npm - better-auth - Versions diffs - 0.7.3 → 0.7.4 - Mend

better-auth 0.7.3 → 0.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/dist/adapters/drizzle.d.cts +1 -1
package/dist/adapters/drizzle.d.ts +1 -1
package/dist/adapters/kysely.d.cts +1 -1
package/dist/adapters/kysely.d.ts +1 -1
package/dist/adapters/mongodb.d.cts +1 -1
package/dist/adapters/mongodb.d.ts +1 -1
package/dist/adapters/prisma.d.cts +1 -1
package/dist/adapters/prisma.d.ts +1 -1
package/dist/api.cjs +5 -5
package/dist/api.d.cts +1 -1
package/dist/api.d.ts +1 -1
package/dist/api.js +5 -5
package/dist/{auth-BkJnc76F.d.cts → auth-B5ozNy5X.d.cts} +1 -1
package/dist/{auth-G61_RA8H.d.ts → auth-BBUjEh9D.d.ts} +1 -1
package/dist/client/plugins.d.cts +4 -4
package/dist/client/plugins.d.ts +4 -4
package/dist/client.d.cts +1 -1
package/dist/client.d.ts +1 -1
package/dist/cookies.d.cts +1 -1
package/dist/cookies.d.ts +1 -1
package/dist/db.d.cts +2 -2
package/dist/db.d.ts +2 -2
package/dist/{index-cKD4sHma.d.ts → index-CQluFeIi.d.ts} +2 -2
package/dist/{index-KdWDL1fo.d.cts → index-DK55nobk.d.cts} +2 -2
package/dist/index.cjs +4 -4
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +5 -5
package/dist/node.d.cts +1 -1
package/dist/node.d.ts +1 -1
package/dist/oauth2.d.cts +2 -2
package/dist/oauth2.d.ts +2 -2
package/dist/plugins.cjs +6 -6
package/dist/plugins.d.cts +73 -4
package/dist/plugins.d.ts +73 -4
package/dist/plugins.js +6 -6
package/dist/react.d.cts +1 -1
package/dist/react.d.ts +1 -1
package/dist/solid-start.d.cts +1 -1
package/dist/solid-start.d.ts +1 -1
package/dist/solid.d.cts +1 -1
package/dist/solid.d.ts +1 -1
package/dist/{state-UgidHWa5.d.cts → state-8Gh7gmo8.d.cts} +1 -1
package/dist/{state-CTWPRYsC.d.ts → state-BU1iZb12.d.ts} +1 -1
package/dist/svelte-kit.d.cts +1 -1
package/dist/svelte-kit.d.ts +1 -1
package/dist/svelte.d.cts +1 -1
package/dist/svelte.d.ts +1 -1
package/dist/types.d.cts +2 -2
package/dist/types.d.ts +2 -2
package/dist/vue.d.cts +1 -1
package/dist/vue.d.ts +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
-import{APIError as kt,createRouter as Er,statusCode as Ir}from"better-call";import{APIError as Zt}from"better-call";import{createEndpointCreator as jt,createMiddleware as xe,createMiddlewareCreator as zt}from"better-call";var Ue=xe(async()=>({})),ee=zt({use:[Ue,xe(async()=>({}))]}),h=jt({use:[Ue]});function Vr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var z={isAction:!1};import{nanoid as $t}from"nanoid";var T=e=>$t(e);import{generateCodeVerifier as Gt,generateState as Kt}from"oslo/oauth2";import{z as V}from"zod";import{APIError as Pe}from"better-call";var te=Object.create(null),G=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?te:globalThis),E=new Proxy(te,{get(e,t){return G()[t]??te[t]},has(e,t){let r=G();return t in r||t in te},set(e,t,r){let o=G(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=G(!0);return delete r[t],!0},ownKeys(){let e=G(!0);return Object.keys(e)}});function Mt(e){return e?e!=="false":!1}var re=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",K=re==="production",ve=re==="dev"||re==="development",Te=re==="test"||Mt(E.TEST);var I=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r}},Ee=class extends I{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function Ht(e){try{return new URL(e).pathname!=="/"}catch{throw new I(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ue(e,t="/api/auth"){return Ht(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function Q(e,t){if(e)return ue(e,t);let r=E.BETTER_AUTH_URL||E.NEXT_PUBLIC_BETTER_AUTH_URL||E.PUBLIC_BETTER_AUTH_URL||E.NUXT_PUBLIC_BETTER_AUTH_URL||E.NUXT_PUBLIC_AUTH_URL||(E.BASE_URL!=="/"?E.BASE_URL:void 0);if(r)return ue(r,t);if(typeof window<"u"&&window.location)return ue(window.location.origin,t)}function Ie(e){try{return new URL(e).origin}catch{return null}}async function oe(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?Ie(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Pe("BAD_REQUEST",{message:"callbackURL is required"});let o=Gt(),i=Kt(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:a});if(!c)throw y.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Pe("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function Oe(e){let t=e.query.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw y.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=V.object({callbackURL:V.string(),codeVerifier:V.string(),errorURL:V.string().optional(),expiresAt:V.number(),link:V.object({email:V.string(),userId:V.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),y.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}import{createConsola as Qt}from"consola";var q=Qt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),pe=e=>({log:(...t)=>{!e?.disabled&&q.log("",...t)},error:(...t)=>{!e?.disabled&&q.error("",...t)},warn:(...t)=>{!e?.disabled&&q.warn("",...t)},info:(...t)=>{!e?.disabled&&q.info("",...t)},debug:(...t)=>{!e?.disabled&&q.debug("",...t)},box:(...t)=>{!e?.disabled&&q.box("",...t)},success:(...t)=>{!e?.disabled&&q.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
-`)}}),y=pe();var _e=ee(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL,a=t?.redirectTo,c=r?.currentURL,s=o.trustedOrigins,d=e.headers?.has("cookie"),l=(f,u)=>{if(!s.some(g=>f?.startsWith(g)||f?.startsWith("/")&&u!=="origin"))throw y.error(`Invalid ${u}: ${f}`),y.info(`If it's a valid URL, please add ${f} to trustedOrigins in your auth config
-`,`Current list of trustedOrigins: ${s}`),new Zt("FORBIDDEN",{message:`Invalid ${u}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&l(i,"origin"),n&&l(n,"callbackURL"),a&&l(a,"redirectURL"),c&&l(c,"currentURL")});import{APIError as L}from"better-call";import{z as O}from"zod";import{TimeSpan as Wt}from"oslo";function fe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):K)?"__Secure-":"",o=!!e.advanced?.crossSubDomainCookies?.enabled,i=o?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(o&&!i)throw new I("baseURL is required when crossSubdomainCookies are enabled");function n(a,c={}){let s=e.advanced?.cookiePrefix||e.appName||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${s}.${a}`,l=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...o?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...c,...l}}}return n}function Se(e){let t=fe(e),r=e.session?.expiresIn||new Wt(7,"d").seconds(),o=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),n=t("dont_remember");return{sessionToken:{name:o.name,options:o.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:n.name,options:n.attributes}}}async function _(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&await e.setSignedCookie(e.context.authCookies.sessionData.name,JSON.stringify(t),e.context.secret,e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function wo(e){let t=new Map;return e.split(", ").forEach(o=>{let[i,...n]=o.split("; "),[a,c]=i.split("="),s={value:c};n.forEach(d=>{let[l,f]=d.split("=");s[l.toLowerCase()]=f||!0}),t.set(a,s)}),t}function bo(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[i,n]=o.split("=");r.set(i,n)}),r}import{parseJWT as er}from"oslo/jwt";import{sha256 as Jt}from"oslo/crypto";import{base64url as Yt}from"oslo/encoding";var B=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function Le(e){let t=await Jt(new TextEncoder().encode(e));return Yt.encode(new Uint8Array(t),{includePadding:!1})}function Ce(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?B(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function k({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&i){let l=await Le(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((f,u)=>(f[u]=null,f),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}import{betterFetch as Xt}from"@better-fetch/fetch";async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i}){let n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),t&&n.set("code_verifier",t),n.set("redirect_uri",r),n.set("client_id",o.clientId),n.set("client_secret",o.clientSecret);let{data:a,error:c}=await Xt(i,{method:"POST",body:n,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return Ce(a)}var Be=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name","openid"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=er(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as tr}from"@better-fetch/fetch";var De=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await tr("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as rr}from"@better-fetch/fetch";var Ne=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await k({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await rr("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as Fe}from"@better-fetch/fetch";var Ve=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let a=o||["user:email"];return e.scope&&a.push(...e.scope),k({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await Fe("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:a,error:c}=await Fe("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,n=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};import{parseJWT as or}from"oslo/jwt";var qe=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw y.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new I("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new I("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let a=await k({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=or(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as nr}from"@better-fetch/fetch";import{parseJWT as ir}from"oslo/jwt";var je=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),k({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:a}){return A({code:i,codeVerifier:n,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=ir(i.idToken)?.payload,a=e.profilePhotoSize||48;return await nr(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(s){y.error(s)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};import{betterFetch as sr}from"@better-fetch/fetch";var ze=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),k({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await sr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";import{parseJWT as ar}from"oslo/jwt";var $e=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),k({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return y.error("No idToken found in token"),null;let o=ar(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as dr}from"@better-fetch/fetch";var Me=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["account_info.read"];return e.scope&&r.push(...e.scope),k({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await dr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as cr}from"@better-fetch/fetch";var He=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let a=o||["account_info.read"];return e.scope&&a.push(...e.scope),await k({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await cr("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};import{betterFetch as lr}from"@better-fetch/fetch";var Ge=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await k({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await A({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await lr("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};import{betterFetch as ur}from"@better-fetch/fetch";var me=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),pr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:me(`${t}/oauth/authorize`),tokenEndpoint:me(`${t}/oauth/token`),userinfoEndpoint:me(`${t}/api/v4/user`)}},Ke=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=pr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:c,codeVerifier:s,redirectURI:d})=>{let l=c||["read_user"];return e.scope&&l.push(...e.scope),await k({id:i,options:e,authorizationEndpoint:t,scopes:l,state:a,redirectURI:d,codeVerifier:s})},validateAuthorizationCode:async({code:a,redirectURI:c})=>A({code:a,redirectURI:e.redirectURI||c,options:e,tokenEndpoint:r}),async getUserInfo(a){let{data:c,error:s}=await ur(o,{headers:{authorization:`Bearer ${a.accessToken}`}});return s||c.state!=="active"||c.locked?null:{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0},data:c}}}};var ge={apple:Be,discord:De,facebook:Ne,github:Ve,microsoft:je,google:qe,spotify:ze,twitch:$e,twitter:Me,dropbox:He,linkedin:Ge,gitlab:Ke},ne=Object.keys(ge);import{TimeSpan as fr}from"oslo";import{createJWT as mr,validateJWT as gr}from"oslo/jwt";import{z as S}from"zod";import{APIError as $}from"better-call";import{APIError as Z}from"better-call";import{z as W}from"zod";var he=()=>h("/get-session",{method:"GET",query:W.optional(W.object({disableCookieCache:W.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.getSignedCookie(e.context.authCookies.sessionData.name,e.context.secret),o=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(r&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let d=JSON.parse(r)?.session;if(d?.expiresAt>new Date)return e.json(d)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return j(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null,{status:401});if(o)return e.json(i);let n=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-n*1e3+a*1e3<=Date.now()){let d=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:B(e.context.sessionConfig.expiresIn,"sec")});if(!d)return j(e),e.json(null,{status:401});let l=(d.expiresAt.valueOf()-Date.now())/1e3;return await _(e,{session:d,user:i.user},!1,{maxAge:l}),e.json({session:d,user:i.user})}return e.json(i)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ye=async e=>await he()({...e,_flag:"json",headers:e.headers}),P=ee(async e=>{let t=await ye(e);if(!t?.session)throw new Z("UNAUTHORIZED");return{session:t}}),Qe=()=>h("/list-sessions",{method:"GET",use:[P],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ze=h("/revoke-session",{method:"POST",body:W.object({id:W.string()}),use:[P],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new Z("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new Z("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new Z("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),We=h("/revoke-sessions",{method:"POST",use:[P],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new Z("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function D(e,t,r){return await mr("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new fr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Je=h("/send-verification-email",{method:"POST",query:S.object({currentURL:S.string().optional()}).optional(),body:S.object({email:S.string().email(),callbackURL:S.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new $("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new $("BAD_REQUEST",{message:"User not found"});let o=await D(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,i,o),e.json({status:!0})}),Ye=h("/verify-email",{method:"GET",query:S.object({token:S.string(),callbackURL:S.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await gr("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new $("BAD_REQUEST",{message:"Invalid token"})}let i=S.object({email:S.string().email(),updateTo:S.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new $("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let a=await ye(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new $("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new $("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(c,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Xe=h("/sign-in/social",{method:"POST",query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({callbackURL:O.string().optional(),provider:O.enum(ne)})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new L("NOT_FOUND",{message:"Provider not found"});let{codeVerifier:r,state:o}=await oe(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!0})}),et=h("/sign-in/email",{method:"POST",body:O.object({email:O.string(),password:O.string(),callbackURL:O.string().optional(),dontRememberMe:O.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new L("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!O.string().email().safeParse(t).success)throw new L("BAD_REQUEST",{message:"Invalid email"});if(!O.string().email().safeParse(t).success)throw new L("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new L("UNAUTHORIZED",{message:"Invalid email or password"});let a=n.accounts.find(l=>l.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:t}),new L("UNAUTHORIZED",{message:"Invalid email or password"});let c=a?.password;if(!c)throw e.context.logger.error("Password not found",{email:t}),new L("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(c,r))throw e.context.logger.error("Invalid password"),new L("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw y.error("Email verification is required but no email verification handler is provided"),new L("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await D(e.context.secret,n.user.email),f=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,f,l),e.context.logger.error("Email not verified",{email:t}),new L("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new L("UNAUTHORIZED",{message:"Failed to create session"});return await _(e,{session:d,user:n.user},e.body.dontRememberMe),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as se}from"zod";import{z as b}from"zod";var Ai=b.object({id:b.string(),providerId:b.string(),accountId:b.string(),userId:b.string(),accessToken:b.string().nullable().optional(),refreshToken:b.string().nullable().optional(),idToken:b.string().nullable().optional(),expiresAt:b.date().nullable().optional(),password:b.string().optional().nullable()}),tt=b.object({id:b.string(),email:b.string().transform(e=>e.toLowerCase()),emailVerified:b.boolean().default(!1),name:b.string(),image:b.string().optional(),createdAt:b.date().default(new Date),updatedAt:b.date().default(new Date)}),ki=b.object({id:b.string(),userId:b.string(),expiresAt:b.date(),ipAddress:b.string().optional(),userAgent:b.string().optional()}),Ri=b.object({id:b.string(),value:b.string(),expiresAt:b.date(),identifier:b.string()});function hr(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function yr(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function ie(e,t,r){let o=hr(e,"user");return yr(t||{},{fields:o,action:r})}var rt=h("/callback/:id",{method:"GET",query:se.object({state:se.string(),code:se.string().optional(),error:se.string().optional()}),metadata:z},async e=>{if(!e.query.code)throw e.redirect(`${e.context.baseURL}/error?error=${e.query.error||"no_code"}`);let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:r,callbackURL:o,link:i,errorURL:n}=await Oe(e),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(m=>m?.user),s=T(),d=tt.safeParse({...c,id:s});if(!c||d.success===!1)throw y.error("Unable to get user info",d.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw y.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==c.email.toLowerCase())return l("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:t.id,accountId:c.id}))return l("unable_to_link_account");let w;try{w=new URL(o).toString()}catch{w=o}throw e.redirect(w)}function l(m){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${m}`)}let f=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(m=>{throw y.error(`Better auth was unable to query your database.
-Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),u=f?.user;if(f){let m=f.accounts.find(w=>w.providerId===t.id);if(m)await e.context.internalAdapter.updateAccount(m.id,{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt});else{(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)&&!c.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)&&(ve&&y.warn(`User already exist but account isn't linked to ${t.id}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),l("account_not_linked"));try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:f.user.id,accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt})}catch(Re){y.error("Unable to link account",Re),l("unable_to_link_account")}}}else try{let m=c.emailVerified||!1;if(u=await e.context.internalAdapter.createOAuthUser({...d.data,emailVerified:m},{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt,providerId:t.id,accountId:c.id.toString()}).then(w=>w?.user),!m&&u&&e.context.options.emailVerification?.sendOnSignUp){let w=await D(e.context.secret,u.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(u,R,w)}}catch(m){y.error("Unable to create user",m),l("unable_to_create_user")}if(!u)return l("unable_to_create_user");let p=await e.context.internalAdapter.createSession(u.id,e.request);p||l("unable_to_create_session"),await _(e,{session:p,user:u});let g;try{g=new URL(o).toString()}catch{g=o}throw e.redirect(g)});import"zod";import{APIError as wr}from"better-call";var ot=h("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new wr("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});import{z as C}from"zod";import{APIError as ae}from"better-call";function nt(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function br(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var it=h("/forget-password",{method:"POST",body:C.object({email:C.string().email(),redirectTo:C.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ae("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i)),a=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${a}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,c),e.json({status:!0})}),st=h("/reset-password/:token",{method:"GET",query:C.object({callbackURL:C.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(br(e.context,r,{token:t}))}),at=h("/reset-password",{query:C.optional(C.object({token:C.string().optional(),currentURL:C.string().optional()})),method:"POST",body:C.object({newPassword:C.string()})},async e=>{let t=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ae("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ae("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,a=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(n)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:a,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(n,a))throw new ae("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as x}from"zod";import{APIError as U}from"better-call";var dt=()=>h("/update-user",{method:"POST",body:x.record(x.string(),x.any()),use:[P]},async e=>{let t=e.body;if(t.email)throw new U("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...i}=t,n=e.context.session;if(!o&&!r&&Object.keys(i).length===0)return e.json({user:n.user});let a=ie(e.context.options,i,"update"),c=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...a});return await _(e,{session:n.session,user:c}),e.json({user:c})}),ct=h("/change-password",{method:"POST",body:x.object({newPassword:x.string(),currentPassword:x.string(),revokeOtherSessions:x.boolean().optional()}),use:[P]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new U("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new U("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(i.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!s||!s.password)throw new U("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new U("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let f=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!f)throw new U("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await _(e,{session:f,user:i.user})}return e.json(i.user)}),lt=h("/set-password",{method:"POST",body:x.object({newPassword:x.string()}),metadata:{SERVER_ONLY:!0},use:[P]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new U("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new U("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),c=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new U("BAD_REQUEST",{message:"user already has a password"})}),ut=h("/delete-user",{method:"POST",body:x.object({password:x.string()}),use:[P]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!i||!i.password)throw new U("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new U("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),j(e),e.json(null)}),pt=h("/change-email",{method:"POST",query:x.object({currentURL:x.string().optional()}).optional(),body:x.object({newEmail:x.string().email(),callbackURL:x.string().optional()}),use:[P]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new U("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new U("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new U("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new U("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await D(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification(e.context.session.user,e.body.newEmail,o,r),e.json({user:null,status:!0})});var Ar=(e="Unknown")=>`<!DOCTYPE html>
+import{APIError as kt,createRouter as Er,statusCode as Pr}from"better-call";import{APIError as Zt}from"better-call";import{createEndpointCreator as jt,createMiddleware as xe,createMiddlewareCreator as zt}from"better-call";var Ue=xe(async()=>({})),ee=zt({use:[Ue,xe(async()=>({}))]}),h=jt({use:[Ue]});function Vr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var z={isAction:!1};import{nanoid as $t}from"nanoid";var T=e=>$t(e);import{generateCodeVerifier as Gt,generateState as Kt}from"oslo/oauth2";import{z as V}from"zod";import{APIError as Ie}from"better-call";var te=Object.create(null),G=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?te:globalThis),E=new Proxy(te,{get(e,t){return G()[t]??te[t]},has(e,t){let r=G();return t in r||t in te},set(e,t,r){let o=G(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=G(!0);return delete r[t],!0},ownKeys(){let e=G(!0);return Object.keys(e)}});function Mt(e){return e?e!=="false":!1}var re=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",K=re==="production",ve=re==="dev"||re==="development",Te=re==="test"||Mt(E.TEST);var P=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r}},Ee=class extends P{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};function Ht(e){try{return new URL(e).pathname!=="/"}catch{throw new P(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function ue(e,t="/api/auth"){return Ht(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function Q(e,t){if(e)return ue(e,t);let r=E.BETTER_AUTH_URL||E.NEXT_PUBLIC_BETTER_AUTH_URL||E.PUBLIC_BETTER_AUTH_URL||E.NUXT_PUBLIC_BETTER_AUTH_URL||E.NUXT_PUBLIC_AUTH_URL||(E.BASE_URL!=="/"?E.BASE_URL:void 0);if(r)return ue(r,t);if(typeof window<"u"&&window.location)return ue(window.location.origin,t)}function Pe(e){try{return new URL(e).origin}catch{return null}}async function oe(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?Pe(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Ie("BAD_REQUEST",{message:"callbackURL is required"});let o=Gt(),i=Kt(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let c=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:a});if(!c)throw y.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Ie("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:c.identifier,codeVerifier:o}}async function Oe(e){let t=e.query.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw y.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=V.object({callbackURL:V.string(),codeVerifier:V.string(),errorURL:V.string().optional(),expiresAt:V.number(),link:V.object({email:V.string(),userId:V.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),y.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}import{createConsola as Qt}from"consola";var q=Qt({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),pe=e=>({log:(...t)=>{!e?.disabled&&q.log("",...t)},error:(...t)=>{!e?.disabled&&q.error("",...t)},warn:(...t)=>{!e?.disabled&&q.warn("",...t)},info:(...t)=>{!e?.disabled&&q.info("",...t)},debug:(...t)=>{!e?.disabled&&q.debug("",...t)},box:(...t)=>{!e?.disabled&&q.box("",...t)},success:(...t)=>{!e?.disabled&&q.success("",...t)},break:(...t)=>{!e?.disabled&&console.log(`
+`)}}),y=pe();var _e=ee(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,c=r?.currentURL,s=o.trustedOrigins,d=e.headers?.has("cookie"),l=(u,p)=>p.includes("*")?new RegExp("^"+p.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(u):u.startsWith(p),f=(u,p)=>{if(!u)return;if(!s.some(m=>l(u,m)||u?.startsWith("/")&&p!=="origin"&&!u.includes(":")))throw y.error(`Invalid ${p}: ${u}`),y.info(`If it's a valid URL, please add ${u} to trustedOrigins in your auth config
+`,`Current list of trustedOrigins: ${s}`),new Zt("FORBIDDEN",{message:`Invalid ${p}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&f(i,"origin"),n&&f(n,"callbackURL"),a&&f(a,"redirectURL"),c&&f(c,"currentURL")});import{APIError as L}from"better-call";import{z as O}from"zod";import{TimeSpan as Wt}from"oslo";function fe(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):K)?"__Secure-":"",o=!!e.advanced?.crossSubDomainCookies?.enabled,i=o?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(o&&!i)throw new P("baseURL is required when crossSubdomainCookies are enabled");function n(a,c={}){let s=e.advanced?.cookiePrefix||e.appName||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${s}.${a}`,l=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...o?{domain:i}:{},...e.advanced?.defaultCookieAttributes,...c,...l}}}return n}function Se(e){let t=fe(e),r=e.session?.expiresIn||new Wt(7,"d").seconds(),o=t("session_token",{maxAge:r}),i=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),n=t("dont_remember");return{sessionToken:{name:o.name,options:o.attributes},sessionData:{name:i.name,options:i.attributes},dontRememberToken:{name:n.name,options:n.attributes}}}async function _(e,t,r,o){let i=e.context.authCookies.sessionToken.options;i.maxAge=r?void 0:e.context.sessionConfig.expiresIn,await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&await e.setSignedCookie(e.context.authCookies.sessionData.name,JSON.stringify(t),e.context.secret,e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{maxAge:0})}function wo(e){let t=new Map;return e.split(", ").forEach(o=>{let[i,...n]=o.split("; "),[a,c]=i.split("="),s={value:c};n.forEach(d=>{let[l,f]=d.split("=");s[l.toLowerCase()]=f||!0}),t.set(a,s)}),t}function bo(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[i,n]=o.split("=");r.set(i,n)}),r}import{parseJWT as er}from"oslo/jwt";import{sha256 as Jt}from"oslo/crypto";import{base64url as Yt}from"oslo/encoding";var B=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));async function Le(e){let t=await Jt(new TextEncoder().encode(e));return Yt.encode(new Uint8Array(t),{includePadding:!1})}function Ce(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?B(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function k({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:a,disablePkce:c,redirectURI:s}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",n.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||s),!c&&i){let l=await Le(i);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",l)}if(a){let l=a.reduce((f,u)=>(f[u]=null,f),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...l}}))}return d}import{betterFetch as Xt}from"@better-fetch/fetch";async function A({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i}){let n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),t&&n.set("code_verifier",t),n.set("redirect_uri",r),n.set("client_id",o.clientId),n.set("client_secret",o.clientSecret);let{data:a,error:c}=await Xt(i,{method:"POST",body:n,headers:{"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"}});if(c)throw c;return Ce(a)}var Be=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name","openid"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){if(!r.idToken)return null;let o=er(r.idToken)?.payload;return o?{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified==="true"},data:o}:null}}};import{betterFetch as tr}from"@better-fetch/fetch";var De=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await tr("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});import{betterFetch as rr}from"@better-fetch/fetch";var Ne=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await k({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await rr("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});import{betterFetch as Fe}from"@better-fetch/fetch";var Ve=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let a=o||["user:email"];return e.scope&&a.push(...e.scope),k({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>A({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await Fe("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:a,error:c}=await Fe("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});c||(o.email=(a.find(s=>s.primary)??a[0])?.email,n=a.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};import{parseJWT as or}from"oslo/jwt";var qe=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw y.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new P("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new P("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let a=await k({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async getUserInfo(t){if(!t.idToken)return null;let r=or(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});import{betterFetch as nr}from"@better-fetch/fetch";import{parseJWT as ir}from"oslo/jwt";var je=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),k({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:a}){return A({code:i,codeVerifier:n,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=ir(i.idToken)?.payload,a=e.profilePhotoSize||48;return await nr(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(c){if(!(e.disableProfilePhoto||!c.response.ok))try{let d=await c.response.clone().arrayBuffer(),l=Buffer.from(d).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(s){y.error(s)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};import{betterFetch as sr}from"@better-fetch/fetch";var ze=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),k({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await sr("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});import"@better-fetch/fetch";import{parseJWT as ar}from"oslo/jwt";var $e=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),k({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>A({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return y.error("No idToken found in token"),null;let o=ar(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});import{betterFetch as dr}from"@better-fetch/fetch";var Me=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["account_info.read"];return e.scope&&r.push(...e.scope),k({id:"twitter",options:e,authorizationEndpoint:"https://twitter.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>A({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await dr("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o||!r.data.email?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});import{betterFetch as cr}from"@better-fetch/fetch";var He=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let a=o||["account_info.read"];return e.scope&&a.push(...e.scope),await k({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await A({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await cr("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};import{betterFetch as lr}from"@better-fetch/fetch";var Ge=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let a=i||["profile","email","openid"];return e.scope&&a.push(...e.scope),await k({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await A({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await lr("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};import{betterFetch as ur}from"@better-fetch/fetch";var me=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),pr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:me(`${t}/oauth/authorize`),tokenEndpoint:me(`${t}/oauth/token`),userinfoEndpoint:me(`${t}/api/v4/user`)}},Ke=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=pr(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:c,codeVerifier:s,redirectURI:d})=>{let l=c||["read_user"];return e.scope&&l.push(...e.scope),await k({id:i,options:e,authorizationEndpoint:t,scopes:l,state:a,redirectURI:d,codeVerifier:s})},validateAuthorizationCode:async({code:a,redirectURI:c})=>A({code:a,redirectURI:e.redirectURI||c,options:e,tokenEndpoint:r}),async getUserInfo(a){let{data:c,error:s}=await ur(o,{headers:{authorization:`Bearer ${a.accessToken}`}});return s||c.state!=="active"||c.locked?null:{user:{id:c.id.toString(),name:c.name??c.username,email:c.email,image:c.avatar_url,emailVerified:!0},data:c}}}};var ge={apple:Be,discord:De,facebook:Ne,github:Ve,microsoft:je,google:qe,spotify:ze,twitch:$e,twitter:Me,dropbox:He,linkedin:Ge,gitlab:Ke},ne=Object.keys(ge);import{TimeSpan as fr}from"oslo";import{createJWT as mr,validateJWT as gr}from"oslo/jwt";import{z as S}from"zod";import{APIError as $}from"better-call";import{APIError as Z}from"better-call";import{z as W}from"zod";var he=()=>h("/get-session",{method:"GET",query:W.optional(W.object({disableCookieCache:W.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null,{status:401});let r=await e.getSignedCookie(e.context.authCookies.sessionData.name,e.context.secret),o=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(r&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let d=JSON.parse(r)?.session;if(d?.expiresAt>new Date)return e.json(d)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return j(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null,{status:401});if(o)return e.json(i);let n=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-n*1e3+a*1e3<=Date.now()){let d=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:B(e.context.sessionConfig.expiresIn,"sec")});if(!d)return j(e),e.json(null,{status:401});let l=(d.expiresAt.valueOf()-Date.now())/1e3;return await _(e,{session:d,user:i.user},!1,{maxAge:l}),e.json({session:d,user:i.user})}return e.json(i)}catch(t){return e.context.logger.error(t),e.json(null,{status:500})}}),ye=async e=>await he()({...e,_flag:"json",headers:e.headers}),I=ee(async e=>{let t=await ye(e);if(!t?.session)throw new Z("UNAUTHORIZED");return{session:t}}),Qe=()=>h("/list-sessions",{method:"GET",use:[I],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ze=h("/revoke-session",{method:"POST",body:W.object({id:W.string()}),use:[I],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new Z("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new Z("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o),new Z("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),We=h("/revoke-sessions",{method:"POST",use:[I],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t),new Z("INTERNAL_SERVER_ERROR")}return e.json({status:!0})});async function D(e,t,r){return await mr("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new fr(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Je=h("/send-verification-email",{method:"POST",query:S.object({currentURL:S.string().optional()}).optional(),body:S.object({email:S.string().email(),callbackURL:S.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new $("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new $("BAD_REQUEST",{message:"User not found"});let o=await D(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail(r.user,i,o),e.json({status:!0})}),Ye=h("/verify-email",{method:"GET",query:S.object({token:S.string(),callbackURL:S.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await gr("HS256",Buffer.from(e.context.secret),t)}catch(a){throw e.context.logger.error("Failed to verify email",a),new $("BAD_REQUEST",{message:"Invalid token"})}let i=S.object({email:S.string().email(),updateTo:S.string().optional()}).parse(r.payload);if(!await e.context.internalAdapter.findUserByEmail(i.email))throw new $("BAD_REQUEST",{message:"User not found"});if(i.updateTo){let a=await ye(e);if(!a)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new $("UNAUTHORIZED",{message:"Session not found"});if(a.user.email!==i.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new $("UNAUTHORIZED",{message:"Invalid session"});let c=await e.context.internalAdapter.updateUserByEmail(i.email,{email:i.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.(c,`${e.context.baseURL}/verify-email?token=${t}`,t),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:c,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(i.email,{emailVerified:!0}),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});var Xe=h("/sign-in/social",{method:"POST",query:O.object({currentURL:O.string().optional()}).optional(),body:O.object({callbackURL:O.string().optional(),provider:O.enum(ne)})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new L("NOT_FOUND",{message:"Provider not found"});let{codeVerifier:r,state:o}=await oe(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!0})}),et=h("/sign-in/email",{method:"POST",body:O.object({email:O.string(),password:O.string(),callbackURL:O.string().optional(),dontRememberMe:O.boolean().default(!1).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new L("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!O.string().email().safeParse(t).success)throw new L("BAD_REQUEST",{message:"Invalid email"});if(!O.string().email().safeParse(t).success)throw new L("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new L("UNAUTHORIZED",{message:"Invalid email or password"});let a=n.accounts.find(l=>l.providerId==="credential");if(!a)throw e.context.logger.error("Credential account not found",{email:t}),new L("UNAUTHORIZED",{message:"Invalid email or password"});let c=a?.password;if(!c)throw e.context.logger.error("Password not found",{email:t}),new L("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(c,r))throw e.context.logger.error("Invalid password"),new L("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw y.error("Email verification is required but no email verification handler is provided"),new L("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let l=await D(e.context.secret,n.user.email),f=`${e.context.options.baseURL}/verify-email?token=${l}`;throw await e.context.options.emailVerification.sendVerificationEmail(n.user,f,l),e.context.logger.error("Email not verified",{email:t}),new L("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.dontRememberMe);if(!d)throw e.context.logger.error("Failed to create session"),new L("UNAUTHORIZED",{message:"Failed to create session"});return await _(e,{session:d,user:n.user},e.body.dontRememberMe),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});import{z as se}from"zod";import{z as b}from"zod";var Ai=b.object({id:b.string(),providerId:b.string(),accountId:b.string(),userId:b.string(),accessToken:b.string().nullable().optional(),refreshToken:b.string().nullable().optional(),idToken:b.string().nullable().optional(),expiresAt:b.date().nullable().optional(),password:b.string().optional().nullable()}),tt=b.object({id:b.string(),email:b.string().transform(e=>e.toLowerCase()),emailVerified:b.boolean().default(!1),name:b.string(),image:b.string().optional(),createdAt:b.date().default(new Date),updatedAt:b.date().default(new Date)}),ki=b.object({id:b.string(),userId:b.string(),expiresAt:b.date(),ipAddress:b.string().optional(),userAgent:b.string().optional()}),Ri=b.object({id:b.string(),value:b.string(),expiresAt:b.date(),identifier:b.string()});function hr(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function yr(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function ie(e,t,r){let o=hr(e,"user");return yr(t||{},{fields:o,action:r})}var rt=h("/callback/:id",{method:"GET",query:se.object({state:se.string(),code:se.string().optional(),error:se.string().optional()}),metadata:z},async e=>{if(!e.query.code)throw e.redirect(`${e.context.baseURL}/error?error=${e.query.error||"no_code"}`);let t=e.context.socialProviders.find(m=>m.id===e.params.id);if(!t)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:r,callbackURL:o,link:i,errorURL:n}=await Oe(e),a;try{a=await t.validateAuthorizationCode({code:e.query.code,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`})}catch(m){throw e.context.logger.error(m),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let c=await t.getUserInfo(a).then(m=>m?.user),s=T(),d=tt.safeParse({...c,id:s});if(!c||d.success===!1)throw y.error("Unable to get user info",d.error),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(!o)throw y.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==c.email.toLowerCase())return l("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:t.id,accountId:c.id}))return l("unable_to_link_account");let w;try{w=new URL(o).toString()}catch{w=o}throw e.redirect(w)}function l(m){throw e.redirect(`${n||o||`${e.context.baseURL}/error`}?error=${m}`)}let f=await e.context.internalAdapter.findUserByEmail(c.email,{includeAccounts:!0}).catch(m=>{throw y.error(`Better auth was unable to query your database.
+Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),u=f?.user;if(f){let m=f.accounts.find(w=>w.providerId===t.id);if(m)await e.context.internalAdapter.updateAccount(m.id,{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt});else{(!e.context.options.account?.accountLinking?.trustedProviders?.includes(t.id)&&!c.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)&&(ve&&y.warn(`User already exist but account isn't linked to ${t.id}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),l("account_not_linked"));try{await e.context.internalAdapter.linkAccount({providerId:t.id,accountId:c.id.toString(),id:`${t.id}:${c.id}`,userId:f.user.id,accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt})}catch(Re){y.error("Unable to link account",Re),l("unable_to_link_account")}}}else try{let m=c.emailVerified||!1;if(u=await e.context.internalAdapter.createOAuthUser({...d.data,emailVerified:m},{accessToken:a.accessToken,idToken:a.idToken,refreshToken:a.refreshToken,expiresAt:a.accessTokenExpiresAt,providerId:t.id,accountId:c.id.toString()}).then(w=>w?.user),!m&&u&&e.context.options.emailVerification?.sendOnSignUp){let w=await D(e.context.secret,u.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.(u,R,w)}}catch(m){y.error("Unable to create user",m),l("unable_to_create_user")}if(!u)return l("unable_to_create_user");let p=await e.context.internalAdapter.createSession(u.id,e.request);p||l("unable_to_create_session"),await _(e,{session:p,user:u});let g;try{g=new URL(o).toString()}catch{g=o}throw e.redirect(g)});import"zod";import{APIError as wr}from"better-call";var ot=h("/sign-out",{method:"POST"},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw new wr("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});import{z as C}from"zod";import{APIError as ae}from"better-call";function nt(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function br(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var it=h("/forget-password",{method:"POST",body:C.object({email:C.string().email(),redirectTo:C.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ae("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=new Date(Date.now()+1e3*(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i)),a=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${a}`,expiresAt:n});let c=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword(o.user,c),e.json({status:!0})}),st=h("/reset-password/:token",{method:"GET",query:C.object({callbackURL:C.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(nt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(br(e.context,r,{token:t}))}),at=h("/reset-password",{query:C.optional(C.object({token:C.string().optional(),currentURL:C.string().optional()})),method:"POST",body:C.object({newPassword:C.string()})},async e=>{let t=e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ae("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ae("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,a=await e.context.password.hash(r);if(!(await e.context.internalAdapter.findAccounts(n)).find(l=>l.providerId==="credential"))return await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:a,accountId:e.context.uuid()}),e.json({status:!0});if(!await e.context.internalAdapter.updatePassword(n,a))throw new ae("BAD_REQUEST",{message:"Failed to update password"});return e.json({status:!0})});import{z as x}from"zod";import{APIError as U}from"better-call";var dt=()=>h("/update-user",{method:"POST",body:x.record(x.string(),x.any()),use:[I]},async e=>{let t=e.body;if(t.email)throw new U("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...i}=t,n=e.context.session;if(!o&&!r&&Object.keys(i).length===0)return e.json({user:n.user});let a=ie(e.context.options,i,"update"),c=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...a});return await _(e,{session:n.session,user:c}),e.json({user:c})}),ct=h("/change-password",{method:"POST",body:x.object({newPassword:x.string(),currentPassword:x.string(),revokeOtherSessions:x.boolean().optional()}),use:[I]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new U("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new U("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(i.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!s||!s.password)throw new U("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new U("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:d}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let f=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!f)throw new U("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await _(e,{session:f,user:i.user})}return e.json(i.user)}),lt=h("/set-password",{method:"POST",body:x.object({newPassword:x.string()}),metadata:{SERVER_ONLY:!0},use:[I]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new U("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new U("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),c=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:c}),e.json(r.user);throw new U("BAD_REQUEST",{message:"user already has a password"})}),ut=h("/delete-user",{method:"POST",body:x.object({password:x.string()}),use:[I]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password);if(!i||!i.password)throw new U("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new U("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),j(e),e.json(null)}),pt=h("/change-email",{method:"POST",query:x.object({currentURL:x.string().optional()}).optional(),body:x.object({newEmail:x.string().email(),callbackURL:x.string().optional()}),use:[I]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new U("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new U("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new U("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new U("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await D(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification(e.context.session.user,e.body.newEmail,o,r),e.json({user:null,status:!0})});var Ar=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
@@ -81,4 +81,4 @@ Error: `,m),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
         <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
     </div>
 </body>
-</html>`,ft=h("/error",{method:"GET",metadata:z},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Ar(t),{headers:{"Content-Type":"text/html"}})});var mt=h("/ok",{method:"GET",metadata:z},async e=>e.json({ok:!0}));import{z as M}from"zod";import{APIError as N}from"better-call";var gt=()=>h("/sign-up/email",{method:"POST",query:M.object({currentURL:M.string().optional()}).optional(),body:M.record(M.string(),M.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new N("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:a,...c}=t;if(!M.string().email().safeParse(o).success)throw new N("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new N("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new N("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new N("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let u=ie(e.context.options,c),p;try{if(p=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...u,emailVerified:!1}),!p)throw new N("BAD_REQUEST",{message:"Failed to create user"})}catch(w){throw y.error("Failed to create user",w),new N("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:w})}if(!p)throw new N("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let g=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:p.id,providerId:"credential",accountId:p.id,password:g,expiresAt:B(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let w=await D(e.context.secret,p.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(p,R,w)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:p,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:p,session:null}});let m=await e.context.internalAdapter.createSession(p.id,e.request);if(!m)throw new N("BAD_REQUEST",{message:"Failed to create session"});return await _(e,{session:m,user:p}),e.json({user:p,session:m})});import{z as J}from"zod";import{APIError as ht}from"better-call";var yt=h("/list-accounts",{method:"GET",use:[P]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r)}),wt=h("/link-social",{method:"POST",requireHeaders:!0,query:J.object({currentURL:J.string().optional()}).optional(),body:J.object({callbackURL:J.string().optional(),provider:J.enum(ne)}),use:[P]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(c=>c.providerId===e.body.provider))throw new ht("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new ht("NOT_FOUND",{message:"Provider not found"});let n=await oe(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function de(e){let t="127.0.0.1";if(Te)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let i of r){let n=o.get(i);if(typeof n=="string"){let a=n.split(",")[0].trim();if(a)return a}}return null}function kr(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Rr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function xr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Ur(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(c){y.error("Error setting rate limit",c)}}}}var bt=new Map;function vr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return bt.get(r)},async set(r,o,i){bt.set(r,o)}}:Ur(e,e.rateLimit.tableName)}async function At(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,a=de(e)+o,s=Tr().find(u=>u.pathMatcher(o));s&&(i=s.window,n=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let p=u.rateLimit.find(g=>g.pathMatcher(o));if(p){i=p.window,n=p.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(i=u.window,n=u.max)}let d=vr(t),l=await d.get(a),f=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:f});else{let u=f-l.lastRequest;if(kr(n,i,l)){let p=xr(l.lastRequest,i);return Rr(p)}else u>i*1e3?await d.set(a,{...l,count:1,lastRequest:f}):await d.set(a,{...l,count:l.count+1,lastRequest:f})}}function Tr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:3}]}import{APIError as ia}from"better-call";function we(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],n={...{signInSocial:Xe,callbackOAuth:rt,getSession:he(),signOut:ot,signUpEmail:gt(),signInEmail:et,forgetPassword:it,resetPassword:at,verifyEmail:Ye,sendVerificationEmail:Je,changeEmail:pt,changePassword:ct,setPassword:lt,updateUser:dt(),deleteUser:ut,forgetPasswordCallback:st,listSessions:Qe(),revokeSession:Ze,revokeSessions:We,linkSocialAccount:wt,listUserAccounts:yt},...r,ok:mt,error:ft},a={};for(let[c,s]of Object.entries(n))a[c]=async(d={})=>{let l=await e;for(let p of t.plugins||[])if(p.hooks?.before){for(let g of p.hooks.before)if(g.matcher({...s,...d,context:l})){let w=await g.handler({...d,context:{...l,...d?.context}});w&&"context"in w&&(l={...l,...w.context})}}let f;try{f=await s({...d,context:{...l,...d.context}})}catch(p){if(p instanceof kt){let g=t.plugins?.map(R=>{if(R.hooks?.after)return R.hooks.after}).filter(R=>R!==void 0).flat();if(!g?.length)throw p;let m=new Response(JSON.stringify(p.body),{status:Ir[p.status],headers:p.headers}),w;for(let R of g||[])if(R.matcher(d)){let qt=Object.assign(d,{context:{...e,returned:m}}),le=await R.handler(qt);le&&"response"in le&&(w=le.response)}if(w instanceof Response)return w;throw p}throw p}let u=f;for(let p of t.plugins||[])if(p.hooks?.after){for(let g of p.hooks.after)if(g.matcher(d)){let w=Object.assign(d,{context:{...e,returned:u}}),R=await g.handler(w);R&&"response"in R&&(u=R.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Rt=(e,t)=>{let{api:r,middlewares:o}=we(e,t),i=new URL(e.baseURL).pathname;return Er(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:_e},...o],async onRequest(n){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(n,e);if(c)return c}return At(n,e)},async onResponse(n){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(n,e);if(c)return c.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let a=t.logger?.verboseLogging?y:void 0;t.logger?.disabled!==!0&&(n instanceof kt?(n.status==="INTERNAL_SERVER_ERROR"&&y.error(n),a?.error(n.message)):y?.error(n))}})};var F=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[f,u]of Object.entries(l))s[f]={fields:{...s[f]?.fields,...u.fields},tableName:u.tableName||f};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:n,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};import{Kysely as xt,MssqlDialect as Pr}from"kysely";import{MysqlDialect as Ut,PostgresDialect as vt,SqliteDialect as Tt}from"kysely";function Et(e){if("dialect"in e)return Et(e.dialect);if("createDriver"in e){if(e instanceof Tt)return"sqlite";if(e instanceof Ut)return"mysql";if(e instanceof vt)return"postgres";if(e instanceof Pr)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var Y=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new xt({dialect:t.dialect}),databaseType:t.type};let r,o=Et(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new Tt({database:t})),"getConnection"in t&&(r=new Ut({pool:t})),"connect"in t&&(r=new vt({pool:t})),{kysely:r?new xt({dialect:r}):null,databaseType:o}};function X(e){if(!e)return{and:null,or:null};let t={and:[],or:[]};return e.forEach(r=>{let{field:o,value:i,operator:n="=",connector:a="AND"}=r,c=s=>n.toLowerCase()==="in"?s(o,"in",Array.isArray(i)?i:[i]):n==="contains"?s(o,"like",`%${i}%`):n==="starts_with"?s(o,"like",`${i}%`):n==="ends_with"?s(o,"like",`%${i}`):s(o,n,i);a==="OR"?t.or.push(c):t.and.push(c)}),{and:t.and.length?t.and:null,or:t.or.length?t.or:null}}function ce(e,t,r){for(let o in e){let i=t[o]||Object.values(t).find(n=>n.fieldName===o);e[o]===0&&i.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&i?.type==="boolean"&&r?.boolean&&(e[o]=!0),i?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])))}return e}function It(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var Pt=(e,t)=>({id:"kysely",async create(r){let{model:o,data:i,select:n}=r;t?.transform&&(i=It(i,t.transform)),t?.generateId!==void 0&&(i.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(i).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?ce(i,c,t.transform):a}return n?.length&&(a=a?n.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:i,select:n}=r,{and:a,or:c}=X(i),s=e.selectFrom(o).selectAll();a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.executeTakeFirst();if(n?.length&&(d=d?n.reduce((f,u)=>d?.[u]?{...f,[u]:d[u]}:f,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?ce(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:i,limit:n,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=X(i);d&&(s=s.where(u=>u.and(d.map(p=>p(u))))),l&&(s=s.where(u=>u.or(l.map(p=>p(u))))),s=s.limit(n||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let f=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?f.map(p=>ce(p,u,t.transform)):f}return f},async update(r){let{model:o,where:i,update:n}=r,{and:a,or:c}=X(i);t?.transform&&(n=It(n,t.transform)),n.id&&(n.id=void 0);let s=e.updateTable(o).set(n);a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?ce(d,l,t.transform):d}return d},async delete(r){let{model:o,where:i}=r,{and:n,or:a}=X(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()},async deleteMany(r){let{model:o,where:i}=r,{and:n,or:a}=X(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()}});async function Ot(e){if(!e.database)throw new I("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await Y(e);if(!t)throw new I("Failed to initialize database adapter");let o=F(e),i={};for(let n of Object.values(o))i[n.tableName]=n.fields;return Pt(t,{transform:{schema:i,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function be(e,t){let r=t.id?{id:t.id}:{};for(let o in e){let i=e[o],n=t[o];n!==void 0&&(r[i.fieldName||o]=n)}return r}function v(e,t){if(!t)return null;let r={id:t.id};for(let[o,i]of Object.entries(e))r[o]=t[i.fieldName||o];return r}import{decodeHex as Or,encodeHex as St}from"oslo/encoding";function _t(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let i=0;for(let n=0;n<r.length;n++)i|=r[n]^o[n];return i===0}import{scryptAsync as _r}from"@noble/hashes/scrypt";import{getRandomValues as Sr}from"uncrypto";var H={N:16384,r:16,p:1,dkLen:64};async function Lt(e,t){return await _r(e.normalize("NFKC"),t,{N:H.N,p:H.p,r:H.r,dkLen:H.dkLen,maxmem:128*H.N*H.r*2})}var Ct=async e=>{let t=St(Sr(new Uint8Array(16))),r=await Lt(e,t);return`${t}:${St(r)}`},Bt=async(e,t)=>{let[r,o]=e.split(":"),i=await Lt(t,r);return _t(i,Or(o))};function Dt(e,t){let r=t.hooks,o=F(t.options);async function i(a,c,s){let d=a,l=o[c];for(let p of r||[]){let g=p[c]?.create?.before;if(g){let m=await g(a);if(m===!1)return null;typeof m=="object"&&"data"in m&&(d=m.data)}}let f=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{...be(l.fields,d),id:d.id||T()}}):f;for(let p of r||[]){let g=p[c]?.create?.after;g&&await g(u)}return v(l.fields,u)}async function n(a,c,s,d){let l=a;for(let p of r||[]){let g=p[s]?.update?.before;if(g){let m=await g(a);if(m===!1)return null;l=typeof m=="object"?m.data:m}}let f=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:be(o[s].fields,l),where:c}):f;for(let p of r||[]){let g=p[s]?.update?.after;g&&await g(u)}return v(o[s].fields,u)}return{createWithHooks:i,updateWithHooks:n}}var Ae=(e,t)=>{let r=t.options,o=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,n=F(r),{createWithHooks:a,updateWithHooks:c}=Dt(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a({id:T(),createdAt:new Date,updatedAt:new Date,...s},"user"),f=await a({id:T(),...d,userId:l.id||s.id},"account");return{user:l,account:f}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:T(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:T(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l,f)=>(await e.findMany({model:n.user.tableName,limit:s,offset:d,sortBy:l,where:f})).map(p=>v(n.user.fields,p)),deleteUser:async s=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,f)=>{let u=d instanceof Request?d.headers:d,p={id:T(32),userId:s,expiresAt:l?B(60*60*24,"sec"):B(i,"sec"),ipAddress:d&&de(d)||"",userAgent:u?.get("user-agent")||"",...f};return await a(p,"session",o?{fn:async m=>{let w=await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]});return o.set(m.id,JSON.stringify({session:m,user:w}),i),m},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let u=await o.get(s);if(u){let p=JSON.parse(u);return{session:{...p.session,expiresAt:new Date(p.session.expiresAt)},user:{...p.user,createdAt:new Date(p.user.createdAt),updatedAt:new Date(p.user.updatedAt)}}}}let d=await e.findOne({model:n.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=v(n.session.fields,d),f=await e.findOne({model:n.user.tableName,where:[{value:l.userId,field:"id"}]});return f?{session:l,user:v(n.user.fields,f)}:null},findSessions:async s=>{if(o){let u=[];for(let p of s){let g=await o.get(p);if(g){let m=JSON.parse(g),w={session:{...m.session,expiresAt:new Date(m.session.expiresAt)},user:{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)}};u.push(w)}}return u}let d=await e.findMany({model:n.session.tableName,where:[{field:"id",value:s,operator:"in"}]}),l=d.map(u=>v(n.session.fields,u).userId);if(!l.length)return[];let f=await e.findMany({model:n.user.tableName,where:[{field:"id",value:l,operator:"in"}]});return d.map(u=>{let p=f.find(g=>g.id===u.userId);return p?{session:v(n.session.fields,u),user:v(n.user.fields,p)}:null})},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(f){let u=await o.get(s),p=null;if(u){let g=JSON.parse(u);p={...g.session,...f},await o.set(s,JSON.stringify({session:p,user:g.user}),g.session.expiresAt?Math.floor((g.session.expiresAt.getTime()-Date.now())/1e3):i)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});return}await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:n.user.tableName,where:[{value:s.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let f=await e.findMany({model:n.account.tableName,where:[{value:l.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:v(n.user.fields,l),accounts:f.map(u=>v(n.account.fields,u))}}return{user:v(n.user.fields,l),accounts:[]}},findUserById:async s=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:T(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:n.user.fields.email.fieldName||"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:n.account.fields.userId.fieldName||"userId",value:s},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]})).map(l=>v(n.account.fields,l)),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:T(),...s},"verification"),findVerificationValue:async s=>{let d=await e.findMany({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:s}],limit:100}),l=d.pop();return d.length>0&&await e.deleteMany({model:n.verification.tableName,where:[{operator:"in",field:"id",value:d.map(f=>f.id)}]}),l?v(n.verification.fields,l):null},deleteVerificationValue:async s=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};import{z as Na}from"zod";import{defu as Lr}from"defu";var ke="better-auth-secret-123456789";import{APIError as Nt}from"better-call";async function Ft(e,t){let o=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=o?.password;if(!o||!i)throw new Nt("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(i,t.body.password))throw new Nt("BAD_REQUEST",{message:"Invalid password"});return!0}var Vt=async e=>{let t=await Ot(e),r=e.plugins||[],o=Br(e),{kysely:i}=await Y(e),n=Q(e.baseURL,e.basePath),a=e.secret||E.BETTER_AUTH_SECRET||E.AUTH_SECRET||ke;a===ke&&K&&y.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:n?new URL(n).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let c=Se(e),s=F(e),d=Object.keys(e.socialProviders||{}).map(u=>{let p=e.socialProviders?.[u];return p.enabled===!1?null:((!p.clientId||!p.clientSecret)&&y.warn(`Social provider ${u} is missing clientId or clientSecret`),ge[u](p))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:Dr(e),baseURL:n||"",sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??K,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:pe({disabled:e.logger?.disabled||!1}),db:i,uuid:T,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||Ct,verify:e.emailAndPassword?.password?.verify||Bt,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:Ft},adapter:t,internalAdapter:Ae(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:fe(e)},{context:f}=Cr(l);return f};function Cr(e){let t=e.options,r=t.plugins||[],o=e,i=[];for(let n of r)if(n.init){let a=n.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=Lr(t,a.options)),a.context&&(o={...o,...a.context}))}return i.push(t.databaseHooks),o.internalAdapter=Ae(e.adapter,{options:t,hooks:i.filter(n=>n!==void 0)}),o.options=t,{context:o}}function Br(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function Dr(e){let t=Q(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=E.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var xd=e=>{let t=Vt(e),{api:r}=we(t,e);return{handler:async o=>{let i=await t,n=i.options.basePath||"/api/auth",a=new URL(o.url);if(!i.options.baseURL){let s=Q(void 0,n)||`${a.origin}${n}`;i.options.baseURL=s,i.baseURL=s}if(i.trustedOrigins=[a.origin,...i.options.trustedOrigins||[]],!i.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===n||a.pathname===`${n}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Rt(i,e);return c(o)},api:r,options:e,$Infer:{}}};export{I as BetterAuthError,z as HIDE_METADATA,Ee as MissingDependencyError,xd as betterAuth,Vr as capitalizeFirstLetter,fe as createCookieGetter,pe as createLogger,j as deleteSessionCookie,T as generateId,oe as generateState,Se as getCookies,y as logger,bo as parseCookies,wo as parseSetCookieHeader,Oe as parseState,_ as setSessionCookie};
+</html>`,ft=h("/error",{method:"GET",metadata:z},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Ar(t),{headers:{"Content-Type":"text/html"}})});var mt=h("/ok",{method:"GET",metadata:z},async e=>e.json({ok:!0}));import{z as M}from"zod";import{APIError as N}from"better-call";var gt=()=>h("/sign-up/email",{method:"POST",query:M.object({currentURL:M.string().optional()}).optional(),body:M.record(M.string(),M.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new N("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:a,...c}=t;if(!M.string().email().safeParse(o).success)throw new N("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(i.length<d)throw e.context.logger.error("Password is too short"),new N("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new N("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new N("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let u=ie(e.context.options,c),p;try{if(p=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...u,emailVerified:!1}),!p)throw new N("BAD_REQUEST",{message:"Failed to create user"})}catch(w){throw y.error("Failed to create user",w),new N("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:w})}if(!p)throw new N("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let g=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:p.id,providerId:"credential",accountId:p.id,password:g,expiresAt:B(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let w=await D(e.context.secret,p.email),R=`${e.context.baseURL}/verify-email?token=${w}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.(p,R,w)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:p,session:null},{body:t.callbackURL?{url:t.callbackURL,redirect:!0}:{user:p,session:null}});let m=await e.context.internalAdapter.createSession(p.id,e.request);if(!m)throw new N("BAD_REQUEST",{message:"Failed to create session"});return await _(e,{session:m,user:p}),e.json({user:p,session:m})});import{z as J}from"zod";import{APIError as ht}from"better-call";var yt=h("/list-accounts",{method:"GET",use:[I]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r)}),wt=h("/link-social",{method:"POST",requireHeaders:!0,query:J.object({currentURL:J.string().optional()}).optional(),body:J.object({callbackURL:J.string().optional(),provider:J.enum(ne)}),use:[I]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(c=>c.providerId===e.body.provider))throw new ht("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(c=>c.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new ht("NOT_FOUND",{message:"Provider not found"});let n=await oe(e,{userId:t.user.id,email:t.user.email}),a=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:a.toString(),redirect:!0})});function de(e){let t="127.0.0.1";if(Te)return t;let r=["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],o=e instanceof Request?e.headers:e;for(let i of r){let n=o.get(i);if(typeof n=="string"){let a=n.split(",")[0].trim();if(a)return a}}return null}function kr(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function Rr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function xr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function Ur(e,t){let r=t??"rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,a)=>{try{a?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(c){y.error("Error setting rate limit",c)}}}}var bt=new Map;function vr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return bt.get(r)},async set(r,o,i){bt.set(r,o)}}:Ur(e,e.rateLimit.tableName)}async function At(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,a=de(e)+o,s=Tr().find(u=>u.pathMatcher(o));s&&(i=s.window,n=s.max);for(let u of t.options.plugins||[])if(u.rateLimit){let p=u.rateLimit.find(g=>g.pathMatcher(o));if(p){i=p.window,n=p.max;break}}if(t.rateLimit.customRules){let u=t.rateLimit.customRules[o];u&&(i=u.window,n=u.max)}let d=vr(t),l=await d.get(a),f=Date.now();if(!l)await d.set(a,{key:a,count:1,lastRequest:f});else{let u=f-l.lastRequest;if(kr(n,i,l)){let p=xr(l.lastRequest,i);return Rr(p)}else u>i*1e3?await d.set(a,{...l,count:1,lastRequest:f}):await d.set(a,{...l,count:l.count+1,lastRequest:f})}}function Tr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")},window:10,max:3}]}import{APIError as ia}from"better-call";function we(e,t){let r=t.plugins?.reduce((c,s)=>({...c,...s.endpoints}),{}),o=t.plugins?.map(c=>c.middlewares?.map(s=>{let d=async l=>s.middleware({...l,context:{...e,...l.context}});return d.path=s.path,d.options=s.middleware.options,d.headers=s.middleware.headers,{path:s.path,middleware:d}})).filter(c=>c!==void 0).flat()||[],n={...{signInSocial:Xe,callbackOAuth:rt,getSession:he(),signOut:ot,signUpEmail:gt(),signInEmail:et,forgetPassword:it,resetPassword:at,verifyEmail:Ye,sendVerificationEmail:Je,changeEmail:pt,changePassword:ct,setPassword:lt,updateUser:dt(),deleteUser:ut,forgetPasswordCallback:st,listSessions:Qe(),revokeSession:Ze,revokeSessions:We,linkSocialAccount:wt,listUserAccounts:yt},...r,ok:mt,error:ft},a={};for(let[c,s]of Object.entries(n))a[c]=async(d={})=>{let l=await e;for(let p of t.plugins||[])if(p.hooks?.before){for(let g of p.hooks.before)if(g.matcher({...s,...d,context:l})){let w=await g.handler({...d,context:{...l,...d?.context}});w&&"context"in w&&(l={...l,...w.context})}}let f;try{f=await s({...d,context:{...l,...d.context}})}catch(p){if(p instanceof kt){let g=t.plugins?.map(R=>{if(R.hooks?.after)return R.hooks.after}).filter(R=>R!==void 0).flat();if(!g?.length)throw p;let m=new Response(JSON.stringify(p.body),{status:Pr[p.status],headers:p.headers}),w;for(let R of g||[])if(R.matcher(d)){let qt=Object.assign(d,{context:{...e,returned:m}}),le=await R.handler(qt);le&&"response"in le&&(w=le.response)}if(w instanceof Response)return w;throw p}throw p}let u=f;for(let p of t.plugins||[])if(p.hooks?.after){for(let g of p.hooks.after)if(g.matcher(d)){let w=Object.assign(d,{context:{...e,returned:u}}),R=await g.handler(w);R&&"response"in R&&(u=R.response)}}return u},a[c].path=s.path,a[c].method=s.method,a[c].options=s.options,a[c].headers=s.headers;return{api:a,middlewares:o}}var Rt=(e,t)=>{let{api:r,middlewares:o}=we(e,t),i=new URL(e.baseURL).pathname;return Er(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:_e},...o],async onRequest(n){for(let a of e.options.plugins||[])if(a.onRequest){let c=await a.onRequest(n,e);if(c)return c}return At(n,e)},async onResponse(n){for(let a of e.options.plugins||[])if(a.onResponse){let c=await a.onResponse(n,e);if(c)return c.response}return n},onError(n){if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let a=t.logger?.verboseLogging?y:void 0;t.logger?.disabled!==!0&&(n instanceof kt?(n.status==="INTERNAL_SERVER_ERROR"&&y.error(n),a?.error(n.message)):y?.error(n))}})};var F=e=>{let t=e.plugins?.reduce((s,d)=>{let l=d.schema;if(!l)return s;for(let[f,u]of Object.entries(l))s[f]={fields:{...s[f]?.fields,...u.fields},tableName:u.tableName||f};return s},{}),r=e.rateLimit?.storage==="database",o={rateLimit:{tableName:e.rateLimit?.tableName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:i,session:n,account:a,...c}=t||{};return{user:{tableName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...i?.fields,...e.user?.additionalFields},order:1},session:{tableName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...n?.fields,...e.session?.additionalFields},order:2},account:{tableName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},expiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.expiresAt||"expiresAt"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},...a?.fields},order:3},verification:{tableName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"}},order:4},...c,...r?o:{}}};import{Kysely as xt,MssqlDialect as Ir}from"kysely";import{MysqlDialect as Ut,PostgresDialect as vt,SqliteDialect as Tt}from"kysely";function Et(e){if("dialect"in e)return Et(e.dialect);if("createDriver"in e){if(e instanceof Tt)return"sqlite";if(e instanceof Ut)return"mysql";if(e instanceof vt)return"postgres";if(e instanceof Ir)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var Y=async e=>{let t=e.database;if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new xt({dialect:t.dialect}),databaseType:t.type};let r,o=Et(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new Tt({database:t})),"getConnection"in t&&(r=new Ut({pool:t})),"connect"in t&&(r=new vt({pool:t})),{kysely:r?new xt({dialect:r}):null,databaseType:o}};function X(e){if(!e)return{and:null,or:null};let t={and:[],or:[]};return e.forEach(r=>{let{field:o,value:i,operator:n="=",connector:a="AND"}=r,c=s=>n.toLowerCase()==="in"?s(o,"in",Array.isArray(i)?i:[i]):n==="contains"?s(o,"like",`%${i}%`):n==="starts_with"?s(o,"like",`${i}%`):n==="ends_with"?s(o,"like",`%${i}`):s(o,n,i);a==="OR"?t.or.push(c):t.and.push(c)}),{and:t.and.length?t.and:null,or:t.or.length?t.or:null}}function ce(e,t,r){for(let o in e){let i=t[o]||Object.values(t).find(n=>n.fieldName===o);e[o]===0&&i.type==="boolean"&&r?.boolean&&(e[o]=!1),e[o]===1&&i?.type==="boolean"&&r?.boolean&&(e[o]=!0),i?.type==="date"&&(e[o]instanceof Date||(e[o]=new Date(e[o])))}return e}function Pt(e,t){for(let r in e)typeof e[r]=="boolean"&&t?.boolean&&(e[r]=e[r]?1:0),e[r]instanceof Date&&(e[r]=e[r].toISOString());return e}var It=(e,t)=>({id:"kysely",async create(r){let{model:o,data:i,select:n}=r;t?.transform&&(i=Pt(i,t.transform)),t?.generateId!==void 0&&(i.id=t.generateId?t.generateId():void 0);let a=await e.insertInto(o).values(i).returningAll().executeTakeFirst();if(t?.transform){let c=t.transform.schema[o];a=c?ce(i,c,t.transform):a}return n?.length&&(a=a?n.reduce((s,d)=>a?.[d]?{...s,[d]:a[d]}:s,{}):null),a},async findOne(r){let{model:o,where:i,select:n}=r,{and:a,or:c}=X(i),s=e.selectFrom(o).selectAll();a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.executeTakeFirst();if(n?.length&&(d=d?n.reduce((f,u)=>d?.[u]?{...f,[u]:d[u]}:f,{}):null),t?.transform){let l=t.transform.schema[o];return d=d&&l?ce(d,l,t.transform):d,d||null}return d||null},async findMany(r){let{model:o,where:i,limit:n,offset:a,sortBy:c}=r,s=e.selectFrom(o),{and:d,or:l}=X(i);d&&(s=s.where(u=>u.and(d.map(p=>p(u))))),l&&(s=s.where(u=>u.or(l.map(p=>p(u))))),s=s.limit(n||100),a&&(s=s.offset(a)),c&&(s=s.orderBy(c.field,c.direction));let f=await s.selectAll().execute();if(t?.transform){let u=t.transform.schema[o];return u?f.map(p=>ce(p,u,t.transform)):f}return f},async update(r){let{model:o,where:i,update:n}=r,{and:a,or:c}=X(i);t?.transform&&(n=Pt(n,t.transform)),n.id&&(n.id=void 0);let s=e.updateTable(o).set(n);a&&(s=s.where(l=>l.and(a.map(f=>f(l))))),c&&(s=s.where(l=>l.or(c.map(f=>f(l)))));let d=await s.returningAll().executeTakeFirst()||null;if(t?.transform){let l=t.transform.schema[o];return l?ce(d,l,t.transform):d}return d},async delete(r){let{model:o,where:i}=r,{and:n,or:a}=X(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()},async deleteMany(r){let{model:o,where:i}=r,{and:n,or:a}=X(i),c=e.deleteFrom(o);n&&(c=c.where(s=>s.and(n.map(d=>d(s))))),a&&(c=c.where(s=>s.or(a.map(d=>d(s))))),await c.execute()}});async function Ot(e){if(!e.database)throw new P("Database configuration is required");if("create"in e.database)return e.database;let{kysely:t,databaseType:r}=await Y(e);if(!t)throw new P("Failed to initialize database adapter");let o=F(e),i={};for(let n of Object.values(o))i[n.tableName]=n.fields;return It(t,{transform:{schema:i,date:!0,boolean:r==="sqlite"},generateId:"generateId"in e.database?e.database.generateId:void 0})}function be(e,t){let r=t.id?{id:t.id}:{};for(let o in e){let i=e[o],n=t[o];n!==void 0&&(r[i.fieldName||o]=n)}return r}function v(e,t){if(!t)return null;let r={id:t.id};for(let[o,i]of Object.entries(e))r[o]=t[i.fieldName||o];return r}import{decodeHex as Or,encodeHex as St}from"oslo/encoding";function _t(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let i=0;for(let n=0;n<r.length;n++)i|=r[n]^o[n];return i===0}import{scryptAsync as _r}from"@noble/hashes/scrypt";import{getRandomValues as Sr}from"uncrypto";var H={N:16384,r:16,p:1,dkLen:64};async function Lt(e,t){return await _r(e.normalize("NFKC"),t,{N:H.N,p:H.p,r:H.r,dkLen:H.dkLen,maxmem:128*H.N*H.r*2})}var Ct=async e=>{let t=St(Sr(new Uint8Array(16))),r=await Lt(e,t);return`${t}:${St(r)}`},Bt=async(e,t)=>{let[r,o]=e.split(":"),i=await Lt(t,r);return _t(i,Or(o))};function Dt(e,t){let r=t.hooks,o=F(t.options);async function i(a,c,s){let d=a,l=o[c];for(let p of r||[]){let g=p[c]?.create?.before;if(g){let m=await g(a);if(m===!1)return null;typeof m=="object"&&"data"in m&&(d=m.data)}}let f=s?await s.fn(d):null,u=!s||s.executeMainFn?await e.create({model:l.tableName,data:{...be(l.fields,d),id:d.id||T()}}):f;for(let p of r||[]){let g=p[c]?.create?.after;g&&await g(u)}return v(l.fields,u)}async function n(a,c,s,d){let l=a;for(let p of r||[]){let g=p[s]?.update?.before;if(g){let m=await g(a);if(m===!1)return null;l=typeof m=="object"?m.data:m}}let f=d?await d.fn(l):null,u=!d||d.executeMainFn?await e.update({model:o[s].tableName,update:be(o[s].fields,l),where:c}):f;for(let p of r||[]){let g=p[s]?.update?.after;g&&await g(u)}return v(o[s].fields,u)}return{createWithHooks:i,updateWithHooks:n}}var Ae=(e,t)=>{let r=t.options,o=r.secondaryStorage,i=r.session?.expiresIn||60*60*24*7,n=F(r),{createWithHooks:a,updateWithHooks:c}=Dt(e,t);return{createOAuthUser:async(s,d)=>{try{let l=await a({id:T(),createdAt:new Date,updatedAt:new Date,...s},"user"),f=await a({id:T(),...d,userId:l.id||s.id},"account");return{user:l,account:f}}catch(l){return console.log(l),null}},createUser:async s=>await a({id:T(),createdAt:new Date,updatedAt:new Date,emailVerified:!1,...s},"user"),createAccount:async s=>await a({id:T(),createdAt:new Date,updatedAt:new Date,...s},"account"),listSessions:async s=>await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),listUsers:async(s,d,l,f)=>(await e.findMany({model:n.user.tableName,limit:s,offset:d,sortBy:l,where:f})).map(p=>v(n.user.fields,p)),deleteUser:async s=>{await e.delete({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]}),await e.deleteMany({model:n.user.tableName,where:[{field:"id",value:s}]})},createSession:async(s,d,l,f)=>{let u=d instanceof Request?d.headers:d,p={id:T(32),userId:s,expiresAt:l?B(60*60*24,"sec"):B(i,"sec"),ipAddress:d&&de(d)||"",userAgent:u?.get("user-agent")||"",...f};return await a(p,"session",o?{fn:async m=>{let w=await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]});return o.set(m.id,JSON.stringify({session:m,user:w}),i),m},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async s=>{if(o){let u=await o.get(s);if(u){let p=JSON.parse(u);return{session:{...p.session,expiresAt:new Date(p.session.expiresAt)},user:{...p.user,createdAt:new Date(p.user.createdAt),updatedAt:new Date(p.user.updatedAt)}}}}let d=await e.findOne({model:n.session.tableName,where:[{value:s,field:"id"}]});if(!d)return null;let l=v(n.session.fields,d),f=await e.findOne({model:n.user.tableName,where:[{value:l.userId,field:"id"}]});return f?{session:l,user:v(n.user.fields,f)}:null},findSessions:async s=>{if(o){let u=[];for(let p of s){let g=await o.get(p);if(g){let m=JSON.parse(g),w={session:{...m.session,expiresAt:new Date(m.session.expiresAt)},user:{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)}};u.push(w)}}return u}let d=await e.findMany({model:n.session.tableName,where:[{field:"id",value:s,operator:"in"}]}),l=d.map(u=>v(n.session.fields,u).userId);if(!l.length)return[];let f=await e.findMany({model:n.user.tableName,where:[{field:"id",value:l,operator:"in"}]});return d.map(u=>{let p=f.find(g=>g.id===u.userId);return p?{session:v(n.session.fields,u),user:v(n.user.fields,p)}:null})},updateSession:async(s,d)=>await c(d,[{field:"id",value:s}],"session",o?{async fn(f){let u=await o.get(s),p=null;if(u){let g=JSON.parse(u);p={...g.session,...f},await o.set(s,JSON.stringify({session:p,user:g.user}),g.session.expiresAt?Math.floor((g.session.expiresAt.getTime()-Date.now())/1e3):i)}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async s=>{if(o){await o.delete(s),r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]});return}await e.delete({model:n.session.tableName,where:[{field:"id",value:s}]})},deleteSessions:async s=>{if(o){let d=await e.findMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});for(let l of d)await o.delete(l.id);r.session?.storeSessionInDatabase&&await e.delete({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]});return}await e.deleteMany({model:n.session.tableName,where:[{field:n.session.fields.userId.fieldName||"userId",value:s}]})},findUserByEmail:async(s,d)=>{let l=await e.findOne({model:n.user.tableName,where:[{value:s.toLowerCase(),field:n.user.fields.email.fieldName||"email"}]});if(!l)return null;if(d?.includeAccounts){let f=await e.findMany({model:n.account.tableName,where:[{value:l.id,field:n.account.fields.userId.fieldName||"userId"}]});return{user:v(n.user.fields,l),accounts:f.map(u=>v(n.account.fields,u))}}return{user:v(n.user.fields,l),accounts:[]}},findUserById:async s=>await e.findOne({model:n.user.tableName,where:[{field:"id",value:s}]}),linkAccount:async s=>await a({id:T(),...s},"account"),updateUser:async(s,d)=>await c(d,[{field:"id",value:s}],"user"),updateUserByEmail:async(s,d)=>await c(d,[{field:n.user.fields.email.fieldName||"email",value:s}],"user"),updatePassword:async(s,d)=>await c({password:d},[{field:n.account.fields.userId.fieldName||"userId",value:s},{field:n.account.fields.providerId.fieldName||"providerId",value:"credential"}],"account"),findAccounts:async s=>(await e.findMany({model:n.account.tableName,where:[{field:n.account.fields.userId.fieldName||"userId",value:s}]})).map(l=>v(n.account.fields,l)),updateAccount:async(s,d)=>await c(d,[{field:"id",value:s}],"account"),createVerificationValue:async s=>await a({id:T(),...s},"verification"),findVerificationValue:async s=>{let d=await e.findMany({model:n.verification.tableName,where:[{field:n.verification.fields.identifier.fieldName||"identifier",value:s}],limit:100}),l=d.pop();return d.length>0&&await e.deleteMany({model:n.verification.tableName,where:[{operator:"in",field:"id",value:d.map(f=>f.id)}]}),l?v(n.verification.fields,l):null},deleteVerificationValue:async s=>{await e.delete({model:n.verification.tableName,where:[{field:"id",value:s}]})},updateVerificationValue:async(s,d)=>await c(d,[{field:"id",value:s}],"verification")}};import{z as Na}from"zod";import{defu as Lr}from"defu";var ke="better-auth-secret-123456789";import{APIError as Nt}from"better-call";async function Ft(e,t){let o=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),i=o?.password;if(!o||!i)throw new Nt("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(i,t.body.password))throw new Nt("BAD_REQUEST",{message:"Invalid password"});return!0}var Vt=async e=>{let t=await Ot(e),r=e.plugins||[],o=Br(e),{kysely:i}=await Y(e),n=Q(e.baseURL,e.basePath),a=e.secret||E.BETTER_AUTH_SECRET||E.AUTH_SECRET||ke;a===ke&&K&&y.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:n?new URL(n).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(o),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let c=Se(e),s=F(e),d=Object.keys(e.socialProviders||{}).map(u=>{let p=e.socialProviders?.[u];return p.enabled===!1?null:((!p.clientId||!p.clientSecret)&&y.warn(`Social provider ${u} is missing clientId or clientSecret`),ge[u](p))}).filter(u=>u!==null),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:s,trustedOrigins:Dr(e),baseURL:n||"",sessionConfig:{updateAge:e.session?.updateAge||24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??K,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:c,logger:pe({disabled:e.logger?.disabled||!1}),db:i,uuid:T,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||Ct,verify:e.emailAndPassword?.password?.verify||Bt,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:Ft},adapter:t,internalAdapter:Ae(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[]}),createAuthCookie:fe(e)},{context:f}=Cr(l);return f};function Cr(e){let t=e.options,r=t.plugins||[],o=e,i=[];for(let n of r)if(n.init){let a=n.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&i.push(a.options.databaseHooks),t=Lr(t,a.options)),a.context&&(o={...o,...a.context}))}return i.push(t.databaseHooks),o.internalAdapter=Ae(e.adapter,{options:t,hooks:i.filter(n=>n!==void 0)}),o.options=t,{context:o}}function Br(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function Dr(e){let t=Q(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let o=E.BETTER_AUTH_TRUSTED_ORIGINS;return o&&r.push(...o.split(",")),r}var xd=e=>{let t=Vt(e),{api:r}=we(t,e);return{handler:async o=>{let i=await t,n=i.options.basePath||"/api/auth",a=new URL(o.url);if(!i.options.baseURL){let s=Q(void 0,n)||`${a.origin}${n}`;i.options.baseURL=s,i.baseURL=s}if(i.trustedOrigins=[a.origin,...i.options.trustedOrigins||[]],!i.options.baseURL)return new Response("Base URL not set",{status:400});if(a.pathname===n||a.pathname===`${n}/`)return new Response("Welcome to BetterAuth",{status:200});let{handler:c}=Rt(i,e);return c(o)},api:r,options:e,$Infer:{}}};export{P as BetterAuthError,z as HIDE_METADATA,Ee as MissingDependencyError,xd as betterAuth,Vr as capitalizeFirstLetter,fe as createCookieGetter,pe as createLogger,j as deleteSessionCookie,T as generateId,oe as generateState,Se as getCookies,y as logger,bo as parseCookies,wo as parseSetCookieHeader,Oe as parseState,_ as setSessionCookie};

package/dist/node.d.cts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as http from 'http';
 import { IncomingHttpHeaders } from 'http';
-import { a as Auth } from './auth-BkJnc76F.cjs';
+import { a as Auth } from './auth-B5ozNy5X.cjs';
 import 'node_modules/better-call/dist/router-Bn7zn81P';
 import 'zod';
 import 'kysely';

package/dist/node.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as http from 'http';
 import { IncomingHttpHeaders } from 'http';
-import { a as Auth } from './auth-G61_RA8H.js';
+import { a as Auth } from './auth-BBUjEh9D.js';
 import 'node_modules/better-call/dist/router-Bn7zn81P';
 import 'zod';
 import 'kysely';

package/dist/oauth2.d.cts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { d as ProviderOptions, O as OAuth2Tokens } from './index-DUqGSAH3.cjs';
 export { e as OAuthProvider } from './index-DUqGSAH3.cjs';
-export { g as generateState, p as parseState } from './state-UgidHWa5.cjs';
+export { g as generateState, p as parseState } from './state-8Gh7gmo8.cjs';
 import 'zod';
-import './auth-BkJnc76F.cjs';
+import './auth-B5ozNy5X.cjs';
 import 'node_modules/better-call/dist/router-Bn7zn81P';
 import 'kysely';
 import 'better-call';

package/dist/oauth2.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { d as ProviderOptions, O as OAuth2Tokens } from './index-DUqGSAH3.js';
 export { e as OAuthProvider } from './index-DUqGSAH3.js';
-export { g as generateState, p as parseState } from './state-CTWPRYsC.js';
+export { g as generateState, p as parseState } from './state-BU1iZb12.js';
 import 'zod';
-import './auth-G61_RA8H.js';
+import './auth-BBUjEh9D.js';
 import 'node_modules/better-call/dist/router-Bn7zn81P';
 import 'kysely';
 import 'better-call';