better-auth 0.7.3 → 0.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/dist/adapters/drizzle.d.cts +1 -1
  2. package/dist/adapters/drizzle.d.ts +1 -1
  3. package/dist/adapters/kysely.d.cts +1 -1
  4. package/dist/adapters/kysely.d.ts +1 -1
  5. package/dist/adapters/mongodb.d.cts +1 -1
  6. package/dist/adapters/mongodb.d.ts +1 -1
  7. package/dist/adapters/prisma.d.cts +1 -1
  8. package/dist/adapters/prisma.d.ts +1 -1
  9. package/dist/api.cjs +5 -5
  10. package/dist/api.d.cts +1 -1
  11. package/dist/api.d.ts +1 -1
  12. package/dist/api.js +5 -5
  13. package/dist/{auth-BkJnc76F.d.cts → auth-B5ozNy5X.d.cts} +1 -1
  14. package/dist/{auth-G61_RA8H.d.ts → auth-BBUjEh9D.d.ts} +1 -1
  15. package/dist/client/plugins.d.cts +4 -4
  16. package/dist/client/plugins.d.ts +4 -4
  17. package/dist/client.d.cts +1 -1
  18. package/dist/client.d.ts +1 -1
  19. package/dist/cookies.d.cts +1 -1
  20. package/dist/cookies.d.ts +1 -1
  21. package/dist/db.d.cts +2 -2
  22. package/dist/db.d.ts +2 -2
  23. package/dist/{index-cKD4sHma.d.ts → index-CQluFeIi.d.ts} +2 -2
  24. package/dist/{index-KdWDL1fo.d.cts → index-DK55nobk.d.cts} +2 -2
  25. package/dist/index.cjs +4 -4
  26. package/dist/index.d.cts +2 -2
  27. package/dist/index.d.ts +2 -2
  28. package/dist/index.js +5 -5
  29. package/dist/node.d.cts +1 -1
  30. package/dist/node.d.ts +1 -1
  31. package/dist/oauth2.d.cts +2 -2
  32. package/dist/oauth2.d.ts +2 -2
  33. package/dist/plugins.cjs +6 -6
  34. package/dist/plugins.d.cts +73 -4
  35. package/dist/plugins.d.ts +73 -4
  36. package/dist/plugins.js +6 -6
  37. package/dist/react.d.cts +1 -1
  38. package/dist/react.d.ts +1 -1
  39. package/dist/solid-start.d.cts +1 -1
  40. package/dist/solid-start.d.ts +1 -1
  41. package/dist/solid.d.cts +1 -1
  42. package/dist/solid.d.ts +1 -1
  43. package/dist/{state-UgidHWa5.d.cts → state-8Gh7gmo8.d.cts} +1 -1
  44. package/dist/{state-CTWPRYsC.d.ts → state-BU1iZb12.d.ts} +1 -1
  45. package/dist/svelte-kit.d.cts +1 -1
  46. package/dist/svelte-kit.d.ts +1 -1
  47. package/dist/svelte.d.cts +1 -1
  48. package/dist/svelte.d.ts +1 -1
  49. package/dist/types.d.cts +2 -2
  50. package/dist/types.d.ts +2 -2
  51. package/dist/vue.d.cts +1 -1
  52. package/dist/vue.d.ts +1 -1
  53. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -1,6 +1,6 @@
1
- "use strict";var Ae=Object.defineProperty;var pr=Object.getOwnPropertyDescriptor;var fr=Object.getOwnPropertyNames;var mr=Object.prototype.hasOwnProperty;var gr=(e,t)=>{for(var r in t)Ae(e,r,{get:t[r],enumerable:!0})},hr=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of fr(t))!mr.call(e,i)&&i!==r&&Ae(e,i,{get:()=>t[i],enumerable:!(o=pr(t,i))||o.enumerable});return e};var yr=e=>hr(Ae({},"__esModule",{value:!0}),e);var qr={};gr(qr,{BetterAuthError:()=>E,HIDE_METADATA:()=>$,MissingDependencyError:()=>ke,betterAuth:()=>Vr,capitalizeFirstLetter:()=>wr,createCookieGetter:()=>fe,createLogger:()=>pe,deleteSessionCookie:()=>j,generateId:()=>v,generateState:()=>te,getCookies:()=>ve,logger:()=>h,parseCookies:()=>Rr,parseSetCookieHeader:()=>kr,parseState:()=>Ue,setSessionCookie:()=>O});module.exports=yr(qr);var K=require("better-call");var Me=require("better-call");var z=require("better-call"),Fe=(0,z.createMiddleware)(async()=>({})),de=(0,z.createMiddlewareCreator)({use:[Fe,(0,z.createMiddleware)(async()=>({}))]}),y=(0,z.createEndpointCreator)({use:[Fe]});function wr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var $={isAction:!1};var Ve=require("nanoid"),v=e=>(0,Ve.nanoid)(e);var ue=require("oslo/oauth2"),D=require("zod"),xe=require("better-call");var ce=Object.create(null),Y=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?ce:globalThis),I=new Proxy(ce,{get(e,t){return Y()[t]??ce[t]},has(e,t){let r=Y();return t in r||t in ce},set(e,t,r){let o=Y(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=Y(!0);return delete r[t],!0},ownKeys(){let e=Y(!0);return Object.keys(e)}});function br(e){return e?e!=="false":!1}var le=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",X=le==="production",qe=le==="dev"||le==="development",je=le==="test"||br(I.TEST);var E=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r}},ke=class extends E{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function Ar(e){try{return new URL(e).pathname!=="/"}catch{throw new E(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Re(e,t="/api/auth"){return Ar(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function ee(e,t){if(e)return Re(e,t);let r=I.BETTER_AUTH_URL||I.NEXT_PUBLIC_BETTER_AUTH_URL||I.PUBLIC_BETTER_AUTH_URL||I.NUXT_PUBLIC_BETTER_AUTH_URL||I.NUXT_PUBLIC_AUTH_URL||(I.BASE_URL!=="/"?I.BASE_URL:void 0);if(r)return Re(r,t);if(typeof window<"u"&&window.location)return Re(window.location.origin,t)}function ze(e){try{return new URL(e).origin}catch{return null}}async function te(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?ze(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new xe.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,ue.generateCodeVerifier)(),i=(0,ue.generateState)(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:a});if(!c)throw h.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new xe.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function Ue(e){let t=e.query.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw h.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=D.z.object({callbackURL:D.z.string(),codeVerifier:D.z.string(),errorURL:D.z.string().optional(),expiresAt:D.z.number(),link:D.z.object({email:D.z.string(),userId:D.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),h.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var $e=require("consola"),M=(0,$e.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),pe=e=>({log:(...t)=>{!e?.disabled&&M.log("",...t)},error:(...t)=>{!e?.disabled&&M.error("",...t)},warn:(...t)=>{!e?.disabled&&M.warn("",...t)},info:(...t)=>{!e?.disabled&&M.info("",...t)},debug:(...t)=>{!e?.disabled&&M.debug("",...t)},box:(...t)=>{!e?.disabled&&M.box("",...t)},success:(...t)=>{!e?.disabled&&M.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
2
- `)}}),h=pe();var He=de(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL,a=t?.redirectTo,c=r?.currentURL,s=o.trustedOrigins,d=e.headers?.has("cookie"),l=(f,u)=>{if(!s.some(g=>f?.startsWith(g)||f?.startsWith("/")&&u!=="origin"))throw h.error(`Invalid ${u}: ${f}`),h.info(`If it's a valid URL, please add ${f} to trustedOrigins in your auth config
3
- `,`Current list of trustedOrigins: ${s}`),new Me.APIError("FORBIDDEN",{message:`Invalid ${u}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&l(i,"origin"),n&&l(n,"callbackURL"),a&&l(a,"redirectURL"),c&&l(c,"currentURL")});var L=require("better-call"),P=require("zod");var Ge=require("oslo");function fe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):X)?"__Secure-":"",o=!!e.advanced?.crossSubDomainCookies?.enabled,i=o?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(o&&!i)throw new E("baseURL is required when crossSubdomainCookies are enabled");function n(a,c={}){let s=e.advanced?.cookiePrefix||e.appName||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${s}.${a}`,l=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...o?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...c,...l}}}return n}function ve(e){let t=fe(e),r=e.session?.expiresIn||new Ge.TimeSpan(7,"d").seconds(),o=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),n=t("dont_remember");return{sessionToken:{name:o.name,options:o.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:n.name,options:n.attributes}}}async function O(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&await e.setSignedCookie(e.context.authCookies.sessionData.name,JSON.stringify(t),e.context.secret,e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function kr(e){let t=new Map;return e.split(", ").forEach(o=>{let[i,...n]=o.split("; "),[a,c]=i.split("="),s={value:c};n.forEach(d=>{let[l,f]=d.split("=");s[l.toLowerCase()]=f||!0}),t.set(a,s)}),t}function Rr(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[i,n]=o.split("=");r.set(i,n)}),r}var Ye=require("oslo/jwt");var Ke=require("oslo/crypto"),Qe=require("oslo/encoding");var N=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function Ze(e){let t=await(0,Ke.sha256)(new TextEncoder().encode(e));return Qe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function We(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?N(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function k({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&i){let l=await Ze(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((f,u)=>(f[u]=null,f),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}var Je=require("@better-fetch/fetch");async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i}){let n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),t&&n.set("code_verifier",t),n.set("redirect_uri",r),n.set("client_id",o.clientId),n.set("client_secret",o.clientSecret);let{data:a,error:c}=await(0,Je.betterFetch)(i,{method:"POST",body:n,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return We(a)}var Xe=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name","openid"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=(0,Ye.parseJWT)(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};var et=require("@better-fetch/fetch");var tt=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,et.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var rt=require("@better-fetch/fetch");var ot=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await k({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,rt.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var Te=require("@better-fetch/fetch");var nt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let a=o||["user:email"];return e.scope&&a.push(...e.scope),k({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,Te.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:a,error:c}=await(0,Te.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,n=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};var it=require("oslo/jwt");var st=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw h.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new E("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new E("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let a=await k({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=(0,it.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var at=require("@better-fetch/fetch"),dt=require("oslo/jwt");var ct=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),k({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:a}){return A({code:i,codeVerifier:n,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=(0,dt.parseJWT)(i.idToken)?.payload,a=e.profilePhotoSize||48;return await(0,at.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(s){h.error(s)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};var lt=require("@better-fetch/fetch");var ut=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),k({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,lt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var Ho=require("@better-fetch/fetch");var pt=require("oslo/jwt");var ft=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),k({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return h.error("No idToken found in token"),null;let o=(0,pt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var mt=require("@better-fetch/fetch");var gt=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["account_info.read"];return e.scope&&r.push(...e.scope),k({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,mt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var ht=require("@better-fetch/fetch");var yt=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let a=o||["account_info.read"];return e.scope&&a.push(...e.scope),await k({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,ht.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var wt=require("@better-fetch/fetch");var bt=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await k({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await A({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await(0,wt.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};var At=require("@better-fetch/fetch");var Ee=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),xr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ee(`${t}/oauth/authorize`),tokenEndpoint:Ee(`${t}/oauth/token`),userinfoEndpoint:Ee(`${t}/api/v4/user`)}},kt=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=xr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:c,codeVerifier:s,redirectURI:d})=>{let l=c||["read_user"];return e.scope&&l.push(...e.scope),await k({id:i,options:e,authorizationEndpoint:t,scopes:l,state:a,redirectURI:d,codeVerifier:s})},validateAuthorizationCode:async({code:a,redirectURI:c})=>A({code:a,redirectURI:e.redirectURI||c,options:e,tokenEndpoint:r}),async getUserInfo(a){let{data:c,error:s}=await(0,At.betterFetch)(o,{headers:{authorization:`Bearer ${a.accessToken}`}});return s||c.state!=="active"||c.locked?null:{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0},data:c}}}};var Ie={apple:Xe,discord:tt,facebook:ot,github:nt,microsoft:ct,google:st,spotify:ut,twitch:ft,twitter:gt,dropbox:yt,linkedin:bt,gitlab:kt},me=Object.keys(Ie);var vt=require("oslo"),ge=require("oslo/jwt"),S=require("zod");var H=require("better-call");var Q=require("better-call");var Z=require("zod"),Pe=()=>y("/get-session",{method:"GET",query:Z.z.optional(Z.z.object({disableCookieCache:Z.z.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.getSignedCookie(e.context.authCookies.sessionData.name,e.context.secret),o=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(r&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let d=JSON.parse(r)?.session;if(d?.expiresAt>new Date)return e.json(d)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return j(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null,{status:401});if(o)return e.json(i);let n=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-n*1e3+a*1e3<=Date.now()){let d=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:N(e.context.sessionConfig.expiresIn,"sec")});if(!d)return j(e),e.json(null,{status:401});let l=(d.expiresAt.valueOf()-Date.now())/1e3;return await O(e,{session:d,user:i.user},!1,{maxAge:l}),e.json({session:d,user:i.user})}return e.json(i)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Oe=async e=>await Pe()({...e,_flag:"json",headers:e.headers}),_=de(async e=>{let t=await Oe(e);if(!t?.session)throw new Q.APIError("UNAUTHORIZED");return{session:t}}),Rt=()=>y("/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),xt=y("/revoke-session",{method:"POST",body:Z.z.object({id:Z.z.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new Q.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new Q.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new Q.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Ut=y("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new Q.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function F(e,t,r){return await(0,ge.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new vt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Tt=y("/send-verification-email",{method:"POST",query:S.z.object({currentURL:S.z.string().optional()}).optional(),body:S.z.object({email:S.z.string().email(),callbackURL:S.z.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new H.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new H.APIError("BAD_REQUEST",{message:"User not found"});let o=await F(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,i,o),e.json({status:!0})}),Et=y("/verify-email",{method:"GET",query:S.z.object({token:S.z.string(),callbackURL:S.z.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await(0,ge.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new H.APIError("BAD_REQUEST",{message:"Invalid token"})}let i=S.z.object({email:S.z.string().email(),updateTo:S.z.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new H.APIError("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let a=await Oe(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new H.APIError("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new H.APIError("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(c,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var It=y("/sign-in/social",{method:"POST",query:P.z.object({currentURL:P.z.string().optional()}).optional(),body:P.z.object({callbackURL:P.z.string().optional(),provider:P.z.enum(me)})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new L.APIError("NOT_FOUND",{message:"Provider not found"});let{codeVerifier:r,state:o}=await te(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!0})}),Pt=y("/sign-in/email",{method:"POST",body:P.z.object({email:P.z.string(),password:P.z.string(),callbackURL:P.z.string().optional(),dontRememberMe:P.z.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new L.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!P.z.string().email().safeParse(t).success)throw new L.APIError("BAD_REQUEST",{message:"Invalid email"});if(!P.z.string().email().safeParse(t).success)throw new L.APIError("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new L.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let a=n.accounts.find(l=>l.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:t}),new L.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let c=a?.password;if(!c)throw e.context.logger.error("Password not found",{email:t}),new L.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(c,r))throw e.context.logger.error("Invalid password"),new L.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw h.error("Email verification is required but no email verification handler is provided"),new L.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await F(e.context.secret,n.user.email),f=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,f,l),e.context.logger.error("Email not verified",{email:t}),new L.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new L.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await O(e,{session:d,user:n.user},e.body.dontRememberMe),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var re=require("zod");var b=require("zod"),$n=b.z.object({id:b.z.string(),providerId:b.z.string(),accountId:b.z.string(),userId:b.z.string(),accessToken:b.z.string().nullable().optional(),refreshToken:b.z.string().nullable().optional(),idToken:b.z.string().nullable().optional(),expiresAt:b.z.date().nullable().optional(),password:b.z.string().optional().nullable()}),Ot=b.z.object({id:b.z.string(),email:b.z.string().transform(e=>e.toLowerCase()),emailVerified:b.z.boolean().default(!1),name:b.z.string(),image:b.z.string().optional(),createdAt:b.z.date().default(new Date),updatedAt:b.z.date().default(new Date)}),Mn=b.z.object({id:b.z.string(),userId:b.z.string(),expiresAt:b.z.date(),ipAddress:b.z.string().optional(),userAgent:b.z.string().optional()}),Hn=b.z.object({id:b.z.string(),value:b.z.string(),expiresAt:b.z.date(),identifier:b.z.string()});function Ur(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function vr(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function he(e,t,r){let o=Ur(e,"user");return vr(t||{},{fields:o,action:r})}var _t=y("/callback/:id",{method:"GET",query:re.z.object({state:re.z.string(),code:re.z.string().optional(),error:re.z.string().optional()}),metadata:$},async e=>{if(!e.query.code)throw e.redirect(`${e.context.baseURL}/error?error=${e.query.error||"no_code"}`);let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:r,callbackURL:o,link:i,errorURL:n}=await Ue(e),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(m=>m?.user),s=v(),d=Ot.safeParse({...c,id:s});if(!c||d.success===!1)throw h.error("Unable to get user info",d.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw h.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==c.email.toLowerCase())return l("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:t.id,accountId:c.id}))return l("unable_to_link_account");let w;try{w=new URL(o).toString()}catch{w=o}throw e.redirect(w)}function l(m){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${m}`)}let f=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(m=>{throw h.error(`Better auth was unable to query your database.
1
+ "use strict";var Ae=Object.defineProperty;var pr=Object.getOwnPropertyDescriptor;var fr=Object.getOwnPropertyNames;var mr=Object.prototype.hasOwnProperty;var gr=(e,t)=>{for(var r in t)Ae(e,r,{get:t[r],enumerable:!0})},hr=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of fr(t))!mr.call(e,i)&&i!==r&&Ae(e,i,{get:()=>t[i],enumerable:!(o=pr(t,i))||o.enumerable});return e};var yr=e=>hr(Ae({},"__esModule",{value:!0}),e);var qr={};gr(qr,{BetterAuthError:()=>E,HIDE_METADATA:()=>$,MissingDependencyError:()=>ke,betterAuth:()=>Vr,capitalizeFirstLetter:()=>wr,createCookieGetter:()=>fe,createLogger:()=>pe,deleteSessionCookie:()=>j,generateId:()=>v,generateState:()=>te,getCookies:()=>ve,logger:()=>h,parseCookies:()=>Rr,parseSetCookieHeader:()=>kr,parseState:()=>Ue,setSessionCookie:()=>O});module.exports=yr(qr);var K=require("better-call");var Me=require("better-call");var z=require("better-call"),Fe=(0,z.createMiddleware)(async()=>({})),de=(0,z.createMiddlewareCreator)({use:[Fe,(0,z.createMiddleware)(async()=>({}))]}),y=(0,z.createEndpointCreator)({use:[Fe]});function wr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var $={isAction:!1};var Ve=require("nanoid"),v=e=>(0,Ve.nanoid)(e);var ue=require("oslo/oauth2"),D=require("zod"),xe=require("better-call");var ce=Object.create(null),Y=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?ce:globalThis),P=new Proxy(ce,{get(e,t){return Y()[t]??ce[t]},has(e,t){let r=Y();return t in r||t in ce},set(e,t,r){let o=Y(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=Y(!0);return delete r[t],!0},ownKeys(){let e=Y(!0);return Object.keys(e)}});function br(e){return e?e!=="false":!1}var le=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",X=le==="production",qe=le==="dev"||le==="development",je=le==="test"||br(P.TEST);var E=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r}},ke=class extends E{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function Ar(e){try{return new URL(e).pathname!=="/"}catch{throw new E(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Re(e,t="/api/auth"){return Ar(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function ee(e,t){if(e)return Re(e,t);let r=P.BETTER_AUTH_URL||P.NEXT_PUBLIC_BETTER_AUTH_URL||P.PUBLIC_BETTER_AUTH_URL||P.NUXT_PUBLIC_BETTER_AUTH_URL||P.NUXT_PUBLIC_AUTH_URL||(P.BASE_URL!=="/"?P.BASE_URL:void 0);if(r)return Re(r,t);if(typeof window<"u"&&window.location)return Re(window.location.origin,t)}function ze(e){try{return new URL(e).origin}catch{return null}}async function te(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?ze(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new xe.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,ue.generateCodeVerifier)(),i=(0,ue.generateState)(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:a});if(!c)throw h.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new xe.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function Ue(e){let t=e.query.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw h.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=D.z.object({callbackURL:D.z.string(),codeVerifier:D.z.string(),errorURL:D.z.string().optional(),expiresAt:D.z.number(),link:D.z.object({email:D.z.string(),userId:D.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),h.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var $e=require("consola"),M=(0,$e.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),pe=e=>({log:(...t)=>{!e?.disabled&&M.log("",...t)},error:(...t)=>{!e?.disabled&&M.error("",...t)},warn:(...t)=>{!e?.disabled&&M.warn("",...t)},info:(...t)=>{!e?.disabled&&M.info("",...t)},debug:(...t)=>{!e?.disabled&&M.debug("",...t)},box:(...t)=>{!e?.disabled&&M.box("",...t)},success:(...t)=>{!e?.disabled&&M.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
2
+ `)}}),h=pe();var He=de(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,c=r?.currentURL,s=o.trustedOrigins,d=e.headers?.has("cookie"),l=(u,p)=>p.includes("*")?new RegExp("^"+p.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(u):u.startsWith(p),f=(u,p)=>{if(!u)return;if(!s.some(m=>l(u,m)||u?.startsWith("/")&&p!=="origin"&&!u.includes(":")))throw h.error(`Invalid ${p}: ${u}`),h.info(`If it's a valid URL, please add ${u} to trustedOrigins in your auth config
3
+ `,`Current list of trustedOrigins: ${s}`),new Me.APIError("FORBIDDEN",{message:`Invalid ${p}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&f(i,"origin"),n&&f(n,"callbackURL"),a&&f(a,"redirectURL"),c&&f(c,"currentURL")});var L=require("better-call"),I=require("zod");var Ge=require("oslo");function fe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):X)?"__Secure-":"",o=!!e.advanced?.crossSubDomainCookies?.enabled,i=o?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(o&&!i)throw new E("baseURL is required when crossSubdomainCookies are enabled");function n(a,c={}){let s=e.advanced?.cookiePrefix||e.appName||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${s}.${a}`,l=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...o?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...c,...l}}}return n}function ve(e){let t=fe(e),r=e.session?.expiresIn||new Ge.TimeSpan(7,"d").seconds(),o=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),n=t("dont_remember");return{sessionToken:{name:o.name,options:o.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:n.name,options:n.attributes}}}async function O(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&await e.setSignedCookie(e.context.authCookies.sessionData.name,JSON.stringify(t),e.context.secret,e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function kr(e){let t=new Map;return e.split(", ").forEach(o=>{let[i,...n]=o.split("; "),[a,c]=i.split("="),s={value:c};n.forEach(d=>{let[l,f]=d.split("=");s[l.toLowerCase()]=f||!0}),t.set(a,s)}),t}function Rr(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[i,n]=o.split("=");r.set(i,n)}),r}var Ye=require("oslo/jwt");var Ke=require("oslo/crypto"),Qe=require("oslo/encoding");var N=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function Ze(e){let t=await(0,Ke.sha256)(new TextEncoder().encode(e));return Qe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function We(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?N(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function k({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&i){let l=await Ze(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((f,u)=>(f[u]=null,f),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}var Je=require("@better-fetch/fetch");async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i}){let n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),t&&n.set("code_verifier",t),n.set("redirect_uri",r),n.set("client_id",o.clientId),n.set("client_secret",o.clientSecret);let{data:a,error:c}=await(0,Je.betterFetch)(i,{method:"POST",body:n,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return We(a)}var Xe=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name","openid"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=(0,Ye.parseJWT)(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};var et=require("@better-fetch/fetch");var tt=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,et.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var rt=require("@better-fetch/fetch");var ot=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await k({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,rt.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var Te=require("@better-fetch/fetch");var nt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let a=o||["user:email"];return e.scope&&a.push(...e.scope),k({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,Te.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:a,error:c}=await(0,Te.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,n=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};var it=require("oslo/jwt");var st=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw h.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new E("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new E("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let a=await k({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=(0,it.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var at=require("@better-fetch/fetch"),dt=require("oslo/jwt");var ct=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),k({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:a}){return A({code:i,codeVerifier:n,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=(0,dt.parseJWT)(i.idToken)?.payload,a=e.profilePhotoSize||48;return await(0,at.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(s){h.error(s)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};var lt=require("@better-fetch/fetch");var ut=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),k({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,lt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var Ho=require("@better-fetch/fetch");var pt=require("oslo/jwt");var ft=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),k({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return h.error("No idToken found in token"),null;let o=(0,pt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var mt=require("@better-fetch/fetch");var gt=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["account_info.read"];return e.scope&&r.push(...e.scope),k({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,mt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var ht=require("@better-fetch/fetch");var yt=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let a=o||["account_info.read"];return e.scope&&a.push(...e.scope),await k({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,ht.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var wt=require("@better-fetch/fetch");var bt=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await k({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await A({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await(0,wt.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};var At=require("@better-fetch/fetch");var Ee=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),xr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ee(`${t}/oauth/authorize`),tokenEndpoint:Ee(`${t}/oauth/token`),userinfoEndpoint:Ee(`${t}/api/v4/user`)}},kt=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=xr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:c,codeVerifier:s,redirectURI:d})=>{let l=c||["read_user"];return e.scope&&l.push(...e.scope),await k({id:i,options:e,authorizationEndpoint:t,scopes:l,state:a,redirectURI:d,codeVerifier:s})},validateAuthorizationCode:async({code:a,redirectURI:c})=>A({code:a,redirectURI:e.redirectURI||c,options:e,tokenEndpoint:r}),async getUserInfo(a){let{data:c,error:s}=await(0,At.betterFetch)(o,{headers:{authorization:`Bearer ${a.accessToken}`}});return s||c.state!=="active"||c.locked?null:{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0},data:c}}}};var Pe={apple:Xe,discord:tt,facebook:ot,github:nt,microsoft:ct,google:st,spotify:ut,twitch:ft,twitter:gt,dropbox:yt,linkedin:bt,gitlab:kt},me=Object.keys(Pe);var vt=require("oslo"),ge=require("oslo/jwt"),S=require("zod");var H=require("better-call");var Q=require("better-call");var Z=require("zod"),Ie=()=>y("/get-session",{method:"GET",query:Z.z.optional(Z.z.object({disableCookieCache:Z.z.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.getSignedCookie(e.context.authCookies.sessionData.name,e.context.secret),o=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(r&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let d=JSON.parse(r)?.session;if(d?.expiresAt>new Date)return e.json(d)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return j(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null,{status:401});if(o)return e.json(i);let n=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-n*1e3+a*1e3<=Date.now()){let d=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:N(e.context.sessionConfig.expiresIn,"sec")});if(!d)return j(e),e.json(null,{status:401});let l=(d.expiresAt.valueOf()-Date.now())/1e3;return await O(e,{session:d,user:i.user},!1,{maxAge:l}),e.json({session:d,user:i.user})}return e.json(i)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),Oe=async e=>await Ie()({...e,_flag:"json",headers:e.headers}),_=de(async e=>{let t=await Oe(e);if(!t?.session)throw new Q.APIError("UNAUTHORIZED");return{session:t}}),Rt=()=>y("/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),xt=y("/revoke-session",{method:"POST",body:Z.z.object({id:Z.z.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new Q.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new Q.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new Q.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Ut=y("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new Q.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function F(e,t,r){return await(0,ge.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new vt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Tt=y("/send-verification-email",{method:"POST",query:S.z.object({currentURL:S.z.string().optional()}).optional(),body:S.z.object({email:S.z.string().email(),callbackURL:S.z.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new H.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new H.APIError("BAD_REQUEST",{message:"User not found"});let o=await F(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,i,o),e.json({status:!0})}),Et=y("/verify-email",{method:"GET",query:S.z.object({token:S.z.string(),callbackURL:S.z.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await(0,ge.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new H.APIError("BAD_REQUEST",{message:"Invalid token"})}let i=S.z.object({email:S.z.string().email(),updateTo:S.z.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new H.APIError("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let a=await Oe(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new H.APIError("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new H.APIError("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(c,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Pt=y("/sign-in/social",{method:"POST",query:I.z.object({currentURL:I.z.string().optional()}).optional(),body:I.z.object({callbackURL:I.z.string().optional(),provider:I.z.enum(me)})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new L.APIError("NOT_FOUND",{message:"Provider not found"});let{codeVerifier:r,state:o}=await te(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!0})}),It=y("/sign-in/email",{method:"POST",body:I.z.object({email:I.z.string(),password:I.z.string(),callbackURL:I.z.string().optional(),dontRememberMe:I.z.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new L.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!I.z.string().email().safeParse(t).success)throw new L.APIError("BAD_REQUEST",{message:"Invalid email"});if(!I.z.string().email().safeParse(t).success)throw new L.APIError("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new L.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let a=n.accounts.find(l=>l.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:t}),new L.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let c=a?.password;if(!c)throw e.context.logger.error("Password not found",{email:t}),new L.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(c,r))throw e.context.logger.error("Invalid password"),new L.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw h.error("Email verification is required but no email verification handler is provided"),new L.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await F(e.context.secret,n.user.email),f=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,f,l),e.context.logger.error("Email not verified",{email:t}),new L.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new L.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await O(e,{session:d,user:n.user},e.body.dontRememberMe),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var re=require("zod");var b=require("zod"),$n=b.z.object({id:b.z.string(),providerId:b.z.string(),accountId:b.z.string(),userId:b.z.string(),accessToken:b.z.string().nullable().optional(),refreshToken:b.z.string().nullable().optional(),idToken:b.z.string().nullable().optional(),expiresAt:b.z.date().nullable().optional(),password:b.z.string().optional().nullable()}),Ot=b.z.object({id:b.z.string(),email:b.z.string().transform(e=>e.toLowerCase()),emailVerified:b.z.boolean().default(!1),name:b.z.string(),image:b.z.string().optional(),createdAt:b.z.date().default(new Date),updatedAt:b.z.date().default(new Date)}),Mn=b.z.object({id:b.z.string(),userId:b.z.string(),expiresAt:b.z.date(),ipAddress:b.z.string().optional(),userAgent:b.z.string().optional()}),Hn=b.z.object({id:b.z.string(),value:b.z.string(),expiresAt:b.z.date(),identifier:b.z.string()});function Ur(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function vr(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function he(e,t,r){let o=Ur(e,"user");return vr(t||{},{fields:o,action:r})}var _t=y("/callback/:id",{method:"GET",query:re.z.object({state:re.z.string(),code:re.z.string().optional(),error:re.z.string().optional()}),metadata:$},async e=>{if(!e.query.code)throw e.redirect(`${e.context.baseURL}/error?error=${e.query.error||"no_code"}`);let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:r,callbackURL:o,link:i,errorURL:n}=await Ue(e),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(m=>m?.user),s=v(),d=Ot.safeParse({...c,id:s});if(!c||d.success===!1)throw h.error("Unable to get user info",d.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw h.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==c.email.toLowerCase())return l("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:t.id,accountId:c.id}))return l("unable_to_link_account");let w;try{w=new URL(o).toString()}catch{w=o}throw e.redirect(w)}function l(m){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${m}`)}let f=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(m=>{throw h.error(`Better auth was unable to query your database.
4
4
  Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),u=f?.user;if(f){let m=f.accounts.find(w=>w.providerId===t.id);if(m)await e.context.internalAdapter.updateAccount(m.id,{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt});else{(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)&&!c.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)&&(qe&&h.warn(`User already exist but account isn't linked to ${t.id}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),l("account_not_linked"));try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:f.user.id,accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt})}catch(Ne){h.error("Unable to link account",Ne),l("unable_to_link_account")}}}else try{let m=c.emailVerified||!1;if(u=await e.context.internalAdapter.createOAuthUser({...d.data,emailVerified:m},{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt,providerId:t.id,accountId:c.id.toString()}).then(w=>w?.user),!m&&u&&e.context.options.emailVerification?.sendOnSignUp){let w=await F(e.context.secret,u.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(u,R,w)}}catch(m){h.error("Unable to create user",m),l("unable_to_create_user")}if(!u)return l("unable_to_create_user");let p=await e.context.internalAdapter.createSession(u.id,e.request);p||l("unable_to_create_session"),await O(e,{session:p,user:u});let g;try{g=new URL(o).toString()}catch{g=o}throw e.redirect(g)});var oi=require("zod");var St=require("better-call"),Lt=y("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new St.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});var C=require("zod");var oe=require("better-call");function Ct(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function Tr(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var Bt=y("/forget-password",{method:"POST",body:C.z.object({email:C.z.string().email(),redirectTo:C.z.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new oe.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i)),a=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${a}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,c),e.json({status:!0})}),Dt=y("/reset-password/:token",{method:"GET",query:C.z.object({callbackURL:C.z.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Ct(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Ct(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Tr(e.context,r,{token:t}))}),Nt=y("/reset-password",{query:C.z.optional(C.z.object({token:C.z.string().optional(),currentURL:C.z.string().optional()})),method:"POST",body:C.z.object({newPassword:C.z.string()})},async e=>{let t=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new oe.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new oe.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,a=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(n)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:a,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(n,a))throw new oe.APIError("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});var x=require("zod");var U=require("better-call");var Ft=()=>y("/update-user",{method:"POST",body:x.z.record(x.z.string(),x.z.any()),use:[_]},async e=>{let t=e.body;if(t.email)throw new U.APIError("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...i}=t,n=e.context.session;if(!o&&!r&&Object.keys(i).length===0)return e.json({user:n.user});let a=he(e.context.options,i,"update"),c=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...a});return await O(e,{session:n.session,user:c}),e.json({user:c})}),Vt=y("/change-password",{method:"POST",body:x.z.object({newPassword:x.z.string(),currentPassword:x.z.string(),revokeOtherSessions:x.z.boolean().optional()}),use:[_]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new U.APIError("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new U.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(i.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!s||!s.password)throw new U.APIError("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new U.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let f=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!f)throw new U.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await O(e,{session:f,user:i.user})}return e.json(i.user)}),qt=y("/set-password",{method:"POST",body:x.z.object({newPassword:x.z.string()}),metadata:{SERVER_ONLY:!0},use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new U.APIError("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new U.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),c=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new U.APIError("BAD_REQUEST",{message:"user already has a password"})}),jt=y("/delete-user",{method:"POST",body:x.z.object({password:x.z.string()}),use:[_]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!i||!i.password)throw new U.APIError("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new U.APIError("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),j(e),e.json(null)}),zt=y("/change-email",{method:"POST",query:x.z.object({currentURL:x.z.string().optional()}).optional(),body:x.z.object({newEmail:x.z.string().email(),callbackURL:x.z.string().optional()}),use:[_]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new U.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new U.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new U.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new U.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await F(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification(e.context.session.user,e.body.newEmail,o,r),e.json({user:null,status:!0})});var Er=(e="Unknown")=>`<!DOCTYPE html>
5
5
  <html lang="en">
6
6
  <head>
@@ -81,4 +81,4 @@ Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
81
81
  <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
82
82
  </div>
83
83
  </body>
84
- </html>`,$t=y("/error",{method:"GET",metadata:$},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Er(t),{headers:{"Content-Type":"text/html"}})});var Mt=y("/ok",{method:"GET",metadata:$},async e=>e.json({ok:!0}));var G=require("zod");var B=require("better-call");var Ht=()=>y("/sign-up/email",{method:"POST",query:G.z.object({currentURL:G.z.string().optional()}).optional(),body:G.z.record(G.z.string(),G.z.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new B.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:a,...c}=t;if(!G.z.string().email().safeParse(o).success)throw new B.APIError("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new B.APIError("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new B.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new B.APIError("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let u=he(e.context.options,c),p;try{if(p=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...u,emailVerified:!1}),!p)throw new B.APIError("BAD_REQUEST",{message:"Failed to create user"})}catch(w){throw h.error("Failed to create user",w),new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:w})}if(!p)throw new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let g=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:p.id,providerId:"credential",accountId:p.id,password:g,expiresAt:N(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let w=await F(e.context.secret,p.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(p,R,w)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:p,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:p,session:null}});let m=await e.context.internalAdapter.createSession(p.id,e.request);if(!m)throw new B.APIError("BAD_REQUEST",{message:"Failed to create session"});return await O(e,{session:m,user:p}),e.json({user:p,session:m})});var W=require("zod");var _e=require("better-call");var Gt=y("/list-accounts",{method:"GET",use:[_]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r)}),Kt=y("/link-social",{method:"POST",requireHeaders:!0,query:W.z.object({currentURL:W.z.string().optional()}).optional(),body:W.z.object({callbackURL:W.z.string().optional(),provider:W.z.enum(me)}),use:[_]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(c=>c.providerId===e.body.provider))throw new _e.APIError("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new _e.APIError("NOT_FOUND",{message:"Provider not found"});let n=await te(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function ye(e){let t="127.0.0.1";if(je)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let i of r){let n=o.get(i);if(typeof n=="string"){let a=n.split(",")[0].trim();if(a)return a}}return null}function Ir(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Pr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Or(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function _r(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(c){h.error("Error setting rate limit",c)}}}}var Qt=new Map;function Sr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Qt.get(r)},async set(r,o,i){Qt.set(r,o)}}:_r(e,e.rateLimit.tableName)}async function Zt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,a=ye(e)+o,s=Lr().find(u=>u.pathMatcher(o));s&&(i=s.window,n=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let p=u.rateLimit.find(g=>g.pathMatcher(o));if(p){i=p.window,n=p.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(i=u.window,n=u.max)}let d=Sr(t),l=await d.get(a),f=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:f});else{let u=f-l.lastRequest;if(Ir(n,i,l)){let p=Or(l.lastRequest,i);return Pr(p)}else u>i*1e3?await d.set(a,{...l,count:1,lastRequest:f}):await d.set(a,{...l,count:l.count+1,lastRequest:f})}}function Lr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:3}]}var Cr=require("better-call");function Se(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],n={...{signInSocial:It,callbackOAuth:_t,getSession:Pe(),signOut:Lt,signUpEmail:Ht(),signInEmail:Pt,forgetPassword:Bt,resetPassword:Nt,verifyEmail:Et,sendVerificationEmail:Tt,changeEmail:zt,changePassword:Vt,setPassword:qt,updateUser:Ft(),deleteUser:jt,forgetPasswordCallback:Dt,listSessions:Rt(),revokeSession:xt,revokeSessions:Ut,linkSocialAccount:Kt,listUserAccounts:Gt},...r,ok:Mt,error:$t},a={};for(let[c,s]of Object.entries(n))a[c]=async(d={})=>{let l=await e;for(let p of t.plugins||[])if(p.hooks?.before){for(let g of p.hooks.before)if(g.matcher({...s,...d,context:l})){let w=await g.handler({...d,context:{...l,...d?.context}});w&&"context"in w&&(l={...l,...w.context})}}let f;try{f=await s({...d,context:{...l,...d.context}})}catch(p){if(p instanceof K.APIError){let g=t.plugins?.map(R=>{if(R.hooks?.after)return R.hooks.after}).filter(R=>R!==void 0).flat();if(!g?.length)throw p;let m=new Response(JSON.stringify(p.body),{status:K.statusCode[p.status],headers:p.headers}),w;for(let R of g||[])if(R.matcher(d)){let ur=Object.assign(d,{context:{...e,returned:m}}),be=await R.handler(ur);be&&"response"in be&&(w=be.response)}if(w instanceof Response)return w;throw p}throw p}let u=f;for(let p of t.plugins||[])if(p.hooks?.after){for(let g of p.hooks.after)if(g.matcher(d)){let w=Object.assign(d,{context:{...e,returned:u}}),R=await g.handler(w);R&&"response"in R&&(u=R.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Wt=(e,t)=>{let{api:r,middlewares:o}=Se(e,t),i=new URL(e.baseURL).pathname;return(0,K.createRouter)(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:He},...o],async onRequest(n){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(n,e);if(c)return c}return Zt(n,e)},async onResponse(n){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(n,e);if(c)return c.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let a=t.logger?.verboseLogging?h:void 0;t.logger?.disabled!==!0&&(n instanceof K.APIError?(n.status==="INTERNAL_SERVER_ERROR"&&h.error(n),a?.error(n.message)):h?.error(n))}})};var V=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[f,u]of Object.entries(l))s[f]={fields:{...s[f]?.fields,...u.fields},tableName:u.tableName||f};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:n,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};var ne=require("kysely"),q=require("kysely");function Jt(e){if("dialect"in e)return Jt(e.dialect);if("createDriver"in e){if(e instanceof q.SqliteDialect)return"sqlite";if(e instanceof q.MysqlDialect)return"mysql";if(e instanceof q.PostgresDialect)return"postgres";if(e instanceof ne.MssqlDialect)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var ie=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new ne.Kysely({dialect:t.dialect}),databaseType:t.type};let r,o=Jt(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new q.SqliteDialect({database:t})),"getConnection"in t&&(r=new q.MysqlDialect({pool:t})),"connect"in t&&(r=new q.PostgresDialect({pool:t})),{kysely:r?new ne.Kysely({dialect:r}):null,databaseType:o}};function se(e){if(!e)return{and:null,or:null};let t={and:[],or:[]};return e.forEach(r=>{let{field:o,value:i,operator:n="=",connector:a="AND"}=r,c=s=>n.toLowerCase()==="in"?s(o,"in",Array.isArray(i)?i:[i]):n==="contains"?s(o,"like",`%${i}%`):n==="starts_with"?s(o,"like",`${i}%`):n==="ends_with"?s(o,"like",`%${i}`):s(o,n,i);a==="OR"?t.or.push(c):t.and.push(c)}),{and:t.and.length?t.and:null,or:t.or.length?t.or:null}}function we(e,t,r){for(let o in e){let i=t[o]||Object.values(t).find(n=>n.fieldName===o);e[o]===0&&i.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&i?.type==="boolean"&&r?.boolean&&(e[o]=!0),i?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])))}return e}function Yt(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var Xt=(e,t)=>({id:"kysely",async create(r){let{model:o,data:i,select:n}=r;t?.transform&&(i=Yt(i,t.transform)),t?.generateId!==void 0&&(i.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(i).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?we(i,c,t.transform):a}return n?.length&&(a=a?n.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:i,select:n}=r,{and:a,or:c}=se(i),s=e.selectFrom(o).selectAll();a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.executeTakeFirst();if(n?.length&&(d=d?n.reduce((f,u)=>d?.[u]?{...f,[u]:d[u]}:f,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?we(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:i,limit:n,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=se(i);d&&(s=s.where(u=>u.and(d.map(p=>p(u))))),l&&(s=s.where(u=>u.or(l.map(p=>p(u))))),s=s.limit(n||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let f=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?f.map(p=>we(p,u,t.transform)):f}return f},async update(r){let{model:o,where:i,update:n}=r,{and:a,or:c}=se(i);t?.transform&&(n=Yt(n,t.transform)),n.id&&(n.id=void 0);let s=e.updateTable(o).set(n);a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?we(d,l,t.transform):d}return d},async delete(r){let{model:o,where:i}=r,{and:n,or:a}=se(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()},async deleteMany(r){let{model:o,where:i}=r,{and:n,or:a}=se(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()}});async function er(e){if(!e.database)throw new E("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await ie(e);if(!t)throw new E("Failed to initialize database adapter");let o=V(e),i={};for(let n of Object.values(o))i[n.tableName]=n.fields;return Xt(t,{transform:{schema:i,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function Le(e,t){let r=t.id?{id:t.id}:{};for(let o in e){let i=e[o],n=t[o];n!==void 0&&(r[i.fieldName||o]=n)}return r}function T(e,t){if(!t)return null;let r={id:t.id};for(let[o,i]of Object.entries(e))r[o]=t[i.fieldName||o];return r}var ae=require("oslo/encoding");function tr(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let i=0;for(let n=0;n<r.length;n++)i|=r[n]^o[n];return i===0}var rr=require("@noble/hashes/scrypt"),or=require("uncrypto"),J={N:16384,r:16,p:1,dkLen:64};async function nr(e,t){return await(0,rr.scryptAsync)(e.normalize("NFKC"),t,{N:J.N,p:J.p,r:J.r,dkLen:J.dkLen,maxmem:128*J.N*J.r*2})}var ir=async e=>{let t=(0,ae.encodeHex)((0,or.getRandomValues)(new Uint8Array(16))),r=await nr(e,t);return`${t}:${(0,ae.encodeHex)(r)}`},sr=async(e,t)=>{let[r,o]=e.split(":"),i=await nr(t,r);return tr(i,(0,ae.decodeHex)(o))};function ar(e,t){let r=t.hooks,o=V(t.options);async function i(a,c,s){let d=a,l=o[c];for(let p of r||[]){let g=p[c]?.create?.before;if(g){let m=await g(a);if(m===!1)return null;typeof m=="object"&&"data"in m&&(d=m.data)}}let f=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{...Le(l.fields,d),id:d.id||v()}}):f;for(let p of r||[]){let g=p[c]?.create?.after;g&&await g(u)}return T(l.fields,u)}async function n(a,c,s,d){let l=a;for(let p of r||[]){let g=p[s]?.update?.before;if(g){let m=await g(a);if(m===!1)return null;l=typeof m=="object"?m.data:m}}let f=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:Le(o[s].fields,l),where:c}):f;for(let p of r||[]){let g=p[s]?.update?.after;g&&await g(u)}return T(o[s].fields,u)}return{createWithHooks:i,updateWithHooks:n}}var Ce=(e,t)=>{let r=t.options,o=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,n=V(r),{createWithHooks:a,updateWithHooks:c}=ar(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a({id:v(),createdAt:new Date,updatedAt:new Date,...s},"user"),f=await a({id:v(),...d,userId:l.id||s.id},"account");return{user:l,account:f}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:v(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:v(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l,f)=>(await e.findMany({model:n.user.tableName,limit:s,offset:d,sortBy:l,where:f})).map(p=>T(n.user.fields,p)),deleteUser:async s=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,f)=>{let u=d instanceof Request?d.headers:d,p={id:v(32),userId:s,expiresAt:l?N(60*60*24,"sec"):N(i,"sec"),ipAddress:d&&ye(d)||"",userAgent:u?.get("user-agent")||"",...f};return await a(p,"session",o?{fn:async m=>{let w=await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]});return o.set(m.id,JSON.stringify({session:m,user:w}),i),m},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let u=await o.get(s);if(u){let p=JSON.parse(u);return{session:{...p.session,expiresAt:new Date(p.session.expiresAt)},user:{...p.user,createdAt:new Date(p.user.createdAt),updatedAt:new Date(p.user.updatedAt)}}}}let d=await e.findOne({model:n.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=T(n.session.fields,d),f=await e.findOne({model:n.user.tableName,where:[{value:l.userId,field:"id"}]});return f?{session:l,user:T(n.user.fields,f)}:null},findSessions:async s=>{if(o){let u=[];for(let p of s){let g=await o.get(p);if(g){let m=JSON.parse(g),w={session:{...m.session,expiresAt:new Date(m.session.expiresAt)},user:{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)}};u.push(w)}}return u}let d=await e.findMany({model:n.session.tableName,where:[{field:"id",value:s,operator:"in"}]}),l=d.map(u=>T(n.session.fields,u).userId);if(!l.length)return[];let f=await e.findMany({model:n.user.tableName,where:[{field:"id",value:l,operator:"in"}]});return d.map(u=>{let p=f.find(g=>g.id===u.userId);return p?{session:T(n.session.fields,u),user:T(n.user.fields,p)}:null})},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(f){let u=await o.get(s),p=null;if(u){let g=JSON.parse(u);p={...g.session,...f},await o.set(s,JSON.stringify({session:p,user:g.user}),g.session.expiresAt?Math.floor((g.session.expiresAt.getTime()-Date.now())/1e3):i)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});return}await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:n.user.tableName,where:[{value:s.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let f=await e.findMany({model:n.account.tableName,where:[{value:l.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:T(n.user.fields,l),accounts:f.map(u=>T(n.account.fields,u))}}return{user:T(n.user.fields,l),accounts:[]}},findUserById:async s=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:v(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:n.user.fields.email.fieldName||"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:n.account.fields.userId.fieldName||"userId",value:s},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]})).map(l=>T(n.account.fields,l)),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:v(),...s},"verification"),findVerificationValue:async s=>{let d=await e.findMany({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:s}],limit:100}),l=d.pop();return d.length>0&&await e.deleteMany({model:n.verification.tableName,where:[{operator:"in",field:"id",value:d.map(f=>f.id)}]}),l?T(n.verification.fields,l):null},deleteVerificationValue:async s=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};var Br=require("zod");var cr=require("defu");var Be="better-auth-secret-123456789";var De=require("better-call");async function dr(e,t){let o=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=o?.password;if(!o||!i)throw new De.APIError("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(i,t.body.password))throw new De.APIError("BAD_REQUEST",{message:"Invalid password"});return!0}var lr=async e=>{let t=await er(e),r=e.plugins||[],o=Nr(e),{kysely:i}=await ie(e),n=ee(e.baseURL,e.basePath),a=e.secret||I.BETTER_AUTH_SECRET||I.AUTH_SECRET||Be;a===Be&&X&&h.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:n?new URL(n).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let c=ve(e),s=V(e),d=Object.keys(e.socialProviders||{}).map(u=>{let p=e.socialProviders?.[u];return p.enabled===!1?null:((!p.clientId||!p.clientSecret)&&h.warn(`Social provider ${u} is missing clientId or clientSecret`),Ie[u](p))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:Fr(e),baseURL:n||"",sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??X,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:pe({disabled:e.logger?.disabled||!1}),db:i,uuid:v,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||ir,verify:e.emailAndPassword?.password?.verify||sr,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:dr},adapter:t,internalAdapter:Ce(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:fe(e)},{context:f}=Dr(l);return f};function Dr(e){let t=e.options,r=t.plugins||[],o=e,i=[];for(let n of r)if(n.init){let a=n.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=(0,cr.defu)(t,a.options)),a.context&&(o={...o,...a.context}))}return i.push(t.databaseHooks),o.internalAdapter=Ce(e.adapter,{options:t,hooks:i.filter(n=>n!==void 0)}),o.options=t,{context:o}}function Nr(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function Fr(e){let t=ee(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=I.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var Vr=e=>{let t=lr(e),{api:r}=Se(t,e);return{handler:async o=>{let i=await t,n=i.options.basePath||"/api/auth",a=new URL(o.url);if(!i.options.baseURL){let s=ee(void 0,n)||`${a.origin}${n}`;i.options.baseURL=s,i.baseURL=s}if(i.trustedOrigins=[a.origin,...i.options.trustedOrigins||[]],!i.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===n||a.pathname===`${n}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Wt(i,e);return c(o)},api:r,options:e,$Infer:{}}};0&&(module.exports={BetterAuthError,HIDE_METADATA,MissingDependencyError,betterAuth,capitalizeFirstLetter,createCookieGetter,createLogger,deleteSessionCookie,generateId,generateState,getCookies,logger,parseCookies,parseSetCookieHeader,parseState,setSessionCookie});
84
+ </html>`,$t=y("/error",{method:"GET",metadata:$},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Er(t),{headers:{"Content-Type":"text/html"}})});var Mt=y("/ok",{method:"GET",metadata:$},async e=>e.json({ok:!0}));var G=require("zod");var B=require("better-call");var Ht=()=>y("/sign-up/email",{method:"POST",query:G.z.object({currentURL:G.z.string().optional()}).optional(),body:G.z.record(G.z.string(),G.z.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new B.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:a,...c}=t;if(!G.z.string().email().safeParse(o).success)throw new B.APIError("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new B.APIError("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new B.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new B.APIError("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let u=he(e.context.options,c),p;try{if(p=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...u,emailVerified:!1}),!p)throw new B.APIError("BAD_REQUEST",{message:"Failed to create user"})}catch(w){throw h.error("Failed to create user",w),new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:w})}if(!p)throw new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let g=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:p.id,providerId:"credential",accountId:p.id,password:g,expiresAt:N(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let w=await F(e.context.secret,p.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(p,R,w)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:p,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:p,session:null}});let m=await e.context.internalAdapter.createSession(p.id,e.request);if(!m)throw new B.APIError("BAD_REQUEST",{message:"Failed to create session"});return await O(e,{session:m,user:p}),e.json({user:p,session:m})});var W=require("zod");var _e=require("better-call");var Gt=y("/list-accounts",{method:"GET",use:[_]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r)}),Kt=y("/link-social",{method:"POST",requireHeaders:!0,query:W.z.object({currentURL:W.z.string().optional()}).optional(),body:W.z.object({callbackURL:W.z.string().optional(),provider:W.z.enum(me)}),use:[_]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(c=>c.providerId===e.body.provider))throw new _e.APIError("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new _e.APIError("NOT_FOUND",{message:"Provider not found"});let n=await te(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function ye(e){let t="127.0.0.1";if(je)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let i of r){let n=o.get(i);if(typeof n=="string"){let a=n.split(",")[0].trim();if(a)return a}}return null}function Pr(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Ir(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Or(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function _r(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(c){h.error("Error setting rate limit",c)}}}}var Qt=new Map;function Sr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Qt.get(r)},async set(r,o,i){Qt.set(r,o)}}:_r(e,e.rateLimit.tableName)}async function Zt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,a=ye(e)+o,s=Lr().find(u=>u.pathMatcher(o));s&&(i=s.window,n=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let p=u.rateLimit.find(g=>g.pathMatcher(o));if(p){i=p.window,n=p.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(i=u.window,n=u.max)}let d=Sr(t),l=await d.get(a),f=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:f});else{let u=f-l.lastRequest;if(Pr(n,i,l)){let p=Or(l.lastRequest,i);return Ir(p)}else u>i*1e3?await d.set(a,{...l,count:1,lastRequest:f}):await d.set(a,{...l,count:l.count+1,lastRequest:f})}}function Lr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:3}]}var Cr=require("better-call");function Se(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],n={...{signInSocial:Pt,callbackOAuth:_t,getSession:Ie(),signOut:Lt,signUpEmail:Ht(),signInEmail:It,forgetPassword:Bt,resetPassword:Nt,verifyEmail:Et,sendVerificationEmail:Tt,changeEmail:zt,changePassword:Vt,setPassword:qt,updateUser:Ft(),deleteUser:jt,forgetPasswordCallback:Dt,listSessions:Rt(),revokeSession:xt,revokeSessions:Ut,linkSocialAccount:Kt,listUserAccounts:Gt},...r,ok:Mt,error:$t},a={};for(let[c,s]of Object.entries(n))a[c]=async(d={})=>{let l=await e;for(let p of t.plugins||[])if(p.hooks?.before){for(let g of p.hooks.before)if(g.matcher({...s,...d,context:l})){let w=await g.handler({...d,context:{...l,...d?.context}});w&&"context"in w&&(l={...l,...w.context})}}let f;try{f=await s({...d,context:{...l,...d.context}})}catch(p){if(p instanceof K.APIError){let g=t.plugins?.map(R=>{if(R.hooks?.after)return R.hooks.after}).filter(R=>R!==void 0).flat();if(!g?.length)throw p;let m=new Response(JSON.stringify(p.body),{status:K.statusCode[p.status],headers:p.headers}),w;for(let R of g||[])if(R.matcher(d)){let ur=Object.assign(d,{context:{...e,returned:m}}),be=await R.handler(ur);be&&"response"in be&&(w=be.response)}if(w instanceof Response)return w;throw p}throw p}let u=f;for(let p of t.plugins||[])if(p.hooks?.after){for(let g of p.hooks.after)if(g.matcher(d)){let w=Object.assign(d,{context:{...e,returned:u}}),R=await g.handler(w);R&&"response"in R&&(u=R.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Wt=(e,t)=>{let{api:r,middlewares:o}=Se(e,t),i=new URL(e.baseURL).pathname;return(0,K.createRouter)(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:He},...o],async onRequest(n){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(n,e);if(c)return c}return Zt(n,e)},async onResponse(n){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(n,e);if(c)return c.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let a=t.logger?.verboseLogging?h:void 0;t.logger?.disabled!==!0&&(n instanceof K.APIError?(n.status==="INTERNAL_SERVER_ERROR"&&h.error(n),a?.error(n.message)):h?.error(n))}})};var V=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[f,u]of Object.entries(l))s[f]={fields:{...s[f]?.fields,...u.fields},tableName:u.tableName||f};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:n,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};var ne=require("kysely"),q=require("kysely");function Jt(e){if("dialect"in e)return Jt(e.dialect);if("createDriver"in e){if(e instanceof q.SqliteDialect)return"sqlite";if(e instanceof q.MysqlDialect)return"mysql";if(e instanceof q.PostgresDialect)return"postgres";if(e instanceof ne.MssqlDialect)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var ie=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new ne.Kysely({dialect:t.dialect}),databaseType:t.type};let r,o=Jt(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new q.SqliteDialect({database:t})),"getConnection"in t&&(r=new q.MysqlDialect({pool:t})),"connect"in t&&(r=new q.PostgresDialect({pool:t})),{kysely:r?new ne.Kysely({dialect:r}):null,databaseType:o}};function se(e){if(!e)return{and:null,or:null};let t={and:[],or:[]};return e.forEach(r=>{let{field:o,value:i,operator:n="=",connector:a="AND"}=r,c=s=>n.toLowerCase()==="in"?s(o,"in",Array.isArray(i)?i:[i]):n==="contains"?s(o,"like",`%${i}%`):n==="starts_with"?s(o,"like",`${i}%`):n==="ends_with"?s(o,"like",`%${i}`):s(o,n,i);a==="OR"?t.or.push(c):t.and.push(c)}),{and:t.and.length?t.and:null,or:t.or.length?t.or:null}}function we(e,t,r){for(let o in e){let i=t[o]||Object.values(t).find(n=>n.fieldName===o);e[o]===0&&i.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&i?.type==="boolean"&&r?.boolean&&(e[o]=!0),i?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])))}return e}function Yt(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var Xt=(e,t)=>({id:"kysely",async create(r){let{model:o,data:i,select:n}=r;t?.transform&&(i=Yt(i,t.transform)),t?.generateId!==void 0&&(i.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(i).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?we(i,c,t.transform):a}return n?.length&&(a=a?n.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:i,select:n}=r,{and:a,or:c}=se(i),s=e.selectFrom(o).selectAll();a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.executeTakeFirst();if(n?.length&&(d=d?n.reduce((f,u)=>d?.[u]?{...f,[u]:d[u]}:f,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?we(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:i,limit:n,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=se(i);d&&(s=s.where(u=>u.and(d.map(p=>p(u))))),l&&(s=s.where(u=>u.or(l.map(p=>p(u))))),s=s.limit(n||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let f=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?f.map(p=>we(p,u,t.transform)):f}return f},async update(r){let{model:o,where:i,update:n}=r,{and:a,or:c}=se(i);t?.transform&&(n=Yt(n,t.transform)),n.id&&(n.id=void 0);let s=e.updateTable(o).set(n);a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?we(d,l,t.transform):d}return d},async delete(r){let{model:o,where:i}=r,{and:n,or:a}=se(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()},async deleteMany(r){let{model:o,where:i}=r,{and:n,or:a}=se(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()}});async function er(e){if(!e.database)throw new E("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await ie(e);if(!t)throw new E("Failed to initialize database adapter");let o=V(e),i={};for(let n of Object.values(o))i[n.tableName]=n.fields;return Xt(t,{transform:{schema:i,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function Le(e,t){let r=t.id?{id:t.id}:{};for(let o in e){let i=e[o],n=t[o];n!==void 0&&(r[i.fieldName||o]=n)}return r}function T(e,t){if(!t)return null;let r={id:t.id};for(let[o,i]of Object.entries(e))r[o]=t[i.fieldName||o];return r}var ae=require("oslo/encoding");function tr(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let i=0;for(let n=0;n<r.length;n++)i|=r[n]^o[n];return i===0}var rr=require("@noble/hashes/scrypt"),or=require("uncrypto"),J={N:16384,r:16,p:1,dkLen:64};async function nr(e,t){return await(0,rr.scryptAsync)(e.normalize("NFKC"),t,{N:J.N,p:J.p,r:J.r,dkLen:J.dkLen,maxmem:128*J.N*J.r*2})}var ir=async e=>{let t=(0,ae.encodeHex)((0,or.getRandomValues)(new Uint8Array(16))),r=await nr(e,t);return`${t}:${(0,ae.encodeHex)(r)}`},sr=async(e,t)=>{let[r,o]=e.split(":"),i=await nr(t,r);return tr(i,(0,ae.decodeHex)(o))};function ar(e,t){let r=t.hooks,o=V(t.options);async function i(a,c,s){let d=a,l=o[c];for(let p of r||[]){let g=p[c]?.create?.before;if(g){let m=await g(a);if(m===!1)return null;typeof m=="object"&&"data"in m&&(d=m.data)}}let f=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{...Le(l.fields,d),id:d.id||v()}}):f;for(let p of r||[]){let g=p[c]?.create?.after;g&&await g(u)}return T(l.fields,u)}async function n(a,c,s,d){let l=a;for(let p of r||[]){let g=p[s]?.update?.before;if(g){let m=await g(a);if(m===!1)return null;l=typeof m=="object"?m.data:m}}let f=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:Le(o[s].fields,l),where:c}):f;for(let p of r||[]){let g=p[s]?.update?.after;g&&await g(u)}return T(o[s].fields,u)}return{createWithHooks:i,updateWithHooks:n}}var Ce=(e,t)=>{let r=t.options,o=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,n=V(r),{createWithHooks:a,updateWithHooks:c}=ar(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a({id:v(),createdAt:new Date,updatedAt:new Date,...s},"user"),f=await a({id:v(),...d,userId:l.id||s.id},"account");return{user:l,account:f}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:v(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:v(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l,f)=>(await e.findMany({model:n.user.tableName,limit:s,offset:d,sortBy:l,where:f})).map(p=>T(n.user.fields,p)),deleteUser:async s=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,f)=>{let u=d instanceof Request?d.headers:d,p={id:v(32),userId:s,expiresAt:l?N(60*60*24,"sec"):N(i,"sec"),ipAddress:d&&ye(d)||"",userAgent:u?.get("user-agent")||"",...f};return await a(p,"session",o?{fn:async m=>{let w=await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]});return o.set(m.id,JSON.stringify({session:m,user:w}),i),m},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let u=await o.get(s);if(u){let p=JSON.parse(u);return{session:{...p.session,expiresAt:new Date(p.session.expiresAt)},user:{...p.user,createdAt:new Date(p.user.createdAt),updatedAt:new Date(p.user.updatedAt)}}}}let d=await e.findOne({model:n.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=T(n.session.fields,d),f=await e.findOne({model:n.user.tableName,where:[{value:l.userId,field:"id"}]});return f?{session:l,user:T(n.user.fields,f)}:null},findSessions:async s=>{if(o){let u=[];for(let p of s){let g=await o.get(p);if(g){let m=JSON.parse(g),w={session:{...m.session,expiresAt:new Date(m.session.expiresAt)},user:{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)}};u.push(w)}}return u}let d=await e.findMany({model:n.session.tableName,where:[{field:"id",value:s,operator:"in"}]}),l=d.map(u=>T(n.session.fields,u).userId);if(!l.length)return[];let f=await e.findMany({model:n.user.tableName,where:[{field:"id",value:l,operator:"in"}]});return d.map(u=>{let p=f.find(g=>g.id===u.userId);return p?{session:T(n.session.fields,u),user:T(n.user.fields,p)}:null})},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(f){let u=await o.get(s),p=null;if(u){let g=JSON.parse(u);p={...g.session,...f},await o.set(s,JSON.stringify({session:p,user:g.user}),g.session.expiresAt?Math.floor((g.session.expiresAt.getTime()-Date.now())/1e3):i)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});return}await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:n.user.tableName,where:[{value:s.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let f=await e.findMany({model:n.account.tableName,where:[{value:l.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:T(n.user.fields,l),accounts:f.map(u=>T(n.account.fields,u))}}return{user:T(n.user.fields,l),accounts:[]}},findUserById:async s=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:v(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:n.user.fields.email.fieldName||"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:n.account.fields.userId.fieldName||"userId",value:s},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]})).map(l=>T(n.account.fields,l)),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:v(),...s},"verification"),findVerificationValue:async s=>{let d=await e.findMany({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:s}],limit:100}),l=d.pop();return d.length>0&&await e.deleteMany({model:n.verification.tableName,where:[{operator:"in",field:"id",value:d.map(f=>f.id)}]}),l?T(n.verification.fields,l):null},deleteVerificationValue:async s=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};var Br=require("zod");var cr=require("defu");var Be="better-auth-secret-123456789";var De=require("better-call");async function dr(e,t){let o=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=o?.password;if(!o||!i)throw new De.APIError("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(i,t.body.password))throw new De.APIError("BAD_REQUEST",{message:"Invalid password"});return!0}var lr=async e=>{let t=await er(e),r=e.plugins||[],o=Nr(e),{kysely:i}=await ie(e),n=ee(e.baseURL,e.basePath),a=e.secret||P.BETTER_AUTH_SECRET||P.AUTH_SECRET||Be;a===Be&&X&&h.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:n?new URL(n).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let c=ve(e),s=V(e),d=Object.keys(e.socialProviders||{}).map(u=>{let p=e.socialProviders?.[u];return p.enabled===!1?null:((!p.clientId||!p.clientSecret)&&h.warn(`Social provider ${u} is missing clientId or clientSecret`),Pe[u](p))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:Fr(e),baseURL:n||"",sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??X,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:pe({disabled:e.logger?.disabled||!1}),db:i,uuid:v,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||ir,verify:e.emailAndPassword?.password?.verify||sr,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:dr},adapter:t,internalAdapter:Ce(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:fe(e)},{context:f}=Dr(l);return f};function Dr(e){let t=e.options,r=t.plugins||[],o=e,i=[];for(let n of r)if(n.init){let a=n.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=(0,cr.defu)(t,a.options)),a.context&&(o={...o,...a.context}))}return i.push(t.databaseHooks),o.internalAdapter=Ce(e.adapter,{options:t,hooks:i.filter(n=>n!==void 0)}),o.options=t,{context:o}}function Nr(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function Fr(e){let t=ee(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=P.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var Vr=e=>{let t=lr(e),{api:r}=Se(t,e);return{handler:async o=>{let i=await t,n=i.options.basePath||"/api/auth",a=new URL(o.url);if(!i.options.baseURL){let s=ee(void 0,n)||`${a.origin}${n}`;i.options.baseURL=s,i.baseURL=s}if(i.trustedOrigins=[a.origin,...i.options.trustedOrigins||[]],!i.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===n||a.pathname===`${n}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Wt(i,e);return c(o)},api:r,options:e,$Infer:{}}};0&&(module.exports={BetterAuthError,HIDE_METADATA,MissingDependencyError,betterAuth,capitalizeFirstLetter,createCookieGetter,createLogger,deleteSessionCookie,generateId,generateState,getCookies,logger,parseCookies,parseSetCookieHeader,parseState,setSessionCookie});
package/dist/index.d.cts CHANGED
@@ -1,8 +1,8 @@
1
- export { A as Adapter, j as AdditionalSessionFieldsInput, k as AdditionalSessionFieldsOutput, h as AdditionalUserFieldsInput, i as AdditionalUserFieldsOutput, a as Auth, p as AuthContext, s as BetterAuthCookies, B as BetterAuthOptions, b as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, m as InferPluginTypes, l as InferSession, I as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, g as betterAuth, q as createCookieGetter, x as createLogger, u as deleteSessionCookie, r as getCookies, n as init, y as logger, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-BkJnc76F.cjs';
1
+ export { A as Adapter, e as AdditionalSessionFieldsInput, f as AdditionalSessionFieldsOutput, c as AdditionalUserFieldsInput, d as AdditionalUserFieldsOutput, a as Auth, j as AuthContext, n as BetterAuthCookies, B as BetterAuthOptions, k as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, h as InferPluginTypes, g as InferSession, I as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, b as betterAuth, l as createCookieGetter, r as createLogger, o as deleteSessionCookie, m as getCookies, i as init, t as logger, q as parseCookies, p as parseSetCookieHeader, s as setSessionCookie } from './auth-B5ozNy5X.cjs';
2
2
  export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, b as LiteralUnion, P as Prettify, R as RequiredKeysOf, S as Session, c as StripEmptyObjects, U as UnionToIntersection, a as User, W as WithoutEmpty } from './index-DUqGSAH3.cjs';
3
3
  export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal, Store } from './types.cjs';
4
4
  export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.cjs';
5
- export { g as generateState, p as parseState } from './state-UgidHWa5.cjs';
5
+ export { g as generateState, p as parseState } from './state-8Gh7gmo8.cjs';
6
6
  import 'node_modules/better-call/dist/router-Bn7zn81P';
7
7
  import 'zod';
8
8
  import 'kysely';
package/dist/index.d.ts CHANGED
@@ -1,8 +1,8 @@
1
- export { A as Adapter, j as AdditionalSessionFieldsInput, k as AdditionalSessionFieldsOutput, h as AdditionalUserFieldsInput, i as AdditionalUserFieldsOutput, a as Auth, p as AuthContext, s as BetterAuthCookies, B as BetterAuthOptions, b as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, m as InferPluginTypes, l as InferSession, I as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, g as betterAuth, q as createCookieGetter, x as createLogger, u as deleteSessionCookie, r as getCookies, n as init, y as logger, w as parseCookies, v as parseSetCookieHeader, t as setSessionCookie } from './auth-G61_RA8H.js';
1
+ export { A as Adapter, e as AdditionalSessionFieldsInput, f as AdditionalSessionFieldsOutput, c as AdditionalUserFieldsInput, d as AdditionalUserFieldsOutput, a as Auth, j as AuthContext, n as BetterAuthCookies, B as BetterAuthOptions, k as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, h as InferPluginTypes, g as InferSession, I as InferUser, P as PluginSchema, R as RateLimit, S as SecondaryStorage, W as Where, b as betterAuth, l as createCookieGetter, r as createLogger, o as deleteSessionCookie, m as getCookies, i as init, t as logger, q as parseCookies, p as parseSetCookieHeader, s as setSessionCookie } from './auth-BBUjEh9D.js';
2
2
  export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, b as LiteralUnion, P as Prettify, R as RequiredKeysOf, S as Session, c as StripEmptyObjects, U as UnionToIntersection, a as User, W as WithoutEmpty } from './index-DUqGSAH3.js';
3
3
  export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal, Store } from './types.js';
4
4
  export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
5
- export { g as generateState, p as parseState } from './state-CTWPRYsC.js';
5
+ export { g as generateState, p as parseState } from './state-BU1iZb12.js';
6
6
  import 'node_modules/better-call/dist/router-Bn7zn81P';
7
7
  import 'zod';
8
8
  import 'kysely';