better-auth 0.5.2-beta.2 → 0.5.2-beta.4

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../auth-BbAoOSTB.js';
+import { A as Adapter } from '../auth-DQcxQWzj.js';
 import 'zod';
 import 'kysely';
 import '../schema-Dkt0LqYs.js';

package/dist/adapters/kysely.d.ts

@@ -1,5 +1,5 @@
 import { Kysely } from 'kysely';
-import { B as BetterAuthOptions, K as KyselyDatabaseType, F as FieldAttribute, A as Adapter } from '../auth-BbAoOSTB.js';
+import { B as BetterAuthOptions, K as KyselyDatabaseType, F as FieldAttribute, A as Adapter } from '../auth-DQcxQWzj.js';
 import 'zod';
 import '../schema-Dkt0LqYs.js';
 import 'better-call';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { W as Where } from '../auth-BbAoOSTB.js';
+import { W as Where } from '../auth-DQcxQWzj.js';
 import 'zod';
 import 'kysely';
 import '../schema-Dkt0LqYs.js';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { A as Adapter } from '../auth-BbAoOSTB.js';
+import { A as Adapter } from '../auth-DQcxQWzj.js';
 import 'zod';
 import 'kysely';
 import '../schema-Dkt0LqYs.js';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { e as AuthEndpoint, f as AuthMiddleware, a1 as callbackOAuth, aj as changeEmail, ag as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, ac as createEmailVerificationToken, ao as csrfMiddleware, ai as deleteUser, al as error, a9 as forgetPassword, aa as forgetPasswordCallback, ak as getCSRFToken, Z as getEndpoints, a2 as getSession, a3 as getSessionFromCtx, a5 as listSessions, am as ok, o as optionsMiddleware, ab as resetPassword, a6 as revokeSession, a7 as revokeSessions, _ as router, ad as sendVerificationEmail, a4 as sessionMiddleware, ah as setPassword, a0 as signInEmail, $ as signInOAuth, a8 as signOut, an as signUpEmail, af as updateUser, ae as verifyEmail } from './auth-BbAoOSTB.js';
+export { e as AuthEndpoint, f as AuthMiddleware, a1 as callbackOAuth, aj as changeEmail, ag as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, ac as createEmailVerificationToken, ao as csrfMiddleware, ai as deleteUser, al as error, a9 as forgetPassword, aa as forgetPasswordCallback, ak as getCSRFToken, Z as getEndpoints, a2 as getSession, a3 as getSessionFromCtx, a5 as listSessions, am as ok, o as optionsMiddleware, ab as resetPassword, a6 as revokeSession, a7 as revokeSessions, _ as router, ad as sendVerificationEmail, a4 as sessionMiddleware, ah as setPassword, a0 as signInEmail, $ as signInOAuth, a8 as signOut, an as signUpEmail, af as updateUser, ae as verifyEmail } from './auth-DQcxQWzj.js';
 import './helper-DPDj8Nix.js';
 export { APIError } from 'better-call';
 import 'zod';

package/dist/api.js

@@ -1,6 +1,6 @@
-import{APIError as et,createRouter as $t,statusCode as Vt}from"better-call";import{APIError as W}from"better-call";import{z as se}from"zod";import{xchacha20poly1305 as Jt}from"@noble/ciphers/chacha";import{bytesToHex as Xt,hexToBytes as Yt,utf8ToBytes as er}from"@noble/ciphers/utils";import{managedNonce as rr}from"@noble/ciphers/webcrypto";import{sha256 as nr}from"oslo/crypto";function Z(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as Nt,encodeHex as Mt}from"oslo/encoding";import{scryptAsync as Qt}from"@noble/hashes/scrypt";function tt(e){return e.toString(2).padStart(8,"0")}function rt(e){return[...e].map(t=>tt(t)).join("")}function te(e){return parseInt(rt(e),2)}function ot(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=te(o);for(;n>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=te(o);return n}function re(e,t){let r="";for(let o=0;o<e;o++)r+=t[ot(t.length)];return r}function oe(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function N(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await crypto.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as nt,createMiddleware as ne,createMiddlewareCreator as it}from"better-call";var ie=ne(async()=>({})),$=it({use:[ie,ne(async()=>({}))]}),p=nt({use:[ie]});var ae=$({body:se.object({csrfToken:se.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=new URL(e.request.url);if(e.context.trustedOrigins.includes(t.origin))return;let r=e.body?.csrfToken;if(!r)throw new W("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!r||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new W("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await N(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new W("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as P}from"better-call";import{generateCodeVerifier as vt}from"oslo/oauth2";import{z as x}from"zod";import{generateState as st}from"oslo/oauth2";import{z as M}from"zod";import{sha256 as ce}from"oslo/crypto";async function de(e){let t=await ce(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function le(e,t){let r=await ce(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return Z(r,o)}import"better-call";async function ue(e){let t=st(),r=JSON.stringify({code:t,callbackURL:e}),o=await de(r);return{raw:r,hash:o}}function J(e){return M.object({code:M.string(),callbackURL:M.string().optional(),currentURL:M.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as Pr}from"oslo";var C=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};async function _(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as pe}from"better-call";import{createConsola as at}from"consola";var B=at({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ct=e=>({log:(...t)=>{!e?.disabled&&B.log("",...t)},error:(...t)=>{!e?.disabled&&B.error("",...t)},warn:(...t)=>{!e?.disabled&&B.warn("",...t)},info:(...t)=>{!e?.disabled&&B.info("",...t)},debug:(...t)=>{!e?.disabled&&B.debug("",...t)},box:(...t)=>{!e?.disabled&&B.box("",...t)},success:(...t)=>{!e?.disabled&&B.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
-`)}}),y=ct();var U=$(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,n=e.context.trustedOrigins;if(t?.includes("http")){let i=new URL(t).origin;if(!n.includes(i))throw y.error("Invalid callback URL",{callbackURL:t,trustedOrigins:n}),new pe("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let i=new URL(o).origin;if(!n.includes(i))throw y.error("Invalid current URL",{currentURL:o,trustedOrigins:n}),new pe("FORBIDDEN",{message:"Invalid callback URL"})}});import{parseJWT as pt}from"oslo/jwt";import{sha256 as dt}from"oslo/crypto";import{base64url as lt}from"oslo/encoding";async function me(e){let t=await dt(new TextEncoder().encode(e));return lt.encode(new Uint8Array(t),{includePadding:!1})}function fe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function E({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:d,redirectURI:a}){let c=new URL(r);if(c.searchParams.set("response_type","code"),c.searchParams.set("client_id",t.clientId),c.searchParams.set("state",o),c.searchParams.set("scope",i.join(" ")),c.searchParams.set("redirect_uri",t.redirectURI||a),!d&&n){let u=await me(n);c.searchParams.set("code_challenge_method","S256"),c.searchParams.set("code_challenge",u)}if(s){let u=s.reduce((b,w)=>(b[w]=null,b),{});c.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...u}}))}return c}import{betterFetch as ut}from"@better-fetch/fetch";async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:d}=await ut(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return fe(s)}function K(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var ge=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=pt(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as mt}from"@better-fetch/fetch";var he=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await mt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as ft}from"@better-fetch/fetch";var we=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await E({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await ft("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});import{betterFetch as ye}from"@better-fetch/fetch";var be=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=e.scope||o||["user:email"];return E({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await ye("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:d}=await ye("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});d||(o.email=(s.find(a=>a.primary)??s[0])?.email,i=s.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as gt}from"oslo/jwt";var Ae=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw y.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new C("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new C("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return E({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=gt(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as ht}from"@better-fetch/fetch";import{parseJWT as wt}from"oslo/jwt";var Re=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return E({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return A({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=wt(n.idToken)?.payload,s=e.profilePhotoSize||48;return await ht(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(d){if(!(e.disableProfilePhoto||!d.response.ok))try{let c=await d.response.clone().arrayBuffer(),u=Buffer.from(c).toString("base64");i.picture=`data:image/jpeg;base64, ${u}`}catch(a){y.error(a)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as yt}from"@better-fetch/fetch";var ke=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return E({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await yt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var I={isAction:!1};import{nanoid as bt}from"nanoid";var Ue=e=>bt(e);import{parseJWT as At}from"oslo/jwt";var Ee=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return E({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return y.error("No idToken found in token"),null;let o=At(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as Rt}from"@better-fetch/fetch";var Te=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return E({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Rt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var kt={apple:ge,discord:he,facebook:we,github:be,microsoft:Re,google:Ae,spotify:ke,twitch:Ee,twitter:Te},ve=Object.keys(kt);import{TimeSpan as Ut}from"oslo";import{createJWT as Et,validateJWT as Tt}from"oslo/jwt";import{z as v}from"zod";import{APIError as V}from"better-call";import{APIError as q}from"better-call";var F=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as xe}from"zod";var X=()=>p("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return j(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let a=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:F(e.context.sessionConfig.expiresIn,"sec")});if(!a)return j(e),e.json(null,{status:401});let c=(a.expiresAt.valueOf()-Date.now())/1e3;return await _(e,a.id,!1,{maxAge:c}),e.json({session:a,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Y=async e=>await X()({...e,_flag:"json",headers:e.headers}),L=$(async e=>{let t=await Y(e);if(!t?.session)throw new q("UNAUTHORIZED");return{session:t}}),_e=()=>p("/user/list-sessions",{method:"GET",use:[L],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Pe=p("/user/revoke-session",{method:"POST",body:xe.object({id:xe.string()}),use:[L],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new q("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new q("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new q("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Se=p("/user/revoke-sessions",{method:"POST",use:[L],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new q("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function O(e,t,r){return await Et("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Ut(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Le=p("/send-verification-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({email:v.string().email(),callbackURL:v.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new V("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new V("BAD_REQUEST",{message:"User not found"});let o=await O(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),Oe=p("/verify-email",{method:"GET",query:v.object({token:v.string(),callbackURL:v.string().optional()}),use:[U]},async e=>{let{token:t}=e.query,r;try{r=await Tt("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new V("BAD_REQUEST",{message:"Invalid token"})}let n=v.object({email:v.string().email(),updateTo:v.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new V("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let s=await Y(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new V("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new V("UNAUTHORIZED",{message:"Invalid session"});let d=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(d,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:d,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Ie=p("/sign-in/social",{method:"POST",requireHeaders:!0,query:x.object({currentURL:x.string().optional()}).optional(),body:x.object({callbackURL:x.string().optional(),provider:x.enum(ve)}),use:[U]},async e=>{let t=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new P("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await ue(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let s=vt();await e.setSignedCookie(r.pkCodeVerifier.name,s,e.context.secret,r.pkCodeVerifier.options);let d=await t.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:d.toString(),state:i,codeVerifier:s,redirect:!0})}),Ce=p("/sign-in/email",{method:"POST",body:x.object({email:x.string().email(),password:x.string(),callbackURL:x.string().optional(),dontRememberMe:x.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new P("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!x.string().email().safeParse(t).success)throw new P("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new P("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw y.error("Email verification is required but no email verification handler is provided"),new P("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await O(e.context.secret,n.user.email),u=`${e.context.options.baseURL}/verify-email?token=${c}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,u,c),e.context.logger.error("Email not verified",{email:t}),new P("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=n.accounts.find(c=>c.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new P("UNAUTHORIZED",{message:"Invalid email or password"});let s=i?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new P("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new P("UNAUTHORIZED",{message:"Invalid email or password"});let a=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!a)throw e.context.logger.error("Failed to create session"),new P("UNAUTHORIZED",{message:"Failed to create session"});return await _(e,a.id,e.body.dontRememberMe),e.json({user:n.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as _t}from"better-call";import{z as H}from"zod";import{z as f}from"zod";var Qn=f.object({id:f.string(),providerId:f.string(),accountId:f.string(),userId:f.string(),accessToken:f.string().nullable().optional(),refreshToken:f.string().nullable().optional(),idToken:f.string().nullable().optional(),expiresAt:f.date().nullable().optional(),password:f.string().optional().nullable()}),Be=f.object({id:f.string(),email:f.string().transform(e=>e.toLowerCase()),emailVerified:f.boolean().default(!1),name:f.string(),image:f.string().optional(),createdAt:f.date().default(new Date),updatedAt:f.date().default(new Date)}),Gn=f.object({id:f.string(),userId:f.string(),expiresAt:f.date(),ipAddress:f.string().optional(),userAgent:f.string().optional()}),Zn=f.object({id:f.string(),value:f.string(),expiresAt:f.date(),identifier:f.string()});function xt(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function De(e,t){let r={...e.user?.additionalFields};return xt(t||{},{fields:r})}var $e=p("/callback/:id",{method:"GET",query:H.object({state:H.string(),code:H.string().optional(),error:H.string().optional()}),metadata:I},async e=>{if(e.query.error||!e.query.code){let g=J(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${g}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(l=>l.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=J(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw y.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await le(e.query.state,i))throw y.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let d=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(l){throw e.context.logger.error(l),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(l=>l?.user),u=Ue(),b=Be.safeParse({...c,id:u});if(!c||b.success===!1)throw y.error("Unable to get user info",b.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let w=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(l=>{throw y.error(`Better auth was unable to query your database.
-Error: `,l),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),m=w?.user.id;if(w){let l=w.accounts.find(R=>R.providerId===t.id),g=e.context.options.account?.accountLinking?.trustedProviders,h=g?g.includes(t.id):!0;if(!l&&(!c.emailVerified||!h)){let R;try{R=new URL(n||o),R.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(R.toString())}if(!l)try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:w.user.id,...K(a)})}catch(R){throw console.log(R),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}else try{let l=c.emailVerified,g=await e.context.internalAdapter.createOAuthUser({...b.data,emailVerified:l},{...K(a),id:`${t.id}:${c.id}`,providerId:t.id,accountId:c.id.toString()});if(!l&&g&&e.context.options.emailVerification?.sendOnSignUp){let h=await O(e.context.secret,c.email),R=`${e.context.baseURL}/verify-email?token=${h}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(g.user,R,h)}}catch{let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_user"),e.redirect(g.toString())}if(!m&&!u)throw new _t("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});try{let l=await e.context.internalAdapter.createSession(m||u,e.request);if(!l){let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_session"),e.redirect(g.toString())}try{await _(e,l.id)}catch(g){e.context.logger.error("Unable to set session cookie",g);let h=new URL(n||o);throw h.searchParams.set("error","unable_to_create_session"),e.redirect(h.toString())}}catch{let l=new URL(n||o||"");throw l.searchParams.set("error","unable_to_create_session"),e.redirect(l.toString())}throw e.redirect(o)});import"zod";import{APIError as Pt}from"better-call";var Ve=p("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Pt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});import{z as S}from"zod";import{APIError as Q}from"better-call";var ze=p("/forget-password",{method:"POST",body:S.object({email:S.string().email(),redirectTo:S.string()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new Q("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let d=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,d),e.json({status:!0})}),je=p("/reset-password/:token",{method:"GET",query:S.object({callbackURL:S.string()}),use:[U]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),qe=p("/reset-password",{query:S.optional(S.object({token:S.string()})),method:"POST",body:S.object({newPassword:S.string()})},async e=>{let t=e.query?.token;if(!t)throw new Q("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new Q("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(u=>u.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,s))throw new Q("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as k}from"zod";import{APIError as T}from"better-call";var Ne=p("/user/update",{method:"POST",body:k.object({name:k.string().optional(),image:k.string().optional()}),use:[L,U]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:n})}),Me=p("/user/change-password",{method:"POST",body:k.object({newPassword:k.string(),currentPassword:k.string(),revokeOtherSessions:k.boolean().optional()}),use:[L]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new T("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new T("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(n.user.id)).find(b=>b.providerId==="credential"&&b.password);if(!a||!a.password)throw new T("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(a.password,r))throw new T("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let b=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!b)throw new T("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await _(e,b.id)}return e.json(n.user)}),Fe=p("/user/set-password",{method:"POST",body:k.object({newPassword:k.string()}),use:[L]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new T("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new T("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),d=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:d}),e.json(r.user);throw new T("BAD_REQUEST",{message:"user already has a password"})}),He=p("/user/delete",{method:"POST",body:k.object({password:k.string()}),use:[L]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!n||!n.password)throw new T("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new T("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)}),Qe=p("/user/change-email",{method:"POST",query:k.object({currentURL:k.string().optional()}).optional(),body:k.object({newEmail:k.string().email(),callbackURL:k.string().optional()}),use:[L,U]},async e=>{if(e.context.options.user?.changeEmail?.disable===!0)throw e.context.logger.error("Change email is disabled."),new T("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new T("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new T("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.options.user?.changeEmail?.sendVerificationEmail===!1||e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:n,status:!0})}if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new T("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await O(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(e.context.session.user,o,r),e.json({user:null,status:!0})});var Ge=p("/csrf",{method:"GET",metadata:I},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,s]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=re(32,oe("a-z","0-9","A-Z")),o=await N(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var St=(e="Unknown")=>`<!DOCTYPE html>
+import{APIError as et,createRouter as $t,statusCode as Vt}from"better-call";import{APIError as W}from"better-call";import{z as se}from"zod";import{xchacha20poly1305 as Jt}from"@noble/ciphers/chacha";import{bytesToHex as Xt,hexToBytes as Yt,utf8ToBytes as er}from"@noble/ciphers/utils";import{managedNonce as rr}from"@noble/ciphers/webcrypto";import{sha256 as nr}from"oslo/crypto";function Z(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as Nt,encodeHex as Mt}from"oslo/encoding";import{scryptAsync as Qt}from"@noble/hashes/scrypt";function tt(e){return e.toString(2).padStart(8,"0")}function rt(e){return[...e].map(t=>tt(t)).join("")}function te(e){return parseInt(rt(e),2)}function ot(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=te(o);for(;n>=e;)crypto.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=te(o);return n}function re(e,t){let r="";for(let o=0;o<e;o++)r+=t[ot(t.length)];return r}function oe(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function N(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await crypto.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as nt,createMiddleware as ne,createMiddlewareCreator as it}from"better-call";var ie=ne(async()=>({})),$=it({use:[ie,ne(async()=>({}))]}),u=nt({use:[ie]});var ae=$({body:se.object({csrfToken:se.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=new URL(e.request.url);if(e.context.trustedOrigins.includes(t.origin))return;let r=e.body?.csrfToken;if(!r)throw new W("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!r||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new W("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await N(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new W("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as _}from"better-call";import{generateCodeVerifier as vt}from"oslo/oauth2";import{z as x}from"zod";import{generateState as st}from"oslo/oauth2";import{z as M}from"zod";import{sha256 as ce}from"oslo/crypto";async function de(e){let t=await ce(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function le(e,t){let r=await ce(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return Z(r,o)}import"better-call";async function ue(e){let t=st(),r=JSON.stringify({code:t,callbackURL:e}),o=await de(r);return{raw:r,hash:o}}function J(e){return M.object({code:M.string(),callbackURL:M.string().optional(),currentURL:M.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as _r}from"oslo";var C=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};async function P(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as pe}from"better-call";import{createConsola as at}from"consola";var B=at({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ct=e=>({log:(...t)=>{!e?.disabled&&B.log("",...t)},error:(...t)=>{!e?.disabled&&B.error("",...t)},warn:(...t)=>{!e?.disabled&&B.warn("",...t)},info:(...t)=>{!e?.disabled&&B.info("",...t)},debug:(...t)=>{!e?.disabled&&B.debug("",...t)},box:(...t)=>{!e?.disabled&&B.box("",...t)},success:(...t)=>{!e?.disabled&&B.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
+`)}}),y=ct();var U=$(async e=>{let t=e.body?.callbackURL||e.query?.callbackURL||e.query?.redirectTo||e.body?.redirectTo,r=e.headers?.get("referer"),o=e.query?.currentURL||r||e.context.baseURL,n=e.context.trustedOrigins;if(t?.includes("http")){let i=new URL(t).origin;if(!n.includes(i))throw y.error("Invalid callback URL",{callbackURL:t,trustedOrigins:n}),new pe("FORBIDDEN",{message:"Invalid callback URL"})}if(o!==e.context.baseURL){let i=new URL(o).origin;if(!n.includes(i))throw y.error("Invalid current URL",{currentURL:o,trustedOrigins:n}),new pe("FORBIDDEN",{message:"Invalid callback URL"})}});import{parseJWT as pt}from"oslo/jwt";import{sha256 as dt}from"oslo/crypto";import{base64url as lt}from"oslo/encoding";async function me(e){let t=await dt(new TextEncoder().encode(e));return lt.encode(new Uint8Array(t),{includePadding:!1})}function fe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function E({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:d,redirectURI:a}){let c=new URL(r);if(c.searchParams.set("response_type","code"),c.searchParams.set("client_id",t.clientId),c.searchParams.set("state",o),c.searchParams.set("scope",i.join(" ")),c.searchParams.set("redirect_uri",t.redirectURI||a),!d&&n){let l=await me(n);c.searchParams.set("code_challenge_method","S256"),c.searchParams.set("code_challenge",l)}if(s){let l=s.reduce((b,h)=>(b[h]=null,b),{});c.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return c}import{betterFetch as ut}from"@better-fetch/fetch";async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:d}=await ut(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return fe(s)}function K(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var ge=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=pt(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as mt}from"@better-fetch/fetch";var he=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await mt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as ft}from"@better-fetch/fetch";var we=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await E({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await ft("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,emailVerified:r.email_verified},data:r}}});import{betterFetch as ye}from"@better-fetch/fetch";var be=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=e.scope||o||["user:email"];return E({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await ye("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:d}=await ye("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});d||(o.email=(s.find(a=>a.primary)??s[0])?.email,i=s.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as gt}from"oslo/jwt";var Ae=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw y.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new C("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new C("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return E({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=gt(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as ht}from"@better-fetch/fetch";import{parseJWT as wt}from"oslo/jwt";var Re=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return E({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return A({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=wt(n.idToken)?.payload,s=e.profilePhotoSize||48;return await ht(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(d){if(!(e.disableProfilePhoto||!d.response.ok))try{let c=await d.response.clone().arrayBuffer(),l=Buffer.from(c).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(a){y.error(a)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as yt}from"@better-fetch/fetch";var ke=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return E({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await yt("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var I={isAction:!1};import{nanoid as bt}from"nanoid";var Ue=e=>bt(e);import{parseJWT as At}from"oslo/jwt";var Ee=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return E({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return y.error("No idToken found in token"),null;let o=At(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as Rt}from"@better-fetch/fetch";var Te=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return E({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Rt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var kt={apple:ge,discord:he,facebook:we,github:be,microsoft:Re,google:Ae,spotify:ke,twitch:Ee,twitter:Te},ve=Object.keys(kt);import{TimeSpan as Ut}from"oslo";import{createJWT as Et,validateJWT as Tt}from"oslo/jwt";import{z as v}from"zod";import{APIError as V}from"better-call";import{APIError as q}from"better-call";var F=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as xe}from"zod";var X=()=>u("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return j(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let a=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:F(e.context.sessionConfig.expiresIn,"sec")});if(!a)return j(e),e.json(null,{status:401});let c=(a.expiresAt.valueOf()-Date.now())/1e3;return await P(e,a.id,!1,{maxAge:c}),e.json({session:a,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Y=async e=>await X()({...e,_flag:"json",headers:e.headers}),L=$(async e=>{let t=await Y(e);if(!t?.session)throw new q("UNAUTHORIZED");return{session:t}}),Pe=()=>u("/user/list-sessions",{method:"GET",use:[L],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),_e=u("/user/revoke-session",{method:"POST",body:xe.object({id:xe.string()}),use:[L],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new q("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new q("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new q("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Se=u("/user/revoke-sessions",{method:"POST",use:[L],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new q("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function O(e,t,r){return await Et("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Ut(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Le=u("/send-verification-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({email:v.string().email(),callbackURL:v.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new V("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new V("BAD_REQUEST",{message:"User not found"});let o=await O(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),Oe=u("/verify-email",{method:"GET",query:v.object({token:v.string(),callbackURL:v.string().optional()}),use:[U]},async e=>{let{token:t}=e.query,r;try{r=await Tt("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new V("BAD_REQUEST",{message:"Invalid token"})}let n=v.object({email:v.string().email(),updateTo:v.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new V("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let s=await Y(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new V("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new V("UNAUTHORIZED",{message:"Invalid session"});let d=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(d,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:d,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Ie=u("/sign-in/social",{method:"POST",requireHeaders:!0,query:x.object({currentURL:x.string().optional()}).optional(),body:x.object({callbackURL:x.string().optional(),provider:x.enum(ve)}),use:[U]},async e=>{let t=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new _("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await ue(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let s=vt();await e.setSignedCookie(r.pkCodeVerifier.name,s,e.context.secret,r.pkCodeVerifier.options);let d=await t.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:d.toString(),state:i,codeVerifier:s,redirect:!0})}),Ce=u("/sign-in/email",{method:"POST",body:x.object({email:x.string().email(),password:x.string(),callbackURL:x.string().optional(),dontRememberMe:x.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new _("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!x.string().email().safeParse(t).success)throw new _("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new _("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw y.error("Email verification is required but no email verification handler is provided"),new _("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await O(e.context.secret,n.user.email),l=`${e.context.options.baseURL}/verify-email?token=${c}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,l,c),e.context.logger.error("Email not verified",{email:t}),new _("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=n.accounts.find(c=>c.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new _("UNAUTHORIZED",{message:"Invalid email or password"});let s=i?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new _("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new _("UNAUTHORIZED",{message:"Invalid email or password"});let a=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!a)throw e.context.logger.error("Failed to create session"),new _("UNAUTHORIZED",{message:"Failed to create session"});return await P(e,a.id,e.body.dontRememberMe),e.json({user:n.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{APIError as Pt}from"better-call";import{z as H}from"zod";import{z as f}from"zod";var Qn=f.object({id:f.string(),providerId:f.string(),accountId:f.string(),userId:f.string(),accessToken:f.string().nullable().optional(),refreshToken:f.string().nullable().optional(),idToken:f.string().nullable().optional(),expiresAt:f.date().nullable().optional(),password:f.string().optional().nullable()}),Be=f.object({id:f.string(),email:f.string().transform(e=>e.toLowerCase()),emailVerified:f.boolean().default(!1),name:f.string(),image:f.string().optional(),createdAt:f.date().default(new Date),updatedAt:f.date().default(new Date)}),Gn=f.object({id:f.string(),userId:f.string(),expiresAt:f.date(),ipAddress:f.string().optional(),userAgent:f.string().optional()}),Zn=f.object({id:f.string(),value:f.string(),expiresAt:f.date(),identifier:f.string()});function xt(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function De(e,t){let r={...e.user?.additionalFields};return xt(t||{},{fields:r})}var $e=u("/callback/:id",{method:"GET",query:H.object({state:H.string(),code:H.string().optional(),error:H.string().optional()}),metadata:I},async e=>{if(e.query.error||!e.query.code){let g=J(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${g}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=J(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw y.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await le(e.query.state,i))throw y.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let d=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(m=>m?.user),l=Ue(),b=Be.safeParse({...c,id:l});if(!c||b.success===!1)throw y.error("Unable to get user info",b.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let h=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(m=>{throw y.error(`Better auth was unable to query your database.
+Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),p=h?.user.id;if(h){if(!h.accounts.find(g=>g.providerId===t.id)){if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)){let k;try{k=new URL(n||o),k.searchParams.set("error","account_not_linked")}catch{throw e.redirect(`${e.context.baseURL}/error?error=account_not_linked`)}throw e.redirect(k.toString())}try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:h.user.id,...K(a)})}catch(k){throw console.log(k),e.redirect(`${e.context.baseURL}/error?error=failed_linking_account`)}}}else try{let m=c.emailVerified,g=await e.context.internalAdapter.createOAuthUser({...b.data,emailVerified:m},{...K(a),id:`${t.id}:${c.id}`,providerId:t.id,accountId:c.id.toString()});if(!m&&g&&e.context.options.emailVerification?.sendOnSignUp){let w=await O(e.context.secret,c.email),k=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(g.user,k,w)}}catch{let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_user"),e.redirect(g.toString())}if(!p&&!l)throw new Pt("INTERNAL_SERVER_ERROR",{message:"Unable to create user"});try{let m=await e.context.internalAdapter.createSession(p||l,e.request);if(!m){let g=new URL(n||o);throw g.searchParams.set("error","unable_to_create_session"),e.redirect(g.toString())}try{await P(e,m.id)}catch(g){e.context.logger.error("Unable to set session cookie",g);let w=new URL(n||o);throw w.searchParams.set("error","unable_to_create_session"),e.redirect(w.toString())}}catch{let m=new URL(n||o||"");throw m.searchParams.set("error","unable_to_create_session"),e.redirect(m.toString())}throw e.redirect(o)});import"zod";import{APIError as _t}from"better-call";var Ve=u("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new _t("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});import{z as S}from"zod";import{APIError as Q}from"better-call";var ze=u("/forget-password",{method:"POST",body:S.object({email:S.string().email(),redirectTo:S.string()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new Q("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let d=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,d),e.json({status:!0})}),je=u("/reset-password/:token",{method:"GET",query:S.object({callbackURL:S.string()}),use:[U]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),qe=u("/reset-password",{query:S.optional(S.object({token:S.string()})),method:"POST",body:S.object({newPassword:S.string()})},async e=>{let t=e.query?.token;if(!t)throw new Q("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new Q("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,s))throw new Q("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as R}from"zod";import{APIError as T}from"better-call";var Ne=u("/user/update",{method:"POST",body:R.object({name:R.string().optional(),image:R.string().optional()}),use:[L,U]},async e=>{let{name:t,image:r}=e.body,o=e.context.session;if(!r&&!t)return e.json({user:o.user});let n=await e.context.internalAdapter.updateUserByEmail(o.user.email,{name:t,image:r});return e.json({user:n})}),Me=u("/user/change-password",{method:"POST",body:R.object({newPassword:R.string(),currentPassword:R.string(),revokeOtherSessions:R.boolean().optional()}),use:[L]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new T("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new T("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(n.user.id)).find(b=>b.providerId==="credential"&&b.password);if(!a||!a.password)throw new T("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(a.password,r))throw new T("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let b=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!b)throw new T("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await P(e,b.id)}return e.json(n.user)}),Fe=u("/user/set-password",{method:"POST",body:R.object({newPassword:R.string()}),use:[L]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new T("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new T("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),d=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:d}),e.json(r.user);throw new T("BAD_REQUEST",{message:"user already has a password"})}),He=u("/user/delete",{method:"POST",body:R.object({password:R.string()}),use:[L]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!n||!n.password)throw new T("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new T("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),e.json(null)}),Qe=u("/user/change-email",{method:"POST",query:R.object({currentURL:R.string().optional()}).optional(),body:R.object({newEmail:R.string().email(),callbackURL:R.string().optional()}),use:[L,U]},async e=>{if(e.context.options.user?.changeEmail?.disable===!0)throw e.context.logger.error("Change email is disabled."),new T("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new T("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new T("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.options.user?.changeEmail?.sendVerificationEmail===!1||e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:n,status:!0})}if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new T("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await O(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(e.context.session.user,o,r),e.json({user:null,status:!0})});var Ge=u("/csrf",{method:"GET",metadata:I},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,s]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=re(32,oe("a-z","0-9","A-Z")),o=await N(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var St=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,l),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,Ze=p("/error",{method:"GET",metadata:I},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(St(t),{headers:{"Content-Type":"text/html"}})});var We=p("/ok",{method:"GET",metadata:I},async e=>e.json({ok:!0}));import{z}from"zod";import{APIError as D}from"better-call";var Je=()=>p("/sign-up/email",{method:"POST",query:z.object({currentURL:z.string().optional()}).optional(),body:z.record(z.string(),z.any()),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new D("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:s,...d}=t;if(!z.string().email().safeParse(o).success)throw new D("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(n.length<c)throw e.context.logger.error("Password is too short"),new D("BAD_REQUEST",{message:"Password is too short"});let u=e.context.password.config.maxPasswordLength;if(n.length>u)throw e.context.logger.error("Password is too long"),new D("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new D("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let w=De(e.context.options,d),m=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...w,emailVerified:!1});if(!m)throw new D("BAD_REQUEST",{message:"Failed to create user"});let l=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:l,expiresAt:F(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let h=await O(e.context.secret,m.email),R=`${e.context.baseURL}/verify-email?token=${h}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(m,R,h)}if(!e.context.options.emailAndPassword.autoSignIn)return e.json({user:m,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:m,session:null}});let g=await e.context.internalAdapter.createSession(m.id,e.request);if(!g)throw new D("BAD_REQUEST",{message:"Failed to create session"});return await _(e,g.id),e.json({user:m,session:g},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:m,session:g}})});function Ke(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let n of r){let i=o.get(n);if(typeof i=="string"){let s=i.split(",")[0].trim();if(s)return s}}return null}function Lt(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function Ot(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function It(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Ct(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(d){y.error("Error setting rate limit",d)}}}}var Xe=new Map;function Bt(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Xe.get(r)},async set(r,o,n){Xe.set(r,o)}}:Ct(e,e.rateLimit.tableName)}async function Ye(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,s=Ke(e)+o,a=Dt().find(w=>w.pathMatcher(o));a&&(n=a.window,i=a.max);for(let w of t.options.plugins||[])if(w.rateLimit){let m=w.rateLimit.find(l=>l.pathMatcher(o));if(m){n=m.window,i=m.max;break}}if(t.rateLimit.customRules){let w=t.rateLimit.customRules[o];w&&(n=w.window,i=w.max)}let c=Bt(t),u=await c.get(s),b=Date.now();if(!u)await c.set(s,{key:s,count:1,lastRequest:b});else{let w=b-u.lastRequest;if(Lt(i,n,u)){let m=It(u.lastRequest,n);return Ot(m)}else w>n*1e3?await c.set(s,{...u,count:1,lastRequest:b}):await c.set(s,{...u,count:u.count+1,lastRequest:b})}}function Dt(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}import{APIError as Ds}from"better-call";function zt(e,t){let r=t.plugins?.reduce((d,a)=>({...d,...a.endpoints}),{}),o=t.plugins?.map(d=>d.middlewares?.map(a=>{let c=async u=>a.middleware({...u,context:{...e,...u.context}});return c.path=a.path,c.options=a.middleware.options,c.headers=a.middleware.headers,{path:a.path,middleware:c}})).filter(d=>d!==void 0).flat()||[],i={...{signInOAuth:Ie,callbackOAuth:$e,getCSRFToken:Ge,getSession:X(),signOut:Ve,signUpEmail:Je(),signInEmail:Ce,forgetPassword:ze,resetPassword:qe,verifyEmail:Oe,sendVerificationEmail:Le,changeEmail:Qe,changePassword:Me,setPassword:Fe,updateUser:Ne,deleteUser:He,forgetPasswordCallback:je,listSessions:_e(),revokeSession:Pe,revokeSessions:Se},...r,ok:We,error:Ze},s={};for(let[d,a]of Object.entries(i))s[d]=async(c={})=>{let u=await e;for(let m of t.plugins||[])if(m.hooks?.before){for(let l of m.hooks.before)if(l.matcher({...a,...c,context:u})){let h=await l.handler({...c,context:{...u,...c?.context}});h&&"context"in h&&(u={...u,...h.context})}}let b;try{b=await a({...c,context:{...u,...c.context}})}catch(m){if(m instanceof et){let l=t.plugins?.map(h=>{if(h.hooks?.after)return h.hooks.after}).filter(h=>h!==void 0).flat();if(!l?.length)throw m;let g=new Response(JSON.stringify(m.body),{status:Vt[m.status],headers:m.headers});for(let h of l||[])if(h.matcher(c)){let ee=Object.assign(c,{context:{...e,returned:g}}),G=await h.handler(ee);G&&"response"in G&&(g=G.response)}return g}throw m}let w=b;for(let m of t.plugins||[])if(m.hooks?.after){for(let l of m.hooks.after)if(l.matcher(c)){let h=Object.assign(c,{context:{...e,returned:w}}),R=await l.handler(h);R&&"response"in R&&(w=R.response)}}return w},s[d].path=a.path,s[d].method=a.method,s[d].options=a.options,s[d].headers=a.headers;return{api:s,middlewares:o}}var Ss=(e,t)=>{let{api:r,middlewares:o}=zt(e,t),n=new URL(e.baseURL).pathname;return $t(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:ae},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let d=await s.onRequest(i,e);if(d)return d}return Ye(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let d=await s.onResponse(i,e);if(d)return d.response}return i},onError(i){if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let s=t.logger?.verboseLogging?y:void 0;t.logger?.disabled!==!0&&(i instanceof et?(i.status==="INTERNAL_SERVER_ERROR"&&y.error(i),s?.error(i.message)):y?.error(i))}})};export{Ds as APIError,$e as callbackOAuth,Qe as changeEmail,Me as changePassword,p as createAuthEndpoint,$ as createAuthMiddleware,O as createEmailVerificationToken,ae as csrfMiddleware,He as deleteUser,Ze as error,ze as forgetPassword,je as forgetPasswordCallback,Ge as getCSRFToken,zt as getEndpoints,X as getSession,Y as getSessionFromCtx,_e as listSessions,We as ok,ie as optionsMiddleware,qe as resetPassword,Pe as revokeSession,Se as revokeSessions,Ss as router,Le as sendVerificationEmail,L as sessionMiddleware,Fe as setPassword,Ce as signInEmail,Ie as signInOAuth,Ve as signOut,Je as signUpEmail,Ne as updateUser,Oe as verifyEmail};
+</html>`,Ze=u("/error",{method:"GET",metadata:I},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(St(t),{headers:{"Content-Type":"text/html"}})});var We=u("/ok",{method:"GET",metadata:I},async e=>e.json({ok:!0}));import{z}from"zod";import{APIError as D}from"better-call";var Je=()=>u("/sign-up/email",{method:"POST",query:z.object({currentURL:z.string().optional()}).optional(),body:z.record(z.string(),z.any()),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new D("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:s,...d}=t;if(!z.string().email().safeParse(o).success)throw new D("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(n.length<c)throw e.context.logger.error("Password is too short"),new D("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(n.length>l)throw e.context.logger.error("Password is too long"),new D("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new D("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let h=De(e.context.options,d),p=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...h,emailVerified:!1});if(!p)throw new D("BAD_REQUEST",{message:"Failed to create user"});let m=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:p.id,providerId:"credential",accountId:p.id,password:m,expiresAt:F(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let w=await O(e.context.secret,p.email),k=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(p,k,w)}if(!e.context.options.emailAndPassword.autoSignIn)return e.json({user:p,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:p,session:null}});let g=await e.context.internalAdapter.createSession(p.id,e.request);if(!g)throw new D("BAD_REQUEST",{message:"Failed to create session"});return await P(e,g.id),e.json({user:p,session:g},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:p,session:g}})});function Ke(e){let t="127.0.0.1";if(process.env.NODE_ENV==="test")return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let n of r){let i=o.get(n);if(typeof i=="string"){let s=i.split(",")[0].trim();if(s)return s}}return null}function Lt(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function Ot(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function It(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Ct(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(d){y.error("Error setting rate limit",d)}}}}var Xe=new Map;function Bt(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Xe.get(r)},async set(r,o,n){Xe.set(r,o)}}:Ct(e,e.rateLimit.tableName)}async function Ye(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,s=Ke(e)+o,a=Dt().find(h=>h.pathMatcher(o));a&&(n=a.window,i=a.max);for(let h of t.options.plugins||[])if(h.rateLimit){let p=h.rateLimit.find(m=>m.pathMatcher(o));if(p){n=p.window,i=p.max;break}}if(t.rateLimit.customRules){let h=t.rateLimit.customRules[o];h&&(n=h.window,i=h.max)}let c=Bt(t),l=await c.get(s),b=Date.now();if(!l)await c.set(s,{key:s,count:1,lastRequest:b});else{let h=b-l.lastRequest;if(Lt(i,n,l)){let p=It(l.lastRequest,n);return Ot(p)}else h>n*1e3?await c.set(s,{...l,count:1,lastRequest:b}):await c.set(s,{...l,count:l.count+1,lastRequest:b})}}function Dt(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:7}]}import{APIError as Ds}from"better-call";function zt(e,t){let r=t.plugins?.reduce((d,a)=>({...d,...a.endpoints}),{}),o=t.plugins?.map(d=>d.middlewares?.map(a=>{let c=async l=>a.middleware({...l,context:{...e,...l.context}});return c.path=a.path,c.options=a.middleware.options,c.headers=a.middleware.headers,{path:a.path,middleware:c}})).filter(d=>d!==void 0).flat()||[],i={...{signInOAuth:Ie,callbackOAuth:$e,getCSRFToken:Ge,getSession:X(),signOut:Ve,signUpEmail:Je(),signInEmail:Ce,forgetPassword:ze,resetPassword:qe,verifyEmail:Oe,sendVerificationEmail:Le,changeEmail:Qe,changePassword:Me,setPassword:Fe,updateUser:Ne,deleteUser:He,forgetPasswordCallback:je,listSessions:Pe(),revokeSession:_e,revokeSessions:Se},...r,ok:We,error:Ze},s={};for(let[d,a]of Object.entries(i))s[d]=async(c={})=>{let l=await e;for(let p of t.plugins||[])if(p.hooks?.before){for(let m of p.hooks.before)if(m.matcher({...a,...c,context:l})){let w=await m.handler({...c,context:{...l,...c?.context}});w&&"context"in w&&(l={...l,...w.context})}}let b;try{b=await a({...c,context:{...l,...c.context}})}catch(p){if(p instanceof et){let m=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!m?.length)throw p;let g=new Response(JSON.stringify(p.body),{status:Vt[p.status],headers:p.headers});for(let w of m||[])if(w.matcher(c)){let ee=Object.assign(c,{context:{...e,returned:g}}),G=await w.handler(ee);G&&"response"in G&&(g=G.response)}return g}throw p}let h=b;for(let p of t.plugins||[])if(p.hooks?.after){for(let m of p.hooks.after)if(m.matcher(c)){let w=Object.assign(c,{context:{...e,returned:h}}),k=await m.handler(w);k&&"response"in k&&(h=k.response)}}return h},s[d].path=a.path,s[d].method=a.method,s[d].options=a.options,s[d].headers=a.headers;return{api:s,middlewares:o}}var Ss=(e,t)=>{let{api:r,middlewares:o}=zt(e,t),n=new URL(e.baseURL).pathname;return $t(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:ae},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let d=await s.onRequest(i,e);if(d)return d}return Ye(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let d=await s.onResponse(i,e);if(d)return d.response}return i},onError(i){if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let s=t.logger?.verboseLogging?y:void 0;t.logger?.disabled!==!0&&(i instanceof et?(i.status==="INTERNAL_SERVER_ERROR"&&y.error(i),s?.error(i.message)):y?.error(i))}})};export{Ds as APIError,$e as callbackOAuth,Qe as changeEmail,Me as changePassword,u as createAuthEndpoint,$ as createAuthMiddleware,O as createEmailVerificationToken,ae as csrfMiddleware,He as deleteUser,Ze as error,ze as forgetPassword,je as forgetPasswordCallback,Ge as getCSRFToken,zt as getEndpoints,X as getSession,Y as getSessionFromCtx,Pe as listSessions,We as ok,ie as optionsMiddleware,qe as resetPassword,_e as revokeSession,Se as revokeSessions,Ss as router,Le as sendVerificationEmail,L as sessionMiddleware,Fe as setPassword,Ce as signInEmail,Ie as signInOAuth,Ve as signOut,Je as signUpEmail,Ne as updateUser,Oe as verifyEmail};

package/dist/{auth-BbAoOSTB.d.ts → auth-DQcxQWzj.d.ts}

@@ -1259,12 +1259,12 @@ declare const signInOAuth: {
             /**
              * OAuth2 provider to use`
              */
-            provider: z.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+            provider: z.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
         }, "strip", z.ZodTypeAny, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
         }, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
         }>;
         use: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -1302,12 +1302,12 @@ declare const signInOAuth: {
             /**
              * OAuth2 provider to use`
              */
-            provider: z.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+            provider: z.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
         }, "strip", z.ZodTypeAny, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
         }, {
-            provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+            provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
             callbackURL?: string | undefined;
         }>;
         use: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -2601,12 +2601,12 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }>;
                 use: Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -2634,12 +2634,12 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }>;
                 use: Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -3789,12 +3789,12 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }>;
                 use: Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -3822,12 +3822,12 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }>;
                 use: Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -4979,12 +4979,12 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }>;
                 use: Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];
@@ -5012,12 +5012,12 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
                 }>>;
                 body: zod.ZodObject<{
                     callbackURL: zod.ZodOptional<zod.ZodString>;
-                    provider: zod.ZodEnum<["github", ...("github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter")[]]>;
+                    provider: zod.ZodEnum<["github", ...("apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter")[]]>;
                 }, "strip", zod.ZodTypeAny, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }, {
-                    provider: "github" | "apple" | "discord" | "facebook" | "microsoft" | "google" | "spotify" | "twitch" | "twitter";
+                    provider: "apple" | "discord" | "facebook" | "github" | "google" | "microsoft" | "spotify" | "twitch" | "twitter";
                     callbackURL?: string | undefined;
                 }>;
                 use: Endpoint<better_call.Handler<string, better_call.EndpointOptions, void>, better_call.EndpointOptions>[];

package/dist/client/plugins.d.ts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, l as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth, k as multiSession } from '../index-5eAp6tZU.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-5eAp6tZU.js';
+import { o as organization, l as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth, k as multiSession } from '../index-DZhhf9eD.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-DZhhf9eD.js';
 import { P as Prettify } from '../helper-DPDj8Nix.js';
-import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../auth-BbAoOSTB.js';
+import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../auth-DQcxQWzj.js';
 import 'zod';
 import '../schema-Dkt0LqYs.js';
 import 'better-call';

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
 import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
 import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferPluginsFromClient } from './types.js';
-import './auth-BbAoOSTB.js';
+import './auth-DQcxQWzj.js';
 import 'kysely';
 import './schema-Dkt0LqYs.js';
 import 'better-call';

package/dist/cookies.d.ts

@@ -1,5 +1,5 @@
 import 'better-call';
-export { s as BetterAuthCookies, E as EligibleCookies, r as createCookieGetter, u as deleteSessionCookie, q as getCookies, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-BbAoOSTB.js';
+export { s as BetterAuthCookies, E as EligibleCookies, r as createCookieGetter, u as deleteSessionCookie, q as getCookies, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-DQcxQWzj.js';
 import 'zod';
 import 'kysely';
 import './schema-Dkt0LqYs.js';

package/dist/db.d.ts

@@ -1,5 +1,5 @@
-import { A as Adapter, B as BetterAuthOptions, W as Where, F as FieldAttribute, z as FieldType, K as KyselyDatabaseType } from './auth-BbAoOSTB.js';
-export { X as BetterAuthDbSchema, J as FieldAttributeConfig, V as InferFieldsFromOptions, U as InferFieldsFromPlugins, O as InferFieldsInput, Q as InferFieldsInputClient, N as InferFieldsOutput, M as InferValueType, D as InternalAdapter, T as PluginFieldAttribute, L as createFieldAttribute, C as createInternalAdapter, Y as getAuthTables } from './auth-BbAoOSTB.js';
+import { A as Adapter, B as BetterAuthOptions, W as Where, F as FieldAttribute, z as FieldType, K as KyselyDatabaseType } from './auth-DQcxQWzj.js';
+export { X as BetterAuthDbSchema, J as FieldAttributeConfig, V as InferFieldsFromOptions, U as InferFieldsFromPlugins, O as InferFieldsInput, Q as InferFieldsInputClient, N as InferFieldsOutput, M as InferValueType, D as InternalAdapter, T as PluginFieldAttribute, L as createFieldAttribute, C as createInternalAdapter, Y as getAuthTables } from './auth-DQcxQWzj.js';
 import { z } from 'zod';
 import 'kysely';
 import './schema-Dkt0LqYs.js';

package/dist/db.js

@@ -1,4 +1,4 @@
-var S=(e,r="ms")=>new Date(Date.now()+(r==="sec"?e*1e3:e));var h=e=>{let r=e.plugins?.reduce((t,s)=>{let o=s.schema;if(!o)return t;for(let[d,l]of Object.entries(o))t[d]={fields:{...t[d]?.fields,...l.fields},tableName:l.tableName||d};return t},{}),a=e.rateLimit?.storage==="database",i={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:u,session:n,account:c,...f}=r||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...u?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...c?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...f,...a?i:{}}};import{nanoid as P}from"nanoid";var A=e=>P(e);var F=class extends Error{constructor(r,a){super(r),this.name="BetterAuthError",this.message=r,this.cause=a,this.stack=""}};import{Kysely as D,MssqlDialect as L}from"kysely";import{MysqlDialect as R,PostgresDialect as B,SqliteDialect as V}from"kysely";function M(e){if("dialect"in e)return M(e.dialect);if("createDriver"in e){if(e instanceof V)return"sqlite";if(e instanceof R)return"mysql";if(e instanceof B)return"postgres";if(e instanceof L)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var k=async e=>{let r=e.database;if("db"in r)return{kysely:r.db,databaseType:r.type};if("dialect"in r)return{kysely:new D({dialect:r.dialect}),databaseType:r.type};let a,i=M(r);return"createDriver"in r&&(a=r),"aggregate"in r&&(a=new V({database:r})),"getConnection"in r&&(a=new R({pool:r})),"connect"in r&&(a=new B({pool:r})),{kysely:a?new D({dialect:a}):null,databaseType:i}};function N(e){if(!e)return{and:null,or:null};let r={and:[],or:[]};return e.forEach(a=>{let{field:i,value:u,operator:n="=",connector:c="AND"}=a,f=t=>n.toLowerCase()==="in"?t(i,"in",Array.isArray(u)?u:[u]):t(i,n,u);c==="OR"?r.or.push(f):r.and.push(f)}),{and:r.and.length?r.and:null,or:r.or.length?r.or:null}}function v(e,r,a){for(let i in e)e[i]===0&&r[i]?.type==="boolean"&&a?.boolean&&(e[i]=!1),e[i]===1&&r[i]?.type==="boolean"&&a?.boolean&&(e[i]=!0),r[i]?.type==="date"&&(e[i]instanceof Date||(e[i]=new Date(e[i])));return e}function U(e,r){for(let a in e)typeof e[a]=="boolean"&&r?.boolean&&(e[a]=e[a]?1:0),e[a]instanceof Date&&(e[a]=e[a].toISOString());return e}var K=(e,r)=>({id:"kysely",async create(a){let{model:i,data:u,select:n}=a;r?.transform&&(u=U(u,r.transform)),r?.generateId!==void 0&&(u.id=r.generateId?r.generateId():void 0);let c=await e.insertInto(i).values(u).returningAll().executeTakeFirst();if(r?.transform){let f=r.transform.schema[i];c=f?v(u,f,r.transform):c}return n?.length&&(c=c?n.reduce((t,s)=>c?.[s]?{...t,[s]:c[s]}:t,{}):null),c},async findOne(a){let{model:i,where:u,select:n}=a,{and:c,or:f}=N(u),t=e.selectFrom(i).selectAll();c&&(t=t.where(o=>o.and(c.map(d=>d(o))))),f&&(t=t.where(o=>o.or(f.map(d=>d(o)))));let s=await t.executeTakeFirst();if(n?.length&&(s=s?n.reduce((d,l)=>s?.[l]?{...d,[l]:s[l]}:d,{}):null),r?.transform){let o=r.transform.schema[i];return s=s&&o?v(s,o,r.transform):s,s||null}return s||null},async findMany(a){let{model:i,where:u,limit:n,offset:c,sortBy:f}=a,t=e.selectFrom(i),{and:s,or:o}=N(u);s&&(t=t.where(l=>l.and(s.map(m=>m(l))))),o&&(t=t.where(l=>l.or(o.map(m=>m(l))))),t=t.limit(n||100),c&&(t=t.offset(c)),f&&(t=t.orderBy(f.field,f.direction));let d=await t.selectAll().execute();if(r?.transform){let l=r.transform.schema[i];return l?d.map(m=>v(m,l,r.transform)):d}return d},async update(a){let{model:i,where:u,update:n}=a,{and:c,or:f}=N(u);r?.transform&&(n=U(n,r.transform));let t=e.updateTable(i).set(n);c&&(t=t.where(o=>o.and(c.map(d=>d(o))))),f&&(t=t.where(o=>o.or(f.map(d=>d(o)))));let s=await t.returningAll().executeTakeFirst()||null;if(r?.transform){let o=r.transform.schema[i];return o?v(s,o,r.transform):s}return s},async delete(a){let{model:i,where:u}=a,{and:n,or:c}=N(u),f=e.deleteFrom(i);n&&(f=f.where(t=>t.and(n.map(s=>s(t))))),c&&(f=f.where(t=>t.or(c.map(s=>s(t))))),await f.execute()},async deleteMany(a){let{model:i,where:u}=a,{and:n,or:c}=N(u),f=e.deleteFrom(i);n&&(f=f.where(t=>t.and(n.map(s=>s(t))))),c&&(f=f.where(t=>t.or(c.map(s=>s(t))))),await f.execute()}});async function be(e){if(!e.database)throw new F("Database configuration is required");if("create"in e.database)return e.database;let{kysely:r,databaseType:a}=await k(e);if(!r)throw new F("Failed to initialize database adapter");let i=h(e),u={};for(let n of Object.values(i))u[n.tableName]=n.fields;return K(r,{transform:{schema:u,date:!0,boolean:a==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function q(e,r){let a={id:r.id};for(let i in e){let u=e[i],n=r[i];a[u.fieldName||i]=n}return a}function g(e,r){if(!r)return null;let a={id:r.id};for(let[i,u]of Object.entries(e))a[i]=r[u.fieldName||i];return a}function C(e,r){let a=r.hooks,i=h(r.options);async function u(c,f,t){let s=c,o=i[f];for(let m of a||[]){let p=m[f]?.create?.before;if(p){let y=await p(c);if(y===!1)return null;typeof y=="object"&&"data"in y&&(s=y.data)}}let d=t?await t.fn(s):null,l=!t||t.executeMainFn?await e.create({model:o.tableName,data:{id:s.id||A(),...q(o.fields,s)}}):d;for(let m of a||[]){let p=m[f]?.create?.after;p&&await p(l)}return g(o.fields,l)}async function n(c,f,t,s){let o=c;for(let m of a||[]){let p=m[t]?.update?.before;if(p){let y=await p(c);if(y===!1)return null;o=typeof y=="object"?y.data:y}}let d=s?await s.fn(o):null,l=!s||s.executeMainFn?await e.update({model:i[t].tableName,update:q(i[t].fields,o),where:f}):d;for(let m of a||[]){let p=m[t]?.update?.after;p&&await p(l)}return g(i[t].fields,l)}return{createWithHooks:u,updateWithHooks:n}}function E(e){let r="127.0.0.1";if(process.env.NODE_ENV==="test")return r;let a=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],i=e instanceof Request?e.headers:e;for(let u of a){let n=i.get(u);if(typeof n=="string"){let c=n.split(",")[0].trim();if(c)return c}}return null}var Se=(e,r)=>{let a=r.options,i=a.secondaryStorage,u=a.session?.expiresIn||60*60*24*7,n=h(a),{createWithHooks:c,updateWithHooks:f}=C(e,r);return{createOAuthUser:async(t,s)=>{try{let o=await c(t,"user"),d=await c({...s,userId:o.id||t.id},"account");return{user:o,account:d}}catch(o){return console.log(o),null}},createUser:async t=>await c({id:A(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...t},"user"),createAccount:async t=>await c({id:A(),createdAt:new Date,updatedAt:new Date,...t},"account"),listSessions:async t=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]}),listUsers:async(t,s,o,d)=>(await e.findMany({model:n.user.tableName,limit:t,offset:s,sortBy:o,where:d})).map(m=>g(n.user.fields,m)),deleteUser:async t=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:t}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:t}]})},createSession:async(t,s,o,d)=>{let l=s instanceof Request?s.headers:s,m={id:A(),userId:t,expiresAt:o?S(60*60*24,"sec"):S(u,"sec"),ipAddress:s&&E(s)||"",userAgent:l?.get("user-agent")||"",...d};return await c(m,"session",i?{fn:async y=>{let b=await e.findOne({model:n.user.tableName,where:[{field:"id",value:t}]});return i.set(y.id,JSON.stringify({session:y,user:b}),u),y},executeMainFn:a.session?.storeSessionInDatabase}:void 0)},findSession:async t=>{if(i){let d=await i.get(t);if(d){let l=JSON.parse(d);return{session:{...l.session,expiresAt:new Date(l.session.expiresAt)},user:{...l.user,createdAt:new Date(l.user.createdAt),updatedAt:new Date(l.user.updatedAt)}}}}let s=await e.findOne({model:n.session.tableName,where:[{value:t,field:"id"}]});if(!s)return null;let o=await e.findOne({model:n.user.tableName,where:[{value:s.userId,field:"id"}]});return o?{session:g(n.session.fields,s),user:g(n.user.fields,o)}:null},findSessions:async t=>{if(i){let l=[];for(let m of t){let p=await i.get(m);if(p){let y=JSON.parse(p),b={session:{...y.session,expiresAt:new Date(y.session.expiresAt)},user:{...y.user,createdAt:new Date(y.user.createdAt),updatedAt:new Date(y.user.updatedAt)}};l.push(b)}}return l}let s=await e.findMany({model:n.session.tableName,where:[{field:"id",value:t,operator:"in"}]}),o=s.map(l=>l.userId),d=await e.findMany({model:n.user.tableName,where:[{field:"id",value:o,operator:"in"}]});return s.map(l=>{let m=d.find(p=>p.id===l.userId);return m?{session:g(n.session.fields,l),user:g(n.user.fields,m)}:null})},updateSession:async(t,s)=>await f(s,[{field:"id",value:t}],"session",i?{async fn(d){let l=await i.get(t),m=null;if(l){let p=JSON.parse(l);m={...p.session,...d},await i.set(t,JSON.stringify({session:m,user:p.user}),p.session.expiresAt?new Date(p.session.expiresAt).getTime():void 0)}else return null},executeMainFn:a.session?.storeSessionInDatabase}:void 0),deleteSession:async t=>{if(i){await i.delete(t),a.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:t}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:t}]})},deleteSessions:async t=>{if(i){let s=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]});for(let o of s)await i.delete(o.id);a.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]});return}await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]})},findUserByEmail:async(t,s)=>{let o=await e.findOne({model:n.user.tableName,where:[{value:t.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!o)return null;if(s?.includeAccounts){let d=await e.findMany({model:n.account.tableName,where:[{value:o.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:g(n.user.fields,o),accounts:d.map(l=>g(n.account.fields,l))}}return{user:g(n.user.fields,o),accounts:[]}},findUserById:async t=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:t}]}),linkAccount:async t=>await c({id:A(),...t},"account"),updateUser:async(t,s)=>await f(s,[{field:"id",value:t}],"user"),updateUserByEmail:async(t,s)=>await f(s,[{field:n.user.fields.email.fieldName||"email",value:t}],"user"),updatePassword:async(t,s)=>await f({password:s},[{field:n.account.fields.userId.fieldName||"userId",value:t},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async t=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:t}]})).map(o=>g(n.account.fields,o)),updateAccount:async(t,s)=>await f(s,[{field:"id",value:t}],"account"),createVerificationValue:async t=>await c({id:A(),...t},"verification"),findVerificationValue:async t=>{let s=await e.findOne({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:t}]});return g(n.verification.fields,s)},deleteVerificationValue:async t=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:t}]})},updateVerificationValue:async(t,s)=>await f(s,[{field:"id",value:t}],"verification")}};var De=(e,r)=>({type:e,...r});import{z as I}from"zod";function Ve(e){return I.object({...Object.keys(e).reduce((a,i)=>{let u=e[i];if(!u)return a;if(u.type==="string[]"||u.type==="number[]")return{...a,[i]:I.array(u.type==="string[]"?I.string():I.number())};let n=I[u.type]();return u?.required===!1&&(n=n.optional()),u?.returned===!1?a:{...a,[i]:n}},{})})}import"kysely";import{createConsola as W}from"consola";var w=W({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),H=e=>({log:(...r)=>{!e?.disabled&&w.log("",...r)},error:(...r)=>{!e?.disabled&&w.error("",...r)},warn:(...r)=>{!e?.disabled&&w.warn("",...r)},info:(...r)=>{!e?.disabled&&w.info("",...r)},debug:(...r)=>{!e?.disabled&&w.debug("",...r)},box:(...r)=>{!e?.disabled&&w.box("",...r)},success:(...r)=>{!e?.disabled&&w.success("",...r)},break:(...r)=>{!e?.disabled&&console.log(`
+var S=(e,r="ms")=>new Date(Date.now()+(r==="sec"?e*1e3:e));var h=e=>{let r=e.plugins?.reduce((t,s)=>{let o=s.schema;if(!o)return t;for(let[d,l]of Object.entries(o))t[d]={fields:{...t[d]?.fields,...l.fields},tableName:l.tableName||d};return t},{}),a=e.rateLimit?.storage==="database",i={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:u,session:n,account:c,...f}=r||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...u?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...c?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...f,...a?i:{}}};import{nanoid as P}from"nanoid";var A=e=>P(e);var F=class extends Error{constructor(r,a){super(r),this.name="BetterAuthError",this.message=r,this.cause=a,this.stack=""}};import{Kysely as D,MssqlDialect as L}from"kysely";import{MysqlDialect as R,PostgresDialect as B,SqliteDialect as V}from"kysely";function M(e){if("dialect"in e)return M(e.dialect);if("createDriver"in e){if(e instanceof V)return"sqlite";if(e instanceof R)return"mysql";if(e instanceof B)return"postgres";if(e instanceof L)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var k=async e=>{let r=e.database;if("db"in r)return{kysely:r.db,databaseType:r.type};if("dialect"in r)return{kysely:new D({dialect:r.dialect}),databaseType:r.type};let a,i=M(r);return"createDriver"in r&&(a=r),"aggregate"in r&&(a=new V({database:r})),"getConnection"in r&&(a=new R({pool:r})),"connect"in r&&(a=new B({pool:r})),{kysely:a?new D({dialect:a}):null,databaseType:i}};function N(e){if(!e)return{and:null,or:null};let r={and:[],or:[]};return e.forEach(a=>{let{field:i,value:u,operator:n="=",connector:c="AND"}=a,f=t=>n.toLowerCase()==="in"?t(i,"in",Array.isArray(u)?u:[u]):t(i,n,u);c==="OR"?r.or.push(f):r.and.push(f)}),{and:r.and.length?r.and:null,or:r.or.length?r.or:null}}function v(e,r,a){for(let i in e)e[i]===0&&r[i]?.type==="boolean"&&a?.boolean&&(e[i]=!1),e[i]===1&&r[i]?.type==="boolean"&&a?.boolean&&(e[i]=!0),r[i]?.type==="date"&&(e[i]instanceof Date||(e[i]=new Date(e[i])));return e}function U(e,r){for(let a in e)typeof e[a]=="boolean"&&r?.boolean&&(e[a]=e[a]?1:0),e[a]instanceof Date&&(e[a]=e[a].toISOString());return e}var K=(e,r)=>({id:"kysely",async create(a){let{model:i,data:u,select:n}=a;r?.transform&&(u=U(u,r.transform)),r?.generateId!==void 0&&(u.id=r.generateId?r.generateId():void 0);let c=await e.insertInto(i).values(u).returningAll().executeTakeFirst();if(r?.transform){let f=r.transform.schema[i];c=f?v(u,f,r.transform):c}return n?.length&&(c=c?n.reduce((t,s)=>c?.[s]?{...t,[s]:c[s]}:t,{}):null),c},async findOne(a){let{model:i,where:u,select:n}=a,{and:c,or:f}=N(u),t=e.selectFrom(i).selectAll();c&&(t=t.where(o=>o.and(c.map(d=>d(o))))),f&&(t=t.where(o=>o.or(f.map(d=>d(o)))));let s=await t.executeTakeFirst();if(n?.length&&(s=s?n.reduce((d,l)=>s?.[l]?{...d,[l]:s[l]}:d,{}):null),r?.transform){let o=r.transform.schema[i];return s=s&&o?v(s,o,r.transform):s,s||null}return s||null},async findMany(a){let{model:i,where:u,limit:n,offset:c,sortBy:f}=a,t=e.selectFrom(i),{and:s,or:o}=N(u);s&&(t=t.where(l=>l.and(s.map(m=>m(l))))),o&&(t=t.where(l=>l.or(o.map(m=>m(l))))),t=t.limit(n||100),c&&(t=t.offset(c)),f&&(t=t.orderBy(f.field,f.direction));let d=await t.selectAll().execute();if(r?.transform){let l=r.transform.schema[i];return l?d.map(m=>v(m,l,r.transform)):d}return d},async update(a){let{model:i,where:u,update:n}=a,{and:c,or:f}=N(u);r?.transform&&(n=U(n,r.transform));let t=e.updateTable(i).set(n);c&&(t=t.where(o=>o.and(c.map(d=>d(o))))),f&&(t=t.where(o=>o.or(f.map(d=>d(o)))));let s=await t.returningAll().executeTakeFirst()||null;if(r?.transform){let o=r.transform.schema[i];return o?v(s,o,r.transform):s}return s},async delete(a){let{model:i,where:u}=a,{and:n,or:c}=N(u),f=e.deleteFrom(i);n&&(f=f.where(t=>t.and(n.map(s=>s(t))))),c&&(f=f.where(t=>t.or(c.map(s=>s(t))))),await f.execute()},async deleteMany(a){let{model:i,where:u}=a,{and:n,or:c}=N(u),f=e.deleteFrom(i);n&&(f=f.where(t=>t.and(n.map(s=>s(t))))),c&&(f=f.where(t=>t.or(c.map(s=>s(t))))),await f.execute()}});async function be(e){if(!e.database)throw new F("Database configuration is required");if("create"in e.database)return e.database;let{kysely:r,databaseType:a}=await k(e);if(!r)throw new F("Failed to initialize database adapter");let i=h(e),u={};for(let n of Object.values(i))u[n.tableName]=n.fields;return K(r,{transform:{schema:u,date:!0,boolean:a==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function q(e,r){let a={id:r.id};for(let i in e){let u=e[i],n=r[i];a[u.fieldName||i]=n}return a}function g(e,r){if(!r)return null;let a={id:r.id};for(let[i,u]of Object.entries(e))a[i]=r[u.fieldName||i];return a}function C(e,r){let a=r.hooks,i=h(r.options);async function u(c,f,t){let s=c,o=i[f];for(let m of a||[]){let p=m[f]?.create?.before;if(p){let y=await p(c);if(y===!1)return null;typeof y=="object"&&"data"in y&&(s=y.data)}}let d=t?await t.fn(s):null,l=!t||t.executeMainFn?await e.create({model:o.tableName,data:{...q(o.fields,s),id:s.id||A()}}):d;for(let m of a||[]){let p=m[f]?.create?.after;p&&await p(l)}return g(o.fields,l)}async function n(c,f,t,s){let o=c;for(let m of a||[]){let p=m[t]?.update?.before;if(p){let y=await p(c);if(y===!1)return null;o=typeof y=="object"?y.data:y}}let d=s?await s.fn(o):null,l=!s||s.executeMainFn?await e.update({model:i[t].tableName,update:q(i[t].fields,o),where:f}):d;for(let m of a||[]){let p=m[t]?.update?.after;p&&await p(l)}return g(i[t].fields,l)}return{createWithHooks:u,updateWithHooks:n}}function E(e){let r="127.0.0.1";if(process.env.NODE_ENV==="test")return r;let a=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],i=e instanceof Request?e.headers:e;for(let u of a){let n=i.get(u);if(typeof n=="string"){let c=n.split(",")[0].trim();if(c)return c}}return null}var Se=(e,r)=>{let a=r.options,i=a.secondaryStorage,u=a.session?.expiresIn||60*60*24*7,n=h(a),{createWithHooks:c,updateWithHooks:f}=C(e,r);return{createOAuthUser:async(t,s)=>{try{let o=await c(t,"user"),d=await c({...s,userId:o.id||t.id},"account");return{user:o,account:d}}catch(o){return console.log(o),null}},createUser:async t=>await c({id:A(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...t},"user"),createAccount:async t=>await c({id:A(),createdAt:new Date,updatedAt:new Date,...t},"account"),listSessions:async t=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]}),listUsers:async(t,s,o,d)=>(await e.findMany({model:n.user.tableName,limit:t,offset:s,sortBy:o,where:d})).map(m=>g(n.user.fields,m)),deleteUser:async t=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:t}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:t}]})},createSession:async(t,s,o,d)=>{let l=s instanceof Request?s.headers:s,m={id:A(),userId:t,expiresAt:o?S(60*60*24,"sec"):S(u,"sec"),ipAddress:s&&E(s)||"",userAgent:l?.get("user-agent")||"",...d};return await c(m,"session",i?{fn:async y=>{let b=await e.findOne({model:n.user.tableName,where:[{field:"id",value:t}]});return i.set(y.id,JSON.stringify({session:y,user:b}),u),y},executeMainFn:a.session?.storeSessionInDatabase}:void 0)},findSession:async t=>{if(i){let d=await i.get(t);if(d){let l=JSON.parse(d);return{session:{...l.session,expiresAt:new Date(l.session.expiresAt)},user:{...l.user,createdAt:new Date(l.user.createdAt),updatedAt:new Date(l.user.updatedAt)}}}}let s=await e.findOne({model:n.session.tableName,where:[{value:t,field:"id"}]});if(!s)return null;let o=await e.findOne({model:n.user.tableName,where:[{value:s.userId,field:"id"}]});return o?{session:g(n.session.fields,s),user:g(n.user.fields,o)}:null},findSessions:async t=>{if(i){let l=[];for(let m of t){let p=await i.get(m);if(p){let y=JSON.parse(p),b={session:{...y.session,expiresAt:new Date(y.session.expiresAt)},user:{...y.user,createdAt:new Date(y.user.createdAt),updatedAt:new Date(y.user.updatedAt)}};l.push(b)}}return l}let s=await e.findMany({model:n.session.tableName,where:[{field:"id",value:t,operator:"in"}]}),o=s.map(l=>l.userId),d=await e.findMany({model:n.user.tableName,where:[{field:"id",value:o,operator:"in"}]});return s.map(l=>{let m=d.find(p=>p.id===l.userId);return m?{session:g(n.session.fields,l),user:g(n.user.fields,m)}:null})},updateSession:async(t,s)=>await f(s,[{field:"id",value:t}],"session",i?{async fn(d){let l=await i.get(t),m=null;if(l){let p=JSON.parse(l);m={...p.session,...d},await i.set(t,JSON.stringify({session:m,user:p.user}),p.session.expiresAt?new Date(p.session.expiresAt).getTime():void 0)}else return null},executeMainFn:a.session?.storeSessionInDatabase}:void 0),deleteSession:async t=>{if(i){await i.delete(t),a.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:t}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:t}]})},deleteSessions:async t=>{if(i){let s=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]});for(let o of s)await i.delete(o.id);a.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]});return}await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:t}]})},findUserByEmail:async(t,s)=>{let o=await e.findOne({model:n.user.tableName,where:[{value:t.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!o)return null;if(s?.includeAccounts){let d=await e.findMany({model:n.account.tableName,where:[{value:o.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:g(n.user.fields,o),accounts:d.map(l=>g(n.account.fields,l))}}return{user:g(n.user.fields,o),accounts:[]}},findUserById:async t=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:t}]}),linkAccount:async t=>await c({id:A(),...t},"account"),updateUser:async(t,s)=>await f(s,[{field:"id",value:t}],"user"),updateUserByEmail:async(t,s)=>await f(s,[{field:n.user.fields.email.fieldName||"email",value:t}],"user"),updatePassword:async(t,s)=>await f({password:s},[{field:n.account.fields.userId.fieldName||"userId",value:t},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async t=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:t}]})).map(o=>g(n.account.fields,o)),updateAccount:async(t,s)=>await f(s,[{field:"id",value:t}],"account"),createVerificationValue:async t=>await c({id:A(),...t},"verification"),findVerificationValue:async t=>{let s=await e.findOne({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:t}]});return g(n.verification.fields,s)},deleteVerificationValue:async t=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:t}]})},updateVerificationValue:async(t,s)=>await f(s,[{field:"id",value:t}],"verification")}};var De=(e,r)=>({type:e,...r});import{z as I}from"zod";function Ve(e){return I.object({...Object.keys(e).reduce((a,i)=>{let u=e[i];if(!u)return a;if(u.type==="string[]"||u.type==="number[]")return{...a,[i]:I.array(u.type==="string[]"?I.string():I.number())};let n=I[u.type]();return u?.required===!1&&(n=n.optional()),u?.returned===!1?a:{...a,[i]:n}},{})})}import"kysely";import{createConsola as W}from"consola";var w=W({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),H=e=>({log:(...r)=>{!e?.disabled&&w.log("",...r)},error:(...r)=>{!e?.disabled&&w.error("",...r)},warn:(...r)=>{!e?.disabled&&w.warn("",...r)},info:(...r)=>{!e?.disabled&&w.info("",...r)},debug:(...r)=>{!e?.disabled&&w.debug("",...r)},box:(...r)=>{!e?.disabled&&w.box("",...r)},success:(...r)=>{!e?.disabled&&w.success("",...r)},break:(...r)=>{!e?.disabled&&console.log(`
 `)}}),O=H();function j(e){let r=h(e),a={};for(let i in r){let u=r[i],n=u.fields,c={};if(Object.entries(n).forEach(([f,t])=>{c[t.fieldName||f]=t}),a[u.tableName]){a[u.tableName].fields={...a[u.tableName].fields,...c};continue}a[u.tableName]={fields:c,order:u.order||1/0}}return a}var $={string:["character varying","text"],number:["int4","integer","bigint","smallint","numeric","real","double precision"],boolean:["bool","boolean"],date:["timestamp","date"]},Z={string:["varchar","text"],number:["integer","int","bigint","smallint","decimal","float","double"],boolean:["boolean"],date:["date","datetime"]},z={string:["TEXT"],number:["INTEGER","REAL"],boolean:["INTEGER","BOOLEAN"],date:["DATE","INTEGER"]},J={string:["nvarchar","varchar"],number:["int","bigint","smallint","decimal","float","double"],boolean:["bit","boolean"],date:["datetime","date"]},G={postgres:$,mysql:Z,sqlite:z,mssql:J};function _(e,r,a){return r==="string[]"||r==="number[]"?e.toLowerCase().includes("json"):G[a][r].map(c=>c.toLowerCase()).includes(e.toLowerCase())}async function He(e){let r=j(e),{kysely:a,databaseType:i}=await k(e);i||(O.warn("Could not determine database type, defaulting to sqlite. Please provide a type in the database options to avoid this."),i="sqlite"),a||(O.error("Only kysely adapter is supported for migrations. You can use `generate` command to generate the schema, if you're using a different adapter."),process.exit(1));let u=await a.introspection.getTables(),n=[],c=[];for(let[d,l]of Object.entries(r)){let m=u.find(y=>y.name===d);if(!m){let y=n.findIndex(T=>T.table===d),b={table:d,fields:l.fields,order:l.order||1/0},x=n.findIndex(T=>(T.order||1/0)>b.order);x===-1?y===-1?n.push(b):n[y].fields={...n[y].fields,...l.fields}:n.splice(x,0,b);continue}let p={};for(let[y,b]of Object.entries(l.fields)){let x=m.columns.find(T=>T.name===y);if(!x){p[y]=b;continue}_(x.dataType,b.type,i)||O.warn(`Field ${y} in table ${d} has a different type in the database. Expected ${b.type} but got ${x.dataType}.`)}Object.keys(p).length>0&&c.push({table:d,fields:p,order:l.order||1/0})}let f=[];function t(d){let l={string:"text",boolean:"boolean",number:"integer",date:"date"};return i==="mysql"&&d==="string"?"varchar(255)":i==="sqlite"&&(d==="string[]"||d==="number[]")?"text":d==="string[]"||d==="number[]"?"jsonb":l[d]}if(c.length)for(let d of c)for(let[l,m]of Object.entries(d.fields)){let p=t(m.type),y=a.schema.alterTable(d.table).addColumn(l,p,b=>(b=m.required!==!1?b.notNull():b,m.references&&(b=b.references(`${m.references.model}.${m.references.field}`)),b));f.push(y)}if(n.length)for(let d of n){let l=a.schema.createTable(d.table).addColumn("id",t("string"),m=>m.primaryKey().notNull());for(let[m,p]of Object.entries(d.fields)){let y=t(p.type);l=l.addColumn(m,y,b=>(b=p.required!==!1?b.notNull():b,p.references&&(b=b.references(`${p.references.model}.${p.references.field}`)),p.unique&&(b=b.unique()),b))}f.push(l)}async function s(){for(let d of f)await d.execute()}async function o(){return f.map(l=>l.compile().sql).join(`;
 
 `)}return{toBeCreated:n,toBeAdded:c,runMigrations:s,compileMigrations:o}}export{g as convertFromDB,q as convertToDB,De as createFieldAttribute,Se as createInternalAdapter,be as getAdapter,h as getAuthTables,He as getMigrations,j as getSchema,C as getWithHooks,_ as matchType,Ve as toZodSchema};

package/dist/{index-5eAp6tZU.d.ts → index-DZhhf9eD.d.ts}

@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-DPDj8Nix.js';
 import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
-import { H as HookEndpointContext, p as AuthContext } from './auth-BbAoOSTB.js';
+import { H as HookEndpointContext, p as AuthContext } from './auth-DQcxQWzj.js';
 import * as nanostores from 'nanostores';
 import { atom } from 'nanostores';
 import * as _simplewebauthn_types from '@simplewebauthn/types';