better-auth 0.8.8-beta.1 → 0.8.8-beta.2

package/dist/adapters/drizzle.d.cts

@@ -1,4 +1,4 @@
-import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
+import { B as BetterAuthOptions, W as Where } from '../auth-BWqY56d3.cjs';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/drizzle.d.ts

@@ -1,4 +1,4 @@
-import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
+import { B as BetterAuthOptions, W as Where } from '../auth-Dv7MYJoC.js';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/kysely.d.cts

@@ -1,5 +1,5 @@
 import { Kysely } from 'kysely';
-import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-BiSlZarn.cjs';
+import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-BWqY56d3.cjs';
 import 'zod';
 import 'better-call';
 import '../helper-DrEEwdyQ.cjs';

package/dist/adapters/kysely.d.ts

@@ -1,5 +1,5 @@
 import { Kysely } from 'kysely';
-import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-DsZXpnOl.js';
+import { B as BetterAuthOptions, K as KyselyDatabaseType, W as Where } from '../auth-Dv7MYJoC.js';
 import 'zod';
 import 'better-call';
 import '../helper-DrEEwdyQ.js';

package/dist/adapters/memory.d.cts

@@ -1,4 +1,4 @@
-import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
+import { B as BetterAuthOptions, W as Where } from '../auth-BWqY56d3.cjs';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/memory.d.ts

@@ -1,4 +1,4 @@
-import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
+import { B as BetterAuthOptions, W as Where } from '../auth-Dv7MYJoC.js';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/mongodb.d.cts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
+import { B as BetterAuthOptions, W as Where } from '../auth-BWqY56d3.cjs';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/mongodb.d.ts

@@ -1,5 +1,5 @@
 import { Db } from 'mongodb';
-import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
+import { B as BetterAuthOptions, W as Where } from '../auth-Dv7MYJoC.js';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/prisma.d.cts

@@ -1,4 +1,4 @@
-import { B as BetterAuthOptions, W as Where } from '../auth-BiSlZarn.cjs';
+import { B as BetterAuthOptions, W as Where } from '../auth-BWqY56d3.cjs';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/adapters/prisma.d.ts

@@ -1,4 +1,4 @@
-import { B as BetterAuthOptions, W as Where } from '../auth-DsZXpnOl.js';
+import { B as BetterAuthOptions, W as Where } from '../auth-Dv7MYJoC.js';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/api.d.cts

@@ -1,4 +1,4 @@
-export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-BiSlZarn.cjs';
+export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-BWqY56d3.cjs';
 import './helper-DrEEwdyQ.cjs';
 export { APIError } from 'better-call';
 import 'zod';

package/dist/api.d.ts

@@ -1,4 +1,4 @@
-export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-DsZXpnOl.js';
+export { M as AuthEndpoint, N as AuthMiddleware, aa as callbackOAuth, at as changeEmail, aq as changePassword, J as createAuthEndpoint, F as createAuthMiddleware, am as createEmailVerificationToken, as as deleteUser, au as error, aj as forgetPassword, ak as forgetPasswordCallback, a6 as getEndpoints, ab as getSession, ac as getSessionFromCtx, ay as linkSocialAccount, ae as listSessions, ax as listUserAccounts, av as ok, D as optionsMiddleware, az as originCheckMiddleware, al as resetPassword, ah as revokeOtherSessions, af as revokeSession, ag as revokeSessions, a7 as router, an as sendVerificationEmail, ad as sessionMiddleware, ar as setPassword, a9 as signInEmail, a8 as signInSocial, ai as signOut, aw as signUpEmail, ap as updateUser, ao as verifyEmail } from './auth-Dv7MYJoC.js';
 import './helper-DrEEwdyQ.js';
 export { APIError } from 'better-call';
 import 'zod';

package/dist/{auth-BiSlZarn.d.cts → auth-BWqY56d3.d.cts}

@@ -1400,7 +1400,7 @@ declare const getAuthTables: (options: BetterAuthOptions) => BetterAuthDbSchema;
 
 interface CookieAttributes {
     value: string;
-    "max-age"?: string;
+    "max-age"?: number;
     expires?: Date;
     domain?: string;
     path?: string;

package/dist/{auth-DsZXpnOl.d.ts → auth-Dv7MYJoC.d.ts}

@@ -1400,7 +1400,7 @@ declare const getAuthTables: (options: BetterAuthOptions) => BetterAuthDbSchema;
 
 interface CookieAttributes {
     value: string;
-    "max-age"?: string;
+    "max-age"?: number;
     expires?: Date;
     domain?: string;
     path?: string;

package/dist/client/plugins.d.cts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { AccessControl, StatementsPrimitive, Role } from '../plugins/access.cjs';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-3hk0Leba.cjs';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-3hk0Leba.cjs';
+import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-BUiQJo67.cjs';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-BUiQJo67.cjs';
 import { P as Prettify } from '../helper-DrEEwdyQ.cjs';
-import { O as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-BiSlZarn.cjs';
+import { O as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-BWqY56d3.cjs';
 import { Store } from '../types.cjs';
 import 'zod';
 import 'better-call';

package/dist/client/plugins.d.ts

@@ -2,10 +2,10 @@ import * as nanostores from 'nanostores';
 import { AccessControl, StatementsPrimitive, Role } from '../plugins/access.js';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-CZCI_0c2.js';
-export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-CZCI_0c2.js';
+import { o as organization, q as Organization, M as Member, I as Invitation, u as username, m as magicLink, d as phoneNumber, f as anonymous, i as admin, j as genericOAuth, k as jwt, l as multiSession, n as emailOTP } from '../index-DPruP1i-.js';
+export { g as getPasskeyActions, c as passkeyClient, a as twoFactorClient } from '../index-DPruP1i-.js';
 import { P as Prettify } from '../helper-DrEEwdyQ.js';
-import { O as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-DsZXpnOl.js';
+import { O as FieldAttribute, B as BetterAuthOptions, j as BetterAuthPlugin } from '../auth-Dv7MYJoC.js';
 import { Store } from '../types.js';
 import 'zod';
 import 'better-call';

package/dist/client.d.cts

@@ -6,7 +6,7 @@ import { BetterFetchError, BetterFetch, BetterFetchOption } from '@better-fetch/
 import { ClientOptions, InferClientAPI, InferActions, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.cjs';
 export { AtomListener, InferAdditionalFromClient, InferPluginsFromClient, Store } from './types.cjs';
 import { U as UnionToIntersection } from './helper-DrEEwdyQ.cjs';
-import './auth-BiSlZarn.cjs';
+import './auth-BWqY56d3.cjs';
 import 'kysely';
 import 'better-call';
 import './index-BNVrpPYq.cjs';

package/dist/client.d.ts

@@ -6,7 +6,7 @@ import { BetterFetchError, BetterFetch, BetterFetchOption } from '@better-fetch/
 import { ClientOptions, InferClientAPI, InferActions, InferSessionFromClient, InferUserFromClient, BetterAuthClientPlugin, IsSignal } from './types.js';
 export { AtomListener, InferAdditionalFromClient, InferPluginsFromClient, Store } from './types.js';
 import { U as UnionToIntersection } from './helper-DrEEwdyQ.js';
-import './auth-DsZXpnOl.js';
+import './auth-Dv7MYJoC.js';
 import 'kysely';
 import 'better-call';
 import './index-eyp1LeN0.js';

package/dist/cookies.cjs

@@ -1 +1 @@
-"use strict";var b=Object.defineProperty;var D=Object.getOwnPropertyDescriptor;var B=Object.getOwnPropertyNames;var O=Object.prototype.hasOwnProperty;var _=(e,t)=>{for(var o in t)b(e,o,{get:t[o],enumerable:!0})},R=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of B(t))!O.call(e,s)&&s!==o&&b(e,s,{get:()=>t[s],enumerable:!(n=D(t,s))||n.enumerable});return e};var P=e=>R(b({},"__esModule",{value:!0}),e);var G={};_(G,{createCookieGetter:()=>T,deleteSessionCookie:()=>H,getCookies:()=>N,parseCookies:()=>q,parseSetCookieHeader:()=>M,setSessionCookie:()=>$});module.exports=P(G);var A=require("oslo"),w=require("oslo/encoding");var d=require("oslo/crypto");async function U({value:e,secret:t}){return new d.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function j({value:e,signature:t,secret:o}){return new d.HMAC("SHA-256").verify(new TextEncoder().encode(o),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var x={sign:U,verify:j};var p=class extends Error{constructor(t,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=o,this.stack=""}};var C=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var k=Object.create(null),u=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?k:globalThis),L=new Proxy(k,{get(e,t){return u()[t]??k[t]},has(e,t){let o=u();return t in o||t in k},set(e,t,o){let n=u(!0);return n[t]=o,!0},deleteProperty(e,t){if(!t)return!1;let o=u(!0);return delete o[t],!0},ownKeys(){let e=u(!0);return Object.keys(e)}});function V(e){return e?e!=="false":!1}var y=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",v=y==="production";var X=y==="test"||V(L.TEST);function M(e){let t=new Map;return e.split(", ").forEach(n=>{let s=n.split(";").map(g=>g.trim()),[a,...c]=s,[m,...l]=a.split("="),f=l.join("=");if(!m||f===void 0){console.warn(`Malformed cookie: ${n}`);return}let r={value:f};c.forEach(g=>{let[S,...E]=g.split("="),i=E.join("="),h=S.trim().toLowerCase();switch(h){case"max-age":r["max-age"]=i;break;case"expires":r.expires=i?new Date(i.trim()):void 0;break;case"domain":r.domain=i?i.trim():void 0;break;case"path":r.path=i?i.trim():void 0;break;case"secure":r.secure=!0;break;case"httponly":r.httponly=!0;break;case"samesite":r.samesite=i?i.trim().toLowerCase():void 0;break;default:r[h]=i?i.trim():!0;break}}),t.set(m,r)}),t}function T(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):v)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,s=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!s)throw new p("baseURL is required when crossSubdomainCookies are enabled");function a(c,m={}){let l=e.advanced?.cookiePrefix||"better-auth",f=e.advanced?.cookies?.[c]?.name||`${l}.${c}`,r=e.advanced?.cookies?.[c]?.attributes;return{name:`${o}${f}`,attributes:{secure:!!o,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:s}:{},...e.advanced?.defaultCookieAttributes,...m,...r}}}return a}function N(e){let t=T(e),o=e.session?.expiresIn||new A.TimeSpan(7,"d").seconds(),n=t("session_token",{maxAge:o}),s=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),a=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:s.name,options:s.attributes},dontRememberToken:{name:a.name,options:a.attributes}}}async function $(e,t,o,n){let s=e.context.authCookies.sessionToken.options,a=o?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...s,maxAge:a,...n}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(w.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:C(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await x.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function H(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function q(e){let t=e.split("; "),o=new Map;return t.forEach(n=>{let[s,a]=n.split("=");o.set(s,a)}),o}0&&(module.exports={createCookieGetter,deleteSessionCookie,getCookies,parseCookies,parseSetCookieHeader,setSessionCookie});
+"use strict";var b=Object.defineProperty;var D=Object.getOwnPropertyDescriptor;var B=Object.getOwnPropertyNames;var O=Object.prototype.hasOwnProperty;var _=(e,t)=>{for(var o in t)b(e,o,{get:t[o],enumerable:!0})},R=(e,t,o,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of B(t))!O.call(e,s)&&s!==o&&b(e,s,{get:()=>t[s],enumerable:!(n=D(t,s))||n.enumerable});return e};var P=e=>R(b({},"__esModule",{value:!0}),e);var q={};_(q,{createCookieGetter:()=>T,deleteSessionCookie:()=>H,getCookies:()=>N,parseCookies:()=>I,parseSetCookieHeader:()=>M,setSessionCookie:()=>$});module.exports=P(q);var A=require("oslo"),w=require("oslo/encoding");var f=require("oslo/crypto");async function U({value:e,secret:t}){return new f.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function j({value:e,signature:t,secret:o}){return new f.HMAC("SHA-256").verify(new TextEncoder().encode(o),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var x={sign:U,verify:j};var p=class extends Error{constructor(t,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=o,this.stack=""}};var C=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var k=Object.create(null),u=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?k:globalThis),L=new Proxy(k,{get(e,t){return u()[t]??k[t]},has(e,t){let o=u();return t in o||t in k},set(e,t,o){let n=u(!0);return n[t]=o,!0},deleteProperty(e,t){if(!t)return!1;let o=u(!0);return delete o[t],!0},ownKeys(){let e=u(!0);return Object.keys(e)}});function V(e){return e?e!=="false":!1}var y=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",v=y==="production";var X=y==="test"||V(L.TEST);function M(e){let t=new Map;return e.split(", ").forEach(n=>{let s=n.split(";").map(g=>g.trim()),[a,...c]=s,[m,...l]=a.split("="),d=l.join("=");if(!m||d===void 0){console.warn(`Malformed cookie: ${n}`);return}let i={value:d};c.forEach(g=>{let[S,...E]=g.split("="),r=E.join("="),h=S.trim().toLowerCase();switch(h){case"max-age":i["max-age"]=r?parseInt(r.trim(),10):void 0;break;case"expires":i.expires=r?new Date(r.trim()):void 0;break;case"domain":i.domain=r?r.trim():void 0;break;case"path":i.path=r?r.trim():void 0;break;case"secure":i.secure=!0;break;case"httponly":i.httponly=!0;break;case"samesite":i.samesite=r?r.trim().toLowerCase():void 0;break;default:i[h]=r?r.trim():!0;break}}),t.set(m,i)}),t}function T(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):v)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,s=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!s)throw new p("baseURL is required when crossSubdomainCookies are enabled");function a(c,m={}){let l=e.advanced?.cookiePrefix||"better-auth",d=e.advanced?.cookies?.[c]?.name||`${l}.${c}`,i=e.advanced?.cookies?.[c]?.attributes;return{name:`${o}${d}`,attributes:{secure:!!o,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:s}:{},...e.advanced?.defaultCookieAttributes,...m,...i}}}return a}function N(e){let t=T(e),o=e.session?.expiresIn||new A.TimeSpan(7,"d").seconds(),n=t("session_token",{maxAge:o}),s=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),a=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:s.name,options:s.attributes},dontRememberToken:{name:a.name,options:a.attributes}}}async function $(e,t,o,n){let s=e.context.authCookies.sessionToken.options,a=o?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...s,maxAge:a,...n}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(w.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:C(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await x.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function H(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function I(e){let t=e.split("; "),o=new Map;return t.forEach(n=>{let[s,a]=n.split("=");o.set(s,a)}),o}0&&(module.exports={createCookieGetter,deleteSessionCookie,getCookies,parseCookies,parseSetCookieHeader,setSessionCookie});

package/dist/cookies.d.cts

@@ -1,5 +1,5 @@
 import 'better-call';
-export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-BiSlZarn.cjs';
+export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-BWqY56d3.cjs';
 import 'kysely';
 import 'zod';
 import './helper-DrEEwdyQ.cjs';

package/dist/cookies.d.ts

@@ -1,5 +1,5 @@
 import 'better-call';
-export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-DsZXpnOl.js';
+export { q as BetterAuthCookies, E as EligibleCookies, o as createCookieGetter, r as deleteSessionCookie, p as getCookies, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie } from './auth-Dv7MYJoC.js';
 import 'kysely';
 import 'zod';
 import './helper-DrEEwdyQ.js';

package/dist/cookies.js

@@ -1 +1 @@
-import{TimeSpan as D}from"oslo";import{base64url as B}from"oslo/encoding";import{HMAC as b,sha256 as U}from"oslo/crypto";async function w({value:e,secret:t}){return new b("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function T({value:e,signature:t,secret:o}){return new b("SHA-256").verify(new TextEncoder().encode(o),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var h={sign:w,verify:T};var d=class extends Error{constructor(t,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=o,this.stack=""}};var x=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var p=Object.create(null),u=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?p:globalThis),S=new Proxy(p,{get(e,t){return u()[t]??p[t]},has(e,t){let o=u();return t in o||t in p},set(e,t,o){let n=u(!0);return n[t]=o,!0},deleteProperty(e,t){if(!t)return!1;let o=u(!0);return delete o[t],!0},ownKeys(){let e=u(!0);return Object.keys(e)}});function E(e){return e?e!=="false":!1}var C=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",y=C==="production";var N=C==="test"||E(S.TEST);function H(e){let t=new Map;return e.split(", ").forEach(n=>{let s=n.split(";").map(l=>l.trim()),[a,...c]=s,[m,...k]=a.split("="),f=k.join("=");if(!m||f===void 0){console.warn(`Malformed cookie: ${n}`);return}let r={value:f};c.forEach(l=>{let[v,...A]=l.split("="),i=A.join("="),g=v.trim().toLowerCase();switch(g){case"max-age":r["max-age"]=i;break;case"expires":r.expires=i?new Date(i.trim()):void 0;break;case"domain":r.domain=i?i.trim():void 0;break;case"path":r.path=i?i.trim():void 0;break;case"secure":r.secure=!0;break;case"httponly":r.httponly=!0;break;case"samesite":r.samesite=i?i.trim().toLowerCase():void 0;break;default:r[g]=i?i.trim():!0;break}}),t.set(m,r)}),t}function O(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):y)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,s=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!s)throw new d("baseURL is required when crossSubdomainCookies are enabled");function a(c,m={}){let k=e.advanced?.cookiePrefix||"better-auth",f=e.advanced?.cookies?.[c]?.name||`${k}.${c}`,r=e.advanced?.cookies?.[c]?.attributes;return{name:`${o}${f}`,attributes:{secure:!!o,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:s}:{},...e.advanced?.defaultCookieAttributes,...m,...r}}}return a}function F(e){let t=O(e),o=e.session?.expiresIn||new D(7,"d").seconds(),n=t("session_token",{maxAge:o}),s=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),a=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:s.name,options:s.attributes},dontRememberToken:{name:a.name,options:a.attributes}}}async function Q(e,t,o,n){let s=e.context.authCookies.sessionToken.options,a=o?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...s,maxAge:a,...n}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(B.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:x(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await h.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function X(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function Y(e){let t=e.split("; "),o=new Map;return t.forEach(n=>{let[s,a]=n.split("=");o.set(s,a)}),o}export{O as createCookieGetter,X as deleteSessionCookie,F as getCookies,Y as parseCookies,H as parseSetCookieHeader,Q as setSessionCookie};
+import{TimeSpan as D}from"oslo";import{base64url as B}from"oslo/encoding";import{HMAC as b,sha256 as U}from"oslo/crypto";async function w({value:e,secret:t}){return new b("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function T({value:e,signature:t,secret:o}){return new b("SHA-256").verify(new TextEncoder().encode(o),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var h={sign:w,verify:T};var f=class extends Error{constructor(t,o){super(t),this.name="BetterAuthError",this.message=t,this.cause=o,this.stack=""}};var x=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var p=Object.create(null),u=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?p:globalThis),S=new Proxy(p,{get(e,t){return u()[t]??p[t]},has(e,t){let o=u();return t in o||t in p},set(e,t,o){let n=u(!0);return n[t]=o,!0},deleteProperty(e,t){if(!t)return!1;let o=u(!0);return delete o[t],!0},ownKeys(){let e=u(!0);return Object.keys(e)}});function E(e){return e?e!=="false":!1}var C=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",y=C==="production";var N=C==="test"||E(S.TEST);function H(e){let t=new Map;return e.split(", ").forEach(n=>{let r=n.split(";").map(l=>l.trim()),[a,...c]=r,[m,...k]=a.split("="),d=k.join("=");if(!m||d===void 0){console.warn(`Malformed cookie: ${n}`);return}let i={value:d};c.forEach(l=>{let[v,...A]=l.split("="),s=A.join("="),g=v.trim().toLowerCase();switch(g){case"max-age":i["max-age"]=s?parseInt(s.trim(),10):void 0;break;case"expires":i.expires=s?new Date(s.trim()):void 0;break;case"domain":i.domain=s?s.trim():void 0;break;case"path":i.path=s?s.trim():void 0;break;case"secure":i.secure=!0;break;case"httponly":i.httponly=!0;break;case"samesite":i.samesite=s?s.trim().toLowerCase():void 0;break;default:i[g]=s?s.trim():!0;break}}),t.set(m,i)}),t}function O(e){let o=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):y)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,r=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!r)throw new f("baseURL is required when crossSubdomainCookies are enabled");function a(c,m={}){let k=e.advanced?.cookiePrefix||"better-auth",d=e.advanced?.cookies?.[c]?.name||`${k}.${c}`,i=e.advanced?.cookies?.[c]?.attributes;return{name:`${o}${d}`,attributes:{secure:!!o,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:r}:{},...e.advanced?.defaultCookieAttributes,...m,...i}}}return a}function F(e){let t=O(e),o=e.session?.expiresIn||new D(7,"d").seconds(),n=t("session_token",{maxAge:o}),r=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),a=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:r.name,options:r.attributes},dontRememberToken:{name:a.name,options:a.attributes}}}async function Q(e,t,o,n){let r=e.context.authCookies.sessionToken.options,a=o?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...r,maxAge:a,...n}),o&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(B.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:x(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await h.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function X(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function Y(e){let t=e.split("; "),o=new Map;return t.forEach(n=>{let[r,a]=n.split("=");o.set(r,a)}),o}export{O as createCookieGetter,X as deleteSessionCookie,F as getCookies,Y as parseCookies,H as parseSetCookieHeader,Q as setSessionCookie};

package/dist/db.d.cts

@@ -1,5 +1,5 @@
-import { l as Adapter, B as BetterAuthOptions, W as Where, O as FieldAttribute, Q as FieldType, K as KyselyDatabaseType } from './auth-BiSlZarn.cjs';
-export { a4 as BetterAuthDbSchema, X as FieldAttributeConfig, a3 as InferFieldsFromOptions, a2 as InferFieldsFromPlugins, $ as InferFieldsInput, a0 as InferFieldsInputClient, _ as InferFieldsOutput, Z as InferValueType, V as InternalAdapter, a1 as PluginFieldAttribute, Y as createFieldAttribute, T as createInternalAdapter, a5 as getAuthTables } from './auth-BiSlZarn.cjs';
+import { l as Adapter, B as BetterAuthOptions, W as Where, O as FieldAttribute, Q as FieldType, K as KyselyDatabaseType } from './auth-BWqY56d3.cjs';
+export { a4 as BetterAuthDbSchema, X as FieldAttributeConfig, a3 as InferFieldsFromOptions, a2 as InferFieldsFromPlugins, $ as InferFieldsInput, a0 as InferFieldsInputClient, _ as InferFieldsOutput, Z as InferValueType, V as InternalAdapter, a1 as PluginFieldAttribute, Y as createFieldAttribute, T as createInternalAdapter, a5 as getAuthTables } from './auth-BWqY56d3.cjs';
 import { z } from 'zod';
 import 'kysely';
 import 'better-call';

package/dist/db.d.ts

@@ -1,5 +1,5 @@
-import { l as Adapter, B as BetterAuthOptions, W as Where, O as FieldAttribute, Q as FieldType, K as KyselyDatabaseType } from './auth-DsZXpnOl.js';
-export { a4 as BetterAuthDbSchema, X as FieldAttributeConfig, a3 as InferFieldsFromOptions, a2 as InferFieldsFromPlugins, $ as InferFieldsInput, a0 as InferFieldsInputClient, _ as InferFieldsOutput, Z as InferValueType, V as InternalAdapter, a1 as PluginFieldAttribute, Y as createFieldAttribute, T as createInternalAdapter, a5 as getAuthTables } from './auth-DsZXpnOl.js';
+import { l as Adapter, B as BetterAuthOptions, W as Where, O as FieldAttribute, Q as FieldType, K as KyselyDatabaseType } from './auth-Dv7MYJoC.js';
+export { a4 as BetterAuthDbSchema, X as FieldAttributeConfig, a3 as InferFieldsFromOptions, a2 as InferFieldsFromPlugins, $ as InferFieldsInput, a0 as InferFieldsInputClient, _ as InferFieldsOutput, Z as InferValueType, V as InternalAdapter, a1 as PluginFieldAttribute, Y as createFieldAttribute, T as createInternalAdapter, a5 as getAuthTables } from './auth-Dv7MYJoC.js';
 import { z } from 'zod';
 import 'kysely';
 import 'better-call';

package/dist/{index-3hk0Leba.d.cts → index-BUiQJo67.d.cts}

@@ -1,5 +1,5 @@
 import { z, ZodLiteral, ZodObject, ZodOptional, ZodArray } from 'zod';
-import { U as User, S as Session, k as InferOptionSchema, H as HookEndpointContext, h as AuthContext } from './auth-BiSlZarn.cjs';
+import { U as User, S as Session, k as InferOptionSchema, H as HookEndpointContext, h as AuthContext } from './auth-BWqY56d3.cjs';
 import * as better_call from 'better-call';
 import { P as Prettify } from './helper-DrEEwdyQ.cjs';
 import { AccessControl, Role, StatementsPrimitive, defaultRoles } from './plugins/access.cjs';
@@ -6862,20 +6862,15 @@ declare const multiSession: (options?: MultiSessionConfig) => {
         };
     };
     hooks: {
-        after: ({
-            matcher: () => true;
-            handler: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, {
-                response: Response;
-            } | undefined>, better_call.EndpointOptions>;
-        } | {
+        after: {
             matcher: (context: HookEndpointContext<{
                 returned: unknown;
                 endpoint: better_call.Endpoint;
             }>) => boolean;
             handler: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, {
-                responseHeader: Headers;
+                response: Response;
             } | undefined>, better_call.EndpointOptions>;
-        })[];
+        }[];
     };
 };
 

package/dist/{index-CZCI_0c2.d.ts → index-DPruP1i-.d.ts}

@@ -1,5 +1,5 @@
 import { z, ZodLiteral, ZodObject, ZodOptional, ZodArray } from 'zod';
-import { U as User, S as Session, k as InferOptionSchema, H as HookEndpointContext, h as AuthContext } from './auth-DsZXpnOl.js';
+import { U as User, S as Session, k as InferOptionSchema, H as HookEndpointContext, h as AuthContext } from './auth-Dv7MYJoC.js';
 import * as better_call from 'better-call';
 import { P as Prettify } from './helper-DrEEwdyQ.js';
 import { AccessControl, Role, StatementsPrimitive, defaultRoles } from './plugins/access.js';
@@ -6862,20 +6862,15 @@ declare const multiSession: (options?: MultiSessionConfig) => {
         };
     };
     hooks: {
-        after: ({
-            matcher: () => true;
-            handler: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, {
-                response: Response;
-            } | undefined>, better_call.EndpointOptions>;
-        } | {
+        after: {
             matcher: (context: HookEndpointContext<{
                 returned: unknown;
                 endpoint: better_call.Endpoint;
             }>) => boolean;
             handler: better_call.Endpoint<better_call.Handler<string, better_call.EndpointOptions, {
-                responseHeader: Headers;
+                response: Response;
             } | undefined>, better_call.EndpointOptions>;
-        })[];
+        }[];
     };
 };
 

package/dist/index.cjs

@@ -1,5 +1,5 @@
 "use strict";var Te=Object.defineProperty;var Rr=Object.getOwnPropertyDescriptor;var xr=Object.getOwnPropertyNames;var vr=Object.prototype.hasOwnProperty;var Ur=(e,t)=>{for(var r in t)Te(e,r,{get:t[r],enumerable:!0})},Tr=(e,t,r,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of xr(t))!vr.call(e,n)&&n!==r&&Te(e,n,{get:()=>t[n],enumerable:!(o=Rr(t,n))||o.enumerable});return e};var Er=e=>Tr(Te({},"__esModule",{value:!0}),e);var eo={};Ur(eo,{BetterAuthError:()=>O,HIDE_METADATA:()=>K,MissingDependencyError:()=>Pe,betterAuth:()=>Xr,capitalizeFirstLetter:()=>Dr,createCookieGetter:()=>me,createLogger:()=>ie,deleteSessionCookie:()=>q,generateId:()=>C,generateState:()=>ne,getCookies:()=>Ie,levels:()=>he,logger:()=>S,parseCookies:()=>_r,parseSetCookieHeader:()=>Sr,parseState:()=>_e,setSessionCookie:()=>I,shouldPublishLog:()=>mt});module.exports=Er(eo);var H=require("better-call");var Ge=require("better-call");var G=require("better-call"),He=(0,G.createMiddleware)(async()=>({})),ce=(0,G.createMiddlewareCreator)({use:[He,(0,G.createMiddleware)(async()=>({}))]}),b=(0,G.createEndpointCreator)({use:[He]});var Ke=ce(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:o}=e,n=e.headers?.get("origin")||e.headers?.get("referer")||"",i=t?.callbackURL||r?.callbackURL,d=t?.redirectTo,l=r?.currentURL,s=o.trustedOrigins,a=e.headers?.has("cookie"),c=(f,u)=>u.includes("*")?new RegExp("^"+u.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(f):f.startsWith(u),m=(f,u)=>{if(!f)return;if(!s.some(g=>c(f,g)||f?.startsWith("/")&&u!=="origin"&&!f.includes(":")))throw e.context.logger.error(`Invalid ${u}: ${f}`),e.context.logger.info(`If it's a valid URL, please add ${f} to trustedOrigins in your auth config
-`,`Current list of trustedOrigins: ${s}`),new Ge.APIError("FORBIDDEN",{message:`Invalid ${u}`})};a&&!e.context.options.advanced?.disableCSRFCheck&&m(n,"origin"),i&&m(i,"callbackURL"),d&&m(d,"redirectURL"),l&&m(l,"currentURL")});var E=require("better-call"),x=require("zod");var Ze=require("oslo"),Je=require("oslo/encoding");var le=require("oslo/crypto");function Ee(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}async function Pr({value:e,secret:t}){return new le.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function Ir({value:e,signature:t,secret:r}){return new le.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var ue={sign:Pr,verify:Ir};var O=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Pe=class extends O{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var _=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var pe=Object.create(null),te=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?pe:globalThis),L=new Proxy(pe,{get(e,t){return te()[t]??pe[t]},has(e,t){let r=te();return t in r||t in pe},set(e,t,r){let o=te(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=te(!0);return delete r[t],!0},ownKeys(){let e=te(!0);return Object.keys(e)}});function Or(e){return e?e!=="false":!1}var fe=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",re=fe==="production",Qe=fe==="dev"||fe==="development",We=fe==="test"||Or(L.TEST);function Sr(e){let t=new Map;return e.split(", ").forEach(o=>{let n=o.split(";").map(m=>m.trim()),[i,...d]=n,[l,...s]=i.split("="),a=s.join("=");if(!l||a===void 0){console.warn(`Malformed cookie: ${o}`);return}let c={value:a};d.forEach(m=>{let[f,...u]=m.split("="),p=u.join("="),g=f.trim().toLowerCase();switch(g){case"max-age":c["max-age"]=p;break;case"expires":c.expires=p?new Date(p.trim()):void 0;break;case"domain":c.domain=p?p.trim():void 0;break;case"path":c.path=p?p.trim():void 0;break;case"secure":c.secure=!0;break;case"httponly":c.httponly=!0;break;case"samesite":c.samesite=p?p.trim().toLowerCase():void 0;break;default:c[g]=p?p.trim():!0;break}}),t.set(l,c)}),t}function me(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):re)?"__Secure-":"",o=!!e.advanced?.crossSubDomainCookies?.enabled,n=o?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(o&&!n)throw new O("baseURL is required when crossSubdomainCookies are enabled");function i(d,l={}){let s=e.advanced?.cookiePrefix||"better-auth",a=e.advanced?.cookies?.[d]?.name||`${s}.${d}`,c=e.advanced?.cookies?.[d]?.attributes;return{name:`${r}${a}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...o?{domain:n}:{},...e.advanced?.defaultCookieAttributes,...l,...c}}}return i}function Ie(e){let t=me(e),r=e.session?.expiresIn||new Ze.TimeSpan(7,"d").seconds(),o=t("session_token",{maxAge:r}),n=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),i=t("dont_remember");return{sessionToken:{name:o.name,options:o.attributes},sessionData:{name:n.name,options:n.attributes},dontRememberToken:{name:i.name,options:i.attributes}}}async function I(e,t,r,o){let n=e.context.authCookies.sessionToken.options,i=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...n,maxAge:i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(Je.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:_(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await ue.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function q(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function _r(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[n,i]=o.split("=");r.set(n,i)}),r}var nt=require("@better-fetch/fetch"),it=require("better-call"),W=require("jose"),st=require("oslo/jwt");var Ye=require("oslo/crypto"),Xe=require("oslo/encoding");async function et(e){let t=await(0,Ye.sha256)(new TextEncoder().encode(e));return Xe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function tt(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?_(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function U({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:d,redirectURI:l}){let s=new URL(r);if(s.searchParams.set("response_type","code"),s.searchParams.set("client_id",t.clientId),s.searchParams.set("state",o),s.searchParams.set("scope",i.join(" ")),s.searchParams.set("redirect_uri",t.redirectURI||l),n){let a=await et(n);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",a)}if(d){let a=d.reduce((c,m)=>(c[m]=null,c),{});s.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...a}}))}return s}var rt=require("@better-fetch/fetch");async function R({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n,authentication:i}){let d=new URLSearchParams,l={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(d.set("grant_type","authorization_code"),d.set("code",e),t&&d.set("code_verifier",t),d.set("redirect_uri",r),i==="basic"){let m=btoa(`${o.clientId}:${o.clientSecret}`);l.authorization=`Basic ${m}`}else d.set("client_id",o.clientId),d.set("client_secret",o.clientSecret);let{data:s,error:a}=await(0,rt.betterFetch)(n,{method:"POST",body:d,headers:l});if(a)throw a;return tt(s)}var ge=require("oslo/oauth2"),F=require("zod"),Se=require("better-call");function Lr(e){try{return new URL(e).pathname!=="/"}catch{throw new O(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Oe(e,t="/api/auth"){return Lr(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function oe(e,t){if(e)return Oe(e,t);let r=L.BETTER_AUTH_URL||L.NEXT_PUBLIC_BETTER_AUTH_URL||L.PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_AUTH_URL||(L.BASE_URL!=="/"?L.BASE_URL:void 0);if(r)return Oe(r,t);if(typeof window<"u"&&window.location)return Oe(window.location.origin,t)}function ot(e){try{return new URL(e).origin}catch{return null}}async function ne(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?ot(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Se.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,ge.generateCodeVerifier)(),n=(0,ge.generateState)(),i=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),d=new Date;d.setMinutes(d.getMinutes()+10);let l=await e.context.internalAdapter.createVerificationValue({value:i,identifier:n,expiresAt:d});if(!l)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Se.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:l.identifier,codeVerifier:o}}async function _e(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=F.z.object({callbackURL:F.z.string(),codeVerifier:F.z.string(),errorURL:F.z.string().optional(),expiresAt:F.z.number(),link:F.z.object({email:F.z.string(),userId:F.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var at=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=o||["email","name"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>R({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let n=(0,W.decodeProtectedHeader)(r),{kid:i,alg:d}=n;if(!i||!d)return!1;let l=await Cr(i),{payload:s}=await(0,W.jwtVerify)(r,l,{algorithms:[d],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(a=>{s[a]!==void 0&&(s[a]=!!s[a])}),o&&s.nonce!==o?!1:!!s},async getUserInfo(r){if(!r.idToken)return null;let o=(0,st.parseJWT)(r.idToken)?.payload;if(!o)return null;let n=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email;return{user:{id:o.sub,name:n,emailVerified:!1,email:o.email},data:o}}}},Cr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await(0,nt.betterFetch)(`${t}${r}`);if(!o?.keys)throw new it.APIError("BAD_REQUEST",{message:"Keys not found"});let n=o.keys.find(i=>i.kid===e);if(!n)throw new Error(`JWK with kid ${e} not found`);return await(0,W.importJWK)(n,n.alg)};var dt=require("@better-fetch/fetch");var ct=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["identify","email"];return e.scope&&n.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>R({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,dt.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var lt=require("@better-fetch/fetch");var ut=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["email","public_profile"];return e.scope&&n.push(...e.scope),await U({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>R({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,lt.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var Le=require("@better-fetch/fetch");var pt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let d=o||["user:email"];return e.scope&&d.push(...e.scope),U({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:d,state:r,redirectURI:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>R({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await(0,Le.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:d,error:l}=await(0,Le.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});l||(o.email=(d.find(s=>s.primary)??d[0])?.email,i=d.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};var gt=require("oslo/jwt");var ft=require("consola"),he=["info","success","warn","error","debug"];function mt(e,t){return he.indexOf(t)<=he.indexOf(e)}var Br=(0,ft.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ie=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(n,i,d=[])=>{if(!(!t||!mt(r,n))){if(!e||typeof e.log!="function"){Br[n]("",i,...d);return}e.log(n==="success"?"info":n,i,d)}};return Object.fromEntries(he.map(n=>[n,(...[i,...d])=>o(n,i,d)]))},S=ie();var ht=require("@better-fetch/fetch"),yt=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw S.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new O("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new O("codeVerifier is required for Google");let i=r||["email","profile","openid"];e.scope&&i.push(...e.scope);let d=await U({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n});return e.accessType&&d.searchParams.set("access_type",e.accessType),e.prompt&&d.searchParams.set("prompt",e.prompt),d},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>R({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:n}=await(0,ht.betterFetch)(o);return n?n.aud===e.clientId&&n.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(!t.idToken)return null;let r=(0,gt.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var wt=require("@better-fetch/fetch"),bt=require("oslo/jwt");var At=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=n.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),U({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:d}){return R({code:n,codeVerifier:i,redirectURI:e.redirectURI||d,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=(0,bt.parseJWT)(n.idToken)?.payload,d=e.profilePhotoSize||48;return await(0,wt.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${d}x${d}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(l){if(!(e.disableProfilePhoto||!l.response.ok))try{let a=await l.response.clone().arrayBuffer(),c=Buffer.from(a).toString("base64");i.picture=`data:image/jpeg;base64, ${c}`}catch(s){S.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};var kt=require("@better-fetch/fetch");var Rt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=r||["user-read-email"];return e.scope&&i.push(...e.scope),U({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>R({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,kt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});function Dr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var K={isAction:!1};var xt=require("nanoid"),C=e=>(0,xt.nanoid)(e);var vt=require("oslo/jwt");var Ut=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["user:read:email","openid"];return e.scope&&n.push(...e.scope),U({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>R({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return S.error("No idToken found in token"),null;let o=(0,vt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var Tt=require("@better-fetch/fetch");var Et=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),U({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>R({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,Tt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Pt=require("@better-fetch/fetch");var It=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:n,redirectURI:i})=>{let d=o||["account_info.read"];return e.scope&&d.push(...e.scope),await U({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:d,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>await R({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await(0,Pt.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return n?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var Ot=require("@better-fetch/fetch");var St=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:n,redirectURI:i})=>{let d=n||["profile","email","openid"];return e.scope&&d.push(...e.scope),await U({id:"linkedin",options:e,authorizationEndpoint:t,scopes:d,state:o,redirectURI:i})},validateAuthorizationCode:async({code:o,redirectURI:n})=>await R({code:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:n,error:i}=await(0,Ot.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return i?null:{user:{id:n.sub,name:n.name,email:n.email,emailVerified:n.email_verified||!1,image:n.picture},data:n}}}};var _t=require("@better-fetch/fetch");var Ce=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Nr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ce(`${t}/oauth/authorize`),tokenEndpoint:Ce(`${t}/oauth/token`),userinfoEndpoint:Ce(`${t}/api/v4/user`)}},Lt=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=Nr(e.issuer),n="gitlab";return{id:n,name:"Gitlab",createAuthorizationURL:async({state:d,scopes:l,codeVerifier:s,redirectURI:a})=>{let c=l||["read_user"];return e.scope&&c.push(...e.scope),await U({id:n,options:e,authorizationEndpoint:t,scopes:c,state:d,redirectURI:a,codeVerifier:s})},validateAuthorizationCode:async({code:d,redirectURI:l,codeVerifier:s})=>R({code:d,redirectURI:e.redirectURI||l,options:e,codeVerifier:s,tokenEndpoint:r}),async getUserInfo(d){let{data:l,error:s}=await(0,_t.betterFetch)(o,{headers:{authorization:`Bearer ${d.accessToken}`}});return s||l.state!=="active"||l.locked?null:{user:{id:l.id.toString(),name:l.name??l.username,email:l.email,image:l.avatar_url,emailVerified:!0},data:l}}}};var Be={apple:at,discord:ct,facebook:ut,github:pt,microsoft:At,google:yt,spotify:Rt,twitch:Ut,twitter:Et,dropbox:It,linkedin:St,gitlab:Lt},ye=Object.keys(Be);var qt=require("oslo"),be=require("oslo/jwt"),N=require("zod");var M=require("better-call");var z=require("better-call");var J=require("zod");function Z(e){try{return JSON.parse(e)}catch{return null}}var De=()=>b("/get-session",{method:"GET",query:J.z.optional(J.z.object({disableCookieCache:J.z.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?Z(Buffer.from(r,"base64").toString()):null;if(o&&!await ue.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return q(e),e.json(null);let n=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let c=o.session;if(o.expiresAt<Date.now()||c.session.expiresAt<new Date){let f=e.context.authCookies.sessionData.name;e.setCookie(f,"",{maxAge:0})}else return e.json(c)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return q(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null);if(n)return e.json(i);let d=e.context.sessionConfig.expiresIn,l=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-d*1e3+l*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:_(e.context.sessionConfig.expiresIn,"sec")});if(!c)return q(e),e.json(null,{status:401});let m=(c.expiresAt.valueOf()-Date.now())/1e3;return await I(e,{session:c,user:i.user},!1,{maxAge:m}),e.json({session:c,user:i.user})}return e.json(i)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new z.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),we=async e=>{if(e.context.session)return e.context.session;let t=await De()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},B=ce(async e=>{let t=await we(e);if(!t?.session)throw new z.APIError("UNAUTHORIZED");return{session:t}}),Ct=()=>b("/list-sessions",{method:"GET",use:[B],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Bt=b("/revoke-session",{method:"POST",body:J.z.object({id:J.z.string()}),use:[B],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new z.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new z.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Dt=b("/revoke-sessions",{method:"POST",use:[B],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Nt=b("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[B]},async e=>{let t=e.context.session;if(!t.user)throw new z.APIError("UNAUTHORIZED");let n=(await e.context.internalAdapter.listSessions(t.user.id)).filter(i=>i.expiresAt>new Date).filter(i=>i.id!==e.context.session.session.id);return await Promise.all(n.map(i=>e.context.internalAdapter.deleteSession(i.id))),e.json({status:!0})});async function j(e,t,r){return await(0,be.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new qt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Vt=b("/send-verification-email",{method:"POST",query:N.z.object({currentURL:N.z.string().optional()}).optional(),body:N.z.object({email:N.z.string().email(),callbackURL:N.z.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new M.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new M.APIError("BAD_REQUEST",{message:"User not found"});let o=await j(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:n,token:o},e.request),e.json({status:!0})}),Ft=b("/verify-email",{method:"GET",query:N.z.object({token:N.z.string(),callbackURL:N.z.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await(0,be.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(d){throw e.context.logger.error("Failed to verify email",d),new M.APIError("BAD_REQUEST",{message:"Invalid token"})}let n=N.z.object({email:N.z.string().email(),updateTo:N.z.string().optional()}).parse(r.payload),i=await e.context.internalAdapter.findUserByEmail(n.email);if(!i)throw new M.APIError("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let d=await we(e);if(!d)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new M.APIError("UNAUTHORIZED",{message:"Session not found"});if(d.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new M.APIError("UNAUTHORIZED",{message:"Invalid session"});let l=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:l,url:`${e.context.baseURL}/verify-email?token=${t}`,token:t},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:l,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await we(e)){let l=await e.context.internalAdapter.createSession(i.user.id,e.request);if(!l)throw new M.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await I(e,{session:l,user:i.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function Ae(e,{userInfo:t,account:r,callbackURL:o}){let n=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(l=>{throw S.error(`Better auth was unable to query your database.
+`,`Current list of trustedOrigins: ${s}`),new Ge.APIError("FORBIDDEN",{message:`Invalid ${u}`})};a&&!e.context.options.advanced?.disableCSRFCheck&&m(n,"origin"),i&&m(i,"callbackURL"),d&&m(d,"redirectURL"),l&&m(l,"currentURL")});var E=require("better-call"),x=require("zod");var Ze=require("oslo"),Je=require("oslo/encoding");var le=require("oslo/crypto");function Ee(e,t){let r=new Uint8Array(e),o=new Uint8Array(t);if(r.length!==o.length)return!1;let n=0;for(let i=0;i<r.length;i++)n|=r[i]^o[i];return n===0}async function Pr({value:e,secret:t}){return new le.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(o=>Buffer.from(o).toString("base64"))}function Ir({value:e,signature:t,secret:r}){return new le.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var ue={sign:Pr,verify:Ir};var O=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Pe=class extends O{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var _=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var pe=Object.create(null),te=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?pe:globalThis),L=new Proxy(pe,{get(e,t){return te()[t]??pe[t]},has(e,t){let r=te();return t in r||t in pe},set(e,t,r){let o=te(!0);return o[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=te(!0);return delete r[t],!0},ownKeys(){let e=te(!0);return Object.keys(e)}});function Or(e){return e?e!=="false":!1}var fe=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",re=fe==="production",Qe=fe==="dev"||fe==="development",We=fe==="test"||Or(L.TEST);function Sr(e){let t=new Map;return e.split(", ").forEach(o=>{let n=o.split(";").map(m=>m.trim()),[i,...d]=n,[l,...s]=i.split("="),a=s.join("=");if(!l||a===void 0){console.warn(`Malformed cookie: ${o}`);return}let c={value:a};d.forEach(m=>{let[f,...u]=m.split("="),p=u.join("="),g=f.trim().toLowerCase();switch(g){case"max-age":c["max-age"]=p?parseInt(p.trim(),10):void 0;break;case"expires":c.expires=p?new Date(p.trim()):void 0;break;case"domain":c.domain=p?p.trim():void 0;break;case"path":c.path=p?p.trim():void 0;break;case"secure":c.secure=!0;break;case"httponly":c.httponly=!0;break;case"samesite":c.samesite=p?p.trim().toLowerCase():void 0;break;default:c[g]=p?p.trim():!0;break}}),t.set(l,c)}),t}function me(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):re)?"__Secure-":"",o=!!e.advanced?.crossSubDomainCookies?.enabled,n=o?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(o&&!n)throw new O("baseURL is required when crossSubdomainCookies are enabled");function i(d,l={}){let s=e.advanced?.cookiePrefix||"better-auth",a=e.advanced?.cookies?.[d]?.name||`${s}.${d}`,c=e.advanced?.cookies?.[d]?.attributes;return{name:`${r}${a}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...o?{domain:n}:{},...e.advanced?.defaultCookieAttributes,...l,...c}}}return i}function Ie(e){let t=me(e),r=e.session?.expiresIn||new Ze.TimeSpan(7,"d").seconds(),o=t("session_token",{maxAge:r}),n=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),i=t("dont_remember");return{sessionToken:{name:o.name,options:o.attributes},sessionData:{name:n.name,options:n.attributes},dontRememberToken:{name:i.name,options:i.attributes}}}async function I(e,t,r,o){let n=e.context.authCookies.sessionToken.options,i=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.id,e.context.secret,{...n,maxAge:i,...o}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(Je.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:_(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await ue.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.id,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function q(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function _r(e){let t=e.split("; "),r=new Map;return t.forEach(o=>{let[n,i]=o.split("=");r.set(n,i)}),r}var nt=require("@better-fetch/fetch"),it=require("better-call"),W=require("jose"),st=require("oslo/jwt");var Ye=require("oslo/crypto"),Xe=require("oslo/encoding");async function et(e){let t=await(0,Ye.sha256)(new TextEncoder().encode(e));return Xe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function tt(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?_(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function U({id:e,options:t,authorizationEndpoint:r,state:o,codeVerifier:n,scopes:i,claims:d,redirectURI:l}){let s=new URL(r);if(s.searchParams.set("response_type","code"),s.searchParams.set("client_id",t.clientId),s.searchParams.set("state",o),s.searchParams.set("scope",i.join(" ")),s.searchParams.set("redirect_uri",t.redirectURI||l),n){let a=await et(n);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",a)}if(d){let a=d.reduce((c,m)=>(c[m]=null,c),{});s.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...a}}))}return s}var rt=require("@better-fetch/fetch");async function R({code:e,codeVerifier:t,redirectURI:r,options:o,tokenEndpoint:n,authentication:i}){let d=new URLSearchParams,l={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(d.set("grant_type","authorization_code"),d.set("code",e),t&&d.set("code_verifier",t),d.set("redirect_uri",r),i==="basic"){let m=btoa(`${o.clientId}:${o.clientSecret}`);l.authorization=`Basic ${m}`}else d.set("client_id",o.clientId),d.set("client_secret",o.clientSecret);let{data:s,error:a}=await(0,rt.betterFetch)(n,{method:"POST",body:d,headers:l});if(a)throw a;return tt(s)}var ge=require("oslo/oauth2"),F=require("zod"),Se=require("better-call");function Lr(e){try{return new URL(e).pathname!=="/"}catch{throw new O(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Oe(e,t="/api/auth"){return Lr(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function oe(e,t){if(e)return Oe(e,t);let r=L.BETTER_AUTH_URL||L.NEXT_PUBLIC_BETTER_AUTH_URL||L.PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_BETTER_AUTH_URL||L.NUXT_PUBLIC_AUTH_URL||(L.BASE_URL!=="/"?L.BASE_URL:void 0);if(r)return Oe(r,t);if(typeof window<"u"&&window.location)return Oe(window.location.origin,t)}function ot(e){try{return new URL(e).origin}catch{return null}}async function ne(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?ot(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Se.APIError("BAD_REQUEST",{message:"callbackURL is required"});let o=(0,ge.generateCodeVerifier)(),n=(0,ge.generateState)(),i=JSON.stringify({callbackURL:r,codeVerifier:o,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),d=new Date;d.setMinutes(d.getMinutes()+10);let l=await e.context.internalAdapter.createVerificationValue({value:i,identifier:n,expiresAt:d});if(!l)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Se.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:l.identifier,codeVerifier:o}}async function _e(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let o=F.z.object({callbackURL:F.z.string(),codeVerifier:F.z.string(),errorURL:F.z.string().optional(),expiresAt:F.z.number(),link:F.z.object({email:F.z.string(),userId:F.z.string()}).optional()}).parse(JSON.parse(r.value));if(o.errorURL||(o.errorURL=`${e.context.baseURL}/error`),o.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),o}var at=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:o,redirectURI:n}){let i=o||["email","name"];return e.scope&&i.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${n||e.redirectURI}&scope=${i.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>R({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async verifyIdToken(r,o){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,o);let n=(0,W.decodeProtectedHeader)(r),{kid:i,alg:d}=n;if(!i||!d)return!1;let l=await Cr(i),{payload:s}=await(0,W.jwtVerify)(r,l,{algorithms:[d],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(a=>{s[a]!==void 0&&(s[a]=!!s[a])}),o&&s.nonce!==o?!1:!!s},async getUserInfo(r){if(!r.idToken)return null;let o=(0,st.parseJWT)(r.idToken)?.payload;if(!o)return null;let n=o.user?`${o.user.name.firstName} ${o.user.name.lastName}`:o.email;return{user:{id:o.sub,name:n,emailVerified:!1,email:o.email},data:o}}}},Cr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:o}=await(0,nt.betterFetch)(`${t}${r}`);if(!o?.keys)throw new it.APIError("BAD_REQUEST",{message:"Keys not found"});let n=o.keys.find(i=>i.kid===e);if(!n)throw new Error(`JWK with kid ${e} not found`);return await(0,W.importJWK)(n,n.alg)};var dt=require("@better-fetch/fetch");var ct=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["identify","email"];return e.scope&&n.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${n.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||o)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>R({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,dt.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(o)return null;if(r.avatar===null){let n=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${n}.png`}else{let n=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${n}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var lt=require("@better-fetch/fetch");var ut=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["email","public_profile"];return e.scope&&n.push(...e.scope),await U({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:n,state:t,redirectURI:o})},validateAuthorizationCode:async({code:t,redirectURI:r})=>R({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){let{data:r,error:o}=await(0,lt.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return o?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var Le=require("@better-fetch/fetch");var pt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:o,codeVerifier:n,redirectURI:i}){let d=o||["user:email"];return e.scope&&d.push(...e.scope),U({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:d,state:r,redirectURI:i})},validateAuthorizationCode:async({code:r,redirectURI:o})=>R({code:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await(0,Le.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(n)return null;let i=!1;if(!o.email){let{data:d,error:l}=await(0,Le.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});l||(o.email=(d.find(s=>s.primary)??d[0])?.email,i=d.find(s=>s.email===o.email)?.verified??!1)}return{user:{id:o.id.toString(),name:o.name||o.login,email:o.email,image:o.avatar_url,emailVerified:i},data:o}}}};var gt=require("oslo/jwt");var ft=require("consola"),he=["info","success","warn","error","debug"];function mt(e,t){return he.indexOf(t)<=he.indexOf(e)}var Br=(0,ft.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ie=e=>{let t=e?.disabled!==!0,r=e?.level??"error",o=(n,i,d=[])=>{if(!(!t||!mt(r,n))){if(!e||typeof e.log!="function"){Br[n]("",i,...d);return}e.log(n==="success"?"info":n,i,d)}};return Object.fromEntries(he.map(n=>[n,(...[i,...d])=>o(n,i,d)]))},S=ie();var ht=require("@better-fetch/fetch"),yt=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){if(!e.clientId||!e.clientSecret)throw S.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new O("CLIENT_ID_AND_SECRET_REQUIRED");if(!o)throw new O("codeVerifier is required for Google");let i=r||["email","profile","openid"];e.scope&&i.push(...e.scope);let d=await U({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:i,state:t,codeVerifier:o,redirectURI:n});return e.accessType&&d.searchParams.set("access_type",e.accessType),e.prompt&&d.searchParams.set("prompt",e.prompt),d},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>R({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let o=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:n}=await(0,ht.betterFetch)(o);return n?n.aud===e.clientId&&n.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(!t.idToken)return null;let r=(0,gt.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var wt=require("@better-fetch/fetch"),bt=require("oslo/jwt");var At=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,o=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(n){let i=n.scopes||["openid","profile","email","User.Read"];return e.scope&&i.push(...e.scope),U({id:"microsoft",options:e,authorizationEndpoint:r,state:n.state,codeVerifier:n.codeVerifier,scopes:i,redirectURI:n.redirectURI})},validateAuthorizationCode({code:n,codeVerifier:i,redirectURI:d}){return R({code:n,codeVerifier:i,redirectURI:e.redirectURI||d,options:e,tokenEndpoint:o})},async getUserInfo(n){if(!n.idToken)return null;let i=(0,bt.parseJWT)(n.idToken)?.payload,d=e.profilePhotoSize||48;return await(0,wt.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${d}x${d}/$value`,{headers:{Authorization:`Bearer ${n.accessToken}`},async onResponse(l){if(!(e.disableProfilePhoto||!l.response.ok))try{let a=await l.response.clone().arrayBuffer(),c=Buffer.from(a).toString("base64");i.picture=`data:image/jpeg;base64, ${c}`}catch(s){S.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}}),{user:{id:i.sub,name:i.name,email:i.email,image:i.picture,emailVerified:!0},data:i}}}};var kt=require("@better-fetch/fetch");var Rt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:o,redirectURI:n}){let i=r||["user-read-email"];return e.scope&&i.push(...e.scope),U({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:i,state:t,codeVerifier:o,redirectURI:n})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>R({code:t,codeVerifier:r,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,kt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});function Dr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var K={isAction:!1};var xt=require("nanoid"),C=e=>(0,xt.nanoid)(e);var vt=require("oslo/jwt");var Ut=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:o}){let n=r||["user:read:email","openid"];return e.scope&&n.push(...e.scope),U({id:"twitch",redirectURI:o,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:n,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>R({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){let r=t.idToken;if(!r)return S.error("No idToken found in token"),null;let o=(0,vt.parseJWT)(r)?.payload;return{user:{id:o.sub,name:o.preferred_username,email:o.email,image:o.picture,emailVerified:!1},data:o}}});var Tt=require("@better-fetch/fetch");var Et=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),U({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:o})=>R({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||o,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){let{data:r,error:o}=await(0,Tt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return o?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var Pt=require("@better-fetch/fetch");var It=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:o,codeVerifier:n,redirectURI:i})=>{let d=o||["account_info.read"];return e.scope&&d.push(...e.scope),await U({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:d,state:r,redirectURI:i,codeVerifier:n})},validateAuthorizationCode:async({code:r,codeVerifier:o,redirectURI:n})=>await R({code:r,codeVerifier:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){let{data:o,error:n}=await(0,Pt.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return n?null:{user:{id:o.account_id,name:o.name?.display_name,email:o.email,emailVerified:o.email_verified||!1,image:o.profile_photo_url},data:o}}}};var Ot=require("@better-fetch/fetch");var St=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:o,scopes:n,redirectURI:i})=>{let d=n||["profile","email","openid"];return e.scope&&d.push(...e.scope),await U({id:"linkedin",options:e,authorizationEndpoint:t,scopes:d,state:o,redirectURI:i})},validateAuthorizationCode:async({code:o,redirectURI:n})=>await R({code:o,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:r}),async getUserInfo(o){let{data:n,error:i}=await(0,Ot.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${o.accessToken}`}});return i?null:{user:{id:n.sub,name:n.name,email:n.email,emailVerified:n.email_verified||!1,image:n.picture},data:n}}}};var _t=require("@better-fetch/fetch");var Ce=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Nr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ce(`${t}/oauth/authorize`),tokenEndpoint:Ce(`${t}/oauth/token`),userinfoEndpoint:Ce(`${t}/api/v4/user`)}},Lt=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:o}=Nr(e.issuer),n="gitlab";return{id:n,name:"Gitlab",createAuthorizationURL:async({state:d,scopes:l,codeVerifier:s,redirectURI:a})=>{let c=l||["read_user"];return e.scope&&c.push(...e.scope),await U({id:n,options:e,authorizationEndpoint:t,scopes:c,state:d,redirectURI:a,codeVerifier:s})},validateAuthorizationCode:async({code:d,redirectURI:l,codeVerifier:s})=>R({code:d,redirectURI:e.redirectURI||l,options:e,codeVerifier:s,tokenEndpoint:r}),async getUserInfo(d){let{data:l,error:s}=await(0,_t.betterFetch)(o,{headers:{authorization:`Bearer ${d.accessToken}`}});return s||l.state!=="active"||l.locked?null:{user:{id:l.id.toString(),name:l.name??l.username,email:l.email,image:l.avatar_url,emailVerified:!0},data:l}}}};var Be={apple:at,discord:ct,facebook:ut,github:pt,microsoft:At,google:yt,spotify:Rt,twitch:Ut,twitter:Et,dropbox:It,linkedin:St,gitlab:Lt},ye=Object.keys(Be);var qt=require("oslo"),be=require("oslo/jwt"),N=require("zod");var M=require("better-call");var z=require("better-call");var J=require("zod");function Z(e){try{return JSON.parse(e)}catch{return null}}var De=()=>b("/get-session",{method:"GET",query:J.z.optional(J.z.object({disableCookieCache:J.z.boolean().optional()})),requireHeaders:!0},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),o=r?Z(Buffer.from(r,"base64").toString()):null;if(o&&!await ue.verify({value:JSON.stringify(o.session),signature:o?.signature,secret:e.context.secret}))return q(e),e.json(null);let n=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(o?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let c=o.session;if(o.expiresAt<Date.now()||c.session.expiresAt<new Date){let f=e.context.authCookies.sessionData.name;e.setCookie(f,"",{maxAge:0})}else return e.json(c)}let i=await e.context.internalAdapter.findSession(t);if(!i||i.session.expiresAt<new Date)return q(e),i&&await e.context.internalAdapter.deleteSession(i.session.id),e.json(null);if(n)return e.json(i);let d=e.context.sessionConfig.expiresIn,l=e.context.sessionConfig.updateAge;if(i.session.expiresAt.valueOf()-d*1e3+l*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(i.session.id,{expiresAt:_(e.context.sessionConfig.expiresIn,"sec")});if(!c)return q(e),e.json(null,{status:401});let m=(c.expiresAt.valueOf()-Date.now())/1e3;return await I(e,{session:c,user:i.user},!1,{maxAge:m}),e.json({session:c,user:i.user})}return e.json(i)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new z.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),we=async e=>{if(e.context.session)return e.context.session;let t=await De()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},B=ce(async e=>{let t=await we(e);if(!t?.session)throw new z.APIError("UNAUTHORIZED");return{session:t}}),Ct=()=>b("/list-sessions",{method:"GET",use:[B],requireHeaders:!0},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(o=>o.expiresAt>new Date);return e.json(r)}),Bt=b("/revoke-session",{method:"POST",body:J.z.object({id:J.z.string()}),use:[B],requireHeaders:!0},async e=>{let t=e.body.id,r=await e.context.internalAdapter.findSession(t);if(!r)throw new z.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new z.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(o){throw e.context.logger.error(o&&typeof o=="object"&&"name"in o?o.name:"",o),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Dt=b("/revoke-sessions",{method:"POST",use:[B],requireHeaders:!0},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new z.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Nt=b("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[B]},async e=>{let t=e.context.session;if(!t.user)throw new z.APIError("UNAUTHORIZED");let n=(await e.context.internalAdapter.listSessions(t.user.id)).filter(i=>i.expiresAt>new Date).filter(i=>i.id!==e.context.session.session.id);return await Promise.all(n.map(i=>e.context.internalAdapter.deleteSession(i.id))),e.json({status:!0})});async function j(e,t,r){return await(0,be.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new qt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Vt=b("/send-verification-email",{method:"POST",query:N.z.object({currentURL:N.z.string().optional()}).optional(),body:N.z.object({email:N.z.string().email(),callbackURL:N.z.string().optional()})},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new M.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new M.APIError("BAD_REQUEST",{message:"User not found"});let o=await j(e.context.secret,t),n=`${e.context.baseURL}/verify-email?token=${o}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:n,token:o},e.request),e.json({status:!0})}),Ft=b("/verify-email",{method:"GET",query:N.z.object({token:N.z.string(),callbackURL:N.z.string().optional()})},async e=>{let{token:t}=e.query,r;try{r=await(0,be.validateJWT)("HS256",Buffer.from(e.context.secret),t)}catch(d){throw e.context.logger.error("Failed to verify email",d),new M.APIError("BAD_REQUEST",{message:"Invalid token"})}let n=N.z.object({email:N.z.string().email(),updateTo:N.z.string().optional()}).parse(r.payload),i=await e.context.internalAdapter.findUserByEmail(n.email);if(!i)throw new M.APIError("BAD_REQUEST",{message:"User not found"});if(n.updateTo){let d=await we(e);if(!d)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new M.APIError("UNAUTHORIZED",{message:"Session not found"});if(d.user.email!==n.email)throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=unauthorized`):new M.APIError("UNAUTHORIZED",{message:"Invalid session"});let l=await e.context.internalAdapter.updateUserByEmail(n.email,{email:n.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:l,url:`${e.context.baseURL}/verify-email?token=${t}`,token:t},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:l,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(n.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await we(e)){let l=await e.context.internalAdapter.createSession(i.user.id,e.request);if(!l)throw new M.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await I(e,{session:l,user:i.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function Ae(e,{userInfo:t,account:r,callbackURL:o}){let n=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(l=>{throw S.error(`Better auth was unable to query your database.
 Error: `,l),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),i=n?.user;if(n){let l=n.accounts.find(s=>s.providerId===r.providerId);if(l)await e.context.internalAdapter.updateAccount(l.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return Qe&&S.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),id:e.context.uuid(),userId:n.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt})}catch(c){return S.error("Unable to link account",c),{error:"unable to link account",data:null}}}}else try{let l=t.emailVerified||!1;if(i=await e.context.internalAdapter.createOAuthUser({...t,id:e.context.uuid(),emailVerified:l,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,providerId:r.providerId,accountId:t.id.toString()}).then(s=>s?.user),!l&&i&&e.context.options.emailVerification?.sendOnSignUp){let s=await j(e.context.secret,i.email),a=`${e.context.baseURL}/verify-email?token=${s}&callbackURL=${o}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:i,url:a,token:s},e.request)}}catch(l){return S.error("Unable to create user",l),{error:"unable to create user",data:null}}if(!i)return{error:"unable to create user",data:null};let d=await e.context.internalAdapter.createSession(i.id,e.request);return d?{data:{session:d,user:i},error:null}:{error:"unable to create session",data:null}}var jt=b("/sign-in/social",{method:"POST",query:x.z.object({currentURL:x.z.string().optional()}).optional(),body:x.z.object({callbackURL:x.z.string().optional(),errorCallbackURL:x.z.string().optional(),provider:x.z.enum(ye),disableRedirect:x.z.boolean().optional(),idToken:x.z.optional(x.z.object({token:x.z.string(),nonce:x.z.string().optional(),accessToken:x.z.string().optional(),refreshToken:x.z.string().optional(),expiresAt:x.z.number().optional()}))})},async e=>{let t=e.context.socialProviders.find(i=>i.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new E.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new E.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:i,nonce:d}=e.body.idToken;if(!await t.verifyIdToken(i,d))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new E.APIError("UNAUTHORIZED",{message:"Invalid id token"});let s=await t.getUserInfo({idToken:i,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!s||!s?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new E.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!s.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new E.APIError("UNAUTHORIZED",{message:"User email not found"});let a=await Ae(e,{userInfo:{email:s.user.email,id:s.user.id,name:s.user.name||"",image:s.user.image,emailVerified:s.user.emailVerified||!1},account:{providerId:t.id,accountId:s.user.id,accessToken:e.body.idToken.accessToken}});if(a.error)throw new E.APIError("UNAUTHORIZED",{message:a.error});return await I(e,a.data),e.json({session:a.data.session,user:a.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:o}=await ne(e),n=await t.createAuthorizationURL({state:o,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:n.toString(),redirect:!e.body.disableRedirect})}),$t=b("/sign-in/email",{method:"POST",body:x.z.object({email:x.z.string(),password:x.z.string(),callbackURL:x.z.string().optional(),rememberMe:x.z.boolean().default(!0).optional()})},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new E.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!x.z.string().email().safeParse(t).success)throw new E.APIError("BAD_REQUEST",{message:"Invalid email"});let n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new E.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let i=n.accounts.find(a=>a.providerId==="credential");if(!i)throw e.context.logger.error("Credential account not found",{email:t}),new E.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let d=i?.password;if(!d)throw e.context.logger.error("Password not found",{email:t}),new E.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(d,r))throw e.context.logger.error("Invalid password"),new E.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!n.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Email verification is required but no email verification handler is provided"),new E.APIError("INTERNAL_SERVER_ERROR",{message:"Email is not verified."});let a=await j(e.context.secret,n.user.email),c=`${e.context.baseURL}/verify-email?token=${a}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:n.user,url:c,token:a},e.request),e.context.logger.error("Email not verified",{email:t}),new E.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let s=await e.context.internalAdapter.createSession(n.user.id,e.headers,e.body.rememberMe===!1);if(!s)throw e.context.logger.error("Failed to create session"),new E.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await I(e,{session:s,user:n.user},e.body.rememberMe===!1),e.json({user:n.user,session:s,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var Y=require("zod");var ke=Y.z.object({code:Y.z.string().optional(),error:Y.z.string().optional(),errorMessage:Y.z.string().optional(),state:Y.z.string().optional()}),zt=b("/callback/:id",{method:["GET","POST"],body:ke.optional(),query:ke.optional(),metadata:K},async e=>{let t;try{if(e.method==="GET")t=ke.parse(e.query);else if(e.method==="POST")t=ke.parse(e.body);else throw new Error("Unsupported method")}catch(w){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",w),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:o,state:n}=t;if(!n)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${o||"no_code"}`);let i=e.context.socialProviders.find(w=>w.id===e.params.id);if(!i)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:d,callbackURL:l,link:s,errorURL:a}=await _e(e),c;try{c=await i.validateAuthorizationCode({code:r,codeVerifier:d,redirectURI:`${e.context.baseURL}/callback/${i.id}`})}catch(w){throw e.context.logger.error("",w),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let m=await i.getUserInfo(c).then(w=>w?.user),u={id:C(),...m};function p(w){let v=a||l||`${e.context.baseURL}/error`;throw v.includes("?")?v=`${v}&error=${w}`:v=`${v}?error=${w}`,e.redirect(v)}if(!m)return e.context.logger.error("Unable to get user info"),p("unable_to_get_user_info");if(!u.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),p("email_not_found");if(!l)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(s){if(s.email!==u.email.toLowerCase())return p("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:s.userId,providerId:i.id,accountId:m.id}))return p("unable_to_link_account");let v;try{v=new URL(l).toString()}catch{v=l}throw e.redirect(v)}let g=await Ae(e,{userInfo:{email:u.email,id:u.id,name:u.name||"",image:u.image,emailVerified:u.emailVerified||!1},account:{providerId:i.id,accountId:m.id,accessToken:c.accessToken,refreshToken:c.refreshToken,expiresAt:c.accessTokenExpiresAt},callbackURL:l});if(g.error)return e.context.logger.error(g.error.split(" ").join("_")),p(g.error.split(" ").join("_"));let{session:y,user:h}=g.data;await I(e,{session:y,user:h});let A;try{A=new URL(l).toString()}catch{A=l}throw e.redirect(A)});var xi=require("zod");var Mt=require("better-call"),Ht=b("/sign-out",{method:"POST",requireHeaders:!0},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw q(e),new Mt.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),q(e),e.json({success:!0})});var D=require("zod");var Re=require("better-call");function Gt(e,t,r){let o=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([n,i])=>o.searchParams.set(n,i)),o.href}function qr(e,t,r){let o=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([n,i])=>o.searchParams.set(n,i)),o.href}var Kt=b("/forget-password",{method:"POST",body:D.z.object({email:D.z.string().email(),redirectTo:D.z.string()})},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new Re.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let n=60*60*1,i=_(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||n,"sec"),d=e.context.uuid();await e.context.internalAdapter.createVerificationValue({value:o.user.id,identifier:`reset-password:${d}`,expiresAt:i});let l=`${e.context.baseURL}/reset-password/${d}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:o.user,url:l,token:d},e.request),e.json({status:!0})}),Qt=b("/reset-password/:token",{method:"GET",query:D.z.object({callbackURL:D.z.string()})},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Gt(e.context,r,{error:"INVALID_TOKEN"}));let o=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!o||o.expiresAt<new Date?e.redirect(Gt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(qr(e.context,r,{token:t}))}),Wt=b("/reset-password",{query:D.z.optional(D.z.object({token:D.z.string().optional(),currentURL:D.z.string().optional()})),method:"POST",body:D.z.object({newPassword:D.z.string(),token:D.z.string().optional()})},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new Re.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,o=`reset-password:${t}`,n=await e.context.internalAdapter.findVerificationValue(o);if(!n||n.expiresAt<new Date)throw new Re.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(n.id);let i=n.value,d=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(i)).find(a=>a.providerId==="credential")?(await e.context.internalAdapter.updatePassword(i,d),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:i,providerId:"credential",password:d,accountId:e.context.uuid()}),e.json({status:!0}))});var T=require("zod");var P=require("better-call");var k=require("zod"),Si=k.z.object({id:k.z.string(),providerId:k.z.string(),accountId:k.z.string(),userId:k.z.string(),accessToken:k.z.string().nullish(),refreshToken:k.z.string().nullish(),idToken:k.z.string().nullish(),expiresAt:k.z.date().nullish(),password:k.z.string().nullish()}),_i=k.z.object({id:k.z.string(),email:k.z.string().transform(e=>e.toLowerCase()),emailVerified:k.z.boolean().default(!1),name:k.z.string(),image:k.z.string().nullish(),createdAt:k.z.date().default(new Date),updatedAt:k.z.date().default(new Date)}),Li=k.z.object({id:k.z.string(),userId:k.z.string(),expiresAt:k.z.date(),ipAddress:k.z.string().nullish(),userAgent:k.z.string().nullish()}),Ci=k.z.object({id:k.z.string(),value:k.z.string(),createdAt:k.z.date(),expiresAt:k.z.date(),identifier:k.z.string()});function Zt(e,t){let r=t.fields,o={};for(let n in e){let i=r[n];if(!i){o[n]=e[n];continue}i.returned!==!1&&(o[n]=e[n])}return o}function Ne(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let o of e.plugins||[])o.schema&&o.schema[t]&&(r={...r,...o.schema[t].fields});return r}function qe(e,t){let r=Ne(e,"user");return Zt(t,{fields:r})}function xe(e,t){let r=Ne(e,"session");return Zt(t,{fields:r})}function Vr(e,t){let r=t.action||"create",o=t.fields,n={};for(let i in o){if(i in e){if(o[i].input===!1){if(o[i].defaultValue){n[i]=o[i].defaultValue;continue}continue}n[i]=e[i];continue}if(o[i].defaultValue&&r==="create"){n[i]=o[i].defaultValue;continue}}return n}function ve(e,t,r){let o=Ne(e,"user");return Vr(t||{},{fields:o,action:r})}var Jt=()=>b("/update-user",{method:"POST",body:T.z.record(T.z.string(),T.z.any()),use:[B]},async e=>{let t=e.body;if(t.email)throw new P.APIError("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:o,...n}=t,i=e.context.session;if(!o&&!r&&Object.keys(n).length===0)return e.json({user:i.user});let d=ve(e.context.options,n,"update"),l=await e.context.internalAdapter.updateUserByEmail(i.user.email,{name:r,image:o,...d});return await I(e,{session:i.session,user:l}),e.json({user:l})}),Yt=b("/change-password",{method:"POST",body:T.z.object({newPassword:T.z.string(),currentPassword:T.z.string(),revokeOtherSessions:T.z.boolean().optional()}),use:[B]},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:o}=e.body,n=e.context.session,i=e.context.password.config.minPasswordLength;if(t.length<i)throw e.context.logger.error("Password is too short"),new P.APIError("BAD_REQUEST",{message:"Password is too short"});let d=e.context.password.config.maxPasswordLength;if(t.length>d)throw e.context.logger.error("Password is too long"),new P.APIError("BAD_REQUEST",{message:"Password too long"});let s=(await e.context.internalAdapter.findAccounts(n.user.id)).find(m=>m.providerId==="credential"&&m.password);if(!s||!s.password)throw new P.APIError("BAD_REQUEST",{message:"User does not have a password"});let a=await e.context.password.hash(t);if(!await e.context.password.verify(s.password,r))throw new P.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(s.id,{password:a}),o){await e.context.internalAdapter.deleteSessions(n.user.id);let m=await e.context.internalAdapter.createSession(n.user.id,e.headers);if(!m)throw new P.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await I(e,{session:m,user:n.user})}return e.json(n.user)}),Xt=b("/set-password",{method:"POST",body:T.z.object({newPassword:T.z.string()}),metadata:{SERVER_ONLY:!0},use:[B]},async e=>{let{newPassword:t}=e.body,r=e.context.session,o=e.context.password.config.minPasswordLength;if(t.length<o)throw e.context.logger.error("Password is too short"),new P.APIError("BAD_REQUEST",{message:"Password is too short"});let n=e.context.password.config.maxPasswordLength;if(t.length>n)throw e.context.logger.error("Password is too long"),new P.APIError("BAD_REQUEST",{message:"Password too long"});let d=(await e.context.internalAdapter.findAccounts(r.user.id)).find(s=>s.providerId==="credential"&&s.password),l=await e.context.password.hash(t);if(!d)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:l}),e.json(r.user);throw new P.APIError("BAD_REQUEST",{message:"user already has a password"})}),er=b("/delete-user",{method:"POST",body:T.z.object({password:T.z.string()}),use:[B]},async e=>{let{password:t}=e.body,r=e.context.session,n=(await e.context.internalAdapter.findAccounts(r.user.id)).find(d=>d.providerId==="credential"&&d.password);if(!n||!n.password)throw new P.APIError("BAD_REQUEST",{message:"User does not have a password"});if(!await e.context.password.verify(n.password,t))throw new P.APIError("BAD_REQUEST",{message:"Incorrect password"});return await e.context.internalAdapter.deleteUser(r.user.id),await e.context.internalAdapter.deleteSessions(r.user.id),q(e),e.json(null)}),tr=b("/change-email",{method:"POST",query:T.z.object({currentURL:T.z.string().optional()}).optional(),body:T.z.object({newEmail:T.z.string().email(),callbackURL:T.z.string().optional()}),use:[B]},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new P.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new P.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new P.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let n=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:n,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new P.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await j(e.context.secret,e.context.session.user.email,e.body.newEmail),o=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:o,token:r},e.request),e.json({user:null,status:!0})});var Fr=(e="Unknown")=>`<!DOCTYPE html>
 <html lang="en">
 <head>

package/dist/index.d.cts

@@ -1,8 +1,8 @@
-export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-BiSlZarn.cjs';
+export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-BWqY56d3.cjs';
 export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, a as LiteralUnion, O as OmitId, P as Prettify, R as RequiredKeysOf, S as StripEmptyObjects, U as UnionToIntersection, W as WithoutEmpty } from './helper-DrEEwdyQ.cjs';
 export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal, Store } from './types.cjs';
 export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.cjs';
-export { g as generateState, p as parseState } from './state-bV_5gPfz.cjs';
+export { g as generateState, p as parseState } from './state-CKOkIIbA.cjs';
 import 'kysely';
 import 'zod';
 import 'better-call';

package/dist/index.d.ts

@@ -1,8 +1,8 @@
-export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-DsZXpnOl.js';
+export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-Dv7MYJoC.js';
 export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, a as LiteralUnion, O as OmitId, P as Prettify, R as RequiredKeysOf, S as StripEmptyObjects, U as UnionToIntersection, W as WithoutEmpty } from './helper-DrEEwdyQ.js';
 export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal, Store } from './types.js';
 export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
-export { g as generateState, p as parseState } from './state-CZKqFMHk.js';
+export { g as generateState, p as parseState } from './state-Cmc_fqth.js';
 import 'kysely';
 import 'zod';
 import 'better-call';