better-auth 0.5.3-beta.6 → 0.5.3-beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/dist/access.js +0 -1
  2. package/dist/adapters/drizzle.d.ts +1 -1
  3. package/dist/adapters/drizzle.js +0 -1
  4. package/dist/adapters/kysely.d.ts +1 -1
  5. package/dist/adapters/kysely.js +0 -1
  6. package/dist/adapters/mongodb.d.ts +1 -1
  7. package/dist/adapters/mongodb.js +0 -1
  8. package/dist/adapters/prisma.d.ts +1 -1
  9. package/dist/adapters/prisma.js +0 -1
  10. package/dist/api.d.ts +1 -1
  11. package/dist/api.js +1 -2
  12. package/dist/{auth-ChOWHZz7.d.ts → auth-B9t_YkMU.d.ts} +65 -19
  13. package/dist/client/plugins.d.ts +3 -3
  14. package/dist/client/plugins.js +0 -1
  15. package/dist/client.d.ts +1 -1
  16. package/dist/client.js +0 -1
  17. package/dist/cookies.d.ts +1 -1
  18. package/dist/cookies.js +0 -1
  19. package/dist/crypto.js +0 -1
  20. package/dist/db.d.ts +2 -2
  21. package/dist/db.js +0 -1
  22. package/dist/{index-BwCQ9u_T.d.ts → index-ny_c9jGl.d.ts} +1 -1
  23. package/dist/index.d.ts +1 -1
  24. package/dist/index.js +3 -4
  25. package/dist/next-js.js +0 -1
  26. package/dist/node.d.ts +1 -1
  27. package/dist/node.js +0 -1
  28. package/dist/oauth2.js +0 -1
  29. package/dist/plugins.d.ts +3 -3
  30. package/dist/plugins.js +1 -2
  31. package/dist/react.d.ts +1 -1
  32. package/dist/react.js +0 -1
  33. package/dist/social.d.ts +2 -0
  34. package/dist/social.js +1 -2
  35. package/dist/solid-start.d.ts +1 -1
  36. package/dist/solid-start.js +0 -1
  37. package/dist/solid.d.ts +1 -1
  38. package/dist/solid.js +0 -1
  39. package/dist/svelte-kit.d.ts +1 -1
  40. package/dist/svelte-kit.js +0 -1
  41. package/dist/svelte.d.ts +1 -1
  42. package/dist/svelte.js +0 -1
  43. package/dist/types.d.ts +2 -2
  44. package/dist/types.js +0 -1
  45. package/dist/vue.d.ts +1 -1
  46. package/dist/vue.js +0 -1
  47. package/package.json +1 -1
  48. package/dist/access.js.map +0 -1
  49. package/dist/adapters/drizzle.js.map +0 -1
  50. package/dist/adapters/kysely.js.map +0 -1
  51. package/dist/adapters/mongodb.js.map +0 -1
  52. package/dist/adapters/prisma.js.map +0 -1
  53. package/dist/api.js.map +0 -1
  54. package/dist/client/plugins.js.map +0 -1
  55. package/dist/client.js.map +0 -1
  56. package/dist/cookies.js.map +0 -1
  57. package/dist/crypto.js.map +0 -1
  58. package/dist/db.js.map +0 -1
  59. package/dist/index.js.map +0 -1
  60. package/dist/next-js.js.map +0 -1
  61. package/dist/node.js.map +0 -1
  62. package/dist/oauth2.js.map +0 -1
  63. package/dist/plugins.js.map +0 -1
  64. package/dist/react.js.map +0 -1
  65. package/dist/social.js.map +0 -1
  66. package/dist/solid-start.js.map +0 -1
  67. package/dist/solid.js.map +0 -1
  68. package/dist/svelte-kit.js.map +0 -1
  69. package/dist/svelte.js.map +0 -1
  70. package/dist/types.js.map +0 -1
  71. package/dist/vue.js.map +0 -1
package/dist/access.js CHANGED
@@ -1,2 +1 @@
1
1
  var a=class extends Error{path;constructor(e,n){super(e),this.path=n}},c=class{constructor(e){this.s=e;this.statements=e}statements;newRole(e){return new i(e)}},i=class s{statements;constructor(e){this.statements=e}authorize(e,n){for(let[t,o]of Object.entries(e)){let r=this.statements[t];if(!r)return{success:!1,error:`You are not allowed to access resource: ${t}`};let p=n==="OR"?o.some(m=>r.includes(m)):o.every(m=>r.includes(m));return p?{success:p}:{success:!1,error:`unauthorized to access resource "${t}"`}}return{success:!1,error:"Not authorized"}}static fromString(e){let n=JSON.parse(e);if(typeof n!="object")throw new a("statements is not an object",".");for(let[t,o]of Object.entries(n)){if(typeof t!="string")throw new a("invalid resource identifier",t);if(!Array.isArray(o))throw new a("actions is not an array",t);for(let r=0;r<o.length;r++)if(typeof o[r]!="string")throw new a("action is not a string",`${t}[${r}]`)}return new s(n)}toString(){return JSON.stringify(this.statements)}};var l=s=>new c(s),d={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},u=l(d),S=u.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),f=u.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),x=u.newRole({organization:[],member:[],invitation:[]}),b={admin:S,owner:f,member:x};var T=s=>i.fromString(s??"");export{c as AccessControl,a as ParsingError,i as Role,S as adminAc,l as createAccessControl,u as defaultAc,b as defaultRoles,d as defaultStatements,x as memberAc,f as ownerAc,T as permissionFromString};
2
- //# sourceMappingURL=access.js.map
@@ -1,4 +1,4 @@
1
- import { A as Adapter } from '../auth-ChOWHZz7.js';
1
+ import { A as Adapter } from '../auth-B9t_YkMU.js';
2
2
  import 'zod';
3
3
  import 'kysely';
4
4
  import '../schema-Dkt0LqYs.js';
@@ -1,2 +1 @@
1
1
  import{and as v,asc as P,desc as z,eq as p,or as A,inArray as y,like as w}from"drizzle-orm";var d=class extends Error{constructor(r,i){super(r),this.name="BetterAuthError",this.message=r,this.cause=i,this.stack=""}};function h(t,r){let i=r.schema;if(!i)throw new d("Drizzle adapter failed to initialize. Schema not found. Please provide a schema object in the adapter options object.");let c=r.usePlural?`${t}s`:t,n=i[c];if(!n)throw new d(`[# Drizzle Adapter]: The model "${t}" was not found in the schema object. Please pass the schema directly to the adapter options.`);return n}function m(t,r){if(!t)return[];if(t.length===1){let e=t[0];if(!e)return[];if(e.operator==="in"){if(!Array.isArray(e.value))throw new d(`The value for the field "${e.field}" must be an array when using the "in" operator.`);return[y(r[e.field],e.value)]}return e.operator==="contains"?[w(r[e.field],`%${e.value}%`)]:e.operator==="starts_with"?[w(r[e.field],`${e.value}%`)]:e.operator==="ends_with"?[w(r[e.field],`%${e.value}`)]:[p(r[e.field],e.value)]}let i=t.filter(e=>e.connector==="AND"||!e.connector),c=t.filter(e=>e.connector==="OR"),n=v(...i.map(e=>{if(e.operator==="in"){if(!Array.isArray(e.value))throw new d(`The value for the field "${e.field}" must be an array when using the "in" operator.`);return y(r[e.field],e.value)}return p(r[e.field],e.value)})),l=A(...c.map(e=>p(r[e.field],e.value))),s=[];return i.length&&s.push(n),c.length&&s.push(l),s}var B=(t,r)=>{let i=r.schema||t._.fullSchema,c=r?.provider;return{id:"drizzle",async create(n){let{model:l,data:s}=n,e=h(l,{schema:i,usePlural:r.usePlural});r.generateId!==void 0&&(s.id=r.generateId?r.generateId():void 0);let a=t.insert(e).values(s);return c!=="mysql"?(await a.returning())[0]:(await a,(await t.select().from(e).where(p(e.id,n.data.id)))[0])},async findOne(n){let{model:l,where:s,select:e}=n,a=h(l,{schema:i,usePlural:r.usePlural}),u=m(s,a),o=null;return e?.length?o=await t.select(...e.map(f=>({[f]:a[f]}))).from(a).where(...u):o=await t.select().from(a).where(...u),o.length?o[0]:null},async findMany(n){let{model:l,where:s,limit:e,offset:a,sortBy:u}=n,o=h(l,{schema:i,usePlural:r.usePlural}),f=s?m(s,o):[],g=u?.direction==="desc"?z:P;return await t.select().from(o).limit(e||100).offset(a||0).orderBy(g(o[u?.field||"id"])).where(...f.length?f:[])},async update(n){let{model:l,where:s,update:e}=n,a=h(l,{schema:i,usePlural:r.usePlural});e.id&&(e.id=void 0);let u=m(s,a),o=t.update(a).set(e).where(...u);return c!=="mysql"?(await o.returning())[0]:(await o,(await t.select().from(a).where(p(a.id,n.update.id)))[0])},async delete(n){let{model:l,where:s}=n,e=h(l,{schema:i,usePlural:r.usePlural}),a=m(s,e);return(await t.delete(e).where(...a))[0]},async deleteMany(n){let{model:l,where:s}=n,e=h(l,{schema:i,usePlural:r.usePlural}),a=m(s,e);await t.delete(e).where(...a)},options:r}};export{B as drizzleAdapter};
2
- //# sourceMappingURL=drizzle.js.map
@@ -1,5 +1,5 @@
1
1
  import { Kysely } from 'kysely';
2
- import { B as BetterAuthOptions, K as KyselyDatabaseType, F as FieldAttribute, A as Adapter } from '../auth-ChOWHZz7.js';
2
+ import { B as BetterAuthOptions, K as KyselyDatabaseType, F as FieldAttribute, A as Adapter } from '../auth-B9t_YkMU.js';
3
3
  import 'zod';
4
4
  import '../schema-Dkt0LqYs.js';
5
5
  import 'better-call';
@@ -1,2 +1 @@
1
1
  import{Kysely as h,MssqlDialect as q}from"kysely";import{MysqlDialect as w,PostgresDialect as A,SqliteDialect as D}from"kysely";function k(r){if("dialect"in r)return k(r.dialect);if("createDriver"in r){if(r instanceof D)return"sqlite";if(r instanceof w)return"mysql";if(r instanceof A)return"postgres";if(r instanceof q)return"mssql"}return"aggregate"in r?"sqlite":"getConnection"in r?"mysql":"connect"in r?"postgres":null}var T=async r=>{let e=r.database;if("db"in e)return{kysely:e.db,databaseType:e.type};if("dialect"in e)return{kysely:new h({dialect:e.dialect}),databaseType:e.type};let a,n=k(e);return"createDriver"in e&&(a=e),"aggregate"in e&&(a=new D({database:e})),"getConnection"in e&&(a=new w({pool:e})),"connect"in e&&(a=new A({pool:e})),{kysely:a?new h({dialect:a}):null,databaseType:n}};function m(r){if(!r)return{and:null,or:null};let e={and:[],or:[]};return r.forEach(a=>{let{field:n,value:i,operator:l="=",connector:f="AND"}=a,o=t=>l.toLowerCase()==="in"?t(n,"in",Array.isArray(i)?i:[i]):l==="contains"?t(n,"like",`%${i}%`):l==="starts_with"?t(n,"like",`${i}%`):l==="ends_with"?t(n,"like",`%${i}`):t(n,l,i);f==="OR"?e.or.push(o):e.and.push(o)}),{and:e.and.length?e.and:null,or:e.or.length?e.or:null}}function p(r,e,a){for(let n in r){let i=e[n]||Object.values(e).find(l=>l.fieldName===n);r[n]===0&&i.type==="boolean"&&a?.boolean&&(r[n]=!1),r[n]===1&&i?.type==="boolean"&&a?.boolean&&(r[n]=!0),i?.type==="date"&&(r[n]instanceof Date||(r[n]=new Date(r[n])))}return r}function g(r,e){for(let a in r)typeof r[a]=="boolean"&&e?.boolean&&(r[a]=r[a]?1:0),r[a]instanceof Date&&(r[a]=r[a].toISOString());return r}var C=(r,e)=>({id:"kysely",async create(a){let{model:n,data:i,select:l}=a;e?.transform&&(i=g(i,e.transform)),e?.generateId!==void 0&&(i.id=e.generateId?e.generateId():void 0);let f=await r.insertInto(n).values(i).returningAll().executeTakeFirst();if(e?.transform){let o=e.transform.schema[n];f=o?p(i,o,e.transform):f}return l?.length&&(f=f?l.reduce((t,s)=>f?.[s]?{...t,[s]:f[s]}:t,{}):null),f},async findOne(a){let{model:n,where:i,select:l}=a,{and:f,or:o}=m(i),t=r.selectFrom(n).selectAll();f&&(t=t.where(y=>y.and(f.map(d=>d(y))))),o&&(t=t.where(y=>y.or(o.map(d=>d(y)))));let s=await t.executeTakeFirst();if(l?.length&&(s=s?l.reduce((d,u)=>s?.[u]?{...d,[u]:s[u]}:d,{}):null),e?.transform){let y=e.transform.schema[n];return s=s&&y?p(s,y,e.transform):s,s||null}return s||null},async findMany(a){let{model:n,where:i,limit:l,offset:f,sortBy:o}=a,t=r.selectFrom(n),{and:s,or:y}=m(i);s&&(t=t.where(u=>u.and(s.map(c=>c(u))))),y&&(t=t.where(u=>u.or(y.map(c=>c(u))))),t=t.limit(l||100),f&&(t=t.offset(f)),o&&(t=t.orderBy(o.field,o.direction));let d=await t.selectAll().execute();if(e?.transform){let u=e.transform.schema[n];return u?d.map(c=>p(c,u,e.transform)):d}return d},async update(a){let{model:n,where:i,update:l}=a,{and:f,or:o}=m(i);e?.transform&&(l=g(l,e.transform)),l.id&&(l.id=void 0);let t=r.updateTable(n).set(l);f&&(t=t.where(y=>y.and(f.map(d=>d(y))))),o&&(t=t.where(y=>y.or(o.map(d=>d(y)))));let s=await t.returningAll().executeTakeFirst()||null;if(e?.transform){let y=e.transform.schema[n];return y?p(s,y,e.transform):s}return s},async delete(a){let{model:n,where:i}=a,{and:l,or:f}=m(i),o=r.deleteFrom(n);l&&(o=o.where(t=>t.and(l.map(s=>s(t))))),f&&(o=o.where(t=>t.or(f.map(s=>s(t))))),await o.execute()},async deleteMany(a){let{model:n,where:i}=a,{and:l,or:f}=m(i),o=r.deleteFrom(n);l&&(o=o.where(t=>t.and(l.map(s=>s(t))))),f&&(o=o.where(t=>t.or(f.map(s=>s(t))))),await o.execute()}});export{T as createKyselyAdapter,C as kyselyAdapter};
2
- //# sourceMappingURL=kysely.js.map
@@ -1,5 +1,5 @@
1
1
  import { Db } from 'mongodb';
2
- import { W as Where } from '../auth-ChOWHZz7.js';
2
+ import { W as Where } from '../auth-B9t_YkMU.js';
3
3
  import 'zod';
4
4
  import 'kysely';
5
5
  import '../schema-Dkt0LqYs.js';
@@ -1,2 +1 @@
1
1
  function u(l){if(!l)return{};let d=l.map(n=>{let{field:t,value:e,operator:c="eq",connector:i="AND"}=n,o;switch(c.toLowerCase()){case"eq":o={[t]:e};break;case"in":o={[t]:{$in:Array.isArray(e)?e:[e]}};break;case"gt":o={[t]:{$gt:e}};break;case"gte":o={[t]:{$gte:e}};break;case"lt":o={[t]:{$lt:e}};break;case"lte":o={[t]:{$lte:e}};break;case"ne":o={[t]:{$ne:e}};break;case"contains":o={[t]:{$regex:`.*${e}.*`}};break;case"starts_with":o={[t]:{$regex:`${e}.*`}};break;case"ends_with":o={[t]:{$regex:`.*${e}`}};break;default:throw new Error(`Unsupported operator: ${c}`)}return{condition:o,connector:i}}),s=d.filter(n=>n.connector==="AND").map(n=>n.condition),a=d.filter(n=>n.connector==="OR").map(n=>n.condition),r={};return s.length&&(r={...r,$and:s}),a.length&&(r={...r,$or:a}),r}function f(l){let{_id:d,...s}=l;return s}function w(l){return l.reduce((s,a)=>(s[a]=1,s),{})}var m=(l,d)=>{let s=l,a=r=>d?.usePlural?`${r}s`:r;return{id:"mongodb",async create(r){let{model:n,data:t}=r;d?.generateId!==void 0&&(t.id=d.generateId?d.generateId():void 0);let c=(await s.collection(a(n)).insertOne({...t})).insertedId,i={...t,id:c};return f(i)},async findOne(r){let{model:n,where:t,select:e}=r,c=u(t),i={};e&&(i=w(e));let o=await s.collection(a(n)).findOne(c,{projection:i});return o?f(o):null},async findMany(r){let{model:n,where:t,limit:e,offset:c,sortBy:i}=r,o=u(t);return(await s.collection(a(n)).find(o).skip(c||0).limit(e||100).sort(i?.field||"id",i?.direction==="desc"?-1:1).toArray()).map(f)},async update(r){let{model:n,where:t,update:e}=r,c=u(t);if(e.id&&(e.id=void 0),t.length===1){let o=await s.collection(a(n)).findOneAndUpdate(c,{$set:e},{returnDocument:"after"});return f(o)}let i=await s.collection(a(n)).updateMany(c,{$set:e});return{}},async delete(r){let{model:n,where:t}=r,e=u(t),c=await s.collection(a(n)).findOneAndDelete(e)},async deleteMany(r){let{model:n,where:t}=r,e=u(t),c=await s.collection(a(n)).deleteMany(e)}}};export{m as mongodbAdapter};
2
- //# sourceMappingURL=mongodb.js.map
@@ -1,4 +1,4 @@
1
- import { A as Adapter } from '../auth-ChOWHZz7.js';
1
+ import { A as Adapter } from '../auth-B9t_YkMU.js';
2
2
  import 'zod';
3
3
  import 'kysely';
4
4
  import '../schema-Dkt0LqYs.js';
@@ -1,2 +1 @@
1
1
  function f(a){switch(a){case"starts_with":return"startsWith";case"ends_with":return"endsWith";default:return a}}function c(a){if(!a)return{};if(a.length===1){let e=a[0];return e?{[e.field]:e.operator==="eq"||!e.operator?e.value:{[f(e.operator)]:e.value}}:void 0}let l=a.filter(e=>e.connector==="AND"||!e.connector),s=a.filter(e=>e.connector==="OR"),o=l.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[f(e.operator)]:e.value}})),r=s.map(e=>({[e.field]:{[e.operator||"eq"]:e.value}}));return{AND:o.length?o:void 0,OR:r.length?r:void 0}}var y=(a,l)=>{let s=a,o=l.generateId;return{id:"prisma",async create(r){let{model:e,data:n,select:t}=r;return o!==void 0&&(n.id=o?o():void 0),await s[e].create({data:n,...t?.length?{select:t.reduce((d,i)=>({...d,[i]:!0}),{})}:{}})},async findOne(r){let{model:e,where:n,select:t}=r,d=c(n);return await s[e].findFirst({where:d,...t?.length?{select:t.reduce((i,u)=>({...i,[u]:!0}),{})}:{}})},async findMany(r){let{model:e,where:n,limit:t,offset:d,sortBy:i}=r,u=c(n);return await s[e].findMany({where:u,take:t||100,skip:d||0,orderBy:i?.field?{[i.field]:i.direction==="desc"?"desc":"asc"}:void 0})},async update(r){let{model:e,where:n,update:t}=r;t.id&&(t.id=void 0);let d=c(n);return n.length===1?await s[e].update({where:d,data:t}):await s[e].updateMany({where:d,data:t})},async delete(r){let{model:e,where:n}=r,t=c(n);return await s[e].delete({where:t}).catch(d=>{})},async deleteMany(r){let{model:e,where:n}=r,t=c(n);return await s[e].deleteMany({where:t})},options:l}};export{y as prismaAdapter};
2
- //# sourceMappingURL=prisma.js.map
package/dist/api.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { e as AuthEndpoint, f as AuthMiddleware, a1 as callbackOAuth, aj as changeEmail, ag as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, ac as createEmailVerificationToken, ao as csrfMiddleware, ai as deleteUser, al as error, a9 as forgetPassword, aa as forgetPasswordCallback, ak as getCSRFToken, Z as getEndpoints, a2 as getSession, a3 as getSessionFromCtx, a5 as listSessions, am as ok, o as optionsMiddleware, ab as resetPassword, a6 as revokeSession, a7 as revokeSessions, _ as router, ad as sendVerificationEmail, a4 as sessionMiddleware, ah as setPassword, a0 as signInEmail, $ as signInOAuth, a8 as signOut, an as signUpEmail, af as updateUser, ae as verifyEmail } from './auth-ChOWHZz7.js';
1
+ export { e as AuthEndpoint, f as AuthMiddleware, a1 as callbackOAuth, aj as changeEmail, ag as changePassword, d as createAuthEndpoint, c as createAuthMiddleware, ac as createEmailVerificationToken, ao as csrfMiddleware, ai as deleteUser, al as error, a9 as forgetPassword, aa as forgetPasswordCallback, ak as getCSRFToken, Z as getEndpoints, a2 as getSession, a3 as getSessionFromCtx, a5 as listSessions, am as ok, o as optionsMiddleware, ab as resetPassword, a6 as revokeSession, a7 as revokeSessions, _ as router, ad as sendVerificationEmail, a4 as sessionMiddleware, ah as setPassword, a0 as signInEmail, $ as signInOAuth, a8 as signOut, an as signUpEmail, af as updateUser, ae as verifyEmail } from './auth-B9t_YkMU.js';
2
2
  import './helper-DPDj8Nix.js';
3
3
  export { APIError } from 'better-call';
4
4
  import 'zod';
package/dist/api.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import{APIError as nt,createRouter as qt,statusCode as Nt}from"better-call";import{APIError as J}from"better-call";import{z as de}from"zod";import{xchacha20poly1305 as or}from"@noble/ciphers/chacha";import{bytesToHex as ir,hexToBytes as sr,utf8ToBytes as ar}from"@noble/ciphers/utils";import{managedNonce as cr}from"@noble/ciphers/webcrypto";import{sha256 as ur}from"oslo/crypto";import ie from"uncrypto";function W(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as Zt,encodeHex as Qt}from"oslo/encoding";import{scryptAsync as Jt}from"@noble/hashes/scrypt";import{getRandomValues as Yt}from"uncrypto";import te from"uncrypto";function it(e){return e.toString(2).padStart(8,"0")}function st(e){return[...e].map(t=>it(t)).join("")}function re(e){return parseInt(st(e),2)}function at(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));te.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=re(o);for(;n>=e;)te.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=re(o);return n}function oe(e,t){let r="";for(let o=0;o<e;o++)r+=t[at(t.length)];return r}function ne(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function F(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await ie.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await ie.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as dt,createMiddleware as se,createMiddlewareCreator as ct}from"better-call";var ae=se(async()=>({})),$=ct({use:[ae,se(async()=>({}))]}),m=dt({use:[ae]});var ce=$({body:de.object({csrfToken:de.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let t=e.headers?.get("origin")||"";if(t){let a=new URL(t).origin;if(e.context.trustedOrigins.includes(a))return}let r=e.body?.csrfToken;if(!r)throw new J("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!r||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new J("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await F(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new J("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as S}from"better-call";import{generateCodeVerifier as _t}from"oslo/oauth2";import{z as T}from"zod";import{generateState as lt}from"oslo/oauth2";import{z as H}from"zod";import{sha256 as le}from"oslo/crypto";async function ue(e){let t=await le(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function pe(e,t){let r=await le(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return W(r,o)}import"better-call";async function me(e){let t=lt(),r=JSON.stringify({code:t,callbackURL:e}),o=await ue(r);return{raw:r,hash:o}}function K(e){return H.object({code:H.string(),callbackURL:H.string().optional(),currentURL:H.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as $r}from"oslo";var V=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};import{env as jr,isProduction as qr}from"std-env";async function O(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function N(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as mt}from"better-call";import{createConsola as ut}from"consola";var D=ut({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),pt=e=>({log:(...t)=>{!e?.disabled&&D.log("",...t)},error:(...t)=>{!e?.disabled&&D.error("",...t)},warn:(...t)=>{!e?.disabled&&D.warn("",...t)},info:(...t)=>{!e?.disabled&&D.info("",...t)},debug:(...t)=>{!e?.disabled&&D.debug("",...t)},box:(...t)=>{!e?.disabled&&D.box("",...t)},success:(...t)=>{!e?.disabled&&D.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
2
- `)}}),w=pt();var U=$(async e=>{let{body:t,query:r,headers:o,context:n}=e,i=t?.callbackURL||r?.callbackURL||r?.redirectTo||t?.redirectTo,s=r?.currentURL||o?.get("referer")||n.baseURL,a=n.trustedOrigins,c=(d,l)=>{if(d?.startsWith("http")&&!a.some(g=>d.startsWith(g)))throw w.error(`Invalid ${l}`,{[l]:d,trustedOrigins:a}),new mt("FORBIDDEN",{message:`Invalid ${l}`})};c(i,"callbackURL"),c(s,"currentURL")});import{parseJWT as wt}from"oslo/jwt";import{sha256 as ft}from"oslo/crypto";import{base64url as gt}from"oslo/encoding";async function fe(e){let t=await ft(new TextEncoder().encode(e));return gt.encode(new Uint8Array(t),{includePadding:!1})}function ge(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function E({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:a,redirectURI:c}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",i.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||c),!a&&n){let l=await fe(n);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(s){let l=s.reduce((h,g)=>(h[g]=null,h),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}import{betterFetch as ht}from"@better-fetch/fetch";async function y({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:a}=await ht(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(a)throw a;return ge(s)}function Y(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var he=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>y({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=wt(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as yt}from"@better-fetch/fetch";var we=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await yt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as bt}from"@better-fetch/fetch";var ye=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await E({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await bt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,picture:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as be}from"@better-fetch/fetch";var Ae=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=e.scope||o||["user:email"];return E({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>y({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await be("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:a}=await be("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});a||(o.email=(s.find(c=>c.primary)??s[0])?.email,i=s.find(c=>c.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as At}from"oslo/jwt";var ke=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new V("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new V("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return E({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=At(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as kt}from"@better-fetch/fetch";import{parseJWT as Rt}from"oslo/jwt";var Re=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return E({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return y({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=Rt(n.idToken)?.payload,s=e.profilePhotoSize||48;return await kt(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let d=await a.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(c){w.error(c)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as Ut}from"@better-fetch/fetch";var Ue=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return E({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await Ut("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var C={isAction:!1};import{nanoid as Et}from"nanoid";var Ee=e=>Et(e);import{parseJWT as xt}from"oslo/jwt";var xe=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return E({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return w.error("No idToken found in token"),null;let o=xt(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as Tt}from"@better-fetch/fetch";var Te=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return E({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Tt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var vt={apple:he,discord:we,facebook:ye,github:Ae,microsoft:Re,google:ke,spotify:Ue,twitch:xe,twitter:Te},ve=Object.keys(vt);import{TimeSpan as St}from"oslo";import{createJWT as Pt,validateJWT as Ot}from"oslo/jwt";import{z as v}from"zod";import{APIError as z}from"better-call";import{APIError as M}from"better-call";var Z=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as Se}from"zod";var X=()=>m("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return N(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:Z(e.context.sessionConfig.expiresIn,"sec")});if(!c)return N(e),e.json(null,{status:401});let d=(c.expiresAt.valueOf()-Date.now())/1e3;return await O(e,c.id,!1,{maxAge:d}),e.json({session:c,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ee=async e=>await X()({...e,_flag:"json",headers:e.headers}),_=$(async e=>{let t=await ee(e);if(!t?.session)throw new M("UNAUTHORIZED");return{session:t}}),Pe=()=>m("/user/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Oe=m("/user/revoke-session",{method:"POST",body:Se.object({id:Se.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new M("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new M("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),_e=m("/user/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function L(e,t,r){return await Pt("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new St(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Le=m("/send-verification-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({email:v.string().email(),callbackURL:v.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new z("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new z("BAD_REQUEST",{message:"User not found"});let o=await L(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),Ie=m("/verify-email",{method:"GET",query:v.object({token:v.string(),callbackURL:v.string().optional()}),use:[U]},async e=>{let{token:t}=e.query,r;try{r=await Ot("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new z("BAD_REQUEST",{message:"Invalid token"})}let n=v.object({email:v.string().email(),updateTo:v.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new z("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let s=await ee(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new z("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new z("UNAUTHORIZED",{message:"Invalid session"});let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(a,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Ce=m("/sign-in/social",{method:"POST",requireHeaders:!0,query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({callbackURL:T.string().optional(),provider:T.enum(ve)}),use:[U]},async e=>{let t=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new S("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await me(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let s=_t();await e.setSignedCookie(r.pkCodeVerifier.name,s,e.context.secret,r.pkCodeVerifier.options);let a=await t.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:a.toString(),state:i,codeVerifier:s,redirect:!0})}),Be=m("/sign-in/email",{method:"POST",body:T.object({email:T.string(),password:T.string(),callbackURL:T.string().optional(),dontRememberMe:T.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new S("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!T.string().email().safeParse(t).success)throw new S("BAD_REQUEST",{message:"Invalid email"});if(!T.string().email().safeParse(t).success)throw new S("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new S("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(l=>l.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new S("UNAUTHORIZED",{message:"Invalid email or password"});let a=s?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new S("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new S("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw w.error("Email verification is required but no email verification handler is provided"),new S("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await L(e.context.secret,i.user.email),h=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(i.user,h,l),e.context.logger.error("Email not verified",{email:t}),new S("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new S("UNAUTHORIZED",{message:"Failed to create session"});return await O(e,d.id,e.body.dontRememberMe),e.json({user:i.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as Q}from"zod";import{z as f}from"zod";var Jn=f.object({id:f.string(),providerId:f.string(),accountId:f.string(),userId:f.string(),accessToken:f.string().nullable().optional(),refreshToken:f.string().nullable().optional(),idToken:f.string().nullable().optional(),expiresAt:f.date().nullable().optional(),password:f.string().optional().nullable()}),De=f.object({id:f.string(),email:f.string().transform(e=>e.toLowerCase()),emailVerified:f.boolean().default(!1),name:f.string(),image:f.string().optional(),createdAt:f.date().default(new Date),updatedAt:f.date().default(new Date)}),Kn=f.object({id:f.string(),userId:f.string(),expiresAt:f.date(),ipAddress:f.string().optional(),userAgent:f.string().optional()}),Yn=f.object({id:f.string(),value:f.string(),expiresAt:f.date(),identifier:f.string()});function $e(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function Ve(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function ze(e,t){let r=$e(e,"user");return Ve(t||{},{fields:r})}function je(e,t){let r=$e(e,"user");return Ve(t||{},{fields:r})}var qe=m("/callback/:id",{method:"GET",query:Q.object({state:Q.string(),code:Q.string().optional(),error:Q.string().optional()}),metadata:C},async e=>{if(e.query.error||!e.query.code){let k=K(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${k}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(p=>p.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=K(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await pe(e.query.state,i))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let a=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),c;try{c=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(p){throw e.context.logger.error(p),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let d=await t.getUserInfo(c).then(p=>p?.user),l=Ee(),h=De.safeParse({...d,id:l});if(!d||h.success===!1)throw w.error("Unable to get user info",h.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);function g(p){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${p}`)}let u=await e.context.internalAdapter.findUserByEmail(d.email,{includeAccounts:!0}).catch(p=>{throw w.error(`Better auth was unable to query your database.
2
+ `)}}),w=pt();var U=$(async e=>{let{body:t,query:r,headers:o,context:n}=e,i=t?.callbackURL||r?.callbackURL||r?.redirectTo||t?.redirectTo,s=r?.currentURL||o?.get("referer")||n.baseURL,a=n.trustedOrigins,c=(d,l)=>{if(d?.startsWith("http")&&!a.some(g=>d.startsWith(g)))throw w.error(`Invalid ${l}`,{[l]:d,trustedOrigins:a}),new mt("FORBIDDEN",{message:`Invalid ${l}`})};c(i,"callbackURL"),c(s,"currentURL")});import{parseJWT as wt}from"oslo/jwt";import{sha256 as ft}from"oslo/crypto";import{base64url as gt}from"oslo/encoding";async function fe(e){let t=await ft(new TextEncoder().encode(e));return gt.encode(new Uint8Array(t),{includePadding:!1})}function ge(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_at?new Date((Date.now()+e.expires_in)*1e3):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function E({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:a,redirectURI:c}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",i.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||c),!a&&n){let l=await fe(n);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(s){let l=s.reduce((h,g)=>(h[g]=null,h),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}import{betterFetch as ht}from"@better-fetch/fetch";async function y({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:a}=await ht(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(a)throw a;return ge(s)}function Y(e){let t=e.accessToken,r=e.refreshToken,o;try{o=e.accessTokenExpiresAt}catch{}return{accessToken:t,refreshToken:r,expiresAt:o}}var he=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=e.scope||o||["email","name","openid"];return new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>y({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=wt(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as yt}from"@better-fetch/fetch";var we=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["identify","email"];return new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await yt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as bt}from"@better-fetch/fetch";var ye=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["email","public_profile"];return await E({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await bt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as be}from"@better-fetch/fetch";var Ae=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"Github",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=e.scope||o||["user:email"];return E({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>y({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await be("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:a}=await be("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});a||(o.email=(s.find(c=>c.primary)??s[0])?.email,i=s.find(c=>c.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as At}from"oslo/jwt";var ke=e=>({id:"google",name:"Google",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new V("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new V("codeVerifier is required for Google");let i=e.scope||r||["email","profile"];return E({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=At(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as kt}from"@better-fetch/fetch";import{parseJWT as Rt}from"oslo/jwt";var Re=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=e.scope||n.scopes||["openid","profile","email","User.Read"];return E({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return y({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=Rt(n.idToken)?.payload,s=e.profilePhotoSize||48;return await kt(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let d=await a.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(c){w.error(c)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as Ut}from"@better-fetch/fetch";var Ue=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=e.scope||r||["user-read-email"];return E({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await Ut("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var C={isAction:!1};import{nanoid as Et}from"nanoid";var Ee=e=>Et(e);import{parseJWT as xt}from"oslo/jwt";var xe=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=e.scope||r||["user:read:email","openid"];return E({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return w.error("No idToken found in token"),null;let o=xt(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as Tt}from"@better-fetch/fetch";var Te=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=e.scope||t.scopes||["account_info.read"];return E({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Tt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var vt={apple:he,discord:we,facebook:ye,github:Ae,microsoft:Re,google:ke,spotify:Ue,twitch:xe,twitter:Te},ve=Object.keys(vt);import{TimeSpan as St}from"oslo";import{createJWT as Pt,validateJWT as Ot}from"oslo/jwt";import{z as v}from"zod";import{APIError as z}from"better-call";import{APIError as M}from"better-call";var Z=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));import{z as Se}from"zod";var X=()=>m("/session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return N(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:Z(e.context.sessionConfig.expiresIn,"sec")});if(!c)return N(e),e.json(null,{status:401});let d=(c.expiresAt.valueOf()-Date.now())/1e3;return await O(e,c.id,!1,{maxAge:d}),e.json({session:c,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ee=async e=>await X()({...e,_flag:"json",headers:e.headers}),_=$(async e=>{let t=await ee(e);if(!t?.session)throw new M("UNAUTHORIZED");return{session:t}}),Pe=()=>m("/user/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Oe=m("/user/revoke-session",{method:"POST",body:Se.object({id:Se.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new M("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new M("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),_e=m("/user/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new M("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function L(e,t,r){return await Pt("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new St(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Le=m("/send-verification-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({email:v.string().email(),callbackURL:v.string().optional()}),use:[U]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new z("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new z("BAD_REQUEST",{message:"User not found"});let o=await L(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),Ie=m("/verify-email",{method:"GET",query:v.object({token:v.string(),callbackURL:v.string().optional()}),use:[U]},async e=>{let{token:t}=e.query,r;try{r=await Ot("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new z("BAD_REQUEST",{message:"Invalid token"})}let n=v.object({email:v.string().email(),updateTo:v.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new z("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let s=await ee(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new z("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new z("UNAUTHORIZED",{message:"Invalid session"});let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(a,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Ce=m("/sign-in/social",{method:"POST",requireHeaders:!0,query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({callbackURL:T.string().optional(),provider:T.enum(ve)}),use:[U]},async e=>{let t=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new S("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await me(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let s=_t();await e.setSignedCookie(r.pkCodeVerifier.name,s,e.context.secret,r.pkCodeVerifier.options);let a=await t.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:a.toString(),state:i,codeVerifier:s,redirect:!0})}),Be=m("/sign-in/email",{method:"POST",body:T.object({email:T.string(),password:T.string(),callbackURL:T.string().optional(),dontRememberMe:T.boolean().default(!1).optional()}),use:[U]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new S("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!T.string().email().safeParse(t).success)throw new S("BAD_REQUEST",{message:"Invalid email"});if(!T.string().email().safeParse(t).success)throw new S("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new S("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(l=>l.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new S("UNAUTHORIZED",{message:"Invalid email or password"});let a=s?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new S("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new S("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw w.error("Email verification is required but no email verification handler is provided"),new S("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await L(e.context.secret,i.user.email),h=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(i.user,h,l),e.context.logger.error("Email not verified",{email:t}),new S("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new S("UNAUTHORIZED",{message:"Failed to create session"});return await O(e,d.id,e.body.dontRememberMe),e.json({user:i.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as Q}from"zod";import{z as f}from"zod";var Jn=f.object({id:f.string(),providerId:f.string(),accountId:f.string(),userId:f.string(),accessToken:f.string().nullable().optional(),refreshToken:f.string().nullable().optional(),idToken:f.string().nullable().optional(),expiresAt:f.date().nullable().optional(),password:f.string().optional().nullable()}),De=f.object({id:f.string(),email:f.string().transform(e=>e.toLowerCase()),emailVerified:f.boolean().default(!1),name:f.string(),image:f.string().optional(),createdAt:f.date().default(new Date),updatedAt:f.date().default(new Date)}),Kn=f.object({id:f.string(),userId:f.string(),expiresAt:f.date(),ipAddress:f.string().optional(),userAgent:f.string().optional()}),Yn=f.object({id:f.string(),value:f.string(),expiresAt:f.date(),identifier:f.string()});function $e(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function Ve(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function ze(e,t){let r=$e(e,"user");return Ve(t||{},{fields:r})}function je(e,t){let r=$e(e,"user");return Ve(t||{},{fields:r})}var qe=m("/callback/:id",{method:"GET",query:Q.object({state:Q.string(),code:Q.string().optional(),error:Q.string().optional()}),metadata:C},async e=>{if(e.query.error||!e.query.code){let k=K(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${k}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(p=>p.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=K(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await pe(e.query.state,i))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let a=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),c;try{c=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(p){throw e.context.logger.error(p),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let d=await t.getUserInfo(c).then(p=>p?.user),l=Ee(),h=De.safeParse({...d,id:l});if(!d||h.success===!1)throw w.error("Unable to get user info",h.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);function g(p){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${p}`)}let u=await e.context.internalAdapter.findUserByEmail(d.email,{includeAccounts:!0}).catch(p=>{throw w.error(`Better auth was unable to query your database.
3
3
  Error: `,p),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),b=u?.user.id;if(u){if(!u.accounts.find(k=>k.providerId===t.id)){(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)&&!d.emailVerified||!e.context.options.account?.accountLinking?.enabled)&&g("account_not_linked");try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:d.id.toString(),id:`${t.id}:${d.id}`,userId:u.user.id,...Y(c)})}catch(B){w.error("Unable to link account",B),g("unable_to_link_account")}}}else try{let p=d.emailVerified||!1,k=await e.context.internalAdapter.createOAuthUser({...h.data,emailVerified:p},{...Y(c),providerId:t.id,accountId:d.id.toString()});if(b=k?.user.id,!p&&k&&e.context.options.emailVerification?.sendOnSignUp){let q=await L(e.context.secret,d.email),B=`${e.context.baseURL}/verify-email?token=${q}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(k.user,B,q)}}catch(p){w.error("Unable to create user",p),g("unable_to_create_user")}b||g("unable_to_create_user");let x=await e.context.internalAdapter.createSession(b,e.request);throw x||g("unable_to_create_session"),await O(e,x.id),e.redirect(o)});import"zod";import{APIError as Lt}from"better-call";var Ne=m("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Lt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),N(e),e.json({success:!0})});import{z as P}from"zod";import{APIError as G}from"better-call";var Me=m("/forget-password",{method:"POST",body:P.object({email:P.string().email(),redirectTo:P.string()}),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new G("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let a=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,a),e.json({status:!0})}),Fe=m("/reset-password/:token",{method:"GET",query:P.object({callbackURL:P.string()}),use:[U]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}?token=${t}`)}),He=m("/reset-password",{query:P.optional(P.object({token:P.string().optional(),currentURL:P.string().optional()})),method:"POST",body:P.object({newPassword:P.string()})},async e=>{let t=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new G("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new G("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,s))throw new G("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as A}from"zod";import{APIError as R}from"better-call";var Ze=()=>m("/user/update",{method:"POST",body:A.record(A.string(),A.any()),use:[_,U]},async e=>{let t=e.body;if(t.email)throw new R("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...n}=t,i=e.context.session;if(!o&&!r&&Object.keys(n).length===0)return e.json({user:i.user});let s=ze(e.context.options,n),a=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:r,image:o,...s});return e.json({user:a})}),Qe=m("/user/change-password",{method:"POST",body:A.object({newPassword:A.string(),currentPassword:A.string(),revokeOtherSessions:A.boolean().optional()}),use:[_]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new R("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new R("BAD_REQUEST",{message:"Password too long"});let c=(await e.context.internalAdapter.findAccounts(n.user.id)).find(h=>h.providerId==="credential"&&h.password);if(!c||!c.password)throw new R("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(c.password,r))throw new R("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(c.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let h=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!h)throw new R("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await O(e,h.id)}return e.json(n.user)}),Ge=m("/user/set-password",{method:"POST",body:A.object({newPassword:A.string()}),use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new R("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new R("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(c=>c.providerId==="credential"&&c.password),a=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:a}),e.json(r.user);throw new R("BAD_REQUEST",{message:"user already has a password"})}),We=m("/user/delete",{method:"POST",body:A.object({password:A.string()}),use:[_]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!n||!n.password)throw new R("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new R("BAD_REQUEST",{message:"Incorrect password"});await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id);let s=e.context.authCookies.sessionToken;return e.setCookie(s.name,"",{maxAge:0}),e.json(null)}),Je=m("/user/change-email",{method:"POST",query:A.object({currentURL:A.string().optional()}).optional(),body:A.object({newEmail:A.string().email(),callbackURL:A.string().optional()}),use:[_,U]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new R("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new R("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new R("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:n,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new R("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await L(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification(e.context.session.user,e.body.newEmail,o,r),e.json({user:null,status:!0})});var Ke=m("/csrf",{method:"GET",metadata:C},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,s]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=oe(32,ne("a-z","0-9","A-Z")),o=await F(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var It=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
5
5
  <head>
@@ -81,4 +81,3 @@ Error: `,p),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
81
81
  </div>
82
82
  </body>
83
83
  </html>`,Ye=m("/error",{method:"GET",metadata:C},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(It(t),{headers:{"Content-Type":"text/html"}})});var Xe=m("/ok",{method:"GET",metadata:C},async e=>e.json({ok:!0}));import{z as j}from"zod";import{APIError as I}from"better-call";var et=()=>m("/sign-up/email",{method:"POST",query:j.object({currentURL:j.string().optional()}).optional(),body:j.record(j.string(),j.any()),use:[U]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new I("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:s,...a}=t;if(!j.string().email().safeParse(o).success)throw new I("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(n.length<d)throw e.context.logger.error("Password is too short"),new I("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(n.length>l)throw e.context.logger.error("Password is too long"),new I("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let g=je(e.context.options,a),u;try{if(u=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...g,emailVerified:!1}),!u)throw new I("BAD_REQUEST",{message:"Failed to create user"})}catch(p){throw new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:p})}if(!u)throw new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let b=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:u.id,providerId:"credential",accountId:u.id,password:b,expiresAt:Z(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let p=await L(e.context.secret,u.email),k=`${e.context.baseURL}/verify-email?token=${p}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(u,k,p)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:u,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:u,session:null}});let x=await e.context.internalAdapter.createSession(u.id,e.request);if(!x)throw new I("BAD_REQUEST",{message:"Failed to create session"});return await O(e,x.id),e.json({user:u,session:x},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:u,session:x}})});import{isTest as Ct}from"std-env";function tt(e){let t="127.0.0.1";if(Ct)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let n of r){let i=o.get(n);if(typeof i=="string"){let s=i.split(",")[0].trim();if(s)return s}}return null}function Bt(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function Dt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function $t(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Vt(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(a){w.error("Error setting rate limit",a)}}}}var rt=new Map;function zt(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return rt.get(r)},async set(r,o,n){rt.set(r,o)}}:Vt(e,e.rateLimit.tableName)}async function ot(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,s=tt(e)+o,c=jt().find(g=>g.pathMatcher(o));c&&(n=c.window,i=c.max);for(let g of t.options.plugins||[])if(g.rateLimit){let u=g.rateLimit.find(b=>b.pathMatcher(o));if(u){n=u.window,i=u.max;break}}if(t.rateLimit.customRules){let g=t.rateLimit.customRules[o];g&&(n=g.window,i=g.max)}let d=zt(t),l=await d.get(s),h=Date.now();if(!l)await d.set(s,{key:s,count:1,lastRequest:h});else{let g=h-l.lastRequest;if(Bt(i,n,l)){let u=$t(l.lastRequest,n);return Dt(u)}else g>n*1e3?await d.set(s,{...l,count:1,lastRequest:h}):await d.set(s,{...l,count:l.count+1,lastRequest:h})}}function jt(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:3}]}import{APIError as Fs}from"better-call";function Mt(e,t){let r=t.plugins?.reduce((a,c)=>({...a,...c.endpoints}),{}),o=t.plugins?.map(a=>a.middlewares?.map(c=>{let d=async l=>c.middleware({...l,context:{...e,...l.context}});return d.path=c.path,d.options=c.middleware.options,d.headers=c.middleware.headers,{path:c.path,middleware:d}})).filter(a=>a!==void 0).flat()||[],i={...{signInOAuth:Ce,callbackOAuth:qe,getCSRFToken:Ke,getSession:X(),signOut:Ne,signUpEmail:et(),signInEmail:Be,forgetPassword:Me,resetPassword:He,verifyEmail:Ie,sendVerificationEmail:Le,changeEmail:Je,changePassword:Qe,setPassword:Ge,updateUser:Ze(),deleteUser:We,forgetPasswordCallback:Fe,listSessions:Pe(),revokeSession:Oe,revokeSessions:_e},...r,ok:Xe,error:Ye},s={};for(let[a,c]of Object.entries(i))s[a]=async(d={})=>{let l=await e;for(let u of t.plugins||[])if(u.hooks?.before){for(let b of u.hooks.before)if(b.matcher({...c,...d,context:l})){let p=await b.handler({...d,context:{...l,...d?.context}});p&&"context"in p&&(l={...l,...p.context})}}let h;try{h=await c({...d,context:{...l,...d.context}})}catch(u){if(u instanceof nt){let b=t.plugins?.map(p=>{if(p.hooks?.after)return p.hooks.after}).filter(p=>p!==void 0).flat();if(!b?.length)throw u;let x=new Response(JSON.stringify(u.body),{status:Nt[u.status],headers:u.headers});for(let p of b||[])if(p.matcher(d)){let q=Object.assign(d,{context:{...e,returned:x}}),B=await p.handler(q);B&&"response"in B&&(x=B.response)}return x}throw u}let g=h;for(let u of t.plugins||[])if(u.hooks?.after){for(let b of u.hooks.after)if(b.matcher(d)){let p=Object.assign(d,{context:{...e,returned:g}}),k=await b.handler(p);k&&"response"in k&&(g=k.response)}}return g},s[a].path=c.path,s[a].method=c.method,s[a].options=c.options,s[a].headers=c.headers;return{api:s,middlewares:o}}var Vs=(e,t)=>{let{api:r,middlewares:o}=Mt(e,t),n=new URL(e.baseURL).pathname;return qt(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:ce},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let a=await s.onRequest(i,e);if(a)return a}return ot(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let a=await s.onResponse(i,e);if(a)return a.response}return i},onError(i){if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let s=t.logger?.verboseLogging?w:void 0;t.logger?.disabled!==!0&&(i instanceof nt?(i.status==="INTERNAL_SERVER_ERROR"&&w.error(i),s?.error(i.message)):w?.error(i))}})};export{Fs as APIError,qe as callbackOAuth,Je as changeEmail,Qe as changePassword,m as createAuthEndpoint,$ as createAuthMiddleware,L as createEmailVerificationToken,ce as csrfMiddleware,We as deleteUser,Ye as error,Me as forgetPassword,Fe as forgetPasswordCallback,Ke as getCSRFToken,Mt as getEndpoints,X as getSession,ee as getSessionFromCtx,Pe as listSessions,Xe as ok,ae as optionsMiddleware,He as resetPassword,Oe as revokeSession,_e as revokeSessions,Vs as router,Le as sendVerificationEmail,_ as sessionMiddleware,Ge as setPassword,Be as signInEmail,Ce as signInOAuth,Ne as signOut,et as signUpEmail,Ze as updateUser,Ie as verifyEmail};
84
- //# sourceMappingURL=api.js.map
@@ -2499,16 +2499,11 @@ declare const signUpEmail: <O extends BetterAuthOptions>() => {
2499
2499
  }> | undefined)?]>(...ctx: C): Promise<C extends [{
2500
2500
  asResponse: true;
2501
2501
  }] ? Response : {
2502
- user: {
2503
- id: string;
2504
- email: string;
2505
- emailVerified: boolean;
2506
- name: string;
2507
- createdAt: Date;
2508
- updatedAt: Date;
2509
- image?: string | undefined;
2510
- };
2511
- session: any;
2502
+ user: InferUser<O>;
2503
+ session: null;
2504
+ } | {
2505
+ user: InferUser<O>;
2506
+ session: InferSession<O>;
2512
2507
  }>;
2513
2508
  path: "/sign-up/email";
2514
2509
  options: {
@@ -2850,7 +2845,7 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
2850
2845
  }> | undefined)?]>(...ctx: C_1): Promise<C_1 extends [{
2851
2846
  asResponse: true;
2852
2847
  }] ? Response : {
2853
- user: {
2848
+ user: UnionToIntersection<StripEmptyObjects<{
2854
2849
  id: string;
2855
2850
  email: string;
2856
2851
  emailVerified: boolean;
@@ -2858,8 +2853,25 @@ declare function getEndpoints<C extends AuthContext, Option extends BetterAuthOp
2858
2853
  createdAt: Date;
2859
2854
  updatedAt: Date;
2860
2855
  image?: string | undefined;
2861
- };
2862
- session: any;
2856
+ } & (Option extends BetterAuthOptions ? AdditionalUserFieldsOutput<Option> : Option extends Auth ? AdditionalUserFieldsOutput<Option["options"]> : {})>>;
2857
+ session: null;
2858
+ } | {
2859
+ user: UnionToIntersection<StripEmptyObjects<{
2860
+ id: string;
2861
+ email: string;
2862
+ emailVerified: boolean;
2863
+ name: string;
2864
+ createdAt: Date;
2865
+ updatedAt: Date;
2866
+ image?: string | undefined;
2867
+ } & (Option extends BetterAuthOptions ? AdditionalUserFieldsOutput<Option> : Option extends Auth ? AdditionalUserFieldsOutput<Option["options"]> : {})>>;
2868
+ session: UnionToIntersection<StripEmptyObjects<{
2869
+ id: string;
2870
+ userId: string;
2871
+ expiresAt: Date;
2872
+ ipAddress?: string | undefined;
2873
+ userAgent?: string | undefined;
2874
+ } & (Option extends BetterAuthOptions ? AdditionalSessionFieldsOutput<Option> : Option extends Auth ? AdditionalSessionFieldsOutput<Option["options"]> : {})>>;
2863
2875
  }>;
2864
2876
  path: "/sign-up/email";
2865
2877
  options: {
@@ -4108,7 +4120,7 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
4108
4120
  }> | undefined)?]>(...ctx: C_1): Promise<C_1 extends [{
4109
4121
  asResponse: true;
4110
4122
  }] ? Response : {
4111
- user: {
4123
+ user: UnionToIntersection<StripEmptyObjects<{
4112
4124
  id: string;
4113
4125
  email: string;
4114
4126
  emailVerified: boolean;
@@ -4116,8 +4128,25 @@ declare const router: <C extends AuthContext, Option extends BetterAuthOptions>(
4116
4128
  createdAt: Date;
4117
4129
  updatedAt: Date;
4118
4130
  image?: string | undefined;
4119
- };
4120
- session: any;
4131
+ } & (Option extends BetterAuthOptions ? AdditionalUserFieldsOutput<Option> : Option extends Auth ? AdditionalUserFieldsOutput<Option["options"]> : {})>>;
4132
+ session: null;
4133
+ } | {
4134
+ user: UnionToIntersection<StripEmptyObjects<{
4135
+ id: string;
4136
+ email: string;
4137
+ emailVerified: boolean;
4138
+ name: string;
4139
+ createdAt: Date;
4140
+ updatedAt: Date;
4141
+ image?: string | undefined;
4142
+ } & (Option extends BetterAuthOptions ? AdditionalUserFieldsOutput<Option> : Option extends Auth ? AdditionalUserFieldsOutput<Option["options"]> : {})>>;
4143
+ session: UnionToIntersection<StripEmptyObjects<{
4144
+ id: string;
4145
+ userId: string;
4146
+ expiresAt: Date;
4147
+ ipAddress?: string | undefined;
4148
+ userAgent?: string | undefined;
4149
+ } & (Option extends BetterAuthOptions ? AdditionalSessionFieldsOutput<Option> : Option extends Auth ? AdditionalSessionFieldsOutput<Option["options"]> : {})>>;
4121
4150
  }>;
4122
4151
  path: "/sign-up/email";
4123
4152
  options: {
@@ -5368,7 +5397,7 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
5368
5397
  }> | undefined)?]>(...ctx: C): Promise<C extends [{
5369
5398
  asResponse: true;
5370
5399
  }] ? Response : {
5371
- user: {
5400
+ user: UnionToIntersection<StripEmptyObjects<{
5372
5401
  id: string;
5373
5402
  email: string;
5374
5403
  emailVerified: boolean;
@@ -5376,8 +5405,25 @@ declare const betterAuth: <O extends BetterAuthOptions>(options: O) => {
5376
5405
  createdAt: Date;
5377
5406
  updatedAt: Date;
5378
5407
  image?: string | undefined;
5379
- };
5380
- session: any;
5408
+ } & (O extends BetterAuthOptions ? AdditionalUserFieldsOutput<O> : O extends Auth ? AdditionalUserFieldsOutput<O["options"]> : {})>>;
5409
+ session: null;
5410
+ } | {
5411
+ user: UnionToIntersection<StripEmptyObjects<{
5412
+ id: string;
5413
+ email: string;
5414
+ emailVerified: boolean;
5415
+ name: string;
5416
+ createdAt: Date;
5417
+ updatedAt: Date;
5418
+ image?: string | undefined;
5419
+ } & (O extends BetterAuthOptions ? AdditionalUserFieldsOutput<O> : O extends Auth ? AdditionalUserFieldsOutput<O["options"]> : {})>>;
5420
+ session: UnionToIntersection<StripEmptyObjects<{
5421
+ id: string;
5422
+ userId: string;
5423
+ expiresAt: Date;
5424
+ ipAddress?: string | undefined;
5425
+ userAgent?: string | undefined;
5426
+ } & (O extends BetterAuthOptions ? AdditionalSessionFieldsOutput<O> : O extends Auth ? AdditionalSessionFieldsOutput<O["options"]> : {})>>;
5381
5427
  }>;
5382
5428
  path: "/sign-up/email";
5383
5429
  options: {
@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
2
2
  import { A as AccessControl, S as StatementsPrimitive, R as Role } from '../statement-CfnyN34h.js';
3
3
  import * as _better_fetch_fetch from '@better-fetch/fetch';
4
4
  import { BetterFetchOption } from '@better-fetch/fetch';
5
- import { o as organization, l as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth, k as multiSession } from '../index-BwCQ9u_T.js';
6
- export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-BwCQ9u_T.js';
5
+ import { o as organization, l as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, e as anonymous, i as admin, j as genericOAuth, k as multiSession } from '../index-ny_c9jGl.js';
6
+ export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-ny_c9jGl.js';
7
7
  import { P as Prettify } from '../helper-DPDj8Nix.js';
8
- import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../auth-ChOWHZz7.js';
8
+ import { F as FieldAttribute, B as BetterAuthOptions, b as BetterAuthPlugin } from '../auth-B9t_YkMU.js';
9
9
  import 'zod';
10
10
  import '../schema-Dkt0LqYs.js';
11
11
  import 'better-call';
@@ -1,2 +1 @@
1
1
  import{atom as d}from"nanostores";var c=class extends Error{path;constructor(n,a){super(n),this.path=a}},p=class{constructor(n){this.s=n;this.statements=n}statements;newRole(n){return new m(n)}},m=class t{statements;constructor(n){this.statements=n}authorize(n,a){for(let[i,e]of Object.entries(n)){let s=this.statements[i];if(!s)return{success:!1,error:`You are not allowed to access resource: ${i}`};let o=a==="OR"?e.some(r=>s.includes(r)):e.every(r=>s.includes(r));return o?{success:o}:{success:!1,error:`unauthorized to access resource "${i}"`}}return{success:!1,error:"Not authorized"}}static fromString(n){let a=JSON.parse(n);if(typeof a!="object")throw new c("statements is not an object",".");for(let[i,e]of Object.entries(a)){if(typeof i!="string")throw new c("invalid resource identifier",i);if(!Array.isArray(e))throw new c("actions is not an array",i);for(let s=0;s<e.length;s++)if(typeof e[s]!="string")throw new c("action is not a string",`${i}[${s}]`)}return new t(a)}toString(){return JSON.stringify(this.statements)}};var y=t=>new p(t),h={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},f=y(h),k=f.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),B=f.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),F=f.newRole({organization:[],member:[],invitation:[]});import{createFetch as Z}from"@better-fetch/fetch";import{env as q}from"std-env";import"nanostores";import{betterFetch as D}from"@better-fetch/fetch";import{atom as pe}from"nanostores";import"@better-fetch/fetch";import{atom as S,onMount as O}from"nanostores";var l=(t,n,a,i)=>{let e=S({data:null,error:null,isPending:!1,isRefetching:!1}),s=()=>{let r=typeof i=="function"?i({data:e.get().data,error:e.get().error,isPending:e.get().isPending}):i;return a(n,{...r,onSuccess:async u=>{e.set({data:u.data,error:null,isPending:!1,isRefetching:!1}),await r?.onSuccess?.(u)},async onError(u){e.set({error:u.error,data:null,isPending:!1,isRefetching:!1}),await r?.onError?.(u)},async onRequest(u){let g=e.get();e.set({isPending:g.data===null,data:g.data,error:null,isRefetching:!0}),await r?.onRequest?.(u)}})};t=Array.isArray(t)?t:[t];let o=!1;for(let r of t)r.subscribe(()=>{o?s():O(e,()=>(s(),o=!0,()=>{e.off(),r.off()}))});return e};var ve=t=>{let n=d(void 0),a=d(!1),i=d(!1);return{id:"organization",$InferServerPlugin:{},getActions:e=>({$Infer:{ActiveOrganization:{},Organization:{},Invitation:{},Member:{}},organization:{setActive(s){n.set(s)},hasPermission:async s=>await e("/organization/has-permission",{method:"POST",body:{permission:s.permission},...s.fetchOptions})}}),getAtoms:e=>{let s=l(a,"/organization/list",e,{method:"GET"}),o=l([n,i],"/organization/activate",e,()=>({method:"POST",credentials:"include",body:{orgId:n.get()}}));return{_listOrg:a,_activeOrgSignal:i,activeOrganization:o,listOrganizations:s}},atomListeners:[{matcher(e){return e==="/organization/create"||e==="/organization/delete"},signal:"_listOrg"},{matcher(e){return e.startsWith("/organization")},signal:"_activeOrgSignal"}]}};var Ie=()=>({id:"username",$InferServerPlugin:{}});import{WebAuthnError as A,startAuthentication as T,startRegistration as b}from"@simplewebauthn/browser";import{atom as R}from"nanostores";var x=(t,{_listPasskeys:n})=>({signIn:{passkey:async(e,s)=>{let o=await t("/passkey/generate-authenticate-options",{method:"POST",body:{email:e?.email}});if(!o.data)return o;try{let r=await T(o.data,e?.autoFill||!1),u=await t("/passkey/verify-authentication",{body:{response:r},...e?.fetchOptions,...s,method:"POST"});if(!u.data)return u}catch(r){console.log(r)}}},passkey:{addPasskey:async(e,s)=>{let o=await t("/passkey/generate-register-options",{method:"GET"});if(!o.data)return o;try{let r=await b(o.data),u=await t("/passkey/verify-registration",{...e?.fetchOptions,...s,body:{response:r,name:e?.name},method:"POST"});if(!u.data)return u;n.set(Math.random())}catch(r){return r instanceof A?r.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:r.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:r.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:r instanceof Error?r.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),$e=()=>{let t=R();return{id:"passkey",$InferServerPlugin:{},getActions:n=>x(n,{_listPasskeys:t}),getAtoms(n){return{listPasskeys:l(t,"/passkey/list-user-passkeys",n,{method:"GET",credentials:"include"}),_listPasskeys:t}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(n){return n==="/passkey/verify-registration"||n==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var Ne=(t={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:n=>n.startsWith("/two-factor/"),signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST","/two-factor/generate-backup-codes":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(n){n.data?.twoFactorRedirect&&(t.redirect||t.twoFactorPage)&&typeof window<"u"&&(window.location.href=t.twoFactorPage)}}}]});var We=()=>({id:"magic-link",$InferServerPlugin:{}});var Ge=()=>({id:"phoneNumber",$InferServerPlugin:{},atomListeners:[{matcher(t){return t==="/phone-number/update"||t==="/phone-number/verify"},signal:"_sessionSignal"}]});var He=()=>({id:"anonymous",$InferServerPlugin:{},pathMethods:{"/sign-in/anonymous":"POST"}});var Je=t=>({id:"additional-fields-client",$InferServerPlugin:{}});var Ve=()=>({id:"better-auth-client",$InferServerPlugin:{},pathMethods:{"/admin/list-users":"GET"}});var Ye=()=>({id:"generic-oauth-client",$InferServerPlugin:{}});var et=()=>({id:"multi-session",$InferServerPlugin:{},pathMethods:{"/multi-session/sign-out-device-sessions":"POST"},atomListeners:[{matcher(t){return t==="/multi-session/set-active"},signal:"_sessionSignal"}]});export{Ve as adminClient,He as anonymousClient,Ye as genericOAuthClient,x as getPasskeyActions,Je as inferAdditionalFields,We as magicLinkClient,et as multiSessionClient,ve as organizationClient,$e as passkeyClient,Ge as phoneNumberClient,Ne as twoFactorClient,Ie as usernameClient};
2
- //# sourceMappingURL=plugins.js.map
package/dist/client.d.ts CHANGED
@@ -6,7 +6,7 @@ import { BetterFetch, BetterFetchError, BetterFetchOption } from '@better-fetch/
6
6
  import { U as UnionToIntersection, P as Prettify, S as StripEmptyObjects } from './helper-DPDj8Nix.js';
7
7
  import { ClientOptions, InferClientAPI, InferActions, InferAdditionalFromClient, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
8
8
  export { AtomListener, InferPluginsFromClient } from './types.js';
9
- import './auth-ChOWHZz7.js';
9
+ import './auth-B9t_YkMU.js';
10
10
  import 'kysely';
11
11
  import './schema-Dkt0LqYs.js';
12
12
  import 'better-call';
package/dist/client.js CHANGED
@@ -1,2 +1 @@
1
1
  import{createFetch as v}from"@better-fetch/fetch";import{env as p}from"std-env";var d=class extends Error{constructor(t,i){super(t),this.name="BetterAuthError",this.message=t,this.cause=i,this.stack=""}};function _(e){try{return new URL(e).pathname!=="/"}catch{throw new d(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function R(e,t="/api/auth"){return _(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function T(e,t){if(e)return R(e,t);let i=p.BETTER_AUTH_URL||p.NEXT_PUBLIC_BETTER_AUTH_URL||p.PUBLIC_BETTER_AUTH_URL||p.NUXT_PUBLIC_BETTER_AUTH_URL||p.NUXT_PUBLIC_AUTH_URL||(p.BASE_URL!=="/"?p.BASE_URL:void 0);if(i)return R(i,t);if(typeof window<"u")return R(window.location.origin,t)}import"nanostores";import{betterFetch as $}from"@better-fetch/fetch";var O={id:"redirect",name:"Redirect",hooks:{onSuccess(e){e.data?.url&&e.data?.redirect&&typeof window<"u"&&(window.location.href=e.data.url)}}},U={id:"add-current-url",name:"Add current URL",hooks:{onRequest(e){if(typeof window<"u"){let t=new URL(e.url);t.searchParams.set("currentURL",window.location.href),e.url=t}return e}}},F={id:"csrf",name:"CSRF Check",async init(e,t){if(t?.method!=="GET"){t=t||{};let{data:i,error:s}=await $("/csrf",{body:void 0,baseURL:t.baseURL,plugins:[],method:"GET",credentials:"include",customFetchImpl:t.customFetchImpl});if(s){if(s.status===404)throw new d("CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth).");if(s.status===429)return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests"});throw new d("Failed to fetch CSRF token: "+s.message)}let r=i?.csrfToken;t.body={...t?.body,csrfToken:r}}return t.credentials="include",{url:e,options:t}}};var b=e=>{let t=v({baseURL:T(e?.fetchOptions?.baseURL||e?.baseURL),credentials:"include",method:"GET",...e?.fetchOptions,plugins:e?.disableDefaultFetchPlugins?e.fetchOptions?.plugins:[...e?.disableCSRFTokenCheck?[]:[F],O,U,...e?.fetchOptions?.plugins?.filter(n=>n!==void 0)||[],...e?.plugins?.flatMap(n=>n.fetchPlugins).filter(n=>n!==void 0)||[]]}),i=e?.plugins||[],s={},r={},u={"/sign-out":"POST","/user/revoke-sessions":"POST"},o=[{signal:"_sessionSignal",matcher(n){return n==="/sign-out"||n==="/user/update"||n.startsWith("/sign-in")||n.startsWith("/sign-up")}}];for(let n of i)n.getActions&&Object.assign(s,n.getActions?.(t)),n.getAtoms&&Object.assign(r,n.getAtoms?.(t)),n.pathMethods&&Object.assign(u,n.pathMethods),n.atomListeners&&o.push(...n.atomListeners);return{pluginsActions:s,pluginsAtoms:r,pluginPathMethods:u,atomListeners:o,$fetch:t}};function C(e){return e.charAt(0).toUpperCase()+e.slice(1)}function W(e,t,i){let s=t[e],{fetchOptions:r,query:u,...o}=i||{};return s||(r?.method?r.method:o&&Object.keys(o).length>0?"POST":"GET")}function L(e,t,i,s,r){function u(o=[]){return new Proxy(function(){},{get(n,c){let l=[...o,c],a=e;for(let f of l)if(a&&typeof a=="object"&&f in a)a=a[f];else{a=void 0;break}return typeof a=="function"?a:u(l)},apply:async(n,c,l)=>{let a="/"+o.map(y=>y.replace(/[A-Z]/g,g=>`-${g.toLowerCase()}`)).join("/"),f=l[0]||{},m=l[1]||{},{query:x,fetchOptions:w,...I}=f,h={...m,...w},A=W(a,i,f);return await t(a,{...h,body:A==="GET"?void 0:{...I,...h?.body||{}},query:x||h?.query,method:A,async onSuccess(y){await h?.onSuccess?.(y);let g=r?.find(k=>k.matcher(a));if(!g)return;let P=s[g.signal];if(!P)return;let E=P.get();setTimeout(()=>{P.set(!E)},10)}})}})}return u()}import{atom as G}from"nanostores";import"@better-fetch/fetch";import{atom as q,onMount as M}from"nanostores";var B=(e,t,i,s)=>{let r=q({data:null,error:null,isPending:!1,isRefetching:!1}),u=()=>{let n=typeof s=="function"?s({data:r.get().data,error:r.get().error,isPending:r.get().isPending}):s;return i(t,{...n,onSuccess:async c=>{r.set({data:c.data,error:null,isPending:!1,isRefetching:!1}),await n?.onSuccess?.(c)},async onError(c){r.set({error:c.error,data:null,isPending:!1,isRefetching:!1}),await n?.onError?.(c)},async onRequest(c){let l=r.get();r.set({isPending:l.data===null,data:l.data,error:null,isRefetching:!0}),await n?.onRequest?.(c)}})};e=Array.isArray(e)?e:[e];let o=!1;for(let n of e)n.subscribe(()=>{o?u():M(r,()=>(u(),o=!0,()=>{r.off(),n.off()}))});return r};function S(e){let t=G(!1);return{$session:B(t,"/session",e,{method:"GET"}),_sessionSignal:t,$Infer:{}}}function pe(e){let{pluginPathMethods:t,pluginsActions:i,pluginsAtoms:s,$fetch:r,atomListeners:u}=b(e),o={};for(let[f,m]of Object.entries(s))o[`use${C(f)}`]=m;let{$session:n,_sessionSignal:c}=S(r),l={...i,...o,$fetch:r,useSession:n};return L(l,r,t,{...s,_sessionSignal:c},u)}export{pe as createAuthClient,B as useAuthQuery};
2
- //# sourceMappingURL=client.js.map
package/dist/cookies.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import 'better-call';
2
- export { s as BetterAuthCookies, E as EligibleCookies, r as createCookieGetter, u as deleteSessionCookie, q as getCookies, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-ChOWHZz7.js';
2
+ export { s as BetterAuthCookies, E as EligibleCookies, r as createCookieGetter, u as deleteSessionCookie, q as getCookies, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-B9t_YkMU.js';
3
3
  import 'zod';
4
4
  import 'kysely';
5
5
  import './schema-Dkt0LqYs.js';
package/dist/cookies.js CHANGED
@@ -1,2 +1 @@
1
1
  import{TimeSpan as C}from"oslo";var u=class extends Error{constructor(i,o){super(i),this.name="BetterAuthError",this.message=i,this.cause=o,this.stack=""}};import{env as h,isProduction as p}from"std-env";function g(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):p)?"__Secure-":"",t="better-auth",r=e.session?.expiresIn||new C(7,"d").seconds(),s=!!e.advanced?.crossSubDomainCookies?.enabled,n=s?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(s&&!n)throw new u("baseURL is required when crossSubdomainCookies are enabled");let a=s?"none":"lax";return{sessionToken:{name:`${o}${t}.session_token`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:r,...s?{domain:n}:{}}},csrfToken:{name:`${o}${t}.csrf_token`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*60*24*7,...s?{domain:n}:{}}},state:{name:`${o}${t}.state`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}},pkCodeVerifier:{name:`${o}${t}.pk_code_verifier`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}},dontRememberToken:{name:`${o}${t}.dont_remember`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,...s?{domain:n}:{}}},nonce:{name:`${o}${t}.nonce`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}}}}function S(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL?.startsWith("https://")||p)?"__Secure-":"",t="better-auth",r=e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0);function s(n,a){let c=e.advanced?.crossSubDomainCookies?.enabled?e.advanced.crossSubDomainCookies.additionalCookies?.includes(n):void 0;return{name:h.NODE_ENV==="production"?`${o}${t}.${n}`:`${t}.${n}`,options:{secure:!!o,sameSite:"lax",path:"/",maxAge:60*15,...a,...c?{domain:r}:{}}}}return s}async function O(e,i,o,t){let r=e.context.authCookies.sessionToken.options;r.maxAge=o?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,i,e.context.secret,{...r,...t}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function A(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function y(e){let i=new Map;return e.split(", ").forEach(t=>{let[r,...s]=t.split("; "),[n,a]=r.split("="),c={value:a};s.forEach(k=>{let[d,m]=k.split("=");c[d.toLowerCase()]=m||!0}),i.set(n,c)}),i}function $(e){let i=e.split("; "),o=new Map;return i.forEach(t=>{let[r,s]=t.split("=");o.set(r,s)}),o}export{S as createCookieGetter,A as deleteSessionCookie,g as getCookies,$ as parseCookies,y as parseSetCookieHeader,O as setSessionCookie};
2
- //# sourceMappingURL=cookies.js.map
package/dist/crypto.js CHANGED
@@ -1,2 +1 @@
1
1
  import{xchacha20poly1305 as u}from"@noble/ciphers/chacha";import{bytesToHex as B,hexToBytes as S,utf8ToBytes as T}from"@noble/ciphers/utils";import{managedNonce as g}from"@noble/ciphers/webcrypto";import{sha256 as l}from"oslo/crypto";import f from"uncrypto";function c(t,e){let r=new Uint8Array(t),n=new Uint8Array(e);if(r.length!==n.length)return!1;let o=0;for(let a=0;a<r.length;a++)o|=r[a]^n[a];return o===0}import{decodeHex as d,encodeHex as y}from"oslo/encoding";import{scryptAsync as h}from"@noble/hashes/scrypt";import{getRandomValues as w}from"uncrypto";var s={N:16384,r:16,p:1,dkLen:64};async function m(t,e){return await h(t.normalize("NFKC"),e,{N:s.N,p:s.p,r:s.r,dkLen:s.dkLen,maxmem:128*s.N*s.r*2})}var D=async t=>{let e=y(w(new Uint8Array(16))),r=await m(t,e);return`${e}:${y(r)}`},H=async(t,e)=>{let[r,n]=t.split(":"),o=await m(e,r);return c(o,d(n))};import i from"uncrypto";function A(t){return t.toString(2).padStart(8,"0")}function x(t){return[...t].map(e=>A(e)).join("")}function p(t){return parseInt(x(t),2)}function C(){let t=new ArrayBuffer(8),e=i.getRandomValues(new Uint8Array(t));return e[0]=63,e[1]=e[1]|240,new DataView(t).getFloat64(0)-1}function b(t){if(t<0||!Number.isInteger(t))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let e=(t-1).toString(2).length,r=e%8,n=new Uint8Array(Math.ceil(e/8));i.getRandomValues(n),r!==0&&(n[0]&=(1<<r)-1);let o=p(n);for(;o>=t;)i.getRandomValues(n),r!==0&&(n[0]&=(1<<r)-1),o=p(n);return o}function I(t,e){let r="";for(let n=0;n<t;n++)r+=e[b(e.length)];return r}function K(...t){let e=new Set(t),r="";for(let n of e)n==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":n==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":n==="0-9"?r+="0123456789":r+=n;return r}async function M(t,e){let r=new TextEncoder,n={name:"HMAC",hash:"SHA-256"},o=await f.subtle.importKey("raw",r.encode(t),n,!1,["sign","verify"]),a=await f.subtle.sign(n.name,o,r.encode(e));return btoa(String.fromCharCode(...new Uint8Array(a)))}var Z=async({key:t,data:e})=>{let r=await l(new TextEncoder().encode(t)),n=T(e),o=g(u)(new Uint8Array(r));return B(o.encrypt(n))},j=async({key:t,data:e})=>{let r=await l(new TextEncoder().encode(t)),n=S(e),o=g(u)(new Uint8Array(r));return new TextDecoder().decode(o.decrypt(n))};export{K as alphabet,A as byteToBinary,x as bytesToBinary,p as bytesToInteger,c as constantTimeEqual,b as generateRandomInteger,I as generateRandomString,D as hashPassword,M as hs256,C as random,j as symmetricDecrypt,Z as symmetricEncrypt,H as verifyPassword};
2
- //# sourceMappingURL=crypto.js.map
package/dist/db.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { A as Adapter, B as BetterAuthOptions, W as Where, F as FieldAttribute, z as FieldType, K as KyselyDatabaseType } from './auth-ChOWHZz7.js';
2
- export { X as BetterAuthDbSchema, J as FieldAttributeConfig, V as InferFieldsFromOptions, U as InferFieldsFromPlugins, O as InferFieldsInput, Q as InferFieldsInputClient, N as InferFieldsOutput, M as InferValueType, D as InternalAdapter, T as PluginFieldAttribute, L as createFieldAttribute, C as createInternalAdapter, Y as getAuthTables } from './auth-ChOWHZz7.js';
1
+ import { A as Adapter, B as BetterAuthOptions, W as Where, F as FieldAttribute, z as FieldType, K as KyselyDatabaseType } from './auth-B9t_YkMU.js';
2
+ export { X as BetterAuthDbSchema, J as FieldAttributeConfig, V as InferFieldsFromOptions, U as InferFieldsFromPlugins, O as InferFieldsInput, Q as InferFieldsInputClient, N as InferFieldsOutput, M as InferValueType, D as InternalAdapter, T as PluginFieldAttribute, L as createFieldAttribute, C as createInternalAdapter, Y as getAuthTables } from './auth-B9t_YkMU.js';
3
3
  import { z } from 'zod';
4
4
  import 'kysely';
5
5
  import './schema-Dkt0LqYs.js';
package/dist/db.js CHANGED
@@ -2,4 +2,3 @@ var q=(e,s="ms")=>new Date(Date.now()+(s==="sec"?e*1e3:e));var h=e=>{let s=e.plu
2
2
  `)}}),O=H();function P(e){let s=h(e),a={};for(let n in s){let d=s[n],r=d.fields,c={};if(Object.entries(r).forEach(([f,t])=>{c[t.fieldName||f]=t}),a[d.tableName]){a[d.tableName].fields={...a[d.tableName].fields,...c};continue}a[d.tableName]={fields:c,order:d.order||1/0}}return a}var J={string:["character varying","text"],number:["int4","integer","bigint","smallint","numeric","real","double precision"],boolean:["bool","boolean"],date:["timestamp","date"]},Z={string:["varchar","text"],number:["integer","int","bigint","smallint","decimal","float","double"],boolean:["boolean"],date:["date","datetime"]},z={string:["TEXT"],number:["INTEGER","REAL"],boolean:["INTEGER","BOOLEAN"],date:["DATE","INTEGER"]},_={string:["nvarchar","varchar"],number:["int","bigint","smallint","decimal","float","double"],boolean:["bit","boolean"],date:["datetime","date"]},G={postgres:J,mysql:Z,sqlite:z,mssql:_};function X(e,s,a){return s==="string[]"||s==="number[]"?e.toLowerCase().includes("json"):G[a][s].map(c=>c.toLowerCase()).includes(e.toLowerCase())}async function Le(e){let s=P(e),{kysely:a,databaseType:n}=await k(e);n||(O.warn("Could not determine database type, defaulting to sqlite. Please provide a type in the database options to avoid this."),n="sqlite"),a||(O.error("Only kysely adapter is supported for migrations. You can use `generate` command to generate the schema, if you're using a different adapter."),process.exit(1));let d=await a.introspection.getTables(),r=[],c=[];for(let[l,u]of Object.entries(s)){let m=d.find(y=>y.name===l);if(!m){let y=r.findIndex(T=>T.table===l),b={table:l,fields:u.fields,order:u.order||1/0},x=r.findIndex(T=>(T.order||1/0)>b.order);x===-1?y===-1?r.push(b):r[y].fields={...r[y].fields,...u.fields}:r.splice(x,0,b);continue}let p={};for(let[y,b]of Object.entries(u.fields)){let x=m.columns.find(T=>T.name===y);if(!x){p[y]=b;continue}X(x.dataType,b.type,n)||O.warn(`Field ${y} in table ${l} has a different type in the database. Expected ${b.type} but got ${x.dataType}.`)}Object.keys(p).length>0&&c.push({table:l,fields:p,order:u.order||1/0})}let f=[];function t(l){let u={string:"text",boolean:"boolean",number:"integer",date:"date"};return n==="mysql"&&l==="string"?"varchar(255)":n==="sqlite"&&(l==="string[]"||l==="number[]")?"text":l==="string[]"||l==="number[]"?"jsonb":u[l]}if(c.length)for(let l of c)for(let[u,m]of Object.entries(l.fields)){let p=t(m.type),y=a.schema.alterTable(l.table).addColumn(u,p,b=>(b=m.required!==!1?b.notNull():b,m.references&&(b=b.references(`${m.references.model}.${m.references.field}`)),b));f.push(y)}if(r.length)for(let l of r){let u=a.schema.createTable(l.table).addColumn("id",t("string"),m=>m.primaryKey().notNull());for(let[m,p]of Object.entries(l.fields)){let y=t(p.type);u=u.addColumn(m,y,b=>(b=p.required!==!1?b.notNull():b,p.references&&(b=b.references(`${p.references.model}.${p.references.field}`)),p.unique&&(b=b.unique()),b))}f.push(u)}async function i(){for(let l of f)await l.execute()}async function o(){return f.map(u=>u.compile().sql).join(`;
3
3
 
4
4
  `)}return{toBeCreated:r,toBeAdded:c,runMigrations:i,compileMigrations:o}}export{g as convertFromDB,D as convertToDB,qe as createFieldAttribute,ve as createInternalAdapter,me as getAdapter,h as getAuthTables,Le as getMigrations,P as getSchema,C as getWithHooks,X as matchType,Re as toZodSchema};
5
- //# sourceMappingURL=db.js.map
@@ -5,7 +5,7 @@ import { P as Prettify } from './helper-DPDj8Nix.js';
5
5
  import { A as AccessControl, R as Role, S as StatementsPrimitive, g as defaultRoles } from './statement-CfnyN34h.js';
6
6
  import * as _better_fetch_fetch from '@better-fetch/fetch';
7
7
  import { BetterFetch, BetterFetchOption } from '@better-fetch/fetch';
8
- import { H as HookEndpointContext, p as AuthContext } from './auth-ChOWHZz7.js';
8
+ import { H as HookEndpointContext, p as AuthContext } from './auth-B9t_YkMU.js';
9
9
  import * as nanostores from 'nanostores';
10
10
  import { atom } from 'nanostores';
11
11
  import * as _simplewebauthn_types from '@simplewebauthn/types';
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { A as Adapter, j as AdditionalSessionFieldsInput, k as AdditionalSessionFieldsOutput, h as AdditionalUserFieldsInput, i as AdditionalUserFieldsOutput, a as Auth, p as AuthContext, s as BetterAuthCookies, B as BetterAuthOptions, b as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, m as InferPluginTypes, l as InferSession, I as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, g as betterAuth, r as createCookieGetter, x as createLogger, u as deleteSessionCookie, q as getCookies, n as init, y as logger, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-ChOWHZz7.js';
1
+ export { A as Adapter, j as AdditionalSessionFieldsInput, k as AdditionalSessionFieldsOutput, h as AdditionalUserFieldsInput, i as AdditionalUserFieldsOutput, a as Auth, p as AuthContext, s as BetterAuthCookies, B as BetterAuthOptions, b as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, m as InferPluginTypes, l as InferSession, I as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, g as betterAuth, r as createCookieGetter, x as createLogger, u as deleteSessionCookie, q as getCookies, n as init, y as logger, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-B9t_YkMU.js';
2
2
  export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, a as LiteralUnion, P as Prettify, R as RequiredKeysOf, S as StripEmptyObjects, U as UnionToIntersection, W as WithoutEmpty } from './helper-DPDj8Nix.js';
3
3
  export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal } from './types.js';
4
4
  export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';