better-auth 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.DS_Store +0 -0
- package/dist/adapters/drizzle.d.ts +2 -3
- package/dist/adapters/mongodb.d.ts +2 -3
- package/dist/adapters/prisma.d.ts +2 -3
- package/dist/api.d.ts +2 -3
- package/dist/api.js +43 -29
- package/dist/cli.js +1 -2
- package/dist/client/plugins.d.ts +4 -5
- package/dist/client.d.ts +2 -3
- package/dist/{index-BOgQnoz7.d.ts → index-BJjwxSm5.d.ts} +2 -2
- package/dist/{index-C-85i2-P.d.ts → index-DTlKO6LZ.d.ts} +25 -25
- package/dist/index.d.ts +2 -3
- package/dist/index.js +43 -29
- package/dist/next-js.d.ts +2 -3
- package/dist/node.d.ts +2 -3
- package/dist/plugins.d.ts +4 -5
- package/dist/plugins.js +63 -44
- package/dist/react.d.ts +2 -3
- package/dist/social.d.ts +1 -2
- package/dist/social.js +38 -24
- package/dist/solid-start.d.ts +2 -3
- package/dist/solid.d.ts +2 -3
- package/dist/svelte-kit.d.ts +2 -3
- package/dist/svelte.d.ts +2 -3
- package/dist/{types-DoyeJ_dw.d.ts → types-IzAbV4nB.d.ts} +63 -56
- package/dist/types.d.ts +4 -5
- package/dist/vue.d.ts +2 -3
- package/package.json +2 -6
package/dist/index.js
CHANGED
|
@@ -9,7 +9,7 @@ import { z } from "zod";
|
|
|
9
9
|
import { xchacha20poly1305 } from "@noble/ciphers/chacha";
|
|
10
10
|
import { bytesToHex, hexToBytes, utf8ToBytes } from "@noble/ciphers/utils";
|
|
11
11
|
import { managedNonce } from "@noble/ciphers/webcrypto";
|
|
12
|
-
import { sha256 } from "
|
|
12
|
+
import { sha256 } from "oslo/crypto";
|
|
13
13
|
async function hs256(secretKey, message) {
|
|
14
14
|
const enc = new TextEncoder();
|
|
15
15
|
const algorithm = { name: "HMAC", hash: "SHA-256" };
|
|
@@ -107,7 +107,7 @@ import { z as z4 } from "zod";
|
|
|
107
107
|
import { parseJWT } from "oslo/jwt";
|
|
108
108
|
|
|
109
109
|
// src/social-providers/utils.ts
|
|
110
|
-
import {
|
|
110
|
+
import { sha256 as sha2562 } from "oslo/crypto";
|
|
111
111
|
|
|
112
112
|
// src/error/better-auth-error.ts
|
|
113
113
|
var BetterAuthError = class extends Error {
|
|
@@ -156,7 +156,6 @@ function getBaseURL(url, path) {
|
|
|
156
156
|
|
|
157
157
|
// src/social-providers/utils.ts
|
|
158
158
|
import { betterFetch } from "@better-fetch/fetch";
|
|
159
|
-
import { sha256 as sha2562 } from "@noble/hashes/sha256";
|
|
160
159
|
import { base64url } from "oslo/encoding";
|
|
161
160
|
function getRedirectURI(providerId, redirectURI) {
|
|
162
161
|
return redirectURI || `${getBaseURL()}/callback/${providerId}`;
|
|
@@ -187,16 +186,18 @@ async function validateAuthorizationCode({
|
|
|
187
186
|
if (error2) {
|
|
188
187
|
throw error2;
|
|
189
188
|
}
|
|
190
|
-
const tokens =
|
|
189
|
+
const tokens = getOAuth2Tokens(data);
|
|
191
190
|
return tokens;
|
|
192
191
|
}
|
|
193
|
-
function generateCodeChallenge(codeVerifier) {
|
|
194
|
-
const codeChallengeBytes = sha2562(
|
|
195
|
-
|
|
192
|
+
async function generateCodeChallenge(codeVerifier) {
|
|
193
|
+
const codeChallengeBytes = await sha2562(
|
|
194
|
+
new TextEncoder().encode(codeVerifier)
|
|
195
|
+
);
|
|
196
|
+
return base64url.encode(new Uint8Array(codeChallengeBytes), {
|
|
196
197
|
includePadding: false
|
|
197
198
|
});
|
|
198
199
|
}
|
|
199
|
-
function createAuthorizationURL({
|
|
200
|
+
async function createAuthorizationURL({
|
|
200
201
|
id,
|
|
201
202
|
options,
|
|
202
203
|
authorizationEndpoint,
|
|
@@ -215,12 +216,22 @@ function createAuthorizationURL({
|
|
|
215
216
|
options.redirectURI || getRedirectURI(id)
|
|
216
217
|
);
|
|
217
218
|
if (!disablePkce && codeVerifier) {
|
|
218
|
-
const codeChallenge = generateCodeChallenge(codeVerifier);
|
|
219
|
+
const codeChallenge = await generateCodeChallenge(codeVerifier);
|
|
219
220
|
url.searchParams.set("code_challenge_method", "S256");
|
|
220
221
|
url.searchParams.set("code_challenge", codeChallenge);
|
|
221
222
|
}
|
|
222
223
|
return url;
|
|
223
224
|
}
|
|
225
|
+
function getOAuth2Tokens(data) {
|
|
226
|
+
return {
|
|
227
|
+
tokenType: data.token_type,
|
|
228
|
+
accessToken: data.access_token,
|
|
229
|
+
refreshToken: data.refresh_token,
|
|
230
|
+
accessTokenExpiresAt: data.expires_at ? new Date((Date.now() + data.expires_in) * 1e3) : void 0,
|
|
231
|
+
scopes: data.scope?.split(" ") || [],
|
|
232
|
+
idToken: data.id_token
|
|
233
|
+
};
|
|
234
|
+
}
|
|
224
235
|
|
|
225
236
|
// src/social-providers/apple.ts
|
|
226
237
|
var apple = (options) => {
|
|
@@ -244,7 +255,10 @@ var apple = (options) => {
|
|
|
244
255
|
});
|
|
245
256
|
},
|
|
246
257
|
async getUserInfo(token) {
|
|
247
|
-
|
|
258
|
+
if (!token.idToken) {
|
|
259
|
+
return null;
|
|
260
|
+
}
|
|
261
|
+
const data = parseJWT(token.idToken)?.payload;
|
|
248
262
|
if (!data) {
|
|
249
263
|
return null;
|
|
250
264
|
}
|
|
@@ -290,7 +304,7 @@ var discord = (options) => {
|
|
|
290
304
|
"https://discord.com/api/users/@me",
|
|
291
305
|
{
|
|
292
306
|
headers: {
|
|
293
|
-
authorization: `Bearer ${token.accessToken
|
|
307
|
+
authorization: `Bearer ${token.accessToken}`
|
|
294
308
|
}
|
|
295
309
|
}
|
|
296
310
|
);
|
|
@@ -324,9 +338,9 @@ var facebook = (options) => {
|
|
|
324
338
|
return {
|
|
325
339
|
id: "facebook",
|
|
326
340
|
name: "Facebook",
|
|
327
|
-
createAuthorizationURL({ state, scopes, codeVerifier }) {
|
|
341
|
+
async createAuthorizationURL({ state, scopes, codeVerifier }) {
|
|
328
342
|
const _scopes = options.scope || scopes || ["email", "public_profile"];
|
|
329
|
-
return createAuthorizationURL({
|
|
343
|
+
return await createAuthorizationURL({
|
|
330
344
|
id: "facebook",
|
|
331
345
|
options,
|
|
332
346
|
authorizationEndpoint: "https://www.facebook.com/v16.0/dialog/oauth",
|
|
@@ -350,7 +364,7 @@ var facebook = (options) => {
|
|
|
350
364
|
{
|
|
351
365
|
auth: {
|
|
352
366
|
type: "Bearer",
|
|
353
|
-
token: token.accessToken
|
|
367
|
+
token: token.accessToken
|
|
354
368
|
}
|
|
355
369
|
}
|
|
356
370
|
);
|
|
@@ -402,7 +416,7 @@ var github = (options) => {
|
|
|
402
416
|
{
|
|
403
417
|
auth: {
|
|
404
418
|
type: "Bearer",
|
|
405
|
-
token: token.accessToken
|
|
419
|
+
token: token.accessToken
|
|
406
420
|
}
|
|
407
421
|
}
|
|
408
422
|
);
|
|
@@ -414,7 +428,7 @@ var github = (options) => {
|
|
|
414
428
|
const { data, error: error3 } = await betterFetch4("https://api.github.com/user/emails", {
|
|
415
429
|
auth: {
|
|
416
430
|
type: "Bearer",
|
|
417
|
-
token: token.accessToken
|
|
431
|
+
token: token.accessToken
|
|
418
432
|
}
|
|
419
433
|
});
|
|
420
434
|
if (!error3) {
|
|
@@ -520,7 +534,7 @@ var google = (options) => {
|
|
|
520
534
|
if (!token.idToken) {
|
|
521
535
|
return null;
|
|
522
536
|
}
|
|
523
|
-
const user = parseJWT2(token.idToken
|
|
537
|
+
const user = parseJWT2(token.idToken)?.payload;
|
|
524
538
|
return {
|
|
525
539
|
user: {
|
|
526
540
|
id: user.sub,
|
|
@@ -566,13 +580,16 @@ var microsoft = (options) => {
|
|
|
566
580
|
});
|
|
567
581
|
},
|
|
568
582
|
async getUserInfo(token) {
|
|
569
|
-
|
|
583
|
+
if (!token.idToken) {
|
|
584
|
+
return null;
|
|
585
|
+
}
|
|
586
|
+
const user = parseJWT3(token.idToken)?.payload;
|
|
570
587
|
const profilePhotoSize = options.profilePhotoSize || 48;
|
|
571
588
|
await betterFetch5(
|
|
572
589
|
`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,
|
|
573
590
|
{
|
|
574
591
|
headers: {
|
|
575
|
-
Authorization: `Bearer ${token.accessToken
|
|
592
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
576
593
|
},
|
|
577
594
|
async onResponse(context) {
|
|
578
595
|
if (options.disableProfilePhoto || !context.response.ok) {
|
|
@@ -635,7 +652,7 @@ var spotify = (options) => {
|
|
|
635
652
|
{
|
|
636
653
|
method: "GET",
|
|
637
654
|
headers: {
|
|
638
|
-
Authorization: `Bearer ${token.accessToken
|
|
655
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
639
656
|
}
|
|
640
657
|
}
|
|
641
658
|
);
|
|
@@ -686,7 +703,7 @@ var twitch = (options) => {
|
|
|
686
703
|
{
|
|
687
704
|
method: "GET",
|
|
688
705
|
headers: {
|
|
689
|
-
Authorization: `Bearer ${token.accessToken
|
|
706
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
690
707
|
}
|
|
691
708
|
}
|
|
692
709
|
);
|
|
@@ -739,7 +756,7 @@ var twitter = (options) => {
|
|
|
739
756
|
{
|
|
740
757
|
method: "GET",
|
|
741
758
|
headers: {
|
|
742
|
-
Authorization: `Bearer ${token.accessToken
|
|
759
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
743
760
|
}
|
|
744
761
|
}
|
|
745
762
|
);
|
|
@@ -763,9 +780,6 @@ var twitter = (options) => {
|
|
|
763
780
|
};
|
|
764
781
|
};
|
|
765
782
|
|
|
766
|
-
// src/social-providers/types.ts
|
|
767
|
-
import "arctic";
|
|
768
|
-
|
|
769
783
|
// src/social-providers/index.ts
|
|
770
784
|
var oAuthProviders = {
|
|
771
785
|
apple,
|
|
@@ -1165,7 +1179,7 @@ var signInOAuth = createAuthEndpoint(
|
|
|
1165
1179
|
c.context.secret,
|
|
1166
1180
|
cookie.pkCodeVerifier.options
|
|
1167
1181
|
);
|
|
1168
|
-
const url = provider.createAuthorizationURL({
|
|
1182
|
+
const url = await provider.createAuthorizationURL({
|
|
1169
1183
|
state: state.state,
|
|
1170
1184
|
codeVerifier
|
|
1171
1185
|
});
|
|
@@ -1416,11 +1430,11 @@ var HIDE_METADATA = {
|
|
|
1416
1430
|
|
|
1417
1431
|
// src/utils/getAccount.ts
|
|
1418
1432
|
function getAccountTokens(tokens) {
|
|
1419
|
-
const accessToken = tokens.accessToken
|
|
1420
|
-
let refreshToken = tokens.
|
|
1433
|
+
const accessToken = tokens.accessToken;
|
|
1434
|
+
let refreshToken = tokens.refreshToken;
|
|
1421
1435
|
let accessTokenExpiresAt = void 0;
|
|
1422
1436
|
try {
|
|
1423
|
-
accessTokenExpiresAt = tokens.accessTokenExpiresAt
|
|
1437
|
+
accessTokenExpiresAt = tokens.accessTokenExpiresAt;
|
|
1424
1438
|
} catch {
|
|
1425
1439
|
}
|
|
1426
1440
|
return {
|
package/dist/next-js.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { a as Auth } from './index-
|
|
2
|
-
import { U as User, S as Session } from './types-
|
|
1
|
+
import { a as Auth } from './index-DTlKO6LZ.js';
|
|
2
|
+
import { U as User, S as Session } from './types-IzAbV4nB.js';
|
|
3
3
|
import { NextRequest } from 'next/server';
|
|
4
4
|
import 'zod';
|
|
5
5
|
import 'kysely';
|
|
@@ -7,7 +7,6 @@ import 'better-call';
|
|
|
7
7
|
import './helper-DPDj8Nix.js';
|
|
8
8
|
import 'better-sqlite3';
|
|
9
9
|
import 'mysql2';
|
|
10
|
-
import 'arctic';
|
|
11
10
|
|
|
12
11
|
declare function toNextJsHandler(auth: Auth | Auth["handler"]): {
|
|
13
12
|
GET: (request: Request) => Promise<Response>;
|
package/dist/node.d.ts
CHANGED
|
@@ -1,9 +1,8 @@
|
|
|
1
1
|
import * as http from 'http';
|
|
2
|
-
import { a as Auth } from './index-
|
|
2
|
+
import { a as Auth } from './index-DTlKO6LZ.js';
|
|
3
3
|
import 'zod';
|
|
4
4
|
import 'kysely';
|
|
5
|
-
import './types-
|
|
6
|
-
import 'arctic';
|
|
5
|
+
import './types-IzAbV4nB.js';
|
|
7
6
|
import './helper-DPDj8Nix.js';
|
|
8
7
|
import 'better-call';
|
|
9
8
|
import 'better-sqlite3';
|
package/dist/plugins.d.ts
CHANGED
|
@@ -1,10 +1,9 @@
|
|
|
1
|
-
export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-
|
|
1
|
+
export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-BJjwxSm5.js';
|
|
2
2
|
export { i as ac } from './index-DfAHOgpj.js';
|
|
3
|
-
import { H as HookEndpointContext } from './index-
|
|
4
|
-
export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-
|
|
5
|
-
import './types-
|
|
3
|
+
import { H as HookEndpointContext } from './index-DTlKO6LZ.js';
|
|
4
|
+
export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-DTlKO6LZ.js';
|
|
5
|
+
import './types-IzAbV4nB.js';
|
|
6
6
|
import 'zod';
|
|
7
|
-
import 'arctic';
|
|
8
7
|
import './helper-DPDj8Nix.js';
|
|
9
8
|
import 'better-call';
|
|
10
9
|
import './statement-CfnyN34h.js';
|
package/dist/plugins.js
CHANGED
|
@@ -43,7 +43,7 @@ import { z as z3 } from "zod";
|
|
|
43
43
|
import { parseJWT } from "oslo/jwt";
|
|
44
44
|
|
|
45
45
|
// src/social-providers/utils.ts
|
|
46
|
-
import {
|
|
46
|
+
import { sha256 } from "oslo/crypto";
|
|
47
47
|
|
|
48
48
|
// src/error/better-auth-error.ts
|
|
49
49
|
var BetterAuthError = class extends Error {
|
|
@@ -96,7 +96,6 @@ function getOrigin(url) {
|
|
|
96
96
|
|
|
97
97
|
// src/social-providers/utils.ts
|
|
98
98
|
import { betterFetch } from "@better-fetch/fetch";
|
|
99
|
-
import { sha256 } from "@noble/hashes/sha256";
|
|
100
99
|
import { base64url } from "oslo/encoding";
|
|
101
100
|
function getRedirectURI(providerId, redirectURI) {
|
|
102
101
|
return redirectURI || `${getBaseURL()}/callback/${providerId}`;
|
|
@@ -127,16 +126,18 @@ async function validateAuthorizationCode({
|
|
|
127
126
|
if (error2) {
|
|
128
127
|
throw error2;
|
|
129
128
|
}
|
|
130
|
-
const tokens =
|
|
129
|
+
const tokens = getOAuth2Tokens(data);
|
|
131
130
|
return tokens;
|
|
132
131
|
}
|
|
133
|
-
function generateCodeChallenge(codeVerifier) {
|
|
134
|
-
const codeChallengeBytes = sha256(
|
|
135
|
-
|
|
132
|
+
async function generateCodeChallenge(codeVerifier) {
|
|
133
|
+
const codeChallengeBytes = await sha256(
|
|
134
|
+
new TextEncoder().encode(codeVerifier)
|
|
135
|
+
);
|
|
136
|
+
return base64url.encode(new Uint8Array(codeChallengeBytes), {
|
|
136
137
|
includePadding: false
|
|
137
138
|
});
|
|
138
139
|
}
|
|
139
|
-
function createAuthorizationURL({
|
|
140
|
+
async function createAuthorizationURL({
|
|
140
141
|
id,
|
|
141
142
|
options,
|
|
142
143
|
authorizationEndpoint,
|
|
@@ -155,12 +156,22 @@ function createAuthorizationURL({
|
|
|
155
156
|
options.redirectURI || getRedirectURI(id)
|
|
156
157
|
);
|
|
157
158
|
if (!disablePkce && codeVerifier) {
|
|
158
|
-
const codeChallenge = generateCodeChallenge(codeVerifier);
|
|
159
|
+
const codeChallenge = await generateCodeChallenge(codeVerifier);
|
|
159
160
|
url.searchParams.set("code_challenge_method", "S256");
|
|
160
161
|
url.searchParams.set("code_challenge", codeChallenge);
|
|
161
162
|
}
|
|
162
163
|
return url;
|
|
163
164
|
}
|
|
165
|
+
function getOAuth2Tokens(data) {
|
|
166
|
+
return {
|
|
167
|
+
tokenType: data.token_type,
|
|
168
|
+
accessToken: data.access_token,
|
|
169
|
+
refreshToken: data.refresh_token,
|
|
170
|
+
accessTokenExpiresAt: data.expires_at ? new Date((Date.now() + data.expires_in) * 1e3) : void 0,
|
|
171
|
+
scopes: data.scope?.split(" ") || [],
|
|
172
|
+
idToken: data.id_token
|
|
173
|
+
};
|
|
174
|
+
}
|
|
164
175
|
|
|
165
176
|
// src/social-providers/apple.ts
|
|
166
177
|
var apple = (options) => {
|
|
@@ -184,7 +195,10 @@ var apple = (options) => {
|
|
|
184
195
|
});
|
|
185
196
|
},
|
|
186
197
|
async getUserInfo(token) {
|
|
187
|
-
|
|
198
|
+
if (!token.idToken) {
|
|
199
|
+
return null;
|
|
200
|
+
}
|
|
201
|
+
const data = parseJWT(token.idToken)?.payload;
|
|
188
202
|
if (!data) {
|
|
189
203
|
return null;
|
|
190
204
|
}
|
|
@@ -230,7 +244,7 @@ var discord = (options) => {
|
|
|
230
244
|
"https://discord.com/api/users/@me",
|
|
231
245
|
{
|
|
232
246
|
headers: {
|
|
233
|
-
authorization: `Bearer ${token.accessToken
|
|
247
|
+
authorization: `Bearer ${token.accessToken}`
|
|
234
248
|
}
|
|
235
249
|
}
|
|
236
250
|
);
|
|
@@ -264,9 +278,9 @@ var facebook = (options) => {
|
|
|
264
278
|
return {
|
|
265
279
|
id: "facebook",
|
|
266
280
|
name: "Facebook",
|
|
267
|
-
createAuthorizationURL({ state, scopes, codeVerifier }) {
|
|
281
|
+
async createAuthorizationURL({ state, scopes, codeVerifier }) {
|
|
268
282
|
const _scopes = options.scope || scopes || ["email", "public_profile"];
|
|
269
|
-
return createAuthorizationURL({
|
|
283
|
+
return await createAuthorizationURL({
|
|
270
284
|
id: "facebook",
|
|
271
285
|
options,
|
|
272
286
|
authorizationEndpoint: "https://www.facebook.com/v16.0/dialog/oauth",
|
|
@@ -290,7 +304,7 @@ var facebook = (options) => {
|
|
|
290
304
|
{
|
|
291
305
|
auth: {
|
|
292
306
|
type: "Bearer",
|
|
293
|
-
token: token.accessToken
|
|
307
|
+
token: token.accessToken
|
|
294
308
|
}
|
|
295
309
|
}
|
|
296
310
|
);
|
|
@@ -342,7 +356,7 @@ var github = (options) => {
|
|
|
342
356
|
{
|
|
343
357
|
auth: {
|
|
344
358
|
type: "Bearer",
|
|
345
|
-
token: token.accessToken
|
|
359
|
+
token: token.accessToken
|
|
346
360
|
}
|
|
347
361
|
}
|
|
348
362
|
);
|
|
@@ -354,7 +368,7 @@ var github = (options) => {
|
|
|
354
368
|
const { data, error: error3 } = await betterFetch4("https://api.github.com/user/emails", {
|
|
355
369
|
auth: {
|
|
356
370
|
type: "Bearer",
|
|
357
|
-
token: token.accessToken
|
|
371
|
+
token: token.accessToken
|
|
358
372
|
}
|
|
359
373
|
});
|
|
360
374
|
if (!error3) {
|
|
@@ -460,7 +474,7 @@ var google = (options) => {
|
|
|
460
474
|
if (!token.idToken) {
|
|
461
475
|
return null;
|
|
462
476
|
}
|
|
463
|
-
const user = parseJWT2(token.idToken
|
|
477
|
+
const user = parseJWT2(token.idToken)?.payload;
|
|
464
478
|
return {
|
|
465
479
|
user: {
|
|
466
480
|
id: user.sub,
|
|
@@ -506,13 +520,16 @@ var microsoft = (options) => {
|
|
|
506
520
|
});
|
|
507
521
|
},
|
|
508
522
|
async getUserInfo(token) {
|
|
509
|
-
|
|
523
|
+
if (!token.idToken) {
|
|
524
|
+
return null;
|
|
525
|
+
}
|
|
526
|
+
const user = parseJWT3(token.idToken)?.payload;
|
|
510
527
|
const profilePhotoSize = options.profilePhotoSize || 48;
|
|
511
528
|
await betterFetch5(
|
|
512
529
|
`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,
|
|
513
530
|
{
|
|
514
531
|
headers: {
|
|
515
|
-
Authorization: `Bearer ${token.accessToken
|
|
532
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
516
533
|
},
|
|
517
534
|
async onResponse(context) {
|
|
518
535
|
if (options.disableProfilePhoto || !context.response.ok) {
|
|
@@ -575,7 +592,7 @@ var spotify = (options) => {
|
|
|
575
592
|
{
|
|
576
593
|
method: "GET",
|
|
577
594
|
headers: {
|
|
578
|
-
Authorization: `Bearer ${token.accessToken
|
|
595
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
579
596
|
}
|
|
580
597
|
}
|
|
581
598
|
);
|
|
@@ -626,7 +643,7 @@ var twitch = (options) => {
|
|
|
626
643
|
{
|
|
627
644
|
method: "GET",
|
|
628
645
|
headers: {
|
|
629
|
-
Authorization: `Bearer ${token.accessToken
|
|
646
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
630
647
|
}
|
|
631
648
|
}
|
|
632
649
|
);
|
|
@@ -679,7 +696,7 @@ var twitter = (options) => {
|
|
|
679
696
|
{
|
|
680
697
|
method: "GET",
|
|
681
698
|
headers: {
|
|
682
|
-
Authorization: `Bearer ${token.accessToken
|
|
699
|
+
Authorization: `Bearer ${token.accessToken}`
|
|
683
700
|
}
|
|
684
701
|
}
|
|
685
702
|
);
|
|
@@ -703,9 +720,6 @@ var twitter = (options) => {
|
|
|
703
720
|
};
|
|
704
721
|
};
|
|
705
722
|
|
|
706
|
-
// src/social-providers/types.ts
|
|
707
|
-
import "arctic";
|
|
708
|
-
|
|
709
723
|
// src/social-providers/index.ts
|
|
710
724
|
var oAuthProviders = {
|
|
711
725
|
apple,
|
|
@@ -980,7 +994,7 @@ var signInOAuth = createAuthEndpoint(
|
|
|
980
994
|
c.context.secret,
|
|
981
995
|
cookie.pkCodeVerifier.options
|
|
982
996
|
);
|
|
983
|
-
const url = provider.createAuthorizationURL({
|
|
997
|
+
const url = await provider.createAuthorizationURL({
|
|
984
998
|
state: state.state,
|
|
985
999
|
codeVerifier
|
|
986
1000
|
});
|
|
@@ -1231,11 +1245,11 @@ var HIDE_METADATA = {
|
|
|
1231
1245
|
|
|
1232
1246
|
// src/utils/getAccount.ts
|
|
1233
1247
|
function getAccountTokens(tokens) {
|
|
1234
|
-
const accessToken = tokens.accessToken
|
|
1235
|
-
let refreshToken = tokens.
|
|
1248
|
+
const accessToken = tokens.accessToken;
|
|
1249
|
+
let refreshToken = tokens.refreshToken;
|
|
1236
1250
|
let accessTokenExpiresAt = void 0;
|
|
1237
1251
|
try {
|
|
1238
|
-
accessTokenExpiresAt = tokens.accessTokenExpiresAt
|
|
1252
|
+
accessTokenExpiresAt = tokens.accessTokenExpiresAt;
|
|
1239
1253
|
} catch {
|
|
1240
1254
|
}
|
|
1241
1255
|
return {
|
|
@@ -1964,7 +1978,7 @@ var deleteUser = createAuthEndpoint(
|
|
|
1964
1978
|
import { xchacha20poly1305 } from "@noble/ciphers/chacha";
|
|
1965
1979
|
import { bytesToHex, hexToBytes, utf8ToBytes } from "@noble/ciphers/utils";
|
|
1966
1980
|
import { managedNonce } from "@noble/ciphers/webcrypto";
|
|
1967
|
-
import { sha256 as sha2562 } from "
|
|
1981
|
+
import { sha256 as sha2562 } from "oslo/crypto";
|
|
1968
1982
|
async function hs256(secretKey, message) {
|
|
1969
1983
|
const enc = new TextEncoder();
|
|
1970
1984
|
const algorithm = { name: "HMAC", hash: "SHA-256" };
|
|
@@ -1982,17 +1996,23 @@ async function hs256(secretKey, message) {
|
|
|
1982
1996
|
);
|
|
1983
1997
|
return btoa(String.fromCharCode(...new Uint8Array(signature)));
|
|
1984
1998
|
}
|
|
1985
|
-
var symmetricEncrypt = ({
|
|
1986
|
-
|
|
1999
|
+
var symmetricEncrypt = async ({
|
|
2000
|
+
key,
|
|
2001
|
+
data
|
|
2002
|
+
}) => {
|
|
2003
|
+
const keyAsBytes = await sha2562(new TextEncoder().encode(key));
|
|
1987
2004
|
const dataAsBytes = utf8ToBytes(data);
|
|
1988
|
-
const chacha = managedNonce(xchacha20poly1305)(keyAsBytes);
|
|
2005
|
+
const chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));
|
|
1989
2006
|
return bytesToHex(chacha.encrypt(dataAsBytes));
|
|
1990
2007
|
};
|
|
1991
|
-
var symmetricDecrypt = ({
|
|
1992
|
-
|
|
2008
|
+
var symmetricDecrypt = async ({
|
|
2009
|
+
key,
|
|
2010
|
+
data
|
|
2011
|
+
}) => {
|
|
2012
|
+
const keyAsBytes = await sha2562(new TextEncoder().encode(key));
|
|
1993
2013
|
const dataAsBytes = hexToBytes(data);
|
|
1994
|
-
const chacha = managedNonce(xchacha20poly1305)(keyAsBytes);
|
|
1995
|
-
return chacha.decrypt(dataAsBytes);
|
|
2014
|
+
const chacha = managedNonce(xchacha20poly1305)(new Uint8Array(keyAsBytes));
|
|
2015
|
+
return new TextDecoder().decode(chacha.decrypt(dataAsBytes));
|
|
1996
2016
|
};
|
|
1997
2017
|
|
|
1998
2018
|
// src/api/routes/csrf.ts
|
|
@@ -4004,7 +4024,7 @@ function generateBackupCodesFn(options) {
|
|
|
4004
4024
|
async function generateBackupCodes(secret, options) {
|
|
4005
4025
|
const key = secret;
|
|
4006
4026
|
const backupCodes = options?.customBackupCodesGenerate ? options.customBackupCodesGenerate() : generateBackupCodesFn();
|
|
4007
|
-
const encCodes = symmetricEncrypt({
|
|
4027
|
+
const encCodes = await symmetricEncrypt({
|
|
4008
4028
|
data: JSON.stringify(backupCodes),
|
|
4009
4029
|
key
|
|
4010
4030
|
});
|
|
@@ -4258,12 +4278,11 @@ var totp2fa = (options) => {
|
|
|
4258
4278
|
});
|
|
4259
4279
|
}
|
|
4260
4280
|
const totp = new TOTPController2(opts);
|
|
4261
|
-
const
|
|
4262
|
-
|
|
4263
|
-
|
|
4264
|
-
|
|
4265
|
-
|
|
4266
|
-
);
|
|
4281
|
+
const decrypted = await symmetricDecrypt({
|
|
4282
|
+
key: ctx.context.secret,
|
|
4283
|
+
data: ctx.context.session.user.twoFactorSecret
|
|
4284
|
+
});
|
|
4285
|
+
const secret = Buffer.from(decrypted);
|
|
4267
4286
|
const status = await totp.verify(ctx.body.code, secret);
|
|
4268
4287
|
if (!status) {
|
|
4269
4288
|
return ctx.context.invalid();
|
|
@@ -4376,7 +4395,7 @@ var twoFactor = (options) => {
|
|
|
4376
4395
|
});
|
|
4377
4396
|
}
|
|
4378
4397
|
const secret = generateRandomString(16, alphabet("a-z", "0-9", "-"));
|
|
4379
|
-
const encryptedSecret = symmetricEncrypt({
|
|
4398
|
+
const encryptedSecret = await symmetricEncrypt({
|
|
4380
4399
|
key: ctx.context.secret,
|
|
4381
4400
|
data: secret
|
|
4382
4401
|
});
|
package/dist/react.d.ts
CHANGED
|
@@ -3,10 +3,9 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
|
|
|
3
3
|
import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
|
|
4
4
|
import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
|
|
5
5
|
import { useStore } from '@nanostores/react';
|
|
6
|
-
import './index-
|
|
6
|
+
import './index-DTlKO6LZ.js';
|
|
7
7
|
import 'kysely';
|
|
8
|
-
import './types-
|
|
9
|
-
import 'arctic';
|
|
8
|
+
import './types-IzAbV4nB.js';
|
|
10
9
|
import 'better-call';
|
|
11
10
|
import 'better-sqlite3';
|
|
12
11
|
import 'mysql2';
|
package/dist/social.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
export {
|
|
2
|
-
import 'arctic';
|
|
1
|
+
export { k as AppleOptions, j as AppleProfile, p as DiscordOptions, D as DiscordProfile, w as FacebookOptions, F as FacebookProfile, e as GithubOptions, G as GithubProfile, h as GoogleOptions, f as GoogleProfile, M as MicrosoftEntraIDProfile, m as MicrosoftOptions, O as OAuth2Tokens, a as OAuthProvider, c as OAuthProviderList, P as ProviderOptions, b as SocialProviders, s as SpotifyOptions, r as SpotifyProfile, u as TwitchOptions, T as TwitchProfile, z as TwitterOption, y as TwitterProfile, l as apple, q as discord, x as facebook, g as github, i as google, n as microsoft, d as oAuthProviderList, o as oAuthProviders, t as spotify, v as twitch, B as twitter } from './types-IzAbV4nB.js';
|
|
3
2
|
import './helper-DPDj8Nix.js';
|
|
4
3
|
import 'zod';
|