better-auth 0.4.9-beta.4 → 0.4.9-beta.5

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-DJvDzGCt.js';
+import { A as Adapter } from '../index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../index-DJvDzGCt.js';
+import { W as Where } from '../index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../index-DJvDzGCt.js';
+import { A as Adapter } from '../index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import '../types-IzAbV4nB.js';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-DJvDzGCt.js';
+export { e as AuthEndpoint, f as AuthMiddleware, v as callbackOAuth, T as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, M as createEmailVerificationToken, $ as csrfMiddleware, V as deleteUser, Y as error, J as forgetPassword, K as forgetPasswordCallback, X as getCSRFToken, r as getEndpoints, w as getSession, x as getSessionFromCtx, z as listSessions, Z as ok, o as optionsMiddleware, L as resetPassword, C as revokeSession, D as revokeSessions, s as router, N as sendVerificationEmail, y as sessionMiddleware, U as setPassword, u as signInEmail, t as signInOAuth, E as signOut, _ as signUpEmail, Q as updateUser, O as verifyEmail } from './index-xf537-bb.js';
 import './helper-DPDj8Nix.js';
 import 'zod';
 export { APIError } from 'better-call';

package/dist/api.js

@@ -67,7 +67,7 @@ var csrfMiddleware = createAuthMiddleware(
     if (ctx.context.trustedOrigins.includes(url.origin)) {
       return;
     }
-    const csrfToken = ctx.body?.csrfToken;
+    const csrfToken = ctx.headers?.get("x-auth-csrf-token");
     if (!csrfToken) {
       throw new APIError2("UNAUTHORIZED", {
         message: "CSRF Token is required"
@@ -1026,9 +1026,8 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (callbackURL?.includes("http")) {
     const callbackOrigin = new URL(callbackURL).origin;
     if (!trustedOrigins.includes(callbackOrigin)) {
-      logger.error("Invalid callback URL", {
-        callbackURL,
-        trustedOrigins
+      logger.error("Unknown origin in callback URL", {
+        callbackURL
       });
       throw new APIError4("FORBIDDEN", {
         message: "Invalid callback URL"
@@ -1038,7 +1037,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (currentURL !== ctx.context.baseURL) {
     const currentURLOrigin = new URL(currentURL).origin;
     if (!trustedOrigins.includes(currentURLOrigin)) {
-      logger.error("Invalid current URL", {
+      logger.error("Unknown origin in current URL", {
         currentURL,
         trustedOrigins
       });
@@ -1047,6 +1046,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
       });
     }
   }
+  ctx.setHeader("x-auth-redirect", "true");
 });
 
 // src/api/routes/sign-in.ts

package/dist/client/plugins.d.ts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, k as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth } from '../index-Do85clFc.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-Do85clFc.js';
+import { o as organization, k as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth } from '../index-x0qUJonH.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-x0qUJonH.js';
 import { P as Prettify } from '../helper-DPDj8Nix.js';
-import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-DJvDzGCt.js';
+import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../index-xf537-bb.js';
 import '../types-IzAbV4nB.js';
 import 'zod';
 import 'better-call';

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferPluginsFromClient } from './types.js';
-import './index-DJvDzGCt.js';
+import './index-xf537-bb.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/client.js

@@ -56,6 +56,10 @@ var redirectPlugin = {
   name: "Redirect",
   hooks: {
     onSuccess(context) {
+      const header = context.response?.headers.get("x-auth-redirect");
+      if (!header) {
+        return;
+      }
       if (context.data?.url && context.data?.redirect) {
         if (typeof window !== "undefined") {
           window.location.href = context.data.url;
@@ -114,9 +118,9 @@ var csrfPlugin = {
         );
       }
       const csrfToken = data?.csrfToken;
-      options.body = {
-        ...options?.body,
-        csrfToken
+      options.headers = {
+        ...options.headers,
+        "x-auth-csrf-token": csrfToken
       };
     }
     options.credentials = "include";

package/dist/{index-Do85clFc.d.ts → index-x0qUJonH.d.ts}

@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-DPDj8Nix.js';
 import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
-import { H as HookEndpointContext, g as AuthContext } from './index-DJvDzGCt.js';
+import { H as HookEndpointContext, g as AuthContext } from './index-xf537-bb.js';
 import * as nanostores from 'nanostores';
 import { atom } from 'nanostores';
 import * as _simplewebauthn_types from '@simplewebauthn/types';

package/dist/{index-DJvDzGCt.d.ts → index-xf537-bb.d.ts}

@@ -93,7 +93,6 @@ declare function getCookies(options: BetterAuthOptions): {
     csrfToken: {
         name: string;
         options: {
-            domain?: string | undefined;
             httpOnly: true;
             sameSite: "none" | "lax";
             path: string;

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { a as Auth, a0 as betterAuth } from './index-DJvDzGCt.js';
+export { a as Auth, a0 as betterAuth } from './index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import './types-IzAbV4nB.js';

package/dist/index.js

@@ -67,7 +67,7 @@ var csrfMiddleware = createAuthMiddleware(
     if (ctx.context.trustedOrigins.includes(url.origin)) {
       return;
     }
-    const csrfToken = ctx.body?.csrfToken;
+    const csrfToken = ctx.headers?.get("x-auth-csrf-token");
     if (!csrfToken) {
       throw new APIError2("UNAUTHORIZED", {
         message: "CSRF Token is required"
@@ -851,14 +851,14 @@ function getCookies(options) {
       }
     },
     csrfToken: {
-      name: `${secureCookiePrefix}${cookiePrefix}.csrf_token`,
+      // __Host- prefix is only allowed on the top level domain
+      name: `${secureCookiePrefix ? "__Host-" : ""}${cookiePrefix}.csrf_token`,
       options: {
         httpOnly: true,
         sameSite,
         path: "/",
         secure: !!secureCookiePrefix,
-        maxAge: 60 * 60 * 24 * 7,
-        ...crossSubdomainEnabled ? { domain } : {}
+        maxAge: 60 * 60 * 24 * 7
       }
     },
     state: {
@@ -1132,9 +1132,8 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (callbackURL?.includes("http")) {
     const callbackOrigin = new URL(callbackURL).origin;
     if (!trustedOrigins.includes(callbackOrigin)) {
-      logger.error("Invalid callback URL", {
-        callbackURL,
-        trustedOrigins
+      logger.error("Unknown origin in callback URL", {
+        callbackURL
       });
       throw new APIError4("FORBIDDEN", {
         message: "Invalid callback URL"
@@ -1144,7 +1143,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (currentURL !== ctx.context.baseURL) {
     const currentURLOrigin = new URL(currentURL).origin;
     if (!trustedOrigins.includes(currentURLOrigin)) {
-      logger.error("Invalid current URL", {
+      logger.error("Unknown origin in current URL", {
         currentURL,
         trustedOrigins
       });
@@ -1153,6 +1152,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
       });
     }
   }
+  ctx.setHeader("x-auth-redirect", "true");
 });
 
 // src/api/routes/sign-in.ts

package/dist/next-js.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-DJvDzGCt.js';
+import { a as Auth } from './index-xf537-bb.js';
 import { U as User, S as Session } from './types-IzAbV4nB.js';
 import { NextRequest } from 'next/server';
 import 'zod';

package/dist/node.d.ts

@@ -1,5 +1,5 @@
 import * as http from 'http';
-import { a as Auth } from './index-DJvDzGCt.js';
+import { a as Auth } from './index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import './types-IzAbV4nB.js';

package/dist/plugins.d.ts

@@ -1,7 +1,7 @@
-export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, j as genericOAuth, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-Do85clFc.js';
+export { A as AnonymousOptions, O as OrganizationOptions, b as Passkey, P as PasskeyOptions, U as UserWithPhoneNumber, f as UserWithRole, i as admin, h as adminMiddleware, e as anonymous, j as genericOAuth, g as getPasskeyActions, m as magicLink, o as organization, p as passkey, c as passkeyClient, d as phoneNumber, t as twoFactor, a as twoFactorClient, u as username } from './index-x0qUJonH.js';
 export { i as ac } from './index-DfAHOgpj.js';
-import { H as HookEndpointContext } from './index-DJvDzGCt.js';
-export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-DJvDzGCt.js';
+import { H as HookEndpointContext } from './index-xf537-bb.js';
+export { e as AuthEndpoint, f as AuthMiddleware, b as BetterAuthPlugin, P as PluginSchema, d as createAuthEndpoint, c as createAuthMiddleware, o as optionsMiddleware } from './index-xf537-bb.js';
 import './types-IzAbV4nB.js';
 import 'zod';
 import './helper-DPDj8Nix.js';

package/dist/plugins.js

@@ -947,9 +947,8 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (callbackURL?.includes("http")) {
     const callbackOrigin = new URL(callbackURL).origin;
     if (!trustedOrigins.includes(callbackOrigin)) {
-      logger.error("Invalid callback URL", {
-        callbackURL,
-        trustedOrigins
+      logger.error("Unknown origin in callback URL", {
+        callbackURL
       });
       throw new APIError3("FORBIDDEN", {
         message: "Invalid callback URL"
@@ -959,7 +958,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
   if (currentURL !== ctx.context.baseURL) {
     const currentURLOrigin = new URL(currentURL).origin;
     if (!trustedOrigins.includes(currentURLOrigin)) {
-      logger.error("Invalid current URL", {
+      logger.error("Unknown origin in current URL", {
         currentURL,
         trustedOrigins
       });
@@ -968,6 +967,7 @@ var redirectURLMiddleware = createAuthMiddleware(async (ctx) => {
       });
     }
   }
+  ctx.setHeader("x-auth-redirect", "true");
 });
 
 // src/api/routes/sign-in.ts
@@ -2953,7 +2953,7 @@ var csrfMiddleware = createAuthMiddleware(
     if (ctx.context.trustedOrigins.includes(url.origin)) {
       return;
     }
-    const csrfToken = ctx.body?.csrfToken;
+    const csrfToken = ctx.headers?.get("x-auth-csrf-token");
     if (!csrfToken) {
       throw new APIError11("UNAUTHORIZED", {
         message: "CSRF Token is required"

package/dist/react.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { useStore } from '@nanostores/react';
-import './index-DJvDzGCt.js';
+import './index-xf537-bb.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/react.js

@@ -59,6 +59,10 @@ var redirectPlugin = {
   name: "Redirect",
   hooks: {
     onSuccess(context) {
+      const header = context.response?.headers.get("x-auth-redirect");
+      if (!header) {
+        return;
+      }
       if (context.data?.url && context.data?.redirect) {
         if (typeof window !== "undefined") {
           window.location.href = context.data.url;
@@ -117,9 +121,9 @@ var csrfPlugin = {
         );
       }
       const csrfToken = data?.csrfToken;
-      options.body = {
-        ...options?.body,
-        csrfToken
+      options.headers = {
+        ...options.headers,
+        "x-auth-csrf-token": csrfToken
       };
     }
     options.credentials = "include";

package/dist/solid-start.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth } from './index-DJvDzGCt.js';
+import { a as Auth } from './index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import './types-IzAbV4nB.js';

package/dist/solid.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Accessor } from 'solid-js';
-import './index-DJvDzGCt.js';
+import './index-xf537-bb.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/solid.js

@@ -59,6 +59,10 @@ var redirectPlugin = {
   name: "Redirect",
   hooks: {
     onSuccess(context) {
+      const header = context.response?.headers.get("x-auth-redirect");
+      if (!header) {
+        return;
+      }
       if (context.data?.url && context.data?.redirect) {
         if (typeof window !== "undefined") {
           window.location.href = context.data.url;
@@ -117,9 +121,9 @@ var csrfPlugin = {
         );
       }
       const csrfToken = data?.csrfToken;
-      options.body = {
-        ...options?.body,
-        csrfToken
+      options.headers = {
+        ...options.headers,
+        "x-auth-csrf-token": csrfToken
       };
     }
     options.credentials = "include";

package/dist/svelte-kit.d.ts

@@ -1,4 +1,4 @@
-import { a as Auth, B as BetterAuthOptions } from './index-DJvDzGCt.js';
+import { a as Auth, B as BetterAuthOptions } from './index-xf537-bb.js';
 import 'zod';
 import 'kysely';
 import './types-IzAbV4nB.js';

package/dist/svelte.d.ts

@@ -3,7 +3,7 @@ import * as nanostores from 'nanostores';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
-import './index-DJvDzGCt.js';
+import './index-xf537-bb.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/svelte.js

@@ -56,6 +56,10 @@ var redirectPlugin = {
   name: "Redirect",
   hooks: {
     onSuccess(context) {
+      const header = context.response?.headers.get("x-auth-redirect");
+      if (!header) {
+        return;
+      }
       if (context.data?.url && context.data?.redirect) {
         if (typeof window !== "undefined") {
           window.location.href = context.data.url;
@@ -114,9 +118,9 @@ var csrfPlugin = {
         );
       }
       const csrfToken = data?.csrfToken;
-      options.body = {
-        ...options?.body,
-        csrfToken
+      options.headers = {
+        ...options.headers,
+        "x-auth-csrf-token": csrfToken
       };
     }
     options.credentials = "include";

package/dist/types.d.ts

@@ -1,5 +1,5 @@
-import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-DJvDzGCt.js';
-export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-DJvDzGCt.js';
+import { b as BetterAuthPlugin, a as Auth, I as InferFieldsInputClient, h as InferFieldsOutput } from './index-xf537-bb.js';
+export { A as Adapter, k as AdditionalSessionFieldsInput, l as AdditionalSessionFieldsOutput, i as AdditionalUserFieldsInput, j as AdditionalUserFieldsOutput, g as AuthContext, B as BetterAuthOptions, G as GenericEndpointContext, H as HookEndpointContext, p as InferPluginTypes, n as InferSession, m as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, q as init } from './index-xf537-bb.js';
 import { U as UnionToIntersection, H as HasRequiredKeys, P as Prettify, S as StripEmptyObjects, L as LiteralString } from './helper-DPDj8Nix.js';
 export { D as DeepPartial, a as LiteralUnion, R as RequiredKeysOf, W as WithoutEmpty } from './helper-DPDj8Nix.js';
 import { S as Session, U as User } from './types-IzAbV4nB.js';
@@ -108,7 +108,9 @@ interface ClientOptions {
 }
 type InferClientAPI<O extends ClientOptions> = InferRoutes<O["plugins"] extends Array<any> ? (O["plugins"] extends Array<infer Pl> ? UnionToIntersection<Pl extends {
     $InferServerPlugin: infer Plug;
-} ? Plug extends BetterAuthPlugin ? Plug["endpoints"] : {} : {}> : {}) & Auth["api"] : Auth["api"], O>;
+} ? Plug extends {
+    endpoints: infer Endpoints;
+} ? Endpoints : {} : {}> : {}) & Auth["api"] : Auth["api"], O>;
 type InferActions<O extends ClientOptions> = O["plugins"] extends Array<infer Plugin> ? UnionToIntersection<Plugin extends BetterAuthClientPlugin ? Plugin["getActions"] extends ($fetch: BetterFetch) => infer Actions ? Actions : {} : {}> : {};
 /**
  * signals are just used to recall a computed value.

package/dist/vue.d.ts

@@ -3,7 +3,7 @@ import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 import { Ref, DeepReadonly } from 'vue';
-import './index-DJvDzGCt.js';
+import './index-xf537-bb.js';
 import 'kysely';
 import './types-IzAbV4nB.js';
 import 'better-call';

package/dist/vue.js

@@ -59,6 +59,10 @@ var redirectPlugin = {
   name: "Redirect",
   hooks: {
     onSuccess(context) {
+      const header = context.response?.headers.get("x-auth-redirect");
+      if (!header) {
+        return;
+      }
       if (context.data?.url && context.data?.redirect) {
         if (typeof window !== "undefined") {
           window.location.href = context.data.url;
@@ -117,9 +121,9 @@ var csrfPlugin = {
         );
       }
       const csrfToken = data?.csrfToken;
-      options.body = {
-        ...options?.body,
-        csrfToken
+      options.headers = {
+        ...options.headers,
+        "x-auth-csrf-token": csrfToken
       };
     }
     options.credentials = "include";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "better-auth",
-  "version": "0.4.9-beta.4",
+  "version": "0.4.9-beta.5",
   "description": "The most comprehensive authentication library for TypeScript.",
   "type": "module",
   "repository": {