better-auth 0.4.4 → 0.4.5

package/dist/plugins.js

@@ -961,39 +961,39 @@ var signInOAuth = createAuthEndpoint(
       provider: z3.enum(oAuthProviderList)
     })
   },
-  async (c) => {
-    const provider = c.context.socialProviders.find(
-      (p) => p.id === c.body.provider
+  async (c2) => {
+    const provider = c2.context.socialProviders.find(
+      (p) => p.id === c2.body.provider
     );
     if (!provider) {
-      c.context.logger.error(
+      c2.context.logger.error(
         "Provider not found. Make sure to add the provider to your auth config",
         {
-          provider: c.body.provider
+          provider: c2.body.provider
         }
       );
       throw new APIError2("NOT_FOUND", {
         message: "Provider not found"
       });
     }
-    const cookie = c.context.authCookies;
-    const currentURL = c.query?.currentURL ? new URL(c.query?.currentURL) : null;
-    const callbackURL = c.body.callbackURL?.startsWith("http") ? c.body.callbackURL : `${currentURL?.origin}${c.body.callbackURL || ""}`;
+    const cookie = c2.context.authCookies;
+    const currentURL = c2.query?.currentURL ? new URL(c2.query?.currentURL) : null;
+    const callbackURL = c2.body.callbackURL?.startsWith("http") ? c2.body.callbackURL : `${currentURL?.origin}${c2.body.callbackURL || ""}`;
     const state = generateState(
-      callbackURL || currentURL?.origin || c.context.baseURL,
-      c.query?.currentURL
+      callbackURL || currentURL?.origin || c2.context.baseURL,
+      c2.query?.currentURL
     );
-    await c.setSignedCookie(
+    await c2.setSignedCookie(
       cookie.state.name,
       state.code,
-      c.context.secret,
+      c2.context.secret,
       cookie.state.options
     );
     const codeVerifier = generateCodeVerifier();
-    await c.setSignedCookie(
+    await c2.setSignedCookie(
       cookie.pkCodeVerifier.name,
       codeVerifier,
-      c.context.secret,
+      c2.context.secret,
       cookie.pkCodeVerifier.options
     );
     const url = await provider.createAuthorizationURL({
@@ -1002,9 +1002,9 @@ var signInOAuth = createAuthEndpoint(
     });
     url.searchParams.set(
       "redirect_uri",
-      `${c.context.baseURL}/callback/${c.body.provider}`
+      `${c2.context.baseURL}/callback/${c2.body.provider}`
     );
-    return c.json({
+    return c2.json({
       url: url.toString(),
       state: state.state,
       codeVerifier,
@@ -1049,7 +1049,9 @@ var signInEmail = createAuthEndpoint(
         message: "Invalid email"
       });
     }
-    const user = await ctx.context.internalAdapter.findUserByEmail(email);
+    const user = await ctx.context.internalAdapter.findUserByEmail(email, {
+      includeAccounts: true
+    });
     if (!user) {
       await ctx.context.password.hash(password);
       ctx.context.logger.error("User not found", { email });
@@ -1103,6 +1105,17 @@ var signInEmail = createAuthEndpoint(
     });
   }
 );
+var c = (o) => {
+};
+c({
+  additional: {
+    name: "string"
+  },
+  hooks: {
+    create(user) {
+    }
+  }
+});
 
 // src/api/routes/callback.ts
 import { APIError as APIError3 } from "better-call";
@@ -1211,10 +1224,10 @@ function generateRandomInteger(max) {
   }
   return result;
 }
-function generateRandomString(length, alphabet3) {
+function generateRandomString(length, alphabet4) {
   let result = "";
   for (let i = 0; i < length; i++) {
-    result += alphabet3[generateRandomInteger(alphabet3.length)];
+    result += alphabet4[generateRandomInteger(alphabet4.length)];
   }
   return result;
 }
@@ -1273,63 +1286,63 @@ var callbackOAuth = createAuthEndpoint(
     }),
     metadata: HIDE_METADATA
   },
-  async (c) => {
-    if (c.query.error || !c.query.code) {
-      const parsedState2 = parseState(c.query.state);
-      const callbackURL2 = parsedState2.data?.callbackURL || `${c.context.baseURL}/error`;
-      c.context.logger.error(c.query.error, c.params.id);
-      throw c.redirect(
-        `${callbackURL2}?error=${c.query.error || "oAuth_code_missing"}`
+  async (c2) => {
+    if (c2.query.error || !c2.query.code) {
+      const parsedState2 = parseState(c2.query.state);
+      const callbackURL2 = parsedState2.data?.callbackURL || `${c2.context.baseURL}/error`;
+      c2.context.logger.error(c2.query.error, c2.params.id);
+      throw c2.redirect(
+        `${callbackURL2}?error=${c2.query.error || "oAuth_code_missing"}`
       );
     }
-    const provider = c.context.socialProviders.find(
-      (p) => p.id === c.params.id
+    const provider = c2.context.socialProviders.find(
+      (p) => p.id === c2.params.id
     );
     if (!provider) {
-      c.context.logger.error(
+      c2.context.logger.error(
         "Oauth provider with id",
-        c.params.id,
+        c2.params.id,
         "not found"
       );
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=oauth_provider_not_found`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=oauth_provider_not_found`
       );
     }
-    const parsedState = parseState(c.query.state);
+    const parsedState = parseState(c2.query.state);
     if (!parsedState.success) {
-      c.context.logger.error("Unable to parse state");
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      c2.context.logger.error("Unable to parse state");
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const {
       data: { callbackURL, currentURL, code: stateCode }
     } = parsedState;
-    const storedState = await c.getSignedCookie(
-      c.context.authCookies.state.name,
-      c.context.secret
+    const storedState = await c2.getSignedCookie(
+      c2.context.authCookies.state.name,
+      c2.context.secret
     );
     if (storedState !== stateCode) {
       logger.error("OAuth state mismatch", storedState, stateCode);
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
-    const codeVerifier = await c.getSignedCookie(
-      c.context.authCookies.pkCodeVerifier.name,
-      c.context.secret
+    const codeVerifier = await c2.getSignedCookie(
+      c2.context.authCookies.pkCodeVerifier.name,
+      c2.context.secret
     );
     let tokens;
     try {
       tokens = await provider.validateAuthorizationCode(
-        c.query.code,
+        c2.query.code,
         codeVerifier,
-        `${c.context.baseURL}/callback/${provider.id}`
+        `${c2.context.baseURL}/callback/${provider.id}`
       );
     } catch (e) {
-      c.context.logger.error(e);
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      c2.context.logger.error(e);
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     const user = await provider.getUserInfo(tokens).then((res) => res?.user);
@@ -1340,22 +1353,24 @@ var callbackOAuth = createAuthEndpoint(
     });
     if (!user || data.success === false) {
       logger.error("Unable to get user info", data.error);
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
     if (!callbackURL) {
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=please_restart_the_process`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=please_restart_the_process`
       );
     }
-    const dbUser = await c.context.internalAdapter.findUserByEmail(user.email).catch((e) => {
+    const dbUser = await c2.context.internalAdapter.findUserByEmail(user.email, {
+      includeAccounts: true
+    }).catch((e) => {
       logger.error(
         "Better auth was unable to query your database.\nError: ",
         e
       );
-      throw c.redirect(
-        `${c.context.baseURL}/error?error=internal_server_error`
+      throw c2.redirect(
+        `${c2.context.baseURL}/error?error=internal_server_error`
       );
     });
     const userId = dbUser?.user.id;
@@ -1363,7 +1378,7 @@ var callbackOAuth = createAuthEndpoint(
       const hasBeenLinked = dbUser.accounts.find(
         (a) => a.providerId === provider.id
       );
-      const trustedProviders = c.context.options.account?.accountLinking?.trustedProviders;
+      const trustedProviders = c2.context.options.account?.accountLinking?.trustedProviders;
       const isTrustedProvider = trustedProviders ? trustedProviders.includes(provider.id) : true;
       if (!hasBeenLinked && (!user.emailVerified || !isTrustedProvider)) {
         let url;
@@ -1371,15 +1386,15 @@ var callbackOAuth = createAuthEndpoint(
           url = new URL(currentURL || callbackURL);
           url.searchParams.set("error", "account_not_linked");
         } catch (e) {
-          throw c.redirect(
-            `${c.context.baseURL}/error?error=account_not_linked`
+          throw c2.redirect(
+            `${c2.context.baseURL}/error?error=account_not_linked`
           );
         }
-        throw c.redirect(url.toString());
+        throw c2.redirect(url.toString());
       }
       if (!hasBeenLinked) {
         try {
-          await c.context.internalAdapter.linkAccount({
+          await c2.context.internalAdapter.linkAccount({
             providerId: provider.id,
             accountId: user.id.toString(),
             id: `${provider.id}:${user.id}`,
@@ -1388,14 +1403,14 @@ var callbackOAuth = createAuthEndpoint(
           });
         } catch (e) {
           console.log(e);
-          throw c.redirect(
-            `${c.context.baseURL}/error?error=failed_linking_account`
+          throw c2.redirect(
+            `${c2.context.baseURL}/error?error=failed_linking_account`
           );
         }
       }
     } else {
       try {
-        await c.context.internalAdapter.createOAuthUser(data.data, {
+        await c2.context.internalAdapter.createOAuthUser(data.data, {
           ...getAccountTokens(tokens),
           id: `${provider.id}:${user.id}`,
           providerId: provider.id,
@@ -1405,8 +1420,8 @@ var callbackOAuth = createAuthEndpoint(
       } catch (e) {
         const url = new URL(currentURL || callbackURL);
         url.searchParams.set("error", "unable_to_create_user");
-        c.setHeader("Location", url.toString());
-        throw c.redirect(url.toString());
+        c2.setHeader("Location", url.toString());
+        throw c2.redirect(url.toString());
       }
     }
     if (!userId && !id)
@@ -1414,29 +1429,29 @@ var callbackOAuth = createAuthEndpoint(
         message: "Unable to create user"
       });
     try {
-      const session = await c.context.internalAdapter.createSession(
+      const session = await c2.context.internalAdapter.createSession(
         userId || id,
-        c.request
+        c2.request
       );
       if (!session) {
         const url = new URL(currentURL || callbackURL);
         url.searchParams.set("error", "unable_to_create_session");
-        throw c.redirect(url.toString());
+        throw c2.redirect(url.toString());
       }
       try {
-        await setSessionCookie(c, session.id);
+        await setSessionCookie(c2, session.id);
       } catch (e) {
-        c.context.logger.error("Unable to set session cookie", e);
+        c2.context.logger.error("Unable to set session cookie", e);
         const url = new URL(currentURL || callbackURL);
         url.searchParams.set("error", "unable_to_create_session");
-        throw c.redirect(url.toString());
+        throw c2.redirect(url.toString());
       }
     } catch {
       const url = new URL(currentURL || callbackURL || "");
       url.searchParams.set("error", "unable_to_create_session");
-      throw c.redirect(url.toString());
+      throw c2.redirect(url.toString());
     }
-    throw c.redirect(callbackURL);
+    throw c2.redirect(callbackURL);
   }
 );
 
@@ -1508,7 +1523,9 @@ var forgetPassword = createAuthEndpoint(
       });
     }
     const { email } = ctx.body;
-    const user = await ctx.context.internalAdapter.findUserByEmail(email);
+    const user = await ctx.context.internalAdapter.findUserByEmail(email, {
+      includeAccounts: true
+    });
     if (!user) {
       ctx.context.logger.error("Reset Password: User not found", { email });
       return ctx.json(
@@ -1708,11 +1725,17 @@ var sendVerificationEmail = createAuthEndpoint(
       });
     }
     const { email } = ctx.body;
+    const user = await ctx.context.internalAdapter.findUserByEmail(email);
+    if (!user) {
+      throw new APIError6("BAD_REQUEST", {
+        message: "User not found"
+      });
+    }
     const token = await createEmailVerificationToken(ctx.context.secret, email);
     const url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${ctx.body.callbackURL || ctx.query?.currentURL || "/"}`;
     await ctx.context.options.emailAndPassword.sendVerificationEmail(
-      email,
       url,
+      user.user,
       token
     );
     return ctx.json({
@@ -1736,12 +1759,8 @@ var verifyEmail = createAuthEndpoint(
       jwt = await validateJWT2("HS256", Buffer.from(ctx.context.secret), token);
     } catch (e) {
       ctx.context.logger.error("Failed to verify email", e);
-      return ctx.json(null, {
-        status: 400,
-        statusText: "INVALID_TOKEN",
-        body: {
-          message: "Invalid token"
-        }
+      throw new APIError6("BAD_REQUEST", {
+        message: "Invalid token"
       });
     }
     const schema = z8.object({
@@ -1749,20 +1768,19 @@ var verifyEmail = createAuthEndpoint(
     });
     const parsed = schema.parse(jwt.payload);
     const user = await ctx.context.internalAdapter.findUserByEmail(
-      parsed.email
+      parsed.email,
+      { includeAccounts: true }
     );
     if (!user) {
-      return ctx.json(null, {
-        status: 400,
-        statusText: "USER_NOT_FOUND",
-        body: {
-          message: "User not found"
-        }
+      throw new APIError6("BAD_REQUEST", {
+        message: "User not found"
       });
     }
     const account = user.accounts.find((a) => a.providerId === "credential");
     if (!account) {
-      throw ctx.redirect;
+      throw new APIError6("BAD_REQUEST", {
+        message: "Account not found"
+      });
     }
     await ctx.context.internalAdapter.updateUserByEmail(parsed.email, {
       emailVerified: true
@@ -2137,8 +2155,8 @@ var error = createAuthEndpoint(
     method: "GET",
     metadata: HIDE_METADATA
   },
-  async (c) => {
-    const query = new URL(c.request?.url || "").searchParams.get("error") || "Unknown";
+  async (c2) => {
+    const query = new URL(c2.request?.url || "").searchParams.get("error") || "Unknown";
     return new Response(html(query), {
       headers: {
         "Content-Type": "text/html"
@@ -2226,11 +2244,11 @@ var signUpEmail = () => createAuthEndpoint(
     }
     const hash = await ctx.context.password.hash(password);
     await ctx.context.internalAdapter.linkAccount({
-      id: generateRandomString(32, alphabet("a-z", "0-9", "A-Z")),
       userId: createdUser.id,
       providerId: "credential",
       accountId: createdUser.id,
-      password: hash
+      password: hash,
+      expiresAt: getDate(60 * 60 * 24 * 30, "sec")
     });
     const session = await ctx.context.internalAdapter.createSession(
       createdUser.id,
@@ -2249,8 +2267,8 @@ var signUpEmail = () => createAuthEndpoint(
       );
       const url = `${ctx.context.baseURL}/verify-email?token=${token}&callbackURL=${body.callbackURL || ctx.query?.currentURL || "/"}`;
       await ctx.context.options.emailAndPassword.sendVerificationEmail?.(
-        createdUser.email,
         url,
+        createdUser,
         token
       );
     }
@@ -5475,30 +5493,31 @@ var bearer = () => {
               context.request?.headers.get("authorization") || context.headers?.get("authorization")
             );
           },
-          handler: async (c) => {
-            const token = c.request?.headers.get("authorization")?.replace("Bearer ", "") || c.headers?.get("authorization")?.replace("Bearer ", "");
+          handler: async (c2) => {
+            const token = c2.request?.headers.get("authorization")?.replace("Bearer ", "") || c2.headers?.get("authorization")?.replace("Bearer ", "");
             if (!token) {
               return;
             }
-            const signedToken = await serializeSigned(
-              "",
-              token,
-              c.context.secret
-            );
-            if (c.request) {
-              c.request.headers.set(
+            let signedToken = "";
+            if (token.includes(".")) {
+              signedToken = token.split(".")[1];
+            } else {
+              signedToken = await serializeSigned("", token, c2.context.secret);
+            }
+            if (c2.request) {
+              c2.request.headers.set(
                 "cookie",
-                `${c.context.authCookies.sessionToken.name}=${signedToken.replace("=", "")}`
+                `${c2.context.authCookies.sessionToken.name}=${signedToken.replace("=", "")}`
               );
             }
-            if (c.headers) {
-              c.headers.set(
+            if (c2.headers) {
+              c2.headers.set(
                 "cookie",
-                `${c.context.authCookies.sessionToken.name}=${signedToken.replace("=", "")}`
+                `${c2.context.authCookies.sessionToken.name}=${signedToken.replace("=", "")}`
               );
             }
             return {
-              context: c
+              context: c2
             };
           }
         }
@@ -6142,13 +6161,28 @@ var adminMiddleware = createAuthMiddleware(async (ctx) => {
     }
   };
 });
-var admin = () => {
+var admin = (options) => {
   return {
     id: "admin",
     init(ctx) {
       return {
         options: {
           databaseHooks: {
+            user: {
+              create: {
+                async before(user) {
+                  if (options?.defaultRole === false) {
+                    return;
+                  }
+                  return {
+                    data: {
+                      role: options?.defaultRole ?? "user",
+                      ...user
+                    }
+                  };
+                }
+              }
+            },
             session: {
               create: {
                 async before(session) {
@@ -6364,8 +6398,8 @@ var admin = () => {
             ctx.body.userId,
             {
               banned: true,
-              banReason: ctx.body.banReason,
-              banExpires: ctx.body.banExpiresIn ? Date.now() + ctx.body.banExpiresIn * 1e3 : void 0
+              banReason: ctx.body.banReason || options?.defaultBanReason || "No reason",
+              banExpires: ctx.body.banExpiresIn ? Date.now() + ctx.body.banExpiresIn * 1e3 : options?.defaultBanExpiresIn ? Date.now() + options.defaultBanExpiresIn * 1e3 : void 0
             }
           );
           await ctx.context.internalAdapter.deleteSessions(ctx.body.userId);
@@ -6397,7 +6431,9 @@ var admin = () => {
             void 0,
             true,
             {
-              impersonatedBy: ctx.context.session.user.id
+              impersonatedBy: ctx.context.session.user.id,
+              expiresAt: options?.impersonationSessionDuration ? getDate(options.impersonationSessionDuration, "sec") : getDate(60 * 60, "sec")
+              // 1 hour
             }
           );
           if (!session) {

package/dist/react.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
-import './index-Bt0CUdx4.js';
+import './index-B5SM-JCa.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/solid-start.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-Bt0CUdx4.js';
+import { a as Auth } from './index-B5SM-JCa.js';
 import 'zod';
 import 'kysely';
 import './types-IzAbV4nB.js';

package/dist/solid.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Accessor } from 'solid-js';
-import './index-Bt0CUdx4.js';
+import './index-B5SM-JCa.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/svelte-kit.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth, B as BetterAuthOptions } from './index-Bt0CUdx4.js';
+import { a as Auth, B as BetterAuthOptions } from './index-B5SM-JCa.js';
 import 'zod';
 import 'kysely';
 import './types-IzAbV4nB.js';

package/dist/svelte.d.ts

@@ -3,7 +3,7 @@ import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
-import './index-Bt0CUdx4.js';
+import './index-B5SM-JCa.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/types.d.ts

@@ -1,5 +1,5 @@
-import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-Bt0CUdx4.js';
-export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-Bt0CUdx4.js';
+import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-B5SM-JCa.js';
+export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-B5SM-JCa.js';
 import { U as UnionToIntersection, H as HasRequiredKeys, P as Prettify, S as StripEmptyObjects, L as LiteralString } from './helper-DPDj8Nix.js';
 export { D as DeepPartial, a as LiteralUnion, R as RequiredKeysOf, W as WithoutEmpty } from './helper-DPDj8Nix.js';
 import { S as Session, U as User } from './types-IzAbV4nB.js';

package/dist/vue.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Ref, DeepReadonly } from 'vue';
-import './index-Bt0CUdx4.js';
+import './index-B5SM-JCa.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "0.4.4",
+  "version": "0.4.5",
   "description": "The most comprehensive authentication library for TypeScript.",
   "type": "module",
   "main": "./dist/index.js",