better-auth 0.5.2-beta.11 → 0.5.2-beta.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api.cjs +4 -4
- package/dist/api.js +3 -3
- package/dist/client/plugins.cjs +1 -1
- package/dist/client/plugins.js +1 -1
- package/dist/client.cjs +1 -1
- package/dist/client.d.cts +2 -2
- package/dist/client.d.ts +2 -2
- package/dist/client.js +1 -1
- package/dist/cookies.cjs +1 -1
- package/dist/cookies.js +1 -1
- package/dist/db.cjs +3 -3
- package/dist/db.js +3 -3
- package/dist/index.cjs +4 -4
- package/dist/index.js +4 -4
- package/dist/next-js.cjs +1 -1
- package/dist/next-js.js +1 -1
- package/dist/oauth2.cjs +1 -1
- package/dist/oauth2.js +1 -1
- package/dist/plugins.cjs +5 -5
- package/dist/plugins.js +5 -5
- package/dist/react.cjs +1 -1
- package/dist/react.d.cts +2 -2
- package/dist/react.d.ts +2 -2
- package/dist/react.js +1 -1
- package/dist/social.cjs +2 -2
- package/dist/social.js +2 -2
- package/dist/solid.cjs +1 -1
- package/dist/solid.d.cts +2 -2
- package/dist/solid.d.ts +2 -2
- package/dist/solid.js +1 -1
- package/dist/svelte.cjs +1 -1
- package/dist/svelte.d.cts +2 -2
- package/dist/svelte.d.ts +2 -2
- package/dist/svelte.js +1 -1
- package/dist/types.d.cts +0 -1
- package/dist/types.d.ts +0 -1
- package/dist/vue.cjs +1 -1
- package/dist/vue.d.cts +2 -2
- package/dist/vue.d.ts +2 -2
- package/dist/vue.js +1 -1
- package/package.json +3 -2
package/dist/index.cjs
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
"use strict";var
|
|
2
|
-
`)}}),b=le();var E=Q(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,i=e.context.trustedOrigins;if(t?.includes("http")){let n=new URL(t).origin;if(!i.includes(n))throw b.error("Invalid callback URL",{callbackURL:t,trustedOrigins:i}),new Re.APIError("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let n=new URL(o).origin;if(!i.includes(n))throw b.error("Invalid current URL",{currentURL:o,trustedOrigins:i}),new Re.APIError("FORBIDDEN",{message:"Invalid callback URL"})}});var Ye=require("oslo/jwt");var Qe=require("oslo/crypto");function gr(e){try{return new URL(e).pathname!=="/"}catch{throw new A(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Ue(e,t="/api/auth"){return gr(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function ee(e,t){if(e)return Ue(e,t);let r=typeof process<"u"?process.env:{},o=r.BETTER_AUTH_URL||r.NEXT_PUBLIC_BETTER_AUTH_URL||r.PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_BETTER_AUTH_URL||r.NUXT_PUBLIC_AUTH_URL||(r.BASE_URL!=="/"?r.BASE_URL:void 0);if(o)return Ue(o,t);if(typeof window<"u")return Ue(window.location.origin,t)}var We=require("oslo/encoding");async function Ze(e){let t=await(0,Qe.sha256)(new TextEncoder().encode(e));return We.base64url.encode(new Uint8Array(t),{includePadding:!1})}function Je(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function v({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&i){let l=await Ze(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((p,u)=>(p[u]=null,p),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}var Xe=require("@better-fetch/fetch");async function k({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i}){let n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),t&&n.set("code_verifier",t),n.set("redirect_uri",r),n.set("client_id",o.clientId),n.set("client_secret",o.clientSecret);let{data:a,error:c}=await(0,Xe.betterFetch)(i,{method:"POST",body:n,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return Je(a)}function xe(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var et=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>k({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=(0,Ye.parseJWT)(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};var tt=require("@better-fetch/fetch");var rt=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,tt.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var ot=require("@better-fetch/fetch");var nt=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=e.scope||r||["email","public_profile"];return await v({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,ot.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});var Te=require("@better-fetch/fetch");var it=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let a=e.scope||o||["user:email"];return v({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>k({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,Te.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:a,error:c}=await(0,Te.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,n=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};var st=require("oslo/jwt");var at=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw b.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new A("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new A("codeVerifier is required for Google");let n=e.scope||r||["email","profile"];return v({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=(0,st.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var dt=require("@better-fetch/fetch"),ct=require("oslo/jwt");var lt=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=e.scope||i.scopes||["openid","profile","email","User.Read"];return v({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:a}){return k({code:i,codeVerifier:n,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=(0,ct.parseJWT)(i.idToken)?.payload,a=e.profilePhotoSize||48;return await(0,dt.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(s){b.error(s)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};var ut=require("@better-fetch/fetch");var pt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=e.scope||r||["user-read-email"];return v({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,ut.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var en=require("@better-fetch/fetch");function hr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var C={isAction:!1};var ft=require("nanoid"),x=e=>(0,ft.nanoid)(e);var mt=require("oslo/jwt");var gt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=e.scope||r||["user:read:email","openid"];return v({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return b.error("No idToken found in token"),null;let o=(0,mt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var ht=require("@better-fetch/fetch");var yt=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return v({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,ht.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Ee={apple:et,discord:rt,facebook:nt,github:it,microsoft:lt,google:at,spotify:pt,twitch:gt,twitter:yt},wt=Object.keys(Ee);var Rt=require("oslo"),ue=require("oslo/jwt"),S=require("zod");var M=require("better-call");var Z=require("better-call");var z=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var ve=require("zod"),Ie=()=>y("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return W(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let i=e.context.sessionConfig.expiresIn,n=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-i*1e3+n*1e3<=Date.now()){let s=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:z(e.context.sessionConfig.expiresIn,"sec")});if(!s)return W(e),e.json(null,{status:401});let d=(s.expiresAt.valueOf()-Date.now())/1e3;return await L(e,s.id,!1,{maxAge:d}),e.json({session:s,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Oe=async e=>await Ie()({...e,_flag:"json",headers:e.headers}),B=Q(async e=>{let t=await Oe(e);if(!t?.session)throw new Z.APIError("UNAUTHORIZED");return{session:t}}),bt=()=>y("/user/list-sessions",{method:"GET",use:[B],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),At=y("/user/revoke-session",{method:"POST",body:ve.z.object({id:ve.z.string()}),use:[B],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new Z.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new Z.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new Z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),kt=y("/user/revoke-sessions",{method:"POST",use:[B],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new Z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function D(e,t,r){return await(0,ue.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Rt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Ut=y("/send-verification-email",{method:"POST",query:S.z.object({currentURL:S.z.string().optional()}).optional(),body:S.z.object({email:S.z.string().email(),callbackURL:S.z.string().optional()}),use:[E]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new M.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new M.APIError("BAD_REQUEST",{message:"User not found"});let o=await D(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,i,o),e.json({status:!0})}),xt=y("/verify-email",{method:"GET",query:S.z.object({token:S.z.string(),callbackURL:S.z.string().optional()}),use:[E]},async e=>{let{token:t}=e.query,r;try{r=await(0,ue.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new M.APIError("BAD_REQUEST",{message:"Invalid token"})}let i=S.z.object({email:S.z.string().email(),updateTo:S.z.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new M.APIError("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let a=await Oe(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new M.APIError("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new M.APIError("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(c,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Et=y("/sign-in/social",{method:"POST",requireHeaders:!0,query:O.z.object({currentURL:O.z.string().optional()}).optional(),body:O.z.object({callbackURL:O.z.string().optional(),provider:O.z.enum(wt)}),use:[E]},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new P.APIError("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,i=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,n=await we(i||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,n.hash,e.context.secret,r.state.options);let a=(0,Tt.generateCodeVerifier)();await e.setSignedCookie(r.pkCodeVerifier.name,a,e.context.secret,r.pkCodeVerifier.options);let c=await t.createAuthorizationURL({state:n.raw,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:c.toString(),state:n,codeVerifier:a,redirect:!0})}),vt=y("/sign-in/email",{method:"POST",body:O.z.object({email:O.z.string(),password:O.z.string(),callbackURL:O.z.string().optional(),dontRememberMe:O.z.boolean().default(!1).optional()}),use:[E]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new P.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!O.z.string().email().safeParse(t).success)throw new P.APIError("BAD_REQUEST",{message:"Invalid email"});if(!O.z.string().email().safeParse(t).success)throw new P.APIError("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new P.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let a=n.accounts.find(l=>l.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:t}),new P.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let c=a?.password;if(!c)throw e.context.logger.error("Password not found",{email:t}),new P.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(c,r))throw e.context.logger.error("Invalid password"),new P.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw b.error("Email verification is required but no email verification handler is provided"),new P.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await D(e.context.secret,n.user.email),p=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,p,l),e.context.logger.error("Email not verified",{email:t}),new P.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new P.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await L(e,d.id,e.body.dontRememberMe),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var te=require("zod");var w=require("zod"),Mn=w.z.object({id:w.z.string(),providerId:w.z.string(),accountId:w.z.string(),userId:w.z.string(),accessToken:w.z.string().nullable().optional(),refreshToken:w.z.string().nullable().optional(),idToken:w.z.string().nullable().optional(),expiresAt:w.z.date().nullable().optional(),password:w.z.string().optional().nullable()}),It=w.z.object({id:w.z.string(),email:w.z.string().transform(e=>e.toLowerCase()),emailVerified:w.z.boolean().default(!1),name:w.z.string(),image:w.z.string().optional(),createdAt:w.z.date().default(new Date),updatedAt:w.z.date().default(new Date)}),Hn=w.z.object({id:w.z.string(),userId:w.z.string(),expiresAt:w.z.date(),ipAddress:w.z.string().optional(),userAgent:w.z.string().optional()}),Kn=w.z.object({id:w.z.string(),value:w.z.string(),expiresAt:w.z.date(),identifier:w.z.string()});function yr(e,t){let r=t.fields,o={};for(let i in r){if(i in e){if(r[i].input===!1){if(r[i].defaultValue){o[i]=r[i].defaultValue;continue}continue}o[i]=e[i];continue}if(r[i].defaultValue){o[i]=r[i].defaultValue;continue}}return o}function Ot(e,t){let r={...e.user?.additionalFields};return yr(t||{},{fields:r})}var St=y("/callback/:id",{method:"GET",query:te.z.object({state:te.z.string(),code:te.z.string().optional(),error:te.z.string().optional()}),metadata:C},async e=>{if(e.query.error||!e.query.code){let U=ce(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${U}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(g=>g.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=ce(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:i}}=r,n=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!n)throw b.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await Me(e.query.state,n))throw b.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let c=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),s;try{s=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:c,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(g){throw e.context.logger.error(g),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let d=await t.getUserInfo(s).then(g=>g?.user),l=x(),p=It.safeParse({...d,id:l});if(!d||p.success===!1)throw b.error("Unable to get user info",p.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);function u(g){throw e.redirect(`${i||o||`${e.context.baseURL}/error`}?error=${g}`)}let f=await e.context.internalAdapter.findUserByEmail(d.email,{includeAccounts:!0}).catch(g=>{throw b.error(`Better auth was unable to query your database.
|
|
3
|
-
Error: `,g),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),m=f?.user.id;if(f){if(!f.accounts.find(U=>U.providerId===t.id)){(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)&&!d.emailVerified||!e.context.options.account?.accountLinking?.enabled)&&u("account_not_linked");try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:d.id.toString(),id:`${t.id}:${d.id}`,userId:f.user.id,...
|
|
1
|
+
"use strict";var ye=Object.defineProperty;var ir=Object.getOwnPropertyDescriptor;var sr=Object.getOwnPropertyNames;var ar=Object.prototype.hasOwnProperty;var dr=(e,t)=>{for(var r in t)ye(e,r,{get:t[r],enumerable:!0})},cr=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of sr(t))!ar.call(e,i)&&i!==r&&ye(e,i,{get:()=>t[i],enumerable:!(o=ir(t,i))||o.enumerable});return e};var lr=e=>cr(ye({},"__esModule",{value:!0}),e);var Br={};dr(Br,{BetterAuthError:()=>A,HIDE_METADATA:()=>C,MissingDependencyError:()=>Re,betterAuth:()=>Cr,capitalizeFirstLetter:()=>Ar,createCookieGetter:()=>xe,createLogger:()=>fe,deleteSessionCookie:()=>J,generateId:()=>x,generateState:()=>ke,getCookies:()=>Ue,logger:()=>b,parseCookies:()=>wr,parseSetCookieHeader:()=>yr,parseState:()=>pe,setSessionCookie:()=>L});module.exports=lr(Br);var G=require("better-call");var ue=require("better-call"),be=require("zod");var mr=require("@noble/ciphers/chacha"),we=require("@noble/ciphers/utils"),gr=require("@noble/ciphers/webcrypto"),hr=require("oslo/crypto");function ce(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let i=0;for(let n=0;n<r.length;n++)i|=r[n]^o[n];return i===0}var ee=require("oslo/encoding");var Ne=require("@noble/hashes/scrypt"),W={N:16384,r:16,p:1,dkLen:64};async function Fe(e,t){return await(0,Ne.scryptAsync)(e.normalize("NFKC"),t,{N:W.N,p:W.p,r:W.r,dkLen:W.dkLen,maxmem:128*W.N*W.r*2})}var qe=async e=>{let t=(0,ee.encodeHex)(crypto.getRandomValues(new Uint8Array(16))),r=await Fe(e,t);return`${t}:${(0,ee.encodeHex)(r)}`},Ve=async(e,t)=>{let[r,o]=e.split(":"),i=await Fe(t,r);return ce(i,(0,ee.decodeHex)(o))};function ur(e){return e.toString(2).padStart(8,"0")}function pr(e){return[...e].map(t=>ur(t)).join("")}function $e(e){return parseInt(pr(e),2)}function fr(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let i=$e(o);for(;i>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),i=$e(o);return i}function je(e,t){let r="";for(let o=0;o<e;o++)r+=t[fr(t.length)];return r}function ze(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function le(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},i=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),n=await crypto.subtle.sign(o.name,i,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(n)))}var j=require("better-call"),Me=(0,j.createMiddleware)(async()=>({})),Z=(0,j.createMiddlewareCreator)({use:[Me,(0,j.createMiddleware)(async()=>({}))]}),y=(0,j.createEndpointCreator)({use:[Me]});var He=Z({body:be.z.object({csrfToken:be.z.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=e.headers?.get("origin")||"";if(e.context.trustedOrigins.includes(t))return;let r=e.body?.csrfToken;if(!r)throw new ue.APIError("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[i,n]=o?.split("!")||[null,null];if(!r||!i||!n||i!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new ue.APIError("UNAUTHORIZED",{message:"Invalid CSRF Token"});let a=await le(e.context.secret,i);if(n!==a)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new ue.APIError("UNAUTHORIZED",{message:"Invalid CSRF Token"})});var O=require("better-call"),It=require("oslo/oauth2"),P=require("zod");var Qe=require("oslo/oauth2"),te=require("zod");var Ae=require("oslo/crypto");async function Ke(e){let t=await(0,Ae.sha256)(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function Ge(e,t){let r=await(0,Ae.sha256)(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return ce(r,o)}var eo=require("better-call");async function ke(e){let t=(0,Qe.generateState)(),r=JSON.stringify({code:t,callbackURL:e}),o=await Ke(r);return{raw:r,hash:o}}function pe(e){return te.z.object({code:te.z.string(),callbackURL:te.z.string().optional(),currentURL:te.z.string().optional()}).safeParse(JSON.parse(e))}var We=require("oslo");var A=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Re=class extends A{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var re=require("std-env");function Ue(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):re.isProduction)?"__Secure-":"",o="better-auth",i=e.session?.expiresIn||new We.TimeSpan(7,"d").seconds(),n=!!e.advanced?.crossSubDomainCookies?.enabled,a=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!a)throw new A("baseURL is required when crossSubdomainCookies are enabled");let c=n?"none":"lax";return{sessionToken:{name:`${r}${o}.session_token`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:i,...n?{domain:a}:{}}},csrfToken:{name:`${r}${o}.csrf_token`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*60*24*7,...n?{domain:a}:{}}},state:{name:`${r}${o}.state`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...n?{domain:a}:{}}},pkCodeVerifier:{name:`${r}${o}.pk_code_verifier`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...n?{domain:a}:{}}},dontRememberToken:{name:`${r}${o}.dont_remember`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,...n?{domain:a}:{}}},nonce:{name:`${r}${o}.nonce`,options:{httpOnly:!0,sameSite:c,path:"/",secure:!!r,maxAge:60*15,...n?{domain:a}:{}}}}}function xe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL?.startsWith("https://")||re.isProduction)?"__Secure-":"",o="better-auth",i=e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0);function n(a,c){let s=e.advanced?.crossSubDomainCookies?.enabled?e.advanced.crossSubDomainCookies.additionalCookies?.includes(a):void 0;return{name:re.env.NODE_ENV==="production"?`${r}${o}.${a}`:`${o}.${a}`,options:{secure:!!r,sameSite:"lax",path:"/",maxAge:60*15,...c,...s?{domain:i}:{}}}}return n}async function L(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function J(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function yr(e){let t=new Map;return e.split(", ").forEach(o=>{let[i,...n]=o.split("; "),[a,c]=i.split("="),s={value:c};n.forEach(d=>{let[l,p]=d.split("=");s[l.toLowerCase()]=p||!0}),t.set(a,s)}),t}function wr(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[i,n]=o.split("=");r.set(i,n)}),r}var Te=require("better-call");var Ze=require("consola"),z=(0,Ze.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),fe=e=>({log:(...t)=>{!e?.disabled&&z.log("",...t)},error:(...t)=>{!e?.disabled&&z.error("",...t)},warn:(...t)=>{!e?.disabled&&z.warn("",...t)},info:(...t)=>{!e?.disabled&&z.info("",...t)},debug:(...t)=>{!e?.disabled&&z.debug("",...t)},box:(...t)=>{!e?.disabled&&z.box("",...t)},success:(...t)=>{!e?.disabled&&z.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
|
|
2
|
+
`)}}),b=fe();var v=Z(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,i=e.context.trustedOrigins;if(t?.includes("http")){let n=new URL(t).origin;if(!i.includes(n))throw b.error("Invalid callback URL",{callbackURL:t,trustedOrigins:i}),new Te.APIError("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let n=new URL(o).origin;if(!i.includes(n))throw b.error("Invalid current URL",{currentURL:o,trustedOrigins:i}),new Te.APIError("FORBIDDEN",{message:"Invalid callback URL"})}});var rt=require("oslo/jwt");var Je=require("oslo/crypto");var q=require("std-env");function br(e){try{return new URL(e).pathname!=="/"}catch{throw new A(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ve(e,t="/api/auth"){return br(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function oe(e,t){if(e)return ve(e,t);let r=q.env.BETTER_AUTH_URL||q.env.NEXT_PUBLIC_BETTER_AUTH_URL||q.env.PUBLIC_BETTER_AUTH_URL||q.env.NUXT_PUBLIC_BETTER_AUTH_URL||q.env.NUXT_PUBLIC_AUTH_URL||(q.env.BASE_URL!=="/"?q.env.BASE_URL:void 0);if(r)return ve(r,t);if(typeof window<"u")return ve(window.location.origin,t)}var Xe=require("oslo/encoding");async function Ye(e){let t=await(0,Je.sha256)(new TextEncoder().encode(e));return Xe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function et(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function E({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&i){let l=await Ye(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((p,u)=>(p[u]=null,p),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}var tt=require("@better-fetch/fetch");async function k({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i}){let n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),t&&n.set("code_verifier",t),n.set("redirect_uri",r),n.set("client_id",o.clientId),n.set("client_secret",o.clientSecret);let{data:a,error:c}=await(0,tt.betterFetch)(i,{method:"POST",body:n,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return et(a)}function Ee(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var ot=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>k({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=(0,rt.parseJWT)(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};var nt=require("@better-fetch/fetch");var it=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,nt.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var st=require("@better-fetch/fetch");var at=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=e.scope||r||["email","public_profile"];return await E({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,st.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});var Ie=require("@better-fetch/fetch");var dt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let a=e.scope||o||["user:email"];return E({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>k({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,Ie.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:a,error:c}=await(0,Ie.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,n=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};var ct=require("oslo/jwt");var lt=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw b.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new A("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new A("codeVerifier is required for Google");let n=e.scope||r||["email","profile"];return E({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=(0,ct.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var ut=require("@better-fetch/fetch"),pt=require("oslo/jwt");var ft=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=e.scope||i.scopes||["openid","profile","email","User.Read"];return E({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:a}){return k({code:i,codeVerifier:n,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=(0,pt.parseJWT)(i.idToken)?.payload,a=e.profilePhotoSize||48;return await(0,ut.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(s){b.error(s)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};var mt=require("@better-fetch/fetch");var gt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=e.scope||r||["user-read-email"];return E({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,mt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var nn=require("@better-fetch/fetch");function Ar(e){return e.charAt(0).toUpperCase()+e.slice(1)}var C={isAction:!1};var ht=require("nanoid"),x=e=>(0,ht.nanoid)(e);var yt=require("oslo/jwt");var wt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=e.scope||r||["user:read:email","openid"];return E({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>k({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return b.error("No idToken found in token"),null;let o=(0,yt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var bt=require("@better-fetch/fetch");var At=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return E({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>k({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,bt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Pe={apple:ot,discord:it,facebook:at,github:dt,microsoft:ft,google:lt,spotify:gt,twitch:wt,twitter:At},kt=Object.keys(Pe);var Tt=require("oslo"),me=require("oslo/jwt"),S=require("zod");var H=require("better-call");var X=require("better-call");var M=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var Se=require("zod"),Oe=()=>y("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return J(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let i=e.context.sessionConfig.expiresIn,n=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-i*1e3+n*1e3<=Date.now()){let s=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:M(e.context.sessionConfig.expiresIn,"sec")});if(!s)return J(e),e.json(null,{status:401});let d=(s.expiresAt.valueOf()-Date.now())/1e3;return await L(e,s.id,!1,{maxAge:d}),e.json({session:s,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Le=async e=>await Oe()({...e,_flag:"json",headers:e.headers}),B=Z(async e=>{let t=await Le(e);if(!t?.session)throw new X.APIError("UNAUTHORIZED");return{session:t}}),Rt=()=>y("/user/list-sessions",{method:"GET",use:[B],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ut=y("/user/revoke-session",{method:"POST",body:Se.z.object({id:Se.z.string()}),use:[B],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new X.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new X.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new X.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),xt=y("/user/revoke-sessions",{method:"POST",use:[B],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new X.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function D(e,t,r){return await(0,me.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Tt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var vt=y("/send-verification-email",{method:"POST",query:S.z.object({currentURL:S.z.string().optional()}).optional(),body:S.z.object({email:S.z.string().email(),callbackURL:S.z.string().optional()}),use:[v]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new H.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new H.APIError("BAD_REQUEST",{message:"User not found"});let o=await D(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,i,o),e.json({status:!0})}),Et=y("/verify-email",{method:"GET",query:S.z.object({token:S.z.string(),callbackURL:S.z.string().optional()}),use:[v]},async e=>{let{token:t}=e.query,r;try{r=await(0,me.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new H.APIError("BAD_REQUEST",{message:"Invalid token"})}let i=S.z.object({email:S.z.string().email(),updateTo:S.z.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new H.APIError("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let a=await Le(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new H.APIError("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new H.APIError("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(c,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Pt=y("/sign-in/social",{method:"POST",requireHeaders:!0,query:P.z.object({currentURL:P.z.string().optional()}).optional(),body:P.z.object({callbackURL:P.z.string().optional(),provider:P.z.enum(kt)}),use:[v]},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new O.APIError("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,i=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,n=await ke(i||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,n.hash,e.context.secret,r.state.options);let a=(0,It.generateCodeVerifier)();await e.setSignedCookie(r.pkCodeVerifier.name,a,e.context.secret,r.pkCodeVerifier.options);let c=await t.createAuthorizationURL({state:n.raw,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:c.toString(),state:n,codeVerifier:a,redirect:!0})}),St=y("/sign-in/email",{method:"POST",body:P.z.object({email:P.z.string(),password:P.z.string(),callbackURL:P.z.string().optional(),dontRememberMe:P.z.boolean().default(!1).optional()}),use:[v]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new O.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!P.z.string().email().safeParse(t).success)throw new O.APIError("BAD_REQUEST",{message:"Invalid email"});if(!P.z.string().email().safeParse(t).success)throw new O.APIError("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let a=n.accounts.find(l=>l.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let c=a?.password;if(!c)throw e.context.logger.error("Password not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(c,r))throw e.context.logger.error("Invalid password"),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw b.error("Email verification is required but no email verification handler is provided"),new O.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await D(e.context.secret,n.user.email),p=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,p,l),e.context.logger.error("Email not verified",{email:t}),new O.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new O.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await L(e,d.id,e.body.dontRememberMe),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var ne=require("zod");var w=require("zod"),Qn=w.z.object({id:w.z.string(),providerId:w.z.string(),accountId:w.z.string(),userId:w.z.string(),accessToken:w.z.string().nullable().optional(),refreshToken:w.z.string().nullable().optional(),idToken:w.z.string().nullable().optional(),expiresAt:w.z.date().nullable().optional(),password:w.z.string().optional().nullable()}),Ot=w.z.object({id:w.z.string(),email:w.z.string().transform(e=>e.toLowerCase()),emailVerified:w.z.boolean().default(!1),name:w.z.string(),image:w.z.string().optional(),createdAt:w.z.date().default(new Date),updatedAt:w.z.date().default(new Date)}),Wn=w.z.object({id:w.z.string(),userId:w.z.string(),expiresAt:w.z.date(),ipAddress:w.z.string().optional(),userAgent:w.z.string().optional()}),Zn=w.z.object({id:w.z.string(),value:w.z.string(),expiresAt:w.z.date(),identifier:w.z.string()});function kr(e,t){let r=t.fields,o={};for(let i in r){if(i in e){if(r[i].input===!1){if(r[i].defaultValue){o[i]=r[i].defaultValue;continue}continue}o[i]=e[i];continue}if(r[i].defaultValue){o[i]=r[i].defaultValue;continue}}return o}function Lt(e,t){let r={...e.user?.additionalFields};return kr(t||{},{fields:r})}var _t=y("/callback/:id",{method:"GET",query:ne.z.object({state:ne.z.string(),code:ne.z.string().optional(),error:ne.z.string().optional()}),metadata:C},async e=>{if(e.query.error||!e.query.code){let U=pe(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${U}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(g=>g.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=pe(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:i}}=r,n=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!n)throw b.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await Ge(e.query.state,n))throw b.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let c=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),s;try{s=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:c,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(g){throw e.context.logger.error(g),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let d=await t.getUserInfo(s).then(g=>g?.user),l=x(),p=Ot.safeParse({...d,id:l});if(!d||p.success===!1)throw b.error("Unable to get user info",p.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);function u(g){throw e.redirect(`${i||o||`${e.context.baseURL}/error`}?error=${g}`)}let f=await e.context.internalAdapter.findUserByEmail(d.email,{includeAccounts:!0}).catch(g=>{throw b.error(`Better auth was unable to query your database.
|
|
3
|
+
Error: `,g),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),m=f?.user.id;if(f){if(!f.accounts.find(U=>U.providerId===t.id)){(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)&&!d.emailVerified||!e.context.options.account?.accountLinking?.enabled)&&u("account_not_linked");try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:d.id.toString(),id:`${t.id}:${d.id}`,userId:f.user.id,...Ee(s)})}catch($){b.error("Unable to link account",$),u("unable_to_link_account")}}}else try{let g=d.emailVerified||!1,U=await e.context.internalAdapter.createOAuthUser({...p.data,emailVerified:g},{...Ee(s),providerId:t.id,accountId:d.id.toString()});if(m=U?.user.id,!g&&U&&e.context.options.emailVerification?.sendOnSignUp){let Y=await D(e.context.secret,d.email),$=`${e.context.baseURL}/verify-email?token=${Y}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(U.user,$,Y)}}catch(g){b.error("Unable to create user",g),u("unable_to_create_user")}m||u("unable_to_create_user");let h=await e.context.internalAdapter.createSession(m,e.request);throw h||u("unable_to_create_session"),await L(e,h.id),e.redirect(o)});var ci=require("zod");var Ct=require("better-call");var Bt=y("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Ct.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),J(e),e.json({success:!0})});var _=require("zod");var ie=require("better-call");var Dt=y("/forget-password",{method:"POST",body:_.z.object({email:_.z.string().email(),redirectTo:_.z.string()}),use:[v]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ie.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i)),a=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${a}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,c),e.json({status:!0})}),Nt=y("/reset-password/:token",{method:"GET",query:_.z.object({callbackURL:_.z.string()}),use:[v]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let i=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!i||i.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),Ft=y("/reset-password",{query:_.z.optional(_.z.object({token:_.z.string()})),method:"POST",body:_.z.object({newPassword:_.z.string()})},async e=>{let t=e.query?.token;if(!t)throw new ie.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ie.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,a=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(n)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:a,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(n,a))throw new ie.APIError("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});var R=require("zod");var T=require("better-call");var qt=y("/user/update",{method:"POST",body:R.z.object({name:R.z.string().optional(),image:R.z.string().optional()}),use:[B,v]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let i=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:i})}),Vt=y("/user/change-password",{method:"POST",body:R.z.object({newPassword:R.z.string(),currentPassword:R.z.string(),revokeOtherSessions:R.z.boolean().optional()}),use:[B]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new T.APIError("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new T.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(i.user.id)).find(p=>p.providerId==="credential"&&p.password);if(!s||!s.password)throw new T.APIError("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new T.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let p=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!p)throw new T.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await L(e,p.id)}return e.json(i.user)}),$t=y("/user/set-password",{method:"POST",body:R.z.object({newPassword:R.z.string()}),use:[B]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new T.APIError("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new T.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),c=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new T.APIError("BAD_REQUEST",{message:"user already has a password"})}),jt=y("/user/delete",{method:"POST",body:R.z.object({password:R.z.string()}),use:[B]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!i||!i.password)throw new T.APIError("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new T.APIError("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)}),zt=y("/user/change-email",{method:"POST",query:R.z.object({currentURL:R.z.string().optional()}).optional(),body:R.z.object({newEmail:R.z.string().email(),callbackURL:R.z.string().optional()}),use:[B,v]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new T.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new T.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new T.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new T.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await D(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(e.context.session.user,o,r),e.json({user:null,status:!0})});var Mt=y("/csrf",{method:"GET",metadata:C},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[n,a]=t.split("!")||[null,null];return e.json({csrfToken:n})}let r=je(32,ze("a-z","0-9","A-Z")),o=await le(e.context.secret,r),i=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,i,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var Rr=(e="Unknown")=>`<!DOCTYPE html>
|
|
4
4
|
<html lang="en">
|
|
5
5
|
<head>
|
|
6
6
|
<meta charset="UTF-8">
|
|
@@ -80,4 +80,4 @@ Error: `,g),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
|
|
|
80
80
|
<div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
|
|
81
81
|
</div>
|
|
82
82
|
</body>
|
|
83
|
-
</html>`,jt=y("/error",{method:"GET",metadata:C},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(wr(t),{headers:{"Content-Type":"text/html"}})});var zt=y("/ok",{method:"GET",metadata:C},async e=>e.json({ok:!0}));var H=require("zod");var q=require("better-call");var Mt=()=>y("/sign-up/email",{method:"POST",query:H.z.object({currentURL:H.z.string().optional()}).optional(),body:H.z.record(H.z.string(),H.z.any()),use:[E]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new q.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:a,...c}=t;if(!H.z.string().email().safeParse(o).success)throw new q.APIError("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new q.APIError("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new q.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new q.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let u=Ot(e.context.options,c),f=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...u,emailVerified:!1});if(!f)throw new q.APIError("BAD_REQUEST",{message:"Failed to create user"});let m=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:f.id,providerId:"credential",accountId:f.id,password:m,expiresAt:z(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let g=await D(e.context.secret,f.email),U=`${e.context.baseURL}/verify-email?token=${g}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(f,U,g)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:f,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:null}});let h=await e.context.internalAdapter.createSession(f.id,e.request);if(!h)throw new q.APIError("BAD_REQUEST",{message:"Failed to create session"});return await L(e,h.id),e.json({user:f,session:h},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:h}})});function pe(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let i of r){let n=o.get(i);if(typeof n=="string"){let a=n.split(",")[0].trim();if(a)return a}}return null}function br(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Ar(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function kr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Rr(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(c){b.error("Error setting rate limit",c)}}}}var Ht=new Map;function Ur(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Ht.get(r)},async set(r,o,i){Ht.set(r,o)}}:Rr(e,e.rateLimit.tableName)}async function Kt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,a=pe(e)+o,s=xr().find(u=>u.pathMatcher(o));s&&(i=s.window,n=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let f=u.rateLimit.find(m=>m.pathMatcher(o));if(f){i=f.window,n=f.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(i=u.window,n=u.max)}let d=Ur(t),l=await d.get(a),p=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:p});else{let u=p-l.lastRequest;if(br(n,i,l)){let f=kr(l.lastRequest,i);return Ar(f)}else u>i*1e3?await d.set(a,{...l,count:1,lastRequest:p}):await d.set(a,{...l,count:l.count+1,lastRequest:p})}}function xr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}var Tr=require("better-call");function Se(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],n={...{signInOAuth:Et,callbackOAuth:St,getCSRFToken:$t,getSession:Ie(),signOut:Lt,signUpEmail:Mt(),signInEmail:vt,forgetPassword:_t,resetPassword:Bt,verifyEmail:xt,sendVerificationEmail:Ut,changeEmail:Vt,changePassword:Nt,setPassword:Ft,updateUser:Dt,deleteUser:qt,forgetPasswordCallback:Ct,listSessions:bt(),revokeSession:At,revokeSessions:kt},...r,ok:zt,error:jt},a={};for(let[c,s]of Object.entries(n))a[c]=async(d={})=>{let l=await e;for(let f of t.plugins||[])if(f.hooks?.before){for(let m of f.hooks.before)if(m.matcher({...s,...d,context:l})){let g=await m.handler({...d,context:{...l,...d?.context}});g&&"context"in g&&(l={...l,...g.context})}}let p;try{p=await s({...d,context:{...l,...d.context}})}catch(f){if(f instanceof K.APIError){let m=t.plugins?.map(g=>{if(g.hooks?.after)return g.hooks.after}).filter(g=>g!==void 0).flat();if(!m?.length)throw f;let h=new Response(JSON.stringify(f.body),{status:K.statusCode[f.status],headers:f.headers});for(let g of m||[])if(g.matcher(d)){let J=Object.assign(d,{context:{...e,returned:h}}),V=await g.handler(J);V&&"response"in V&&(h=V.response)}return h}throw f}let u=p;for(let f of t.plugins||[])if(f.hooks?.after){for(let m of f.hooks.after)if(m.matcher(d)){let g=Object.assign(d,{context:{...e,returned:u}}),U=await m.handler(g);U&&"response"in U&&(u=U.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Gt=(e,t)=>{let{api:r,middlewares:o}=Se(e,t),i=new URL(e.baseURL).pathname;return(0,K.createRouter)(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:je},...o],async onRequest(n){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(n,e);if(c)return c}return Kt(n,e)},async onResponse(n){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(n,e);if(c)return c.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let a=t.logger?.verboseLogging?b:void 0;t.logger?.disabled!==!0&&(n instanceof K.APIError?(n.status==="INTERNAL_SERVER_ERROR"&&b.error(n),a?.error(n.message)):b?.error(n))}})};var N=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[p,u]of Object.entries(l))s[p]={fields:{...s[p]?.fields,...u.fields},tableName:u.tableName||p};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:n,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};var oe=require("kysely"),F=require("kysely");function Qt(e){if("dialect"in e)return Qt(e.dialect);if("createDriver"in e){if(e instanceof F.SqliteDialect)return"sqlite";if(e instanceof F.MysqlDialect)return"mysql";if(e instanceof F.PostgresDialect)return"postgres";if(e instanceof oe.MssqlDialect)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var ne=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new oe.Kysely({dialect:t.dialect}),databaseType:t.type};let r,o=Qt(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new F.SqliteDialect({database:t})),"getConnection"in t&&(r=new F.MysqlDialect({pool:t})),"connect"in t&&(r=new F.PostgresDialect({pool:t})),{kysely:r?new oe.Kysely({dialect:r}):null,databaseType:o}};function ie(e){if(!e)return{and:null,or:null};let t={and:[],or:[]};return e.forEach(r=>{let{field:o,value:i,operator:n="=",connector:a="AND"}=r,c=s=>n.toLowerCase()==="in"?s(o,"in",Array.isArray(i)?i:[i]):n==="contains"?s(o,"like",`%${i}%`):n==="starts_with"?s(o,"like",`${i}%`):n==="ends_with"?s(o,"like",`%${i}`):s(o,n,i);a==="OR"?t.or.push(c):t.and.push(c)}),{and:t.and.length?t.and:null,or:t.or.length?t.or:null}}function fe(e,t,r){for(let o in e){let i=t[o]||Object.values(t).find(n=>n.fieldName===o);e[o]===0&&i.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&i?.type==="boolean"&&r?.boolean&&(e[o]=!0),i?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])))}return e}function Wt(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var Zt=(e,t)=>({id:"kysely",async create(r){let{model:o,data:i,select:n}=r;t?.transform&&(i=Wt(i,t.transform)),t?.generateId!==void 0&&(i.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(i).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?fe(i,c,t.transform):a}return n?.length&&(a=a?n.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:i,select:n}=r,{and:a,or:c}=ie(i),s=e.selectFrom(o).selectAll();a&&(s=s.where(l=>l.and(a.map(p=>p(l))))),c&&(s=s.where(l=>l.or(c.map(p=>p(l)))));let d=await s.executeTakeFirst();if(n?.length&&(d=d?n.reduce((p,u)=>d?.[u]?{...p,[u]:d[u]}:p,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?fe(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:i,limit:n,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=ie(i);d&&(s=s.where(u=>u.and(d.map(f=>f(u))))),l&&(s=s.where(u=>u.or(l.map(f=>f(u))))),s=s.limit(n||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let p=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?p.map(f=>fe(f,u,t.transform)):p}return p},async update(r){let{model:o,where:i,update:n}=r,{and:a,or:c}=ie(i);t?.transform&&(n=Wt(n,t.transform)),n.id&&(n.id=void 0);let s=e.updateTable(o).set(n);a&&(s=s.where(l=>l.and(a.map(p=>p(l))))),c&&(s=s.where(l=>l.or(c.map(p=>p(l)))));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?fe(d,l,t.transform):d}return d},async delete(r){let{model:o,where:i}=r,{and:n,or:a}=ie(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()},async deleteMany(r){let{model:o,where:i}=r,{and:n,or:a}=ie(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()}});async function Jt(e){if(!e.database)throw new A("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await ne(e);if(!t)throw new A("Failed to initialize database adapter");let o=N(e),i={};for(let n of Object.values(o))i[n.tableName]=n.fields;return Zt(t,{transform:{schema:i,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function Pe(e,t){let r={id:t.id};for(let o in e){let i=e[o],n=t[o];r[i.fieldName||o]=n}return r}function I(e,t){if(!t)return null;let r={id:t.id};for(let[o,i]of Object.entries(e))r[o]=t[i.fieldName||o];return r}function Xt(e,t){let r=t.hooks,o=N(t.options);async function i(a,c,s){let d=a,l=o[c];for(let f of r||[]){let m=f[c]?.create?.before;if(m){let h=await m(a);if(h===!1)return null;typeof h=="object"&&"data"in h&&(d=h.data)}}let p=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{...Pe(l.fields,d),id:d.id||x()}}):p;for(let f of r||[]){let m=f[c]?.create?.after;m&&await m(u)}return I(l.fields,u)}async function n(a,c,s,d){let l=a;for(let f of r||[]){let m=f[s]?.update?.before;if(m){let h=await m(a);if(h===!1)return null;l=typeof h=="object"?h.data:h}}let p=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:Pe(o[s].fields,l),where:c}):p;for(let f of r||[]){let m=f[s]?.update?.after;m&&await m(u)}return I(o[s].fields,u)}return{createWithHooks:i,updateWithHooks:n}}var Le=(e,t)=>{let r=t.options,o=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,n=N(r),{createWithHooks:a,updateWithHooks:c}=Xt(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a({id:x(),createdAt:new Date,updatedAt:new Date,...s},"user"),p=await a({id:x(),...d,userId:l.id||s.id},"account");return{user:l,account:p}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:x(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:x(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l,p)=>(await e.findMany({model:n.user.tableName,limit:s,offset:d,sortBy:l,where:p})).map(f=>I(n.user.fields,f)),deleteUser:async s=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,p)=>{let u=d instanceof Request?d.headers:d,f={id:x(),userId:s,expiresAt:l?z(60*60*24,"sec"):z(i,"sec"),ipAddress:d&&pe(d)||"",userAgent:u?.get("user-agent")||"",...p};return await a(f,"session",o?{fn:async h=>{let g=await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]});return o.set(h.id,JSON.stringify({session:h,user:g}),i),h},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let p=await o.get(s);if(p){let u=JSON.parse(p);return{session:{...u.session,expiresAt:new Date(u.session.expiresAt)},user:{...u.user,createdAt:new Date(u.user.createdAt),updatedAt:new Date(u.user.updatedAt)}}}}let d=await e.findOne({model:n.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=await e.findOne({model:n.user.tableName,where:[{value:d.userId,field:"id"}]});return l?{session:I(n.session.fields,d),user:I(n.user.fields,l)}:null},findSessions:async s=>{if(o){let u=[];for(let f of s){let m=await o.get(f);if(m){let h=JSON.parse(m),g={session:{...h.session,expiresAt:new Date(h.session.expiresAt)},user:{...h.user,createdAt:new Date(h.user.createdAt),updatedAt:new Date(h.user.updatedAt)}};u.push(g)}}return u}let d=await e.findMany({model:n.session.tableName,where:[{field:"id",value:s,operator:"in"}]}),l=d.map(u=>u.userId),p=await e.findMany({model:n.user.tableName,where:[{field:"id",value:l,operator:"in"}]});return d.map(u=>{let f=p.find(m=>m.id===u.userId);return f?{session:I(n.session.fields,u),user:I(n.user.fields,f)}:null})},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(p){let u=await o.get(s),f=null;if(u){let m=JSON.parse(u);f={...m.session,...p},await o.set(s,JSON.stringify({session:f,user:m.user}),m.session.expiresAt?new Date(m.session.expiresAt).getTime():void 0)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:n.user.tableName,where:[{value:s.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let p=await e.findMany({model:n.account.tableName,where:[{value:l.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:I(n.user.fields,l),accounts:p.map(u=>I(n.account.fields,u))}}return{user:I(n.user.fields,l),accounts:[]}},findUserById:async s=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:x(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:n.user.fields.email.fieldName||"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:n.account.fields.userId.fieldName||"userId",value:s},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]})).map(l=>I(n.account.fields,l)),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:x(),...s},"verification"),findVerificationValue:async s=>{let d=await e.findOne({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:s}]});return I(n.verification.fields,d)},deleteVerificationValue:async s=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};var Er=require("zod");var Qs=require("kysely");var Yt=require("defu");var _e="better-auth-secret-123456789";var er=async e=>{let t=await Jt(e),r=e.plugins||[],o=Ir(e),{kysely:i}=await ne(e),n=ee(e.baseURL,e.basePath);if(!n)throw new A("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it your auth config.");let a=e.secret||process.env.BETTER_AUTH_SECRET||process.env.AUTH_SECRET||_e;if(a===_e&&process.env.NODE_ENV==="production")throw new A("You are using the default secret. Please set `BETTER_AUTH_SECRET` or `AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");e={...e,secret:a,baseURL:n?new URL(n).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let c=Ae(e),s=N(e),d=Object.keys(e.socialProviders||{}).map(u=>{let f=e.socialProviders?.[u];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&b.warn(`Social provider ${u} is missing clientId or clientSecret`),Ee[u](f))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:Or(e),baseURL:n,sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??process.env.NODE_ENV!=="development",window:e.rateLimit?.window||60,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:le({disabled:e.logger?.disabled||!1}),db:i,uuid:x,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||De,verify:e.emailAndPassword?.password?.verify||Ne,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128}},adapter:t,internalAdapter:Le(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:ke(e)},{context:p}=vr(l);return p};function vr(e){let t=e.options,r=t.plugins||[],o=e,i=[];for(let n of r)if(n.init){let a=n.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=(0,Yt.defu)(t,a.options)),a.context&&(o={...o,...a.context}))}return i.push(t.databaseHooks),o.internalAdapter=Le(e.adapter,{options:t,hooks:i.filter(n=>n!==void 0)}),o.options=t,{context:o}}function Ir(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function Or(e){let t=ee(e.baseURL,e.basePath);if(!t)throw new A("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it in your auth config.");let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=process.env.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var Sr=e=>{let t=er(e),{api:r}=Se(t,e);return{handler:async o=>{let i=await t,n=i.options.basePath||"/api/auth",a=new URL(o.url);if(!i.options.baseURL){let s=ee(void 0,n)||`${a.origin}${n}`;i.options.baseURL=s,i.baseURL=s}if(!i.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===n||a.pathname===`${n}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Gt(i,e);return c(o)},api:r,options:e,$Infer:{}}};0&&(module.exports={BetterAuthError,HIDE_METADATA,MissingDependencyError,betterAuth,capitalizeFirstLetter,createCookieGetter,createLogger,deleteSessionCookie,generateId,generateState,getCookies,logger,parseCookies,parseSetCookieHeader,parseState,setSessionCookie});
|
|
83
|
+
</html>`,Ht=y("/error",{method:"GET",metadata:C},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Rr(t),{headers:{"Content-Type":"text/html"}})});var Kt=y("/ok",{method:"GET",metadata:C},async e=>e.json({ok:!0}));var K=require("zod");var V=require("better-call");var Gt=()=>y("/sign-up/email",{method:"POST",query:K.z.object({currentURL:K.z.string().optional()}).optional(),body:K.z.record(K.z.string(),K.z.any()),use:[v]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new V.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:a,...c}=t;if(!K.z.string().email().safeParse(o).success)throw new V.APIError("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new V.APIError("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new V.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new V.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let u=Lt(e.context.options,c),f=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...u,emailVerified:!1});if(!f)throw new V.APIError("BAD_REQUEST",{message:"Failed to create user"});let m=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:f.id,providerId:"credential",accountId:f.id,password:m,expiresAt:M(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let g=await D(e.context.secret,f.email),U=`${e.context.baseURL}/verify-email?token=${g}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(f,U,g)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:f,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:null}});let h=await e.context.internalAdapter.createSession(f.id,e.request);if(!h)throw new V.APIError("BAD_REQUEST",{message:"Failed to create session"});return await L(e,h.id),e.json({user:f,session:h},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:f,session:h}})});var Qt=require("std-env");function ge(e){let t="127.0.0.1";if(Qt.isTest)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let i of r){let n=o.get(i);if(typeof n=="string"){let a=n.split(",")[0].trim();if(a)return a}}return null}function Ur(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function xr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Tr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function vr(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(c){b.error("Error setting rate limit",c)}}}}var Wt=new Map;function Er(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Wt.get(r)},async set(r,o,i){Wt.set(r,o)}}:vr(e,e.rateLimit.tableName)}async function Zt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,a=ge(e)+o,s=Ir().find(u=>u.pathMatcher(o));s&&(i=s.window,n=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let f=u.rateLimit.find(m=>m.pathMatcher(o));if(f){i=f.window,n=f.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(i=u.window,n=u.max)}let d=Er(t),l=await d.get(a),p=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:p});else{let u=p-l.lastRequest;if(Ur(n,i,l)){let f=Tr(l.lastRequest,i);return xr(f)}else u>i*1e3?await d.set(a,{...l,count:1,lastRequest:p}):await d.set(a,{...l,count:l.count+1,lastRequest:p})}}function Ir(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}var Pr=require("better-call");function _e(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],n={...{signInOAuth:Pt,callbackOAuth:_t,getCSRFToken:Mt,getSession:Oe(),signOut:Bt,signUpEmail:Gt(),signInEmail:St,forgetPassword:Dt,resetPassword:Ft,verifyEmail:Et,sendVerificationEmail:vt,changeEmail:zt,changePassword:Vt,setPassword:$t,updateUser:qt,deleteUser:jt,forgetPasswordCallback:Nt,listSessions:Rt(),revokeSession:Ut,revokeSessions:xt},...r,ok:Kt,error:Ht},a={};for(let[c,s]of Object.entries(n))a[c]=async(d={})=>{let l=await e;for(let f of t.plugins||[])if(f.hooks?.before){for(let m of f.hooks.before)if(m.matcher({...s,...d,context:l})){let g=await m.handler({...d,context:{...l,...d?.context}});g&&"context"in g&&(l={...l,...g.context})}}let p;try{p=await s({...d,context:{...l,...d.context}})}catch(f){if(f instanceof G.APIError){let m=t.plugins?.map(g=>{if(g.hooks?.after)return g.hooks.after}).filter(g=>g!==void 0).flat();if(!m?.length)throw f;let h=new Response(JSON.stringify(f.body),{status:G.statusCode[f.status],headers:f.headers});for(let g of m||[])if(g.matcher(d)){let Y=Object.assign(d,{context:{...e,returned:h}}),$=await g.handler(Y);$&&"response"in $&&(h=$.response)}return h}throw f}let u=p;for(let f of t.plugins||[])if(f.hooks?.after){for(let m of f.hooks.after)if(m.matcher(d)){let g=Object.assign(d,{context:{...e,returned:u}}),U=await m.handler(g);U&&"response"in U&&(u=U.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Jt=(e,t)=>{let{api:r,middlewares:o}=_e(e,t),i=new URL(e.baseURL).pathname;return(0,G.createRouter)(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:He},...o],async onRequest(n){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(n,e);if(c)return c}return Zt(n,e)},async onResponse(n){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(n,e);if(c)return c.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let a=t.logger?.verboseLogging?b:void 0;t.logger?.disabled!==!0&&(n instanceof G.APIError?(n.status==="INTERNAL_SERVER_ERROR"&&b.error(n),a?.error(n.message)):b?.error(n))}})};var N=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[p,u]of Object.entries(l))s[p]={fields:{...s[p]?.fields,...u.fields},tableName:u.tableName||p};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:n,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};var se=require("kysely"),F=require("kysely");function Xt(e){if("dialect"in e)return Xt(e.dialect);if("createDriver"in e){if(e instanceof F.SqliteDialect)return"sqlite";if(e instanceof F.MysqlDialect)return"mysql";if(e instanceof F.PostgresDialect)return"postgres";if(e instanceof se.MssqlDialect)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var ae=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new se.Kysely({dialect:t.dialect}),databaseType:t.type};let r,o=Xt(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new F.SqliteDialect({database:t})),"getConnection"in t&&(r=new F.MysqlDialect({pool:t})),"connect"in t&&(r=new F.PostgresDialect({pool:t})),{kysely:r?new se.Kysely({dialect:r}):null,databaseType:o}};function de(e){if(!e)return{and:null,or:null};let t={and:[],or:[]};return e.forEach(r=>{let{field:o,value:i,operator:n="=",connector:a="AND"}=r,c=s=>n.toLowerCase()==="in"?s(o,"in",Array.isArray(i)?i:[i]):n==="contains"?s(o,"like",`%${i}%`):n==="starts_with"?s(o,"like",`${i}%`):n==="ends_with"?s(o,"like",`%${i}`):s(o,n,i);a==="OR"?t.or.push(c):t.and.push(c)}),{and:t.and.length?t.and:null,or:t.or.length?t.or:null}}function he(e,t,r){for(let o in e){let i=t[o]||Object.values(t).find(n=>n.fieldName===o);e[o]===0&&i.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&i?.type==="boolean"&&r?.boolean&&(e[o]=!0),i?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])))}return e}function Yt(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var er=(e,t)=>({id:"kysely",async create(r){let{model:o,data:i,select:n}=r;t?.transform&&(i=Yt(i,t.transform)),t?.generateId!==void 0&&(i.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(i).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?he(i,c,t.transform):a}return n?.length&&(a=a?n.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:i,select:n}=r,{and:a,or:c}=de(i),s=e.selectFrom(o).selectAll();a&&(s=s.where(l=>l.and(a.map(p=>p(l))))),c&&(s=s.where(l=>l.or(c.map(p=>p(l)))));let d=await s.executeTakeFirst();if(n?.length&&(d=d?n.reduce((p,u)=>d?.[u]?{...p,[u]:d[u]}:p,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?he(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:i,limit:n,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=de(i);d&&(s=s.where(u=>u.and(d.map(f=>f(u))))),l&&(s=s.where(u=>u.or(l.map(f=>f(u))))),s=s.limit(n||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let p=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?p.map(f=>he(f,u,t.transform)):p}return p},async update(r){let{model:o,where:i,update:n}=r,{and:a,or:c}=de(i);t?.transform&&(n=Yt(n,t.transform)),n.id&&(n.id=void 0);let s=e.updateTable(o).set(n);a&&(s=s.where(l=>l.and(a.map(p=>p(l))))),c&&(s=s.where(l=>l.or(c.map(p=>p(l)))));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?he(d,l,t.transform):d}return d},async delete(r){let{model:o,where:i}=r,{and:n,or:a}=de(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()},async deleteMany(r){let{model:o,where:i}=r,{and:n,or:a}=de(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()}});async function tr(e){if(!e.database)throw new A("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await ae(e);if(!t)throw new A("Failed to initialize database adapter");let o=N(e),i={};for(let n of Object.values(o))i[n.tableName]=n.fields;return er(t,{transform:{schema:i,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function Ce(e,t){let r={id:t.id};for(let o in e){let i=e[o],n=t[o];r[i.fieldName||o]=n}return r}function I(e,t){if(!t)return null;let r={id:t.id};for(let[o,i]of Object.entries(e))r[o]=t[i.fieldName||o];return r}function rr(e,t){let r=t.hooks,o=N(t.options);async function i(a,c,s){let d=a,l=o[c];for(let f of r||[]){let m=f[c]?.create?.before;if(m){let h=await m(a);if(h===!1)return null;typeof h=="object"&&"data"in h&&(d=h.data)}}let p=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{...Ce(l.fields,d),id:d.id||x()}}):p;for(let f of r||[]){let m=f[c]?.create?.after;m&&await m(u)}return I(l.fields,u)}async function n(a,c,s,d){let l=a;for(let f of r||[]){let m=f[s]?.update?.before;if(m){let h=await m(a);if(h===!1)return null;l=typeof h=="object"?h.data:h}}let p=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:Ce(o[s].fields,l),where:c}):p;for(let f of r||[]){let m=f[s]?.update?.after;m&&await m(u)}return I(o[s].fields,u)}return{createWithHooks:i,updateWithHooks:n}}var Be=(e,t)=>{let r=t.options,o=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,n=N(r),{createWithHooks:a,updateWithHooks:c}=rr(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a({id:x(),createdAt:new Date,updatedAt:new Date,...s},"user"),p=await a({id:x(),...d,userId:l.id||s.id},"account");return{user:l,account:p}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:x(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:x(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l,p)=>(await e.findMany({model:n.user.tableName,limit:s,offset:d,sortBy:l,where:p})).map(f=>I(n.user.fields,f)),deleteUser:async s=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,p)=>{let u=d instanceof Request?d.headers:d,f={id:x(),userId:s,expiresAt:l?M(60*60*24,"sec"):M(i,"sec"),ipAddress:d&&ge(d)||"",userAgent:u?.get("user-agent")||"",...p};return await a(f,"session",o?{fn:async h=>{let g=await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]});return o.set(h.id,JSON.stringify({session:h,user:g}),i),h},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let p=await o.get(s);if(p){let u=JSON.parse(p);return{session:{...u.session,expiresAt:new Date(u.session.expiresAt)},user:{...u.user,createdAt:new Date(u.user.createdAt),updatedAt:new Date(u.user.updatedAt)}}}}let d=await e.findOne({model:n.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=await e.findOne({model:n.user.tableName,where:[{value:d.userId,field:"id"}]});return l?{session:I(n.session.fields,d),user:I(n.user.fields,l)}:null},findSessions:async s=>{if(o){let u=[];for(let f of s){let m=await o.get(f);if(m){let h=JSON.parse(m),g={session:{...h.session,expiresAt:new Date(h.session.expiresAt)},user:{...h.user,createdAt:new Date(h.user.createdAt),updatedAt:new Date(h.user.updatedAt)}};u.push(g)}}return u}let d=await e.findMany({model:n.session.tableName,where:[{field:"id",value:s,operator:"in"}]}),l=d.map(u=>u.userId),p=await e.findMany({model:n.user.tableName,where:[{field:"id",value:l,operator:"in"}]});return d.map(u=>{let f=p.find(m=>m.id===u.userId);return f?{session:I(n.session.fields,u),user:I(n.user.fields,f)}:null})},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(p){let u=await o.get(s),f=null;if(u){let m=JSON.parse(u);f={...m.session,...p},await o.set(s,JSON.stringify({session:f,user:m.user}),m.session.expiresAt?new Date(m.session.expiresAt).getTime():void 0)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:n.user.tableName,where:[{value:s.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let p=await e.findMany({model:n.account.tableName,where:[{value:l.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:I(n.user.fields,l),accounts:p.map(u=>I(n.account.fields,u))}}return{user:I(n.user.fields,l),accounts:[]}},findUserById:async s=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:x(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:n.user.fields.email.fieldName||"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:n.account.fields.userId.fieldName||"userId",value:s},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]})).map(l=>I(n.account.fields,l)),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:x(),...s},"verification"),findVerificationValue:async s=>{let d=await e.findOne({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:s}]});return I(n.verification.fields,d)},deleteVerificationValue:async s=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};var Sr=require("zod");var Xs=require("kysely");var Q=require("std-env"),or=require("defu");var De="better-auth-secret-123456789";var nr=async e=>{let t=await tr(e),r=e.plugins||[],o=Lr(e),{kysely:i}=await ae(e),n=oe(e.baseURL,e.basePath);if(!n)throw new A("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it your auth config.");let a=e.secret||Q.env.BETTER_AUTH_SECRET||Q.env.AUTH_SECRET||De;if(a===De&&Q.isProduction)throw new A("You are using the default secret. Please set `BETTER_AUTH_SECRET` or `AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");e={...e,secret:a,baseURL:n?new URL(n).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let c=Ue(e),s=N(e),d=Object.keys(e.socialProviders||{}).map(u=>{let f=e.socialProviders?.[u];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&b.warn(`Social provider ${u} is missing clientId or clientSecret`),Pe[u](f))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:_r(e),baseURL:n,sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??Q.isProduction,window:e.rateLimit?.window||60,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:fe({disabled:e.logger?.disabled||!1}),db:i,uuid:x,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||qe,verify:e.emailAndPassword?.password?.verify||Ve,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128}},adapter:t,internalAdapter:Be(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:xe(e)},{context:p}=Or(l);return p};function Or(e){let t=e.options,r=t.plugins||[],o=e,i=[];for(let n of r)if(n.init){let a=n.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=(0,or.defu)(t,a.options)),a.context&&(o={...o,...a.context}))}return i.push(t.databaseHooks),o.internalAdapter=Be(e.adapter,{options:t,hooks:i.filter(n=>n!==void 0)}),o.options=t,{context:o}}function Lr(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function _r(e){let t=oe(e.baseURL,e.basePath);if(!t)throw new A("Base URL can not be empty. Please add `BETTER_AUTH_URL` in your environment variables or pass it in your auth config.");let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=Q.env.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var Cr=e=>{let t=nr(e),{api:r}=_e(t,e);return{handler:async o=>{let i=await t,n=i.options.basePath||"/api/auth",a=new URL(o.url);if(!i.options.baseURL){let s=oe(void 0,n)||`${a.origin}${n}`;i.options.baseURL=s,i.baseURL=s}if(!i.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===n||a.pathname===`${n}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Jt(i,e);return c(o)},api:r,options:e,$Infer:{}}};0&&(module.exports={BetterAuthError,HIDE_METADATA,MissingDependencyError,betterAuth,capitalizeFirstLetter,createCookieGetter,createLogger,deleteSessionCookie,generateId,generateState,getCookies,logger,parseCookies,parseSetCookieHeader,parseState,setSessionCookie});
|