better-auth 0.5.4-beta.7 → 0.5.4-beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/access.js +1 -1
  2. package/dist/adapters/drizzle.js +1 -1
  3. package/dist/adapters/kysely.js +1 -1
  4. package/dist/adapters/mongodb.d.ts +9 -0
  5. package/dist/adapters/mongodb.js +1 -1
  6. package/dist/adapters/prisma.js +1 -1
  7. package/dist/api.js +4 -4
  8. package/dist/client/plugins.js +1 -1
  9. package/dist/client.js +1 -1
  10. package/dist/cookies.js +1 -1
  11. package/dist/db.js +3 -3
  12. package/dist/index.js +4 -4
  13. package/dist/next-js.js +1 -1
  14. package/dist/oauth2.js +1 -1
  15. package/dist/plugins.js +5 -5
  16. package/dist/react.js +1 -1
  17. package/dist/social.d.ts +1 -0
  18. package/dist/social.js +2 -2
  19. package/dist/solid.js +1 -1
  20. package/dist/svelte.js +1 -1
  21. package/dist/vue.js +1 -1
  22. package/package.json +24 -26
  23. package/dist/access.cjs +0 -1
  24. package/dist/access.d.cts +0 -4
  25. package/dist/adapters/drizzle.cjs +0 -1
  26. package/dist/adapters/drizzle.d.cts +0 -36
  27. package/dist/adapters/kysely.cjs +0 -1
  28. package/dist/adapters/kysely.d.cts +0 -43
  29. package/dist/adapters/mongodb.cjs +0 -1
  30. package/dist/adapters/mongodb.d.cts +0 -54
  31. package/dist/adapters/prisma.cjs +0 -1
  32. package/dist/adapters/prisma.d.cts +0 -25
  33. package/dist/api.cjs +0 -83
  34. package/dist/api.d.cts +0 -10
  35. package/dist/auth-Bi4S5duG.d.cts +0 -6387
  36. package/dist/client/plugins.cjs +0 -1
  37. package/dist/client/plugins.d.cts +0 -280
  38. package/dist/client.cjs +0 -1
  39. package/dist/client.d.cts +0 -243
  40. package/dist/cookies.cjs +0 -1
  41. package/dist/cookies.d.cts +0 -10
  42. package/dist/crypto.cjs +0 -1
  43. package/dist/crypto.d.cts +0 -30
  44. package/dist/db.cjs +0 -4
  45. package/dist/db.d.cts +0 -54
  46. package/dist/helper-DPDj8Nix.d.cts +0 -21
  47. package/dist/hide-metadata-DEHJp1rk.d.cts +0 -5
  48. package/dist/index-7DC3O4KM.d.cts +0 -6298
  49. package/dist/index-BkNFhk9A.d.cts +0 -24
  50. package/dist/index.cjs +0 -83
  51. package/dist/index.d.cts +0 -28
  52. package/dist/next-js.cjs +0 -1
  53. package/dist/next-js.d.cts +0 -35
  54. package/dist/node.cjs +0 -1
  55. package/dist/node.d.cts +0 -17
  56. package/dist/oauth2.cjs +0 -1
  57. package/dist/oauth2.d.cts +0 -31
  58. package/dist/plugins.cjs +0 -84
  59. package/dist/plugins.d.cts +0 -182
  60. package/dist/react.cjs +0 -1
  61. package/dist/react.d.cts +0 -263
  62. package/dist/schema-Dkt0LqYs.d.cts +0 -105
  63. package/dist/social.cjs +0 -2
  64. package/dist/social.d.cts +0 -959
  65. package/dist/solid-start.cjs +0 -1
  66. package/dist/solid-start.d.cts +0 -21
  67. package/dist/solid.cjs +0 -1
  68. package/dist/solid.d.cts +0 -244
  69. package/dist/state-BUSdcdLW.d.cts +0 -17
  70. package/dist/statement-Da_cxgTI.d.cts +0 -81
  71. package/dist/svelte-kit.cjs +0 -1
  72. package/dist/svelte-kit.d.cts +0 -25
  73. package/dist/svelte.cjs +0 -1
  74. package/dist/svelte.d.cts +0 -243
  75. package/dist/types-BVIhbXRu.d.cts +0 -55
  76. package/dist/types.cjs +0 -1
  77. package/dist/types.d.cts +0 -138
  78. package/dist/vue.cjs +0 -1
  79. package/dist/vue.d.cts +0 -294
package/dist/access.js CHANGED
@@ -1 +1 @@
1
- var a=class extends Error{path;constructor(e,n){super(e),this.path=n}},c=class{constructor(e){this.s=e;this.statements=e}statements;newRole(e){return new i(e)}},i=class s{statements;constructor(e){this.statements=e}authorize(e,n){for(let[t,o]of Object.entries(e)){let r=this.statements[t];if(!r)return{success:!1,error:`You are not allowed to access resource: ${t}`};let p=n==="OR"?o.some(m=>r.includes(m)):o.every(m=>r.includes(m));return p?{success:p}:{success:!1,error:`unauthorized to access resource "${t}"`}}return{success:!1,error:"Not authorized"}}static fromString(e){let n=JSON.parse(e);if(typeof n!="object")throw new a("statements is not an object",".");for(let[t,o]of Object.entries(n)){if(typeof t!="string")throw new a("invalid resource identifier",t);if(!Array.isArray(o))throw new a("actions is not an array",t);for(let r=0;r<o.length;r++)if(typeof o[r]!="string")throw new a("action is not a string",`${t}[${r}]`)}return new s(n)}toString(){return JSON.stringify(this.statements)}};var l=s=>new c(s),d={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},u=l(d),S=u.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),f=u.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),x=u.newRole({organization:[],member:[],invitation:[]}),b={admin:S,owner:f,member:x};var T=s=>i.fromString(s??"");export{c as AccessControl,a as ParsingError,i as Role,S as adminAc,l as createAccessControl,u as defaultAc,b as defaultRoles,d as defaultStatements,x as memberAc,f as ownerAc,T as permissionFromString};
1
+ var a=class extends Error{constructor(t,n){super(t),this.path=n}},c=class{constructor(t){this.s=t;this.statements=t}newRole(t){return new i(t)}},i=class e{constructor(t){this.statements=t}authorize(t,n){for(let[r,o]of Object.entries(t)){let s=this.statements[r];if(!s)return{success:!1,error:`You are not allowed to access resource: ${r}`};let p=n==="OR"?o.some(m=>s.includes(m)):o.every(m=>s.includes(m));return p?{success:p}:{success:!1,error:`unauthorized to access resource "${r}"`}}return{success:!1,error:"Not authorized"}}static fromString(t){let n=JSON.parse(t);if(typeof n!="object")throw new a("statements is not an object",".");for(let[r,o]of Object.entries(n)){if(typeof r!="string")throw new a("invalid resource identifier",r);if(!Array.isArray(o))throw new a("actions is not an array",r);for(let s=0;s<o.length;s++)if(typeof o[s]!="string")throw new a("action is not a string",`${r}[${s}]`)}return new e(n)}toString(){return JSON.stringify(this.statements)}};var l=e=>new c(e),d={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},u=l(d),S=u.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),f=u.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),x=u.newRole({organization:[],member:[],invitation:[]}),b={admin:S,owner:f,member:x};var T=e=>i.fromString(e!=null?e:"");export{c as AccessControl,a as ParsingError,i as Role,S as adminAc,l as createAccessControl,u as defaultAc,b as defaultRoles,d as defaultStatements,x as memberAc,f as ownerAc,T as permissionFromString};
package/dist/adapters/drizzle.js CHANGED
@@ -1 +1 @@
1
- import{and as v,asc as P,desc as z,eq as p,or as A,inArray as y,like as w}from"drizzle-orm";var d=class extends Error{constructor(r,i){super(r),this.name="BetterAuthError",this.message=r,this.cause=i}};function h(t,r){let i=r.schema;if(!i)throw new d("Drizzle adapter failed to initialize. Schema not found. Please provide a schema object in the adapter options object.");let c=r.usePlural?`${t}s`:t,n=i[c];if(!n)throw new d(`[# Drizzle Adapter]: The model "${t}" was not found in the schema object. Please pass the schema directly to the adapter options.`);return n}function m(t,r){if(!t)return[];if(t.length===1){let e=t[0];if(!e)return[];if(e.operator==="in"){if(!Array.isArray(e.value))throw new d(`The value for the field "${e.field}" must be an array when using the "in" operator.`);return[y(r[e.field],e.value)]}return e.operator==="contains"?[w(r[e.field],`%${e.value}%`)]:e.operator==="starts_with"?[w(r[e.field],`${e.value}%`)]:e.operator==="ends_with"?[w(r[e.field],`%${e.value}`)]:[p(r[e.field],e.value)]}let i=t.filter(e=>e.connector==="AND"||!e.connector),c=t.filter(e=>e.connector==="OR"),n=v(...i.map(e=>{if(e.operator==="in"){if(!Array.isArray(e.value))throw new d(`The value for the field "${e.field}" must be an array when using the "in" operator.`);return y(r[e.field],e.value)}return p(r[e.field],e.value)})),l=A(...c.map(e=>p(r[e.field],e.value))),s=[];return i.length&&s.push(n),c.length&&s.push(l),s}var S=(t,r)=>{let i=r.schema||t._.fullSchema,c=r?.provider;return{id:"drizzle",async create(n){let{model:l,data:s}=n,e=h(l,{schema:i,usePlural:r.usePlural});r.generateId!==void 0&&(s.id=r.generateId?r.generateId():void 0);let a=t.insert(e).values(s);return c!=="mysql"?(await a.returning())[0]:(await a,(await t.select().from(e).where(p(e.id,n.data.id)))[0])},async findOne(n){let{model:l,where:s,select:e}=n,a=h(l,{schema:i,usePlural:r.usePlural}),u=m(s,a),o=null;return e?.length?o=await t.select(...e.map(f=>({[f]:a[f]}))).from(a).where(...u):o=await t.select().from(a).where(...u),o.length?o[0]:null},async findMany(n){let{model:l,where:s,limit:e,offset:a,sortBy:u}=n,o=h(l,{schema:i,usePlural:r.usePlural}),f=s?m(s,o):[],g=u?.direction==="desc"?z:P;return await t.select().from(o).limit(e||100).offset(a||0).orderBy(g(o[u?.field||"id"])).where(...f.length?f:[])},async update(n){let{model:l,where:s,update:e}=n,a=h(l,{schema:i,usePlural:r.usePlural});e.id&&(e.id=void 0);let u=m(s,a),o=t.update(a).set(e).where(...u);return c!=="mysql"?(await o.returning())[0]:(await o,(await t.select().from(a).where(p(a.id,n.update.id)))[0])},async delete(n){let{model:l,where:s}=n,e=h(l,{schema:i,usePlural:r.usePlural}),a=m(s,e);return(await t.delete(e).where(...a))[0]},async deleteMany(n){let{model:l,where:s}=n,e=h(l,{schema:i,usePlural:r.usePlural}),a=m(s,e);await t.delete(e).where(...a)},options:r}};export{S as drizzleAdapter};
1
+ import{and as v,asc as P,desc as z,eq as w,or as A,inArray as g,like as p}from"drizzle-orm";var d=class extends Error{constructor(r,l){super(r),this.name="BetterAuthError",this.message=r,this.cause=l}};function h(t,r){let l=r.schema;if(!l)throw new d("Drizzle adapter failed to initialize. Schema not found. Please provide a schema object in the adapter options object.");let c=r.usePlural?`${t}s`:t,a=l[c];if(!a)throw new d(`[# Drizzle Adapter]: The model "${t}" was not found in the schema object. Please pass the schema directly to the adapter options.`);return a}function m(t,r){if(!t)return[];if(t.length===1){let e=t[0];if(!e)return[];if(e.operator==="in"){if(!Array.isArray(e.value))throw new d(`The value for the field "${e.field}" must be an array when using the "in" operator.`);return[g(r[e.field],e.value)]}return e.operator==="contains"?[p(r[e.field],`%${e.value}%`)]:e.operator==="starts_with"?[p(r[e.field],`${e.value}%`)]:e.operator==="ends_with"?[p(r[e.field],`%${e.value}`)]:[w(r[e.field],e.value)]}let l=t.filter(e=>e.connector==="AND"||!e.connector),c=t.filter(e=>e.connector==="OR"),a=v(...l.map(e=>{if(e.operator==="in"){if(!Array.isArray(e.value))throw new d(`The value for the field "${e.field}" must be an array when using the "in" operator.`);return g(r[e.field],e.value)}return w(r[e.field],e.value)})),i=A(...c.map(e=>w(r[e.field],e.value))),s=[];return l.length&&s.push(a),c.length&&s.push(i),s}var T=(t,r)=>{let l=r.schema||t._.fullSchema,c=r==null?void 0:r.provider;return{id:"drizzle",async create(a){let{model:i,data:s}=a,e=h(i,{schema:l,usePlural:r.usePlural});r.generateId!==void 0&&(s.id=r.generateId?r.generateId():void 0);let n=t.insert(e).values(s);return c!=="mysql"?(await n.returning())[0]:(await n,(await t.select().from(e).where(w(e.id,a.data.id)))[0])},async findOne(a){let{model:i,where:s,select:e}=a,n=h(i,{schema:l,usePlural:r.usePlural}),u=m(s,n),o=null;return e!=null&&e.length?o=await t.select(...e.map(f=>({[f]:n[f]}))).from(n).where(...u):o=await t.select().from(n).where(...u),o.length?o[0]:null},async findMany(a){let{model:i,where:s,limit:e,offset:n,sortBy:u}=a,o=h(i,{schema:l,usePlural:r.usePlural}),f=s?m(s,o):[],y=(u==null?void 0:u.direction)==="desc"?z:P;return await t.select().from(o).limit(e||100).offset(n||0).orderBy(y(o[(u==null?void 0:u.field)||"id"])).where(...f.length?f:[])},async update(a){let{model:i,where:s,update:e}=a,n=h(i,{schema:l,usePlural:r.usePlural});e.id&&(e.id=void 0);let u=m(s,n),o=t.update(n).set(e).where(...u);return c!=="mysql"?(await o.returning())[0]:(await o,(await t.select().from(n).where(w(n.id,a.update.id)))[0])},async delete(a){let{model:i,where:s}=a,e=h(i,{schema:l,usePlural:r.usePlural}),n=m(s,e);return(await t.delete(e).where(...n))[0]},async deleteMany(a){let{model:i,where:s}=a,e=h(i,{schema:l,usePlural:r.usePlural}),n=m(s,e);await t.delete(e).where(...n)},options:r}};export{T as drizzleAdapter};
package/dist/adapters/kysely.js CHANGED
@@ -1 +1 @@
1
- import{Kysely as h,MssqlDialect as q}from"kysely";import{MysqlDialect as w,PostgresDialect as A,SqliteDialect as D}from"kysely";function k(r){if("dialect"in r)return k(r.dialect);if("createDriver"in r){if(r instanceof D)return"sqlite";if(r instanceof w)return"mysql";if(r instanceof A)return"postgres";if(r instanceof q)return"mssql"}return"aggregate"in r?"sqlite":"getConnection"in r?"mysql":"connect"in r?"postgres":null}var T=async r=>{let e=r.database;if("db"in e)return{kysely:e.db,databaseType:e.type};if("dialect"in e)return{kysely:new h({dialect:e.dialect}),databaseType:e.type};let a,n=k(e);return"createDriver"in e&&(a=e),"aggregate"in e&&(a=new D({database:e})),"getConnection"in e&&(a=new w({pool:e})),"connect"in e&&(a=new A({pool:e})),{kysely:a?new h({dialect:a}):null,databaseType:n}};function m(r){if(!r)return{and:null,or:null};let e={and:[],or:[]};return r.forEach(a=>{let{field:n,value:i,operator:l="=",connector:f="AND"}=a,o=t=>l.toLowerCase()==="in"?t(n,"in",Array.isArray(i)?i:[i]):l==="contains"?t(n,"like",`%${i}%`):l==="starts_with"?t(n,"like",`${i}%`):l==="ends_with"?t(n,"like",`%${i}`):t(n,l,i);f==="OR"?e.or.push(o):e.and.push(o)}),{and:e.and.length?e.and:null,or:e.or.length?e.or:null}}function p(r,e,a){for(let n in r){let i=e[n]||Object.values(e).find(l=>l.fieldName===n);r[n]===0&&i.type==="boolean"&&a?.boolean&&(r[n]=!1),r[n]===1&&i?.type==="boolean"&&a?.boolean&&(r[n]=!0),i?.type==="date"&&(r[n]instanceof Date||(r[n]=new Date(r[n])))}return r}function g(r,e){for(let a in r)typeof r[a]=="boolean"&&e?.boolean&&(r[a]=r[a]?1:0),r[a]instanceof Date&&(r[a]=r[a].toISOString());return r}var C=(r,e)=>({id:"kysely",async create(a){let{model:n,data:i,select:l}=a;e?.transform&&(i=g(i,e.transform)),e?.generateId!==void 0&&(i.id=e.generateId?e.generateId():void 0);let f=await r.insertInto(n).values(i).returningAll().executeTakeFirst();if(e?.transform){let o=e.transform.schema[n];f=o?p(i,o,e.transform):f}return l?.length&&(f=f?l.reduce((t,s)=>f?.[s]?{...t,[s]:f[s]}:t,{}):null),f},async findOne(a){let{model:n,where:i,select:l}=a,{and:f,or:o}=m(i),t=r.selectFrom(n).selectAll();f&&(t=t.where(y=>y.and(f.map(d=>d(y))))),o&&(t=t.where(y=>y.or(o.map(d=>d(y)))));let s=await t.executeTakeFirst();if(l?.length&&(s=s?l.reduce((d,u)=>s?.[u]?{...d,[u]:s[u]}:d,{}):null),e?.transform){let y=e.transform.schema[n];return s=s&&y?p(s,y,e.transform):s,s||null}return s||null},async findMany(a){let{model:n,where:i,limit:l,offset:f,sortBy:o}=a,t=r.selectFrom(n),{and:s,or:y}=m(i);s&&(t=t.where(u=>u.and(s.map(c=>c(u))))),y&&(t=t.where(u=>u.or(y.map(c=>c(u))))),t=t.limit(l||100),f&&(t=t.offset(f)),o&&(t=t.orderBy(o.field,o.direction));let d=await t.selectAll().execute();if(e?.transform){let u=e.transform.schema[n];return u?d.map(c=>p(c,u,e.transform)):d}return d},async update(a){let{model:n,where:i,update:l}=a,{and:f,or:o}=m(i);e?.transform&&(l=g(l,e.transform)),l.id&&(l.id=void 0);let t=r.updateTable(n).set(l);f&&(t=t.where(y=>y.and(f.map(d=>d(y))))),o&&(t=t.where(y=>y.or(o.map(d=>d(y)))));let s=await t.returningAll().executeTakeFirst()||null;if(e?.transform){let y=e.transform.schema[n];return y?p(s,y,e.transform):s}return s},async delete(a){let{model:n,where:i}=a,{and:l,or:f}=m(i),o=r.deleteFrom(n);l&&(o=o.where(t=>t.and(l.map(s=>s(t))))),f&&(o=o.where(t=>t.or(f.map(s=>s(t))))),await o.execute()},async deleteMany(a){let{model:n,where:i}=a,{and:l,or:f}=m(i),o=r.deleteFrom(n);l&&(o=o.where(t=>t.and(l.map(s=>s(t))))),f&&(o=o.where(t=>t.or(f.map(s=>s(t))))),await o.execute()}});export{T as createKyselyAdapter,C as kyselyAdapter};
1
+ import{Kysely as h,MssqlDialect as x}from"kysely";import{MysqlDialect as w,PostgresDialect as A,SqliteDialect as D}from"kysely";function k(r){if("dialect"in r)return k(r.dialect);if("createDriver"in r){if(r instanceof D)return"sqlite";if(r instanceof w)return"mysql";if(r instanceof A)return"postgres";if(r instanceof x)return"mssql"}return"aggregate"in r?"sqlite":"getConnection"in r?"mysql":"connect"in r?"postgres":null}var K=async r=>{let e=r.database;if("db"in e)return{kysely:e.db,databaseType:e.type};if("dialect"in e)return{kysely:new h({dialect:e.dialect}),databaseType:e.type};let a,n=k(e);return"createDriver"in e&&(a=e),"aggregate"in e&&(a=new D({database:e})),"getConnection"in e&&(a=new w({pool:e})),"connect"in e&&(a=new A({pool:e})),{kysely:a?new h({dialect:a}):null,databaseType:n}};function f(r){if(!r)return{and:null,or:null};let e={and:[],or:[]};return r.forEach(a=>{let{field:n,value:s,operator:i="=",connector:y="AND"}=a,l=t=>i.toLowerCase()==="in"?t(n,"in",Array.isArray(s)?s:[s]):i==="contains"?t(n,"like",`%${s}%`):i==="starts_with"?t(n,"like",`${s}%`):i==="ends_with"?t(n,"like",`%${s}`):t(n,i,s);y==="OR"?e.or.push(l):e.and.push(l)}),{and:e.and.length?e.and:null,or:e.or.length?e.or:null}}function c(r,e,a){for(let n in r){let s=e[n]||Object.values(e).find(i=>i.fieldName===n);r[n]===0&&s.type==="boolean"&&(a!=null&&a.boolean)&&(r[n]=!1),r[n]===1&&(s==null?void 0:s.type)==="boolean"&&(a!=null&&a.boolean)&&(r[n]=!0),(s==null?void 0:s.type)==="date"&&(r[n]instanceof Date||(r[n]=new Date(r[n])))}return r}function q(r,e){for(let a in r)typeof r[a]=="boolean"&&(e!=null&&e.boolean)&&(r[a]=r[a]?1:0),r[a]instanceof Date&&(r[a]=r[a].toISOString());return r}var O=(r,e)=>({id:"kysely",async create(a){let{model:n,data:s,select:i}=a;e!=null&&e.transform&&(s=q(s,e.transform)),(e==null?void 0:e.generateId)!==void 0&&(s.id=e.generateId?e.generateId():void 0);let y=await r.insertInto(n).values(s).returningAll().executeTakeFirst();if(e!=null&&e.transform){let l=e.transform.schema[n];y=l?c(s,l,e.transform):y}return i!=null&&i.length&&(y=y?i.reduce((t,o)=>y!=null&&y[o]?{...t,[o]:y[o]}:t,{}):null),y},async findOne(a){let{model:n,where:s,select:i}=a,{and:y,or:l}=f(s),t=r.selectFrom(n).selectAll();y&&(t=t.where(u=>u.and(y.map(d=>d(u))))),l&&(t=t.where(u=>u.or(l.map(d=>d(u)))));let o=await t.executeTakeFirst();if(i!=null&&i.length&&(o=o?i.reduce((d,p)=>o!=null&&o[p]?{...d,[p]:o[p]}:d,{}):null),e!=null&&e.transform){let u=e.transform.schema[n];return o=o&&u?c(o,u,e.transform):o,o||null}return o||null},async findMany(a){let{model:n,where:s,limit:i,offset:y,sortBy:l}=a,t=r.selectFrom(n),{and:o,or:u}=f(s);o&&(t=t.where(p=>p.and(o.map(m=>m(p))))),u&&(t=t.where(p=>p.or(u.map(m=>m(p))))),t=t.limit(i||100),y&&(t=t.offset(y)),l&&(t=t.orderBy(l.field,l.direction));let d=await t.selectAll().execute();if(e!=null&&e.transform){let p=e.transform.schema[n];return p?d.map(m=>c(m,p,e.transform)):d}return d},async update(a){let{model:n,where:s,update:i}=a,{and:y,or:l}=f(s);e!=null&&e.transform&&(i=q(i,e.transform)),i.id&&(i.id=void 0);let t=r.updateTable(n).set(i);y&&(t=t.where(u=>u.and(y.map(d=>d(u))))),l&&(t=t.where(u=>u.or(l.map(d=>d(u)))));let o=await t.returningAll().executeTakeFirst()||null;if(e!=null&&e.transform){let u=e.transform.schema[n];return u?c(o,u,e.transform):o}return o},async delete(a){let{model:n,where:s}=a,{and:i,or:y}=f(s),l=r.deleteFrom(n);i&&(l=l.where(t=>t.and(i.map(o=>o(t))))),y&&(l=l.where(t=>t.or(y.map(o=>o(t))))),await l.execute()},async deleteMany(a){let{model:n,where:s}=a,{and:i,or:y}=f(s),l=r.deleteFrom(n);i&&(l=l.where(t=>t.and(i.map(o=>o(t))))),y&&(l=l.where(t=>t.or(y.map(o=>o(t))))),await l.execute()}});export{K as createKyselyAdapter,O as kyselyAdapter};
package/dist/adapters/mongodb.d.ts CHANGED
@@ -12,6 +12,15 @@ import 'mysql2';
12
12
 
13
13
  declare const mongodbAdapter: (mongo: Db, opts?: {
14
14
  usePlural?: boolean;
15
+ /**
16
+ * Custom generateId function.
17
+ *
18
+ * If not provided, nanoid will be used.
19
+ * If set to false, the database's auto generated id will be used.
20
+ *
21
+ * @default nanoid
22
+ */
23
+ generateId?: ((size?: number) => string) | false;
15
24
  }) => {
16
25
  id: string;
17
26
  create<T extends {
package/dist/adapters/mongodb.js CHANGED
@@ -1 +1 @@
1
- function f(l){if(!l)return{};let u=l.map(n=>{let{field:t,value:e,operator:c="eq",connector:a="AND"}=n,o;function d(w){return w==="id"?"_id":w}switch(c.toLowerCase()){case"eq":o={[d(t)]:e};break;case"in":o={[d(t)]:{$in:Array.isArray(e)?e:[e]}};break;case"gt":o={[d(t)]:{$gt:e}};break;case"gte":o={[d(t)]:{$gte:e}};break;case"lt":o={[d(t)]:{$lt:e}};break;case"lte":o={[d(t)]:{$lte:e}};break;case"ne":o={[d(t)]:{$ne:e}};break;case"contains":o={[d(t)]:{$regex:`.*${e}.*`}};break;case"starts_with":o={[d(t)]:{$regex:`${e}.*`}};break;case"ends_with":o={[d(t)]:{$regex:`.*${e}`}};break;default:throw new Error(`Unsupported operator: ${c}`)}return{condition:o,connector:a}}),s=u.filter(n=>n.connector==="AND").map(n=>n.condition),i=u.filter(n=>n.connector==="OR").map(n=>n.condition),r={};return s.length&&(r={...r,$and:s}),i.length&&(r={...r,$or:i}),r}function p(l){let{_id:u,...s}=l;return s}function m(l){return l.reduce((s,i)=>(s[i]=1,s),{})}var g=(l,u)=>{let s=l,i=r=>u?.usePlural?`${r}s`:r;return{id:"mongodb",async create(r){let{model:n,data:t}=r;t.id=void 0;let c=(await s.collection(i(n)).insertOne({...t})).insertedId,a={...t,id:c};return p(a)},async findOne(r){let{model:n,where:t,select:e}=r,c=f(t),a={};e&&(a=m(e));let o=await s.collection(i(n)).findOne(c,{projection:a});return o?p(o):null},async findMany(r){let{model:n,where:t,limit:e,offset:c,sortBy:a}=r,o=f(t);return(await s.collection(i(n)).find(o).skip(c||0).limit(e||100).sort(a?.field||"_id",a?.direction==="desc"?-1:1).toArray()).map(p)},async update(r){let{model:n,where:t,update:e}=r,c=f(t);if(e.id&&(e.id=void 0),t.length===1){let a=await s.collection(i(n)).findOneAndUpdate(c,{$set:e},{returnDocument:"after"});return p(a)}return await s.collection(i(n)).updateMany(c,{$set:e}),{}},async delete(r){let{model:n,where:t}=r,e=f(t),c=await s.collection(i(n)).findOneAndDelete(e)},async deleteMany(r){let{model:n,where:t}=r,e=f(t),c=await s.collection(i(n)).deleteMany(e)}}};export{g as mongodbAdapter};
1
+ function u(l){if(!l)return{};let a=l.map(t=>{let{field:n,value:e,operator:i="eq",connector:s="AND"}=t,o;switch(i.toLowerCase()){case"eq":o={[n]:e};break;case"in":o={[n]:{$in:Array.isArray(e)?e:[e]}};break;case"gt":o={[n]:{$gt:e}};break;case"gte":o={[n]:{$gte:e}};break;case"lt":o={[n]:{$lt:e}};break;case"lte":o={[n]:{$lte:e}};break;case"ne":o={[n]:{$ne:e}};break;case"contains":o={[n]:{$regex:`.*${e}.*`}};break;case"starts_with":o={[n]:{$regex:`${e}.*`}};break;case"ends_with":o={[n]:{$regex:`.*${e}`}};break;default:throw new Error(`Unsupported operator: ${i}`)}return{condition:o,connector:s}}),c=a.filter(t=>t.connector==="AND").map(t=>t.condition),d=a.filter(t=>t.connector==="OR").map(t=>t.condition),r={};return c.length&&(r={...r,$and:c}),d.length&&(r={...r,$or:d}),r}function f(l){let{_id:a,...c}=l;return c}function w(l){return l.reduce((c,d)=>(c[d]=1,c),{})}var m=(l,a)=>{let c=l,d=r=>a!=null&&a.usePlural?`${r}s`:r;return{id:"mongodb",async create(r){let{model:t,data:n}=r;(a==null?void 0:a.generateId)!==void 0&&(n.id=a.generateId?a.generateId():void 0);let i=(await c.collection(d(t)).insertOne({...n})).insertedId,s={...n,id:i};return f(s)},async findOne(r){let{model:t,where:n,select:e}=r,i=u(n),s={};e&&(s=w(e));let o=await c.collection(d(t)).findOne(i,{projection:s});return o?f(o):null},async findMany(r){let{model:t,where:n,limit:e,offset:i,sortBy:s}=r,o=u(n);return(await c.collection(d(t)).find(o).skip(i||0).limit(e||100).sort((s==null?void 0:s.field)||"id",(s==null?void 0:s.direction)==="desc"?-1:1).toArray()).map(f)},async update(r){let{model:t,where:n,update:e}=r,i=u(n);if(e.id&&(e.id=void 0),n.length===1){let o=await c.collection(d(t)).findOneAndUpdate(i,{$set:e},{returnDocument:"after"});return f(o)}let s=await c.collection(d(t)).updateMany(i,{$set:e});return{}},async delete(r){let{model:t,where:n}=r,e=u(n),i=await c.collection(d(t)).findOneAndDelete(e)},async deleteMany(r){let{model:t,where:n}=r,e=u(n),i=await c.collection(d(t)).deleteMany(e)}}};export{m as mongodbAdapter};
package/dist/adapters/prisma.js CHANGED
@@ -1 +1 @@
1
- function f(a){switch(a){case"starts_with":return"startsWith";case"ends_with":return"endsWith";default:return a}}function c(a){if(!a)return{};if(a.length===1){let e=a[0];return e?{[e.field]:e.operator==="eq"||!e.operator?e.value:{[f(e.operator)]:e.value}}:void 0}let l=a.filter(e=>e.connector==="AND"||!e.connector),s=a.filter(e=>e.connector==="OR"),o=l.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[f(e.operator)]:e.value}})),r=s.map(e=>({[e.field]:{[e.operator||"eq"]:e.value}}));return{AND:o.length?o:void 0,OR:r.length?r:void 0}}var y=(a,l)=>{let s=a,o=l.generateId;return{id:"prisma",async create(r){let{model:e,data:n,select:t}=r;return o!==void 0&&(n.id=o?o():void 0),await s[e].create({data:n,...t?.length?{select:t.reduce((d,i)=>({...d,[i]:!0}),{})}:{}})},async findOne(r){let{model:e,where:n,select:t}=r,d=c(n);return await s[e].findFirst({where:d,...t?.length?{select:t.reduce((i,u)=>({...i,[u]:!0}),{})}:{}})},async findMany(r){let{model:e,where:n,limit:t,offset:d,sortBy:i}=r,u=c(n);return await s[e].findMany({where:u,take:t||100,skip:d||0,orderBy:i?.field?{[i.field]:i.direction==="desc"?"desc":"asc"}:void 0})},async update(r){let{model:e,where:n,update:t}=r;t.id&&(t.id=void 0);let d=c(n);return n.length===1?await s[e].update({where:d,data:t}):await s[e].updateMany({where:d,data:t})},async delete(r){let{model:e,where:n}=r,t=c(n);return await s[e].delete({where:t}).catch(d=>{})},async deleteMany(r){let{model:e,where:n}=r,t=c(n);return await s[e].deleteMany({where:t})},options:l}};export{y as prismaAdapter};
1
+ function f(a){switch(a){case"starts_with":return"startsWith";case"ends_with":return"endsWith";default:return a}}function c(a){if(!a)return{};if(a.length===1){let e=a[0];return e?{[e.field]:e.operator==="eq"||!e.operator?e.value:{[f(e.operator)]:e.value}}:void 0}let u=a.filter(e=>e.connector==="AND"||!e.connector),d=a.filter(e=>e.connector==="OR"),o=u.map(e=>({[e.field]:e.operator==="eq"||!e.operator?e.value:{[f(e.operator)]:e.value}})),r=d.map(e=>({[e.field]:{[e.operator||"eq"]:e.value}}));return{AND:o.length?o:void 0,OR:r.length?r:void 0}}var h=(a,u)=>{let d=a,o=u.generateId;return{id:"prisma",async create(r){let{model:e,data:n,select:t}=r;return o!==void 0&&(n.id=o?o():void 0),await d[e].create({data:n,...t!=null&&t.length?{select:t.reduce((i,s)=>({...i,[s]:!0}),{})}:{}})},async findOne(r){let{model:e,where:n,select:t}=r,i=c(n);return await d[e].findFirst({where:i,...t!=null&&t.length?{select:t.reduce((s,l)=>({...s,[l]:!0}),{})}:{}})},async findMany(r){let{model:e,where:n,limit:t,offset:i,sortBy:s}=r,l=c(n);return await d[e].findMany({where:l,take:t||100,skip:i||0,orderBy:s!=null&&s.field?{[s.field]:s.direction==="desc"?"desc":"asc"}:void 0})},async update(r){let{model:e,where:n,update:t}=r;t.id&&(t.id=void 0);let i=c(n);return n.length===1?await d[e].update({where:i,data:t}):await d[e].updateMany({where:i,data:t})},async delete(r){let{model:e,where:n}=r,t=c(n);return await d[e].delete({where:t}).catch(i=>{})},async deleteMany(r){let{model:e,where:n}=r,t=c(n);return await d[e].deleteMany({where:t})},options:u}};export{h as prismaAdapter};
package/dist/api.js CHANGED
@@ -1,6 +1,6 @@
1
- import{APIError as it,createRouter as Ft,statusCode as Ht}from"better-call";import{APIError as J}from"better-call";import{z as ae}from"zod";import{xchacha20poly1305 as sr}from"@noble/ciphers/chacha";import{bytesToHex as dr,hexToBytes as cr,utf8ToBytes as lr}from"@noble/ciphers/utils";import{managedNonce as pr}from"@noble/ciphers/webcrypto";import{sha256 as fr}from"oslo/crypto";import ne from"uncrypto";function W(e,r){let t=new Uint8Array(e),o=new Uint8Array(r);if(t.length!==o.length)return!1;let n=0;for(let i=0;i<t.length;i++)n|=t[i]^o[i];return n===0}import{decodeHex as Wt,encodeHex as Jt}from"oslo/encoding";import{scryptAsync as Xt}from"@noble/hashes/scrypt";import{getRandomValues as tr}from"uncrypto";import ee from"uncrypto";function st(e){return e.toString(2).padStart(8,"0")}function at(e){return[...e].map(r=>st(r)).join("")}function te(e){return parseInt(at(e),2)}function dt(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let r=(e-1).toString(2).length,t=r%8,o=new Uint8Array(Math.ceil(r/8));ee.getRandomValues(o),t!==0&&(o[0]&=(1<<t)-1);let n=te(o);for(;n>=e;)ee.getRandomValues(o),t!==0&&(o[0]&=(1<<t)-1),n=te(o);return n}function re(e,r){let t="";for(let o=0;o<e;o++)t+=r[dt(r.length)];return t}function oe(...e){let r=new Set(e),t="";for(let o of r)o==="a-z"?t+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?t+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?t+="0123456789":t+=o;return t}async function H(e,r){let t=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await ne.subtle.importKey("raw",t.encode(e),o,!1,["sign","verify"]),i=await ne.subtle.sign(o.name,n,t.encode(r));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as ct,createMiddleware as ie,createMiddlewareCreator as lt}from"better-call";var se=ie(async()=>({})),z=lt({use:[se,ie(async()=>({}))]}),m=ct({use:[se]});var de=z({body:ae.object({csrfToken:ae.string().optional()}).optional()},async e=>{if(e.request?.method!=="POST"||e.context.options.advanced?.disableCSRFCheck)return;let r=e.headers?.get("origin")||"";if(r){let d=new URL(r).origin;if(e.context.trustedOrigins.includes(d))return}let t=e.body?.csrfToken;if(!t)throw new J("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=o?.split("!")||[null,null];if(!t||!n||!i||n!==t)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new J("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await H(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new J("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as P}from"better-call";import{generateCodeVerifier as Ct}from"oslo/oauth2";import{z as T}from"zod";import{generateState as ut}from"oslo/oauth2";import{z as Z}from"zod";import{sha256 as ce}from"oslo/crypto";async function le(e){let r=await ce(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(r).toString("base64")}async function ue(e,r){let t=await ce(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(r,"base64");return W(t,o)}import"better-call";async function pe(e){let r=ut(),t=JSON.stringify({code:r,callbackURL:e}),o=await le(t);return{raw:t,hash:o}}function K(e){return Z.object({code:Z.string(),callbackURL:Z.string().optional(),currentURL:Z.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as jr}from"oslo";var $=class extends Error{constructor(r,t){super(r),this.name="BetterAuthError",this.message=r,this.cause=t}};import{env as Mr,isProduction as Fr}from"std-env";async function S(e,r,t,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=t?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,r,e.context.secret,{...n,...o}),t&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function M(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as ft}from"better-call";import{createConsola as pt}from"consola";var D=pt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),mt=e=>({log:(...r)=>{!e?.disabled&&D.log("",...r)},error:(...r)=>{!e?.disabled&&D.error("",...r)},warn:(...r)=>{!e?.disabled&&D.warn("",...r)},info:(...r)=>{!e?.disabled&&D.info("",...r)},debug:(...r)=>{!e?.disabled&&D.debug("",...r)},box:(...r)=>{!e?.disabled&&D.box("",...r)},success:(...r)=>{!e?.disabled&&D.success("",...r)},break:(...r)=>{!e?.disabled&&console.log(`
2
- `)}}),w=mt();var E=z(async e=>{let{body:r,query:t,headers:o,context:n}=e,i=r?.callbackURL||t?.callbackURL||t?.redirectTo||r?.redirectTo,s=t?.currentURL||o?.get("referer")||n.baseURL,d=n.trustedOrigins,a=(c,l)=>{if(c?.startsWith("http")&&!d.some(g=>c.startsWith(g)))throw w.error(`Invalid ${l}`,{[l]:c,trustedOrigins:d}),new ft("FORBIDDEN",{message:`Invalid ${l}`})};a(i,"callbackURL"),a(s,"currentURL")});import{parseJWT as yt}from"oslo/jwt";import{sha256 as gt}from"oslo/crypto";import{base64url as ht}from"oslo/encoding";var V=(e,r="ms")=>new Date(Date.now()+(r==="sec"?e*1e3:e));async function me(e){let r=await gt(new TextEncoder().encode(e));return ht.encode(new Uint8Array(r),{includePadding:!1})}function fe(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?V(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function b({id:e,options:r,authorizationEndpoint:t,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:d,redirectURI:a}){let c=new URL(t);if(c.searchParams.set("response_type","code"),c.searchParams.set("client_id",r.clientId),c.searchParams.set("state",o),c.searchParams.set("scope",i.join(" ")),c.searchParams.set("redirect_uri",r.redirectURI||a),!d&&n){let l=await me(n);c.searchParams.set("code_challenge_method","S256"),c.searchParams.set("code_challenge",l)}if(s){let l=s.reduce((h,g)=>(h[g]=null,h),{});c.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return c}import{betterFetch as wt}from"@better-fetch/fetch";async function y({code:e,codeVerifier:r,redirectURI:t,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),r&&i.set("code_verifier",r),i.set("redirect_uri",t),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:d}=await wt(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return fe(s)}var ge=e=>{let r="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:t,scopes:o,redirectURI:n}){let i=o||["email","name","openid"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${t}`)},validateAuthorizationCode:async({code:t,codeVerifier:o,redirectURI:n})=>y({code:t,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(t){if(!t.idToken)return null;let o=yt(t.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as bt}from"@better-fetch/fetch";var he=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:r,scopes:t,redirectURI:o}){let n=t||["identify","email"];return e.scope&&n.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${r}`)},validateAuthorizationCode:async({code:r,redirectURI:t})=>y({code:r,redirectURI:e.redirectURI||t,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(r){let{data:t,error:o}=await bt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${r.accessToken}`}});if(o)return null;if(t.avatar===null){let n=t.discriminator==="0"?Number(BigInt(t.id)>>BigInt(22))%6:parseInt(t.discriminator)%5;t.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=t.avatar.startsWith("a_")?"gif":"png";t.image_url=`https://cdn.discordapp.com/avatars/${t.id}/${t.avatar}.${n}`}return{user:{id:t.id,name:t.display_name||t.username||"",email:t.email,emailVerified:t.verified,image:t.image_url},data:t}}});import{betterFetch as kt}from"@better-fetch/fetch";var we=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:r,scopes:t,redirectURI:o}){let n=t||["email","public_profile"];return e.scope&&n.push(...e.scope),await b({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:r,redirectURI:o})},validateAuthorizationCode:async({code:r,redirectURI:t})=>y({code:r,redirectURI:e.redirectURI||t,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(r){let{data:t,error:o}=await kt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:r.accessToken}});return o?null:{user:{id:t.id,name:t.name,email:t.email,image:t.picture.data.url,emailVerified:t.email_verified},data:t}}});import{betterFetch as ye}from"@better-fetch/fetch";var be=e=>{let r="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:t,scopes:o,codeVerifier:n,redirectURI:i}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),b({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:t,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:t,redirectURI:o})=>y({code:t,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:r}),async getUserInfo(t){let{data:o,error:n}=await ye("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${t.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:d}=await ye("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${t.accessToken}`,"User-Agent":"better-auth"}});d||(o.email=(s.find(a=>a.primary)??s[0])?.email,i=s.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as At}from"oslo/jwt";var ke=e=>({id:"google",name:"Google",async createAuthorizationURL({state:r,scopes:t,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new $("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new $("codeVerifier is required for Google");let i=t||["email","profile","openid"];e.scope&&i.push(...e.scope);let s=await b({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:r,codeVerifier:o,redirectURI:n});return e.accessType&&s.searchParams.set("access_type",e.accessType),s},validateAuthorizationCode:async({code:r,codeVerifier:t,redirectURI:o})=>y({code:r,codeVerifier:t,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(r){if(!r.idToken)return null;let t=At(r.idToken)?.payload;return{user:{id:t.sub,name:t.name,email:t.email,image:t.picture,emailVerified:t.email_verified},data:t}}});import{betterFetch as Rt}from"@better-fetch/fetch";import{parseJWT as Ut}from"oslo/jwt";var Ae=e=>{let r=e.tenantId||"common",t=`https://login.microsoftonline.com/${r}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${r}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=n.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),b({id:"microsoft",options:e,authorizationEndpoint:t,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return y({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=Ut(n.idToken)?.payload,s=e.profilePhotoSize||48;return await Rt(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(d){if(!(e.disableProfilePhoto||!d.response.ok))try{let c=await d.response.clone().arrayBuffer(),l=Buffer.from(c).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(a){w.error(a)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as Et}from"@better-fetch/fetch";var Re=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:r,scopes:t,codeVerifier:o,redirectURI:n}){let i=t||["user-read-email"];return e.scope&&i.push(...e.scope),b({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:r,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:r,codeVerifier:t,redirectURI:o})=>y({code:r,codeVerifier:t,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(r){let{data:t,error:o}=await Et("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${r.accessToken}`}});return o?null:{user:{id:t.id,name:t.display_name,email:t.email,image:t.images[0]?.url,emailVerified:!1},data:t}}});import"@better-fetch/fetch";var C={isAction:!1};import{nanoid as xt}from"nanoid";var Ue=e=>xt(e);import{parseJWT as Tt}from"oslo/jwt";var Ee=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:r,scopes:t,redirectURI:o}){let n=t||["user:read:email","openid"];return e.scope&&n.push(...e.scope),b({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:r,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:r,redirectURI:t})=>y({code:r,redirectURI:e.redirectURI||t,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(r){let t=r.idToken;if(!t)return w.error("No idToken found in token"),null;let o=Tt(t)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as vt}from"@better-fetch/fetch";var xe=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(r){let t=r.scopes||["account_info.read"];return e.scope&&t.push(...e.scope),b({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:t,state:r.state,codeVerifier:r.codeVerifier,redirectURI:r.redirectURI})},validateAuthorizationCode:async({code:r,codeVerifier:t,redirectURI:o})=>y({code:r,codeVerifier:t,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(r){let{data:t,error:o}=await vt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${r.accessToken}`}});return o||!t.data.email?null:{user:{id:t.data.id,name:t.data.name,email:t.data.email,image:t.data.profile_image_url,emailVerified:t.data.verified||!1},data:t}}});import{betterFetch as Pt}from"@better-fetch/fetch";var Te=e=>{let r="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:t,scopes:o,codeVerifier:n,redirectURI:i})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await b({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:t,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:t,codeVerifier:o,redirectURI:n})=>await y({code:t,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(t){let{data:o,error:n}=await Pt("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};import{betterFetch as _t}from"@better-fetch/fetch";var ve=e=>{let r="https://www.linkedin.com/oauth/v2/authorization",t="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:n,redirectURI:i})=>{let s=n||["profile","email","openid"];return e.scope&&s.push(...e.scope),await b({id:"linkedin",options:e,authorizationEndpoint:r,scopes:s,state:o,redirectURI:i})},validateAuthorizationCode:async({code:o,redirectURI:n})=>await y({code:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(o){let{data:n,error:i}=await _t("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return i?null:{user:{id:n.sub,name:n.name,email:n.email,emailVerified:n.email_verified||!1,image:n.picture},data:n}}}};var St={apple:ge,discord:he,facebook:we,github:be,microsoft:Ae,google:ke,spotify:Re,twitch:Ee,twitter:xe,dropbox:Te,linkedin:ve},Pe=Object.keys(St);import{TimeSpan as Ot}from"oslo";import{createJWT as Lt,validateJWT as It}from"oslo/jwt";import{z as v}from"zod";import{APIError as j}from"better-call";import{APIError as F}from"better-call";import{z as _e}from"zod";var Y=()=>m("/get-session",{method:"GET",requireHeaders:!0},async e=>{try{let r=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!r)return e.json(null,{status:401});let t=await e.context.internalAdapter.findSession(r);if(!t||t.session.expiresAt<new Date)return M(e),t&&await e.context.internalAdapter.deleteSession(t.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(t);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(t.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let a=await e.context.internalAdapter.updateSession(t.session.id,{expiresAt:V(e.context.sessionConfig.expiresIn,"sec")});if(!a)return M(e),e.json(null,{status:401});let c=(a.expiresAt.valueOf()-Date.now())/1e3;return await S(e,a.id,!1,{maxAge:c}),e.json({session:a,user:t.user})}return e.json(t)}catch(r){return e.context.logger.error(r),e.json(null,{status:500})}}),X=async e=>await Y()({...e,_flag:"json",headers:e.headers}),O=z(async e=>{let r=await X(e);if(!r?.session)throw new F("UNAUTHORIZED");return{session:r}}),Se=()=>m("/user/list-sessions",{method:"GET",use:[O],requireHeaders:!0},async e=>{let t=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(t)}),Oe=m("/user/revoke-session",{method:"POST",body:_e.object({id:_e.string()}),use:[O],requireHeaders:!0},async e=>{let r=e.body.id,t=await e.context.internalAdapter.findSession(r);if(!t)throw new F("BAD_REQUEST",{message:"Session not found"});if(t.session.userId!==e.context.session.user.id)throw new F("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(r)}catch(o){throw e.context.logger.error(o),new F("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Le=m("/user/revoke-sessions",{method:"POST",use:[O],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(r){throw e.context.logger.error(r),new F("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function L(e,r,t){return await Lt("HS256",Buffer.from(e),{email:r.toLowerCase(),updateTo:t},{expiresIn:new Ot(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[r],includeIssuedTimestamp:!0})}var Ie=m("/send-verification-email",{method:"POST",query:v.object({currentURL:v.string().optional()}).optional(),body:v.object({email:v.string().email(),callbackURL:v.string().optional()}),use:[E]},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new j("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:r}=e.body,t=await e.context.internalAdapter.findUserByEmail(r);if(!t)throw new j("BAD_REQUEST",{message:"User not found"});let o=await L(e.context.secret,r),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(t.user,n,o),e.json({status:!0})}),Ce=m("/verify-email",{method:"GET",query:v.object({token:v.string(),callbackURL:v.string().optional()}),use:[E]},async e=>{let{token:r}=e.query,t;try{t=await It("HS256",Buffer.from(e.context.secret),r)}catch(s){throw e.context.logger.error("Failed to verify email",s),new j("BAD_REQUEST",{message:"Invalid token"})}let n=v.object({email:v.string().email(),updateTo:v.string().optional()}).parse(t.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new j("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let s=await X(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j("UNAUTHORIZED",{message:"Invalid session"});let d=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(d,`${e.context.baseURL}/verify-email?token=${r}`,r),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:d,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Be=m("/sign-in/social",{method:"POST",requireHeaders:!0,query:T.object({currentURL:T.string().optional()}).optional(),body:T.object({callbackURL:T.string().optional(),provider:T.enum(Pe)}),use:[E]},async e=>{let r=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!r)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new P("NOT_FOUND",{message:"Provider not found"});let t=e.context.authCookies,o=e.query?.currentURL?new URL(e.query?.currentURL):null,n=e.body.callbackURL?.startsWith("http")?e.body.callbackURL:`${o?.origin}${e.body.callbackURL||""}`,i=await pe(n||o?.origin||e.context.options.baseURL);await e.setSignedCookie(t.state.name,i.hash,e.context.secret,t.state.options);let s=Ct();await e.setSignedCookie(t.pkCodeVerifier.name,s,e.context.secret,t.pkCodeVerifier.options);let d=await r.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${r.id}`});return e.json({url:d.toString(),state:i,codeVerifier:s,redirect:!0})}),De=m("/sign-in/email",{method:"POST",body:T.object({email:T.string(),password:T.string(),callbackURL:T.string().optional(),dontRememberMe:T.boolean().default(!1).optional()}),use:[E]},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new P("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:r,password:t}=e.body;if(!T.string().email().safeParse(r).success)throw new P("BAD_REQUEST",{message:"Invalid email"});if(!T.string().email().safeParse(r).success)throw new P("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(r,{includeAccounts:!0});if(!i)throw await e.context.password.hash(t),e.context.logger.error("User not found",{email:r}),new P("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(l=>l.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:r}),new P("UNAUTHORIZED",{message:"Invalid email or password"});let d=s?.password;if(!d)throw e.context.logger.error("Password not found",{email:r}),new P("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(d,t))throw e.context.logger.error("Invalid password"),new P("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw w.error("Email verification is required but no email verification handler is provided"),new P("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await L(e.context.secret,i.user.email),h=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(i.user,h,l),e.context.logger.error("Email not verified",{email:r}),new P("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let c=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);if(!c)throw e.context.logger.error("Failed to create session"),new P("UNAUTHORIZED",{message:"Failed to create session"});return await S(e,c.id,e.body.dontRememberMe),e.json({user:i.user,session:c,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as Q}from"zod";import{z as f}from"zod";var di=f.object({id:f.string(),providerId:f.string(),accountId:f.string(),userId:f.string(),accessToken:f.string().nullable().optional(),refreshToken:f.string().nullable().optional(),idToken:f.string().nullable().optional(),expiresAt:f.date().nullable().optional(),password:f.string().optional().nullable()}),ze=f.object({id:f.string(),email:f.string().transform(e=>e.toLowerCase()),emailVerified:f.boolean().default(!1),name:f.string(),image:f.string().optional(),createdAt:f.date().default(new Date),updatedAt:f.date().default(new Date)}),ci=f.object({id:f.string(),userId:f.string(),expiresAt:f.date(),ipAddress:f.string().optional(),userAgent:f.string().optional()}),li=f.object({id:f.string(),value:f.string(),expiresAt:f.date(),identifier:f.string()});function $e(e,r){let t={...r==="user"?e.user?.additionalFields:{},...r==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[r]&&(t={...t,...o.schema[r].fields});return t}function Ve(e,r){let t=r.fields,o={};for(let n in t){if(n in e){if(t[n].input===!1){if(t[n].defaultValue){o[n]=t[n].defaultValue;continue}continue}o[n]=e[n];continue}if(t[n].defaultValue){o[n]=t[n].defaultValue;continue}}return o}function je(e,r){let t=$e(e,"user");return Ve(r||{},{fields:t})}function qe(e,r){let t=$e(e,"user");return Ve(r||{},{fields:t})}var Ne=m("/callback/:id",{method:"GET",query:Q.object({state:Q.string(),code:Q.string().optional(),error:Q.string().optional()}),metadata:C},async e=>{if(e.query.error||!e.query.code){let R=K(e.query.state).data?.callbackURL||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${R}?error=${e.query.error||"oAuth_code_missing"}`)}let r=e.context.socialProviders.find(u=>u.id===e.params.id);if(!r)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let t=K(e.query.state);if(!t.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=t,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await ue(e.query.state,i))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let d=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),a;try{a=await r.validateAuthorizationCode({code:e.query.code,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${r.id}`})}catch(u){throw e.context.logger.error(u),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await r.getUserInfo(a).then(u=>u?.user),l=Ue(),h=ze.safeParse({...c,id:l});if(!c||h.success===!1)throw w.error("Unable to get user info",h.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);function g(u){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${u}`)}let p=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(u=>{throw w.error(`Better auth was unable to query your database.
3
- Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),k=p?.user.id;if(p){let u=p.accounts.find(R=>R.providerId===r.id);if(u)await e.context.internalAdapter.updateAccount(u.id,{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt});else{(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.id)&&!c.emailVerified||!e.context.options.account?.accountLinking?.enabled)&&g("account_not_linked");try{await e.context.internalAdapter.linkAccount({providerId:r.id,accountId:c.id.toString(),id:`${r.id}:${c.id}`,userId:p.user.id,accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt})}catch(B){w.error("Unable to link account",B),g("unable_to_link_account")}}}else try{let u=c.emailVerified||!1,R=await e.context.internalAdapter.createOAuthUser({...h.data,emailVerified:u},{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt,providerId:r.id,accountId:c.id.toString()});if(k=R?.user.id,!u&&R&&e.context.options.emailVerification?.sendOnSignUp){let N=await L(e.context.secret,c.email),B=`${e.context.baseURL}/verify-email?token=${N}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(R.user,B,N)}}catch(u){w.error("Unable to create user",u),g("unable_to_create_user")}k||g("unable_to_create_user");let x=await e.context.internalAdapter.createSession(k,e.request);throw x||g("unable_to_create_session"),await S(e,x.id),e.redirect(o)});import"zod";import{APIError as Bt}from"better-call";var Me=m("/sign-out",{method:"POST"},async e=>{let r=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!r)throw new Bt("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(r),M(e),e.json({success:!0})});import{z as _}from"zod";import{APIError as G}from"better-call";var Fe=m("/forget-password",{method:"POST",body:_.object({email:_.string().email(),redirectTo:_.string()}),use:[E]},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new G("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:r,redirectTo:t}=e.body,o=await e.context.internalAdapter.findUserByEmail(r,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:r}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let d=`${e.context.baseURL}/reset-password/${s}?callbackURL=${t}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,d),e.json({status:!0})}),He=m("/reset-password/:token",{method:"GET",query:_.object({callbackURL:_.string()}),use:[E]},async e=>{let{token:r}=e.params,t=e.query.callbackURL,o=t.startsWith("http")?t:`${e.context.options.baseURL}${t}`;if(!r||!t)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${r}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}${o.includes("?")?"&":"?"}token=${r}`)}),Ze=m("/reset-password",{query:_.optional(_.object({token:_.string().optional(),currentURL:_.string().optional()})),method:"POST",body:_.object({newPassword:_.string()})},async e=>{let r=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!r)throw new G("BAD_REQUEST",{message:"Token not found"});let{newPassword:t}=e.body,o=`reset-password:${r}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new G("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(t);if(!(await e.context.internalAdapter.findAccounts(i)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,s))throw new G("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as A}from"zod";import{APIError as U}from"better-call";var Qe=()=>m("/user/update",{method:"POST",body:A.record(A.string(),A.any()),use:[O,E]},async e=>{let r=e.body;if(r.email)throw new U("BAD_REQUEST",{message:"You can't update email"});let{name:t,image:o,...n}=r,i=e.context.session;if(!o&&!t&&Object.keys(n).length===0)return e.json({user:i.user});let s=je(e.context.options,n),d=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:t,image:o,...s});return e.json({user:d})}),Ge=m("/user/change-password",{method:"POST",body:A.object({newPassword:A.string(),currentPassword:A.string(),revokeOtherSessions:A.boolean().optional()}),use:[O]},async e=>{let{newPassword:r,currentPassword:t,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(r.length<i)throw e.context.logger.error("Password is too short"),new U("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(r.length>s)throw e.context.logger.error("Password is too long"),new U("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(n.user.id)).find(h=>h.providerId==="credential"&&h.password);if(!a||!a.password)throw new U("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(r);if(!await e.context.password.verify(a.password,t))throw new U("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let h=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!h)throw new U("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await S(e,h.id)}return e.json(n.user)}),We=m("/user/set-password",{method:"POST",body:A.object({newPassword:A.string()}),use:[O]},async e=>{let{newPassword:r}=e.body,t=e.context.session,o=e.context.password.config.minPasswordLength;if(r.length<o)throw e.context.logger.error("Password is too short"),new U("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(r.length>n)throw e.context.logger.error("Password is too long"),new U("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(t.user.id)).find(a=>a.providerId==="credential"&&a.password),d=await e.context.password.hash(r);if(!s)return await e.context.internalAdapter.linkAccount({userId:t.user.id,providerId:"credential",accountId:t.user.id,password:d}),e.json(t.user);throw new U("BAD_REQUEST",{message:"user already has a password"})}),Je=m("/user/delete",{method:"POST",body:A.object({password:A.string()}),use:[O]},async e=>{let{password:r}=e.body,t=e.context.session,n=(await e.context.internalAdapter.findAccounts(t.user.id)).find(d=>d.providerId==="credential"&&d.password);if(!n||!n.password)throw new U("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,r))throw new U("BAD_REQUEST",{message:"Incorrect password"});await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id);let s=e.context.authCookies.sessionToken;return e.setCookie(s.name,"",{maxAge:0}),e.json(null)}),Ke=m("/user/change-email",{method:"POST",query:A.object({currentURL:A.string().optional()}).optional(),body:A.object({newEmail:A.string().email(),callbackURL:A.string().optional()}),use:[O,E]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new U("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new U("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new U("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:n,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new U("BAD_REQUEST",{message:"Verification email isn't enabled"});let t=await L(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${t}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification(e.context.session.user,e.body.newEmail,o,t),e.json({user:null,status:!0})});var Ye=m("/csrf",{method:"GET",metadata:C},async e=>{let r=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(r){let[i,s]=r.split("!")||[null,null];return e.json({csrfToken:i})}let t=re(32,oe("a-z","0-9","A-Z")),o=await H(e.context.secret,t),n=`${t}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:t})});var Dt=(e="Unknown")=>`<!DOCTYPE html>
1
+ import{APIError as mt,createRouter as Yt,statusCode as Xt}from"better-call";import{APIError as ne}from"better-call";import{z as ge}from"zod";import{xchacha20poly1305 as fr}from"@noble/ciphers/chacha";import{bytesToHex as hr,hexToBytes as wr,utf8ToBytes as yr}from"@noble/ciphers/utils";import{managedNonce as kr}from"@noble/ciphers/webcrypto";import{sha256 as Rr}from"oslo/crypto";import pe from"uncrypto";function oe(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}import{decodeHex as or,encodeHex as nr}from"oslo/encoding";import{scryptAsync as ar}from"@noble/hashes/scrypt";import{getRandomValues as dr}from"uncrypto";import ce from"uncrypto";function ft(e){return e.toString(2).padStart(8,"0")}function gt(e){return[...e].map(t=>ft(t)).join("")}function de(e){return parseInt(gt(e),2)}function ht(e){if(e<0||!Number.isInteger(e))throw new Error("Argument 'max' must be an integer greater than or equal to 0");let t=(e-1).toString(2).length,r=t%8,o=new Uint8Array(Math.ceil(t/8));ce.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1);let n=de(o);for(;n>=e;)ce.getRandomValues(o),r!==0&&(o[0]&=(1<<r)-1),n=de(o);return n}function le(e,t){let r="";for(let o=0;o<e;o++)r+=t[ht(t.length)];return r}function ue(...e){let t=new Set(e),r="";for(let o of t)o==="a-z"?r+="abcdefghijklmnopqrstuvwxyz":o==="A-Z"?r+="ABCDEFGHIJKLMNOPQRSTUVWXYZ":o==="0-9"?r+="0123456789":r+=o;return r}async function K(e,t){let r=new TextEncoder,o={name:"HMAC",hash:"SHA-256"},n=await pe.subtle.importKey("raw",r.encode(e),o,!1,["sign","verify"]),i=await pe.subtle.sign(o.name,n,r.encode(t));return btoa(String.fromCharCode(...new Uint8Array(i)))}import{createEndpointCreator as wt,createMiddleware as me,createMiddlewareCreator as yt}from"better-call";var fe=me(async()=>({})),F=yt({use:[fe,me(async()=>({}))]}),f=wt({use:[fe]});var he=F({body:ge.object({csrfToken:ge.string().optional()}).optional()},async e=>{var d,c,a,u;if(((d=e.request)==null?void 0:d.method)!=="POST"||(c=e.context.options.advanced)!=null&&c.disableCSRFCheck)return;let t=((a=e.headers)==null?void 0:a.get("origin"))||"";if(t){let l=new URL(t).origin;if(e.context.trustedOrigins.includes(l))return}let r=(u=e.body)==null?void 0:u.csrfToken;if(!r)throw new ne("UNAUTHORIZED",{message:"CSRF Token is required"});let o=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret),[n,i]=(o==null?void 0:o.split("!"))||[null,null];if(!r||!n||!i||n!==r)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new ne("UNAUTHORIZED",{message:"Invalid CSRF Token"});let s=await K(e.context.secret,n);if(i!==s)throw e.setCookie(e.context.authCookies.csrfToken.name,"",{maxAge:0}),new ne("UNAUTHORIZED",{message:"Invalid CSRF Token"})});import{APIError as C}from"better-call";import{generateCodeVerifier as Mt}from"oslo/oauth2";import{z as O}from"zod";import{generateState as bt}from"oslo/oauth2";import{z as Y}from"zod";import{sha256 as we}from"oslo/crypto";async function ye(e){let t=await we(typeof e=="string"?new TextEncoder().encode(e):e);return Buffer.from(t).toString("base64")}async function be(e,t){let r=await we(typeof e=="string"?new TextEncoder().encode(e):e),o=Buffer.from(t,"base64");return oe(r,o)}import"better-call";async function ke(e){let t=bt(),r=JSON.stringify({code:t,callbackURL:e}),o=await ye(r);return{raw:r,hash:o}}function ie(e){return Y.object({code:Y.string(),callbackURL:Y.string().optional(),currentURL:Y.string().optional()}).safeParse(JSON.parse(e))}import{TimeSpan as Gr}from"oslo";var N=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r}};import{env as Kr,isProduction as Yr}from"std-env";async function z(e,t,r,o){let n=e.context.authCookies.sessionToken.options;n.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t,e.context.secret,{...n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function G(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}import{APIError as Rt}from"better-call";import{createConsola as kt}from"consola";var M=kt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),At=e=>({log:(...t)=>{!(e!=null&&e.disabled)&&M.log("",...t)},error:(...t)=>{!(e!=null&&e.disabled)&&M.error("",...t)},warn:(...t)=>{!(e!=null&&e.disabled)&&M.warn("",...t)},info:(...t)=>{!(e!=null&&e.disabled)&&M.info("",...t)},debug:(...t)=>{!(e!=null&&e.disabled)&&M.debug("",...t)},box:(...t)=>{!(e!=null&&e.disabled)&&M.box("",...t)},success:(...t)=>{!(e!=null&&e.disabled)&&M.success("",...t)},break:(...t)=>{!(e!=null&&e.disabled)&&console.log(`
2
+ `)}}),w=At();var v=F(async e=>{let{body:t,query:r,headers:o,context:n}=e,i=(t==null?void 0:t.callbackURL)||(r==null?void 0:r.callbackURL)||(r==null?void 0:r.redirectTo)||(t==null?void 0:t.redirectTo),s=(r==null?void 0:r.currentURL)||(o==null?void 0:o.get("referer"))||n.baseURL,d=n.trustedOrigins,c=(a,u)=>{if(a!=null&&a.startsWith("http")&&!d.some(p=>a.startsWith(p)))throw w.error(`Invalid ${u}`,{[u]:a,trustedOrigins:d}),new Rt("FORBIDDEN",{message:`Invalid ${u}`})};c(i,"callbackURL"),c(s,"currentURL")});import{parseJWT as Tt}from"oslo/jwt";import{sha256 as Ut}from"oslo/crypto";import{base64url as Et}from"oslo/encoding";var H=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function Ae(e){let t=await Ut(new TextEncoder().encode(e));return Et.encode(new Uint8Array(t),{includePadding:!1})}function Re(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?H(e.expires_in,"sec"):void 0,scopes:e!=null&&e.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function R({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,disablePkce:d,redirectURI:c}){let a=new URL(r);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",t.clientId),a.searchParams.set("state",o),a.searchParams.set("scope",i.join(" ")),a.searchParams.set("redirect_uri",t.redirectURI||c),!d&&n){let u=await Ae(n);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",u)}if(s){let u=s.reduce((l,p)=>(l[p]=null,l),{});a.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...u}}))}return a}import{betterFetch as xt}from"@better-fetch/fetch";async function y({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n}){let i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",e),t&&i.set("code_verifier",t),i.set("redirect_uri",r),i.set("client_id",o.clientId),i.set("client_secret",o.clientSecret);let{data:s,error:d}=await xt(n,{method:"POST",body:i,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(d)throw d;return Re(s)}var Ue=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=o||["email","name","openid"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>y({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){var n;if(!r.idToken)return null;let o=(n=Tt(r.idToken))==null?void 0:n.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as vt}from"@better-fetch/fetch";var Ee=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["identify","email"];return e.scope&&n.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await vt("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as Pt}from"@better-fetch/fetch";var xe=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["email","public_profile"];return e.scope&&n.push(...e.scope),await R({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await Pt("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as Te}from"@better-fetch/fetch";var ve=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),R({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>y({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){var s,d,c,a;let{data:o,error:n}=await Te("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:u,error:l}=await Te("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});l||(o.email=(d=(s=u.find(p=>p.primary))!=null?s:u[0])==null?void 0:d.email,i=(a=(c=u.find(p=>p.email===o.email))==null?void 0:c.verified)!=null?a:!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};import{parseJWT as _t}from"oslo/jwt";var Pe=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw w.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new N("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new N("codeVerifier is required for Google");let i=r||["email","profile","openid"];e.scope&&i.push(...e.scope);let s=await R({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){var o;if(!t.idToken)return null;let r=(o=_t(t.idToken))==null?void 0:o.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as St}from"@better-fetch/fetch";import{parseJWT as Ot}from"oslo/jwt";var _e=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=n.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),R({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return y({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){var d;if(!n.idToken)return null;let i=(d=Ot(n.idToken))==null?void 0:d.payload,s=e.profilePhotoSize||48;return await St(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let u=await c.response.clone().arrayBuffer(),l=Buffer.from(u).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(a){w.error(a)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};import{betterFetch as It}from"@better-fetch/fetch";var Se=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=r||["user-read-email"];return e.scope&&i.push(...e.scope),R({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){var n;let{data:r,error:o}=await It("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:(n=r.images[0])==null?void 0:n.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";var q={isAction:!1};import{nanoid as Lt}from"nanoid";var Oe=e=>Lt(e);import{parseJWT as Ct}from"oslo/jwt";var Ie=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["user:read:email","openid"];return e.scope&&n.push(...e.scope),R({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>y({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){var n;let r=t.idToken;if(!r)return w.error("No idToken found in token"),null;let o=(n=Ct(r))==null?void 0:n.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as Bt}from"@better-fetch/fetch";var Le=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["account_info.read"];return e.scope&&r.push(...e.scope),R({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>y({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await Bt("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as Dt}from"@better-fetch/fetch";var Ce=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:n,redirectURI:i})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await R({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>await y({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){var i;let{data:o,error:n}=await Dt("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return n?null:{user:{id:o.account_id,name:(i=o.name)==null?void 0:i.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};import{betterFetch as zt}from"@better-fetch/fetch";var Be=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:n,redirectURI:i})=>{let s=n||["profile","email","openid"];return e.scope&&s.push(...e.scope),await R({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:i})},validateAuthorizationCode:async({code:o,redirectURI:n})=>await y({code:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:n,error:i}=await zt("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return i?null:{user:{id:n.sub,name:n.name,email:n.email,emailVerified:n.email_verified||!1,image:n.picture},data:n}}}};var $t={apple:Ue,discord:Ee,facebook:xe,github:ve,microsoft:_e,google:Pe,spotify:Se,twitch:Ie,twitter:Le,dropbox:Ce,linkedin:Be},De=Object.keys($t);import{TimeSpan as Vt}from"oslo";import{createJWT as jt,validateJWT as qt}from"oslo/jwt";import{z as L}from"zod";import{APIError as Z}from"better-call";import{APIError as W}from"better-call";import{z as ze}from"zod";var se=()=>f("/get-session",{method:"GET",requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.context.internalAdapter.findSession(t);if(!r||r.session.expiresAt<new Date)return G(e),r&&await e.context.internalAdapter.deleteSession(r.session.id),e.json(null,{status:401});if(await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret))return e.json(r);let n=e.context.sessionConfig.expiresIn,i=e.context.sessionConfig.updateAge;if(r.session.expiresAt.valueOf()-n*1e3+i*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(r.session.id,{expiresAt:H(e.context.sessionConfig.expiresIn,"sec")});if(!c)return G(e),e.json(null,{status:401});let a=(c.expiresAt.valueOf()-Date.now())/1e3;return await z(e,c.id,!1,{maxAge:a}),e.json({session:c,user:r.user})}return e.json(r)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ae=async e=>await se()({...e,_flag:"json",headers:e.headers}),$=F(async e=>{let t=await ae(e);if(!(t!=null&&t.session))throw new W("UNAUTHORIZED");return{session:t}}),$e=()=>f("/user/list-sessions",{method:"GET",use:[$],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ve=f("/user/revoke-session",{method:"POST",body:ze.object({id:ze.string()}),use:[$],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new W("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new W("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new W("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),je=f("/user/revoke-sessions",{method:"POST",use:[$],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new W("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function V(e,t,r){return await jt("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Vt(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var qe=f("/send-verification-email",{method:"POST",query:L.object({currentURL:L.string().optional()}).optional(),body:L.object({email:L.string().email(),callbackURL:L.string().optional()}),use:[v]},async e=>{var i,s;if(!((i=e.context.options.emailVerification)!=null&&i.sendVerificationEmail))throw e.context.logger.error("Verification email isn't enabled."),new Z("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new Z("BAD_REQUEST",{message:"User not found"});let o=await V(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||((s=e.query)==null?void 0:s.currentURL)||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,n,o),e.json({status:!0})}),Me=f("/verify-email",{method:"GET",query:L.object({token:L.string(),callbackURL:L.string().optional()}),use:[v]},async e=>{var s,d;let{token:t}=e.query,r;try{r=await qt("HS256",Buffer.from(e.context.secret),t)}catch(c){throw e.context.logger.error("Failed to verify email",c),new Z("BAD_REQUEST",{message:"Invalid token"})}let n=L.object({email:L.string().email(),updateTo:L.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(n.email))throw new Z("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let c=await ae(e);if(!c)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new Z("UNAUTHORIZED",{message:"Session not found"});if(c.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new Z("UNAUTHORIZED",{message:"Invalid session"});let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await((d=(s=e.context.options.emailVerification)==null?void 0:s.sendVerificationEmail)==null?void 0:d.call(s,a,`${e.context.baseURL}/verify-email?token=${t}`,t)),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Fe=f("/sign-in/social",{method:"POST",requireHeaders:!0,query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({callbackURL:O.string().optional(),provider:O.enum(De)}),use:[v]},async e=>{var c,a,u;let t=e.context.socialProviders.find(l=>l.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new C("NOT_FOUND",{message:"Provider not found"});let r=e.context.authCookies,o=(c=e.query)!=null&&c.currentURL?new URL((a=e.query)==null?void 0:a.currentURL):null,n=(u=e.body.callbackURL)!=null&&u.startsWith("http")?e.body.callbackURL:`${o==null?void 0:o.origin}${e.body.callbackURL||""}`,i=await ke(n||(o==null?void 0:o.origin)||e.context.options.baseURL);await e.setSignedCookie(r.state.name,i.hash,e.context.secret,r.state.options);let s=Mt();await e.setSignedCookie(r.pkCodeVerifier.name,s,e.context.secret,r.pkCodeVerifier.options);let d=await t.createAuthorizationURL({state:i.raw,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:d.toString(),state:i,codeVerifier:s,redirect:!0})}),Ne=f("/sign-in/email",{method:"POST",body:O.object({email:O.string(),password:O.string(),callbackURL:O.string().optional(),dontRememberMe:O.boolean().default(!1).optional()}),use:[v]},async e=>{var u,l,p,m,x,P;if(!((l=(u=e.context.options)==null?void 0:u.emailAndPassword)!=null&&l.enabled))throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new C("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!O.string().email().safeParse(t).success)throw new C("BAD_REQUEST",{message:"Invalid email"});if(!O.string().email().safeParse(t).success)throw new C("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new C("UNAUTHORIZED",{message:"Invalid email or password"});let s=i.accounts.find(_=>_.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new C("UNAUTHORIZED",{message:"Invalid email or password"});let d=s==null?void 0:s.password;if(!d)throw e.context.logger.error("Password not found",{email:t}),new C("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(d,r))throw e.context.logger.error("Invalid password"),new C("UNAUTHORIZED",{message:"Invalid email or password"});if((m=(p=e.context.options)==null?void 0:p.emailAndPassword)!=null&&m.requireEmailVerification&&!i.user.emailVerified){if(!((P=(x=e.context.options)==null?void 0:x.emailVerification)!=null&&P.sendVerificationEmail))throw w.error("Email verification is required but no email verification handler is provided"),new C("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let _=await V(e.context.secret,i.user.email),D=`${e.context.options.baseURL}/verify-email?token=${_}`;throw await e.context.options.emailVerification.sendVerificationEmail(i.user,D,_),e.context.logger.error("Email not verified",{email:t}),new C("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let a=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.dontRememberMe);if(!a)throw e.context.logger.error("Failed to create session"),new C("UNAUTHORIZED",{message:"Failed to create session"});return await z(e,a.id,e.body.dontRememberMe),e.json({user:i.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as X}from"zod";import{z as g}from"zod";var hi=g.object({id:g.string(),providerId:g.string(),accountId:g.string(),userId:g.string(),accessToken:g.string().nullable().optional(),refreshToken:g.string().nullable().optional(),idToken:g.string().nullable().optional(),expiresAt:g.date().nullable().optional(),password:g.string().optional().nullable()}),He=g.object({id:g.string(),email:g.string().transform(e=>e.toLowerCase()),emailVerified:g.boolean().default(!1),name:g.string(),image:g.string().optional(),createdAt:g.date().default(new Date),updatedAt:g.date().default(new Date)}),wi=g.object({id:g.string(),userId:g.string(),expiresAt:g.date(),ipAddress:g.string().optional(),userAgent:g.string().optional()}),yi=g.object({id:g.string(),value:g.string(),expiresAt:g.date(),identifier:g.string()});function Ze(e,t){var o,n;let r={...t==="user"?(o=e.user)==null?void 0:o.additionalFields:{},...t==="session"?(n=e.session)==null?void 0:n.additionalFields:{}};for(let i of e.plugins||[])i.schema&&i.schema[t]&&(r={...r,...i.schema[t].fields});return r}function Qe(e,t){let r=t.fields,o={};for(let n in r){if(n in e){if(r[n].input===!1){if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}continue}o[n]=e[n];continue}if(r[n].defaultValue){o[n]=r[n].defaultValue;continue}}return o}function Ge(e,t){let r=Ze(e,"user");return Qe(t||{},{fields:r})}function We(e,t){let r=Ze(e,"user");return Qe(t||{},{fields:r})}var Je=f("/callback/:id",{method:"GET",query:X.object({state:X.string(),code:X.string().optional(),error:X.string().optional()}),metadata:q},async e=>{var _,D,k,A,I,b,T,J;if(e.query.error||!e.query.code){let S=((_=ie(e.query.state).data)==null?void 0:_.callbackURL)||`${e.context.baseURL}/error`;throw e.context.logger.error(e.query.error,e.params.id),e.redirect(`${S}?error=${e.query.error||"oAuth_code_missing"}`)}let t=e.context.socialProviders.find(h=>h.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let r=ie(e.query.state);if(!r.success)throw e.context.logger.error("Unable to parse state"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let{data:{callbackURL:o,currentURL:n}}=r,i=await e.getSignedCookie(e.context.authCookies.state.name,e.context.secret);if(!i)throw w.error("No stored state found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!await be(e.query.state,i))throw w.error("OAuth state mismatch"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let d=await e.getSignedCookie(e.context.authCookies.pkCodeVerifier.name,e.context.secret),c;try{c=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(h){throw e.context.logger.error(h),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let a=await t.getUserInfo(c).then(h=>h==null?void 0:h.user),u=Oe(),l=He.safeParse({...a,id:u});if(!a||l.success===!1)throw w.error("Unable to get user info",l.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);function p(h){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${h}`)}let m=await e.context.internalAdapter.findUserByEmail(a.email,{includeAccounts:!0}).catch(h=>{throw w.error(`Better auth was unable to query your database.
3
+ Error: `,h),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),x=m==null?void 0:m.user.id;if(m){let h=m.accounts.find(S=>S.providerId===t.id);if(h)await e.context.internalAdapter.updateAccount(h.id,{accessToken:c.accessToken,idToken:c.idToken,refreshToken:c.refreshToken,expiresAt:c.accessTokenExpiresAt});else{let S=(k=(D=e.context.options.account)==null?void 0:D.accountLinking)==null?void 0:k.trustedProviders;(!(S==null?void 0:S.includes(t.id))&&!a.emailVerified||!((I=(A=e.context.options.account)==null?void 0:A.accountLinking)!=null&&I.enabled))&&p("account_not_linked");try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:a.id.toString(),id:`${t.id}:${a.id}`,userId:m.user.id,accessToken:c.accessToken,idToken:c.idToken,refreshToken:c.refreshToken,expiresAt:c.accessTokenExpiresAt})}catch(re){w.error("Unable to link account",re),p("unable_to_link_account")}}}else try{let h=a.emailVerified||!1,S=await e.context.internalAdapter.createOAuthUser({...l.data,emailVerified:h},{accessToken:c.accessToken,idToken:c.idToken,refreshToken:c.refreshToken,expiresAt:c.accessTokenExpiresAt,providerId:t.id,accountId:a.id.toString()});if(x=S==null?void 0:S.user.id,!h&&S&&((b=e.context.options.emailVerification)!=null&&b.sendOnSignUp)){let te=await V(e.context.secret,a.email),re=`${e.context.baseURL}/verify-email?token=${te}&callbackURL=${o}`;await((J=(T=e.context.options.emailVerification)==null?void 0:T.sendVerificationEmail)==null?void 0:J.call(T,S.user,re,te))}}catch(h){w.error("Unable to create user",h),p("unable_to_create_user")}x||p("unable_to_create_user");let P=await e.context.internalAdapter.createSession(x,e.request);throw P||p("unable_to_create_session"),await z(e,P.id),e.redirect(o)});import"zod";import{APIError as Ft}from"better-call";var Ke=f("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new Ft("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),G(e),e.json({success:!0})});import{z as B}from"zod";import{APIError as ee}from"better-call";var Ye=f("/forget-password",{method:"POST",body:B.object({email:B.string().email(),redirectTo:B.string()}),use:[v]},async e=>{var c;if(!((c=e.context.options.emailAndPassword)!=null&&c.sendResetPassword))throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ee("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n)),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let d=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,d),e.json({status:!0})}),Xe=f("/reset-password/:token",{method:"GET",query:B.object({callbackURL:B.string()}),use:[v]},async e=>{let{token:t}=e.params,r=e.query.callbackURL,o=r.startsWith("http")?r:`${e.context.options.baseURL}${r}`;if(!t||!r)throw e.redirect(`${e.context.baseURL}/error?error=INVALID_TOKEN`);let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(`${o}?error=INVALID_TOKEN`):e.redirect(`${o}${o.includes("?")?"&":"?"}token=${t}`)}),et=f("/reset-password",{query:B.optional(B.object({token:B.string().optional(),currentURL:B.string().optional()})),method:"POST",body:B.object({newPassword:B.string()})},async e=>{var u,l;let t=((u=e.query)==null?void 0:u.token)||((l=e.query)!=null&&l.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ee("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new ee("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(i)).find(p=>p.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(i,s))throw new ee("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as U}from"zod";import{APIError as E}from"better-call";var tt=()=>f("/user/update",{method:"POST",body:U.record(U.string(),U.any()),use:[$,v]},async e=>{let t=e.body;if(t.email)throw new E("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...n}=t,i=e.context.session;if(!o&&!r&&Object.keys(n).length===0)return e.json({user:i.user});let s=Ge(e.context.options,n),d=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:r,image:o,...s});return e.json({user:d})}),rt=f("/user/change-password",{method:"POST",body:U.object({newPassword:U.string(),currentPassword:U.string(),revokeOtherSessions:U.boolean().optional()}),use:[$]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new E("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new E("BAD_REQUEST",{message:"Password too long"});let c=(await e.context.internalAdapter.findAccounts(n.user.id)).find(l=>l.providerId==="credential"&&l.password);if(!c||!c.password)throw new E("BAD_REQUEST",{message:"User does not have a password"});let a=await e.context.password.hash(t);if(!await e.context.password.verify(c.password,r))throw new E("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(c.id,{password:a}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let l=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!l)throw new E("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await z(e,l.id)}return e.json(n.user)}),ot=f("/user/set-password",{method:"POST",body:U.object({newPassword:U.string()}),use:[$]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new E("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new E("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(c=>c.providerId==="credential"&&c.password),d=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:d}),e.json(r.user);throw new E("BAD_REQUEST",{message:"user already has a password"})}),nt=f("/user/delete",{method:"POST",body:U.object({password:U.string()}),use:[$]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(d=>d.providerId==="credential"&&d.password);if(!n||!n.password)throw new E("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new E("BAD_REQUEST",{message:"Incorrect password"});await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id);let s=e.context.authCookies.sessionToken;return e.setCookie(s.name,"",{maxAge:0}),e.json(null)}),it=f("/user/change-email",{method:"POST",query:U.object({currentURL:U.string().optional()}).optional(),body:U.object({newEmail:U.string().email(),callbackURL:U.string().optional()}),use:[$,v]},async e=>{var n,i,s;if(!((i=(n=e.context.options.user)==null?void 0:n.changeEmail)!=null&&i.enabled))throw e.context.logger.error("Change email is disabled."),new E("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new E("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new E("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let d=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:d,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new E("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await V(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||((s=e.query)==null?void 0:s.currentURL)||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification(e.context.session.user,e.body.newEmail,o,r),e.json({user:null,status:!0})});var st=f("/csrf",{method:"GET",metadata:q},async e=>{let t=await e.getSignedCookie(e.context.authCookies.csrfToken.name,e.context.secret);if(t){let[i,s]=t.split("!")||[null,null];return e.json({csrfToken:i})}let r=le(32,ue("a-z","0-9","A-Z")),o=await K(e.context.secret,r),n=`${r}!${o}`;return await e.setSignedCookie(e.context.authCookies.csrfToken.name,n,e.context.secret,e.context.authCookies.csrfToken.options),e.json({csrfToken:r})});var Nt=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
5
5
  <head>
6
6
  <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
80
80
  <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
81
81
  </div>
82
82
  </body>
83
- </html>`,Xe=m("/error",{method:"GET",metadata:C},async e=>{let r=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Dt(r),{headers:{"Content-Type":"text/html"}})});var et=m("/ok",{method:"GET",metadata:C},async e=>e.json({ok:!0}));import{z as q}from"zod";import{APIError as I}from"better-call";var tt=()=>m("/sign-up/email",{method:"POST",query:q.object({currentURL:q.string().optional()}).optional(),body:q.record(q.string(),q.any()),use:[E]},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new I("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let r=e.body,{name:t,email:o,password:n,image:i,callbackURL:s,...d}=r;if(!q.string().email().safeParse(o).success)throw new I("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(n.length<c)throw e.context.logger.error("Password is too short"),new I("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(n.length>l)throw e.context.logger.error("Password is too long"),new I("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new I("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let g=qe(e.context.options,d),p;try{if(p=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:t,image:i,...g,emailVerified:!1}),!p)throw new I("BAD_REQUEST",{message:"Failed to create user"})}catch(u){throw new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:u})}if(!p)throw new I("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let k=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:p.id,providerId:"credential",accountId:p.id,password:k,expiresAt:V(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let u=await L(e.context.secret,p.email),R=`${e.context.baseURL}/verify-email?token=${u}&callbackURL=${r.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(p,R,u)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:p,session:null},{body:r.callbackURL?{url:r.callbackURL,redirect:!0}:{user:p,session:null}});let x=await e.context.internalAdapter.createSession(p.id,e.request);if(!x)throw new I("BAD_REQUEST",{message:"Failed to create session"});return await S(e,x.id),e.json({user:p,session:x},{body:r.callbackURL?{url:r.callbackURL,redirect:!0}:{user:p,session:x}})});import{isTest as zt}from"std-env";function rt(e){let r="127.0.0.1";if(zt)return r;let t=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let n of t){let i=o.get(n);if(typeof i=="string"){let s=i.split(",")[0].trim();if(s)return s}}return null}function $t(e,r,t){let o=Date.now(),n=r*1e3;return o-t.lastRequest<n&&t.count>=e}function Vt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function jt(e,r){let t=Date.now(),o=r*1e3;return Math.ceil((e+o-t)/1e3)}function qt(e,r){let t=r??"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:t,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:r??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:r??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(d){w.error("Error setting rate limit",d)}}}}var ot=new Map;function Nt(e){return e.rateLimit.storage==="secondary-storage"?{get:async t=>{let o=await e.options.secondaryStorage?.get(t);return o?JSON.parse(o):void 0},set:async(t,o)=>{await e.options.secondaryStorage?.set?.(t,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(t){return ot.get(t)},async set(t,o,n){ot.set(t,o)}}:qt(e,e.rateLimit.tableName)}async function nt(e,r){if(!r.rateLimit.enabled)return;let t=r.baseURL,o=e.url.replace(t,""),n=r.rateLimit.window,i=r.rateLimit.max,s=rt(e)+o,a=Mt().find(g=>g.pathMatcher(o));a&&(n=a.window,i=a.max);for(let g of r.options.plugins||[])if(g.rateLimit){let p=g.rateLimit.find(k=>k.pathMatcher(o));if(p){n=p.window,i=p.max;break}}if(r.rateLimit.customRules){let g=r.rateLimit.customRules[o];g&&(n=g.window,i=g.max)}let c=Nt(r),l=await c.get(s),h=Date.now();if(!l)await c.set(s,{key:s,count:1,lastRequest:h});else{let g=h-l.lastRequest;if($t(i,n,l)){let p=jt(l.lastRequest,n);return Vt(p)}else g>n*1e3?await c.set(s,{...l,count:1,lastRequest:h}):await c.set(s,{...l,count:l.count+1,lastRequest:h})}}function Mt(){return[{pathMatcher(r){return r.startsWith("/sign-in")||r.startsWith("/sign-up")},window:10,max:3}]}import{APIError as ta}from"better-call";function Zt(e,r){let t=r.plugins?.reduce((d,a)=>({...d,...a.endpoints}),{}),o=r.plugins?.map(d=>d.middlewares?.map(a=>{let c=async l=>a.middleware({...l,context:{...e,...l.context}});return c.path=a.path,c.options=a.middleware.options,c.headers=a.middleware.headers,{path:a.path,middleware:c}})).filter(d=>d!==void 0).flat()||[],i={...{signInOAuth:Be,callbackOAuth:Ne,getCSRFToken:Ye,getSession:Y(),signOut:Me,signUpEmail:tt(),signInEmail:De,forgetPassword:Fe,resetPassword:Ze,verifyEmail:Ce,sendVerificationEmail:Ie,changeEmail:Ke,changePassword:Ge,setPassword:We,updateUser:Qe(),deleteUser:Je,forgetPasswordCallback:He,listSessions:Se(),revokeSession:Oe,revokeSessions:Le},...t,ok:et,error:Xe},s={};for(let[d,a]of Object.entries(i))s[d]=async(c={})=>{let l=await e;for(let p of r.plugins||[])if(p.hooks?.before){for(let k of p.hooks.before)if(k.matcher({...a,...c,context:l})){let u=await k.handler({...c,context:{...l,...c?.context}});u&&"context"in u&&(l={...l,...u.context})}}let h;try{h=await a({...c,context:{...l,...c.context}})}catch(p){if(p instanceof it){let k=r.plugins?.map(u=>{if(u.hooks?.after)return u.hooks.after}).filter(u=>u!==void 0).flat();if(!k?.length)throw p;let x=new Response(JSON.stringify(p.body),{status:Ht[p.status],headers:p.headers});for(let u of k||[])if(u.matcher(c)){let N=Object.assign(c,{context:{...e,returned:x}}),B=await u.handler(N);B&&"response"in B&&(x=B.response)}return x}throw p}let g=h;for(let p of r.plugins||[])if(p.hooks?.after){for(let k of p.hooks.after)if(k.matcher(c)){let u=Object.assign(c,{context:{...e,returned:g}}),R=await k.handler(u);R&&"response"in R&&(g=R.response)}}return g},s[d].path=a.path,s[d].method=a.method,s[d].options=a.options,s[d].headers=a.headers;return{api:s,middlewares:o}}var Ws=(e,r)=>{let{api:t,middlewares:o}=Zt(e,r),n=new URL(e.baseURL).pathname;return Ft(t,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:de},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let d=await s.onRequest(i,e);if(d)return d}return nt(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let d=await s.onResponse(i,e);if(d)return d.response}return i},onError(i){if(r.onAPIError?.throw)throw i;if(r.onAPIError?.onError){r.onAPIError.onError(i,e);return}let s=r.logger?.verboseLogging?w:void 0;r.logger?.disabled!==!0&&(i instanceof it?(i.status==="INTERNAL_SERVER_ERROR"&&w.error(i),s?.error(i.message)):w?.error(i))}})};export{ta as APIError,Ne as callbackOAuth,Ke as changeEmail,Ge as changePassword,m as createAuthEndpoint,z as createAuthMiddleware,L as createEmailVerificationToken,de as csrfMiddleware,Je as deleteUser,Xe as error,Fe as forgetPassword,He as forgetPasswordCallback,Ye as getCSRFToken,Zt as getEndpoints,Y as getSession,X as getSessionFromCtx,Se as listSessions,et as ok,se as optionsMiddleware,Ze as resetPassword,Oe as revokeSession,Le as revokeSessions,Ws as router,Ie as sendVerificationEmail,O as sessionMiddleware,We as setPassword,De as signInEmail,Be as signInOAuth,Me as signOut,tt as signUpEmail,Qe as updateUser,Ce as verifyEmail};
83
+ </html>`,at=f("/error",{method:"GET",metadata:q},async e=>{var r;let t=new URL(((r=e.request)==null?void 0:r.url)||"").searchParams.get("error")||"Unknown";return new Response(Nt(t),{headers:{"Content-Type":"text/html"}})});var ct=f("/ok",{method:"GET",metadata:q},async e=>e.json({ok:!0}));import{z as Q}from"zod";import{APIError as j}from"better-call";var dt=()=>f("/sign-up/email",{method:"POST",query:Q.object({currentURL:Q.string().optional()}).optional(),body:Q.record(Q.string(),Q.any()),use:[v]},async e=>{var _,D,k,A,I;if(!((_=e.context.options.emailAndPassword)!=null&&_.enabled))throw new j("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:s,...d}=t;if(!Q.string().email().safeParse(o).success)throw new j("BAD_REQUEST",{message:"Invalid email"});let a=e.context.password.config.minPasswordLength;if(n.length<a)throw e.context.logger.error("Password is too short"),new j("BAD_REQUEST",{message:"Password is too short"});let u=e.context.password.config.maxPasswordLength;if(n.length>u)throw e.context.logger.error("Password is too long"),new j("BAD_REQUEST",{message:"Password is too long"});let l=await e.context.internalAdapter.findUserByEmail(o);if(l!=null&&l.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new j("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let p=We(e.context.options,d),m;try{if(m=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...p,emailVerified:!1}),!m)throw new j("BAD_REQUEST",{message:"Failed to create user"})}catch(b){throw new j("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:b})}if(!m)throw new j("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let x=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:x,expiresAt:H(60*60*24*30,"sec")}),(D=e.context.options.emailVerification)!=null&&D.sendOnSignUp){let b=await V(e.context.secret,m.email),T=`${e.context.baseURL}/verify-email?token=${b}&callbackURL=${t.callbackURL||((k=e.query)==null?void 0:k.currentURL)||"/"}`;await((I=(A=e.context.options.emailVerification)==null?void 0:A.sendVerificationEmail)==null?void 0:I.call(A,m,T,b))}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:m,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:m,session:null}});let P=await e.context.internalAdapter.createSession(m.id,e.request);if(!P)throw new j("BAD_REQUEST",{message:"Failed to create session"});return await z(e,P.id),e.json({user:m,session:P},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:m,session:P}})});import{isTest as Ht}from"std-env";function lt(e){let t="127.0.0.1";if(Ht)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let n of r){let i=o.get(n);if(typeof i=="string"){let s=i.split(",")[0].trim();if(s)return s}}return null}function Zt(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function Qt(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Gt(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Wt(e,t){let r=t!=null?t:"rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:t!=null?t:"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t!=null?t:"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(d){w.error("Error setting rate limit",d)}}}}var ut=new Map;function Jt(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{var n;let o=await((n=e.options.secondaryStorage)==null?void 0:n.get(r));return o?JSON.parse(o):void 0},set:async(r,o)=>{var n,i;await((i=(n=e.options.secondaryStorage)==null?void 0:n.set)==null?void 0:i.call(n,r,JSON.stringify(o)))}}:e.rateLimit.storage==="memory"?{async get(r){return ut.get(r)},async set(r,o,n){ut.set(r,o)}}:Wt(e,e.rateLimit.tableName)}async function pt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,s=lt(e)+o,c=Kt().find(p=>p.pathMatcher(o));c&&(n=c.window,i=c.max);for(let p of t.options.plugins||[])if(p.rateLimit){let m=p.rateLimit.find(x=>x.pathMatcher(o));if(m){n=m.window,i=m.max;break}}if(t.rateLimit.customRules){let p=t.rateLimit.customRules[o];p&&(n=p.window,i=p.max)}let a=Jt(t),u=await a.get(s),l=Date.now();if(!u)await a.set(s,{key:s,count:1,lastRequest:l});else{let p=l-u.lastRequest;if(Zt(i,n,u)){let m=Gt(u.lastRequest,n);return Qt(m)}else p>n*1e3?await a.set(s,{...u,count:1,lastRequest:l}):await a.set(s,{...u,count:u.count+1,lastRequest:l})}}function Kt(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:3}]}import{APIError as da}from"better-call";function er(e,t){var d,c;let r=(d=t.plugins)==null?void 0:d.reduce((a,u)=>({...a,...u.endpoints}),{}),o=((c=t.plugins)==null?void 0:c.map(a=>{var u;return(u=a.middlewares)==null?void 0:u.map(l=>{let p=async m=>l.middleware({...m,context:{...e,...m.context}});return p.path=l.path,p.options=l.middleware.options,p.headers=l.middleware.headers,{path:l.path,middleware:p}})}).filter(a=>a!==void 0).flat())||[],i={...{signInOAuth:Fe,callbackOAuth:Je,getCSRFToken:st,getSession:se(),signOut:Ke,signUpEmail:dt(),signInEmail:Ne,forgetPassword:Ye,resetPassword:et,verifyEmail:Me,sendVerificationEmail:qe,changeEmail:it,changePassword:rt,setPassword:ot,updateUser:tt(),deleteUser:nt,forgetPasswordCallback:Xe,listSessions:$e(),revokeSession:Ve,revokeSessions:je},...r,ok:ct,error:at},s={};for(let[a,u]of Object.entries(i))s[a]=async(l={})=>{var P,_,D;let p=await e;for(let k of t.plugins||[])if((P=k.hooks)!=null&&P.before){for(let A of k.hooks.before)if(A.matcher({...u,...l,context:p})){let b=await A.handler({...l,context:{...p,...l==null?void 0:l.context}});b&&"context"in b&&(p={...p,...b.context})}}let m;try{m=await u({...l,context:{...p,...l.context}})}catch(k){if(k instanceof mt){let A=(_=t.plugins)==null?void 0:_.map(b=>{var T;if((T=b.hooks)!=null&&T.after)return b.hooks.after}).filter(b=>b!==void 0).flat();if(!(A!=null&&A.length))throw k;let I=new Response(JSON.stringify(k.body),{status:Xt[k.status],headers:k.headers});for(let b of A||[])if(b.matcher(l)){let J=Object.assign(l,{context:{...e,returned:I}}),h=await b.handler(J);h&&"response"in h&&(I=h.response)}return I}throw k}let x=m;for(let k of t.plugins||[])if((D=k.hooks)!=null&&D.after){for(let A of k.hooks.after)if(A.matcher(l)){let b=Object.assign(l,{context:{...e,returned:x}}),T=await A.handler(b);T&&"response"in T&&(x=T.response)}}return x},s[a].path=u.path,s[a].method=u.method,s[a].options=u.options,s[a].headers=u.headers;return{api:s,middlewares:o}}var oa=(e,t)=>{let{api:r,middlewares:o}=er(e,t),n=new URL(e.baseURL).pathname;return Yt(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:he},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let d=await s.onRequest(i,e);if(d)return d}return pt(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let d=await s.onResponse(i,e);if(d)return d.response}return i},onError(i){var d,c,a,u,l;if((d=t.onAPIError)!=null&&d.throw)throw i;if((c=t.onAPIError)!=null&&c.onError){t.onAPIError.onError(i,e);return}let s=(a=t.logger)!=null&&a.verboseLogging?w:void 0;((u=t.logger)==null?void 0:u.disabled)!==!0&&(i instanceof mt?(i.status==="INTERNAL_SERVER_ERROR"&&w.error(i),s==null||s.error(i.message)):(l=w)==null||l.error(i))}})};export{da as APIError,Je as callbackOAuth,it as changeEmail,rt as changePassword,f as createAuthEndpoint,F as createAuthMiddleware,V as createEmailVerificationToken,he as csrfMiddleware,nt as deleteUser,at as error,Ye as forgetPassword,Xe as forgetPasswordCallback,st as getCSRFToken,er as getEndpoints,se as getSession,ae as getSessionFromCtx,$e as listSessions,ct as ok,fe as optionsMiddleware,et as resetPassword,Ve as revokeSession,je as revokeSessions,oa as router,qe as sendVerificationEmail,$ as sessionMiddleware,ot as setPassword,Ne as signInEmail,Fe as signInOAuth,Ke as signOut,dt as signUpEmail,tt as updateUser,Me as verifyEmail};
package/dist/client/plugins.js CHANGED
@@ -1 +1 @@
1
- import{atom as d}from"nanostores";var c=class extends Error{path;constructor(n,a){super(n),this.path=a}},p=class{constructor(n){this.s=n;this.statements=n}statements;newRole(n){return new m(n)}},m=class t{statements;constructor(n){this.statements=n}authorize(n,a){for(let[i,e]of Object.entries(n)){let s=this.statements[i];if(!s)return{success:!1,error:`You are not allowed to access resource: ${i}`};let o=a==="OR"?e.some(r=>s.includes(r)):e.every(r=>s.includes(r));return o?{success:o}:{success:!1,error:`unauthorized to access resource "${i}"`}}return{success:!1,error:"Not authorized"}}static fromString(n){let a=JSON.parse(n);if(typeof a!="object")throw new c("statements is not an object",".");for(let[i,e]of Object.entries(a)){if(typeof i!="string")throw new c("invalid resource identifier",i);if(!Array.isArray(e))throw new c("actions is not an array",i);for(let s=0;s<e.length;s++)if(typeof e[s]!="string")throw new c("action is not a string",`${i}[${s}]`)}return new t(a)}toString(){return JSON.stringify(this.statements)}};var y=t=>new p(t),h={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},f=y(h),k=f.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),B=f.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),F=f.newRole({organization:[],member:[],invitation:[]});import{createFetch as Z}from"@better-fetch/fetch";import{env as q}from"std-env";import"nanostores";import{betterFetch as D}from"@better-fetch/fetch";import{atom as pe}from"nanostores";import"@better-fetch/fetch";import{atom as S,onMount as O}from"nanostores";var l=(t,n,a,i)=>{let e=S({data:null,error:null,isPending:!0,isRefetching:!1}),s=()=>{let r=typeof i=="function"?i({data:e.get().data,error:e.get().error,isPending:e.get().isPending}):i;return a(n,{...r,onSuccess:async u=>{e.set({data:u.data,error:null,isPending:!1,isRefetching:!1}),await r?.onSuccess?.(u)},async onError(u){e.set({error:u.error,data:null,isPending:!1,isRefetching:!1}),await r?.onError?.(u)},async onRequest(u){let g=e.get();e.set({isPending:g.data===null,data:g.data,error:null,isRefetching:!0}),await r?.onRequest?.(u)}})};t=Array.isArray(t)?t:[t];let o=!1;for(let r of t)r.subscribe(()=>{o?s():O(e,()=>(s(),o=!0,()=>{e.off(),r.off()}))});return e};var ve=t=>{let n=d(void 0),a=d(!1),i=d(!1);return{id:"organization",$InferServerPlugin:{},getActions:e=>({$Infer:{ActiveOrganization:{},Organization:{},Invitation:{},Member:{}},organization:{setActive(s){n.set(s)},hasPermission:async s=>await e("/organization/has-permission",{method:"POST",body:{permission:s.permission},...s.fetchOptions})}}),getAtoms:e=>{let s=l(a,"/organization/list",e,{method:"GET"}),o=l([n,i],"/organization/activate",e,()=>({method:"POST",credentials:"include",body:{orgId:n.get()}}));return{_listOrg:a,_activeOrgSignal:i,activeOrganization:o,listOrganizations:s}},atomListeners:[{matcher(e){return e==="/organization/create"||e==="/organization/delete"},signal:"_listOrg"},{matcher(e){return e.startsWith("/organization")},signal:"_activeOrgSignal"}]}};var Ie=()=>({id:"username",$InferServerPlugin:{}});import{WebAuthnError as A,startAuthentication as T,startRegistration as b}from"@simplewebauthn/browser";import{atom as R}from"nanostores";var x=(t,{_listPasskeys:n})=>({signIn:{passkey:async(e,s)=>{let o=await t("/passkey/generate-authenticate-options",{method:"POST",body:{email:e?.email}});if(!o.data)return o;try{let r=await T(o.data,e?.autoFill||!1),u=await t("/passkey/verify-authentication",{body:{response:r},...e?.fetchOptions,...s,method:"POST"});if(!u.data)return u}catch(r){console.log(r)}}},passkey:{addPasskey:async(e,s)=>{let o=await t("/passkey/generate-register-options",{method:"GET"});if(!o.data)return o;try{let r=await b(o.data),u=await t("/passkey/verify-registration",{...e?.fetchOptions,...s,body:{response:r,name:e?.name},method:"POST"});if(!u.data)return u;n.set(Math.random())}catch(r){return r instanceof A?r.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:r.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:r.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:r instanceof Error?r.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),$e=()=>{let t=R();return{id:"passkey",$InferServerPlugin:{},getActions:n=>x(n,{_listPasskeys:t}),getAtoms(n){return{listPasskeys:l(t,"/passkey/list-user-passkeys",n,{method:"GET",credentials:"include"}),_listPasskeys:t}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(n){return n==="/passkey/verify-registration"||n==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var Ne=(t={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:n=>n.startsWith("/two-factor/"),signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST","/two-factor/generate-backup-codes":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(n){n.data?.twoFactorRedirect&&(t.redirect||t.twoFactorPage)&&typeof window<"u"&&(window.location.href=t.twoFactorPage)}}}]});var We=()=>({id:"magic-link",$InferServerPlugin:{}});var Ge=()=>({id:"phoneNumber",$InferServerPlugin:{},atomListeners:[{matcher(t){return t==="/phone-number/update"||t==="/phone-number/verify"},signal:"_sessionSignal"}]});var He=()=>({id:"anonymous",$InferServerPlugin:{},pathMethods:{"/sign-in/anonymous":"POST"}});var Je=t=>({id:"additional-fields-client",$InferServerPlugin:{}});var Ve=()=>({id:"better-auth-client",$InferServerPlugin:{},pathMethods:{"/admin/list-users":"GET"}});var Ye=()=>({id:"generic-oauth-client",$InferServerPlugin:{}});var et=()=>({id:"multi-session",$InferServerPlugin:{},pathMethods:{"/multi-session/sign-out-device-sessions":"POST"},atomListeners:[{matcher(t){return t==="/multi-session/set-active"},signal:"_sessionSignal"}]});export{Ve as adminClient,He as anonymousClient,Ye as genericOAuthClient,x as getPasskeyActions,Je as inferAdditionalFields,We as magicLinkClient,et as multiSessionClient,ve as organizationClient,$e as passkeyClient,Ge as phoneNumberClient,Ne as twoFactorClient,Ie as usernameClient};
1
+ import{atom as g}from"nanostores";var l=class extends Error{constructor(n,i){super(n),this.path=i}},f=class{constructor(n){this.s=n;this.statements=n}newRole(n){return new d(n)}},d=class r{constructor(n){this.statements=n}authorize(n,i){for(let[o,e]of Object.entries(n)){let s=this.statements[o];if(!s)return{success:!1,error:`You are not allowed to access resource: ${o}`};let a=i==="OR"?e.some(t=>s.includes(t)):e.every(t=>s.includes(t));return a?{success:a}:{success:!1,error:`unauthorized to access resource "${o}"`}}return{success:!1,error:"Not authorized"}}static fromString(n){let i=JSON.parse(n);if(typeof i!="object")throw new l("statements is not an object",".");for(let[o,e]of Object.entries(i)){if(typeof o!="string")throw new l("invalid resource identifier",o);if(!Array.isArray(e))throw new l("actions is not an array",o);for(let s=0;s<e.length;s++)if(typeof e[s]!="string")throw new l("action is not a string",`${o}[${s}]`)}return new r(i)}toString(){return JSON.stringify(this.statements)}};var h=r=>new f(r),P={organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]},p=h(P),B=p.newRole({organization:["update"],invitation:["create","cancel"],member:["create","update","delete"]}),F=p.newRole({organization:["update","delete"],member:["create","update","delete"],invitation:["create","cancel"]}),v=p.newRole({organization:[],member:[],invitation:[]});import{createFetch as ee}from"@better-fetch/fetch";import{env as W}from"std-env";import"nanostores";import{betterFetch as H}from"@better-fetch/fetch";import{atom as fe}from"nanostores";import"@better-fetch/fetch";import{atom as O,onMount as A}from"nanostores";var m=(r,n,i,o)=>{let e=O({data:null,error:null,isPending:!0,isRefetching:!1}),s=()=>{let t=typeof o=="function"?o({data:e.get().data,error:e.get().error,isPending:e.get().isPending}):o;return i(n,{...t,onSuccess:async u=>{var c;e.set({data:u.data,error:null,isPending:!1,isRefetching:!1}),await((c=t==null?void 0:t.onSuccess)==null?void 0:c.call(t,u))},async onError(u){var c;e.set({error:u.error,data:null,isPending:!1,isRefetching:!1}),await((c=t==null?void 0:t.onError)==null?void 0:c.call(t,u))},async onRequest(u){var y;let c=e.get();e.set({isPending:c.data===null,data:c.data,error:null,isRefetching:!0}),await((y=t==null?void 0:t.onRequest)==null?void 0:y.call(t,u))}})};r=Array.isArray(r)?r:[r];let a=!1;for(let t of r)t.subscribe(()=>{a?s():A(e,()=>(s(),a=!0,()=>{e.off(),t.off()}))});return e};var Ue=r=>{let n=g(void 0),i=g(!1),o=g(!1);return{id:"organization",$InferServerPlugin:{},getActions:e=>({$Infer:{ActiveOrganization:{},Organization:{},Invitation:{},Member:{}},organization:{setActive(s){n.set(s)},hasPermission:async s=>await e("/organization/has-permission",{method:"POST",body:{permission:s.permission},...s.fetchOptions})}}),getAtoms:e=>{let s=m(i,"/organization/list",e,{method:"GET"}),a=m([n,o],"/organization/activate",e,()=>({method:"POST",credentials:"include",body:{orgId:n.get()}}));return{_listOrg:i,_activeOrgSignal:o,activeOrganization:a,listOrganizations:s}},atomListeners:[{matcher(e){return e==="/organization/create"||e==="/organization/delete"},signal:"_listOrg"},{matcher(e){return e.startsWith("/organization")},signal:"_activeOrgSignal"}]}};var Ee=()=>({id:"username",$InferServerPlugin:{}});import{WebAuthnError as T,startAuthentication as b,startRegistration as R}from"@simplewebauthn/browser";import{atom as x}from"nanostores";var C=(r,{_listPasskeys:n})=>({signIn:{passkey:async(e,s)=>{let a=await r("/passkey/generate-authenticate-options",{method:"POST",body:{email:e==null?void 0:e.email}});if(!a.data)return a;try{let t=await b(a.data,(e==null?void 0:e.autoFill)||!1),u=await r("/passkey/verify-authentication",{body:{response:t},...e==null?void 0:e.fetchOptions,...s,method:"POST"});if(!u.data)return u}catch(t){console.log(t)}}},passkey:{addPasskey:async(e,s)=>{let a=await r("/passkey/generate-register-options",{method:"GET"});if(!a.data)return a;try{let t=await R(a.data),u=await r("/passkey/verify-registration",{...e==null?void 0:e.fetchOptions,...s,body:{response:t,name:e==null?void 0:e.name},method:"POST"});if(!u.data)return u;n.set(Math.random())}catch(t){return t instanceof T?t.code==="ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED"?{data:null,error:{message:"previously registered",status:400,statusText:"BAD_REQUEST"}}:t.code==="ERROR_CEREMONY_ABORTED"?{data:null,error:{message:"registration cancelled",status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:t.message,status:400,statusText:"BAD_REQUEST"}}:{data:null,error:{message:t instanceof Error?t.message:"unknown error",status:500,statusText:"INTERNAL_SERVER_ERROR"}}}}},$Infer:{}}),Me=()=>{let r=x();return{id:"passkey",$InferServerPlugin:{},getActions:n=>C(n,{_listPasskeys:r}),getAtoms(n){return{listPasskeys:m(r,"/passkey/list-user-passkeys",n,{method:"GET",credentials:"include"}),_listPasskeys:r}},pathMethods:{"/passkey/register":"POST","/passkey/authenticate":"POST"},atomListeners:[{matcher(n){return n==="/passkey/verify-registration"||n==="/passkey/delete-passkey"},signal:"_listPasskeys"}]}};var qe=(r={redirect:!0,twoFactorPage:"/"})=>({id:"two-factor",$InferServerPlugin:{},atomListeners:[{matcher:n=>n.startsWith("/two-factor/"),signal:"_sessionSignal"}],pathMethods:{"/two-factor/disable":"POST","/two-factor/enable":"POST","/two-factor/send-otp":"POST","/two-factor/generate-backup-codes":"POST"},fetchPlugins:[{id:"two-factor",name:"two-factor",hooks:{async onSuccess(n){var i;(i=n.data)!=null&&i.twoFactorRedirect&&(r.redirect||r.twoFactorPage)&&typeof window!="undefined"&&(window.location.href=r.twoFactorPage)}}}]});var je=()=>({id:"magic-link",$InferServerPlugin:{}});var De=()=>({id:"phoneNumber",$InferServerPlugin:{},atomListeners:[{matcher(r){return r==="/phone-number/update"||r==="/phone-number/verify"},signal:"_sessionSignal"}]});var Ke=()=>({id:"anonymous",$InferServerPlugin:{},pathMethods:{"/sign-in/anonymous":"POST"}});var Qe=r=>({id:"additional-fields-client",$InferServerPlugin:{}});var Xe=()=>({id:"better-auth-client",$InferServerPlugin:{},pathMethods:{"/admin/list-users":"GET"}});var Ze=()=>({id:"generic-oauth-client",$InferServerPlugin:{}});var tt=()=>({id:"multi-session",$InferServerPlugin:{},pathMethods:{"/multi-session/sign-out-device-sessions":"POST"},atomListeners:[{matcher(r){return r==="/multi-session/set-active"},signal:"_sessionSignal"}]});export{Xe as adminClient,Ke as anonymousClient,Ze as genericOAuthClient,C as getPasskeyActions,Qe as inferAdditionalFields,je as magicLinkClient,tt as multiSessionClient,Ue as organizationClient,Me as passkeyClient,De as phoneNumberClient,qe as twoFactorClient,Ee as usernameClient};
package/dist/client.js CHANGED
@@ -1 +1 @@
1
- import{createFetch as v}from"@better-fetch/fetch";import{env as p}from"std-env";var d=class extends Error{constructor(t,i){super(t),this.name="BetterAuthError",this.message=t,this.cause=i}};function _(e){try{return new URL(e).pathname!=="/"}catch{throw new d(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function R(e,t="/api/auth"){return _(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function T(e,t){if(e)return R(e,t);let i=p.BETTER_AUTH_URL||p.NEXT_PUBLIC_BETTER_AUTH_URL||p.PUBLIC_BETTER_AUTH_URL||p.NUXT_PUBLIC_BETTER_AUTH_URL||p.NUXT_PUBLIC_AUTH_URL||(p.BASE_URL!=="/"?p.BASE_URL:void 0);if(i)return R(i,t);if(typeof window<"u")return R(window.location.origin,t)}import"nanostores";import{betterFetch as $}from"@better-fetch/fetch";var O={id:"redirect",name:"Redirect",hooks:{onSuccess(e){e.data?.url&&e.data?.redirect&&typeof window<"u"&&(window.location.href=e.data.url)}}},U={id:"add-current-url",name:"Add current URL",hooks:{onRequest(e){if(typeof window<"u"){let t=new URL(e.url);t.searchParams.set("currentURL",window.location.href),e.url=t}return e}}},F={id:"csrf",name:"CSRF Check",async init(e,t){if(t?.method!=="GET"){t=t||{};let{data:i,error:s}=await $("/csrf",{body:void 0,baseURL:t.baseURL,plugins:[],method:"GET",credentials:"include",customFetchImpl:t.customFetchImpl});if(s){if(s.status===404)throw new d("CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth).");if(s.status===429)return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests"});throw new d("Failed to fetch CSRF token: "+s.message)}let r=i?.csrfToken;t.body={...t?.body,csrfToken:r}}return t.credentials="include",{url:e,options:t}}};var b=e=>{let t=v({baseURL:T(e?.fetchOptions?.baseURL||e?.baseURL),credentials:"include",method:"GET",...e?.fetchOptions,plugins:e?.disableDefaultFetchPlugins?e.fetchOptions?.plugins:[...e?.disableCSRFTokenCheck?[]:[F],O,U,...e?.fetchOptions?.plugins?.filter(n=>n!==void 0)||[],...e?.plugins?.flatMap(n=>n.fetchPlugins).filter(n=>n!==void 0)||[]]}),i=e?.plugins||[],s={},r={},u={"/sign-out":"POST","/user/revoke-sessions":"POST"},o=[{signal:"_sessionSignal",matcher(n){return n==="/sign-out"||n==="/user/update"||n.startsWith("/sign-in")||n.startsWith("/sign-up")}}];for(let n of i)n.getActions&&Object.assign(s,n.getActions?.(t)),n.getAtoms&&Object.assign(r,n.getAtoms?.(t)),n.pathMethods&&Object.assign(u,n.pathMethods),n.atomListeners&&o.push(...n.atomListeners);return{pluginsActions:s,pluginsAtoms:r,pluginPathMethods:u,atomListeners:o,$fetch:t}};function C(e){return e.charAt(0).toUpperCase()+e.slice(1)}function W(e,t,i){let s=t[e],{fetchOptions:r,query:u,...o}=i||{};return s||(r?.method?r.method:o&&Object.keys(o).length>0?"POST":"GET")}function L(e,t,i,s,r){function u(o=[]){return new Proxy(function(){},{get(n,c){let l=[...o,c],a=e;for(let f of l)if(a&&typeof a=="object"&&f in a)a=a[f];else{a=void 0;break}return typeof a=="function"?a:u(l)},apply:async(n,c,l)=>{let a="/"+o.map(y=>y.replace(/[A-Z]/g,g=>`-${g.toLowerCase()}`)).join("/"),f=l[0]||{},m=l[1]||{},{query:x,fetchOptions:w,...I}=f,h={...m,...w},A=W(a,i,f);return await t(a,{...h,body:A==="GET"?void 0:{...I,...h?.body||{}},query:x||h?.query,method:A,async onSuccess(y){await h?.onSuccess?.(y);let g=r?.find(k=>k.matcher(a));if(!g)return;let P=s[g.signal];if(!P)return;let E=P.get();setTimeout(()=>{P.set(!E)},10)}})}})}return u()}import{atom as G}from"nanostores";import"@better-fetch/fetch";import{atom as q,onMount as M}from"nanostores";var B=(e,t,i,s)=>{let r=q({data:null,error:null,isPending:!0,isRefetching:!1}),u=()=>{let n=typeof s=="function"?s({data:r.get().data,error:r.get().error,isPending:r.get().isPending}):s;return i(t,{...n,onSuccess:async c=>{r.set({data:c.data,error:null,isPending:!1,isRefetching:!1}),await n?.onSuccess?.(c)},async onError(c){r.set({error:c.error,data:null,isPending:!1,isRefetching:!1}),await n?.onError?.(c)},async onRequest(c){let l=r.get();r.set({isPending:l.data===null,data:l.data,error:null,isRefetching:!0}),await n?.onRequest?.(c)}})};e=Array.isArray(e)?e:[e];let o=!1;for(let n of e)n.subscribe(()=>{o?u():M(r,()=>(u(),o=!0,()=>{r.off(),n.off()}))});return r};function S(e){let t=G(!1);return{$session:B(t,"/get-session",e,{method:"GET"}),_sessionSignal:t,$Infer:{}}}function pe(e){let{pluginPathMethods:t,pluginsActions:i,pluginsAtoms:s,$fetch:r,atomListeners:u}=b(e),o={};for(let[f,m]of Object.entries(s))o[`use${C(f)}`]=m;let{$session:n,_sessionSignal:c}=S(r),l={...i,...o,$fetch:r,useSession:n};return L(l,r,t,{...s,_sessionSignal:c},u)}export{pe as createAuthClient,B as useAuthQuery};
1
+ import{createFetch as W}from"@better-fetch/fetch";import{env as m}from"std-env";var g=class extends Error{constructor(t,i){super(t),this.name="BetterAuthError",this.message=t,this.cause=i}};function $(e){try{return new URL(e).pathname!=="/"}catch{throw new g(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function T(e,t="/api/auth"){return $(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function F(e,t){if(e)return T(e,t);let i=m.BETTER_AUTH_URL||m.NEXT_PUBLIC_BETTER_AUTH_URL||m.PUBLIC_BETTER_AUTH_URL||m.NUXT_PUBLIC_BETTER_AUTH_URL||m.NUXT_PUBLIC_AUTH_URL||(m.BASE_URL!=="/"?m.BASE_URL:void 0);if(i)return T(i,t);if(typeof window!="undefined")return T(window.location.origin,t)}import"nanostores";import{betterFetch as v}from"@better-fetch/fetch";var b={id:"redirect",name:"Redirect",hooks:{onSuccess(e){var t,i;(t=e.data)!=null&&t.url&&((i=e.data)!=null&&i.redirect)&&typeof window!="undefined"&&(window.location.href=e.data.url)}}},C={id:"add-current-url",name:"Add current URL",hooks:{onRequest(e){if(typeof window!="undefined"){let t=new URL(e.url);t.searchParams.set("currentURL",window.location.href),e.url=t}return e}}},B={id:"csrf",name:"CSRF Check",async init(e,t){if((t==null?void 0:t.method)!=="GET"){t=t||{};let{data:i,error:o}=await v("/csrf",{body:void 0,baseURL:t.baseURL,plugins:[],method:"GET",credentials:"include",customFetchImpl:t.customFetchImpl});if(o){if(o.status===404)throw new g("CSRF route not found. Make sure the server is running and the base URL is correct and includes the path (e.g. http://localhost:3000/api/auth).");if(o.status===429)return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests"});throw new g("Failed to fetch CSRF token: "+o.message)}let r=i==null?void 0:i.csrfToken;t.body={...t==null?void 0:t.body,csrfToken:r}}return t.credentials="include",{url:e,options:t}}};var S=e=>{var n,u,a,c,h,y,p;let t=W({baseURL:F(((n=e==null?void 0:e.fetchOptions)==null?void 0:n.baseURL)||(e==null?void 0:e.baseURL)),credentials:"include",method:"GET",...e==null?void 0:e.fetchOptions,plugins:e!=null&&e.disableDefaultFetchPlugins?(u=e.fetchOptions)==null?void 0:u.plugins:[...e!=null&&e.disableCSRFTokenCheck?[]:[B],b,C,...((c=(a=e==null?void 0:e.fetchOptions)==null?void 0:a.plugins)==null?void 0:c.filter(s=>s!==void 0))||[],...((h=e==null?void 0:e.plugins)==null?void 0:h.flatMap(s=>s.fetchPlugins).filter(s=>s!==void 0))||[]]}),i=(e==null?void 0:e.plugins)||[],o={},r={},d={"/sign-out":"POST","/user/revoke-sessions":"POST"},l=[{signal:"_sessionSignal",matcher(s){return s==="/sign-out"||s==="/user/update"||s.startsWith("/sign-in")||s.startsWith("/sign-up")}}];for(let s of i)s.getActions&&Object.assign(o,(y=s.getActions)==null?void 0:y.call(s,t)),s.getAtoms&&Object.assign(r,(p=s.getAtoms)==null?void 0:p.call(s,t)),s.pathMethods&&Object.assign(d,s.pathMethods),s.atomListeners&&l.push(...s.atomListeners);return{pluginsActions:o,pluginsAtoms:r,pluginPathMethods:d,atomListeners:l,$fetch:t}};function x(e){return e.charAt(0).toUpperCase()+e.slice(1)}function q(e,t,i){let o=t[e],{fetchOptions:r,query:d,...l}=i||{};return o||(r!=null&&r.method?r.method:l&&Object.keys(l).length>0?"POST":"GET")}function L(e,t,i,o,r){function d(l=[]){return new Proxy(function(){},{get(n,u){let a=[...l,u],c=e;for(let h of a)if(c&&typeof c=="object"&&h in c)c=c[h];else{c=void 0;break}return typeof c=="function"?c:d(a)},apply:async(n,u,a)=>{let c="/"+l.map(R=>R.replace(/[A-Z]/g,P=>`-${P.toLowerCase()}`)).join("/"),h=a[0]||{},y=a[1]||{},{query:p,fetchOptions:s,...E}=h,f={...y,...s},U=q(c,i,h);return await t(c,{...f,body:U==="GET"?void 0:{...E,...(f==null?void 0:f.body)||{}},query:p||(f==null?void 0:f.query),method:U,async onSuccess(R){var O;await((O=f==null?void 0:f.onSuccess)==null?void 0:O.call(f,R));let P=r==null?void 0:r.find(_=>_.matcher(c));if(!P)return;let A=o[P.signal];if(!A)return;let k=A.get();setTimeout(()=>{A.set(!k)},10)}})}})}return d()}import{atom as H}from"nanostores";import"@better-fetch/fetch";import{atom as M,onMount as G}from"nanostores";var w=(e,t,i,o)=>{let r=M({data:null,error:null,isPending:!0,isRefetching:!1}),d=()=>{let n=typeof o=="function"?o({data:r.get().data,error:r.get().error,isPending:r.get().isPending}):o;return i(t,{...n,onSuccess:async u=>{var a;r.set({data:u.data,error:null,isPending:!1,isRefetching:!1}),await((a=n==null?void 0:n.onSuccess)==null?void 0:a.call(n,u))},async onError(u){var a;r.set({error:u.error,data:null,isPending:!1,isRefetching:!1}),await((a=n==null?void 0:n.onError)==null?void 0:a.call(n,u))},async onRequest(u){var c;let a=r.get();r.set({isPending:a.data===null,data:a.data,error:null,isRefetching:!0}),await((c=n==null?void 0:n.onRequest)==null?void 0:c.call(n,u))}})};e=Array.isArray(e)?e:[e];let l=!1;for(let n of e)n.subscribe(()=>{l?d():G(r,()=>(d(),l=!0,()=>{r.off(),n.off()}))});return r};function I(e){let t=H(!1);return{$session:w(t,"/get-session",e,{method:"GET"}),_sessionSignal:t,$Infer:{}}}function ge(e){let{pluginPathMethods:t,pluginsActions:i,pluginsAtoms:o,$fetch:r,atomListeners:d}=S(e),l={};for(let[h,y]of Object.entries(o))l[`use${x(h)}`]=y;let{$session:n,_sessionSignal:u}=I(r),a={...i,...l,$fetch:r,useSession:n};return L(a,r,t,{...o,_sessionSignal:u},d)}export{ge as createAuthClient,w as useAuthQuery};
package/dist/cookies.js CHANGED
@@ -1 +1 @@
1
- import{TimeSpan as C}from"oslo";var u=class extends Error{constructor(i,o){super(i),this.name="BetterAuthError",this.message=i,this.cause=o}};import{env as h,isProduction as p}from"std-env";function g(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):p)?"__Secure-":"",t="better-auth",r=e.session?.expiresIn||new C(7,"d").seconds(),s=!!e.advanced?.crossSubDomainCookies?.enabled,n=s?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(s&&!n)throw new u("baseURL is required when crossSubdomainCookies are enabled");let a=s?"none":"lax";return{sessionToken:{name:`${o}${t}.session_token`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:r,...s?{domain:n}:{}}},csrfToken:{name:`${o}${t}.csrf_token`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*60*24*7,...s?{domain:n}:{}}},state:{name:`${o}${t}.state`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}},pkCodeVerifier:{name:`${o}${t}.pk_code_verifier`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}},dontRememberToken:{name:`${o}${t}.dont_remember`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,...s?{domain:n}:{}}},nonce:{name:`${o}${t}.nonce`,options:{httpOnly:!0,sameSite:a,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}}}}function S(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL?.startsWith("https://")||p)?"__Secure-":"",t="better-auth",r=e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0);function s(n,a){let c=e.advanced?.crossSubDomainCookies?.enabled?e.advanced.crossSubDomainCookies.additionalCookies?.includes(n):void 0;return{name:h.NODE_ENV==="production"?`${o}${t}.${n}`:`${t}.${n}`,options:{secure:!!o,sameSite:"lax",path:"/",maxAge:60*15,...a,...c?{domain:r}:{}}}}return s}async function O(e,i,o,t){let r=e.context.authCookies.sessionToken.options;r.maxAge=o?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,i,e.context.secret,{...r,...t}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function A(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function y(e){let i=new Map;return e.split(", ").forEach(t=>{let[r,...s]=t.split("; "),[n,a]=r.split("="),c={value:a};s.forEach(d=>{let[k,m]=d.split("=");c[k.toLowerCase()]=m||!0}),i.set(n,c)}),i}function $(e){let i=e.split("; "),o=new Map;return i.forEach(t=>{let[r,s]=t.split("=");o.set(r,s)}),o}export{S as createCookieGetter,A as deleteSessionCookie,g as getCookies,$ as parseCookies,y as parseSetCookieHeader,O as setSessionCookie};
1
+ import{TimeSpan as x}from"oslo";var h=class extends Error{constructor(i,o){super(i),this.name="BetterAuthError",this.message=i,this.cause=o}};import{env as g,isProduction as b}from"std-env";function $(e){var c,p,d,u,m,C,k;let o=(((c=e.advanced)==null?void 0:c.useSecureCookies)!==void 0?(p=e.advanced)==null?void 0:p.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):b)?"__Secure-":"",t="better-auth",a=((d=e.session)==null?void 0:d.expiresIn)||new x(7,"d").seconds(),s=!!((m=(u=e.advanced)==null?void 0:u.crossSubDomainCookies)!=null&&m.enabled),n=s?((k=(C=e.advanced)==null?void 0:C.crossSubDomainCookies)==null?void 0:k.domain)||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(s&&!n)throw new h("baseURL is required when crossSubdomainCookies are enabled");let r=s?"none":"lax";return{sessionToken:{name:`${o}${t}.session_token`,options:{httpOnly:!0,sameSite:r,path:"/",secure:!!o,maxAge:a,...s?{domain:n}:{}}},csrfToken:{name:`${o}${t}.csrf_token`,options:{httpOnly:!0,sameSite:r,path:"/",secure:!!o,maxAge:60*60*24*7,...s?{domain:n}:{}}},state:{name:`${o}${t}.state`,options:{httpOnly:!0,sameSite:r,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}},pkCodeVerifier:{name:`${o}${t}.pk_code_verifier`,options:{httpOnly:!0,sameSite:r,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}},dontRememberToken:{name:`${o}${t}.dont_remember`,options:{httpOnly:!0,sameSite:r,path:"/",secure:!!o,...s?{domain:n}:{}}},nonce:{name:`${o}${t}.nonce`,options:{httpOnly:!0,sameSite:r,path:"/",secure:!!o,maxAge:60*15,...s?{domain:n}:{}}}}}function v(e){var n,r,c,p,d;let o=(((n=e.advanced)==null?void 0:n.useSecureCookies)!==void 0?(r=e.advanced)==null?void 0:r.useSecureCookies:((c=e.baseURL)==null?void 0:c.startsWith("https://"))||b)?"__Secure-":"",t="better-auth",a=((d=(p=e.advanced)==null?void 0:p.crossSubDomainCookies)==null?void 0:d.domain)||(e.baseURL?new URL(e.baseURL).hostname:void 0);function s(u,m){var k,f,l;let C=(f=(k=e.advanced)==null?void 0:k.crossSubDomainCookies)!=null&&f.enabled?(l=e.advanced.crossSubDomainCookies.additionalCookies)==null?void 0:l.includes(u):void 0;return{name:g.NODE_ENV==="production"?`${o}${t}.${u}`:`${t}.${u}`,options:{secure:!!o,sameSite:"lax",path:"/",maxAge:60*15,...m,...C?{domain:a}:{}}}}return s}async function R(e,i,o,t){let a=e.context.authCookies.sessionToken.options;a.maxAge=o?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,i,e.context.secret,{...a,...t}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options)}function E(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function T(e){let i=new Map;return e.split(", ").forEach(t=>{let[a,...s]=t.split("; "),[n,r]=a.split("="),c={value:r};s.forEach(p=>{let[d,u]=p.split("=");c[d.toLowerCase()]=u||!0}),i.set(n,c)}),i}function w(e){let i=e.split("; "),o=new Map;return i.forEach(t=>{let[a,s]=t.split("=");o.set(a,s)}),o}export{v as createCookieGetter,E as deleteSessionCookie,$ as getCookies,w as parseCookies,T as parseSetCookieHeader,R as setSessionCookie};