npm - better-auth - Versions diffs - 0.4.13 → 0.4.14-beta.2 - Mend

better-auth 0.4.13 → 0.4.14-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/dist/adapters/drizzle.d.ts +1 -1
package/dist/adapters/kysely.d.ts +1 -1
package/dist/adapters/mongodb.d.ts +1 -1
package/dist/adapters/prisma.d.ts +1 -1
package/dist/api.d.ts +1 -1
package/dist/api.js +4 -4
package/dist/{auth-C6fr77co.d.ts → auth-BTj2ofMy.d.ts} +420 -26
package/dist/client/plugins.d.ts +16 -4
package/dist/client/plugins.js +1 -1
package/dist/client.d.ts +1 -1
package/dist/cookies.d.ts +1 -1
package/dist/cookies.js +1 -1
package/dist/db.d.ts +2 -2
package/dist/{index-pILRgibH.d.ts → index-DhZ8Ofpl.d.ts} +185 -2
package/dist/index.d.ts +1 -1
package/dist/index.js +4 -4
package/dist/node.d.ts +1 -1
package/dist/plugins.d.ts +3 -3
package/dist/plugins.js +5 -5
package/dist/react.d.ts +1 -1
package/dist/solid-start.d.ts +1 -1
package/dist/solid.d.ts +1 -1
package/dist/svelte-kit.d.ts +1 -1
package/dist/svelte.d.ts +1 -1
package/dist/types.d.ts +2 -2
package/dist/vue.d.ts +1 -1
package/dist/vue.js +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import{APIError as fr,createRouter as mr}from"better-call";import{APIError as te}from"better-call";import{z as ke}from"zod";import{xchacha20poly1305 as Ir}from"@noble/ciphers/chacha";import{bytesToHex as Or,hexToBytes as Sr,utf8ToBytes as Lr}from"@noble/ciphers/utils";import{managedNonce as Cr}from"@noble/ciphers/webcrypto";import{sha256 as Dr}from"oslo/crypto";function G(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as It,encodeHex as fe}from"oslo/encoding";import{scryptAsync as Pt}from"@noble/hashes/scrypt";var V={N:16384,r:16,p:1,dkLen:64};async function me(e,t){return await Pt(e.normalize("NFKC"),t,{N:V.N,p:V.p,r:V.r,dkLen:V.dkLen,maxmem:128*V.N*V.r*2})}var ge=async e=>{let t=fe(crypto.getRandomValues(new Uint8Array(16))),r=await me(e,t);return`${t}:${fe(r)}`},he=async(e,t)=>{let[r,o]=e.split(":"),n=await me(t,r);return G(n,It(o))};function Ot(e){return e.toString(2).padStart(8,"0")}function St(e){return[...e].map(t=>Ot(t)).join("")}function ye(e){return parseInt(St(e),2)}function Lt(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=ye(o);for(;n>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=ye(o);return n}function we(e,t){let r="";for(let o=0;o<e;o++)r+=t[Lt(t.length)];return r}function be(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function W(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await crypto.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as _t,createMiddleware as Ae,createMiddlewareCreator as Ct}from"better-call";var Re=Ae(async()=>({})),$=Ct({use:[Re,Ae(async()=>({}))]}),h=_t({use:[Re]});var xe=$({body:ke.object({csrfToken:ke.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=new URL(e.request.url);if(e.context.trustedOrigins.includes(t.origin))return;let r=e.body?.csrfToken;if(!r)throw new te("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!r||!o||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new te("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=await W(e.context.secret,n);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new te("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as O}from"better-call";import{generateCodeVerifier as tr}from"oslo/oauth2";import{z as v}from"zod";import{generateState as Bt}from"oslo/oauth2";import{z as Z}from"zod";import{sha256 as Te}from"oslo/crypto";async function Ue(e){let t=await Te(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function ve(e,t){let r=await Te(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return G(r,o)}import"better-call";async function Ee(e){let t=Bt(),r=JSON.stringify({code:t,callbackURL:e}),o=await Ue(r);return{raw:r,hash:o}}function re(e){return Z.object({code:Z.string(),callbackURL:Z.string().optional(),currentURL:Z.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as Dt}from"oslo";var R=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Ie=class extends R{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function Pe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:(e.baseURL?e.baseURL.startsWith("https://"):!1)||process.env.NODE_ENV==="production")?"__Secure-":"",o="better-auth",n=e.session?.expiresIn||new Dt(7,"d").seconds(),i=!!e.advanced?.crossSubDomainCookies?.enabled,a=i?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(i&&!a)throw new R("baseURL is required when crossSubdomainCookies are enabled");let c=i?"none":"lax";return{sessionToken:{name:`${r}${o}.session_token`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:n,...i?{domain:a}:{}}},csrfToken:{name:`${r}${o}.csrf_token`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*60*24*7,...i?{domain:a}:{}}},state:{name:`${r}${o}.state`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...i?{domain:a}:{}}},pkCodeVerifier:{name:`${r}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...i?{domain:a}:{}}},dontRememberToken:{name:`${r}${o}.dont_remember`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,...i?{domain:a}:{}}},nonce:{name:`${r}${o}.nonce`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...i?{domain:a}:{}}}}}function Oe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL?.startsWith("https://")||process.env.NODE_ENV==="production")?"__Secure-":"",o="better-auth",n=e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0);function i(a,c){let s=e.advanced?.crossSubDomainCookies?.enabled?e.advanced.crossSubDomainCookies.additionalCookies?.includes(a):void 0;return{name:process.env.NODE_ENV==="production"?`${r}${o}.${a}`:`${o}.${a}`,options:{secure:!!r,sameSite:"lax",path:"/",maxAge:60*15,...c,...s?{domain:n}:{}}}}return i}async function I(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function z(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function co(e){let t=new Map;return e.split(", ").forEach(o=>{let[n,...i]=o.split("; "),[a,c]=n.split("="),s={value:c};i.forEach(d=>{let[l,p]=d.split("=");s[l.toLowerCase()]=p||!0}),t.set(a,s)}),t}import{APIError as Se}from"better-call";import{createConsola as Nt}from"consola";var D=Nt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),oe=e=>({log:(...t)=>{!e?.disabled&&D.log("",...t)},error:(...t)=>{!e?.disabled&&D.error("",...t)},warn:(...t)=>{!e?.disabled&&D.warn("",...t)},info:(...t)=>{!e?.disabled&&D.info("",...t)},debug:(...t)=>{!e?.disabled&&D.debug("",...t)},box:(...t)=>{!e?.disabled&&D.box("",...t)},success:(...t)=>{!e?.disabled&&D.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
-`)}}),w=oe();var T=$(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,n=e.context.trustedOrigins;if(t?.includes("http")){let i=new URL(t).origin;if(!n.includes(i))throw w.error("Invalid callback URL",{callbackURL:t,trustedOrigins:n}),new Se("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let i=new URL(o).origin;if(!n.includes(i))throw w.error("Invalid current URL",{currentURL:o,trustedOrigins:n}),new Se("FORBIDDEN",{message:"Invalid callback URL"})}});import{parseJWT as jt}from"oslo/jwt";import{sha256 as qt}from"oslo/crypto";function Ft(e){try{return new URL(e).pathname!=="/"}catch{throw new R(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ne(e,t="/api/auth"){return Ft(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function M(e,t){if(e)return ne(e,t);let r=typeof process<"u"?process.env:{},o=r.BETTER_AUTH_URL||r.NEXT_PUBLIC_BETTER_AUTH_URL||r.PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_AUTH_URL||(r.BASE_URL!=="/"?r.BASE_URL:void 0);if(o)return ne(o,t);if(typeof window<"u")return ne(window.location.origin,t)}import{base64url as Vt}from"oslo/encoding";async function Le(e){let t=await qt(new TextEncoder().encode(e));return Vt.encode(new Uint8Array(t),{includePadding:!1})}function _e(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function x({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",i.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&n){let l=await Le(n);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((p,u)=>(p[u]=null,p),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}import{betterFetch as $t}from"@better-fetch/fetch";async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:a,error:c}=await $t(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return _e(a)}function ie(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var Ce=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=jt(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as zt}from"@better-fetch/fetch";var Be=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await zt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as Mt}from"@better-fetch/fetch";var De=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await x({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await Mt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});import{betterFetch as Ne}from"@better-fetch/fetch";var Fe=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let a=e.scope||o||["user:email"];return x({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await Ne("https://api.github.com/user",{auth:{type:"Bearer",token:r.accessToken}});if(n)return null;let i=!1;if(!o.email){let{data:a,error:c}=await Ne("https://api.github.com/user/emails",{auth:{type:"Bearer",token:r.accessToken}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,i=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as Ht}from"oslo/jwt";var qe=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new R("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new R("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return x({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=Ht(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as Kt}from"@better-fetch/fetch";import{parseJWT as Gt}from"oslo/jwt";var Ve=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return x({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:a}){return A({code:n,codeVerifier:i,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=Gt(n.idToken)?.payload,a=e.profilePhotoSize||48;return await Kt(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(s){w.error(s)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as Wt}from"@better-fetch/fetch";var $e=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return x({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await Wt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";function cn(e){return e.charAt(0).toUpperCase()+e.slice(1)}var C={isAction:!1};import{nanoid as Zt}from"nanoid";var U=e=>Zt(e);import{parseJWT as Qt}from"oslo/jwt";var je=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return x({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return w.error("No idToken found in token"),null;let o=Qt(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as Jt}from"@better-fetch/fetch";var ze=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return x({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Jt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var se={apple:Ce,discord:Be,facebook:De,github:Fe,microsoft:Ve,google:qe,spotify:$e,twitch:je,twitter:ze},Me=Object.keys(se);import{TimeSpan as Xt}from"oslo";import{createJWT as Yt,validateJWT as er}from"oslo/jwt";import{z as P}from"zod";import{APIError as Q}from"better-call";async function N(e,t){return await Yt("HS256",Buffer.from(e),{email:t.toLowerCase()},{expiresIn:new Xt(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var He=h("/send-verification-email",{method:"POST",query:P.object({currentURL:P.string().optional()}).optional(),body:P.object({email:P.string().email(),callbackURL:P.string().optional()}),use:[T]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled. Pass `sendVerificationEmail` in `emailAndPassword` options to enable it."),new Q("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new Q("BAD_REQUEST",{message:"User not found"});let o=await N(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),Ke=h("/verify-email",{method:"GET",query:P.object({token:P.string(),callbackURL:P.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await er("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new Q("BAD_REQUEST",{message:"Invalid token"})}let n=P.object({email:P.string().email()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new Q("BAD_REQUEST",{message:"User not found"});if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({status:!0})});var Ge=h("/sign-in/social",{method:"POST",requireHeaders:!0,query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({callbackURL:v.string().optional(),provider:v.enum(Me)}),use:[T]},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new O("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await Ee(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let a=tr();await e.setSignedCookie(r.pkCodeVerifier.name,a,e.context.secret,r.pkCodeVerifier.options);let c=await t.createAuthorizationURL({state:i.raw,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:c.toString(),state:i,codeVerifier:a,redirect:!0})}),We=h("/sign-in/email",{method:"POST",body:v.object({email:v.string().email(),password:v.string(),callbackURL:v.string().optional(),dontRememberMe:v.boolean().default(!1).optional()}),use:[T]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new O("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!v.string().email().safeParse(t).success)throw new O("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new O("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw w.error("Email verification is required but no email verification handler is provided"),new O("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let d=await N(e.context.secret,n.user.email),l=`${e.context.options.baseURL}/verify-email?token=${d}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,l,d),e.context.logger.error("Email not verified",{email:t}),new O("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=n.accounts.find(d=>d.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new O("UNAUTHORIZED",{message:"Invalid email or password"});let a=i?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new O("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new O("UNAUTHORIZED",{message:"Invalid email or password"});let s=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!s)throw e.context.logger.error("Failed to create session"),new O("UNAUTHORIZED",{message:"Failed to create session"});return await I(e,s.id,e.body.dontRememberMe),e.json({user:n.user,session:s,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as or}from"better-call";import{z as J}from"zod";import{z as y}from"zod";var yi=y.object({id:y.string(),providerId:y.string(),accountId:y.string(),userId:y.string(),accessToken:y.string().nullable().optional(),refreshToken:y.string().nullable().optional(),idToken:y.string().nullable().optional(),expiresAt:y.date().nullable().optional(),password:y.string().optional().nullable()}),Ze=y.object({id:y.string(),email:y.string().transform(e=>e.toLowerCase()),emailVerified:y.boolean().default(!1),name:y.string(),image:y.string().optional(),createdAt:y.date().default(new Date),updatedAt:y.date().default(new Date)}),wi=y.object({id:y.string(),userId:y.string(),expiresAt:y.date(),ipAddress:y.string().optional(),userAgent:y.string().optional()}),bi=y.object({id:y.string(),value:y.string(),expiresAt:y.date(),identifier:y.string()});function rr(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function Qe(e,t){let r={...e.user?.additionalFields};return rr(t||{},{fields:r})}var Je=h("/callback/:id",{method:"GET",query:J.object({state:J.string(),code:J.string().optional(),error:J.string().optional()}),metadata:C},async e=>{if(e.query.error||!e.query.code){let g=re(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${g}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(f=>f.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=re(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await ve(e.query.state,i))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let c=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),s;try{s=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:c,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(f){throw e.context.logger.error(f),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let d=await t.getUserInfo(s).then(f=>f?.user),l=U(),p=Ze.safeParse({...d,id:l});if(!d||p.success===!1)throw w.error("Unable to get user info",p.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let u=await e.context.internalAdapter.findUserByEmail(d.email,{includeAccounts:!0}).catch(f=>{throw w.error(`Better auth was unable to query your database.
-Error: `,f),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),m=u?.user.id;if(u){let f=u.accounts.find(k=>k.providerId===t.id),g=e.context.options.account?.accountLinking?.trustedProviders,b=g?g.includes(t.id):!0;if(!f&&(!d.emailVerified||!b)){let k;try{k=new URL(n||o),k.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(k.toString())}if(!f)try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:d.id.toString(),id:`${t.id}:${d.id}`,userId:u.user.id,...ie(s)})}catch(k){throw console.log(k),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{let f=d.emailVerified,g=await e.context.internalAdapter.createOAuthUser({...p.data,emailVerified:f},{...ie(s),id:`${t.id}:${d.id}`,providerId:t.id,accountId:d.id.toString()});if(!f&&g&&e.context.options.emailVerification?.sendOnSignUp){let b=await N(e.context.secret,d.email),k=`${e.context.baseURL}/verify-email?token=${b}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(g.user,k,b)}}catch{let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_user"),e.redirect(g.toString())}if(!m&&!l)throw new or("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});try{let f=await e.context.internalAdapter.createSession(m||l,e.request);if(!f){let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_session"),e.redirect(g.toString())}try{await I(e,f.id)}catch(g){e.context.logger.error("Unable to set session cookie",g);let b=new URL(n||o);throw b.searchParams.set("error","unable_to_create_session"),e.redirect(b.toString())}}catch{let f=new URL(n||o||"");throw f.searchParams.set("error","unable_to_create_session"),e.redirect(f.toString())}throw e.redirect(o)});import{APIError as H}from"better-call";var F=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as Xe}from"zod";var ae=()=>h("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return z(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let s=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:F(e.context.sessionConfig.expiresIn,"sec")});if(!s)return z(e),e.json(null,{status:401});let d=(s.expiresAt.valueOf()-Date.now())/1e3;return await I(e,s.id,!1,{maxAge:d}),e.json({session:s,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),nr=async e=>await ae()({...e,_flag:"json",headers:e.headers}),B=$(async e=>{let t=await nr(e);if(!t?.session)throw new H("UNAUTHORIZED");return{session:t}}),Ye=()=>h("/user/list-sessions",{method:"GET",use:[B],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),et=h("/user/revoke-session",{method:"POST",body:Xe.object({id:Xe.string()}),use:[B],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new H("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new H("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new H("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),tt=h("/user/revoke-sessions",{method:"POST",use:[B],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new H("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});import"zod";import{APIError as ir}from"better-call";var rt=h("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new ir("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),z(e),e.json({success:!0})});import{z as L}from"zod";import{APIError as X}from"better-call";var ot=h("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()}),use:[T]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new X("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),a=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${a}`,expiresAt:i});let c=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,c),e.json({status:!0})}),nt=h("/reset-password/:token",{method:"GET",query:L.object({callbackURL:L.string()}),use:[T]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),it=h("/reset-password",{query:L.object({token:L.string()}).optional(),method:"POST",body:L.object({newPassword:L.string()})},async e=>{let t=e.query?.token;if(!t)throw new X("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new X("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,a=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:a,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,a))throw new X("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as E}from"zod";import{APIError as S}from"better-call";var st=h("/user/update",{method:"POST",body:E.object({name:E.string().optional(),image:E.string().optional()}),use:[B,T]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:n})}),at=h("/user/change-password",{method:"POST",body:E.object({newPassword:E.string(),currentPassword:E.string(),revokeOtherSessions:E.boolean().optional()}),use:[B]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new S("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new S("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(n.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!s||!s.password)throw new S("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new S("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let p=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!p)throw new S("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await I(e,p.id)}return e.json(n.user)}),dt=h("/user/set-password",{method:"POST",body:E.object({newPassword:E.string()}),use:[B]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new S("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new S("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),c=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new S("BAD_REQUEST",{message:"user already has a password"})}),ct=h("/user/delete",{method:"POST",body:E.object({password:E.string()}),use:[B]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!n||!n.password)throw new S("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new S("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)});var lt=h("/csrf",{method:"GET",metadata:C},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,a]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=we(32,be("a-z","0-9","A-Z")),o=await W(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var sr=(e="Unknown")=>`<!DOCTYPE html>
+import{APIError as kt,createRouter as yr,statusCode as wr}from"better-call";import{APIError as re}from"better-call";import{z as Te}from"zod";import{xchacha20poly1305 as Sr}from"@noble/ciphers/chacha";import{bytesToHex as _r,hexToBytes as Cr,utf8ToBytes as Br}from"@noble/ciphers/utils";import{managedNonce as Nr}from"@noble/ciphers/webcrypto";import{sha256 as qr}from"oslo/crypto";function Z(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as _t,encodeHex as he}from"oslo/encoding";import{scryptAsync as Ct}from"@noble/hashes/scrypt";var V={N:16384,r:16,p:1,dkLen:64};async function ye(e,t){return await Ct(e.normalize("NFKC"),t,{N:V.N,p:V.p,r:V.r,dkLen:V.dkLen,maxmem:128*V.N*V.r*2})}var we=async e=>{let t=he(crypto.getRandomValues(new Uint8Array(16))),r=await ye(e,t);return`${t}:${he(r)}`},be=async(e,t)=>{let[r,o]=e.split(":"),n=await ye(t,r);return Z(n,_t(o))};function Bt(e){return e.toString(2).padStart(8,"0")}function Dt(e){return[...e].map(t=>Bt(t)).join("")}function Ae(e){return parseInt(Dt(e),2)}function Nt(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=Ae(o);for(;n>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=Ae(o);return n}function ke(e,t){let r="";for(let o=0;o<e;o++)r+=t[Nt(t.length)];return r}function Re(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function Q(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await crypto.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as Ft,createMiddleware as xe,createMiddlewareCreator as qt}from"better-call";var Ue=xe(async()=>({})),$=qt({use:[Ue,xe(async()=>({}))]}),h=Ft({use:[Ue]});var ve=$({body:Te.object({csrfToken:Te.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=new URL(e.request.url);if(e.context.trustedOrigins.includes(t.origin))return;let r=e.body?.csrfToken;if(!r)throw new re("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!r||!o||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new re("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=await Q(e.context.secret,n);if(i!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new re("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as S}from"better-call";import{generateCodeVerifier as sr}from"oslo/oauth2";import{z as O}from"zod";import{generateState as Vt}from"oslo/oauth2";import{z as W}from"zod";import{sha256 as Ee}from"oslo/crypto";async function Ie(e){let t=await Ee(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function Oe(e,t){let r=await Ee(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return Z(r,o)}import"better-call";async function Pe(e){let t=Vt(),r=JSON.stringify({code:t,callbackURL:e}),o=await Ie(r);return{raw:r,hash:o}}function oe(e){return W.object({code:W.string(),callbackURL:W.string().optional(),currentURL:W.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as $t}from"oslo";var k=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Se=class extends k{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function Le(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:(e.baseURL?e.baseURL.startsWith("https://"):!1)||process.env.NODE_ENV==="production")?"__Secure-":"",o="better-auth",n=e.session?.expiresIn||new $t(7,"d").seconds(),i=!!e.advanced?.crossSubDomainCookies?.enabled,a=i?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(i&&!a)throw new k("baseURL is required when crossSubdomainCookies are enabled");let c=i?"none":"lax";return{sessionToken:{name:`${r}${o}.session_token`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:n,...i?{domain:a}:{}}},csrfToken:{name:`${r}${o}.csrf_token`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*60*24*7,...i?{domain:a}:{}}},state:{name:`${r}${o}.state`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...i?{domain:a}:{}}},pkCodeVerifier:{name:`${r}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...i?{domain:a}:{}}},dontRememberToken:{name:`${r}${o}.dont_remember`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,...i?{domain:a}:{}}},nonce:{name:`${r}${o}.nonce`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...i?{domain:a}:{}}}}}function _e(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL?.startsWith("https://")||process.env.NODE_ENV==="production")?"__Secure-":"",o="better-auth",n=e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0);function i(a,c){let s=e.advanced?.crossSubDomainCookies?.enabled?e.advanced.crossSubDomainCookies.additionalCookies?.includes(a):void 0;return{name:process.env.NODE_ENV==="production"?`${r}${o}.${a}`:`${o}.${a}`,options:{secure:!!r,sameSite:"lax",path:"/",maxAge:60*15,...c,...s?{domain:n}:{}}}}return i}async function P(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function M(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function po(e){let t=new Map;return e.split(", ").forEach(o=>{let[n,...i]=o.split("; "),[a,c]=n.split("="),s={value:c};i.forEach(d=>{let[l,p]=d.split("=");s[l.toLowerCase()]=p||!0}),t.set(a,s)}),t}function fo(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[n,i]=o.split("=");r.set(n,i)}),r}import{APIError as Ce}from"better-call";import{createConsola as jt}from"consola";var N=jt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ne=e=>({log:(...t)=>{!e?.disabled&&N.log("",...t)},error:(...t)=>{!e?.disabled&&N.error("",...t)},warn:(...t)=>{!e?.disabled&&N.warn("",...t)},info:(...t)=>{!e?.disabled&&N.info("",...t)},debug:(...t)=>{!e?.disabled&&N.debug("",...t)},box:(...t)=>{!e?.disabled&&N.box("",...t)},success:(...t)=>{!e?.disabled&&N.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
+`)}}),b=ne();var U=$(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,n=e.context.trustedOrigins;if(t?.includes("http")){let i=new URL(t).origin;if(!n.includes(i))throw b.error("Invalid callback URL",{callbackURL:t,trustedOrigins:n}),new Ce("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let i=new URL(o).origin;if(!n.includes(i))throw b.error("Invalid current URL",{currentURL:o,trustedOrigins:n}),new Ce("FORBIDDEN",{message:"Invalid callback URL"})}});import{parseJWT as Gt}from"oslo/jwt";import{sha256 as Mt}from"oslo/crypto";function zt(e){try{return new URL(e).pathname!=="/"}catch{throw new k(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ie(e,t="/api/auth"){return zt(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function H(e,t){if(e)return ie(e,t);let r=typeof process<"u"?process.env:{},o=r.BETTER_AUTH_URL||r.NEXT_PUBLIC_BETTER_AUTH_URL||r.PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_AUTH_URL||(r.BASE_URL!=="/"?r.BASE_URL:void 0);if(o)return ie(o,t);if(typeof window<"u")return ie(window.location.origin,t)}import{base64url as Ht}from"oslo/encoding";async function Be(e){let t=await Mt(new TextEncoder().encode(e));return Ht.encode(new Uint8Array(t),{includePadding:!1})}function De(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function T({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",i.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&n){let l=await Be(n);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((p,u)=>(p[u]=null,p),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}import{betterFetch as Kt}from"@better-fetch/fetch";async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:a,error:c}=await Kt(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return De(a)}function se(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var Ne=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=Gt(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as Zt}from"@better-fetch/fetch";var Fe=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Zt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as Qt}from"@better-fetch/fetch";var qe=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await T({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await Qt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});import{betterFetch as Ve}from"@better-fetch/fetch";var $e=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let a=e.scope||o||["user:email"];return T({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await Ve("https://api.github.com/user",{auth:{type:"Bearer",token:r.accessToken}});if(n)return null;let i=!1;if(!o.email){let{data:a,error:c}=await Ve("https://api.github.com/user/emails",{auth:{type:"Bearer",token:r.accessToken}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,i=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as Wt}from"oslo/jwt";var je=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw b.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new k("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new k("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return T({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=Wt(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as Jt}from"@better-fetch/fetch";import{parseJWT as Xt}from"oslo/jwt";var ze=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return T({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:a}){return A({code:n,codeVerifier:i,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=Xt(n.idToken)?.payload,a=e.profilePhotoSize||48;return await Jt(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(s){b.error(s)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as Yt}from"@better-fetch/fetch";var Me=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return T({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await Yt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";function fn(e){return e.charAt(0).toUpperCase()+e.slice(1)}var D={isAction:!1};import{nanoid as er}from"nanoid";var v=e=>er(e);import{parseJWT as tr}from"oslo/jwt";var He=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return T({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return b.error("No idToken found in token"),null;let o=tr(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as rr}from"@better-fetch/fetch";var Ke=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return T({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await rr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var ae={apple:Ne,discord:Fe,facebook:qe,github:$e,microsoft:ze,google:je,spotify:Me,twitch:He,twitter:Ke},Ge=Object.keys(ae);import{TimeSpan as or}from"oslo";import{createJWT as nr,validateJWT as ir}from"oslo/jwt";import{z as I}from"zod";import{APIError as j}from"better-call";import{APIError as K}from"better-call";var F=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as Ze}from"zod";var de=()=>h("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return M(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let s=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:F(e.context.sessionConfig.expiresIn,"sec")});if(!s)return M(e),e.json(null,{status:401});let d=(s.expiresAt.valueOf()-Date.now())/1e3;return await P(e,s.id,!1,{maxAge:d}),e.json({session:s,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ce=async e=>await de()({...e,_flag:"json",headers:e.headers}),_=$(async e=>{let t=await ce(e);if(!t?.session)throw new K("UNAUTHORIZED");return{session:t}}),Qe=()=>h("/user/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),We=h("/user/revoke-session",{method:"POST",body:Ze.object({id:Ze.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new K("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new K("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new K("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Je=h("/user/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new K("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});import{z as x}from"zod";import{APIError as E}from"better-call";var Xe=h("/user/update",{method:"POST",body:x.object({name:x.string().optional(),image:x.string().optional()}),use:[_,U]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:n})}),Ye=h("/user/change-password",{method:"POST",body:x.object({newPassword:x.string(),currentPassword:x.string(),revokeOtherSessions:x.boolean().optional()}),use:[_]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new E("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new E("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(n.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!s||!s.password)throw new E("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new E("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let p=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!p)throw new E("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await P(e,p.id)}return e.json(n.user)}),et=h("/user/set-password",{method:"POST",body:x.object({newPassword:x.string()}),use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new E("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new E("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),c=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new E("BAD_REQUEST",{message:"user already has a password"})}),tt=h("/user/delete",{method:"POST",body:x.object({password:x.string()}),use:[_]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!n||!n.password)throw new E("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new E("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)}),rt=h("/user/change-email",{method:"POST",query:x.object({currentURL:x.string().optional()}).optional(),body:x.object({newEmail:x.string(),callbackURL:x.string().optional()}),use:[_,U]},async e=>{if(e.context.options.user?.changeEmail?.disable===!0)throw e.context.logger.error("Change email is disabled."),new E("BAD_REQUEST",{message:"Change email is disabled"});if(e.context.options.user?.changeEmail?.sendVerificationEmail===!1){let o=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:o,status:!0})}if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new E("BAD_REQUEST",{message:"Verification email isn't enabled"});let t=await C(e.context.secret,e.context.session.user.email,e.body.newEmail),r=`${e.context.baseURL}/verify-email?token=${t}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(e.context.session.user,r,t),e.json({user:null,status:!0})});async function C(e,t,r){return await nr("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new or(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var ot=h("/send-verification-email",{method:"POST",query:I.object({currentURL:I.string().optional()}).optional(),body:I.object({email:I.string().email(),callbackURL:I.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new j("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new j("BAD_REQUEST",{message:"User not found"});let o=await C(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),nt=h("/verify-email",{method:"GET",query:I.object({token:I.string(),callbackURL:I.string().optional()}),use:[U]},async e=>{let{token:t}=e.query,r;try{r=await ir("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new j("BAD_REQUEST",{message:"Invalid token"})}let n=I.object({email:I.string().email(),updateTo:I.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new j("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let a=await ce(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo,emailVerified:!0});if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var it=h("/sign-in/social",{method:"POST",requireHeaders:!0,query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({callbackURL:O.string().optional(),provider:O.enum(Ge)}),use:[U]},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new S("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await Pe(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let a=sr();await e.setSignedCookie(r.pkCodeVerifier.name,a,e.context.secret,r.pkCodeVerifier.options);let c=await t.createAuthorizationURL({state:i.raw,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:c.toString(),state:i,codeVerifier:a,redirect:!0})}),st=h("/sign-in/email",{method:"POST",body:O.object({email:O.string().email(),password:O.string(),callbackURL:O.string().optional(),dontRememberMe:O.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new S("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!O.string().email().safeParse(t).success)throw new S("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new S("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw b.error("Email verification is required but no email verification handler is provided"),new S("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let d=await C(e.context.secret,n.user.email),l=`${e.context.options.baseURL}/verify-email?token=${d}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,l,d),e.context.logger.error("Email not verified",{email:t}),new S("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=n.accounts.find(d=>d.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new S("UNAUTHORIZED",{message:"Invalid email or password"});let a=i?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new S("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new S("UNAUTHORIZED",{message:"Invalid email or password"});let s=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!s)throw e.context.logger.error("Failed to create session"),new S("UNAUTHORIZED",{message:"Failed to create session"});return await P(e,s.id,e.body.dontRememberMe),e.json({user:n.user,session:s,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as dr}from"better-call";import{z as J}from"zod";import{z as y}from"zod";var zi=y.object({id:y.string(),providerId:y.string(),accountId:y.string(),userId:y.string(),accessToken:y.string().nullable().optional(),refreshToken:y.string().nullable().optional(),idToken:y.string().nullable().optional(),expiresAt:y.date().nullable().optional(),password:y.string().optional().nullable()}),at=y.object({id:y.string(),email:y.string().transform(e=>e.toLowerCase()),emailVerified:y.boolean().default(!1),name:y.string(),image:y.string().optional(),createdAt:y.date().default(new Date),updatedAt:y.date().default(new Date)}),Mi=y.object({id:y.string(),userId:y.string(),expiresAt:y.date(),ipAddress:y.string().optional(),userAgent:y.string().optional()}),Hi=y.object({id:y.string(),value:y.string(),expiresAt:y.date(),identifier:y.string()});function ar(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function dt(e,t){let r={...e.user?.additionalFields};return ar(t||{},{fields:r})}var ct=h("/callback/:id",{method:"GET",query:J.object({state:J.string(),code:J.string().optional(),error:J.string().optional()}),metadata:D},async e=>{if(e.query.error||!e.query.code){let g=oe(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${g}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=oe(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw b.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await Oe(e.query.state,i))throw b.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let c=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),s;try{s=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:c,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let d=await t.getUserInfo(s).then(m=>m?.user),l=v(),p=at.safeParse({...d,id:l});if(!d||p.success===!1)throw b.error("Unable to get user info",p.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let u=await e.context.internalAdapter.findUserByEmail(d.email,{includeAccounts:!0}).catch(m=>{throw b.error(`Better auth was unable to query your database.
+Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),f=u?.user.id;if(u){let m=u.accounts.find(R=>R.providerId===t.id),g=e.context.options.account?.accountLinking?.trustedProviders,w=g?g.includes(t.id):!0;if(!m&&(!d.emailVerified||!w)){let R;try{R=new URL(n||o),R.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(R.toString())}if(!m)try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:d.id.toString(),id:`${t.id}:${d.id}`,userId:u.user.id,...se(s)})}catch(R){throw console.log(R),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{let m=d.emailVerified,g=await e.context.internalAdapter.createOAuthUser({...p.data,emailVerified:m},{...se(s),id:`${t.id}:${d.id}`,providerId:t.id,accountId:d.id.toString()});if(!m&&g&&e.context.options.emailVerification?.sendOnSignUp){let w=await C(e.context.secret,d.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(g.user,R,w)}}catch{let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_user"),e.redirect(g.toString())}if(!f&&!l)throw new dr("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});try{let m=await e.context.internalAdapter.createSession(f||l,e.request);if(!m){let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_session"),e.redirect(g.toString())}try{await P(e,m.id)}catch(g){e.context.logger.error("Unable to set session cookie",g);let w=new URL(n||o);throw w.searchParams.set("error","unable_to_create_session"),e.redirect(w.toString())}}catch{let m=new URL(n||o||"");throw m.searchParams.set("error","unable_to_create_session"),e.redirect(m.toString())}throw e.redirect(o)});import"zod";import{APIError as cr}from"better-call";var lt=h("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new cr("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),M(e),e.json({success:!0})});import{z as L}from"zod";import{APIError as X}from"better-call";var ut=h("/forget-password",{method:"POST",body:L.object({email:L.string().email(),redirectTo:L.string()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new X("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),a=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${a}`,expiresAt:i});let c=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,c),e.json({status:!0})}),pt=h("/reset-password/:token",{method:"GET",query:L.object({callbackURL:L.string()}),use:[U]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),ft=h("/reset-password",{query:L.optional(L.object({token:L.string()})),method:"POST",body:L.object({newPassword:L.string()})},async e=>{let t=e.query?.token;if(!t)throw new X("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new X("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,a=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:a,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,a))throw new X("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});var mt=h("/csrf",{method:"GET",metadata:D},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,a]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=ke(32,Re("a-z","0-9","A-Z")),o=await Q(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var lr=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,f),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,ut=h("/error",{method:"GET",metadata:C},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(sr(t),{headers:{"Content-Type":"text/html"}})});var pt=h("/ok",{method:"GET",metadata:C},async e=>e.json({ok:!0}));import{z as j}from"zod";import{APIError as q}from"better-call";var ft=()=>h("/sign-up/email",{method:"POST",query:j.object({currentURL:j.string().optional()}).optional(),body:j.record(j.string(),j.any()),use:[T]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new q("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:a,...c}=t;if(!j.string().email().safeParse(o).success)throw new q("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(n.length<d)throw e.context.logger.error("Password is too short"),new q("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(n.length>l)throw e.context.logger.error("Password is too long"),new q("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new q("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let u=Qe(e.context.options,c),m=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...u,emailVerified:!1});if(!m)throw new q("BAD_REQUEST",{message:"Failed to create user"});let f=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:f,expiresAt:F(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let b=await N(e.context.secret,m.email),k=`${e.context.baseURL}/verify-email?token=${b}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(m,k,b)}if(!e.context.options.emailAndPassword.autoSignIn)return e.json({user:m,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:m,session:null}});let g=await e.context.internalAdapter.createSession(m.id,e.request);if(!g)throw new q("BAD_REQUEST",{message:"Failed to create session"});return await I(e,g.id),e.json({user:m,session:g},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:m,session:g}})});function mt(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of r){let n=e.headers.get(o);if(typeof n=="string"){let i=n.split(",")[0].trim();if(i)return i}}return null}function ar(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function dr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function cr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function lr(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(c){w.error("Error setting rate limit",c)}}}}var gt=new Map;function ur(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return gt.get(r)},async set(r,o,n){gt.set(r,o)}}:lr(e,e.rateLimit.tableName)}async function ht(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,a=mt(e)+o,s=pr().find(u=>u.pathMatcher(o));s&&(n=s.window,i=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let m=u.rateLimit.find(f=>f.pathMatcher(o));if(m){n=m.window,i=m.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(n=u.window,i=u.max)}let d=ur(t),l=await d.get(a),p=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:p});else{let u=p-l.lastRequest;if(ar(i,n,l)){let m=cr(l.lastRequest,n);return dr(m)}else u>n*1e3?await d.set(a,{...l,count:1,lastRequest:p}):await d.set(a,{...l,count:l.count+1,lastRequest:p})}}function pr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}import{APIError as pa}from"better-call";function de(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],i={...{signInOAuth:Ge,callbackOAuth:Je,getCSRFToken:lt,getSession:ae(),signOut:rt,signUpEmail:ft(),signInEmail:We,forgetPassword:ot,resetPassword:it,verifyEmail:Ke,sendVerificationEmail:He,changePassword:at,setPassword:dt,updateUser:st,deleteUser:ct,forgetPasswordCallback:nt,listSessions:Ye(),revokeSession:et,revokeSessions:tt},...r,ok:pt,error:ut},a={};for(let[c,s]of Object.entries(i))a[c]=async(d={})=>{let l=await e;for(let m of t.plugins||[])if(m.hooks?.before){for(let f of m.hooks.before)if(f.matcher({...s,...d,context:l})){let b=await f.handler({...d,context:{...l,...d?.context}});b&&"context"in b&&(l={...l,...b.context})}}let u=await s({...d,context:{...l,...d.context}});for(let m of t.plugins||[])if(m.hooks?.after){for(let f of m.hooks.after)if(f.matcher(d)){let b=Object.assign(d,{context:{...e,returned:u}}),k=await f.handler(b);k&&"response"in k&&(u=k.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var yt=(e,t)=>{let{api:r,middlewares:o}=de(e,t),n=new URL(e.baseURL).pathname;return mr(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:xe},...o],async onRequest(i){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(i,e);if(c)return c}return ht(i,e)},async onResponse(i){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(i,e);if(c)return c.response}return i},onError(i){if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let a=t.logger?.verboseLogging?w:void 0;t.logger?.disabled!==!0&&(i instanceof fr?(i.status==="INTERNAL_SERVER_ERROR"&&w.error(i),a?.error(i.message)):w?.error(i))}})};var _=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[p,u]of Object.entries(l))s[p]={fields:{...s[p]?.fields,...u.fields},tableName:u.tableName||p};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:n,session:i,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...n?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...i?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};import{Kysely as wt,MssqlDialect as gr}from"kysely";import{MysqlDialect as bt,PostgresDialect as At,SqliteDialect as Rt}from"kysely";function kt(e){if("dialect"in e)return kt(e.dialect);if("createDriver"in e){if(e instanceof Rt)return"sqlite";if(e instanceof bt)return"mysql";if(e instanceof At)return"postgres";if(e instanceof gr)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var K=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new wt({dialect:t.dialect}),databaseType:t.type};let r,o=kt(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new Rt({database:t})),"getConnection"in t&&(r=new bt({pool:t})),"connect"in t&&(r=new At({pool:t})),{kysely:r?new wt({dialect:r}):null,databaseType:o}};function Y(e){if(!e)return{and:null,or:null};let t=e?.filter(o=>o.connector==="AND"||!o.connector).reduce((o,n)=>({...o,[n.field]:n.value}),{}),r=e?.filter(o=>o.connector==="OR").reduce((o,n)=>({...o,[n.field]:n.value}),{});return{and:Object.keys(t).length?t:null,or:Object.keys(r).length?r:null}}function ee(e,t,r){for(let o in e)e[o]===0&&t[o]?.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&t[o]?.type==="boolean"&&r?.boolean&&(e[o]=!0),t[o]?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])));return e}function xt(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var Tt=(e,t)=>({id:"kysely",async create(r){let{model:o,data:n,select:i}=r;t?.transform&&(n=xt(n,t.transform)),t?.generateId!==void 0&&(n.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(n).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?ee(n,c,t.transform):a}return i?.length&&(a=a?i.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:n,select:i}=r,{and:a,or:c}=Y(n),s=e.selectFrom(o).selectAll();c&&(s=s.where(l=>l.or(c))),a&&(s=s.where(l=>l.and(a)));let d=await s.executeTakeFirst();if(i?.length&&(d=d?i.reduce((p,u)=>d?.[u]?{...p,[u]:d[u]}:p,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?ee(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:n,limit:i,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=Y(n);d&&(s=s.where(u=>u.and(d))),l&&(s=s.where(u=>u.or(l))),s=s.limit(i||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let p=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?p.map(m=>ee(m,u,t.transform)):p}return p},async update(r){let{model:o,where:n,update:i}=r,{and:a,or:c}=Y(n);t?.transform&&(i=xt(i,t.transform));let s=e.updateTable(o).set(i);a&&(s=s.where(l=>l.and(a))),c&&(s=s.where(l=>l.or(c)));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?ee(d,l,t.transform):d}return d},async delete(r){let{model:o,where:n}=r,{and:i,or:a}=Y(n),c=e.deleteFrom(o);i&&(c=c.where(s=>s.and(i))),a&&(c=c.where(s=>s.or(a))),await c.execute()}});async function Ut(e){if(!e.database)throw new R("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await K(e);if(!t)throw new R("Failed to initialize database adapter");let o=_(e),n={};for(let i of Object.values(o))n[i.tableName]=i.fields;return Tt(t,{transform:{schema:n,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function ce(e,t){let r={id:t.id};for(let o in e){let n=e[o],i=t[o];r[n.fieldName||o]=i}return r}function le(e,t){if(!t)return null;let r={id:t.id};for(let[o,n]of Object.entries(e))r[o]=t[n.fieldName||o];return r}function vt(e,t){let r=t.hooks,o=_(t.options);async function n(a,c,s){let d=a,l=o[c];for(let m of r||[]){let f=m[c]?.create?.before;if(f){let g=await f(a);if(g===!1)return null;typeof g=="object"&&"data"in g&&(d=g.data)}}let p=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{id:U(),...ce(l.fields,d)}}):p;for(let m of r||[]){let f=m[c]?.create?.after;f&&await f(u)}return le(l.fields,u)}async function i(a,c,s,d){let l=a;for(let m of r||[]){let f=m[s]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;l=typeof g=="object"?g.data:g}}let p=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:ce(o[s].fields,l),where:c}):p;for(let m of r||[]){let f=m[s]?.update?.after;f&&await f(u)}return le(o[s].fields,u)}return{createWithHooks:n,updateWithHooks:i}}var ue=(e,t)=>{let r=t.options,o=r.secondaryStorage,n=r.session?.expiresIn||60*60*24*7,i=_(r),{createWithHooks:a,updateWithHooks:c}=vt(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a(s,"user"),p=await a(d,"account");return{user:l,account:{...p,userId:l.id}}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:U(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:U(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l)=>await e.findMany({model:i.user.tableName,limit:s,offset:d,sortBy:l}),deleteUser:async s=>{await e.delete({model:i.account.tableName,where:[{field:i.account.fields.userId.fieldName||"userId",value:s}]}),await e.delete({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]}),await e.delete({model:i.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,p)=>{let u=d instanceof Request?d.headers:d,m={id:U(),userId:s,expiresAt:l?F(60*60*24,"sec"):F(n,"sec"),ipAddress:u?.get("x-forwarded-for")||"",userAgent:u?.get("user-agent")||"",...p};return await a(m,"session",o?{fn:async g=>{let b=await e.findOne({model:i.user.tableName,where:[{field:"id",value:s}]});return o.set(g.id,JSON.stringify({session:g,user:b}),n),g},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let p=await o.get(s);if(p){let u=JSON.parse(p);return{session:{...u.session,expiresAt:new Date(u.session.expiresAt)},user:{...u.user,createdAt:new Date(u.user.createdAt),updatedAt:new Date(u.user.updatedAt)}}}}let d=await e.findOne({model:i.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=await e.findOne({model:i.user.tableName,where:[{value:d.userId,field:"id"}]});return l?{session:d,user:l}:null},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(p){let u=await o.get(s),m=null;if(u){let f=JSON.parse(u);m={...f.session,...p},await o.set(s,JSON.stringify({session:m,user:f.user}),f.session.expiresAt?new Date(f.session.expiresAt).getTime():void 0)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:i.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:i.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]});return}await e.delete({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:i.user.tableName,where:[{value:s.toLowerCase(),field:i.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let p=await e.findMany({model:i.account.tableName,where:[{value:l.id,field:i.account.fields.userId.fieldName||"userId"}]});return{user:l,accounts:p}}return{user:l,accounts:[]}},findUserById:async s=>await e.findOne({model:i.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:U(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:i.account.fields.userId.fieldName||"userId",value:s},{field:i.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>await e.findMany({model:i.account.tableName,where:[{field:i.account.fields.userId.fieldName||"userId",value:s}]}),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:U(),...s},"verification"),findVerificationValue:async s=>await e.findOne({model:i.verification.tableName,where:[{field:i.verification.fields.identifier.fieldName||"identifier",value:s}]}),deleteVerificationValue:async s=>{await e.delete({model:i.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};import{z as Da}from"zod";import"kysely";import{defu as hr}from"defu";var pe="better-auth-secret-123456789";var Et=async e=>{let t=await Ut(e),r=e.plugins||[],o=wr(e),{kysely:n}=await K(e),i=M(e.baseURL,e.basePath);if(!i)throw new R("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it your auth config.");let a=e.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||pe;if(a===pe&&process.env.NODE_ENV==="production")throw new R("You are using the default secret. Please set `BETTER_AUTH_SECRET` or `AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");e={...e,secret:a,baseURL:i?new URL(i).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:!0}};let c=Pe(e),s=_(e),d=Object.keys(e.socialProviders||{}).map(u=>{let m=e.socialProviders?.[u];return m.enabled===!1?null:((!m.clientId||!m.clientSecret)&&w.warn(`Social provider ${u} is missing clientId or clientSecret`),se[u](m))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:br(e),baseURL:i,sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??process.env.NODE_ENV!=="development",window:e.rateLimit?.window||60,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:oe({disabled:e.logger?.disabled||!1}),db:n,uuid:U,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||ge,verify:e.emailAndPassword?.password?.verify||he,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128}},adapter:t,internalAdapter:ue(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:Oe(e)},{context:p}=yr(l);return p};function yr(e){let t=e.options,r=t.plugins||[],o=e,n=[];for(let i of r)if(i.init){let a=i.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&n.push(a.options.databaseHooks),t=hr(t,a.options)),a.context&&(o={...o,...a.context}))}return n.push(t.databaseHooks),o.internalAdapter=ue(e.adapter,{options:t,hooks:n.filter(i=>i!==void 0)}),o.options=t,{context:o}}function wr(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function br(e){let t=M(e.baseURL,e.basePath);if(!t)throw new R("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it in your auth config.");let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=process.env.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var Ad=e=>{let t=Et(e),{api:r}=de(t,e);return{handler:async o=>{let n=await t,i=n.options.basePath||"/api/auth",a=new URL(o.url);if(!n.options.baseURL){let s=M(void 0,i)||`${a.origin}${i}`;n.options.baseURL=s,n.baseURL=s}if(!n.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===i||a.pathname===`${i}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=yt(n,e);return c(o)},api:r,options:e,$Infer:{}}};export{R as BetterAuthError,C as HIDE_METADATA,Ie as MissingDependencyError,Ad as betterAuth,cn as capitalizeFirstLetter,Oe as createCookieGetter,oe as createLogger,z as deleteSessionCookie,U as generateId,Ee as generateState,Pe as getCookies,w as logger,co as parseSetCookieHeader,re as parseState,I as setSessionCookie};
+</html>`,gt=h("/error",{method:"GET",metadata:D},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(lr(t),{headers:{"Content-Type":"text/html"}})});var ht=h("/ok",{method:"GET",metadata:D},async e=>e.json({ok:!0}));import{z}from"zod";import{APIError as q}from"better-call";var yt=()=>h("/sign-up/email",{method:"POST",query:z.object({currentURL:z.string().optional()}).optional(),body:z.record(z.string(),z.any()),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new q("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:a,...c}=t;if(!z.string().email().safeParse(o).success)throw new q("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(n.length<d)throw e.context.logger.error("Password is too short"),new q("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(n.length>l)throw e.context.logger.error("Password is too long"),new q("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new q("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let u=dt(e.context.options,c),f=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...u,emailVerified:!1});if(!f)throw new q("BAD_REQUEST",{message:"Failed to create user"});let m=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:f.id,providerId:"credential",accountId:f.id,password:m,expiresAt:F(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let w=await C(e.context.secret,f.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(f,R,w)}if(!e.context.options.emailAndPassword.autoSignIn)return e.json({user:f,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:null}});let g=await e.context.internalAdapter.createSession(f.id,e.request);if(!g)throw new q("BAD_REQUEST",{message:"Failed to create session"});return await P(e,g.id),e.json({user:f,session:g},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:g}})});function wt(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"];for(let o of r){let n=e.headers.get(o);if(typeof n=="string"){let i=n.split(",")[0].trim();if(i)return i}}return null}function ur(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function pr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function fr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function mr(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(c){b.error("Error setting rate limit",c)}}}}var bt=new Map;function gr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return bt.get(r)},async set(r,o,n){bt.set(r,o)}}:mr(e,e.rateLimit.tableName)}async function At(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,a=wt(e)+o,s=hr().find(u=>u.pathMatcher(o));s&&(n=s.window,i=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let f=u.rateLimit.find(m=>m.pathMatcher(o));if(f){n=f.window,i=f.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(n=u.window,i=u.max)}let d=gr(t),l=await d.get(a),p=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:p});else{let u=p-l.lastRequest;if(ur(i,n,l)){let f=fr(l.lastRequest,n);return pr(f)}else u>n*1e3?await d.set(a,{...l,count:1,lastRequest:p}):await d.set(a,{...l,count:l.count+1,lastRequest:p})}}function hr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}import{APIError as ka}from"better-call";function le(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],i={...{signInOAuth:it,callbackOAuth:ct,getCSRFToken:mt,getSession:de(),signOut:lt,signUpEmail:yt(),signInEmail:st,forgetPassword:ut,resetPassword:ft,verifyEmail:nt,sendVerificationEmail:ot,changeEmail:rt,changePassword:Ye,setPassword:et,updateUser:Xe,deleteUser:tt,forgetPasswordCallback:pt,listSessions:Qe(),revokeSession:We,revokeSessions:Je},...r,ok:ht,error:gt},a={};for(let[c,s]of Object.entries(i))a[c]=async(d={})=>{let l=await e;for(let f of t.plugins||[])if(f.hooks?.before){for(let m of f.hooks.before)if(m.matcher({...s,...d,context:l})){let w=await m.handler({...d,context:{...l,...d?.context}});w&&"context"in w&&(l={...l,...w.context})}}let p;try{p=await s({...d,context:{...l,...d.context}})}catch(f){if(f instanceof kt){let m=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!m?.length)throw f;let g=new Response(JSON.stringify(f.body),{status:wr[f.status],headers:f.headers});for(let w of m||[])if(w.matcher(d)){let ge=Object.assign(d,{context:{...e,returned:g}}),te=await w.handler(ge);te&&"response"in te&&(g=te.response)}return g}throw f}let u=p;for(let f of t.plugins||[])if(f.hooks?.after){for(let m of f.hooks.after)if(m.matcher(d)){let w=Object.assign(d,{context:{...e,returned:u}}),R=await m.handler(w);R&&"response"in R&&(u=R.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Rt=(e,t)=>{let{api:r,middlewares:o}=le(e,t),n=new URL(e.baseURL).pathname;return yr(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:ve},...o],async onRequest(i){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(i,e);if(c)return c}return At(i,e)},async onResponse(i){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(i,e);if(c)return c.response}return i},onError(i){if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let a=t.logger?.verboseLogging?b:void 0;t.logger?.disabled!==!0&&(i instanceof kt?(i.status==="INTERNAL_SERVER_ERROR"&&b.error(i),a?.error(i.message)):b?.error(i))}})};var B=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[p,u]of Object.entries(l))s[p]={fields:{...s[p]?.fields,...u.fields},tableName:u.tableName||p};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:n,session:i,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...n?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...i?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};import{Kysely as xt,MssqlDialect as br}from"kysely";import{MysqlDialect as Ut,PostgresDialect as Tt,SqliteDialect as vt}from"kysely";function Et(e){if("dialect"in e)return Et(e.dialect);if("createDriver"in e){if(e instanceof vt)return"sqlite";if(e instanceof Ut)return"mysql";if(e instanceof Tt)return"postgres";if(e instanceof br)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var G=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new xt({dialect:t.dialect}),databaseType:t.type};let r,o=Et(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new vt({database:t})),"getConnection"in t&&(r=new Ut({pool:t})),"connect"in t&&(r=new Tt({pool:t})),{kysely:r?new xt({dialect:r}):null,databaseType:o}};function Y(e){if(!e)return{and:null,or:null};let t=e?.filter(o=>o.connector==="AND"||!o.connector).reduce((o,n)=>({...o,[n.field]:n.value}),{}),r=e?.filter(o=>o.connector==="OR").reduce((o,n)=>({...o,[n.field]:n.value}),{});return{and:Object.keys(t).length?t:null,or:Object.keys(r).length?r:null}}function ee(e,t,r){for(let o in e)e[o]===0&&t[o]?.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&t[o]?.type==="boolean"&&r?.boolean&&(e[o]=!0),t[o]?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])));return e}function It(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var Ot=(e,t)=>({id:"kysely",async create(r){let{model:o,data:n,select:i}=r;t?.transform&&(n=It(n,t.transform)),t?.generateId!==void 0&&(n.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(n).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?ee(n,c,t.transform):a}return i?.length&&(a=a?i.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:n,select:i}=r,{and:a,or:c}=Y(n),s=e.selectFrom(o).selectAll();c&&(s=s.where(l=>l.or(c))),a&&(s=s.where(l=>l.and(a)));let d=await s.executeTakeFirst();if(i?.length&&(d=d?i.reduce((p,u)=>d?.[u]?{...p,[u]:d[u]}:p,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?ee(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:n,limit:i,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=Y(n);d&&(s=s.where(u=>u.and(d))),l&&(s=s.where(u=>u.or(l))),s=s.limit(i||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let p=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?p.map(f=>ee(f,u,t.transform)):p}return p},async update(r){let{model:o,where:n,update:i}=r,{and:a,or:c}=Y(n);t?.transform&&(i=It(i,t.transform));let s=e.updateTable(o).set(i);a&&(s=s.where(l=>l.and(a))),c&&(s=s.where(l=>l.or(c)));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?ee(d,l,t.transform):d}return d},async delete(r){let{model:o,where:n}=r,{and:i,or:a}=Y(n),c=e.deleteFrom(o);i&&(c=c.where(s=>s.and(i))),a&&(c=c.where(s=>s.or(a))),await c.execute()}});async function Pt(e){if(!e.database)throw new k("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await G(e);if(!t)throw new k("Failed to initialize database adapter");let o=B(e),n={};for(let i of Object.values(o))n[i.tableName]=i.fields;return Ot(t,{transform:{schema:n,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function ue(e,t){let r={id:t.id};for(let o in e){let n=e[o],i=t[o];r[n.fieldName||o]=i}return r}function pe(e,t){if(!t)return null;let r={id:t.id};for(let[o,n]of Object.entries(e))r[o]=t[n.fieldName||o];return r}function St(e,t){let r=t.hooks,o=B(t.options);async function n(a,c,s){let d=a,l=o[c];for(let f of r||[]){let m=f[c]?.create?.before;if(m){let g=await m(a);if(g===!1)return null;typeof g=="object"&&"data"in g&&(d=g.data)}}let p=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{id:v(),...ue(l.fields,d)}}):p;for(let f of r||[]){let m=f[c]?.create?.after;m&&await m(u)}return pe(l.fields,u)}async function i(a,c,s,d){let l=a;for(let f of r||[]){let m=f[s]?.update?.before;if(m){let g=await m(a);if(g===!1)return null;l=typeof g=="object"?g.data:g}}let p=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:ue(o[s].fields,l),where:c}):p;for(let f of r||[]){let m=f[s]?.update?.after;m&&await m(u)}return pe(o[s].fields,u)}return{createWithHooks:n,updateWithHooks:i}}var fe=(e,t)=>{let r=t.options,o=r.secondaryStorage,n=r.session?.expiresIn||60*60*24*7,i=B(r),{createWithHooks:a,updateWithHooks:c}=St(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a(s,"user"),p=await a(d,"account");return{user:l,account:{...p,userId:l.id}}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:v(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:v(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l)=>await e.findMany({model:i.user.tableName,limit:s,offset:d,sortBy:l}),deleteUser:async s=>{await e.delete({model:i.account.tableName,where:[{field:i.account.fields.userId.fieldName||"userId",value:s}]}),await e.delete({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]}),await e.delete({model:i.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,p)=>{let u=d instanceof Request?d.headers:d,f={id:v(),userId:s,expiresAt:l?F(60*60*24,"sec"):F(n,"sec"),ipAddress:u?.get("x-forwarded-for")||"",userAgent:u?.get("user-agent")||"",...p};return await a(f,"session",o?{fn:async g=>{let w=await e.findOne({model:i.user.tableName,where:[{field:"id",value:s}]});return o.set(g.id,JSON.stringify({session:g,user:w}),n),g},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let p=await o.get(s);if(p){let u=JSON.parse(p);return{session:{...u.session,expiresAt:new Date(u.session.expiresAt)},user:{...u.user,createdAt:new Date(u.user.createdAt),updatedAt:new Date(u.user.updatedAt)}}}}let d=await e.findOne({model:i.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=await e.findOne({model:i.user.tableName,where:[{value:d.userId,field:"id"}]});return l?{session:d,user:l}:null},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(p){let u=await o.get(s),f=null;if(u){let m=JSON.parse(u);f={...m.session,...p},await o.set(s,JSON.stringify({session:f,user:m.user}),m.session.expiresAt?new Date(m.session.expiresAt).getTime():void 0)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:i.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:i.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]});return}await e.delete({model:i.session.tableName,where:[{field:i.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:i.user.tableName,where:[{value:s.toLowerCase(),field:i.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let p=await e.findMany({model:i.account.tableName,where:[{value:l.id,field:i.account.fields.userId.fieldName||"userId"}]});return{user:l,accounts:p}}return{user:l,accounts:[]}},findUserById:async s=>await e.findOne({model:i.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:v(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:i.account.fields.userId.fieldName||"userId",value:s},{field:i.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>await e.findMany({model:i.account.tableName,where:[{field:i.account.fields.userId.fieldName||"userId",value:s}]}),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:v(),...s},"verification"),findVerificationValue:async s=>await e.findOne({model:i.verification.tableName,where:[{field:i.verification.fields.identifier.fieldName||"identifier",value:s}]}),deleteVerificationValue:async s=>{await e.delete({model:i.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};import{z as Ha}from"zod";import"kysely";import{defu as Ar}from"defu";var me="better-auth-secret-123456789";var Lt=async e=>{let t=await Pt(e),r=e.plugins||[],o=Rr(e),{kysely:n}=await G(e),i=H(e.baseURL,e.basePath);if(!i)throw new k("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it your auth config.");let a=e.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||me;if(a===me&&process.env.NODE_ENV==="production")throw new k("You are using the default secret. Please set `BETTER_AUTH_SECRET` or `AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");e={...e,secret:a,baseURL:i?new URL(i).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:!0}};let c=Le(e),s=B(e),d=Object.keys(e.socialProviders||{}).map(u=>{let f=e.socialProviders?.[u];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&b.warn(`Social provider ${u} is missing clientId or clientSecret`),ae[u](f))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:xr(e),baseURL:i,sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??process.env.NODE_ENV!=="development",window:e.rateLimit?.window||60,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:ne({disabled:e.logger?.disabled||!1}),db:n,uuid:v,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||we,verify:e.emailAndPassword?.password?.verify||be,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128}},adapter:t,internalAdapter:fe(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:_e(e)},{context:p}=kr(l);return p};function kr(e){let t=e.options,r=t.plugins||[],o=e,n=[];for(let i of r)if(i.init){let a=i.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&n.push(a.options.databaseHooks),t=Ar(t,a.options)),a.context&&(o={...o,...a.context}))}return n.push(t.databaseHooks),o.internalAdapter=fe(e.adapter,{options:t,hooks:n.filter(i=>i!==void 0)}),o.options=t,{context:o}}function Rr(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function xr(e){let t=H(e.baseURL,e.basePath);if(!t)throw new k("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it in your auth config.");let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=process.env.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var Od=e=>{let t=Lt(e),{api:r}=le(t,e);return{handler:async o=>{let n=await t,i=n.options.basePath||"/api/auth",a=new URL(o.url);if(!n.options.baseURL){let s=H(void 0,i)||`${a.origin}${i}`;n.options.baseURL=s,n.baseURL=s}if(!n.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===i||a.pathname===`${i}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Rt(n,e);return c(o)},api:r,options:e,$Infer:{}}};export{k as BetterAuthError,D as HIDE_METADATA,Se as MissingDependencyError,Od as betterAuth,fn as capitalizeFirstLetter,_e as createCookieGetter,ne as createLogger,M as deleteSessionCookie,v as generateId,Pe as generateState,Le as getCookies,b as logger,fo as parseCookies,po as parseSetCookieHeader,oe as parseState,P as setSessionCookie};

package/dist/node.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import * as http from 'http';
-import { a as Auth } from './auth-C6fr77co.js';
+import { a as Auth } from './auth-BTj2ofMy.js';
 import 'zod';
 import 'kysely';
 import './schema-Dkt0LqYs.js';

package/dist/plugins.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, j as genericOAuth, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-pILRgibH.js';
+export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, j as genericOAuth, g as getPasskeyActions, m as magicLink, k as multiSession, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-DhZ8Ofpl.js';
 export { i as ac } from './index-DfAHOgpj.js';
-import { H as HookEndpointContext, P as PluginSchema } from './auth-C6fr77co.js';
-export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './auth-C6fr77co.js';
+import { H as HookEndpointContext, P as PluginSchema } from './auth-BTj2ofMy.js';
+export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './auth-BTj2ofMy.js';
 export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
 import { U as User } from './schema-Dkt0LqYs.js';
 import * as better_call from 'better-call';