.context}});return c.path=a.path,c.options=a.middleware.options,c.headers=a.middleware.headers,{path:a.path,middleware:c}})).filter(d=>d!==void 0).flat()||[],s={...{signInOAuth:Ee,callbackOAuth:ve,getCSRFToken:Me,getSession:X(),signOut:Ie,signUpEmail:Ge(),signInEmail:xe,forgetPassword:Ce,resetPassword:De,verifyEmail:ze,sendVerificationEmail:$e,changePassword:je,setPassword:qe,updateUser:Ve,deleteUser:Ne,forgetPasswordCallback:Be,listSessions:Se(),revokeSession:Oe,revokeSessions:Le},...r,ok:He,error:Fe},i={};for(let[d,a]of Object.entries(s))i[d]=async(c={})=>{let p=await e;for(let g of t.plugins||[])if(g.hooks?.before){for(let m of g.hooks.before)if(m.matcher({...a,...c,context:p})){let R=await m.handler({...c,context:{...p,...c?.context}});R&&"context"in R&&(p={...p,...R.context})}}let f=await a({...c,context:{...p,...c.context}});for(let g of t.plugins||[])if(g.hooks?.after){for(let m of g.hooks.after)if(m.matcher(c)){let R=Object.assign(c,{context:{...e,returned:f}}),k=await m.handler(R);k&&"response"in k&&(f=k.response)}}return f},i[d].path=a.path,i[d].method=a.method,i[d].options=a.options,i[d].headers=a.headers;return{api:i,middlewares:o}}var Ri=(e,t)=>{let{api:r,middlewares:o}=Ct(e,t),n=new URL(e.baseURL).pathname;return It(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:ne},...o],async onRequest(s){for(let i of e.options.plugins||[])if(i.onRequest){let d=await i.onRequest(s,e);if(d)return d}return We(s,e)},async onResponse(s){for(let i of e.options.plugins||[])if(i.onResponse){let d=await i.onResponse(s,e);if(d)return d.response}return s},onError(s){if(t.onAPIError?.throw)throw s;if(t.onAPIError?.onError){t.onAPIError.onError(s,e);return}let i=t.logger?.verboseLogging?w:void 0;t.logger?.disabled!==!0&&(s instanceof Lt?(s.status==="INTERNAL_SERVER_ERROR"&&w.error(s),i?.error(s.message)):w?.error(s))}})};export{Ti as APIError,ve as callbackOAuth,je as changePassword,u as createAuthEndpoint,D as createAuthMiddleware,Y as createEmailVerificationToken,ne as csrfMiddleware,Ne as deleteUser,Fe as error,Ce as forgetPassword,Be as forgetPasswordCallback,Me as getCSRFToken,Ct as getEndpoints,X as getSession,At as getSessionFromCtx,Se as listSessions,He as ok,re as optionsMiddleware,De as resetPassword,Oe as revokeSession,Le as revokeSessions,Ri as router,$e as sendVerificationEmail,L as sessionMiddleware,qe as setPassword,xe as signInEmail,Ee as signInOAuth,Ie as signOut,Ge as signUpEmail,Ve as updateUser,ze as verifyEmail};
+</html>`,Fe=p("/error",{method:"GET",metadata:L},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(vt(t),{headers:{"Content-Type":"text/html"}})});var He=p("/ok",{method:"GET",metadata:L},async e=>e.json({ok:!0}));import{z as V}from"zod";import{APIError as D}from"better-call";var Ge=()=>p("/sign-up/email",{method:"POST",query:V.object({currentURL:V.string().optional()}).optional(),body:V.record(V.string(),V.any()),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new D("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:s,...d}=t;if(!V.string().email().safeParse(o).success)throw new D("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(n.length<c)throw e.context.logger.error("Password is too short"),new D("BAD_REQUEST",{message:"Password is too short"});let u=e.context.password.config.maxPasswordLength;if(n.length>u)throw e.context.logger.error("Password is too long"),new D("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new D("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let g=_e(e.context.options,d),f=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...g,emailVerified:!1});if(!f)throw new D("BAD_REQUEST",{message:"Failed to create user"});let l=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:f.id,providerId:"credential",accountId:f.id,password:l,expiresAt:H(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let A=await B(e.context.secret,f.email),R=`${e.context.baseURL}/verify-email?token=${A}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(f,R,A)}if(!e.context.options.emailAndPassword.autoSignIn)return e.json({user:f,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:null}});let h=await e.context.internalAdapter.createSession(f.id,e.request);if(!h)throw new D("BAD_REQUEST",{message:"Failed to create session"});return await v(e,h.id),e.json({user:f,session:h},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:h}})});function Qe(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of r){let n=e.headers.get(o);if(typeof n=="string"){let i=n.split(",")[0].trim();if(i)return i}}return null}function Tt(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function Pt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function _t(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function St(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(d){w.error("Error setting rate limit",d)}}}}var Ze=new Map;function Lt(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Ze.get(r)},async set(r,o,n){Ze.set(r,o)}}:St(e,e.rateLimit.tableName)}async function We(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,s=Qe(e)+o,a=Ot().find(g=>g.pathMatcher(o));a&&(n=a.window,i=a.max);for(let g of t.options.plugins||[])if(g.rateLimit){let f=g.rateLimit.find(l=>l.pathMatcher(o));if(f){n=f.window,i=f.max;break}}if(t.rateLimit.customRules){let g=t.rateLimit.customRules[o];g&&(n=g.window,i=g.max)}let c=Lt(t),u=await c.get(s),y=Date.now();if(!u)await c.set(s,{key:s,count:1,lastRequest:y});else{let g=y-u.lastRequest;if(Tt(i,n,u)){let f=_t(u.lastRequest,n);return Pt(f)}else g>n*1e3?await c.set(s,{...u,count:1,lastRequest:y}):await c.set(s,{...u,count:u.count+1,lastRequest:y})}}function Ot(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}import{APIError as Ls}from"better-call";function Bt(e,t){let r=t.plugins?.reduce((d,a)=>({...d,...a.endpoints}),{}),o=t.plugins?.map(d=>d.middlewares?.map(a=>{let c=async u=>a.middleware({...u,context:{...e,...u.context}});return c.path=a.path,c.options=a.middleware.options,c.headers=a.middleware.headers,{path:a.path,middleware:c}})).filter(d=>d!==void 0).flat()||[],i={...{signInOAuth:ve,callbackOAuth:Se,getCSRFToken:Me,getSession:K(),signOut:Be,signUpEmail:Ge(),signInEmail:Te,forgetPassword:De,resetPassword:Ve,verifyEmail:xe,sendVerificationEmail:Ee,changePassword:je,setPassword:qe,updateUser:ze,deleteUser:Ne,forgetPasswordCallback:$e,listSessions:Oe(),revokeSession:Ie,revokeSessions:Ce},...r,ok:He,error:Fe},s={};for(let[d,a]of Object.entries(i))s[d]=async(c={})=>{let u=await e;for(let f of t.plugins||[])if(f.hooks?.before){for(let l of f.hooks.before)if(l.matcher({...a,...c,context:u})){let A=await l.handler({...c,context:{...u,...c?.context}});A&&"context"in A&&(u={...u,...A.context})}}let g=await a({...c,context:{...u,...c.context}});for(let f of t.plugins||[])if(f.hooks?.after){for(let l of f.hooks.after)if(l.matcher(c)){let A=Object.assign(c,{context:{...e,returned:g}}),R=await l.handler(A);R&&"response"in R&&(g=R.response)}}return g},s[d].path=a.path,s[d].method=a.method,s[d].options=a.options,s[d].headers=a.headers;return{api:s,middlewares:o}}var xs=(e,t)=>{let{api:r,middlewares:o}=Bt(e,t),n=new URL(e.baseURL).pathname;return Ct(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:ne},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let d=await s.onRequest(i,e);if(d)return d}return We(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let d=await s.onResponse(i,e);if(d)return d.response}return i},onError(i){if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let s=t.logger?.verboseLogging?w:void 0;t.logger?.disabled!==!0&&(i instanceof It?(i.status==="INTERNAL_SERVER_ERROR"&&w.error(i),s?.error(i.message)):w?.error(i))}})};export{Ls as APIError,Se as callbackOAuth,je as changePassword,p as createAuthEndpoint,$ as createAuthMiddleware,B as createEmailVerificationToken,ne as csrfMiddleware,Ne as deleteUser,Fe as error,De as forgetPassword,$e as forgetPasswordCallback,Me as getCSRFToken,Bt as getEndpoints,K as getSession,Et as getSessionFromCtx,Oe as listSessions,He as ok,re as optionsMiddleware,Ve as resetPassword,Ie as revokeSession,Ce as revokeSessions,xs as router,Ee as sendVerificationEmail,O as sessionMiddleware,qe as setPassword,Te as signInEmail,ve as signInOAuth,Be as signOut,Ge as signUpEmail,ze as updateUser,xe as verifyEmail};