better-auth 0.4.9-beta.3 → 0.4.9-beta.5

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-LP5tMWKG.js';
+import { A as Adapter } from '../index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../index-LP5tMWKG.js';
+import { W as Where } from '../index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-LP5tMWKG.js';
+import { A as Adapter } from '../index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-LP5tMWKG.js';
+export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-xf537-bb.js';
 import './helper-DPDj8Nix.js';
 import 'zod';
 export { APIError } from 'better-call';

package/dist/api.js

@@ -64,10 +64,10 @@ var csrfMiddleware = createAuthMiddleware(
       return;
     }
     const url = new URL(ctx.request.url);
-    if (url.origin === new URL(ctx.context.baseURL).origin || ctx.context.options.trustedOrigins?.includes(url.origin)) {
+    if (ctx.context.trustedOrigins.includes(url.origin)) {
       return;
     }
-    const csrfToken = ctx.body?.csrfToken;
+    const csrfToken = ctx.headers?.get("x-auth-csrf-token");
     if (!csrfToken) {
       throw new APIError2("UNAUTHORIZED", {
         message: "CSRF Token is required"
@@ -1022,16 +1022,12 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   const callbackURL = ctx.body?.callbackURL || ctx.query?.callbackURL || ctx.query?.redirectTo || ctx.body?.redirectTo;
   const clientCurrentURL = ctx.headers?.get("referer");
   const currentURL = ctx.query?.currentURL || clientCurrentURL || ctx.context.baseURL;
-  const trustedOrigins = [
-    ctx.context.baseURL ? new URL(ctx.context.baseURL).origin : void 0,
-    ...ctx.context.options.trustedOrigins || []
-  ];
+  const trustedOrigins = ctx.context.trustedOrigins;
   if (callbackURL?.includes("http")) {
     const callbackOrigin = new URL(callbackURL).origin;
     if (!trustedOrigins.includes(callbackOrigin)) {
-      logger.error("Invalid callback URL", {
-        callbackURL,
-        trustedOrigins
+      logger.error("Unknown origin in callback URL", {
+        callbackURL
       });
       throw new APIError4("FORBIDDEN", {
         message: "Invalid callback URL"
@@ -1041,7 +1037,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (currentURL !== ctx.context.baseURL) {
     const currentURLOrigin = new URL(currentURL).origin;
     if (!trustedOrigins.includes(currentURLOrigin)) {
-      logger.error("Invalid current URL", {
+      logger.error("Unknown origin in current URL", {
         currentURL,
         trustedOrigins
       });
@@ -1050,6 +1046,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
       });
     }
   }
+  ctx.setHeader("x-auth-redirect", "true");
 });
 
 // src/api/routes/sign-in.ts

package/dist/client/plugins.d.ts

@@ -2,13 +2,13 @@ import * as nanostores from 'nanostores';
 import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, j as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin } from '../index-BxPsiFU2.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-BxPsiFU2.js';
+import { o as organization, k as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth } from '../index-x0qUJonH.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-x0qUJonH.js';
 import { P as Prettify } from '../helper-DPDj8Nix.js';
-import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-LP5tMWKG.js';
-import * as better_call from 'better-call';
-import { z } from 'zod';
-import { O as OAuth2Tokens, U as User } from '../types-IzAbV4nB.js';
+import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-xf537-bb.js';
+import '../types-IzAbV4nB.js';
+import 'zod';
+import 'better-call';
 import '@simplewebauthn/types';
 import 'kysely';
 import 'better-sqlite3';
@@ -255,195 +255,6 @@ declare const adminClient: () => {
     $InferServerPlugin: ReturnType<typeof admin>;
 };
 
-/**
- * Configuration interface for generic OAuth providers.
- */
-interface GenericOAuthConfig {
-    /** Unique identifier for the OAuth provider */
-    providerId: string;
-    /**
-     * URL to fetch OAuth 2.0 configuration.
-     * If provided, the authorization and token endpoints will be fetched from this URL.
-     */
-    discoveryUrl?: string;
-    /**
-     * Type of OAuth flow.
-     * @default "oauth2"
-     */
-    type?: "oauth2" | "oidc";
-    /**
-     * URL for the authorization endpoint.
-     * Optional if using discoveryUrl.
-     */
-    authorizationUrl?: string;
-    /**
-     * URL for the token endpoint.
-     * Optional if using discoveryUrl.
-     */
-    tokenUrl?: string;
-    /**
-     * URL for the user info endpoint.
-     * Optional if using discoveryUrl.
-     */
-    userInfoUrl?: string;
-    /** OAuth client ID */
-    clientId: string;
-    /** OAuth client secret */
-    clientSecret: string;
-    /**
-     * Array of OAuth scopes to request.
-     * @default []
-     */
-    scopes?: string[];
-    /**
-     * Custom redirect URI.
-     * If not provided, a default URI will be constructed.
-     */
-    redirectURI?: string;
-    /**
-     * OAuth response type.
-     * @default "code"
-     */
-    responseType?: string;
-    /**
-     * Prompt parameter for the authorization request.
-     * Controls the authentication experience for the user.
-     */
-    prompt?: string;
-    /**
-     * Whether to use PKCE (Proof Key for Code Exchange)
-     * @default false
-     */
-    pkce?: boolean;
-    /**
-     * Access type for the authorization request.
-     * Use "offline" to request a refresh token.
-     */
-    accessType?: string;
-    /**
-     * Custom function to fetch user info.
-     * If provided, this function will be used instead of the default user info fetching logic.
-     * @param tokens - The OAuth tokens received after successful authentication
-     * @returns A promise that resolves to a User object or null
-     */
-    getUserInfo?: (tokens: OAuth2Tokens) => Promise<User | null>;
-}
-interface GenericOAuthOptions {
-    /**
-     * Array of OAuth provider configurations.
-     */
-    config: GenericOAuthConfig[];
-}
-/**
- * A generic OAuth plugin that can be used to add OAuth support to any provider
- */
-declare const genericOAuth: (options: GenericOAuthOptions) => {
-    id: "generic-oauth";
-    endpoints: {
-        signInWithOAuth2: {
-            <C extends [better_call.Context<"/sign-in/oauth2", {
-                method: "POST";
-                query: z.ZodOptional<z.ZodObject<{
-                    /**
-                     * Redirect to the current URL after the
-                     * user has signed in.
-                     */
-                    currentURL: z.ZodOptional<z.ZodString>;
-                }, "strip", z.ZodTypeAny, {
-                    currentURL?: string | undefined;
-                }, {
-                    currentURL?: string | undefined;
-                }>>;
-                body: z.ZodObject<{
-                    providerId: z.ZodString;
-                    callbackURL: z.ZodOptional<z.ZodString>;
-                }, "strip", z.ZodTypeAny, {
-                    providerId: string;
-                    callbackURL?: string | undefined;
-                }, {
-                    providerId: string;
-                    callbackURL?: string | undefined;
-                }>;
-                use: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
-            }>]>(...ctx: C): Promise<C extends [{
-                asResponse: true;
-            }] ? Response : {
-                url: string;
-                state: string;
-                codeVerifier: string;
-                redirect: boolean;
-            }>;
-            path: "/sign-in/oauth2";
-            options: {
-                method: "POST";
-                query: z.ZodOptional<z.ZodObject<{
-                    /**
-                     * Redirect to the current URL after the
-                     * user has signed in.
-                     */
-                    currentURL: z.ZodOptional<z.ZodString>;
-                }, "strip", z.ZodTypeAny, {
-                    currentURL?: string | undefined;
-                }, {
-                    currentURL?: string | undefined;
-                }>>;
-                body: z.ZodObject<{
-                    providerId: z.ZodString;
-                    callbackURL: z.ZodOptional<z.ZodString>;
-                }, "strip", z.ZodTypeAny, {
-                    providerId: string;
-                    callbackURL?: string | undefined;
-                }, {
-                    providerId: string;
-                    callbackURL?: string | undefined;
-                }>;
-                use: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
-            };
-            method: better_call.Method | better_call.Method[];
-            headers: Headers;
-        };
-        oAuth2Callback: {
-            <C extends [better_call.Context<"/oauth2/callback/:providerId", {
-                method: "GET";
-                query: z.ZodObject<{
-                    code: z.ZodOptional<z.ZodString>;
-                    error: z.ZodOptional<z.ZodString>;
-                    state: z.ZodString;
-                }, "strip", z.ZodTypeAny, {
-                    state: string;
-                    code?: string | undefined;
-                    error?: string | undefined;
-                }, {
-                    state: string;
-                    code?: string | undefined;
-                    error?: string | undefined;
-                }>;
-            }>]>(...ctx: C): Promise<C extends [{
-                asResponse: true;
-            }] ? Response : never>;
-            path: "/oauth2/callback/:providerId";
-            options: {
-                method: "GET";
-                query: z.ZodObject<{
-                    code: z.ZodOptional<z.ZodString>;
-                    error: z.ZodOptional<z.ZodString>;
-                    state: z.ZodString;
-                }, "strip", z.ZodTypeAny, {
-                    state: string;
-                    code?: string | undefined;
-                    error?: string | undefined;
-                }, {
-                    state: string;
-                    code?: string | undefined;
-                    error?: string | undefined;
-                }>;
-            };
-            method: better_call.Method | better_call.Method[];
-            headers: Headers;
-        };
-    };
-};
-
 declare const genericOAuthClient: () => {
     id: "generic-oauth-client";
     $InferServerPlugin: ReturnType<typeof genericOAuth>;

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferPluginsFromClient } from './types.js';
-import './index-LP5tMWKG.js';
+import './index-xf537-bb.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/client.js

@@ -56,6 +56,10 @@ var redirectPlugin = {
   name: "Redirect",
   hooks: {
     onSuccess(context) {
+      const header = context.response?.headers.get("x-auth-redirect");
+      if (!header) {
+        return;
+      }
       if (context.data?.url && context.data?.redirect) {
         if (typeof window !== "undefined") {
           window.location.href = context.data.url;
@@ -114,9 +118,9 @@ var csrfPlugin = {
         );
       }
       const csrfToken = data?.csrfToken;
-      options.body = {
-        ...options?.body,
-        csrfToken
+      options.headers = {
+        ...options.headers,
+        "x-auth-csrf-token": csrfToken
       };
     }
     options.credentials = "include";

package/dist/{index-BxPsiFU2.d.ts → index-x0qUJonH.d.ts}

@@ -1,11 +1,11 @@
-import { U as User, S as Session } from './types-IzAbV4nB.js';
+import { U as User, S as Session, O as OAuth2Tokens } from './types-IzAbV4nB.js';
 import * as better_call from 'better-call';
 import { z, ZodObject, ZodOptional, ZodArray, ZodLiteral } from 'zod';
 import { P as Prettify } from './helper-DPDj8Nix.js';
 import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
-import { H as HookEndpointContext, g as AuthContext } from './index-LP5tMWKG.js';
+import { H as HookEndpointContext, g as AuthContext } from './index-xf537-bb.js';
 import * as nanostores from 'nanostores';
 import { atom } from 'nanostores';
 import * as _simplewebauthn_types from '@simplewebauthn/types';
@@ -5455,4 +5455,193 @@ declare const admin: (options?: AdminOptions) => {
     };
 };
 
-export { type AnonymousOptions as A, type Invitation as I, type Member as M, type OrganizationOptions as O, type PasskeyOptions as P, type UserWithPhoneNumber as U, twoFactorClient as a, type Passkey as b, passkeyClient as c, phoneNumber as d, anonymous as e, type UserWithRole as f, getPasskeyActions as g, adminMiddleware as h, admin as i, type Organization as j, magicLink as m, organization as o, passkey as p, twoFactor as t, username as u };
+/**
+ * Configuration interface for generic OAuth providers.
+ */
+interface GenericOAuthConfig {
+    /** Unique identifier for the OAuth provider */
+    providerId: string;
+    /**
+     * URL to fetch OAuth 2.0 configuration.
+     * If provided, the authorization and token endpoints will be fetched from this URL.
+     */
+    discoveryUrl?: string;
+    /**
+     * Type of OAuth flow.
+     * @default "oauth2"
+     */
+    type?: "oauth2" | "oidc";
+    /**
+     * URL for the authorization endpoint.
+     * Optional if using discoveryUrl.
+     */
+    authorizationUrl?: string;
+    /**
+     * URL for the token endpoint.
+     * Optional if using discoveryUrl.
+     */
+    tokenUrl?: string;
+    /**
+     * URL for the user info endpoint.
+     * Optional if using discoveryUrl.
+     */
+    userInfoUrl?: string;
+    /** OAuth client ID */
+    clientId: string;
+    /** OAuth client secret */
+    clientSecret: string;
+    /**
+     * Array of OAuth scopes to request.
+     * @default []
+     */
+    scopes?: string[];
+    /**
+     * Custom redirect URI.
+     * If not provided, a default URI will be constructed.
+     */
+    redirectURI?: string;
+    /**
+     * OAuth response type.
+     * @default "code"
+     */
+    responseType?: string;
+    /**
+     * Prompt parameter for the authorization request.
+     * Controls the authentication experience for the user.
+     */
+    prompt?: string;
+    /**
+     * Whether to use PKCE (Proof Key for Code Exchange)
+     * @default false
+     */
+    pkce?: boolean;
+    /**
+     * Access type for the authorization request.
+     * Use "offline" to request a refresh token.
+     */
+    accessType?: string;
+    /**
+     * Custom function to fetch user info.
+     * If provided, this function will be used instead of the default user info fetching logic.
+     * @param tokens - The OAuth tokens received after successful authentication
+     * @returns A promise that resolves to a User object or null
+     */
+    getUserInfo?: (tokens: OAuth2Tokens) => Promise<User | null>;
+}
+interface GenericOAuthOptions {
+    /**
+     * Array of OAuth provider configurations.
+     */
+    config: GenericOAuthConfig[];
+}
+/**
+ * A generic OAuth plugin that can be used to add OAuth support to any provider
+ */
+declare const genericOAuth: (options: GenericOAuthOptions) => {
+    id: "generic-oauth";
+    endpoints: {
+        signInWithOAuth2: {
+            <C extends [better_call.Context<"/sign-in/oauth2", {
+                method: "POST";
+                query: z.ZodOptional<z.ZodObject<{
+                    /**
+                     * Redirect to the current URL after the
+                     * user has signed in.
+                     */
+                    currentURL: z.ZodOptional<z.ZodString>;
+                }, "strip", z.ZodTypeAny, {
+                    currentURL?: string | undefined;
+                }, {
+                    currentURL?: string | undefined;
+                }>>;
+                body: z.ZodObject<{
+                    providerId: z.ZodString;
+                    callbackURL: z.ZodOptional<z.ZodString>;
+                }, "strip", z.ZodTypeAny, {
+                    providerId: string;
+                    callbackURL?: string | undefined;
+                }, {
+                    providerId: string;
+                    callbackURL?: string | undefined;
+                }>;
+                use: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
+            }>]>(...ctx: C): Promise<C extends [{
+                asResponse: true;
+            }] ? Response : {
+                url: string;
+                state: string;
+                codeVerifier: string;
+                redirect: boolean;
+            }>;
+            path: "/sign-in/oauth2";
+            options: {
+                method: "POST";
+                query: z.ZodOptional<z.ZodObject<{
+                    /**
+                     * Redirect to the current URL after the
+                     * user has signed in.
+                     */
+                    currentURL: z.ZodOptional<z.ZodString>;
+                }, "strip", z.ZodTypeAny, {
+                    currentURL?: string | undefined;
+                }, {
+                    currentURL?: string | undefined;
+                }>>;
+                body: z.ZodObject<{
+                    providerId: z.ZodString;
+                    callbackURL: z.ZodOptional<z.ZodString>;
+                }, "strip", z.ZodTypeAny, {
+                    providerId: string;
+                    callbackURL?: string | undefined;
+                }, {
+                    providerId: string;
+                    callbackURL?: string | undefined;
+                }>;
+                use: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
+            };
+            method: better_call.Method | better_call.Method[];
+            headers: Headers;
+        };
+        oAuth2Callback: {
+            <C extends [better_call.Context<"/oauth2/callback/:providerId", {
+                method: "GET";
+                query: z.ZodObject<{
+                    code: z.ZodOptional<z.ZodString>;
+                    error: z.ZodOptional<z.ZodString>;
+                    state: z.ZodString;
+                }, "strip", z.ZodTypeAny, {
+                    state: string;
+                    code?: string | undefined;
+                    error?: string | undefined;
+                }, {
+                    state: string;
+                    code?: string | undefined;
+                    error?: string | undefined;
+                }>;
+            }>]>(...ctx: C): Promise<C extends [{
+                asResponse: true;
+            }] ? Response : never>;
+            path: "/oauth2/callback/:providerId";
+            options: {
+                method: "GET";
+                query: z.ZodObject<{
+                    code: z.ZodOptional<z.ZodString>;
+                    error: z.ZodOptional<z.ZodString>;
+                    state: z.ZodString;
+                }, "strip", z.ZodTypeAny, {
+                    state: string;
+                    code?: string | undefined;
+                    error?: string | undefined;
+                }, {
+                    state: string;
+                    code?: string | undefined;
+                    error?: string | undefined;
+                }>;
+            };
+            method: better_call.Method | better_call.Method[];
+            headers: Headers;
+        };
+    };
+};
+
+export { type AnonymousOptions as A, type Invitation as I, type Member as M, type OrganizationOptions as O, type PasskeyOptions as P, type UserWithPhoneNumber as U, twoFactorClient as a, type Passkey as b, passkeyClient as c, phoneNumber as d, anonymous as e, type UserWithRole as f, getPasskeyActions as g, adminMiddleware as h, admin as i, genericOAuth as j, type Organization as k, magicLink as m, organization as o, passkey as p, twoFactor as t, username as u };