better-auth 0.8.8-beta.1 → 0.8.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/dist/adapters/drizzle.d.cts +1 -1
  2. package/dist/adapters/drizzle.d.ts +1 -1
  3. package/dist/adapters/kysely.d.cts +1 -1
  4. package/dist/adapters/kysely.d.ts +1 -1
  5. package/dist/adapters/memory.d.cts +1 -1
  6. package/dist/adapters/memory.d.ts +1 -1
  7. package/dist/adapters/mongodb.d.cts +1 -1
  8. package/dist/adapters/mongodb.d.ts +1 -1
  9. package/dist/adapters/prisma.d.cts +1 -1
  10. package/dist/adapters/prisma.d.ts +1 -1
  11. package/dist/api.cjs +4 -4
  12. package/dist/api.d.cts +1 -1
  13. package/dist/api.d.ts +1 -1
  14. package/dist/api.js +4 -4
  15. package/dist/{auth-DsZXpnOl.d.ts → auth-BM9xLLak.d.ts} +53 -53
  16. package/dist/{auth-BiSlZarn.d.cts → auth-DvJrys4P.d.cts} +53 -53
  17. package/dist/client/plugins.d.cts +3 -3
  18. package/dist/client/plugins.d.ts +3 -3
  19. package/dist/client.d.cts +1 -1
  20. package/dist/client.d.ts +1 -1
  21. package/dist/cookies.cjs +1 -1
  22. package/dist/cookies.d.cts +1 -1
  23. package/dist/cookies.d.ts +1 -1
  24. package/dist/cookies.js +1 -1
  25. package/dist/db.d.cts +2 -2
  26. package/dist/db.d.ts +2 -2
  27. package/dist/{index-CZCI_0c2.d.ts → index-B8lBOXue.d.ts} +4 -9
  28. package/dist/{index-3hk0Leba.d.cts → index-Q5mYsB6F.d.cts} +4 -9
  29. package/dist/index.cjs +4 -4
  30. package/dist/index.d.cts +2 -2
  31. package/dist/index.d.ts +2 -2
  32. package/dist/index.js +4 -4
  33. package/dist/next-js.cjs +1 -1
  34. package/dist/next-js.d.cts +5 -2
  35. package/dist/next-js.d.ts +5 -2
  36. package/dist/next-js.js +1 -1
  37. package/dist/node.d.cts +1 -1
  38. package/dist/node.d.ts +1 -1
  39. package/dist/oauth2.d.cts +2 -2
  40. package/dist/oauth2.d.ts +2 -2
  41. package/dist/plugins.cjs +4 -4
  42. package/dist/plugins.d.cts +3 -3
  43. package/dist/plugins.d.ts +3 -3
  44. package/dist/plugins.js +4 -4
  45. package/dist/react.d.cts +1 -1
  46. package/dist/react.d.ts +1 -1
  47. package/dist/solid-start.d.cts +1 -1
  48. package/dist/solid-start.d.ts +1 -1
  49. package/dist/solid.d.cts +1 -1
  50. package/dist/solid.d.ts +1 -1
  51. package/dist/{state-CZKqFMHk.d.ts → state-BqGNeEGX.d.ts} +1 -1
  52. package/dist/{state-bV_5gPfz.d.cts → state-Cq7VAq1Y.d.cts} +1 -1
  53. package/dist/svelte-kit.d.cts +1 -1
  54. package/dist/svelte-kit.d.ts +1 -1
  55. package/dist/svelte.d.cts +1 -1
  56. package/dist/svelte.d.ts +1 -1
  57. package/dist/types.d.cts +2 -2
  58. package/dist/types.d.ts +2 -2
  59. package/dist/vue.d.cts +1 -1
  60. package/dist/vue.d.ts +1 -1
  61. package/package.json +1 -1
package/dist/adapters/drizzle.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
1
+ import { B as BetterAuthOptions, W as Where } from '../auth-DvJrys4P.cjs';
2
2
  import 'kysely';
3
3
  import 'zod';
4
4
  import 'better-call';
package/dist/adapters/drizzle.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
1
+ import { B as BetterAuthOptions, W as Where } from '../auth-BM9xLLak.js';
2
2
  import 'kysely';
3
3
  import 'zod';
4
4
  import 'better-call';
package/dist/adapters/kysely.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Kysely } from 'kysely';
2
- import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-BiSlZarn.cjs';
2
+ import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-DvJrys4P.cjs';
3
3
  import 'zod';
4
4
  import 'better-call';
5
5
  import '../helper-DrEEwdyQ.cjs';
package/dist/adapters/kysely.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Kysely } from 'kysely';
2
- import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-DsZXpnOl.js';
2
+ import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-BM9xLLak.js';
3
3
  import 'zod';
4
4
  import 'better-call';
5
5
  import '../helper-DrEEwdyQ.js';
package/dist/adapters/memory.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
1
+ import { B as BetterAuthOptions, W as Where } from '../auth-DvJrys4P.cjs';
2
2
  import 'kysely';
3
3
  import 'zod';
4
4
  import 'better-call';
package/dist/adapters/memory.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
1
+ import { B as BetterAuthOptions, W as Where } from '../auth-BM9xLLak.js';
2
2
  import 'kysely';
3
3
  import 'zod';
4
4
  import 'better-call';
package/dist/adapters/mongodb.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Db } from 'mongodb';
2
- import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
2
+ import { B as BetterAuthOptions, W as Where } from '../auth-DvJrys4P.cjs';
3
3
  import 'kysely';
4
4
  import 'zod';
5
5
  import 'better-call';
package/dist/adapters/mongodb.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Db } from 'mongodb';
2
- import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
2
+ import { B as BetterAuthOptions, W as Where } from '../auth-BM9xLLak.js';
3
3
  import 'kysely';
4
4
  import 'zod';
5
5
  import 'better-call';
package/dist/adapters/prisma.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
1
+ import { B as BetterAuthOptions, W as Where } from '../auth-DvJrys4P.cjs';
2
2
  import 'kysely';
3
3
  import 'zod';
4
4
  import 'better-call';
package/dist/adapters/prisma.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
1
+ import { B as BetterAuthOptions, W as Where } from '../auth-BM9xLLak.js';
2
2
  import 'kysely';
3
3
  import 'zod';
4
4
  import 'better-call';
package/dist/api.cjs CHANGED
@@ -1,6 +1,6 @@
1
- "use strict";var ue=Object.defineProperty;var $t=Object.getOwnPropertyDescriptor;var Nt=Object.getOwnPropertyNames;var qt=Object.prototype.hasOwnProperty;var Ht=(e,t)=>{for(var r in t)ue(e,r,{get:t[r],enumerable:!0})},Ft=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of Nt(t))!qt.call(e,n)&&n!==r&&ue(e,n,{get:()=>t[n],enumerable:!(o=$t(t,n))||o.enumerable});return e};var Mt=e=>Ft(ue({},"__esModule",{value:!0}),e);var mr={};Ht(mr,{APIError:()=>jt.APIError,callbackOAuth:()=>_e,changeEmail:()=>De,changePassword:()=>Ie,createAuthEndpoint:()=>p,createAuthMiddleware:()=>W,createEmailVerificationToken:()=>C,deleteUser:()=>Be,error:()=>Ve,forgetPassword:()=>Pe,forgetPasswordCallback:()=>Se,getEndpoints:()=>zt,getSession:()=>ie,getSessionFromCtx:()=>Y,linkSocialAccount:()=>qe,listSessions:()=>ye,listUserAccounts:()=>Ne,ok:()=>ze,optionsMiddleware:()=>pe,originCheckMiddleware:()=>me,resetPassword:()=>Le,revokeOtherSessions:()=>Re,revokeSession:()=>Ae,revokeSessions:()=>ke,router:()=>pr,sendVerificationEmail:()=>Ue,sessionMiddleware:()=>_,setPassword:()=>Ce,signInEmail:()=>xe,signInSocial:()=>Ee,signOut:()=>Te,signUpEmail:()=>je,updateUser:()=>Oe,verifyEmail:()=>ve});module.exports=Mt(mr);var $=require("better-call");var He=require("better-call");var N=require("better-call"),pe=(0,N.createMiddleware)(async()=>({})),W=(0,N.createMiddlewareCreator)({use:[pe,(0,N.createMiddleware)(async()=>({}))]}),p=(0,N.createEndpointCreator)({use:[pe]});var me=W(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,n=e.headers?.get("origin")||e.headers?.get("referer")||"",i=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,a=r?.currentURL,d=o.trustedOrigins,c=e.headers?.has("cookie"),l=(m,u)=>u.includes("*")?new RegExp("^"+u.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(m):m.startsWith(u),f=(m,u)=>{if(!m)return;if(!d.some(k=>l(m,k)||m?.startsWith("/")&&u!=="origin"&&!m.includes(":")))throw e.context.logger.error(`Invalid ${u}: ${m}`),e.context.logger.info(`If it's a valid URL, please add ${m} to trustedOrigins in your auth config
2
- `,`Current list of trustedOrigins: ${d}`),new He.APIError("FORBIDDEN",{message:`Invalid ${u}`})};c&&!e.context.options.advanced?.disableCSRFCheck&&f(n,"origin"),i&&f(i,"callbackURL"),s&&f(s,"redirectURL"),a&&f(a,"currentURL")});var U=require("better-call"),b=require("zod");var Jt=require("oslo"),Qe=require("oslo/encoding");var X=require("oslo/crypto");async function Gt({value:e,secret:t}){return new X.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function Qt({value:e,signature:t,secret:r}){return new X.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var ee={sign:Gt,verify:Qt};var q=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};var I=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var te=Object.create(null),K=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?te:globalThis),Fe=new Proxy(te,{get(e,t){return K()[t]??te[t]},has(e,t){let r=K();return t in r||t in te},set(e,t,r){let o=K(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=K(!0);return delete r[t],!0},ownKeys(){let e=K(!0);return Object.keys(e)}});function Zt(e){return e?e!=="false":!1}var fe=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var Me=fe==="dev"||fe==="development",Ge=fe==="test"||Zt(Fe.TEST);async function x(e,t,r,o){let n=e.context.authCookies.sessionToken.options,i=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...n,maxAge:i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(Qe.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:I(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await ee.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function D(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}var tt=require("@better-fetch/fetch"),rt=require("better-call"),M=require("jose"),ot=require("oslo/jwt");var Ze=require("oslo/crypto"),Je=require("oslo/encoding");async function We(e){let t=await(0,Ze.sha256)(new TextEncoder().encode(e));return Je.base64url.encode(new Uint8Array(t),{includePadding:!1})}function Ke(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?I(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function A({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:s,redirectURI:a}){let d=new URL(r);if(d.searchParams.set("response_type","code"),d.searchParams.set("client_id",t.clientId),d.searchParams.set("state",o),d.searchParams.set("scope",i.join(" ")),d.searchParams.set("redirect_uri",t.redirectURI||a),n){let c=await We(n);d.searchParams.set("code_challenge_method","S256"),d.searchParams.set("code_challenge",c)}if(s){let c=s.reduce((l,f)=>(l[f]=null,l),{});d.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...c}}))}return d}var Ye=require("@better-fetch/fetch");async function h({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n,authentication:i}){let s=new URLSearchParams,a={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),i==="basic"){let f=btoa(`${o.clientId}:${o.clientSecret}`);a.authorization=`Basic ${f}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:d,error:c}=await(0,Ye.betterFetch)(n,{method:"POST",body:s,headers:a});if(c)throw c;return Ke(d)}var re=require("oslo/oauth2"),V=require("zod"),ge=require("better-call");function Xe(e){try{return new URL(e).origin}catch{return null}}async function oe(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?Xe(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new ge.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,re.generateCodeVerifier)(),n=(0,re.generateState)(),i=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let a=await e.context.internalAdapter.createVerificationValue({value:i,identifier:n,expiresAt:s});if(!a)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new ge.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:a.identifier,codeVerifier:o}}async function et(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=V.z.object({callbackURL:V.z.string(),codeVerifier:V.z.string(),errorURL:V.z.string().optional(),expiresAt:V.z.number(),link:V.z.object({email:V.z.string(),userId:V.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var nt=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=o||["email","name"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>h({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let n=(0,M.decodeProtectedHeader)(r),{kid:i,alg:s}=n;if(!i||!s)return!1;let a=await Wt(i),{payload:d}=await(0,M.jwtVerify)(r,a,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(c=>{d[c]!==void 0&&(d[c]=!!d[c])}),o&&d.nonce!==o?!1:!!d},async getUserInfo(r){if(!r.idToken)return null;let o=(0,ot.parseJWT)(r.idToken)?.payload;if(!o)return null;let n=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email;return{user:{id:o.sub,name:n,emailVerified:!1,email:o.email},data:o}}}},Wt=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await(0,tt.betterFetch)(`${t}${r}`);if(!o?.keys)throw new rt.APIError("BAD_REQUEST",{message:"Keys not found"});let n=o.keys.find(i=>i.kid===e);if(!n)throw new Error(`JWK with kid ${e} not found`);return await(0,M.importJWK)(n,n.alg)};var it=require("@better-fetch/fetch");var st=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["identify","email"];return e.scope&&n.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>h({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,it.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var at=require("@better-fetch/fetch");var dt=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["email","public_profile"];return e.scope&&n.push(...e.scope),await A({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>h({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,at.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var he=require("@better-fetch/fetch");var ct=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),A({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>h({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await(0,he.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:s,error:a}=await(0,he.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});a||(o.email=(s.find(d=>d.primary)??s[0])?.email,i=s.find(d=>d.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};var ut=require("oslo/jwt");var lt=require("consola"),we=["info","success","warn","error","debug"];function Kt(e,t){return we.indexOf(t)<=we.indexOf(e)}var Yt=(0,lt.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),Xt=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(n,i,s=[])=>{if(!(!t||!Kt(r,n))){if(!e||typeof e.log!="function"){Yt[n]("",i,...s);return}e.log(n==="success"?"info":n,i,s)}};return Object.fromEntries(we.map(n=>[n,(...[i,...s])=>o(n,i,s)]))},S=Xt();var pt=require("@better-fetch/fetch"),mt=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw S.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new q("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new q("codeVerifier is required for Google");let i=r||["email","profile","openid"];e.scope&&i.push(...e.scope);let s=await A({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>h({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:n}=await(0,pt.betterFetch)(o);return n?n.aud===e.clientId&&n.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(!t.idToken)return null;let r=(0,ut.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var ft=require("@better-fetch/fetch"),gt=require("oslo/jwt");var ht=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=n.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),A({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:s}){return h({code:n,codeVerifier:i,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=(0,gt.parseJWT)(n.idToken)?.payload,s=e.profilePhotoSize||48;return await(0,ft.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(a){if(!(e.disableProfilePhoto||!a.response.ok))try{let c=await a.response.clone().arrayBuffer(),l=Buffer.from(c).toString("base64");i.picture=`data:image/jpeg;base64, ${l}`}catch(d){S.error(d&&typeof d=="object"&&"name"in d?d.name:"",d)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};var wt=require("@better-fetch/fetch");var bt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=r||["user-read-email"];return e.scope&&i.push(...e.scope),A({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>h({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,wt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var G={isAction:!1};var yt=require("nanoid"),At=e=>(0,yt.nanoid)(e);var kt=require("oslo/jwt");var Rt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["user:read:email","openid"];return e.scope&&n.push(...e.scope),A({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>h({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return S.error("No idToken found in token"),null;let o=(0,kt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var Ut=require("@better-fetch/fetch");var vt=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),A({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>h({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,Ut.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Et=require("@better-fetch/fetch");var xt=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:n,redirectURI:i})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await A({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>await h({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await(0,Et.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return n?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var _t=require("@better-fetch/fetch");var Tt=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:n,redirectURI:i})=>{let s=n||["profile","email","openid"];return e.scope&&s.push(...e.scope),await A({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:i})},validateAuthorizationCode:async({code:o,redirectURI:n})=>await h({code:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:n,error:i}=await(0,_t.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return i?null:{user:{id:n.sub,name:n.name,email:n.email,emailVerified:n.email_verified||!1,image:n.picture},data:n}}}};var Pt=require("@better-fetch/fetch");var be=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),er=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:be(`${t}/oauth/authorize`),tokenEndpoint:be(`${t}/oauth/token`),userinfoEndpoint:be(`${t}/api/v4/user`)}},St=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=er(e.issuer),n="gitlab";return{id:n,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:a,codeVerifier:d,redirectURI:c})=>{let l=a||["read_user"];return e.scope&&l.push(...e.scope),await A({id:n,options:e,authorizationEndpoint:t,scopes:l,state:s,redirectURI:c,codeVerifier:d})},validateAuthorizationCode:async({code:s,redirectURI:a,codeVerifier:d})=>h({code:s,redirectURI:e.redirectURI||a,options:e,codeVerifier:d,tokenEndpoint:r}),async getUserInfo(s){let{data:a,error:d}=await(0,Pt.betterFetch)(o,{headers:{authorization:`Bearer ${s.accessToken}`}});return d||a.state!=="active"||a.locked?null:{user:{id:a.id.toString(),name:a.name??a.username,email:a.email,image:a.avatar_url,emailVerified:!0},data:a}}}};var tr={apple:nt,discord:st,facebook:dt,github:ct,microsoft:ht,google:mt,spotify:bt,twitch:Rt,twitter:vt,dropbox:xt,linkedin:Tt,gitlab:St},ne=Object.keys(tr);var Ot=require("oslo"),se=require("oslo/jwt"),O=require("zod");var j=require("better-call");var z=require("better-call");var Q=require("zod");function Lt(e){try{return JSON.parse(e)}catch{return null}}var ie=()=>p("/get-session",{method:"GET",query:Q.z.optional(Q.z.object({disableCookieCache:Q.z.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?Lt(Buffer.from(r,"base64").toString()):null;if(o&&!await ee.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return D(e),e.json(null);let n=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let l=o.session;if(o.expiresAt<Date.now()||l.session.expiresAt<new Date){let m=e.context.authCookies.sessionData.name;e.setCookie(m,"",{maxAge:0})}else return e.json(l)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return D(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null);if(n)return e.json(i);let s=e.context.sessionConfig.expiresIn,a=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-s*1e3+a*1e3<=Date.now()){let l=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:I(e.context.sessionConfig.expiresIn,"sec")});if(!l)return D(e),e.json(null,{status:401});let f=(l.expiresAt.valueOf()-Date.now())/1e3;return await x(e,{session:l,user:i.user},!1,{maxAge:f}),e.json({session:l,user:i.user})}return e.json(i)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new z.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),Y=async e=>{if(e.context.session)return e.context.session;let t=await ie()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},_=W(async e=>{let t=await Y(e);if(!t?.session)throw new z.APIError("UNAUTHORIZED");return{session:t}}),ye=()=>p("/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ae=p("/revoke-session",{method:"POST",body:Q.z.object({id:Q.z.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new z.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new z.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),ke=p("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Re=p("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[_]},async e=>{let t=e.context.session;if(!t.user)throw new z.APIError("UNAUTHORIZED");let n=(await e.context.internalAdapter.listSessions(t.user.id)).filter(i=>i.expiresAt>new Date).filter(i=>i.id!==e.context.session.session.id);return await Promise.all(n.map(i=>e.context.internalAdapter.deleteSession(i.id))),e.json({status:!0})});async function C(e,t,r){return await(0,se.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Ot.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Ue=p("/send-verification-email",{method:"POST",query:O.z.object({currentURL:O.z.string().optional()}).optional(),body:O.z.object({email:O.z.string().email(),callbackURL:O.z.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new j.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new j.APIError("BAD_REQUEST",{message:"User not found"});let o=await C(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:n,token:o},e.request),e.json({status:!0})}),ve=p("/verify-email",{method:"GET",query:O.z.object({token:O.z.string(),callbackURL:O.z.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await(0,se.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(s){throw e.context.logger.error("Failed to verify email",s),new j.APIError("BAD_REQUEST",{message:"Invalid token"})}let n=O.z.object({email:O.z.string().email(),updateTo:O.z.string().optional()}).parse(r.payload),i=await e.context.internalAdapter.findUserByEmail(n.email);if(!i)throw new j.APIError("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let s=await Y(e);if(!s)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j.APIError("UNAUTHORIZED",{message:"Session not found"});if(s.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new j.APIError("UNAUTHORIZED",{message:"Invalid session"});let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${t}`,token:t},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await Y(e)){let a=await e.context.internalAdapter.createSession(i.user.id,e.request);if(!a)throw new j.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await x(e,{session:a,user:i.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function ae(e,{userInfo:t,account:r,callbackURL:o}){let n=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(a=>{throw S.error(`Better auth was unable to query your database.
3
- Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),i=n?.user;if(n){let a=n.accounts.find(d=>d.providerId===r.providerId);if(a)await e.context.internalAdapter.updateAccount(a.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return Me&&S.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),id:e.context.uuid(),userId:n.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt})}catch(l){return S.error("Unable to link account",l),{error:"unable to link account",data:null}}}}else try{let a=t.emailVerified||!1;if(i=await e.context.internalAdapter.createOAuthUser({...t,id:e.context.uuid(),emailVerified:a,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,providerId:r.providerId,accountId:t.id.toString()}).then(d=>d?.user),!a&&i&&e.context.options.emailVerification?.sendOnSignUp){let d=await C(e.context.secret,i.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:i,url:c,token:d},e.request)}}catch(a){return S.error("Unable to create user",a),{error:"unable to create user",data:null}}if(!i)return{error:"unable to create user",data:null};let s=await e.context.internalAdapter.createSession(i.id,e.request);return s?{data:{session:s,user:i},error:null}:{error:"unable to create session",data:null}}var Ee=p("/sign-in/social",{method:"POST",query:b.z.object({currentURL:b.z.string().optional()}).optional(),body:b.z.object({callbackURL:b.z.string().optional(),errorCallbackURL:b.z.string().optional(),provider:b.z.enum(ne),disableRedirect:b.z.boolean().optional(),idToken:b.z.optional(b.z.object({token:b.z.string(),nonce:b.z.string().optional(),accessToken:b.z.string().optional(),refreshToken:b.z.string().optional(),expiresAt:b.z.number().optional()}))})},async e=>{let t=e.context.socialProviders.find(i=>i.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new U.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new U.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:i,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(i,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new U.APIError("UNAUTHORIZED",{message:"Invalid id token"});let d=await t.getUserInfo({idToken:i,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!d||!d?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new U.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!d.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new U.APIError("UNAUTHORIZED",{message:"User email not found"});let c=await ae(e,{userInfo:{email:d.user.email,id:d.user.id,name:d.user.name||"",image:d.user.image,emailVerified:d.user.emailVerified||!1},account:{providerId:t.id,accountId:d.user.id,accessToken:e.body.idToken.accessToken}});if(c.error)throw new U.APIError("UNAUTHORIZED",{message:c.error});return await x(e,c.data),e.json({session:c.data.session,user:c.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await oe(e),n=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:n.toString(),redirect:!e.body.disableRedirect})}),xe=p("/sign-in/email",{method:"POST",body:b.z.object({email:b.z.string(),password:b.z.string(),callbackURL:b.z.string().optional(),rememberMe:b.z.boolean().default(!0).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new U.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!b.z.string().email().safeParse(t).success)throw new U.APIError("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new U.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let i=n.accounts.find(c=>c.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new U.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let s=i?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new U.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new U.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Email verification is required but no email verification handler is provided"),new U.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await C(e.context.secret,n.user.email),l=`${e.context.baseURL}/verify-email?token=${c}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:n.user,url:l,token:c},e.request),e.context.logger.error("Email not verified",{email:t}),new U.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let d=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.rememberMe===!1);if(!d)throw e.context.logger.error("Failed to create session"),new U.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await x(e,{session:d,user:n.user},e.body.rememberMe===!1),e.json({user:n.user,session:d,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var Z=require("zod");var de=Z.z.object({code:Z.z.string().optional(),error:Z.z.string().optional(),errorMessage:Z.z.string().optional(),state:Z.z.string().optional()}),_e=p("/callback/:id",{method:["GET","POST"],body:de.optional(),query:de.optional(),metadata:G},async e=>{let t;try{if(e.method==="GET")t=de.parse(e.query);else if(e.method==="POST")t=de.parse(e.body);else throw new Error("Unsupported method")}catch(P){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",P),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:n}=t;if(!n)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}`);let i=e.context.socialProviders.find(P=>P.id===e.params.id);if(!i)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:s,callbackURL:a,link:d,errorURL:c}=await et(e),l;try{l=await i.validateAuthorizationCode({code:r,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${i.id}`})}catch(P){throw e.context.logger.error("",P),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let f=await i.getUserInfo(l).then(P=>P?.user),u={id:At(),...f};function y(P){let E=c||a||`${e.context.baseURL}/error`;throw E.includes("?")?E=`${E}&error=${P}`:E=`${E}?error=${P}`,e.redirect(E)}if(!f)return e.context.logger.error("Unable to get user info"),y("unable_to_get_user_info");if(!u.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),y("email_not_found");if(!a)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(d){if(d.email!==u.email.toLowerCase())return y("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:d.userId,providerId:i.id,accountId:f.id}))return y("unable_to_link_account");let E;try{E=new URL(a).toString()}catch{E=a}throw e.redirect(E)}let k=await ae(e,{userInfo:{email:u.email,id:u.id,name:u.name||"",image:u.image,emailVerified:u.emailVerified||!1},account:{providerId:i.id,accountId:f.id,accessToken:l.accessToken,refreshToken:l.refreshToken,expiresAt:l.accessTokenExpiresAt},callbackURL:a});if(k.error)return e.context.logger.error(k.error.split(" ").join("_")),y(k.error.split(" ").join("_"));let{session:T,user:w}=k.data;await x(e,{session:T,user:w});let F;try{F=new URL(a).toString()}catch{F=a}throw e.redirect(F)});var zn=require("zod");var It=require("better-call"),Te=p("/sign-out",{method:"POST",requireHeaders:!0},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw D(e),new It.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),D(e),e.json({success:!0})});var L=require("zod");var ce=require("better-call");function Ct(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([n,i])=>o.searchParams.set(n,i)),o.href}function rr(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([n,i])=>o.searchParams.set(n,i)),o.href}var Pe=p("/forget-password",{method:"POST",body:L.z.object({email:L.z.string().email(),redirectTo:L.z.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ce.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=I(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n,"sec"),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:i});let a=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:a,token:s},e.request),e.json({status:!0})}),Se=p("/reset-password/:token",{method:"GET",query:L.z.object({callbackURL:L.z.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Ct(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Ct(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(rr(e.context,r,{token:t}))}),Le=p("/reset-password",{query:L.z.optional(L.z.object({token:L.z.string().optional(),currentURL:L.z.string().optional()})),method:"POST",body:L.z.object({newPassword:L.z.string(),token:L.z.string().optional()})},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ce.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new ce.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,s=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(i)).find(c=>c.providerId==="credential")?(await e.context.internalAdapter.updatePassword(i,s),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0}))});var R=require("zod");var v=require("better-call");var g=require("zod"),Gn=g.z.object({id:g.z.string(),providerId:g.z.string(),accountId:g.z.string(),userId:g.z.string(),accessToken:g.z.string().nullish(),refreshToken:g.z.string().nullish(),idToken:g.z.string().nullish(),expiresAt:g.z.date().nullish(),password:g.z.string().nullish()}),Qn=g.z.object({id:g.z.string(),email:g.z.string().transform(e=>e.toLowerCase()),emailVerified:g.z.boolean().default(!1),name:g.z.string(),image:g.z.string().nullish(),createdAt:g.z.date().default(new Date),updatedAt:g.z.date().default(new Date)}),Zn=g.z.object({id:g.z.string(),userId:g.z.string(),expiresAt:g.z.date(),ipAddress:g.z.string().nullish(),userAgent:g.z.string().nullish()}),Jn=g.z.object({id:g.z.string(),value:g.z.string(),createdAt:g.z.date(),expiresAt:g.z.date(),identifier:g.z.string()});function or(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function nr(e,t){let r=t.action||"create",o=t.fields,n={};for(let i in o){if(i in e){if(o[i].input===!1){if(o[i].defaultValue){n[i]=o[i].defaultValue;continue}continue}n[i]=e[i];continue}if(o[i].defaultValue&&r==="create"){n[i]=o[i].defaultValue;continue}}return n}function le(e,t,r){let o=or(e,"user");return nr(t||{},{fields:o,action:r})}var Oe=()=>p("/update-user",{method:"POST",body:R.z.record(R.z.string(),R.z.any()),use:[_]},async e=>{let t=e.body;if(t.email)throw new v.APIError("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...n}=t,i=e.context.session;if(!o&&!r&&Object.keys(n).length===0)return e.json({user:i.user});let s=le(e.context.options,n,"update"),a=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:r,image:o,...s});return await x(e,{session:i.session,user:a}),e.json({user:a})}),Ie=p("/change-password",{method:"POST",body:R.z.object({newPassword:R.z.string(),currentPassword:R.z.string(),revokeOtherSessions:R.z.boolean().optional()}),use:[_]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let d=(await e.context.internalAdapter.findAccounts(n.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!d||!d.password)throw new v.APIError("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(d.password,r))throw new v.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(d.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let f=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!f)throw new v.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await x(e,{session:f,user:n.user})}return e.json(n.user)}),Ce=p("/set-password",{method:"POST",body:R.z.object({newPassword:R.z.string()}),metadata:{SERVER_ONLY:!0},use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(d=>d.providerId==="credential"&&d.password),a=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:a}),e.json(r.user);throw new v.APIError("BAD_REQUEST",{message:"user already has a password"})}),Be=p("/delete-user",{method:"POST",body:R.z.object({password:R.z.string()}),use:[_]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!n||!n.password)throw new v.APIError("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new v.APIError("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),D(e),e.json(null)}),De=p("/change-email",{method:"POST",query:R.z.object({currentURL:R.z.string().optional()}).optional(),body:R.z.object({newEmail:R.z.string().email(),callbackURL:R.z.string().optional()}),use:[_]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new v.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new v.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new v.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:n,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new v.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await C(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var ir=(e="Unknown")=>`<!DOCTYPE html>
1
+ "use strict";var ue=Object.defineProperty;var $t=Object.getOwnPropertyDescriptor;var Nt=Object.getOwnPropertyNames;var qt=Object.prototype.hasOwnProperty;var Ft=(e,t)=>{for(var r in t)ue(e,r,{get:t[r],enumerable:!0})},Ht=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of Nt(t))!qt.call(e,i)&&i!==r&&ue(e,i,{get:()=>t[i],enumerable:!(o=$t(t,i))||o.enumerable});return e};var Mt=e=>Ht(ue({},"__esModule",{value:!0}),e);var mr={};Ft(mr,{APIError:()=>jt.APIError,callbackOAuth:()=>_e,changeEmail:()=>De,changePassword:()=>Ie,createAuthEndpoint:()=>p,createAuthMiddleware:()=>J,createEmailVerificationToken:()=>C,deleteUser:()=>Be,error:()=>Ve,forgetPassword:()=>Pe,forgetPasswordCallback:()=>Le,getEndpoints:()=>zt,getSession:()=>ie,getSessionFromCtx:()=>K,linkSocialAccount:()=>qe,listSessions:()=>ye,listUserAccounts:()=>Ne,ok:()=>ze,optionsMiddleware:()=>pe,originCheckMiddleware:()=>me,resetPassword:()=>Se,revokeOtherSessions:()=>Re,revokeSession:()=>Ae,revokeSessions:()=>ke,router:()=>pr,sendVerificationEmail:()=>Ue,sessionMiddleware:()=>_,setPassword:()=>Ce,signInEmail:()=>xe,signInSocial:()=>Ee,signOut:()=>Te,signUpEmail:()=>je,updateUser:()=>Oe,verifyEmail:()=>ve});module.exports=Mt(mr);var j=require("better-call");var Fe=require("better-call");var $=require("better-call"),pe=(0,$.createMiddleware)(async()=>({})),J=(0,$.createMiddlewareCreator)({use:[pe,(0,$.createMiddleware)(async()=>({}))]}),p=(0,$.createEndpointCreator)({use:[pe]});var me=J(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,i=e.headers?.get("origin")||e.headers?.get("referer")||"",n=t?.callbackURL||r?.callbackURL,s=t?.redirectTo,d=r?.currentURL,a=o.trustedOrigins,c=e.headers?.has("cookie"),l=(m,u)=>u.includes("*")?new RegExp("^"+u.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(m):m.startsWith(u),f=(m,u)=>{if(!m)return;if(!a.some(k=>l(m,k)||m?.startsWith("/")&&u!=="origin"&&!m.includes(":")))throw e.context.logger.error(`Invalid ${u}: ${m}`),e.context.logger.info(`If it's a valid URL, please add ${m} to trustedOrigins in your auth config
2
+ `,`Current list of trustedOrigins: ${a}`),new Fe.APIError("FORBIDDEN",{message:`Invalid ${u}`})};c&&!e.context.options.advanced?.disableCSRFCheck&&f(i,"origin"),n&&f(n,"callbackURL"),s&&f(s,"redirectURL"),d&&f(d,"currentURL")});var U=require("better-call"),b=require("zod");var Jt=require("oslo"),Qe=require("oslo/encoding");var X=require("oslo/crypto");async function Gt({value:e,secret:t}){return new X.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function Qt({value:e,signature:t,secret:r}){return new X.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var ee={sign:Gt,verify:Qt};var N=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}};var I=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var te=Object.create(null),W=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?te:globalThis),He=new Proxy(te,{get(e,t){return W()[t]??te[t]},has(e,t){let r=W();return t in r||t in te},set(e,t,r){let o=W(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=W(!0);return delete r[t],!0},ownKeys(){let e=W(!0);return Object.keys(e)}});function Zt(e){return e?e!=="false":!1}var fe=typeof process<"u"&&process.env&&process.env.NODE_ENV||"";var Me=fe==="dev"||fe==="development",Ge=fe==="test"||Zt(He.TEST);async function x(e,t,r,o){let i=e.context.authCookies.sessionToken.options,n=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...i,maxAge:n,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(Qe.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:I(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await ee.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function D(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}var tt=require("@better-fetch/fetch"),rt=require("better-call"),H=require("jose"),ot=require("oslo/jwt");var Ze=require("oslo/crypto"),Je=require("oslo/encoding");async function We(e){let t=await(0,Ze.sha256)(new TextEncoder().encode(e));return Je.base64url.encode(new Uint8Array(t),{includePadding:!1})}function Ke(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?I(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function A({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:i,scopes:n,claims:s,redirectURI:d}){let a=new URL(r);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",t.clientId),a.searchParams.set("state",o),a.searchParams.set("scope",n.join(" ")),a.searchParams.set("redirect_uri",t.redirectURI||d),i){let c=await We(i);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}if(s){let c=s.reduce((l,f)=>(l[f]=null,l),{});a.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...c}}))}return a}var Ye=require("@better-fetch/fetch");async function h({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:i,authentication:n}){let s=new URLSearchParams,d={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(s.set("grant_type","authorization_code"),s.set("code",e),t&&s.set("code_verifier",t),s.set("redirect_uri",r),n==="basic"){let f=btoa(`${o.clientId}:${o.clientSecret}`);d.authorization=`Basic ${f}`}else s.set("client_id",o.clientId),s.set("client_secret",o.clientSecret);let{data:a,error:c}=await(0,Ye.betterFetch)(i,{method:"POST",body:s,headers:d});if(c)throw c;return Ke(a)}var re=require("oslo/oauth2"),V=require("zod"),ge=require("better-call");function Xe(e){try{return new URL(e).origin}catch{return null}}async function oe(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?Xe(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new ge.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,re.generateCodeVerifier)(),i=(0,re.generateState)(),n=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),s=new Date;s.setMinutes(s.getMinutes()+10);let d=await e.context.internalAdapter.createVerificationValue({value:n,identifier:i,expiresAt:s});if(!d)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new ge.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:d.identifier,codeVerifier:o}}async function et(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=V.z.object({callbackURL:V.z.string(),codeVerifier:V.z.string(),errorURL:V.z.string().optional(),expiresAt:V.z.number(),link:V.z.object({email:V.z.string(),userId:V.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var nt=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:i}){let n=o||["email","name"];return e.scope&&n.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${i||e.redirectURI}&scope=${n.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>h({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let i=(0,H.decodeProtectedHeader)(r),{kid:n,alg:s}=i;if(!n||!s)return!1;let d=await Wt(n),{payload:a}=await(0,H.jwtVerify)(r,d,{algorithms:[s],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(c=>{a[c]!==void 0&&(a[c]=!!a[c])}),o&&a.nonce!==o?!1:!!a},async getUserInfo(r){if(!r.idToken)return null;let o=(0,ot.parseJWT)(r.idToken)?.payload;if(!o)return null;let i=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email;return{user:{id:o.sub,name:i,emailVerified:!1,email:o.email},data:o}}}},Wt=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await(0,tt.betterFetch)(`${t}${r}`);if(!o?.keys)throw new rt.APIError("BAD_REQUEST",{message:"Keys not found"});let i=o.keys.find(n=>n.kid===e);if(!i)throw new Error(`JWK with kid ${e} not found`);return await(0,H.importJWK)(i,i.alg)};var it=require("@better-fetch/fetch");var st=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["identify","email"];return e.scope&&i.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${i.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>h({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,it.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let i=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${i}.png`}else{let i=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${i}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var at=require("@better-fetch/fetch");var dt=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["email","public_profile"];return e.scope&&i.push(...e.scope),await A({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:i,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>h({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,at.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var he=require("@better-fetch/fetch");var ct=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:i,redirectURI:n}){let s=o||["user:email"];return e.scope&&s.push(...e.scope),A({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:s,state:r,redirectURI:n})},validateAuthorizationCode:async({code:r,redirectURI:o})=>h({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,he.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(i)return null;let n=!1;if(!o.email){let{data:s,error:d}=await(0,he.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});d||(o.email=(s.find(a=>a.primary)??s[0])?.email,n=s.find(a=>a.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:n},data:o}}}};var ut=require("oslo/jwt");var lt=require("consola"),we=["info","success","warn","error","debug"];function Kt(e,t){return we.indexOf(t)<=we.indexOf(e)}var Yt=(0,lt.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),Xt=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(i,n,s=[])=>{if(!(!t||!Kt(r,i))){if(!e||typeof e.log!="function"){Yt[i]("",n,...s);return}e.log(i==="success"?"info":i,n,s)}};return Object.fromEntries(we.map(i=>[i,(...[n,...s])=>o(i,n,s)]))},L=Xt();var pt=require("@better-fetch/fetch"),mt=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){if(!e.clientId||!e.clientSecret)throw L.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new N("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new N("codeVerifier is required for Google");let n=r||["email","profile","openid"];e.scope&&n.push(...e.scope);let s=await A({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:n,state:t,codeVerifier:o,redirectURI:i});return e.accessType&&s.searchParams.set("access_type",e.accessType),e.prompt&&s.searchParams.set("prompt",e.prompt),s},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>h({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:i}=await(0,pt.betterFetch)(o);return i?i.aud===e.clientId&&i.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(!t.idToken)return null;let r=(0,ut.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var ft=require("@better-fetch/fetch"),gt=require("oslo/jwt");var ht=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(i){let n=i.scopes||["openid","profile","email","User.Read"];return e.scope&&n.push(...e.scope),A({id:"microsoft",options:e,authorizationEndpoint:r,state:i.state,codeVerifier:i.codeVerifier,scopes:n,redirectURI:i.redirectURI})},validateAuthorizationCode({code:i,codeVerifier:n,redirectURI:s}){return h({code:i,codeVerifier:n,redirectURI:e.redirectURI||s,options:e,tokenEndpoint:o})},async getUserInfo(i){if(!i.idToken)return null;let n=(0,gt.parseJWT)(i.idToken)?.payload,s=e.profilePhotoSize||48;return await(0,ft.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${s}x${s}/$value`,{headers:{Authorization:`Bearer ${i.accessToken}`},async onResponse(d){if(!(e.disableProfilePhoto||!d.response.ok))try{let c=await d.response.clone().arrayBuffer(),l=Buffer.from(c).toString("base64");n.picture=`data:image/jpeg;base64, ${l}`}catch(a){L.error(a&&typeof a=="object"&&"name"in a?a.name:"",a)}}}),{user:{id:n.sub,name:n.name,email:n.email,image:n.picture,emailVerified:!0},data:n}}}};var wt=require("@better-fetch/fetch");var bt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:i}){let n=r||["user-read-email"];return e.scope&&n.push(...e.scope),A({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:n,state:t,codeVerifier:o,redirectURI:i})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>h({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,wt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});var M={isAction:!1};var yt=require("nanoid"),At=e=>(0,yt.nanoid)(e);var kt=require("oslo/jwt");var Rt=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let i=r||["user:read:email","openid"];return e.scope&&i.push(...e.scope),A({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:i,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>h({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return L.error("No idToken found in token"),null;let o=(0,kt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var Ut=require("@better-fetch/fetch");var vt=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),A({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>h({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,Ut.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Et=require("@better-fetch/fetch");var xt=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:i,redirectURI:n})=>{let s=o||["account_info.read"];return e.scope&&s.push(...e.scope),await A({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:s,state:r,redirectURI:n,codeVerifier:i})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:i})=>await h({code:r,codeVerifier:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:i}=await(0,Et.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return i?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var _t=require("@better-fetch/fetch");var Tt=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:i,redirectURI:n})=>{let s=i||["profile","email","openid"];return e.scope&&s.push(...e.scope),await A({id:"linkedin",options:e,authorizationEndpoint:t,scopes:s,state:o,redirectURI:n})},validateAuthorizationCode:async({code:o,redirectURI:i})=>await h({code:o,redirectURI:e.redirectURI||i,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:i,error:n}=await(0,_t.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return n?null:{user:{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified||!1,image:i.picture},data:i}}}};var Pt=require("@better-fetch/fetch");var be=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),er=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:be(`${t}/oauth/authorize`),tokenEndpoint:be(`${t}/oauth/token`),userinfoEndpoint:be(`${t}/api/v4/user`)}},Lt=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=er(e.issuer),i="gitlab";return{id:i,name:"Gitlab",createAuthorizationURL:async({state:s,scopes:d,codeVerifier:a,redirectURI:c})=>{let l=d||["read_user"];return e.scope&&l.push(...e.scope),await A({id:i,options:e,authorizationEndpoint:t,scopes:l,state:s,redirectURI:c,codeVerifier:a})},validateAuthorizationCode:async({code:s,redirectURI:d,codeVerifier:a})=>h({code:s,redirectURI:e.redirectURI||d,options:e,codeVerifier:a,tokenEndpoint:r}),async getUserInfo(s){let{data:d,error:a}=await(0,Pt.betterFetch)(o,{headers:{authorization:`Bearer ${s.accessToken}`}});return a||d.state!=="active"||d.locked?null:{user:{id:d.id.toString(),name:d.name??d.username,email:d.email,image:d.avatar_url,emailVerified:!0},data:d}}}};var tr={apple:nt,discord:st,facebook:dt,github:ct,microsoft:ht,google:mt,spotify:bt,twitch:Rt,twitter:vt,dropbox:xt,linkedin:Tt,gitlab:Lt},ne=Object.keys(tr);var Ot=require("oslo"),se=require("oslo/jwt"),O=require("zod");var Y=require("better-call");var z=require("better-call");var G=require("zod");function St(e){try{return JSON.parse(e)}catch{return null}}var ie=()=>p("/get-session",{method:"GET",query:G.z.optional(G.z.object({disableCookieCache:G.z.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?St(Buffer.from(r,"base64").toString()):null;if(o&&!await ee.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return D(e),e.json(null);let i=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let l=o.session;if(o.expiresAt<Date.now()||l.session.expiresAt<new Date){let m=e.context.authCookies.sessionData.name;e.setCookie(m,"",{maxAge:0})}else return e.json(l)}let n=await e.context.internalAdapter.findSession(t);if(!n||n.session.expiresAt<new Date)return D(e),n&&await e.context.internalAdapter.deleteSession(n.session.id),e.json(null);if(i)return e.json(n);let s=e.context.sessionConfig.expiresIn,d=e.context.sessionConfig.updateAge;if(n.session.expiresAt.valueOf()-s*1e3+d*1e3<=Date.now()){let l=await e.context.internalAdapter.updateSession(n.session.id,{expiresAt:I(e.context.sessionConfig.expiresIn,"sec")});if(!l)return D(e),e.json(null,{status:401});let f=(l.expiresAt.valueOf()-Date.now())/1e3;return await x(e,{session:l,user:n.user},!1,{maxAge:f}),e.json({session:l,user:n.user})}return e.json(n)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new z.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),K=async e=>{if(e.context.session)return e.context.session;let t=await ie()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},_=J(async e=>{let t=await K(e);if(!t?.session)throw new z.APIError("UNAUTHORIZED");return{session:t}}),ye=()=>p("/list-sessions",{method:"GET",use:[_],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Ae=p("/revoke-session",{method:"POST",body:G.z.object({id:G.z.string()}),use:[_],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new z.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new z.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),ke=p("/revoke-sessions",{method:"POST",use:[_],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Re=p("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[_]},async e=>{let t=e.context.session;if(!t.user)throw new z.APIError("UNAUTHORIZED");let i=(await e.context.internalAdapter.listSessions(t.user.id)).filter(n=>n.expiresAt>new Date).filter(n=>n.id!==e.context.session.session.id);return await Promise.all(i.map(n=>e.context.internalAdapter.deleteSession(n.id))),e.json({status:!0})});async function C(e,t,r){return await(0,se.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new Ot.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Ue=p("/send-verification-email",{method:"POST",query:O.z.object({currentURL:O.z.string().optional()}).optional(),body:O.z.object({email:O.z.string().email(),callbackURL:O.z.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new Y.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new Y.APIError("BAD_REQUEST",{message:"User not found"});let o=await C(e.context.secret,t),i=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:i,token:o},e.request),e.json({status:!0})}),ve=p("/verify-email",{method:"GET",query:O.z.object({token:O.z.string(),callbackURL:O.z.string().optional()})},async e=>{function t(d){throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=${d}`):new Y.APIError("UNAUTHORIZED",{message:d})}let{token:r}=e.query,o;try{o=await(0,se.validateJWT)("HS256",Buffer.from(e.context.secret),r)}catch(d){return e.context.logger.error("Failed to verify email",d),t("invalid_token")}let n=O.z.object({email:O.z.string().email(),updateTo:O.z.string().optional()}).parse(o.payload),s=await e.context.internalAdapter.findUserByEmail(n.email);if(!s)return t("user_not_found");if(n.updateTo){let d=await K(e);if(!d){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(d.user.email!==n.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let a=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:a,url:`${e.context.baseURL}/verify-email?token=${r}`,token:r},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:a,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await K(e)){let a=await e.context.internalAdapter.createSession(s.user.id,e.request);if(!a)throw new Y.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await x(e,{session:a,user:s.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function ae(e,{userInfo:t,account:r,callbackURL:o}){let i=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(d=>{throw L.error(`Better auth was unable to query your database.
3
+ Error: `,d),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),n=i?.user;if(i){let d=i.accounts.find(a=>a.providerId===r.providerId);if(d)await e.context.internalAdapter.updateAccount(d.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return Me&&L.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),id:e.context.uuid(),userId:i.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt})}catch(l){return L.error("Unable to link account",l),{error:"unable to link account",data:null}}}}else try{let d=t.emailVerified||!1;if(n=await e.context.internalAdapter.createOAuthUser({...t,id:e.context.uuid(),emailVerified:d,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,providerId:r.providerId,accountId:t.id.toString()}).then(a=>a?.user),!d&&n&&e.context.options.emailVerification?.sendOnSignUp){let a=await C(e.context.secret,n.email),c=`${e.context.baseURL}/verify-email?token=${a}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:n,url:c,token:a},e.request)}}catch(d){return L.error("Unable to create user",d),{error:"unable to create user",data:null}}if(!n)return{error:"unable to create user",data:null};let s=await e.context.internalAdapter.createSession(n.id,e.request);return s?{data:{session:s,user:n},error:null}:{error:"unable to create session",data:null}}var Ee=p("/sign-in/social",{method:"POST",query:b.z.object({currentURL:b.z.string().optional()}).optional(),body:b.z.object({callbackURL:b.z.string().optional(),errorCallbackURL:b.z.string().optional(),provider:b.z.enum(ne),disableRedirect:b.z.boolean().optional(),idToken:b.z.optional(b.z.object({token:b.z.string(),nonce:b.z.string().optional(),accessToken:b.z.string().optional(),refreshToken:b.z.string().optional(),expiresAt:b.z.number().optional()}))})},async e=>{let t=e.context.socialProviders.find(n=>n.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new U.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new U.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:n,nonce:s}=e.body.idToken;if(!await t.verifyIdToken(n,s))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new U.APIError("UNAUTHORIZED",{message:"Invalid id token"});let a=await t.getUserInfo({idToken:n,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!a||!a?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new U.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!a.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new U.APIError("UNAUTHORIZED",{message:"User email not found"});let c=await ae(e,{userInfo:{email:a.user.email,id:a.user.id,name:a.user.name||"",image:a.user.image,emailVerified:a.user.emailVerified||!1},account:{providerId:t.id,accountId:a.user.id,accessToken:e.body.idToken.accessToken}});if(c.error)throw new U.APIError("UNAUTHORIZED",{message:c.error});return await x(e,c.data),e.json({session:c.data.session,user:c.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await oe(e),i=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:i.toString(),redirect:!e.body.disableRedirect})}),xe=p("/sign-in/email",{method:"POST",body:b.z.object({email:b.z.string(),password:b.z.string(),callbackURL:b.z.string().optional(),rememberMe:b.z.boolean().default(!0).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new U.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!b.z.string().email().safeParse(t).success)throw new U.APIError("BAD_REQUEST",{message:"Invalid email"});let i=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!i)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new U.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let n=i.accounts.find(c=>c.providerId==="credential");if(!n)throw e.context.logger.error("Credential account not found",{email:t}),new U.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let s=n?.password;if(!s)throw e.context.logger.error("Password not found",{email:t}),new U.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(s,r))throw e.context.logger.error("Invalid password"),new U.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!i.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Email verification is required but no email verification handler is provided"),new U.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let c=await C(e.context.secret,i.user.email),l=`${e.context.baseURL}/verify-email?token=${c}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:i.user,url:l,token:c},e.request),e.context.logger.error("Email not verified",{email:t}),new U.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let a=await e.context.internalAdapter.createSession(i.user.id,e.headers,e.body.rememberMe===!1);if(!a)throw e.context.logger.error("Failed to create session"),new U.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await x(e,{session:a,user:i.user},e.body.rememberMe===!1),e.json({user:i.user,session:a,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var Q=require("zod");var de=Q.z.object({code:Q.z.string().optional(),error:Q.z.string().optional(),errorMessage:Q.z.string().optional(),state:Q.z.string().optional()}),_e=p("/callback/:id",{method:["GET","POST"],body:de.optional(),query:de.optional(),metadata:M},async e=>{let t;try{if(e.method==="GET")t=de.parse(e.query);else if(e.method==="POST")t=de.parse(e.body);else throw new Error("Unsupported method")}catch(P){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",P),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:i}=t;if(!i)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}`);let n=e.context.socialProviders.find(P=>P.id===e.params.id);if(!n)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:s,callbackURL:d,link:a,errorURL:c}=await et(e),l;try{l=await n.validateAuthorizationCode({code:r,codeVerifier:s,redirectURI:`${e.context.baseURL}/callback/${n.id}`})}catch(P){throw e.context.logger.error("",P),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let f=await n.getUserInfo(l).then(P=>P?.user),u={id:At(),...f};function y(P){let E=c||d||`${e.context.baseURL}/error`;throw E.includes("?")?E=`${E}&error=${P}`:E=`${E}?error=${P}`,e.redirect(E)}if(!f)return e.context.logger.error("Unable to get user info"),y("unable_to_get_user_info");if(!u.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),y("email_not_found");if(!d)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(a){if(a.email!==u.email.toLowerCase())return y("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:a.userId,providerId:n.id,accountId:f.id}))return y("unable_to_link_account");let E;try{E=new URL(d).toString()}catch{E=d}throw e.redirect(E)}let k=await ae(e,{userInfo:{email:u.email,id:u.id,name:u.name||"",image:u.image,emailVerified:u.emailVerified||!1},account:{providerId:n.id,accountId:f.id,accessToken:l.accessToken,refreshToken:l.refreshToken,expiresAt:l.accessTokenExpiresAt},callbackURL:d});if(k.error)return e.context.logger.error(k.error.split(" ").join("_")),y(k.error.split(" ").join("_"));let{session:T,user:w}=k.data;await x(e,{session:T,user:w});let F;try{F=new URL(d).toString()}catch{F=d}throw e.redirect(F)});var zn=require("zod");var It=require("better-call"),Te=p("/sign-out",{method:"POST",requireHeaders:!0},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw D(e),new It.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),D(e),e.json({success:!0})});var S=require("zod");var ce=require("better-call");function Ct(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}function rr(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([i,n])=>o.searchParams.set(i,n)),o.href}var Pe=p("/forget-password",{method:"POST",body:S.z.object({email:S.z.string().email(),redirectTo:S.z.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new ce.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let i=60*60*1,n=I(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||i,"sec"),s=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${s}`,expiresAt:n});let d=`${e.context.baseURL}/reset-password/${s}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:d,token:s},e.request),e.json({status:!0})}),Le=p("/reset-password/:token",{method:"GET",query:S.z.object({callbackURL:S.z.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Ct(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Ct(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(rr(e.context,r,{token:t}))}),Se=p("/reset-password",{query:S.z.optional(S.z.object({token:S.z.string().optional(),currentURL:S.z.string().optional()})),method:"POST",body:S.z.object({newPassword:S.z.string(),token:S.z.string().optional()})},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new ce.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,i=await e.context.internalAdapter.findVerificationValue(o);if(!i||i.expiresAt<new Date)throw new ce.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(i.id);let n=i.value,s=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(n)).find(c=>c.providerId==="credential")?(await e.context.internalAdapter.updatePassword(n,s),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:n,providerId:"credential",password:s,accountId:e.context.uuid()}),e.json({status:!0}))});var R=require("zod");var v=require("better-call");var g=require("zod"),Gn=g.z.object({id:g.z.string(),providerId:g.z.string(),accountId:g.z.string(),userId:g.z.string(),accessToken:g.z.string().nullish(),refreshToken:g.z.string().nullish(),idToken:g.z.string().nullish(),expiresAt:g.z.date().nullish(),password:g.z.string().nullish()}),Qn=g.z.object({id:g.z.string(),email:g.z.string().transform(e=>e.toLowerCase()),emailVerified:g.z.boolean().default(!1),name:g.z.string(),image:g.z.string().nullish(),createdAt:g.z.date().default(new Date),updatedAt:g.z.date().default(new Date)}),Zn=g.z.object({id:g.z.string(),userId:g.z.string(),expiresAt:g.z.date(),ipAddress:g.z.string().nullish(),userAgent:g.z.string().nullish()}),Jn=g.z.object({id:g.z.string(),value:g.z.string(),createdAt:g.z.date(),expiresAt:g.z.date(),identifier:g.z.string()});function or(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function nr(e,t){let r=t.action||"create",o=t.fields,i={};for(let n in o){if(n in e){if(o[n].input===!1){if(o[n].defaultValue){i[n]=o[n].defaultValue;continue}continue}i[n]=e[n];continue}if(o[n].defaultValue&&r==="create"){i[n]=o[n].defaultValue;continue}}return i}function le(e,t,r){let o=or(e,"user");return nr(t||{},{fields:o,action:r})}var Oe=()=>p("/update-user",{method:"POST",body:R.z.record(R.z.string(),R.z.any()),use:[_]},async e=>{let t=e.body;if(t.email)throw new v.APIError("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...i}=t,n=e.context.session;if(!o&&!r&&Object.keys(i).length===0)return e.json({user:n.user});let s=le(e.context.options,i,"update"),d=await e.context.internalAdapter.updateUserByEmail(n.user.email,{name:r,image:o,...s});return await x(e,{session:n.session,user:d}),e.json({user:d})}),Ie=p("/change-password",{method:"POST",body:R.z.object({newPassword:R.z.string(),currentPassword:R.z.string(),revokeOtherSessions:R.z.boolean().optional()}),use:[_]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,i=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let s=e.context.password.config.maxPasswordLength;if(t.length>s)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(i.user.id)).find(f=>f.providerId==="credential"&&f.password);if(!a||!a.password)throw new v.APIError("BAD_REQUEST",{message:"User does not have a password"});let c=await e.context.password.hash(t);if(!await e.context.password.verify(a.password,r))throw new v.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(a.id,{password:c}),o){await e.context.internalAdapter.deleteSessions(i.user.id);let f=await e.context.internalAdapter.createSession(i.user.id,e.headers);if(!f)throw new v.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await x(e,{session:f,user:i.user})}return e.json(i.user)}),Ce=p("/set-password",{method:"POST",body:R.z.object({newPassword:R.z.string()}),metadata:{SERVER_ONLY:!0},use:[_]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new v.APIError("BAD_REQUEST",{message:"Password is too short"});let i=e.context.password.config.maxPasswordLength;if(t.length>i)throw e.context.logger.error("Password is too long"),new v.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(r.user.id)).find(a=>a.providerId==="credential"&&a.password),d=await e.context.password.hash(t);if(!s)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:d}),e.json(r.user);throw new v.APIError("BAD_REQUEST",{message:"user already has a password"})}),Be=p("/delete-user",{method:"POST",body:R.z.object({password:R.z.string()}),use:[_]},async e=>{let{password:t}=e.body,r=e.context.session,i=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password);if(!i||!i.password)throw new v.APIError("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(i.password,t))throw new v.APIError("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),D(e),e.json(null)}),De=p("/change-email",{method:"POST",query:R.z.object({currentURL:R.z.string().optional()}).optional(),body:R.z.object({newEmail:R.z.string().email(),callbackURL:R.z.string().optional()}),use:[_]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new v.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new v.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new v.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let i=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:i,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new v.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await C(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var ir=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
5
5
  <head>
6
6
  <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,a),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
80
80
  <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
81
81
  </div>
82
82
  </body>
83
- </html>`,Ve=p("/error",{method:"GET",metadata:G},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(ir(t),{headers:{"Content-Type":"text/html"}})});var ze=p("/ok",{method:"GET",metadata:G},async e=>e.json({ok:!0}));var H=require("zod");var B=require("better-call");var je=()=>p("/sign-up/email",{method:"POST",query:H.z.object({currentURL:H.z.string().optional()}).optional(),body:H.z.record(H.z.string(),H.z.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new B.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:n,image:i,callbackURL:s,...a}=t;if(!H.z.string().email().safeParse(o).success)throw new B.APIError("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(n.length<c)throw e.context.logger.error("Password is too short"),new B.APIError("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(n.length>l)throw e.context.logger.error("Password is too long"),new B.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new B.APIError("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let m=le(e.context.options,a),u;try{if(u=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:i,...m,emailVerified:!1}),!u)throw new B.APIError("BAD_REQUEST",{message:"Failed to create user"})}catch(T){throw e.context.logger.error("Failed to create user",T),new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:T})}if(!u)throw new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let y=await e.context.password.hash(n);if(await e.context.internalAdapter.linkAccount({userId:u.id,providerId:"credential",accountId:u.id,password:y,expiresAt:I(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let T=await C(e.context.secret,u.email),w=`${e.context.baseURL}/verify-email?token=${T}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:u,url:w,token:T},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:u,session:null});let k=await e.context.internalAdapter.createSession(u.id,e.request);if(!k)throw new B.APIError("BAD_REQUEST",{message:"Failed to create session"});return await x(e,{session:k,user:u}),e.json({user:u,session:k})});var J=require("zod");var $e=require("better-call");var Ne=p("/list-accounts",{method:"GET",use:[_]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(o=>({id:o.id,provider:o.providerId})))}),qe=p("/link-social",{method:"POST",requireHeaders:!0,query:J.z.object({currentURL:J.z.string().optional()}).optional(),body:J.z.object({callbackURL:J.z.string().optional(),provider:J.z.enum(ne)}),use:[_]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(a=>a.providerId===e.body.provider))throw new $e.APIError("BAD_REQUEST",{message:"Social Account is already linked."});let n=e.context.socialProviders.find(a=>a.id===e.body.provider);if(!n)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new $e.APIError("NOT_FOUND",{message:"Provider not found"});let i=await oe(e,{userId:t.user.id,email:t.user.email}),s=await n.createAuthorizationURL({state:i.state,codeVerifier:i.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${n.id}`});return e.json({url:s.toString(),redirect:!0})});function Bt(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(Ge)return r;let n=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],i=e instanceof Request?e.headers:e;for(let s of n){let a=i.get(s);if(typeof a=="string"){let d=a.split(",")[0].trim();if(d)return d}}return null}function sr(e,t,r){let o=Date.now(),n=t*1e3;return o-r.lastRequest<n&&r.count>=e}function ar(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function dr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function cr(e,t){let r="rateLimit",o=e.adapter;return{get:async n=>await o.findOne({model:r,where:[{field:"key",value:n}]}),set:async(n,i,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:n}],update:{count:i.count,lastRequest:i.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:n,count:i.count,lastRequest:i.lastRequest}})}catch(a){e.logger.error("Error setting rate limit",a)}}}}var Dt=new Map;function lr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Dt.get(r)},async set(r,o,n){Dt.set(r,o)}}:cr(e,e.rateLimit.modelName)}async function Vt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),n=t.rateLimit.window,i=t.rateLimit.max,s=Bt(e,t.options)+o,d=ur().find(m=>m.pathMatcher(o));d&&(n=d.window,i=d.max);for(let m of t.options.plugins||[])if(m.rateLimit){let u=m.rateLimit.find(y=>y.pathMatcher(o));if(u){n=u.window,i=u.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(n=m.window,i=m.max)}let c=lr(t),l=await c.get(s),f=Date.now();if(!l)await c.set(s,{key:s,count:1,lastRequest:f});else{let m=f-l.lastRequest;if(sr(i,n,l)){let u=dr(l.lastRequest,n);return ar(u)}else m>n*1e3?await c.set(s,{...l,count:1,lastRequest:f}):await c.set(s,{...l,count:l.count+1,lastRequest:f})}}function ur(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}var jt=require("better-call");function zt(e,t){let r=t.plugins?.reduce((a,d)=>({...a,...d.endpoints}),{}),o=t.plugins?.map(a=>a.middlewares?.map(d=>{let c=async l=>d.middleware({...l,context:{...e,...l.context}});return c.path=d.path,c.options=d.middleware.options,c.headers=d.middleware.headers,{path:d.path,middleware:c}})).filter(a=>a!==void 0).flat()||[],i={...{signInSocial:Ee,callbackOAuth:_e,getSession:ie(),signOut:Te,signUpEmail:je(),signInEmail:xe,forgetPassword:Pe,resetPassword:Le,verifyEmail:ve,sendVerificationEmail:Ue,changeEmail:De,changePassword:Ie,setPassword:Ce,updateUser:Oe(),deleteUser:Be,forgetPasswordCallback:Se,listSessions:ye(),revokeSession:Ae,revokeSessions:ke,revokeOtherSessions:Re,linkSocialAccount:qe,listUserAccounts:Ne},...r,ok:ze,error:Ve},s={};for(let[a,d]of Object.entries(i))s[a]=async(c={})=>{let l=await e;l.session=null;for(let u of t.plugins||[])if(u.hooks?.before)for(let y of u.hooks.before){let k={...d,...c,context:{...l,...c?.context}};if(y.matcher(k)){let w=await y.handler(k);w&&"context"in w&&(c={...w,...c})}}let f;try{f=await d({...c,context:{...l,...c.context}})}catch(u){if(u instanceof $.APIError){let y=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!y?.length)throw u;let k=new Response(JSON.stringify(u.body),{status:$.statusCode[u.status],headers:u.headers}),T;for(let w of y||[]){let F={...d,...c,context:{...l,...c.context,endpoint:d,returned:k}};if(w.matcher(F)){let E=await w.handler(F);E&&"response"in E&&(T=E.response)}}if(T instanceof Response)return T;throw u}throw u}let m=f;for(let u of t.plugins||[])if(u.hooks?.after)for(let y of u.hooks.after){let k={...d,...c,context:{...l,...c.context,endpoint:d,returned:m}};if(y.matcher(k)){let w=await y.handler(k);w&&("response"in w&&(m=w.response),"responseHeader"in w&&(m instanceof Response?m=new Response(m.body,{status:m.status,headers:{...m.headers,...w.responseHeader}}):s[a].headers=w.responseHeader))}}return m},s[a].path=d.path,s[a].method=d.method,s[a].options=d.options,s[a].headers=d.headers;return{api:s,middlewares:o}}var pr=(e,t)=>{let{api:r,middlewares:o}=zt(e,t),n=new URL(e.baseURL).pathname;return(0,$.createRouter)(r,{extraContext:e,basePath:n,routerMiddleware:[{path:"/**",middleware:me},...o],async onRequest(i){for(let s of e.options.plugins||[])if(s.onRequest){let a=await s.onRequest(i,e);if(a&&"response"in a)return a.response}return Vt(i,e)},async onResponse(i){for(let s of e.options.plugins||[])if(s.onResponse){let a=await s.onResponse(i,e);if(a)return a.response}return i},onError(i){if(i instanceof $.APIError&&i.status==="FOUND")return;if(t.onAPIError?.throw)throw i;if(t.onAPIError?.onError){t.onAPIError.onError(i,e);return}let s=t.logger?.level,a=s==="error"||s==="warn"||s==="debug"?S:void 0;if(t.logger?.disabled!==!0){if(i&&typeof i=="object"&&"message"in i&&typeof i.message=="string"&&(i.message.includes("no column")||i.message.includes("column")||i.message.includes("relation")||i.message.includes("table")||i.message.includes("does not exist"))){e.logger?.error(i.message),e.logger?.error("If you are seeing this error, it is likely that you need to run the migrations for the database or you need to update your database schema. If you recently updated the package, make sure to run the migrations.");return}i instanceof $.APIError?(i.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(i.status,i),a?.error(i.message)):e.logger?.error(i&&typeof i=="object"&&"name"in i?i.name:"",i)}}})};0&&(module.exports={APIError,callbackOAuth,changeEmail,changePassword,createAuthEndpoint,createAuthMiddleware,createEmailVerificationToken,deleteUser,error,forgetPassword,forgetPasswordCallback,getEndpoints,getSession,getSessionFromCtx,linkSocialAccount,listSessions,listUserAccounts,ok,optionsMiddleware,originCheckMiddleware,resetPassword,revokeOtherSessions,revokeSession,revokeSessions,router,sendVerificationEmail,sessionMiddleware,setPassword,signInEmail,signInSocial,signOut,signUpEmail,updateUser,verifyEmail});
83
+ </html>`,Ve=p("/error",{method:"GET",metadata:M},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(ir(t),{headers:{"Content-Type":"text/html"}})});var ze=p("/ok",{method:"GET",metadata:M},async e=>e.json({ok:!0}));var q=require("zod");var B=require("better-call");var je=()=>p("/sign-up/email",{method:"POST",query:q.z.object({currentURL:q.z.string().optional()}).optional(),body:q.z.record(q.z.string(),q.z.any())},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new B.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:o,password:i,image:n,callbackURL:s,...d}=t;if(!q.z.string().email().safeParse(o).success)throw new B.APIError("BAD_REQUEST",{message:"Invalid email"});let c=e.context.password.config.minPasswordLength;if(i.length<c)throw e.context.logger.error("Password is too short"),new B.APIError("BAD_REQUEST",{message:"Password is too short"});let l=e.context.password.config.maxPasswordLength;if(i.length>l)throw e.context.logger.error("Password is too long"),new B.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(o))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${o}`),new B.APIError("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let m=le(e.context.options,d),u;try{if(u=await e.context.internalAdapter.createUser({email:o.toLowerCase(),name:r,image:n,...m,emailVerified:!1}),!u)throw new B.APIError("BAD_REQUEST",{message:"Failed to create user"})}catch(T){throw e.context.logger.error("Failed to create user",T),new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:T})}if(!u)throw new B.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let y=await e.context.password.hash(i);if(await e.context.internalAdapter.linkAccount({userId:u.id,providerId:"credential",accountId:u.id,password:y,expiresAt:I(60*60*24*30,"sec")}),e.context.options.emailVerification?.sendOnSignUp){let T=await C(e.context.secret,u.email),w=`${e.context.baseURL}/verify-email?token=${T}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:u,url:w,token:T},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:u,session:null});let k=await e.context.internalAdapter.createSession(u.id,e.request);if(!k)throw new B.APIError("BAD_REQUEST",{message:"Failed to create session"});return await x(e,{session:k,user:u}),e.json({user:u,session:k})});var Z=require("zod");var $e=require("better-call");var Ne=p("/list-accounts",{method:"GET",use:[_]},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(o=>({id:o.id,provider:o.providerId})))}),qe=p("/link-social",{method:"POST",requireHeaders:!0,query:Z.z.object({currentURL:Z.z.string().optional()}).optional(),body:Z.z.object({callbackURL:Z.z.string().optional(),provider:Z.z.enum(ne)}),use:[_]},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(d=>d.providerId===e.body.provider))throw new $e.APIError("BAD_REQUEST",{message:"Social Account is already linked."});let i=e.context.socialProviders.find(d=>d.id===e.body.provider);if(!i)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new $e.APIError("NOT_FOUND",{message:"Provider not found"});let n=await oe(e,{userId:t.user.id,email:t.user.email}),s=await i.createAuthorizationURL({state:n.state,codeVerifier:n.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${i.id}`});return e.json({url:s.toString(),redirect:!0})});function Bt(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(Ge)return r;let i=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],n=e instanceof Request?e.headers:e;for(let s of i){let d=n.get(s);if(typeof d=="string"){let a=d.split(",")[0].trim();if(a)return a}}return null}function sr(e,t,r){let o=Date.now(),i=t*1e3;return o-r.lastRequest<i&&r.count>=e}function ar(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function dr(e,t){let r=Date.now(),o=t*1e3;return Math.ceil((e+o-r)/1e3)}function cr(e,t){let r="rateLimit",o=e.adapter;return{get:async i=>await o.findOne({model:r,where:[{field:"key",value:i}]}),set:async(i,n,s)=>{try{s?await o.update({model:t??"rateLimit",where:[{field:"key",value:i}],update:{count:n.count,lastRequest:n.lastRequest}}):await o.create({model:t??"rateLimit",data:{key:i,count:n.count,lastRequest:n.lastRequest}})}catch(d){e.logger.error("Error setting rate limit",d)}}}}var Dt=new Map;function lr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let o=await e.options.secondaryStorage?.get(r);return o?JSON.parse(o):void 0},set:async(r,o)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(o))}}:e.rateLimit.storage==="memory"?{async get(r){return Dt.get(r)},async set(r,o,i){Dt.set(r,o)}}:cr(e,e.rateLimit.modelName)}async function Vt(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,o=e.url.replace(r,""),i=t.rateLimit.window,n=t.rateLimit.max,s=Bt(e,t.options)+o,a=ur().find(m=>m.pathMatcher(o));a&&(i=a.window,n=a.max);for(let m of t.options.plugins||[])if(m.rateLimit){let u=m.rateLimit.find(y=>y.pathMatcher(o));if(u){i=u.window,n=u.max;break}}if(t.rateLimit.customRules){let m=t.rateLimit.customRules[o];m&&(i=m.window,n=m.max)}let c=lr(t),l=await c.get(s),f=Date.now();if(!l)await c.set(s,{key:s,count:1,lastRequest:f});else{let m=f-l.lastRequest;if(sr(n,i,l)){let u=dr(l.lastRequest,i);return ar(u)}else m>i*1e3?await c.set(s,{...l,count:1,lastRequest:f}):await c.set(s,{...l,count:l.count+1,lastRequest:f})}}function ur(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}var jt=require("better-call");function zt(e,t){let r=t.plugins?.reduce((d,a)=>({...d,...a.endpoints}),{}),o=t.plugins?.map(d=>d.middlewares?.map(a=>{let c=async l=>a.middleware({...l,context:{...e,...l.context}});return c.path=a.path,c.options=a.middleware.options,c.headers=a.middleware.headers,{path:a.path,middleware:c}})).filter(d=>d!==void 0).flat()||[],n={...{signInSocial:Ee,callbackOAuth:_e,getSession:ie(),signOut:Te,signUpEmail:je(),signInEmail:xe,forgetPassword:Pe,resetPassword:Se,verifyEmail:ve,sendVerificationEmail:Ue,changeEmail:De,changePassword:Ie,setPassword:Ce,updateUser:Oe(),deleteUser:Be,forgetPasswordCallback:Le,listSessions:ye(),revokeSession:Ae,revokeSessions:ke,revokeOtherSessions:Re,linkSocialAccount:qe,listUserAccounts:Ne},...r,ok:ze,error:Ve},s={};for(let[d,a]of Object.entries(n))s[d]=async(c={})=>{let l=await e;l.session=null;for(let u of t.plugins||[])if(u.hooks?.before)for(let y of u.hooks.before){let k={...a,...c,context:{...l,...c?.context}};if(y.matcher(k)){let w=await y.handler(k);w&&"context"in w&&(c={...w,...c})}}let f;try{f=await a({...c,context:{...l,...c.context}})}catch(u){if(u instanceof j.APIError){let y=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!y?.length)throw u;let k=new Response(JSON.stringify(u.body),{status:j.statusCode[u.status],headers:u.headers}),T;for(let w of y||[]){let F={...a,...c,context:{...l,...c.context,endpoint:a,returned:k}};if(w.matcher(F)){let E=await w.handler(F);E&&"response"in E&&(T=E.response)}}if(T instanceof Response)return T;throw u}throw u}let m=f;for(let u of t.plugins||[])if(u.hooks?.after)for(let y of u.hooks.after){let k={...a,...c,context:{...l,...c.context,endpoint:a,returned:m}};if(y.matcher(k)){let w=await y.handler(k);w&&("response"in w&&(m=w.response),"responseHeader"in w&&(m instanceof Response?m=new Response(m.body,{status:m.status,headers:{...m.headers,...w.responseHeader}}):s[d].headers=w.responseHeader))}}return m},s[d].path=a.path,s[d].method=a.method,s[d].options=a.options,s[d].headers=a.headers;return{api:s,middlewares:o}}var pr=(e,t)=>{let{api:r,middlewares:o}=zt(e,t),i=new URL(e.baseURL).pathname;return(0,j.createRouter)(r,{extraContext:e,basePath:i,routerMiddleware:[{path:"/**",middleware:me},...o],async onRequest(n){for(let s of e.options.plugins||[])if(s.onRequest){let d=await s.onRequest(n,e);if(d&&"response"in d)return d.response}return Vt(n,e)},async onResponse(n){for(let s of e.options.plugins||[])if(s.onResponse){let d=await s.onResponse(n,e);if(d)return d.response}return n},onError(n){if(n instanceof j.APIError&&n.status==="FOUND")return;if(t.onAPIError?.throw)throw n;if(t.onAPIError?.onError){t.onAPIError.onError(n,e);return}let s=t.logger?.level,d=s==="error"||s==="warn"||s==="debug"?L:void 0;if(t.logger?.disabled!==!0){if(n&&typeof n=="object"&&"message"in n&&typeof n.message=="string"&&(n.message.includes("no column")||n.message.includes("column")||n.message.includes("relation")||n.message.includes("table")||n.message.includes("does not exist"))){e.logger?.error(n.message),e.logger?.error("If you are seeing this error, it is likely that you need to run the migrations for the database or you need to update your database schema. If you recently updated the package, make sure to run the migrations.");return}n instanceof j.APIError?(n.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(n.status,n),d?.error(n.message)):e.logger?.error(n&&typeof n=="object"&&"name"in n?n.name:"",n)}}})};0&&(module.exports={APIError,callbackOAuth,changeEmail,changePassword,createAuthEndpoint,createAuthMiddleware,createEmailVerificationToken,deleteUser,error,forgetPassword,forgetPasswordCallback,getEndpoints,getSession,getSessionFromCtx,linkSocialAccount,listSessions,listUserAccounts,ok,optionsMiddleware,originCheckMiddleware,resetPassword,revokeOtherSessions,revokeSession,revokeSessions,router,sendVerificationEmail,sessionMiddleware,setPassword,signInEmail,signInSocial,signOut,signUpEmail,updateUser,verifyEmail});
package/dist/api.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-BiSlZarn.cjs';
1
+ export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-DvJrys4P.cjs';
2
2
  import './helper-DrEEwdyQ.cjs';
3
3
  export { APIError } from 'better-call';
4
4
  import 'zod';
package/dist/api.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-DsZXpnOl.js';
1
+ export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-BM9xLLak.js';
2
2
  import './helper-DrEEwdyQ.js';
3
3
  export { APIError } from 'better-call';
4
4
  import 'zod';