better-auth 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/dist/adapters/drizzle.d.cts +1 -1
  2. package/dist/adapters/drizzle.d.ts +1 -1
  3. package/dist/adapters/kysely.d.cts +1 -1
  4. package/dist/adapters/kysely.d.ts +1 -1
  5. package/dist/adapters/memory.d.cts +1 -1
  6. package/dist/adapters/memory.d.ts +1 -1
  7. package/dist/adapters/mongodb.d.cts +1 -1
  8. package/dist/adapters/mongodb.d.ts +1 -1
  9. package/dist/adapters/prisma.d.cts +1 -1
  10. package/dist/adapters/prisma.d.ts +1 -1
  11. package/dist/api.cjs +4 -4
  12. package/dist/api.d.cts +1 -1
  13. package/dist/api.d.ts +1 -1
  14. package/dist/api.js +4 -4
  15. package/dist/{auth-BVa3db5J.d.cts → auth-BubrmklB.d.cts} +5 -1
  16. package/dist/{auth-5eyWphKM.d.ts → auth-DF-f5DGM.d.ts} +5 -1
  17. package/dist/client/plugins.d.cts +3 -3
  18. package/dist/client/plugins.d.ts +3 -3
  19. package/dist/client.d.cts +1 -1
  20. package/dist/client.d.ts +1 -1
  21. package/dist/cookies.d.cts +1 -1
  22. package/dist/cookies.d.ts +1 -1
  23. package/dist/db.d.cts +2 -2
  24. package/dist/db.d.ts +2 -2
  25. package/dist/{index-x5P1hIyV.d.cts → index-CwnHFdnT.d.cts} +2345 -65
  26. package/dist/{index-CX-Hopog.d.ts → index-aMRluDla.d.ts} +2345 -65
  27. package/dist/index.cjs +4 -4
  28. package/dist/index.d.cts +2 -2
  29. package/dist/index.d.ts +2 -2
  30. package/dist/index.js +4 -4
  31. package/dist/next-js.d.cts +1 -1
  32. package/dist/next-js.d.ts +1 -1
  33. package/dist/node.d.cts +1 -1
  34. package/dist/node.d.ts +1 -1
  35. package/dist/oauth2.d.cts +2 -2
  36. package/dist/oauth2.d.ts +2 -2
  37. package/dist/plugins.cjs +7 -7
  38. package/dist/plugins.d.cts +233 -8
  39. package/dist/plugins.d.ts +233 -8
  40. package/dist/plugins.js +7 -7
  41. package/dist/react.d.cts +1 -1
  42. package/dist/react.d.ts +1 -1
  43. package/dist/solid-start.d.cts +1 -1
  44. package/dist/solid-start.d.ts +1 -1
  45. package/dist/solid.d.cts +1 -1
  46. package/dist/solid.d.ts +1 -1
  47. package/dist/{state-CYO8U5dl.d.cts → state-CQJXHclh.d.cts} +1 -1
  48. package/dist/{state-BpBNrIEi.d.ts → state-C_runTlH.d.ts} +1 -1
  49. package/dist/svelte-kit.d.cts +1 -1
  50. package/dist/svelte-kit.d.ts +1 -1
  51. package/dist/svelte.d.cts +1 -1
  52. package/dist/svelte.d.ts +1 -1
  53. package/dist/types.d.cts +2 -2
  54. package/dist/types.d.ts +2 -2
  55. package/dist/vue.d.cts +1 -1
  56. package/dist/vue.d.ts +1 -1
  57. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -1,6 +1,6 @@
1
- "use strict";var Te=Object.defineProperty;var Ur=Object.getOwnPropertyDescriptor;var Tr=Object.getOwnPropertyNames;var Er=Object.prototype.hasOwnProperty;var Ir=(e,t)=>{for(var r in t)Te(e,r,{get:t[r],enumerable:!0})},Or=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Tr(t))!Er.call(e,o)&&o!==r&&Te(e,o,{get:()=>t[o],enumerable:!(n=Ur(t,o))||n.enumerable});return e};var Pr=e=>Or(Te({},"__esModule",{value:!0}),e);var on={};Ir(on,{BetterAuthError:()=>L,HIDE_METADATA:()=>K,MissingDependencyError:()=>Ie,betterAuth:()=>nn,capitalizeFirstLetter:()=>jr,createCookieGetter:()=>ge,createLogger:()=>se,deleteSessionCookie:()=>j,generateId:()=>N,generateState:()=>ie,getCookies:()=>Oe,levels:()=>ye,logger:()=>I,parseCookies:()=>Dr,parseSetCookieHeader:()=>Cr,parseState:()=>Le,setSessionCookie:()=>P,shouldPublishLog:()=>mt});module.exports=Pr(on);var U=require("better-call");var Ge=require("better-call");var G=require("better-call"),He=(0,G.createMiddleware)(async()=>({})),te=(0,G.createMiddlewareCreator)({use:[He,(0,G.createMiddleware)(async()=>({}))]}),k=(0,G.createEndpointCreator)({use:[He]});var Ke=te(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:n}=e,o=e.headers?.get("origin")||e.headers?.get("referer")||"",s=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,u=r?.currentURL,i=n.trustedOrigins,d=e.headers?.has("cookie"),c=(p,m)=>m.includes("*")?new RegExp("^"+m.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(p):p.startsWith(m),l=(p,m)=>{if(!p)return;if(!i.some(g=>c(p,g)||p?.startsWith("/")&&m!=="origin"&&!p.includes(":")))throw e.context.logger.error(`Invalid ${m}: ${p}`),e.context.logger.info(`If it's a valid URL, please add ${p} to trustedOrigins in your auth config
2
- `,`Current list of trustedOrigins: ${i}`),new Ge.APIError("FORBIDDEN",{message:`Invalid ${m}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&l(o,"origin"),s&&l(s,"callbackURL"),a&&l(a,"redirectURL"),u&&l(u,"currentURL")});var O=require("better-call"),v=require("zod");var Qe=require("oslo"),Je=require("oslo/encoding");var le=require("oslo/crypto");function Ee(e,t){let r=new Uint8Array(e),n=new Uint8Array(t);if(r.length!==n.length)return!1;let o=0;for(let s=0;s<r.length;s++)o|=r[s]^n[s];return o===0}async function Sr({value:e,secret:t}){return new le.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function Lr({value:e,signature:t,secret:r}){return new le.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var pe={sign:Sr,verify:Lr};var L=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Ie=class extends L{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var q=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var fe=Object.create(null),re=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?fe:globalThis),_=new Proxy(fe,{get(e,t){return re()[t]??fe[t]},has(e,t){let r=re();return t in r||t in fe},set(e,t,r){let n=re(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=re(!0);return delete r[t],!0},ownKeys(){let e=re(!0);return Object.keys(e)}});function _r(e){return e?e!=="false":!1}var me=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",ne=me==="production",We=me==="dev"||me==="development",Ze=me==="test"||_r(_.TEST);function Cr(e){let t=new Map;return e.split(", ").forEach(n=>{let o=n.split(";").map(l=>l.trim()),[s,...a]=o,[u,...i]=s.split("="),d=i.join("=");if(!u||d===void 0){console.warn(`Malformed cookie: ${n}`);return}let c={value:d};a.forEach(l=>{let[p,...m]=l.split("="),f=m.join("="),g=p.trim().toLowerCase();switch(g){case"max-age":c["max-age"]=f?parseInt(f.trim(),10):void 0;break;case"expires":c.expires=f?new Date(f.trim()):void 0;break;case"domain":c.domain=f?f.trim():void 0;break;case"path":c.path=f?f.trim():void 0;break;case"secure":c.secure=!0;break;case"httponly":c.httponly=!0;break;case"samesite":c.samesite=f?f.trim().toLowerCase():void 0;break;default:c[g]=f?f.trim():!0;break}}),t.set(u,c)}),t}function ge(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):ne)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,o=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!o)throw new L("baseURL is required when crossSubdomainCookies are enabled");function s(a,u={}){let i=e.advanced?.cookiePrefix||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${i}.${a}`,c=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:o}:{},...e.advanced?.defaultCookieAttributes,...u,...c}}}return s}function Oe(e){let t=ge(e),r=e.session?.expiresIn||new Qe.TimeSpan(7,"d").seconds(),n=t("session_token",{maxAge:r}),o=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),s=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:o.name,options:o.attributes},dontRememberToken:{name:s.name,options:s.attributes}}}async function P(e,t,r,n){let o=e.context.authCookies.sessionToken.options,s=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...o,maxAge:s,...n}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(Je.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:q(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await pe.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function Dr(e){let t=e.split("; "),r=new Map;return t.forEach(n=>{let[o,s]=n.split("=");r.set(o,s)}),r}var ot=require("@better-fetch/fetch"),it=require("better-call"),Z=require("jose"),st=require("oslo/jwt");var Ye=require("oslo/crypto"),Xe=require("oslo/encoding");async function et(e){let t=await(0,Ye.sha256)(new TextEncoder().encode(e));return Xe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function tt(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?q(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function R({id:e,options:t,authorizationEndpoint:r,state:n,codeVerifier:o,scopes:s,claims:a,redirectURI:u}){let i=new URL(r);if(i.searchParams.set("response_type","code"),i.searchParams.set("client_id",t.clientId),i.searchParams.set("state",n),i.searchParams.set("scope",s.join(" ")),i.searchParams.set("redirect_uri",t.redirectURI||u),o){let d=await et(o);i.searchParams.set("code_challenge_method","S256"),i.searchParams.set("code_challenge",d)}if(a){let d=a.reduce((c,l)=>(c[l]=null,c),{});i.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return i}var rt=require("@better-fetch/fetch");async function x({code:e,codeVerifier:t,redirectURI:r,options:n,tokenEndpoint:o,authentication:s}){let a=new URLSearchParams,u={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(a.set("grant_type","authorization_code"),a.set("code",e),t&&a.set("code_verifier",t),a.set("redirect_uri",r),s==="basic"){let l=btoa(`${n.clientId}:${n.clientSecret}`);u.authorization=`Basic ${l}`}else a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:i,error:d}=await(0,rt.betterFetch)(o,{method:"POST",body:a,headers:u});if(d)throw d;return tt(i)}var he=require("oslo/oauth2"),$=require("zod"),Se=require("better-call");function Br(e){try{return new URL(e).pathname!=="/"}catch{throw new L(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Pe(e,t="/api/auth"){return Br(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function oe(e,t){if(e)return Pe(e,t);let r=_.BETTER_AUTH_URL||_.NEXT_PUBLIC_BETTER_AUTH_URL||_.PUBLIC_BETTER_AUTH_URL||_.NUXT_PUBLIC_BETTER_AUTH_URL||_.NUXT_PUBLIC_AUTH_URL||(_.BASE_URL!=="/"?_.BASE_URL:void 0);if(r)return Pe(r,t);if(typeof window<"u"&&window.location)return Pe(window.location.origin,t)}function nt(e){try{return new URL(e).origin}catch{return null}}async function ie(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?nt(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Se.APIError("BAD_REQUEST",{message:"callbackURL is required"});let n=(0,he.generateCodeVerifier)(),o=(0,he.generateState)(),s=JSON.stringify({callbackURL:r,codeVerifier:n,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let u=await e.context.internalAdapter.createVerificationValue({value:s,identifier:o,expiresAt:a});if(!u)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Se.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:u.identifier,codeVerifier:n}}async function Le(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let n=$.z.object({callbackURL:$.z.string(),codeVerifier:$.z.string(),errorURL:$.z.string().optional(),expiresAt:$.z.number(),link:$.z.object({email:$.z.string(),userId:$.z.string()}).optional()}).parse(JSON.parse(r.value));if(n.errorURL||(n.errorURL=`${e.context.baseURL}/error`),n.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),n}var at=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:n,redirectURI:o}){let s=n||["email","name"];return e.scope&&s.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${o||e.redirectURI}&scope=${s.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:o})=>x({code:r,codeVerifier:n,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async verifyIdToken(r,n){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,n);let o=(0,Z.decodeProtectedHeader)(r),{kid:s,alg:a}=o;if(!s||!a)return!1;let u=await qr(s),{payload:i}=await(0,Z.jwtVerify)(r,u,{algorithms:[a],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{i[d]!==void 0&&(i[d]=!!i[d])}),n&&i.nonce!==n?!1:!!i},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let n=(0,st.parseJWT)(r.idToken)?.payload;if(!n)return null;let o=n.user?`${n.user.name.firstName} ${n.user.name.lastName}`:n.email;return{user:{id:n.sub,name:o,emailVerified:!1,email:n.email},data:n}}}},qr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:n}=await(0,ot.betterFetch)(`${t}${r}`);if(!n?.keys)throw new it.APIError("BAD_REQUEST",{message:"Keys not found"});let o=n.keys.find(s=>s.kid===e);if(!o)throw new Error(`JWK with kid ${e} not found`);return await(0,Z.importJWK)(o,o.alg)};var dt=require("@better-fetch/fetch");var ct=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let o=r||["identify","email"];return e.scope&&o.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${o.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||n)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,dt.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(n)return null;if(r.avatar===null){let o=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${o}.png`}else{let o=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${o}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var ut=require("@better-fetch/fetch");var lt=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let o=r||["email","public_profile"];return e.scope&&o.push(...e.scope),await R({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:o,state:t,redirectURI:n})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,ut.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return n?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var _e=require("@better-fetch/fetch");var pt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:n,codeVerifier:o,redirectURI:s}){let a=n||["user:email"];return e.scope&&a.push(...e.scope),R({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:s})},validateAuthorizationCode:async({code:r,redirectURI:n})=>x({code:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:o}=await(0,_e.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(o)return null;let s=!1;if(!n.email){let{data:a,error:u}=await(0,_e.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});u||(n.email=(a.find(i=>i.primary)??a[0])?.email,s=a.find(i=>i.email===n.email)?.verified??!1)}return{user:{id:n.id.toString(),name:n.name||n.login,email:n.email,image:n.avatar_url,emailVerified:s},data:n}}}};var gt=require("oslo/jwt");var ft=require("consola"),ye=["info","success","warn","error","debug"];function mt(e,t){return ye.indexOf(t)<=ye.indexOf(e)}var Nr=(0,ft.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),se=e=>{let t=e?.disabled!==!0,r=e?.level??"error",n=(o,s,a=[])=>{if(!(!t||!mt(r,o))){if(!e||typeof e.log!="function"){Nr[o]("",s,...a);return}e.log(o==="success"?"info":o,s,a)}};return Object.fromEntries(ye.map(o=>[o,(...[s,...a])=>n(o,s,a)]))},I=se();var ht=require("@better-fetch/fetch"),yt=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:o}){if(!e.clientId||!e.clientSecret)throw I.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new L("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new L("codeVerifier is required for Google");let s=r||["email","profile","openid"];e.scope&&s.push(...e.scope);let a=await R({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:s,state:t,codeVerifier:n,redirectURI:o});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let n=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:o}=await(0,ht.betterFetch)(n);return o?o.aud===e.clientId&&o.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=(0,gt.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var wt=require("@better-fetch/fetch"),bt=require("oslo/jwt");var At=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,n=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(o){let s=o.scopes||["openid","profile","email","User.Read"];return e.scope&&s.push(...e.scope),R({id:"microsoft",options:e,authorizationEndpoint:r,state:o.state,codeVerifier:o.codeVerifier,scopes:s,redirectURI:o.redirectURI})},validateAuthorizationCode({code:o,codeVerifier:s,redirectURI:a}){return x({code:o,codeVerifier:s,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:n})},async getUserInfo(o){if(e.getUserInfo)return e.getUserInfo(o);if(!o.idToken)return null;let s=(0,bt.parseJWT)(o.idToken)?.payload,a=e.profilePhotoSize||48;return await(0,wt.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${o.accessToken}`},async onResponse(u){if(!(e.disableProfilePhoto||!u.response.ok))try{let d=await u.response.clone().arrayBuffer(),c=Buffer.from(d).toString("base64");s.picture=`data:image/jpeg;base64, ${c}`}catch(i){I.error(i&&typeof i=="object"&&"name"in i?i.name:"",i)}}}),{user:{id:s.sub,name:s.name,email:s.email,image:s.picture,emailVerified:!0},data:s}}}};var kt=require("@better-fetch/fetch");var xt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:o}){let s=r||["user-read-email"];return e.scope&&s.push(...e.scope),R({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:s,state:t,codeVerifier:n,redirectURI:o})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,kt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});function jr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var K={isAction:!1};var vt=require("nanoid"),N=e=>(0,vt.nanoid)(e);var Rt=require("oslo/jwt");var Ut=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let o=r||["user:read:email","openid"];return e.scope&&o.push(...e.scope),R({id:"twitch",redirectURI:n,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:o,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return I.error("No idToken found in token"),null;let n=(0,Rt.parseJWT)(r)?.payload;return{user:{id:n.sub,name:n.preferred_username,email:n.email,image:n.picture,emailVerified:!1},data:n}}});var Tt=require("@better-fetch/fetch");var Et=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),R({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,Tt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var It=require("@better-fetch/fetch");var Ot=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:n,codeVerifier:o,redirectURI:s})=>{let a=n||["account_info.read"];return e.scope&&a.push(...e.scope),await R({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:s,codeVerifier:o})},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:o})=>await x({code:r,codeVerifier:n,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:o}=await(0,It.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return o?null:{user:{id:n.account_id,name:n.name?.display_name,email:n.email,emailVerified:n.email_verified||!1,image:n.profile_photo_url},data:n}}}};var Pt=require("@better-fetch/fetch");var St=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:n,scopes:o,redirectURI:s})=>{let a=o||["profile","email","openid"];return e.scope&&a.push(...e.scope),await R({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:n,redirectURI:s})},validateAuthorizationCode:async({code:n,redirectURI:o})=>await x({code:n,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:r}),async getUserInfo(n){let{data:o,error:s}=await(0,Pt.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken}`}});return s?null:{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified||!1,image:o.picture},data:o}}}};var Lt=require("@better-fetch/fetch");var Ce=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Fr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ce(`${t}/oauth/authorize`),tokenEndpoint:Ce(`${t}/oauth/token`),userinfoEndpoint:Ce(`${t}/api/v4/user`)}},_t=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:n}=Fr(e.issuer),o="gitlab";return{id:o,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:u,codeVerifier:i,redirectURI:d})=>{let c=u||["read_user"];return e.scope&&c.push(...e.scope),await R({id:o,options:e,authorizationEndpoint:t,scopes:c,state:a,redirectURI:d,codeVerifier:i})},validateAuthorizationCode:async({code:a,redirectURI:u,codeVerifier:i})=>x({code:a,redirectURI:e.redirectURI||u,options:e,codeVerifier:i,tokenEndpoint:r}),async getUserInfo(a){if(e.getUserInfo)return e.getUserInfo(a);let{data:u,error:i}=await(0,Lt.betterFetch)(n,{headers:{authorization:`Bearer ${a.accessToken}`}});return i||u.state!=="active"||u.locked?null:{user:{id:u.id.toString(),name:u.name??u.username,email:u.email,image:u.avatar_url,emailVerified:!0},data:u}}}};var De={apple:at,discord:ct,facebook:lt,github:pt,microsoft:At,google:yt,spotify:xt,twitch:Ut,twitter:Et,dropbox:Ot,linkedin:St,gitlab:_t},we=Object.keys(De);var jt=require("oslo"),be=require("oslo/jwt"),B=require("zod");var de=require("better-call");var F=require("better-call");var J=require("zod");function Q(e){try{return JSON.parse(e)}catch{return null}}var Be=()=>k("/get-session",{method:"GET",query:J.z.optional(J.z.object({disableCookieCache:J.z.boolean({description:"Disable cookie cache and fetch session from database"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),n=r?Q(Buffer.from(r,"base64").toString()):null;if(n&&!await pe.verify({value:JSON.stringify(n.session),signature:n?.signature,secret:e.context.secret}))return j(e),e.json(null);let o=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(n?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let c=n.session;if(n.expiresAt<Date.now()||c.session.expiresAt<new Date){let p=e.context.authCookies.sessionData.name;e.setCookie(p,"",{maxAge:0})}else return e.json(c)}let s=await e.context.internalAdapter.findSession(t);if(!s||s.session.expiresAt<new Date)return j(e),s&&await e.context.internalAdapter.deleteSession(s.session.token),e.json(null);if(o)return e.json(s);let a=e.context.sessionConfig.expiresIn,u=e.context.sessionConfig.updateAge;if(s.session.expiresAt.valueOf()-a*1e3+u*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(s.session.token,{expiresAt:q(e.context.sessionConfig.expiresIn,"sec")});if(!c)return j(e),e.json(null,{status:401});let l=(c.expiresAt.valueOf()-Date.now())/1e3;return await P(e,{session:c,user:s.user},!1,{maxAge:l}),e.json({session:c,user:s.user})}return e.json(s)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new F.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),ae=async e=>{if(e.context.session)return e.context.session;let t=await Be()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},D=te(async e=>{let t=await ae(e);if(!t?.session)throw new F.APIError("UNAUTHORIZED");return{session:t}}),Ct=te(async e=>{let t=await ae(e);if(!t?.session)throw new F.APIError("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,n=t.session.createdAt.valueOf(),o=Date.now();if(!(n+r*1e3>o))throw new F.APIError("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),Dt=()=>k("/list-sessions",{method:"GET",use:[D],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(n=>n.expiresAt>new Date);return e.json(r)}),Bt=k("/revoke-session",{method:"POST",body:J.z.object({token:J.z.string({description:"The token to revoke"})}),use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new F.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new F.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(n){throw e.context.logger.error(n&&typeof n=="object"&&"name"in n?n.name:"",n),new F.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),qt=k("/revoke-sessions",{method:"POST",use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new F.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Nt=k("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[D],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new F.APIError("UNAUTHORIZED");let o=(await e.context.internalAdapter.listSessions(t.user.id)).filter(s=>s.expiresAt>new Date).filter(s=>s.token!==e.context.session.session.token);return await Promise.all(o.map(s=>e.context.internalAdapter.deleteSession(s.token))),e.json({status:!0})});async function z(e,t,r){return await(0,be.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new jt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}var Ft=k("/send-verification-email",{method:"POST",query:B.z.object({currentURL:B.z.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:B.z.object({email:B.z.string({description:"The email to send the verification email to"}).email(),callbackURL:B.z.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new de.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new de.APIError("BAD_REQUEST",{message:"User not found"});let n=await z(e.context.secret,t),o=`${e.context.baseURL}/verify-email?token=${n}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.emailVerification.sendVerificationEmail({user:r.user,url:o,token:n},e.request),e.json({status:!0})}),Vt=k("/verify-email",{method:"GET",query:B.z.object({token:B.z.string({description:"The token to verify the email"}),callbackURL:B.z.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(u){throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=${u}`):new de.APIError("UNAUTHORIZED",{message:u})}let{token:r}=e.query,n;try{n=await(0,be.validateJWT)("HS256",Buffer.from(e.context.secret),r)}catch(u){return e.context.logger.error("Failed to verify email",u),t("invalid_token")}let s=B.z.object({email:B.z.string().email(),updateTo:B.z.string().optional()}).parse(n.payload),a=await e.context.internalAdapter.findUserByEmail(s.email);if(!a)return t("user_not_found");if(s.updateTo){let u=await ae(e);if(!u){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(u.user.email!==s.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let i=await e.context.internalAdapter.updateUserByEmail(s.email,{email:s.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:i,url:`${e.context.baseURL}/verify-email?token=${r}`,token:r},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:i,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(s.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await ae(e)){let i=await e.context.internalAdapter.createSession(a.user.id,e.request);if(!i)throw new de.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await P(e,{session:i,user:a.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function Ae(e,{userInfo:t,account:r,callbackURL:n}){let o=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(u=>{throw I.error(`Better auth was unable to query your database.
3
- Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),s=o?.user;if(o){let u=o.accounts.find(i=>i.providerId===r.providerId);if(u)await e.context.internalAdapter.updateAccount(u.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return We&&I.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:o.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(c){return I.error("Unable to link account",c),{error:"unable to link account",data:null}}}}else try{let u=t.emailVerified||!1;if(s=await e.context.internalAdapter.createOAuthUser({...t,id:void 0,emailVerified:u,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(i=>i?.user),!u&&s&&e.context.options.emailVerification?.sendOnSignUp){let i=await z(e.context.secret,s.email),d=`${e.context.baseURL}/verify-email?token=${i}&callbackURL=${n}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:s,url:d,token:i},e.request)}}catch(u){return I.error("Unable to create user",u),{error:"unable to create user",data:null}}if(!s)return{error:"unable to create user",data:null};let a=await e.context.internalAdapter.createSession(s.id,e.request);return a?{data:{session:a,user:s},error:null}:{error:"unable to create session",data:null}}var $t=k("/sign-in/social",{method:"POST",query:v.z.object({currentURL:v.z.string().optional()}).optional(),body:v.z.object({callbackURL:v.z.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),errorCallbackURL:v.z.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:v.z.enum(we,{description:"OAuth2 provider to use"}),disableRedirect:v.z.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:v.z.optional(v.z.object({token:v.z.string({description:"ID token from the provider"}),nonce:v.z.string({description:"Nonce used to generate the token"}).optional(),accessToken:v.z.string({description:"Access token from the provider"}).optional(),refreshToken:v.z.string({description:"Refresh token from the provider"}).optional(),expiresAt:v.z.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new O.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new O.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:s,nonce:a}=e.body.idToken;if(!await t.verifyIdToken(s,a))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new O.APIError("UNAUTHORIZED",{message:"Invalid id token"});let i=await t.getUserInfo({idToken:s,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!i||!i?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new O.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!i.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new O.APIError("UNAUTHORIZED",{message:"User email not found"});let d=await Ae(e,{userInfo:{email:i.user.email,id:i.user.id,name:i.user.name||"",image:i.user.image,emailVerified:i.user.emailVerified||!1},account:{providerId:t.id,accountId:i.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new O.APIError("UNAUTHORIZED",{message:d.error});return await P(e,d.data),e.json({session:d.data.session,user:d.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:n}=await ie(e),o=await t.createAuthorizationURL({state:n,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:o.toString(),redirect:!e.body.disableRedirect})}),zt=k("/sign-in/email",{method:"POST",body:v.z.object({email:v.z.string({description:"Email of the user"}),password:v.z.string({description:"Password of the user"}),callbackURL:v.z.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:v.z.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new O.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!v.z.string().email().safeParse(t).success)throw new O.APIError("BAD_REQUEST",{message:"Invalid email"});let o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let s=o.accounts.find(d=>d.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let a=s?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!o.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new O.APIError("UNAUTHORIZED",{message:"Email is not verified."});let d=await z(e.context.secret,o.user.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:o.user,url:c,token:d},e.request),e.context.logger.error("Email not verified",{email:t}),new O.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=await e.context.internalAdapter.createSession(o.user.id,e.headers,e.body.rememberMe===!1);if(!i)throw e.context.logger.error("Failed to create session"),new O.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await P(e,{session:i,user:o.user},e.body.rememberMe===!1),e.json({user:o.user,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var Y=require("zod");var ke=Y.z.object({code:Y.z.string().optional(),error:Y.z.string().optional(),errorMessage:Y.z.string().optional(),state:Y.z.string().optional()}),Mt=k("/callback/:id",{method:["GET","POST"],body:ke.optional(),query:ke.optional(),metadata:K},async e=>{let t;try{if(e.method==="GET")t=ke.parse(e.query);else if(e.method==="POST")t=ke.parse(e.body);else throw new Error("Unsupported method")}catch(h){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",h),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:n,state:o}=t;if(!o)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${n||"no_code"}`);let s=e.context.socialProviders.find(h=>h.id===e.params.id);if(!s)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:a,callbackURL:u,link:i,errorURL:d}=await Le(e),c;try{c=await s.validateAuthorizationCode({code:r,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${s.id}`})}catch(h){throw e.context.logger.error("",h),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let l=await s.getUserInfo(c).then(h=>h?.user);function p(h){let w=d||u||`${e.context.baseURL}/error`;throw w.includes("?")?w=`${w}&error=${h}`:w=`${w}?error=${h}`,e.redirect(w)}if(!l)return e.context.logger.error("Unable to get user info"),p("unable_to_get_user_info");if(!l.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),p("email_not_found");if(!u)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==l.email.toLowerCase())return p("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:s.id,accountId:l.id}))return p("unable_to_link_account");let w;try{w=new URL(u).toString()}catch{w=u}throw e.redirect(w)}let m=await Ae(e,{userInfo:{id:l.id,email:l.email,name:l.name||"",image:l.image,emailVerified:l.emailVerified||!1},account:{providerId:s.id,accountId:l.id,...c,scope:c.scopes?.join(",")},callbackURL:u});if(m.error)return e.context.logger.error(m.error.split(" ").join("_")),p(m.error.split(" ").join("_"));let{session:f,user:g}=m.data;await P(e,{session:f,user:g});let y;try{y=new URL(u).toString()}catch{y=u}throw e.redirect(y)});var Ui=require("zod");var Ht=require("better-call"),Gt=k("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw j(e),new Ht.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});var C=require("zod");var xe=require("better-call");function Kt(e,t,r){let n=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([o,s])=>n.searchParams.set(o,s)),n.href}function Vr(e,t,r){let n=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([o,s])=>n.searchParams.set(o,s)),n.href}var Wt=k("/forget-password",{method:"POST",body:C.z.object({email:C.z.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:C.z.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new xe.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let o=60*60*1,s=q(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||o,"sec"),a=N(24);await e.context.internalAdapter.createVerificationValue({value:n.user.id,identifier:`reset-password:${a}`,expiresAt:s});let u=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:n.user,url:u,token:a},e.request),e.json({status:!0})}),Zt=k("/reset-password/:token",{method:"GET",query:C.z.object({callbackURL:C.z.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Kt(e.context,r,{error:"INVALID_TOKEN"}));let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(Kt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect(Vr(e.context,r,{token:t}))}),Qt=k("/reset-password",{query:C.z.optional(C.z.object({token:C.z.string().optional(),currentURL:C.z.string().optional()})),method:"POST",body:C.z.object({newPassword:C.z.string({description:"The new password to set"}),token:C.z.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new xe.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,n=`reset-password:${t}`,o=await e.context.internalAdapter.findVerificationValue(n);if(!o||o.expiresAt<new Date)throw new xe.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(o.id);let s=o.value,a=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(s)).find(d=>d.providerId==="credential")?(await e.context.internalAdapter.updatePassword(s,a),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:s,providerId:"credential",password:a,accountId:s}),e.json({status:!0}))});var T=require("zod");var S=require("better-call");var A=require("zod"),Ci=A.z.object({id:A.z.string(),providerId:A.z.string(),accountId:A.z.string(),userId:A.z.string(),accessToken:A.z.string().nullish(),refreshToken:A.z.string().nullish(),idToken:A.z.string().nullish(),accessTokenExpiresAt:A.z.date().nullish(),refreshTokenExpiresAt:A.z.date().nullish(),scope:A.z.string().nullish(),password:A.z.string().nullish(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date)}),Di=A.z.object({id:A.z.string(),email:A.z.string().transform(e=>e.toLowerCase()),emailVerified:A.z.boolean().default(!1),name:A.z.string(),image:A.z.string().nullish(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date)}),Bi=A.z.object({id:A.z.string(),userId:A.z.string(),expiresAt:A.z.date(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date),token:A.z.string(),ipAddress:A.z.string().nullish(),userAgent:A.z.string().nullish()}),qi=A.z.object({id:A.z.string(),value:A.z.string(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date),expiresAt:A.z.date(),identifier:A.z.string()});function Jt(e,t){let r=t.fields,n={};for(let o in e){let s=r[o];if(!s){n[o]=e[o];continue}s.returned!==!1&&(n[o]=e[o])}return n}function qe(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let n of e.plugins||[])n.schema&&n.schema[t]&&(r={...r,...n.schema[t].fields});return r}function Ne(e,t){let r=qe(e,"user");return Jt(t,{fields:r})}function ve(e,t){let r=qe(e,"session");return Jt(t,{fields:r})}function $r(e,t){let r=t.action||"create",n=t.fields,o={};for(let s in n){if(s in e){if(n[s].input===!1){if(n[s].defaultValue){o[s]=n[s].defaultValue;continue}continue}o[s]=e[s];continue}if(n[s].defaultValue&&r==="create"){o[s]=n[s].defaultValue;continue}}return o}function Re(e,t,r){let n=qe(e,"user");return $r(t||{},{fields:n,action:r})}var Yt=()=>k("/update-user",{method:"POST",body:T.z.record(T.z.string(),T.z.any()),use:[D],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new S.APIError("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:n,...o}=t,s=e.context.session;if(!n&&!r&&Object.keys(o).length===0)return e.json({user:s.user});let a=Re(e.context.options,o,"update"),u=await e.context.internalAdapter.updateUserByEmail(s.user.email,{name:r,image:n,...a});return await P(e,{session:s.session,user:u}),e.json({user:u})}),Xt=k("/change-password",{method:"POST",body:T.z.object({newPassword:T.z.string({description:"The new password to set"}),currentPassword:T.z.string({description:"The current password"}),revokeOtherSessions:T.z.boolean({description:"Revoke all other sessions"}).optional()}),use:[D],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:n}=e.body,o=e.context.session,s=e.context.password.config.minPasswordLength;if(t.length<s)throw e.context.logger.error("Password is too short"),new S.APIError("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new S.APIError("BAD_REQUEST",{message:"Password too long"});let i=(await e.context.internalAdapter.findAccounts(o.user.id)).find(l=>l.providerId==="credential"&&l.password);if(!i||!i.password)throw new S.APIError("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(i.password,r))throw new S.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(i.id,{password:d}),n){await e.context.internalAdapter.deleteSessions(o.user.id);let l=await e.context.internalAdapter.createSession(o.user.id,e.headers);if(!l)throw new S.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await P(e,{session:l,user:o.user})}return e.json(o.user)}),er=k("/set-password",{method:"POST",body:T.z.object({newPassword:T.z.string()}),metadata:{SERVER_ONLY:!0},use:[D]},async e=>{let{newPassword:t}=e.body,r=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new S.APIError("BAD_REQUEST",{message:"Password is too short"});let o=e.context.password.config.maxPasswordLength;if(t.length>o)throw e.context.logger.error("Password is too long"),new S.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(i=>i.providerId==="credential"&&i.password),u=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:u}),e.json(r.user);throw new S.APIError("BAD_REQUEST",{message:"user already has a password"})}),tr=k("/delete-user",{method:"POST",body:T.z.object({password:T.z.string({description:"The password of the user"})}),use:[Ct],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{let t=e.context.session;return await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),j(e),e.json(null)}),rr=k("/change-email",{method:"POST",query:T.z.object({currentURL:T.z.string().optional()}).optional(),body:T.z.object({newEmail:T.z.string({description:"The new email to set"}).email(),callbackURL:T.z.string({description:"The URL to redirect to after email verification"}).optional()}),use:[D],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new S.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new S.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new S.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let o=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:o,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new S.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await z(e.context.secret,e.context.session.user.email,e.body.newEmail),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:n,token:r},e.request),e.json({user:null,status:!0})});var zr=(e="Unknown")=>`<!DOCTYPE html>
1
+ "use strict";var Te=Object.defineProperty;var Ur=Object.getOwnPropertyDescriptor;var Tr=Object.getOwnPropertyNames;var Er=Object.prototype.hasOwnProperty;var Ir=(e,t)=>{for(var r in t)Te(e,r,{get:t[r],enumerable:!0})},Or=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Tr(t))!Er.call(e,o)&&o!==r&&Te(e,o,{get:()=>t[o],enumerable:!(n=Ur(t,o))||n.enumerable});return e};var Sr=e=>Or(Te({},"__esModule",{value:!0}),e);var sn={};Ir(sn,{BetterAuthError:()=>L,HIDE_METADATA:()=>K,MissingDependencyError:()=>Ie,betterAuth:()=>on,capitalizeFirstLetter:()=>jr,createCookieGetter:()=>ge,createLogger:()=>ae,deleteSessionCookie:()=>j,generateId:()=>N,generateState:()=>se,getCookies:()=>Oe,levels:()=>ye,logger:()=>I,parseCookies:()=>Dr,parseSetCookieHeader:()=>Cr,parseState:()=>Le,setSessionCookie:()=>S,shouldPublishLog:()=>mt});module.exports=Sr(sn);var U=require("better-call");var Ge=require("better-call");var G=require("better-call"),He=(0,G.createMiddleware)(async()=>({})),re=(0,G.createMiddlewareCreator)({use:[He,(0,G.createMiddleware)(async()=>({}))]}),k=(0,G.createEndpointCreator)({use:[He]});var Ke=re(async e=>{if(e.request?.method!=="POST")return;let{body:t,query:r,context:n}=e,o=e.headers?.get("origin")||e.headers?.get("referer")||"",s=t?.callbackURL||r?.callbackURL,a=t?.redirectTo,u=r?.currentURL,i=n.trustedOrigins,d=e.headers?.has("cookie"),c=(p,m)=>m.includes("*")?new RegExp("^"+m.replace(/\*/g,"[^/]+").replace(/\./g,"\\.")+"$").test(p):p.startsWith(m),l=(p,m)=>{if(!p)return;if(!i.some(g=>c(p,g)||p?.startsWith("/")&&m!=="origin"&&!p.includes(":")))throw e.context.logger.error(`Invalid ${m}: ${p}`),e.context.logger.info(`If it's a valid URL, please add ${p} to trustedOrigins in your auth config
2
+ `,`Current list of trustedOrigins: ${i}`),new Ge.APIError("FORBIDDEN",{message:`Invalid ${m}`})};d&&!e.context.options.advanced?.disableCSRFCheck&&l(o,"origin"),s&&l(s,"callbackURL"),a&&l(a,"redirectURL"),u&&l(u,"currentURL")});var O=require("better-call"),v=require("zod");var Ze=require("oslo"),Je=require("oslo/encoding");var le=require("oslo/crypto");function Ee(e,t){let r=new Uint8Array(e),n=new Uint8Array(t);if(r.length!==n.length)return!1;let o=0;for(let s=0;s<r.length;s++)o|=r[s]^n[s];return o===0}async function Pr({value:e,secret:t}){return new le.HMAC("SHA-256").sign(new TextEncoder().encode(t),new TextEncoder().encode(e)).then(n=>Buffer.from(n).toString("base64"))}function Lr({value:e,signature:t,secret:r}){return new le.HMAC("SHA-256").verify(new TextEncoder().encode(r),Buffer.from(t,"base64"),new TextEncoder().encode(e))}var pe={sign:Pr,verify:Lr};var L=class extends Error{constructor(t,r){super(t),this.name="BetterAuthError",this.message=t,this.cause=r,this.stack=""}},Ie=class extends L{constructor(t){super(`The package "${t}" is required. Make sure it is installed.`,t)}};var q=(e,t="ms")=>new Date(Date.now()+(t==="sec"?e*1e3:e));var fe=Object.create(null),ne=e=>globalThis.process?.env||globalThis.Deno?.env.toObject()||globalThis.__env__||(e?fe:globalThis),_=new Proxy(fe,{get(e,t){return ne()[t]??fe[t]},has(e,t){let r=ne();return t in r||t in fe},set(e,t,r){let n=ne(!0);return n[t]=r,!0},deleteProperty(e,t){if(!t)return!1;let r=ne(!0);return delete r[t],!0},ownKeys(){let e=ne(!0);return Object.keys(e)}});function _r(e){return e?e!=="false":!1}var me=typeof process<"u"&&process.env&&process.env.NODE_ENV||"",oe=me==="production",We=me==="dev"||me==="development",Qe=me==="test"||_r(_.TEST);function Cr(e){let t=new Map;return e.split(", ").forEach(n=>{let o=n.split(";").map(l=>l.trim()),[s,...a]=o,[u,...i]=s.split("="),d=i.join("=");if(!u||d===void 0){console.warn(`Malformed cookie: ${n}`);return}let c={value:d};a.forEach(l=>{let[p,...m]=l.split("="),f=m.join("="),g=p.trim().toLowerCase();switch(g){case"max-age":c["max-age"]=f?parseInt(f.trim(),10):void 0;break;case"expires":c.expires=f?new Date(f.trim()):void 0;break;case"domain":c.domain=f?f.trim():void 0;break;case"path":c.path=f?f.trim():void 0;break;case"secure":c.secure=!0;break;case"httponly":c.httponly=!0;break;case"samesite":c.samesite=f?f.trim().toLowerCase():void 0;break;default:c[g]=f?f.trim():!0;break}}),t.set(u,c)}),t}function ge(e){let r=(e.advanced?.useSecureCookies!==void 0?e.advanced?.useSecureCookies:e.baseURL!==void 0?!!e.baseURL.startsWith("https://"):oe)?"__Secure-":"",n=!!e.advanced?.crossSubDomainCookies?.enabled,o=n?e.advanced?.crossSubDomainCookies?.domain||(e.baseURL?new URL(e.baseURL).hostname:void 0):void 0;if(n&&!o)throw new L("baseURL is required when crossSubdomainCookies are enabled");function s(a,u={}){let i=e.advanced?.cookiePrefix||"better-auth",d=e.advanced?.cookies?.[a]?.name||`${i}.${a}`,c=e.advanced?.cookies?.[a]?.attributes;return{name:`${r}${d}`,attributes:{secure:!!r,sameSite:"lax",path:"/",httpOnly:!0,...n?{domain:o}:{},...e.advanced?.defaultCookieAttributes,...u,...c}}}return s}function Oe(e){let t=ge(e),r=e.session?.expiresIn||new Ze.TimeSpan(7,"d").seconds(),n=t("session_token",{maxAge:r}),o=t("session_data",{maxAge:e.session?.cookieCache?.maxAge||60*5}),s=t("dont_remember");return{sessionToken:{name:n.name,options:n.attributes},sessionData:{name:o.name,options:o.attributes},dontRememberToken:{name:s.name,options:s.attributes}}}async function S(e,t,r,n){let o=e.context.authCookies.sessionToken.options,s=r?void 0:e.context.sessionConfig.expiresIn;await e.setSignedCookie(e.context.authCookies.sessionToken.name,t.session.token,e.context.secret,{...o,maxAge:s,...n}),r&&await e.setSignedCookie(e.context.authCookies.dontRememberToken.name,"true",e.context.secret,e.context.authCookies.dontRememberToken.options),e.context.options.session?.cookieCache?.enabled&&e.setCookie(e.context.authCookies.sessionData.name,JSON.stringify(Je.base64url.encode(new TextEncoder().encode(JSON.stringify({session:t,expiresAt:q(e.context.authCookies.sessionData.options.maxAge||60,"sec").getTime(),signature:await pe.sign({value:JSON.stringify(t),secret:e.context.secret})})))),e.context.authCookies.sessionData.options),e.context.options.secondaryStorage&&await e.context.secondaryStorage?.set(t.session.token,JSON.stringify({user:t.user,session:t.session}),t.session.expiresAt.getTime()-Date.now())}function j(e){e.setCookie(e.context.authCookies.sessionToken.name,"",{...e.context.authCookies.sessionToken.options,maxAge:0}),e.setCookie(e.context.authCookies.sessionData.name,"",{...e.context.authCookies.sessionData.options,maxAge:0}),e.setCookie(e.context.authCookies.dontRememberToken.name,"",{...e.context.authCookies.dontRememberToken.options,maxAge:0})}function Dr(e){let t=e.split("; "),r=new Map;return t.forEach(n=>{let[o,s]=n.split("=");r.set(o,s)}),r}var ot=require("@better-fetch/fetch"),it=require("better-call"),Q=require("jose"),st=require("oslo/jwt");var Ye=require("oslo/crypto"),Xe=require("oslo/encoding");async function et(e){let t=await(0,Ye.sha256)(new TextEncoder().encode(e));return Xe.base64url.encode(new Uint8Array(t),{includePadding:!1})}function tt(e){return{tokenType:e.token_type,accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?q(e.expires_in,"sec"):void 0,scopes:e?.scope?typeof e.scope=="string"?e.scope.split(" "):e.scope:[],idToken:e.id_token}}async function R({id:e,options:t,authorizationEndpoint:r,state:n,codeVerifier:o,scopes:s,claims:a,redirectURI:u}){let i=new URL(r);if(i.searchParams.set("response_type","code"),i.searchParams.set("client_id",t.clientId),i.searchParams.set("state",n),i.searchParams.set("scope",s.join(" ")),i.searchParams.set("redirect_uri",t.redirectURI||u),o){let d=await et(o);i.searchParams.set("code_challenge_method","S256"),i.searchParams.set("code_challenge",d)}if(a){let d=a.reduce((c,l)=>(c[l]=null,c),{});i.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...d}}))}return i}var rt=require("@better-fetch/fetch");async function x({code:e,codeVerifier:t,redirectURI:r,options:n,tokenEndpoint:o,authentication:s}){let a=new URLSearchParams,u={"content-type":"application/x-www-form-urlencoded",accept:"application/json","user-agent":"better-auth"};if(a.set("grant_type","authorization_code"),a.set("code",e),t&&a.set("code_verifier",t),a.set("redirect_uri",r),s==="basic"){let l=btoa(`${n.clientId}:${n.clientSecret}`);u.authorization=`Basic ${l}`}else a.set("client_id",n.clientId),a.set("client_secret",n.clientSecret);let{data:i,error:d}=await(0,rt.betterFetch)(o,{method:"POST",body:a,headers:u});if(d)throw d;return tt(i)}var he=require("oslo/oauth2"),$=require("zod"),Pe=require("better-call");function Br(e){try{return new URL(e).pathname!=="/"}catch{throw new L(`Invalid base URL: ${e}. Please provide a valid base URL.`)}}function Se(e,t="/api/auth"){return Br(e)?e:(t=t.startsWith("/")?t:`/${t}`,`${e}${t}`)}function ie(e,t){if(e)return Se(e,t);let r=_.BETTER_AUTH_URL||_.NEXT_PUBLIC_BETTER_AUTH_URL||_.PUBLIC_BETTER_AUTH_URL||_.NUXT_PUBLIC_BETTER_AUTH_URL||_.NUXT_PUBLIC_AUTH_URL||(_.BASE_URL!=="/"?_.BASE_URL:void 0);if(r)return Se(r,t);if(typeof window<"u"&&window.location)return Se(window.location.origin,t)}function nt(e){try{return new URL(e).origin}catch{return null}}async function se(e,t){let r=e.body?.callbackURL||(e.query?.currentURL?nt(e.query?.currentURL):"")||e.context.options.baseURL;if(!r)throw new Pe.APIError("BAD_REQUEST",{message:"callbackURL is required"});let n=(0,he.generateCodeVerifier)(),o=(0,he.generateState)(),s=JSON.stringify({callbackURL:r,codeVerifier:n,errorURL:e.body?.errorCallbackURL||e.query?.currentURL,link:t,expiresAt:Date.now()+10*60*1e3}),a=new Date;a.setMinutes(a.getMinutes()+10);let u=await e.context.internalAdapter.createVerificationValue({value:s,identifier:o,expiresAt:a});if(!u)throw e.context.logger.error("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database"),new Pe.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification"});return{state:u.identifier,codeVerifier:n}}async function Le(e){let t=e.query.state||e.body.state,r=await e.context.internalAdapter.findVerificationValue(t);if(!r)throw e.context.logger.error("State Mismatch. Verification not found",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);let n=$.z.object({callbackURL:$.z.string(),codeVerifier:$.z.string(),errorURL:$.z.string().optional(),expiresAt:$.z.number(),link:$.z.object({email:$.z.string(),userId:$.z.string()}).optional()}).parse(JSON.parse(r.value));if(n.errorURL||(n.errorURL=`${e.context.baseURL}/error`),n.expiresAt<Date.now())throw await e.context.internalAdapter.deleteVerificationValue(r.id),e.context.logger.error("State expired.",{state:t}),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);return await e.context.internalAdapter.deleteVerificationValue(r.id),n}var at=e=>{let t="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",createAuthorizationURL({state:r,scopes:n,redirectURI:o}){let s=n||["email","name"];return e.scope&&s.push(...e.scope),new URL(`https://appleid.apple.com/auth/authorize?client_id=${e.clientId}&response_type=code&redirect_uri=${o||e.redirectURI}&scope=${s.join(" ")}&state=${r}&response_mode=form_post`)},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:o})=>x({code:r,codeVerifier:n,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async verifyIdToken(r,n){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(r,n);let o=(0,Q.decodeProtectedHeader)(r),{kid:s,alg:a}=o;if(!s||!a)return!1;let u=await qr(s),{payload:i}=await(0,Q.jwtVerify)(r,u,{algorithms:[a],issuer:"https://appleid.apple.com",audience:e.clientId,maxTokenAge:"1h"});return["email_verified","is_private_email"].forEach(d=>{i[d]!==void 0&&(i[d]=!!i[d])}),n&&i.nonce!==n?!1:!!i},async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);if(!r.idToken)return null;let n=(0,st.parseJWT)(r.idToken)?.payload;if(!n)return null;let o=n.user?`${n.user.name.firstName} ${n.user.name.lastName}`:n.email;return{user:{id:n.sub,name:o,emailVerified:!1,email:n.email},data:n}}}},qr=async e=>{let t="https://appleid.apple.com",r="/auth/keys",{data:n}=await(0,ot.betterFetch)(`${t}${r}`);if(!n?.keys)throw new it.APIError("BAD_REQUEST",{message:"Keys not found"});let o=n.keys.find(s=>s.kid===e);if(!o)throw new Error(`JWK with kid ${e} not found`);return await(0,Q.importJWK)(o,o.alg)};var dt=require("@better-fetch/fetch");var ct=e=>({id:"discord",name:"Discord",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let o=r||["identify","email"];return e.scope&&o.push(...e.scope),new URL(`https://discord.com/api/oauth2/authorize?scope=${o.join("+")}&response_type=code&client_id=${e.clientId}&redirect_uri=${encodeURIComponent(e.redirectURI||n)}&state=${t}`)},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://discord.com/api/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,dt.betterFetch)("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${t.accessToken}`}});if(n)return null;if(r.avatar===null){let o=r.discriminator==="0"?Number(BigInt(r.id)>>BigInt(22))%6:parseInt(r.discriminator)%5;r.image_url=`https://cdn.discordapp.com/embed/avatars/${o}.png`}else{let o=r.avatar.startsWith("a_")?"gif":"png";r.image_url=`https://cdn.discordapp.com/avatars/${r.id}/${r.avatar}.${o}`}return{user:{id:r.id,name:r.display_name||r.username||"",email:r.email,emailVerified:r.verified,image:r.image_url},data:r}}});var ut=require("@better-fetch/fetch");var lt=e=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let o=r||["email","public_profile"];return e.scope&&o.push(...e.scope),await R({id:"facebook",options:e,authorizationEndpoint:"https://www.facebook.com/v21.0/dialog/oauth",scopes:o,state:t,redirectURI:n})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://graph.facebook.com/oauth/access_token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,ut.betterFetch)("https://graph.facebook.com/me?fields=id,name,email,picture",{auth:{type:"Bearer",token:t.accessToken}});return n?null:{user:{id:r.id,name:r.name,email:r.email,image:r.picture.data.url,emailVerified:r.email_verified},data:r}}});var _e=require("@better-fetch/fetch");var pt=e=>{let t="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:r,scopes:n,codeVerifier:o,redirectURI:s}){let a=n||["user:email"];return e.scope&&a.push(...e.scope),R({id:"github",options:e,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:a,state:r,redirectURI:s})},validateAuthorizationCode:async({code:r,redirectURI:n})=>x({code:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:o}=await(0,_e.betterFetch)("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${r.accessToken}`}});if(o)return null;let s=!1;if(!n.email){let{data:a,error:u}=await(0,_e.betterFetch)("https://api.github.com/user/emails",{headers:{authorization:`Bearer ${r.accessToken}`,"User-Agent":"better-auth"}});u||(n.email=(a.find(i=>i.primary)??a[0])?.email,s=a.find(i=>i.email===n.email)?.verified??!1)}return{user:{id:n.id.toString(),name:n.name||n.login,email:n.email,image:n.avatar_url,emailVerified:s},data:n}}}};var gt=require("oslo/jwt");var ft=require("consola"),ye=["info","success","warn","error","debug"];function mt(e,t){return ye.indexOf(t)<=ye.indexOf(e)}var Nr=(0,ft.createConsola)({formatOptions:{date:!1,colors:!0,compact:!0},defaults:{tag:"Better Auth"}}),ae=e=>{let t=e?.disabled!==!0,r=e?.level??"error",n=(o,s,a=[])=>{if(!(!t||!mt(r,o))){if(!e||typeof e.log!="function"){Nr[o]("",s,...a);return}e.log(o==="success"?"info":o,s,a)}};return Object.fromEntries(ye.map(o=>[o,(...[s,...a])=>n(o,s,a)]))},I=ae();var ht=require("@better-fetch/fetch"),yt=e=>({id:"google",name:"Google",async createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:o}){if(!e.clientId||!e.clientSecret)throw I.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new L("CLIENT_ID_AND_SECRET_REQUIRED");if(!n)throw new L("codeVerifier is required for Google");let s=r||["email","profile","openid"];e.scope&&s.push(...e.scope);let a=await R({id:"google",options:e,authorizationEndpoint:"https://accounts.google.com/o/oauth2/auth",scopes:s,state:t,codeVerifier:n,redirectURI:o});return e.accessType&&a.searchParams.set("access_type",e.accessType),e.prompt&&a.searchParams.set("prompt",e.prompt),a},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(t,r){if(e.disableIdTokenSignIn)return!1;if(e.verifyIdToken)return e.verifyIdToken(t,r);let n=`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${t}`,{data:o}=await(0,ht.betterFetch)(n);return o?o.aud===e.clientId&&o.iss==="https://accounts.google.com":!1},async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);if(!t.idToken)return null;let r=(0,gt.parseJWT)(t.idToken)?.payload;return{user:{id:r.sub,name:r.name,email:r.email,image:r.picture,emailVerified:r.email_verified},data:r}}});var wt=require("@better-fetch/fetch"),bt=require("oslo/jwt");var At=e=>{let t=e.tenantId||"common",r=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,n=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(o){let s=o.scopes||["openid","profile","email","User.Read"];return e.scope&&s.push(...e.scope),R({id:"microsoft",options:e,authorizationEndpoint:r,state:o.state,codeVerifier:o.codeVerifier,scopes:s,redirectURI:o.redirectURI})},validateAuthorizationCode({code:o,codeVerifier:s,redirectURI:a}){return x({code:o,codeVerifier:s,redirectURI:e.redirectURI||a,options:e,tokenEndpoint:n})},async getUserInfo(o){if(e.getUserInfo)return e.getUserInfo(o);if(!o.idToken)return null;let s=(0,bt.parseJWT)(o.idToken)?.payload,a=e.profilePhotoSize||48;return await(0,wt.betterFetch)(`https://graph.microsoft.com/v1.0/me/photos/${a}x${a}/$value`,{headers:{Authorization:`Bearer ${o.accessToken}`},async onResponse(u){if(!(e.disableProfilePhoto||!u.response.ok))try{let d=await u.response.clone().arrayBuffer(),c=Buffer.from(d).toString("base64");s.picture=`data:image/jpeg;base64, ${c}`}catch(i){I.error(i&&typeof i=="object"&&"name"in i?i.name:"",i)}}}),{user:{id:s.sub,name:s.name,email:s.email,image:s.picture,emailVerified:!0},data:s}}}};var kt=require("@better-fetch/fetch");var xt=e=>({id:"spotify",name:"Spotify",createAuthorizationURL({state:t,scopes:r,codeVerifier:n,redirectURI:o}){let s=r||["user-read-email"];return e.scope&&s.push(...e.scope),R({id:"spotify",options:e,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:s,state:t,codeVerifier:n,redirectURI:o})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://accounts.spotify.com/api/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,kt.betterFetch)("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.id,name:r.display_name,email:r.email,image:r.images[0]?.url,emailVerified:!1},data:r}}});function jr(e){return e.charAt(0).toUpperCase()+e.slice(1)}var K={isAction:!1};var vt=require("nanoid"),N=e=>(0,vt.nanoid)(e);var Rt=require("oslo/jwt");var Ut=e=>({id:"twitch",name:"Twitch",createAuthorizationURL({state:t,scopes:r,redirectURI:n}){let o=r||["user:read:email","openid"];return e.scope&&o.push(...e.scope),R({id:"twitch",redirectURI:n,options:e,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:o,state:t,claims:e.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:t,redirectURI:r})=>x({code:t,redirectURI:e.redirectURI||r,options:e,tokenEndpoint:"https://id.twitch.tv/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let r=t.idToken;if(!r)return I.error("No idToken found in token"),null;let n=(0,Rt.parseJWT)(r)?.payload;return{user:{id:n.sub,name:n.preferred_username,email:n.email,image:n.picture,emailVerified:!1},data:n}}});var Tt=require("@better-fetch/fetch");var Et=e=>({id:"twitter",name:"Twitter",createAuthorizationURL(t){let r=t.scopes||["users.read","tweet.read","offline.access"];return e.scope&&r.push(...e.scope),R({id:"twitter",options:e,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:r,state:t.state,codeVerifier:t.codeVerifier,redirectURI:t.redirectURI})},validateAuthorizationCode:async({code:t,codeVerifier:r,redirectURI:n})=>x({code:t,codeVerifier:r,authentication:"basic",redirectURI:e.redirectURI||n,options:e,tokenEndpoint:"https://api.x.com/2/oauth2/token"}),async getUserInfo(t){if(e.getUserInfo)return e.getUserInfo(t);let{data:r,error:n}=await(0,Tt.betterFetch)("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${t.accessToken}`}});return n?null:{user:{id:r.data.id,name:r.data.name,email:r.data.email||null,image:r.data.profile_image_url,emailVerified:r.data.verified||!1},data:r}}});var It=require("@better-fetch/fetch");var Ot=e=>{let t="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:r,scopes:n,codeVerifier:o,redirectURI:s})=>{let a=n||["account_info.read"];return e.scope&&a.push(...e.scope),await R({id:"dropbox",options:e,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:a,state:r,redirectURI:s,codeVerifier:o})},validateAuthorizationCode:async({code:r,codeVerifier:n,redirectURI:o})=>await x({code:r,codeVerifier:n,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:t}),async getUserInfo(r){if(e.getUserInfo)return e.getUserInfo(r);let{data:n,error:o}=await(0,It.betterFetch)("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${r.accessToken}`}});return o?null:{user:{id:n.account_id,name:n.name?.display_name,email:n.email,emailVerified:n.email_verified||!1,image:n.profile_photo_url},data:n}}}};var St=require("@better-fetch/fetch");var Pt=e=>{let t="https://www.linkedin.com/oauth/v2/authorization",r="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:n,scopes:o,redirectURI:s})=>{let a=o||["profile","email","openid"];return e.scope&&a.push(...e.scope),await R({id:"linkedin",options:e,authorizationEndpoint:t,scopes:a,state:n,redirectURI:s})},validateAuthorizationCode:async({code:n,redirectURI:o})=>await x({code:n,redirectURI:e.redirectURI||o,options:e,tokenEndpoint:r}),async getUserInfo(n){let{data:o,error:s}=await(0,St.betterFetch)("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${n.accessToken}`}});return s?null:{user:{id:o.sub,name:o.name,email:o.email,emailVerified:o.email_verified||!1,image:o.picture},data:o}}}};var Lt=require("@better-fetch/fetch");var Ce=(e="")=>e.split("://").map(t=>t.replace(/\/{2,}/g,"/")).join("://"),Vr=e=>{let t=e||"https://gitlab.com";return{authorizationEndpoint:Ce(`${t}/oauth/authorize`),tokenEndpoint:Ce(`${t}/oauth/token`),userinfoEndpoint:Ce(`${t}/api/v4/user`)}},_t=e=>{let{authorizationEndpoint:t,tokenEndpoint:r,userinfoEndpoint:n}=Vr(e.issuer),o="gitlab";return{id:o,name:"Gitlab",createAuthorizationURL:async({state:a,scopes:u,codeVerifier:i,redirectURI:d})=>{let c=u||["read_user"];return e.scope&&c.push(...e.scope),await R({id:o,options:e,authorizationEndpoint:t,scopes:c,state:a,redirectURI:d,codeVerifier:i})},validateAuthorizationCode:async({code:a,redirectURI:u,codeVerifier:i})=>x({code:a,redirectURI:e.redirectURI||u,options:e,codeVerifier:i,tokenEndpoint:r}),async getUserInfo(a){if(e.getUserInfo)return e.getUserInfo(a);let{data:u,error:i}=await(0,Lt.betterFetch)(n,{headers:{authorization:`Bearer ${a.accessToken}`}});return i||u.state!=="active"||u.locked?null:{user:{id:u.id.toString(),name:u.name??u.username,email:u.email,image:u.avatar_url,emailVerified:!0},data:u}}}};var De={apple:at,discord:ct,facebook:lt,github:pt,microsoft:At,google:yt,spotify:xt,twitch:Ut,twitter:Et,dropbox:Ot,linkedin:Pt,gitlab:_t},we=Object.keys(De);var jt=require("oslo"),be=require("oslo/jwt"),B=require("zod");var Y=require("better-call");var V=require("better-call");var J=require("zod");function Z(e){try{return JSON.parse(e)}catch{return null}}var Be=()=>k("/get-session",{method:"GET",query:J.z.optional(J.z.object({disableCookieCache:J.z.boolean({description:"Disable cookie cache and fetch session from database"}).optional()})),requireHeaders:!0,metadata:{openapi:{description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}},user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{try{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)return e.json(null);let r=e.getCookie(e.context.authCookies.sessionData.name),n=r?Z(Buffer.from(r,"base64").toString()):null;if(n&&!await pe.verify({value:JSON.stringify(n.session),signature:n?.signature,secret:e.context.secret}))return j(e),e.json(null);let o=await e.getSignedCookie(e.context.authCookies.dontRememberToken.name,e.context.secret);if(n?.session&&e.context.options.session?.cookieCache?.enabled&&!e.query?.disableCookieCache){let c=n.session;if(n.expiresAt<Date.now()||c.session.expiresAt<new Date){let p=e.context.authCookies.sessionData.name;e.setCookie(p,"",{maxAge:0})}else return e.json(c)}let s=await e.context.internalAdapter.findSession(t);if(!s||s.session.expiresAt<new Date)return j(e),s&&await e.context.internalAdapter.deleteSession(s.session.token),e.json(null);if(o)return e.json(s);let a=e.context.sessionConfig.expiresIn,u=e.context.sessionConfig.updateAge;if(s.session.expiresAt.valueOf()-a*1e3+u*1e3<=Date.now()){let c=await e.context.internalAdapter.updateSession(s.session.token,{expiresAt:q(e.context.sessionConfig.expiresIn,"sec")});if(!c)return j(e),e.json(null,{status:401});let l=(c.expiresAt.valueOf()-Date.now())/1e3;return await S(e,{session:c,user:s.user},!1,{maxAge:l}),e.json({session:c,user:s.user})}return e.json(s)}catch(t){throw e.context.logger.error("INTERNAL_SERVER_ERROR",t),new V.APIError("INTERNAL_SERVER_ERROR",{message:"internal server error"})}}),de=async e=>{if(e.context.session)return e.context.session;let t=await Be()({...e,_flag:"json",headers:e.headers});return e.context.session=t,t},D=re(async e=>{let t=await de(e);if(!t?.session)throw new V.APIError("UNAUTHORIZED");return{session:t}}),Ct=re(async e=>{let t=await de(e);if(!t?.session)throw new V.APIError("UNAUTHORIZED");if(e.context.sessionConfig.freshAge===0)return{session:t};let r=e.context.sessionConfig.freshAge,n=t.session.createdAt.valueOf(),o=Date.now();if(!(n+r*1e3>o))throw new V.APIError("FORBIDDEN",{message:"Session is not fresh"});return{session:t}}),Dt=()=>k("/list-sessions",{method:"GET",use:[D],requireHeaders:!0,metadata:{openapi:{description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{token:{type:"string"},userId:{type:"string"},expiresAt:{type:"string"}}}}}}}}}}},async e=>{let r=(await e.context.internalAdapter.listSessions(e.context.session.user.id)).filter(n=>n.expiresAt>new Date);return e.json(r)}),Bt=k("/revoke-session",{method:"POST",body:J.z.object({token:J.z.string({description:"The token to revoke"})}),use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}},required:["token"]}}}}}}},async e=>{let t=e.body.token,r=await e.context.internalAdapter.findSession(t);if(!r)throw new V.APIError("BAD_REQUEST",{message:"Session not found"});if(r.session.userId!==e.context.session.user.id)throw new V.APIError("UNAUTHORIZED");try{await e.context.internalAdapter.deleteSession(t)}catch(n){throw e.context.logger.error(n&&typeof n=="object"&&"name"in n?n.name:"",n),new V.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),qt=k("/revoke-sessions",{method:"POST",use:[D],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}},required:["status"]}}}}}}}},async e=>{try{await e.context.internalAdapter.deleteSessions(e.context.session.user.id)}catch(t){throw e.context.logger.error(t&&typeof t=="object"&&"name"in t?t.name:"",t),new V.APIError("INTERNAL_SERVER_ERROR")}return e.json({status:!0})}),Nt=k("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[D],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.context.session;if(!t.user)throw new V.APIError("UNAUTHORIZED");let o=(await e.context.internalAdapter.listSessions(t.user.id)).filter(s=>s.expiresAt>new Date).filter(s=>s.token!==e.context.session.session.token);return await Promise.all(o.map(s=>e.context.internalAdapter.deleteSession(s.token))),e.json({status:!0})});async function z(e,t,r){return await(0,be.createJWT)("HS256",Buffer.from(e),{email:t.toLowerCase(),updateTo:r},{expiresIn:new jt.TimeSpan(1,"h"),issuer:"better-auth",subject:"verify-email",audiences:[t],includeIssuedTimestamp:!0})}async function Fr(e,t){if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new Y.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await z(e.context.secret,t.email),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification.sendVerificationEmail({user:t,url:n,token:r},e.request)}var Vt=k("/send-verification-email",{method:"POST",query:B.z.object({currentURL:B.z.string({description:"The URL to use for email verification callback"}).optional()}).optional(),body:B.z.object({email:B.z.string({description:"The email to send the verification email to"}).email(),callbackURL:B.z.string({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailVerification?.sendVerificationEmail)throw e.context.logger.error("Verification email isn't enabled."),new Y.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let{email:t}=e.body,r=await e.context.internalAdapter.findUserByEmail(t);if(!r)throw new Y.APIError("BAD_REQUEST",{message:"User not found"});return await Fr(e,r.user),e.json({status:!0})}),Ft=k("/verify-email",{method:"GET",query:B.z.object({token:B.z.string({description:"The token to verify the email"}),callbackURL:B.z.string({description:"The URL to redirect to after email verification"}).optional()}),metadata:{openapi:{description:"Verify the email of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}},required:["user","status"]}}}}}}}},async e=>{function t(u){throw e.query.callbackURL?e.redirect(`${e.query.callbackURL}?error=${u}`):new Y.APIError("UNAUTHORIZED",{message:u})}let{token:r}=e.query,n;try{n=await(0,be.validateJWT)("HS256",Buffer.from(e.context.secret),r)}catch(u){return e.context.logger.error("Failed to verify email",u),t("invalid_token")}let s=B.z.object({email:B.z.string().email(),updateTo:B.z.string().optional()}).parse(n.payload),a=await e.context.internalAdapter.findUserByEmail(s.email);if(!a)return t("user_not_found");if(s.updateTo){let u=await de(e);if(!u){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}if(u.user.email!==s.email){if(e.query.callbackURL)throw e.redirect(`${e.query.callbackURL}?error=unauthorized`);return t("unauthorized")}let i=await e.context.internalAdapter.updateUserByEmail(s.email,{email:s.updateTo});if(await e.context.options.emailVerification?.sendVerificationEmail?.({user:i,url:`${e.context.baseURL}/verify-email?token=${r}`,token:r},e.request),e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:i,status:!0})}if(await e.context.internalAdapter.updateUserByEmail(s.email,{emailVerified:!0}),e.context.options.emailVerification?.autoSignInAfterVerification&&!await de(e)){let i=await e.context.internalAdapter.createSession(a.user.id,e.request);if(!i)throw new Y.APIError("INTERNAL_SERVER_ERROR",{message:"Failed to create session"});await S(e,{session:i,user:a.user})}if(e.query.callbackURL)throw e.redirect(e.query.callbackURL);return e.json({user:null,status:!0})});async function Ae(e,{userInfo:t,account:r,callbackURL:n}){let o=await e.context.internalAdapter.findUserByEmail(t.email.toLowerCase(),{includeAccounts:!0}).catch(u=>{throw I.error(`Better auth was unable to query your database.
3
+ Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)}),s=o?.user;if(o){let u=o.accounts.find(i=>i.providerId===r.providerId);if(u)await e.context.internalAdapter.updateAccount(u.id,{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt});else{if(!e.context.options.account?.accountLinking?.trustedProviders?.includes(r.providerId)&&!t.emailVerified||e.context.options.account?.accountLinking?.enabled===!1)return We&&I.warn(`User already exist but account isn't linked to ${r.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await e.context.internalAdapter.linkAccount({providerId:r.providerId,accountId:t.id.toString(),userId:o.user.id,accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope})}catch(c){return I.error("Unable to link account",c),{error:"unable to link account",data:null}}}}else try{let u=t.emailVerified||!1;if(s=await e.context.internalAdapter.createOAuthUser({...t,id:void 0,emailVerified:u,email:t.email.toLowerCase()},{accessToken:r.accessToken,idToken:r.idToken,refreshToken:r.refreshToken,accessTokenExpiresAt:r.accessTokenExpiresAt,refreshTokenExpiresAt:r.refreshTokenExpiresAt,scope:r.scope,providerId:r.providerId,accountId:t.id.toString()}).then(i=>i?.user),!u&&s&&e.context.options.emailVerification?.sendOnSignUp){let i=await z(e.context.secret,s.email),d=`${e.context.baseURL}/verify-email?token=${i}&callbackURL=${n}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:s,url:d,token:i},e.request)}}catch(u){return I.error("Unable to create user",u),{error:"unable to create user",data:null}}if(!s)return{error:"unable to create user",data:null};let a=await e.context.internalAdapter.createSession(s.id,e.request);return a?{data:{session:a,user:s},error:null}:{error:"unable to create session",data:null}}var $t=k("/sign-in/social",{method:"POST",query:v.z.object({currentURL:v.z.string().optional()}).optional(),body:v.z.object({callbackURL:v.z.string({description:"Callback URL to redirect to after the user has signed in"}).optional(),errorCallbackURL:v.z.string({description:"Callback URL to redirect to if an error happens"}).optional(),provider:v.z.enum(we,{description:"OAuth2 provider to use"}),disableRedirect:v.z.boolean({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:v.z.optional(v.z.object({token:v.z.string({description:"ID token from the provider"}),nonce:v.z.string({description:"Nonce used to generate the token"}).optional(),accessToken:v.z.string({description:"Access token from the provider"}).optional(),refreshToken:v.z.string({description:"Refresh token from the provider"}).optional(),expiresAt:v.z.number({description:"Expiry date of the token"}).optional()}),{description:"ID token from the provider to sign in the user with id token"})}),metadata:{openapi:{description:"Sign in with a social provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{let t=e.context.socialProviders.find(s=>s.id===e.body.provider);if(!t)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new O.APIError("NOT_FOUND",{message:"Provider not found"});if(e.body.idToken){if(!t.verifyIdToken)throw e.context.logger.error("Provider does not support id token verification",{provider:e.body.provider}),new O.APIError("NOT_FOUND",{message:"Provider does not support id token verification"});let{token:s,nonce:a}=e.body.idToken;if(!await t.verifyIdToken(s,a))throw e.context.logger.error("Invalid id token",{provider:e.body.provider}),new O.APIError("UNAUTHORIZED",{message:"Invalid id token"});let i=await t.getUserInfo({idToken:s,accessToken:e.body.idToken.accessToken,refreshToken:e.body.idToken.refreshToken});if(!i||!i?.user)throw e.context.logger.error("Failed to get user info",{provider:e.body.provider}),new O.APIError("UNAUTHORIZED",{message:"Failed to get user info"});if(!i.user.email)throw e.context.logger.error("User email not found",{provider:e.body.provider}),new O.APIError("UNAUTHORIZED",{message:"User email not found"});let d=await Ae(e,{userInfo:{email:i.user.email,id:i.user.id,name:i.user.name||"",image:i.user.image,emailVerified:i.user.emailVerified||!1},account:{providerId:t.id,accountId:i.user.id,accessToken:e.body.idToken.accessToken}});if(d.error)throw new O.APIError("UNAUTHORIZED",{message:d.error});return await S(e,d.data),e.json({session:d.data.session,user:d.data.user,url:`${e.body.callbackURL||e.query?.currentURL||e.context.options.baseURL}`,redirect:!0})}let{codeVerifier:r,state:n}=await se(e),o=await t.createAuthorizationURL({state:n,codeVerifier:r,redirectURI:`${e.context.baseURL}/callback/${t.id}`});return e.json({url:o.toString(),redirect:!e.body.disableRedirect})}),zt=k("/sign-in/email",{method:"POST",body:v.z.object({email:v.z.string({description:"Email of the user"}),password:v.z.string({description:"Password of the user"}),callbackURL:v.z.string({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:v.z.boolean({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{openapi:{description:"Sign in with email and password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"string"},user:{type:"object"},url:{type:"string"},redirect:{type:"boolean"}},required:["session","user","url","redirect"]}}}}}}}},async e=>{if(!e.context.options?.emailAndPassword?.enabled)throw e.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),new O.APIError("BAD_REQUEST",{message:"Email and password is not enabled"});let{email:t,password:r}=e.body;if(!v.z.string().email().safeParse(t).success)throw new O.APIError("BAD_REQUEST",{message:"Invalid email"});let o=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!o)throw await e.context.password.hash(r),e.context.logger.error("User not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let s=o.accounts.find(d=>d.providerId==="credential");if(!s)throw e.context.logger.error("Credential account not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});let a=s?.password;if(!a)throw e.context.logger.error("Password not found",{email:t}),new O.APIError("UNAUTHORIZED",{message:"Unexpected error"});if(!await e.context.password.verify(a,r))throw e.context.logger.error("Invalid password"),new O.APIError("UNAUTHORIZED",{message:"Invalid email or password"});if(e.context.options?.emailAndPassword?.requireEmailVerification&&!o.user.emailVerified){if(!e.context.options?.emailVerification?.sendVerificationEmail)throw new O.APIError("UNAUTHORIZED",{message:"Email is not verified."});let d=await z(e.context.secret,o.user.email),c=`${e.context.baseURL}/verify-email?token=${d}&callbackURL=${e.body.callbackURL||"/"}`;throw await e.context.options.emailVerification.sendVerificationEmail({user:o.user,url:c,token:d},e.request),e.context.logger.error("Email not verified",{email:t}),new O.APIError("FORBIDDEN",{message:"Email is not verified. Check your email for a verification link"})}let i=await e.context.internalAdapter.createSession(o.user.id,e.headers,e.body.rememberMe===!1);if(!i)throw e.context.logger.error("Failed to create session"),new O.APIError("UNAUTHORIZED",{message:"Failed to create session"});return await S(e,{session:i,user:o.user},e.body.rememberMe===!1),e.json({user:o.user,session:i,redirect:!!e.body.callbackURL,url:e.body.callbackURL})});var X=require("zod");var ke=X.z.object({code:X.z.string().optional(),error:X.z.string().optional(),errorMessage:X.z.string().optional(),state:X.z.string().optional()}),Mt=k("/callback/:id",{method:["GET","POST"],body:ke.optional(),query:ke.optional(),metadata:K},async e=>{let t;try{if(e.method==="GET")t=ke.parse(e.query);else if(e.method==="POST")t=ke.parse(e.body);else throw new Error("Unsupported method")}catch(h){throw e.context.logger.error("INVALID_CALLBACK_REQUEST",h),e.redirect(`${e.context.baseURL}/error?error=invalid_callback_request`)}let{code:r,error:n,state:o}=t;if(!o)throw e.context.logger.error("State not found"),e.redirect(`${e.context.baseURL}/error?error=state_not_found`);if(!r)throw e.context.logger.error("Code not found"),e.redirect(`${e.context.baseURL}/error?error=${n||"no_code"}`);let s=e.context.socialProviders.find(h=>h.id===e.params.id);if(!s)throw e.context.logger.error("Oauth provider with id",e.params.id,"not found"),e.redirect(`${e.context.baseURL}/error?error=oauth_provider_not_found`);let{codeVerifier:a,callbackURL:u,link:i,errorURL:d}=await Le(e),c;try{c=await s.validateAuthorizationCode({code:r,codeVerifier:a,redirectURI:`${e.context.baseURL}/callback/${s.id}`})}catch(h){throw e.context.logger.error("",h),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`)}let l=await s.getUserInfo(c).then(h=>h?.user);function p(h){let w=d||u||`${e.context.baseURL}/error`;throw w.includes("?")?w=`${w}&error=${h}`:w=`${w}?error=${h}`,e.redirect(w)}if(!l)return e.context.logger.error("Unable to get user info"),p("unable_to_get_user_info");if(!l.email)return e.context.logger.error("Provider did not return email. This could be due to misconfiguration in the provider settings."),p("email_not_found");if(!u)throw e.context.logger.error("No callback URL found"),e.redirect(`${e.context.baseURL}/error?error=please_restart_the_process`);if(i){if(i.email!==l.email.toLowerCase())return p("email_doesn't_match");if(!await e.context.internalAdapter.createAccount({userId:i.userId,providerId:s.id,accountId:l.id}))return p("unable_to_link_account");let w;try{w=new URL(u).toString()}catch{w=u}throw e.redirect(w)}let m=await Ae(e,{userInfo:{id:l.id,email:l.email,name:l.name||"",image:l.image,emailVerified:l.emailVerified||!1},account:{providerId:s.id,accountId:l.id,...c,scope:c.scopes?.join(",")},callbackURL:u});if(m.error)return e.context.logger.error(m.error.split(" ").join("_")),p(m.error.split(" ").join("_"));let{session:f,user:g}=m.data;await S(e,{session:f,user:g});let y;try{y=new URL(u).toString()}catch{y=u}throw e.redirect(y)});var Ti=require("zod");var Ht=require("better-call"),Gt=k("/sign-out",{method:"POST",requireHeaders:!0,metadata:{openapi:{description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async e=>{let t=await e.getSignedCookie(e.context.authCookies.sessionToken.name,e.context.secret);if(!t)throw j(e),new Ht.APIError("BAD_REQUEST",{message:"Session not found"});return await e.context.internalAdapter.deleteSession(t),j(e),e.json({success:!0})});var C=require("zod");var xe=require("better-call");function Kt(e,t,r){let n=t?new URL(t,e.baseURL):new URL(`${e.baseURL}/error`);return r&&Object.entries(r).forEach(([o,s])=>n.searchParams.set(o,s)),n.href}function $r(e,t,r){let n=new URL(t,e.baseURL);return r&&Object.entries(r).forEach(([o,s])=>n.searchParams.set(o,s)),n.href}var Wt=k("/forget-password",{method:"POST",body:C.z.object({email:C.z.string({description:"The email address of the user to send a password reset email to"}).email(),redirectTo:C.z.string({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.sendResetPassword)throw e.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function in your auth config!"),new xe.APIError("BAD_REQUEST",{message:"Reset password isn't enabled"});let{email:t,redirectTo:r}=e.body,n=await e.context.internalAdapter.findUserByEmail(t,{includeAccounts:!0});if(!n)return e.context.logger.error("Reset Password: User not found",{email:t}),e.json({status:!1},{body:{status:!0}});let o=60*60*1,s=q(e.context.options.emailAndPassword.resetPasswordTokenExpiresIn||o,"sec"),a=N(24);await e.context.internalAdapter.createVerificationValue({value:n.user.id,identifier:`reset-password:${a}`,expiresAt:s});let u=`${e.context.baseURL}/reset-password/${a}?callbackURL=${r}`;return await e.context.options.emailAndPassword.sendResetPassword({user:n.user,url:u,token:a},e.request),e.json({status:!0})}),Qt=k("/reset-password/:token",{method:"GET",query:C.z.object({callbackURL:C.z.string({description:"The URL to redirect the user to reset their password"})}),metadata:{openapi:{description:"Redirects the user to the callback URL with the token",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async e=>{let{token:t}=e.params,{callbackURL:r}=e.query;if(!t||!r)throw e.redirect(Kt(e.context,r,{error:"INVALID_TOKEN"}));let n=await e.context.internalAdapter.findVerificationValue(`reset-password:${t}`);throw!n||n.expiresAt<new Date?e.redirect(Kt(e.context,r,{error:"INVALID_TOKEN"})):e.redirect($r(e.context,r,{token:t}))}),Zt=k("/reset-password",{query:C.z.optional(C.z.object({token:C.z.string().optional(),currentURL:C.z.string().optional()})),method:"POST",body:C.z.object({newPassword:C.z.string({description:"The new password to set"}),token:C.z.string({description:"The token to reset the password"}).optional()}),metadata:{openapi:{description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async e=>{let t=e.body.token||e.query?.token||(e.query?.currentURL?new URL(e.query.currentURL).searchParams.get("token"):"");if(!t)throw new xe.APIError("BAD_REQUEST",{message:"Token not found"});let{newPassword:r}=e.body,n=`reset-password:${t}`,o=await e.context.internalAdapter.findVerificationValue(n);if(!o||o.expiresAt<new Date)throw new xe.APIError("BAD_REQUEST",{message:"Invalid token"});await e.context.internalAdapter.deleteVerificationValue(o.id);let s=o.value,a=await e.context.password.hash(r);return(await e.context.internalAdapter.findAccounts(s)).find(d=>d.providerId==="credential")?(await e.context.internalAdapter.updatePassword(s,a),e.json({status:!0})):(await e.context.internalAdapter.createAccount({userId:s,providerId:"credential",password:a,accountId:s}),e.json({status:!0}))});var T=require("zod");var P=require("better-call");var A=require("zod"),Di=A.z.object({id:A.z.string(),providerId:A.z.string(),accountId:A.z.string(),userId:A.z.string(),accessToken:A.z.string().nullish(),refreshToken:A.z.string().nullish(),idToken:A.z.string().nullish(),accessTokenExpiresAt:A.z.date().nullish(),refreshTokenExpiresAt:A.z.date().nullish(),scope:A.z.string().nullish(),password:A.z.string().nullish(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date)}),Bi=A.z.object({id:A.z.string(),email:A.z.string().transform(e=>e.toLowerCase()),emailVerified:A.z.boolean().default(!1),name:A.z.string(),image:A.z.string().nullish(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date)}),qi=A.z.object({id:A.z.string(),userId:A.z.string(),expiresAt:A.z.date(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date),token:A.z.string(),ipAddress:A.z.string().nullish(),userAgent:A.z.string().nullish()}),Ni=A.z.object({id:A.z.string(),value:A.z.string(),createdAt:A.z.date().default(()=>new Date),updatedAt:A.z.date().default(()=>new Date),expiresAt:A.z.date(),identifier:A.z.string()});function Jt(e,t){let r=t.fields,n={};for(let o in e){let s=r[o];if(!s){n[o]=e[o];continue}s.returned!==!1&&(n[o]=e[o])}return n}function qe(e,t){let r={...t==="user"?e.user?.additionalFields:{},...t==="session"?e.session?.additionalFields:{}};for(let n of e.plugins||[])n.schema&&n.schema[t]&&(r={...r,...n.schema[t].fields});return r}function Ne(e,t){let r=qe(e,"user");return Jt(t,{fields:r})}function ve(e,t){let r=qe(e,"session");return Jt(t,{fields:r})}function zr(e,t){let r=t.action||"create",n=t.fields,o={};for(let s in n){if(s in e){if(n[s].input===!1){if(n[s].defaultValue){o[s]=n[s].defaultValue;continue}continue}o[s]=e[s];continue}if(n[s].defaultValue&&r==="create"){o[s]=n[s].defaultValue;continue}}return o}function Re(e,t,r){let n=qe(e,"user");return zr(t||{},{fields:n,action:r})}var Yt=()=>k("/update-user",{method:"POST",body:T.z.record(T.z.string(),T.z.any()),use:[D],metadata:{openapi:{description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user"}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"}}}}}}}}}},async e=>{let t=e.body;if(t.email)throw new P.APIError("BAD_REQUEST",{message:"You can't update email"});let{name:r,image:n,...o}=t,s=e.context.session;if(!n&&!r&&Object.keys(o).length===0)return e.json({user:s.user});let a=Re(e.context.options,o,"update"),u=await e.context.internalAdapter.updateUserByEmail(s.user.email,{name:r,image:n,...a});return await S(e,{session:s.session,user:u}),e.json({user:u})}),Xt=k("/change-password",{method:"POST",body:T.z.object({newPassword:T.z.string({description:"The new password to set"}),currentPassword:T.z.string({description:"The current password"}),revokeOtherSessions:T.z.boolean({description:"Revoke all other sessions"}).optional()}),use:[D],metadata:{openapi:{description:"Change the password of the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{description:"The user object",$ref:"#/components/schemas/User"}}}}}}}}}},async e=>{let{newPassword:t,currentPassword:r,revokeOtherSessions:n}=e.body,o=e.context.session,s=e.context.password.config.minPasswordLength;if(t.length<s)throw e.context.logger.error("Password is too short"),new P.APIError("BAD_REQUEST",{message:"Password is too short"});let a=e.context.password.config.maxPasswordLength;if(t.length>a)throw e.context.logger.error("Password is too long"),new P.APIError("BAD_REQUEST",{message:"Password too long"});let i=(await e.context.internalAdapter.findAccounts(o.user.id)).find(l=>l.providerId==="credential"&&l.password);if(!i||!i.password)throw new P.APIError("BAD_REQUEST",{message:"User does not have a password"});let d=await e.context.password.hash(t);if(!await e.context.password.verify(i.password,r))throw new P.APIError("BAD_REQUEST",{message:"Incorrect password"});if(await e.context.internalAdapter.updateAccount(i.id,{password:d}),n){await e.context.internalAdapter.deleteSessions(o.user.id);let l=await e.context.internalAdapter.createSession(o.user.id,e.headers);if(!l)throw new P.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create session"});await S(e,{session:l,user:o.user})}return e.json(o.user)}),er=k("/set-password",{method:"POST",body:T.z.object({newPassword:T.z.string()}),metadata:{SERVER_ONLY:!0},use:[D]},async e=>{let{newPassword:t}=e.body,r=e.context.session,n=e.context.password.config.minPasswordLength;if(t.length<n)throw e.context.logger.error("Password is too short"),new P.APIError("BAD_REQUEST",{message:"Password is too short"});let o=e.context.password.config.maxPasswordLength;if(t.length>o)throw e.context.logger.error("Password is too long"),new P.APIError("BAD_REQUEST",{message:"Password too long"});let a=(await e.context.internalAdapter.findAccounts(r.user.id)).find(i=>i.providerId==="credential"&&i.password),u=await e.context.password.hash(t);if(!a)return await e.context.internalAdapter.linkAccount({userId:r.user.id,providerId:"credential",accountId:r.user.id,password:u}),e.json(r.user);throw new P.APIError("BAD_REQUEST",{message:"user already has a password"})}),tr=k("/delete-user",{method:"POST",body:T.z.object({password:T.z.string({description:"The password of the user"})}),use:[Ct],metadata:{openapi:{description:"Delete the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object"}}}}}}}},async e=>{let t=e.context.session;return await e.context.internalAdapter.deleteUser(t.user.id),await e.context.internalAdapter.deleteSessions(t.user.id),j(e),e.json(null)}),rr=k("/change-email",{method:"POST",query:T.z.object({currentURL:T.z.string().optional()}).optional(),body:T.z.object({newEmail:T.z.string({description:"The new email to set"}).email(),callbackURL:T.z.string({description:"The URL to redirect to after email verification"}).optional()}),use:[D],metadata:{openapi:{responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},status:{type:"boolean"}}}}}}}}}},async e=>{if(!e.context.options.user?.changeEmail?.enabled)throw e.context.logger.error("Change email is disabled."),new P.APIError("BAD_REQUEST",{message:"Change email is disabled"});if(e.body.newEmail===e.context.session.user.email)throw e.context.logger.error("Email is the same"),new P.APIError("BAD_REQUEST",{message:"Email is the same"});if(await e.context.internalAdapter.findUserByEmail(e.body.newEmail))throw e.context.logger.error("Email already exists"),new P.APIError("BAD_REQUEST",{message:"Couldn't update your email"});if(e.context.session.user.emailVerified!==!0){let o=await e.context.internalAdapter.updateUserByEmail(e.context.session.user.email,{email:e.body.newEmail});return e.json({user:o,status:!0})}if(!e.context.options.user.changeEmail.sendChangeEmailVerification)throw e.context.logger.error("Verification email isn't enabled."),new P.APIError("BAD_REQUEST",{message:"Verification email isn't enabled"});let r=await z(e.context.secret,e.context.session.user.email,e.body.newEmail),n=`${e.context.baseURL}/verify-email?token=${r}&callbackURL=${e.body.callbackURL||e.query?.currentURL||"/"}`;return await e.context.options.user.changeEmail.sendChangeEmailVerification({user:e.context.session.user,newEmail:e.body.newEmail,url:n,token:r},e.request),e.json({user:null,status:!0})});var Mr=(e="Unknown")=>`<!DOCTYPE html>
4
4
  <html lang="en">
5
5
  <head>
6
6
  <meta charset="UTF-8">
@@ -80,4 +80,4 @@ Error: `,u),e.redirect(`${e.context.baseURL}/error?error=internal_server_error`)
80
80
  <div class="error-code">Error Code: <span id="errorCode">${e}</span></div>
81
81
  </div>
82
82
  </body>
83
- </html>`,nr=k("/error",{method:"GET",metadata:{...K,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string"}}}}}}}},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(zr(t),{headers:{"Content-Type":"text/html"}})});var or=k("/ok",{method:"GET",metadata:{...K,openapi:{description:"Check if the API is working",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean"}}}}}}}}}},async e=>e.json({ok:!0}));var W=require("zod");var V=require("better-call");var ir=()=>k("/sign-up/email",{method:"POST",query:W.z.object({currentURL:W.z.string().optional()}).optional(),body:W.z.record(W.z.string(),W.z.any()),metadata:{openapi:{description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["name","email","password"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},session:{type:"object"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new V.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:n,password:o,image:s,callbackURL:a,...u}=t;if(!W.z.string().email().safeParse(n).success)throw new V.APIError("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(o.length<d)throw e.context.logger.error("Password is too short"),new V.APIError("BAD_REQUEST",{message:"Password is too short"});let c=e.context.password.config.maxPasswordLength;if(o.length>c)throw e.context.logger.error("Password is too long"),new V.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(n))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${n}`),new V.APIError("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let p=Re(e.context.options,u),m;try{if(m=await e.context.internalAdapter.createUser({email:n.toLowerCase(),name:r,image:s,...p,emailVerified:!1}),!m)throw new V.APIError("BAD_REQUEST",{message:"Failed to create user"})}catch(y){throw e.context.logger.error("Failed to create user",y),new V.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:y})}if(!m)throw new V.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let f=await e.context.password.hash(o);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:f}),e.context.options.emailVerification?.sendOnSignUp){let y=await z(e.context.secret,m.email),h=`${e.context.baseURL}/verify-email?token=${y}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:m,url:h,token:y},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:m,session:null});let g=await e.context.internalAdapter.createSession(m.id,e.request);if(!g)throw new V.APIError("BAD_REQUEST",{message:"Failed to create session"});return await P(e,{session:g,user:m}),e.json({user:m,session:g})});var X=require("zod");var je=require("better-call");var sr=k("/list-accounts",{method:"GET",use:[D],metadata:{openapi:{description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},provider:{type:"string"}}}}}}}}}}},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(n=>({id:n.id,provider:n.providerId})))}),ar=k("/link-social",{method:"POST",requireHeaders:!0,query:X.z.object({currentURL:X.z.string().optional()}).optional(),body:X.z.object({callbackURL:X.z.string({description:"The URL to redirect to after the user has signed in"}).optional(),provider:X.z.enum(we,{description:"The OAuth2 provider to use"})}),use:[D],metadata:{openapi:{description:"Link a social account to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string"},redirect:{type:"boolean"}},required:["url","redirect"]}}}}}}}},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(u=>u.providerId===e.body.provider))throw new je.APIError("BAD_REQUEST",{message:"Social Account is already linked."});let o=e.context.socialProviders.find(u=>u.id===e.body.provider);if(!o)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new je.APIError("NOT_FOUND",{message:"Provider not found"});let s=await ie(e,{userId:t.user.id,email:t.user.email}),a=await o.createAuthorizationURL({state:s.state,codeVerifier:s.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${o.id}`});return e.json({url:a.toString(),redirect:!0})});function Ue(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(Ze)return r;let o=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],s=e instanceof Request?e.headers:e;for(let a of o){let u=s.get(a);if(typeof u=="string"){let i=u.split(",")[0].trim();if(i)return i}}return null}function Mr(e,t,r){let n=Date.now(),o=t*1e3;return n-r.lastRequest<o&&r.count>=e}function Hr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Gr(e,t){let r=Date.now(),n=t*1e3;return Math.ceil((e+n-r)/1e3)}function Kr(e,t){let r="rateLimit",n=e.adapter;return{get:async o=>await n.findOne({model:r,where:[{field:"key",value:o}]}),set:async(o,s,a)=>{try{a?await n.update({model:t??"rateLimit",where:[{field:"key",value:o}],update:{count:s.count,lastRequest:s.lastRequest}}):await n.create({model:t??"rateLimit",data:{key:o,count:s.count,lastRequest:s.lastRequest}})}catch(u){e.logger.error("Error setting rate limit",u)}}}}var dr=new Map;function Wr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let n=await e.options.secondaryStorage?.get(r);return n?JSON.parse(n):void 0},set:async(r,n)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(n))}}:e.rateLimit.storage==="memory"?{async get(r){return dr.get(r)},async set(r,n,o){dr.set(r,n)}}:Kr(e,e.rateLimit.modelName)}async function cr(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,n=e.url.replace(r,""),o=t.rateLimit.window,s=t.rateLimit.max,a=Ue(e,t.options)+n,i=Zr().find(p=>p.pathMatcher(n));i&&(o=i.window,s=i.max);for(let p of t.options.plugins||[])if(p.rateLimit){let m=p.rateLimit.find(f=>f.pathMatcher(n));if(m){o=m.window,s=m.max;break}}if(t.rateLimit.customRules){let p=t.rateLimit.customRules[n];p&&(o=p.window,s=p.max)}let d=Wr(t),c=await d.get(a),l=Date.now();if(!c)await d.set(a,{key:a,count:1,lastRequest:l});else{let p=l-c.lastRequest;if(Mr(s,o,c)){let m=Gr(c.lastRequest,o);return Hr(m)}else p>o*1e3?await d.set(a,{...c,count:1,lastRequest:l}):await d.set(a,{...c,count:c.count+1,lastRequest:l})}}function Zr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}var Qr=require("better-call");function Fe(e,t){let r=t.plugins?.reduce((u,i)=>({...u,...i.endpoints}),{}),n=t.plugins?.map(u=>u.middlewares?.map(i=>{let d=async c=>i.middleware({...c,context:{...e,...c.context}});return d.path=i.path,d.options=i.middleware.options,d.headers=i.middleware.headers,{path:i.path,middleware:d}})).filter(u=>u!==void 0).flat()||[],s={...{signInSocial:$t,callbackOAuth:Mt,getSession:Be(),signOut:Gt,signUpEmail:ir(),signInEmail:zt,forgetPassword:Wt,resetPassword:Qt,verifyEmail:Vt,sendVerificationEmail:Ft,changeEmail:rr,changePassword:Xt,setPassword:er,updateUser:Yt(),deleteUser:tr,forgetPasswordCallback:Zt,listSessions:Dt(),revokeSession:Bt,revokeSessions:qt,revokeOtherSessions:Nt,linkSocialAccount:ar,listUserAccounts:sr},...r,ok:or,error:nr},a={};for(let[u,i]of Object.entries(s))a[u]=async(d={})=>{i.headers=new Headers;let c={setHeader(y,h){i.headers.set(y,h)},setCookie(y,h,w){(0,U.setCookie)(i.headers,y,h,w)},getCookie(y,h){let b=d.headers?.get("cookie");return(0,U.getCookie)(b||"",y,h)},getSignedCookie(y,h,w){let b=d.headers;return b?(0,U.getSignedCookie)(b,h,y,w):null},async setSignedCookie(y,h,w,b){await(0,U.setSignedCookie)(i.headers,y,h,w,b)},redirect(y){return i.headers.set("Location",y),new U.APIError("FOUND")},responseHeader:i.headers},l=await e,p={...c,...d,path:i.path,context:{...l,...d.context,endpoint:i}};l.session=null;let m=t.plugins||[];for(let y of m){let h=y.hooks?.before??[];for(let w of h){if(!w.matcher(p))continue;let b=await w.handler(p);if(b&&"context"in b){p={...p,...b.context};continue}if(b)return b}}let f;try{f=await i(p)}catch(y){if(y instanceof U.APIError){let h=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!h?.length)throw y.headers=i.headers,y;p.context.returned=y,p.context.returned.headers=i.headers;for(let w of h||[])if(w.matcher(p))try{let E=await w.handler(p);E&&"response"in E&&(p.context.returned=E.response)}catch(E){if(E instanceof U.APIError){p.context.returned=E;continue}throw E}if(p.context.returned instanceof U.APIError)throw p.context.returned.headers=i.headers,p.context.returned;return p.context.returned}throw y}p.context.returned=f,p.responseHeader=i.headers;for(let y of t.plugins||[])if(y.hooks?.after){for(let h of y.hooks.after)if(h.matcher(p))try{let b=await h.handler(p);b&&(p.context.returned=b)}catch(b){if(b instanceof U.APIError){p.context.returned=b;continue}throw b}}let g=p.context.returned;return g instanceof Response&&i.headers.forEach((y,h)=>{h==="set-cookie"?g.headers.append(h,y):g.headers.set(h,y)}),g},a[u].path=i.path,a[u].method=i.method,a[u].options=i.options,a[u].headers=i.headers;return{api:a,middlewares:n}}var ur=(e,t)=>{let{api:r,middlewares:n}=Fe(e,t),o=new URL(e.baseURL).pathname;return(0,U.createRouter)(r,{extraContext:e,basePath:o,routerMiddleware:[{path:"/**",middleware:Ke},...n],async onRequest(s){for(let a of e.options.plugins||[])if(a.onRequest){let u=await a.onRequest(s,e);if(u&&"response"in u)return u.response}return cr(s,e)},async onResponse(s){for(let a of e.options.plugins||[])if(a.onResponse){let u=await a.onResponse(s,e);if(u)return u.response}return s},onError(s){if(s instanceof U.APIError&&s.status==="FOUND")return;if(t.onAPIError?.throw)throw s;if(t.onAPIError?.onError){t.onAPIError.onError(s,e);return}let a=t.logger?.level,u=a==="error"||a==="warn"||a==="debug"?I:void 0;if(t.logger?.disabled!==!0){if(s&&typeof s=="object"&&"message"in s&&typeof s.message=="string"&&(s.message.includes("no column")||s.message.includes("column")||s.message.includes("relation")||s.message.includes("table")||s.message.includes("does not exist"))){e.logger?.error(s.message),e.logger?.error("If you are seeing this error, it is likely that you need to run the migrations for the database or you need to update your database schema. If you recently updated the package, make sure to run the migrations.");return}s instanceof U.APIError?(s.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(s.status,s),u?.error(s.message)):e.logger?.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}})};var xr=require("defu");var ce=require("oslo/encoding");var lr=require("@noble/hashes/scrypt"),pr=require("uncrypto"),ee={N:16384,r:16,p:1,dkLen:64};async function fr(e,t){return await(0,lr.scryptAsync)(e.normalize("NFKC"),t,{N:ee.N,p:ee.p,r:ee.r,dkLen:ee.dkLen,maxmem:128*ee.N*ee.r*2})}var mr=async e=>{let t=(0,ce.encodeHex)((0,pr.getRandomValues)(new Uint8Array(16))),r=await fr(e,t);return`${t}:${(0,ce.encodeHex)(r)}`},gr=async(e,t)=>{let[r,n]=e.split(":"),o=await fr(t,r);return Ee(o,(0,ce.decodeHex)(n))};function hr(e,t){let r=t.hooks;async function n(a,u,i){let d=a;for(let p of r||[]){let m=p[u]?.create?.before;if(m){let f=await m(a);if(f===!1)return null;typeof f=="object"&&"data"in f&&(d=f.data)}}let c=i?await i.fn(d):null,l=!i||i.executeMainFn?await e.create({model:u,data:d}):c;for(let p of r||[]){let m=p[u]?.create?.after;m&&await m(l)}return l}async function o(a,u,i,d){let c=a;for(let m of r||[]){let f=m[i]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.update({model:i,update:c,where:u}):l;for(let m of r||[]){let f=m[i]?.update?.after;f&&await f(p)}return p}async function s(a,u,i,d){let c=a;for(let m of r||[]){let f=m[i]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.updateMany({model:i,update:c,where:u}):l;for(let m of r||[]){let f=m[i]?.update?.after;f&&await f(p)}return p}return{createWithHooks:n,updateWithHooks:o,updateManyWithHooks:s}}var Ve=(e,t)=>{let r=t.options,n=r.secondaryStorage,o=r.session?.expiresIn||60*60*24*7,{createWithHooks:s,updateWithHooks:a,updateManyWithHooks:u}=hr(e,t);return{createOAuthUser:async(i,d)=>{try{let c=await s({createdAt:new Date,updatedAt:new Date,...i},"user"),l=await s({...d,userId:c.id||i.id,createdAt:new Date,updatedAt:new Date},"account");return{user:c,account:l}}catch(c){return console.log(c),null}},createUser:async i=>await s({createdAt:new Date,updatedAt:new Date,emailVerified:!1,...i},"user"),createAccount:async i=>await s({createdAt:new Date,updatedAt:new Date,...i},"account"),listSessions:async i=>{if(n){let c=await n.get(`active-sessions-${i}`);if(!c)return[];let l=Q(c)||[],p=Date.now(),m=l.filter(g=>g.expiresAt>p),f=[];for(let g of m){let y=await n.get(g.token);if(y){let h=JSON.parse(y),w=ve(t.options,{...h.session,expiresAt:new Date(h.session.expiresAt)});f.push(w)}}return f}return await e.findMany({model:"session",where:[{field:"userId",value:i}]})},listUsers:async(i,d,c,l)=>await e.findMany({model:"user",limit:i,offset:d,sortBy:c,where:l}),deleteUser:async i=>{await e.deleteMany({model:"session",where:[{field:"userId",value:i}]}),await e.deleteMany({model:"account",where:[{field:"userId",value:i}]}),await e.delete({model:"user",where:[{field:"id",value:i}]})},createSession:async(i,d,c,l)=>{let p=d instanceof Request?d.headers:d,{id:m,...f}=l||{},g={ipAddress:d&&Ue(d,t.options)||"",userAgent:p?.get("user-agent")||"",...f,expiresAt:c?q(60*60*24,"sec"):q(o,"sec"),userId:i,token:N(32),createdAt:new Date,updatedAt:new Date};return await s(g,"session",n?{fn:async()=>{let h=await e.findOne({model:"user",where:[{field:"id",value:i}]});n.set(g.token,JSON.stringify({session:g,user:h}),o);let w=await n.get(`active-sessions-${i}`),b=[],E=Date.now();return w&&(b=Q(w)||[],b=b.filter(Rr=>Rr.expiresAt>E)),b.push({token:g.token,expiresAt:E+o*1e3}),await n.set(`active-sessions-${i}`,JSON.stringify(b),o),g},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async i=>{if(n){let p=await n.get(i);if(p){let m=JSON.parse(p),f=ve(t.options,{...m.session,expiresAt:new Date(m.session.expiresAt),createdAt:new Date(m.session.createdAt),updatedAt:new Date(m.session.updatedAt)}),g=Ne(t.options,{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)});return{session:f,user:g}}}let d=await e.findOne({model:"session",where:[{value:i,field:"token"}]});if(!d)return null;let c=await e.findOne({model:"user",where:[{value:d.userId,field:"id"}]});if(!c)return null;let l=Ne(t.options,c);return{session:ve(t.options,d),user:l}},findSessions:async i=>{if(n){let p=[];for(let m of i){let f=await n.get(m);if(f){let g=JSON.parse(f),y={session:{...g.session,expiresAt:new Date(g.session.expiresAt)},user:{...g.user,createdAt:new Date(g.user.createdAt),updatedAt:new Date(g.user.updatedAt)}};p.push(y)}}return p}let d=await e.findMany({model:"session",where:[{field:"token",value:i,operator:"in"}]}),c=d.map(p=>p.userId);if(!c.length)return[];let l=await e.findMany({model:"user",where:[{field:"id",value:c,operator:"in"}]});return d.map(p=>{let m=l.find(f=>f.id===p.userId);return m?{session:p,user:m}:null})},updateSession:async(i,d)=>await a(d,[{field:"token",value:i}],"session",n?{async fn(l){let p=await n.get(i),m=null;if(p){let f=JSON.parse(p);return m={...f.session,...l},await n.set(i,JSON.stringify({session:m,user:f.user}),f.session.expiresAt?Math.floor((f.session.expiresAt.getTime()-Date.now())/1e3):o),m}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async i=>{if(n){await n.delete(i),r.session?.storeSessionInDatabase&&await e.delete({model:"session",where:[{field:"token",value:i}]});return}await e.delete({model:"session",where:[{field:"token",value:i}]})},deleteSessions:async i=>{if(n){if(typeof i=="string"){let d=await n.get(`active-sessions-${i}`),c=d?Q(d):[];if(!c)return;for(let l of c)await n.delete(l.token)}else for(let d of i)await n.get(d)&&await n.delete(d);r.session?.storeSessionInDatabase&&await e.deleteMany({model:"session",where:[{field:Array.isArray(i)?"token":"userId",value:i,operator:Array.isArray(i)?"in":void 0}]});return}await e.deleteMany({model:"session",where:[{field:Array.isArray(i)?"token":"userId",value:i,operator:Array.isArray(i)?"in":void 0}]})},findUserByEmail:async(i,d)=>{let c=await e.findOne({model:"user",where:[{value:i.toLowerCase(),field:"email"}]});if(!c)return null;if(d?.includeAccounts){let l=await e.findMany({model:"account",where:[{value:c.id,field:"userId"}]});return{user:c,accounts:l}}return{user:c,accounts:[]}},findUserById:async i=>await e.findOne({model:"user",where:[{field:"id",value:i}]}),linkAccount:async i=>await s({...i,createdAt:new Date,updatedAt:new Date},"account"),updateUser:async(i,d)=>await a(d,[{field:"id",value:i}],"user"),updateUserByEmail:async(i,d)=>await a(d,[{field:"email",value:i}],"user"),updatePassword:async(i,d)=>{await u({password:d},[{field:"userId",value:i},{field:"providerId",value:"credential"}],"account")},findAccounts:async i=>await e.findMany({model:"account",where:[{field:"userId",value:i}]}),findAccount:async i=>await e.findOne({model:"account",where:[{field:"accountId",value:i}]}),findAccountByUserId:async i=>await e.findMany({model:"account",where:[{field:"userId",value:i}]}),updateAccount:async(i,d)=>await a(d,[{field:"id",value:i}],"account"),createVerificationValue:async i=>await s({createdAt:new Date,updatedAt:new Date,...i},"verification"),findVerificationValue:async i=>(await e.findMany({model:"verification",where:[{field:"identifier",value:i}],sortBy:{field:"createdAt",direction:"desc"},limit:10}))[0],deleteVerificationValue:async i=>{await e.delete({model:"verification",where:[{field:"id",value:i}]})},deleteVerificationByIdentifier:async i=>{await e.delete({model:"verification",where:[{field:"identifier",value:i}]})},updateVerificationValue:async(i,d)=>await a(d,[{field:"id",value:i}],"verification")}};var M=e=>{let t=e.plugins?.reduce((i,d)=>{let c=d.schema;if(!c)return i;for(let[l,p]of Object.entries(c))i[l]={fields:{...i[l]?.fields,...p.fields},modelName:p.modelName||l};return i},{}),r=e.rateLimit?.storage==="database",n={rateLimit:{modelName:e.rateLimit?.modelName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:o,session:s,account:a,...u}=t||{};return{user:{modelName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...o?.fields,...e.user?.additionalFields},order:1},session:{modelName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},token:{type:"string",required:!0,fieldName:e.session?.fields?.token||"token",unique:!0},createdAt:{type:"date",required:!0,fieldName:e.session?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.session?.fields?.updatedAt||"updatedAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...s?.fields,...e.session?.additionalFields},order:2},account:{modelName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},accessTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"accessTokenExpiresAt"},refreshTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"refreshTokenExpiresAt"},scope:{type:"string",required:!1,fieldName:e.account?.fields?.scope||"scope"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},createdAt:{type:"date",required:!0,fieldName:e.account?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.account?.fields?.updatedAt||"updatedAt"},...a?.fields},order:3},verification:{modelName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"},createdAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.updatedAt||"updatedAt"}},order:4},...u,...r?n:{}}};var Jr=require("zod");var ue=require("kysely"),H=require("kysely");function yr(e){if(!e)return null;if("dialect"in e)return yr(e.dialect);if("createDriver"in e){if(e instanceof H.SqliteDialect)return"sqlite";if(e instanceof H.MysqlDialect)return"mysql";if(e instanceof H.PostgresDialect)return"postgres";if(e instanceof ue.MssqlDialect)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var $e=async e=>{let t=e.database;if(!t)return{kysely:null,databaseType:null};if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new ue.Kysely({dialect:t.dialect}),databaseType:t.type};let r,n=yr(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new H.SqliteDialect({database:t})),"getConnection"in t&&(r=new H.MysqlDialect(t)),"connect"in t&&(r=new H.PostgresDialect({pool:t})),{kysely:r?new ue.Kysely({dialect:r}):null,databaseType:n}};var Yr=(e,t,r)=>{let n=M(t);function o(d,c){if(c==="id")return c;let l=n[d].fields[c];return l||console.log("Field not found",d,c),l.fieldName||c}function s(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"?d?1:0:m.type==="date"&&d&&d instanceof Date&&p==="sqlite"?d.toISOString():d}function a(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"&&d!==null?d===1:m.type==="date"&&d?new Date(d):d}function u(d){return n[d].modelName}let i=t?.advanced?.generateId===!1;return{transformInput(d,c,l){let p=i||l==="update"?{}:{id:d.id||(t.advanced?.generateId?t.advanced.generateId({model:c}):N())};for(let m in d){let f=n[c].fields[m];f&&(p[f.fieldName||m]=s(d[m],c,m))}return p},transformOutput(d,c,l=[]){if(!d)return null;let p=d.id?l.length===0||l.includes("id")?{id:d.id}:{}:{},m=n[c].fields;for(let f in m){if(l.length&&!l.includes(f))continue;let g=m[f];g&&(p[f]=a(d[g.fieldName||f],c,f))}return p},convertWhereClause(d,c){if(!c)return{and:null,or:null};let l={and:[],or:[]};return c.forEach(p=>{let{field:m,value:f,operator:g="=",connector:y="AND"}=p,h=o(d,m),w=b=>g.toLowerCase()==="in"?b(h,"in",Array.isArray(f)?f:[f]):g==="contains"?b(h,"like",`%${f}%`):g==="starts_with"?b(h,"like",`${f}%`):g==="ends_with"?b(h,"like",`%${f}`):g==="eq"?b(h,"=",f):g==="ne"?b(h,"<>",f):g==="gt"?b(h,">",f):g==="gte"?b(h,">=",f):g==="lt"?b(h,"<",f):g==="lte"?b(h,"<=",f):b(h,g,f);y==="OR"?l.or.push(w):l.and.push(w)}),{and:l.and.length?l.and:null,or:l.or.length?l.or:null}},async withReturning(d,c,l,p){let m;if(r?.type!=="mysql")m=await c.returningAll().executeTakeFirst();else{await c.execute();let f=d.id?"id":p[0].field?p[0].field:"id",g=d[f]||p[0].value;m=await e.selectFrom(u(l)).selectAll().where(o(l,f),"=",g).executeTakeFirst()}return m},getModelName:u,getField:o}},wr=(e,t)=>r=>{let{transformInput:n,withReturning:o,transformOutput:s,convertWhereClause:a,getModelName:u,getField:i}=Yr(e,r,t);return{id:"kysely",async create(d){let{model:c,data:l,select:p}=d,m=n(l,c,"create"),f=e.insertInto(u(c)).values(m);return s(await o(m,f,c,[]),c,p)},async findOne(d){let{model:c,where:l,select:p}=d,{and:m,or:f}=a(c,l),g=e.selectFrom(u(c)).selectAll();m&&(g=g.where(h=>h.and(m.map(w=>w(h))))),f&&(g=g.where(h=>h.or(f.map(w=>w(h)))));let y=await g.executeTakeFirst();return y?s(y,c,p):null},async findMany(d){let{model:c,where:l,limit:p,offset:m,sortBy:f}=d,{and:g,or:y}=a(c,l),h=e.selectFrom(u(c));g&&(h=h.where(b=>b.and(g.map(E=>E(b))))),y&&(h=h.where(b=>b.or(y.map(E=>E(b))))),h=h.limit(p||100),m&&(h=h.offset(m)),f&&(h=h.orderBy(i(c,f.field),f.direction));let w=await h.selectAll().execute();return w?w.map(b=>s(b,c)):[]},async update(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),await s(await o(g,y,c,l),c)},async updateMany(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),(await y.execute()).length},async delete(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),await f.execute()},async deleteMany(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));return p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),(await f.execute()).length},options:t}};var Xr=e=>{let t=M(e);function r(n,o){return o==="id"?o:t[n].fields[o].fieldName||o}return{transformInput(n,o,s){let a=s==="update"?{}:{id:n.id||(e.advanced?.generateId?e.advanced.generateId({model:o}):N())};for(let u in n){let i=t[o].fields[u];i&&(a[i.fieldName||u]=n[u])}return a},transformOutput(n,o,s=[]){if(!n)return null;let a=n.id||n._id?s.length===0||s.includes("id")?{id:n.id}:{}:{},u=t[o].fields;for(let i in u){if(s.length&&!s.includes(i))continue;let d=u[i];d&&(a[i]=n[d.fieldName||i])}return a},convertWhereClause(n,o,s){return o.filter(a=>n.every(u=>{let{field:i,value:d,operator:c}=u,l=r(s,i);if(c==="in"){if(!Array.isArray(d))throw new Error("Value must be an array");return d.includes(a[l])}else return c==="contains"?a[l].includes(d):c==="starts_with"?a[l].startsWith(d):c==="ends_with"?a[l].endsWith(d):a[l]===d}))},getField:r}},br=e=>t=>{let{transformInput:r,transformOutput:n,convertWhereClause:o,getField:s}=Xr(t);return{id:"memory",create:async({model:a,data:u})=>{let i=r(u,a,"create");return e[a].push(i),n(i,a)},findOne:async({model:a,where:u,select:i})=>{let d=e[a],l=o(u,d,a)[0]||null;return n(l,a,i)},findMany:async({model:a,where:u,sortBy:i,limit:d,offset:c})=>{let l=e[a];return u&&(l=o(u,l,a)),i&&(l=l.sort((p,m)=>{let f=s(a,i.field);return i.direction==="asc"?p[f]>m[f]?1:-1:p[f]<m[f]?1:-1})),c!==void 0&&(l=l.slice(c)),d!==void 0&&(l=l.slice(0,d)),l.map(p=>n(p,a))},update:async({model:a,where:u,update:i})=>{let d=e[a],c=o(u,d,a);return c.forEach(l=>{Object.assign(l,r(i,a,"update"))}),n(c[0],a)},delete:async({model:a,where:u})=>{let i=e[a],d=o(u,i,a);e[a]=i.filter(c=>!d.includes(c))},deleteMany:async({model:a,where:u})=>{let i=e[a],d=o(u,i,a),c=0;return e[a]=i.filter(l=>d.includes(l)?(c++,!1):!d.includes(l)),c},updateMany(a){let{model:u,where:i,update:d}=a,c=e[u],l=o(i,c,u);return l.forEach(p=>{Object.assign(p,d)}),l[0]||null}}};async function Ar(e){if(!e.database){let n=M(e),o=Object.keys(n).reduce((s,a)=>(s[a]=[],s),{});return I.warn("No database configuration provided. Using memory adapter in development"),br(o)(e)}if(typeof e.database=="function")return e.database(e);let{kysely:t,databaseType:r}=await $e(e);if(!t)throw new L("Failed to initialize database adapter");return wr(t,{type:r||"sqlite"})(e)}var ze="better-auth-secret-123456789";var Me=require("better-call");async function kr(e,t){let n=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),o=n?.password;if(!n||!o)throw new Me.APIError("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(o,t.body.password))throw new Me.APIError("BAD_REQUEST",{message:"Invalid password"});return!0}var vr=async e=>{let t=await Ar(e),r=e.plugins||[],n=tn(e),o=se(e.logger),s=oe(e.baseURL,e.basePath),a=e.secret||_.BETTER_AUTH_SECRET||_.AUTH_SECRET||ze;a===ze&&ne&&o.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:s?new URL(s).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(n),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let u=Oe(e),i=M(e),d=Object.keys(e.socialProviders||{}).map(m=>{let f=e.socialProviders?.[m];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&o.warn(`Social provider ${m} is missing clientId or clientSecret`),De[m](f))}).filter(m=>m!==null),c=({model:m,size:f})=>typeof e?.advanced?.generateId=="function"?e.advanced.generateId({model:m,size:f}):N(f),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:i,trustedOrigins:rn(e),baseURL:s||"",sessionConfig:{updateAge:e.session?.updateAge!==void 0?e.session.updateAge:24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7,freshAge:e.session?.freshAge||60*5},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??ne,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:u,logger:o,generateId:c,session:null,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||mr,verify:e.emailAndPassword?.password?.verify||gr,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:kr},adapter:t,internalAdapter:Ve(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[],generateId:c}),createAuthCookie:ge(e)},{context:p}=en(l);return p};function en(e){let t=e.options,r=t.plugins||[],n=e,o=[];for(let s of r)if(s.init){let a=s.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&o.push(a.options.databaseHooks),t=(0,xr.defu)(t,a.options)),a.context&&(n={...n,...a.context}))}return o.push(t.databaseHooks),n.internalAdapter=Ve(e.adapter,{options:t,hooks:o.filter(s=>s!==void 0),generateId:e.generateId}),n.options=t,{context:n}}function tn(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function rn(e){let t=oe(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let n=_.BETTER_AUTH_TRUSTED_ORIGINS;return n&&r.push(...n.split(",")),r}var nn=e=>{let t=vr(e),{api:r}=Fe(t,e);return{handler:async n=>{let o=await t,s=o.options.basePath||"/api/auth",a=new URL(n.url);if(!o.options.baseURL){let i=oe(void 0,s)||`${a.origin}${s}`;o.options.baseURL=i,o.baseURL=i}o.trustedOrigins=[...e.trustedOrigins||[],o.baseURL,a.origin];let{handler:u}=ur(o,e);return u(n)},api:r,options:e,$context:t,$Infer:{}}};0&&(module.exports={BetterAuthError,HIDE_METADATA,MissingDependencyError,betterAuth,capitalizeFirstLetter,createCookieGetter,createLogger,deleteSessionCookie,generateId,generateState,getCookies,levels,logger,parseCookies,parseSetCookieHeader,parseState,setSessionCookie,shouldPublishLog});
83
+ </html>`,nr=k("/error",{method:"GET",metadata:{...K,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string"}}}}}}}},async e=>{let t=new URL(e.request?.url||"").searchParams.get("error")||"Unknown";return new Response(Mr(t),{headers:{"Content-Type":"text/html"}})});var or=k("/ok",{method:"GET",metadata:{...K,openapi:{description:"Check if the API is working",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean"}}}}}}}}}},async e=>e.json({ok:!0}));var W=require("zod");var F=require("better-call");var ir=()=>k("/sign-up/email",{method:"POST",query:W.z.object({currentURL:W.z.string().optional()}).optional(),body:W.z.record(W.z.string(),W.z.any()),metadata:{openapi:{description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"}},required:["name","email","password"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object"},session:{type:"object"}}}}}}}}}},async e=>{if(!e.context.options.emailAndPassword?.enabled)throw new F.APIError("BAD_REQUEST",{message:"Email and password sign up is not enabled"});let t=e.body,{name:r,email:n,password:o,image:s,callbackURL:a,...u}=t;if(!W.z.string().email().safeParse(n).success)throw new F.APIError("BAD_REQUEST",{message:"Invalid email"});let d=e.context.password.config.minPasswordLength;if(o.length<d)throw e.context.logger.error("Password is too short"),new F.APIError("BAD_REQUEST",{message:"Password is too short"});let c=e.context.password.config.maxPasswordLength;if(o.length>c)throw e.context.logger.error("Password is too long"),new F.APIError("BAD_REQUEST",{message:"Password is too long"});if((await e.context.internalAdapter.findUserByEmail(n))?.user)throw e.context.logger.info(`Sign-up attempt for existing email: ${n}`),new F.APIError("UNPROCESSABLE_ENTITY",{message:"User with this email already exists"});let p=Re(e.context.options,u),m;try{if(m=await e.context.internalAdapter.createUser({email:n.toLowerCase(),name:r,image:s,...p,emailVerified:!1}),!m)throw new F.APIError("BAD_REQUEST",{message:"Failed to create user"})}catch(y){throw e.context.logger.error("Failed to create user",y),new F.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user",details:y})}if(!m)throw new F.APIError("UNPROCESSABLE_ENTITY",{message:"Failed to create user"});let f=await e.context.password.hash(o);if(await e.context.internalAdapter.linkAccount({userId:m.id,providerId:"credential",accountId:m.id,password:f}),e.context.options.emailVerification?.sendOnSignUp){let y=await z(e.context.secret,m.email),h=`${e.context.baseURL}/verify-email?token=${y}&callbackURL=${t.callbackURL||e.query?.currentURL||"/"}`;await e.context.options.emailVerification?.sendVerificationEmail?.({user:m,url:h,token:y},e.request)}if(!e.context.options.emailAndPassword.autoSignIn||e.context.options.emailAndPassword.requireEmailVerification)return e.json({user:m,session:null});let g=await e.context.internalAdapter.createSession(m.id,e.request);if(!g)throw new F.APIError("BAD_REQUEST",{message:"Failed to create session"});return await S(e,{session:g,user:m}),e.json({user:m,session:g})});var ee=require("zod");var je=require("better-call");var sr=k("/list-accounts",{method:"GET",use:[D],metadata:{openapi:{description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},provider:{type:"string"}}}}}}}}}}},async e=>{let t=e.context.session,r=await e.context.internalAdapter.findAccounts(t.user.id);return e.json(r.map(n=>({id:n.id,provider:n.providerId})))}),ar=k("/link-social",{method:"POST",requireHeaders:!0,query:ee.z.object({currentURL:ee.z.string().optional()}).optional(),body:ee.z.object({callbackURL:ee.z.string({description:"The URL to redirect to after the user has signed in"}).optional(),provider:ee.z.enum(we,{description:"The OAuth2 provider to use"})}),use:[D],metadata:{openapi:{description:"Link a social account to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string"},redirect:{type:"boolean"}},required:["url","redirect"]}}}}}}}},async e=>{let t=e.context.session;if((await e.context.internalAdapter.findAccounts(t.user.id)).find(u=>u.providerId===e.body.provider))throw new je.APIError("BAD_REQUEST",{message:"Social Account is already linked."});let o=e.context.socialProviders.find(u=>u.id===e.body.provider);if(!o)throw e.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:e.body.provider}),new je.APIError("NOT_FOUND",{message:"Provider not found"});let s=await se(e,{userId:t.user.id,email:t.user.email}),a=await o.createAuthorizationURL({state:s.state,codeVerifier:s.codeVerifier,redirectURI:`${e.context.baseURL}/callback/${o.id}`});return e.json({url:a.toString(),redirect:!0})});function Ue(e,t){if(t.advanced?.ipAddress?.disableIpTracking)return null;let r="127.0.0.1";if(Qe)return r;let o=t.advanced?.ipAddress?.ipAddressHeaders||["x-client-ip","x-forwarded-for","cf-connecting-ip","fastly-client-ip","x-real-ip","x-cluster-client-ip","x-forwarded","forwarded-for","forwarded"],s=e instanceof Request?e.headers:e;for(let a of o){let u=s.get(a);if(typeof u=="string"){let i=u.split(",")[0].trim();if(i)return i}}return null}function Hr(e,t,r){let n=Date.now(),o=t*1e3;return n-r.lastRequest<o&&r.count>=e}function Gr(e){return new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":e.toString()}})}function Kr(e,t){let r=Date.now(),n=t*1e3;return Math.ceil((e+n-r)/1e3)}function Wr(e,t){let r="rateLimit",n=e.adapter;return{get:async o=>await n.findOne({model:r,where:[{field:"key",value:o}]}),set:async(o,s,a)=>{try{a?await n.update({model:t??"rateLimit",where:[{field:"key",value:o}],update:{count:s.count,lastRequest:s.lastRequest}}):await n.create({model:t??"rateLimit",data:{key:o,count:s.count,lastRequest:s.lastRequest}})}catch(u){e.logger.error("Error setting rate limit",u)}}}}var dr=new Map;function Qr(e){return e.rateLimit.storage==="secondary-storage"?{get:async r=>{let n=await e.options.secondaryStorage?.get(r);return n?JSON.parse(n):void 0},set:async(r,n)=>{await e.options.secondaryStorage?.set?.(r,JSON.stringify(n))}}:e.rateLimit.storage==="memory"?{async get(r){return dr.get(r)},async set(r,n,o){dr.set(r,n)}}:Wr(e,e.rateLimit.modelName)}async function cr(e,t){if(!t.rateLimit.enabled)return;let r=t.baseURL,n=e.url.replace(r,""),o=t.rateLimit.window,s=t.rateLimit.max,a=Ue(e,t.options)+n,i=Zr().find(p=>p.pathMatcher(n));i&&(o=i.window,s=i.max);for(let p of t.options.plugins||[])if(p.rateLimit){let m=p.rateLimit.find(f=>f.pathMatcher(n));if(m){o=m.window,s=m.max;break}}if(t.rateLimit.customRules){let p=t.rateLimit.customRules[n];p&&(o=p.window,s=p.max)}let d=Qr(t),c=await d.get(a),l=Date.now();if(!c)await d.set(a,{key:a,count:1,lastRequest:l});else{let p=l-c.lastRequest;if(Hr(s,o,c)){let m=Kr(c.lastRequest,o);return Gr(m)}else p>o*1e3?await d.set(a,{...c,count:1,lastRequest:l}):await d.set(a,{...c,count:c.count+1,lastRequest:l})}}function Zr(){return[{pathMatcher(t){return t.startsWith("/sign-in")||t.startsWith("/sign-up")||t.startsWith("/change-password")||t.startsWith("/change-email")},window:10,max:3}]}var Jr=require("better-call");function Ve(e,t){let r=t.plugins?.reduce((u,i)=>({...u,...i.endpoints}),{}),n=t.plugins?.map(u=>u.middlewares?.map(i=>{let d=async c=>i.middleware({...c,context:{...e,...c.context}});return d.path=i.path,d.options=i.middleware.options,d.headers=i.middleware.headers,{path:i.path,middleware:d}})).filter(u=>u!==void 0).flat()||[],s={...{signInSocial:$t,callbackOAuth:Mt,getSession:Be(),signOut:Gt,signUpEmail:ir(),signInEmail:zt,forgetPassword:Wt,resetPassword:Zt,verifyEmail:Ft,sendVerificationEmail:Vt,changeEmail:rr,changePassword:Xt,setPassword:er,updateUser:Yt(),deleteUser:tr,forgetPasswordCallback:Qt,listSessions:Dt(),revokeSession:Bt,revokeSessions:qt,revokeOtherSessions:Nt,linkSocialAccount:ar,listUserAccounts:sr},...r,ok:or,error:nr},a={};for(let[u,i]of Object.entries(s))a[u]=async(d={})=>{i.headers=new Headers;let c={setHeader(y,h){i.headers.set(y,h)},setCookie(y,h,w){(0,U.setCookie)(i.headers,y,h,w)},getCookie(y,h){let b=d.headers?.get("cookie");return(0,U.getCookie)(b||"",y,h)},getSignedCookie(y,h,w){let b=d.headers;return b?(0,U.getSignedCookie)(b,h,y,w):null},async setSignedCookie(y,h,w,b){await(0,U.setSignedCookie)(i.headers,y,h,w,b)},redirect(y){return i.headers.set("Location",y),new U.APIError("FOUND")},responseHeader:i.headers},l=await e,p={...c,...d,path:i.path,context:{...l,...d.context,endpoint:i}};l.session=null;let m=t.plugins||[];for(let y of m){let h=y.hooks?.before??[];for(let w of h){if(!w.matcher(p))continue;let b=await w.handler(p);if(b&&"context"in b){p={...p,...b.context};continue}if(b)return b}}let f;try{f=await i(p)}catch(y){if(y instanceof U.APIError){let h=t.plugins?.map(w=>{if(w.hooks?.after)return w.hooks.after}).filter(w=>w!==void 0).flat();if(!h?.length)throw y.headers=i.headers,y;p.context.returned=y,p.context.returned.headers=i.headers;for(let w of h||[])if(w.matcher(p))try{let E=await w.handler(p);E&&"response"in E&&(p.context.returned=E.response)}catch(E){if(E instanceof U.APIError){p.context.returned=E;continue}throw E}if(p.context.returned instanceof U.APIError)throw p.context.returned.headers=i.headers,p.context.returned;return p.context.returned}throw y}p.context.returned=f,p.responseHeader=i.headers;for(let y of t.plugins||[])if(y.hooks?.after){for(let h of y.hooks.after)if(h.matcher(p))try{let b=await h.handler(p);b&&(p.context.returned=b)}catch(b){if(b instanceof U.APIError){p.context.returned=b;continue}throw b}}let g=p.context.returned;return g instanceof Response&&i.headers.forEach((y,h)=>{h==="set-cookie"?g.headers.append(h,y):g.headers.set(h,y)}),g},a[u].path=i.path,a[u].method=i.method,a[u].options=i.options,a[u].headers=i.headers;return{api:a,middlewares:n}}var ur=(e,t)=>{let{api:r,middlewares:n}=Ve(e,t),o=new URL(e.baseURL).pathname;return(0,U.createRouter)(r,{extraContext:e,basePath:o,routerMiddleware:[{path:"/**",middleware:Ke},...n],async onRequest(s){for(let a of e.options.plugins||[])if(a.onRequest){let u=await a.onRequest(s,e);if(u&&"response"in u)return u.response}return cr(s,e)},async onResponse(s){for(let a of e.options.plugins||[])if(a.onResponse){let u=await a.onResponse(s,e);if(u)return u.response}return s},onError(s){if(s instanceof U.APIError&&s.status==="FOUND")return;if(t.onAPIError?.throw)throw s;if(t.onAPIError?.onError){t.onAPIError.onError(s,e);return}let a=t.logger?.level,u=a==="error"||a==="warn"||a==="debug"?I:void 0;if(t.logger?.disabled!==!0){if(s&&typeof s=="object"&&"message"in s&&typeof s.message=="string"&&(s.message.includes("no column")||s.message.includes("column")||s.message.includes("relation")||s.message.includes("table")||s.message.includes("does not exist"))){e.logger?.error(s.message),e.logger?.error("If you are seeing this error, it is likely that you need to run the migrations for the database or you need to update your database schema. If you recently updated the package, make sure to run the migrations.");return}s instanceof U.APIError?(s.status==="INTERNAL_SERVER_ERROR"&&e.logger.error(s.status,s),u?.error(s.message)):e.logger?.error(s&&typeof s=="object"&&"name"in s?s.name:"",s)}}})};var xr=require("defu");var ce=require("oslo/encoding");var lr=require("@noble/hashes/scrypt"),pr=require("uncrypto"),te={N:16384,r:16,p:1,dkLen:64};async function fr(e,t){return await(0,lr.scryptAsync)(e.normalize("NFKC"),t,{N:te.N,p:te.p,r:te.r,dkLen:te.dkLen,maxmem:128*te.N*te.r*2})}var mr=async e=>{let t=(0,ce.encodeHex)((0,pr.getRandomValues)(new Uint8Array(16))),r=await fr(e,t);return`${t}:${(0,ce.encodeHex)(r)}`},gr=async(e,t)=>{let[r,n]=e.split(":"),o=await fr(t,r);return Ee(o,(0,ce.decodeHex)(n))};function hr(e,t){let r=t.hooks;async function n(a,u,i){let d=a;for(let p of r||[]){let m=p[u]?.create?.before;if(m){let f=await m(a);if(f===!1)return null;typeof f=="object"&&"data"in f&&(d=f.data)}}let c=i?await i.fn(d):null,l=!i||i.executeMainFn?await e.create({model:u,data:d}):c;for(let p of r||[]){let m=p[u]?.create?.after;m&&await m(l)}return l}async function o(a,u,i,d){let c=a;for(let m of r||[]){let f=m[i]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.update({model:i,update:c,where:u}):l;for(let m of r||[]){let f=m[i]?.update?.after;f&&await f(p)}return p}async function s(a,u,i,d){let c=a;for(let m of r||[]){let f=m[i]?.update?.before;if(f){let g=await f(a);if(g===!1)return null;c=typeof g=="object"?g.data:g}}let l=d?await d.fn(c):null,p=!d||d.executeMainFn?await e.updateMany({model:i,update:c,where:u}):l;for(let m of r||[]){let f=m[i]?.update?.after;f&&await f(p)}return p}return{createWithHooks:n,updateWithHooks:o,updateManyWithHooks:s}}var Fe=(e,t)=>{let r=t.options,n=r.secondaryStorage,o=r.session?.expiresIn||60*60*24*7,{createWithHooks:s,updateWithHooks:a,updateManyWithHooks:u}=hr(e,t);return{createOAuthUser:async(i,d)=>{try{let c=await s({createdAt:new Date,updatedAt:new Date,...i},"user"),l=await s({...d,userId:c.id||i.id,createdAt:new Date,updatedAt:new Date},"account");return{user:c,account:l}}catch(c){return console.log(c),null}},createUser:async i=>await s({createdAt:new Date,updatedAt:new Date,emailVerified:!1,...i},"user"),createAccount:async i=>await s({createdAt:new Date,updatedAt:new Date,...i},"account"),listSessions:async i=>{if(n){let c=await n.get(`active-sessions-${i}`);if(!c)return[];let l=Z(c)||[],p=Date.now(),m=l.filter(g=>g.expiresAt>p),f=[];for(let g of m){let y=await n.get(g.token);if(y){let h=JSON.parse(y),w=ve(t.options,{...h.session,expiresAt:new Date(h.session.expiresAt)});f.push(w)}}return f}return await e.findMany({model:"session",where:[{field:"userId",value:i}]})},listUsers:async(i,d,c,l)=>await e.findMany({model:"user",limit:i,offset:d,sortBy:c,where:l}),deleteUser:async i=>{await e.deleteMany({model:"session",where:[{field:"userId",value:i}]}),await e.deleteMany({model:"account",where:[{field:"userId",value:i}]}),await e.delete({model:"user",where:[{field:"id",value:i}]})},createSession:async(i,d,c,l)=>{let p=d instanceof Request?d.headers:d,{id:m,...f}=l||{},g={ipAddress:d&&Ue(d,t.options)||"",userAgent:p?.get("user-agent")||"",...f,expiresAt:c?q(60*60*24,"sec"):q(o,"sec"),userId:i,token:N(32),createdAt:new Date,updatedAt:new Date};return await s(g,"session",n?{fn:async()=>{let h=await e.findOne({model:"user",where:[{field:"id",value:i}]});n.set(g.token,JSON.stringify({session:g,user:h}),o);let w=await n.get(`active-sessions-${i}`),b=[],E=Date.now();return w&&(b=Z(w)||[],b=b.filter(Rr=>Rr.expiresAt>E)),b.push({token:g.token,expiresAt:E+o*1e3}),await n.set(`active-sessions-${i}`,JSON.stringify(b),o),g},executeMainFn:r.session?.storeSessionInDatabase}:void 0)},findSession:async i=>{if(n){let p=await n.get(i);if(p){let m=JSON.parse(p),f=ve(t.options,{...m.session,expiresAt:new Date(m.session.expiresAt),createdAt:new Date(m.session.createdAt),updatedAt:new Date(m.session.updatedAt)}),g=Ne(t.options,{...m.user,createdAt:new Date(m.user.createdAt),updatedAt:new Date(m.user.updatedAt)});return{session:f,user:g}}}let d=await e.findOne({model:"session",where:[{value:i,field:"token"}]});if(!d)return null;let c=await e.findOne({model:"user",where:[{value:d.userId,field:"id"}]});if(!c)return null;let l=Ne(t.options,c);return{session:ve(t.options,d),user:l}},findSessions:async i=>{if(n){let p=[];for(let m of i){let f=await n.get(m);if(f){let g=JSON.parse(f),y={session:{...g.session,expiresAt:new Date(g.session.expiresAt)},user:{...g.user,createdAt:new Date(g.user.createdAt),updatedAt:new Date(g.user.updatedAt)}};p.push(y)}}return p}let d=await e.findMany({model:"session",where:[{field:"token",value:i,operator:"in"}]}),c=d.map(p=>p.userId);if(!c.length)return[];let l=await e.findMany({model:"user",where:[{field:"id",value:c,operator:"in"}]});return d.map(p=>{let m=l.find(f=>f.id===p.userId);return m?{session:p,user:m}:null})},updateSession:async(i,d)=>await a(d,[{field:"token",value:i}],"session",n?{async fn(l){let p=await n.get(i),m=null;if(p){let f=JSON.parse(p);return m={...f.session,...l},await n.set(i,JSON.stringify({session:m,user:f.user}),f.session.expiresAt?Math.floor((f.session.expiresAt.getTime()-Date.now())/1e3):o),m}else return null},executeMainFn:r.session?.storeSessionInDatabase}:void 0),deleteSession:async i=>{if(n){await n.delete(i),r.session?.storeSessionInDatabase&&await e.delete({model:"session",where:[{field:"token",value:i}]});return}await e.delete({model:"session",where:[{field:"token",value:i}]})},deleteSessions:async i=>{if(n){if(typeof i=="string"){let d=await n.get(`active-sessions-${i}`),c=d?Z(d):[];if(!c)return;for(let l of c)await n.delete(l.token)}else for(let d of i)await n.get(d)&&await n.delete(d);r.session?.storeSessionInDatabase&&await e.deleteMany({model:"session",where:[{field:Array.isArray(i)?"token":"userId",value:i,operator:Array.isArray(i)?"in":void 0}]});return}await e.deleteMany({model:"session",where:[{field:Array.isArray(i)?"token":"userId",value:i,operator:Array.isArray(i)?"in":void 0}]})},findUserByEmail:async(i,d)=>{let c=await e.findOne({model:"user",where:[{value:i.toLowerCase(),field:"email"}]});if(!c)return null;if(d?.includeAccounts){let l=await e.findMany({model:"account",where:[{value:c.id,field:"userId"}]});return{user:c,accounts:l}}return{user:c,accounts:[]}},findUserById:async i=>await e.findOne({model:"user",where:[{field:"id",value:i}]}),linkAccount:async i=>await s({...i,createdAt:new Date,updatedAt:new Date},"account"),updateUser:async(i,d)=>await a(d,[{field:"id",value:i}],"user"),updateUserByEmail:async(i,d)=>await a(d,[{field:"email",value:i}],"user"),updatePassword:async(i,d)=>{await u({password:d},[{field:"userId",value:i},{field:"providerId",value:"credential"}],"account")},findAccounts:async i=>await e.findMany({model:"account",where:[{field:"userId",value:i}]}),findAccount:async i=>await e.findOne({model:"account",where:[{field:"accountId",value:i}]}),findAccountByUserId:async i=>await e.findMany({model:"account",where:[{field:"userId",value:i}]}),updateAccount:async(i,d)=>await a(d,[{field:"id",value:i}],"account"),createVerificationValue:async i=>await s({createdAt:new Date,updatedAt:new Date,...i},"verification"),findVerificationValue:async i=>(await e.findMany({model:"verification",where:[{field:"identifier",value:i}],sortBy:{field:"createdAt",direction:"desc"},limit:10}))[0],deleteVerificationValue:async i=>{await e.delete({model:"verification",where:[{field:"id",value:i}]})},deleteVerificationByIdentifier:async i=>{await e.delete({model:"verification",where:[{field:"identifier",value:i}]})},updateVerificationValue:async(i,d)=>await a(d,[{field:"id",value:i}],"verification")}};var M=e=>{let t=e.plugins?.reduce((i,d)=>{let c=d.schema;if(!c)return i;for(let[l,p]of Object.entries(c))i[l]={fields:{...i[l]?.fields,...p.fields},modelName:p.modelName||l};return i},{}),r=e.rateLimit?.storage==="database",n={rateLimit:{modelName:e.rateLimit?.modelName||"rateLimit",fields:{key:{type:"string",fieldName:e.rateLimit?.fields?.key||"key"},count:{type:"number",fieldName:e.rateLimit?.fields?.count||"count"},lastRequest:{type:"number",fieldName:e.rateLimit?.fields?.lastRequest||"lastRequest"}}}},{user:o,session:s,account:a,...u}=t||{};return{user:{modelName:e.user?.modelName||"user",fields:{name:{type:"string",required:!0,fieldName:e.user?.fields?.name||"name"},email:{type:"string",unique:!0,required:!0,fieldName:e.user?.fields?.email||"email"},emailVerified:{type:"boolean",defaultValue:()=>!1,required:!0,fieldName:e.user?.fields?.emailVerified||"emailVerified"},image:{type:"string",required:!1,fieldName:e.user?.fields?.image||"image"},createdAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",defaultValue:()=>new Date,required:!0,fieldName:e.user?.fields?.updatedAt||"updatedAt"},...o?.fields,...e.user?.additionalFields},order:1},session:{modelName:e.session?.modelName||"session",fields:{expiresAt:{type:"date",required:!0,fieldName:e.session?.fields?.expiresAt||"expiresAt"},token:{type:"string",required:!0,fieldName:e.session?.fields?.token||"token",unique:!0},createdAt:{type:"date",required:!0,fieldName:e.session?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.session?.fields?.updatedAt||"updatedAt"},ipAddress:{type:"string",required:!1,fieldName:e.session?.fields?.ipAddress||"ipAddress"},userAgent:{type:"string",required:!1,fieldName:e.session?.fields?.userAgent||"userAgent"},userId:{type:"string",fieldName:e.session?.fields?.userId||"userId",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0},...s?.fields,...e.session?.additionalFields},order:2},account:{modelName:e.account?.modelName||"account",fields:{accountId:{type:"string",required:!0,fieldName:e.account?.fields?.accountId||"accountId"},providerId:{type:"string",required:!0,fieldName:e.account?.fields?.providerId||"providerId"},userId:{type:"string",references:{model:e.user?.modelName||"user",field:"id",onDelete:"cascade"},required:!0,fieldName:e.account?.fields?.userId||"userId"},accessToken:{type:"string",required:!1,fieldName:e.account?.fields?.accessToken||"accessToken"},refreshToken:{type:"string",required:!1,fieldName:e.account?.fields?.refreshToken||"refreshToken"},idToken:{type:"string",required:!1,fieldName:e.account?.fields?.idToken||"idToken"},accessTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"accessTokenExpiresAt"},refreshTokenExpiresAt:{type:"date",required:!1,fieldName:e.account?.fields?.accessTokenExpiresAt||"refreshTokenExpiresAt"},scope:{type:"string",required:!1,fieldName:e.account?.fields?.scope||"scope"},password:{type:"string",required:!1,fieldName:e.account?.fields?.password||"password"},createdAt:{type:"date",required:!0,fieldName:e.account?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!0,fieldName:e.account?.fields?.updatedAt||"updatedAt"},...a?.fields},order:3},verification:{modelName:e.verification?.modelName||"verification",fields:{identifier:{type:"string",required:!0,fieldName:e.verification?.fields?.identifier||"identifier"},value:{type:"string",required:!0,fieldName:e.verification?.fields?.value||"value"},expiresAt:{type:"date",required:!0,fieldName:e.verification?.fields?.expiresAt||"expiresAt"},createdAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.createdAt||"createdAt"},updatedAt:{type:"date",required:!1,defaultValue:()=>new Date,fieldName:e.verification?.fields?.updatedAt||"updatedAt"}},order:4},...u,...r?n:{}}};var Yr=require("zod");var ue=require("kysely"),H=require("kysely");function yr(e){if(!e)return null;if("dialect"in e)return yr(e.dialect);if("createDriver"in e){if(e instanceof H.SqliteDialect)return"sqlite";if(e instanceof H.MysqlDialect)return"mysql";if(e instanceof H.PostgresDialect)return"postgres";if(e instanceof ue.MssqlDialect)return"mssql"}return"aggregate"in e?"sqlite":"getConnection"in e?"mysql":"connect"in e?"postgres":null}var $e=async e=>{let t=e.database;if(!t)return{kysely:null,databaseType:null};if("db"in t)return{kysely:t.db,databaseType:t.type};if("dialect"in t)return{kysely:new ue.Kysely({dialect:t.dialect}),databaseType:t.type};let r,n=yr(t);return"createDriver"in t&&(r=t),"aggregate"in t&&(r=new H.SqliteDialect({database:t})),"getConnection"in t&&(r=new H.MysqlDialect(t)),"connect"in t&&(r=new H.PostgresDialect({pool:t})),{kysely:r?new ue.Kysely({dialect:r}):null,databaseType:n}};var Xr=(e,t,r)=>{let n=M(t);function o(d,c){if(c==="id")return c;let l=n[d].fields[c];return l||console.log("Field not found",d,c),l.fieldName||c}function s(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"?d?1:0:m.type==="date"&&d&&d instanceof Date&&p==="sqlite"?d.toISOString():d}function a(d,c,l){let{type:p="sqlite"}=r||{},m=n[c].fields[l];return m.type==="boolean"&&p==="sqlite"&&d!==null?d===1:m.type==="date"&&d?new Date(d):d}function u(d){return n[d].modelName}let i=t?.advanced?.generateId===!1;return{transformInput(d,c,l){let p=i||l==="update"?{}:{id:d.id||(t.advanced?.generateId?t.advanced.generateId({model:c}):N())};for(let m in d){let f=n[c].fields[m];f&&(p[f.fieldName||m]=s(d[m],c,m))}return p},transformOutput(d,c,l=[]){if(!d)return null;let p=d.id?l.length===0||l.includes("id")?{id:d.id}:{}:{},m=n[c].fields;for(let f in m){if(l.length&&!l.includes(f))continue;let g=m[f];g&&(p[f]=a(d[g.fieldName||f],c,f))}return p},convertWhereClause(d,c){if(!c)return{and:null,or:null};let l={and:[],or:[]};return c.forEach(p=>{let{field:m,value:f,operator:g="=",connector:y="AND"}=p,h=o(d,m),w=b=>g.toLowerCase()==="in"?b(h,"in",Array.isArray(f)?f:[f]):g==="contains"?b(h,"like",`%${f}%`):g==="starts_with"?b(h,"like",`${f}%`):g==="ends_with"?b(h,"like",`%${f}`):g==="eq"?b(h,"=",f):g==="ne"?b(h,"<>",f):g==="gt"?b(h,">",f):g==="gte"?b(h,">=",f):g==="lt"?b(h,"<",f):g==="lte"?b(h,"<=",f):b(h,g,f);y==="OR"?l.or.push(w):l.and.push(w)}),{and:l.and.length?l.and:null,or:l.or.length?l.or:null}},async withReturning(d,c,l,p){let m;if(r?.type!=="mysql")m=await c.returningAll().executeTakeFirst();else{await c.execute();let f=d.id?"id":p[0].field?p[0].field:"id",g=d[f]||p[0].value;m=await e.selectFrom(u(l)).selectAll().where(o(l,f),"=",g).executeTakeFirst()}return m},getModelName:u,getField:o}},wr=(e,t)=>r=>{let{transformInput:n,withReturning:o,transformOutput:s,convertWhereClause:a,getModelName:u,getField:i}=Xr(e,r,t);return{id:"kysely",async create(d){let{model:c,data:l,select:p}=d,m=n(l,c,"create"),f=e.insertInto(u(c)).values(m);return s(await o(m,f,c,[]),c,p)},async findOne(d){let{model:c,where:l,select:p}=d,{and:m,or:f}=a(c,l),g=e.selectFrom(u(c)).selectAll();m&&(g=g.where(h=>h.and(m.map(w=>w(h))))),f&&(g=g.where(h=>h.or(f.map(w=>w(h)))));let y=await g.executeTakeFirst();return y?s(y,c,p):null},async findMany(d){let{model:c,where:l,limit:p,offset:m,sortBy:f}=d,{and:g,or:y}=a(c,l),h=e.selectFrom(u(c));g&&(h=h.where(b=>b.and(g.map(E=>E(b))))),y&&(h=h.where(b=>b.or(y.map(E=>E(b))))),h=h.limit(p||100),m&&(h=h.offset(m)),f&&(h=h.orderBy(i(c,f.field),f.direction));let w=await h.selectAll().execute();return w?w.map(b=>s(b,c)):[]},async update(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),await s(await o(g,y,c,l),c)},async updateMany(d){let{model:c,where:l,update:p}=d,{and:m,or:f}=a(c,l),g=n(p,c,"update"),y=e.updateTable(u(c)).set(g);return m&&(y=y.where(w=>w.and(m.map(b=>b(w))))),f&&(y=y.where(w=>w.or(f.map(b=>b(w))))),(await y.execute()).length},async delete(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),await f.execute()},async deleteMany(d){let{model:c,where:l}=d,{and:p,or:m}=a(c,l),f=e.deleteFrom(u(c));return p&&(f=f.where(g=>g.and(p.map(y=>y(g))))),m&&(f=f.where(g=>g.or(m.map(y=>y(g))))),(await f.execute()).length},options:t}};var en=e=>{let t=M(e);function r(n,o){return o==="id"?o:t[n].fields[o].fieldName||o}return{transformInput(n,o,s){let a=s==="update"?{}:{id:n.id||(e.advanced?.generateId?e.advanced.generateId({model:o}):N())};for(let u in n){let i=t[o].fields[u];i&&(a[i.fieldName||u]=n[u])}return a},transformOutput(n,o,s=[]){if(!n)return null;let a=n.id||n._id?s.length===0||s.includes("id")?{id:n.id}:{}:{},u=t[o].fields;for(let i in u){if(s.length&&!s.includes(i))continue;let d=u[i];d&&(a[i]=n[d.fieldName||i])}return a},convertWhereClause(n,o,s){return o.filter(a=>n.every(u=>{let{field:i,value:d,operator:c}=u,l=r(s,i);if(c==="in"){if(!Array.isArray(d))throw new Error("Value must be an array");return d.includes(a[l])}else return c==="contains"?a[l].includes(d):c==="starts_with"?a[l].startsWith(d):c==="ends_with"?a[l].endsWith(d):a[l]===d}))},getField:r}},br=e=>t=>{let{transformInput:r,transformOutput:n,convertWhereClause:o,getField:s}=en(t);return{id:"memory",create:async({model:a,data:u})=>{let i=r(u,a,"create");return e[a].push(i),n(i,a)},findOne:async({model:a,where:u,select:i})=>{let d=e[a],l=o(u,d,a)[0]||null;return n(l,a,i)},findMany:async({model:a,where:u,sortBy:i,limit:d,offset:c})=>{let l=e[a];return u&&(l=o(u,l,a)),i&&(l=l.sort((p,m)=>{let f=s(a,i.field);return i.direction==="asc"?p[f]>m[f]?1:-1:p[f]<m[f]?1:-1})),c!==void 0&&(l=l.slice(c)),d!==void 0&&(l=l.slice(0,d)),l.map(p=>n(p,a))},update:async({model:a,where:u,update:i})=>{let d=e[a],c=o(u,d,a);return c.forEach(l=>{Object.assign(l,r(i,a,"update"))}),n(c[0],a)},delete:async({model:a,where:u})=>{let i=e[a],d=o(u,i,a);e[a]=i.filter(c=>!d.includes(c))},deleteMany:async({model:a,where:u})=>{let i=e[a],d=o(u,i,a),c=0;return e[a]=i.filter(l=>d.includes(l)?(c++,!1):!d.includes(l)),c},updateMany(a){let{model:u,where:i,update:d}=a,c=e[u],l=o(i,c,u);return l.forEach(p=>{Object.assign(p,d)}),l[0]||null}}};async function Ar(e){if(!e.database){let n=M(e),o=Object.keys(n).reduce((s,a)=>(s[a]=[],s),{});return I.warn("No database configuration provided. Using memory adapter in development"),br(o)(e)}if(typeof e.database=="function")return e.database(e);let{kysely:t,databaseType:r}=await $e(e);if(!t)throw new L("Failed to initialize database adapter");return wr(t,{type:r||"sqlite"})(e)}var ze="better-auth-secret-123456789";var Me=require("better-call");async function kr(e,t){let n=(await t.context.internalAdapter.findAccounts(e))?.find(a=>a.providerId==="credential"),o=n?.password;if(!n||!o)throw new Me.APIError("BAD_REQUEST",{message:"No password credential found"});if(!await t.context.password.verify(o,t.body.password))throw new Me.APIError("BAD_REQUEST",{message:"Invalid password"});return!0}var vr=async e=>{let t=await Ar(e),r=e.plugins||[],n=rn(e),o=ae(e.logger),s=ie(e.baseURL,e.basePath),a=e.secret||_.BETTER_AUTH_SECRET||_.AUTH_SECRET||ze;a===ze&&oe&&o.error("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config."),e={...e,secret:a,baseURL:s?new URL(s).origin:"",basePath:e.basePath||"/api/auth",plugins:r.concat(n),emailAndPassword:{...e.emailAndPassword,enabled:e.emailAndPassword?.enabled??!1,autoSignIn:e.emailAndPassword?.autoSignIn??!0}};let u=Oe(e),i=M(e),d=Object.keys(e.socialProviders||{}).map(m=>{let f=e.socialProviders?.[m];return f.enabled===!1?null:((!f.clientId||!f.clientSecret)&&o.warn(`Social provider ${m} is missing clientId or clientSecret`),De[m](f))}).filter(m=>m!==null),c=({model:m,size:f})=>typeof e?.advanced?.generateId=="function"?e.advanced.generateId({model:m,size:f}):N(f),l={appName:e.appName||"Better Auth",socialProviders:d,options:e,tables:i,trustedOrigins:nn(e),baseURL:s||"",sessionConfig:{updateAge:e.session?.updateAge!==void 0?e.session.updateAge:24*60*60,expiresIn:e.session?.expiresIn||60*60*24*7,freshAge:e.session?.freshAge||60*5},secret:a,rateLimit:{...e.rateLimit,enabled:e.rateLimit?.enabled??oe,window:e.rateLimit?.window||10,max:e.rateLimit?.max||100,storage:e.rateLimit?.storage||e.secondaryStorage?"secondary-storage":"memory"},authCookies:u,logger:o,generateId:c,session:null,secondaryStorage:e.secondaryStorage,password:{hash:e.emailAndPassword?.password?.hash||mr,verify:e.emailAndPassword?.password?.verify||gr,config:{minPasswordLength:e.emailAndPassword?.minPasswordLength||8,maxPasswordLength:e.emailAndPassword?.maxPasswordLength||128},checkPassword:kr},adapter:t,internalAdapter:Fe(t,{options:e,hooks:e.databaseHooks?[e.databaseHooks]:[],generateId:c}),createAuthCookie:ge(e)},{context:p}=tn(l);return p};function tn(e){let t=e.options,r=t.plugins||[],n=e,o=[];for(let s of r)if(s.init){let a=s.init(e);typeof a=="object"&&(a.options&&(a.options.databaseHooks&&o.push(a.options.databaseHooks),t=(0,xr.defu)(t,a.options)),a.context&&(n={...n,...a.context}))}return o.push(t.databaseHooks),n.internalAdapter=Fe(e.adapter,{options:t,hooks:o.filter(s=>s!==void 0),generateId:e.generateId}),n.options=t,{context:n}}function rn(e){let t=[];return e.advanced?.crossSubDomainCookies?.enabled,t}function nn(e){let t=ie(e.baseURL,e.basePath);if(!t)return[];let r=[new URL(t).origin];e.trustedOrigins&&r.push(...e.trustedOrigins);let n=_.BETTER_AUTH_TRUSTED_ORIGINS;return n&&r.push(...n.split(",")),r}var on=e=>{let t=vr(e),{api:r}=Ve(t,e);return{handler:async n=>{let o=await t,s=o.options.basePath||"/api/auth",a=new URL(n.url);if(!o.options.baseURL){let i=ie(void 0,s)||`${a.origin}${s}`;o.options.baseURL=i,o.baseURL=i}o.trustedOrigins=[...e.trustedOrigins||[],o.baseURL,a.origin];let{handler:u}=ur(o,e);return u(n)},api:r,options:e,$context:t,$Infer:{}}};0&&(module.exports={BetterAuthError,HIDE_METADATA,MissingDependencyError,betterAuth,capitalizeFirstLetter,createCookieGetter,createLogger,deleteSessionCookie,generateId,generateState,getCookies,levels,logger,parseCookies,parseSetCookieHeader,parseState,setSessionCookie,shouldPublishLog});
package/dist/index.d.cts CHANGED
@@ -1,8 +1,8 @@
1
- export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, M as Models, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-BVa3db5J.cjs';
1
+ export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, M as Models, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-BubrmklB.cjs';
2
2
  export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, b as LiteralUnion, O as OmitId, P as Prettify, a as PrettifyDeep, R as RequiredKeysOf, S as StripEmptyObjects, U as UnionToIntersection, W as WithoutEmpty } from './helper-DxMBi7M2.cjs';
3
3
  export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal, Store } from './types.cjs';
4
4
  export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.cjs';
5
- export { g as generateState, p as parseState } from './state-CYO8U5dl.cjs';
5
+ export { g as generateState, p as parseState } from './state-CQJXHclh.cjs';
6
6
  import 'kysely';
7
7
  import 'zod';
8
8
  import 'better-call';
package/dist/index.d.ts CHANGED
@@ -1,8 +1,8 @@
1
- export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, M as Models, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-5eyWphKM.js';
1
+ export { l as Adapter, m as AdapterInstance, d as AdditionalSessionFieldsInput, e as AdditionalSessionFieldsOutput, a as AdditionalUserFieldsInput, c as AdditionalUserFieldsOutput, A as Auth, h as AuthContext, q as BetterAuthCookies, B as BetterAuthOptions, j as BetterAuthPlugin, E as EligibleCookies, G as GenericEndpointContext, H as HookEndpointContext, k as InferOptionSchema, g as InferPluginTypes, f as InferSession, I as InferUser, y as LogHandlerParams, L as LogLevel, x as Logger, M as Models, P as PluginSchema, R as RateLimit, n as SecondaryStorage, S as Session, U as User, W as Where, b as betterAuth, o as createCookieGetter, z as createLogger, r as deleteSessionCookie, p as getCookies, i as init, v as levels, C as logger, t as parseCookies, u as parseSetCookieHeader, s as setSessionCookie, w as shouldPublishLog } from './auth-DF-f5DGM.js';
2
2
  export { D as DeepPartial, H as HasRequiredKeys, L as LiteralString, b as LiteralUnion, O as OmitId, P as Prettify, a as PrettifyDeep, R as RequiredKeysOf, S as StripEmptyObjects, U as UnionToIntersection, W as WithoutEmpty } from './helper-DxMBi7M2.js';
3
3
  export { AtomListener, BetterAuthClientPlugin, ClientOptions, InferActions, InferAdditionalFromClient, InferClientAPI, InferPluginsFromClient, InferSessionFromClient, InferUserFromClient, IsSignal, Store } from './types.js';
4
4
  export { H as HIDE_METADATA } from './hide-metadata-DEHJp1rk.js';
5
- export { g as generateState, p as parseState } from './state-BpBNrIEi.js';
5
+ export { g as generateState, p as parseState } from './state-C_runTlH.js';
6
6
  import 'kysely';
7
7
  import 'zod';
8
8
  import 'better-call';