better-auth 0.4.4 → 0.4.5

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-Bt0CUdx4.js';
+import { A as Adapter } from '../index-B5SM-JCa.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../index-Bt0CUdx4.js';
+import { W as Where } from '../index-B5SM-JCa.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-Bt0CUdx4.js';
+import { A as Adapter } from '../index-B5SM-JCa.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-Bt0CUdx4.js';
+export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-B5SM-JCa.js';
 import './helper-DPDj8Nix.js';
 import 'zod';
 export { APIError } from 'better-call';

package/dist/api.js

@@ -1040,39 +1040,39 @@ var signInOAuth = createAuthEndpoint(
       provider: z4.enum(oAuthProviderList)
     })
   },
-  async (c) => {
-    const provider = c.context.socialProviders.find(
-      (p) => p.id === c.body.provider
+  async (c2) => {
+    const provider = c2.context.socialProviders.find(
+      (p) => p.id === c2.body.provider
     );
     if (!provider) {
-      c.context.logger.error(
+      c2.context.logger.error(
         "Provider not found. Make sure to add the provider to your auth config",
         {
-          provider: c.body.provider
+          provider: c2.body.provider
         }
       );
       throw new APIError3("NOT_FOUND", {
         message: "Provider not found"
       });
     }
-    const cookie = c.context.authCookies;
-    const currentURL = c.query?.currentURL ? new URL(c.query?.currentURL) : null;
-    const callbackURL = c.body.callbackURL?.startsWith("http") ? c.body.callbackURL : `${currentURL?.origin}${c.body.callbackURL || ""}`;
+    const cookie = c2.context.authCookies;
+    const currentURL = c2.query?.currentURL ? new URL(c2.query?.currentURL) : null;
+    const callbackURL = c2.body.callbackURL?.startsWith("http") ? c2.body.callbackURL : `${currentURL?.origin}${c2.body.callbackURL || ""}`;
     const state = generateState(
-      callbackURL || currentURL?.origin || c.context.baseURL,
-      c.query?.currentURL
+      callbackURL || currentURL?.origin || c2.context.baseURL,
+      c2.query?.currentURL
     );
-    await c.setSignedCookie(
+    await c2.setSignedCookie(
       cookie.state.name,
       state.code,
-      c.context.secret,
+      c2.context.secret,
       cookie.state.options
     );
     const codeVerifier = generateCodeVerifier();
-    await c.setSignedCookie(
+    await c2.setSignedCookie(
       cookie.pkCodeVerifier.name,
       codeVerifier,
-      c.context.secret,
+      c2.context.secret,
       cookie.pkCodeVerifier.options
     );
     const url = await provider.createAuthorizationURL({
@@ -1081,9 +1081,9 @@ var signInOAuth = createAuthEndpoint(
     });
     url.searchParams.set(
       "redirect_uri",
-      `${c.context.baseURL}/callback/${c.body.provider}`
+      `${c2.context.baseURL}/callback/${c2.body.provider}`
     );
-    return c.json({
+    return c2.json({
       url: url.toString(),
       state: state.state,
       codeVerifier,
@@ -1128,7 +1128,9 @@ var signInEmail = createAuthEndpoint(
         message: "Invalid email"
       });
     }
-    const user = await ctx.context.internalAdapter.findUserByEmail(email);
+    const user = await ctx.context.internalAdapter.findUserByEmail(email, {
+      includeAccounts: true
+    });
     if (!user) {
       await ctx.context.password.hash(password);
       ctx.context.logger.error("User not found", { email });
@@ -1182,6 +1184,17 @@ var signInEmail = createAuthEndpoint(
     });
   }
 );
+var c = (o) => {
+};
+c({
+  additional: {
+    name: "string"
+  },
+  hooks: {
+    create(user) {
+    }
+  }
+});
 
 // src/api/routes/callback.ts
 import { APIError as APIError4 } from "better-call";
@@ -1290,10 +1303,10 @@ function generateRandomInteger(max) {
   }
   return result;
 }
-function generateRandomString(length, alphabet3) {
+function generateRandomString(length, alphabet4) {
   let result = "";
   for (let i = 0; i < length; i++) {
-    result += alphabet3[generateRandomInteger(alphabet3.length)];
+    result += alphabet4[generateRandomInteger(alphabet4.length)];
   }
   return result;
 }
@@ -1352,63 +1365,63 @@ var callbackOAuth = createAuthEndpoint(
     }),
     metadata: HIDE_METADATA
   },
-  async (c) => {
-    if (c.query.error || !c.query.code) {
-      const parsedState2 = parseState(c.query.state);
-      const callbackURL2 = parsedState2.data?.callbackURL || `${c.context.baseURL}/error`;
-      c.context.logger.error(c.query.error, c.params.id);
-      throw c.redirect(
-        `${callbackURL2}?error=${c.query.error || "oAuth_code_missing"}`
+  async (c2) => {
+    if (c2.query.error || !c2.query.code) {
+      const parsedState2 = parseState(c2.query.state);
+      const callbackURL2 = parsedState2.data?.callbackURL || `${c2.context.baseURL}/error`;
+      c2.context.logger.error(c2.query.error, c2.params.id);
+      throw c2.redirect(
+        `${callbackURL2}?error=${c2.query.error || "oAuth_code_missing"}`
       );
     }
-    const provider = c.context.socialProviders.find(
-      (p) => p.id === c.params.id
+    const provider = c2.context.socialProviders.find(
+      (p) => p.id === c2.params.id
     );
     if (!provider) {
-      c.context.logger.error(
+      c2.context.logger.error(
         "Oauth provider with id",
-        c.params.id,
+        c2.params.id,
         "not found"
       );
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_provider_not_found`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=oauth_provider_not_found`
       );
     }
-    const parsedState = parseState(c.query.state);
+    const parsedState = parseState(c2.query.state);
     if (!parsedState.success) {
-      c.context.logger.error("Unable to parse state");
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      c2.context.logger.error("Unable to parse state");
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const {
       data: { callbackURL, currentURL, code: stateCode }
     } = parsedState;
-    const storedState = await c.getSignedCookie(
-      c.context.authCookies.state.name,
-      c.context.secret
+    const storedState = await c2.getSignedCookie(
+      c2.context.authCookies.state.name,
+      c2.context.secret
     );
     if (storedState !== stateCode) {
       logger.error("OAuth state mismatch", storedState, stateCode);
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
-    const codeVerifier = await c.getSignedCookie(
-      c.context.authCookies.pkCodeVerifier.name,
-      c.context.secret
+    const codeVerifier = await c2.getSignedCookie(
+      c2.context.authCookies.pkCodeVerifier.name,
+      c2.context.secret
     );
     let tokens;
     try {
       tokens = await provider.validateAuthorizationCode(
-        c.query.code,
+        c2.query.code,
         codeVerifier,
-        `${c.context.baseURL}/callback/${provider.id}`
+        `${c2.context.baseURL}/callback/${provider.id}`
       );
     } catch (e) {
-      c.context.logger.error(e);
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      c2.context.logger.error(e);
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const user = await provider.getUserInfo(tokens).then((res) => res?.user);
@@ -1419,22 +1432,24 @@ var callbackOAuth = createAuthEndpoint(
     });
     if (!user || data.success === false) {
       logger.error("Unable to get user info", data.error);
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     if (!callbackURL) {
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
-    const dbUser = await c.context.internalAdapter.findUserByEmail(user.email).catch((e) => {
+    const dbUser = await c2.context.internalAdapter.findUserByEmail(user.email, {
+      includeAccounts: true
+    }).catch((e) => {
       logger.error(
         "Better auth was unable to query your database.\nError: ",
         e
       );
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=internal_server_error`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=internal_server_error`
       );
     });
     const userId = dbUser?.user.id;
@@ -1442,7 +1457,7 @@ var callbackOAuth = createAuthEndpoint(
       const hasBeenLinked = dbUser.accounts.find(
         (a) => a.providerId === provider.id
       );
-      const trustedProviders = c.context.options.account?.accountLinking?.trustedProviders;
+      const trustedProviders = c2.context.options.account?.accountLinking?.trustedProviders;
       const isTrustedProvider = trustedProviders ? trustedProviders.includes(provider.id) : true;
       if (!hasBeenLinked && (!user.emailVerified || !isTrustedProvider)) {
         let url;
@@ -1450,15 +1465,15 @@ var callbackOAuth = createAuthEndpoint(
           url = new URL(currentURL || callbackURL);
           url.searchParams.set("error", "account_not_linked");
         } catch (e) {
-          throw c.redirect(
-            `${c.context.baseURL}/error?error=account_not_linked`
+          throw c2.redirect(
+            `${c2.context.baseURL}/error?error=account_not_linked`
           );
         }
-        throw c.redirect(url.toString());
+        throw c2.redirect(url.toString());
       }
       if (!hasBeenLinked) {
         try {
-          await c.context.internalAdapter.linkAccount({
+          await c2.context.internalAdapter.linkAccount({
             providerId: provider.id,
             accountId: user.id.toString(),
             id: `${provider.id}:${user.id}`,
@@ -1467,14 +1482,14 @@ var callbackOAuth = createAuthEndpoint(
           });
         } catch (e) {
           console.log(e);
-          throw c.redirect(
-            `${c.context.baseURL}/error?error=failed_linking_account`
+          throw c2.redirect(
+            `${c2.context.baseURL}/error?error=failed_linking_account`
           );
         }
       }
     } else {
       try {
-        await c.context.internalAdapter.createOAuthUser(data.data, {
+        await c2.context.internalAdapter.createOAuthUser(data.data, {
           ...getAccountTokens(tokens),
           id: `${provider.id}:${user.id}`,
           providerId: provider.id,
@@ -1484,8 +1499,8 @@ var callbackOAuth = createAuthEndpoint(
       } catch (e) {
         const url = new URL(currentURL || callbackURL);
         url.searchParams.set("error", "unable_to_create_user");
-        c.setHeader("Location", url.toString());
-        throw c.redirect(url.toString());
+        c2.setHeader("Location", url.toString());
+        throw c2.redirect(url.toString());
       }
     }
     if (!userId && !id)
@@ -1493,29 +1508,29 @@ var callbackOAuth = createAuthEndpoint(
         message: "Unable to create user"
       });
     try {
-      const session = await c.context.internalAdapter.createSession(
+      const session = await c2.context.internalAdapter.createSession(
         userId || id,
-        c.request
+        c2.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
         url.searchParams.set("error", "unable_to_create_session");
-        throw c.redirect(url.toString());
+        throw c2.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id);
+        await setSessionCookie(c2, session.id);
       } catch (e) {
-        c.context.logger.error("Unable to set session cookie", e);
+        c2.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);
         url.searchParams.set("error", "unable_to_create_session");
-        throw c.redirect(url.toString());
+        throw c2.redirect(url.toString());
       }
     } catch {
       const url = new URL(currentURL || callbackURL || "");
       url.searchParams.set("error", "unable_to_create_session");
-      throw c.redirect(url.toString());
+      throw c2.redirect(url.toString());
     }
-    throw c.redirect(callbackURL);
+    throw c2.redirect(callbackURL);
   }
 );
 
@@ -1587,7 +1602,9 @@ var forgetPassword = createAuthEndpoint(
       });
     }
     const { email } = ctx.body;
-    const user = await ctx.context.internalAdapter.findUserByEmail(email);
+    const user = await ctx.context.internalAdapter.findUserByEmail(email, {
+      includeAccounts: true
+    });
     if (!user) {
       ctx.context.logger.error("Reset Password: User not found", { email });
       return ctx.json(
@@ -1787,11 +1804,17 @@ var sendVerificationEmail = createAuthEndpoint(
       });
     }
     const { email } = ctx.body;
+    const user = await ctx.context.internalAdapter.findUserByEmail(email);
+    if (!user) {
+      throw new APIError7("BAD_REQUEST", {
+        message: "User not found"
+      });
+    }
     const token = await createEmailVerificationToken(ctx.context.secret, email);
     const url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${ctx.body.callbackURL || ctx.query?.currentURL || "/"}`;
     await ctx.context.options.emailAndPassword.sendVerificationEmail(
-      email,
       url,
+      user.user,
       token
     );
     return ctx.json({
@@ -1815,12 +1838,8 @@ var verifyEmail = createAuthEndpoint(
       jwt = await validateJWT2("HS256", Buffer.from(ctx.context.secret), token);
     } catch (e) {
       ctx.context.logger.error("Failed to verify email", e);
-      return ctx.json(null, {
-        status: 400,
-        statusText: "INVALID_TOKEN",
-        body: {
-          message: "Invalid token"
-        }
+      throw new APIError7("BAD_REQUEST", {
+        message: "Invalid token"
       });
     }
     const schema = z9.object({
@@ -1828,20 +1847,19 @@ var verifyEmail = createAuthEndpoint(
     });
     const parsed = schema.parse(jwt.payload);
     const user = await ctx.context.internalAdapter.findUserByEmail(
-      parsed.email
+      parsed.email,
+      { includeAccounts: true }
     );
     if (!user) {
-      return ctx.json(null, {
-        status: 400,
-        statusText: "USER_NOT_FOUND",
-        body: {
-          message: "User not found"
-        }
+      throw new APIError7("BAD_REQUEST", {
+        message: "User not found"
       });
     }
     const account = user.accounts.find((a) => a.providerId === "credential");
     if (!account) {
-      throw ctx.redirect;
+      throw new APIError7("BAD_REQUEST", {
+        message: "Account not found"
+      });
     }
     await ctx.context.internalAdapter.updateUserByEmail(parsed.email, {
       emailVerified: true
@@ -2175,8 +2193,8 @@ var error = createAuthEndpoint(
     method: "GET",
     metadata: HIDE_METADATA
   },
-  async (c) => {
-    const query = new URL(c.request?.url || "").searchParams.get("error") || "Unknown";
+  async (c2) => {
+    const query = new URL(c2.request?.url || "").searchParams.get("error") || "Unknown";
     return new Response(html(query), {
       headers: {
         "Content-Type": "text/html"
@@ -2264,11 +2282,11 @@ var signUpEmail = () => createAuthEndpoint(
     }
     const hash = await ctx.context.password.hash(password);
     await ctx.context.internalAdapter.linkAccount({
-      id: generateRandomString(32, alphabet("a-z", "0-9", "A-Z")),
       userId: createdUser.id,
       providerId: "credential",
       accountId: createdUser.id,
-      password: hash
+      password: hash,
+      expiresAt: getDate(60 * 60 * 24 * 30, "sec")
     });
     const session = await ctx.context.internalAdapter.createSession(
       createdUser.id,
@@ -2287,8 +2305,8 @@ var signUpEmail = () => createAuthEndpoint(
       );
       const url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${body.callbackURL || ctx.query?.currentURL || "/"}`;
       await ctx.context.options.emailAndPassword.sendVerificationEmail?.(
-        createdUser.email,
         url,
+        createdUser,
         token
       );
     }
@@ -2569,26 +2587,26 @@ function getEndpoints(ctx, options) {
   let api = {};
   for (const [key, value] of Object.entries(endpoints)) {
     api[key] = async (context) => {
-      let c = await ctx;
+      let c2 = await ctx;
       for (const plugin of options.plugins || []) {
         if (plugin.hooks?.before) {
           for (const hook of plugin.hooks.before) {
             const match = hook.matcher({
               ...value,
               ...context,
-              context: c
+              context: c2
             });
             if (match) {
               const hookRes = await hook.handler({
                 ...context,
                 context: {
-                  ...c,
+                  ...c2,
                   ...context.context
                 }
               });
               if (hookRes && "context" in hookRes) {
-                c = {
-                  ...c,
+                c2 = {
+                  ...c2,
                   ...hookRes.context
                 };
               }
@@ -2599,7 +2617,7 @@ function getEndpoints(ctx, options) {
       const endpointRes = await value({
         ...context,
         context: {
-          ...c,
+          ...c2,
           ...context.context
         }
       });

package/dist/client/plugins.d.ts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, j as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin } from '../index-CJ44EC0j.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-CJ44EC0j.js';
+import { o as organization, j as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin } from '../index-45sX2yHG.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-45sX2yHG.js';
 import { P as Prettify } from '../helper-DPDj8Nix.js';
-import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-Bt0CUdx4.js';
+import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-B5SM-JCa.js';
 import * as better_call from 'better-call';
 import { z } from 'zod';
 import { O as OAuth2Tokens, U as User } from '../types-IzAbV4nB.js';

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferPluginsFromClient } from './types.js';
-import './index-Bt0CUdx4.js';
+import './index-B5SM-JCa.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/{index-CJ44EC0j.d.ts → index-45sX2yHG.d.ts}

@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-DPDj8Nix.js';
 import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
-import { H as HookEndpointContext, g as AuthContext } from './index-Bt0CUdx4.js';
+import { H as HookEndpointContext, g as AuthContext } from './index-B5SM-JCa.js';
 import * as nanostores from 'nanostores';
 import { atom } from 'nanostores';
 import * as _simplewebauthn_types from '@simplewebauthn/types';
@@ -4777,11 +4777,61 @@ declare const adminMiddleware: better_call.Endpoint<better_call.Handler<string,
         };
     };
 }>, better_call.EndpointOptions>;
-declare const admin: () => {
+interface AdminOptions {
+    /**
+     * The default role for a user created by the admin
+     *
+     * @default "user"
+     */
+    defaultRole?: string | false;
+    /**
+     * A default ban reason
+     *
+     * By default, no reason is provided
+     */
+    defaultBanReason?: string;
+    /**
+     * Number of seconds until the ban expires
+     *
+     * By default, the ban never expires
+     */
+    defaultBanExpiresIn?: number;
+    /**
+     * Duration of the impersonation session in seconds
+     *
+     * By default, the impersonation session lasts 1 hour
+     */
+    impersonationSessionDuration?: number;
+}
+declare const admin: (options?: AdminOptions) => {
     id: "admin";
     init(ctx: AuthContext): {
         options: {
             databaseHooks: {
+                user: {
+                    create: {
+                        before(user: {
+                            id: string;
+                            email: string;
+                            emailVerified: boolean;
+                            name: string;
+                            createdAt: Date;
+                            updatedAt: Date;
+                            image?: string | undefined;
+                        }): Promise<{
+                            data: {
+                                id: string;
+                                email: string;
+                                emailVerified: boolean;
+                                name: string;
+                                createdAt: Date;
+                                updatedAt: Date;
+                                image?: string | undefined;
+                                role: string;
+                            };
+                        } | undefined>;
+                    };
+                };
                 session: {
                     create: {
                         before(session: {